diff options
author | Alberto Compagno <acompagn+fdio@cisco.com> | 2020-01-07 11:46:02 +0100 |
---|---|---|
committer | Mauro Sardara <msardara@cisco.com> | 2020-02-21 15:48:18 +0100 |
commit | 35058cdfe0134c88f1aa8d23342d1d7b9d39e296 (patch) | |
tree | 978ca9c2232ac381c8391b3d1eeb0f875670d5b1 /libtransport/src/hicn/transport/protocols/verification_manager.cc | |
parent | 0710f1ff754ebf01ae5befabb055349fe472b0c2 (diff) |
[HICN-2] Added P2P confidential communication on hICN
P2P confidential communications exploit the TLS 1.3 protocol to let a consumer to
establish a secure communication on an hICN name. Currently we don't support the
consumer authentication (mutual authentication in TLS) and the 0-rtt session
establishment.
Change-Id: I2be073847c08a17f28c837d444081920c5e57a07
Signed-off-by: Alberto Compagno <acompagn+fdio@cisco.com>
Signed-off-by: Olivier Roques <oroques+fdio@cisco.com>
Signed-off-by: Mauro Sardara <msardara@cisco.com>
Diffstat (limited to 'libtransport/src/hicn/transport/protocols/verification_manager.cc')
-rw-r--r-- | libtransport/src/hicn/transport/protocols/verification_manager.cc | 35 |
1 files changed, 30 insertions, 5 deletions
diff --git a/libtransport/src/hicn/transport/protocols/verification_manager.cc b/libtransport/src/hicn/transport/protocols/verification_manager.cc index f45cab743..74faf0521 100644 --- a/libtransport/src/hicn/transport/protocols/verification_manager.cc +++ b/libtransport/src/hicn/transport/protocols/verification_manager.cc @@ -13,9 +13,8 @@ * limitations under the License. */ -#include <hicn/transport/protocols/verification_manager.h> - #include <hicn/transport/interfaces/socket_consumer.h> +#include <hicn/transport/protocols/verification_manager.h> namespace transport { @@ -25,20 +24,30 @@ interface::VerificationPolicy SignatureVerificationManager::onPacketToVerify( const Packet& packet) { using namespace interface; - bool verify_signature; + bool verify_signature = false, key_content = false; VerificationPolicy ret = VerificationPolicy::DROP_PACKET; - ConsumerContentObjectVerificationFailedCallback* - verification_failed_callback = VOID_HANDLER; icn_socket_->getSocketOption(GeneralTransportOptions::VERIFY_SIGNATURE, verify_signature); + icn_socket_->getSocketOption(GeneralTransportOptions::KEY_CONTENT, + key_content); if (!verify_signature) { return VerificationPolicy::ACCEPT_PACKET; } + if (key_content) { + key_packets_.push(copyPacket(packet)); + return VerificationPolicy::ACCEPT_PACKET; + } else if (!key_packets_.empty()) { + std::queue<ContentObjectPtr>().swap(key_packets_); + } + + ConsumerContentObjectVerificationFailedCallback* + verification_failed_callback = VOID_HANDLER; icn_socket_->getSocketOption(ConsumerCallbacksOptions::VERIFICATION_FAILED, &verification_failed_callback); + if (!verification_failed_callback) { throw errors::RuntimeException( "No verification failed callback provided by application. " @@ -66,6 +75,22 @@ interface::VerificationPolicy SignatureVerificationManager::onPacketToVerify( return ret; } +bool SignatureVerificationManager::onKeyToVerify() { + if (TRANSPORT_EXPECT_FALSE(key_packets_.empty())) { + throw errors::RuntimeException("No key to verify."); + } + + while (!key_packets_.empty()) { + ContentObjectPtr packet_to_verify = key_packets_.front(); + key_packets_.pop(); + if (onPacketToVerify(*packet_to_verify) != + VerificationPolicy::ACCEPT_PACKET) + return false; + } + + return true; +} + } // end namespace protocol } // end namespace transport |