IBR-DTN  1.0.0
SecurityManager.cpp
Go to the documentation of this file.
1 /*
2  * SecurityManager.cpp
3  *
4  * Copyright (C) 2011 IBR, TU Braunschweig
5  *
6  * Written-by: Johannes Morgenroth <morgenroth@ibr.cs.tu-bs.de>
7  *
8  * Licensed under the Apache License, Version 2.0 (the "License");
9  * you may not use this file except in compliance with the License.
10  * You may obtain a copy of the License at
11  *
12  * http://www.apache.org/licenses/LICENSE-2.0
13  *
14  * Unless required by applicable law or agreed to in writing, software
15  * distributed under the License is distributed on an "AS IS" BASIS,
16  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17  * See the License for the specific language governing permissions and
18  * limitations under the License.
19  *
20  */
21 
22 #include "security/SecurityManager.h"
23 #include "security/SecurityKeyManager.h"
24 #include "core/BundleCore.h"
25 #include "routing/QueueBundleEvent.h"
26 #include <ibrdtn/security/BundleAuthenticationBlock.h>
27 #include <ibrdtn/security/PayloadIntegrityBlock.h>
28 #include <ibrdtn/security/PayloadConfidentialBlock.h>
29 #include <ibrdtn/security/ExtensionSecurityBlock.h>
30 #include <ibrcommon/Logger.h>
31 
32 #ifdef __DEVELOPMENT_ASSERTIONS__
33 #include <cassert>
34 #endif
35 
36 namespace dtn
37 {
38  namespace security
39  {
40  SecurityManager& SecurityManager::getInstance()
41  {
42  static SecurityManager sec_man;
43  return sec_man;
44  }
45 
46  SecurityManager::SecurityManager()
47  : _accept_only_bab(false), _accept_only_pib(false)
48  {
49  }
50 
51  SecurityManager::~SecurityManager()
52  {
53  }
54 
55  void SecurityManager::auth(dtn::data::Bundle &bundle) const throw (KeyMissingException)
56  {
57  IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "auth bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL;
58 
59  try {
60  // try to load the local key
61  const SecurityKey key = SecurityKeyManager::getInstance().get(dtn::core::BundleCore::local, SecurityKey::KEY_SHARED);
62 
63  // sign the bundle with BABs
64  dtn::security::BundleAuthenticationBlock::auth(bundle, key);
65  } catch (const SecurityKey::KeyNotFoundException &ex) {
66  throw KeyMissingException(ex.what());
67  }
68  }
69 
70  void SecurityManager::sign(dtn::data::Bundle &bundle) const throw (KeyMissingException)
71  {
72  IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "sign bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL;
73 
74  try {
75  // try to load the local key
76  const SecurityKey key = SecurityKeyManager::getInstance().get(dtn::core::BundleCore::local, SecurityKey::KEY_PRIVATE);
77 
78  // sign the bundle with PIB
79  dtn::security::PayloadIntegrityBlock::sign(bundle, key, bundle.destination.getNode());
80  } catch (const SecurityKey::KeyNotFoundException &ex) {
81  throw KeyMissingException(ex.what());
82  }
83  }
84 
85  void SecurityManager::verifyIntegrity(dtn::data::Bundle &bundle) const throw (VerificationFailedException)
86  {
87  IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "verify signed bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL;
88 
89  // iterate through all blocks
90  for (dtn::data::Bundle::iterator it = bundle.begin(); it != bundle.end();)
91  {
92  const dtn::data::Block &block = (**it);
93 
94  if (block.getType() == dtn::security::PayloadConfidentialBlock::BLOCK_TYPE) {
95  // payload after a PCB can not verified until the payload is decrypted
96  break;
97  }
98 
99  try {
100  const dtn::security::PayloadIntegrityBlock& pib = dynamic_cast<const dtn::security::PayloadIntegrityBlock&>(block);
101 
102  const SecurityKey key = SecurityKeyManager::getInstance().get(pib.getSecuritySource(bundle), SecurityKey::KEY_PUBLIC);
103 
104  // try to verify the bundle with the key for the current PIB
105  dtn::security::PayloadIntegrityBlock::verify(bundle, key);
106 
107  // if we are the security destination
108  if (pib.isSecurityDestination(bundle, dtn::core::BundleCore::local)) {
109  // remove the valid PIB
110  bundle.erase(it++);
111  } else {
112  ++it;
113  }
114 
115  // set the verify bit, after verification
116  bundle.set(dtn::data::PrimaryBlock::DTNSEC_STATUS_VERIFIED, true);
117 
118  IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 5) << "Bundle " << bundle.toString() << " successfully verified" << IBRCOMMON_LOGGER_ENDL;
119  continue;
120  } catch (const dtn::security::VerificationSkippedException&) {
121  // un-set the verify bit
122  bundle.set(dtn::data::PrimaryBlock::DTNSEC_STATUS_VERIFIED, false);
123  } catch (const SecurityKey::KeyNotFoundException&) {
124  // un-set the verify bit
125  bundle.set(dtn::data::PrimaryBlock::DTNSEC_STATUS_VERIFIED, false);
126  } catch (const std::bad_cast&) {
127  // current block is not a PIB
128  }
129 
130  ++it;
131  }
132  }
133 
134  void SecurityManager::verifyAuthentication(dtn::data::Bundle &bundle) const throw (VerificationFailedException)
135  {
136  IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "verify authenticated bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL;
137 
138  // iterate over all BABs of this bundle
139  dtn::data::Bundle::find_iterator it(bundle.begin(), dtn::security::BundleAuthenticationBlock::BLOCK_TYPE);
140  while (it.next(bundle.end()))
141  {
142  const dtn::security::BundleAuthenticationBlock& bab = dynamic_cast<const dtn::security::BundleAuthenticationBlock&>(**it);
143 
144  // look for the right BAB-factory
145  const dtn::data::EID node = bab.getSecuritySource(bundle);
146 
147  try {
148  // try to load the key of the BAB
149  const SecurityKey key = SecurityKeyManager::getInstance().get(node, SecurityKey::KEY_SHARED);
150 
151  // verify the bundle
152  dtn::security::BundleAuthenticationBlock::verify(bundle, key);
153 
154  // strip all BAB of this bundle
155  dtn::security::BundleAuthenticationBlock::strip(bundle);
156 
157  // set the verify bit, after verification
158  bundle.set(dtn::data::PrimaryBlock::DTNSEC_STATUS_AUTHENTICATED, true);
159 
160  // at least one BAB has been authenticated, we're done!
161  break;
162  } catch (const SecurityKey::KeyNotFoundException&) {
163  // no key for this node found
164  }
165  }
166  }
167 
168  void SecurityManager::decrypt(dtn::data::Bundle &bundle) const throw (DecryptException, KeyMissingException)
169  {
170  // check if the bundle has to be decrypted, return when not
171  if (std::count(bundle.begin(), bundle.end(), dtn::security::PayloadConfidentialBlock::BLOCK_TYPE) <= 0) return;
172 
173  // decrypt
174  try {
175  IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "decrypt bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL;
176 
177  // get the encryption key
178  dtn::security::SecurityKey key = SecurityKeyManager::getInstance().get(dtn::core::BundleCore::local, dtn::security::SecurityKey::KEY_PRIVATE);
179 
180  // encrypt the payload of the bundle
181  dtn::security::PayloadConfidentialBlock::decrypt(bundle, key);
182 
183  bundle.set(dtn::data::PrimaryBlock::DTNSEC_STATUS_CONFIDENTIAL, true);
184  } catch (const ibrcommon::Exception &ex) {
185  throw DecryptException(ex.what());
186  }
187  }
188 
189  void SecurityManager::encrypt(dtn::data::Bundle &bundle) const throw (EncryptException, KeyMissingException)
190  {
191  try {
192  IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "encrypt bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL;
193 
194  // get the encryption key
195  dtn::security::SecurityKey key = SecurityKeyManager::getInstance().get(bundle.destination, dtn::security::SecurityKey::KEY_PUBLIC);
196 
197  // encrypt the payload of the bundle
198  dtn::security::PayloadConfidentialBlock::encrypt(bundle, key, dtn::core::BundleCore::local);
199  } catch (const ibrcommon::Exception &ex) {
200  throw EncryptException(ex.what());
201  }
202  }
203  }
204 }
dtn::security::SecurityKeyManager::getInstance
static SecurityKeyManager & getInstance()
Definition: SecurityKeyManager.cpp:42
dtn::core::BundleCore::local
static dtn::data::EID local
Definition: BundleCore.h:79
dtn::security::PayloadConfidentialBlock::encrypt
static void encrypt(dtn::data::Bundle &bundle, const dtn::security::SecurityKey &long_key, const dtn::data::EID &source)
Definition: PayloadConfidentialBlock.cpp:60
dtn::security::BundleAuthenticationBlock::auth
static void auth(dtn::data::Bundle &bundle, const dtn::security::SecurityKey &key)
Definition: BundleAuthenticationBlock.cpp:55
dtn::security::SecurityManager::verifyIntegrity
void verifyIntegrity(dtn::data::Bundle &bundle) const
Definition: SecurityManager.cpp:85
dtn::security::SecurityBlock::getSecuritySource
const dtn::data::EID getSecuritySource() const
Definition: SecurityBlock.cpp:244
dtn::security::SecurityManager::auth
void auth(dtn::data::Bundle &bundle) const
Definition: SecurityManager.cpp:55
dtn::security::SecurityBlock::isSecurityDestination
bool isSecurityDestination(const dtn::data::Bundle &, const dtn::data::EID &) const
Definition: SecurityBlock.cpp:694
dtn::security::SecurityManager::sign
void sign(dtn::data::Bundle &bundle) const
Definition: SecurityManager.cpp:70
dtn::security::BundleAuthenticationBlock::verify
static void verify(const dtn::data::Bundle &bundle, const dtn::security::SecurityKey &key)
Definition: BundleAuthenticationBlock.cpp:77
dtn::security::SecurityManager::getInstance
static SecurityManager & getInstance()
Definition: SecurityManager.cpp:40
dtn::security::SecurityManager::verifyAuthentication
void verifyAuthentication(dtn::data::Bundle &bundle) const
Definition: SecurityManager.cpp:134
dtn::security::PayloadConfidentialBlock::BLOCK_TYPE
static const dtn::data::block_t BLOCK_TYPE
Definition: PayloadConfidentialBlock.h:63
dtn::data::Bundle::iterator
block_list::iterator iterator
Definition: Bundle.h:76
dtn::security::SecurityKeyManager::get
dtn::security::SecurityKey get(const dtn::data::EID &ref, const dtn::security::SecurityKey::KeyType type=dtn::security::SecurityKey::KEY_UNSPEC) const
Definition: SecurityKeyManager.cpp:165
dtn::security::SecurityManager::encrypt
void encrypt(dtn::data::Bundle &bundle) const
Definition: SecurityManager.cpp:189
dtn::data::Bundle::find_iterator
ibrcommon::find_iterator< iterator, block_t > find_iterator
Definition: Bundle.h:79
dtn::security::BundleAuthenticationBlock::strip
static void strip(dtn::data::Bundle &bundle, const dtn::security::SecurityKey &key)
Definition: BundleAuthenticationBlock.cpp:86
dtn::security::PayloadIntegrityBlock::verify
static void verify(const dtn::data::Bundle &bundle, const SecurityKey &key)
Definition: PayloadIntegrityBlock.cpp:114
dtn::data::Block::getType
const block_t & getType() const
Definition: Block.h:73
dtn::security::PayloadConfidentialBlock::decrypt
static void decrypt(dtn::data::Bundle &bundle, const dtn::security::SecurityKey &long_key)
Definition: PayloadConfidentialBlock.cpp:156
dtn::security::PayloadIntegrityBlock::sign
static void sign(dtn::data::Bundle &bundle, const SecurityKey &key, const dtn::data::EID &destination)
Definition: PayloadIntegrityBlock.cpp:67
dtn::security::SecurityManager::decrypt
void decrypt(dtn::data::Bundle &bundle) const
Definition: SecurityManager.cpp:168