validation-policy.cpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2 /*
3  * Copyright (c) 2013-2022 Regents of the University of California.
4  *
5  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6  *
7  * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8  * terms of the GNU Lesser General Public License as published by the Free Software
9  * Foundation, either version 3 of the License, or (at your option) any later version.
10  *
11  * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13  * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14  *
15  * You should have received copies of the GNU General Public License and GNU Lesser
16  * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17  * <http://www.gnu.org/licenses/>.
18  *
19  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20  */
21 
22 #include "ndn-cxx/security/validation-policy.hpp"
23 #include "ndn-cxx/security/signing-info.hpp"
24 
25 namespace ndn {
26 namespace security {
27 inline namespace v2 {
28 
29 void
30 ValidationPolicy::setInnerPolicy(unique_ptr<ValidationPolicy> innerPolicy)
31 {
32  if (innerPolicy == nullptr) {
33  NDN_THROW(std::invalid_argument("Inner policy argument cannot be nullptr"));
34  }
35 
36  if (m_validator != nullptr) {
37  innerPolicy->setValidator(*m_validator);
38  }
39 
40  if (m_innerPolicy == nullptr) {
41  m_innerPolicy = std::move(innerPolicy);
42  }
43  else {
44  m_innerPolicy->setInnerPolicy(std::move(innerPolicy));
45  }
46 }
47 
48 ValidationPolicy&
49 ValidationPolicy::getInnerPolicy()
50 {
51  return *m_innerPolicy;
52 }
53 
54 void
55 ValidationPolicy::setValidator(Validator& validator)
56 {
57  m_validator = &validator;
58  if (m_innerPolicy != nullptr) {
59  m_innerPolicy->setValidator(validator);
60  }
61 }
62 
63 Name
64 getKeyLocatorName(const SignatureInfo& si, ValidationState& state)
65 {
66  if (si.getSignatureType() == tlv::DigestSha256) {
67  return SigningInfo::getDigestSha256Identity();
68  }
69 
70  if (!si.hasKeyLocator()) {
71  state.fail({ValidationError::INVALID_KEY_LOCATOR, "KeyLocator is missing"});
72  return {};
73  }
74 
75  const KeyLocator& kl = si.getKeyLocator();
76  if (kl.getType() != tlv::Name) {
77  state.fail({ValidationError::INVALID_KEY_LOCATOR, "KeyLocator type is not Name"});
78  return {};
79  }
80 
81  return kl.getName();
82 }
83 
84 SignatureInfo
85 getSignatureInfo(const Interest& interest, ValidationState& state)
86 {
87  auto fmt = state.getTag<SignedInterestFormatTag>();
88  BOOST_ASSERT(fmt);
89 
90  if (*fmt == SignedInterestFormat::V03) {
91  BOOST_ASSERT(interest.getSignatureInfo().has_value());
92  return *interest.getSignatureInfo();
93  }
94 
95  // Try the old Signed Interest format from Packet Specification v0.2
96  const Name& name = interest.getName();
97  if (name.size() < signed_interest::MIN_SIZE) {
98  state.fail({ValidationError::MALFORMED_SIGNATURE,
99  "Interest name too short `" + name.toUri() + "`"});
100  return {};
101  }
102 
103  try {
104  return SignatureInfo(name[signed_interest::POS_SIG_INFO].blockFromValue());
105  }
106  catch (const tlv::Error& e) {
107  state.fail({ValidationError::MALFORMED_SIGNATURE,
108  "Malformed SignatureInfo in `" + name.toUri() + "`: " + e.what()});
109  return {};
110  }
111 }
112 
113 Name
114 extractIdentityNameFromKeyLocator(const Name& keyLocator)
115 {
116  // handling special cases
117  if (keyLocator == SigningInfo::getDigestSha256Identity() ||
118  keyLocator == SigningInfo::getHmacIdentity()) {
119  return keyLocator;
120  }
121 
122  auto len = static_cast<ssize_t>(keyLocator.size());
123  // note that KEY_COMPONENT_OFFSET is negative
124  auto lowerBound = std::max<ssize_t>(len + Certificate::KEY_COMPONENT_OFFSET, 0);
125  for (ssize_t i = len - 1; i >= lowerBound; --i) {
126  if (keyLocator[i] == Certificate::KEY_COMPONENT) {
127  return keyLocator.getPrefix(i);
128  }
129  }
130 
131  NDN_THROW(KeyLocator::Error("KeyLocator `" + keyLocator.toUri() +
132  "` does not respect the naming conventions"));
133 }
134 
135 } // inline namespace v2
136 } // namespace security
137 } // namespace ndn
ndn::Interest
Represents an Interest packet.
Definition: interest.hpp:50
ndn::Interest::getName
const Name & getName() const noexcept
Definition: interest.hpp:173
ndn::Interest::getSignatureInfo
optional< SignatureInfo > getSignatureInfo() const
Get the InterestSignatureInfo element.
Definition: interest.cpp:531
ndn::KeyLocator::getName
const Name & getName() const
Get nested Name element.
Definition: key-locator.cpp:144
ndn::KeyLocator::getType
uint32_t getType() const
Definition: key-locator.cpp:119
ndn::Name
Represents an absolute name.
Definition: name.hpp:44
ndn::Name::getPrefix
PartialName getPrefix(ssize_t nComponents) const
Returns a prefix of the name.
Definition: name.hpp:216
ndn::Name::size
size_t size() const noexcept
Returns the number of components.
Definition: name.hpp:155
ndn::Name::toUri
void toUri(std::ostream &os, name::UriFormat format=name::UriFormat::DEFAULT) const
Write URI representation of the name to the output stream.
Definition: name.cpp:349
ndn::SignatureInfo
Represents a SignatureInfo or InterestSignatureInfo TLV element.
Definition: signature-info.hpp:34
ndn::SignatureInfo::getSignatureType
int32_t getSignatureType() const noexcept
Get the SignatureType.
Definition: signature-info.hpp:114
ndn::SignatureInfo::hasKeyLocator
bool hasKeyLocator() const noexcept
Check if KeyLocator is present.
Definition: signature-info.hpp:128
ndn::SignatureInfo::getKeyLocator
const KeyLocator & getKeyLocator() const
Get the KeyLocator element.
Definition: signature-info.cpp:190
ndn::SimpleTag
Provides a tag type for simple types.
Definition: tag.hpp:56
ndn::TagHost::getTag
shared_ptr< T > getTag() const
Get a tag item.
Definition: tag-host.hpp:67
ndn::security::SigningInfo::getDigestSha256Identity
static const Name & getDigestSha256Identity()
A localhost identity to indicate that the signature is generated using SHA-256.
Definition: signing-info.cpp:34
ndn::security::SigningInfo::getHmacIdentity
static const Name & getHmacIdentity()
A localhost identity to indicate that the signature is generated using an HMAC key.
Definition: signing-info.cpp:41
ndn::security::v2::Certificate::KEY_COMPONENT
static const name::Component KEY_COMPONENT
Definition: certificate.hpp:159
ndn::security::v2::Certificate::KEY_COMPONENT_OFFSET
static const ssize_t KEY_COMPONENT_OFFSET
Definition: certificate.hpp:155
ndn::security::v2::ValidationError::MALFORMED_SIGNATURE
@ MALFORMED_SIGNATURE
The signature (e.g., SignatureInfo element) is missing or malformed.
Definition: validation-error.hpp:48
ndn::security::v2::ValidationError::INVALID_KEY_LOCATOR
@ INVALID_KEY_LOCATOR
The KeyLocator element is missing or has an invalid format.
Definition: validation-error.hpp:60
ndn::security::v2::ValidationPolicy
Abstraction that implements a validation policy for Interest and Data packets.
Definition: validation-policy.hpp:38
ndn::security::v2::ValidationPolicy::getInnerPolicy
ValidationPolicy & getInnerPolicy()
Return the inner policy.
Definition: validation-policy.cpp:49
ndn::security::v2::ValidationPolicy::setValidator
void setValidator(Validator &validator)
Set validator to which the policy is associated.
Definition: validation-policy.cpp:55
ndn::security::v2::ValidationPolicy::m_innerPolicy
unique_ptr< ValidationPolicy > m_innerPolicy
Definition: validation-policy.hpp:147
ndn::security::v2::ValidationPolicy::setInnerPolicy
void setInnerPolicy(unique_ptr< ValidationPolicy > innerPolicy)
Set inner policy.
Definition: validation-policy.cpp:30
ndn::security::v2::ValidationState::fail
virtual void fail(const ValidationError &error)=0
Call the failure callback.
ndn::security::v2::Validator
Interface for validating data and interest packets.
Definition: validator.hpp:62
ndn::tlv::Error
Represents an error in TLV encoding or decoding.
Definition: tlv.hpp:54
NDN_THROW
#define NDN_THROW(e)
Definition: exception.hpp:61
ndn::security::v2::getKeyLocatorName
Name getKeyLocatorName(const SignatureInfo &si, ValidationState &state)
Extract the KeyLocator name from a SignatureInfo element.
Definition: validation-policy.cpp:64
ndn::security::v2::getSignatureInfo
SignatureInfo getSignatureInfo(const Interest &interest, ValidationState &state)
Extract SignatureInfo from a signed Interest.
Definition: validation-policy.cpp:85
ndn::security::v2::extractIdentityNameFromKeyLocator
Name extractIdentityNameFromKeyLocator(const Name &keyLocator)
Extract identity name from key, version-less certificate, or certificate name.
Definition: validation-policy.cpp:114
ndn::security::SignedInterestFormat::V03
@ V03
Sign Interest using Packet Specification v0.3 semantics.
ndn::signed_interest::MIN_SIZE
const size_t MIN_SIZE
Minimum number of name components for an old-style Signed Interest.
Definition: security-common.hpp:40
ndn::signed_interest::POS_SIG_INFO
const ssize_t POS_SIG_INFO
Definition: security-common.hpp:35
ndn::tlv::Name
@ Name
Definition: tlv.hpp:71
ndn::tlv::SignatureInfo
@ SignatureInfo
Definition: tlv.hpp:94
ndn::tlv::DigestSha256
@ DigestSha256
Definition: tlv.hpp:128
ndn
Definition: data.cpp:25