ndn-cxx: NDN C++ Library 0.9.0-33-g832ea91d
Loading...
Searching...
No Matches
verifier-filter.cpp
Go to the documentation of this file.
1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/*
3 * Copyright (c) 2013-2023 Regents of the University of California.
4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6 *
7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20 */
21
22#include "ndn-cxx/security/transform/verifier-filter.hpp"
23#include "ndn-cxx/security/transform/private-key.hpp"
24#include "ndn-cxx/security/transform/public-key.hpp"
25#include "ndn-cxx/security/impl/openssl-helper.hpp"
26
27#include <boost/lexical_cast.hpp>
28
29namespace ndn::security::transform {
30
31class VerifierFilter::Impl
32{
33public:
34 explicit
35 Impl(span<const uint8_t> sig)
36 : sig(sig)
37 {
38 }
39
40public:
41 detail::EvpMdCtx ctx;
42 span<const uint8_t> sig;
43};
44
45
46VerifierFilter::VerifierFilter(DigestAlgorithm algo, const PublicKey& key, span<const uint8_t> sig)
47 : m_impl(make_unique<Impl>(sig))
48 , m_keyType(key.getKeyType())
49{
50 init(algo, key.getEvpPkey());
51}
52
53VerifierFilter::VerifierFilter(DigestAlgorithm algo, const PrivateKey& key, span<const uint8_t> sig)
54 : m_impl(make_unique<Impl>(sig))
55 , m_keyType(key.getKeyType())
56{
57 if (m_keyType != KeyType::HMAC)
58 NDN_THROW(Error(getIndex(), "VerifierFilter only supports private keys of HMAC type"));
59
60 init(algo, key.getEvpPkey());
61}
62
63VerifierFilter::~VerifierFilter() = default;
64
65void
66VerifierFilter::init(DigestAlgorithm algo, void* pkey)
67{
68 const EVP_MD* md = detail::digestAlgorithmToEvpMd(algo);
69 if (md == nullptr)
70 NDN_THROW(Error(getIndex(), "Unsupported digest algorithm " +
71 boost::lexical_cast<std::string>(algo)));
72
73 int ret;
74 if (m_keyType == KeyType::HMAC)
75 ret = EVP_DigestSignInit(m_impl->ctx, nullptr, md, nullptr, reinterpret_cast<EVP_PKEY*>(pkey));
76 else
77 ret = EVP_DigestVerifyInit(m_impl->ctx, nullptr, md, nullptr, reinterpret_cast<EVP_PKEY*>(pkey));
78
79 if (ret != 1)
80 NDN_THROW(Error(getIndex(), "Failed to initialize verification context with " +
81 boost::lexical_cast<std::string>(algo) + " digest and " +
82 boost::lexical_cast<std::string>(m_keyType) + " key"));
83}
84
85size_t
86VerifierFilter::convert(span<const uint8_t> buf)
87{
88 int ret;
89 if (m_keyType == KeyType::HMAC)
90 ret = EVP_DigestSignUpdate(m_impl->ctx, buf.data(), buf.size());
91 else
92 ret = EVP_DigestVerifyUpdate(m_impl->ctx, buf.data(), buf.size());
93
94 if (ret != 1)
95 NDN_THROW(Error(getIndex(), "Failed to accept more input"));
96
97 return buf.size();
98}
99
100void
101VerifierFilter::finalize()
102{
103 bool ok = false;
104 if (m_keyType == KeyType::HMAC) {
105 auto hmacBuf = make_unique<OBuffer>(EVP_MAX_MD_SIZE);
106 size_t hmacLen = EVP_MAX_MD_SIZE;
107
108 if (EVP_DigestSignFinal(m_impl->ctx, hmacBuf->data(), &hmacLen) != 1)
109 NDN_THROW(Error(getIndex(), "Failed to finalize HMAC"));
110
111 ok = CRYPTO_memcmp(hmacBuf->data(), m_impl->sig.data(), std::min(hmacLen, m_impl->sig.size())) == 0;
112 }
113 else {
114 ok = EVP_DigestVerifyFinal(m_impl->ctx, m_impl->sig.data(), m_impl->sig.size()) == 1;
115 }
116
117 auto buffer = make_unique<OBuffer>(1);
118 (*buffer)[0] = ok ? 1 : 0;
119 setOutputBuffer(std::move(buffer));
120
121 flushAllOutput();
122}
123
124unique_ptr<Transform>
125verifierFilter(DigestAlgorithm algo, const PublicKey& key, span<const uint8_t> sig)
126{
127 return make_unique<VerifierFilter>(algo, key, sig);
128}
129
130unique_ptr<Transform>
131verifierFilter(DigestAlgorithm algo, const PrivateKey& key, span<const uint8_t> sig)
132{
133 return make_unique<VerifierFilter>(algo, key, sig);
134}
135
136} // namespace ndn::security::transform
ndn::security::transform::Downstream::getIndex
size_t getIndex() const
Get the module index.
Definition transform-base.hpp:125
ndn::security::transform::Error
Base class of transformation error.
Definition transform-base.hpp:48
ndn::security::transform::PrivateKey
Abstraction of a private key in crypto transformations.
Definition private-key.hpp:39
ndn::security::transform::PublicKey
Abstraction of a public key in crypto transformations.
Definition public-key.hpp:35
ndn::security::transform::Transform::setOutputBuffer
void setOutputBuffer(unique_ptr< OBuffer > buffer)
Set output buffer to buffer.
Definition transform-base.cpp:84
ndn::security::transform::Transform::flushAllOutput
void flushAllOutput()
Read the all the content from output buffer and write it into next module.
Definition transform-base.cpp:76
ndn::security::transform::VerifierFilter::VerifierFilter
VerifierFilter(DigestAlgorithm algo, const PublicKey &key, span< const uint8_t > sig)
Create a verifier module to verify signature sig using algorithm algo and public key key.
Definition verifier-filter.cpp:46
NDN_THROW
#define NDN_THROW(e)
Definition exception.hpp:56
ndn::security::transform::verifierFilter
unique_ptr< Transform > verifierFilter(DigestAlgorithm algo, const PublicKey &key, span< const uint8_t > sig)
Definition verifier-filter.cpp:125
ndn::KeyType::HMAC
@ HMAC
HMAC key, supports sign/verify operations.
sig
span< const uint8_t > sig
Definition verification-helpers.cpp:58