security: Generalize signature verification to allow digest-sha256
This patch effectively enables use of DigestSha256 signatures in
ValidatorConfig.
Change-Id: I233c069935b617efb8a52cc45996f00307c86a2e
diff --git a/tests/unit/security/verification-helpers.t.cpp b/tests/unit/security/verification-helpers.t.cpp
index 476bbe3..d930281 100644
--- a/tests/unit/security/verification-helpers.t.cpp
+++ b/tests/unit/security/verification-helpers.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2020 Regents of the University of California.
+ * Copyright (c) 2013-2021 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -640,14 +640,21 @@
Interest badSigInterestOldFormat(Block(dataset.badSigInterestOldFormat.data(),
dataset.badSigInterestOldFormat.size()));
+ BOOST_CHECK(verifySignature(data, nullopt));
BOOST_CHECK(verifyDigest(data, DigestAlgorithm::SHA256));
+ BOOST_CHECK(verifySignature(interest, nullopt));
BOOST_CHECK(verifyDigest(interest, DigestAlgorithm::SHA256));
+ BOOST_CHECK(verifySignature(interestOldFormat, nullopt));
BOOST_CHECK(verifyDigest(interestOldFormat, DigestAlgorithm::SHA256));
BOOST_CHECK(!verifyDigest(badSigData, DigestAlgorithm::SHA256));
BOOST_CHECK(!verifyDigest(badSigInterest, DigestAlgorithm::SHA256));
BOOST_CHECK(!verifyDigest(badSigInterestOldFormat, DigestAlgorithm::SHA256));
+ BOOST_CHECK(!verifySignature(badSigData, nullopt));
+ BOOST_CHECK(!verifySignature(badSigInterest, nullopt));
+ BOOST_CHECK(!verifySignature(badSigInterestOldFormat, nullopt));
+
Data unsignedData("/some/data");
Interest unsignedInterest1("/some/interest/with/several/name/components");
unsignedInterest1.setCanBePrefix(false);
@@ -658,6 +665,10 @@
BOOST_CHECK(!verifyDigest(unsignedInterest1, DigestAlgorithm::SHA256));
BOOST_CHECK(!verifyDigest(unsignedInterest2, DigestAlgorithm::SHA256));
+ BOOST_CHECK(!verifySignature(unsignedData, nullopt));
+ BOOST_CHECK(!verifySignature(unsignedInterest1, nullopt));
+ BOOST_CHECK(!verifySignature(unsignedInterest2, nullopt));
+
// - base version of verifyDigest is tested transitively
}