From 35058cdfe0134c88f1aa8d23342d1d7b9d39e296 Mon Sep 17 00:00:00 2001
From: Alberto Compagno <acompagn+fdio@cisco.com>
Date: Tue, 7 Jan 2020 11:46:02 +0100
Subject: [HICN-2] Added P2P confidential communication on hICN

P2P confidential communications exploit the TLS 1.3 protocol to let a consumer to
establish a secure communication on an hICN name. Currently we don't support the
consumer authentication (mutual authentication in TLS) and the 0-rtt session
establishment.

Change-Id: I2be073847c08a17f28c837d444081920c5e57a07
Signed-off-by: Alberto Compagno <acompagn+fdio@cisco.com>
Signed-off-by: Olivier Roques <oroques+fdio@cisco.com>
Signed-off-by: Mauro Sardara <msardara@cisco.com>
---
 .../transport/protocols/verification_manager.cc    | 35 ++++++++++++++++++----
 1 file changed, 30 insertions(+), 5 deletions(-)

(limited to 'libtransport/src/hicn/transport/protocols/verification_manager.cc')

diff --git a/libtransport/src/hicn/transport/protocols/verification_manager.cc b/libtransport/src/hicn/transport/protocols/verification_manager.cc
index f45cab743..74faf0521 100644
--- a/libtransport/src/hicn/transport/protocols/verification_manager.cc
+++ b/libtransport/src/hicn/transport/protocols/verification_manager.cc
@@ -13,9 +13,8 @@
  * limitations under the License.
  */
 
-#include <hicn/transport/protocols/verification_manager.h>
-
 #include <hicn/transport/interfaces/socket_consumer.h>
+#include <hicn/transport/protocols/verification_manager.h>
 
 namespace transport {
 
@@ -25,20 +24,30 @@ interface::VerificationPolicy SignatureVerificationManager::onPacketToVerify(
     const Packet& packet) {
   using namespace interface;
 
-  bool verify_signature;
+  bool verify_signature = false, key_content = false;
   VerificationPolicy ret = VerificationPolicy::DROP_PACKET;
 
-  ConsumerContentObjectVerificationFailedCallback*
-      verification_failed_callback = VOID_HANDLER;
   icn_socket_->getSocketOption(GeneralTransportOptions::VERIFY_SIGNATURE,
                                verify_signature);
+  icn_socket_->getSocketOption(GeneralTransportOptions::KEY_CONTENT,
+                               key_content);
 
   if (!verify_signature) {
     return VerificationPolicy::ACCEPT_PACKET;
   }
 
+  if (key_content) {
+    key_packets_.push(copyPacket(packet));
+    return VerificationPolicy::ACCEPT_PACKET;
+  } else if (!key_packets_.empty()) {
+    std::queue<ContentObjectPtr>().swap(key_packets_);
+  }
+
+  ConsumerContentObjectVerificationFailedCallback*
+      verification_failed_callback = VOID_HANDLER;
   icn_socket_->getSocketOption(ConsumerCallbacksOptions::VERIFICATION_FAILED,
                                &verification_failed_callback);
+
   if (!verification_failed_callback) {
     throw errors::RuntimeException(
         "No verification failed callback provided by application. "
@@ -66,6 +75,22 @@ interface::VerificationPolicy SignatureVerificationManager::onPacketToVerify(
   return ret;
 }
 
+bool SignatureVerificationManager::onKeyToVerify() {
+  if (TRANSPORT_EXPECT_FALSE(key_packets_.empty())) {
+    throw errors::RuntimeException("No key to verify.");
+  }
+
+  while (!key_packets_.empty()) {
+    ContentObjectPtr packet_to_verify = key_packets_.front();
+    key_packets_.pop();
+    if (onPacketToVerify(*packet_to_verify) !=
+        VerificationPolicy::ACCEPT_PACKET)
+      return false;
+  }
+
+  return true;
+}
+
 }  // end namespace protocol
 
 }  // end namespace transport
-- 
cgit 1.2.3-korg