security: tolerate invalid or unsupported public keys in PIB
Change-Id: I3c1dd9d3fe81d0895e2d1706f0b29a8e61940beb
diff --git a/ndn-cxx/security/pib/impl/key-impl.cpp b/ndn-cxx/security/pib/impl/key-impl.cpp
index 48d589f..70b0036 100644
--- a/ndn-cxx/security/pib/impl/key-impl.cpp
+++ b/ndn-cxx/security/pib/impl/key-impl.cpp
@@ -44,11 +44,11 @@
transform::PublicKey publicKey;
try {
publicKey.loadPkcs8(m_key);
+ m_keyType = publicKey.getKeyType();
}
- catch (const transform::PublicKey::Error&) {
- NDN_THROW_NESTED(std::invalid_argument("Invalid key bits"));
+ catch (const std::runtime_error& e) {
+ NDN_LOG_WARN("Invalid or unsupported key " << m_keyName << " (" << e.what() << ")");
}
- m_keyType = publicKey.getKeyType();
}
void
diff --git a/ndn-cxx/security/pib/impl/key-impl.hpp b/ndn-cxx/security/pib/impl/key-impl.hpp
index aed4932..172d103 100644
--- a/ndn-cxx/security/pib/impl/key-impl.hpp
+++ b/ndn-cxx/security/pib/impl/key-impl.hpp
@@ -126,7 +126,7 @@
const Name m_identity;
const Name m_keyName;
const Buffer m_key;
- KeyType m_keyType;
+ KeyType m_keyType = KeyType::NONE;
const shared_ptr<PibImpl> m_pib;
diff --git a/tests/unit/security/key-chain.t.cpp b/tests/unit/security/key-chain.t.cpp
index b7aef11..b3ea456 100644
--- a/tests/unit/security/key-chain.t.cpp
+++ b/tests/unit/security/key-chain.t.cpp
@@ -590,15 +590,14 @@
}
void
- checkKeyLocatorName(const Certificate& cert, optional<Name> klName = nullopt) const
+ checkKeyLocatorName(const Certificate& cert, const optional<Name>& klName = nullopt) const
{
auto kl = cert.getKeyLocator();
if (!kl.has_value()) {
BOOST_ERROR("KeyLocator is missing");
return;
}
- BOOST_CHECK_EQUAL(kl->getName(),
- klName.value_or(signerKey.getDefaultCertificate().getName()));
+ BOOST_CHECK_EQUAL(kl->getName(), klName.value_or(signerKey.getDefaultCertificate().getName()));
}
void
@@ -705,11 +704,17 @@
BOOST_AUTO_TEST_CASE(ErrContent)
{
Certificate request(requester.getDefaultCertificate());
+
+ // malformed public key
const auto& oldContent = request.getContent();
std::vector<uint8_t> content(oldContent.value_begin(), oldContent.value_end());
content[0] ^= 0x80;
request.setContent(content);
BOOST_CHECK_THROW(signerKeyChain.makeCertificate(request, signerParams), std::invalid_argument);
+
+ // empty content
+ request.setContent(span<uint8_t>{});
+ BOOST_CHECK_THROW(signerKeyChain.makeCertificate(request, signerParams), std::invalid_argument);
}
BOOST_AUTO_TEST_SUITE_END() // MakeCertificate
diff --git a/tests/unit/security/pib/certificate-container.t.cpp b/tests/unit/security/pib/certificate-container.t.cpp
index 0ba9956..55b013e 100644
--- a/tests/unit/security/pib/certificate-container.t.cpp
+++ b/tests/unit/security/pib/certificate-container.t.cpp
@@ -95,6 +95,13 @@
BOOST_CHECK(container2.find(id1Key1Cert1.getName()) == container2.end());
BOOST_CHECK(container2.find(id1Key1Cert2.getName()) != container2.end());
+ // removing the same certificate again is a no-op
+ container2.remove(id1Key1Cert1.getName());
+ BOOST_CHECK_EQUAL(container2.size(), 1);
+ BOOST_CHECK_EQUAL(container2.m_certs.size(), 1);
+ BOOST_CHECK(container2.find(id1Key1Cert1.getName()) == container2.end());
+ BOOST_CHECK(container2.find(id1Key1Cert2.getName()) != container2.end());
+
// remove another certificate
container2.remove(id1Key1Cert2.getName());
BOOST_CHECK_EQUAL(container2.size(), 0);
diff --git a/tests/unit/security/pib/identity-container.t.cpp b/tests/unit/security/pib/identity-container.t.cpp
index 893f912..79daace 100644
--- a/tests/unit/security/pib/identity-container.t.cpp
+++ b/tests/unit/security/pib/identity-container.t.cpp
@@ -97,6 +97,13 @@
BOOST_CHECK(container2.find(id1) == container2.end());
BOOST_CHECK(container2.find(id2) != container2.end());
+ // removing the same identity again is a no-op
+ container2.remove(id1);
+ BOOST_CHECK_EQUAL(container2.size(), 1);
+ BOOST_CHECK_EQUAL(container2.m_identities.size(), 1);
+ BOOST_CHECK(container2.find(id1) == container2.end());
+ BOOST_CHECK(container2.find(id2) != container2.end());
+
// remove another identity
container2.remove(id2);
BOOST_CHECK_EQUAL(container2.size(), 0);
diff --git a/tests/unit/security/pib/identity.t.cpp b/tests/unit/security/pib/identity.t.cpp
index 5a1816e..be2d03b 100644
--- a/tests/unit/security/pib/identity.t.cpp
+++ b/tests/unit/security/pib/identity.t.cpp
@@ -39,14 +39,17 @@
Identity id;
BOOST_TEST(!id);
BOOST_TEST(id == Identity());
+ BOOST_CHECK_THROW(id.getName(), std::domain_error);
auto impl = std::make_shared<detail::IdentityImpl>(id1, makePibWithIdentity(id1));
id = Identity(impl);
BOOST_TEST(id);
BOOST_TEST(id != Identity());
+ BOOST_TEST(id.getName() == id1);
impl.reset();
BOOST_TEST(!id);
+ BOOST_CHECK_THROW(id.getName(), std::domain_error);
}
// pib::Identity is a wrapper of pib::detail::IdentityImpl. Since the functionality
diff --git a/tests/unit/security/pib/impl/identity-impl.t.cpp b/tests/unit/security/pib/impl/identity-impl.t.cpp
index b7701aa..3f38e0e 100644
--- a/tests/unit/security/pib/impl/identity-impl.t.cpp
+++ b/tests/unit/security/pib/impl/identity-impl.t.cpp
@@ -46,7 +46,7 @@
BOOST_AUTO_TEST_CASE(Properties)
{
- BOOST_CHECK_EQUAL(identity1.getName(), id1);
+ BOOST_TEST(identity1.getName() == id1);
}
BOOST_AUTO_TEST_CASE(KeyOperations)
@@ -128,7 +128,6 @@
BOOST_AUTO_TEST_CASE(Errors)
{
- identity1.addKey(id1Key1, id1Key1Name);
BOOST_CHECK_THROW(identity1.addKey(id2Key1, id2Key1Name), std::invalid_argument);
BOOST_CHECK_THROW(identity1.removeKey(id2Key1Name), std::invalid_argument);
BOOST_CHECK_THROW(identity1.getKey(id2Key1Name), std::invalid_argument);
diff --git a/tests/unit/security/pib/impl/key-impl.t.cpp b/tests/unit/security/pib/impl/key-impl.t.cpp
index 2f883a5..4cb960a 100644
--- a/tests/unit/security/pib/impl/key-impl.t.cpp
+++ b/tests/unit/security/pib/impl/key-impl.t.cpp
@@ -47,9 +47,9 @@
BOOST_AUTO_TEST_CASE(Properties)
{
- BOOST_CHECK_EQUAL(key11.getIdentity(), id1);
- BOOST_CHECK_EQUAL(key11.getName(), id1Key1Name);
- BOOST_CHECK_EQUAL(key11.getKeyType(), KeyType::EC);
+ BOOST_TEST(key11.getIdentity() == id1);
+ BOOST_TEST(key11.getName() == id1Key1Name);
+ BOOST_TEST(key11.getKeyType() == KeyType::EC);
BOOST_TEST(key11.getPublicKey() == id1Key1, boost::test_tools::per_element());
}
@@ -138,11 +138,9 @@
BOOST_AUTO_TEST_CASE(Errors)
{
+ // illegal key name
BOOST_CHECK_THROW(KeyImpl(Name("/wrong"), id1Key1, pibImpl), std::invalid_argument);
- Buffer invalidKey;
- BOOST_CHECK_THROW(KeyImpl(id1Key1Name, invalidKey, pibImpl), std::invalid_argument);
-
BOOST_CHECK_THROW(key11.addCertificate(id1Key2Cert1), std::invalid_argument);
BOOST_CHECK_THROW(key11.removeCertificate(id1Key2Cert1.getName()), std::invalid_argument);
BOOST_CHECK_THROW(key11.getCertificate(id1Key2Cert1.getName()), std::invalid_argument);
@@ -150,6 +148,19 @@
BOOST_CHECK_THROW(key11.setDefaultCertificate(id1Key2Cert1.getName()), std::invalid_argument);
}
+BOOST_AUTO_TEST_CASE(UnknownKeyType)
+{
+ Name keyName = security::constructKeyName(id1, name::Component::fromEscapedString("foo"));
+ Buffer invalidKey{0x01, 0x02, 0x03, 0x04};
+ pibImpl->addKey(id1, keyName, invalidKey);
+
+ KeyImpl unknown(keyName, invalidKey, pibImpl);
+ BOOST_TEST(unknown.getIdentity() == id1);
+ BOOST_TEST(unknown.getName() == keyName);
+ BOOST_TEST(unknown.getKeyType() == KeyType::NONE);
+ BOOST_TEST(unknown.getPublicKey() == invalidKey, boost::test_tools::per_element());
+}
+
BOOST_AUTO_TEST_SUITE_END() // TestKeyImpl
BOOST_AUTO_TEST_SUITE_END() // Pib
BOOST_AUTO_TEST_SUITE_END() // Security
diff --git a/tests/unit/security/pib/key-container.t.cpp b/tests/unit/security/pib/key-container.t.cpp
index fac7739..a7d29ef 100644
--- a/tests/unit/security/pib/key-container.t.cpp
+++ b/tests/unit/security/pib/key-container.t.cpp
@@ -103,6 +103,13 @@
BOOST_CHECK(container2.find(id1Key1Name) == container2.end());
BOOST_CHECK(container2.find(id1Key2Name) != container2.end());
+ // removing the same key again is a no-op
+ container2.remove(id1Key1Name);
+ BOOST_CHECK_EQUAL(container2.size(), 1);
+ BOOST_CHECK_EQUAL(container2.m_keys.size(), 1);
+ BOOST_CHECK(container2.find(id1Key1Name) == container2.end());
+ BOOST_CHECK(container2.find(id1Key2Name) != container2.end());
+
// remove another key
container2.remove(id1Key2Name);
BOOST_CHECK_EQUAL(container2.size(), 0);
diff --git a/tests/unit/security/pib/key.t.cpp b/tests/unit/security/pib/key.t.cpp
index 8265f01..4d1da0c 100644
--- a/tests/unit/security/pib/key.t.cpp
+++ b/tests/unit/security/pib/key.t.cpp
@@ -39,15 +39,18 @@
Key key;
BOOST_TEST(!key);
BOOST_TEST(key == Key());
+ BOOST_CHECK_THROW(key.getName(), std::domain_error);
auto impl = std::make_shared<detail::KeyImpl>(id1Key1Name, id1Key1,
makePibWithKey(id1Key1Name, id1Key1));
key = Key(impl);
BOOST_TEST(key);
BOOST_TEST(key != Key());
+ BOOST_TEST(key.getName() == id1Key1Name);
impl.reset();
BOOST_TEST(!key);
+ BOOST_CHECK_THROW(key.getName(), std::domain_error);
}
// pib::Key is a wrapper of pib::detail::KeyImpl. Since the functionality of KeyImpl is
diff --git a/tests/unit/security/transform/public-key.t.cpp b/tests/unit/security/transform/public-key.t.cpp
index e844293..e37cda5 100644
--- a/tests/unit/security/transform/public-key.t.cpp
+++ b/tests/unit/security/transform/public-key.t.cpp
@@ -113,23 +113,42 @@
BOOST_TEST(*os6.buf() == *pKeyPkcs8, boost::test_tools::per_element());
}
+BOOST_AUTO_TEST_CASE(LoadError)
+{
+ EcKeyTestData dataSet;
+ auto pkcs8Base64 = make_span(reinterpret_cast<const uint8_t*>(dataSet.pkcs8Base64.data()),
+ dataSet.pkcs8Base64.size());
+ OBufferStream os;
+ bufferSource(pkcs8Base64) >> base64Decode() >> streamSink(os);
+ auto pkcs8 = os.buf();
+
+ PublicKey pKey;
+ // empty
+ BOOST_CHECK_THROW(pKey.loadPkcs8(span<uint8_t>{}), PublicKey::Error);
+ BOOST_CHECK_THROW(pKey.loadPkcs8Base64(span<uint8_t>{}), PublicKey::Error);
+ // truncated
+ BOOST_CHECK_THROW(pKey.loadPkcs8(make_span(*pkcs8).first(10)), PublicKey::Error);
+ BOOST_CHECK_THROW(pKey.loadPkcs8Base64(pkcs8Base64.first(10)), PublicKey::Error);
+}
+
// NOTE: We cannot test RSA encryption by comparing the computed ciphertext to
// a known-good one, because OAEP padding is randomized and would produce
// different results every time. An encrypt/decrypt round-trip test is
// performed in private-key.t.cpp
-BOOST_AUTO_TEST_CASE(UnsupportedEcEncryption)
+BOOST_AUTO_TEST_CASE(UnsupportedEncryption)
{
- EcKeyTestData dataSet;
-
- PublicKey pKey;
- pKey.loadPkcs8Base64({reinterpret_cast<const uint8_t*>(dataSet.pkcs8Base64.data()),
- dataSet.pkcs8Base64.size()});
-
OBufferStream os;
bufferSource("Y2lhbyFob2xhIWhlbGxvIQ==") >> base64Decode() >> streamSink(os);
+ auto plain = os.buf();
- BOOST_CHECK_THROW(pKey.encrypt(*os.buf()), PublicKey::Error);
+ PublicKey pKey;
+ BOOST_CHECK_THROW(pKey.encrypt(*plain), PublicKey::Error);
+
+ EcKeyTestData dataSet;
+ pKey.loadPkcs8Base64({reinterpret_cast<const uint8_t*>(dataSet.pkcs8Base64.data()),
+ dataSet.pkcs8Base64.size()});
+ BOOST_CHECK_THROW(pKey.encrypt(*plain), PublicKey::Error);
}
BOOST_AUTO_TEST_SUITE_END() // TestPublicKey