Gitiles
Code Review Sign In
gerrit.named-data.net / name-based-access-control / 714dba07e179cb60fb8dc66fb3b01430bea84703 / . / tests / unit / encryptor.t.cpp
blob: d9bafba3b936733b529b5ec31661dcaa00c03293 [file] [log] [blame]
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Davide Pesavento9062a502020-01-04 17:14:04 -0500[diff] [blame]2/*
Davide Pesavento714dba02022-03-17 20:46:28 -0400[diff] [blame^]3 * Copyright (c) 2014-2022, Regents of the University of California
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400[diff] [blame]4 *
5 * NAC library is free software: you can redistribute it and/or modify it under the
6 * terms of the GNU Lesser General Public License as published by the Free Software
7 * Foundation, either version 3 of the License, or (at your option) any later version.
8 *
9 * NAC library is distributed in the hope that it will be useful, but WITHOUT ANY
10 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
11 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
12 *
13 * You should have received copies of the GNU General Public License and GNU Lesser
14 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
15 * <http://www.gnu.org/licenses/>.
16 *
17 * See AUTHORS.md for complete list of NAC library authors and contributors.
18 */
19
20#include "encryptor.hpp"
21
Davide Pesaventoba3f6892020-12-08 22:18:35 -0500[diff] [blame]22#include "tests/boost-test.hpp"
Davide Pesaventoba3f6892020-12-08 22:18:35 -0500[diff] [blame]23#include "tests/io-key-chain-fixture.hpp"
24#include "tests/unit/static-data.hpp"
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400[diff] [blame]25
26#include <iostream>
Davide Pesaventocab86032020-12-10 20:30:12 -0500[diff] [blame]27#include <ndn-cxx/util/dummy-client-face.hpp>
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400[diff] [blame]28#include <ndn-cxx/util/string-helper.hpp>
29
30namespace ndn {
31namespace nac {
32namespace tests {
33
Davide Pesaventoba3f6892020-12-08 22:18:35 -0500[diff] [blame]34class EncryptorStaticDataEnvironment : public IoKeyChainFixture
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400[diff] [blame]35{
36public:
Alexander Afanasyevda366d82018-06-29 18:18:02 -0400[diff] [blame]37 EncryptorStaticDataEnvironment(bool shouldPublishData)
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400[diff] [blame]38 {
Alexander Afanasyevda366d82018-06-29 18:18:02 -0400[diff] [blame]39 if (shouldPublishData) {
40 publishData();
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400[diff] [blame]41 }
42
Davide Pesaventoba3f6892020-12-08 22:18:35 -0500[diff] [blame]43 auto serveFromIms = [this] (const Name&, const Interest& interest) {
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400[diff] [blame]44 auto data = m_ims.find(interest);
45 if (data != nullptr) {
Davide Pesaventocab86032020-12-10 20:30:12 -0500[diff] [blame]46 m_imsFace.put(*data);
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400[diff] [blame]47 }
48 };
Davide Pesaventocab86032020-12-10 20:30:12 -0500[diff] [blame]49 m_imsFace.setInterestFilter("/", serveFromIms, [] (auto...) {});
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400[diff] [blame]50 advanceClocks(1_ms, 10);
Alexander Afanasyevda366d82018-06-29 18:18:02 -0400[diff] [blame]51
Davide Pesaventocab86032020-12-10 20:30:12 -0500[diff] [blame]52 m_imsFace.sentData.clear();
53 m_imsFace.sentInterests.clear();
Alexander Afanasyevda366d82018-06-29 18:18:02 -0400[diff] [blame]54 }
55
56 void
57 publishData()
58 {
59 StaticData data;
60 for (const auto& block : data.managerPackets) {
Davide Pesaventoba3f6892020-12-08 22:18:35 -0500[diff] [blame]61 m_ims.insert(*make_shared<Data>(block));
Alexander Afanasyevda366d82018-06-29 18:18:02 -0400[diff] [blame]62 }
63 advanceClocks(1_ms, 10);
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400[diff] [blame]64 }
65
Davide Pesaventocab86032020-12-10 20:30:12 -0500[diff] [blame]66protected:
67 util::DummyClientFace m_imsFace{m_io, m_keyChain, {true, true}};
68
69private:
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400[diff] [blame]70 InMemoryStoragePersistent m_ims;
71};
72
Alexander Afanasyevda366d82018-06-29 18:18:02 -0400[diff] [blame]73template<bool shouldPublishData = true>
74class EncryptorFixture : public EncryptorStaticDataEnvironment
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400[diff] [blame]75{
76public:
77 EncryptorFixture()
Alexander Afanasyevda366d82018-06-29 18:18:02 -0400[diff] [blame]78 : EncryptorStaticDataEnvironment(shouldPublishData)
Davide Pesaventocab86032020-12-10 20:30:12 -0500[diff] [blame]79 , face(m_io, m_keyChain, {true, true})
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400[diff] [blame]80 , encryptor("/access/policy/identity/NAC/dataset", "/some/ck/prefix", signingWithSha256(),
Alexander Afanasyevda366d82018-06-29 18:18:02 -0400[diff] [blame]81 [=] (const ErrorCode& code, const std::string& error) {
82 onFailure(code, error);
83 },
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400[diff] [blame]84 validator, m_keyChain, face)
85 {
Davide Pesaventocab86032020-12-10 20:30:12 -0500[diff] [blame]86 face.linkTo(m_imsFace);
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400[diff] [blame]87 advanceClocks(1_ms, 10);
88 }
89
90public:
Davide Pesaventocab86032020-12-10 20:30:12 -0500[diff] [blame]91 util::DummyClientFace face;
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400[diff] [blame]92 ValidatorNull validator;
93 Encryptor encryptor;
Alexander Afanasyevda366d82018-06-29 18:18:02 -0400[diff] [blame]94 util::Signal<EncryptorFixture, ErrorCode, std::string> onFailure;
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400[diff] [blame]95};
96
Alexander Afanasyevda366d82018-06-29 18:18:02 -0400[diff] [blame]97BOOST_FIXTURE_TEST_SUITE(TestEncryptor, EncryptorFixture<>)
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400[diff] [blame]98
99BOOST_AUTO_TEST_CASE(EncryptAndPublishedCk)
100{
Alexander Afanasyevc9934282018-07-17 18:41:36 -0400[diff] [blame]101 encryptor.m_kek.reset();
102 BOOST_CHECK_EQUAL(encryptor.m_isKekRetrievalInProgress, false);
103 encryptor.regenerateCk();
104 BOOST_CHECK_EQUAL(encryptor.m_isKekRetrievalInProgress, true);
105
Davide Pesavento714dba02022-03-17 20:46:28 -0400[diff] [blame^]106 const std::string plaintext = "Data to encrypt";
107 auto block = encryptor.encrypt({reinterpret_cast<const uint8_t*>(plaintext.data()), plaintext.size()});
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400[diff] [blame]108
109 EncryptedContent content(block);
110 auto ckPrefix = content.getKeyLocator();
111 BOOST_CHECK_EQUAL(ckPrefix.getPrefix(-1), "/some/ck/prefix/CK");
112
113 BOOST_CHECK(content.hasIv());
114 BOOST_CHECK_NE(std::string(reinterpret_cast<const char*>(content.getPayload().value()),
115 content.getPayload().value_size()),
116 plaintext);
117
118 advanceClocks(1_ms, 10);
119
120 // check that KEK interests has been sent
121 BOOST_CHECK_EQUAL(face.sentInterests.at(0).getName().getPrefix(6),
122 Name("/access/policy/identity/NAC/dataset/KEK"));
123
Davide Pesaventocab86032020-12-10 20:30:12 -0500[diff] [blame]124 auto kek = m_imsFace.sentData.at(0);
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400[diff] [blame]125 BOOST_CHECK_EQUAL(kek.getName().getPrefix(6), Name("/access/policy/identity/NAC/dataset/KEK"));
126 BOOST_CHECK_EQUAL(kek.getName().size(), 7);
127
128 face.sentData.clear();
129 face.sentInterests.clear();
130
131 face.receive(Interest(ckPrefix)
132 .setCanBePrefix(true).setMustBeFresh(true));
133 advanceClocks(1_ms, 10);
134
135 auto ckName = face.sentData.at(0).getName();
136 BOOST_CHECK_EQUAL(ckName.getPrefix(4), "/some/ck/prefix/CK");
137 BOOST_CHECK_EQUAL(ckName.get(5), name::Component("ENCRYPTED-BY"));
138
139 auto extractedKek = ckName.getSubName(6);
140 BOOST_CHECK_EQUAL(extractedKek, kek.getName());
Alexander Afanasyevc9934282018-07-17 18:41:36 -0400[diff] [blame]141
142 BOOST_CHECK_EQUAL(encryptor.m_isKekRetrievalInProgress, false);
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400[diff] [blame]143}
144
Alexander Afanasyevda366d82018-06-29 18:18:02 -0400[diff] [blame]145BOOST_FIXTURE_TEST_CASE(KekRetrievalFailure, EncryptorFixture<false>)
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400[diff] [blame]146{
Alexander Afanasyevda366d82018-06-29 18:18:02 -0400[diff] [blame]147 size_t nErrors = 0;
Davide Pesaventoba3f6892020-12-08 22:18:35 -0500[diff] [blame]148 onFailure.connect([&] (auto&&...) { ++nErrors; });
Alexander Afanasyevda366d82018-06-29 18:18:02 -0400[diff] [blame]149
Davide Pesavento714dba02022-03-17 20:46:28 -0400[diff] [blame^]150 const std::string plaintext = "Data to encrypt";
151 auto block = encryptor.encrypt({reinterpret_cast<const uint8_t*>(plaintext.data()), plaintext.size()});
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400[diff] [blame]152 advanceClocks(1_ms, 10);
153
Alexander Afanasyevda366d82018-06-29 18:18:02 -0400[diff] [blame]154 // check that KEK interests has been sent
155 BOOST_CHECK_EQUAL(face.sentInterests.at(0).getName().getPrefix(6), Name("/access/policy/identity/NAC/dataset/KEK"));
156
157 // and failed
Davide Pesaventocab86032020-12-10 20:30:12 -0500[diff] [blame]158 BOOST_CHECK_EQUAL(m_imsFace.sentData.size(), 0);
Alexander Afanasyevda366d82018-06-29 18:18:02 -0400[diff] [blame]159
160 advanceClocks(1_s, 13); // 4_s default interest lifetime x 3
161 BOOST_CHECK_EQUAL(nErrors, 1);
Davide Pesaventocab86032020-12-10 20:30:12 -0500[diff] [blame]162 BOOST_CHECK_EQUAL(m_imsFace.sentData.size(), 0);
Alexander Afanasyevda366d82018-06-29 18:18:02 -0400[diff] [blame]163
164 advanceClocks(1_s, 730); // 60 seconds between attempts + ~12 seconds for each attempt
165 BOOST_CHECK_EQUAL(nErrors, 11);
Davide Pesaventocab86032020-12-10 20:30:12 -0500[diff] [blame]166 BOOST_CHECK_EQUAL(m_imsFace.sentData.size(), 0);
Alexander Afanasyevda366d82018-06-29 18:18:02 -0400[diff] [blame]167
168 // check recovery
169
170 publishData();
171
172 advanceClocks(1_s, 73);
173
Davide Pesaventocab86032020-12-10 20:30:12 -0500[diff] [blame]174 auto kek = m_imsFace.sentData.at(0);
Alexander Afanasyevda366d82018-06-29 18:18:02 -0400[diff] [blame]175 BOOST_CHECK_EQUAL(kek.getName().getPrefix(6), Name("/access/policy/identity/NAC/dataset/KEK"));
176 BOOST_CHECK_EQUAL(kek.getName().size(), 7);
177}
178
179BOOST_AUTO_TEST_CASE(EnumerateDataFromIms)
180{
181 encryptor.regenerateCk();
182 advanceClocks(1_ms, 10);
183
184 encryptor.regenerateCk();
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400[diff] [blame]185 advanceClocks(1_ms, 10);
186
187 BOOST_CHECK_EQUAL(encryptor.size(), 3);
188 size_t nCk = 0;
189 for (const auto& data : encryptor) {
190 BOOST_TEST_MESSAGE(data.getName());
191 if (data.getName().getPrefix(4) == Name("/some/ck/prefix/CK")) {
192 ++nCk;
193 }
194 }
195 BOOST_CHECK_EQUAL(nCk, 3);
196}
197
Davide Pesavento32d1dc22020-12-09 18:01:47 -0500[diff] [blame]198BOOST_AUTO_TEST_CASE(GenerateTestData,
199 * ut::description("regenerates the static test data used by other test cases")
200 * ut::disabled())
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400[diff] [blame]201{
Davide Pesaventoba3f6892020-12-08 22:18:35 -0500[diff] [blame]202 const auto plaintext = "Data to encrypt"s;
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400[diff] [blame]203
Davide Pesaventoba3f6892020-12-08 22:18:35 -0500[diff] [blame]204 std::cerr << "const std::vector<Block> encryptedBlobs = {\n";
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400[diff] [blame]205 for (size_t i = 0; i < 3; ++i) {
Davide Pesaventoba3f6892020-12-08 22:18:35 -0500[diff] [blame]206 std::cerr << " \"";
Davide Pesavento714dba02022-03-17 20:46:28 -0400[diff] [blame^]207 auto block = encryptor.encrypt({reinterpret_cast<const uint8_t*>(plaintext.data()), plaintext.size()});
208 printHex(std::cerr, block.wireEncode(), true);
Davide Pesaventoba3f6892020-12-08 22:18:35 -0500[diff] [blame]209 std::cerr << "\"_block,\n";
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400[diff] [blame]210
Alexander Afanasyevda366d82018-06-29 18:18:02 -0400[diff] [blame]211 encryptor.regenerateCk();
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400[diff] [blame]212 advanceClocks(1_ms, 10);
213 }
Davide Pesaventoba3f6892020-12-08 22:18:35 -0500[diff] [blame]214 std::cerr << "};\n\n";
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400[diff] [blame]215
Davide Pesaventoba3f6892020-12-08 22:18:35 -0500[diff] [blame]216 std::cerr << "const std::vector<Block> encryptorPackets = {\n";
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400[diff] [blame]217 for (const auto& data : encryptor) {
Davide Pesaventoba3f6892020-12-08 22:18:35 -0500[diff] [blame]218 std::cerr << " \"";
Davide Pesavento714dba02022-03-17 20:46:28 -0400[diff] [blame^]219 printHex(std::cerr, data.wireEncode(), true);
Davide Pesaventoba3f6892020-12-08 22:18:35 -0500[diff] [blame]220 std::cerr << "\"_block,\n";
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400[diff] [blame]221 }
Davide Pesaventoba3f6892020-12-08 22:18:35 -0500[diff] [blame]222 std::cerr << "};\n\n";
Alexander Afanasyev1a21e102018-06-13 20:33:21 -0400[diff] [blame]223}
224
225BOOST_AUTO_TEST_SUITE_END()
226
227} // namespace tests
228} // namespace nac
229} // namespace ndn