void SecurityManager::fastverify(const dtn::data::Bundle &bundle) const throw (VerificationFailedException) { // do a fast verify without manipulating the bundle const dtn::daemon::Configuration::Security &secconf = dtn::daemon::Configuration::getInstance().getSecurity(); if (secconf.getLevel() & dtn::daemon::Configuration::Security::SECURITY_LEVEL_ENCRYPTED) { // check if the bundle is encrypted and throw an exception if not //throw VerificationFailedException("Bundle is not encrypted"); IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "encryption required, verify bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL; if (std::count(bundle.begin(), bundle.end(), dtn::security::PayloadConfidentialBlock::BLOCK_TYPE) == 0) throw VerificationFailedException("No PCB available!"); } if (secconf.getLevel() & dtn::daemon::Configuration::Security::SECURITY_LEVEL_SIGNED) { // check if the bundle is signed and throw an exception if not //throw VerificationFailedException("Bundle is not signed"); IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "signature required, verify bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL; if (std::count(bundle.begin(), bundle.end(), dtn::security::PayloadIntegrityBlock::BLOCK_TYPE) == 0) throw VerificationFailedException("No PIB available!"); } if (secconf.getLevel() & dtn::daemon::Configuration::Security::SECURITY_LEVEL_AUTHENTICATED) { // check if the bundle is signed and throw an exception if not //throw VerificationFailedException("Bundle is not signed"); IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "authentication required, verify bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL; if (std::count(bundle.begin(), bundle.end(), dtn::security::BundleAuthenticationBlock::BLOCK_TYPE) == 0) throw VerificationFailedException("No BAB available!"); } }
void PayloadIntegrityBlock::verify(const dtn::data::Bundle &bundle, const SecurityKey &key) { // iterate over all PIBs to find the right one dtn::data::Bundle::const_find_iterator it(bundle.begin(), PayloadIntegrityBlock::BLOCK_TYPE); while (it.next(bundle.end())) { const PayloadIntegrityBlock &sb = dynamic_cast<const PayloadIntegrityBlock&>(**it); // check if we have the public key of the security source // skip this block if the given key isn't the right one if (!sb.isSecuritySource(bundle, key.reference)) continue; // check the correct algorithm if (sb._ciphersuite_id != SecurityBlock::PIB_RSA_SHA256) { throw VerificationFailedException("can not verify the PIB because of an invalid algorithm"); } EVP_PKEY *pkey = key.getEVP(); if (pkey == NULL) throw VerificationFailedException("verification error"); ibrcommon::RSASHA256Stream rs2s(pkey, true); // serialize the bundle in the mutable form dtn::security::MutableSerializer ms(rs2s, &sb); (dtn::data::DefaultSerializer&)ms << bundle; rs2s << std::flush; try { int ret = rs2s.getVerification(sb._security_result.get(SecurityBlock::integrity_signature)); SecurityKey::free(pkey); if (ret > 0) { // success! return; } else if (ret < 0) { throw VerificationFailedException("verification error"); } } catch (const ElementMissingException&) { // This PIB can not verified due to a missing integrity signature throw VerificationFailedException("Integrity signature is missing!"); } } throw VerificationFailedException("verification failed"); }