SecurityBlock.h

Go to the documentation of this file.

/*
 * SecurityBlock.h
 *
 * Copyright (C) 2011 IBR, TU Braunschweig
 *
 * Written-by: Johannes Morgenroth <morgenroth@ibr.cs.tu-bs.de>
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 */

#ifndef SECURITYBLOCK_H_
#define SECURITYBLOCK_H_

#include "ibrdtn/data/Block.h"
#include "ibrdtn/data/EID.h"
#include "ibrdtn/data/BundleString.h"
#include "ibrdtn/data/Bundle.h"
#include <ibrcommon/ssl/AES128Stream.h> // TODO <-- this include sucks
#include <list>
#include <sys/types.h>

// forward deklaration needed for struct RSA
struct rsa_st;
// forward deklaration of RSA object
typedef rsa_st RSA;

namespace dtn
{
        namespace security
        {
                class MutualSerializer;
                class StrictSerializer;

                class SecurityBlock : public dtn::data::Block
                {
                        friend class StrictSerializer;
                        friend class MutualSerializer;
                public:
                        enum BLOCK_TYPES
                        {
                                BUNDLE_AUTHENTICATION_BLOCK = 0x02,
                                PAYLOAD_INTEGRITY_BLOCK = 0x03,
                                PAYLOAD_CONFIDENTIAL_BLOCK = 0x04,
                                EXTENSION_SECURITY_BLOCK = 0x09
                        };
                        enum TLV_TYPES
                        {
                                not_set = 0,
                                initialization_vector = 1,
                                key_information = 3,
                                fragment_range = 4,
                                integrity_signature = 5,
                                salt = 7,
                                PCB_integrity_check_value = 8,
                                encapsulated_block = 10,
                                block_type_of_encapsulated_block = 11
                        };
                        enum CIPHERSUITE_FLAGS
                        {
                                CONTAINS_SECURITY_RESULT = 1 << 0,
                                CONTAINS_CORRELATOR = 1 << 1,
                                CONTAINS_CIPHERSUITE_PARAMS = 1 << 2,
                                CONTAINS_SECURITY_DESTINATION = 1 << 3,
                                CONTAINS_SECURITY_SOURCE = 1 << 4,
                                BIT5_RESERVED = 1 << 5,
                                BIT6_RESERVED = 1 << 6
                        };
                        enum CIPHERSUITE_IDS
                        {
                                BAB_HMAC = 0x001,
                                PIB_RSA_SHA256 = 0x002,
                                PCB_RSA_AES128_PAYLOAD_PIB_PCB = 0x003,
                                ESB_RSA_AES128_EXT = 0x004
                        };

                        class TLV
                        {
                        public:
                                TLV() : _type(not_set) {};
                                TLV(TLV_TYPES type, std::string value)
                                 : _type(type), _value(value)
                                { }

                                bool operator<(const TLV &tlv) const;
                                bool operator==(const TLV &tlv) const;

                                const std::string getValue() const;
                                TLV_TYPES getType() const;
                                dtn::data::Length getLength() const;

                                friend std::ostream& operator<<(std::ostream &stream, const TLV &tlv);
                                friend std::istream& operator>>(std::istream &stream, TLV &tlv);

                        private:
                                TLV_TYPES _type;
                                dtn::data::BundleString _value;
                        };

                        class TLVList : public std::set<TLV>
                        {
                        public:
                                TLVList() {};
                                virtual ~TLVList() {};

                                friend std::ostream& operator<<(std::ostream &stream, const TLVList &tlvlist);
                                friend std::istream& operator>>(std::istream &stream, TLVList &tlvlist);

                                const std::string get(TLV_TYPES type) const;
                                void get(TLV_TYPES type, unsigned char *value, dtn::data::Length length) const;
                                void set(TLV_TYPES type, std::string value);
                                void set(TLV_TYPES type, const unsigned char *value, dtn::data::Length length);
                                void remove(TLV_TYPES type);

                                const std::string toString() const;
                                dtn::data::Length getLength() const;

                        private:
                                dtn::data::Length getPayloadLength() const;
                        };

                        virtual ~SecurityBlock() = 0;

                        virtual dtn::data::Length getLength() const;

                        virtual dtn::data::Length getLength_mutable() const;

                        virtual std::ostream &serialize(std::ostream &stream, dtn::data::Length &length) const;

                        virtual std::ostream &serialize_strict(std::ostream &stream, dtn::data::Length &length) const;

                        virtual std::istream &deserialize(std::istream &stream, const dtn::data::Length &length);

                        const dtn::data::EID getSecuritySource() const;

                        const dtn::data::EID getSecurityDestination() const;

                        void setSecuritySource(const dtn::data::EID &source);

                        void setSecurityDestination(const dtn::data::EID &destination);
                                
                        bool isSecuritySource(const dtn::data::Bundle&, const dtn::data::EID&) const;
                        
                        bool isSecurityDestination(const dtn::data::Bundle&, const dtn::data::EID&) const;
                        
                        const dtn::data::EID getSecuritySource(const dtn::data::Bundle&) const;
                        
                        const dtn::data::EID getSecurityDestination(const dtn::data::Bundle&) const;

                protected:
                        dtn::data::Number _ciphersuite_id;
                        dtn::data::Bitset<CIPHERSUITE_FLAGS> _ciphersuite_flags;
                        dtn::data::Number _correlator;

                        TLVList _ciphersuite_params;

                        TLVList _security_result;

                        dtn::data::EID _security_destination;

                        dtn::data::EID _security_source;

                        void store_security_references();

                        SecurityBlock(const SecurityBlock::BLOCK_TYPES type, const CIPHERSUITE_IDS id);

                        SecurityBlock(const SecurityBlock::BLOCK_TYPES type);

                        void setCiphersuiteId(const CIPHERSUITE_IDS id);

                        void setCorrelator(const dtn::data::Number &corr);

                        static bool isCorrelatorPresent(const dtn::data::Bundle &bundle, const dtn::data::Number &correlator);

                        static dtn::data::Number createCorrelatorValue(const dtn::data::Bundle &bundle);

                        virtual MutualSerializer &serialize_mutable(MutualSerializer &serializer) const;
                        virtual MutualSerializer &serialize_mutable_without_security_result(MutualSerializer &serializer) const;

                        virtual dtn::data::Length getSecurityResultSize() const;

                        static void createSaltAndKey(uint32_t& salt, unsigned char * key, dtn::data::Length key_size);

                        static void addKey(TLVList& security_parameter, unsigned char const * const key, dtn::data::Length key_size, RSA * rsa);

                        static bool getKey(const TLVList& security_parameter, unsigned char * key, dtn::data::Length key_size, RSA * rsa);

                        static void addSalt(TLVList& security_parameters, const uint32_t &salt);

                        static uint32_t getSalt(const TLVList& security_parameters);

                        static void copyEID(const dtn::data::Block& from, dtn::data::Block& to, dtn::data::Length skip = 0);

                        template <class T>
                        static T& encryptBlock(dtn::data::Bundle& bundle, dtn::data::Bundle::iterator &it, uint32_t salt, const unsigned char ephemeral_key[ibrcommon::AES128Stream::key_size_in_bytes]);

                        static void decryptBlock(dtn::data::Bundle& bundle, dtn::data::Bundle::iterator &it, uint32_t salt, const unsigned char key[ibrcommon::AES128Stream::key_size_in_bytes]);

                        static void addFragmentRange(TLVList& ciphersuite_params, const dtn::data::Number &fragmentoffset, const dtn::data::Number &payload_length);

                private:
                        SecurityBlock(const SecurityBlock&);
                        SecurityBlock& operator=(const SecurityBlock&);
                };

                template <class T>
                T& SecurityBlock::encryptBlock(dtn::data::Bundle& bundle, dtn::data::Bundle::iterator &it, uint32_t salt, const unsigned char ephemeral_key[ibrcommon::AES128Stream::key_size_in_bytes])
                {
                        const dtn::data::Block &block = (**it);

                        // insert ESB, block can be removed after encryption, because bundle will destroy it
                        T& esb = bundle.insert<T>(it);

                        // take eid list
                        copyEID(block, esb);

                        std::stringstream ss;
                        ibrcommon::AES128Stream encrypt(ibrcommon::CipherStream::CIPHER_ENCRYPT, ss, ephemeral_key, salt);
                        dtn::data::Dictionary dict(bundle);
                        dtn::data::DefaultSerializer dser(encrypt, dict);
                        dser << block;
                        encrypt << std::flush;

                        // append tag at the end of the ciphertext
                        unsigned char tag[ibrcommon::AES128Stream::tag_len]; encrypt.getTag(tag);
                        ss.write((const char*)&tag, ibrcommon::AES128Stream::tag_len);

                        esb._security_result.set(SecurityBlock::encapsulated_block, ss.str());
                        esb._ciphersuite_flags |= SecurityBlock::CONTAINS_SECURITY_RESULT;

                        unsigned char iv[ibrcommon::AES128Stream::iv_len]; encrypt.getIV(iv);
                        esb._ciphersuite_params.set(SecurityBlock::initialization_vector, iv, ibrcommon::AES128Stream::iv_len);

                        esb._ciphersuite_flags |= SecurityBlock::CONTAINS_CIPHERSUITE_PARAMS;

                        bundle.erase(it++);

                        return esb;
                }
        }
}

#endif /* SECURITYBLOCK_H_ */