security: Allow KeyChain to sign interest using SHA256 digest
Change-Id: I729c5e32aeb1b9e78582becec1bc183aada6ee95
Refs: #2218
diff --git a/src/security/key-chain.cpp b/src/security/key-chain.cpp
index 1809079..f22c5a9 100644
--- a/src/security/key-chain.cpp
+++ b/src/security/key-chain.cpp
@@ -558,6 +558,30 @@
}
void
+KeyChain::signWithSha256(Interest& interest)
+{
+ DigestSha256 sig;
+
+ time::milliseconds timestamp = time::toUnixTimestamp(time::system_clock::now());
+ if (timestamp <= m_lastTimestamp)
+ timestamp = m_lastTimestamp + time::milliseconds(1);
+
+ Name signedName = interest.getName();
+ signedName
+ .append(name::Component::fromNumber(timestamp.count())) // timestamp
+ .append(name::Component::fromNumber(random::generateWord64())) // nonce
+ .append(sig.getInfo()); // signatureInfo
+
+ Block sigValue(tlv::SignatureValue,
+ crypto::sha256(signedName.wireEncode().value(),
+ signedName.wireEncode().value_size()));
+
+ sigValue.encode();
+ signedName.append(sigValue); // signatureValue
+ interest.setName(signedName);
+}
+
+void
KeyChain::deleteCertificate(const Name& certificateName)
{
try
diff --git a/src/security/key-chain.hpp b/src/security/key-chain.hpp
index 0cc3cb3..5d348c4 100644
--- a/src/security/key-chain.hpp
+++ b/src/security/key-chain.hpp
@@ -226,12 +226,18 @@
signByIdentity(const uint8_t* buffer, size_t bufferLength, const Name& identityName);
/**
- * @brief Set Sha256 weak signature for @param data
+ * @brief Set Sha256 weak signature for @p data
*/
void
signWithSha256(Data& data);
/**
+ * @brief Set Sha256 weak signature for @p interest
+ */
+ void
+ signWithSha256(Interest& interest);
+
+ /**
* @brief Generate a self-signed certificate for a public key.
*
* @param keyName The name of the public key
@@ -789,6 +795,6 @@
return;
}
-}
+} // namespace ndn
#endif // NDN_SECURITY_KEY_CHAIN_HPP
diff --git a/src/security/validator.hpp b/src/security/validator.hpp
index 3fe58f3..5311795 100644
--- a/src/security/validator.hpp
+++ b/src/security/validator.hpp
@@ -180,10 +180,10 @@
if (interest.getName().size() < 2)
return false;
- Name signedName = interest.getName().getPrefix(-2);
+ const Name& name = interest.getName();
- return verifySignature(signedName.wireEncode().value(),
- signedName.wireEncode().value_size(),
+ return verifySignature(name.wireEncode().value(),
+ name.wireEncode().value_size() - name[-1].size(),
sig);
}