security: Add signing/verification support in transformation
Change-Id: I6364fa0e1ebcc7cc932b401eb50fc56251ea8c84
Refs: #3009
diff --git a/src/security/transform.hpp b/src/security/transform.hpp
index 2d2ef2e..3f83de0 100644
--- a/src/security/transform.hpp
+++ b/src/security/transform.hpp
@@ -36,5 +36,7 @@
#include "transform/digest-filter.hpp"
#include "transform/hmac-filter.hpp"
#include "transform/block-cipher.hpp"
+#include "transform/signer-filter.hpp"
+#include "transform/verifier-filter.hpp"
#endif // NDN_CXX_SECURITY_TRANSFORM_HPP
diff --git a/src/security/transform/signer-filter.cpp b/src/security/transform/signer-filter.cpp
new file mode 100644
index 0000000..16d3146
--- /dev/null
+++ b/src/security/transform/signer-filter.cpp
@@ -0,0 +1,110 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2016 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#include "signer-filter.hpp"
+#include "../../encoding/buffer.hpp"
+#include "../detail/openssl.hpp"
+
+namespace ndn {
+namespace security {
+namespace transform {
+
+class SignerFilter::Impl
+{
+public:
+ Impl(const PrivateKey& key)
+ : m_key(key)
+ , m_md(BIO_new(BIO_f_md()))
+ , m_sink(BIO_new(BIO_s_null()))
+ {
+ BIO_push(m_md, m_sink);
+ }
+
+ ~Impl()
+ {
+ BIO_free_all(m_md);
+ }
+
+public:
+ const PrivateKey& m_key;
+
+ BIO* m_md;
+ BIO* m_sink;
+};
+
+SignerFilter::SignerFilter(DigestAlgorithm algo, const PrivateKey& key)
+ : m_impl(new Impl(key))
+{
+ switch (algo) {
+ case DigestAlgorithm::SHA256: {
+ if (!BIO_set_md(m_impl->m_md, EVP_sha256()))
+ BOOST_THROW_EXCEPTION(Error(getIndex(), "Cannot set digest"));
+ break;
+ }
+
+ default:
+ BOOST_THROW_EXCEPTION(Error(getIndex(), "Digest algorithm is not supported"));
+ }
+}
+
+size_t
+SignerFilter::convert(const uint8_t* buf, size_t size)
+{
+ int wLen = BIO_write(m_impl->m_md, buf, size);
+
+ if (wLen <= 0) { // fail to write data
+ if (!BIO_should_retry(m_impl->m_md)) {
+ // we haven't written everything but some error happens, and we cannot retry
+ BOOST_THROW_EXCEPTION(Error(getIndex(), "Failed to accept more input"));
+ }
+ return 0;
+ }
+ else { // update number of bytes written
+ return wLen;
+ }
+}
+
+void
+SignerFilter::finalize()
+{
+ EVP_PKEY* key = reinterpret_cast<EVP_PKEY*>(m_impl->m_key.getEvpPkey());
+ auto buffer = make_unique<OBuffer>(EVP_PKEY_size(key));
+ unsigned int sigLen = 0;
+
+ EVP_MD_CTX* ctx = nullptr;
+ BIO_get_md_ctx(m_impl->m_md, &ctx);
+ EVP_SignFinal(ctx, &(*buffer)[0], &sigLen, key); // should be ok, enough space is allocated in buffer
+
+ buffer->erase(buffer->begin() + sigLen, buffer->end());
+ setOutputBuffer(std::move(buffer));
+
+ flushAllOutput();
+}
+
+unique_ptr<Transform>
+signerFilter(DigestAlgorithm algo, const PrivateKey& key)
+{
+ return make_unique<SignerFilter>(algo, key);
+}
+
+} // namespace transform
+} // namespace security
+} // namespace ndn
diff --git a/src/security/transform/signer-filter.hpp b/src/security/transform/signer-filter.hpp
new file mode 100644
index 0000000..8db11f3
--- /dev/null
+++ b/src/security/transform/signer-filter.hpp
@@ -0,0 +1,71 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2016 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#ifndef NDN_CXX_SECURITY_TRANSFORM_SIGNER_FILTER_HPP
+#define NDN_CXX_SECURITY_TRANSFORM_SIGNER_FILTER_HPP
+
+#include "transform-base.hpp"
+#include "private-key.hpp"
+#include "../security-common.hpp"
+
+namespace ndn {
+namespace security {
+namespace transform {
+
+/**
+ * @brief The module to sign data.
+ */
+class SignerFilter : public Transform
+{
+public:
+ /**
+ * @brief Create a signer module to generate signature using algorithm @p algo and @p key
+ */
+ SignerFilter(DigestAlgorithm algo, const PrivateKey& key);
+
+private:
+ /**
+ * @brief Write data @p buf into signer
+ *
+ * @return The number of bytes that are actually accepted
+ */
+ virtual size_t
+ convert(const uint8_t* buf, size_t size) final;
+
+ /**
+ * @brief Finalize signing and write the signature into next module.
+ */
+ virtual void
+ finalize() final;
+
+private:
+ class Impl;
+ unique_ptr<Impl> m_impl;
+};
+
+unique_ptr<Transform>
+signerFilter(DigestAlgorithm algo, const PrivateKey& key);
+
+} // namespace transform
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_CXX_SECURITY_TRANSFORM_SIGNER_FILTER_HPP
diff --git a/src/security/transform/verifier-filter.cpp b/src/security/transform/verifier-filter.cpp
new file mode 100644
index 0000000..263e532
--- /dev/null
+++ b/src/security/transform/verifier-filter.cpp
@@ -0,0 +1,118 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2016 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#include "verifier-filter.hpp"
+#include "../detail/openssl.hpp"
+
+namespace ndn {
+namespace security {
+namespace transform {
+
+class VerifierFilter::Impl
+{
+public:
+ Impl(const PublicKey& key, const uint8_t* sig, size_t sigLen)
+ : m_key(key)
+ , m_md(BIO_new(BIO_f_md()))
+ , m_sink(BIO_new(BIO_s_null()))
+ , m_sig(sig)
+ , m_sigLen(sigLen)
+ {
+ BIO_push(m_md, m_sink);
+ }
+
+ ~Impl()
+ {
+ BIO_free_all(m_sink);
+ }
+
+public:
+ const PublicKey& m_key;
+
+ BIO* m_md;
+ BIO* m_sink;
+
+ const uint8_t* m_sig;
+ size_t m_sigLen;
+};
+
+VerifierFilter::VerifierFilter(DigestAlgorithm algo, const PublicKey& key,
+ const uint8_t* sig, size_t sigLen)
+ : m_impl(new Impl(key, sig, sigLen))
+{
+ switch (algo) {
+ case DigestAlgorithm::SHA256: {
+ if (!BIO_set_md(m_impl->m_md, EVP_sha256()))
+ BOOST_THROW_EXCEPTION(Error(getIndex(), "Cannot set digest"));
+ break;
+ }
+
+ default:
+ BOOST_THROW_EXCEPTION(Error(getIndex(), "Digest algorithm is not supported"));
+ }
+}
+
+size_t
+VerifierFilter::convert(const uint8_t* buf, size_t size)
+{
+ int wLen = BIO_write(m_impl->m_md, buf, size);
+
+ if (wLen <= 0) { // fail to write data
+ if (!BIO_should_retry(m_impl->m_md)) {
+ // we haven't written everything but some error happens, and we cannot retry
+ BOOST_THROW_EXCEPTION(Error(getIndex(), "Failed to accept more input"));
+ }
+ return 0;
+ }
+ else { // update number of bytes written
+ return wLen;
+ }
+}
+
+void
+VerifierFilter::finalize()
+{
+ EVP_PKEY* key = reinterpret_cast<EVP_PKEY*>(m_impl->m_key.getEvpPkey());
+ auto buffer = make_unique<OBuffer>(1);
+
+ EVP_MD_CTX* ctx = nullptr;
+ BIO_get_md_ctx(m_impl->m_md, &ctx);
+ int res = EVP_VerifyFinal(ctx, m_impl->m_sig, m_impl->m_sigLen, key);
+
+ if (res < 0)
+ BOOST_THROW_EXCEPTION(Error(getIndex(), "Verification error"));
+
+ (*buffer)[0] = (res != 0) ? 1 : 0;
+ setOutputBuffer(std::move(buffer));
+
+ flushAllOutput();
+}
+
+unique_ptr<Transform>
+verifierFilter(DigestAlgorithm algo, const PublicKey& key,
+ const uint8_t* sig, size_t sigLen)
+{
+ return make_unique<VerifierFilter>(algo, key, sig, sigLen);
+}
+
+} // namespace transform
+} // namespace security
+} // namespace ndn
diff --git a/src/security/transform/verifier-filter.hpp b/src/security/transform/verifier-filter.hpp
new file mode 100644
index 0000000..ee69f03
--- /dev/null
+++ b/src/security/transform/verifier-filter.hpp
@@ -0,0 +1,73 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2016 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#ifndef NDN_CXX_SECURITY_TRANSFORM_VERIFIER_FILTER_HPP
+#define NDN_CXX_SECURITY_TRANSFORM_VERIFIER_FILTER_HPP
+
+#include "transform-base.hpp"
+#include "public-key.hpp"
+#include "../security-common.hpp"
+
+namespace ndn {
+namespace security {
+namespace transform {
+
+/**
+ * @brief The module to verify signature.
+ *
+ * The next module is usually SinkBool.
+ */
+class VerifierFilter : public Transform
+{
+public:
+ /**
+ * @brief Create a verifier module to verify signature @p sig using algorithm @p algo and @p key
+ */
+ VerifierFilter(DigestAlgorithm algo, const PublicKey& key, const uint8_t* sig, size_t sigLen);
+
+private:
+ /**
+ * @brief Write data @p buf into verifier
+ *
+ * @return The number of bytes that are actually written
+ */
+ virtual size_t
+ convert(const uint8_t* buf, size_t size) final;
+
+ /**
+ * @brief Finalize verification and write the result (single byte) into next module.
+ */
+ virtual void
+ finalize() final;
+
+private:
+ class Impl;
+ unique_ptr<Impl> m_impl;
+};
+
+unique_ptr<Transform>
+verifierFilter(DigestAlgorithm algo, const PublicKey& key, const uint8_t* sig, size_t sigLen);
+
+} // namespace transform
+} // namespace security
+} // namespace ndn
+
+#endif // NDN_CXX_SECURITY_TRANSFORM_VERIFIER_FILTER_HPP
diff --git a/tests/unit-tests/security/transform.t.cpp b/tests/unit-tests/security/transform.t.cpp
index b89753a..5d82444 100644
--- a/tests/unit-tests/security/transform.t.cpp
+++ b/tests/unit-tests/security/transform.t.cpp
@@ -67,6 +67,12 @@
transform::BlockCipher* blockCipher = nullptr;
BOOST_CHECK(blockCipher == nullptr);
+
+ transform::SignerFilter* signerFilter = nullptr;
+ BOOST_CHECK(signerFilter == nullptr);
+
+ transform::VerifierFilter* verifierFilter = nullptr;
+ BOOST_CHECK(verifierFilter == nullptr);
}
BOOST_AUTO_TEST_SUITE_END() // TestTransform
diff --git a/tests/unit-tests/security/transform/private-key.t.cpp b/tests/unit-tests/security/transform/private-key.t.cpp
index 35bb295..6531a70 100644
--- a/tests/unit-tests/security/transform/private-key.t.cpp
+++ b/tests/unit-tests/security/transform/private-key.t.cpp
@@ -388,7 +388,21 @@
ConstBufferPtr pKeyBits = sKey->derivePublicKey();
pKey.loadPkcs8(pKeyBits->buf(), pKeyBits->size());
- // TODO: Sign/Verify using the generated key
+ uint8_t data[] = {0x01, 0x02, 0x03, 0x04};
+
+ OBufferStream os;
+ BOOST_REQUIRE_NO_THROW(bufferSource(data, sizeof(data)) >>
+ signerFilter(DigestAlgorithm::SHA256, *sKey) >>
+ streamSink(os));
+
+ ConstBufferPtr sig = os.buf();
+ bool result = false;
+ BOOST_REQUIRE_NO_THROW(bufferSource(data, sizeof(data)) >>
+ verifierFilter(DigestAlgorithm::SHA256, pKey, sig->buf(), sig->size()) >>
+ boolSink(result));
+
+ BOOST_CHECK(result);
+
unique_ptr<PrivateKey> sKey2 = generatePrivateKey(T());
diff --git a/tests/unit-tests/security/transform/signer-filter.t.cpp b/tests/unit-tests/security/transform/signer-filter.t.cpp
new file mode 100644
index 0000000..204bf81
--- /dev/null
+++ b/tests/unit-tests/security/transform/signer-filter.t.cpp
@@ -0,0 +1,169 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2016 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#include "security/transform/signer-filter.hpp"
+#include "security/transform.hpp"
+#include "encoding/buffer-stream.hpp"
+
+// TODO: remove CryptoPP dependency
+#include "security/cryptopp.hpp"
+
+#include "boost-test.hpp"
+
+namespace ndn {
+namespace security {
+namespace transform {
+namespace tests {
+
+BOOST_AUTO_TEST_SUITE(Security)
+BOOST_AUTO_TEST_SUITE(Transform)
+BOOST_AUTO_TEST_SUITE(TestSignerFilter)
+
+BOOST_AUTO_TEST_CASE(Rsa)
+{
+ std::string publicKeyPkcs8 =
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0WM1/WhAxyLtEqsiAJg\n"
+ "WDZWuzkYpeYVdeeZcqRZzzfRgBQTsNozS5t4HnwTZhwwXbH7k3QN0kRTV826Xobw\n"
+ "s3iigohnM9yTK+KKiayPhIAm/+5HGT6SgFJhYhqo1/upWdueojil6RP4/AgavHho\n"
+ "pxlAVbk6G9VdVnlQcQ5Zv0OcGi73c+EnYD/YgURYGSngUi/Ynsh779p2U69/te9g\n"
+ "ZwIL5PuE9BiO6I39cL9z7EK1SfZhOWvDe/qH7YhD/BHwcWit8FjRww1glwRVTJsA\n"
+ "9rH58ynaAix0tcR/nBMRLUX+e3rURHg6UbSjJbdb9qmKM1fTGHKUzL/5pMG6uBU0\n"
+ "ywIDAQAB\n";
+
+ std::string privateKeyPkcs1 =
+ "MIIEpAIBAAKCAQEAw0WM1/WhAxyLtEqsiAJgWDZWuzkYpeYVdeeZcqRZzzfRgBQT\n"
+ "sNozS5t4HnwTZhwwXbH7k3QN0kRTV826Xobws3iigohnM9yTK+KKiayPhIAm/+5H\n"
+ "GT6SgFJhYhqo1/upWdueojil6RP4/AgavHhopxlAVbk6G9VdVnlQcQ5Zv0OcGi73\n"
+ "c+EnYD/YgURYGSngUi/Ynsh779p2U69/te9gZwIL5PuE9BiO6I39cL9z7EK1SfZh\n"
+ "OWvDe/qH7YhD/BHwcWit8FjRww1glwRVTJsA9rH58ynaAix0tcR/nBMRLUX+e3rU\n"
+ "RHg6UbSjJbdb9qmKM1fTGHKUzL/5pMG6uBU0ywIDAQABAoIBADQkckOIl4IZMUTn\n"
+ "W8LFv6xOdkJwMKC8G6bsPRFbyY+HvC2TLt7epSvfS+f4AcYWaOPcDu2E49vt2sNr\n"
+ "cASly8hgwiRRAB3dHH9vcsboiTo8bi2RFvMqvjv9w3tK2yMxVDtmZamzrrnaV3YV\n"
+ "Q+5nyKo2F/PMDjQ4eUAKDOzjhBuKHsZBTFnA1MFNI+UKj5X4Yp64DFmKlxTX/U2b\n"
+ "wzVywo5hzx2Uhw51jmoLls4YUvMJXD0wW5ZtYRuPogXvXb/of9ef/20/wU11WFKg\n"
+ "Xb4gfR8zUXaXS1sXcnVm3+24vIs9dApUwykuoyjOqxWqcHRec2QT2FxVGkFEraze\n"
+ "CPa4rMECgYEA5Y8CywomIcTgerFGFCeMHJr8nQGqY2V/owFb3k9maczPnC9p4a9R\n"
+ "c5szLxA9FMYFxurQZMBWSEG2JS1HR2mnjigx8UKjYML/A+rvvjZOMe4M6Sy2ggh4\n"
+ "SkLZKpWTzjTe07ByM/j5v/SjNZhWAG7sw4/LmPGRQkwJv+KZhGojuOkCgYEA2cOF\n"
+ "T6cJRv6kvzTz9S0COZOVm+euJh/BXp7oAsAmbNfOpckPMzqHXy8/wpdKl6AAcB57\n"
+ "OuztlNfV1D7qvbz7JuRlYwQ0cEfBgbZPcz1p18HHDXhwn57ZPb8G33Yh9Omg0HNA\n"
+ "Imb4LsVuSqxA6NwSj7cpRekgTedrhLFPJ+Ydb5MCgYEAsM3Q7OjILcIg0t6uht9e\n"
+ "vrlwTsz1mtCV2co2I6crzdj9HeI2vqf1KAElDt6G7PUHhglcr/yjd8uEqmWRPKNX\n"
+ "ddnnfVZB10jYeP/93pac6z/Zmc3iU4yKeUe7U10ZFf0KkiiYDQd59CpLef/2XScS\n"
+ "HB0oRofnxRQjfjLc4muNT+ECgYEAlcDk06MOOTly+F8lCc1bA1dgAmgwFd2usDBd\n"
+ "Y07a3e0HGnGLN3Kfl7C5i0tZq64HvxLnMd2vgLVxQlXGPpdQrC1TH+XLXg+qnlZO\n"
+ "ivSH7i0/gx75bHvj75eH1XK65V8pDVDEoSPottllAIs21CxLw3N1ObOZWJm2EfmR\n"
+ "cuHICmsCgYAtFJ1idqMoHxES3mlRpf2JxyQudP3SCm2WpGmqVzhRYInqeatY5sUd\n"
+ "lPLHm/p77RT7EyxQHTlwn8FJPuM/4ZH1rQd/vB+Y8qAtYJCexDMsbvLW+Js+VOvk\n"
+ "jweEC0nrcL31j9mF0vz5E6tfRu4hhJ6L4yfWs0gSejskeVB/w8QY4g==\n";
+
+ uint8_t data[] = {0x01, 0x02, 0x03, 0x04};
+
+ OBufferStream os1;
+ bufferSource(publicKeyPkcs8) >> base64Decode() >> streamSink(os1);
+ ConstBufferPtr publicKeyBuffer = os1.buf();
+
+ PrivateKey sKey;
+ sKey.loadPkcs1Base64(reinterpret_cast<const uint8_t*>(privateKeyPkcs1.c_str()),
+ privateKeyPkcs1.size());
+
+ OBufferStream os3;
+ bufferSource(data, sizeof(data)) >> signerFilter(DigestAlgorithm::SHA256, sKey) >> streamSink(os3);
+ ConstBufferPtr sig = os3.buf();
+
+ // TODO: remove CryptoPP dependency
+ {
+ using namespace CryptoPP;
+
+ CryptoPP::RSA::PublicKey publicKey;
+
+ ByteQueue keyQueue1;
+ keyQueue1.LazyPut(publicKeyBuffer->buf(), publicKeyBuffer->size());
+ publicKey.Load(keyQueue1);
+
+ // For signature, openssl only support pkcs1v15 padding.
+ RSASS<PKCS1v15, CryptoPP::SHA256>::Verifier verifier(publicKey);
+ BOOST_CHECK(verifier.VerifyMessage(data, sizeof(data), sig->buf(), sig->size()));
+ }
+}
+
+BOOST_AUTO_TEST_CASE(Ecdsa)
+{
+ std::string privateKeyPkcs1 =
+ "MIIBaAIBAQQgRxwcbzK9RV6AHYFsDcykI86o3M/a1KlJn0z8PcLMBZOggfowgfcC\n"
+ "AQEwLAYHKoZIzj0BAQIhAP////8AAAABAAAAAAAAAAAAAAAA////////////////\n"
+ "MFsEIP////8AAAABAAAAAAAAAAAAAAAA///////////////8BCBaxjXYqjqT57Pr\n"
+ "vVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMVAMSdNgiG5wSTamZ44ROdJreBn36QBEEE\n"
+ "axfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpZP40Li/hp/m47n60p8D54W\n"
+ "K84zV2sxXs7LtkBoN79R9QIhAP////8AAAAA//////////+85vqtpxeehPO5ysL8\n"
+ "YyVRAgEBoUQDQgAEaG4WJuDAt0QkEM4t29KDUdzkQlMPGrqWzkWhgt9OGnwc6O7A\n"
+ "ZLPSrDyhwyrKS7XLRXml5DisQ93RvByll32y8A==\n";
+
+ std::string publicKeyPkcs8 =
+ "MIIBSzCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAABAAAA\n"
+ "AAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA////\n"
+ "///////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMVAMSd\n"
+ "NgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5\n"
+ "RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8AAAAA\n"
+ "//////////+85vqtpxeehPO5ysL8YyVRAgEBA0IABGhuFibgwLdEJBDOLdvSg1Hc\n"
+ "5EJTDxq6ls5FoYLfThp8HOjuwGSz0qw8ocMqyku1y0V5peQ4rEPd0bwcpZd9svA=\n";
+
+ uint8_t data[] = {0x01, 0x02, 0x03, 0x04};
+
+ OBufferStream os1;
+ bufferSource(publicKeyPkcs8) >> base64Decode() >> streamSink(os1);
+ ConstBufferPtr publicKeyBuffer = os1.buf();
+
+ PrivateKey sKey;
+ sKey.loadPkcs1Base64(reinterpret_cast<const uint8_t*>(privateKeyPkcs1.c_str()),
+ privateKeyPkcs1.size());
+
+ OBufferStream os3;
+ bufferSource(data, sizeof(data)) >> signerFilter(DigestAlgorithm::SHA256, sKey) >> streamSink(os3);
+ ConstBufferPtr sig = os3.buf();
+
+ // TODO: remove CryptoPP dependency
+ {
+ using namespace CryptoPP;
+
+ ECDSA<ECP, CryptoPP::SHA256>::PublicKey publicKey;
+ ByteQueue keyQueue1;
+ keyQueue1.LazyPut(publicKeyBuffer->buf(), publicKeyBuffer->size());
+ publicKey.Load(keyQueue1);
+
+ // For signature, openssl only support pkcs1v15 padding.
+ ECDSA<ECP, CryptoPP::SHA256>::Verifier verifier(publicKey);
+
+ uint8_t buffer[64];
+ size_t usedSize = DSAConvertSignatureFormat(buffer, sizeof(buffer), DSA_P1363,
+ sig->buf(), sig->size(), DSA_DER);
+ BOOST_CHECK(verifier.VerifyMessage(data, sizeof(data), buffer, usedSize));
+ }
+}
+
+BOOST_AUTO_TEST_SUITE_END() // TestSignerFilter
+BOOST_AUTO_TEST_SUITE_END() // Transform
+BOOST_AUTO_TEST_SUITE_END() // Security
+
+} // namespace tests
+} // namespace transform
+} // namespace security
+} // namespace ndn
diff --git a/tests/unit-tests/security/transform/verifier-filter.t.cpp b/tests/unit-tests/security/transform/verifier-filter.t.cpp
new file mode 100644
index 0000000..c450f3f
--- /dev/null
+++ b/tests/unit-tests/security/transform/verifier-filter.t.cpp
@@ -0,0 +1,184 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2016 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#include "security/transform/verifier-filter.hpp"
+#include "security/transform.hpp"
+#include "encoding/buffer-stream.hpp"
+
+// TODO: remove CryptoPP dependency
+#include "security/cryptopp.hpp"
+
+#include "boost-test.hpp"
+
+namespace ndn {
+namespace security {
+namespace transform {
+namespace tests {
+
+BOOST_AUTO_TEST_SUITE(Security)
+BOOST_AUTO_TEST_SUITE(Transform)
+BOOST_AUTO_TEST_SUITE(TestVerifierFilter)
+
+BOOST_AUTO_TEST_CASE(Rsa)
+{
+ std::string publicKeyPkcs8 =
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0WM1/WhAxyLtEqsiAJg\n"
+ "WDZWuzkYpeYVdeeZcqRZzzfRgBQTsNozS5t4HnwTZhwwXbH7k3QN0kRTV826Xobw\n"
+ "s3iigohnM9yTK+KKiayPhIAm/+5HGT6SgFJhYhqo1/upWdueojil6RP4/AgavHho\n"
+ "pxlAVbk6G9VdVnlQcQ5Zv0OcGi73c+EnYD/YgURYGSngUi/Ynsh779p2U69/te9g\n"
+ "ZwIL5PuE9BiO6I39cL9z7EK1SfZhOWvDe/qH7YhD/BHwcWit8FjRww1glwRVTJsA\n"
+ "9rH58ynaAix0tcR/nBMRLUX+e3rURHg6UbSjJbdb9qmKM1fTGHKUzL/5pMG6uBU0\n"
+ "ywIDAQAB\n";
+
+ std::string privateKeyPkcs8 =
+ "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDDRYzX9aEDHIu0\n"
+ "SqyIAmBYNla7ORil5hV155lypFnPN9GAFBOw2jNLm3gefBNmHDBdsfuTdA3SRFNX\n"
+ "zbpehvCzeKKCiGcz3JMr4oqJrI+EgCb/7kcZPpKAUmFiGqjX+6lZ256iOKXpE/j8\n"
+ "CBq8eGinGUBVuTob1V1WeVBxDlm/Q5waLvdz4SdgP9iBRFgZKeBSL9ieyHvv2nZT\n"
+ "r3+172BnAgvk+4T0GI7ojf1wv3PsQrVJ9mE5a8N7+oftiEP8EfBxaK3wWNHDDWCX\n"
+ "BFVMmwD2sfnzKdoCLHS1xH+cExEtRf57etREeDpRtKMlt1v2qYozV9MYcpTMv/mk\n"
+ "wbq4FTTLAgMBAAECggEANCRyQ4iXghkxROdbwsW/rE52QnAwoLwbpuw9EVvJj4e8\n"
+ "LZMu3t6lK99L5/gBxhZo49wO7YTj2+3aw2twBKXLyGDCJFEAHd0cf29yxuiJOjxu\n"
+ "LZEW8yq+O/3De0rbIzFUO2ZlqbOuudpXdhVD7mfIqjYX88wONDh5QAoM7OOEG4oe\n"
+ "xkFMWcDUwU0j5QqPlfhinrgMWYqXFNf9TZvDNXLCjmHPHZSHDnWOaguWzhhS8wlc\n"
+ "PTBblm1hG4+iBe9dv+h/15//bT/BTXVYUqBdviB9HzNRdpdLWxdydWbf7bi8iz10\n"
+ "ClTDKS6jKM6rFapwdF5zZBPYXFUaQUStrN4I9riswQKBgQDljwLLCiYhxOB6sUYU\n"
+ "J4wcmvydAapjZX+jAVveT2ZpzM+cL2nhr1FzmzMvED0UxgXG6tBkwFZIQbYlLUdH\n"
+ "aaeOKDHxQqNgwv8D6u++Nk4x7gzpLLaCCHhKQtkqlZPONN7TsHIz+Pm/9KM1mFYA\n"
+ "buzDj8uY8ZFCTAm/4pmEaiO46QKBgQDZw4VPpwlG/qS/NPP1LQI5k5Wb564mH8Fe\n"
+ "nugCwCZs186lyQ8zOodfLz/Cl0qXoABwHns67O2U19XUPuq9vPsm5GVjBDRwR8GB\n"
+ "tk9zPWnXwccNeHCfntk9vwbfdiH06aDQc0AiZvguxW5KrEDo3BKPtylF6SBN52uE\n"
+ "sU8n5h1vkwKBgQCwzdDs6MgtwiDS3q6G316+uXBOzPWa0JXZyjYjpyvN2P0d4ja+\n"
+ "p/UoASUO3obs9QeGCVyv/KN3y4SqZZE8o1d12ed9VkHXSNh4//3elpzrP9mZzeJT\n"
+ "jIp5R7tTXRkV/QqSKJgNB3n0Kkt5//ZdJxIcHShGh+fFFCN+Mtzia41P4QKBgQCV\n"
+ "wOTTow45OXL4XyUJzVsDV2ACaDAV3a6wMF1jTtrd7QcacYs3cp+XsLmLS1mrrge/\n"
+ "Eucx3a+AtXFCVcY+l1CsLVMf5cteD6qeVk6K9IfuLT+DHvlse+Pvl4fVcrrlXykN\n"
+ "UMShI+i22WUAizbULEvDc3U5s5lYmbYR+ZFy4cgKawKBgC0UnWJ2oygfERLeaVGl\n"
+ "/YnHJC50/dIKbZakaapXOFFgiep5q1jmxR2U8seb+nvtFPsTLFAdOXCfwUk+4z/h\n"
+ "kfWtB3+8H5jyoC1gkJ7EMyxu8tb4mz5U6+SPB4QLSetwvfWP2YXS/PkTq19G7iGE\n"
+ "novjJ9azSBJ6OyR5UH/DxBji\n";
+
+ uint8_t data[] = {0x01, 0x02, 0x03, 0x04};
+
+ OBufferStream os1;
+ bufferSource(publicKeyPkcs8) >> base64Decode() >> streamSink(os1);
+ ConstBufferPtr publicKeyBuffer = os1.buf();
+
+ OBufferStream os2;
+ bufferSource(privateKeyPkcs8) >> base64Decode() >> streamSink(os2);
+ ConstBufferPtr privateKeyBuffer = os2.buf();
+
+ // TODO: remove CryptoPP dependency
+ ConstBufferPtr sig;
+ {
+ CryptoPP::RSA::PrivateKey privateKey;
+ CryptoPP::ByteQueue keyQueue;
+ keyQueue.LazyPut(privateKeyBuffer->buf(), privateKeyBuffer->size());
+ privateKey.Load(keyQueue);
+
+ CryptoPP::RSASS<CryptoPP::PKCS1v15, CryptoPP::SHA256>::Signer signer(privateKey);
+
+ CryptoPP::AutoSeededRandomPool rng;
+ OBufferStream os;
+ CryptoPP::StringSource(data, sizeof(data), true,
+ new CryptoPP::SignerFilter(rng, signer, new CryptoPP::FileSink(os)));
+
+ sig = os.buf();
+ }
+
+ PublicKey pKey;
+ bool result = false;
+ pKey.loadPkcs8(publicKeyBuffer->buf(), publicKeyBuffer->size());
+ bufferSource(data, sizeof(data)) >>
+ verifierFilter(DigestAlgorithm::SHA256, pKey, sig->buf(), sig->size()) >> boolSink(result);
+
+ BOOST_CHECK_EQUAL(result, true);
+}
+
+BOOST_AUTO_TEST_CASE(Ecdsa)
+{
+ std::string privateKeyPkcs8 =
+ "MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB\n"
+ "AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA\n"
+ "///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV\n"
+ "AMSdNgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg\n"
+ "9KE5RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8A\n"
+ "AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgRxwcbzK9RV6A\n"
+ "HYFsDcykI86o3M/a1KlJn0z8PcLMBZOhRANCAARobhYm4MC3RCQQzi3b0oNR3ORC\n"
+ "Uw8aupbORaGC304afBzo7sBks9KsPKHDKspLtctFeaXkOKxD3dG8HKWXfbLw\n";
+
+ std::string publicKeyPkcs8 =
+ "MIIBSzCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAABAAAA\n"
+ "AAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA////\n"
+ "///////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMVAMSd\n"
+ "NgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5\n"
+ "RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8AAAAA\n"
+ "//////////+85vqtpxeehPO5ysL8YyVRAgEBA0IABGhuFibgwLdEJBDOLdvSg1Hc\n"
+ "5EJTDxq6ls5FoYLfThp8HOjuwGSz0qw8ocMqyku1y0V5peQ4rEPd0bwcpZd9svA=\n";
+
+ uint8_t data[] = {0x01, 0x02, 0x03, 0x04};
+
+ OBufferStream os1;
+ bufferSource(publicKeyPkcs8) >> base64Decode() >> streamSink(os1);
+ ConstBufferPtr publicKeyBuffer = os1.buf();
+
+ OBufferStream os2;
+ bufferSource(privateKeyPkcs8) >> base64Decode() >> streamSink(os2);
+ ConstBufferPtr privateKeyBuffer = os2.buf();
+
+ // TODO: remove CryptoPP dependency
+ ConstBufferPtr sig;
+ {
+ CryptoPP::ECDSA<CryptoPP::ECP, CryptoPP::SHA256>::PrivateKey privateKey;
+ CryptoPP::ByteQueue keyQueue;
+ keyQueue.LazyPut(privateKeyBuffer->buf(), privateKeyBuffer->size());
+ privateKey.Load(keyQueue);
+ CryptoPP::ECDSA<CryptoPP::ECP, CryptoPP::SHA256>::Signer signer(privateKey);
+
+ CryptoPP::AutoSeededRandomPool rng;
+ OBufferStream os;
+ CryptoPP::StringSource(data, sizeof(data), true,
+ new CryptoPP::SignerFilter(rng, signer, new CryptoPP::FileSink(os)));
+
+ uint8_t buf[200];
+ size_t bufSize = DSAConvertSignatureFormat(buf, sizeof(buf), CryptoPP::DSA_DER,
+ os.buf()->buf(), os.buf()->size(),
+ CryptoPP::DSA_P1363);
+ sig = make_shared<Buffer>(buf, bufSize);
+ }
+
+ PublicKey pKey;
+ bool result = false;
+ pKey.loadPkcs8(publicKeyBuffer->buf(), publicKeyBuffer->size());
+ bufferSource(data, sizeof(data)) >>
+ verifierFilter(DigestAlgorithm::SHA256, pKey, sig->buf(), sig->size()) >> boolSink(result);
+
+ BOOST_CHECK_EQUAL(result, true);
+}
+
+BOOST_AUTO_TEST_SUITE_END() // TestVerifierFilter
+BOOST_AUTO_TEST_SUITE_END() // Transform
+BOOST_AUTO_TEST_SUITE_END() // Security
+
+} // namespace tests
+} // namespace transform
+} // namespace security
+} // namespace ndn