verifier-filter.cpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2 /*
3  * Copyright (c) 2013-2023 Regents of the University of California.
4  *
5  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6  *
7  * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8  * terms of the GNU Lesser General Public License as published by the Free Software
9  * Foundation, either version 3 of the License, or (at your option) any later version.
10  *
11  * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13  * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14  *
15  * You should have received copies of the GNU General Public License and GNU Lesser
16  * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17  * <http://www.gnu.org/licenses/>.
18  *
19  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20  */
21 
22 #include "ndn-cxx/security/transform/verifier-filter.hpp"
23 #include "ndn-cxx/security/transform/private-key.hpp"
24 #include "ndn-cxx/security/transform/public-key.hpp"
25 #include "ndn-cxx/security/impl/openssl-helper.hpp"
26 
27 #include <boost/lexical_cast.hpp>
28 
29 namespace ndn::security::transform {
30 
31 class VerifierFilter::Impl
32 {
33 public:
34  explicit
35  Impl(span<const uint8_t> sig)
36  : sig(sig)
37  {
38  }
39 
40 public:
41  detail::EvpMdCtx ctx;
42  span<const uint8_t> sig;
43 };
44 
45 
46 VerifierFilter::VerifierFilter(DigestAlgorithm algo, const PublicKey& key, span<const uint8_t> sig)
47  : m_impl(make_unique<Impl>(sig))
48  , m_keyType(key.getKeyType())
49 {
50  init(algo, key.getEvpPkey());
51 }
52 
53 VerifierFilter::VerifierFilter(DigestAlgorithm algo, const PrivateKey& key, span<const uint8_t> sig)
54  : m_impl(make_unique<Impl>(sig))
55  , m_keyType(key.getKeyType())
56 {
57  if (m_keyType != KeyType::HMAC)
58  NDN_THROW(Error(getIndex(), "VerifierFilter only supports private keys of HMAC type"));
59 
60  init(algo, key.getEvpPkey());
61 }
62 
63 VerifierFilter::~VerifierFilter() = default;
64 
65 void
66 VerifierFilter::init(DigestAlgorithm algo, void* pkey)
67 {
68  const EVP_MD* md = detail::digestAlgorithmToEvpMd(algo);
69  if (md == nullptr)
70  NDN_THROW(Error(getIndex(), "Unsupported digest algorithm " +
71  boost::lexical_cast<std::string>(algo)));
72 
73  int ret;
74  if (m_keyType == KeyType::HMAC)
75  ret = EVP_DigestSignInit(m_impl->ctx, nullptr, md, nullptr, reinterpret_cast<EVP_PKEY*>(pkey));
76  else
77  ret = EVP_DigestVerifyInit(m_impl->ctx, nullptr, md, nullptr, reinterpret_cast<EVP_PKEY*>(pkey));
78 
79  if (ret != 1)
80  NDN_THROW(Error(getIndex(), "Failed to initialize verification context with " +
81  boost::lexical_cast<std::string>(algo) + " digest and " +
82  boost::lexical_cast<std::string>(m_keyType) + " key"));
83 }
84 
85 size_t
86 VerifierFilter::convert(span<const uint8_t> buf)
87 {
88  int ret;
89  if (m_keyType == KeyType::HMAC)
90  ret = EVP_DigestSignUpdate(m_impl->ctx, buf.data(), buf.size());
91  else
92  ret = EVP_DigestVerifyUpdate(m_impl->ctx, buf.data(), buf.size());
93 
94  if (ret != 1)
95  NDN_THROW(Error(getIndex(), "Failed to accept more input"));
96 
97  return buf.size();
98 }
99 
100 void
101 VerifierFilter::finalize()
102 {
103  bool ok = false;
104  if (m_keyType == KeyType::HMAC) {
105  auto hmacBuf = make_unique<OBuffer>(EVP_MAX_MD_SIZE);
106  size_t hmacLen = EVP_MAX_MD_SIZE;
107 
108  if (EVP_DigestSignFinal(m_impl->ctx, hmacBuf->data(), &hmacLen) != 1)
109  NDN_THROW(Error(getIndex(), "Failed to finalize HMAC"));
110 
111  ok = CRYPTO_memcmp(hmacBuf->data(), m_impl->sig.data(), std::min(hmacLen, m_impl->sig.size())) == 0;
112  }
113  else {
114  ok = EVP_DigestVerifyFinal(m_impl->ctx, m_impl->sig.data(), m_impl->sig.size()) == 1;
115  }
116 
117  auto buffer = make_unique<OBuffer>(1);
118  (*buffer)[0] = ok ? 1 : 0;
119  setOutputBuffer(std::move(buffer));
120 
121  flushAllOutput();
122 }
123 
124 unique_ptr<Transform>
125 verifierFilter(DigestAlgorithm algo, const PublicKey& key, span<const uint8_t> sig)
126 {
127  return make_unique<VerifierFilter>(algo, key, sig);
128 }
129 
130 unique_ptr<Transform>
131 verifierFilter(DigestAlgorithm algo, const PrivateKey& key, span<const uint8_t> sig)
132 {
133  return make_unique<VerifierFilter>(algo, key, sig);
134 }
135 
136 } // namespace ndn::security::transform
ndn::security::transform::Downstream::getIndex
size_t getIndex() const
Get the module index.
Definition: transform-base.hpp:125
ndn::security::transform::Error
Base class of transformation error.
Definition: transform-base.hpp:48
ndn::security::transform::PrivateKey
Abstraction of a private key in crypto transformations.
Definition: private-key.hpp:39
ndn::security::transform::PublicKey
Abstraction of a public key in crypto transformations.
Definition: public-key.hpp:35
ndn::security::transform::Transform::setOutputBuffer
void setOutputBuffer(unique_ptr< OBuffer > buffer)
Set output buffer to buffer.
Definition: transform-base.cpp:84
ndn::security::transform::Transform::flushAllOutput
void flushAllOutput()
Read the all the content from output buffer and write it into next module.
Definition: transform-base.cpp:76
ndn::security::transform::VerifierFilter::VerifierFilter
VerifierFilter(DigestAlgorithm algo, const PublicKey &key, span< const uint8_t > sig)
Create a verifier module to verify signature sig using algorithm algo and public key key.
Definition: verifier-filter.cpp:46
NDN_THROW
#define NDN_THROW(e)
Definition: exception.hpp:56
ndn::security::transform::verifierFilter
unique_ptr< Transform > verifierFilter(DigestAlgorithm algo, const PublicKey &key, span< const uint8_t > sig)
Definition: verifier-filter.cpp:125
ndn::KeyType::HMAC
@ HMAC
HMAC key, supports sign/verify operations.
sig
span< const uint8_t > sig
Definition: verification-helpers.cpp:58