master/doxygen/validation-policy-signed-interest_8hpp_source.html

/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */

/*

 * Copyright (c) 2013-2023 Regents of the University of California.

 *

 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).

 *

 * ndn-cxx library is free software: you can redistribute it and/or modify it under the

 * terms of the GNU Lesser General Public License as published by the Free Software

 * Foundation, either version 3 of the License, or (at your option) any later version.

 *

 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY

 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A

 * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.

 *

 * You should have received copies of the GNU General Public License and GNU Lesser

 * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see

 * <http://www.gnu.org/licenses/>.

 *

 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.

 */


#ifndef NDN_CXX_SECURITY_VALIDATION_POLICY_SIGNED_INTEREST_HPP

#define NDN_CXX_SECURITY_VALIDATION_POLICY_SIGNED_INTEREST_HPP


#include "ndn-cxx/security/validation-policy.hpp"


#include <boost/multi_index_container.hpp>

#include <boost/multi_index/hashed_index.hpp>

#include <boost/multi_index/key_extractors.hpp>

#include <boost/multi_index/ordered_index.hpp>

#include <boost/multi_index/sequenced_index.hpp>


namespace ndn::security {


class ValidationPolicySignedInterest : public ValidationPolicy

{

private:

  using SigNonce = std::vector<uint8_t>;

  struct NonceSet {};

  struct NonceList {};


public:


  class Options

  {

  public:


    Options()

    {

    }


  public:

    bool shouldValidateTimestamps = true;


    time::nanoseconds timestampGracePeriod = 2_min;


    bool shouldValidateSeqNums = false;


    bool shouldValidateNonces = true;


    ssize_t maxNonceRecordCount = 1000;


    ssize_t maxRecordCount = 1000;

  };


  explicit

  ValidationPolicySignedInterest(unique_ptr<ValidationPolicy> inner, const Options& options = {});


protected:

  void

  checkPolicy(const Data& data, const shared_ptr<ValidationState>& state,

              const ValidationContinuation& continueValidation) override;


  void

  checkPolicy(const Interest& interest, const shared_ptr<ValidationState>& state,

              const ValidationContinuation& continueValidation) override;


private:

  bool

  checkIncomingInterest(const shared_ptr<ValidationState>& state, const Interest& interest);


  void

  insertRecord(const Name& keyName,

               std::optional<time::system_clock::time_point> timestamp,

               std::optional<uint64_t> seqNum,

               std::optional<SigNonce> nonce);


private:

  Options m_options;


  using NonceContainer = boost::multi_index_container<

    SigNonce,

    boost::multi_index::indexed_by<

      boost::multi_index::hashed_unique<

        boost::multi_index::tag<NonceSet>,

        boost::multi_index::identity<SigNonce>

      >,

      boost::multi_index::sequenced<

        boost::multi_index::tag<NonceList>

      >

    >

  >;


  struct LastInterestRecord

  {

    LastInterestRecord(const Name& keyName,

                       std::optional<time::system_clock::time_point> timestamp,

                       std::optional<uint64_t> seqNum)

      : keyName(keyName)

      , timestamp(timestamp)

      , seqNum(seqNum)

      , lastRefreshed(time::steady_clock::now())

    {

    }


    Name keyName;

    std::optional<time::system_clock::time_point> timestamp;

    std::optional<uint64_t> seqNum;

    NonceContainer observedNonces;

    time::steady_clock::time_point lastRefreshed;

  };


  using Container = boost::multi_index_container<

    LastInterestRecord,

    boost::multi_index::indexed_by<

      boost::multi_index::ordered_unique<

        boost::multi_index::member<LastInterestRecord, Name, &LastInterestRecord::keyName>

      >,

      boost::multi_index::ordered_non_unique<

        boost::multi_index::member<LastInterestRecord, time::steady_clock::time_point,

                                   &LastInterestRecord::lastRefreshed>

      >

    >

  >;


  Container m_container;

  Container::nth_index<0>::type& m_byKeyName;

  Container::nth_index<1>::type& m_byLastRefreshed;

};


} // namespace ndn::security


#endif // NDN_CXX_SECURITY_VALIDATION_POLICY_SIGNED_INTEREST_HPP

ndn::Data
Represents a Data packet.
Definition data.hpp:39

ndn::Interest
Represents an Interest packet.
Definition interest.hpp:50

ndn::Name
Represents an absolute name.
Definition name.hpp:45

ndn::security::ValidationPolicySignedInterest::Options
Definition validation-policy-signed-interest.hpp:51

ndn::security::ValidationPolicySignedInterest::Options::shouldValidateSeqNums
bool shouldValidateSeqNums
Whether to validate sequence numbers in signed Interests by ensuring they are present and are strictl...
Definition validation-policy-signed-interest.hpp:88

ndn::security::ValidationPolicySignedInterest::Options::maxNonceRecordCount
ssize_t maxNonceRecordCount
Number of previous nonces to track for each public key.
Definition validation-policy-signed-interest.hpp:111

ndn::security::ValidationPolicySignedInterest::Options::timestampGracePeriod
time::nanoseconds timestampGracePeriod
Tolerance of timestamp differences from the current time.
Definition validation-policy-signed-interest.hpp:81

ndn::security::ValidationPolicySignedInterest::Options::maxRecordCount
ssize_t maxRecordCount
Max number of distinct public keys to track.
Definition validation-policy-signed-interest.hpp:133

ndn::security::ValidationPolicySignedInterest::Options::shouldValidateNonces
bool shouldValidateNonces
Whether to validate nonces by ensuring that they are present and do not overlap with one of the last ...
Definition validation-policy-signed-interest.hpp:98

ndn::security::ValidationPolicySignedInterest::Options::shouldValidateTimestamps
bool shouldValidateTimestamps
Whether to validate timestamps in signed Interests by ensuring they are not reordered for a given pub...
Definition validation-policy-signed-interest.hpp:66

ndn::security::ValidationPolicySignedInterest::Options::Options
Options()
Definition validation-policy-signed-interest.hpp:53

ndn::security::ValidationPolicySignedInterest
Validation policy for signed Interests.
Definition validation-policy-signed-interest.hpp:43

ndn::security::ValidationPolicySignedInterest::checkPolicy
void checkPolicy(const Data &data, const shared_ptr< ValidationState > &state, const ValidationContinuation &continueValidation) override
Check data against the policy.
Definition validation-policy-signed-interest.cpp:41

ndn::security::ValidationPolicy
Abstraction that implements a validation policy for Interest and Data packets.
Definition validation-policy.hpp:36

ndn::security::ValidationPolicy::ValidationContinuation
std::function< void(const shared_ptr< CertificateRequest > &certRequest, const shared_ptr< ValidationState > &state)> ValidationContinuation
Definition validation-policy.hpp:39

ndn::time::steady_clock::time_point
::boost::chrono::time_point< steady_clock > time_point
Definition time.hpp:232

ndn::security
Contains the ndn-cxx security framework.
Definition additional-description.cpp:26

ndn::time::nanoseconds
::boost::chrono::nanoseconds nanoseconds
Definition time.hpp:54

validation-policy.hpp