security: Allow KeyChain to sign interest using SHA256 digest
Change-Id: I729c5e32aeb1b9e78582becec1bc183aada6ee95
Refs: #2218
diff --git a/src/security/key-chain.cpp b/src/security/key-chain.cpp
index 1809079..f22c5a9 100644
--- a/src/security/key-chain.cpp
+++ b/src/security/key-chain.cpp
@@ -558,6 +558,30 @@
}
void
+KeyChain::signWithSha256(Interest& interest)
+{
+ DigestSha256 sig;
+
+ time::milliseconds timestamp = time::toUnixTimestamp(time::system_clock::now());
+ if (timestamp <= m_lastTimestamp)
+ timestamp = m_lastTimestamp + time::milliseconds(1);
+
+ Name signedName = interest.getName();
+ signedName
+ .append(name::Component::fromNumber(timestamp.count())) // timestamp
+ .append(name::Component::fromNumber(random::generateWord64())) // nonce
+ .append(sig.getInfo()); // signatureInfo
+
+ Block sigValue(tlv::SignatureValue,
+ crypto::sha256(signedName.wireEncode().value(),
+ signedName.wireEncode().value_size()));
+
+ sigValue.encode();
+ signedName.append(sigValue); // signatureValue
+ interest.setName(signedName);
+}
+
+void
KeyChain::deleteCertificate(const Name& certificateName)
{
try
diff --git a/src/security/key-chain.hpp b/src/security/key-chain.hpp
index 0cc3cb3..5d348c4 100644
--- a/src/security/key-chain.hpp
+++ b/src/security/key-chain.hpp
@@ -226,12 +226,18 @@
signByIdentity(const uint8_t* buffer, size_t bufferLength, const Name& identityName);
/**
- * @brief Set Sha256 weak signature for @param data
+ * @brief Set Sha256 weak signature for @p data
*/
void
signWithSha256(Data& data);
/**
+ * @brief Set Sha256 weak signature for @p interest
+ */
+ void
+ signWithSha256(Interest& interest);
+
+ /**
* @brief Generate a self-signed certificate for a public key.
*
* @param keyName The name of the public key
@@ -789,6 +795,6 @@
return;
}
-}
+} // namespace ndn
#endif // NDN_SECURITY_KEY_CHAIN_HPP
diff --git a/src/security/validator.hpp b/src/security/validator.hpp
index 3fe58f3..5311795 100644
--- a/src/security/validator.hpp
+++ b/src/security/validator.hpp
@@ -180,10 +180,10 @@
if (interest.getName().size() < 2)
return false;
- Name signedName = interest.getName().getPrefix(-2);
+ const Name& name = interest.getName();
- return verifySignature(signedName.wireEncode().value(),
- signedName.wireEncode().value_size(),
+ return verifySignature(name.wireEncode().value(),
+ name.wireEncode().value_size() - name[-1].size(),
sig);
}
diff --git a/tests/unit-tests/security/test-digest-sha256.cpp b/tests/unit-tests/security/test-digest-sha256.cpp
index 264078c..4460be7 100644
--- a/tests/unit-tests/security/test-digest-sha256.cpp
+++ b/tests/unit-tests/security/test-digest-sha256.cpp
@@ -21,14 +21,13 @@
#include "security/key-chain.hpp"
#include "security/validator.hpp"
-
#include "security/cryptopp.hpp"
-
+#include "identity-management-fixture.hpp"
#include "boost-test.hpp"
namespace ndn {
-BOOST_AUTO_TEST_SUITE(SecurityTestDigestSha256)
+BOOST_FIXTURE_TEST_SUITE(SecurityTestDigestSha256, security::IdentityManagementFixture)
std::string SHA256_RESULT("a883dafc480d466ee04e0d6da986bd78eb1fdd2178d04693723da3a8f95d42f4");
@@ -44,7 +43,7 @@
BOOST_CHECK_EQUAL(SHA256_RESULT, result);
}
-BOOST_AUTO_TEST_CASE(Signature)
+BOOST_AUTO_TEST_CASE(DataSignature)
{
using namespace CryptoPP;
@@ -53,10 +52,7 @@
char content[5] = "1234";
testData.setContent(reinterpret_cast<uint8_t*>(content), 5);
- BOOST_REQUIRE_NO_THROW(KeyChain("sqlite3", "file"));
- KeyChain keyChain("sqlite3", "file");
-
- keyChain.signWithSha256(testData);
+ m_keyChain.signWithSha256(testData);
testData.wireEncode();
@@ -67,6 +63,22 @@
BOOST_CHECK_THROW(sig.getKeyLocator(), ndn::SignatureInfo::Error);
}
+BOOST_AUTO_TEST_CASE(InterestSignature)
+{
+ Name name("/SecurityTestDigestSha256/InterestSignature/Interest1");
+ Interest testInterest(name);
+
+ m_keyChain.signWithSha256(testInterest);
+ testInterest.wireEncode();
+ const Name& signedName = testInterest.getName();
+
+ Signature signature(signedName[signed_interest::POS_SIG_INFO].blockFromValue(),
+ signedName[signed_interest::POS_SIG_VALUE].blockFromValue());
+ DigestSha256 sig(signature);
+ BOOST_CHECK(Validator::verifySignature(testInterest, sig));
+}
+
+
BOOST_AUTO_TEST_SUITE_END()
} // namespace ndn
diff --git a/tests/unit-tests/security/test-signature-sha256-ecdsa.cpp b/tests/unit-tests/security/test-signature-sha256-ecdsa.cpp
index cebf9ed..a384bdc 100644
--- a/tests/unit-tests/security/test-signature-sha256-ecdsa.cpp
+++ b/tests/unit-tests/security/test-signature-sha256-ecdsa.cpp
@@ -20,12 +20,30 @@
*/
#include "security/signature-sha256-with-ecdsa.hpp"
-
+#include "security/key-chain.hpp"
+#include "security/validator.hpp"
+#include "util/scheduler.hpp"
+#include "identity-management-fixture.hpp"
+#include "../unit-test-time-fixture.hpp"
#include "boost-test.hpp"
namespace ndn {
+namespace tests {
-BOOST_AUTO_TEST_SUITE(SecurityTestSignatureSha256WithEcdsa)
+class SignatureSha256EcdsaTimeFixture : public UnitTestTimeFixture
+ , public security::IdentityManagementFixture
+{
+public:
+ SignatureSha256EcdsaTimeFixture()
+ : scheduler(io)
+ {
+ }
+
+public:
+ Scheduler scheduler;
+};
+
+BOOST_FIXTURE_TEST_SUITE(SecurityTestSignatureSha256WithEcdsa, SignatureSha256EcdsaTimeFixture)
const uint8_t sigInfo[] = {
0x16, 0x1b, // SignatureInfo
@@ -85,6 +103,71 @@
BOOST_CHECK(sigInfoBlock != encodeSigInfoBlock2);
}
+BOOST_AUTO_TEST_CASE(DataSignature)
+{
+ Name identityName("/SecurityTestSignatureSha256WithEcdsa/DataSignature");
+ BOOST_REQUIRE(addIdentity(identityName, EcdsaKeyParams()));
+ shared_ptr<PublicKey> publicKey;
+ BOOST_REQUIRE_NO_THROW(publicKey = m_keyChain.getPublicKeyFromTpm(
+ m_keyChain.getDefaultKeyNameForIdentity(identityName)));
+
+ Data testData("/SecurityTestSignatureSha256WithEcdsa/DataSignature/Data1");
+ char content[5] = "1234";
+ testData.setContent(reinterpret_cast<uint8_t*>(content), 5);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(testData, identityName));
+ Block dataBlock(testData.wireEncode().wire(), testData.wireEncode().size());
+
+ Data testData2;
+ testData2.wireDecode(dataBlock);
+ BOOST_CHECK(Validator::verifySignature(testData2, *publicKey));
+}
+
+
+BOOST_AUTO_TEST_CASE(InterestSignature)
+{
+ Name identityName("/SecurityTestSignatureSha256WithEcdsa/InterestSignature");
+ BOOST_REQUIRE(addIdentity(identityName, EcdsaKeyParams()));
+ shared_ptr<PublicKey> publicKey;
+ BOOST_REQUIRE_NO_THROW(publicKey = m_keyChain.getPublicKeyFromTpm(
+ m_keyChain.getDefaultKeyNameForIdentity(identityName)));
+
+
+ Interest interest("/SecurityTestSignatureSha256WithEcdsa/InterestSignature/Interest1");
+ Interest interest11("/SecurityTestSignatureSha256WithEcdsa/InterestSignature/Interest1");
+
+ scheduler.scheduleEvent(time::milliseconds(100), [&] {
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(interest, identityName));
+ });
+
+ advanceClocks(time::milliseconds(100));
+ scheduler.scheduleEvent(time::milliseconds(100), [&] {
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(interest11, identityName));
+ });
+
+ advanceClocks(time::milliseconds(100));
+
+ time::system_clock::TimePoint timestamp1 =
+ time::fromUnixTimestamp(
+ time::milliseconds(interest.getName().get(signed_interest::POS_TIMESTAMP).toNumber()));
+
+ time::system_clock::TimePoint timestamp2 =
+ time::fromUnixTimestamp(
+ time::milliseconds(interest11.getName().get(signed_interest::POS_TIMESTAMP).toNumber()));
+
+ BOOST_CHECK_EQUAL(time::milliseconds(100), (timestamp2 - timestamp1));
+
+ uint64_t nonce1 = interest.getName().get(signed_interest::POS_RANDOM_VAL).toNumber();
+ uint64_t nonce2 = interest11.getName().get(signed_interest::POS_RANDOM_VAL).toNumber();
+ BOOST_WARN_NE(nonce1, nonce2);
+
+ Block interestBlock(interest.wireEncode().wire(), interest.wireEncode().size());
+
+ Interest interest2;
+ interest2.wireDecode(interestBlock);
+ BOOST_CHECK(Validator::verifySignature(interest2, *publicKey));
+}
+
BOOST_AUTO_TEST_SUITE_END()
+} // namespace tests
} // namespace ndn
diff --git a/tests/unit-tests/security/test-signature-sha256-rsa.cpp b/tests/unit-tests/security/test-signature-sha256-rsa.cpp
index 2fd0c3a..cf6b172 100644
--- a/tests/unit-tests/security/test-signature-sha256-rsa.cpp
+++ b/tests/unit-tests/security/test-signature-sha256-rsa.cpp
@@ -20,12 +20,30 @@
*/
#include "security/signature-sha256-with-rsa.hpp"
-
+#include "security/key-chain.hpp"
+#include "security/validator.hpp"
+#include "util/scheduler.hpp"
+#include "identity-management-fixture.hpp"
+#include "../unit-test-time-fixture.hpp"
#include "boost-test.hpp"
namespace ndn {
+namespace tests {
-BOOST_AUTO_TEST_SUITE(SecurityTestSignatureSha256WithRsa)
+class SignatureSha256RsaTimeFixture : public UnitTestTimeFixture
+ , public security::IdentityManagementFixture
+{
+public:
+ SignatureSha256RsaTimeFixture()
+ : scheduler(io)
+ {
+ }
+
+public:
+ Scheduler scheduler;
+};
+
+BOOST_FIXTURE_TEST_SUITE(SecurityTestSignatureSha256WithRsa, SignatureSha256RsaTimeFixture)
const uint8_t sigInfo[] = {
0x16, 0x1b, // SignatureInfo
@@ -90,6 +108,69 @@
BOOST_CHECK(sigInfoBlock != encodeSigInfoBlock2);
}
+BOOST_AUTO_TEST_CASE(DataSignature)
+{
+ Name identityName("/SecurityTestSignatureSha256WithRsa/DataSignature");
+ BOOST_REQUIRE(addIdentity(identityName, RsaKeyParams()));
+ shared_ptr<PublicKey> publicKey;
+ BOOST_REQUIRE_NO_THROW(publicKey = m_keyChain.getPublicKeyFromTpm(
+ m_keyChain.getDefaultKeyNameForIdentity(identityName)));
+
+ Data testData("/SecurityTestSignatureSha256WithRsa/DataSignature/Data1");
+ char content[5] = "1234";
+ testData.setContent(reinterpret_cast<uint8_t*>(content), 5);
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(testData, identityName));
+ Block dataBlock(testData.wireEncode().wire(), testData.wireEncode().size());
+
+ Data testData2;
+ testData2.wireDecode(dataBlock);
+ BOOST_CHECK(Validator::verifySignature(testData2, *publicKey));
+}
+
+BOOST_AUTO_TEST_CASE(InterestSignature)
+{
+ Name identityName("/SecurityTestSignatureSha256WithRsa/InterestSignature");
+ BOOST_REQUIRE(addIdentity(identityName, RsaKeyParams()));
+ shared_ptr<PublicKey> publicKey;
+ BOOST_REQUIRE_NO_THROW(publicKey = m_keyChain.getPublicKeyFromTpm(
+ m_keyChain.getDefaultKeyNameForIdentity(identityName)));
+
+ Interest interest("/SecurityTestSignatureSha256WithRsa/InterestSignature/Interest1");
+ Interest interest11("/SecurityTestSignatureSha256WithRsa/InterestSignature/Interest1");
+
+ scheduler.scheduleEvent(time::milliseconds(100), [&] {
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(interest, identityName));
+ });
+
+ advanceClocks(time::milliseconds(100));
+ scheduler.scheduleEvent(time::milliseconds(100), [&] {
+ BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(interest11, identityName));
+ });
+
+ advanceClocks(time::milliseconds(100));
+
+ time::system_clock::TimePoint timestamp1 =
+ time::fromUnixTimestamp(
+ time::milliseconds(interest.getName().get(signed_interest::POS_TIMESTAMP).toNumber()));
+
+ time::system_clock::TimePoint timestamp2 =
+ time::fromUnixTimestamp(
+ time::milliseconds(interest11.getName().get(signed_interest::POS_TIMESTAMP).toNumber()));
+
+ BOOST_CHECK_EQUAL(time::milliseconds(100), (timestamp2 - timestamp1));
+
+ uint64_t nonce1 = interest.getName().get(signed_interest::POS_RANDOM_VAL).toNumber();
+ uint64_t nonce2 = interest11.getName().get(signed_interest::POS_RANDOM_VAL).toNumber();
+ BOOST_WARN_NE(nonce1, nonce2);
+
+ Block interestBlock(interest.wireEncode().wire(), interest.wireEncode().size());
+
+ Interest interest2;
+ interest2.wireDecode(interestBlock);
+ BOOST_CHECK(Validator::verifySignature(interest2, *publicKey));
+}
+
BOOST_AUTO_TEST_SUITE_END()
+} // namespace tests
} // namespace ndn
diff --git a/tests/unit-tests/security/test-signed-interest.cpp b/tests/unit-tests/security/test-signed-interest.cpp
deleted file mode 100644
index 0435116..0000000
--- a/tests/unit-tests/security/test-signed-interest.cpp
+++ /dev/null
@@ -1,75 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2013-2014 Regents of the University of California.
- *
- * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
- *
- * ndn-cxx library is free software: you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free Software
- * Foundation, either version 3 of the License, or (at your option) any later version.
- *
- * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
- * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
- * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
- *
- * You should have received copies of the GNU General Public License and GNU Lesser
- * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
- * <http://www.gnu.org/licenses/>.
- *
- * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
- */
-
-#include "security/key-chain.hpp"
-#include "security/validator.hpp"
-#include "identity-management-fixture.hpp"
-#include "boost-test.hpp"
-
-namespace ndn {
-
-BOOST_FIXTURE_TEST_SUITE(SecurityTestSignedInterest, security::IdentityManagementFixture)
-
-BOOST_AUTO_TEST_CASE(SignVerifyInterest)
-{
- Name identityName("/TestSignedInterest/SignVerify");
- identityName.appendVersion();
- BOOST_REQUIRE(addIdentity(identityName, RsaKeyParams()));
- Name certificateName = m_keyChain.getDefaultCertificateNameForIdentity(identityName);
-
- Interest interest("/TestSignedInterest/SignVerify/Interest1");
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(interest, identityName));
-
- usleep(100000);
-
- Interest interest11("/TestSignedInterest/SignVerify/Interest1");
- BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(interest11, identityName));
-
- time::system_clock::TimePoint timestamp1 =
- time::fromUnixTimestamp(
- time::milliseconds(interest.getName().get(signed_interest::POS_TIMESTAMP).toNumber()));
-
- time::system_clock::TimePoint timestamp2 =
- time::fromUnixTimestamp(
- time::milliseconds(interest11.getName().get(signed_interest::POS_TIMESTAMP).toNumber()));
-
- BOOST_CHECK_LT(time::milliseconds(100), (timestamp2 - timestamp1));
-
- uint64_t nonce1 = interest.getName().get(signed_interest::POS_RANDOM_VAL).toNumber();
- uint64_t nonce2 = interest11.getName().get(signed_interest::POS_RANDOM_VAL).toNumber();
- BOOST_CHECK_NE(nonce1, nonce2);
-
- Block interestBlock(interest.wireEncode().wire(), interest.wireEncode().size());
-
- Interest interest2;
- interest2.wireDecode(interestBlock);
-
- shared_ptr<PublicKey> publicKey;
- BOOST_REQUIRE_NO_THROW(publicKey = m_keyChain.getPublicKeyFromTpm(
- m_keyChain.getDefaultKeyNameForIdentity(identityName)));
- bool result = Validator::verifySignature(interest2, *publicKey);
-
- BOOST_CHECK_EQUAL(result, true);
-}
-
-BOOST_AUTO_TEST_SUITE_END()
-
-} // namespace ndn