IBR-DTNSuite
0.8
|
#include <SecurityBlock.h>
Abstract base class for BundleAuthenticationBlock, PayloadIntegrityBlock, PayloadConfidentialBlock and ExtensionSecurityBlock. It provides definitions of constants and basic functions, which are shared among the blocks. These blocks can be serialized in three forms. In normal form, which is needed for transmission, in strict canonical form, which is need for the BundleAuthenticationBlock and in mutable canonical form. In strict canonical form the security result can be set to be ignored. In mutable canonical form all SDNVs are unpacked to 8 byte fields, numbers written in network byte order and even the security result may be ignored, too. Because the size of security result of the children cannot be known in advance, the children have to implement a method for getting this size.
Definition at line 34 of file SecurityBlock.h.
the block id for each block type
BUNDLE_AUTHENTICATION_BLOCK | |
PAYLOAD_INTEGRITY_BLOCK | |
PAYLOAD_CONFIDENTIAL_BLOCK | |
EXTENSION_SECURITY_BLOCK |
Definition at line 40 of file SecurityBlock.h.
the position of each flag in the ciphersuite flags
CONTAINS_SECURITY_RESULT | |
CONTAINS_CORRELATOR | |
CONTAINS_CIPHERSUITE_PARAMS | |
CONTAINS_SECURITY_DESTINATION | |
CONTAINS_SECURITY_SOURCE | |
BIT5_RESERVED | |
BIT6_RESERVED |
Definition at line 62 of file SecurityBlock.h.
the ids of the supported ciphersuites
Definition at line 73 of file SecurityBlock.h.
the id of each TLV type, which is used in security parameters or security result
not_set | |
initialization_vector | |
key_information | |
fragment_range | |
integrity_signature | |
salt | |
PCB_integrity_check_value | |
encapsulated_block | |
block_type_of_encapsulated_block |
Definition at line 49 of file SecurityBlock.h.
dtn::security::SecurityBlock::~SecurityBlock | ( | ) | [pure virtual] |
does nothing
Definition at line 186 of file SecurityBlock.cpp.
dtn::security::SecurityBlock::SecurityBlock | ( | const SecurityBlock::BLOCK_TYPES | type, |
const CIPHERSUITE_IDS | id | ||
) | [protected] |
Creates an empty SecurityBlock. This is only needed by children, which add blocks to bundles in a factory
type | type of child block |
id | the ciphersuite |
Definition at line 174 of file SecurityBlock.cpp.
dtn::security::SecurityBlock::SecurityBlock | ( | const SecurityBlock::BLOCK_TYPES | type | ) | [protected] |
Creates a factory with a partner. If partner is empty, this must be a instance with a private key or a BundleAuthenticationBlock.
type | type of child block |
Definition at line 180 of file SecurityBlock.cpp.
void dtn::security::SecurityBlock::addFragmentRange | ( | TLVList & | ciphersuite_params, |
size_t | fragmentoffset, | ||
size_t | payload_length | ||
) | [static, protected] |
Calculates the Size of the stream and adds a fragment range item to ciphersuite_params
ciphersuite_params | the string which will get a fragment range TLV added |
stream | the stream which size will be calculated |
Definition at line 668 of file SecurityBlock.cpp.
References fragment_range, and dtn::security::SecurityBlock::TLVList::set().
Referenced by dtn::security::PayloadConfidentialBlock::encrypt(), and dtn::security::PayloadIntegrityBlock::sign().
void dtn::security::SecurityBlock::addKey | ( | TLVList & | security_parameter, |
unsigned char const *const | key, | ||
size_t | key_size, | ||
RSA * | rsa | ||
) | [static, protected] |
Adds a key as a TLV to a string. The key is encrypted using the public key provided in the rsa object.
security_parameter | the string object which gets the TLV appended which contains the encrypted key |
key | the plaintext key |
key_size | the size of the plaintext key |
rsa | object containing the public key for encryption of the symmetric key |
Definition at line 518 of file SecurityBlock.cpp.
References IBRCOMMON_LOGGER_ENDL, IBRCOMMON_LOGGER_ex, key_information, and dtn::security::SecurityBlock::TLVList::set().
Referenced by dtn::security::ExtensionSecurityBlock::encrypt(), and dtn::security::PayloadConfidentialBlock::encrypt().
void dtn::security::SecurityBlock::addSalt | ( | TLVList & | security_parameters, |
const u_int32_t & | salt | ||
) | [static, protected] |
Adds a salt TLV object to a string.
security_parameters | the string |
salt | the salt which shall be added |
Definition at line 572 of file SecurityBlock.cpp.
References salt, and dtn::security::SecurityBlock::TLVList::set().
Referenced by dtn::security::ExtensionSecurityBlock::encrypt(), and dtn::security::PayloadConfidentialBlock::encrypt().
void dtn::security::SecurityBlock::copyEID | ( | const dtn::data::Block & | from, |
dtn::data::Block & | to, | ||
size_t | skip = 0 |
||
) | [static, protected] |
Copys all EIDs from one block to another and skips the first skip EIDs
from | source of the EIDs |
to | destination of the EIDs |
skip | how much EIDs should be skipped at the beginning |
Definition at line 556 of file SecurityBlock.cpp.
Referenced by decryptBlock(), and encryptBlock().
u_int64_t dtn::security::SecurityBlock::createCorrelatorValue | ( | const dtn::data::Bundle & | bundle | ) | [static, protected] |
Creates a unique correlatorvalue for bundle
bundle | the bundle for which a new unique correlator shall be created |
Definition at line 276 of file SecurityBlock.cpp.
References isCorrelatorPresent().
Referenced by dtn::security::BundleAuthenticationBlock::auth(), and dtn::security::PayloadConfidentialBlock::encrypt().
void dtn::security::SecurityBlock::createSaltAndKey | ( | u_int32_t & | salt, |
unsigned char * | key, | ||
size_t | key_size | ||
) | [static, protected] |
Fills salt and key with random numbers.
salt | reference to salt |
key | pointer to key |
key_size | size of key |
Definition at line 503 of file SecurityBlock.cpp.
References IBRCOMMON_LOGGER_ENDL, and IBRCOMMON_LOGGER_ex.
Referenced by dtn::security::ExtensionSecurityBlock::encrypt(), and dtn::security::PayloadConfidentialBlock::encrypt().
void dtn::security::SecurityBlock::decryptBlock | ( | dtn::data::Bundle & | bundle, |
const dtn::security::SecurityBlock & | block, | ||
u_int32_t | salt, | ||
const unsigned char | key[ibrcommon::AES128Stream::key_size_in_bytes] | ||
) | [static, protected] |
Decrypts the block which is held in the SecurityBlock replaces it. The ciphertext is only substituted and the old block reconstructed if tag verification succeeds.
bundle | the bundle which contains block |
block | the security block with an encrypted block in its security result |
salt | the salt |
ephemeral_key | the key |
Definition at line 585 of file SecurityBlock.cpp.
References _ciphersuite_flags, _ciphersuite_params, _security_result, dtn::data::PayloadBlock::BLOCK_TYPE, ibrcommon::CipherStream::CIPHER_DECRYPT, CONTAINS_SECURITY_DESTINATION, CONTAINS_SECURITY_SOURCE, copyEID(), encapsulated_block, dtn::data::Block::get(), dtn::security::SecurityBlock::TLVList::get(), dtn::data::Block::getEIDList(), initialization_vector, dtn::data::Bundle::insert(), ibrcommon::AES128Stream::iv_len, dtn::data::Bundle::remove(), ibrcommon::AES128Stream::tag_len, and ibrcommon::AES128Stream::verify().
Referenced by dtn::security::ExtensionSecurityBlock::decrypt(), and dtn::security::PayloadConfidentialBlock::decrypt().
std::istream & dtn::security::SecurityBlock::deserialize | ( | std::istream & | stream, |
const size_t | length | ||
) | [virtual] |
Parses the SecurityBlock from a Stream
stream | the stream to read from |
Implements dtn::data::Block.
Reimplemented in dtn::security::PayloadIntegrityBlock.
Definition at line 382 of file SecurityBlock.cpp.
References dtn::data::Block::_blocktype, _ciphersuite_flags, _ciphersuite_id, _ciphersuite_params, _correlator, dtn::data::Block::_eids, _security_destination, _security_result, _security_source, BAB_HMAC, BUNDLE_AUTHENTICATION_BLOCK, CONTAINS_CIPHERSUITE_PARAMS, CONTAINS_CORRELATOR, CONTAINS_SECURITY_DESTINATION, CONTAINS_SECURITY_RESULT, CONTAINS_SECURITY_SOURCE, ESB_RSA_AES128_EXT, EXTENSION_SECURITY_BLOCK, dtn::data::SDNV::getValue(), PAYLOAD_CONFIDENTIAL_BLOCK, PAYLOAD_INTEGRITY_BLOCK, PCB_RSA_AES128_PAYLOAD_PIB_PCB, and PIB_RSA_SHA256.
T & dtn::security::SecurityBlock::encryptBlock | ( | dtn::data::Bundle & | bundle, |
const dtn::data::Block & | block, | ||
u_int32_t | salt, | ||
const unsigned char | ephemeral_key[ibrcommon::AES128Stream::key_size_in_bytes] | ||
) | [static, protected] |
Encrypts a Block. The used initialisation vector will be written into the security parameters of the new SecurityBlock. The ciphertext will have the tag appended and be written into security result. The flags that this block contains ciphersuite parameters and security result will be set. If this is the first block, don't forget to add the key and salt to its security parameters.
bundle | the bundle which contains block |
block | the block which shall be encrypted and encapsulated |
salt | the salt to be used |
ephemeral_key | the key to be used |
Definition at line 401 of file SecurityBlock.h.
References ibrcommon::CipherStream::CIPHER_ENCRYPT, CONTAINS_CIPHERSUITE_PARAMS, CONTAINS_SECURITY_RESULT, copyEID(), encapsulated_block, ibrcommon::AES128Stream::getIV(), ibrcommon::AES128Stream::getTag(), initialization_vector, dtn::data::Bundle::insert(), ibrcommon::AES128Stream::iv_len, dtn::data::Bundle::remove(), and ibrcommon::AES128Stream::tag_len.
bool dtn::security::SecurityBlock::getKey | ( | const TLVList & | security_parameter, |
unsigned char * | key, | ||
size_t | key_size, | ||
RSA * | rsa | ||
) | [static, protected] |
Reads a symmetric key TLV object from a string.
securiy_parameter | the TLVs containing string |
key | pointer to an array to which the key will be written |
key_size | size of the array |
rsa | object containing the private key for decryption of the symmetric key |
Definition at line 534 of file SecurityBlock.cpp.
References dtn::security::SecurityBlock::TLVList::get(), IBRCOMMON_LOGGER_ENDL, IBRCOMMON_LOGGER_ex, and key_information.
Referenced by dtn::security::ExtensionSecurityBlock::decrypt(), and dtn::security::PayloadConfidentialBlock::decrypt().
size_t dtn::security::SecurityBlock::getLength | ( | ) | const [virtual] |
Returns the length of this Block
Implements dtn::data::Block.
Definition at line 284 of file SecurityBlock.cpp.
References _ciphersuite_flags, _ciphersuite_id, _ciphersuite_params, _correlator, CONTAINS_CIPHERSUITE_PARAMS, CONTAINS_CORRELATOR, CONTAINS_SECURITY_RESULT, dtn::data::SDNV::getLength(), dtn::security::SecurityBlock::TLVList::getLength(), getSecurityResultSize(), and dtn::data::SDNV::getValue().
Referenced by dtn::security::BundleAuthenticationBlock::getSecurityResultSize().
size_t dtn::security::SecurityBlock::getLength_mutable | ( | ) | const [virtual] |
Returns the length of this Block if it would serialized in mutable canonical form
Definition at line 309 of file SecurityBlock.cpp.
References _ciphersuite_flags, _ciphersuite_params, CONTAINS_CIPHERSUITE_PARAMS, CONTAINS_CORRELATOR, CONTAINS_SECURITY_RESULT, dtn::security::SecurityBlock::TLVList::getLength(), getSecurityResultSize(), and dtn::security::MutualSerializer::sdnv_size.
Referenced by dtn::security::MutualSerializer::getLength(), and dtn::security::MutualSerializer::operator<<().
u_int32_t dtn::security::SecurityBlock::getSalt | ( | const TLVList & | security_parameters | ) | [static, protected] |
Reads a salt TLV from a string containing TLVs
security_parameters | string containing TLVs |
Definition at line 578 of file SecurityBlock.cpp.
References dtn::security::SecurityBlock::TLVList::get(), and salt.
Referenced by dtn::security::ExtensionSecurityBlock::decrypt(), and dtn::security::PayloadConfidentialBlock::decrypt().
const dtn::data::EID dtn::security::SecurityBlock::getSecurityDestination | ( | ) | const |
Returns the Security destination of a SecurityBlock or dtn:none if none exists
Definition at line 232 of file SecurityBlock.cpp.
References _security_destination.
Referenced by getSecurityDestination(), and isSecurityDestination().
const dtn::data::EID dtn::security::SecurityBlock::getSecurityDestination | ( | const dtn::data::Bundle & | bundle | ) | const |
Returns the security destination of a given block
bundle | the bundle to which the block belongs to |
Definition at line 699 of file SecurityBlock.cpp.
References dtn::data::PrimaryBlock::_destination, dtn::data::EID::getNode(), and getSecurityDestination().
size_t dtn::security::SecurityBlock::getSecurityResultSize | ( | ) | const [protected, virtual] |
Returns the size of the security result if it would be serialized, even if it is empty. This is needed for canonicalisation. If it is empty this will be zero. There is no way to know how big will a payload be in advance. Children have to override it for the canonicalisation forms if nessessary (especial BundleAuthenticationBlock and PayloadIntegrityBlock).
Reimplemented in dtn::security::BundleAuthenticationBlock, and dtn::security::PayloadIntegrityBlock.
Definition at line 495 of file SecurityBlock.cpp.
References _security_result, and dtn::security::SecurityBlock::TLVList::getLength().
Referenced by getLength(), getLength_mutable(), serialize_mutable_without_security_result(), and serialize_strict().
const dtn::data::EID dtn::security::SecurityBlock::getSecuritySource | ( | ) | const |
Returns the Security source of a SecurityBlock or dtn:none if none exists
Definition at line 227 of file SecurityBlock.cpp.
References _security_source.
Referenced by getSecuritySource(), isSecuritySource(), dtn::security::SecurityManager::verifyBAB(), and dtn::security::SecurityManager::verifyPIB().
const dtn::data::EID dtn::security::SecurityBlock::getSecuritySource | ( | const dtn::data::Bundle & | bundle | ) | const |
Returns the security source of a given block
bundle | the bundle to which the block belongs to |
Definition at line 691 of file SecurityBlock.cpp.
References dtn::data::PrimaryBlock::_source, dtn::data::EID::getNode(), and getSecuritySource().
bool dtn::security::SecurityBlock::isCorrelatorPresent | ( | const dtn::data::Bundle & | bundle, |
const u_int64_t | correlator | ||
) | [static, protected] |
Checks if the given correlator value is used in the bundle
bundle | the bundle in which shall be searched for correlators |
correlator | the correlator to be tested for uniqueness |
Definition at line 260 of file SecurityBlock.cpp.
References _correlator, BUNDLE_AUTHENTICATION_BLOCK, EXTENSION_SECURITY_BLOCK, dtn::data::Bundle::getBlocks(), PAYLOAD_CONFIDENTIAL_BLOCK, and PAYLOAD_INTEGRITY_BLOCK.
Referenced by createCorrelatorValue().
bool dtn::security::SecurityBlock::isSecurityDestination | ( | const dtn::data::Bundle & | bundle, |
const dtn::data::EID & | eid | ||
) | const |
Checks if the given EID is a security destination for the given block
bundle | the bundle to which the block belongs to |
eid | the eid of the destination |
Definition at line 685 of file SecurityBlock.cpp.
References dtn::data::EID::getNode(), getSecurityDestination(), dtn::data::EID::getString(), IBRCOMMON_LOGGER_DEBUG, and IBRCOMMON_LOGGER_ENDL.
Referenced by dtn::security::PayloadConfidentialBlock::decrypt(), and dtn::security::SecurityManager::verifyPIB().
bool dtn::security::SecurityBlock::isSecuritySource | ( | const dtn::data::Bundle & | bundle, |
const dtn::data::EID & | eid | ||
) | const |
Checks if the given EID is a security source for the given block
bundle | the bundle to which the block belongs to |
eid | the eid of the source |
Definition at line 679 of file SecurityBlock.cpp.
References dtn::data::EID::getNode(), getSecuritySource(), dtn::data::EID::getString(), IBRCOMMON_LOGGER_DEBUG, and IBRCOMMON_LOGGER_ENDL.
Referenced by dtn::security::BundleAuthenticationBlock::verify().
std::ostream & dtn::security::SecurityBlock::serialize | ( | std::ostream & | stream, |
size_t & | length | ||
) | const [virtual] |
Serializes this Block into stream
the | stream in which should be written |
Implements dtn::data::Block.
Definition at line 338 of file SecurityBlock.cpp.
References _ciphersuite_flags, _ciphersuite_id, _ciphersuite_params, _correlator, _security_result, CONTAINS_CIPHERSUITE_PARAMS, CONTAINS_CORRELATOR, and CONTAINS_SECURITY_RESULT.
dtn::security::MutualSerializer & dtn::security::SecurityBlock::serialize_mutable | ( | dtn::security::MutualSerializer & | serializer | ) | const [protected, virtual] |
Canonicalizes the block into the stream.
stream | the stream to be written into |
Definition at line 453 of file SecurityBlock.cpp.
References _ciphersuite_flags, _ciphersuite_id, _ciphersuite_params, _security_result, CONTAINS_CIPHERSUITE_PARAMS, CONTAINS_CORRELATOR, and CONTAINS_SECURITY_RESULT.
dtn::security::MutualSerializer & dtn::security::SecurityBlock::serialize_mutable_without_security_result | ( | dtn::security::MutualSerializer & | serializer | ) | const [protected, virtual] |
Definition at line 474 of file SecurityBlock.cpp.
References _ciphersuite_flags, _ciphersuite_id, _ciphersuite_params, CONTAINS_CIPHERSUITE_PARAMS, CONTAINS_CORRELATOR, CONTAINS_SECURITY_RESULT, and getSecurityResultSize().
Referenced by dtn::security::MutualSerializer::operator<<().
std::ostream & dtn::security::SecurityBlock::serialize_strict | ( | std::ostream & | stream, |
size_t & | length | ||
) | const [virtual] |
Serializes this block in a strict form. That skips all dynamic field like the security result.
stream |
Reimplemented from dtn::data::Block.
Definition at line 360 of file SecurityBlock.cpp.
References _ciphersuite_flags, _ciphersuite_id, _ciphersuite_params, _correlator, CONTAINS_CIPHERSUITE_PARAMS, CONTAINS_CORRELATOR, CONTAINS_SECURITY_RESULT, and getSecurityResultSize().
void dtn::security::SecurityBlock::setCiphersuiteId | ( | const CIPHERSUITE_IDS | id | ) | [protected] |
Sets the ciphersuite id
id | ciphersuite id |
Definition at line 249 of file SecurityBlock.cpp.
References _ciphersuite_id.
Referenced by dtn::security::BundleAuthenticationBlock::auth(), and dtn::security::PayloadIntegrityBlock::sign().
void dtn::security::SecurityBlock::setCorrelator | ( | const u_int64_t | corr | ) | [protected] |
Sets the correlator
corr | correlator value |
Definition at line 254 of file SecurityBlock.cpp.
References _ciphersuite_flags, _correlator, and CONTAINS_CORRELATOR.
Referenced by dtn::security::BundleAuthenticationBlock::auth(), and dtn::security::PayloadConfidentialBlock::encrypt().
void dtn::security::SecurityBlock::setSecurityDestination | ( | const dtn::data::EID & | destination | ) |
Sets the security destination of this block
destination | the security destination |
Definition at line 243 of file SecurityBlock.cpp.
References _security_destination, and store_security_references().
Referenced by dtn::security::ExtensionSecurityBlock::encrypt(), and dtn::security::PayloadIntegrityBlock::sign().
void dtn::security::SecurityBlock::setSecuritySource | ( | const dtn::data::EID & | source | ) |
Sets the security source of this block
source | the security source |
Definition at line 237 of file SecurityBlock.cpp.
References _security_source, and store_security_references().
Referenced by dtn::security::BundleAuthenticationBlock::auth(), dtn::security::ExtensionSecurityBlock::encrypt(), and dtn::security::PayloadIntegrityBlock::sign().
void dtn::security::SecurityBlock::store_security_references | ( | ) | [protected] |
stores the security source and destination in the EID reference list
Definition at line 190 of file SecurityBlock.cpp.
References _ciphersuite_flags, dtn::data::Block::_eids, _security_destination, _security_source, dtn::data::Block::BLOCK_CONTAINS_EIDS, CONTAINS_SECURITY_DESTINATION, and CONTAINS_SECURITY_SOURCE.
Referenced by setSecurityDestination(), and setSecuritySource().
friend class MutualSerializer [friend] |
Definition at line 37 of file SecurityBlock.h.
friend class StrictSerializer [friend] |
Definition at line 36 of file SecurityBlock.h.
u_int64_t dtn::security::SecurityBlock::_ciphersuite_flags [protected] |
the ciphersuite flags tell if security result or parameters are used, if the security destination or source is set and if a correlator is used
Definition at line 223 of file SecurityBlock.h.
Referenced by dtn::security::BundleAuthenticationBlock::auth(), dtn::security::PayloadConfidentialBlock::decrypt(), decryptBlock(), deserialize(), dtn::security::ExtensionSecurityBlock::encrypt(), getLength(), getLength_mutable(), dtn::security::StrictSerializer::operator<<(), serialize(), serialize_mutable(), serialize_mutable_without_security_result(), serialize_strict(), setCorrelator(), dtn::security::PayloadIntegrityBlock::sign(), store_security_references(), dtn::security::BundleAuthenticationBlock::strip(), and dtn::security::BundleAuthenticationBlock::verify().
u_int64_t dtn::security::SecurityBlock::_ciphersuite_id [protected] |
the ciphersuite id tells what type of encryption, signature or MAC is used
Definition at line 219 of file SecurityBlock.h.
Referenced by dtn::security::PayloadConfidentialBlock::decrypt(), deserialize(), getLength(), serialize(), serialize_mutable(), serialize_mutable_without_security_result(), serialize_strict(), setCiphersuiteId(), and dtn::security::BundleAuthenticationBlock::verify().
you can find e.g. key information, tags, salts, initialization_vectors stored als TLVs here
Definition at line 229 of file SecurityBlock.h.
Referenced by dtn::security::ExtensionSecurityBlock::decrypt(), dtn::security::PayloadConfidentialBlock::decrypt(), decryptBlock(), dtn::security::PayloadConfidentialBlock::decryptPayload(), deserialize(), dtn::security::ExtensionSecurityBlock::encrypt(), getLength(), getLength_mutable(), serialize(), serialize_mutable(), serialize_mutable_without_security_result(), serialize_strict(), and dtn::security::PayloadIntegrityBlock::sign().
u_int64_t dtn::security::SecurityBlock::_correlator [protected] |
a correlator binds several security blocks in a bundle together
Definition at line 225 of file SecurityBlock.h.
Referenced by dtn::security::PayloadConfidentialBlock::decrypt(), dtn::security::ExtensionSecurityBlock::decrypt(), deserialize(), getLength(), isCorrelatorPresent(), dtn::security::StrictSerializer::operator<<(), serialize(), serialize_strict(), setCorrelator(), dtn::security::BundleAuthenticationBlock::strip(), and dtn::security::BundleAuthenticationBlock::verify().
security destination: only set if differs from primary header
Definition at line 235 of file SecurityBlock.h.
Referenced by deserialize(), getSecurityDestination(), setSecurityDestination(), and store_security_references().
you can find encrypted blocks, signatures or MACs here
Definition at line 232 of file SecurityBlock.h.
Referenced by dtn::security::BundleAuthenticationBlock::auth(), decryptBlock(), dtn::security::PayloadConfidentialBlock::decryptPayload(), dtn::security::PayloadIntegrityBlock::deserialize(), deserialize(), getSecurityResultSize(), serialize(), serialize_mutable(), dtn::security::PayloadIntegrityBlock::sign(), and dtn::security::BundleAuthenticationBlock::verify().
security source: only set if differs from primary header
Definition at line 238 of file SecurityBlock.h.
Referenced by deserialize(), getSecuritySource(), setSecuritySource(), and store_security_references().