verification-helpers.cpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2 /*
3  * Copyright (c) 2013-2022 Regents of the University of California.
4  *
5  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6  *
7  * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8  * terms of the GNU Lesser General Public License as published by the Free Software
9  * Foundation, either version 3 of the License, or (at your option) any later version.
10  *
11  * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13  * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14  *
15  * You should have received copies of the GNU General Public License and GNU Lesser
16  * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17  * <http://www.gnu.org/licenses/>.
18  *
19  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20  */
21 
23 
24 #include "ndn-cxx/data.hpp"
26 #include "ndn-cxx/interest.hpp"
36 
37 #include <openssl/crypto.h>
38 
39 namespace ndn {
40 namespace security {
41 
42 namespace {
43 
44 class ParseResult
45 {
46 public:
47  ParseResult() = default;
48 
49  ParseResult(SignatureInfo info, InputBuffers bufs, span<const uint8_t> sig)
50  : info(std::move(info))
51  , bufs(std::move(bufs))
52  , sig(sig)
53  {
54  }
55 
56 public:
58  InputBuffers bufs;
59  span<const uint8_t> sig;
60 };
61 
62 } // namespace
63 
64 bool
65 verifySignature(const InputBuffers& blobs, span<const uint8_t> sig, const transform::PublicKey& key)
66 {
67  bool result = false;
68  try {
69  using namespace transform;
71  >> boolSink(result);
72  }
73  catch (const transform::Error&) {
74  return false;
75  }
76 
77  return result;
78 }
79 
80 bool
81 verifySignature(const InputBuffers& blobs, span<const uint8_t> sig, span<const uint8_t> key)
82 {
84  try {
85  pKey.loadPkcs8(key);
86  }
87  catch (const transform::Error&) {
88  return false;
89  }
90 
91  return verifySignature(blobs, sig, pKey);
92 }
93 
94 static ParseResult
95 parse(const Data& data)
96 {
97  try {
98  return {data.getSignatureInfo(), data.extractSignedRanges(),
100  }
101  catch (const tlv::Error&) {
102  return {};
103  }
104 }
105 
106 static ParseResult
107 parse(const Interest& interest)
108 {
109  try {
110  interest.wireEncode();
111 
112  if (interest.getSignatureInfo() && interest.getSignatureValue().isValid()) {
113  // Verify using v0.3 Signed Interest semantics
114  return {*interest.getSignatureInfo(), interest.extractSignedRanges(),
115  interest.getSignatureValue().value_bytes()};
116  }
117  else {
118  // Verify using older Signed Interest semantics
119  const Name& interestName = interest.getName();
120  if (interestName.size() < signed_interest::MIN_SIZE) {
121  return {};
122  }
123 
124  const Block& nameBlock = interestName.wireEncode();
125  SignatureInfo info(interestName[signed_interest::POS_SIG_INFO].blockFromValue());
126  Block sigValue(interestName[signed_interest::POS_SIG_VALUE].blockFromValue());
127  return {info,
128  {{nameBlock.value(),
129  nameBlock.value_size() - interestName[signed_interest::POS_SIG_VALUE].size()}},
130  sigValue.value_bytes()};
131  }
132  }
133  catch (const tlv::Error&) {
134  return {};
135  }
136 }
137 
138 static bool
139 verifySignature(const ParseResult& params, const transform::PublicKey& key)
140 {
141  return !params.bufs.empty() && verifySignature(params.bufs, params.sig, key);
142 }
143 
144 static bool
145 verifySignature(const ParseResult& params, span<const uint8_t> key)
146 {
147  return !params.bufs.empty() && verifySignature(params.bufs, params.sig, key);
148 }
149 
150 static bool
151 verifySignature(const ParseResult& params, const tpm::Tpm& tpm, const Name& keyName,
152  DigestAlgorithm digestAlgorithm)
153 {
154  return !params.bufs.empty() && bool(tpm.verify(params.bufs, params.sig, keyName, digestAlgorithm));
155 }
156 
157 static bool
158 verifyDigest(const ParseResult& params, DigestAlgorithm algorithm)
159 {
160  if (params.bufs.empty()) {
161  return false;
162  }
163 
164  OBufferStream os;
165  try {
166  using namespace transform;
167  bufferSource(params.bufs) >> digestFilter(algorithm) >> streamSink(os);
168  }
169  catch (const transform::Error&) {
170  return false;
171  }
172  auto result = os.buf();
173 
174  if (result->size() != params.sig.size()) {
175  return false;
176  }
177 
178  // constant-time buffer comparison to mitigate timing attacks
179  return CRYPTO_memcmp(result->data(), params.sig.data(), params.sig.size()) == 0;
180 }
181 
182 bool
183 verifySignature(const Data& data, span<const uint8_t> key)
184 {
185  return verifySignature(parse(data), key);
186 }
187 
188 bool
189 verifySignature(const Interest& interest, span<const uint8_t> key)
190 {
191  return verifySignature(parse(interest), key);
192 }
193 
194 bool
195 verifySignature(const Data& data, const transform::PublicKey& key)
196 {
197  return verifySignature(parse(data), key);
198 }
199 
200 bool
201 verifySignature(const Interest& interest, const transform::PublicKey& key)
202 {
203  return verifySignature(parse(interest), key);
204 }
205 
206 bool
207 verifySignature(const Data& data, const pib::Key& key)
208 {
209  return verifySignature(parse(data), key.getPublicKey());
210 }
211 
212 bool
213 verifySignature(const Interest& interest, const pib::Key& key)
214 {
215  return verifySignature(parse(interest), key.getPublicKey());
216 }
217 
218 bool
219 verifySignature(const Data& data, const optional<Certificate>& cert)
220 {
221  auto parsed = parse(data);
222  if (cert) {
223  return verifySignature(parsed, cert->getPublicKey());
224  }
225  else if (parsed.info.getSignatureType() == tlv::SignatureTypeValue::DigestSha256) {
226  return verifyDigest(parsed, DigestAlgorithm::SHA256);
227  }
228  // Add any other self-verifying signatures here (if any)
229  else {
230  return false;
231  }
232 }
233 
234 bool
235 verifySignature(const Interest& interest, const optional<Certificate>& cert)
236 {
237  auto parsed = parse(interest);
238  if (cert) {
239  return verifySignature(parsed, cert->getPublicKey());
240  }
241  else if (parsed.info.getSignatureType() == tlv::SignatureTypeValue::DigestSha256) {
242  return verifyDigest(parsed, DigestAlgorithm::SHA256);
243  }
244  // Add any other self-verifying signatures here (if any)
245  else {
246  return false;
247  }
248 }
249 
250 bool
251 verifySignature(const Data& data, const tpm::Tpm& tpm,
252  const Name& keyName, DigestAlgorithm digestAlgorithm)
253 {
254  return verifySignature(parse(data), tpm, keyName, digestAlgorithm);
255 }
256 
257 bool
258 verifySignature(const Interest& interest, const tpm::Tpm& tpm,
259  const Name& keyName, DigestAlgorithm digestAlgorithm)
260 {
261  return verifySignature(parse(interest), tpm, keyName, digestAlgorithm);
262 }
263 
264 } // namespace security
265 } // namespace ndn
span< const uint8_t > value_bytes() const noexcept
Return a read-only view of TLV-VALUE as a contiguous range of bytes.
Definition: block.hpp:330
Represents a Data packet.
Definition: data.hpp:39
InputBuffers extractSignedRanges() const
Extract ranges of Data covered by the signature.
Definition: data.cpp:320
const SignatureInfo & getSignatureInfo() const noexcept
Get the SignatureInfo element.
Definition: data.hpp:224
const Block & getSignatureValue() const noexcept
Get the SignatureValue element.
Definition: data.hpp:245
Represents an Interest packet.
Definition: interest.hpp:50
Represents an absolute name.
Definition: name.hpp:44
Frontend handle for a key in the PIB.
Definition: key.hpp:51
span< const uint8_t > getPublicKey() const
Return the raw public key bits.
Definition: key.cpp:55
TPM front-end class.
Definition: tpm.hpp:66
Base class of transformation error.
Abstraction of public key in crypto transformation.
Definition: public-key.hpp:36
void loadPkcs8(span< const uint8_t > buf)
Load the public key in PKCS#8 format from a buffer buf.
Definition: public-key.cpp:103
unique_ptr< Transform > digestFilter(DigestAlgorithm algo)
unique_ptr< Sink > streamSink(std::ostream &os)
Definition: stream-sink.cpp:53
unique_ptr< Sink > boolSink(bool &value)
Definition: bool-sink.cpp:51
unique_ptr< Transform > verifierFilter(DigestAlgorithm algo, const PublicKey &key, span< const uint8_t > sig)
bool verifySignature(const InputBuffers &blobs, span< const uint8_t > sig, const transform::PublicKey &key)
Verify blobs using key against sig.
const ssize_t POS_SIG_VALUE
const size_t MIN_SIZE
Minimum number of name components for an old-style Signed Interest.
const ssize_t POS_SIG_INFO
@ Name
Definition: tlv.hpp:71
@ SignatureInfo
Definition: tlv.hpp:94
@ Interest
Definition: tlv.hpp:68
@ DigestSha256
Definition: tlv.hpp:128
Definition: data.cpp:25
InputBuffers bufs
span< const uint8_t > sig
SignatureInfo info