Signature: add SignatureNonce and Timestamp
Change-Id: Ie906c44076ed2c29e0574c13fabed397d102a6ce
Refs: #4599
diff --git a/changelog.rst b/changelog.rst
index 078b694..1793192 100644
--- a/changelog.rst
+++ b/changelog.rst
@@ -18,6 +18,7 @@
+ Make ``MetaInfo`` and ``Content`` elements optional
+ Change semantics of omitted (or set to zero) ``FreshnessPeriod`` element: it cannot be used to satisfy
Interests with ``MustBeFresh``
+ + Add optional ``SignatureNonce`` and ``Timestamp`` elements to ``SignatureInfo``
- **Name**
diff --git a/signature.rst b/signature.rst
index 0a7f96b..21c9df1 100644
--- a/signature.rst
+++ b/signature.rst
@@ -6,7 +6,7 @@
NDN Signature is defined as two consecutive TLV blocks: ``SignatureInfo`` and ``SignatureValue``.
The following general considerations about SignatureInfo and SignatureValue blocks that apply for all signature types:
-1. ``SignatureInfo`` is **included** in signature calculation and fully describes the signature, signature algorithm, and any other relevant information to obtain parent certificate(s), such as :ref:`KeyLocator`
+1. ``SignatureInfo`` is **included** in signature calculation and fully describes the signature, signature algorithm, and any other relevant information to obtain parent certificate(s), such as :ref:`KeyLocator`.
2. ``SignatureValue`` is **excluded** from signature calculation and represent actual bits of the signature and any other supporting signature material.
@@ -20,11 +20,13 @@
SignatureInfo ::= SIGNATURE-INFO-TYPE TLV-LENGTH
SignatureType
KeyLocator?
+ SignatureNonce?
+ Timestamp?
... (SignatureType-specific TLVs)
SignatureValue ::= SIGNATURE-VALUE-TYPE TLV-LENGTH
- ... (SignatureType-specific TLVs and
- BYTE+
+ BYTE+
+
SignatureType
~~~~~~~~~~~~~
@@ -56,15 +58,6 @@
| >200 | | unassigned |
+---------+----------------------------------------+-------------------------------------------------+
-.. +-------+----------------------------------------+-------------------------------------------------+
-.. | 2 | :ref:`SignatureSha256WithRsaAndMerkle` | Integrity and provenance protection using |
-.. | | | RSA signature over SHA-256-Merkle-Hash digest. |
-.. | | | |
-.. | | | This signature type defines an aggregated |
-.. | | | signing algorithm that reduces cost of signing |
-.. | | | of a large segmented content (e.g., video file).|
-
-
.. _KeyLocator:
KeyLocator
@@ -86,6 +79,43 @@
However, it is up to the specific trust model to define whether this name is a full name of the Data packet or a prefix that can match multiple Data packets.
For example, the hierarchical trust model :cite:`testbed-key-management` uses the latter approach, requiring clients to fetch the latest version of the Data packet pointed by the KeyLocator (the latest version of the public key certificate) in order to ensure that the public key was not yet revoked.
+.. _SignatureInfoNonce:
+
+SignatureNonce
+~~~~~~~~~~~~~~
+
+::
+
+ SignatureNonce ::= SIGNATURE-NONCE-TYPE TLV-LENGTH(=4)
+ BYTE{4}
+
+
+The ``SignatureNonce`` element adds additional assurances that a signature will be unique.
+
+.. _Timestamp:
+
+Timestamp
+~~~~~~~~~
+
+::
+
+ Timestamp ::= TIMESTAMP-TYPE TLV-LENGTH
+ nonNegativeInteger
+
+
+The value of the ``Timestamp`` element is the signature's timestamp (in terms of milliseconds since 1970-01-01 00:00:00 UTC) encoded as nonNegativeInteger.
+The timestamp may be used to protect against replay attacks.
+
+Different Types of Signature
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Each signature type has different requirements on the format of its ``SignatureInfo`` element.
+In the following sections, these requirements are specified along 3 dimensions:
+
+* The TLV-VALUE of ``SignatureType``
+* ``KeyLocator`` is required/forbidden
+* If ``SignatureType``-specific elements are needed, express so using a ``SignatureInfoByType`` rule
+
.. _DigestSha256:
DigestSha256
@@ -96,17 +126,14 @@
``DigestSha256`` is defined as a SHA256 hash of the :ref:`Name`, :ref:`MetaInfo`, :ref:`Content`, and :ref:`SignatureInfo <Signature>` TLVs:
-::
+* The TLV-VALUE of ``SignatureType`` is 0
+* ``KeyLocator`` is forbidden; if present, it must be ignored
- SignatureInfo ::= SIGNATURE-INFO-TYPE TLV-LENGTH(=3)
- SIGNATURE-TYPE-TYPE TLV-LENGTH(=1) 0
+::
SignatureValue ::= SIGNATURE-VALUE-TYPE TLV-LENGTH(=32)
BYTE+(=SHA256{Name, MetaInfo, Content, SignatureInfo})
-Note that ``SignatureInfo`` does not require ``KeyLocator`` field, since there digest calculation and verification does not require any additional information.
-If ``KeyLocator`` is present in ``SignatureInfo``, it must be ignored.
-
.. _SignatureSha256WithRsa:
SignatureSha256WithRsa
@@ -115,13 +142,11 @@
``SignatureSha256WithRsa`` is the basic signature algorithm that MUST be supported by any NDN-compliant software.
As suggested by the name, it defines an RSA public key signature that is calculated over SHA256 hash of the :ref:`Name`, :ref:`MetaInfo`, :ref:`Content`, and :ref:`SignatureInfo <Signature>` TLVs.
+* The TLV-VALUE of ``SignatureType`` is 1
+* ``KeyLocator`` is required
::
- SignatureInfo ::= SIGNATURE-INFO-TYPE TLV-LENGTH
- SIGNATURE-TYPE-TYPE TLV-LENGTH(=1) 1
- KeyLocator
-
SignatureValue ::= SIGNATURE-VALUE-TYPE TLV-LENGTH
BYTE+(=RSA over SHA256{Name, MetaInfo, Content, SignatureInfo})
@@ -148,11 +173,10 @@
``SignatureSha256WithEcdsa`` defines an ECDSA public key signature that is calculated over the SHA256 hash of the :ref:`Name`, :ref:`MetaInfo`, :ref:`Content`, and :ref:`SignatureInfo <Signature>` TLVs.
The signature algorithm is defined in `[RFC5753], Section 2.1 <http://tools.ietf.org/html/rfc5753#section-2.1>`_.
-::
+* The TLV-VALUE of ``SignatureType`` is 3
+* ``KeyLocator`` is required
- SignatureInfo ::= SIGNATURE-INFO-TYPE TLV-LENGTH
- SIGNATURE-TYPE-TYPE TLV-LENGTH(=1) 3
- KeyLocator
+::
SignatureValue ::= SIGNATURE-VALUE-TYPE TLV-LENGTH
BYTE+(=ECDSA over SHA256{Name, MetaInfo, Content, SignatureInfo})
@@ -182,11 +206,10 @@
``SignatureHmacWithSha256`` defines a hash-based message authentication code (HMAC) that is calculated over the :ref:`Name`, :ref:`MetaInfo`, :ref:`Content`, and :ref:`SignatureInfo <Signature>` TLVs, using SHA256 as the hash function, salted with a shared secret key.
The signature algorithm is defined in `Section 2 in RFC 2104 <http://tools.ietf.org/html/rfc2104#section-2>`__.
-::
+* The TLV-VALUE of ``SignatureType`` is 4
+* ``KeyLocator`` is required
- SignatureInfo ::= SIGNATURE-INFO-TYPE TLV-LENGTH
- SIGNATURE-TYPE-TYPE TLV-LENGTH(=1) 4
- KeyLocator
+::
SignatureValue ::= SIGNATURE-VALUE-TYPE TLV-LENGTH(=32)
BYTE+(=HMAC{Name, MetaInfo, Content, SignatureInfo})
@@ -203,21 +226,4 @@
The shared key used to generate HMAC signature can be identified by the :ref:`KeyLocator` block in :ref:`SignatureInfo <Signature>`, e.g., by using the ``Name`` according to application's naming conventions.
It is the application's responsibility to establish association between the shared key and the identities of the parties who hold the shared key.
-.. .. _SignatureSha256WithRsaAndMerkle:
-
-.. SignatureSha256WithRsaAndMerkle
-.. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-.. ::
-
-.. SignatureInfo ::= SIGNATURE-INFO-TYPE TLV-LENGTH
-.. SIGNATURE-TYPE-TYPE TLV-LENGTH(=1) 2
-.. KeyLocator
-
-.. SignatureValue ::= SIGNATURE-VALUE-TYPE TLV-LENGTH
-.. BYTE+(=RSA over SHA256{Name, MetaInfo, Content, SignatureInfo})
-.. Witness
-
-.. Witness ::= WITNESS-TYPE TLV-LENGTH BYTE+
-
-.. bibliography:: ndnspec-refs.bib
+.. bibliography:: ndnspec-refs.bib
\ No newline at end of file
diff --git a/types.rst b/types.rst
index ea676ce..f4da6f9 100644
--- a/types.rst
+++ b/types.rst
@@ -65,6 +65,10 @@
+---------------------------------------------+------------------+-----------------+
| KeyDigest | 29 | 0x1d |
+---------------------------------------------+------------------+-----------------+
+| SignatureNonce | 38 (non-critical)| 0x26 |
++---------------------------------------------+------------------+-----------------+
+| Timestamp | 40 (non-critical)| 0x28 |
++---------------------------------------------+------------------+-----------------+
| **Link Object** |
+---------------------------------------------+------------------+-----------------+
| Delegation | 31 | 0x1f |
@@ -81,7 +85,8 @@
| Number range | Designation |
+================+===========================================================+
| 0, 3, 4, | |
-| 35, 37-79 | Reserved for future assignments (1-byte encoding) |
+| 35, 37, 39, | |
+| 41-79 | Reserved for future assignments (1-byte encoding) |
+----------------+-----------------------------------------------------------+
| 9 | Reserved, formerly `Selectors` |
+----------------+-----------------------------------------------------------+