security: Enforce sig-type check in ValidatorConfig Change-Id: Ia58e19bbe7453095cb83b3b05dee29ae58d64522 Refs: #4524

commit: 17d4b93f0499ceb8e27fc77bbb3c27a13fa91a27 [log] [tgz]
author: Alexander Afanasyev <aa@cs.fiu.edu> Wed Mar 17 17:58:40 2021 -0400
committer: Alexander Afanasyev <aa@cs.fiu.edu> Thu Mar 18 19:31:23 2021 -0400
tree: 3280b1ee8d30686af83b175e5cf32929e25155f4
parent: aef53b6c269e10f38b789b2888d69bf424da8160 [diff] [blame]
diff --git a/tests/unit/security/validation-policy-config.t.cpp b/tests/unit/security/validation-policy-config.t.cpp
index 3c67315..7b5fc56 100644
--- a/tests/unit/security/validation-policy-config.t.cpp
+++ b/tests/unit/security/validation-policy-config.t.cpp

@@ -108,7 +108,7 @@
           checker
           {
             type hierarchical
-            sig-type rsa-sha256
+            sig-type ecdsa-sha256
           }
         }
       )CONF";
@@ -455,6 +455,55 @@
         filter
         {
           type name
+          name /Security/ValidatorFixture
+          relation is-prefix-of
+        }
+        checker
+        {
+          type customized
+          sig-type sha256
+        }
+      }
+      rule
+      {
+        id test-rule-interest-id
+        for interest
+        filter
+        {
+          type name
+          name /Security/ValidatorFixture
+          relation is-prefix-of
+        }
+        checker
+        {
+          type customized
+          sig-type sha256
+        }
+      }
+    )CONF", "test-config");
+
+
+  Interest interest("/Security/ValidatorFixture/Sub1/Sub2/Packet");
+  interest.setCanBePrefix(false);
+  this->m_keyChain.sign(interest, signingWithSha256());
+  VALIDATE_SUCCESS(interest, "Should be accepted");
+
+  Data data("/Security/ValidatorFixture/Sub1/Sub2/Packet");
+  this->m_keyChain.sign(data, signingWithSha256());
+  VALIDATE_SUCCESS(data, "Should be accepted");
+}
+
+BOOST_FIXTURE_TEST_CASE(DigestSha256WithKeyLocator, HierarchicalValidatorFixture<ValidationPolicyConfig>)
+{
+  BOOST_CHECK_EQUAL(this->policy.m_isConfigured, false);
+  this->policy.load(R"CONF(
+      rule
+      {
+        id test-rule-data-id
+        for data
+        filter
+        {
+          type name
           name /localhost/identity/digest-sha256
           relation is-prefix-of
         }
@@ -517,6 +566,79 @@
   VALIDATE_SUCCESS(data, "Should be accepted");
 }
 
+BOOST_FIXTURE_TEST_CASE(SigTypeCheck, HierarchicalValidatorFixture<ValidationPolicyConfig>)
+{
+  BOOST_CHECK_EQUAL(this->policy.m_isConfigured, false);
+  this->policy.load(R"CONF(
+      rule
+      {
+        id test-rule-data-id
+        for data
+        filter
+        {
+          type name
+          name /localhost/identity/digest-sha256
+          relation is-prefix-of
+        }
+        checker
+        {
+          type customized
+          sig-type ecdsa-sha256
+          key-locator
+          {
+            type name
+            hyper-relation
+            {
+              k-regex ^(<>*)$
+              k-expand \\1
+              h-relation is-prefix-of
+              p-regex ^(<>*)$
+              p-expand \\1
+            }
+          }
+        }
+      }
+      rule
+      {
+        id test-rule-interest-id
+        for interest
+        filter
+        {
+          type name
+          name /localhost/identity/digest-sha256
+          relation is-prefix-of
+        }
+        checker
+        {
+          type customized
+          sig-type ecdsa-sha256
+          key-locator
+          {
+            type name
+            hyper-relation
+            {
+              k-regex ^(<>*)$
+              k-expand \\1
+              h-relation is-prefix-of
+              p-regex ^(<>*)$
+              p-expand \\1
+            }
+          }
+        }
+      }
+    )CONF", "test-config");
+
+
+  Interest interest("/localhost/identity/digest-sha256/foobar");
+  interest.setCanBePrefix(false);
+  this->m_keyChain.sign(interest, signingWithSha256());
+  VALIDATE_FAILURE(interest, "Signature type check should fail");
+
+  Data data("/localhost/identity/digest-sha256/foobar");
+  this->m_keyChain.sign(data, signingWithSha256());
+  VALIDATE_FAILURE(data, "Signature type check should fail");
+}
+
 BOOST_FIXTURE_TEST_CASE(Reload, HierarchicalValidatorFixture<ValidationPolicyConfig>)
 {
   BOOST_CHECK_EQUAL(this->policy.m_isConfigured, false);
@@ -534,7 +656,7 @@
         checker
         {
           type hierarchical
-          sig-type rsa-sha256
+          sig-type ecdsa-sha256
         }
       }
       rule
@@ -550,7 +672,7 @@
         checker
         {
           type hierarchical
-          sig-type rsa-sha256
+          sig-type ecdsa-sha256
         }
       }
       trust-anchor
commit	17d4b93f0499ceb8e27fc77bbb3c27a13fa91a27	[log] [tgz]
author	Alexander Afanasyev <aa@cs.fiu.edu>	Wed Mar 17 17:58:40 2021 -0400
committer	Alexander Afanasyev <aa@cs.fiu.edu>	Thu Mar 18 19:31:23 2021 -0400
tree	3280b1ee8d30686af83b175e5cf32929e25155f4
parent	aef53b6c269e10f38b789b2888d69bf424da8160 [diff] [blame]