security: add signature verification support in TPM
Refs: #3075
Change-Id: Idb17ee0e3a071e133527b6e17d4ecc06d922a798
diff --git a/tests/unit/security/tpm/back-end.t.cpp b/tests/unit/security/tpm/back-end.t.cpp
index 4d39fbb..1ef374b 100644
--- a/tests/unit/security/tpm/back-end.t.cpp
+++ b/tests/unit/security/tpm/back-end.t.cpp
@@ -1,6 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/*
- * Copyright (c) 2013-2018 Regents of the University of California.
+ * Copyright (c) 2013-2019 Regents of the University of California.
*
* This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
*
@@ -93,12 +93,14 @@
BackEnd& tpm = wrapper.getTpm();
// create an RSA key
- Name identity("/Test/KeyName");
+ Name identity("/Test/RSA/KeyName");
unique_ptr<KeyHandle> key = tpm.createKey(identity, RsaKeyParams());
Name keyName = key->getKeyName();
const uint8_t content[] = {0x01, 0x02, 0x03, 0x04};
- Block sigBlock(tlv::SignatureValue, key->sign(DigestAlgorithm::SHA256, content, sizeof(content)));
+ auto sigValue = key->sign(DigestAlgorithm::SHA256, content, sizeof(content));
+ BOOST_REQUIRE(sigValue != nullptr);
+ Block sigBlock(tlv::SignatureValue, sigValue);
transform::PublicKey pubKey;
ConstBufferPtr pubKeyBits = key->derivePublicKey();
@@ -149,12 +151,14 @@
BackEnd& tpm = wrapper.getTpm();
// create an EC key
- Name identity("/Test/Ec/KeyName");
+ Name identity("/Test/EC/KeyName");
unique_ptr<KeyHandle> key = tpm.createKey(identity, EcKeyParams());
Name ecKeyName = key->getKeyName();
const uint8_t content[] = {0x01, 0x02, 0x03, 0x04};
- Block sigBlock(tlv::SignatureValue, key->sign(DigestAlgorithm::SHA256, content, sizeof(content)));
+ auto sigValue = key->sign(DigestAlgorithm::SHA256, content, sizeof(content));
+ BOOST_REQUIRE(sigValue != nullptr);
+ Block sigBlock(tlv::SignatureValue, sigValue);
transform::PublicKey pubKey;
ConstBufferPtr pubKeyBits = key->derivePublicKey();
@@ -163,9 +167,9 @@
bool result;
{
using namespace transform;
- bufferSource(content, sizeof(content)) >> verifierFilter(DigestAlgorithm::SHA256, pubKey,
- sigBlock.value(), sigBlock.value_size())
- >> boolSink(result);
+ bufferSource(content, sizeof(content)) >>
+ verifierFilter(DigestAlgorithm::SHA256, pubKey, sigBlock.value(), sigBlock.value_size()) >>
+ boolSink(result);
}
BOOST_CHECK_EQUAL(result, true);
@@ -173,6 +177,29 @@
BOOST_CHECK_EQUAL(tpm.hasKey(ecKeyName), false);
}
+BOOST_AUTO_TEST_CASE(HmacSigningAndVerifying)
+{
+ BackEndWrapperMem wrapper;
+ BackEnd& tpm = wrapper.getTpm();
+
+ // create an HMAC key
+ Name identity("/Test/HMAC/KeyName");
+ unique_ptr<KeyHandle> key = tpm.createKey(identity, HmacKeyParams());
+ Name hmacKeyName = key->getKeyName();
+
+ const uint8_t content[] = {0x01, 0x02, 0x03, 0x04};
+ auto sigValue = key->sign(DigestAlgorithm::SHA256, content, sizeof(content));
+ BOOST_REQUIRE(sigValue != nullptr);
+ Block sigBlock(tlv::SignatureValue, sigValue);
+
+ bool result = key->verify(DigestAlgorithm::SHA256, content, sizeof(content),
+ sigBlock.value(), sigBlock.value_size());
+ BOOST_CHECK_EQUAL(result, true);
+
+ tpm.deleteKey(hmacKeyName);
+ BOOST_CHECK_EQUAL(tpm.hasKey(hmacKeyName), false);
+}
+
BOOST_AUTO_TEST_CASE_TEMPLATE(ImportExport, T, TestBackEnds)
{
const std::string privKeyPkcs1 =