void SecurityManager::verifyPIB(dtn::data::Bundle &bundle) const throw (VerificationFailedException) { IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "verify signed bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL; // iterate through all blocks for (dtn::data::Bundle::iterator it = bundle.begin(); it != bundle.end();) { const dtn::data::Block &block = (**it); if (block.getType() == dtn::security::PayloadConfidentialBlock::BLOCK_TYPE) { // payload after a PCB can not verified until the payload is decrypted break; } try { const dtn::security::PayloadIntegrityBlock& pib = dynamic_cast<const dtn::security::PayloadIntegrityBlock&>(block); const SecurityKey key = SecurityKeyManager::getInstance().get(pib.getSecuritySource(bundle), SecurityKey::KEY_PUBLIC); // try to verify the bundle with the key for the current PIB dtn::security::PayloadIntegrityBlock::verify(bundle, key); // if we are the security destination if (pib.isSecurityDestination(bundle, dtn::core::BundleCore::local)) { // remove the valid PIB bundle.erase(it++); } else { ++it; } // set the verify bit, after verification bundle.set(dtn::data::PrimaryBlock::DTNSEC_STATUS_VERIFIED, true); IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 5) << "Bundle " << bundle.toString() << " successfully verified" << IBRCOMMON_LOGGER_ENDL; continue; } catch (const dtn::security::VerificationSkippedException&) { // un-set the verify bit bundle.set(dtn::data::PrimaryBlock::DTNSEC_STATUS_VERIFIED, false); } catch (const SecurityKey::KeyNotFoundException&) { // un-set the verify bit bundle.set(dtn::data::PrimaryBlock::DTNSEC_STATUS_VERIFIED, false); } catch (const std::bad_cast&) { // current block is not a PIB } ++it; } }
void SecurityManager::sign(dtn::data::Bundle &bundle) const throw (KeyMissingException) { IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "sign bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL; try { // try to load the local key const SecurityKey key = SecurityKeyManager::getInstance().get(dtn::core::BundleCore::local, SecurityKey::KEY_PRIVATE); // sign the bundle with PIB dtn::security::PayloadIntegrityBlock::sign(bundle, key, bundle.destination.getNode()); } catch (const SecurityKey::KeyNotFoundException &ex) { throw KeyMissingException(ex.what()); } }
void SecurityManager::auth(dtn::data::Bundle &bundle) const throw (KeyMissingException) { IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "auth bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL; try { // try to load the local key const SecurityKey key = SecurityKeyManager::getInstance().get(dtn::core::BundleCore::local, SecurityKey::KEY_SHARED); // sign the bundle with BABs dtn::security::BundleAuthenticationBlock::auth(bundle, key); } catch (const SecurityKey::KeyNotFoundException &ex) { throw KeyMissingException(ex.what()); } }
void SecurityManager::encrypt(dtn::data::Bundle &bundle) const throw (EncryptException, KeyMissingException) { try { IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "encrypt bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL; // get the encryption key dtn::security::SecurityKey key = SecurityKeyManager::getInstance().get(bundle.destination, dtn::security::SecurityKey::KEY_PUBLIC); // encrypt the payload of the bundle dtn::security::PayloadConfidentialBlock::encrypt(bundle, key, dtn::core::BundleCore::local); } catch (const ibrcommon::Exception &ex) { throw EncryptException(ex.what()); } }
void SecurityManager::decrypt(dtn::data::Bundle &bundle) const throw (DecryptException, KeyMissingException) { // check if the bundle has to be decrypted, return when not if (std::count(bundle.begin(), bundle.end(), dtn::security::PayloadConfidentialBlock::BLOCK_TYPE) <= 0) return; // decrypt try { IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "decrypt bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL; // get the encryption key dtn::security::SecurityKey key = SecurityKeyManager::getInstance().get(dtn::core::BundleCore::local, dtn::security::SecurityKey::KEY_PRIVATE); // encrypt the payload of the bundle dtn::security::PayloadConfidentialBlock::decrypt(bundle, key); bundle.set(dtn::data::Bundle::DTNSEC_STATUS_CONFIDENTIAL, true); } catch (const ibrcommon::Exception &ex) { throw DecryptException(ex.what()); } }
void MemoryBundleStorage::store(const dtn::data::Bundle &bundle) { ibrcommon::MutexLock l(_bundleslock); if (_faulty) return; // get size of the bundle dtn::data::DefaultSerializer s(std::cout); dtn::data::Length size = s.getLength(bundle); // increment the storage size allocSpace(size); // insert Container pair<set<dtn::data::Bundle>::iterator,bool> ret = _bundles.insert( bundle ); if (ret.second) { const dtn::data::MetaBundle m = dtn::data::MetaBundle::create(bundle); _list.add(m); _priority_index.insert(m); _bundle_lengths[m] = size; // raise bundle added event eventBundleAdded(m); } else { // free the previously allocated space freeSpace(size); IBRCOMMON_LOGGER_DEBUG_TAG(MemoryBundleStorage::TAG, 5) << "got bundle duplicate " << bundle.toString() << IBRCOMMON_LOGGER_ENDL; } }
void SecurityManager::fastverify(const dtn::data::Bundle &bundle) const throw (VerificationFailedException) { // do a fast verify without manipulating the bundle const dtn::daemon::Configuration::Security &secconf = dtn::daemon::Configuration::getInstance().getSecurity(); if (secconf.getLevel() & dtn::daemon::Configuration::Security::SECURITY_LEVEL_ENCRYPTED) { // check if the bundle is encrypted and throw an exception if not //throw VerificationFailedException("Bundle is not encrypted"); IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "encryption required, verify bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL; if (std::count(bundle.begin(), bundle.end(), dtn::security::PayloadConfidentialBlock::BLOCK_TYPE) == 0) throw VerificationFailedException("No PCB available!"); } if (secconf.getLevel() & dtn::daemon::Configuration::Security::SECURITY_LEVEL_SIGNED) { // check if the bundle is signed and throw an exception if not //throw VerificationFailedException("Bundle is not signed"); IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "signature required, verify bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL; if (std::count(bundle.begin(), bundle.end(), dtn::security::PayloadIntegrityBlock::BLOCK_TYPE) == 0) throw VerificationFailedException("No PIB available!"); } if (secconf.getLevel() & dtn::daemon::Configuration::Security::SECURITY_LEVEL_AUTHENTICATED) { // check if the bundle is signed and throw an exception if not //throw VerificationFailedException("Bundle is not signed"); IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "authentication required, verify bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL; if (std::count(bundle.begin(), bundle.end(), dtn::security::BundleAuthenticationBlock::BLOCK_TYPE) == 0) throw VerificationFailedException("No BAB available!"); } }
void SecurityManager::verifyBAB(dtn::data::Bundle &bundle) const throw (VerificationFailedException) { IBRCOMMON_LOGGER_DEBUG_TAG("SecurityManager", 10) << "verify authenticated bundle: " << bundle.toString() << IBRCOMMON_LOGGER_ENDL; // iterate over all BABs of this bundle dtn::data::Bundle::find_iterator it(bundle.begin(), dtn::security::BundleAuthenticationBlock::BLOCK_TYPE); while (it.next(bundle.end())) { const dtn::security::BundleAuthenticationBlock& bab = dynamic_cast<const dtn::security::BundleAuthenticationBlock&>(**it); // look for the right BAB-factory const dtn::data::EID node = bab.getSecuritySource(bundle); try { // try to load the key of the BAB const SecurityKey key = SecurityKeyManager::getInstance().get(node, SecurityKey::KEY_SHARED); // verify the bundle dtn::security::BundleAuthenticationBlock::verify(bundle, key); // strip all BAB of this bundle dtn::security::BundleAuthenticationBlock::strip(bundle); // set the verify bit, after verification bundle.set(dtn::data::Bundle::DTNSEC_STATUS_AUTHENTICATED, true); // at least one BAB has been authenticated, we're done! break; } catch (const SecurityKey::KeyNotFoundException&) { // no key for this node found } } }