/
engine.pl
101 lines (73 loc) · 3.18 KB
/
engine.pl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
# engine.pl
# for each of the four possible trust models
# pkt contains:
# DataName
# KeyName (could be empty)
# PktHash
# PktSignature
# data structures:
# knownKeyBitsDB: dataprefix ~ keyBits
==== in all trust model do:
validatePkt(Strategy, Schema, DataName, KeyNameOrId,
PktHash, PktSignature, confidenceContextIn,
confidenceContextOut) :- ...
getTrustedKeyBits(in: Strategy, Schema, DataName, KeyNameOrId,
confidenceContextIn;
out:KeyBits, confidenceContextOut),
validate(PktHash, PktSignature, KeyBits):
==== a) strategy == hierarchical trust
getTrustedKeyBits(in: Strategy, Schema, DataName, KeyNameOrId;
out:KeyBits) :-
if unKnownKey(KeyNameOrId):
getTrustedKeyByName(KeyNameOrId)
getKeyBits(KeyNameOrId)
getTrustedKeyByName(KeyNameOrId) :- // side effect: put it into
// trusted key DB
ccnLookup(KeyNameOrId) --> signed (public) Key Bits, PktHAsh, PktSign
extractSignerNameFromSignature --> signerKeyName
validatePkt(Strategy, Schema, KeyNameOrId, signerKeyName,
PktHash, PktSignature)
addKeyBits(KeyNameOrId, KeyBits)
==== b) schematized trust
getTrustedKeyBits(in: Strategy, Schema, DataName, KeyNameOrId;
out:KeyBits) :-
isValidSignerName(Schema, DataName, KeyNameOrID),
if unKnownKey(KeyNameOrId):
getTrustedKeyByName(KeyNameOrId)
getKeyBits(KeyNameOrId)
getTrustedKeyByName(KeyNameOrId) :- // side effect: put it into
// trusted key DB
ccnLookup(KeyNameOrId) --> signed (public) Key Bits, PktHAsh, PktSign
extractSignerNameFromSignature --> signerKeyName
validatePkt(Strategy, Schema, KeyNameOrId, signerKeyName,
PktHash, PktSignature)
addKeyBits(KeyNameOrId, KeyBits)
==== c) web of trust
getTrustedKeyBits(in: Strategy, Schema, DataName, KeyNameOrId,
confidenceContextIn;
out:KeyBits, confidenceContextOut) :-
# isValidSignerName(Schema, DataName, KeyNameOrID),
if unKnownKey(KeyNameOrId):
getTrustedKeyByName(KeyNameOrId, Param, confidenceContextIn,
confidnceContextOut)
getKeyBits(KeyNameOrId)
getTrustedKeyByName(KeyNameOrId, Param, confidenceContextIn) :-
// side effect: put it into
// trusted key DB
ccnLookup(KeyNameOrId) --> signed (public) Key Bits, PktHAsh, PktSign
extractSignerNameFromSignature --> signerKeyName
validatePkt(Strategy, Schema, KeyNameOrId, signerKeyName,
PktHash, PktSignature, confidenceContextIn,
confidenceInSigner)
isTrustworthy(confidenceContextIn, Param, confidenceInSigner),
confidenceContextOut = (confidenceContextIn, confidenceInSigner)
addKeyBits(KeyNameOrId, KeyBits, confidenceContextOut)
d) symmetric(keyed MAC)
getTrustedKeyBits(in: Strategy, Schema, DataName, KeyNameOrId,
confidenceContextIn;
out:KeyBits, confidenceContextOut) :-
# isValidSignerName(Schema, DataName, KeyNameOrID),
if unKnownKey(KeyNameOrId):
fail
# or kick off a symmetric key delivery protocol to get it
getKeyBits(KeyNameOrId)