verifier-filter.cpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2 /*
3  * Copyright (c) 2013-2022 Regents of the University of California.
4  *
5  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6  *
7  * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8  * terms of the GNU Lesser General Public License as published by the Free Software
9  * Foundation, either version 3 of the License, or (at your option) any later version.
10  *
11  * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13  * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14  *
15  * You should have received copies of the GNU General Public License and GNU Lesser
16  * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17  * <http://www.gnu.org/licenses/>.
18  *
19  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20  */
21 
22 #include "ndn-cxx/security/transform/verifier-filter.hpp"
23 #include "ndn-cxx/security/transform/private-key.hpp"
24 #include "ndn-cxx/security/transform/public-key.hpp"
25 #include "ndn-cxx/security/impl/openssl-helper.hpp"
26 
27 #include <boost/lexical_cast.hpp>
28 
29 namespace ndn {
30 namespace security {
31 namespace transform {
32 
33 class VerifierFilter::Impl
34 {
35 public:
36  explicit
37  Impl(span<const uint8_t> sig)
38  : sig(sig)
39  {
40  }
41 
42 public:
43  detail::EvpMdCtx ctx;
44  span<const uint8_t> sig;
45 };
46 
47 
48 VerifierFilter::VerifierFilter(DigestAlgorithm algo, const PublicKey& key, span<const uint8_t> sig)
49  : m_impl(make_unique<Impl>(sig))
50  , m_keyType(key.getKeyType())
51 {
52  init(algo, key.getEvpPkey());
53 }
54 
55 VerifierFilter::VerifierFilter(DigestAlgorithm algo, const PrivateKey& key, span<const uint8_t> sig)
56  : m_impl(make_unique<Impl>(sig))
57  , m_keyType(key.getKeyType())
58 {
59  if (m_keyType != KeyType::HMAC)
60  NDN_THROW(Error(getIndex(), "VerifierFilter only supports private keys of HMAC type"));
61 
62  init(algo, key.getEvpPkey());
63 }
64 
65 VerifierFilter::~VerifierFilter() = default;
66 
67 void
68 VerifierFilter::init(DigestAlgorithm algo, void* pkey)
69 {
70  const EVP_MD* md = detail::digestAlgorithmToEvpMd(algo);
71  if (md == nullptr)
72  NDN_THROW(Error(getIndex(), "Unsupported digest algorithm " +
73  boost::lexical_cast<std::string>(algo)));
74 
75  int ret;
76  if (m_keyType == KeyType::HMAC)
77  ret = EVP_DigestSignInit(m_impl->ctx, nullptr, md, nullptr, reinterpret_cast<EVP_PKEY*>(pkey));
78  else
79  ret = EVP_DigestVerifyInit(m_impl->ctx, nullptr, md, nullptr, reinterpret_cast<EVP_PKEY*>(pkey));
80 
81  if (ret != 1)
82  NDN_THROW(Error(getIndex(), "Failed to initialize verification context with " +
83  boost::lexical_cast<std::string>(algo) + " digest and " +
84  boost::lexical_cast<std::string>(m_keyType) + " key"));
85 }
86 
87 size_t
88 VerifierFilter::convert(span<const uint8_t> buf)
89 {
90  int ret;
91  if (m_keyType == KeyType::HMAC)
92  ret = EVP_DigestSignUpdate(m_impl->ctx, buf.data(), buf.size());
93  else
94  ret = EVP_DigestVerifyUpdate(m_impl->ctx, buf.data(), buf.size());
95 
96  if (ret != 1)
97  NDN_THROW(Error(getIndex(), "Failed to accept more input"));
98 
99  return buf.size();
100 }
101 
102 void
103 VerifierFilter::finalize()
104 {
105  bool ok = false;
106  if (m_keyType == KeyType::HMAC) {
107  auto hmacBuf = make_unique<OBuffer>(EVP_MAX_MD_SIZE);
108  size_t hmacLen = 0;
109 
110  if (EVP_DigestSignFinal(m_impl->ctx, hmacBuf->data(), &hmacLen) != 1)
111  NDN_THROW(Error(getIndex(), "Failed to finalize HMAC"));
112 
113  ok = CRYPTO_memcmp(hmacBuf->data(), m_impl->sig.data(), std::min(hmacLen, m_impl->sig.size())) == 0;
114  }
115  else {
116  ok = EVP_DigestVerifyFinal(m_impl->ctx, m_impl->sig.data(), m_impl->sig.size()) == 1;
117  }
118 
119  auto buffer = make_unique<OBuffer>(1);
120  (*buffer)[0] = ok ? 1 : 0;
121  setOutputBuffer(std::move(buffer));
122 
123  flushAllOutput();
124 }
125 
126 unique_ptr<Transform>
127 verifierFilter(DigestAlgorithm algo, const PublicKey& key, span<const uint8_t> sig)
128 {
129  return make_unique<VerifierFilter>(algo, key, sig);
130 }
131 
132 unique_ptr<Transform>
133 verifierFilter(DigestAlgorithm algo, const PrivateKey& key, span<const uint8_t> sig)
134 {
135  return make_unique<VerifierFilter>(algo, key, sig);
136 }
137 
138 } // namespace transform
139 } // namespace security
140 } // namespace ndn
ndn::security::transform::Downstream::getIndex
size_t getIndex() const
Get the module index.
Definition: transform-base.hpp:127
ndn::security::transform::Error
Base class of transformation error.
Definition: transform-base.hpp:50
ndn::security::transform::PrivateKey
Abstraction of private key in crypto transformation.
Definition: private-key.hpp:39
ndn::security::transform::PublicKey
Abstraction of public key in crypto transformation.
Definition: public-key.hpp:36
ndn::security::transform::Transform::setOutputBuffer
void setOutputBuffer(unique_ptr< OBuffer > buffer)
Set output buffer to buffer.
Definition: transform-base.cpp:86
ndn::security::transform::Transform::flushAllOutput
void flushAllOutput()
Read the all the content from output buffer and write it into next module.
Definition: transform-base.cpp:78
ndn::security::transform::VerifierFilter::VerifierFilter
VerifierFilter(DigestAlgorithm algo, const PublicKey &key, span< const uint8_t > sig)
Create a verifier module to verify signature sig using algorithm algo and public key key.
Definition: verifier-filter.cpp:48
NDN_THROW
#define NDN_THROW(e)
Definition: exception.hpp:61
ndn::security::transform::verifierFilter
unique_ptr< Transform > verifierFilter(DigestAlgorithm algo, const PublicKey &key, span< const uint8_t > sig)
Definition: verifier-filter.cpp:127
ndn
Definition: data.cpp:25
ndn::KeyType::HMAC
@ HMAC
HMAC key, supports sign/verify operations.
sig
span< const uint8_t > sig
Definition: verification-helpers.cpp:59