security: Support ECDSA verification in all related classes.
This commit also addresses some old issues, such as "using namespace std".
Change-Id: I62b8ff97fb2b6f6cfe04b0ad5866bc0797e6e43b
Refs: #1660
diff --git a/src/security/certificate-extension.cpp b/src/security/certificate-extension.cpp
index 8275941..d215662 100644
--- a/src/security/certificate-extension.cpp
+++ b/src/security/certificate-extension.cpp
@@ -27,14 +27,13 @@
#include "certificate-extension.hpp"
#include "cryptopp.hpp"
-using namespace std;
-using namespace CryptoPP;
-
namespace ndn {
void
CertificateExtension::encode(CryptoPP::BufferedTransformation& out) const
{
+ using namespace CryptoPP;
+
// Extension ::= SEQUENCE {
// extnID OBJECT IDENTIFIER,
// critical BOOLEAN DEFAULT FALSE,
@@ -52,6 +51,8 @@
void
CertificateExtension::decode(CryptoPP::BufferedTransformation& in)
{
+ using namespace CryptoPP;
+
// Extension ::= SEQUENCE {
// extnID OBJECT IDENTIFIER,
// critical BOOLEAN DEFAULT FALSE,
diff --git a/src/security/certificate-subject-description.cpp b/src/security/certificate-subject-description.cpp
index 86ab52d..60f7dbb 100644
--- a/src/security/certificate-subject-description.cpp
+++ b/src/security/certificate-subject-description.cpp
@@ -29,14 +29,12 @@
#include "cryptopp.hpp"
-using namespace std;
-using namespace CryptoPP;
-
namespace ndn {
void
CertificateSubjectDescription::encode(CryptoPP::BufferedTransformation& out) const
{
+ using namespace CryptoPP;
// RelativeDistinguishedName ::=
// SET OF AttributeTypeAndValue
//
@@ -58,6 +56,7 @@
void
CertificateSubjectDescription::decode(CryptoPP::BufferedTransformation& in)
{
+ using namespace CryptoPP;
// RelativeDistinguishedName ::=
// SET OF AttributeTypeAndValue
//
diff --git a/src/security/certificate.cpp b/src/security/certificate.cpp
index 167992b..7173d52 100644
--- a/src/security/certificate.cpp
+++ b/src/security/certificate.cpp
@@ -31,8 +31,6 @@
#include "../encoding/cryptopp/asn_ext.hpp"
#include "../encoding/buffer-stream.hpp"
-using namespace std;
-
namespace ndn {
Certificate::Certificate()
@@ -79,13 +77,13 @@
// Content
// DER encoded idCert:
//
- // idCert ::= SEQUENCE {
+ // idCert ::= SEQUENCE {
// validity Validity,
- // subject Name,
- // subjectPubKeyInfo SubjectPublicKeyInfo,
- // extension Extensions OPTIONAL }
+ // subject Name,
+ // subjectPubKeyInfo SubjectPublicKeyInfo,
+ // extension Extensions OPTIONAL }
//
- // Validity ::= SEQUENCE {
+ // Validity ::= SEQUENCE {
// notBefore Time,
// notAfter Time }
//
@@ -97,7 +95,7 @@
// RelativeDistinguishedName ::=
// SET OF AttributeTypeAndValue
//
- // SubjectPublicKeyInfo ::= SEQUENCE {
+ // SubjectPublicKeyInfo ::= SEQUENCE {
// algorithm AlgorithmIdentifier
// keybits BIT STRING }
//
@@ -244,22 +242,22 @@
void
Certificate::printCertificate(std::ostream& os) const
{
- os << "Certificate name:" << endl;
- os << " " << getName() << endl;
- os << "Validity:" << endl;
+ os << "Certificate name:" << std::endl;
+ os << " " << getName() << std::endl;
+ os << "Validity:" << std::endl;
{
- os << " NotBefore: " << time::toIsoString(m_notBefore) << endl;
- os << " NotAfter: " << time::toIsoString(m_notAfter) << endl;
+ os << " NotBefore: " << time::toIsoString(m_notBefore) << std::endl;
+ os << " NotAfter: " << time::toIsoString(m_notAfter) << std::endl;
}
- os << "Subject Description:" << endl;
+ os << "Subject Description:" << std::endl;
for (SubjectDescriptionList::const_iterator it = m_subjectDescriptionList.begin();
it != m_subjectDescriptionList.end(); ++it)
{
- os << " " << it->getOidString() << ": " << it->getValue() << endl;
+ os << " " << it->getOidString() << ": " << it->getValue() << std::endl;
}
- os << "Public key bits:" << endl;
+ os << "Public key bits:" << std::endl;
CryptoPP::Base64Encoder encoder(new CryptoPP::FileSink(os), true, 64);
m_key.encode(encoder);
}
diff --git a/src/security/conf/checker.hpp b/src/security/conf/checker.hpp
index a9ab2a9..11f4da1 100644
--- a/src/security/conf/checker.hpp
+++ b/src/security/conf/checker.hpp
@@ -28,6 +28,7 @@
#include "key-locator-checker.hpp"
#include "../../util/io.hpp"
+#include "../validator.hpp"
#include <boost/algorithm/string.hpp>
#include <boost/filesystem.hpp>
@@ -41,10 +42,16 @@
{
public:
typedef function<void(const shared_ptr<const Interest>&)> OnInterestChecked;
- typedef function<void(const shared_ptr<const Interest>&, const std::string&)> OnInterestCheckFailed;
+ typedef function<void(const shared_ptr<const Interest>&,
+ const std::string&)> OnInterestCheckFailed;
typedef function<void(const shared_ptr<const Data>&)> OnDataChecked;
typedef function<void(const shared_ptr<const Data>&, const std::string&)> OnDataCheckFailed;
+ enum {
+ INTEREST_SIG_VALUE = -1,
+ INTEREST_SIG_INFO = -2
+ };
+
virtual
~Checker()
@@ -84,20 +91,27 @@
class CustomizedChecker : public Checker
{
- enum
- {
- INTEREST_SIG_VALUE = -1,
- INTEREST_SIG_INFO = -2
- };
-
public:
CustomizedChecker(uint32_t sigType,
shared_ptr<KeyLocatorChecker> keyLocatorChecker)
: m_sigType(sigType)
, m_keyLocatorChecker(keyLocatorChecker)
{
- if (m_sigType == Signature::Sha256WithRsa && !static_cast<bool>(m_keyLocatorChecker))
- throw Error("Strong signature requires KeyLocatorChecker");
+ switch (sigType)
+ {
+ case Tlv::SignatureSha256WithRsa:
+ case Tlv::SignatureSha256WithEcdsa:
+ {
+ if (!static_cast<bool>(m_keyLocatorChecker))
+ throw Error("Strong signature requires KeyLocatorChecker");
+
+ return;
+ }
+ case Tlv::DigestSha256:
+ return;
+ default:
+ throw Error("Unsupported signature type");
+ }
}
virtual int8_t
@@ -116,8 +130,8 @@
try
{
const Name& interestName = interest.getName();
- Signature signature(interestName[INTEREST_SIG_INFO].blockFromValue(),
- interestName[INTEREST_SIG_VALUE].blockFromValue());
+ Signature signature(interestName[Checker::INTEREST_SIG_INFO].blockFromValue(),
+ interestName[Checker::INTEREST_SIG_VALUE].blockFromValue());
return check(interest, signature, onValidated, onValidationFailed);
}
catch (Signature::Error& e)
@@ -149,39 +163,54 @@
return -1;
}
- switch (signature.getType())
- {
- case Signature::Sha256WithRsa:
- {
- try
- {
- SignatureSha256WithRsa sig(signature);
+ if (signature.getType() == Tlv::DigestSha256)
+ return 0;
- std::string failInfo;
- if (m_keyLocatorChecker->check(packet, sig.getKeyLocator(), failInfo))
- return 0;
- else
- {
- onValidationFailed(packet.shared_from_this(), failInfo);
- return -1;
- }
+ shared_ptr<SignatureWithPublicKey> publicKeySig;
+
+ try
+ {
+ switch (signature.getType())
+ {
+ case Tlv::SignatureSha256WithRsa:
+ {
+ publicKeySig = make_shared<SignatureSha256WithRsa>(signature);
+ break;
}
- catch (SignatureSha256WithRsa::Error& e)
+ case Tlv::SignatureSha256WithEcdsa:
+ {
+ publicKeySig = make_shared<SignatureSha256WithEcdsa>(signature);
+ break;
+ }
+ default:
{
onValidationFailed(packet.shared_from_this(),
- "Cannot decode Sha256WithRsa signature!");
+ "Unsupported signature type: " +
+ boost::lexical_cast<std::string>(signature.getType()));
return -1;
}
- }
- case Signature::Sha256:
- return 0;
- default:
- {
- onValidationFailed(packet.shared_from_this(),
- "Unsupported signature type: " +
- boost::lexical_cast<std::string>(signature.getType()));
- return -1;
- }
+ }
+ }
+ catch (Tlv::Error& e)
+ {
+ onValidationFailed(packet.shared_from_this(),
+ "Cannot decode signature");
+ return -1;
+ }
+ catch (KeyLocator::Error& e)
+ {
+ onValidationFailed(packet.shared_from_this(),
+ "Cannot decode KeyLocator");
+ return -1;
+ }
+
+ std::string failInfo;
+ if (m_keyLocatorChecker->check(packet, publicKeySig->getKeyLocator(), failInfo))
+ return 0;
+ else
+ {
+ onValidationFailed(packet.shared_from_this(), failInfo);
+ return -1;
}
}
@@ -206,11 +235,6 @@
class FixedSignerChecker : public Checker
{
- enum
- {
- INTEREST_SIG_VALUE = -1,
- INTEREST_SIG_INFO = -2
- };
public:
FixedSignerChecker(uint32_t sigType,
const std::vector<shared_ptr<IdentityCertificate> >& signers)
@@ -219,6 +243,13 @@
for (std::vector<shared_ptr<IdentityCertificate> >::const_iterator it = signers.begin();
it != signers.end(); it++)
m_signers[(*it)->getName().getPrefix(-1)] = (*it);
+
+ if (sigType != Tlv::SignatureSha256WithRsa &&
+ sigType != Tlv::SignatureSha256WithEcdsa)
+ {
+ throw Error("FixedSigner is only meaningful for strong signature type");
+ }
+
}
virtual int8_t
@@ -237,8 +268,8 @@
try
{
const Name& interestName = interest.getName();
- Signature signature(interestName[INTEREST_SIG_INFO].blockFromValue(),
- interestName[INTEREST_SIG_VALUE].blockFromValue());
+ Signature signature(interestName[Checker::INTEREST_SIG_INFO].blockFromValue(),
+ interestName[Checker::INTEREST_SIG_VALUE].blockFromValue());
return check(interest, signature, onValidated, onValidationFailed);
}
catch (Signature::Error& e)
@@ -263,69 +294,79 @@
if (m_sigType != signature.getType())
{
onValidationFailed(packet.shared_from_this(),
- "Signature type does not match: "
- + boost::lexical_cast<std::string>(m_sigType)
- + "!="
- + boost::lexical_cast<std::string>(signature.getType()));
+ "Signature type does not match: " +
+ boost::lexical_cast<std::string>(m_sigType) +
+ "!=" +
+ boost::lexical_cast<std::string>(signature.getType()));
return -1;
}
- switch (signature.getType())
+ if (signature.getType() == Tlv::DigestSha256)
{
- case Signature::Sha256WithRsa:
- {
- try
+ onValidationFailed(packet.shared_from_this(),
+ "FixedSigner does not allow Sha256 signature type");
+ return -1;
+ }
+
+ shared_ptr<SignatureWithPublicKey> publicKeySig;
+
+ try
+ {
+ switch (signature.getType())
+ {
+ case Tlv::SignatureSha256WithRsa:
{
- SignatureSha256WithRsa sig(signature);
-
- const Name& keyLocatorName = sig.getKeyLocator().getName();
- if (m_signers.find(keyLocatorName) == m_signers.end())
- {
- onValidationFailed(packet.shared_from_this(),
- "Signer is not in the fixed signer list: "
- + keyLocatorName.toUri());
- return -1;
- }
-
- if (Validator::verifySignature(packet, sig,
- m_signers[keyLocatorName]->getPublicKeyInfo()))
- {
- onValidated(packet.shared_from_this());
- return 1;
- }
- else
- {
- onValidationFailed(packet.shared_from_this(),
- "Signature cannot be validated!");
- return -1;
- }
+ publicKeySig = make_shared<SignatureSha256WithRsa>(signature);
+ break;
}
- catch (KeyLocator::Error& e)
+ case Tlv::SignatureSha256WithEcdsa:
+ {
+ publicKeySig = make_shared<SignatureSha256WithEcdsa>(signature);
+ break;
+ }
+ default:
{
onValidationFailed(packet.shared_from_this(),
- "KeyLocator does not have name!");
+ "Unsupported signature type: " +
+ boost::lexical_cast<std::string>(signature.getType()));
return -1;
}
- catch (SignatureSha256WithRsa::Error& e)
- {
- onValidationFailed(packet.shared_from_this(),
- "Cannot decode signature!");
- return -1;
- }
- }
- case Signature::Sha256:
- {
- onValidationFailed(packet.shared_from_this(),
- "FixedSigner does not allow Sha256 signature type!");
- return -1;
- }
- default:
- {
- onValidationFailed(packet.shared_from_this(),
- "Unsupported signature type: "
- + boost::lexical_cast<std::string>(signature.getType()));
- return -1;
- }
+ }
+
+ const Name& keyLocatorName = publicKeySig->getKeyLocator().getName();
+
+ if (m_signers.find(keyLocatorName) == m_signers.end())
+ {
+ onValidationFailed(packet.shared_from_this(),
+ "Signer is not in the fixed signer list: " +
+ keyLocatorName.toUri());
+ return -1;
+ }
+
+ if (Validator::verifySignature(packet, *publicKeySig,
+ m_signers[keyLocatorName]->getPublicKeyInfo()))
+ {
+ onValidated(packet.shared_from_this());
+ return 1;
+ }
+ else
+ {
+ onValidationFailed(packet.shared_from_this(),
+ "Signature cannot be validated");
+ return -1;
+ }
+ }
+ catch (KeyLocator::Error& e)
+ {
+ onValidationFailed(packet.shared_from_this(),
+ "KeyLocator does not have name");
+ return -1;
+ }
+ catch (Tlv::Error& e)
+ {
+ onValidationFailed(packet.shared_from_this(),
+ "Cannot decode signature");
+ return -1;
}
}
@@ -353,7 +394,7 @@
// Get checker.type
if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "type"))
- throw Error("Expect <checker.type>!");
+ throw Error("Expect <checker.type>");
std::string type = propertyIt->second.data();
@@ -377,21 +418,21 @@
// Get checker.sig-type
if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "sig-type"))
- throw Error("Expect <checker.sig-type>!");
+ throw Error("Expect <checker.sig-type>");
std::string sigType = propertyIt->second.data();
propertyIt++;
// Get checker.key-locator
if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "key-locator"))
- throw Error("Expect <checker.key-locator>!");
+ throw Error("Expect <checker.key-locator>");
shared_ptr<KeyLocatorChecker> keyLocatorChecker =
KeyLocatorCheckerFactory::create(propertyIt->second, configFilename);
propertyIt++;
if (propertyIt != configSection.end())
- throw Error("Expect the end of checker!");
+ throw Error("Expect the end of checker");
return make_shared<CustomizedChecker>(getSigType(sigType), keyLocatorChecker);
}
@@ -405,13 +446,13 @@
// Get checker.sig-type
if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "sig-type"))
- throw Error("Expect <checker.sig-type>!");
+ throw Error("Expect <checker.sig-type>");
std::string sigType = propertyIt->second.data();
propertyIt++;
if (propertyIt != configSection.end())
- throw Error("Expect the end of checker!");
+ throw Error("Expect the end of checker");
return make_shared<HierarchicalChecker>(getSigType(sigType));
}
@@ -425,7 +466,7 @@
// Get checker.sig-type
if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "sig-type"))
- throw Error("Expect <checker.sig-type>!");
+ throw Error("Expect <checker.sig-type>");
std::string sigType = propertyIt->second.data();
propertyIt++;
@@ -434,14 +475,14 @@
for (; propertyIt != configSection.end(); propertyIt++)
{
if (!boost::iequals(propertyIt->first, "signer"))
- throw Error("Expect <checker.signer> but get <checker."
- + propertyIt->first + ">");
+ throw Error("Expect <checker.signer> but get <checker." +
+ propertyIt->first + ">");
signers.push_back(getSigner(propertyIt->second, configFilename));
}
if (propertyIt != configSection.end())
- throw Error("Expect the end of checker!");
+ throw Error("Expect the end of checker");
return shared_ptr<FixedSignerChecker>(new FixedSignerChecker(getSigType(sigType),
signers));
@@ -456,7 +497,7 @@
// Get checker.signer.type
if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "type"))
- throw Error("Expect <checker.signer.type>!");
+ throw Error("Expect <checker.signer.type>");
std::string type = propertyIt->second.data();
propertyIt++;
@@ -465,7 +506,7 @@
{
// Get checker.signer.file-name
if (propertyIt == configSection.end() || !boost::iequals(propertyIt->first, "file-name"))
- throw Error("Expect <checker.signer.file-name>!");
+ throw Error("Expect <checker.signer.file-name>");
path certfilePath = absolute(propertyIt->second.data(),
path(configFilename).parent_path());
@@ -480,15 +521,15 @@
if (static_cast<bool>(idCert))
return idCert;
else
- throw Error("Cannot read certificate from file: "
- + certfilePath.native());
+ throw Error("Cannot read certificate from file: " +
+ certfilePath.native());
}
else if (boost::iequals(type, "base64"))
{
// Get checker.signer.base64-string
if (propertyIt == configSection.end() ||
!boost::iequals(propertyIt->first, "base64-string"))
- throw Error("Expect <checker.signer.base64-string>!");
+ throw Error("Expect <checker.signer.base64-string>");
std::stringstream ss(propertyIt->second.data());
propertyIt++;
@@ -507,15 +548,17 @@
throw Error("Unsupported checker.signer type: " + type);
}
- static int32_t
+ static uint32_t
getSigType(const std::string& sigType)
{
if (boost::iequals(sigType, "rsa-sha256"))
- return Signature::Sha256WithRsa;
+ return Tlv::SignatureSha256WithRsa;
+ else if (boost::iequals(sigType, "ecdsa-sha256"))
+ return Tlv::SignatureSha256WithEcdsa;
else if (boost::iequals(sigType, "sha256"))
- return Signature::Sha256;
+ return Tlv::DigestSha256;
else
- return -1;
+ throw Error("Unsupported signature type");
}
};
@@ -523,4 +566,4 @@
} // namespace security
} // namespace ndn
-#endif // NDN_SECURITY_SEC_CONF_RULE_SIGNER_HPP
+#endif // NDN_SECURITY_CONF_CHECKER_HPP
diff --git a/src/security/conf/key-locator-checker.hpp b/src/security/conf/key-locator-checker.hpp
index ff9e5fc..7d5bb9c 100644
--- a/src/security/conf/key-locator-checker.hpp
+++ b/src/security/conf/key-locator-checker.hpp
@@ -27,6 +27,7 @@
#include "../../common.hpp"
#include "../../data.hpp"
#include "../../interest.hpp"
+#include "../../util/regex.hpp"
#include "../security-common.hpp"
#include <boost/algorithm/string.hpp>
@@ -50,12 +51,11 @@
class KeyLocatorChecker
{
public:
- enum Relation
- {
- RELATION_EQUAL,
- RELATION_IS_PREFIX_OF,
- RELATION_IS_STRICT_PREFIX_OF
- };
+ enum Relation {
+ RELATION_EQUAL,
+ RELATION_IS_PREFIX_OF,
+ RELATION_IS_STRICT_PREFIX_OF
+ };
virtual
~KeyLocatorChecker()
@@ -264,8 +264,8 @@
}
catch (Name::Error& e)
{
- throw Error("Invalid checker.key-locator.name: "
- + propertyIt->second.data());
+ throw Error("Invalid checker.key-locator.name: " +
+ propertyIt->second.data());
}
propertyIt++;
@@ -361,8 +361,7 @@
else if (boost::iequals(hRelation, "is-strict-prefix-of"))
relation = KeyLocatorChecker::RELATION_IS_STRICT_PREFIX_OF;
else
- throw Error("Unsupported checker.key-locator.hyper-relation.h-relation: "
- + hRelation);
+ throw Error("Unsupported checker.key-locator.hyper-relation.h-relation: " + hRelation);
try
{
diff --git a/src/security/digest-sha256.hpp b/src/security/digest-sha256.hpp
index 19833e1..6221ee6 100644
--- a/src/security/digest-sha256.hpp
+++ b/src/security/digest-sha256.hpp
@@ -47,7 +47,7 @@
{
m_info = Block(Tlv::SignatureInfo);
- m_type = Signature::Sha256;
+ m_type = Tlv::DigestSha256;
m_info.push_back(nonNegativeIntegerBlock(Tlv::SignatureType, Tlv::DigestSha256));
}
@@ -55,7 +55,7 @@
DigestSha256(const Signature& signature)
: Signature(signature)
{
- if (getType() != Signature::Sha256)
+ if (getType() != Tlv::DigestSha256)
throw Error("Incorrect signature type");
}
};
diff --git a/src/security/identity-certificate.cpp b/src/security/identity-certificate.cpp
index d4b0d38..685fa29 100644
--- a/src/security/identity-certificate.cpp
+++ b/src/security/identity-certificate.cpp
@@ -25,10 +25,10 @@
#include "identity-certificate.hpp"
-using namespace std;
-
namespace ndn {
+using std::string;
+
bool
IdentityCertificate::isCorrectName(const Name& name)
{
diff --git a/src/security/key-chain.cpp b/src/security/key-chain.cpp
index 69d5b48..9c5e000 100644
--- a/src/security/key-chain.cpp
+++ b/src/security/key-chain.cpp
@@ -122,6 +122,15 @@
throw Error("TPM type '" + tpmName + "' is not supported");
}
+KeyChain::~KeyChain()
+{
+ if (m_pib != 0)
+ delete m_pib;
+
+ if (m_tpm != 0)
+ delete m_tpm;
+}
+
Name
KeyChain::createIdentity(const Name& identityName, const KeyParams& params)
{
diff --git a/src/security/key-chain.hpp b/src/security/key-chain.hpp
index b6b9bbf..0a6c65c 100644
--- a/src/security/key-chain.hpp
+++ b/src/security/key-chain.hpp
@@ -75,14 +75,7 @@
const std::string& tpmName);
virtual
- ~KeyChain()
- {
- if (m_pib != 0)
- delete m_pib;
-
- if (m_tpm != 0)
- delete m_tpm;
- }
+ ~KeyChain();
/**
* @brief Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a
@@ -777,35 +770,20 @@
void
KeyChain::sign(T& packet, const IdentityCertificate& certificate)
{
- switch (certificate.getPublicKeyInfo().getKeyType())
- {
- case KEY_TYPE_RSA:
- {
- // For temporary usage, we support SHA256 only, but will support more.
- SignatureSha256WithRsa signature;
- // implicit conversion should take care
- signature.setKeyLocator(certificate.getName().getPrefix(-1));
- signPacketWrapper(packet, signature,
- certificate.getPublicKeyName(),
- DIGEST_ALGORITHM_SHA256);
- return;
- }
- case KEY_TYPE_ECDSA:
- {
- // For temporary usage, we support SHA256 only, but will support more.
- SignatureSha256WithEcdsa signature;
- // implicit conversion should take care
- signature.setKeyLocator(certificate.getName().getPrefix(-1));
+ shared_ptr<SignatureWithPublicKey> signature =
+ determineSignatureWithPublicKey(certificate.getPublicKeyInfo().getKeyType());
- signPacketWrapper(packet, signature,
- certificate.getPublicKeyName(),
- DIGEST_ALGORITHM_SHA256);
- return;
- }
- default:
- throw SecPublicInfo::Error("unknown key type!");
- }
+ if (!static_cast<bool>(signature))
+ throw SecPublicInfo::Error("unknown key type!");
+
+ signature->setKeyLocator(certificate.getName().getPrefix(-1));
+
+ signPacketWrapper(packet, *signature,
+ certificate.getPublicKeyName(),
+ DIGEST_ALGORITHM_SHA256);
+
+ return;
}
}
diff --git a/src/security/public-key.cpp b/src/security/public-key.cpp
index 212bc3a..bed8f81 100644
--- a/src/security/public-key.cpp
+++ b/src/security/public-key.cpp
@@ -27,9 +27,6 @@
#include "../encoding/oid.hpp"
#include "cryptopp.hpp"
-using namespace std;
-using namespace CryptoPP;
-
namespace ndn {
static OID RSA_OID("1.2.840.113549.1.1.1");
@@ -43,7 +40,7 @@
PublicKey::PublicKey(const uint8_t* keyDerBuf, size_t keyDerSize)
: m_type(KEY_TYPE_NULL)
{
- StringSource src(keyDerBuf, keyDerSize, true);
+ CryptoPP::StringSource src(keyDerBuf, keyDerSize, true);
decode(src);
}
@@ -64,6 +61,7 @@
// algorithm AlgorithmIdentifier
// keybits BIT STRING }
+ using namespace CryptoPP;
try
{
std::string out;
diff --git a/src/security/sec-public-info-sqlite3.cpp b/src/security/sec-public-info-sqlite3.cpp
index 7e86773..354c5aa 100644
--- a/src/security/sec-public-info-sqlite3.cpp
+++ b/src/security/sec-public-info-sqlite3.cpp
@@ -37,10 +37,11 @@
#include <fstream>
#include <boost/filesystem.hpp>
-using namespace std;
-
namespace ndn {
+using std::string;
+using std::vector;
+
static const string INIT_ID_TABLE = "\
CREATE TABLE IF NOT EXISTS \n \
Identity( \n \
@@ -104,7 +105,7 @@
SecPublicInfoSqlite3::SecPublicInfoSqlite3()
{
boost::filesystem::path identityDir = boost::filesystem::path(getenv("HOME")) / ".ndn";
- boost::filesystem::create_directories (identityDir);
+ boost::filesystem::create_directories(identityDir);
/// @todo Add define for windows/unix in wscript. The following may completely fail on windows
int res = sqlite3_open_v2((identityDir / "ndnsec-public-info.db").c_str(), &m_database,
@@ -656,8 +657,7 @@
sqlite3_bind_text(statement, 1, identityName.toUri(), SQLITE_TRANSIENT);
while (sqlite3_step(statement) == SQLITE_ROW)
- {
- }
+ ;
sqlite3_finalize(statement);
@@ -730,8 +730,7 @@
sqlite3_bind_text(statement, 2, keyId, SQLITE_TRANSIENT);
while (sqlite3_step(statement) == SQLITE_ROW)
- {
- }
+ ;
sqlite3_finalize(statement);
@@ -868,7 +867,7 @@
-1, &stmt, 0);
Name identity = keyName.getPrefix(-1);
- sqlite3_bind_text(stmt, 1, identity.toUri().c_str(), identity.toUri().size (), SQLITE_TRANSIENT);
+ sqlite3_bind_text(stmt, 1, identity.toUri().c_str(), identity.toUri().size(), SQLITE_TRANSIENT);
std::string baseKeyName = keyName.get(-1).toUri();
sqlite3_bind_text(stmt, 2, baseKeyName.c_str(), baseKeyName.size(), SQLITE_TRANSIENT);
@@ -888,7 +887,7 @@
sqlite3_stmt* stmt;
sqlite3_prepare_v2(m_database, "DELETE FROM Certificate WHERE cert_name=?", -1, &stmt, 0);
- sqlite3_bind_text(stmt, 1, certName.toUri().c_str(), certName.toUri().size (), SQLITE_TRANSIENT);
+ sqlite3_bind_text(stmt, 1, certName.toUri().c_str(), certName.toUri().size(), SQLITE_TRANSIENT);
sqlite3_step(stmt);
sqlite3_finalize(stmt);
}
@@ -906,7 +905,7 @@
sqlite3_prepare_v2(m_database,
"DELETE FROM Certificate WHERE identity_name=? and key_identifier=?",
-1, &stmt, 0);
- sqlite3_bind_text(stmt, 1, identity.c_str(), identity.size (), SQLITE_TRANSIENT);
+ sqlite3_bind_text(stmt, 1, identity.c_str(), identity.size(), SQLITE_TRANSIENT);
sqlite3_bind_text(stmt, 2, keyId.c_str(), keyId.size(), SQLITE_TRANSIENT);
sqlite3_step(stmt);
sqlite3_finalize(stmt);
@@ -914,7 +913,7 @@
sqlite3_prepare_v2(m_database,
"DELETE FROM Key WHERE identity_name=? and key_identifier=?",
-1, &stmt, 0);
- sqlite3_bind_text(stmt, 1, identity.c_str(), identity.size (), SQLITE_TRANSIENT);
+ sqlite3_bind_text(stmt, 1, identity.c_str(), identity.size(), SQLITE_TRANSIENT);
sqlite3_bind_text(stmt, 2, keyId.c_str(), keyId.size(), SQLITE_TRANSIENT);
sqlite3_step(stmt);
sqlite3_finalize(stmt);
@@ -927,17 +926,17 @@
sqlite3_stmt* stmt;
sqlite3_prepare_v2(m_database, "DELETE FROM Certificate WHERE identity_name=?", -1, &stmt, 0);
- sqlite3_bind_text(stmt, 1, identity.c_str(), identity.size (), SQLITE_TRANSIENT);
+ sqlite3_bind_text(stmt, 1, identity.c_str(), identity.size(), SQLITE_TRANSIENT);
sqlite3_step(stmt);
sqlite3_finalize(stmt);
sqlite3_prepare_v2(m_database, "DELETE FROM Key WHERE identity_name=?", -1, &stmt, 0);
- sqlite3_bind_text(stmt, 1, identity.c_str(), identity.size (), SQLITE_TRANSIENT);
+ sqlite3_bind_text(stmt, 1, identity.c_str(), identity.size(), SQLITE_TRANSIENT);
sqlite3_step(stmt);
sqlite3_finalize(stmt);
sqlite3_prepare_v2(m_database, "DELETE FROM Identity WHERE identity_name=?", -1, &stmt, 0);
- sqlite3_bind_text(stmt, 1, identity.c_str(), identity.size (), SQLITE_TRANSIENT);
+ sqlite3_bind_text(stmt, 1, identity.c_str(), identity.size(), SQLITE_TRANSIENT);
sqlite3_step(stmt);
sqlite3_finalize(stmt);
}
diff --git a/src/security/sec-rule-relative.cpp b/src/security/sec-rule-relative.cpp
index 197fa43..6350fd5 100644
--- a/src/security/sec-rule-relative.cpp
+++ b/src/security/sec-rule-relative.cpp
@@ -28,14 +28,14 @@
#include "signature-sha256-with-rsa.hpp"
#include "security-common.hpp"
-using namespace std;
-
namespace ndn {
-SecRuleRelative::SecRuleRelative (const string& dataRegex, const string& signerRegex,
- const string& op,
- const string& dataExpand, const string& signerExpand,
- bool isPositive)
+using std::string;
+
+SecRuleRelative::SecRuleRelative(const string& dataRegex, const string& signerRegex,
+ const string& op,
+ const string& dataExpand, const string& signerExpand,
+ bool isPositive)
: SecRule(isPositive),
m_dataRegex(dataRegex),
m_signerRegex(signerRegex),
@@ -54,23 +54,31 @@
}
bool
-SecRuleRelative::satisfy (const Data& data)
+SecRuleRelative::satisfy(const Data& data)
{
Name dataName = data.getName();
try
{
- SignatureSha256WithRsa sig(data.getSignature());
- Name signerName = sig.getKeyLocator().getName ();
- return satisfy (dataName, signerName);
+ SignatureWithPublicKey sig(data.getSignature());
+ Name signerName = sig.getKeyLocator().getName();
+ return satisfy(dataName, signerName);
}
- catch (std::runtime_error& e)
+ catch (Tlv::Error& e)
+ {
+ return false;
+ }
+ catch (KeyLocator::Error& e)
+ {
+ return false;
+ }
+ catch (RegexMatcher::Error& e)
{
return false;
}
}
bool
-SecRuleRelative::satisfy (const Name& dataName, const Name& signerName)
+SecRuleRelative::satisfy(const Name& dataName, const Name& signerName)
{
if (!m_dataNameRegex.match(dataName))
return false;
@@ -86,21 +94,29 @@
}
bool
-SecRuleRelative::matchDataName (const Data& data)
+SecRuleRelative::matchDataName(const Data& data)
{
return m_dataNameRegex.match(data.getName());
}
bool
-SecRuleRelative::matchSignerName (const Data& data)
+SecRuleRelative::matchSignerName(const Data& data)
{
try
{
- SignatureSha256WithRsa sig(data.getSignature());
- Name signerName = sig.getKeyLocator().getName ();
+ SignatureWithPublicKey sig(data.getSignature());
+ Name signerName = sig.getKeyLocator().getName();
return m_signerNameRegex.match(signerName);
}
- catch (std::runtime_error& e)
+ catch (Tlv::Error& e)
+ {
+ return false;
+ }
+ catch (KeyLocator::Error& e)
+ {
+ return false;
+ }
+ catch (RegexMatcher::Error& e)
{
return false;
}
@@ -112,12 +128,12 @@
if ((dataName == signerName) && ("==" == m_op || ">=" == m_op))
return true;
- Name::const_iterator i = dataName.begin ();
- Name::const_iterator j = signerName.begin ();
+ Name::const_iterator i = dataName.begin();
+ Name::const_iterator j = signerName.begin();
- for (; i != dataName.end () && j != signerName.end (); i++, j++)
+ for (; i != dataName.end() && j != signerName.end(); i++, j++)
{
- if ((i->compare(*j)) == 0)
+ if (i->compare(*j) == 0)
continue;
else
return false;
diff --git a/src/security/sec-rule-specific.cpp b/src/security/sec-rule-specific.cpp
index 6f4886c..75f45b9 100644
--- a/src/security/sec-rule-specific.cpp
+++ b/src/security/sec-rule-specific.cpp
@@ -26,8 +26,6 @@
#include "sec-rule-specific.hpp"
#include "signature-sha256-with-rsa.hpp"
-using namespace std;
-
namespace ndn {
SecRuleSpecific::SecRuleSpecific(shared_ptr<Regex> dataRegex,
@@ -68,11 +66,19 @@
try
{
- SignatureSha256WithRsa sig(data.getSignature());
+ SignatureWithPublicKey sig(data.getSignature());
Name signerName = sig.getKeyLocator().getName();
return m_signerRegex->match(signerName);
}
- catch (std::runtime_error& e)
+ catch (Tlv::Error& e)
+ {
+ return false;
+ }
+ catch (KeyLocator::Error& e)
+ {
+ return false;
+ }
+ catch (RegexMatcher::Error& e)
{
return false;
}
@@ -88,7 +94,7 @@
SecRuleSpecific::satisfy(const Name& dataName, const Name& signerName)
{
bool isSignerMatched = m_isExempted || m_signerRegex->match(signerName);
- return (m_dataRegex->match(dataName) && isSignerMatched);
+ return m_dataRegex->match(dataName) && isSignerMatched;
}
} // namespace ndn
diff --git a/src/security/sec-tpm.cpp b/src/security/sec-tpm.cpp
index 2011a95..3191095 100644
--- a/src/security/sec-tpm.cpp
+++ b/src/security/sec-tpm.cpp
@@ -27,10 +27,10 @@
#include "../encoding/buffer-stream.hpp"
#include "cryptopp.hpp"
-using namespace std;
-
namespace ndn {
+using std::string;
+
ConstBufferPtr
SecTpm::exportPrivateKeyPkcs5FromTpm(const Name& keyName, const string& passwordStr)
{
diff --git a/src/security/signature-sha256-with-ecdsa.hpp b/src/security/signature-sha256-with-ecdsa.hpp
index 84cbe51..5bf0500 100644
--- a/src/security/signature-sha256-with-ecdsa.hpp
+++ b/src/security/signature-sha256-with-ecdsa.hpp
@@ -51,7 +51,7 @@
SignatureSha256WithEcdsa(const Signature& signature)
: SignatureWithPublicKey(signature)
{
- if (getType() != Signature::Sha256WithEcdsa)
+ if (getType() != Tlv::SignatureSha256WithEcdsa)
throw Error("Incorrect signature type");
}
};
diff --git a/src/security/signature-sha256-with-rsa.hpp b/src/security/signature-sha256-with-rsa.hpp
index bd3fd32..fc60248 100644
--- a/src/security/signature-sha256-with-rsa.hpp
+++ b/src/security/signature-sha256-with-rsa.hpp
@@ -51,7 +51,7 @@
SignatureSha256WithRsa(const Signature& signature)
: SignatureWithPublicKey(signature)
{
- if (getType() != Signature::Sha256WithRsa)
+ if (getType() != Tlv::SignatureSha256WithRsa)
throw Error("Incorrect signature type");
}
};
diff --git a/src/security/validator-config.cpp b/src/security/validator-config.cpp
index 4589d82..b9b1bed 100644
--- a/src/security/validator-config.cpp
+++ b/src/security/validator-config.cpp
@@ -490,13 +490,9 @@
Signature signature(interestName[signed_interest::POS_SIG_INFO].blockFromValue(),
interestName[signed_interest::POS_SIG_VALUE].blockFromValue());
- if (signature.getType() != Signature::Sha256WithRsa)
- return onValidationFailed(interest.shared_from_this(),
- "Require SignatureSha256WithRsa");
+ SignatureWithPublicKey publicKeySig(signature);
- SignatureSha256WithRsa sig(signature);
-
- const KeyLocator& keyLocator = sig.getKeyLocator();
+ const KeyLocator& keyLocator = publicKeySig.getKeyLocator();
if (keyLocator.getType() != KeyLocator::KeyLocator_Name)
return onValidationFailed(interest.shared_from_this(),
@@ -527,7 +523,7 @@
if (checkResult == 0)
{
checkSignature<Interest, OnInterestValidated, OnInterestValidationFailed>
- (interest, signature, nSteps,
+ (interest, publicKeySig, nSteps,
bind(&ValidatorConfig::checkTimestamp, this, _1,
keyName, onValidated, onValidationFailed),
onValidationFailed,
diff --git a/src/security/validator-config.hpp b/src/security/validator-config.hpp
index f5882d6..4a2ce58 100644
--- a/src/security/validator-config.hpp
+++ b/src/security/validator-config.hpp
@@ -293,7 +293,7 @@
const OnFailed& onValidationFailed,
std::vector<shared_ptr<ValidationRequest> >& nextSteps)
{
- if (signature.getType() == Signature::Sha256)
+ if (signature.getType() == Tlv::DigestSha256)
{
DigestSha256 sigSha256(signature);
@@ -304,55 +304,81 @@
"Sha256 Signature cannot be verified!");
}
- if (signature.getType() == Signature::Sha256WithRsa)
- {
- SignatureSha256WithRsa sigSha256Rsa(signature);
- Name keyLocatorName = sigSha256Rsa.getKeyLocator().getName();
+ shared_ptr<SignatureWithPublicKey> publicKeySig;
- shared_ptr<const Certificate> trustedCert;
-
- refreshAnchors();
-
- AnchorList::const_iterator it = m_anchors.find(keyLocatorName);
- if (m_anchors.end() == it)
- trustedCert = m_certificateCache->getCertificate(keyLocatorName);
- else
- trustedCert = it->second;
-
- if (static_cast<bool>(trustedCert))
- {
- if (verifySignature(packet, sigSha256Rsa, trustedCert->getPublicKeyInfo()))
- return onValidated(packet.shared_from_this());
- else
- return onValidationFailed(packet.shared_from_this(),
- "Cannot verify signature");
- }
- else
- {
- if (m_stepLimit == nSteps)
- return onValidationFailed(packet.shared_from_this(),
- "Maximum steps of validation reached");
-
- OnDataValidated onCertValidated =
- bind(&ValidatorConfig::onCertValidated<Packet, OnValidated, OnFailed>,
- this, _1, packet.shared_from_this(), onValidated, onValidationFailed);
-
- OnDataValidationFailed onCertValidationFailed =
- bind(&ValidatorConfig::onCertFailed<Packet, OnFailed>,
- this, _1, _2, packet.shared_from_this(), onValidationFailed);
-
- Interest certInterest(keyLocatorName);
-
- shared_ptr<ValidationRequest> nextStep =
- make_shared<ValidationRequest>(certInterest,
- onCertValidated,
- onCertValidationFailed,
- 1, nSteps + 1);
-
- nextSteps.push_back(nextStep);
- return;
- }
+ try {
+ switch (signature.getType()) {
+ case Tlv::SignatureSha256WithRsa:
+ {
+ publicKeySig = make_shared<SignatureSha256WithRsa>(signature);
+ break;
+ }
+ case Tlv::SignatureSha256WithEcdsa:
+ {
+ publicKeySig = make_shared<SignatureSha256WithEcdsa>(signature);
+ break;
+ }
+ default:
+ return onValidationFailed(packet.shared_from_this(),
+ "Unsupported signature type");
}
+ }
+ catch (Tlv::Error& e) {
+ return onValidationFailed(packet.shared_from_this(),
+ "Cannot decode public key signature");
+ }
+ catch (KeyLocator::Error& e) {
+ return onValidationFailed(packet.shared_from_this(),
+ "Cannot decode KeyLocator in public key signature");
+ }
+
+
+ Name keyLocatorName = publicKeySig->getKeyLocator().getName();
+
+ shared_ptr<const Certificate> trustedCert;
+
+ refreshAnchors();
+
+ AnchorList::const_iterator it = m_anchors.find(keyLocatorName);
+ if (m_anchors.end() == it)
+ trustedCert = m_certificateCache->getCertificate(keyLocatorName);
+ else
+ trustedCert = it->second;
+
+ if (static_cast<bool>(trustedCert))
+ {
+ if (verifySignature(packet, *publicKeySig, trustedCert->getPublicKeyInfo()))
+ return onValidated(packet.shared_from_this());
+ else
+ return onValidationFailed(packet.shared_from_this(),
+ "Cannot verify signature");
+ }
+ else
+ {
+ if (m_stepLimit == nSteps)
+ return onValidationFailed(packet.shared_from_this(),
+ "Maximum steps of validation reached");
+
+ OnDataValidated onCertValidated =
+ bind(&ValidatorConfig::onCertValidated<Packet, OnValidated, OnFailed>,
+ this, _1, packet.shared_from_this(), onValidated, onValidationFailed);
+
+ OnDataValidationFailed onCertValidationFailed =
+ bind(&ValidatorConfig::onCertFailed<Packet, OnFailed>,
+ this, _1, _2, packet.shared_from_this(), onValidationFailed);
+
+ Interest certInterest(keyLocatorName);
+
+ shared_ptr<ValidationRequest> nextStep =
+ make_shared<ValidationRequest>(certInterest,
+ onCertValidated,
+ onCertValidationFailed,
+ 1, nSteps + 1);
+
+ nextSteps.push_back(nextStep);
+ return;
+ }
+
return onValidationFailed(packet.shared_from_this(), "Unsupported Signature Type!");
}
diff --git a/src/security/validator-regex.cpp b/src/security/validator-regex.cpp
index 0ae4da4..e998d8c 100644
--- a/src/security/validator-regex.cpp
+++ b/src/security/validator-regex.cpp
@@ -27,8 +27,6 @@
#include "signature-sha256-with-rsa.hpp"
#include "certificate-cache-ttl.hpp"
-using namespace std;
-
namespace ndn {
const shared_ptr<CertificateCache> ValidatorRegex::DEFAULT_CERTIFICATE_CACHE;
@@ -75,7 +73,7 @@
void
ValidatorRegex::onCertificateValidationFailed(const shared_ptr<const Data>& signCertificate,
- const string& failureInfo,
+ const std::string& failureInfo,
const shared_ptr<const Data>& data,
const OnDataValidationFailed& onValidationFailed)
{
@@ -87,7 +85,7 @@
int nSteps,
const OnDataValidated& onValidated,
const OnDataValidationFailed& onValidationFailed,
- vector<shared_ptr<ValidationRequest> >& nextSteps)
+ std::vector<shared_ptr<ValidationRequest> >& nextSteps)
{
if (m_stepLimit == nSteps)
return onValidationFailed(data.shared_from_this(),
@@ -110,7 +108,7 @@
{
try
{
- SignatureSha256WithRsa sig(data.getSignature());
+ SignatureWithPublicKey sig(data.getSignature());
Name keyLocatorName = sig.getKeyLocator().getName();
shared_ptr<const Certificate> trustedCert;
@@ -153,12 +151,17 @@
return;
}
}
- catch (SignatureSha256WithRsa::Error& e)
+ catch (SignatureWithPublicKey::Error& e)
{
return onValidationFailed(data.shared_from_this(),
- "Not SignatureSha256WithRsa signature: " +
+ "Require sub-class of SignatureWithPublicKey: " +
data.getName().toUri());
}
+ catch (Tlv::Error& e)
+ {
+ return onValidationFailed(data.shared_from_this(),
+ "Cannot decode signature");
+ }
catch (KeyLocator::Error& e)
{
return onValidationFailed(data.shared_from_this(),
diff --git a/src/security/validator.cpp b/src/security/validator.cpp
index 1b9d92a..5edb852 100644
--- a/src/security/validator.cpp
+++ b/src/security/validator.cpp
@@ -121,38 +121,16 @@
bool
Validator::verifySignature(const Data& data, const PublicKey& key)
{
- try
- {
- switch (data.getSignature().getType())
- {
- case Tlv::SignatureSha256WithRsa:
- {
- SignatureSha256WithRsa sigSha256Rsa(data.getSignature());
- return verifySignature(data.wireEncode().value(),
- data.wireEncode().value_size() -
- data.getSignature().getValue().size(),
- sigSha256Rsa, key);
- }
- case Tlv::SignatureSha256WithEcdsa:
- {
- SignatureSha256WithEcdsa sigSha256Ecdsa(data.getSignature());
- return verifySignature(data.wireEncode().value(),
- data.wireEncode().value_size() -
- data.getSignature().getValue().size(),
- sigSha256Ecdsa, key);
- }
- default:
- {
- // Unsupported sig type
- return false;
- }
- }
- }
- catch (Signature::Error& e)
- {
- return false;
- }
- return false;
+ shared_ptr<SignatureWithPublicKey> publicKeySig =
+ determineSignatureWithPublicKey(data.getSignature());
+
+ if (!static_cast<bool>(publicKeySig))
+ return false;
+
+ return verifySignature(data.wireEncode().value(),
+ data.wireEncode().value_size() -
+ data.getSignature().getValue().size(),
+ *publicKeySig, key);
}
bool
@@ -170,40 +148,19 @@
Signature sig(interestName[-2].blockFromValue(),
interestName[-1].blockFromValue());
- switch (sig.getType())
- {
- case Tlv::SignatureSha256WithRsa:
- {
- SignatureSha256WithRsa sigSha256Rsa(sig);
+ shared_ptr<SignatureWithPublicKey> publicKeySig = determineSignatureWithPublicKey(sig);
- return verifySignature(nameBlock.value(),
- nameBlock.value_size() - interestName[-1].size(),
- sigSha256Rsa, key);
- }
- case Tlv::SignatureSha256WithEcdsa:
- {
- SignatureSha256WithEcdsa sigSha256Ecdsa(sig);
+ if (!static_cast<bool>(publicKeySig))
+ return false;
- return verifySignature(nameBlock.value(),
- nameBlock.value_size() - interestName[-1].size(),
- sigSha256Ecdsa, key);
- }
- default:
- {
- // Unsupported sig type
- return false;
- }
- }
- }
- catch (Signature::Error& e)
- {
- return false;
+ return verifySignature(nameBlock.value(),
+ nameBlock.value_size() - interestName[-1].size(),
+ *publicKeySig, key);
}
catch (Block::Error& e)
{
return false;
}
- return false;
}
bool
@@ -329,6 +286,28 @@
}
}
+shared_ptr<SignatureWithPublicKey>
+Validator::determineSignatureWithPublicKey(const Signature& signature)
+{
+ try {
+ switch (signature.getType())
+ {
+ case Tlv::SignatureSha256WithRsa:
+ return make_shared<SignatureSha256WithRsa>(signature);
+ case Tlv::SignatureSha256WithEcdsa:
+ return make_shared<SignatureSha256WithEcdsa>(signature);
+ default:
+ return shared_ptr<SignatureWithPublicKey>();
+ }
+ }
+ catch (Tlv::Error& e) {
+ return shared_ptr<SignatureWithPublicKey>();
+ }
+ catch (KeyLocator::Error& e) {
+ return shared_ptr<SignatureWithPublicKey>();
+ }
+}
+
void
Validator::onTimeout(const Interest& interest,
int remainingRetries,
diff --git a/src/security/validator.hpp b/src/security/validator.hpp
index b95c5ad..e9bf37e 100644
--- a/src/security/validator.hpp
+++ b/src/security/validator.hpp
@@ -248,6 +248,9 @@
const OnInterestValidationFailed& onValidationFailed,
int nSteps);
+ static shared_ptr<SignatureWithPublicKey>
+ determineSignatureWithPublicKey(const Signature& signature);
+
/// Hooks
/**
diff --git a/src/signature.hpp b/src/signature.hpp
index 3546c4c..f7853dd 100644
--- a/src/signature.hpp
+++ b/src/signature.hpp
@@ -42,6 +42,7 @@
}
};
+ /// @deprecated use Tlv::SignatureTypeValue instead.
enum {
Sha256 = Tlv::DigestSha256,
Sha256WithRsa = Tlv::SignatureSha256WithRsa,
@@ -53,6 +54,7 @@
{
}
+ explicit
Signature(const Block& info, const Block& value = Block())
: m_value(value)
{
diff --git a/src/util/command-interest-validator.hpp b/src/util/command-interest-validator.hpp
index 9d8660e..7d179a0 100644
--- a/src/util/command-interest-validator.hpp
+++ b/src/util/command-interest-validator.hpp
@@ -168,7 +168,7 @@
Signature signature(interestName[POS_SIG_INFO].blockFromValue(),
interestName[POS_SIG_VALUE].blockFromValue());
- if (signature.getType() != Signature::Sha256WithRsa)
+ if (signature.getType() != Tlv::SignatureSha256WithRsa)
return onValidationFailed(interest.shared_from_this(),
"Require SignatureSha256WithRsa");