Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / c169a81a5caf3cb4dc14a0258719bc1ef09663cc / . / src / security / validator.cpp
blob: 4962779d8bcb9ad11c48021ecdb700ca4dcd620e [file] [log] [blame]
Alexander Afanasyevc169a812014-05-20 20:37:29 -0400[diff] [blame^]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]2/**
Alexander Afanasyevc169a812014-05-20 20:37:29 -0400[diff] [blame^]3 * Copyright (c) 2013-2014 Regents of the University of California.
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]6 *
Alexander Afanasyevc169a812014-05-20 20:37:29 -0400[diff] [blame^]7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]20 *
21 * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
22 * @author Jeff Thompson <jefft0@remap.ucla.edu>
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]23 */
24
Alexander Afanasyeve2dcdfd2014-02-07 15:53:28 -0800[diff] [blame]25#include "common.hpp"
26
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]27#include "validator.hpp"
Yingdi Yu21157162014-02-28 13:02:34 -0800[diff] [blame]28#include "../util/crypto.hpp"
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]29
Junxiao Shi482ccc52014-03-31 13:05:24 -0700[diff] [blame]30#include "cryptopp.hpp"
Yingdi Yu21157162014-02-28 13:02:34 -0800[diff] [blame]31
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]32using namespace std;
33
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]34namespace ndn {
35
Yingdi Yu96e64062014-04-15 19:57:33 -0700[diff] [blame]36Validator::Validator()
37 : m_hasFace(false)
38 , m_face(*static_cast<Face*>(0))
39{
40}
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]41
Yingdi Yu96e64062014-04-15 19:57:33 -0700[diff] [blame]42Validator::Validator(Face& face)
43 : m_hasFace(true)
44 , m_face(face)
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]45{
46}
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]47
48void
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]49Validator::validate(const Interest& interest,
50 const OnInterestValidated& onValidated,
51 const OnInterestValidationFailed& onValidationFailed,
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]52 int nSteps)
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]53{
54 vector<shared_ptr<ValidationRequest> > nextSteps;
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]55 checkPolicy(interest, nSteps, onValidated, onValidationFailed, nextSteps);
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]56
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]57 if (!nextSteps.empty())
58 {
Yingdi Yu96e64062014-04-15 19:57:33 -0700[diff] [blame]59 if (!m_hasFace)
60 {
61 onValidationFailed(interest.shared_from_this(),
62 "Require more information to validate the interest!");
63 return;
64 }
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]65
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]66 vector<shared_ptr<ValidationRequest> >::const_iterator it = nextSteps.begin();
Yingdi Yu40587c02014-02-21 16:40:48 -0800[diff] [blame]67 OnFailure onFailure = bind(onValidationFailed, interest.shared_from_this(), _1);
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]68 for (; it != nextSteps.end(); it++)
Yingdi Yu96e64062014-04-15 19:57:33 -0700[diff] [blame]69 m_face.expressInterest((*it)->m_interest,
70 bind(&Validator::onData, this, _1, _2, *it),
71 bind(&Validator::onTimeout,
72 this, _1, (*it)->m_nRetrials,
73 onFailure,
74 *it));
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]75 }
76 else
77 {
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]78 // If there is no nextStep,
79 // that means InterestPolicy has already been able to verify the Interest.
80 // No more further processes.
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]81 }
82}
83
84void
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]85Validator::validate(const Data& data,
86 const OnDataValidated& onValidated,
87 const OnDataValidationFailed& onValidationFailed,
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]88 int nSteps)
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]89{
90 vector<shared_ptr<ValidationRequest> > nextSteps;
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]91 checkPolicy(data, nSteps, onValidated, onValidationFailed, nextSteps);
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]92
93 if (!nextSteps.empty())
94 {
Yingdi Yu96e64062014-04-15 19:57:33 -0700[diff] [blame]95 if (!m_hasFace)
96 {
97 onValidationFailed(data.shared_from_this(),
98 "Require more information to validate the data!");
99 }
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]100
101 vector<shared_ptr<ValidationRequest> >::const_iterator it = nextSteps.begin();
Yingdi Yu40587c02014-02-21 16:40:48 -0800[diff] [blame]102 OnFailure onFailure = bind(onValidationFailed, data.shared_from_this(), _1);
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]103 for (; it != nextSteps.end(); it++)
Yingdi Yu96e64062014-04-15 19:57:33 -0700[diff] [blame]104 m_face.expressInterest((*it)->m_interest,
105 bind(&Validator::onData, this, _1, _2, *it),
106 bind(&Validator::onTimeout,
107 this, _1, (*it)->m_nRetrials,
108 onFailure,
109 *it));
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]110 }
111 else
112 {
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]113 // If there is no nextStep,
114 // that means Data Policy has already been able to verify the Interest.
115 // No more further processes.
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]116 }
117}
118
119void
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]120Validator::onData(const Interest& interest,
121 const Data& data,
Alexander Afanasyev0222fba2014-02-09 23:16:02 -0800[diff] [blame]122 const shared_ptr<ValidationRequest>& nextStep)
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]123{
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]124 validate(data, nextStep->m_onValidated, nextStep->m_onDataValidated, nextStep->m_nSteps);
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]125}
126
127void
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]128Validator::onTimeout(const Interest& interest,
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]129 int nRetrials,
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]130 const OnFailure& onFailure,
Alexander Afanasyev0222fba2014-02-09 23:16:02 -0800[diff] [blame]131 const shared_ptr<ValidationRequest>& nextStep)
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]132{
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]133 if (nRetrials > 0)
134 // Issue the same expressInterest except decrement nRetrials.
Yingdi Yu96e64062014-04-15 19:57:33 -0700[diff] [blame]135 m_face.expressInterest(interest,
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]136 bind(&Validator::onData, this, _1, _2, nextStep),
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]137 bind(&Validator::onTimeout, this, _1,
138 nRetrials - 1, onFailure, nextStep));
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]139 else
Yingdi Yu40587c02014-02-21 16:40:48 -0800[diff] [blame]140 onFailure("Cannot fetch cert: " + interest.getName().toUri());
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]141}
142
143bool
144Validator::verifySignature(const Data& data, const PublicKey& key)
145{
Yingdi Yu40587c02014-02-21 16:40:48 -0800[diff] [blame]146 try
147 {
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]148 switch (data.getSignature().getType())
Yingdi Yu40587c02014-02-21 16:40:48 -0800[diff] [blame]149 {
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]150 case Signature::Sha256WithRsa:
151 {
152 SignatureSha256WithRsa sigSha256Rsa(data.getSignature());
153 return verifySignature(data, sigSha256Rsa, key);
154 }
155 default:
156 {
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]157 return false;
158 }
Yingdi Yu40587c02014-02-21 16:40:48 -0800[diff] [blame]159 }
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]160 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]161 catch (Signature::Error& e)
Yingdi Yu40587c02014-02-21 16:40:48 -0800[diff] [blame]162 {
Yingdi Yu40587c02014-02-21 16:40:48 -0800[diff] [blame]163 return false;
164 }
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]165 return false;
166}
167
168bool
Yingdi Yu21157162014-02-28 13:02:34 -0800[diff] [blame]169Validator::verifySignature(const Interest& interest, const PublicKey& key)
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]170{
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]171 const Name& interestName = interest.getName();
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]172
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]173 if (interestName.size() < 2)
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]174 return false;
175
Yingdi Yu40587c02014-02-21 16:40:48 -0800[diff] [blame]176 try
177 {
178 const Block& nameBlock = interestName.wireEncode();
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]179
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]180 Signature sig(interestName[-2].blockFromValue(),
Yingdi Yu40587c02014-02-21 16:40:48 -0800[diff] [blame]181 interestName[-1].blockFromValue());
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]182
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]183 switch (sig.getType())
Yingdi Yu40587c02014-02-21 16:40:48 -0800[diff] [blame]184 {
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]185 case Signature::Sha256WithRsa:
186 {
187 SignatureSha256WithRsa sigSha256Rsa(sig);
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]188
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]189 return verifySignature(nameBlock.value(),
190 nameBlock.value_size() - interestName[-1].size(),
191 sigSha256Rsa, key);
192 }
193 default:
194 {
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]195 return false;
196 }
Yingdi Yu40587c02014-02-21 16:40:48 -0800[diff] [blame]197 }
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]198 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]199 catch (Signature::Error& e)
Yingdi Yu40587c02014-02-21 16:40:48 -0800[diff] [blame]200 {
Yingdi Yu40587c02014-02-21 16:40:48 -0800[diff] [blame]201 return false;
202 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]203 catch (Block::Error& e)
Yingdi Yu40587c02014-02-21 16:40:48 -0800[diff] [blame]204 {
Yingdi Yu40587c02014-02-21 16:40:48 -0800[diff] [blame]205 return false;
206 }
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]207 return false;
208}
209
210bool
Yingdi Yu21157162014-02-28 13:02:34 -0800[diff] [blame]211Validator::verifySignature(const Buffer& data, const Signature& sig, const PublicKey& key)
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]212{
Yingdi Yu40587c02014-02-21 16:40:48 -0800[diff] [blame]213 try
214 {
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]215 switch (sig.getType())
Yingdi Yu40587c02014-02-21 16:40:48 -0800[diff] [blame]216 {
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]217 case Signature::Sha256WithRsa:
218 {
219 SignatureSha256WithRsa sigSha256Rsa(sig);
220 return verifySignature(data, sigSha256Rsa, key);
221 }
222 default:
223 {
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]224 return false;
225 }
Yingdi Yu40587c02014-02-21 16:40:48 -0800[diff] [blame]226 }
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]227 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]228 catch (Signature::Error& e)
Yingdi Yu40587c02014-02-21 16:40:48 -0800[diff] [blame]229 {
Yingdi Yu40587c02014-02-21 16:40:48 -0800[diff] [blame]230 return false;
231 }
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]232 return false;
233}
234
235bool
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]236Validator::verifySignature(const uint8_t* buf,
237 const size_t size,
238 const SignatureSha256WithRsa& sig,
239 const PublicKey& key)
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]240{
Yingdi Yu40587c02014-02-21 16:40:48 -0800[diff] [blame]241 try
242 {
243 using namespace CryptoPP;
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]244
Yingdi Yu40587c02014-02-21 16:40:48 -0800[diff] [blame]245 RSA::PublicKey publicKey;
246 ByteQueue queue;
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]247
Yingdi Yu40587c02014-02-21 16:40:48 -0800[diff] [blame]248 queue.Put(reinterpret_cast<const byte*>(key.get().buf()), key.get().size());
249 publicKey.Load(queue);
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]250
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]251 RSASS<PKCS1v15, SHA256>::Verifier verifier(publicKey);
252 return verifier.VerifyMessage(buf, size,
253 sig.getValue().value(),
254 sig.getValue().value_size());
Yingdi Yu40587c02014-02-21 16:40:48 -0800[diff] [blame]255 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]256 catch (CryptoPP::Exception& e)
Yingdi Yu40587c02014-02-21 16:40:48 -0800[diff] [blame]257 {
Yingdi Yu40587c02014-02-21 16:40:48 -0800[diff] [blame]258 return false;
259 }
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]260}
261
Yingdi Yu21157162014-02-28 13:02:34 -0800[diff] [blame]262bool
263Validator::verifySignature(const uint8_t* buf, const size_t size, const SignatureSha256& sig)
264{
265 try
266 {
267 ConstBufferPtr buffer = crypto::sha256(buf, size);
268 const Block& sigValue = sig.getValue();
269
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]270 if (static_cast<bool>(buffer) &&
271 buffer->size() == sigValue.value_size() &&
272 buffer->size() == crypto::SHA256_DIGEST_SIZE)
Yingdi Yu21157162014-02-28 13:02:34 -0800[diff] [blame]273 {
274
275 const uint8_t* p1 = buffer->buf();
276 const uint8_t* p2 = sigValue.value();
277
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]278 return 0 == memcmp(p1, p2, crypto::SHA256_DIGEST_SIZE);
Yingdi Yu21157162014-02-28 13:02:34 -0800[diff] [blame]279 }
280 else
281 return false;
282 }
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]283 catch (CryptoPP::Exception& e)
Yingdi Yu21157162014-02-28 13:02:34 -0800[diff] [blame]284 {
Yingdi Yu21157162014-02-28 13:02:34 -0800[diff] [blame]285 return false;
286 }
287}
288
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]289} // namespace ndn