Signature: Added SignatureSha256WithEcdsa.
Change-Id: I73a0bdf6b6d966634daa6f121b65175fc82e6fd5
Refs: #1650
diff --git a/README.md b/README.md
index 64651b8..a1e03b1 100644
--- a/README.md
+++ b/README.md
@@ -19,7 +19,7 @@
If you're on Ubuntu Linux:
- sudo apt-get install python-sphinx
+ sudo apt-get install python-sphinx python-setuptools
sudo easy_install sphinxcontrib-fulltoc
sudo easy_install sphinxcontrib-bibtex
diff --git a/conf.py b/conf.py
index c00e100..e0de7f2 100644
--- a/conf.py
+++ b/conf.py
@@ -41,16 +41,16 @@
# General information about the project.
project = u'NDN Packet Format Specification'
-copyright = u'2013, NDN Project Team'
+copyright = u'2013-2014, NDN Project Team'
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
# built documents.
#
# The short X.Y version.
-version = '0.1'
+version = '0.1.1'
# The full version, including alpha/beta/rc tags.
-release = '0.1a2'
+release = '0.1.1'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
diff --git a/signature.rst b/signature.rst
index 8c35ada..319330f 100644
--- a/signature.rst
+++ b/signature.rst
@@ -20,7 +20,7 @@
... (SignatureType-specific TLVs)
SignatureValue ::= SIGNATURE-VALUE-TYPE TLV-LENGTH
- ... (SignatureType-specific TLVs and
+ ... (SignatureType-specific TLVs and
BYTE+
SignatureType
@@ -30,22 +30,25 @@
SignatureType ::= SIGNATURE-TYPE-TYPE TLV-LENGTH
nonNegativeInteger
-
+
This specification defines the following SignatureType values:
-+-------+----------------------------------------+-------------------------------------------------+
-| Value | Reference | Description |
-+=======+========================================+=================================================+
-| 0 | :ref:`DigestSha256` | Integrity protection using SHA-256 digest |
-+-------+----------------------------------------+-------------------------------------------------+
-| 1 | :ref:`SignatureSha256WithRsa` | Integrity and provenance protection using |
-| | | RSA signature over a SHA-256 digest |
-+-------+----------------------------------------+-------------------------------------------------+
-| 2-200 | | reserved for future assignments |
-+-------+----------------------------------------+-------------------------------------------------+
-| >200 | | unassigned |
-+-------+----------------------------------------+-------------------------------------------------+
++---------+----------------------------------------+-------------------------------------------------+
+| Value | Reference | Description |
++=========+========================================+=================================================+
+| 0 | :ref:`DigestSha256` | Integrity protection using SHA-256 digest |
++---------+----------------------------------------+-------------------------------------------------+
+| 1 | :ref:`SignatureSha256WithRsa` | Integrity and provenance protection using |
+| | | RSA signature over a SHA-256 digest |
++---------+----------------------------------------+-------------------------------------------------+
+| 3 | :ref:`SignatureSha256WithEcdsa` | Integrity and provenance protection using |
+| | | an ECDSA signature over a SHA-256 digest |
++---------+----------------------------------------+-------------------------------------------------+
+| 2,4-200 | | reserved for future assignments |
++---------+----------------------------------------+-------------------------------------------------+
+| >200 | | unassigned |
++---------+----------------------------------------+-------------------------------------------------+
.. +-------+----------------------------------------+-------------------------------------------------+
.. | 2 | :ref:`SignatureSha256WithRsaAndMerkle` | Integrity and provenance protection using |
@@ -97,17 +100,51 @@
SignatureValue size varies (typically 128 or 256 bytes) depending on the private key length used during the signing process.
This type of signature ensures strict provenance of a Data packet, provided that the signature verifies and signature issuer is authorized to sign the Data packet.
-The signature issuer is idenfified using :ref:`KeyLocator` block in :ref:`SignatureInfo <Signature>` block of ``SignatureSha256WithRsa``.
+The signature issuer is identified using :ref:`KeyLocator` block in :ref:`SignatureInfo <Signature>` block of ``SignatureSha256WithRsa``.
See :ref:`KeyLocator section <KeyLocator>` for more detail.
.. note::
It is application's responsibility to define rules (trust model) of when a specific issuer (KeyLocator) is authorized to sign a specific Data packet.
While trust model is outside the scope of the current specification, generally, trust model needs to specify authorization rules between KeyName and Data packet Name, as well as clearly define trust anchor(s).
- For example, an application can elect to use hierarchical trust model :cite:`testbed-key-management` to ensure Data integrity and provenance.
+ For example, an application can elect to use hierarchical trust model :cite:`testbed-key-management` to ensure Data integrity and provenance.
.. bibliography:: ndnspec-refs.bib
+.. _SignatureSha256WithEcdsa:
+
+SignatureSha256WithEcdsa
+^^^^^^^^^^^^^^^^^^^^^^^^
+
+``SignatureSha256WithEcdsa`` defines an ECDSA public key signature that is calculated over the SHA256 hash of the :ref:`Name`, :ref:`MetaInfo`, :ref:`Content`, and :ref:`SignatureInfo <Signature>` TLVs.
+The signature algorithm is defined in `[RFC5753], Section 2.1 <http://tools.ietf.org/html/rfc5753#section-2.1>`_.
+
+::
+
+ SignatureInfo ::= SIGNATURE-INFO-TYPE TLV-LENGTH
+ SIGNATURE-TYPE-TYPE TLV-LENGTH(=1) 3
+ KeyLocator
+
+ SignatureValue ::= SIGNATURE-VALUE-TYPE TLV-LENGTH
+ BYTE+(=ECDSA over SHA256{Name, MetaInfo, Content, SignatureInfo})
+
+.. note::
+
+ The SignatureValue size depends on the private key length used during the signing process (about 63 bytes for a 224 bit key).
+
+This type of signature ensures strict provenance of a Data packet, provided that the signature verifies and the signature issuer is authorized to sign the Data packet.
+The signature issuer is identified using the :ref:`KeyLocator` block in the :ref:`SignatureInfo <Signature>` block of the ``SignatureSha256WithEcdsa``.
+A KeyLocatorDigest is defined over the DER encoding of the SubjectPublicKeyInfo for an EC key as defined by `RFC 5480 <http://www.ietf.org/rfc/rfc5480.txt>`_.
+See the :ref:`KeyLocator section <KeyLocator>` for more detail.
+
+The value of ``SignatureValue`` of ``SignatureSha256WithEcdsa`` is a DER encoded DSA signature as defined in `Section 2.2.3 in RFC 3279 <http://tools.ietf.org/html/rfc3279#section-2.2.3>`_.
+
+::
+
+ Ecdsa-Sig-Value ::= SEQUENCE {
+ r INTEGER,
+ s INTEGER }
+
.. .. _SignatureSha256WithRsaAndMerkle:
.. SignatureSha256WithRsaAndMerkle