esp8266ndn
NDN Arduino library for ESP8266 and more
All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
client.hpp
Go to the documentation of this file.
1 #ifndef NDNPH_APP_NDNCERT_CLIENT_HPP
2 #define NDNPH_APP_NDNCERT_CLIENT_HPP
3 #ifdef NDNPH_HAVE_MBED
4 
5 #include "../../face/packet-handler.hpp"
6 #include "an.hpp"
7 #include "common.hpp"
8 
9 namespace ndnph {
10 namespace ndncert {
11 namespace client {
12 
13 class ChallengeRequest;
14 class ChallengeResponse;
15 
22 class Challenge {
23 public:
24  virtual ~Challenge() = default;
25 
27  virtual tlv::Value getId() const = 0;
28 
35  virtual void start(Region& region, ChallengeRequest& request, void (*cb)(void*, bool),
36  void* arg) = 0;
37 
44  virtual void next(Region& region, const ChallengeResponse& response, ChallengeRequest& request,
45  void (*cb)(void*, bool), void* arg) = 0;
46 };
47 
48 using ChallengeList = std::array<Challenge*, detail::MaxChallenges::value>;
49 
51 class CaProfile : public packet_struct::CaProfile {
52 public:
54  static bool isName(const Name& name) {
55  return name.size() >= 4 && name[-4] == getCaComponent() && name[-3] == getInfoComponent() &&
56  name[-2].is<convention::Version>() && name[-1].is<convention::Segment>() &&
57  name[-1].as<convention::Segment>() == 0;
58  }
59 
65  bool fromData(Region& region, const Data& data) {
66  return isName(data.getName()) &&
67  EvDecoder::decodeValue(
68  data.getContent().makeDecoder(),
69  EvDecoder::def<TT::CaPrefix>([&](const Decoder::Tlv& d) {
70  if (!d.vd().decode(prefix) || data.getName().getPrefix(-4) != prefix) {
71  return false;
72  }
73  prefix = prefix.clone(region);
74  return !!prefix;
75  }),
76  EvDecoder::defIgnore<TT::CaInfo>(), EvDecoder::defIgnore<TT::ParameterKey, true>(),
77  EvDecoder::defNni<TT::MaxValidityPeriod>(&maxValidityPeriod),
78  EvDecoder::def<TT::CaCertificate>([&](const Decoder::Tlv& d) {
79  cert = region.create<Data>();
80  return !!cert && cert.decodeFrom(tlv::Value(d.value, d.length)) // copying
81  && pub.import(region, cert);
82  })) &&
83  data.verify(pub);
84  }
85 
86 public:
88  EcPublicKey pub;
89 };
90 
92 class NewRequest : public packet_struct::NewRequest {
93 public:
99  Interest::Signed toInterest(Region& region, const CaProfile& profile,
100  detail::ISigPolicy& signingPolicy, const EcPrivateKey& signer) const {
101  Encoder encoder(region);
102  encoder.prepend([this](Encoder& encoder) { encoder.prependTlv(TT::EcdhPub, ecdhPub); },
103  [this](Encoder& encoder) { encoder.prependTlv(TT::CertRequest, certRequest); });
104  encoder.trim();
105 
106  Name name = profile.prefix.append(region, getCaComponent(), getNewComponent());
107  Interest interest = region.create<Interest>();
108  if (!encoder || !name || !interest) {
109  return Interest::Signed();
110  }
111  interest.setName(name);
112  interest.setMustBeFresh(true);
113  return interest.parameterize(tlv::Value(encoder)).sign(signer, region, signingPolicy);
114  }
115 };
116 
118 class NewResponse : public packet_struct::NewResponse {
119 public:
126  bool fromData(Region&, const Data& data, const CaProfile& profile,
127  const ChallengeList& challenges) {
128  hasChallenge.reset();
129  return data.verify(profile.pub) &&
130  EvDecoder::decodeValue(
131  data.getContent().makeDecoder(), EvDecoder::def<TT::EcdhPub>(&ecdhPub),
132  EvDecoder::def<TT::Salt>([this](const Decoder::Tlv& d) {
133  if (d.length == sizeof(salt)) {
134  std::copy_n(d.value, d.length, salt);
135  return true;
136  }
137  return false;
138  }),
139  EvDecoder::def<TT::RequestId>([this](const Decoder::Tlv& d) {
140  if (d.length == sizeof(requestId)) {
141  std::copy_n(d.value, d.length, requestId);
142  return true;
143  }
144  return false;
145  }),
146  EvDecoder::def<TT::Challenge, true>([this, &challenges](const Decoder::Tlv& d) {
147  for (size_t i = 0; i < challenges.size(); ++i) {
148  const Challenge* ch = challenges[i];
149  if (ch == nullptr) {
150  continue;
151  }
152  if (ch->getId() == tlv::Value(d.value, d.length)) {
153  hasChallenge.set(i);
154  return;
155  }
156  }
157  }));
158  }
159 
160 public:
162  std::bitset<detail::MaxChallenges::value> hasChallenge;
163 };
164 
166 class ChallengeRequest : public packet_struct::ChallengeRequest<Challenge> {
167 public:
174  Interest::Signed toInterest(Region& region, const CaProfile& profile, const uint8_t* requestId,
175  detail::SessionKey& sessionKey, detail::ISigPolicy& signingPolicy,
176  const EcPrivateKey& signer) const {
177  NDNPH_ASSERT(challenge != nullptr);
178  Encoder encoder(region);
179  encoder.prepend(
180  [this](Encoder& encoder) { encoder.prependTlv(TT::SelectedChallenge, challenge->getId()); },
181  params);
182  encoder.trim();
183  if (!encoder) {
184  return Interest::Signed();
185  }
186  auto encrypted = sessionKey.encrypt(region, tlv::Value(encoder), requestId);
187 
188  Name name = profile.prefix.append(region, getCaComponent(), getChallengeComponent(),
189  Component(region, detail::RequestIdLen::value, requestId));
190  Interest interest = region.create<Interest>();
191  if (!encrypted || !name || !interest) {
192  return Interest::Signed();
193  }
194  interest.setName(name);
195  interest.setMustBeFresh(true);
196  return interest.parameterize(encrypted).sign(signer, region, signingPolicy);
197  }
198 };
199 
201 class ChallengeResponse : public packet_struct::ChallengeResponse {
202 public:
208  bool fromData(Region& region, const Data& data, const CaProfile& profile,
209  const uint8_t* requestId, detail::SessionKey& sessionKey) {
210  if (!data.verify(profile.pub)) {
211  return false;
212  }
213 
214  auto decrypted = sessionKey.decrypt(region, data.getContent(), requestId);
215  uint32_t remainingTime = 0;
216  packet_struct::ParameterKV::Parser paramsParser(params);
217  bool ok =
218  !!decrypted && EvDecoder::decodeValue(
219  decrypted.makeDecoder(), EvDecoder::defNni<TT::Status, tlv::NNI, 1>(&status),
220  EvDecoder::def<TT::ChallengeStatus, false, 2>(&challengeStatus),
221  EvDecoder::defNni<TT::RemainingTries, tlv::NNI, 3>(&remainingTries),
222  EvDecoder::defNni<TT::RemainingTime, tlv::NNI, 4>(&remainingTime),
223  EvDecoder::def<TT::ParameterKey, true, 5>(
224  [&](const Decoder::Tlv& d) { return paramsParser.parseKey(d); }),
225  EvDecoder::def<TT::ParameterValue, true, 5>(
226  [&](const Decoder::Tlv& d) { return paramsParser.parseValue(d); }),
227  EvDecoder::def<TT::IssuedCertName, false, 6>(
228  [this](const Decoder::Tlv& d) { return d.vd().decode(issuedCertName); }),
229  EvDecoder::def<TT::ForwardingHint, false, 7>([this](const Decoder::Tlv& d) {
230  return detail::decodeFwHint(d, &fwHint);
231  }));
232  if (!ok) {
233  return false;
234  }
235  expireTime = port::Clock::add(port::Clock::now(), remainingTime * 1000);
236  return true;
237  }
238 };
239 
241 class Client : public PacketHandler {
242 public:
248  using Callback = void (*)(void* ctx, Data cert);
249 
250  struct Options {
252  Face& face;
253 
255  const CaProfile& profile;
256 
258  const ChallengeList& challenges;
259 
261  const EcPublicKey& pub;
262 
264  const EcPrivateKey& pvt;
265 
267  Callback cb;
268 
270  void* ctx;
271  };
272 
274  static void requestCertificate(const Options& opts) {
275  new Client(opts);
276  }
277 
278 private:
279  enum class State {
280  SendNewRequest,
281  WaitNewResponse,
282  ExecuteChallenge,
283  SendChallengeRequest,
284  WaitChallengeResponse,
285  FetchIssuedCert,
286  WaitIssuedCert,
287  Success,
288  Failure,
289  };
290 
291  class GotoState {
292  public:
293  explicit GotoState(Client* client)
294  : m_client(client) {}
295 
296  bool operator()(State state) {
297  NDNPH_NDNCERT_LOG("client state %d => %d", static_cast<int>(m_client->m_state),
298  static_cast<int>(state));
299  m_client->m_state = state;
300  m_set = true;
301  return true;
302  }
303 
304  ~GotoState() {
305  if (!m_set) {
306  NDNPH_NDNCERT_LOG("client state %d => %d", static_cast<int>(m_client->m_state),
307  static_cast<int>(State::Failure));
308  m_client->m_state = State::Failure;
309  }
310  }
311 
312  private:
313  Client* m_client = nullptr;
314  bool m_set = false;
315  };
316 
317  explicit Client(const Options& opts)
318  : PacketHandler(opts.face)
319  , m_pending(this)
320  , m_profile(opts.profile)
321  , m_challenges(opts.challenges)
322  , m_pvt(opts.pvt)
323  , m_cb(opts.cb)
324  , m_cbCtx(opts.ctx) {
325  sendNewRequest(opts.pub);
326  }
327 
328  void loop() final {
329  switch (m_state) {
330  case State::SendChallengeRequest: {
331  sendChallengeRequest();
332  break;
333  }
334  case State::FetchIssuedCert: {
335  sendFetchInterest();
336  break;
337  }
338  case State::WaitNewResponse:
339  case State::WaitChallengeResponse:
340  case State::WaitIssuedCert: {
341  if (m_pending.expired()) {
342  m_state = State::Failure;
343  }
344  break;
345  }
346  case State::Success: {
347  delete this;
348  return;
349  }
350  case State::Failure: {
351  m_cb(m_cbCtx, Data());
352  delete this;
353  return;
354  }
355  default:
356  break;
357  }
358  }
359 
360  bool processData(Data data) final {
361  if (!m_pending.matchPitToken()) {
362  return false;
363  }
364 
365  switch (m_state) {
366  case State::WaitNewResponse: {
367  return handleNewResponse(data);
368  }
369  case State::WaitChallengeResponse: {
370  return handleChallengeResponse(data);
371  }
372  case State::WaitIssuedCert: {
373  return handleIssuedCert(data);
374  }
375  default:
376  break;
377  }
378  return false;
379  }
380 
381  void sendNewRequest(const EcPublicKey& pub) {
382  StaticRegion<2048> region;
383  GotoState gotoState(this);
384  int res = mbedtls_ecdh_gen_public(mbedtls::P256::group(), m_ecdhPvt, m_newRequest.ecdhPub,
385  mbedtls::rng, nullptr);
386  if (res != 0) {
387  NDNPH_NDNCERT_LOG("NewRequest ECDH error");
388  return;
389  }
390 
391  auto validity = certificate::getValidity(m_profile.cert)
392  .intersect(ValidityPeriod::secondsFromNow(m_profile.maxValidityPeriod));
393  if (!validity.includesUnix()) {
394  NDNPH_NDNCERT_LOG("NewRequest validity expired");
395  return;
396  }
397 
398  auto cert = pub.selfSign(m_region, validity, m_pvt);
399  m_newRequest.certRequest = m_region.create<Data>();
400  if (!m_newRequest.certRequest || !m_newRequest.certRequest.decodeFrom(cert)) {
401  NDNPH_NDNCERT_LOG("NewRequest cert request error");
402  return;
403  }
404 
405  m_pending.send(m_newRequest.toInterest(region, m_profile, m_signingPolicy, m_pvt)) &&
406  gotoState(State::WaitNewResponse);
407  }
408 
409  bool handleNewResponse(Data data) {
410  bool ok = m_newResponse.fromData(m_region, data, m_profile, m_challenges);
411  if (!ok) {
412  NDNPH_NDNCERT_LOG("NewResponse parse error");
413  return false;
414  }
415 
416  GotoState gotoState(this);
417  for (size_t i = 0; i < m_newResponse.hasChallenge.size(); ++i) {
418  if (m_newResponse.hasChallenge.test(i)) {
419  m_challengeRequest.challenge = m_challenges[i];
420  break;
421  }
422  }
423  if (m_challengeRequest.challenge == nullptr) {
424  NDNPH_NDNCERT_LOG("NewResponse no common challenge");
425  return true;
426  }
427 
428  ok = m_sessionKey.makeKey(m_ecdhPvt, m_newResponse.ecdhPub, m_newResponse.salt,
429  m_newResponse.requestId);
430  if (!ok) {
431  NDNPH_NDNCERT_LOG("NewResponse session key error");
432  return true;
433  }
434  prepareChallengeRequest(gotoState);
435  return true;
436  }
437 
438  static void challengeCallback(void* self, bool ok) {
439  static_cast<Client*>(self)->m_state = ok ? State::SendChallengeRequest : State::Failure;
440  }
441 
442  void prepareChallengeRequest(GotoState& gotoState) {
443  gotoState(State::ExecuteChallenge);
444  m_challengeRequest.params.clear();
445  if (m_challengeResponse.status == Status::BEFORE_CHALLENGE) {
446  m_challengeRequest.challenge->start(m_challengeRegion, m_challengeRequest, challengeCallback,
447  this);
448  } else {
449  m_challengeRequest.challenge->next(m_challengeRegion, m_challengeResponse, m_challengeRequest,
450  challengeCallback, this);
451  }
452  }
453 
454  void sendChallengeRequest() {
455  StaticRegion<2048> region;
456  GotoState gotoState(this);
457  m_pending.send(m_challengeRequest.toInterest(region, m_profile, m_newResponse.requestId,
458  m_sessionKey, m_signingPolicy, m_pvt)) &&
459  gotoState(State::WaitChallengeResponse);
460  }
461 
462  bool handleChallengeResponse(Data data) {
463  m_challengeRegion.reset();
464  bool ok = m_challengeResponse.fromData(m_challengeRegion, data, m_profile,
465  m_newResponse.requestId, m_sessionKey);
466  if (!ok) {
467  NDNPH_NDNCERT_LOG("ChallengeResponse parse error");
468  return false;
469  }
470 
471  GotoState gotoState(this);
472  switch (m_challengeResponse.status) {
473  case Status::CHALLENGE:
474  prepareChallengeRequest(gotoState);
475  break;
476  case Status::SUCCESS:
477  return gotoState(State::FetchIssuedCert);
478  default:
479  break;
480  }
481  return true;
482  }
483 
484  void sendFetchInterest() {
485  ndnph::StaticRegion<2048> region;
486  GotoState gotoState(this);
487  auto interest = region.create<ndnph::Interest>();
488  NDNPH_ASSERT(!!interest);
489  interest.setName(m_challengeResponse.issuedCertName);
490  interest.setFwHint(m_challengeResponse.fwHint);
491  m_pending.send(interest) && gotoState(State::WaitIssuedCert);
492  }
493 
494  bool handleIssuedCert(Data data) {
495  ndnph::StaticRegion<512> region;
496  if (data.getFullName(region) != m_challengeResponse.issuedCertName) {
497  NDNPH_NDNCERT_LOG("IssuedCert full name mismatch");
498  return false;
499  }
500 
501  GotoState gotoState(this);
502  if (!ec::isCertificate(data)) {
503  NDNPH_NDNCERT_LOG("IssuedCert parse error");
504  return true;
505  }
506  m_cb(m_cbCtx, data);
507  return gotoState(State::Success);
508  }
509 
510 private:
511  OutgoingPendingInterest m_pending;
512  State m_state = State::SendNewRequest;
513 
514  const CaProfile& m_profile;
515  ChallengeList m_challenges;
516  const EcPrivateKey& m_pvt;
517  Callback m_cb;
518  void* m_cbCtx;
519 
520  StaticRegion<2048> m_region;
521  StaticRegion<512> m_challengeRegion;
522  detail::ISigPolicy m_signingPolicy;
523  mbedtls::Mpi m_ecdhPvt;
524  NewRequest m_newRequest;
525  NewResponse m_newResponse;
526  detail::SessionKey m_sessionKey;
527  ChallengeRequest m_challengeRequest;
528  ChallengeResponse m_challengeResponse;
529 };
530 
532 class NopChallenge : public Challenge {
533 public:
534  tlv::Value getId() const override {
535  return challenge_consts::nop();
536  }
537 
538  void start(Region&, ChallengeRequest&, void (*cb)(void*, bool), void* arg) override {
539  cb(arg, true);
540  }
541 
542  void next(Region&, const ChallengeResponse&, ChallengeRequest&, void (*cb)(void*, bool),
543  void* arg) override {
544  cb(arg, false);
545  }
546 };
547 
549 class PossessionChallenge : public Challenge {
550 public:
551  explicit PossessionChallenge(Data cert, const PrivateKey& signer)
552  : m_cert(std::move(cert))
553  , m_signer(signer) {}
554 
555  tlv::Value getId() const override {
556  return challenge_consts::possession();
557  }
558 
559  void start(Region& region, ChallengeRequest& request, void (*cb)(void*, bool),
560  void* arg) override {
561  Encoder encoder(region);
562  encoder.prepend(m_cert);
563  encoder.trim();
564  if (!encoder) {
565  NDNPH_NDNCERT_LOG("PossessionChallenge encode error");
566  cb(arg, false);
567  return;
568  }
569 
570  request.params.set(challenge_consts::issuedcert(), tlv::Value(encoder));
571  cb(arg, true);
572  }
573 
574  void next(Region& region, const ChallengeResponse& response, ChallengeRequest& request,
575  void (*cb)(void*, bool), void* arg) override {
576  tlv::Value nonce = response.params.get(challenge_consts::nonce());
577  uint8_t* sig = region.alloc(m_signer.getMaxSigLen());
578  if (nonce.size() != 16 || sig == nullptr) {
579  NDNPH_NDNCERT_LOG("PossessionChallenge bad nonce or sig");
580  cb(arg, false);
581  return;
582  }
583 
584  ssize_t sigLen = m_signer.sign({nonce}, sig);
585  if (sigLen < 0) {
586  NDNPH_NDNCERT_LOG("PossessionChallenge signing error");
587  cb(arg, false);
588  return;
589  }
590 
591  request.params.set(challenge_consts::proof(), tlv::Value(sig, sigLen));
592  cb(arg, true);
593  }
594 
595 private:
596  Data m_cert;
597  const PrivateKey& m_signer;
598 };
599 
600 } // namespace client
601 
602 using Client = client::Client;
603 
604 } // namespace ndncert
605 } // namespace ndnph
606 
607 #endif // NDNPH_HAVE_MBED
608 #endif // NDNPH_APP_NDNCERT_CLIENT_HPP
NDNPH_NDNCERT_LOG
#define NDNPH_NDNCERT_LOG(...)
Definition: common.hpp:15
ndnph::Component
Name component.
Definition: component.hpp:16
ndnph::Data
Data packet.
Definition: data.hpp:136
ndnph::Data::getContent
tlv::Value getContent() const
Definition: data.hpp:172
ndnph::Data::getName
const Name & getName() const
Definition: data.hpp:140
ndnph::Data::verify
bool verify(const PublicKey &key) const
Verify the packet with a public key.
Definition: data.hpp:263
ndnph::Data::decodeFrom
bool decodeFrom(const Decoder::Tlv &input)
Decode packet.
Definition: data.hpp:201
ndnph::Decoder::Tlv
Decoded TLV.
Definition: decoder.hpp:13
ndnph::Decoder::Tlv::length
size_t length
Definition: decoder.hpp:39
ndnph::Decoder::Tlv::value
const uint8_t * value
Definition: decoder.hpp:40
ndnph::Encoder
TLV encoder that accepts items in reverse order.
Definition: encoder.hpp:10
ndnph::Encoder::prepend
bool prepend(const First &first, const Arg &... arg)
Prepend a sequence of values.
Definition: encoder.hpp:123
ndnph::Encoder::trim
void trim() const
Release unused space to the Region.
Definition: encoder.hpp:58
ndnph::Encoder::prependTlv
bool prependTlv(uint32_t type, OmitEmptyTag omitEmpty, const Arg &... arg)
Prepend TLV, measuring TLV-LENGTH automatically.
Definition: encoder.hpp:143
ndnph::EvDecoder::decodeValue
static bool decodeValue(const Decoder &input, const E &... defs)
Decode input TLV-VALUE with a sequence of element definitions.
Definition: ev-decoder.hpp:126
ndnph::Face
Network layer face.
Definition: face.hpp:12
ndnph::Interest::Parameterized::sign
Signed sign(const PrivateKey &key, ISigInfo sigInfo=ISigInfo()) const
Definition: interest.hpp:350
ndnph::Interest
Interest packet.
Definition: interest.hpp:284
ndnph::Interest::parameterize
Parameterized parameterize(tlv::Value appParameters) const
Add AppParameters to the packet.
Definition: interest.hpp:374
ndnph::Interest::setMustBeFresh
void setMustBeFresh(bool v)
Definition: interest.hpp:296
ndnph::Interest::Signed
detail::SignedInterestRef Signed
Result of Interest::sign operation.
Definition: interest.hpp:343
ndnph::Interest::setName
void setName(const Name &v)
Definition: interest.hpp:288
ndnph::Name
Name.
Definition: name.hpp:14
ndnph::Name::size
size_t size() const
Get number of components.
Definition: name.hpp:86
ndnph::Name::append
Name append(Region &region, const C &... comps) const
Append a sequence of components.
Definition: name.hpp:183
ndnph::Name::clone
Name clone(Region &region) const
Clone TLV-VALUE into given region.
Definition: name.hpp:203
ndnph::PacketHandler
Base class to receive packets from Face.
Definition: packet-handler.hpp:10
ndnph::PrivateKey
Private key.
Definition: private-key.hpp:9
ndnph::Region
Region-based memory allocator thats owns memory of NDNph objects.
Definition: region.hpp:9
ndnph::Region::create
RefType create(Arg &&... arg)
Allocate and create an object, and return its reference.
Definition: region.hpp:90
ndnph::Region::alloc
uint8_t * alloc(size_t size)
Allocate a buffer with no alignment requirement.
Definition: region.hpp:27
ndnph::ValidityPeriod::secondsFromNow
static ValidityPeriod secondsFromNow(uint64_t seconds)
Get a ValidityPeriod from now until seconds later.
Definition: validity-period.hpp:45
ndnph::ValidityPeriod::intersect
ValidityPeriod intersect(const ValidityPeriod &other) const
Calculate the intersection of this and other ValidityPeriod.
Definition: validity-period.hpp:72
ndnph::convention::detail::TypedNumber
Definition: convention.hpp:111
ndnph::detail::SignedInterestRef
Definition: interest.hpp:206
ndnph::ec::EcPrivateKey
EC private key.
Definition: ec.hpp:180
ndnph::ec::EcPublicKey
EC public key.
Definition: ec.hpp:65
ndnph::ec::EcPublicKey::import
bool import(const Name &name, const uint8_t raw[KeyLen::value])
Import from raw key bits.
Definition: ec.hpp:80
ndnph::mbedtls::P256::group
static mbedtls_ecp_group * group()
Definition: mbed-common.hpp:240
ndnph::ndncert::client::CaProfile
CA profile packet.
Definition: client.hpp:51
ndnph::ndncert::client::CaProfile::isName
static bool isName(const Name &name)
Determine whether name is a valid CA profile packet name.
Definition: client.hpp:54
ndnph::ndncert::client::CaProfile::fromData
bool fromData(Region &region, const Data &data)
Extract CA profile from Data packet.
Definition: client.hpp:65
ndnph::ndncert::client::CaProfile::pub
EcPublicKey pub
CA public key.
Definition: client.hpp:88
ndnph::ndncert::client::ChallengeRequest
CHALLENGE request packet.
Definition: client.hpp:166
ndnph::ndncert::client::ChallengeRequest::toInterest
Interest::Signed toInterest(Region &region, const CaProfile &profile, const uint8_t *requestId, detail::SessionKey &sessionKey, detail::ISigPolicy &signingPolicy, const EcPrivateKey &signer) const
Build CHALLENGE request packet.
Definition: client.hpp:174
ndnph::ndncert::client::ChallengeResponse
CHALLENGE response packet.
Definition: client.hpp:201
ndnph::ndncert::client::ChallengeResponse::fromData
bool fromData(Region &region, const Data &data, const CaProfile &profile, const uint8_t *requestId, detail::SessionKey &sessionKey)
Extract CHALLENGE response from Data packet.
Definition: client.hpp:208
ndnph::ndncert::client::Challenge
Client side of a challenge.
Definition: client.hpp:22
ndnph::ndncert::client::Challenge::start
virtual void start(Region &region, ChallengeRequest &request, void(*cb)(void *, bool), void *arg)=0
Create a message to select and start the challenge.
ndnph::ndncert::client::Challenge::getId
virtual tlv::Value getId() const =0
Return challenge identifier.
ndnph::ndncert::client::Challenge::next
virtual void next(Region &region, const ChallengeResponse &response, ChallengeRequest &request, void(*cb)(void *, bool), void *arg)=0
Create a message to continue the challenge.
ndnph::ndncert::client::Client
Client application.
Definition: client.hpp:241
ndnph::ndncert::client::Client::requestCertificate
static void requestCertificate(const Options &opts)
Request a certificate.
Definition: client.hpp:274
ndnph::ndncert::client::Client::Callback
void(*)(void *ctx, Data cert) Callback
Callback to be invoked upon completion of a certificate request procedure.
Definition: client.hpp:248
ndnph::ndncert::client::NewRequest
NEW request packet.
Definition: client.hpp:92
ndnph::ndncert::client::NewRequest::toInterest
Interest::Signed toInterest(Region &region, const CaProfile &profile, detail::ISigPolicy &signingPolicy, const EcPrivateKey &signer) const
Build NEW request packet.
Definition: client.hpp:99
ndnph::ndncert::client::NewResponse
NEW response packet.
Definition: client.hpp:118
ndnph::ndncert::client::NewResponse::hasChallenge
std::bitset< detail::MaxChallenges::value > hasChallenge
List of client challenges offered by server.
Definition: client.hpp:162
ndnph::ndncert::client::NewResponse::fromData
bool fromData(Region &, const Data &data, const CaProfile &profile, const ChallengeList &challenges)
Extract NEW response from Data packet.
Definition: client.hpp:126
ndnph::ndncert::client::NopChallenge
The "nop" challenge where the server would approve every request.
Definition: client.hpp:532
ndnph::ndncert::client::NopChallenge::start
void start(Region &, ChallengeRequest &, void(*cb)(void *, bool), void *arg) override
Create a message to select and start the challenge.
Definition: client.hpp:538
ndnph::ndncert::client::NopChallenge::next
void next(Region &, const ChallengeResponse &, ChallengeRequest &, void(*cb)(void *, bool), void *arg) override
Create a message to continue the challenge.
Definition: client.hpp:542
ndnph::ndncert::client::NopChallenge::getId
tlv::Value getId() const override
Return challenge identifier.
Definition: client.hpp:534
ndnph::ndncert::client::PossessionChallenge
The "possession" challenge where client must present an existing certificate.
Definition: client.hpp:549
ndnph::ndncert::client::PossessionChallenge::start
void start(Region &region, ChallengeRequest &request, void(*cb)(void *, bool), void *arg) override
Create a message to select and start the challenge.
Definition: client.hpp:559
ndnph::ndncert::client::PossessionChallenge::next
void next(Region &region, const ChallengeResponse &response, ChallengeRequest &request, void(*cb)(void *, bool), void *arg) override
Create a message to continue the challenge.
Definition: client.hpp:574
ndnph::ndncert::client::PossessionChallenge::getId
tlv::Value getId() const override
Return challenge identifier.
Definition: client.hpp:555
ndnph::ndncert::client::PossessionChallenge::PossessionChallenge
PossessionChallenge(Data cert, const PrivateKey &signer)
Definition: client.hpp:551
ndnph::ndncert::detail::SessionKey
Symmetric key used in CHALLENGE step.
Definition: common.hpp:33
ndnph::ndncert::detail::SessionKey::decrypt
tlv::Value decrypt(Region &region, tlv::Value message, const uint8_t *requestId)
Decrypt from encrypted-message.
Definition: common.hpp:53
ndnph::ndncert::detail::SessionKey::encrypt
tlv::Value encrypt(Region &region, tlv::Value plaintext, const uint8_t *requestId)
Encrypt to encrypted-message.
Definition: common.hpp:48
ndnph::ndncert::packet_struct::ParameterKV::Parser
Definition: common.hpp:85
ndnph::ndncert::packet_struct::ParameterKV::set
bool set(tlv::Value key, tlv::Value value)
Set a parameter.
Definition: common.hpp:126
ndnph::ndncert::packet_struct::ParameterKV::get
tlv::Value get(tlv::Value key) const
Retrieve parameter value by parameter key.
Definition: common.hpp:116
ndnph::port_clock_ino::Clock::now
static Time now()
Definition: ino.hpp:21
ndnph::port_clock_ino::Clock::add
static Time add(Time t, int ms)
Definition: ino.hpp:27
ndnph::tlv::Value
A sequence of bytes, usually TLV-VALUE.
Definition: value.hpp:11
ndnph::tlv::Value::makeDecoder
Decoder makeDecoder() const
Create a Decoder over this value buffer.
Definition: value.hpp:64
ndnph::tlv::Value::size
size_t size() const
Definition: value.hpp:46
NDNPH_ASSERT
#define NDNPH_ASSERT(x)
Definition: common.hpp:30
ndnph::TT::Data
@ Data
Definition: an.hpp:41
ndnph::certificate::getValidity
ValidityPeriod getValidity(const Data &data)
Definition: certificate.hpp:184
ndnph::ec::isCertificate
bool isCertificate(const Data &data)
Determine if the Data packet is a certificate that contains an EC public key.
Definition: ec.hpp:319
ndnph::mbedtls::rng
int rng(void *, uint8_t *output, size_t count)
Random number generator for various Mbed TLS library functions.
Definition: mbed-common.hpp:30
ndnph::ndncert::Status::CHALLENGE
@ CHALLENGE
Definition: an.hpp:87
ndnph::ndncert::Status::BEFORE_CHALLENGE
@ BEFORE_CHALLENGE
Definition: an.hpp:86
ndnph::ndncert::Status::SUCCESS
@ SUCCESS
Definition: an.hpp:89
ndnph::ndncert::TT::Challenge
@ Challenge
Definition: an.hpp:25
ndnph::ndncert::TT::SelectedChallenge
@ SelectedChallenge
Definition: an.hpp:29
ndnph::ndncert::TT::CertRequest
@ CertRequest
Definition: an.hpp:22
ndnph::ndncert::TT::EcdhPub
@ EcdhPub
Definition: an.hpp:21
ndnph::ndncert::challenge_consts::proof
tlv::Value proof()
Definition: an.hpp:136
ndnph::ndncert::challenge_consts::nonce
tlv::Value nonce()
Definition: an.hpp:130
ndnph::ndncert::challenge_consts::nop
tlv::Value nop()
Definition: an.hpp:112
ndnph::ndncert::challenge_consts::possession
tlv::Value possession()
Definition: an.hpp:118
ndnph::ndncert::challenge_consts::issuedcert
tlv::Value issuedcert()
Definition: an.hpp:124
ndnph::ndncert::client::ChallengeList
std::array< Challenge *, detail::MaxChallenges::value > ChallengeList
Definition: client.hpp:48
ndnph::ndncert::detail::ISigPolicy
isig::Policy< isig::Nonce<>, isig::Time<> > ISigPolicy
Definition: common.hpp:73
ndnph::ndncert::getInfoComponent
Component getInfoComponent()
Return 'INFO' component.
Definition: an.hpp:53
ndnph::ndncert::Client
client::Client Client
Definition: client.hpp:602
ndnph::ndncert::getCaComponent
Component getCaComponent()
Return 'CA' component.
Definition: an.hpp:45
ndnph::ndncert::getNewComponent
Component getNewComponent()
Return 'NEW' component.
Definition: an.hpp:69
ndnph::ndncert::getChallengeComponent
Component getChallengeComponent()
Return 'CHALLENGE' component.
Definition: an.hpp:77
ndnph
Definition: fs.hpp:33
ndnph::EcPrivateKey
ec::EcPrivateKey EcPrivateKey
Definition: ec.hpp:326
ndnph::EcPublicKey
ec::EcPublicKey EcPublicKey
Definition: ec.hpp:325
ndnph::ndncert::client::Client::Options
Definition: client.hpp:250
ndnph::ndncert::client::Client::Options::face
Face & face
Face for communication.
Definition: client.hpp:252
ndnph::ndncert::client::Client::Options::ctx
void * ctx
Context pointer.
Definition: client.hpp:270
ndnph::ndncert::client::Client::Options::pvt
const EcPrivateKey & pvt
Corresponding private key.
Definition: client.hpp:264
ndnph::ndncert::client::Client::Options::cb
Callback cb
Completion callback.
Definition: client.hpp:267
ndnph::ndncert::client::Client::Options::pub
const EcPublicKey & pub
Public key to appear in the certificate.
Definition: client.hpp:261
ndnph::ndncert::client::Client::Options::challenges
const ChallengeList & challenges
List of acceptable challenges.
Definition: client.hpp:258
ndnph::ndncert::client::Client::Options::profile
const CaProfile & profile
CA profile.
Definition: client.hpp:255
ndnph::ndncert::packet_struct::CaProfile
Definition: common.hpp:157
ndnph::ndncert::packet_struct::CaProfile::prefix
Name prefix
CA prefix.
Definition: common.hpp:159
ndnph::ndncert::packet_struct::CaProfile::maxValidityPeriod
uint32_t maxValidityPeriod
Maximum ValidityPeriod duration in seconds.
Definition: common.hpp:162
ndnph::ndncert::packet_struct::CaProfile::cert
Data cert
CA certificate.
Definition: common.hpp:165
ndnph::ndncert::packet_struct::ChallengeRequest
Definition: common.hpp:188
ndnph::ndncert::packet_struct::ChallengeRequest::params
ParameterKV params
Parameter key-value pairs.
Definition: common.hpp:193
ndnph::ndncert::packet_struct::ChallengeResponse
Definition: common.hpp:196
ndnph::ndncert::packet_struct::ChallengeResponse::params
ParameterKV params
Parameter key-value pairs.
Definition: common.hpp:210
ndnph::ndncert::packet_struct::NewRequest
Definition: common.hpp:168
ndnph::ndncert::packet_struct::NewResponse
Definition: common.hpp:176
Generated by doxygen 1.9.1