verifier-filter.cpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2 /*
3  * Copyright (c) 2013-2019 Regents of the University of California.
4  *
5  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6  *
7  * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8  * terms of the GNU Lesser General Public License as published by the Free Software
9  * Foundation, either version 3 of the License, or (at your option) any later version.
10  *
11  * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13  * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14  *
15  * You should have received copies of the GNU General Public License and GNU Lesser
16  * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17  * <http://www.gnu.org/licenses/>.
18  *
19  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20  */
21 
22 #include "ndn-cxx/security/transform/verifier-filter.hpp"
23 #include "ndn-cxx/security/transform/private-key.hpp"
24 #include "ndn-cxx/security/transform/public-key.hpp"
25 #include "ndn-cxx/security/impl/openssl-helper.hpp"
26 
27 #include <boost/lexical_cast.hpp>
28 
29 namespace ndn {
30 namespace security {
31 namespace transform {
32 
33 class VerifierFilter::Impl
34 {
35 public:
36  Impl(const uint8_t* sig, size_t siglen)
37  : sig(sig)
38  , siglen(siglen)
39  {
40  }
41 
42 public:
43  detail::EvpMdCtx ctx;
44  const uint8_t* sig;
45  size_t siglen;
46 };
47 
48 
49 VerifierFilter::VerifierFilter(DigestAlgorithm algo, const PublicKey& key,
50  const uint8_t* sig, size_t sigLen)
51  : m_impl(make_unique<Impl>(sig, sigLen))
52  , m_keyType(key.getKeyType())
53 {
54  init(algo, key.getEvpPkey());
55 }
56 
57 VerifierFilter::VerifierFilter(DigestAlgorithm algo, const PrivateKey& key,
58  const uint8_t* sig, size_t sigLen)
59  : m_impl(make_unique<Impl>(sig, sigLen))
60  , m_keyType(key.getKeyType())
61 {
62  if (m_keyType != KeyType::HMAC)
63  NDN_THROW(Error(getIndex(), "VerifierFilter only supports private keys of HMAC type"));
64 
65  init(algo, key.getEvpPkey());
66 }
67 
68 VerifierFilter::~VerifierFilter() = default;
69 
70 void
71 VerifierFilter::init(DigestAlgorithm algo, void* pkey)
72 {
73  const EVP_MD* md = detail::digestAlgorithmToEvpMd(algo);
74  if (md == nullptr)
75  NDN_THROW(Error(getIndex(), "Unsupported digest algorithm " +
76  boost::lexical_cast<std::string>(algo)));
77 
78  int ret;
79  if (m_keyType == KeyType::HMAC)
80  ret = EVP_DigestSignInit(m_impl->ctx, nullptr, md, nullptr, reinterpret_cast<EVP_PKEY*>(pkey));
81  else
82  ret = EVP_DigestVerifyInit(m_impl->ctx, nullptr, md, nullptr, reinterpret_cast<EVP_PKEY*>(pkey));
83 
84  if (ret != 1)
85  NDN_THROW(Error(getIndex(), "Failed to initialize verification context with " +
86  boost::lexical_cast<std::string>(algo) + " digest and " +
87  boost::lexical_cast<std::string>(m_keyType) + " key"));
88 }
89 
90 size_t
91 VerifierFilter::convert(const uint8_t* buf, size_t size)
92 {
93  int ret;
94  if (m_keyType == KeyType::HMAC)
95  ret = EVP_DigestSignUpdate(m_impl->ctx, buf, size);
96  else
97  ret = EVP_DigestVerifyUpdate(m_impl->ctx, buf, size);
98 
99  if (ret != 1)
100  NDN_THROW(Error(getIndex(), "Failed to accept more input"));
101 
102  return size;
103 }
104 
105 void
106 VerifierFilter::finalize()
107 {
108  bool ok = false;
109  if (m_keyType == KeyType::HMAC) {
110  auto hmacBuf = make_unique<OBuffer>(EVP_MAX_MD_SIZE);
111  size_t hmacLen = 0;
112 
113  if (EVP_DigestSignFinal(m_impl->ctx, hmacBuf->data(), &hmacLen) != 1)
114  NDN_THROW(Error(getIndex(), "Failed to finalize HMAC"));
115 
116  ok = CRYPTO_memcmp(hmacBuf->data(), m_impl->sig, std::min(hmacLen, m_impl->siglen)) == 0;
117  }
118  else {
119  ok = EVP_DigestVerifyFinal(m_impl->ctx, m_impl->sig, m_impl->siglen) == 1;
120  }
121 
122  auto buffer = make_unique<OBuffer>(1);
123  (*buffer)[0] = ok ? 1 : 0;
124  setOutputBuffer(std::move(buffer));
125 
126  flushAllOutput();
127 }
128 
129 unique_ptr<Transform>
130 verifierFilter(DigestAlgorithm algo, const PublicKey& key, const uint8_t* sig, size_t sigLen)
131 {
132  return make_unique<VerifierFilter>(algo, key, sig, sigLen);
133 }
134 
135 unique_ptr<Transform>
136 verifierFilter(DigestAlgorithm algo, const PrivateKey& key, const uint8_t* sig, size_t sigLen)
137 {
138  return make_unique<VerifierFilter>(algo, key, sig, sigLen);
139 }
140 
141 } // namespace transform
142 } // namespace security
143 } // namespace ndn
ndn
Definition: data.cpp:26
ndn::security::transform::Downstream::getIndex
size_t getIndex() const
Get the module index.
Definition: transform-base.hpp:126
ndn::security::transform::PublicKey
Abstraction of public key in crypto transformation.
Definition: public-key.hpp:35
ndn::security::transform::Transform::flushAllOutput
void flushAllOutput()
Read the all the content from output buffer and write it into next module.
Definition: transform-base.cpp:96
NDN_THROW
#define NDN_THROW(e)
Definition: exception.hpp:61
ndn::KeyType::HMAC
HMAC key, supports sign/verify operations.
ndn::security::transform::Transform::setOutputBuffer
void setOutputBuffer(unique_ptr< OBuffer > buffer)
Set output buffer to buffer.
Definition: transform-base.cpp:104
sigLen
size_t sigLen
Definition: verification-helpers.cpp:58
sig
const uint8_t * sig
Definition: verification-helpers.cpp:57
ndn::security::transform::PrivateKey
Abstraction of private key in crypto transformation.
Definition: private-key.hpp:38
ndn::security::transform::VerifierFilter::VerifierFilter
VerifierFilter(DigestAlgorithm algo, const PublicKey &key, const uint8_t *sig, size_t sigLen)
Create a verifier module to verify signature sig using algorithm algo and public key key...
Definition: verifier-filter.cpp:49
ndn::security::transform::Error
Base class of transformation error.
Definition: transform-base.hpp:48
ndn::security::transform::verifierFilter
unique_ptr< Transform > verifierFilter(DigestAlgorithm algo, const PublicKey &key, const uint8_t *sig, size_t sigLen)
Definition: verifier-filter.cpp:130