Data Packet Verification Added
diff --git a/CertTool/cert_tool.cpp b/CertTool/cert_tool.cpp
new file mode 100644
index 0000000..98c2f5c
--- /dev/null
+++ b/CertTool/cert_tool.cpp
@@ -0,0 +1,320 @@
+#include <ndn-cpp-dev/data.hpp>
+#include <ndn-cpp-dev/security/key-chain.hpp>
+#include <ndn-cpp-dev/util/random.hpp>
+#include <ndn-cpp-dev/security/identity-certificate.hpp>
+#include <ndn-cpp-dev/security/certificate-subject-description.hpp>
+#include <ndn-cpp-dev/security/signature-sha256-with-rsa.hpp>
+#include <ndn-cpp-dev/util/io.hpp>
+#include <boost/algorithm/string.hpp>
+#include <exception>
+
+
+
+
+namespace
+{
+
+ class CertTool: public ndn::KeyChain
+ {
+ typedef SecPublicInfo::Error InfoError;
+ typedef SecTpm::Error TpmError;
+ public:
+ CertTool()
+ {
+ }
+
+ std::pair<ndn::shared_ptr<ndn::IdentityCertificate> , bool>
+ getCertificate(ndn::Name certificateName)
+ {
+ try
+ {
+ ndn::shared_ptr<ndn::IdentityCertificate> cert=
+ ndn::KeyChain::getCertificate(certificateName);
+ return std::make_pair(cert , true);
+ }
+ catch(TpmError& e)
+ {
+ std::cerr<<"Certificate Not Found"<<std::endl;
+ return std::make_pair(
+ ndn::make_shared<ndn::IdentityCertificate>() , false);
+ }
+ }
+
+
+
+ /* Return Certificate Name */
+ ndn::Name
+ createIdentity(const ndn::Name identityName, const ndn::Name signee,
+ bool isUnSigned=false)
+ {
+ ndn::KeyChain::deleteIdentity(identityName);
+ ndn::KeyChain::addIdentity(identityName);
+ ndn::Name keyName;
+ try
+ {
+ keyName = ndn::KeyChain::getDefaultKeyNameForIdentity(identityName);
+ }
+ catch(InfoError& e)
+ {
+ keyName = ndn::KeyChain::generateRSAKeyPairAsDefault(identityName, true);
+ }
+
+ ndn::shared_ptr<ndn::PublicKey> pubKey;
+ try
+ {
+ pubKey = ndn::KeyChain::getPublicKey(keyName);
+ }
+ catch(InfoError& e)
+ {
+ return identityName;
+ }
+ ndn::Name certName;
+ try
+ {
+ certName = ndn::KeyChain::getDefaultCertificateNameForKey(keyName);
+ }
+ catch(InfoError& e)
+ {
+ ndn::shared_ptr<ndn::IdentityCertificate> certificate =
+ ndn::make_shared<ndn::IdentityCertificate>();
+ ndn::Name certificateName = keyName.getPrefix(-1);
+ certificateName.append("KEY").append(
+ keyName.get(-1)).append("ID-CERT").appendVersion();
+ certificate->setName(certificateName);
+ certificate->setNotBefore(ndn::getNow());
+ certificate->setNotAfter(ndn::getNow() + 63072000 /* 2 years*/);
+ certificate->setPublicKeyInfo(*pubKey);
+ certificate->addSubjectDescription(
+ ndn::CertificateSubjectDescription("2.5.4.41",
+ keyName.toUri()));
+ certificate->encode();
+ if ( !isUnSigned )
+ {
+ try
+ {
+ signByIdentity(*certificate,signee);
+ }
+ catch(InfoError& e)
+ {
+ try
+ {
+ ndn::KeyChain::deleteIdentity(identityName);
+ }
+ catch(InfoError& e)
+ {
+ }
+ return identityName;
+ }
+ ndn::KeyChain::addCertificate(*(certificate));
+ }
+
+ certName=certificate->getName();
+ }
+ return certName;
+ }
+
+ template<typename T>
+ void
+ signByIdentity(T& packet, const ndn::Name& identityName)
+ {
+ ndn::KeyChain::signByIdentity(packet,identityName);
+ }
+
+ bool
+ loadCertificate(std::string inputFile)
+ {
+ ndn::shared_ptr<ndn::IdentityCertificate> cert =
+ ndn::io::load<ndn::IdentityCertificate>(
+ inputFile.c_str(), ndn::io::BASE_64);
+
+ try
+ {
+ ndn::KeyChain::deleteCertificate(cert->getName());
+ ndn::KeyChain::addCertificate(*(cert));
+ return true;
+ }
+ catch(InfoError& e)
+ {
+ std::cout << e.what() <<std::endl;
+ return false;
+ }
+ }
+
+ };
+}
+
+
+void
+createCertificateAndDump(std::string identity, std::string signee,
+ std::string outputFile)
+{
+ ndn::Name certName;
+ CertTool ct;
+
+ if( boost::iequals(signee, "self") || boost::iequals(signee, "unsigned"))
+ {
+ certName=ct.createIdentity(ndn::Name(identity),ndn::Name(identity));
+ }
+ else
+ {
+ certName=ct.createIdentity(ndn::Name(identity),ndn::Name(signee));
+ }
+
+ std::pair<ndn::shared_ptr<ndn::IdentityCertificate> , bool> cert =
+ ct.getCertificate(certName);
+ if( cert.second )
+ {
+ std::cout<<*(cert.first)<<std::endl;
+ std::ofstream outFile(outputFile.c_str());
+ ndn::io::save(*(cert.first),outFile,ndn::io::BASE_64);
+ }
+ else
+ {
+ std::cerr<<"Certificate not created or signee not found"<<std::endl;
+ }
+
+}
+
+void
+signCertificateAndDump(std::string signee,
+ std::string inputFile, std::string outputFile)
+{
+ ndn::shared_ptr<ndn::IdentityCertificate> cert =
+ ndn::io::load<ndn::IdentityCertificate>(
+ inputFile.c_str(), ndn::io::BASE_64);
+ try
+ {
+ CertTool ct;
+ ct.signByIdentity(*(cert), ndn::Name(signee));
+ std::cout<<*(cert)<<std::endl;
+ std::ofstream outFile(outputFile.c_str());
+ ndn::io::save(*(cert),outFile,ndn::io::BASE_64);
+
+ }
+ catch(std::exception& e)
+ {
+ std::cout << e.what() <<std::endl;
+ }
+
+}
+
+void
+loadCertificate(std::string inputFile)
+{
+ try
+ {
+ CertTool ct;
+ if (ct.loadCertificate(inputFile) )
+ {
+ std::cout<<"Certificate Loaded in Key Chain"<<std::endl;
+ }
+ }
+ catch(std::exception& e)
+ {
+ std::cout << e.what() <<std::endl;
+ }
+}
+
+
+static int
+usage(const std::string& program)
+{
+ std::cout << "Usage: " << program << " [OPTIONS...]"<<std::endl;
+ std::cout << " Cert Tool options...." << std::endl;
+ std::cout << " -(c|s|l) , Create or Sign or Load identity's certificate" << std::endl;
+ std::cout << " -i , --identityName New/singing identity name" <<std::endl;
+ std::cout << " -I , --signeeIdentity Identity Name of signer or self for self signing or unsigned" <<std::endl;
+ std::cout << " -f , --inputFile Input file name for -s option"<<std::endl;
+ std::cout << " -o , --outputFile Output file name where certificate will be dumped"<<std::endl;
+ std::cout << " -h , Display this help message" << std::endl;
+ exit(EXIT_FAILURE);
+}
+
+int main(int argc, char **argv)
+{
+ bool isCreate=false;
+ bool isSign=false;
+ bool isLoad=false;
+ int operationCount=0;
+ std::string programName(argv[0]);
+ std::string inputFile;
+ std::string outputFile;
+ std::string identityName;
+ std::string signeeIdentityName;
+ int opt;
+ while ((opt = getopt(argc, argv, "cslf:I:i:f:o:h")) != -1)
+ {
+ switch (opt)
+ {
+ case 'c':
+ isCreate=true;
+ operationCount++;
+ break;
+ case 's':
+ isSign=true;
+ operationCount++;
+ break;
+ case 'l':
+ isLoad=true;
+ operationCount++;
+ break;
+ case 'f':
+ inputFile=optarg;
+ break;
+ case 'o':
+ outputFile=optarg;
+ break;
+ case 'i':
+ identityName=optarg;
+ case 'I':
+ signeeIdentityName=optarg;
+ break;
+ case 'h':
+ default:
+ usage(programName);
+ return EXIT_FAILURE;
+ }
+ }
+
+ if( operationCount > 1)
+ {
+ std::cerr<<"Can not perform more than one operation at once !"<<std::endl;
+ usage(programName);
+ }
+
+ if ( isCreate )
+ {
+ if ( identityName.empty() ||
+ signeeIdentityName.empty() || outputFile.empty())
+ {
+ usage(programName);
+ }
+
+ createCertificateAndDump(identityName,signeeIdentityName, outputFile);
+ }
+
+ if( isSign )
+ {
+ if ( signeeIdentityName.empty() ||
+ inputFile.empty() || outputFile.empty())
+ {
+ usage(programName);
+ }
+
+ signCertificateAndDump(signeeIdentityName, inputFile, outputFile);
+ }
+
+ if( isLoad )
+ {
+ if ( inputFile.empty() )
+ {
+ usage(programName);
+ }
+
+ loadCertificate(inputFile);
+
+ }
+
+ return EXIT_SUCCESS;
+}
+
diff --git a/CertTool/waf b/CertTool/waf
new file mode 100755
index 0000000..d45d28b
--- /dev/null
+++ b/CertTool/waf
Binary files differ
diff --git a/CertTool/wscript b/CertTool/wscript
new file mode 100644
index 0000000..facce9d
--- /dev/null
+++ b/CertTool/wscript
@@ -0,0 +1,67 @@
+# -*- Mode: python; py-indent-offset: 4; indent-tabs-mode: nil; coding: utf-8; -*-
+
+from waflib import Build, Logs, Utils, Task, TaskGen, Configure
+
+def options(opt):
+ opt.load('compiler_c compiler_cxx gnu_dirs c_osx cryptopp boost')
+ #opt.load('boost cryptopp', tooldir=['waf-tools'])
+
+ opt = opt.add_option_group('Certtool Options')
+ opt.add_option('--debug',action='store_true',default=False,dest='debug',help='''debugging mode''')
+ #opt.add_option('--without-osx-keychain', action='store_false', default=True, dest='with_osx_keychain',
+ # help='''On Darwin, do not use OSX keychain as a default TPM''')
+
+def configure(conf):
+ conf.load("compiler_c compiler_cxx gnu_dirs c_osx cryptopp boost")
+
+ if conf.options.debug:
+ conf.define ('_DEBUG', 1)
+ flags = ['-O0',
+ '-Wall',
+ # '-Werror',
+ '-Wno-unused-variable',
+ '-g3',
+ '-Wno-unused-private-field', # only clang supports
+ '-fcolor-diagnostics', # only clang supports
+ '-Qunused-arguments', # only clang supports
+ '-Wno-tautological-compare', # suppress warnings from CryptoPP
+ '-Wno-unused-function', # another annoying warning from CryptoPP
+
+ '-Wno-deprecated-declarations',
+ ]
+
+ conf.add_supported_cxxflags (cxxflags = flags)
+ else:
+ flags = ['-O3', '-g', '-Wno-tautological-compare','-Wno-unused-variable',
+ '-Wno-unused-function', '-Wno-deprecated-declarations']
+ conf.add_supported_cxxflags (cxxflags = flags)
+
+ conf.check_cfg(package='libndn-cpp-dev', args=['--cflags', '--libs'], uselib_store='NDN_CPP', mandatory=True)
+ conf.check_boost(lib='system iostreams thread unit_test_framework log', uselib_store='BOOST', version='1_55', mandatory=True)
+ conf.check_cfg(package='sqlite3', args=['--cflags', '--libs'], uselib_store='SQLITE3', mandatory=True)
+ conf.check_cryptopp(path=conf.options.cryptopp_dir, mandatory=True)
+
+
+def build (bld):
+ bld (
+ features=['cxx', 'cxxprogram'],
+ target="certtool",
+ source = bld.path.ant_glob('*.cpp'),
+ use = 'NDN_CPP BOOST CRYPTOPP SQLITE3',
+ #includes = ". src"
+ )
+
+@Configure.conf
+def add_supported_cxxflags(self, cxxflags):
+ """
+ Check which cxxflags are supported by compiler and add them to env.CXXFLAGS variable
+ """
+ self.start_msg('Checking allowed flags for c++ compiler')
+
+ supportedFlags = []
+ for flag in cxxflags:
+ if self.check_cxx (cxxflags=[flag], mandatory=False):
+ supportedFlags += [flag]
+
+ self.end_msg (' '.join (supportedFlags))
+ self.env.CXXFLAGS += supportedFlags
diff --git a/src/security/nlsr_cert_store.cpp b/src/security/nlsr_cert_store.cpp
new file mode 100644
index 0000000..108d0c6
--- /dev/null
+++ b/src/security/nlsr_cert_store.cpp
@@ -0,0 +1,139 @@
+#include "nlsr_cert_store.hpp"
+
+namespace nlsr
+{
+ static bool
+ nlsrCertificateStoreEntryCompare(NlsrCertificateStoreEntry& ncse1,
+ NlsrCertificateStoreEntry& ncse2)
+
+ {
+ return ncse1.getCert()->getName().toUri() ==
+ ncse2.getCert()->getName().toUri() ;
+ }
+
+ static bool
+ nlsrCertificateStoreEntryCompareByName(NlsrCertificateStoreEntry& ncse1,
+ std::string compCertName)
+
+ {
+ return ncse1.getCert()->getName().toUri() == compCertName ;
+ }
+
+ bool
+ NlsrCertificateStore::addCertificate(NlsrCertificateStoreEntry & ncse)
+ {
+ std::list<NlsrCertificateStoreEntry>::iterator it =
+ std::find_if( certTable.begin(), certTable.end(),
+ bind(&nlsrCertificateStoreEntryCompare, _1, ncse));
+ if(it == certTable.end())
+ {
+ certTable.push_back(ncse);
+ return true;
+ }
+
+ if( it != certTable.end() )
+ {
+ if ( (*it).getCertSeqNum() < ncse.getCertSeqNum() )
+ {
+ certTable.erase(it);
+ certTable.push_back(ncse);
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+ bool
+ NlsrCertificateStore::addCertificate(
+ ndn::shared_ptr<ndn::IdentityCertificate> pcert, uint32_t csn, bool isv)
+ {
+ NlsrCertificateStoreEntry ncse(pcert, csn, isv);
+ return addCertificate(ncse);
+ }
+
+ std::pair<ndn::shared_ptr<ndn::IdentityCertificate>, bool>
+ NlsrCertificateStore::getCertificateFromStore(const std::string certName)
+ {
+ std::list<NlsrCertificateStoreEntry>::iterator it =
+ std::find_if( certTable.begin(), certTable.end(),
+ bind(&nlsrCertificateStoreEntryCompareByName, _1, certName));
+ if(it == certTable.end())
+ {
+ ndn::shared_ptr<ndn::IdentityCertificate> cert=
+ ndn::make_shared<ndn::IdentityCertificate>();
+
+ return std::make_pair(cert,false);
+ }
+
+ return std::make_pair((*it).getCert(),true);
+ }
+
+ std::pair<ndn::shared_ptr<ndn::IdentityCertificate>, bool>
+ NlsrCertificateStore::getCertificateFromStore(
+ const std::string certName, int checkSeqNum)
+ {
+ std::list<NlsrCertificateStoreEntry>::iterator it =
+ std::find_if( certTable.begin(), certTable.end(),
+ bind(&nlsrCertificateStoreEntryCompareByName, _1, certName));
+ if(it == certTable.end())
+ {
+ ndn::shared_ptr<ndn::IdentityCertificate> cert=
+ ndn::make_shared<ndn::IdentityCertificate>();
+
+ return std::make_pair(cert,false);
+ }
+ else
+ {
+ if( (*it).getCertSeqNum() == checkSeqNum )
+ {
+ return std::make_pair((*it).getCert(),true);
+ }
+ }
+
+ return std::make_pair((*it).getCert(),false);
+
+ }
+
+ bool
+ NlsrCertificateStore::isCertificateNewInStore(const std::string certName,
+ int checkSeqNo)
+ {
+ std::list<NlsrCertificateStoreEntry>::iterator it =
+ std::find_if( certTable.begin(), certTable.end(),
+ bind(&nlsrCertificateStoreEntryCompareByName, _1, certName));
+ if(it != certTable.end())
+ {
+ return (*it).getCertSeqNum() < checkSeqNo ;
+ }
+
+ return true;
+
+ }
+
+ bool
+ NlsrCertificateStore::removeCertificateFromStroe(const std::string certName)
+ {
+ std::list<NlsrCertificateStoreEntry>::iterator it =
+ std::find_if( certTable.begin(), certTable.end(),
+ bind(&nlsrCertificateStoreEntryCompareByName, _1, certName));
+ if(it != certTable.end())
+ {
+ certTable.erase(it);
+ return true;
+ }
+
+ return false;
+ }
+
+ void
+ NlsrCertificateStore::printCertStore()
+ {
+ std::list<NlsrCertificateStoreEntry>::iterator it;
+ for(it=certTable.begin(); it!=certTable.end(); ++it)
+ {
+ std::cout<<(*it)<<std::endl;
+ }
+
+ }
+}
diff --git a/src/security/nlsr_cse.cpp b/src/security/nlsr_cse.cpp
new file mode 100644
index 0000000..f52fdc9
--- /dev/null
+++ b/src/security/nlsr_cse.cpp
@@ -0,0 +1,18 @@
+#include <ndn-cpp-dev/security/signature-sha256-with-rsa.hpp>
+#include "nlsr_cse.hpp"
+
+namespace nlsr
+{
+ std::ostream&
+ operator <<(std::ostream& os, const NlsrCertificateStoreEntry& ncse)
+ {
+ os<<"------Certificate Entry---------------"<<std::endl;
+ os<<*(ncse.getCert())<<std::endl;
+ ndn::SignatureSha256WithRsa sig(ncse.getCert()->getSignature());
+ ndn::Name keyName=sig.getKeyLocator().getName();
+ os<<"Signee : "<<keyName.toUri()<<std::endl;
+ os<<"Cert Seq Num: "<<ncse.getCertSeqNum()<<std::endl;
+ os<<"Is Signer Verified: "<<ncse.getIsSignerVerified()<<std::endl;
+ return os;
+ }
+}
diff --git a/src/security/nlsr_cse.hpp b/src/security/nlsr_cse.hpp
new file mode 100644
index 0000000..27b992a
--- /dev/null
+++ b/src/security/nlsr_cse.hpp
@@ -0,0 +1,66 @@
+#ifndef NLSR_CERT_STORE_ENTRY_HPP
+#define NLSR_CERT_STORE_ENTRY_HPP
+
+#include <iostream>
+#include <ndn-cpp-dev/face.hpp>
+#include <ndn-cpp-dev/security/identity-certificate.hpp>
+
+namespace nlsr
+{
+ class NlsrCertificateStoreEntry
+ {
+ public:
+ NlsrCertificateStoreEntry()
+ : cert(ndn::make_shared<ndn::IdentityCertificate>())
+ , certSeqNum(0)
+ , isSignerVerified(false)
+ {}
+
+ NlsrCertificateStoreEntry(ndn::shared_ptr<ndn::IdentityCertificate> pcert
+ , uint32_t csn, bool isv)
+ : cert(pcert)
+ , certSeqNum(csn)
+ , isSignerVerified(isv)
+ {}
+
+ ndn::shared_ptr<ndn::IdentityCertificate> getCert() const
+ {
+ return cert;
+ }
+
+ void setCert(ndn::shared_ptr<ndn::IdentityCertificate> pcert)
+ {
+ cert=pcert;
+ }
+
+ uint32_t getCertSeqNum() const
+ {
+ return certSeqNum;
+ }
+
+ void setCertSeqNum(uint32_t csn)
+ {
+ certSeqNum=csn;
+ }
+
+ bool getIsSignerVerified() const
+ {
+ return isSignerVerified;
+ }
+
+ void setIsSignerVerified(bool isv)
+ {
+ isSignerVerified=isv;
+ }
+
+ private:
+ ndn::shared_ptr<ndn::IdentityCertificate> cert;
+ uint32_t certSeqNum;
+ bool isSignerVerified;
+ };
+ /* Debugging Purpose */
+ std::ostream&
+ operator <<(std::ostream& os, const NlsrCertificateStoreEntry& ncse);
+}
+
+#endif