security: Allow KeyChain to sign interest using SHA256 digest

Change-Id: I729c5e32aeb1b9e78582becec1bc183aada6ee95
Refs: #2218
diff --git a/src/security/key-chain.cpp b/src/security/key-chain.cpp
index 1809079..f22c5a9 100644
--- a/src/security/key-chain.cpp
+++ b/src/security/key-chain.cpp
@@ -558,6 +558,30 @@
 }
 
 void
+KeyChain::signWithSha256(Interest& interest)
+{
+  DigestSha256 sig;
+
+  time::milliseconds timestamp = time::toUnixTimestamp(time::system_clock::now());
+  if (timestamp <= m_lastTimestamp)
+    timestamp = m_lastTimestamp + time::milliseconds(1);
+
+  Name signedName = interest.getName();
+  signedName
+    .append(name::Component::fromNumber(timestamp.count()))        // timestamp
+    .append(name::Component::fromNumber(random::generateWord64())) // nonce
+    .append(sig.getInfo());                                        // signatureInfo
+
+  Block sigValue(tlv::SignatureValue,
+                 crypto::sha256(signedName.wireEncode().value(),
+                                signedName.wireEncode().value_size()));
+
+  sigValue.encode();
+  signedName.append(sigValue);                                     // signatureValue
+  interest.setName(signedName);
+}
+
+void
 KeyChain::deleteCertificate(const Name& certificateName)
 {
   try
diff --git a/src/security/key-chain.hpp b/src/security/key-chain.hpp
index 0cc3cb3..5d348c4 100644
--- a/src/security/key-chain.hpp
+++ b/src/security/key-chain.hpp
@@ -226,12 +226,18 @@
   signByIdentity(const uint8_t* buffer, size_t bufferLength, const Name& identityName);
 
   /**
-   * @brief Set Sha256 weak signature for @param data
+   * @brief Set Sha256 weak signature for @p data
    */
   void
   signWithSha256(Data& data);
 
   /**
+   * @brief Set Sha256 weak signature for @p interest
+   */
+  void
+  signWithSha256(Interest& interest);
+
+  /**
    * @brief Generate a self-signed certificate for a public key.
    *
    * @param keyName The name of the public key
@@ -789,6 +795,6 @@
   return;
 }
 
-}
+} // namespace ndn
 
 #endif // NDN_SECURITY_KEY_CHAIN_HPP
diff --git a/src/security/validator.hpp b/src/security/validator.hpp
index 3fe58f3..5311795 100644
--- a/src/security/validator.hpp
+++ b/src/security/validator.hpp
@@ -180,10 +180,10 @@
     if (interest.getName().size() < 2)
       return false;
 
-    Name signedName = interest.getName().getPrefix(-2);
+    const Name& name = interest.getName();
 
-    return verifySignature(signedName.wireEncode().value(),
-                           signedName.wireEncode().value_size(),
+    return verifySignature(name.wireEncode().value(),
+                           name.wireEncode().value_size() - name[-1].size(),
                            sig);
   }
 
diff --git a/tests/unit-tests/security/test-digest-sha256.cpp b/tests/unit-tests/security/test-digest-sha256.cpp
index 264078c..4460be7 100644
--- a/tests/unit-tests/security/test-digest-sha256.cpp
+++ b/tests/unit-tests/security/test-digest-sha256.cpp
@@ -21,14 +21,13 @@
 
 #include "security/key-chain.hpp"
 #include "security/validator.hpp"
-
 #include "security/cryptopp.hpp"
-
+#include "identity-management-fixture.hpp"
 #include "boost-test.hpp"
 
 namespace ndn {
 
-BOOST_AUTO_TEST_SUITE(SecurityTestDigestSha256)
+BOOST_FIXTURE_TEST_SUITE(SecurityTestDigestSha256, security::IdentityManagementFixture)
 
 std::string SHA256_RESULT("a883dafc480d466ee04e0d6da986bd78eb1fdd2178d04693723da3a8f95d42f4");
 
@@ -44,7 +43,7 @@
   BOOST_CHECK_EQUAL(SHA256_RESULT, result);
 }
 
-BOOST_AUTO_TEST_CASE(Signature)
+BOOST_AUTO_TEST_CASE(DataSignature)
 {
   using namespace CryptoPP;
 
@@ -53,10 +52,7 @@
   char content[5] = "1234";
   testData.setContent(reinterpret_cast<uint8_t*>(content), 5);
 
-  BOOST_REQUIRE_NO_THROW(KeyChain("sqlite3", "file"));
-  KeyChain keyChain("sqlite3", "file");
-
-  keyChain.signWithSha256(testData);
+  m_keyChain.signWithSha256(testData);
 
   testData.wireEncode();
 
@@ -67,6 +63,22 @@
   BOOST_CHECK_THROW(sig.getKeyLocator(), ndn::SignatureInfo::Error);
 }
 
+BOOST_AUTO_TEST_CASE(InterestSignature)
+{
+  Name name("/SecurityTestDigestSha256/InterestSignature/Interest1");
+  Interest testInterest(name);
+
+  m_keyChain.signWithSha256(testInterest);
+  testInterest.wireEncode();
+  const Name& signedName = testInterest.getName();
+
+  Signature signature(signedName[signed_interest::POS_SIG_INFO].blockFromValue(),
+                      signedName[signed_interest::POS_SIG_VALUE].blockFromValue());
+  DigestSha256 sig(signature);
+  BOOST_CHECK(Validator::verifySignature(testInterest, sig));
+}
+
+
 BOOST_AUTO_TEST_SUITE_END()
 
 } // namespace ndn
diff --git a/tests/unit-tests/security/test-signature-sha256-ecdsa.cpp b/tests/unit-tests/security/test-signature-sha256-ecdsa.cpp
index cebf9ed..a384bdc 100644
--- a/tests/unit-tests/security/test-signature-sha256-ecdsa.cpp
+++ b/tests/unit-tests/security/test-signature-sha256-ecdsa.cpp
@@ -20,12 +20,30 @@
  */
 
 #include "security/signature-sha256-with-ecdsa.hpp"
-
+#include "security/key-chain.hpp"
+#include "security/validator.hpp"
+#include "util/scheduler.hpp"
+#include "identity-management-fixture.hpp"
+#include "../unit-test-time-fixture.hpp"
 #include "boost-test.hpp"
 
 namespace ndn {
+namespace tests {
 
-BOOST_AUTO_TEST_SUITE(SecurityTestSignatureSha256WithEcdsa)
+class SignatureSha256EcdsaTimeFixture : public UnitTestTimeFixture
+                                      , public security::IdentityManagementFixture
+{
+public:
+  SignatureSha256EcdsaTimeFixture()
+    : scheduler(io)
+  {
+  }
+
+public:
+  Scheduler scheduler;
+};
+
+BOOST_FIXTURE_TEST_SUITE(SecurityTestSignatureSha256WithEcdsa, SignatureSha256EcdsaTimeFixture)
 
 const uint8_t sigInfo[] = {
 0x16, 0x1b, // SignatureInfo
@@ -85,6 +103,71 @@
   BOOST_CHECK(sigInfoBlock != encodeSigInfoBlock2);
 }
 
+BOOST_AUTO_TEST_CASE(DataSignature)
+{
+  Name identityName("/SecurityTestSignatureSha256WithEcdsa/DataSignature");
+  BOOST_REQUIRE(addIdentity(identityName, EcdsaKeyParams()));
+  shared_ptr<PublicKey> publicKey;
+  BOOST_REQUIRE_NO_THROW(publicKey = m_keyChain.getPublicKeyFromTpm(
+    m_keyChain.getDefaultKeyNameForIdentity(identityName)));
+
+  Data testData("/SecurityTestSignatureSha256WithEcdsa/DataSignature/Data1");
+  char content[5] = "1234";
+  testData.setContent(reinterpret_cast<uint8_t*>(content), 5);
+  BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(testData, identityName));
+  Block dataBlock(testData.wireEncode().wire(), testData.wireEncode().size());
+
+  Data testData2;
+  testData2.wireDecode(dataBlock);
+  BOOST_CHECK(Validator::verifySignature(testData2, *publicKey));
+}
+
+
+BOOST_AUTO_TEST_CASE(InterestSignature)
+{
+  Name identityName("/SecurityTestSignatureSha256WithEcdsa/InterestSignature");
+  BOOST_REQUIRE(addIdentity(identityName, EcdsaKeyParams()));
+  shared_ptr<PublicKey> publicKey;
+  BOOST_REQUIRE_NO_THROW(publicKey = m_keyChain.getPublicKeyFromTpm(
+    m_keyChain.getDefaultKeyNameForIdentity(identityName)));
+
+
+  Interest interest("/SecurityTestSignatureSha256WithEcdsa/InterestSignature/Interest1");
+  Interest interest11("/SecurityTestSignatureSha256WithEcdsa/InterestSignature/Interest1");
+
+  scheduler.scheduleEvent(time::milliseconds(100), [&] {
+      BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(interest, identityName));
+    });
+
+  advanceClocks(time::milliseconds(100));
+  scheduler.scheduleEvent(time::milliseconds(100), [&] {
+      BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(interest11, identityName));
+    });
+
+  advanceClocks(time::milliseconds(100));
+
+  time::system_clock::TimePoint timestamp1 =
+    time::fromUnixTimestamp(
+      time::milliseconds(interest.getName().get(signed_interest::POS_TIMESTAMP).toNumber()));
+
+  time::system_clock::TimePoint timestamp2 =
+    time::fromUnixTimestamp(
+      time::milliseconds(interest11.getName().get(signed_interest::POS_TIMESTAMP).toNumber()));
+
+  BOOST_CHECK_EQUAL(time::milliseconds(100), (timestamp2 - timestamp1));
+
+  uint64_t nonce1 = interest.getName().get(signed_interest::POS_RANDOM_VAL).toNumber();
+  uint64_t nonce2 = interest11.getName().get(signed_interest::POS_RANDOM_VAL).toNumber();
+  BOOST_WARN_NE(nonce1, nonce2);
+
+  Block interestBlock(interest.wireEncode().wire(), interest.wireEncode().size());
+
+  Interest interest2;
+  interest2.wireDecode(interestBlock);
+  BOOST_CHECK(Validator::verifySignature(interest2, *publicKey));
+}
+
 BOOST_AUTO_TEST_SUITE_END()
 
+} // namespace tests
 } // namespace ndn
diff --git a/tests/unit-tests/security/test-signature-sha256-rsa.cpp b/tests/unit-tests/security/test-signature-sha256-rsa.cpp
index 2fd0c3a..cf6b172 100644
--- a/tests/unit-tests/security/test-signature-sha256-rsa.cpp
+++ b/tests/unit-tests/security/test-signature-sha256-rsa.cpp
@@ -20,12 +20,30 @@
  */
 
 #include "security/signature-sha256-with-rsa.hpp"
-
+#include "security/key-chain.hpp"
+#include "security/validator.hpp"
+#include "util/scheduler.hpp"
+#include "identity-management-fixture.hpp"
+#include "../unit-test-time-fixture.hpp"
 #include "boost-test.hpp"
 
 namespace ndn {
+namespace tests {
 
-BOOST_AUTO_TEST_SUITE(SecurityTestSignatureSha256WithRsa)
+class SignatureSha256RsaTimeFixture : public UnitTestTimeFixture
+                                    , public security::IdentityManagementFixture
+{
+public:
+  SignatureSha256RsaTimeFixture()
+    : scheduler(io)
+  {
+  }
+
+public:
+  Scheduler scheduler;
+};
+
+BOOST_FIXTURE_TEST_SUITE(SecurityTestSignatureSha256WithRsa, SignatureSha256RsaTimeFixture)
 
 const uint8_t sigInfo[] = {
 0x16, 0x1b, // SignatureInfo
@@ -90,6 +108,69 @@
   BOOST_CHECK(sigInfoBlock != encodeSigInfoBlock2);
 }
 
+BOOST_AUTO_TEST_CASE(DataSignature)
+{
+  Name identityName("/SecurityTestSignatureSha256WithRsa/DataSignature");
+  BOOST_REQUIRE(addIdentity(identityName, RsaKeyParams()));
+  shared_ptr<PublicKey> publicKey;
+  BOOST_REQUIRE_NO_THROW(publicKey = m_keyChain.getPublicKeyFromTpm(
+    m_keyChain.getDefaultKeyNameForIdentity(identityName)));
+
+  Data testData("/SecurityTestSignatureSha256WithRsa/DataSignature/Data1");
+  char content[5] = "1234";
+  testData.setContent(reinterpret_cast<uint8_t*>(content), 5);
+  BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(testData, identityName));
+  Block dataBlock(testData.wireEncode().wire(), testData.wireEncode().size());
+
+  Data testData2;
+  testData2.wireDecode(dataBlock);
+  BOOST_CHECK(Validator::verifySignature(testData2, *publicKey));
+}
+
+BOOST_AUTO_TEST_CASE(InterestSignature)
+{
+  Name identityName("/SecurityTestSignatureSha256WithRsa/InterestSignature");
+  BOOST_REQUIRE(addIdentity(identityName, RsaKeyParams()));
+  shared_ptr<PublicKey> publicKey;
+  BOOST_REQUIRE_NO_THROW(publicKey = m_keyChain.getPublicKeyFromTpm(
+    m_keyChain.getDefaultKeyNameForIdentity(identityName)));
+
+  Interest interest("/SecurityTestSignatureSha256WithRsa/InterestSignature/Interest1");
+  Interest interest11("/SecurityTestSignatureSha256WithRsa/InterestSignature/Interest1");
+
+  scheduler.scheduleEvent(time::milliseconds(100), [&] {
+      BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(interest, identityName));
+    });
+
+  advanceClocks(time::milliseconds(100));
+  scheduler.scheduleEvent(time::milliseconds(100), [&] {
+      BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(interest11, identityName));
+    });
+
+  advanceClocks(time::milliseconds(100));
+
+  time::system_clock::TimePoint timestamp1 =
+    time::fromUnixTimestamp(
+      time::milliseconds(interest.getName().get(signed_interest::POS_TIMESTAMP).toNumber()));
+
+  time::system_clock::TimePoint timestamp2 =
+    time::fromUnixTimestamp(
+      time::milliseconds(interest11.getName().get(signed_interest::POS_TIMESTAMP).toNumber()));
+
+  BOOST_CHECK_EQUAL(time::milliseconds(100), (timestamp2 - timestamp1));
+
+  uint64_t nonce1 = interest.getName().get(signed_interest::POS_RANDOM_VAL).toNumber();
+  uint64_t nonce2 = interest11.getName().get(signed_interest::POS_RANDOM_VAL).toNumber();
+  BOOST_WARN_NE(nonce1, nonce2);
+
+  Block interestBlock(interest.wireEncode().wire(), interest.wireEncode().size());
+
+  Interest interest2;
+  interest2.wireDecode(interestBlock);
+  BOOST_CHECK(Validator::verifySignature(interest2, *publicKey));
+}
+
 BOOST_AUTO_TEST_SUITE_END()
 
+} // namespace tests
 } // namespace ndn
diff --git a/tests/unit-tests/security/test-signed-interest.cpp b/tests/unit-tests/security/test-signed-interest.cpp
deleted file mode 100644
index 0435116..0000000
--- a/tests/unit-tests/security/test-signed-interest.cpp
+++ /dev/null
@@ -1,75 +0,0 @@
-/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
-/**
- * Copyright (c) 2013-2014 Regents of the University of California.
- *
- * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
- *
- * ndn-cxx library is free software: you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free Software
- * Foundation, either version 3 of the License, or (at your option) any later version.
- *
- * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
- * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
- * PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more details.
- *
- * You should have received copies of the GNU General Public License and GNU Lesser
- * General Public License along with ndn-cxx, e.g., in COPYING.md file.  If not, see
- * <http://www.gnu.org/licenses/>.
- *
- * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
- */
-
-#include "security/key-chain.hpp"
-#include "security/validator.hpp"
-#include "identity-management-fixture.hpp"
-#include "boost-test.hpp"
-
-namespace ndn {
-
-BOOST_FIXTURE_TEST_SUITE(SecurityTestSignedInterest, security::IdentityManagementFixture)
-
-BOOST_AUTO_TEST_CASE(SignVerifyInterest)
-{
-  Name identityName("/TestSignedInterest/SignVerify");
-  identityName.appendVersion();
-  BOOST_REQUIRE(addIdentity(identityName, RsaKeyParams()));
-  Name certificateName = m_keyChain.getDefaultCertificateNameForIdentity(identityName);
-
-  Interest interest("/TestSignedInterest/SignVerify/Interest1");
-  BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(interest, identityName));
-
-  usleep(100000);
-
-  Interest interest11("/TestSignedInterest/SignVerify/Interest1");
-  BOOST_CHECK_NO_THROW(m_keyChain.signByIdentity(interest11, identityName));
-
-  time::system_clock::TimePoint timestamp1 =
-    time::fromUnixTimestamp(
-      time::milliseconds(interest.getName().get(signed_interest::POS_TIMESTAMP).toNumber()));
-
-  time::system_clock::TimePoint timestamp2 =
-    time::fromUnixTimestamp(
-      time::milliseconds(interest11.getName().get(signed_interest::POS_TIMESTAMP).toNumber()));
-
-  BOOST_CHECK_LT(time::milliseconds(100), (timestamp2 - timestamp1));
-
-  uint64_t nonce1 = interest.getName().get(signed_interest::POS_RANDOM_VAL).toNumber();
-  uint64_t nonce2 = interest11.getName().get(signed_interest::POS_RANDOM_VAL).toNumber();
-  BOOST_CHECK_NE(nonce1, nonce2);
-
-  Block interestBlock(interest.wireEncode().wire(), interest.wireEncode().size());
-
-  Interest interest2;
-  interest2.wireDecode(interestBlock);
-
-  shared_ptr<PublicKey> publicKey;
-  BOOST_REQUIRE_NO_THROW(publicKey = m_keyChain.getPublicKeyFromTpm(
-    m_keyChain.getDefaultKeyNameForIdentity(identityName)));
-  bool result = Validator::verifySignature(interest2, *publicKey);
-
-  BOOST_CHECK_EQUAL(result, true);
-}
-
-BOOST_AUTO_TEST_SUITE_END()
-
-} // namespace ndn