IBR-DTNSuite  0.8
dtn::security::SecurityBlock Class Reference

#include <SecurityBlock.h>

Inheritance diagram for dtn::security::SecurityBlock:
Collaboration diagram for dtn::security::SecurityBlock:

List of all members.

Classes

class  TLV
class  TLVList

Public Types

enum  BLOCK_TYPES { BUNDLE_AUTHENTICATION_BLOCK = 0x02, PAYLOAD_INTEGRITY_BLOCK = 0x03, PAYLOAD_CONFIDENTIAL_BLOCK = 0x04, EXTENSION_SECURITY_BLOCK = 0x09 }
enum  TLV_TYPES {
  not_set = 0, initialization_vector = 1, key_information = 3, fragment_range = 4,
  integrity_signature = 5, salt = 7, PCB_integrity_check_value = 8, encapsulated_block = 10,
  block_type_of_encapsulated_block = 11
}
enum  CIPHERSUITE_FLAGS {
  CONTAINS_SECURITY_RESULT = 1 << 0, CONTAINS_CORRELATOR = 1 << 1, CONTAINS_CIPHERSUITE_PARAMS = 1 << 2, CONTAINS_SECURITY_DESTINATION = 1 << 3,
  CONTAINS_SECURITY_SOURCE = 1 << 4, BIT5_RESERVED = 1 << 5, BIT6_RESERVED = 1 << 6
}
enum  CIPHERSUITE_IDS { BAB_HMAC = 0x001, PIB_RSA_SHA256 = 0x002, PCB_RSA_AES128_PAYLOAD_PIB_PCB = 0x003, ESB_RSA_AES128_EXT = 0x004 }

Public Member Functions

virtual ~SecurityBlock ()=0
virtual size_t getLength () const
virtual size_t getLength_mutable () const
virtual std::ostream & serialize (std::ostream &stream, size_t &length) const
virtual std::ostream & serialize_strict (std::ostream &stream, size_t &length) const
virtual std::istream & deserialize (std::istream &stream, const size_t length)
const dtn::data::EID getSecuritySource () const
const dtn::data::EID getSecurityDestination () const
void setSecuritySource (const dtn::data::EID &source)
void setSecurityDestination (const dtn::data::EID &destination)
bool isSecuritySource (const dtn::data::Bundle &, const dtn::data::EID &) const
bool isSecurityDestination (const dtn::data::Bundle &, const dtn::data::EID &) const
const dtn::data::EID getSecuritySource (const dtn::data::Bundle &) const
const dtn::data::EID getSecurityDestination (const dtn::data::Bundle &) const

Protected Member Functions

void store_security_references ()
 SecurityBlock (const SecurityBlock::BLOCK_TYPES type, const CIPHERSUITE_IDS id)
 SecurityBlock (const SecurityBlock::BLOCK_TYPES type)
void setCiphersuiteId (const CIPHERSUITE_IDS id)
void setCorrelator (const u_int64_t corr)
virtual
dtn::security::MutualSerializer
serialize_mutable (dtn::security::MutualSerializer &serializer) const
virtual
dtn::security::MutualSerializer
serialize_mutable_without_security_result (dtn::security::MutualSerializer &serializer) const
virtual size_t getSecurityResultSize () const

Static Protected Member Functions

static bool isCorrelatorPresent (const dtn::data::Bundle &bundle, const u_int64_t correlator)
static u_int64_t createCorrelatorValue (const dtn::data::Bundle &bundle)
static void createSaltAndKey (u_int32_t &salt, unsigned char *key, size_t key_size)
static void addKey (TLVList &security_parameter, unsigned char const *const key, size_t key_size, RSA *rsa)
static bool getKey (const TLVList &security_parameter, unsigned char *key, size_t key_size, RSA *rsa)
static void addSalt (TLVList &security_parameters, const u_int32_t &salt)
static u_int32_t getSalt (const TLVList &security_parameters)
static void copyEID (const dtn::data::Block &from, dtn::data::Block &to, size_t skip=0)
template<class T >
static T & encryptBlock (dtn::data::Bundle &bundle, const dtn::data::Block &block, u_int32_t salt, const unsigned char ephemeral_key[ibrcommon::AES128Stream::key_size_in_bytes])
static void decryptBlock (dtn::data::Bundle &bundle, const dtn::security::SecurityBlock &block, u_int32_t salt, const unsigned char key[ibrcommon::AES128Stream::key_size_in_bytes])
static void addFragmentRange (TLVList &ciphersuite_params, size_t fragmentoffset, size_t payload_length)

Protected Attributes

u_int64_t _ciphersuite_id
u_int64_t _ciphersuite_flags
u_int64_t _correlator
TLVList _ciphersuite_params
TLVList _security_result
dtn::data::EID _security_destination
dtn::data::EID _security_source

Friends

class StrictSerializer
class MutualSerializer

Detailed Description

Abstract base class for BundleAuthenticationBlock, PayloadIntegrityBlock, PayloadConfidentialBlock and ExtensionSecurityBlock. It provides definitions of constants and basic functions, which are shared among the blocks. These blocks can be serialized in three forms. In normal form, which is needed for transmission, in strict canonical form, which is need for the BundleAuthenticationBlock and in mutable canonical form. In strict canonical form the security result can be set to be ignored. In mutable canonical form all SDNVs are unpacked to 8 byte fields, numbers written in network byte order and even the security result may be ignored, too. Because the size of security result of the children cannot be known in advance, the children have to implement a method for getting this size.

Definition at line 34 of file SecurityBlock.h.


Member Enumeration Documentation

the block id for each block type

Enumerator:
BUNDLE_AUTHENTICATION_BLOCK 
PAYLOAD_INTEGRITY_BLOCK 
PAYLOAD_CONFIDENTIAL_BLOCK 
EXTENSION_SECURITY_BLOCK 

Definition at line 40 of file SecurityBlock.h.

the position of each flag in the ciphersuite flags

Enumerator:
CONTAINS_SECURITY_RESULT 
CONTAINS_CORRELATOR 
CONTAINS_CIPHERSUITE_PARAMS 
CONTAINS_SECURITY_DESTINATION 
CONTAINS_SECURITY_SOURCE 
BIT5_RESERVED 
BIT6_RESERVED 

Definition at line 62 of file SecurityBlock.h.

the ids of the supported ciphersuites

Enumerator:
BAB_HMAC 
PIB_RSA_SHA256 
PCB_RSA_AES128_PAYLOAD_PIB_PCB 
ESB_RSA_AES128_EXT 

Definition at line 73 of file SecurityBlock.h.

the id of each TLV type, which is used in security parameters or security result

Enumerator:
not_set 
initialization_vector 
key_information 
fragment_range 
integrity_signature 
salt 
PCB_integrity_check_value 
encapsulated_block 
block_type_of_encapsulated_block 

Definition at line 49 of file SecurityBlock.h.


Constructor & Destructor Documentation

does nothing

Definition at line 186 of file SecurityBlock.cpp.

Creates an empty SecurityBlock. This is only needed by children, which add blocks to bundles in a factory

Parameters:
typetype of child block
idthe ciphersuite

Definition at line 174 of file SecurityBlock.cpp.

Creates a factory with a partner. If partner is empty, this must be a instance with a private key or a BundleAuthenticationBlock.

Parameters:
typetype of child block

Definition at line 180 of file SecurityBlock.cpp.


Member Function Documentation

void dtn::security::SecurityBlock::addFragmentRange ( TLVList ciphersuite_params,
size_t  fragmentoffset,
size_t  payload_length 
) [static, protected]

Calculates the Size of the stream and adds a fragment range item to ciphersuite_params

Parameters:
ciphersuite_paramsthe string which will get a fragment range TLV added
streamthe stream which size will be calculated

Definition at line 668 of file SecurityBlock.cpp.

References fragment_range, and dtn::security::SecurityBlock::TLVList::set().

Referenced by dtn::security::PayloadConfidentialBlock::encrypt(), and dtn::security::PayloadIntegrityBlock::sign().

Here is the call graph for this function:

void dtn::security::SecurityBlock::addKey ( TLVList security_parameter,
unsigned char const *const  key,
size_t  key_size,
RSA rsa 
) [static, protected]

Adds a key as a TLV to a string. The key is encrypted using the public key provided in the rsa object.

Parameters:
security_parameterthe string object which gets the TLV appended which contains the encrypted key
keythe plaintext key
key_sizethe size of the plaintext key
rsaobject containing the public key for encryption of the symmetric key

Definition at line 518 of file SecurityBlock.cpp.

References IBRCOMMON_LOGGER_ENDL, IBRCOMMON_LOGGER_ex, key_information, and dtn::security::SecurityBlock::TLVList::set().

Referenced by dtn::security::ExtensionSecurityBlock::encrypt(), and dtn::security::PayloadConfidentialBlock::encrypt().

Here is the call graph for this function:

void dtn::security::SecurityBlock::addSalt ( TLVList security_parameters,
const u_int32_t &  salt 
) [static, protected]

Adds a salt TLV object to a string.

Parameters:
security_parametersthe string
saltthe salt which shall be added

Definition at line 572 of file SecurityBlock.cpp.

References salt, and dtn::security::SecurityBlock::TLVList::set().

Referenced by dtn::security::ExtensionSecurityBlock::encrypt(), and dtn::security::PayloadConfidentialBlock::encrypt().

Here is the call graph for this function:

void dtn::security::SecurityBlock::copyEID ( const dtn::data::Block from,
dtn::data::Block to,
size_t  skip = 0 
) [static, protected]

Copys all EIDs from one block to another and skips the first skip EIDs

Parameters:
fromsource of the EIDs
todestination of the EIDs
skiphow much EIDs should be skipped at the beginning

Definition at line 556 of file SecurityBlock.cpp.

Referenced by decryptBlock(), and encryptBlock().

u_int64_t dtn::security::SecurityBlock::createCorrelatorValue ( const dtn::data::Bundle bundle) [static, protected]

Creates a unique correlatorvalue for bundle

Parameters:
bundlethe bundle for which a new unique correlator shall be created
Returns:
a unique correlator

Definition at line 276 of file SecurityBlock.cpp.

References isCorrelatorPresent().

Referenced by dtn::security::BundleAuthenticationBlock::auth(), and dtn::security::PayloadConfidentialBlock::encrypt().

Here is the call graph for this function:

void dtn::security::SecurityBlock::createSaltAndKey ( u_int32_t &  salt,
unsigned char *  key,
size_t  key_size 
) [static, protected]

Fills salt and key with random numbers.

Parameters:
saltreference to salt
keypointer to key
key_sizesize of key

Definition at line 503 of file SecurityBlock.cpp.

References IBRCOMMON_LOGGER_ENDL, and IBRCOMMON_LOGGER_ex.

Referenced by dtn::security::ExtensionSecurityBlock::encrypt(), and dtn::security::PayloadConfidentialBlock::encrypt().

void dtn::security::SecurityBlock::decryptBlock ( dtn::data::Bundle bundle,
const dtn::security::SecurityBlock block,
u_int32_t  salt,
const unsigned char  key[ibrcommon::AES128Stream::key_size_in_bytes] 
) [static, protected]

Decrypts the block which is held in the SecurityBlock replaces it. The ciphertext is only substituted and the old block reconstructed if tag verification succeeds.

Parameters:
bundlethe bundle which contains block
blockthe security block with an encrypted block in its security result
saltthe salt
ephemeral_keythe key
Returns:
true if tag verification succeeded, false if not

Definition at line 585 of file SecurityBlock.cpp.

References _ciphersuite_flags, _ciphersuite_params, _security_result, dtn::data::PayloadBlock::BLOCK_TYPE, ibrcommon::CipherStream::CIPHER_DECRYPT, CONTAINS_SECURITY_DESTINATION, CONTAINS_SECURITY_SOURCE, copyEID(), encapsulated_block, dtn::data::Block::get(), dtn::security::SecurityBlock::TLVList::get(), dtn::data::Block::getEIDList(), initialization_vector, dtn::data::Bundle::insert(), ibrcommon::AES128Stream::iv_len, dtn::data::Bundle::remove(), ibrcommon::AES128Stream::tag_len, and ibrcommon::AES128Stream::verify().

Referenced by dtn::security::ExtensionSecurityBlock::decrypt(), and dtn::security::PayloadConfidentialBlock::decrypt().

Here is the call graph for this function:

template<class T >
T & dtn::security::SecurityBlock::encryptBlock ( dtn::data::Bundle bundle,
const dtn::data::Block block,
u_int32_t  salt,
const unsigned char  ephemeral_key[ibrcommon::AES128Stream::key_size_in_bytes] 
) [static, protected]

Encrypts a Block. The used initialisation vector will be written into the security parameters of the new SecurityBlock. The ciphertext will have the tag appended and be written into security result. The flags that this block contains ciphersuite parameters and security result will be set. If this is the first block, don't forget to add the key and salt to its security parameters.

Parameters:
bundlethe bundle which contains block
blockthe block which shall be encrypted and encapsulated
saltthe salt to be used
ephemeral_keythe key to be used
Returns:
the Security Block which replaced block

Definition at line 401 of file SecurityBlock.h.

References ibrcommon::CipherStream::CIPHER_ENCRYPT, CONTAINS_CIPHERSUITE_PARAMS, CONTAINS_SECURITY_RESULT, copyEID(), encapsulated_block, ibrcommon::AES128Stream::getIV(), ibrcommon::AES128Stream::getTag(), initialization_vector, dtn::data::Bundle::insert(), ibrcommon::AES128Stream::iv_len, dtn::data::Bundle::remove(), and ibrcommon::AES128Stream::tag_len.

Here is the call graph for this function:

bool dtn::security::SecurityBlock::getKey ( const TLVList security_parameter,
unsigned char *  key,
size_t  key_size,
RSA rsa 
) [static, protected]

Reads a symmetric key TLV object from a string.

Parameters:
securiy_parameterthe TLVs containing string
keypointer to an array to which the key will be written
key_sizesize of the array
rsaobject containing the private key for decryption of the symmetric key
Returns:
true if the key has been successfully decrypted

Definition at line 534 of file SecurityBlock.cpp.

References dtn::security::SecurityBlock::TLVList::get(), IBRCOMMON_LOGGER_ENDL, IBRCOMMON_LOGGER_ex, and key_information.

Referenced by dtn::security::ExtensionSecurityBlock::decrypt(), and dtn::security::PayloadConfidentialBlock::decrypt().

Here is the call graph for this function:

Returns the length of this Block if it would serialized in mutable canonical form

Returns:
the length in mutable canonical form

Definition at line 309 of file SecurityBlock.cpp.

References _ciphersuite_flags, _ciphersuite_params, CONTAINS_CIPHERSUITE_PARAMS, CONTAINS_CORRELATOR, CONTAINS_SECURITY_RESULT, dtn::security::SecurityBlock::TLVList::getLength(), getSecurityResultSize(), and dtn::security::MutualSerializer::sdnv_size.

Referenced by dtn::security::MutualSerializer::getLength(), and dtn::security::MutualSerializer::operator<<().

Here is the call graph for this function:

u_int32_t dtn::security::SecurityBlock::getSalt ( const TLVList security_parameters) [static, protected]

Reads a salt TLV from a string containing TLVs

Parameters:
security_parametersstring containing TLVs

Definition at line 578 of file SecurityBlock.cpp.

References dtn::security::SecurityBlock::TLVList::get(), and salt.

Referenced by dtn::security::ExtensionSecurityBlock::decrypt(), and dtn::security::PayloadConfidentialBlock::decrypt().

Here is the call graph for this function:

Returns the Security destination of a SecurityBlock or dtn:none if none exists

Definition at line 232 of file SecurityBlock.cpp.

References _security_destination.

Referenced by getSecurityDestination(), and isSecurityDestination().

Returns the security destination of a given block

Parameters:
bundlethe bundle to which the block belongs to
Returns:
the security destination

Definition at line 699 of file SecurityBlock.cpp.

References dtn::data::PrimaryBlock::_destination, dtn::data::EID::getNode(), and getSecurityDestination().

Here is the call graph for this function:

size_t dtn::security::SecurityBlock::getSecurityResultSize ( ) const [protected, virtual]

Returns the size of the security result if it would be serialized, even if it is empty. This is needed for canonicalisation. If it is empty this will be zero. There is no way to know how big will a payload be in advance. Children have to override it for the canonicalisation forms if nessessary (especial BundleAuthenticationBlock and PayloadIntegrityBlock).

Returns:
the size of the serialized security result

Reimplemented in dtn::security::BundleAuthenticationBlock, and dtn::security::PayloadIntegrityBlock.

Definition at line 495 of file SecurityBlock.cpp.

References _security_result, and dtn::security::SecurityBlock::TLVList::getLength().

Referenced by getLength(), getLength_mutable(), serialize_mutable_without_security_result(), and serialize_strict().

Here is the call graph for this function:

Returns the security source of a given block

Parameters:
bundlethe bundle to which the block belongs to
Returns:
the security source

Definition at line 691 of file SecurityBlock.cpp.

References dtn::data::PrimaryBlock::_source, dtn::data::EID::getNode(), and getSecuritySource().

Here is the call graph for this function:

bool dtn::security::SecurityBlock::isCorrelatorPresent ( const dtn::data::Bundle bundle,
const u_int64_t  correlator 
) [static, protected]

Checks if the given correlator value is used in the bundle

Parameters:
bundlethe bundle in which shall be searched for correlators
correlatorthe correlator to be tested for uniqueness
Returns:
false if correlator is unique, true otherwise

Definition at line 260 of file SecurityBlock.cpp.

References _correlator, BUNDLE_AUTHENTICATION_BLOCK, EXTENSION_SECURITY_BLOCK, dtn::data::Bundle::getBlocks(), PAYLOAD_CONFIDENTIAL_BLOCK, and PAYLOAD_INTEGRITY_BLOCK.

Referenced by createCorrelatorValue().

Here is the call graph for this function:

Checks if the given EID is a security destination for the given block

Parameters:
bundlethe bundle to which the block belongs to
eidthe eid of the destination
Returns:
true if eid is the security destination, false if not

Definition at line 685 of file SecurityBlock.cpp.

References dtn::data::EID::getNode(), getSecurityDestination(), dtn::data::EID::getString(), IBRCOMMON_LOGGER_DEBUG, and IBRCOMMON_LOGGER_ENDL.

Referenced by dtn::security::PayloadConfidentialBlock::decrypt(), and dtn::security::SecurityManager::verifyPIB().

Here is the call graph for this function:

bool dtn::security::SecurityBlock::isSecuritySource ( const dtn::data::Bundle bundle,
const dtn::data::EID eid 
) const

Checks if the given EID is a security source for the given block

Parameters:
bundlethe bundle to which the block belongs to
eidthe eid of the source
Returns:
true if eid is the security source, false if not

Definition at line 679 of file SecurityBlock.cpp.

References dtn::data::EID::getNode(), getSecuritySource(), dtn::data::EID::getString(), IBRCOMMON_LOGGER_DEBUG, and IBRCOMMON_LOGGER_ENDL.

Referenced by dtn::security::BundleAuthenticationBlock::verify().

Here is the call graph for this function:

std::ostream & dtn::security::SecurityBlock::serialize ( std::ostream &  stream,
size_t &  length 
) const [virtual]

Serializes this Block into stream

Parameters:
thestream in which should be written
Returns:
the same stream as the input stream

Implements dtn::data::Block.

Definition at line 338 of file SecurityBlock.cpp.

References _ciphersuite_flags, _ciphersuite_id, _ciphersuite_params, _correlator, _security_result, CONTAINS_CIPHERSUITE_PARAMS, CONTAINS_CORRELATOR, and CONTAINS_SECURITY_RESULT.

Canonicalizes the block into the stream.

Parameters:
streamthe stream to be written into
Returns:
the same stream as the parameter for chaining

Definition at line 453 of file SecurityBlock.cpp.

References _ciphersuite_flags, _ciphersuite_id, _ciphersuite_params, _security_result, CONTAINS_CIPHERSUITE_PARAMS, CONTAINS_CORRELATOR, and CONTAINS_SECURITY_RESULT.

std::ostream & dtn::security::SecurityBlock::serialize_strict ( std::ostream &  stream,
size_t &  length 
) const [virtual]

Serializes this block in a strict form. That skips all dynamic field like the security result.

Parameters:
stream
Returns:

Reimplemented from dtn::data::Block.

Definition at line 360 of file SecurityBlock.cpp.

References _ciphersuite_flags, _ciphersuite_id, _ciphersuite_params, _correlator, CONTAINS_CIPHERSUITE_PARAMS, CONTAINS_CORRELATOR, CONTAINS_SECURITY_RESULT, and getSecurityResultSize().

Here is the call graph for this function:

Sets the ciphersuite id

Parameters:
idciphersuite id

Definition at line 249 of file SecurityBlock.cpp.

References _ciphersuite_id.

Referenced by dtn::security::BundleAuthenticationBlock::auth(), and dtn::security::PayloadIntegrityBlock::sign().

void dtn::security::SecurityBlock::setCorrelator ( const u_int64_t  corr) [protected]

Sets the correlator

Parameters:
corrcorrelator value

Definition at line 254 of file SecurityBlock.cpp.

References _ciphersuite_flags, _correlator, and CONTAINS_CORRELATOR.

Referenced by dtn::security::BundleAuthenticationBlock::auth(), and dtn::security::PayloadConfidentialBlock::encrypt().

Sets the security destination of this block

Parameters:
destinationthe security destination

Definition at line 243 of file SecurityBlock.cpp.

References _security_destination, and store_security_references().

Referenced by dtn::security::ExtensionSecurityBlock::encrypt(), and dtn::security::PayloadIntegrityBlock::sign().

Here is the call graph for this function:

Sets the security source of this block

Parameters:
sourcethe security source

Definition at line 237 of file SecurityBlock.cpp.

References _security_source, and store_security_references().

Referenced by dtn::security::BundleAuthenticationBlock::auth(), dtn::security::ExtensionSecurityBlock::encrypt(), and dtn::security::PayloadIntegrityBlock::sign().

Here is the call graph for this function:


Friends And Related Function Documentation

friend class MutualSerializer [friend]

Definition at line 37 of file SecurityBlock.h.

friend class StrictSerializer [friend]

Definition at line 36 of file SecurityBlock.h.


Member Data Documentation

security destination: only set if differs from primary header

Definition at line 235 of file SecurityBlock.h.

Referenced by deserialize(), getSecurityDestination(), setSecurityDestination(), and store_security_references().

security source: only set if differs from primary header

Definition at line 238 of file SecurityBlock.h.

Referenced by deserialize(), getSecuritySource(), setSecuritySource(), and store_security_references().


The documentation for this class was generated from the following files: