void SecurityManager::verifyPIB(dtn::data::Bundle &bundle) const throw (VerificationFailedException)
{
IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "verify signed bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL;
// iterate through all blocks
for (dtn::data::Bundle::iterator it = bundle.begin(); it != bundle.end();)
{
const dtn::data::Block &block = (**it);
if (block.getType() == dtn::security::PayloadConfidentialBlock::BLOCK_TYPE) {
// payload after a PCB can not verified until the payload is decrypted
break;
}
try {
const dtn::security::PayloadIntegrityBlock& pib = dynamic_cast<const dtn::security::PayloadIntegrityBlock&>(block);
const SecurityKey key = SecurityKeyManager::getInstance().get(pib.getSecuritySource(bundle), SecurityKey::KEY_PUBLIC);
// try to verify the bundle with the key for the current PIB
dtn::security::PayloadIntegrityBlock::verify(bundle, key);
// if we are the security destination
if (pib.isSecurityDestination(bundle, dtn::core::BundleCore::local)) {
// remove the valid PIB
bundle.erase(it++);
} else {
++it;
}
// set the verify bit, after verification
bundle.set(dtn::data::PrimaryBlock::DTNSEC_STATUS_VERIFIED, true);
IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 5) << "Bundle " << bundle.toString() << " successfully verified" << IBRCOMMON_LOGGER_ENDL;
continue;
} catch (const dtn::security::VerificationSkippedException&) {
// un-set the verify bit
bundle.set(dtn::data::PrimaryBlock::DTNSEC_STATUS_VERIFIED, false);
} catch (const SecurityKey::KeyNotFoundException&) {
// un-set the verify bit
bundle.set(dtn::data::PrimaryBlock::DTNSEC_STATUS_VERIFIED, false);
} catch (const std::bad_cast&) {
// current block is not a PIB
}
++it;
}
}
void SecurityManager::sign(dtn::data::Bundle &bundle) const throw (KeyMissingException)
{
IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "sign bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL;
try {
// try to load the local key
const SecurityKey key = SecurityKeyManager::getInstance().get(dtn::core::BundleCore::local, SecurityKey::KEY_PRIVATE);
// sign the bundle with PIB
dtn::security::PayloadIntegrityBlock::sign(bundle, key, bundle.destination.getNode());
} catch (const SecurityKey::KeyNotFoundException &ex) {
throw KeyMissingException(ex.what());
}
}
void SecurityManager::auth(dtn::data::Bundle &bundle) const throw (KeyMissingException)
{
IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "auth bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL;
try {
// try to load the local key
const SecurityKey key = SecurityKeyManager::getInstance().get(dtn::core::BundleCore::local, SecurityKey::KEY_SHARED);
// sign the bundle with BABs
dtn::security::BundleAuthenticationBlock::auth(bundle, key);
} catch (const SecurityKey::KeyNotFoundException &ex) {
throw KeyMissingException(ex.what());
}
}
void SecurityManager::encrypt(dtn::data::Bundle &bundle) const throw (EncryptException, KeyMissingException)
{
try {
IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "encrypt bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL;
// get the encryption key
dtn::security::SecurityKey key = SecurityKeyManager::getInstance().get(bundle.destination, dtn::security::SecurityKey::KEY_PUBLIC);
// encrypt the payload of the bundle
dtn::security::PayloadConfidentialBlock::encrypt(bundle, key, dtn::core::BundleCore::local);
} catch (const ibrcommon::Exception &ex) {
throw EncryptException(ex.what());
}
}
void SecurityManager::decrypt(dtn::data::Bundle &bundle) const throw (DecryptException, KeyMissingException)
{
// check if the bundle has to be decrypted, return when not
if (std::count(bundle.begin(), bundle.end(), dtn::security::PayloadConfidentialBlock::BLOCK_TYPE) <= 0) return;
// decrypt
try {
IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "decrypt bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL;
// get the encryption key
dtn::security::SecurityKey key = SecurityKeyManager::getInstance().get(dtn::core::BundleCore::local, dtn::security::SecurityKey::KEY_PRIVATE);
// encrypt the payload of the bundle
dtn::security::PayloadConfidentialBlock::decrypt(bundle, key);
bundle.set(dtn::data::Bundle::DTNSEC_STATUS_CONFIDENTIAL, true);
} catch (const ibrcommon::Exception &ex) {
throw DecryptException(ex.what());
}
}
void MemoryBundleStorage::store(const dtn::data::Bundle &bundle)
{
ibrcommon::MutexLock l(_bundleslock);
if (_faulty) return;
// get size of the bundle
dtn::data::DefaultSerializer s(std::cout);
dtn::data::Length size = s.getLength(bundle);
// increment the storage size
allocSpace(size);
// insert Container
pair<set<dtn::data::Bundle>::iterator,bool> ret = _bundles.insert( bundle );
if (ret.second)
{
const dtn::data::MetaBundle m = dtn::data::MetaBundle::create(bundle);
_list.add(m);
_priority_index.insert(m);
_bundle_lengths[m] = size;
// raise bundle added event
eventBundleAdded(m);
}
else
{
// free the previously allocated space
freeSpace(size);
IBRCOMMON_LOGGER_DEBUG_TAG(MemoryBundleStorage::TAG, 5) << "got bundle duplicate " << bundle.toString() << IBRCOMMON_LOGGER_ENDL;
}
}
void SecurityManager::fastverify(const dtn::data::Bundle &bundle) const throw (VerificationFailedException)
{
// do a fast verify without manipulating the bundle
const dtn::daemon::Configuration::Security &secconf = dtn::daemon::Configuration::getInstance().getSecurity();
if (secconf.getLevel() & dtn::daemon::Configuration::Security::SECURITY_LEVEL_ENCRYPTED)
{
// check if the bundle is encrypted and throw an exception if not
//throw VerificationFailedException("Bundle is not encrypted");
IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "encryption required, verify bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL;
if (std::count(bundle.begin(), bundle.end(), dtn::security::PayloadConfidentialBlock::BLOCK_TYPE) == 0)
throw VerificationFailedException("No PCB available!");
}
if (secconf.getLevel() & dtn::daemon::Configuration::Security::SECURITY_LEVEL_SIGNED)
{
// check if the bundle is signed and throw an exception if not
//throw VerificationFailedException("Bundle is not signed");
IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "signature required, verify bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL;
if (std::count(bundle.begin(), bundle.end(), dtn::security::PayloadIntegrityBlock::BLOCK_TYPE) == 0)
throw VerificationFailedException("No PIB available!");
}
if (secconf.getLevel() & dtn::daemon::Configuration::Security::SECURITY_LEVEL_AUTHENTICATED)
{
// check if the bundle is signed and throw an exception if not
//throw VerificationFailedException("Bundle is not signed");
IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "authentication required, verify bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL;
if (std::count(bundle.begin(), bundle.end(), dtn::security::BundleAuthenticationBlock::BLOCK_TYPE) == 0)
throw VerificationFailedException("No BAB available!");
}
}
void SecurityManager::verifyBAB(dtn::data::Bundle &bundle) const throw (VerificationFailedException)
{
IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "verify authenticated bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL;
// iterate over all BABs of this bundle
dtn::data::Bundle::find_iterator it(bundle.begin(), dtn::security::BundleAuthenticationBlock::BLOCK_TYPE);
while (it.next(bundle.end()))
{
const dtn::security::BundleAuthenticationBlock& bab = dynamic_cast<const dtn::security::BundleAuthenticationBlock&>(**it);
// look for the right BAB-factory
const dtn::data::EID node = bab.getSecuritySource(bundle);
try {
// try to load the key of the BAB
const SecurityKey key = SecurityKeyManager::getInstance().get(node, SecurityKey::KEY_SHARED);
// verify the bundle
dtn::security::BundleAuthenticationBlock::verify(bundle, key);
// strip all BAB of this bundle
dtn::security::BundleAuthenticationBlock::strip(bundle);
// set the verify bit, after verification
bundle.set(dtn::data::Bundle::DTNSEC_STATUS_AUTHENTICATED, true);
// at least one BAB has been authenticated, we're done!
break;
} catch (const SecurityKey::KeyNotFoundException&) {
// no key for this node found
}
}
}
