Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / fc7d33a98ef48da679a5cec0d0c44767ec137053 / . / src / security / validator.hpp
blob: c6fac7a0748bca442b2a92781cc486978b47cf02 [file] [log] [blame]
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
2/**
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]3 * Copyright (c) 2013-2014, Regents of the University of California.
4 * All rights reserved.
5 *
6 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
7 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
8 *
9 * This file licensed under New BSD License. See COPYING for detailed information about
10 * ndn-cxx library copyright, permissions, and redistribution restrictions.
11 *
12 * @author Yingdi Yu <http://irl.cs.ucla.edu/~yingdi/>
13 * @author Jeff Thompson <jefft0@remap.ucla.edu>
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]14 */
15
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]16#ifndef NDN_SECURITY_VALIDATOR_HPP
17#define NDN_SECURITY_VALIDATOR_HPP
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]18
Alexander Afanasyeve2dcdfd2014-02-07 15:53:28 -0800[diff] [blame]19#include "../common.hpp"
20
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]21#include "../data.hpp"
22#include "../face.hpp"
23#include "public-key.hpp"
24#include "signature-sha256-with-rsa.hpp"
Yingdi Yu21157162014-02-28 13:02:34 -0800[diff] [blame]25#include "signature-sha256.hpp"
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]26#include "validation-request.hpp"
27
28namespace ndn {
29/**
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]30 * @brief Validator is one of the main classes of the security library.
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]31 *
32 * The Validator class provides the interfaces for packet validation.
33 */
Alexander Afanasyev2a7f7202014-04-23 14:25:29 -0700[diff] [blame]34class Validator
35{
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]36public:
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]37 class Error : public std::runtime_error
38 {
39 public:
40 explicit
41 Error(const std::string& what)
42 : std::runtime_error(what)
43 {
44 }
45 };
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]46
Yingdi Yu96e64062014-04-15 19:57:33 -0700[diff] [blame]47 Validator();
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]48
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]49 explicit
Yingdi Yu96e64062014-04-15 19:57:33 -0700[diff] [blame]50 Validator(Face& face);
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]51
52 /**
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]53 * @brief Validate Data and call either onValidated or onValidationFailed.
54 *
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]55 * @param data The Data with the signature to check.
56 * @param onValidated If the Data is validated, this calls onValidated(data).
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]57 * @param onValidationFailed If validation fails, this calls onValidationFailed(data).
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]58 */
59 void
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]60 validate(const Data& data,
61 const OnDataValidated& onValidated,
62 const OnDataValidationFailed& onValidationFailed)
63 {
64 validate(data, onValidated, onValidationFailed, 0);
65 }
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]66
67 /**
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]68 * @brief Validate Interest and call either onValidated or onValidationFailed.
69 *
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]70 * @param interest The Interest with the signature to check.
71 * @param onValidated If the Interest is validated, this calls onValidated(interest).
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]72 * @param onValidationFailed If validation fails, this calls onValidationFailed(interest).
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]73 */
74 void
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]75 validate(const Interest& interest,
76 const OnInterestValidated& onValidated,
77 const OnInterestValidationFailed& onValidationFailed)
78 {
79 validate(interest, onValidated, onValidationFailed, 0);
80 }
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]81
82 /*****************************************
83 * verifySignature method set *
84 *****************************************/
85
86 /// @brief Verify the data using the publicKey.
87 static bool
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]88 verifySignature(const Data& data, const PublicKey& publicKey);
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]89
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]90 /**
91 * @brief Verify the signed Interest using the publicKey.
92 *
93 * (Note the signature covers the first n-2 name components).
94 */
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]95 static bool
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]96 verifySignature(const Interest& interest, const PublicKey& publicKey);
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]97
98 /// @brief Verify the blob using the publicKey against the signature.
99 static bool
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]100 verifySignature(const Buffer& blob, const Signature& sig, const PublicKey& publicKey);
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]101
102 /// @brief Verify the data using the publicKey against the SHA256-RSA signature.
103 static bool
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]104 verifySignature(const Data& data,
105 const SignatureSha256WithRsa& sig,
106 const PublicKey& publicKey)
107 {
108 return verifySignature(data.wireEncode().value(),
109 data.wireEncode().value_size() - data.getSignature().getValue().size(),
110 sig, publicKey);
111 }
112
113 /** @brief Verify the interest using the publicKey against the SHA256-RSA signature.
114 *
115 * (Note the signature covers the first n-2 name components).
116 */
117 static bool
118 verifySignature(const Interest& interest,
119 const SignatureSha256WithRsa& sig,
120 const PublicKey& publicKey)
121 {
122 if (interest.getName().size() < 2)
123 return false;
124
Yingdi Yu3cca4ab2014-04-11 12:46:53 -0700[diff] [blame]125 const Name& name = interest.getName();
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]126
Yingdi Yu3cca4ab2014-04-11 12:46:53 -0700[diff] [blame]127 return verifySignature(name.wireEncode().value(),
128 name.wireEncode().value_size() - name[-1].size(),
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]129 sig, publicKey);
130 }
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]131
132 /// @brief Verify the blob using the publicKey against the SHA256-RSA signature.
133 static bool
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]134 verifySignature(const Buffer& blob,
135 const SignatureSha256WithRsa& sig,
136 const PublicKey& publicKey)
137 {
138 return verifySignature(blob.buf(), blob.size(), sig, publicKey);
139 }
140
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]141 /// @brief Verify the blob using the publicKey against the SHA256-RSA signature.
142 static bool
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]143 verifySignature(const uint8_t* buf,
144 const size_t size,
145 const SignatureSha256WithRsa& sig,
146 const PublicKey& publicKey);
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]147
Yingdi Yu21157162014-02-28 13:02:34 -0800[diff] [blame]148
149 /// @brief Verify the data against the SHA256 signature.
150 static bool
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]151 verifySignature(const Data& data, const SignatureSha256& sig)
152 {
153 return verifySignature(data.wireEncode().value(),
154 data.wireEncode().value_size() -
155 data.getSignature().getValue().size(),
156 sig);
157 }
158
159 /** @brief Verify the interest against the SHA256 signature.
160 *
161 * (Note the signature covers the first n-2 name components).
162 */
163 static bool
164 verifySignature(const Interest& interest, const SignatureSha256& sig)
165 {
166 if (interest.getName().size() < 2)
167 return false;
168
169 Name signedName = interest.getName().getPrefix(-2);
170
171 return verifySignature(signedName.wireEncode().value(),
172 signedName.wireEncode().value_size(),
173 sig);
174 }
Yingdi Yu21157162014-02-28 13:02:34 -0800[diff] [blame]175
176 /// @brief Verify the blob against the SHA256 signature.
177 static bool
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]178 verifySignature(const Buffer& blob, const SignatureSha256& sig)
179 {
180 return verifySignature (blob.buf(), blob.size(), sig);
181 }
182
Yingdi Yu21157162014-02-28 13:02:34 -0800[diff] [blame]183 /// @brief Verify the blob against the SHA256 signature.
184 static bool
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]185 verifySignature(const uint8_t* buf, const size_t size, const SignatureSha256& sig);
Yingdi Yu21157162014-02-28 13:02:34 -0800[diff] [blame]186
187
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]188protected:
189 /**
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]190 * @brief Check the Data against policy and return the next validation step if necessary.
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]191 *
192 * If there is no next validation step, that validation MUST have been done.
193 * i.e., either onValidated or onValidationFailed callback is invoked.
194 *
195 * @param data The Data to check.
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]196 * @param nSteps The number of validation steps that have been done.
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]197 * @param onDataValidated If the Data is validated, this calls onValidated(data).
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]198 * @param onDataValidationFailed If validation fails, this calls onValidationFailed(data).
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]199 * @param nextSteps On return, contains the next validation step.
200 */
201 virtual void
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]202 checkPolicy(const Data& data,
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]203 int nSteps,
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]204 const OnDataValidated& onValidated,
205 const OnDataValidationFailed& onValidationFailed,
206 std::vector<shared_ptr<ValidationRequest> >& nextSteps) = 0;
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]207
208 /**
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]209 * @brief Check the Interest against validation policy and return the next validation step
210 * if necessary.
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]211 *
212 * If there is no next validation step, that validation MUST have been done.
213 * i.e., either onValidated or onValidationFailed callback is invoked.
214 *
215 * @param data The Interest to check.
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]216 * @param nSteps The number of validation steps that have been done.
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]217 * @param OnInterestValidated If the Interest is validated, this calls onValidated(data).
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]218 * @param OnInterestValidationFailed If validation fails, this calls onValidationFailed(data).
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]219 * @return the indication of next validation step, null if there is no further step.
220 */
221 virtual void
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]222 checkPolicy(const Interest& interest,
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]223 int nSteps,
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]224 const OnInterestValidated& onValidated,
225 const OnInterestValidationFailed& onValidationFailed,
226 std::vector<shared_ptr<ValidationRequest> >& nextSteps) = 0;
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]227
228private:
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]229 typedef function<void(const std::string&)> OnFailure;
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]230
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]231 /// @brief Process the received certificate.
232 void
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]233 onData(const Interest& interest,
234 const Data& data,
235 const shared_ptr<ValidationRequest>& nextStep);
236
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]237 /// @brief Re-express the interest if it times out.
238 void
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]239 onTimeout(const Interest& interest,
240 int retry,
241 const OnFailure& onFailure,
242 const shared_ptr<ValidationRequest>& nextStep);
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]243
244 void
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]245 validate(const Data& data,
246 const OnDataValidated& onValidated,
247 const OnDataValidationFailed& onValidationFailed,
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]248 int nSteps);
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]249
250 void
Yingdi Yu48e8c0c2014-03-19 12:01:55 -0700[diff] [blame]251 validate(const Interest& interest,
252 const OnInterestValidated& onValidated,
253 const OnInterestValidationFailed& onValidationFailed,
Yingdi Yu4b8c6a22014-04-15 23:00:54 -0700[diff] [blame]254 int nSteps);
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]255
256protected:
Yingdi Yu96e64062014-04-15 19:57:33 -0700[diff] [blame]257 bool m_hasFace;
258 Face& m_face;
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]259};
260
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]261} // namespace ndn
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]262
Yingdi Yufc40d872014-02-18 12:56:04 -0800[diff] [blame]263#endif //NDN_SECURITY_VALIDATOR_HPP