Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */ |
| 2 | /* |
Davide Pesavento | 0c52603 | 2024-01-31 21:14:01 -0500 | [diff] [blame^] | 3 | * Copyright (c) 2013-2024 Regents of the University of California. |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 4 | * |
| 5 | * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions). |
| 6 | * |
| 7 | * ndn-cxx library is free software: you can redistribute it and/or modify it under the |
| 8 | * terms of the GNU Lesser General Public License as published by the Free Software |
| 9 | * Foundation, either version 3 of the License, or (at your option) any later version. |
| 10 | * |
| 11 | * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY |
| 12 | * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A |
| 13 | * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. |
| 14 | * |
| 15 | * You should have received copies of the GNU General Public License and GNU Lesser |
| 16 | * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see |
| 17 | * <http://www.gnu.org/licenses/>. |
| 18 | * |
| 19 | * See AUTHORS.md for complete list of ndn-cxx authors and contributors. |
| 20 | */ |
| 21 | |
Alexander Afanasyev | 09236c2 | 2020-06-03 13:42:38 -0400 | [diff] [blame] | 22 | #include "ndn-cxx/security/validator-config/checker.hpp" |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 23 | |
Davide Pesavento | 7e78064 | 2018-11-24 15:51:34 -0500 | [diff] [blame] | 24 | #include "tests/boost-test.hpp" |
Alexander Afanasyev | 09236c2 | 2020-06-03 13:42:38 -0400 | [diff] [blame] | 25 | #include "tests/unit/security/validator-fixture.hpp" |
| 26 | #include "tests/unit/security/validator-config/common.hpp" |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 27 | |
Davide Pesavento | 49e1e87 | 2023-11-11 00:45:23 -0500 | [diff] [blame] | 28 | #include <boost/mp11/algorithm.hpp> |
| 29 | |
Davide Pesavento | 47ce2ee | 2023-05-09 01:33:33 -0400 | [diff] [blame] | 30 | namespace ndn::tests { |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 31 | |
Davide Pesavento | 47ce2ee | 2023-05-09 01:33:33 -0400 | [diff] [blame] | 32 | using namespace ndn::security::validator_config; |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 33 | |
| 34 | BOOST_AUTO_TEST_SUITE(Security) |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 35 | BOOST_AUTO_TEST_SUITE(ValidatorConfig) |
Junxiao Shi | 5dc7560 | 2021-02-19 11:33:00 -0700 | [diff] [blame] | 36 | BOOST_AUTO_TEST_SUITE(TestChecker) |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 37 | |
Davide Pesavento | 4c1ad4c | 2020-11-16 21:12:02 -0500 | [diff] [blame] | 38 | class CheckerFixture : public KeyChainFixture |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 39 | { |
| 40 | public: |
| 41 | CheckerFixture() |
| 42 | { |
| 43 | names.push_back("/foo/bar"); |
| 44 | names.push_back("/foo/bar/bar"); |
| 45 | names.push_back("/foo"); |
| 46 | names.push_back("/other/prefix"); |
| 47 | } |
| 48 | |
Davide Pesavento | 5437aa2 | 2019-03-24 14:02:37 -0400 | [diff] [blame] | 49 | static Name |
Junxiao Shi | 5dc7560 | 2021-02-19 11:33:00 -0700 | [diff] [blame] | 50 | makeKeyLocatorKeyName(const Name& name) |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 51 | { |
Junxiao Shi | 5dc7560 | 2021-02-19 11:33:00 -0700 | [diff] [blame] | 52 | static PartialName suffix("KEY/keyid"); |
| 53 | return Name(name).append(suffix); |
| 54 | } |
| 55 | |
| 56 | static Name |
| 57 | makeKeyLocatorCertName(const Name& name) |
| 58 | { |
| 59 | static PartialName suffix("KEY/keyid/issuer/v=1"); |
| 60 | return Name(name).append(suffix); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 61 | } |
| 62 | |
Junxiao Shi | 58b9e0f | 2021-03-18 15:54:07 -0600 | [diff] [blame] | 63 | template<typename PktType, typename C> |
| 64 | static void |
Alexander Afanasyev | 17d4b93 | 2021-03-17 17:58:40 -0400 | [diff] [blame] | 65 | testChecker(C& checker, tlv::SignatureTypeValue sigType, const Name& pktName, const Name& klName, bool expectedOutcome) |
Junxiao Shi | 58b9e0f | 2021-03-18 15:54:07 -0600 | [diff] [blame] | 66 | { |
Davide Pesavento | 0c52603 | 2024-01-31 21:14:01 -0500 | [diff] [blame^] | 67 | BOOST_TEST_INFO_SCOPE("Packet = " << pktName); |
| 68 | BOOST_TEST_INFO_SCOPE("KeyLocator = " << klName); |
| 69 | |
| 70 | auto state = PktType::makeState(); |
| 71 | auto result = checker.check(PktType::getType(), sigType, pktName, klName, *state); |
| 72 | BOOST_CHECK_EQUAL(bool(result), expectedOutcome); |
| 73 | BOOST_CHECK(boost::logic::indeterminate(state->getOutcome())); |
| 74 | if (!result) { |
| 75 | BOOST_CHECK_NE(result.getErrorMessage(), ""); |
Junxiao Shi | 58b9e0f | 2021-03-18 15:54:07 -0600 | [diff] [blame] | 76 | } |
| 77 | } |
| 78 | |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 79 | public: |
| 80 | std::vector<Name> names; |
| 81 | }; |
| 82 | |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 83 | class NameRelationEqual : public CheckerFixture |
| 84 | { |
| 85 | public: |
Alexander Afanasyev | 17d4b93 | 2021-03-17 17:58:40 -0400 | [diff] [blame] | 86 | NameRelationChecker checker{tlv::SignatureSha256WithRsa, "/foo/bar", NameRelation::EQUAL}; |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 87 | std::vector<std::vector<bool>> outcomes = {{true, false, false, false}, |
| 88 | {true, false, false, false}, |
| 89 | {true, false, false, false}, |
| 90 | {true, false, false, false}}; |
| 91 | }; |
| 92 | |
| 93 | class NameRelationIsPrefixOf : public CheckerFixture |
| 94 | { |
| 95 | public: |
Alexander Afanasyev | 17d4b93 | 2021-03-17 17:58:40 -0400 | [diff] [blame] | 96 | NameRelationChecker checker{tlv::SignatureSha256WithRsa, "/foo/bar", NameRelation::IS_PREFIX_OF}; |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 97 | std::vector<std::vector<bool>> outcomes = {{true, true, false, false}, |
| 98 | {true, true, false, false}, |
| 99 | {true, true, false, false}, |
| 100 | {true, true, false, false}}; |
| 101 | }; |
| 102 | |
| 103 | class NameRelationIsStrictPrefixOf : public CheckerFixture |
| 104 | { |
| 105 | public: |
Alexander Afanasyev | 17d4b93 | 2021-03-17 17:58:40 -0400 | [diff] [blame] | 106 | NameRelationChecker checker{tlv::SignatureSha256WithRsa, "/foo/bar", NameRelation::IS_STRICT_PREFIX_OF}; |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 107 | std::vector<std::vector<bool>> outcomes = {{false, true, false, false}, |
| 108 | {false, true, false, false}, |
| 109 | {false, true, false, false}, |
| 110 | {false, true, false, false}}; |
| 111 | }; |
| 112 | |
| 113 | class RegexEqual : public CheckerFixture |
| 114 | { |
| 115 | public: |
Alexander Afanasyev | 17d4b93 | 2021-03-17 17:58:40 -0400 | [diff] [blame] | 116 | RegexChecker checker{tlv::SignatureSha256WithRsa, Regex("^<foo><bar><KEY><>{1,3}$")}; |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 117 | std::vector<std::vector<bool>> outcomes = {{true, false, false, false}, |
| 118 | {true, false, false, false}, |
| 119 | {true, false, false, false}, |
| 120 | {true, false, false, false}}; |
| 121 | }; |
| 122 | |
| 123 | class RegexIsPrefixOf : public CheckerFixture |
| 124 | { |
| 125 | public: |
Alexander Afanasyev | 17d4b93 | 2021-03-17 17:58:40 -0400 | [diff] [blame] | 126 | RegexChecker checker{tlv::SignatureSha256WithRsa, Regex("^<foo><bar><>*<KEY><>{1,3}$")}; |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 127 | std::vector<std::vector<bool>> outcomes = {{true, true, false, false}, |
| 128 | {true, true, false, false}, |
| 129 | {true, true, false, false}, |
| 130 | {true, true, false, false}}; |
| 131 | }; |
| 132 | |
| 133 | class RegexIsStrictPrefixOf : public CheckerFixture |
| 134 | { |
| 135 | public: |
Alexander Afanasyev | 17d4b93 | 2021-03-17 17:58:40 -0400 | [diff] [blame] | 136 | RegexChecker checker{tlv::SignatureSha256WithRsa, Regex("^<foo><bar><>+<KEY><>{1,3}$")}; |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 137 | std::vector<std::vector<bool>> outcomes = {{false, true, false, false}, |
| 138 | {false, true, false, false}, |
| 139 | {false, true, false, false}, |
| 140 | {false, true, false, false}}; |
| 141 | }; |
| 142 | |
| 143 | class HyperRelationEqual : public CheckerFixture |
| 144 | { |
| 145 | public: |
Alexander Afanasyev | 17d4b93 | 2021-03-17 17:58:40 -0400 | [diff] [blame] | 146 | HyperRelationChecker checker{tlv::SignatureSha256WithRsa, |
| 147 | "^(<>+)$", "\\1", "^(<>+)<KEY><>{1,3}$", "\\1", NameRelation::EQUAL}; |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 148 | std::vector<std::vector<bool>> outcomes = {{true, false, false, false}, |
| 149 | {false, true, false, false}, |
| 150 | {false, false, true, false}, |
| 151 | {false, false, false, true}}; |
| 152 | }; |
| 153 | |
| 154 | class HyperRelationIsPrefixOf : public CheckerFixture |
| 155 | { |
| 156 | public: |
Alexander Afanasyev | 17d4b93 | 2021-03-17 17:58:40 -0400 | [diff] [blame] | 157 | HyperRelationChecker checker{tlv::SignatureSha256WithRsa, |
| 158 | "^(<>+)$", "\\1", "^(<>+)<KEY><>{1,3}$", "\\1", NameRelation::IS_PREFIX_OF}; |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 159 | std::vector<std::vector<bool>> outcomes = {{true, false, true, false}, |
| 160 | {true, true, true, false}, |
| 161 | {false, false, true, false}, |
| 162 | {false, false, false, true}}; |
| 163 | }; |
| 164 | |
| 165 | class HyperRelationIsStrictPrefixOf : public CheckerFixture |
| 166 | { |
| 167 | public: |
Alexander Afanasyev | 17d4b93 | 2021-03-17 17:58:40 -0400 | [diff] [blame] | 168 | HyperRelationChecker checker{tlv::SignatureSha256WithRsa, |
| 169 | "^(<>+)$", "\\1", "^(<>+)<KEY><>{1,3}$", "\\1", NameRelation::IS_STRICT_PREFIX_OF}; |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 170 | std::vector<std::vector<bool>> outcomes = {{false, false, true, false}, |
| 171 | {true, false, true, false}, |
| 172 | {false, false, false, false}, |
| 173 | {false, false, false, false}}; |
| 174 | }; |
| 175 | |
| 176 | class Hierarchical : public CheckerFixture |
| 177 | { |
| 178 | public: |
| 179 | Hierarchical() |
| 180 | : checkerPtr(Checker::create(makeSection(R"CONF( |
| 181 | type hierarchical |
| 182 | sig-type rsa-sha256 |
| 183 | )CONF"), "test-config")) |
| 184 | , checker(*checkerPtr) |
| 185 | { |
| 186 | } |
| 187 | |
| 188 | public: |
| 189 | std::unique_ptr<Checker> checkerPtr; |
| 190 | Checker& checker; |
| 191 | |
| 192 | std::vector<std::vector<bool>> outcomes = {{true, false, true, false}, |
| 193 | {true, true, true, false}, |
| 194 | {false, false, true, false}, |
| 195 | {false, false, false, true}}; |
| 196 | }; |
| 197 | |
| 198 | class CustomizedNameRelation : public CheckerFixture |
| 199 | { |
| 200 | public: |
| 201 | CustomizedNameRelation() |
| 202 | : checkerPtr(Checker::create(makeSection(R"CONF( |
| 203 | type customized |
| 204 | sig-type rsa-sha256 |
| 205 | key-locator |
| 206 | { |
| 207 | type name |
| 208 | name /foo/bar |
| 209 | relation equal |
| 210 | } |
| 211 | )CONF"), "test-config")) |
| 212 | , checker(*checkerPtr) |
| 213 | { |
| 214 | } |
| 215 | |
| 216 | public: |
| 217 | std::unique_ptr<Checker> checkerPtr; |
| 218 | Checker& checker; |
| 219 | |
| 220 | std::vector<std::vector<bool>> outcomes = {{true, false, false, false}, |
| 221 | {true, false, false, false}, |
| 222 | {true, false, false, false}, |
| 223 | {true, false, false, false}}; |
| 224 | }; |
| 225 | |
| 226 | class CustomizedRegex : public CheckerFixture |
| 227 | { |
| 228 | public: |
| 229 | CustomizedRegex() |
| 230 | : checkerPtr(Checker::create(makeSection(R"CONF( |
| 231 | type customized |
| 232 | sig-type rsa-sha256 |
| 233 | key-locator |
| 234 | { |
| 235 | type name |
Junxiao Shi | 5dc7560 | 2021-02-19 11:33:00 -0700 | [diff] [blame] | 236 | regex ^<foo><bar><KEY><>{1,3}$ |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 237 | } |
| 238 | )CONF"), "test-config")) |
| 239 | , checker(*checkerPtr) |
| 240 | { |
| 241 | } |
| 242 | |
| 243 | public: |
| 244 | std::unique_ptr<Checker> checkerPtr; |
| 245 | Checker& checker; |
| 246 | |
| 247 | std::vector<std::vector<bool>> outcomes = {{true, false, false, false}, |
| 248 | {true, false, false, false}, |
| 249 | {true, false, false, false}, |
| 250 | {true, false, false, false}}; |
| 251 | }; |
| 252 | |
| 253 | class CustomizedHyperRelation : public CheckerFixture |
| 254 | { |
| 255 | public: |
| 256 | CustomizedHyperRelation() |
| 257 | : checkerPtr(Checker::create(makeSection(R"CONF( |
| 258 | type customized |
| 259 | sig-type rsa-sha256 |
| 260 | key-locator |
| 261 | { |
| 262 | type name |
| 263 | hyper-relation |
| 264 | { |
Junxiao Shi | 5dc7560 | 2021-02-19 11:33:00 -0700 | [diff] [blame] | 265 | k-regex ^(<>+)<KEY><>{1,3}$ |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 266 | k-expand \\1 |
| 267 | h-relation is-prefix-of |
| 268 | p-regex ^(<>+)$ |
| 269 | p-expand \\1 |
| 270 | } |
| 271 | } |
| 272 | )CONF"), "test-config")) |
| 273 | , checker(*checkerPtr) |
| 274 | { |
| 275 | } |
| 276 | |
| 277 | public: |
| 278 | std::unique_ptr<Checker> checkerPtr; |
| 279 | Checker& checker; |
| 280 | |
| 281 | std::vector<std::vector<bool>> outcomes = {{true, false, true, false}, |
| 282 | {true, true, true, false}, |
| 283 | {false, false, true, false}, |
| 284 | {false, false, false, true}}; |
| 285 | }; |
| 286 | |
Davide Pesavento | 49e1e87 | 2023-11-11 00:45:23 -0500 | [diff] [blame] | 287 | using CheckerFixtures = boost::mp11::mp_list< |
Junxiao Shi | 5dc7560 | 2021-02-19 11:33:00 -0700 | [diff] [blame] | 288 | NameRelationEqual, |
| 289 | NameRelationIsPrefixOf, |
| 290 | NameRelationIsStrictPrefixOf, |
| 291 | RegexEqual, |
| 292 | RegexIsPrefixOf, |
| 293 | RegexIsStrictPrefixOf, |
| 294 | HyperRelationEqual, |
| 295 | HyperRelationIsPrefixOf, |
| 296 | HyperRelationIsStrictPrefixOf, |
| 297 | Hierarchical, |
| 298 | CustomizedNameRelation, |
| 299 | CustomizedRegex, |
| 300 | CustomizedHyperRelation |
| 301 | >; |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 302 | |
Junxiao Shi | 5dc7560 | 2021-02-19 11:33:00 -0700 | [diff] [blame] | 303 | // Cartesian product of [DataPkt, InterestV02Pkt, InterestV03Pkt] and CheckerFixtures. |
Davide Pesavento | 49e1e87 | 2023-11-11 00:45:23 -0500 | [diff] [blame] | 304 | // Each element is an mp_list<PktType, Fixture>. |
| 305 | using Tests = boost::mp11::mp_product< |
| 306 | boost::mp11::mp_list, |
| 307 | boost::mp11::mp_list<DataPkt, InterestV02Pkt, InterestV03Pkt>, |
| 308 | CheckerFixtures |
| 309 | >; |
Junxiao Shi | 5dc7560 | 2021-02-19 11:33:00 -0700 | [diff] [blame] | 310 | |
Davide Pesavento | 49e1e87 | 2023-11-11 00:45:23 -0500 | [diff] [blame] | 311 | BOOST_FIXTURE_TEST_CASE_TEMPLATE(Checks, T, Tests, boost::mp11::mp_second<T>) |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 312 | { |
Davide Pesavento | 49e1e87 | 2023-11-11 00:45:23 -0500 | [diff] [blame] | 313 | using PktType = boost::mp11::mp_first<T>; |
Davide Pesavento | 5437aa2 | 2019-03-24 14:02:37 -0400 | [diff] [blame] | 314 | |
| 315 | BOOST_REQUIRE_EQUAL(this->outcomes.size(), this->names.size()); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 316 | for (size_t i = 0; i < this->names.size(); ++i) { |
Davide Pesavento | 5437aa2 | 2019-03-24 14:02:37 -0400 | [diff] [blame] | 317 | BOOST_REQUIRE_EQUAL(this->outcomes[i].size(), this->names.size()); |
Junxiao Shi | 58b9e0f | 2021-03-18 15:54:07 -0600 | [diff] [blame] | 318 | |
| 319 | auto pktName = PktType::makeName(this->names[i], this->m_keyChain); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 320 | for (size_t j = 0; j < this->names.size(); ++j) { |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 321 | bool expectedOutcome = this->outcomes[i][j]; |
| 322 | |
Junxiao Shi | 58b9e0f | 2021-03-18 15:54:07 -0600 | [diff] [blame] | 323 | auto klName = this->makeKeyLocatorKeyName(this->names[j]); |
Alexander Afanasyev | 17d4b93 | 2021-03-17 17:58:40 -0400 | [diff] [blame] | 324 | this->template testChecker<PktType>(this->checker, tlv::SignatureSha256WithRsa, pktName, klName, expectedOutcome); |
| 325 | this->template testChecker<PktType>(this->checker, tlv::SignatureSha256WithEcdsa, pktName, klName, false); |
| 326 | |
Junxiao Shi | 58b9e0f | 2021-03-18 15:54:07 -0600 | [diff] [blame] | 327 | klName = this->makeKeyLocatorCertName(this->names[j]); |
Alexander Afanasyev | 17d4b93 | 2021-03-17 17:58:40 -0400 | [diff] [blame] | 328 | this->template testChecker<PktType>(this->checker, tlv::SignatureSha256WithRsa, pktName, klName, expectedOutcome); |
| 329 | this->template testChecker<PktType>(this->checker, tlv::SignatureSha256WithEcdsa, pktName, klName, false); |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 330 | } |
| 331 | } |
| 332 | } |
| 333 | |
| 334 | BOOST_AUTO_TEST_SUITE_END() // TestChecker |
| 335 | BOOST_AUTO_TEST_SUITE_END() // ValidatorConfig |
Alexander Afanasyev | e5a19b8 | 2017-01-30 22:30:46 -0800 | [diff] [blame] | 336 | BOOST_AUTO_TEST_SUITE_END() // Security |
| 337 | |
Davide Pesavento | 47ce2ee | 2023-05-09 01:33:33 -0400 | [diff] [blame] | 338 | } // namespace ndn::tests |