void PayloadIntegrityBlock::verify(const dtn::data::Bundle &bundle, const SecurityKey &key)
{
// iterate over all PIBs to find the right one
dtn::data::Bundle::const_find_iterator it(bundle.begin(), PayloadIntegrityBlock::BLOCK_TYPE);
while (it.next(bundle.end()))
{
const PayloadIntegrityBlock &sb = dynamic_cast<const PayloadIntegrityBlock&>(**it);
// check if we have the public key of the security source
// skip this block if the given key isn't the right one
if (!sb.isSecuritySource(bundle, key.reference)) continue;
// check the correct algorithm
if (sb._ciphersuite_id != SecurityBlock::PIB_RSA_SHA256)
{
throw VerificationFailedException("can not verify the PIB because of an invalid algorithm");
}
EVP_PKEY *pkey = key.getEVP();
if (pkey == NULL) throw VerificationFailedException("verification error");
ibrcommon::RSASHA256Stream rs2s(pkey, true);
// serialize the bundle in the mutable form
dtn::security::MutableSerializer ms(rs2s, &sb);
(dtn::data::DefaultSerializer&)ms << bundle; rs2s << std::flush;
try {
int ret = rs2s.getVerification(sb._security_result.get(SecurityBlock::integrity_signature));
SecurityKey::free(pkey);
if (ret > 0)
{
// success!
return;
}
else if (ret < 0)
{
throw VerificationFailedException("verification error");
}
} catch (const ElementMissingException&) {
// This PIB can not verified due to a missing integrity signature
throw VerificationFailedException("Integrity signature is missing!");
}
}
throw VerificationFailedException("verification failed");
}
void PayloadIntegrityBlock::setResultSize(const SecurityKey &key)
{
EVP_PKEY *pkey = key.getEVP();
// size of integrity_signature
if ((result_size = EVP_PKEY_size(pkey)) > 0)
{
// sdnv length
result_size += dtn::data::Number(result_size).getLength();
// type
result_size++;
}
else
{
result_size = _security_result.getLength();
}
SecurityKey::free(pkey);
}
const std::string PayloadIntegrityBlock::calcHash(const dtn::data::Bundle &bundle, const SecurityKey &key, PayloadIntegrityBlock& ignore)
{
EVP_PKEY *pkey = key.getEVP();
ibrcommon::RSASHA256Stream rs2s(pkey);
// serialize the bundle in the mutable form
dtn::security::MutableSerializer ms(rs2s, &ignore);
(dtn::data::DefaultSerializer&)ms << bundle; rs2s << std::flush;
int return_code = rs2s.getSign().first;
std::string sign_string = rs2s.getSign().second;
SecurityKey::free(pkey);
if (return_code)
return sign_string;
else
{
IBRCOMMON_LOGGER_ex(critical) << "an error occured at the creation of the hash and it is invalid" << IBRCOMMON_LOGGER_ENDL;
ERR_print_errors_fp(stderr);
return std::string("");
}
}
