def _processRecoveryInterest(self, interest, syncDigest, transport): logging.getLogger(__name__).info("processRecoveryInterest") if self._logFind(syncDigest) != -1: tempContent = sync_state_pb2.SyncStateMsg() for i in range(self._digestTree.size()): content = getattr(tempContent, "ss").add() content.name = self._applicationDataPrefixUri content.type = SyncState_UPDATE content.seqno.seq = self._sequenceNo content.seqno.session = self._digestTree.get(i).getSessionNo() if len(getattr(tempContent, "ss")) != 0: # TODO: Check if this works in Python 3. #pylint: disable=E1103 array = tempContent.SerializeToString() #pylint: enable=E1103 data = Data(interest.getName()) data.setContent(Blob(array)) self._keyChain.sign(data, self._certificateName) try: transport.send(data.wireEncode().toBuffer()) except Exception as ex: logging.getLogger(__name__).error( "Error in transport.send: %s", str(ex)) return logging.getLogger(__name__).info("send recovery data back") logging.getLogger(__name__).info("%s", interest.getName().toUri())
def _registerPrefixHelper(self, registeredPrefixId, prefix, onInterest, onRegisterFailed, flags, wireFormat): """ Do the work of registerPrefix to register with NDNx once we have an ndndId_. :param int registeredPrefixId: The _RegisteredPrefix.getNextRegisteredPrefixId() which registerPrefix got so it could return it to the caller. If this is 0, then don't add to registeredPrefixTable_ (assuming it has already been done). """ # Create a ForwardingEntry. # Note: ndnd ignores any freshness that is larger than 3600 seconds and # sets 300 seconds instead. To register "forever", (=2000000000 sec), # the freshness period must be omitted. forwardingEntry = ForwardingEntry() forwardingEntry.setAction("selfreg") forwardingEntry.setPrefix(prefix) forwardingEntry.setForwardingFlags(flags) content = forwardingEntry.wireEncode(wireFormat) # Set the ForwardingEntry as the content of a Data packet and sign. data = Data() data.setContent(content) # Set the name to a random value so that each request is unique. nonce = bytearray(4) for i in range(len(nonce)): nonce[i] = _systemRandom.randint(0, 0xff) data.getName().append(nonce) # The ndnd ignores the signature, so set to blank values. data.getSignature().getKeyLocator().setType( KeyLocatorType.KEY_LOCATOR_DIGEST) data.getSignature().getKeyLocator().setKeyData( Blob(bytearray(32), False)) data.getSignature().setSignature(Blob(bytearray(128), False)) encodedData = data.wireEncode(wireFormat) # Create an interest where the name has the encoded Data packet. interestName = Name().append("ndnx").append( self._ndndId).append("selfreg").append(encodedData) interest = Interest(interestName) interest.setInterestLifetimeMilliseconds(4000.0) interest.setScope(1) encodedInterest = interest.wireEncode(wireFormat) if registeredPrefixId != 0: # Save the onInterest callback and send the registration interest. self._registeredPrefixTable.append( Node._RegisteredPrefix(registeredPrefixId, prefix, onInterest)) response = Node._RegisterResponse(self, prefix, onInterest, onRegisterFailed, flags, wireFormat, False) self.expressInterest(interest, response.onData, response.onTimeout, wireFormat)
def _registerPrefixHelper( self, registeredPrefixId, prefix, onInterest, onRegisterFailed, flags, wireFormat): """ Do the work of registerPrefix to register with NDNx once we have an _ndndId. :param int registeredPrefixId: The _RegisteredPrefix.getNextRegisteredPrefixId() which registerPrefix got so it could return it to the caller. If this is 0, then don't add to _registeredPrefixTable (assuming it has already been done). """ # Create a ForwardingEntry. # Note: ndnd ignores any freshness that is larger than 3600 seconds and # sets 300 seconds instead. To register "forever", (=2000000000 sec), # the freshness period must be omitted. forwardingEntry = ForwardingEntry() forwardingEntry.setAction("selfreg") forwardingEntry.setPrefix(prefix) forwardingEntry.setForwardingFlags(flags) content = forwardingEntry.wireEncode(wireFormat) # Set the ForwardingEntry as the content of a Data packet and sign. data = Data() data.setContent(content) # Set the name to a random value so that each request is unique. nonce = bytearray(4) for i in range(len(nonce)): nonce[i] = _systemRandom.randint(0, 0xff) data.getName().append(nonce) # The ndnd ignores the signature, so set to blank values. data.getSignature().getKeyLocator().setType( KeyLocatorType.KEY_LOCATOR_DIGEST) data.getSignature().getKeyLocator().setKeyData( Blob(bytearray(32), False)) data.getSignature().setSignature(Blob(bytearray(128), False)) encodedData = data.wireEncode(wireFormat) # Create an interest where the name has the encoded Data packet. interestName = Name().append("ndnx").append(self._ndndId).append( "selfreg").append(encodedData) interest = Interest(interestName) interest.setInterestLifetimeMilliseconds(4000.0) interest.setScope(1) encodedInterest = interest.wireEncode(wireFormat) if registeredPrefixId != 0: # Save the onInterest callback and send the registration interest. self._registeredPrefixTable.append(Node._RegisteredPrefix( registeredPrefixId, prefix, onInterest)) response = Node._RegisterResponse( self, prefix, onInterest, onRegisterFailed, flags, wireFormat, False) self.expressInterest( interest, response.onData, response.onTimeout, wireFormat)
def _registerPrefixHelper( self, registeredPrefixId, prefix, onInterest, onRegisterFailed, flags, wireFormat, face): """ Do the work of registerPrefix to register with NDNx once we have an _ndndId. :param int registeredPrefixId: The getNextEntryId() which registerPrefix got so it could return it to the caller. If this is 0, then don't add to _registeredPrefixTable (assuming it has already been done). """ if not WireFormat.ENABLE_NDNX: # We can get here if the command signing info is set, but running NDNx. raise RuntimeError( "registerPrefix with NDNx is deprecated. To enable while you upgrade your code to use NFD, set WireFormat.ENABLE_NDNX = True") # Create a ForwardingEntry. # Note: ndnd ignores any freshness that is larger than 3600 seconds and # sets 300 seconds instead. To register "forever", (=2000000000 sec), # the freshness period must be omitted. forwardingEntry = ForwardingEntry() forwardingEntry.setAction("selfreg") forwardingEntry.setPrefix(prefix) forwardingEntry.setForwardingFlags(flags) content = forwardingEntry.wireEncode(wireFormat) # Set the ForwardingEntry as the content of a Data packet and sign. data = Data() data.setContent(content) # Set the name to a random value so that each request is unique. nonce = bytearray(4) for i in range(len(nonce)): nonce[i] = _systemRandom.randint(0, 0xff) data.getName().append(nonce) # The ndnd ignores the signature, so set to blank values. data.getSignature().getKeyLocator().setType( KeyLocatorType.KEY_LOCATOR_DIGEST) data.getSignature().getKeyLocator().setKeyData( Blob(bytearray(32), False)) data.getSignature().setSignature(Blob(bytearray(128), False)) encodedData = data.wireEncode(wireFormat) # Create an interest where the name has the encoded Data packet. interestName = Name().append("ndnx").append(self._ndndId).append( "selfreg").append(encodedData) interest = Interest(interestName) interest.setInterestLifetimeMilliseconds(4000.0) interest.setScope(1) if registeredPrefixId != 0: interestFilterId = 0 if onInterest != None: # registerPrefix was called with the "combined" form that includes # the callback, so add an InterestFilterEntry. interestFilterId = self.getNextEntryId() self.setInterestFilter( interestFilterId, InterestFilter(prefix), onInterest, face) self._registeredPrefixTable.append(Node._RegisteredPrefix( registeredPrefixId, prefix, interestFilterId)) # Send the registration interest. response = Node._RegisterResponse( self, prefix, onInterest, onRegisterFailed, flags, wireFormat, False, face) self.expressInterest( self.getNextEntryId(), interest, response.onData, response.onTimeout, wireFormat, face)
def _processSyncInterest(self, index, syncDigest, transport): """ Common interest processing, using digest log to find the difference after syncDigest. :return: True if sent a data packet to satisfy the interest, otherwise False. :rtype: bool """ nameList = [] # of str sequenceNoList = [] # of int sessionNoList = [] # of int for j in range(index + 1, len(self._digestLog)): temp = self._digestLog[j].getData() # array of sync_state_pb2.SyncState. for i in range(len(temp)): syncState = temp[i] if syncState.type != SyncState_UPDATE: continue if self._digestTree.find( syncState.name, syncState.seqno.session) != -1: n = -1 for k in range(len(nameList)): if nameList[k] == syncState.name: n = k break if n == -1: nameList.append(syncState.name) sequenceNoList.append(syncState.seqno.seq) sessionNoList.append(syncState.seqno.session) else: sequenceNoList[n] = syncState.seqno.seq sessionNoList[n] = syncState.seqno.session tempContent = sync_state_pb2.SyncStateMsg() for i in range(len(nameList)): content = getattr(tempContent, "ss").add() content.name = nameList[i] content.type = SyncState_UPDATE content.seqno.seq = sequenceNoList[i] content.seqno.session = sessionNoList[i] sent = False if len(getattr(tempContent, "ss")) != 0: name = Name(self._applicationBroadcastPrefix) name.append(syncDigest) # TODO: Check if this works in Python 3. #pylint: disable=E1103 array = tempContent.SerializeToString() #pylint: enable=E1103 data = Data(name) data.setContent(Blob(array)) self._keyChain.sign(data, self._certificateName) try: transport.send(data.wireEncode().toBuffer()) except Exception as ex: logging.getLogger(__name__).error( "Error in transport.send: %s", str(ex)) return sent = True logging.getLogger(__name__).info("Sync Data send") logging.getLogger(__name__).info("%s", name.toUri()) return sent
class SafeBag(object): """ There are three forms of the SafeBag constructor: SafeBag(certificate, privateKeyBag) - Create a SafeBag with the given certificate and private key. SafeBag(keyName, privateKeyBag, publicKeyEncoding [, password, digestAlgorithm, wireFormat]) - Create a SafeBag with given private key and a new self-signed certificate for the given public key. SafeBag(input) - Create a SafeBag by decoding the input as an NDN-TLV SafeBag. :param Data certificate: The certificate data packet (used only for SafeBag(certificate, privateKeyBag)). This copies the object. :param Blob privateKeyBag: The encoded private key. If encrypted, this is a PKCS #8 EncryptedPrivateKeyInfo. If not encrypted, this is an unencrypted PKCS #8 PrivateKeyInfo. :param password: (optional) The password for decrypting the private key in order to sign the self-signed certificate, which should have characters in the range of 1 to 127. If the password is supplied, use it to decrypt the PKCS #8 EncryptedPrivateKeyInfo. If the password is omitted or None, privateKeyBag is an unencrypted PKCS #8 PrivateKeyInfo. :type password: an array which implements the buffer protocol :param int digestAlgorithm: (optional) The digest algorithm for signing the self-signed certificate. If omitted, use DigestAlgorithm.SHA256 . :type digestAlgorithm: int from the DigestAlgorithm enum :param WireFormat wireFormat: (optional) A WireFormat object used to encode the self-signed certificate in order to sign it. If omitted, use WireFormat.getDefaultWireFormat(). :param input: The array with the bytes to decode. :type input: A Blob or an array type with int elements """ def __init__(self, arg1, privateKeyBag = None, publicKeyEncoding = None, password = None, digestAlgorithm = DigestAlgorithm.SHA256, wireFormat = None): if isinstance(arg1, Name): keyName = arg1 if wireFormat == None: # Don't use a default argument since getDefaultWireFormat can change. wireFormat = WireFormat.getDefaultWireFormat() self._certificate = SafeBag._makeSelfSignedCertificate( keyName, privateKeyBag, publicKeyEncoding, password, digestAlgorithm, wireFormat) self._privateKeyBag = privateKeyBag elif isinstance(arg1, Data): # The certificate is supplied. self._certificate = Data(arg1) self._privateKeyBag = privateKeyBag else: # Assume the first argument is the encoded SafeBag. self.wireDecode(arg1) def getCertificate(self): """ Get the certificate data packet. :return: The certificate as a Data packet. If you need to process it as a certificate object then you must create a new CertificateV2(data). :rtype: Data """ return self._certificate def getPrivateKeyBag(self): """ Get the encoded private key. :return: The encoded private key. If encrypted, this is a PKCS #8 EncryptedPrivateKeyInfo. If not encrypted, this is an unencrypted PKCS #8 PrivateKeyInfo. :rtype: Blob """ return self._privateKeyBag def wireDecode(self, input): """ Decode the input as an NDN-TLV SafeBag and update this object. :param input: The array with the bytes to decode. :type input: A Blob or an array type with int elements """ if isinstance(input, Blob): input = input.buf() # Decode directly as TLV. We don't support the WireFormat abstraction # because this isn't meant to go directly on the wire. decoder = TlvDecoder(input) endOffset = decoder.readNestedTlvsStart(Tlv.SafeBag_SafeBag) # Get the bytes of the certificate and decode. certificateBeginOffset = decoder.getOffset() certificateEndOffset = decoder.readNestedTlvsStart(Tlv.Data) decoder.seek(certificateEndOffset) self._certificate = Data() self._certificate.wireDecode( decoder.getSlice(certificateBeginOffset, certificateEndOffset), TlvWireFormat.get()) self._privateKeyBag = Blob( decoder.readBlobTlv(Tlv.SafeBag_EncryptedKeyBag), True) decoder.finishNestedTlvs(endOffset) def wireEncode(self, wireFormat = None): """ Encode this as an NDN-TLV SafeBag. :return: The encoded byte array as a Blob. :rtype: Blob """ # Encode directly as TLV. We don't support the WireFormat abstraction # because this isn't meant to go directly on the wire. encoder = TlvEncoder(256) saveLength = len(encoder) # Encode backwards. encoder.writeBlobTlv( Tlv.SafeBag_EncryptedKeyBag, self._privateKeyBag.buf()) # Add the entire Data packet encoding as is. encoder.writeBuffer( self._certificate.wireEncode(TlvWireFormat.get()).buf()) encoder.writeTypeAndLength( Tlv.SafeBag_SafeBag, len(encoder) - saveLength) return Blob(encoder.getOutput(), False) @staticmethod def _makeSelfSignedCertificate( keyName, privateKeyBag, publicKeyEncoding, password, digestAlgorithm, wireFormat): certificate = CertificateV2() # Set the name. now = Common.getNowMilliseconds() certificateName = Name(keyName) certificateName.append("self").appendVersion(int(now)) certificate.setName(certificateName) # Set the MetaInfo. certificate.getMetaInfo().setType(ContentType.KEY) # Set a one-hour freshness period. certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0) # Set the content. publicKey = PublicKey(publicKeyEncoding) certificate.setContent(publicKey.getKeyDer()) # Create a temporary in-memory Tpm and import the private key. tpm = Tpm("", "", TpmBackEndMemory()) tpm._importPrivateKey(keyName, privateKeyBag.toBytes(), password) # Set the signature info. if publicKey.getKeyType() == KeyType.RSA: certificate.setSignature(Sha256WithRsaSignature()) elif publicKey.getKeyType() == KeyType.EC: certificate.setSignature(Sha256WithEcdsaSignature()) else: raise ValueError("Unsupported key type") signatureInfo = certificate.getSignature() KeyLocator.getFromSignature(signatureInfo).setType(KeyLocatorType.KEYNAME) KeyLocator.getFromSignature(signatureInfo).setKeyName(keyName) # Set a 20-year validity period. ValidityPeriod.getFromSignature(signatureInfo).setPeriod( now, now + 20 * 365 * 24 * 3600 * 1000.0) # Encode once to get the signed portion. encoding = certificate.wireEncode(wireFormat) signatureBytes = tpm.sign(encoding.toSignedBytes(), keyName, digestAlgorithm) signatureInfo.setSignature(signatureBytes) # Encode again to include the signature. certificate.wireEncode(wireFormat) return certificate
class SafeBag(object): """ There are three forms of the SafeBag constructor: SafeBag(certificate, privateKeyBag) - Create a SafeBag with the given certificate and private key. SafeBag(keyName, privateKeyBag, publicKeyEncoding [, password, digestAlgorithm, wireFormat]) - Create a SafeBag with given private key and a new self-signed certificate for the given public key. SafeBag(input) - Create a SafeBag by decoding the input as an NDN-TLV SafeBag. :param Data certificate: The certificate data packet (used only for SafeBag(certificate, privateKeyBag)). This copies the object. :param Blob privateKeyBag: The encoded private key. If encrypted, this is a PKCS #8 EncryptedPrivateKeyInfo. If not encrypted, this is an unencrypted PKCS #8 PrivateKeyInfo. :param password: (optional) The password for decrypting the private key in order to sign the self-signed certificate, which should have characters in the range of 1 to 127. If the password is supplied, use it to decrypt the PKCS #8 EncryptedPrivateKeyInfo. If the password is omitted or None, privateKeyBag is an unencrypted PKCS #8 PrivateKeyInfo. :type password: an array which implements the buffer protocol :param int digestAlgorithm: (optional) The digest algorithm for signing the self-signed certificate. If omitted, use DigestAlgorithm.SHA256 . :type digestAlgorithm: int from the DigestAlgorithm enum :param WireFormat wireFormat: (optional) A WireFormat object used to encode the self-signed certificate in order to sign it. If omitted, use WireFormat.getDefaultWireFormat(). :param input: The array with the bytes to decode. :type input: A Blob or an array type with int elements """ def __init__(self, arg1, privateKeyBag=None, publicKeyEncoding=None, password=None, digestAlgorithm=DigestAlgorithm.SHA256, wireFormat=None): if isinstance(arg1, Name): keyName = arg1 if wireFormat == None: # Don't use a default argument since getDefaultWireFormat can change. wireFormat = WireFormat.getDefaultWireFormat() self._certificate = SafeBag._makeSelfSignedCertificate( keyName, privateKeyBag, publicKeyEncoding, password, digestAlgorithm, wireFormat) self._privateKeyBag = privateKeyBag elif isinstance(arg1, Data): # The certificate is supplied. self._certificate = Data(arg1) self._privateKeyBag = privateKeyBag else: # Assume the first argument is the encoded SafeBag. self.wireDecode(arg1) def getCertificate(self): """ Get the certificate data packet. :return: The certificate as a Data packet. If you need to process it as a certificate object then you must create a new CertificateV2(data). :rtype: Data """ return self._certificate def getPrivateKeyBag(self): """ Get the encoded private key. :return: The encoded private key. If encrypted, this is a PKCS #8 EncryptedPrivateKeyInfo. If not encrypted, this is an unencrypted PKCS #8 PrivateKeyInfo. :rtype: Blob """ return self._privateKeyBag def wireDecode(self, input): """ Decode the input as an NDN-TLV SafeBag and update this object. :param input: The array with the bytes to decode. :type input: A Blob or an array type with int elements """ if isinstance(input, Blob): input = input.buf() # Decode directly as TLV. We don't support the WireFormat abstraction # because this isn't meant to go directly on the wire. decoder = TlvDecoder(input) endOffset = decoder.readNestedTlvsStart(Tlv.SafeBag_SafeBag) # Get the bytes of the certificate and decode. certificateBeginOffset = decoder.getOffset() certificateEndOffset = decoder.readNestedTlvsStart(Tlv.Data) decoder.seek(certificateEndOffset) self._certificate = Data() self._certificate.wireDecode( decoder.getSlice(certificateBeginOffset, certificateEndOffset), TlvWireFormat.get()) self._privateKeyBag = Blob( decoder.readBlobTlv(Tlv.SafeBag_EncryptedKeyBag), True) decoder.finishNestedTlvs(endOffset) def wireEncode(self, wireFormat=None): """ Encode this as an NDN-TLV SafeBag. :return: The encoded byte array as a Blob. :rtype: Blob """ # Encode directly as TLV. We don't support the WireFormat abstraction # because this isn't meant to go directly on the wire. encoder = TlvEncoder(256) saveLength = len(encoder) # Encode backwards. encoder.writeBlobTlv(Tlv.SafeBag_EncryptedKeyBag, self._privateKeyBag.buf()) # Add the entire Data packet encoding as is. encoder.writeBuffer( self._certificate.wireEncode(TlvWireFormat.get()).buf()) encoder.writeTypeAndLength(Tlv.SafeBag_SafeBag, len(encoder) - saveLength) return Blob(encoder.getOutput(), False) @staticmethod def _makeSelfSignedCertificate(keyName, privateKeyBag, publicKeyEncoding, password, digestAlgorithm, wireFormat): certificate = CertificateV2() # Set the name. now = Common.getNowMilliseconds() certificateName = Name(keyName) certificateName.append("self").appendVersion(int(now)) certificate.setName(certificateName) # Set the MetaInfo. certificate.getMetaInfo().setType(ContentType.KEY) # Set a one-hour freshness period. certificate.getMetaInfo().setFreshnessPeriod(3600 * 1000.0) # Set the content. publicKey = PublicKey(publicKeyEncoding) certificate.setContent(publicKey.getKeyDer()) # Create a temporary in-memory Tpm and import the private key. tpm = Tpm("", "", TpmBackEndMemory()) tpm._importPrivateKey(keyName, privateKeyBag.toBytes(), password) # Set the signature info. if publicKey.getKeyType() == KeyType.RSA: certificate.setSignature(Sha256WithRsaSignature()) elif publicKey.getKeyType() == KeyType.EC: certificate.setSignature(Sha256WithEcdsaSignature()) else: raise ValueError("Unsupported key type") signatureInfo = certificate.getSignature() KeyLocator.getFromSignature(signatureInfo).setType( KeyLocatorType.KEYNAME) KeyLocator.getFromSignature(signatureInfo).setKeyName(keyName) # Set a 20-year validity period. ValidityPeriod.getFromSignature(signatureInfo).setPeriod( now, now + 20 * 365 * 24 * 3600 * 1000.0) # Encode once to get the signed portion. encoding = certificate.wireEncode(wireFormat) signatureBytes = tpm.sign(encoding.toSignedBytes(), keyName, digestAlgorithm) signatureInfo.setSignature(signatureBytes) # Encode again to include the signature. certificate.wireEncode(wireFormat) return certificate