#include <BundleAuthenticationBlock.h>

Inheritance diagram for dtn::security::BundleAuthenticationBlock:

Collaboration diagram for dtn::security::BundleAuthenticationBlock:

Classes
class	Factory

Public Member Functions
virtual	~BundleAuthenticationBlock ()

Public Member Functions inherited from dtn::security::SecurityBlock
virtual	~SecurityBlock ()=0

virtual dtn::data::Length	getLength () const

virtual dtn::data::Length	getLength_mutable () const

virtual std::ostream &	serialize (std::ostream &stream, dtn::data::Length &length) const

virtual std::ostream &	serialize_strict (std::ostream &stream, dtn::data::Length &length) const

virtual std::istream &	deserialize (std::istream &stream, const dtn::data::Length &length)

const dtn::data::EID	getSecuritySource () const

const dtn::data::EID	getSecurityDestination () const

void	setSecuritySource (const dtn::data::EID &source)

void	setSecurityDestination (const dtn::data::EID &destination)

bool	isSecuritySource (const dtn::data::Bundle &, const dtn::data::EID &) const

bool	isSecurityDestination (const dtn::data::Bundle &, const dtn::data::EID &) const

const dtn::data::EID	getSecuritySource (const dtn::data::Bundle &) const

const dtn::data::EID	getSecurityDestination (const dtn::data::Bundle &) const

template<class T >
T &	encryptBlock (dtn::data::Bundle &bundle, dtn::data::Bundle::iterator &it, uint32_t salt, const unsigned char ephemeral_key[ibrcommon::AES128Stream::key_size_in_bytes])

Public Member Functions inherited from dtn::data::Block
virtual	~Block ()

Block &	operator= (const Block &block)

bool	operator== (const block_t &id) const

virtual void	addEID (const dtn::data::EID &eid)

virtual void	clearEIDs ()

virtual const eid_list &	getEIDList () const

const block_t &	getType () const

void	set (ProcFlags flag, const bool &value)

bool	get (ProcFlags flag) const

const Bitset< ProcFlags > &	getProcessingFlags () const

virtual Length	getLength_strict () const

Static Public Member Functions
static void	auth (dtn::data::Bundle &bundle, const dtn::security::SecurityKey &key)

static void	verify (const dtn::data::Bundle &bundle, const dtn::security::SecurityKey &key) throw (SecurityException)

static void	strip (dtn::data::Bundle &bundle, const dtn::security::SecurityKey &key)

static void	strip (dtn::data::Bundle &bundle)

Static Public Attributes
static const dtn::data::block_t	BLOCK_TYPE = SecurityBlock::BUNDLE_AUTHENTICATION_BLOCK

Protected Member Functions
	BundleAuthenticationBlock ()

virtual dtn::data::Length	getSecurityResultSize () const

Protected Member Functions inherited from dtn::security::SecurityBlock
void	store_security_references ()

	SecurityBlock (const SecurityBlock::BLOCK_TYPES type, const CIPHERSUITE_IDS id)

	SecurityBlock (const SecurityBlock::BLOCK_TYPES type)

void	setCiphersuiteId (const CIPHERSUITE_IDS id)

void	setCorrelator (const dtn::data::Number &corr)

virtual MutableSerializer &	serialize_mutable (MutableSerializer &serializer, bool include_security_result=true) const

Protected Member Functions inherited from dtn::data::Block
	Block (block_t blocktype)

Static Protected Member Functions
static std::string	calcMAC (const dtn::data::Bundle &bundle, const dtn::security::SecurityKey &key, const bool with_correlator=false, const dtn::data::Number &correlator=0)

static void	verify (const dtn::data::Bundle &bundle, const dtn::security::SecurityKey &key, dtn::data::Number &correlator) throw (SecurityException)

Static Protected Member Functions inherited from dtn::security::SecurityBlock
static bool	isCorrelatorPresent (const dtn::data::Bundle &bundle, const dtn::data::Number &correlator)

static dtn::data::Number	createCorrelatorValue (const dtn::data::Bundle &bundle)

static void	createSaltAndKey (uint32_t &salt, unsigned char *key, dtn::data::Length key_size)

static void	addKey (TLVList &security_parameter, unsigned char const const key, dtn::data::Length key_size, RSA rsa)

static bool	getKey (const TLVList &security_parameter, unsigned char key, dtn::data::Length key_size, RSA rsa)

static void	addSalt (TLVList &security_parameters, const uint32_t &salt)

static uint32_t	getSalt (const TLVList &security_parameters)

static void	copyEID (const dtn::data::Block &from, dtn::data::Block &to, dtn::data::Length skip=0)

template<class T >
static T &	encryptBlock (dtn::data::Bundle &bundle, dtn::data::Bundle::iterator &it, uint32_t salt, const unsigned char ephemeral_key[ibrcommon::AES128Stream::key_size_in_bytes])

static void	decryptBlock (dtn::data::Bundle &bundle, dtn::data::Bundle::iterator &it, uint32_t salt, const unsigned char key[ibrcommon::AES128Stream::key_size_in_bytes])

static void	addFragmentRange (TLVList &ciphersuite_params, const dtn::data::Number &fragmentoffset, const dtn::data::Number &payload_length)

Friends
class	dtn::data::Bundle

Additional Inherited Members
Public Types inherited from dtn::security::SecurityBlock
enum	BLOCK_TYPES { BUNDLE_AUTHENTICATION_BLOCK = 0x02, PAYLOAD_INTEGRITY_BLOCK = 0x03, PAYLOAD_CONFIDENTIAL_BLOCK = 0x04, EXTENSION_SECURITY_BLOCK = 0x09 }

enum	TLV_TYPES { not_set = 0, initialization_vector = 1, key_information = 3, fragment_range = 4, integrity_signature = 5, salt = 7, PCB_integrity_check_value = 8, encapsulated_block = 10, block_type_of_encapsulated_block = 11 }

enum	CIPHERSUITE_FLAGS { CONTAINS_SECURITY_RESULT = 1 << 0, CONTAINS_CORRELATOR = 1 << 1, CONTAINS_CIPHERSUITE_PARAMS = 1 << 2, CONTAINS_SECURITY_DESTINATION = 1 << 3, CONTAINS_SECURITY_SOURCE = 1 << 4, BIT5_RESERVED = 1 << 5, BIT6_RESERVED = 1 << 6 }

enum	CIPHERSUITE_IDS { BAB_HMAC = 0x001, PIB_RSA_SHA256 = 0x002, PCB_RSA_AES128_PAYLOAD_PIB_PCB = 0x003, ESB_RSA_AES128_EXT = 0x004 }

Protected Attributes inherited from dtn::security::SecurityBlock
dtn::data::Number	_ciphersuite_id

dtn::data::Bitset < CIPHERSUITE_FLAGS >	_ciphersuite_flags

dtn::data::Number	_correlator

TLVList	_ciphersuite_params

TLVList	_security_result

dtn::data::EID	_security_destination

dtn::data::EID	_security_source

Detailed Description

Calculates the HMAC (Hashed Message Authentication Code) for P2P connections of security aware nodes. You can instantiate a factory of this class, which will be given keys and EIDs of the corresponding nodes.
You can use addMAC() to add BundleAuthenticationBlock pairs for each given key to the bundle. If you have received a Bundle you can verify it by using the method verify() and then remove all BundleAuthenticationBlocks by using removeAllBundleAuthenticationBlocks() from the bundle.

Definition at line 44 of file BundleAuthenticationBlock.h.

Constructor & Destructor Documentation

dtn::security::BundleAuthenticationBlock::~BundleAuthenticationBlock ( )

virtual

Deletes all keys, which were used for calculating the MACs

Definition at line 51 of file BundleAuthenticationBlock.cpp.

dtn::security::BundleAuthenticationBlock::BundleAuthenticationBlock ( )

protected

Creates an empty BundleAuthenticationBlock. This BAB is meant to be inserted into a bundle, by a factory. Because the instantiation will be done by the bundle instance for memory management, this method will be called be the bundle. The ciphersuite id is set to BAB_HMAC.

Definition at line 46 of file BundleAuthenticationBlock.cpp.

Referenced by dtn::security::BundleAuthenticationBlock::Factory::create().

Member Function Documentation

void dtn::security::BundleAuthenticationBlock::auth	(	dtn::data::Bundle &	bundle,
		const dtn::security::SecurityKey &	key
	)

static

authenticate a given bundle

Parameters

bundle
key

Definition at line 55 of file BundleAuthenticationBlock.cpp.

Referenced by dtn::security::SecurityManager::auth().

Here is the call graph for this function:

std::string dtn::security::BundleAuthenticationBlock::calcMAC	(	const dtn::data::Bundle &	bundle,
		const dtn::security::SecurityKey &	key,
		const bool	with_correlator = `false`,
		const dtn::data::Number &	correlator = `0`
	)

staticprotected

Creates the MAC of a given bundle using the BAB_HMAC algorithm. If a correlator is given the MAC is created for the primary block and the part of the bundle between the two BABs with the correlator.

Parameters

bundle	bundle of which the MAC shall be calculated
key	the key to be used for creating the MAC
key_size	the size of the key
with_correlator	tells if a correlator shall be used
correlator	the correlator which shall be used

Returns: a string containing the MAC

Definition at line 159 of file BundleAuthenticationBlock.cpp.

References dtn::security::SecurityBlock::BUNDLE_AUTHENTICATION_BLOCK, ibrcommon::HashStream::extract(), and dtn::security::SecurityKey::getData().

Referenced by auth().

Here is the call graph for this function:

dtn::data::Length dtn::security::BundleAuthenticationBlock::getSecurityResultSize ( ) const

protectedvirtual

Returns the size of the security result field. This is used for strict canonicalisation, where the block itself is included to the canonical form, but the security result is excluded or unknown.

Reimplemented from dtn::security::SecurityBlock.

Definition at line 170 of file BundleAuthenticationBlock.cpp.

References dtn::data::SDNV< E >::getLength().

Here is the call graph for this function:

void dtn::security::BundleAuthenticationBlock::strip	(	dtn::data::Bundle &	bundle,
		const dtn::security::SecurityKey &	key
	)

static

strips verified BABs off the bundle

Parameters

bundle	the bundle, which shall be cleaned from babs
key

Definition at line 86 of file BundleAuthenticationBlock.cpp.

References dtn::security::SecurityBlock::_ciphersuite_flags, dtn::security::SecurityBlock::_correlator, dtn::data::Bundle::begin(), BLOCK_TYPE, dtn::security::SecurityBlock::CONTAINS_CORRELATOR, dtn::data::Bundle::end(), dtn::data::Bundle::erase(), and verify().

Referenced by dtn::security::SecurityManager::verifyBAB().

Here is the call graph for this function:

void dtn::security::BundleAuthenticationBlock::strip ( dtn::data::Bundle & bundle)

static

strip all BABs off the bundle

Parameters

bundle the bundle, which shall be cleaned from babs

Definition at line 108 of file BundleAuthenticationBlock.cpp.

References dtn::data::Bundle::begin(), BLOCK_TYPE, dtn::data::Bundle::end(), and dtn::data::Bundle::erase().

Here is the call graph for this function:

void dtn::security::BundleAuthenticationBlock::verify	(	const dtn::data::Bundle &	bundle,
		const dtn::security::SecurityKey &	key
	)
throw	(	SecurityException
	)

static

Tests if the bundles MAC is correct. There might be multiple BABs inside the bundle, which may be tested. None of these BABs will be removed.

Parameters

bundle
key

Definition at line 77 of file BundleAuthenticationBlock.cpp.

Referenced by strip(), and dtn::security::SecurityManager::verifyBAB().

void dtn::security::BundleAuthenticationBlock::verify	(	const dtn::data::Bundle &	bundle,
		const dtn::security::SecurityKey &	key,
		dtn::data::Number &	correlator
	)
throw	(	SecurityException
	)

staticprotected

Tries to verify the bundle using the given key. If a BAB-pair is found, which contains a valid hash corresponding to the key, the first value of the returned pair is true and the second contains the correlator. otherwise the first value is false and the second undefined.

Parameters

bundle	bundle which shall be verified
key	the key for testing

Returns: first is true if the key matched and second is the correlator of the matching pair. otherwise the first is false, if there was no matching

Definition at line 113 of file BundleAuthenticationBlock.cpp.

References dtn::security::SecurityBlock::_ciphersuite_flags, dtn::security::SecurityBlock::_ciphersuite_id, dtn::security::SecurityBlock::_correlator, dtn::security::SecurityBlock::_security_result, dtn::security::SecurityBlock::BAB_HMAC, BLOCK_TYPE, dtn::security::SecurityBlock::TLVList::get(), IBRCOMMON_LOGGER_DEBUG_TAG, IBRCOMMON_LOGGER_ENDL, dtn::security::SecurityBlock::integrity_signature, and dtn::security::SecurityBlock::isSecuritySource().