IBR-DTNSuite  0.12
Classes | Public Member Functions | Static Public Member Functions | Static Public Attributes | Protected Member Functions | Friends | List of all members
dtn::security::PayloadIntegrityBlock Class Reference

#include <PayloadIntegrityBlock.h>

Inheritance diagram for dtn::security::PayloadIntegrityBlock:
Inheritance graph
Collaboration diagram for dtn::security::PayloadIntegrityBlock:
Collaboration graph

Classes

class  Factory
 

Public Member Functions

virtual ~PayloadIntegrityBlock ()
 
virtual std::istream & deserialize (std::istream &stream, const dtn::data::Length &length)
 
- Public Member Functions inherited from dtn::security::SecurityBlock
virtual ~SecurityBlock ()=0
 
virtual dtn::data::Length getLength () const
 
virtual dtn::data::Length getLength_mutable () const
 
virtual std::ostream & serialize (std::ostream &stream, dtn::data::Length &length) const
 
virtual std::ostream & serialize_strict (std::ostream &stream, dtn::data::Length &length) const
 
const dtn::data::EID getSecuritySource () const
 
const dtn::data::EID getSecurityDestination () const
 
void setSecuritySource (const dtn::data::EID &source)
 
void setSecurityDestination (const dtn::data::EID &destination)
 
bool isSecuritySource (const dtn::data::Bundle &, const dtn::data::EID &) const
 
bool isSecurityDestination (const dtn::data::Bundle &, const dtn::data::EID &) const
 
const dtn::data::EID getSecuritySource (const dtn::data::Bundle &) const
 
const dtn::data::EID getSecurityDestination (const dtn::data::Bundle &) const
 
template<class T >
T & encryptBlock (dtn::data::Bundle &bundle, dtn::data::Bundle::iterator &it, uint32_t salt, const unsigned char ephemeral_key[ibrcommon::AES128Stream::key_size_in_bytes])
 
- Public Member Functions inherited from dtn::data::Block
virtual ~Block ()
 
Blockoperator= (const Block &block)
 
bool operator== (const block_t &id) const
 
virtual void addEID (const dtn::data::EID &eid)
 
virtual void clearEIDs ()
 
virtual const eid_listgetEIDList () const
 
const block_tgetType () const
 
void set (ProcFlags flag, const bool &value)
 
bool get (ProcFlags flag) const
 
const Bitset< ProcFlags > & getProcessingFlags () const
 
virtual Length getLength_strict () const
 

Static Public Member Functions

static void sign (dtn::data::Bundle &bundle, const SecurityKey &key, const dtn::data::EID &destination)
 
static void verify (const dtn::data::Bundle &bundle, const SecurityKey &key)
 
static void strip (dtn::data::Bundle &bundle)
 

Static Public Attributes

static const dtn::data::block_t BLOCK_TYPE = SecurityBlock::PAYLOAD_INTEGRITY_BLOCK
 

Protected Member Functions

 PayloadIntegrityBlock ()
 
virtual dtn::data::Length getSecurityResultSize () const
 
- Protected Member Functions inherited from dtn::security::SecurityBlock
void store_security_references ()
 
 SecurityBlock (const SecurityBlock::BLOCK_TYPES type, const CIPHERSUITE_IDS id)
 
 SecurityBlock (const SecurityBlock::BLOCK_TYPES type)
 
void setCiphersuiteId (const CIPHERSUITE_IDS id)
 
void setCorrelator (const dtn::data::Number &corr)
 
virtual MutableSerializerserialize_mutable (MutableSerializer &serializer, bool include_security_result=true) const
 
- Protected Member Functions inherited from dtn::data::Block
 Block (block_t blocktype)
 

Friends

class dtn::data::Bundle
 

Additional Inherited Members

- Public Types inherited from dtn::security::SecurityBlock
enum  BLOCK_TYPES { BUNDLE_AUTHENTICATION_BLOCK = 0x02, PAYLOAD_INTEGRITY_BLOCK = 0x03, PAYLOAD_CONFIDENTIAL_BLOCK = 0x04, EXTENSION_SECURITY_BLOCK = 0x09 }
 
enum  TLV_TYPES {
  not_set = 0, initialization_vector = 1, key_information = 3, fragment_range = 4,
  integrity_signature = 5, salt = 7, PCB_integrity_check_value = 8, encapsulated_block = 10,
  block_type_of_encapsulated_block = 11
}
 
enum  CIPHERSUITE_FLAGS {
  CONTAINS_SECURITY_RESULT = 1 << 0, CONTAINS_CORRELATOR = 1 << 1, CONTAINS_CIPHERSUITE_PARAMS = 1 << 2, CONTAINS_SECURITY_DESTINATION = 1 << 3,
  CONTAINS_SECURITY_SOURCE = 1 << 4, BIT5_RESERVED = 1 << 5, BIT6_RESERVED = 1 << 6
}
 
enum  CIPHERSUITE_IDS { BAB_HMAC = 0x001, PIB_RSA_SHA256 = 0x002, PCB_RSA_AES128_PAYLOAD_PIB_PCB = 0x003, ESB_RSA_AES128_EXT = 0x004 }
 
- Static Protected Member Functions inherited from dtn::security::SecurityBlock
static bool isCorrelatorPresent (const dtn::data::Bundle &bundle, const dtn::data::Number &correlator)
 
static dtn::data::Number createCorrelatorValue (const dtn::data::Bundle &bundle)
 
static void createSaltAndKey (uint32_t &salt, unsigned char *key, dtn::data::Length key_size)
 
static void addKey (TLVList &security_parameter, unsigned char const *const key, dtn::data::Length key_size, RSA *rsa)
 
static bool getKey (const TLVList &security_parameter, unsigned char *key, dtn::data::Length key_size, RSA *rsa)
 
static void addSalt (TLVList &security_parameters, const uint32_t &salt)
 
static uint32_t getSalt (const TLVList &security_parameters)
 
static void copyEID (const dtn::data::Block &from, dtn::data::Block &to, dtn::data::Length skip=0)
 
template<class T >
static T & encryptBlock (dtn::data::Bundle &bundle, dtn::data::Bundle::iterator &it, uint32_t salt, const unsigned char ephemeral_key[ibrcommon::AES128Stream::key_size_in_bytes])
 
static void decryptBlock (dtn::data::Bundle &bundle, dtn::data::Bundle::iterator &it, uint32_t salt, const unsigned char key[ibrcommon::AES128Stream::key_size_in_bytes])
 
static void addFragmentRange (TLVList &ciphersuite_params, const dtn::data::Number &fragmentoffset, const dtn::data::Number &payload_length)
 
- Protected Attributes inherited from dtn::security::SecurityBlock
dtn::data::Number _ciphersuite_id
 
dtn::data::Bitset
< CIPHERSUITE_FLAGS		_ciphersuite_flags
 
dtn::data::Number _correlator
 
TLVList _ciphersuite_params
 
TLVList _security_result
 
dtn::data::EID _security_destination
 
dtn::data::EID _security_source
 

Detailed Description

Signs bundles for connections of security aware nodes. A factory with a rsa key can be created for signing or verifieing the bundle. From the bundle the primary block, the payload block, PayloadIntegrityBlock and the PayloadConfidentialBlock will be covered by the signature.
A sign can be added using the addHash()-Method. Verification can be done via one of the verify()-Methods.

Definition at line 43 of file PayloadIntegrityBlock.h.

Constructor & Destructor Documentation

dtn::security::PayloadIntegrityBlock::~PayloadIntegrityBlock ( )
virtual 
frees the internal PKEY object, without deleting the rsa object

given in the constructor

Definition at line 53 of file PayloadIntegrityBlock.cpp.

dtn::security::PayloadIntegrityBlock::PayloadIntegrityBlock ( )
protected

Constructs an empty PayloadIntegrityBlock in order for adding it to a bundle and sets its ciphersuite id to PIB_RSA_SHA256.

Definition at line 48 of file PayloadIntegrityBlock.cpp.

Referenced by dtn::security::PayloadIntegrityBlock::Factory::create().

Member Function Documentation

std::istream & dtn::security::PayloadIntegrityBlock::deserialize ( std::istream &  stream,
const dtn::data::Length length 
)
virtual

Parses the PayloadIntegrityBlock from a Stream

Parameters
streamthe stream to read from

Reimplemented from dtn::security::SecurityBlock.

Definition at line 190 of file PayloadIntegrityBlock.cpp.

References dtn::security::SecurityBlock::_security_result, dtn::security::SecurityBlock::deserialize(), and dtn::security::SecurityBlock::TLVList::getLength().

Here is the call graph for this function:

dtn::data::Length dtn::security::PayloadIntegrityBlock::getSecurityResultSize ( ) const
protectedvirtual

Returns the size of the security result field. This is used for strict canonicalisation, where the block itself is included to the canonical form, but the security result is excluded or unknown.

Reimplemented from dtn::security::SecurityBlock.

Definition at line 57 of file PayloadIntegrityBlock.cpp.

References dtn::security::SecurityBlock::getSecurityResultSize().

Here is the call graph for this function:

void dtn::security::PayloadIntegrityBlock::sign ( dtn::data::Bundle bundle,
const SecurityKey key,
const dtn::data::EID destination 
)
static

Takes a bundle and adds a PayloadIntegrityBlock to it using the key given in the constructor after the primary block.

Parameters
bundlethe bundle to be hashed and signed

Definition at line 67 of file PayloadIntegrityBlock.cpp.

References dtn::security::SecurityBlock::_ciphersuite_flags, dtn::security::SecurityBlock::_ciphersuite_params, dtn::security::SecurityBlock::_security_result, dtn::security::SecurityBlock::addFragmentRange(), dtn::security::SecurityBlock::CONTAINS_SECURITY_RESULT, dtn::data::PrimaryBlock::destination, dtn::data::Bundle::find(), dtn::data::PrimaryBlock::FRAGMENT, dtn::data::BundleID::fragmentoffset, dtn::data::PrimaryBlock::get(), dtn::data::PayloadBlock::getBLOB(), dtn::security::SecurityBlock::integrity_signature, dtn::security::SecurityBlock::PIB_RSA_SHA256, dtn::data::Bundle::push_front(), dtn::security::SecurityKey::reference, dtn::data::Block::REPLICATE_IN_EVERY_FRAGMENT, dtn::data::EID::sameHost(), dtn::data::Block::set(), dtn::security::SecurityBlock::TLVList::set(), dtn::security::SecurityBlock::setCiphersuiteId(), dtn::security::SecurityBlock::setSecurityDestination(), dtn::security::SecurityBlock::setSecuritySource(), and dtn::data::BundleID::source.

Referenced by dtn::security::SecurityManager::sign().

Here is the call graph for this function:

void dtn::security::PayloadIntegrityBlock::strip ( dtn::data::Bundle bundle)
static

Removes all PayloadIntegrityBlocks from a bundle

Parameters
bundlethe bundle, which shall be cleaned from pibs

Definition at line 185 of file PayloadIntegrityBlock.cpp.

References dtn::data::Bundle::begin(), BLOCK_TYPE, dtn::data::Bundle::end(), and dtn::data::Bundle::erase().

Here is the call graph for this function:

void dtn::security::PayloadIntegrityBlock::verify ( const dtn::data::Bundle bundle,
const SecurityKey key 
)
static

Tests if the bundles signatures is correct. There might be multiple PIBs inside the bundle, which may be tested and the result will be 1 if one matches.

Parameters
bundlethe bundle to be checked
Returns
-1 if an error occured, 0 if the signature does not match, 1 if the signature matches

Definition at line 114 of file PayloadIntegrityBlock.cpp.

References dtn::security::SecurityBlock::_ciphersuite_id, dtn::security::SecurityBlock::_security_result, dtn::data::Bundle::begin(), BLOCK_TYPE, dtn::data::Bundle::end(), dtn::security::SecurityKey::free(), dtn::security::SecurityBlock::TLVList::get(), dtn::security::SecurityKey::getEVP(), ibrcommon::RSASHA256Stream::getVerification(), dtn::security::SecurityBlock::integrity_signature, dtn::security::SecurityBlock::isSecuritySource(), dtn::security::SecurityBlock::PIB_RSA_SHA256, and dtn::security::SecurityKey::reference.

Referenced by dtn::security::SecurityManager::verifyPIB().

Here is the call graph for this function:

Friends And Related Function Documentation

friend class dtn::data::Bundle
friend

Definition at line 45 of file PayloadIntegrityBlock.h.

Member Data Documentation

const dtn::data::block_t dtn::security::PayloadIntegrityBlock::BLOCK_TYPE = SecurityBlock::PAYLOAD_INTEGRITY_BLOCK
static

The block type of this class.

Definition at line 56 of file PayloadIntegrityBlock.h.

Referenced by dtn::security::PayloadConfidentialBlock::encrypt(), dtn::security::SecurityManager::fastverify(), strip(), and verify().

The documentation for this class was generated from the following files: