NS-3 based Named Data Networking (NDN) simulator
ndnSIM 2.3: NDN, CCN, CCNx, content centric networks 		API Documentation
verifier-filter.cpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
22 #include "verifier-filter.hpp"
23 #include "../detail/openssl.hpp"
24 
25 namespace ndn {
26 namespace security {
27 namespace transform {
28 
29 class VerifierFilter::Impl
30 {
31 public:
32  Impl(const PublicKey& key, const uint8_t* sig, size_t sigLen)
33  : m_key(key)
34  , m_md(BIO_new(BIO_f_md()))
35  , m_sink(BIO_new(BIO_s_null()))
36  , m_sig(sig)
37  , m_sigLen(sigLen)
38  {
39  BIO_push(m_md, m_sink);
40  }
41 
42  ~Impl()
43  {
44  BIO_free_all(m_md);
45  }
46 
47 public:
48  const PublicKey& m_key;
49 
50  BIO* m_md;
51  BIO* m_sink;
52 
53  const uint8_t* m_sig;
54  size_t m_sigLen;
55 };
56 
57 VerifierFilter::VerifierFilter(DigestAlgorithm algo, const PublicKey& key,
58  const uint8_t* sig, size_t sigLen)
59  : m_impl(new Impl(key, sig, sigLen))
60 {
61  switch (algo) {
62  case DigestAlgorithm::SHA256: {
63  if (!BIO_set_md(m_impl->m_md, EVP_sha256()))
64  BOOST_THROW_EXCEPTION(Error(getIndex(), "Cannot set digest"));
65  break;
66  }
67 
68  default:
69  BOOST_THROW_EXCEPTION(Error(getIndex(), "Digest algorithm is not supported"));
70  }
71 }
72 
73 size_t
74 VerifierFilter::convert(const uint8_t* buf, size_t size)
75 {
76  int wLen = BIO_write(m_impl->m_md, buf, size);
77 
78  if (wLen <= 0) { // fail to write data
79  if (!BIO_should_retry(m_impl->m_md)) {
80  // we haven't written everything but some error happens, and we cannot retry
81  BOOST_THROW_EXCEPTION(Error(getIndex(), "Failed to accept more input"));
82  }
83  return 0;
84  }
85  else { // update number of bytes written
86  return wLen;
87  }
88 }
89 
90 void
91 VerifierFilter::finalize()
92 {
93  EVP_PKEY* key = reinterpret_cast<EVP_PKEY*>(m_impl->m_key.getEvpPkey());
94  auto buffer = make_unique<OBuffer>(1);
95 
96  EVP_MD_CTX* ctx = nullptr;
97  BIO_get_md_ctx(m_impl->m_md, &ctx);
98  int res = EVP_VerifyFinal(ctx, m_impl->m_sig, m_impl->m_sigLen, key);
99 
100  if (res < 0)
101  BOOST_THROW_EXCEPTION(Error(getIndex(), "Verification error"));
102 
103  (*buffer)[0] = (res != 0) ? 1 : 0;
104  setOutputBuffer(std::move(buffer));
105 
106  flushAllOutput();
107 }
108 
109 unique_ptr<Transform>
110 verifierFilter(DigestAlgorithm algo, const PublicKey& key,
111  const uint8_t* sig, size_t sigLen)
112 {
113  return make_unique<VerifierFilter>(algo, key, sig, sigLen);
114 }
115 
116 } // namespace transform
117 } // namespace security
118 } // namespace ndn
ndn
Copyright (c) 2011-2015 Regents of the University of California.
Definition: ndn-strategy-choice-helper.hpp:34
ndn::security::transform::Downstream::getIndex
size_t getIndex() const
Get the module index.
Definition: transform-base.hpp:125
ndn::security::transform::PublicKey
Abstraction of public key in crypto transformation.
Definition: public-key.hpp:37
ndn::security::transform::Transform::flushAllOutput
void flushAllOutput()
Read the all the content from output buffer and write it into next module.
Definition: transform-base.cpp:96
ndn::security::transform::Transform::setOutputBuffer
void setOutputBuffer(unique_ptr< OBuffer > buffer)
Set output buffer to buffer.
Definition: transform-base.cpp:104
ndn::security::transform::VerifierFilter::Impl::Impl
Impl(const PublicKey &key, const uint8_t *sig, size_t sigLen)
Definition: verifier-filter.cpp:32
ndn::security::transform::VerifierFilter::VerifierFilter
VerifierFilter(DigestAlgorithm algo, const PublicKey &key, const uint8_t *sig, size_t sigLen)
Create a verifier module to verify signature sig using algorithm algo and key.
Definition: verifier-filter.cpp:57
ndn::security::transform::Error
Base class of transformation error.
Definition: transform-base.hpp:47
ndn::security::transform::verifierFilter
unique_ptr< Transform > verifierFilter(DigestAlgorithm algo, const PublicKey &key, const uint8_t *sig, size_t sigLen)
Definition: verifier-filter.cpp:110