void SecurityManager::verifyPIB(dtn::data::Bundle &bundle) const throw (VerificationFailedException)
		{
			IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "verify signed bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL;

			// iterate through all blocks
			for (dtn::data::Bundle::iterator it = bundle.begin(); it != bundle.end();)
			{
				const dtn::data::Block &block = (**it);

				if (block.getType() == dtn::security::PayloadConfidentialBlock::BLOCK_TYPE) {
					// payload after a PCB can not verified until the payload is decrypted
					break;
				}

				try {
					const dtn::security::PayloadIntegrityBlock& pib = dynamic_cast<const dtn::security::PayloadIntegrityBlock&>(block);

					const SecurityKey key = SecurityKeyManager::getInstance().get(pib.getSecuritySource(bundle), SecurityKey::KEY_PUBLIC);

					// try to verify the bundle with the key for the current PIB
					dtn::security::PayloadIntegrityBlock::verify(bundle, key);

					// if we are the security destination
					if (pib.isSecurityDestination(bundle, dtn::core::BundleCore::local)) {
						// remove the valid PIB
						bundle.erase(it++);
					} else {
						++it;
					}

					// set the verify bit, after verification
					bundle.set(dtn::data::PrimaryBlock::DTNSEC_STATUS_VERIFIED, true);

					IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 5) << "Bundle " << bundle.toString() << " successfully verified" << IBRCOMMON_LOGGER_ENDL;
					continue;
				} catch (const dtn::security::VerificationSkippedException&) {
					// un-set the verify bit
					bundle.set(dtn::data::PrimaryBlock::DTNSEC_STATUS_VERIFIED, false);
				} catch (const SecurityKey::KeyNotFoundException&) {
					// un-set the verify bit
					bundle.set(dtn::data::PrimaryBlock::DTNSEC_STATUS_VERIFIED, false);
				} catch (const std::bad_cast&) {
					// current block is not a PIB
				}

				++it;
			}
		}
Пример #2
0
		void SecurityManager::sign(dtn::data::Bundle &bundle) const throw (KeyMissingException)
		{
			IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "sign bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL;

			try {
				// try to load the local key
				const SecurityKey key = SecurityKeyManager::getInstance().get(dtn::core::BundleCore::local, SecurityKey::KEY_PRIVATE);

				// sign the bundle with PIB
				dtn::security::PayloadIntegrityBlock::sign(bundle, key, bundle.destination.getNode());
			} catch (const SecurityKey::KeyNotFoundException &ex) {
				throw KeyMissingException(ex.what());
			}
		}
Пример #3
0
		void SecurityManager::auth(dtn::data::Bundle &bundle) const throw (KeyMissingException)
		{
			IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "auth bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL;

			try {
				// try to load the local key
				const SecurityKey key = SecurityKeyManager::getInstance().get(dtn::core::BundleCore::local, SecurityKey::KEY_SHARED);

				// sign the bundle with BABs
				dtn::security::BundleAuthenticationBlock::auth(bundle, key);
			} catch (const SecurityKey::KeyNotFoundException &ex) {
				throw KeyMissingException(ex.what());
			}
		}
Пример #4
0
		void SecurityManager::encrypt(dtn::data::Bundle &bundle) const throw (EncryptException, KeyMissingException)
		{
			try {
				IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "encrypt bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL;

				// get the encryption key
				dtn::security::SecurityKey key = SecurityKeyManager::getInstance().get(bundle.destination, dtn::security::SecurityKey::KEY_PUBLIC);

				// encrypt the payload of the bundle
				dtn::security::PayloadConfidentialBlock::encrypt(bundle, key, dtn::core::BundleCore::local);
			} catch (const ibrcommon::Exception &ex) {
				throw EncryptException(ex.what());
			}
		}
Пример #5
0
		void SecurityManager::decrypt(dtn::data::Bundle &bundle) const throw (DecryptException, KeyMissingException)
		{
			// check if the bundle has to be decrypted, return when not
			if (std::count(bundle.begin(), bundle.end(), dtn::security::PayloadConfidentialBlock::BLOCK_TYPE) <= 0) return;

			// decrypt
			try {
				IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "decrypt bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL;

				// get the encryption key
				dtn::security::SecurityKey key = SecurityKeyManager::getInstance().get(dtn::core::BundleCore::local, dtn::security::SecurityKey::KEY_PRIVATE);

				// encrypt the payload of the bundle
				dtn::security::PayloadConfidentialBlock::decrypt(bundle, key);

				bundle.set(dtn::data::Bundle::DTNSEC_STATUS_CONFIDENTIAL, true);
			} catch (const ibrcommon::Exception &ex) {
				throw DecryptException(ex.what());
			}
		}
Пример #6
0
		void MemoryBundleStorage::store(const dtn::data::Bundle &bundle)
		{
			ibrcommon::MutexLock l(_bundleslock);

			if (_faulty) return;

			// get size of the bundle
			dtn::data::DefaultSerializer s(std::cout);
			dtn::data::Length size = s.getLength(bundle);

			// increment the storage size
			allocSpace(size);

			// insert Container
			pair<set<dtn::data::Bundle>::iterator,bool> ret = _bundles.insert( bundle );

			if (ret.second)
			{
				const dtn::data::MetaBundle m = dtn::data::MetaBundle::create(bundle);
				_list.add(m);
				_priority_index.insert(m);

				_bundle_lengths[m] = size;

				// raise bundle added event
				eventBundleAdded(m);
			}
			else
			{
				// free the previously allocated space
				freeSpace(size);

				IBRCOMMON_LOGGER_DEBUG_TAG(MemoryBundleStorage::TAG, 5) << "got bundle duplicate " << bundle.toString() << IBRCOMMON_LOGGER_ENDL;
			}
		}
Пример #7
0
		void SecurityManager::fastverify(const dtn::data::Bundle &bundle) const throw (VerificationFailedException)
		{
			// do a fast verify without manipulating the bundle
			const dtn::daemon::Configuration::Security &secconf = dtn::daemon::Configuration::getInstance().getSecurity();

			if (secconf.getLevel() & dtn::daemon::Configuration::Security::SECURITY_LEVEL_ENCRYPTED)
			{
				// check if the bundle is encrypted and throw an exception if not
				//throw VerificationFailedException("Bundle is not encrypted");
				IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "encryption required, verify bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL;

				if (std::count(bundle.begin(), bundle.end(), dtn::security::PayloadConfidentialBlock::BLOCK_TYPE) == 0)
					throw VerificationFailedException("No PCB available!");
			}

			if (secconf.getLevel() & dtn::daemon::Configuration::Security::SECURITY_LEVEL_SIGNED)
			{
				// check if the bundle is signed and throw an exception if not
				//throw VerificationFailedException("Bundle is not signed");
				IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "signature required, verify bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL;

				if (std::count(bundle.begin(), bundle.end(), dtn::security::PayloadIntegrityBlock::BLOCK_TYPE) == 0)
					throw VerificationFailedException("No PIB available!");
			}

			if (secconf.getLevel() & dtn::daemon::Configuration::Security::SECURITY_LEVEL_AUTHENTICATED)
			{
				// check if the bundle is signed and throw an exception if not
				//throw VerificationFailedException("Bundle is not signed");
				IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "authentication required, verify bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL;

				if (std::count(bundle.begin(), bundle.end(), dtn::security::BundleAuthenticationBlock::BLOCK_TYPE) == 0)
					throw VerificationFailedException("No BAB available!");
			}
		}
Пример #8
0
		void SecurityManager::verifyBAB(dtn::data::Bundle &bundle) const throw (VerificationFailedException)
		{
			IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "verify authenticated bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL;

			// iterate over all BABs of this bundle
			dtn::data::Bundle::find_iterator it(bundle.begin(), dtn::security::BundleAuthenticationBlock::BLOCK_TYPE);
			while (it.next(bundle.end()))
			{
				const dtn::security::BundleAuthenticationBlock& bab = dynamic_cast<const dtn::security::BundleAuthenticationBlock&>(**it);

				// look for the right BAB-factory
				const dtn::data::EID node = bab.getSecuritySource(bundle);

				try {
					// try to load the key of the BAB
					const SecurityKey key = SecurityKeyManager::getInstance().get(node, SecurityKey::KEY_SHARED);

					// verify the bundle
					dtn::security::BundleAuthenticationBlock::verify(bundle, key);

					// strip all BAB of this bundle
					dtn::security::BundleAuthenticationBlock::strip(bundle);

					// set the verify bit, after verification
					bundle.set(dtn::data::Bundle::DTNSEC_STATUS_AUTHENTICATED, true);

					// at least one BAB has been authenticated, we're done!
					break;
				} catch (const SecurityKey::KeyNotFoundException&) {
					// no key for this node found
				}
			}
		}