current/doxygen/verifier-filter_8cpp_source.html

 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
 /*
  * Copyright (c) 2013-2022 Regents of the University of California.
  *
  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
  *
  * ndn-cxx library is free software: you can redistribute it and/or modify it under the
  * terms of the GNU Lesser General Public License as published by the Free Software
  * Foundation, either version 3 of the License, or (at your option) any later version.
  *
  * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
  * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
  *
  * You should have received copies of the GNU General Public License and GNU Lesser
  * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see
  * <http://www.gnu.org/licenses/>.
  *
  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
  */

 #include "ndn-cxx/security/transform/verifier-filter.hpp"
 #include "ndn-cxx/security/transform/private-key.hpp"
 #include "ndn-cxx/security/transform/public-key.hpp"
 #include "ndn-cxx/security/impl/openssl-helper.hpp"

 #include <boost/lexical_cast.hpp>

 namespace ndn {
 namespace security {
 namespace transform {

 class VerifierFilter::Impl
 {
 public:
   explicit
   Impl(span<const uint8_t> sig)
     : sig(sig)
   {
   }

 public:
   detail::EvpMdCtx ctx;
   span<const uint8_t> sig;
 };


 VerifierFilter::VerifierFilter(DigestAlgorithm algo, const PublicKey& key, span<const uint8_t> sig)
   : m_impl(make_unique<Impl>(sig))
   , m_keyType(key.getKeyType())
 {
   init(algo, key.getEvpPkey());
 }

 VerifierFilter::VerifierFilter(DigestAlgorithm algo, const PrivateKey& key, span<const uint8_t> sig)
   : m_impl(make_unique<Impl>(sig))
   , m_keyType(key.getKeyType())
 {
   if (m_keyType != KeyType::HMAC)
     NDN_THROW(Error(getIndex(), "VerifierFilter only supports private keys of HMAC type"));

   init(algo, key.getEvpPkey());
 }

 VerifierFilter::~VerifierFilter() = default;

 void
 VerifierFilter::init(DigestAlgorithm algo, void* pkey)
 {
   const EVP_MD* md = detail::digestAlgorithmToEvpMd(algo);
   if (md == nullptr)
     NDN_THROW(Error(getIndex(), "Unsupported digest algorithm " +
                     boost::lexical_cast<std::string>(algo)));

   int ret;
   if (m_keyType == KeyType::HMAC)
     ret = EVP_DigestSignInit(m_impl->ctx, nullptr, md, nullptr, reinterpret_cast<EVP_PKEY*>(pkey));
   else
     ret = EVP_DigestVerifyInit(m_impl->ctx, nullptr, md, nullptr, reinterpret_cast<EVP_PKEY*>(pkey));

   if (ret != 1)
     NDN_THROW(Error(getIndex(), "Failed to initialize verification context with " +
                     boost::lexical_cast<std::string>(algo) + " digest and " +
                     boost::lexical_cast<std::string>(m_keyType) + " key"));
 }

 size_t
 VerifierFilter::convert(span<const uint8_t> buf)
 {
   int ret;
   if (m_keyType == KeyType::HMAC)
     ret = EVP_DigestSignUpdate(m_impl->ctx, buf.data(), buf.size());
   else
     ret = EVP_DigestVerifyUpdate(m_impl->ctx, buf.data(), buf.size());

   if (ret != 1)
     NDN_THROW(Error(getIndex(), "Failed to accept more input"));

   return buf.size();
 }

 void
 VerifierFilter::finalize()
 {
   bool ok = false;
   if (m_keyType == KeyType::HMAC) {
     auto hmacBuf = make_unique<OBuffer>(EVP_MAX_MD_SIZE);
     size_t hmacLen = 0;

     if (EVP_DigestSignFinal(m_impl->ctx, hmacBuf->data(), &hmacLen) != 1)
       NDN_THROW(Error(getIndex(), "Failed to finalize HMAC"));

     ok = CRYPTO_memcmp(hmacBuf->data(), m_impl->sig.data(), std::min(hmacLen, m_impl->sig.size())) == 0;
   }
   else {
     ok = EVP_DigestVerifyFinal(m_impl->ctx, m_impl->sig.data(), m_impl->sig.size()) == 1;
   }

   auto buffer = make_unique<OBuffer>(1);
   (*buffer)[0] = ok ? 1 : 0;
   setOutputBuffer(std::move(buffer));

   flushAllOutput();
 }

 unique_ptr<Transform>
 verifierFilter(DigestAlgorithm algo, const PublicKey& key, span<const uint8_t> sig)
 {
   return make_unique<VerifierFilter>(algo, key, sig);
 }

 unique_ptr<Transform>
 verifierFilter(DigestAlgorithm algo, const PrivateKey& key, span<const uint8_t> sig)
 {
   return make_unique<VerifierFilter>(algo, key, sig);
 }

 } // namespace transform
 } // namespace security
 } // namespace ndn
ndn
Copyright (c) 2011-2015 Regents of the University of California.
Definition: ndn-strategy-choice-helper.hpp:34

verifier-filter.hpp

ndn::security::transform::verifierFilter
unique_ptr< Transform > verifierFilter(DigestAlgorithm algo, const PublicKey &key, span< const uint8_t > sig)
Definition: verifier-filter.cpp:127

ndn::security::transform::VerifierFilter::Impl::Impl
Impl(span< const uint8_t > sig)
Definition: verifier-filter.cpp:37

ndn::security::transform::Downstream::getIndex
size_t getIndex() const
Get the module index.
Definition: transform-base.hpp:127

nonstd::optional_lite::std11::move
T & move(T &t)
Definition: optional-lite.hpp:472

private-key.hpp

ndn::security::detail::digestAlgorithmToEvpMd
const EVP_MD * digestAlgorithmToEvpMd(DigestAlgorithm algo)
Definition: openssl-helper.cpp:29

ndn::security::transform::VerifierFilter::VerifierFilter
VerifierFilter(DigestAlgorithm algo, const PublicKey &key, span< const uint8_t > sig)
Create a verifier module to verify signature sig using algorithm algo and public key key...
Definition: verifier-filter.cpp:48

ndn::security::transform::PublicKey
Abstraction of public key in crypto transformation.
Definition: public-key.hpp:35

ndn::security::transform::Transform::flushAllOutput
void flushAllOutput()
Read the all the content from output buffer and write it into next module.
Definition: transform-base.cpp:78

public-key.hpp

NDN_THROW
#define NDN_THROW(e)
Definition: exception.hpp:61

ndn::KeyType::HMAC
HMAC key, supports sign/verify operations.

ndn::security::transform::Transform::setOutputBuffer
void setOutputBuffer(unique_ptr< OBuffer > buffer)
Set output buffer to buffer.
Definition: transform-base.cpp:86

ndn::security::transform::PrivateKey
Abstraction of private key in crypto transformation.
Definition: private-key.hpp:38

ndn::security::transform::Error
Base class of transformation error.
Definition: transform-base.hpp:49

transform

ndn::security::transform::VerifierFilter::Impl::ctx
detail::EvpMdCtx ctx
Definition: verifier-filter.cpp:43

ndn::security
Definition: dummy-keychain.cpp:28

ndn::security::transform::VerifierFilter::Impl
Definition: verifier-filter.cpp:33

openssl-helper.hpp

ndn::security::detail::EvpMdCtx
Definition: openssl-helper.hpp:38

ndn::security::transform::VerifierFilter::Impl::sig
span< const uint8_t > sig
Definition: verifier-filter.cpp:44

ndn::DigestAlgorithm
DigestAlgorithm
Definition: security-common.hpp:106

websocketpp::http::status_code::ok
Definition: constants.hpp:128

sig
span< const uint8_t > sig
Definition: verification-helpers.cpp:58

ndn::security::transform::VerifierFilter::~VerifierFilter
~VerifierFilter() final