d9/dee/validator_8cpp_source.html

 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */

 #include "common.hpp"


 #include "validator.hpp"

 #include "../util/crypto.hpp"


 #include "cryptopp.hpp"


 using namespace std;


 namespace ndn {


 Validator::Validator()

   : m_hasFace(false)

   , m_face(*static_cast<Face*>(0))

 {

 }


 Validator::Validator(Face& face)

   : m_hasFace(true)

   , m_face(face)

 {

 }


 void

 Validator::validate(const Interest& interest,

                     const OnInterestValidated& onValidated,

                     const OnInterestValidationFailed& onValidationFailed,

                     int nSteps)

 {

   vector<shared_ptr<ValidationRequest> > nextSteps;

   checkPolicy(interest, nSteps, onValidated, onValidationFailed, nextSteps);


   if (!nextSteps.empty())

     {

       if (!m_hasFace)

         {

           onValidationFailed(interest.shared_from_this(),

                              "Require more information to validate the interest!");

           return;

         }


       vector<shared_ptr<ValidationRequest> >::const_iterator it = nextSteps.begin();

       OnFailure onFailure = bind(onValidationFailed, interest.shared_from_this(), _1);

       for (; it != nextSteps.end(); it++)

         m_face.expressInterest((*it)->m_interest,

                                bind(&Validator::onData, this, _1, _2, *it),

                                bind(&Validator::onTimeout,

                                     this, _1, (*it)->m_nRetrials,

                                     onFailure,

                                     *it));

     }

   else

     {

       // If there is no nextStep,

       // that means InterestPolicy has already been able to verify the Interest.

       // No more further processes.

     }

 }


 void

 Validator::validate(const Data& data,

                     const OnDataValidated& onValidated,

                     const OnDataValidationFailed& onValidationFailed,

                     int nSteps)

 {

   vector<shared_ptr<ValidationRequest> > nextSteps;

   checkPolicy(data, nSteps, onValidated, onValidationFailed, nextSteps);


   if (!nextSteps.empty())

     {

       if (!m_hasFace)

         {

           onValidationFailed(data.shared_from_this(),

                              "Require more information to validate the data!");

         }


       vector<shared_ptr<ValidationRequest> >::const_iterator it = nextSteps.begin();

       OnFailure onFailure = bind(onValidationFailed, data.shared_from_this(), _1);

       for (; it != nextSteps.end(); it++)

         m_face.expressInterest((*it)->m_interest,

                                bind(&Validator::onData, this, _1, _2, *it),

                                bind(&Validator::onTimeout,

                                     this, _1, (*it)->m_nRetrials,

                                     onFailure,

                                     *it));

     }

   else

     {

       // If there is no nextStep,

       // that means Data Policy has already been able to verify the Interest.

       // No more further processes.

     }

 }


 void

 Validator::onData(const Interest& interest,

                   const Data& data,

                   const shared_ptr<ValidationRequest>& nextStep)

 {

   validate(data, nextStep->m_onValidated, nextStep->m_onDataValidated, nextStep->m_nSteps);

 }


 void

 Validator::onTimeout(const Interest& interest,

                      int nRetrials,

                      const OnFailure& onFailure,

                      const shared_ptr<ValidationRequest>& nextStep)

 {

   if (nRetrials > 0)

     // Issue the same expressInterest except decrement nRetrials.

     m_face.expressInterest(interest,

                             bind(&Validator::onData, this, _1, _2, nextStep),

                             bind(&Validator::onTimeout, this, _1,

                                  nRetrials - 1, onFailure, nextStep));

   else

     onFailure("Cannot fetch cert: " + interest.getName().toUri());

 }


 bool

 Validator::verifySignature(const Data& data, const PublicKey& key)

 {

   try

     {

       switch (data.getSignature().getType())

         {

         case Signature::Sha256WithRsa:

           {

             SignatureSha256WithRsa sigSha256Rsa(data.getSignature());

             return verifySignature(data, sigSha256Rsa, key);

           }

         default:

           {

             return false;

           }

         }

     }

   catch (Signature::Error& e)

     {

       return false;

     }

   return false;

 }


 bool

 Validator::verifySignature(const Interest& interest, const PublicKey& key)

 {

   const Name& interestName = interest.getName();


   if (interestName.size() < 2)

     return false;


   try

     {

       const Block& nameBlock = interestName.wireEncode();


       Signature sig(interestName[-2].blockFromValue(),

                     interestName[-1].blockFromValue());


       switch (sig.getType())

         {

         case Signature::Sha256WithRsa:

           {

             SignatureSha256WithRsa sigSha256Rsa(sig);


             return verifySignature(nameBlock.value(),

                                    nameBlock.value_size() - interestName[-1].size(),

                                    sigSha256Rsa, key);

           }

         default:

           {

             return false;

           }

         }

     }

   catch (Signature::Error& e)

     {

       return false;

     }

   catch (Block::Error& e)

     {

       return false;

     }

   return false;

 }


 bool

 Validator::verifySignature(const Buffer& data, const Signature& sig, const PublicKey& key)

 {

   try

     {

       switch (sig.getType())

         {

         case Signature::Sha256WithRsa:

           {

             SignatureSha256WithRsa sigSha256Rsa(sig);

             return verifySignature(data, sigSha256Rsa, key);

           }

         default:

           {

             return false;

           }

         }

     }

   catch (Signature::Error& e)

     {

       return false;

     }

   return false;

 }


 bool

 Validator::verifySignature(const uint8_t* buf,

                            const size_t size,

                            const SignatureSha256WithRsa& sig,

                            const PublicKey& key)

 {

   try

     {

       using namespace CryptoPP;


       RSA::PublicKey publicKey;

       ByteQueue queue;


       queue.Put(reinterpret_cast<const byte*>(key.get().buf()), key.get().size());

       publicKey.Load(queue);


       RSASS<PKCS1v15, SHA256>::Verifier verifier(publicKey);

       return verifier.VerifyMessage(buf, size,

                                     sig.getValue().value(),

                                     sig.getValue().value_size());

     }

   catch (CryptoPP::Exception& e)

     {

       return false;

     }

 }


 bool

 Validator::verifySignature(const uint8_t* buf, const size_t size, const SignatureSha256& sig)

 {

   try

     {

       ConstBufferPtr buffer = crypto::sha256(buf, size);

       const Block& sigValue = sig.getValue();


       if (static_cast<bool>(buffer) &&

           buffer->size() == sigValue.value_size() &&

           buffer->size() == crypto::SHA256_DIGEST_SIZE)

         {


           const uint8_t* p1 = buffer->buf();

           const uint8_t* p2 = sigValue.value();


           return 0 == memcmp(p1, p2, crypto::SHA256_DIGEST_SIZE);

         }

       else

         return false;

     }

   catch (CryptoPP::Exception& e)

     {

       return false;

     }

 }


 } // namespace ndn

ndn::SignatureSha256WithRsa
Representing of SHA256-with-RSA signature in a data packet.
Definition: signature-sha256-with-rsa.hpp:18

ndn::Interest::getName
const Name & getName() const
Definition: interest.hpp:182

ndn::SignatureSha256
Representing of SHA256 signature in a data packet.
Definition: signature-sha256.hpp:18

ndn::Tlv::Data
Definition: tlv.hpp:37

ndn::crypto::SHA256_DIGEST_SIZE
static const size_t SHA256_DIGEST_SIZE
number of octets in a SHA256 digest
Definition: crypto.hpp:26

validator.hpp

ndn::Validator::m_face
Face & m_face
Definition: validator.hpp:251

ndn::Block
Class representing wire element of the NDN packet.
Definition: block.hpp:26

ndn::Interest
An Interest holds a Name and other fields for an interest.
Definition: interest.hpp:24

ndn::Signature::getValue
const Block & getValue() const
Definition: signature.hpp:79

ndn::Signature::getType
uint32_t getType() const
Definition: signature.hpp:50

cryptopp.hpp

ndn::ConstBufferPtr
ptr_lib::shared_ptr< const Buffer > ConstBufferPtr
Definition: buffer.hpp:17

ndn::OnDataValidated
function< void(const shared_ptr< const Data > &)> OnDataValidated
Callback to report a successful Data validation.
Definition: validation-request.hpp:23

ndn::Validator::validate
void validate(const Data &data, const OnDataValidated &onValidated, const OnDataValidationFailed &onValidationFailed)
Validate Data and call either onValidated or onValidationFailed.
Definition: validator.hpp:53

ndn::Validator::checkPolicy
virtual void checkPolicy(const Data &data, int nSteps, const OnDataValidated &onValidated, const OnDataValidationFailed &onValidationFailed, std::vector< shared_ptr< ValidationRequest > > &nextSteps)=0
Check the Data against policy and return the next validation step if necessary.

ndn::Buffer::buf
uint8_t * buf()
Get pointer to the first byte of the buffer (alternative version)
Definition: buffer.hpp:86

ndn::OnDataValidationFailed
function< void(const shared_ptr< const Data > &, const std::string &)> OnDataValidationFailed
Callback to report a failed Data validation.
Definition: validation-request.hpp:27

ndn::Face
Abstraction to communicate with local or remote NDN forwarder.
Definition: face.hpp:54

ndn::Name::size
size_t size() const
Get the number of components.
Definition: name.hpp:329

ndn::Name
A Name holds an array of Name::Component and represents an NDN name.
Definition: name.hpp:26

ndn::Face::expressInterest
const PendingInterestId * expressInterest(const Interest &interest, const OnData &onData, const OnTimeout &onTimeout=OnTimeout())
Express Interest.
Definition: face.cpp:125

ndn::Block::value_size
size_t value_size() const
Definition: block.hpp:455

ndn::Name::wireEncode
size_t wireEncode(EncodingImpl< T > &block) const
Fast encoding or block size estimation.
Definition: name.hpp:711

ndn::Data::getSignature
const Signature & getSignature() const
Definition: data.hpp:450

ndn::OnInterestValidationFailed
function< void(const shared_ptr< const Interest > &, const std::string &)> OnInterestValidationFailed
Callback to report a failed Interest validation.
Definition: validation-request.hpp:20

ndn::PublicKey::get
const Buffer & get() const
Definition: public-key.hpp:47

ndn::Tlv::Interest
Definition: tlv.hpp:36

ndn::Validator::verifySignature
static bool verifySignature(const Data &data, const PublicKey &publicKey)
Verify the data using the publicKey.
Definition: validator.cpp:128

ndn::Block::value
const uint8_t * value() const
Definition: block.hpp:446

ndn::Validator::m_hasFace
bool m_hasFace
Definition: validator.hpp:250

ndn::Signature::Error
Definition: signature.hpp:18

ndn::crypto::sha256
ConstBufferPtr sha256(const uint8_t *data, size_t dataLength)
Compute the sha-256 digest of data.
Definition: crypto.cpp:33

ndn::PublicKey
Definition: public-key.hpp:19

ndn::Data
Definition: data.hpp:21

ndn::Buffer
Class representing a general-use automatically managed/resized buffer.
Definition: buffer.hpp:28

ndn::OnInterestValidated
function< void(const shared_ptr< const Interest > &)> OnInterestValidated
Callback to report a successful Interest validation.
Definition: validation-request.hpp:16

ndn::Validator::Validator
Validator()
Definition: validator.cpp:20

ndn::Block::Error
Error that can be thrown from Block.
Definition: block.hpp:34

ndn::Signature::Sha256WithRsa
Definition: signature.hpp:30

ndn::Signature
A Signature is storage for the signature-related information (info and value) in a Data packet...
Definition: signature.hpp:15