Skip to content

Commit

Permalink
add token checking before processing DKEY request
Browse files Browse the repository at this point in the history
  • Loading branch information
tianyuan129 committed Sep 28, 2023
1 parent 75b1c6b commit 7e098e1
Show file tree
Hide file tree
Showing 2 changed files with 45 additions and 12 deletions.
45 changes: 36 additions & 9 deletions src/attribute-authority.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -52,22 +52,19 @@ AttributeAuthority::AttributeAuthority(const security::Certificate& identityCert
NDN_THROW(std::runtime_error("Unsupported ABE type: " + m_abeType));
}

// prefix registrationexport NDN_LOG="nacabe.*=TRACE:ndn.security.Validator=DEBUG"
// prefix registration
m_registeredPrefix = m_face.registerPrefix(m_cert.getIdentity(),
[this] (const Name& name) {
NDN_LOG_TRACE("Prefix " << name << " registered successfully");

// public parameters filter
auto hdl1 = m_face.setInterestFilter(Name(name).append(PUBLIC_PARAMS),
std::bind(&CpAttributeAuthority::onPublicParamsRequest, this, _2));
std::bind(&AttributeAuthority::onPublicParamsRequest, this, _2));
m_interestFilters.emplace_back(hdl1);
NDN_LOG_TRACE("InterestFilter " << Name(name).append(PUBLIC_PARAMS) << " set");

// decryption key filter
auto hdl2 = m_face.setInterestFilter(Name(name).append(DECRYPT_KEY),
std::bind(&CpAttributeAuthority::onDecryptionKeyRequest, this, _2));
m_interestFilters.emplace_back(hdl2);
NDN_LOG_TRACE("InterestFilter " << Name(name).append(DECRYPT_KEY) << " set");
// this filter registration has been moved to the children constructors.
},
[] (const Name&, const auto& reason) {
NDN_LOG_ERROR("Failed to register prefix: " << reason);
Expand All @@ -82,8 +79,6 @@ AttributeAuthority::onDecryptionKeyRequest(const Interest& request)
// naming1: /AA-prefix/DKEY/<key name block>
// naming2: /AA-prefix/DKEY/<key name block>/<version>/<segment>
Name requestName = request.getName();
NDN_LOG_INFO("Got DKEY request: " << requestName);

Name supposedKeyName(request.getName().at(m_cert.getIdentity().size() + 1).blockFromValue());
if (requestName.at(-1).isSegment() && requestName.at(-2).isVersion()) {
NDN_LOG_DEBUG("For DKEY segment --------> " << requestName);
Expand All @@ -99,7 +94,7 @@ AttributeAuthority::onDecryptionKeyRequest(const Interest& request)
else if (security::isValidKeyName(supposedKeyName)) {
NDN_LOG_DEBUG("KeyName --------> " << supposedKeyName);
Name identityName = security::extractIdentityFromKeyName(supposedKeyName);
// verify request and generate token
// fetch corresponding certificate
auto optionalCert = m_trustConfig.findCertificateFromLocal(supposedKeyName);
if (optionalCert) {
NDN_LOG_INFO("Found local certificate for " << supposedKeyName << ", bypass certificate fetching...");
Expand Down Expand Up @@ -168,6 +163,9 @@ CpAttributeAuthority::CpAttributeAuthority(const security::Certificate& identity
security::Validator& validator, KeyChain& keyChain)
: AttributeAuthority(identityCert, face, validator, keyChain, ABE_TYPE_CP_ABE)
{
// decryption key filter
m_face.setInterestFilter(Name(m_cert.getIdentity()).append(DECRYPT_KEY),
std::bind(&CpAttributeAuthority::onDecryptionKeyRequest, this, _2));
}

void
Expand Down Expand Up @@ -195,11 +193,27 @@ CpAttributeAuthority::getPrivateKey(Name identityName)
return algo::ABESupport::getInstance().cpPrvKeyGen(m_pubParams, m_masterKey, attrs);
}

void
CpAttributeAuthority::onDecryptionKeyRequest(const Interest& request)
{
Name requestName = request.getName();
NDN_LOG_INFO("CpAA Got DKEY request: " << requestName);

Name supposedKeyName(request.getName().at(m_cert.getIdentity().size() + 1).blockFromValue());
Name identityName = security::extractIdentityFromKeyName(supposedKeyName);
if (m_tokens.find(identityName) != m_tokens.end()) {
AttributeAuthority::onDecryptionKeyRequest(request);
}
}

KpAttributeAuthority::KpAttributeAuthority(const security::Certificate& identityCert, Face& face,
security::Validator& validator, KeyChain& keyChain,
size_t maxSegmentSize)
: AttributeAuthority(identityCert, face, validator, keyChain, ABE_TYPE_KP_ABE, maxSegmentSize)
{
// decryption key filter
m_face.setInterestFilter(Name(m_cert.getIdentity()).append(DECRYPT_KEY),
std::bind(&KpAttributeAuthority::onDecryptionKeyRequest, this, _2));
}

void
Expand All @@ -224,5 +238,18 @@ KpAttributeAuthority::getPrivateKey(Name identityName)
return algo::ABESupport::getInstance().kpPrvKeyGen(m_pubParams, m_masterKey, policy);
}

void
KpAttributeAuthority::onDecryptionKeyRequest(const Interest& request)
{
Name requestName = request.getName();
NDN_LOG_INFO("KpAA Got DKEY request: " << requestName);

Name supposedKeyName(request.getName().at(m_cert.getIdentity().size() + 1).blockFromValue());
Name identityName = security::extractIdentityFromKeyName(supposedKeyName);
if (m_tokens.find(identityName) != m_tokens.end()) {
AttributeAuthority::onDecryptionKeyRequest(request);
}
}

} // namespace nacabe
} // namespace ndn
12 changes: 9 additions & 3 deletions src/attribute-authority.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -52,13 +52,13 @@ class AttributeAuthority : noncopyable
SPtrVector<Data>
generateDecryptionKeySegments(const Name& objName, const security::Certificate& cert);

void
onDecryptionKeyRequest(const Interest& interest);

void
onPublicParamsRequest(const Interest& interest);

protected:
void
onDecryptionKeyRequest(const Interest& interest);

security::Certificate m_cert;
Face& m_face;
KeyChain& m_keyChain;
Expand Down Expand Up @@ -110,6 +110,9 @@ class CpAttributeAuthority: public AttributeAuthority
getPrivateKey(Name identityName) override;

PUBLIC_WITH_TESTS_ELSE_PRIVATE:
void
onDecryptionKeyRequest(const Interest& interest);

std::map<Name/* Consumer Identity */, std::list<std::string>/* Attr */> m_tokens;
};

Expand Down Expand Up @@ -146,6 +149,9 @@ class KpAttributeAuthority: public AttributeAuthority
getPrivateKey(Name identityName) override;

PUBLIC_WITH_TESTS_ELSE_PRIVATE:
void
onDecryptionKeyRequest(const Interest& interest);

std::map<Name/* Consumer Identity */, Policy> m_tokens;
};

Expand Down

0 comments on commit 7e098e1

Please sign in to comment.