master/doxygen/validation-policy-signed-interest_8hpp_source.html

 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */

 /*

  * Copyright (c) 2013-2023 Regents of the University of California.

  *

  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).

  *

  * ndn-cxx library is free software: you can redistribute it and/or modify it under the

  * terms of the GNU Lesser General Public License as published by the Free Software

  * Foundation, either version 3 of the License, or (at your option) any later version.

  *

  * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY

  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A

  * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.

  *

  * You should have received copies of the GNU General Public License and GNU Lesser

  * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see

  * <http://www.gnu.org/licenses/>.

  *

  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.

  */


 #ifndef NDN_CXX_SECURITY_VALIDATION_POLICY_SIGNED_INTEREST_HPP

 #define NDN_CXX_SECURITY_VALIDATION_POLICY_SIGNED_INTEREST_HPP


 #include "ndn-cxx/security/validation-policy.hpp"


 #include <boost/multi_index_container.hpp>

 #include <boost/multi_index/hashed_index.hpp>

 #include <boost/multi_index/key_extractors.hpp>

 #include <boost/multi_index/ordered_index.hpp>

 #include <boost/multi_index/sequenced_index.hpp>


 namespace ndn::security {


 class ValidationPolicySignedInterest : public ValidationPolicy

 {

 private:

   using SigNonce = std::vector<uint8_t>;

   struct NonceSet {};

   struct NonceList {};


 public:

   class Options

   {

   public:

     Options()

     {

     }


   public:

     bool shouldValidateTimestamps = true;


     time::nanoseconds timestampGracePeriod = 2_min;


     bool shouldValidateSeqNums = false;


     bool shouldValidateNonces = true;


     ssize_t maxNonceRecordCount = 1000;


     ssize_t maxRecordCount = 1000;

   };


   explicit

   ValidationPolicySignedInterest(unique_ptr<ValidationPolicy> inner, const Options& options = {});


 protected:

   void

   checkPolicy(const Data& data, const shared_ptr<ValidationState>& state,

               const ValidationContinuation& continueValidation) override;


   void

   checkPolicy(const Interest& interest, const shared_ptr<ValidationState>& state,

               const ValidationContinuation& continueValidation) override;


 private:

   bool

   checkIncomingInterest(const shared_ptr<ValidationState>& state, const Interest& interest);


   void

   insertRecord(const Name& keyName,

                std::optional<time::system_clock::time_point> timestamp,

                std::optional<uint64_t> seqNum,

                std::optional<SigNonce> nonce);


 private:

   Options m_options;


   using NonceContainer = boost::multi_index_container<

     SigNonce,

     boost::multi_index::indexed_by<

       boost::multi_index::hashed_unique<

         boost::multi_index::tag<NonceSet>,

         boost::multi_index::identity<SigNonce>

       >,

       boost::multi_index::sequenced<

         boost::multi_index::tag<NonceList>

       >

     >

   >;


   struct LastInterestRecord

   {

     LastInterestRecord(const Name& keyName,

                        std::optional<time::system_clock::time_point> timestamp,

                        std::optional<uint64_t> seqNum)

       : keyName(keyName)

       , timestamp(timestamp)

       , seqNum(seqNum)

       , lastRefreshed(time::steady_clock::now())

     {

     }


     Name keyName;

     std::optional<time::system_clock::time_point> timestamp;

     std::optional<uint64_t> seqNum;

     NonceContainer observedNonces;

     time::steady_clock::time_point lastRefreshed;

   };


   using Container = boost::multi_index_container<

     LastInterestRecord,

     boost::multi_index::indexed_by<

       boost::multi_index::ordered_unique<

         boost::multi_index::member<LastInterestRecord, Name, &LastInterestRecord::keyName>

       >,

       boost::multi_index::ordered_non_unique<

         boost::multi_index::member<LastInterestRecord, time::steady_clock::time_point,

                                    &LastInterestRecord::lastRefreshed>

       >

     >

   >;


   Container m_container;

   Container::nth_index<0>::type& m_byKeyName;

   Container::nth_index<1>::type& m_byLastRefreshed;

 };


 } // namespace ndn::security


 #endif // NDN_CXX_SECURITY_VALIDATION_POLICY_SIGNED_INTEREST_HPP

ndn::Data
Represents a Data packet.
Definition: data.hpp:39

ndn::Interest
Represents an Interest packet.
Definition: interest.hpp:50

ndn::Name
Represents an absolute name.
Definition: name.hpp:45

ndn::security::ValidationPolicySignedInterest::Options
Definition: validation-policy-signed-interest.hpp:51

ndn::security::ValidationPolicySignedInterest::Options::shouldValidateSeqNums
bool shouldValidateSeqNums
Whether to validate sequence numbers in signed Interests by ensuring they are present and are strictl...
Definition: validation-policy-signed-interest.hpp:88

ndn::security::ValidationPolicySignedInterest::Options::maxNonceRecordCount
ssize_t maxNonceRecordCount
Number of previous nonces to track for each public key.
Definition: validation-policy-signed-interest.hpp:111

ndn::security::ValidationPolicySignedInterest::Options::timestampGracePeriod
time::nanoseconds timestampGracePeriod
Tolerance of timestamp differences from the current time.
Definition: validation-policy-signed-interest.hpp:81

ndn::security::ValidationPolicySignedInterest::Options::maxRecordCount
ssize_t maxRecordCount
Max number of distinct public keys to track.
Definition: validation-policy-signed-interest.hpp:133

ndn::security::ValidationPolicySignedInterest::Options::shouldValidateNonces
bool shouldValidateNonces
Whether to validate nonces by ensuring that they are present and do not overlap with one of the last ...
Definition: validation-policy-signed-interest.hpp:98

ndn::security::ValidationPolicySignedInterest::Options::shouldValidateTimestamps
bool shouldValidateTimestamps
Whether to validate timestamps in signed Interests by ensuring they are not reordered for a given pub...
Definition: validation-policy-signed-interest.hpp:66

ndn::security::ValidationPolicySignedInterest::Options::Options
Options()
Definition: validation-policy-signed-interest.hpp:53

ndn::security::ValidationPolicySignedInterest
Validation policy for signed Interests.
Definition: validation-policy-signed-interest.hpp:43

ndn::security::ValidationPolicySignedInterest::ValidationPolicySignedInterest
ValidationPolicySignedInterest(unique_ptr< ValidationPolicy > inner, const Options &options={})
Constructor.
Definition: validation-policy-signed-interest.cpp:26

ndn::security::ValidationPolicySignedInterest::checkPolicy
void checkPolicy(const Data &data, const shared_ptr< ValidationState > &state, const ValidationContinuation &continueValidation) override
Check data against the policy.
Definition: validation-policy-signed-interest.cpp:41

ndn::security::ValidationPolicy
Abstraction that implements a validation policy for Interest and Data packets.
Definition: validation-policy.hpp:36

ndn::security::ValidationPolicy::ValidationContinuation
std::function< void(const shared_ptr< CertificateRequest > &certRequest, const shared_ptr< ValidationState > &state)> ValidationContinuation
Definition: validation-policy.hpp:39

ndn::time::steady_clock::time_point
::boost::chrono::time_point< steady_clock > time_point
Definition: time.hpp:232

ndn::security
Contains the ndn-cxx security framework.
Definition: additional-description.cpp:26

ndn::time::nanoseconds
::boost::chrono::nanoseconds nanoseconds
Definition: time.hpp:54

validation-policy.hpp