<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html><head><meta http-equiv="Content-Type" content="text/html;charset=UTF-8"> <title>DTN Reference Implementation: Ciphersuite_BA1.cc Source File</title> <link href="doxygen.css" rel="stylesheet" type="text/css"> <link href="tabs.css" rel="stylesheet" type="text/css"> </head><body> <!-- Generated by Doxygen 1.5.6 --> <div class="navigation" id="top"> <div class="tabs"> <ul> <li><a href="main.html"><span>Main Page</span></a></li> <li><a href="namespaces.html"><span>Namespaces</span></a></li> <li><a href="annotated.html"><span>Classes</span></a></li> <li class="current"><a href="files.html"><span>Files</span></a></li> </ul> </div> <h1>Ciphersuite_BA1.cc</h1><a href="Ciphersuite__BA1_8cc.html">Go to the documentation of this file.</a><div class="fragment"><pre class="fragment"><a name="l00001"></a>00001 <span class="comment">/*</span> <a name="l00002"></a>00002 <span class="comment"> * Copyright 2006 SPARTA Inc</span> <a name="l00003"></a>00003 <span class="comment"> * </span> <a name="l00004"></a>00004 <span class="comment"> * Licensed under the Apache License, Version 2.0 (the "License");</span> <a name="l00005"></a>00005 <span class="comment"> * you may not use this file except in compliance with the License.</span> <a name="l00006"></a>00006 <span class="comment"> * You may obtain a copy of the License at</span> <a name="l00007"></a>00007 <span class="comment"> * </span> <a name="l00008"></a>00008 <span class="comment"> * http://www.apache.org/licenses/LICENSE-2.0</span> <a name="l00009"></a>00009 <span class="comment"> * </span> <a name="l00010"></a>00010 <span class="comment"> * Unless required by applicable law or agreed to in writing, software</span> <a name="l00011"></a>00011 <span class="comment"> * distributed under the License is distributed on an "AS IS" BASIS,</span> <a name="l00012"></a>00012 <span class="comment"> * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.</span> <a name="l00013"></a>00013 <span class="comment"> * See the License for the specific language governing permissions and</span> <a name="l00014"></a>00014 <span class="comment"> * limitations under the License.</span> <a name="l00015"></a>00015 <span class="comment"> */</span> <a name="l00016"></a>00016 <a name="l00017"></a>00017 <span class="preprocessor">#ifdef HAVE_CONFIG_H</span> <a name="l00018"></a>00018 <span class="preprocessor"></span><span class="preprocessor"># include <<a class="code" href="dtn-config_8h.html">dtn-config.h</a>></span> <a name="l00019"></a>00019 <span class="preprocessor">#endif</span> <a name="l00020"></a>00020 <span class="preprocessor"></span> <a name="l00021"></a>00021 <span class="preprocessor">#ifdef BSP_ENABLED</span> <a name="l00022"></a>00022 <span class="preprocessor"></span> <a name="l00023"></a>00023 <span class="preprocessor">#include "<a class="code" href="Ciphersuite__BA1_8h.html">Ciphersuite_BA1.h</a>"</span> <a name="l00024"></a>00024 <span class="preprocessor">#include "<a class="code" href="bundling_2Bundle_8h.html">bundling/Bundle.h</a>"</span> <a name="l00025"></a>00025 <span class="preprocessor">#include "<a class="code" href="BundleDaemon_8h.html">bundling/BundleDaemon.h</a>"</span> <a name="l00026"></a>00026 <span class="preprocessor">#include "<a class="code" href="BundleProtocol_8h.html">bundling/BundleProtocol.h</a>"</span> <a name="l00027"></a>00027 <span class="preprocessor">#include "<a class="code" href="SDNV_8h.html">bundling/SDNV.h</a>"</span> <a name="l00028"></a>00028 <span class="preprocessor">#include "<a class="code" href="contacts_2Link_8h.html">contacts/Link.h</a>"</span> <a name="l00029"></a>00029 <span class="preprocessor">#include "<a class="code" href="KeyDB_8h.html">KeyDB.h</a>"</span> <a name="l00030"></a>00030 <span class="preprocessor">#include "<a class="code" href="BP__Tag_8h.html">BP_Tag.h</a>"</span> <a name="l00031"></a>00031 <span class="preprocessor">#include "openssl/hmac.h"</span> <a name="l00032"></a>00032 <a name="l00033"></a>00033 <span class="keyword">namespace </span>dtn { <a name="l00034"></a>00034 <a name="l00035"></a>00035 <span class="keyword">static</span> <span class="keyword">const</span> <span class="keywordtype">char</span>* <a class="code" href="namespacedtn.html#68bf4270dd0a7e5e8390869b83889922">log</a> = <span class="stringliteral">"/dtn/bundle/ciphersuite"</span>; <a name="l00036"></a>00036 <a name="l00037"></a>00037 <span class="comment">//----------------------------------------------------------------------</span> <a name="l00038"></a>00038 Ciphersuite_BA1::Ciphersuite_BA1() <a name="l00039"></a>00039 { <a name="l00040"></a>00040 } <a name="l00041"></a>00041 <a name="l00042"></a>00042 <span class="comment">//----------------------------------------------------------------------</span> <a name="l00043"></a>00043 u_int16_t <a name="l00044"></a>00044 Ciphersuite_BA1::cs_num(<span class="keywordtype">void</span>) <a name="l00045"></a>00045 { <a name="l00046"></a>00046 <span class="keywordflow">return</span> CSNUM_BA1; <a name="l00047"></a>00047 } <a name="l00048"></a>00048 <a name="l00049"></a>00049 <span class="comment">//----------------------------------------------------------------------</span> <a name="l00050"></a>00050 <span class="keywordtype">int</span> <a name="l00051"></a>00051 Ciphersuite_BA1::consume(Bundle* bundle, BlockInfo* block, <a name="l00052"></a>00052 u_char* <a class="code" href="num2sdnv_8c.html#a81cdcc7ff6987bc85c073253e32715f">buf</a>, <span class="keywordtype">size_t</span> <a class="code" href="num2sdnv_8c.html#fed088663f8704004425cdae2120b9b3">len</a>) <a name="l00053"></a>00053 { <a name="l00054"></a>00054 log_debug_p(<a class="code" href="namespacedtn.html#68bf4270dd0a7e5e8390869b83889922">log</a>, <span class="stringliteral">"Ciphersuite_BA1::consume()"</span>); <a name="l00055"></a>00055 <span class="keywordtype">int</span> cc = block->owner()->consume(bundle, block, buf, len); <a name="l00056"></a>00056 <a name="l00057"></a>00057 <span class="keywordflow">if</span> (cc == -1) { <a name="l00058"></a>00058 <span class="keywordflow">return</span> -1; <span class="comment">// protocol error</span> <a name="l00059"></a>00059 } <a name="l00060"></a>00060 <a name="l00061"></a>00061 <a name="l00062"></a>00062 <span class="comment">// in on-the-fly scenario, process this data for those interested</span> <a name="l00063"></a>00063 <a name="l00064"></a>00064 <span class="keywordflow">if</span> (! block->complete()) { <a name="l00065"></a>00065 <a class="code" href="SDNV_8cc.html#ca68c0d4ac8df0838e209fb5300f7be3">ASSERT</a>(cc == (<span class="keywordtype">int</span>)len); <a name="l00066"></a>00066 <span class="keywordflow">return</span> cc; <a name="l00067"></a>00067 } <a name="l00068"></a>00068 <a name="l00069"></a>00069 <span class="keywordflow">if</span> ( block->locals() == NULL ) { <span class="comment">// then we need to parse it</span> <a name="l00070"></a>00070 parse(block); <a name="l00071"></a>00071 } <a name="l00072"></a>00072 <a name="l00073"></a>00073 <span class="keywordflow">return</span> cc; <a name="l00074"></a>00074 } <a name="l00075"></a>00075 <a name="l00076"></a>00076 <span class="comment">//----------------------------------------------------------------------</span> <a name="l00077"></a>00077 <span class="keywordtype">bool</span> <a name="l00078"></a>00078 Ciphersuite_BA1::validate(<span class="keyword">const</span> Bundle* bundle, <a name="l00079"></a>00079 BlockInfoVec* block_list, <a name="l00080"></a>00080 BlockInfo* block, <a name="l00081"></a>00081 status_report_reason_t* reception_reason, <a name="l00082"></a>00082 status_report_reason_t* deletion_reason) <a name="l00083"></a>00083 { <a name="l00084"></a>00084 (void)block_list; <a name="l00085"></a>00085 <span class="keywordtype">size_t</span> offset; <a name="l00086"></a>00086 <span class="keywordtype">size_t</span> len; <a name="l00087"></a>00087 <span class="keywordtype">size_t</span> rem; <a name="l00088"></a>00088 HMAC_CTX ctx; <a name="l00089"></a>00089 OpaqueContext* r = <span class="keyword">reinterpret_cast<</span>OpaqueContext*<span class="keyword">></span>(&ctx); <a name="l00090"></a>00090 <span class="keyword">const</span> BlockInfoVec& recv_blocks = bundle->recv_blocks(); <a name="l00091"></a>00091 u_char result[EVP_MAX_MD_SIZE]; <a name="l00092"></a>00092 u_int32_t rlen = 0; <a name="l00093"></a>00093 BP_Local_CS* locals = NULL; <a name="l00094"></a>00094 u_char* buf; <a name="l00095"></a>00095 u_int64_t cs_flags; <a name="l00096"></a>00096 u_int64_t suite_num; <a name="l00097"></a>00097 u_int64_t field_length = 0LL; <a name="l00098"></a>00098 <span class="keywordtype">int</span> sdnv_len = 0; <span class="comment">// use an int to handle -1 return values</span> <a name="l00099"></a>00099 (void)reception_reason; <a name="l00100"></a>00100 <a name="l00101"></a>00101 log_debug_p(<a class="code" href="namespacedtn.html#68bf4270dd0a7e5e8390869b83889922">log</a>, <span class="stringliteral">"Ciphersuite_BA1::validate()"</span>); <a name="l00102"></a>00102 <span class="comment">// if first block</span> <a name="l00103"></a>00103 locals = <span class="keyword">dynamic_cast<</span>BP_Local_CS*<span class="keyword">></span>(block->locals()); <a name="l00104"></a>00104 CS_FAIL_IF_NULL(locals); <a name="l00105"></a>00105 <span class="keywordflow">if</span> ( !(locals->cs_flags() & Ciphersuite::CS_BLOCK_HAS_RESULT) ) { <a name="l00106"></a>00106 <span class="keyword">const</span> KeyDB::Entry* key_entry = <a name="l00107"></a>00107 KeyDB::find_key(EndpointID(locals->security_src()).uri().host().c_str(), cs_num()); <a name="l00108"></a>00108 <span class="keywordflow">if</span> (key_entry == NULL) { <a name="l00109"></a>00109 log_warn_p(<a class="code" href="namespacedtn.html#68bf4270dd0a7e5e8390869b83889922">log</a>, <span class="stringliteral">"unable to find verification key for this block"</span>); <a name="l00110"></a>00110 <span class="keywordflow">goto</span> fail; <a name="l00111"></a>00111 } <a name="l00112"></a>00112 <a class="code" href="SDNV_8cc.html#ca68c0d4ac8df0838e209fb5300f7be3">ASSERT</a>(key_entry->key_len() == res_len); <a name="l00113"></a>00113 <a name="l00114"></a>00114 <span class="comment">// dump key_entry to debugging output</span> <a name="l00115"></a>00115 <span class="comment">// oasys::StringBuffer ksbuf;</span> <a name="l00116"></a>00116 <span class="comment">// key_entry->dump(&ksbuf);</span> <a name="l00117"></a>00117 <span class="comment">// log_debug_p(log, "Ciphersuite_BA1::validate(): using key entry:\n%s",</span> <a name="l00118"></a>00118 <span class="comment">// ksbuf.c_str());</span> <a name="l00119"></a>00119 <a name="l00120"></a>00120 <span class="comment">// prepare the digest context in "result"</span> <a name="l00121"></a>00121 HMAC_CTX_init(&ctx); <a name="l00122"></a>00122 HMAC_Init_ex(&ctx, key_entry->key(), key_entry->key_len(), <a name="l00123"></a>00123 EVP_sha1(), NULL); <a name="l00124"></a>00124 <a name="l00125"></a>00125 <span class="comment">// walk the list and process each of the blocks</span> <a name="l00126"></a>00126 <span class="keywordflow">for</span> ( BlockInfoVec::const_iterator iter = recv_blocks.begin(); <a name="l00127"></a>00127 iter != recv_blocks.end(); <a name="l00128"></a>00128 ++iter) <a name="l00129"></a>00129 { <a name="l00130"></a>00130 offset = 0; <a name="l00131"></a>00131 len = iter->full_length(); <a name="l00132"></a>00132 <a name="l00133"></a>00133 <span class="keywordflow">if</span> ( iter->type() == BundleProtocol::BUNDLE_AUTHENTICATION_BLOCK ) { <a name="l00134"></a>00134 <span class="comment">// This is a BA block but might or might not be BA1.</span> <a name="l00135"></a>00135 <span class="comment">// So we need to see if there is a security-result field</span> <a name="l00136"></a>00136 <span class="comment">// which needs exclusion</span> <a name="l00137"></a>00137 <a name="l00138"></a>00138 <span class="comment">// ciphersuite number and flags</span> <a name="l00139"></a>00139 u_char* ptr = iter->data(); <a name="l00140"></a>00140 rem = iter->full_length(); <a name="l00141"></a>00141 <a name="l00142"></a>00142 sdnv_len = <a class="code" href="SDNV_8cc.html#151d178617a7c2f598cfd7630ebeb7b4">SDNV::decode</a>(ptr, <a name="l00143"></a>00143 rem, <a name="l00144"></a>00144 &suite_num); <a name="l00145"></a>00145 ptr += sdnv_len; <a name="l00146"></a>00146 rem -= sdnv_len; <a name="l00147"></a>00147 <a name="l00148"></a>00148 sdnv_len = <a class="code" href="SDNV_8cc.html#151d178617a7c2f598cfd7630ebeb7b4">SDNV::decode</a>(ptr, <a name="l00149"></a>00149 rem, <a name="l00150"></a>00150 &cs_flags); <a name="l00151"></a>00151 ptr += sdnv_len; <a name="l00152"></a>00152 rem -= sdnv_len; <a name="l00153"></a>00153 <a name="l00154"></a>00154 <span class="keywordflow">if</span> ( cs_flags & CS_BLOCK_HAS_RESULT ) { <a name="l00155"></a>00155 <span class="comment">// if there's a security-result we have to ease up to it</span> <a name="l00156"></a>00156 <a name="l00157"></a>00157 sdnv_len = <a class="code" href="num2sdnv_8c.html#fed088663f8704004425cdae2120b9b3">SDNV::len</a>(ptr); <span class="comment">//step over correlator</span> <a name="l00158"></a>00158 ptr += sdnv_len; <a name="l00159"></a>00159 rem -= sdnv_len; <a name="l00160"></a>00160 <a name="l00161"></a>00161 sdnv_len = <a class="code" href="num2sdnv_8c.html#fed088663f8704004425cdae2120b9b3">SDNV::len</a>(ptr); <span class="comment">//step over security-result-length field</span> <a name="l00162"></a>00162 ptr += sdnv_len; <a name="l00163"></a>00163 rem -= sdnv_len; <a name="l00164"></a>00164 <a name="l00165"></a>00165 len = ptr - iter->contents().buf(); <span class="comment">//this is the length to use</span> <a name="l00166"></a>00166 } <a name="l00167"></a>00167 } <a name="l00168"></a>00168 <a name="l00169"></a>00169 iter->owner()->process( Ciphersuite_BA1::digest, <a name="l00170"></a>00170 bundle, <a name="l00171"></a>00171 block, <a name="l00172"></a>00172 &*iter, <a name="l00173"></a>00173 offset, <a name="l00174"></a>00174 len, <a name="l00175"></a>00175 r); <a name="l00176"></a>00176 } <a name="l00177"></a>00177 <a name="l00178"></a>00178 <span class="comment">// finalize the digest</span> <a name="l00179"></a>00179 HMAC_Final(&ctx, result, &rlen); <a name="l00180"></a>00180 HMAC_cleanup(&ctx); <a name="l00181"></a>00181 <a class="code" href="SDNV_8cc.html#ca68c0d4ac8df0838e209fb5300f7be3">ASSERT</a>(rlen == Ciphersuite_BA1::res_len); <a name="l00182"></a>00182 <a name="l00183"></a>00183 <span class="comment">// check the digest in the result - in the *second* block</span> <a name="l00184"></a>00184 <span class="comment">// walk the list to find it</span> <a name="l00185"></a>00185 <span class="keywordflow">for</span> (BlockInfoVec::iterator iter = block_list->begin(); <a name="l00186"></a>00186 iter != block_list->end(); <a name="l00187"></a>00187 ++iter) <a name="l00188"></a>00188 { <a name="l00189"></a>00189 BP_Local_CS* target_locals; <a name="l00190"></a>00190 <span class="keywordflow">if</span> ( iter->type() != BundleProtocol::BUNDLE_AUTHENTICATION_BLOCK ) <a name="l00191"></a>00191 <span class="keywordflow">continue</span>; <a name="l00192"></a>00192 <a name="l00193"></a>00193 target_locals = <span class="keyword">dynamic_cast<</span>BP_Local_CS*<span class="keyword">></span>(iter->locals()); <a name="l00194"></a>00194 CS_FAIL_IF_NULL(target_locals); <a name="l00195"></a>00195 <span class="keywordflow">if</span> ( target_locals->owner_cs_num() != CSNUM_BA1 ) <a name="l00196"></a>00196 <span class="keywordflow">continue</span>; <a name="l00197"></a>00197 <a name="l00198"></a>00198 <span class="keywordflow">if</span> (target_locals->correlator() != locals->correlator() ) <a name="l00199"></a>00199 <span class="keywordflow">continue</span>; <a name="l00200"></a>00200 <a name="l00201"></a>00201 <span class="comment">// Now we're at the block which is ...</span> <a name="l00202"></a>00202 <span class="comment">// 1. BA block</span> <a name="l00203"></a>00203 <span class="comment">// 2. BA1 ciphersuite</span> <a name="l00204"></a>00204 <span class="comment">// 3. same correlator as the main one </span> <a name="l00205"></a>00205 <a name="l00206"></a>00206 <span class="keywordflow">if</span> ( target_locals->cs_flags() & Ciphersuite::CS_BLOCK_HAS_RESULT ) { <a name="l00207"></a>00207 buf = target_locals->security_result().buf(); <a name="l00208"></a>00208 len = target_locals->security_result().len(); <a name="l00209"></a>00209 <a name="l00210"></a>00210 <span class="comment">// we expect only one item in the field, the BA signature</span> <a name="l00211"></a>00211 <span class="keywordflow">if</span> ( *buf++ != Ciphersuite::CS_signature_field ) { <span class="comment">// item type</span> <a name="l00212"></a>00212 <a class="code" href="SDNV_8cc.html#3f24cadc9f28aba33472df0500092dcb">log_err_p</a>(<a class="code" href="namespacedtn.html#68bf4270dd0a7e5e8390869b83889922">log</a>, <span class="stringliteral">"Ciphersuite_BA1 item type incorrect"</span>); <a name="l00213"></a>00213 <span class="keywordflow">goto</span> fail; <span class="comment">//field type is bad</span> <a name="l00214"></a>00214 } <a name="l00215"></a>00215 len--; <a name="l00216"></a>00216 <a name="l00217"></a>00217 sdnv_len = <a class="code" href="SDNV_8cc.html#151d178617a7c2f598cfd7630ebeb7b4">SDNV::decode</a>(buf, len, &field_length); <span class="comment">// item length</span> <a name="l00218"></a>00218 buf += sdnv_len; <a name="l00219"></a>00219 len -= sdnv_len; <a name="l00220"></a>00220 <a class="code" href="SDNV_8cc.html#ca68c0d4ac8df0838e209fb5300f7be3">ASSERT</a>(field_length == Ciphersuite_BA1::res_len); <a name="l00221"></a>00221 <a class="code" href="SDNV_8cc.html#ca68c0d4ac8df0838e209fb5300f7be3">ASSERT</a>( len == Ciphersuite_BA1::res_len); <a name="l00222"></a>00222 <a name="l00223"></a>00223 <span class="keywordflow">if</span> ( memcmp(buf, result, Ciphersuite_BA1::res_len) != 0) { <a name="l00224"></a>00224 <a class="code" href="SDNV_8cc.html#3f24cadc9f28aba33472df0500092dcb">log_err_p</a>(<a class="code" href="namespacedtn.html#68bf4270dd0a7e5e8390869b83889922">log</a>, <span class="stringliteral">"block failed security validation Ciphersuite_BA1"</span>); <a name="l00225"></a>00225 <span class="keywordflow">goto</span> fail; <a name="l00226"></a>00226 } <span class="keywordflow">else</span> { <a name="l00227"></a>00227 log_debug_p(<a class="code" href="namespacedtn.html#68bf4270dd0a7e5e8390869b83889922">log</a>, <span class="stringliteral">"block passed security validation Ciphersuite_BA1"</span>); <a name="l00228"></a>00228 locals->set_proc_flag(CS_BLOCK_PASSED_VALIDATION); <a name="l00229"></a>00229 <span class="keywordflow">return</span> <span class="keyword">true</span>; <a name="l00230"></a>00230 } <a name="l00231"></a>00231 } <a name="l00232"></a>00232 <span class="keywordflow">else</span> <a name="l00233"></a>00233 { <a name="l00234"></a>00234 <span class="keywordflow">continue</span>; <a name="l00235"></a>00235 } <a name="l00236"></a>00236 } <a name="l00237"></a>00237 <a class="code" href="SDNV_8cc.html#3f24cadc9f28aba33472df0500092dcb">log_err_p</a>(<a class="code" href="namespacedtn.html#68bf4270dd0a7e5e8390869b83889922">log</a>, <span class="stringliteral">"block failed security validation Ciphersuite_BA1 - result is missing"</span>); <a name="l00238"></a>00238 <span class="keywordflow">goto</span> fail; <a name="l00239"></a>00239 } <a name="l00240"></a>00240 <span class="keywordflow">else</span> <a name="l00241"></a>00241 { <a name="l00242"></a>00242 <span class="comment">// do NOT set a proc_flag here, for this block as it's not the owner of the correlated set</span> <a name="l00243"></a>00243 log_debug_p(<a class="code" href="namespacedtn.html#68bf4270dd0a7e5e8390869b83889922">log</a>, <span class="stringliteral">"BA1BlockProcessor::validate(): no check on this block"</span>); <a name="l00244"></a>00244 } <a name="l00245"></a>00245 <a name="l00246"></a>00246 <span class="keywordflow">return</span> <span class="keyword">true</span>; <a name="l00247"></a>00247 <a name="l00248"></a>00248 fail: <a name="l00249"></a>00249 locals->set_proc_flag(CS_BLOCK_FAILED_VALIDATION | CS_BLOCK_COMPLETED_DO_NOT_FORWARD); <a name="l00250"></a>00250 *deletion_reason = BundleProtocol::REASON_SECURITY_FAILED; <a name="l00251"></a>00251 <span class="keywordflow">return</span> <span class="keyword">false</span>; <a name="l00252"></a>00252 } <a name="l00253"></a>00253 <a name="l00254"></a>00254 <span class="comment">//----------------------------------------------------------------------</span> <a name="l00255"></a>00255 <span class="keywordtype">int</span> <a name="l00256"></a>00256 Ciphersuite_BA1::prepare(<span class="keyword">const</span> Bundle* bundle, <a name="l00257"></a>00257 BlockInfoVec* xmit_blocks, <a name="l00258"></a>00258 <span class="keyword">const</span> BlockInfo* source, <a name="l00259"></a>00259 <span class="keyword">const</span> <a class="code" href="namespacedtn.html#6efb37e503f8062c537b022eb755b94e" title="Typedef for a reference on a link.">LinkRef</a>& link, <a name="l00260"></a>00260 list_owner_t list) <a name="l00261"></a>00261 { <a name="l00262"></a>00262 (void)bundle; <a name="l00263"></a>00263 (void)link; <a name="l00264"></a>00264 <a name="l00265"></a>00265 <span class="keywordtype">int</span> result = <a class="code" href="BlockProcessor_8h.html#cce9a45a37bad1da41648533b0e15457">BP_FAIL</a>; <a name="l00266"></a>00266 u_int64_t correlator = CSNUM_BA1 << 16; <span class="comment">//also need to add a low-order piece</span> <a name="l00267"></a>00267 u_int16_t flags = CS_BLOCK_HAS_CORRELATOR; <a name="l00268"></a>00268 BP_Local_CS* locals = NULL; <a name="l00269"></a>00269 <a name="l00270"></a>00270 log_debug_p(<a class="code" href="namespacedtn.html#68bf4270dd0a7e5e8390869b83889922">log</a>, <span class="stringliteral">"Ciphersuite_BA1::prepare()"</span>); <a name="l00271"></a>00271 <span class="keywordflow">if</span> ( list == BlockInfo::LIST_RECEIVED ) <a name="l00272"></a>00272 <span class="keywordflow">return</span> <a class="code" href="BlockProcessor_8h.html#446572d61c813971cb4d5ce4ee1b9c0b">BP_SUCCESS</a>; <span class="comment">//don't forward received BA blocks</span> <a name="l00273"></a>00273 <a name="l00274"></a>00274 <span class="comment">// Need to add two blocks, one at the start, one after payload</span> <a name="l00275"></a>00275 <span class="comment">// It's simpler to fill in the pieces and then insert them.</span> <a name="l00276"></a>00276 BlockInfo bi = BlockInfo(BundleProtocol::find_processor(BundleProtocol::BUNDLE_AUTHENTICATION_BLOCK), source); <a name="l00277"></a>00277 <a name="l00278"></a>00278 <span class="comment">// initialize the first block</span> <a name="l00279"></a>00279 BundleDaemon* bd = BundleDaemon::instance(); <a name="l00280"></a>00280 bi.set_locals(<span class="keyword">new</span> BP_Local_CS); <a name="l00281"></a>00281 locals = <span class="keyword">dynamic_cast<</span>BP_Local_CS*<span class="keyword">></span>(bi.locals()); <a name="l00282"></a>00282 CS_FAIL_IF_NULL(locals); <a name="l00283"></a>00283 locals->set_owner_cs_num(CSNUM_BA1); <a name="l00284"></a>00284 locals->set_cs_flags(flags | CS_BLOCK_HAS_SOURCE); <a name="l00285"></a>00285 locals->set_security_src(bd->local_eid().str()); <a name="l00286"></a>00286 correlator = create_correlator(bundle, xmit_blocks); <a name="l00287"></a>00287 correlator |= (int)CSNUM_BA1 << 16; <span class="comment">// add our ciphersuite number</span> <a name="l00288"></a>00288 locals->set_correlator( correlator ); <a name="l00289"></a>00289 locals->set_correlator_sequence( 0 ); <a name="l00290"></a>00290 <a name="l00291"></a>00291 <a name="l00292"></a>00292 <span class="comment">// We should already have the primary block in the list.</span> <a name="l00293"></a>00293 <span class="comment">// If primary is there then insert after it.</span> <a name="l00294"></a>00294 <span class="comment">// If not, insert first in the list.</span> <a name="l00295"></a>00295 <span class="comment">// If list is empty then just add to back</span> <a name="l00296"></a>00296 <span class="comment">// -- this will be troublesome later but we have no choice</span> <a name="l00297"></a>00297 <span class="keywordflow">if</span> ( xmit_blocks->size() > 0 ) { <a name="l00298"></a>00298 BlockInfoVec::iterator iter = xmit_blocks->begin(); <a name="l00299"></a>00299 <span class="keywordflow">if</span> ( iter->type() == BundleProtocol::PRIMARY_BLOCK) <a name="l00300"></a>00300 ++iter; <a name="l00301"></a>00301 xmit_blocks->insert(iter, bi); <a name="l00302"></a>00302 } <span class="keywordflow">else</span> { <a name="l00303"></a>00303 xmit_blocks->push_back(bi); <a name="l00304"></a>00304 } <a name="l00305"></a>00305 <a name="l00306"></a>00306 <span class="comment">// initialize the second (trailing) block</span> <a name="l00307"></a>00307 bi.set_locals(<span class="keyword">new</span> BP_Local_CS); <a name="l00308"></a>00308 locals = <span class="keyword">dynamic_cast<</span>BP_Local_CS*<span class="keyword">></span>(bi.locals()); <a name="l00309"></a>00309 CS_FAIL_IF_NULL(locals); <a name="l00310"></a>00310 locals->set_owner_cs_num(CSNUM_BA1); <a name="l00311"></a>00311 locals->set_cs_flags(flags | CS_BLOCK_HAS_RESULT); <a name="l00312"></a>00312 locals->set_correlator( correlator ); <span class="comment">// same one created above, obviously</span> <a name="l00313"></a>00313 locals->set_correlator_sequence( 1 ); <a name="l00314"></a>00314 xmit_blocks->push_back(bi); <a name="l00315"></a>00315 <a name="l00316"></a>00316 result = <a class="code" href="BlockProcessor_8h.html#446572d61c813971cb4d5ce4ee1b9c0b">BP_SUCCESS</a>; <a name="l00317"></a>00317 <span class="keywordflow">return</span> result; <a name="l00318"></a>00318 <a name="l00319"></a>00319 fail: <a name="l00320"></a>00320 <span class="keywordflow">if</span> ( locals != NULL ) <a name="l00321"></a>00321 locals->set_proc_flag(CS_BLOCK_PROCESSING_FAILED_DO_NOT_SEND); <a name="l00322"></a>00322 <span class="keywordflow">return</span> <a class="code" href="BlockProcessor_8h.html#cce9a45a37bad1da41648533b0e15457">BP_FAIL</a>; <a name="l00323"></a>00323 } <a name="l00324"></a>00324 <a name="l00325"></a>00325 <span class="comment">//----------------------------------------------------------------------</span> <a name="l00326"></a>00326 <span class="keywordtype">int</span> <a name="l00327"></a>00327 Ciphersuite_BA1::generate(<span class="keyword">const</span> Bundle* bundle, <a name="l00328"></a>00328 BlockInfoVec* xmit_blocks, <a name="l00329"></a>00329 BlockInfo* block, <a name="l00330"></a>00330 <span class="keyword">const</span> <a class="code" href="namespacedtn.html#6efb37e503f8062c537b022eb755b94e" title="Typedef for a reference on a link.">LinkRef</a>& link, <a name="l00331"></a>00331 <span class="keywordtype">bool</span> last) <a name="l00332"></a>00332 { <a name="l00333"></a>00333 (void)bundle; <a name="l00334"></a>00334 (void)link; <a name="l00335"></a>00335 (void)xmit_blocks; <a name="l00336"></a>00336 <a name="l00337"></a>00337 log_debug_p(<a class="code" href="namespacedtn.html#68bf4270dd0a7e5e8390869b83889922">log</a>, <span class="stringliteral">"Ciphersuite_BA1::generate()"</span>); <a name="l00338"></a>00338 <span class="keywordtype">int</span> result = <a class="code" href="BlockProcessor_8h.html#cce9a45a37bad1da41648533b0e15457">BP_FAIL</a>; <a name="l00339"></a>00339 BP_Local_CS* locals = <span class="keyword">dynamic_cast<</span>BP_Local_CS*<span class="keyword">></span>(block->locals()); <a name="l00340"></a>00340 u_int16_t flags = locals->cs_flags(); <a name="l00341"></a>00341 <span class="keywordtype">size_t</span> item_len = 0; <a name="l00342"></a>00342 u_char* buf = NULL; <a name="l00343"></a>00343 <span class="keywordtype">int</span> len = 0; <a name="l00344"></a>00344 <span class="keywordtype">size_t</span> length = 0; <a name="l00345"></a>00345 <span class="keywordtype">int</span> sdnv_len = 0; <span class="comment">// use an int to handle -1 return values</span> <a name="l00346"></a>00346 BlockInfo::DataBuffer* contents = NULL; <a name="l00347"></a>00347 <a name="l00348"></a>00348 CS_FAIL_IF_NULL(locals); <a name="l00349"></a>00349 <span class="comment">// add security-source to EID-list</span> <a name="l00350"></a>00350 <span class="keywordflow">if</span> ( flags & CS_BLOCK_HAS_SOURCE ) { <a name="l00351"></a>00351 block->add_eid(locals->security_src()); <a name="l00352"></a>00352 <span class="comment">/* xmit_blocks->dict()->add_eid() is done for us in</span> <a name="l00353"></a>00353 <span class="comment"> * generate_preamble() below */</span> <a name="l00354"></a>00354 } <a name="l00355"></a>00355 <a name="l00356"></a>00356 length = 0; <span class="comment">// ciphersuite number and flags</span> <a name="l00357"></a>00357 length += <a class="code" href="SDNV_8cc.html#46f4c114c92230c80f6714318251b542">SDNV::encoding_len</a>(CSNUM_BA1); <a name="l00358"></a>00358 length += <a class="code" href="SDNV_8cc.html#46f4c114c92230c80f6714318251b542">SDNV::encoding_len</a>(locals->cs_flags()); <a name="l00359"></a>00359 length += <a class="code" href="SDNV_8cc.html#46f4c114c92230c80f6714318251b542">SDNV::encoding_len</a>(locals->correlator()); <a name="l00360"></a>00360 <a name="l00361"></a>00361 <span class="keywordflow">if</span> (flags & CS_BLOCK_HAS_RESULT) { <a name="l00362"></a>00362 item_len = 1 + 1 + Ciphersuite_BA1::res_len; <span class="comment">// type + length + result item</span> <a name="l00363"></a>00363 length += <a class="code" href="SDNV_8cc.html#46f4c114c92230c80f6714318251b542">SDNV::encoding_len</a>(item_len) + item_len; <a name="l00364"></a>00364 } <a name="l00365"></a>00365 <a name="l00366"></a>00366 generate_preamble(xmit_blocks, <a name="l00367"></a>00367 block, <a name="l00368"></a>00368 BundleProtocol::BUNDLE_AUTHENTICATION_BLOCK, <a name="l00369"></a>00369 BundleProtocol::BLOCK_FLAG_DISCARD_BUNDLE_ONERROR | <a name="l00370"></a>00370 (last ? BundleProtocol::BLOCK_FLAG_LAST_BLOCK : 0), <a name="l00371"></a>00371 length); <a name="l00372"></a>00372 <a name="l00373"></a>00373 contents = block->writable_contents(); <a name="l00374"></a>00374 contents->reserve(block->data_offset() + length); <a name="l00375"></a>00375 contents->set_len(block->data_offset() + length); <a name="l00376"></a>00376 <a name="l00377"></a>00377 buf = contents->buf() + block->data_offset(); <a name="l00378"></a>00378 len = length; <a name="l00379"></a>00379 <a name="l00380"></a>00380 <span class="comment">// ciphersuite number and flags</span> <a name="l00381"></a>00381 sdnv_len = <a class="code" href="SDNV_8cc.html#21c54ef3a5345647ad1cada265a03eb4">SDNV::encode</a>(CSNUM_BA1, buf, len); <a name="l00382"></a>00382 CS_FAIL_IF(sdnv_len <= 0); <a name="l00383"></a>00383 buf += sdnv_len; <a name="l00384"></a>00384 len -= sdnv_len; <a name="l00385"></a>00385 <a name="l00386"></a>00386 sdnv_len = <a class="code" href="SDNV_8cc.html#21c54ef3a5345647ad1cada265a03eb4">SDNV::encode</a>(locals->cs_flags(), buf, len); <a name="l00387"></a>00387 CS_FAIL_IF(sdnv_len <= 0); <a name="l00388"></a>00388 buf += sdnv_len; <a name="l00389"></a>00389 len -= sdnv_len; <a name="l00390"></a>00390 <a name="l00391"></a>00391 <span class="comment">// correlator</span> <a name="l00392"></a>00392 sdnv_len = <a class="code" href="SDNV_8cc.html#21c54ef3a5345647ad1cada265a03eb4">SDNV::encode</a>(locals->correlator(), buf, len); <a name="l00393"></a>00393 CS_FAIL_IF(sdnv_len <= 0); <a name="l00394"></a>00394 buf += sdnv_len; <a name="l00395"></a>00395 len -= sdnv_len; <a name="l00396"></a>00396 <a name="l00397"></a>00397 <span class="keywordflow">if</span> (flags & CS_BLOCK_HAS_RESULT) { <a name="l00398"></a>00398 <span class="comment">// security-result offset</span> <a name="l00399"></a>00399 <span class="keywordtype">size_t</span> result_offset = buf - block->data(); <a name="l00400"></a>00400 locals->set_security_result_offset(result_offset); <a name="l00401"></a>00401 <a name="l00402"></a>00402 <span class="comment">// security-result length</span> <a name="l00403"></a>00403 sdnv_len = <a class="code" href="SDNV_8cc.html#21c54ef3a5345647ad1cada265a03eb4">SDNV::encode</a>(item_len, buf, len); <a name="l00404"></a>00404 CS_FAIL_IF(sdnv_len <= 0); <a name="l00405"></a>00405 buf += sdnv_len; <a name="l00406"></a>00406 len -= sdnv_len; <a name="l00407"></a>00407 } <a name="l00408"></a>00408 CS_FAIL_IF(len != (<span class="keywordtype">int</span>)item_len); <a name="l00409"></a>00409 <a name="l00410"></a>00410 result = <a class="code" href="BlockProcessor_8h.html#446572d61c813971cb4d5ce4ee1b9c0b">BP_SUCCESS</a>; <a name="l00411"></a>00411 <span class="keywordflow">return</span> result; <a name="l00412"></a>00412 <a name="l00413"></a>00413 fail: <a name="l00414"></a>00414 <span class="keywordflow">if</span> ( locals != NULL ) <a name="l00415"></a>00415 locals->set_proc_flag(CS_BLOCK_PROCESSING_FAILED_DO_NOT_SEND); <a name="l00416"></a>00416 <span class="keywordflow">return</span> <a class="code" href="BlockProcessor_8h.html#cce9a45a37bad1da41648533b0e15457">BP_FAIL</a>; <a name="l00417"></a>00417 } <a name="l00418"></a>00418 <a name="l00419"></a>00419 <span class="comment">//----------------------------------------------------------------------</span> <a name="l00420"></a>00420 <span class="keywordtype">int</span> <a name="l00421"></a>00421 Ciphersuite_BA1::finalize(<span class="keyword">const</span> Bundle* bundle, <a name="l00422"></a>00422 BlockInfoVec* xmit_blocks, <a name="l00423"></a>00423 BlockInfo* block, <a name="l00424"></a>00424 <span class="keyword">const</span> <a class="code" href="namespacedtn.html#6efb37e503f8062c537b022eb755b94e" title="Typedef for a reference on a link.">LinkRef</a>& link) <a name="l00425"></a>00425 { <a name="l00426"></a>00426 (void)link; <a name="l00427"></a>00427 <a name="l00428"></a>00428 <span class="keywordtype">size_t</span> offset; <a name="l00429"></a>00429 <span class="keywordtype">size_t</span> len; <a name="l00430"></a>00430 <span class="keywordtype">size_t</span> rem; <a name="l00431"></a>00431 HMAC_CTX ctx; <a name="l00432"></a>00432 OpaqueContext* r = <span class="keyword">reinterpret_cast<</span>OpaqueContext*<span class="keyword">></span>(&ctx); <a name="l00433"></a>00433 u_char digest_result[EVP_MAX_MD_SIZE]; <a name="l00434"></a>00434 u_int32_t rlen = 0; <a name="l00435"></a>00435 <span class="keywordtype">int</span> result = <a class="code" href="BlockProcessor_8h.html#cce9a45a37bad1da41648533b0e15457">BP_FAIL</a>; <a name="l00436"></a>00436 BP_Local_CS* locals = NULL; <a name="l00437"></a>00437 u_int64_t cs_flags; <a name="l00438"></a>00438 u_int64_t suite_num; <a name="l00439"></a>00439 <span class="keywordtype">int</span> sdnv_len = 0; <span class="comment">// use an int to handle -1 return values</span> <a name="l00440"></a>00440 log_debug_p(<a class="code" href="namespacedtn.html#68bf4270dd0a7e5e8390869b83889922">log</a>, <span class="stringliteral">"Ciphersuite_BA1::finalize()"</span>); <a name="l00441"></a>00441 <a name="l00442"></a>00442 <span class="comment">/* The processing for BundleAuthentication takes place</span> <a name="l00443"></a>00443 <span class="comment"> * when finalize() is called for the "front" block, even though</span> <a name="l00444"></a>00444 <span class="comment"> * the result itself goes into the trailing block, after the payload.</span> <a name="l00445"></a>00445 <span class="comment"> * It is an error to calculate the digest during the finalize() call</span> <a name="l00446"></a>00446 <span class="comment"> * for the trailing block itself, as other needed results have not</span> <a name="l00447"></a>00447 <span class="comment"> * been created at that time. Remember that the finalize() processing</span> <a name="l00448"></a>00448 <span class="comment"> * is a reverse iteration over all the blocks.</span> <a name="l00449"></a>00449 <span class="comment"> */</span> <a name="l00450"></a>00450 <a name="l00451"></a>00451 locals = <span class="keyword">dynamic_cast<</span>BP_Local_CS*<span class="keyword">></span>(block->locals()); <a name="l00452"></a>00452 CS_FAIL_IF_NULL(locals); <a name="l00453"></a>00453 <span class="keywordflow">if</span> ( locals->correlator_sequence() == 0 ) { <span class="comment">// front block is zero</span> <a name="l00454"></a>00454 <span class="comment">// fetch key</span> <a name="l00455"></a>00455 <span class="keyword">const</span> KeyDB::Entry* key_entry = KeyDB::find_key(<span class="stringliteral">"*"</span>, cs_num()); <a name="l00456"></a>00456 <span class="comment">// XXX/ngoffee -- fix this ASSERT later, but it's what we have</span> <a name="l00457"></a>00457 <span class="comment">// to do until the prepare()/generate()/finalize() interface</span> <a name="l00458"></a>00458 <span class="comment">// is changed to allow more subtle return codes.</span> <a name="l00459"></a>00459 CS_FAIL_IF(key_entry == NULL); <a name="l00460"></a>00460 CS_FAIL_IF(key_entry->key_len() != res_len); <a name="l00461"></a>00461 <a name="l00462"></a>00462 <span class="comment">// dump key_entry to debugging output</span> <a name="l00463"></a>00463 <span class="comment">// oasys::StringBuffer ksbuf;</span> <a name="l00464"></a>00464 <span class="comment">// key_entry->dump(&ksbuf);</span> <a name="l00465"></a>00465 <span class="comment">// log_debug_p(log, "Ciphersuite_BA1::finalize(): using key entry:\n%s",</span> <a name="l00466"></a>00466 <span class="comment">// ksbuf.c_str());</span> <a name="l00467"></a>00467 <a name="l00468"></a>00468 <span class="comment">// prepare the digest context in "digest_result"</span> <a name="l00469"></a>00469 HMAC_CTX_init(&ctx); <a name="l00470"></a>00470 HMAC_Init_ex(&ctx, key_entry->key(), key_entry->key_len(), <a name="l00471"></a>00471 EVP_sha1(), NULL); <a name="l00472"></a>00472 <a name="l00473"></a>00473 <span class="comment">// walk the list and process each of the blocks</span> <a name="l00474"></a>00474 <span class="keywordflow">for</span> (BlockInfoVec::const_iterator iter = xmit_blocks->begin(); <a name="l00475"></a>00475 iter != xmit_blocks->end(); <a name="l00476"></a>00476 ++iter) <a name="l00477"></a>00477 { <a name="l00478"></a>00478 offset = 0; <a name="l00479"></a>00479 len = iter->full_length(); <a name="l00480"></a>00480 <a name="l00481"></a>00481 <span class="comment">// If this is a BA block then we exclude the security result data</span> <a name="l00482"></a>00482 <span class="comment">// from the digest, but include its length field</span> <a name="l00483"></a>00483 <a name="l00484"></a>00484 <span class="keywordflow">if</span> ( iter->type() == BundleProtocol::BUNDLE_AUTHENTICATION_BLOCK ) { <a name="l00485"></a>00485 <span class="comment">// This is a BA block but might or might not be BA1.</span> <a name="l00486"></a>00486 <span class="comment">// So we need to see if there is a security-result field</span> <a name="l00487"></a>00487 <span class="comment">// which needs exclusion</span> <a name="l00488"></a>00488 <a name="l00489"></a>00489 <span class="comment">// ciphersuite number and flags</span> <a name="l00490"></a>00490 u_char* ptr = iter->data(); <a name="l00491"></a>00491 rem = iter->full_length(); <a name="l00492"></a>00492 sdnv_len = <a class="code" href="SDNV_8cc.html#151d178617a7c2f598cfd7630ebeb7b4">SDNV::decode</a>(ptr, <a name="l00493"></a>00493 rem, <a name="l00494"></a>00494 &suite_num); <a name="l00495"></a>00495 ptr += sdnv_len; <a name="l00496"></a>00496 rem -= sdnv_len; <a name="l00497"></a>00497 <a name="l00498"></a>00498 sdnv_len = <a class="code" href="SDNV_8cc.html#151d178617a7c2f598cfd7630ebeb7b4">SDNV::decode</a>(ptr, <a name="l00499"></a>00499 rem, <a name="l00500"></a>00500 &cs_flags); <a name="l00501"></a>00501 ptr += sdnv_len; <a name="l00502"></a>00502 rem -= sdnv_len; <a name="l00503"></a>00503 <a name="l00504"></a>00504 <span class="keywordflow">if</span> ( cs_flags & CS_BLOCK_HAS_RESULT ) { <a name="l00505"></a>00505 <span class="comment">// if there's a security-result we have to ease up to it</span> <a name="l00506"></a>00506 <a name="l00507"></a>00507 sdnv_len = <a class="code" href="num2sdnv_8c.html#fed088663f8704004425cdae2120b9b3">SDNV::len</a>(ptr); <span class="comment">//step over correlator</span> <a name="l00508"></a>00508 ptr += sdnv_len; <a name="l00509"></a>00509 rem -= sdnv_len; <a name="l00510"></a>00510 <a name="l00511"></a>00511 sdnv_len = <a class="code" href="num2sdnv_8c.html#fed088663f8704004425cdae2120b9b3">SDNV::len</a>(ptr); <span class="comment">//step over security-result-length field</span> <a name="l00512"></a>00512 ptr += sdnv_len; <a name="l00513"></a>00513 rem -= sdnv_len; <a name="l00514"></a>00514 <a name="l00515"></a>00515 len = ptr - iter->contents().buf(); <span class="comment">//this is the length to use</span> <a name="l00516"></a>00516 } <a name="l00517"></a>00517 } <a name="l00518"></a>00518 <a name="l00519"></a>00519 iter->owner()->process( Ciphersuite_BA1::digest, <a name="l00520"></a>00520 bundle, <a name="l00521"></a>00521 block, <a name="l00522"></a>00522 &*iter, <a name="l00523"></a>00523 offset, <a name="l00524"></a>00524 len, <a name="l00525"></a>00525 r ); <a name="l00526"></a>00526 } <a name="l00527"></a>00527 <a name="l00528"></a>00528 <span class="comment">// finalize the digest</span> <a name="l00529"></a>00529 HMAC_Final(&ctx, digest_result, &rlen); <a name="l00530"></a>00530 HMAC_cleanup(&ctx); <a name="l00531"></a>00531 CS_FAIL_IF(rlen != Ciphersuite_BA1::res_len); <a name="l00532"></a>00532 <a name="l00533"></a>00533 <span class="comment">// place the digest into the block - it goes into the *second* block</span> <a name="l00534"></a>00534 <span class="comment">// walk the list to find it</span> <a name="l00535"></a>00535 <span class="keywordflow">for</span> (BlockInfoVec::iterator iter = xmit_blocks->begin(); <a name="l00536"></a>00536 iter != xmit_blocks->end(); <a name="l00537"></a>00537 ++iter) <a name="l00538"></a>00538 { <a name="l00539"></a>00539 BP_Local_CS* target_locals; <a name="l00540"></a>00540 <span class="keywordflow">if</span> ( iter->type() != BundleProtocol::BUNDLE_AUTHENTICATION_BLOCK ) <a name="l00541"></a>00541 <span class="keywordflow">continue</span>; <a name="l00542"></a>00542 <a name="l00543"></a>00543 target_locals = <span class="keyword">dynamic_cast<</span>BP_Local_CS*<span class="keyword">></span>(iter->locals()); <a name="l00544"></a>00544 CS_FAIL_IF_NULL(target_locals); <a name="l00545"></a>00545 <span class="keywordflow">if</span> ( target_locals->owner_cs_num() != CSNUM_BA1 ) <a name="l00546"></a>00546 <span class="keywordflow">continue</span>; <a name="l00547"></a>00547 <a name="l00548"></a>00548 <span class="keywordflow">if</span> (target_locals->correlator() != locals->correlator() ) <a name="l00549"></a>00549 <span class="keywordflow">continue</span>; <a name="l00550"></a>00550 <a name="l00551"></a>00551 <span class="keywordflow">if</span> (target_locals->correlator_sequence() != 1 ) <a name="l00552"></a>00552 <span class="keywordflow">continue</span>; <a name="l00553"></a>00553 <a name="l00554"></a>00554 <span class="comment">// Now we're at the block which is ...</span> <a name="l00555"></a>00555 <span class="comment">// 1. BA block</span> <a name="l00556"></a>00556 <span class="comment">// 2. BA1 ciphersuite</span> <a name="l00557"></a>00557 <span class="comment">// 3. same correlator as the main one</span> <a name="l00558"></a>00558 <span class="comment">// 4. correlator sequence is 1, which means second block</span> <a name="l00559"></a>00559 <a name="l00560"></a>00560 u_char* buf = iter->writable_contents()->buf() + iter->data_offset() + target_locals->security_result_offset(); <a name="l00561"></a>00561 <span class="keywordtype">size_t</span> rem = iter->data_length() - target_locals->security_result_offset(); <a name="l00562"></a>00562 sdnv_len = <a class="code" href="num2sdnv_8c.html#fed088663f8704004425cdae2120b9b3">SDNV::len</a>(buf); <span class="comment">//length of security-result field</span> <a name="l00563"></a>00563 CS_FAIL_IF(sdnv_len != 1); <a name="l00564"></a>00564 buf += sdnv_len; <a name="l00565"></a>00565 rem -= sdnv_len; <a name="l00566"></a>00566 *buf++ = Ciphersuite::CS_signature_field; <span class="comment">// item type</span> <a name="l00567"></a>00567 rem--; <a name="l00568"></a>00568 sdnv_len = <a class="code" href="SDNV_8cc.html#21c54ef3a5345647ad1cada265a03eb4">SDNV::encode</a>(Ciphersuite_BA1::res_len, buf, rem); <span class="comment">// item length</span> <a name="l00569"></a>00569 CS_FAIL_IF(sdnv_len != 1); <a name="l00570"></a>00570 buf += sdnv_len; <a name="l00571"></a>00571 rem -= sdnv_len; <a name="l00572"></a>00572 CS_FAIL_IF (rem != Ciphersuite_BA1::res_len); <a name="l00573"></a>00573 memcpy(buf, digest_result, Ciphersuite_BA1::res_len); <a name="l00574"></a>00574 } <a name="l00575"></a>00575 } <a name="l00576"></a>00576 <a name="l00577"></a>00577 result = <a class="code" href="BlockProcessor_8h.html#446572d61c813971cb4d5ce4ee1b9c0b">BP_SUCCESS</a>; <a name="l00578"></a>00578 <span class="keywordflow">return</span> result; <a name="l00579"></a>00579 <a name="l00580"></a>00580 fail: <a name="l00581"></a>00581 <span class="keywordflow">if</span> ( locals != NULL ) <a name="l00582"></a>00582 locals->set_proc_flag(CS_BLOCK_PROCESSING_FAILED_DO_NOT_SEND); <a name="l00583"></a>00583 <span class="keywordflow">return</span> <a class="code" href="BlockProcessor_8h.html#cce9a45a37bad1da41648533b0e15457">BP_FAIL</a>; <a name="l00584"></a>00584 } <a name="l00585"></a>00585 <a name="l00586"></a>00586 <span class="comment">//----------------------------------------------------------------------</span> <a name="l00587"></a>00587 <span class="keywordtype">void</span> <a name="l00588"></a>00588 Ciphersuite_BA1::digest(<span class="keyword">const</span> Bundle* bundle, <a name="l00589"></a>00589 <span class="keyword">const</span> BlockInfo* caller_block, <a name="l00590"></a>00590 <span class="keyword">const</span> BlockInfo* target_block, <a name="l00591"></a>00591 <span class="keyword">const</span> <span class="keywordtype">void</span>* buf, <a name="l00592"></a>00592 <span class="keywordtype">size_t</span> len, <a name="l00593"></a>00593 OpaqueContext* r) <a name="l00594"></a>00594 { <a name="l00595"></a>00595 (void)bundle; <a name="l00596"></a>00596 (void)caller_block; <a name="l00597"></a>00597 (void)target_block; <a name="l00598"></a>00598 log_debug_p(<a class="code" href="namespacedtn.html#68bf4270dd0a7e5e8390869b83889922">log</a>, <span class="stringliteral">"Ciphersuite_BA1::digest() %zu bytes"</span>, len); <a name="l00599"></a>00599 <a name="l00600"></a>00600 HMAC_CTX* pctx = <span class="keyword">reinterpret_cast<</span>HMAC_CTX*<span class="keyword">></span>(r); <a name="l00601"></a>00601 <a name="l00602"></a>00602 HMAC_Update( pctx, reinterpret_cast<const u_char*>(buf), len ); <a name="l00603"></a>00603 } <a name="l00604"></a>00604 <a name="l00605"></a>00605 } <span class="comment">// namespace dtn</span> <a name="l00606"></a>00606 <a name="l00607"></a>00607 <span class="preprocessor">#endif </span><span class="comment">/* BSP_ENABLED */</span> </pre></div></div> <hr size="1"><address style="text-align: right;"><small>Generated on Mon Jul 21 14:09:38 2008 for DTN Reference Implementation by <a href="http://www.doxygen.org/index.html"> <img src="doxygen.png" alt="doxygen" align="middle" border="0"></a> 1.5.6 </small></address> </body> </html>