23 #include "../util/crypto.hpp"
24 #include "../lp/tags.hpp"
31 static Oid
SECP256R1(
"1.2.840.10045.3.1.7");
36 , m_wantDirectCertFetch(false)
53 std::vector<shared_ptr<ValidationRequest> > nextSteps;
54 checkPolicy(interest, nSteps, onValidated, onValidationFailed, nextSteps);
56 if (nextSteps.empty()) {
63 OnFailure onFailure = bind(onValidationFailed, interest.shared_from_this(), _1);
73 std::vector<shared_ptr<ValidationRequest> > nextSteps;
74 checkPolicy(data, nSteps, onValidated, onValidationFailed, nextSteps);
76 if (nextSteps.empty()) {
83 OnFailure onFailure = bind(onValidationFailed, data.shared_from_this(), _1);
90 const shared_ptr<ValidationRequest>& nextStep)
94 if (!static_cast<bool>(certificateData))
95 return nextStep->m_onDataValidationFailed(data.shared_from_this(),
99 nextStep->m_onDataValidated, nextStep->m_onDataValidationFailed,
155 RSA::PublicKey publicKey;
158 queue.Put(reinterpret_cast<const byte*>(key.
get().
buf()), key.
get().size());
159 publicKey.Load(queue);
161 RSASS<PKCS1v15, SHA256>::Verifier verifier(publicKey);
162 return verifier.VerifyMessage(buf, size,
170 ECDSA<ECP, SHA256>::PublicKey publicKey;
173 queue.Put(reinterpret_cast<const byte*>(key.
get().
buf()), key.
get().size());
174 publicKey.Load(queue);
176 ECDSA<ECP, SHA256>::Verifier verifier(publicKey);
179 StringSource src(key.
get().
buf(), key.
get().size(),
true);
180 BERSequenceDecoder subjectPublicKeyInfo(src);
182 BERSequenceDecoder algorithmInfo(subjectPublicKeyInfo);
185 algorithm.
decode(algorithmInfo);
188 curveId.
decode(algorithmInfo);
202 size_t usedSize = DSAConvertSignatureFormat(buffer,
sizeof(buffer), DSA_P1363,
206 return verifier.VerifyMessage(buf, size, buffer, usedSize);
211 size_t usedSize = DSAConvertSignatureFormat(buffer,
sizeof(buffer), DSA_P1363,
215 return verifier.VerifyMessage(buf, size, buffer, usedSize);
228 catch (
const CryptoPP::Exception& e) {
240 if (buffer !=
nullptr &&
243 const uint8_t* p1 = buffer->buf();
244 const uint8_t* p2 = sigValue.
value();
251 catch (
const CryptoPP::Exception& e) {
259 int remainingRetries,
261 const shared_ptr<ValidationRequest>& validationRequest)
263 if (remainingRetries > 0) {
271 remainingRetries - 1, onFailure, validationRequest),
273 remainingRetries - 1, onFailure, validationRequest));
276 onFailure(
"Cannot fetch cert: " + interest.
getName().
toUri());
282 int remainingRetries,
284 const shared_ptr<ValidationRequest>& validationRequest)
286 if (remainingRetries > 0) {
294 remainingRetries - 1, onFailure, validationRequest),
296 remainingRetries - 1, onFailure, validationRequest));
299 onFailure(
"Cannot fetch cert: " + interest.
getName().
toUri());
308 onFailure(
"Require more information to validate the packet!");
312 for (shared_ptr<ValidationRequest> step : nextSteps) {
314 Interest directFetchInterest(step->m_interest);
316 directFetchInterest.
setTag(make_shared<lp::NextHopFaceIdTag>(step->m_requesterFaceId));
322 step->m_nRetries, onFailure, step),
324 this, _1, step->m_nRetries,
void decode(CryptoPP::BufferedTransformation &in)
function< void(const shared_ptr< const Interest > &, const std::string &)> OnInterestValidationFailed
Callback to report a failed Interest validation.
void validate(const Data &data, const OnDataValidated &onValidated, const OnDataValidationFailed &onValidationFailed)
Validate Data and call either onValidated or onValidationFailed.
const Name & getName() const
Copyright (c) 2013-2016 Regents of the University of California.
const Buffer & get() const
Copyright (c) 2013-2016 Regents of the University of California.
virtual shared_ptr< const Data > preCertificateValidation(const Data &data)
Hooks.
virtual void checkPolicy(const Data &data, int nSteps, const OnDataValidated &onValidated, const OnDataValidationFailed &onValidationFailed, std::vector< shared_ptr< ValidationRequest >> &nextSteps)=0
Check the Data against policy and return the next validation step if necessary.
void refreshNonce()
Refresh nonce.
static const size_t SHA256_DIGEST_SIZE
number of octets in a SHA256 digest
Represent a SHA256 digest.
void setInfo(const Block &info)
Set SignatureInfo from a block.
bool hasKeyLocator() const
Check if SignatureInfo block has a KeyLocator.
virtual void afterCheckPolicy(const std::vector< shared_ptr< ValidationRequest >> &nextSteps, const OnFailure &onFailure)
trigger after checkPolicy is done.
const size_t MIN_SIZE
minimal number of components for Signed Interest
size_t wireEncode(EncodingImpl< TAG > &encoder) const
Fast encoding or block size estimation.
Class representing a wire element of NDN-TLV packet format.
represents an Interest packet
const Block & getValue() const
Get SignatureValue in the wire format.
function< void(const shared_ptr< const Data > &, const std::string &)> OnDataValidationFailed
Callback to report a failed Data validation.
void setTag(shared_ptr< T > tag) const
set a tag item
function< void(const shared_ptr< const Data > &)> OnDataValidated
Callback to report a successful Data validation.
represents a Network Nack
const Name & getName() const
Get name of the Data packet.
function< void(const shared_ptr< const Interest > &)> OnInterestValidated
Callback to report a successful Interest validation.
uint32_t getType() const
Get signature type.
std::string toUri() const
Encode this name as a URI.
KeyType getKeyType() const
size_t wireEncode(EncodingImpl< TAG > &encoder, bool wantUnsignedPortionOnly=false) const
Fast encoding or block size estimation.
Validator(Face *face=nullptr)
Validator constructor.
void setValue(const Block &value)
Get SignatureValue from a block.
provides the interfaces for packet validation.
Provide a communication channel with local or remote NDN forwarder.
size_t size() const
Get the number of components.
Name abstraction to represent an absolute name.
size_t value_size() const
const ssize_t POS_SIG_VALUE
function< void(const std::string &)> OnFailure
void onData(const Interest &interest, const Data &data, const shared_ptr< ValidationRequest > &nextStep)
Process the received certificate.
const Signature & getSignature() const
static Oid SECP384R1("1.3.132.0.34")
bool m_wantDirectCertFetch
const ssize_t POS_SIG_INFO
ConstBufferPtr computeSha256Digest(const uint8_t *data, size_t dataLength)
Compute the sha-256 digest of data.
const uint8_t * value() const
const PendingInterestId * expressInterest(const Interest &interest, const DataCallback &afterSatisfied, const NackCallback &afterNacked, const TimeoutCallback &afterTimeout)
Express Interest.
virtual void onNack(const Interest &interest, const lp::Nack &nack, int nRemainingRetries, const OnFailure &onFailure, const shared_ptr< ValidationRequest > &validationRequest)
trigger when interest retrieves a Nack.
static bool verifySignature(const Data &data, const v1::PublicKey &publicKey)
Verify the data using the publicKey.
void setDirectCertFetchEnabled(bool isEnabled)
Enable or disable the direct certificate fetch feature.
shared_ptr< const Buffer > ConstBufferPtr
represents an error in TLV encoding or decoding
A Signature is storage for the signature-related information (info and value) in a Data packet...
static Oid SECP256R1("1.2.840.10045.3.1.7")
virtual void onTimeout(const Interest &interest, int nRemainingRetries, const OnFailure &onFailure, const shared_ptr< ValidationRequest > &validationRequest)
trigger when interest for certificate times out.