Yingdi Yu | b263f15 | 2015-07-12 16:50:13 -0700 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */ |
Davide Pesavento | 8703953 | 2017-09-16 15:15:39 -0400 | [diff] [blame] | 2 | /* |
| 3 | * Copyright (c) 2013-2017 Regents of the University of California. |
Yingdi Yu | b263f15 | 2015-07-12 16:50:13 -0700 | [diff] [blame] | 4 | * |
| 5 | * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions). |
| 6 | * |
| 7 | * ndn-cxx library is free software: you can redistribute it and/or modify it under the |
| 8 | * terms of the GNU Lesser General Public License as published by the Free Software |
| 9 | * Foundation, either version 3 of the License, or (at your option) any later version. |
| 10 | * |
| 11 | * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY |
| 12 | * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A |
| 13 | * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. |
| 14 | * |
| 15 | * You should have received copies of the GNU General Public License and GNU Lesser |
| 16 | * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see |
| 17 | * <http://www.gnu.org/licenses/>. |
| 18 | * |
| 19 | * See AUTHORS.md for complete list of ndn-cxx authors and contributors. |
| 20 | */ |
| 21 | |
| 22 | #include "verifier-filter.hpp" |
Davide Pesavento | 8aad372 | 2017-09-16 20:57:28 -0400 | [diff] [blame] | 23 | #include "public-key.hpp" |
Davide Pesavento | 8703953 | 2017-09-16 15:15:39 -0400 | [diff] [blame] | 24 | #include "../detail/openssl-helper.hpp" |
| 25 | |
| 26 | #include <boost/lexical_cast.hpp> |
Yingdi Yu | b263f15 | 2015-07-12 16:50:13 -0700 | [diff] [blame] | 27 | |
| 28 | namespace ndn { |
| 29 | namespace security { |
| 30 | namespace transform { |
| 31 | |
| 32 | class VerifierFilter::Impl |
| 33 | { |
| 34 | public: |
Davide Pesavento | 3504cc4 | 2017-09-17 15:28:10 -0400 | [diff] [blame] | 35 | Impl(const uint8_t* sig, size_t siglen) |
Davide Pesavento | 8a14b9b | 2017-09-17 01:26:06 -0400 | [diff] [blame] | 36 | : sig(sig) |
| 37 | , siglen(siglen) |
Yingdi Yu | b263f15 | 2015-07-12 16:50:13 -0700 | [diff] [blame] | 38 | { |
Yingdi Yu | b263f15 | 2015-07-12 16:50:13 -0700 | [diff] [blame] | 39 | } |
| 40 | |
| 41 | public: |
Davide Pesavento | 3504cc4 | 2017-09-17 15:28:10 -0400 | [diff] [blame] | 42 | detail::EvpMdCtx ctx; |
Davide Pesavento | 8a14b9b | 2017-09-17 01:26:06 -0400 | [diff] [blame] | 43 | const uint8_t* sig; |
| 44 | size_t siglen; |
Yingdi Yu | b263f15 | 2015-07-12 16:50:13 -0700 | [diff] [blame] | 45 | }; |
| 46 | |
Davide Pesavento | 8aad372 | 2017-09-16 20:57:28 -0400 | [diff] [blame] | 47 | |
Yingdi Yu | b263f15 | 2015-07-12 16:50:13 -0700 | [diff] [blame] | 48 | VerifierFilter::VerifierFilter(DigestAlgorithm algo, const PublicKey& key, |
| 49 | const uint8_t* sig, size_t sigLen) |
Davide Pesavento | 8a14b9b | 2017-09-17 01:26:06 -0400 | [diff] [blame] | 50 | : m_impl(make_unique<Impl>(sig, sigLen)) |
Yingdi Yu | b263f15 | 2015-07-12 16:50:13 -0700 | [diff] [blame] | 51 | { |
Davide Pesavento | 8703953 | 2017-09-16 15:15:39 -0400 | [diff] [blame] | 52 | const EVP_MD* md = detail::digestAlgorithmToEvpMd(algo); |
| 53 | if (md == nullptr) |
| 54 | BOOST_THROW_EXCEPTION(Error(getIndex(), "Unsupported digest algorithm " + |
| 55 | boost::lexical_cast<std::string>(algo))); |
Yingdi Yu | b263f15 | 2015-07-12 16:50:13 -0700 | [diff] [blame] | 56 | |
Davide Pesavento | 8a14b9b | 2017-09-17 01:26:06 -0400 | [diff] [blame] | 57 | if (EVP_DigestVerifyInit(m_impl->ctx, nullptr, md, nullptr, |
| 58 | reinterpret_cast<EVP_PKEY*>(key.getEvpPkey())) != 1) |
| 59 | BOOST_THROW_EXCEPTION(Error(getIndex(), "Failed to initialize verification context with " + |
| 60 | boost::lexical_cast<std::string>(algo) + " digest and " + |
| 61 | boost::lexical_cast<std::string>(key.getKeyType()) + " key")); |
Yingdi Yu | b263f15 | 2015-07-12 16:50:13 -0700 | [diff] [blame] | 62 | } |
| 63 | |
Davide Pesavento | 8aad372 | 2017-09-16 20:57:28 -0400 | [diff] [blame] | 64 | VerifierFilter::~VerifierFilter() = default; |
| 65 | |
Yingdi Yu | b263f15 | 2015-07-12 16:50:13 -0700 | [diff] [blame] | 66 | size_t |
| 67 | VerifierFilter::convert(const uint8_t* buf, size_t size) |
| 68 | { |
Davide Pesavento | 8a14b9b | 2017-09-17 01:26:06 -0400 | [diff] [blame] | 69 | if (EVP_DigestVerifyUpdate(m_impl->ctx, buf, size) != 1) |
| 70 | BOOST_THROW_EXCEPTION(Error(getIndex(), "Failed to accept more input")); |
Yingdi Yu | b263f15 | 2015-07-12 16:50:13 -0700 | [diff] [blame] | 71 | |
Davide Pesavento | 8a14b9b | 2017-09-17 01:26:06 -0400 | [diff] [blame] | 72 | return size; |
Yingdi Yu | b263f15 | 2015-07-12 16:50:13 -0700 | [diff] [blame] | 73 | } |
| 74 | |
| 75 | void |
| 76 | VerifierFilter::finalize() |
| 77 | { |
Davide Pesavento | 8a14b9b | 2017-09-17 01:26:06 -0400 | [diff] [blame] | 78 | int res = EVP_DigestVerifyFinal(m_impl->ctx, |
| 79 | #if OPENSSL_VERSION_NUMBER < 0x1000200fL |
| 80 | const_cast<uint8_t*>(m_impl->sig), |
| 81 | #else |
| 82 | m_impl->sig, |
| 83 | #endif |
| 84 | m_impl->siglen); |
| 85 | |
Yingdi Yu | b263f15 | 2015-07-12 16:50:13 -0700 | [diff] [blame] | 86 | auto buffer = make_unique<OBuffer>(1); |
Davide Pesavento | 8a14b9b | 2017-09-17 01:26:06 -0400 | [diff] [blame] | 87 | (*buffer)[0] = (res == 1) ? 1 : 0; |
Yingdi Yu | b263f15 | 2015-07-12 16:50:13 -0700 | [diff] [blame] | 88 | setOutputBuffer(std::move(buffer)); |
| 89 | |
| 90 | flushAllOutput(); |
| 91 | } |
| 92 | |
| 93 | unique_ptr<Transform> |
| 94 | verifierFilter(DigestAlgorithm algo, const PublicKey& key, |
| 95 | const uint8_t* sig, size_t sigLen) |
| 96 | { |
| 97 | return make_unique<VerifierFilter>(algo, key, sig, sigLen); |
| 98 | } |
| 99 | |
| 100 | } // namespace transform |
| 101 | } // namespace security |
| 102 | } // namespace ndn |