Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / bf6a28101e06d1517eff3887f702db22d73503fd / . / tests / unit-tests / security / test-signed-interest.cpp
blob: 8d675fc7647c13cdecb5ef8ed8b033d2cd7e3a07 [file] [log] [blame]
Alexander Afanasyevc169a812014-05-20 20:37:29 -0400[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Yingdi Yu4270f202014-01-28 14:19:16 -0800[diff] [blame]2/**
Alexander Afanasyevc169a812014-05-20 20:37:29 -0400[diff] [blame]3 * Copyright (c) 2013-2014 Regents of the University of California.
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]6 *
Alexander Afanasyevc169a812014-05-20 20:37:29 -0400[diff] [blame]7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
Yingdi Yu4270f202014-01-28 14:19:16 -0800[diff] [blame]20 */
21
Yingdi Yu4270f202014-01-28 14:19:16 -0800[diff] [blame]22#include "security/key-chain.hpp"
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]23#include "security/validator.hpp"
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800[diff] [blame]24
Yingdi Yuc4f6fd72014-02-26 12:48:44 -0800[diff] [blame]25#include "util/command-interest-generator.hpp"
26#include "util/command-interest-validator.hpp"
Yingdi Yu4270f202014-01-28 14:19:16 -0800[diff] [blame]27
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]28#include "boost-test.hpp"
29
Yingdi Yu4270f202014-01-28 14:19:16 -0800[diff] [blame]30using namespace std;
Alexander Afanasyev0abb2da2014-01-30 18:07:57 -0800[diff] [blame]31namespace ndn {
Yingdi Yu4270f202014-01-28 14:19:16 -0800[diff] [blame]32
Alexander Afanasyevd1b5c412014-03-27 15:03:51 -0700[diff] [blame]33BOOST_AUTO_TEST_SUITE(SecurityTestSignedInterest)
Yingdi Yu4270f202014-01-28 14:19:16 -0800[diff] [blame]34
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]35BOOST_AUTO_TEST_CASE(SignedInterest)
Yingdi Yu4270f202014-01-28 14:19:16 -0800[diff] [blame]36{
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]37 BOOST_REQUIRE_NO_THROW(KeyChain("sqlite3", "file"));
38 KeyChain keyChain("sqlite3", "file");
Yingdi Yu4270f202014-01-28 14:19:16 -0800[diff] [blame]39
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]40 Name identityName("/TestSignedInterest/SignVerify");
41 identityName.appendVersion();
42
Yingdi Yu17bc3012014-02-10 17:37:12 -0800[diff] [blame]43 Name certificateName;
44 BOOST_REQUIRE_NO_THROW(certificateName = keyChain.createIdentity(identityName));
Yingdi Yu4270f202014-01-28 14:19:16 -0800[diff] [blame]45
Yingdi Yu17bc3012014-02-10 17:37:12 -0800[diff] [blame]46 Interest interest("/TestSignedInterest/SignVerify/Interest1");
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]47 BOOST_CHECK_NO_THROW(keyChain.signByIdentity(interest, identityName));
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]48
Yingdi Yu4270f202014-01-28 14:19:16 -0800[diff] [blame]49 Block interestBlock(interest.wireEncode().wire(), interest.wireEncode().size());
50
51 Interest interest2;
52 interest2.wireDecode(interestBlock);
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]53
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]54 shared_ptr<PublicKey> publicKey;
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]55 BOOST_REQUIRE_NO_THROW(publicKey = keyChain.getPublicKeyFromTpm(
56 keyChain.getDefaultKeyNameForIdentity(identityName)));
Yingdi Yu6ac97982014-01-30 14:49:21 -0800[diff] [blame]57 bool result = Validator::verifySignature(interest2, *publicKey);
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]58
Yingdi Yu17bc3012014-02-10 17:37:12 -0800[diff] [blame]59 BOOST_CHECK_EQUAL(result, true);
60
Yingdi Yu2e57a582014-02-20 23:34:43 -0800[diff] [blame]61 keyChain.deleteIdentity(identityName);
Yingdi Yu4270f202014-01-28 14:19:16 -0800[diff] [blame]62}
63
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800[diff] [blame]64class CommandInterestFixture
65{
66public:
67 CommandInterestFixture()
68 : m_validity(false)
Alexander Afanasyev24b75c82014-05-31 15:59:31 +0300[diff] [blame]69 {
70 }
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]71
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800[diff] [blame]72 void
73 validated(const shared_ptr<const Interest>& interest)
Alexander Afanasyev24b75c82014-05-31 15:59:31 +0300[diff] [blame]74 {
75 m_validity = true;
76 }
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800[diff] [blame]77
78 void
Yingdi Yu40587c02014-02-21 16:40:48 -0800[diff] [blame]79 validationFailed(const shared_ptr<const Interest>& interest, const string& failureInfo)
80 {
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]81 m_validity = false;
Yingdi Yu40587c02014-02-21 16:40:48 -0800[diff] [blame]82 }
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800[diff] [blame]83
84 void
85 reset()
Alexander Afanasyev24b75c82014-05-31 15:59:31 +0300[diff] [blame]86 {
87 m_validity = false;
88 }
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800[diff] [blame]89
90 bool m_validity;
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]91};
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800[diff] [blame]92
Yingdi Yu0fc447c2014-04-29 19:38:32 -0700[diff] [blame]93BOOST_FIXTURE_TEST_CASE(CommandInterest, CommandInterestFixture)
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800[diff] [blame]94{
95 KeyChain keyChain;
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]96 Name identity("/TestCommandInterest/Validation");
97 identity.appendVersion();
98
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800[diff] [blame]99 Name certName;
100 BOOST_REQUIRE_NO_THROW(certName = keyChain.createIdentity(identity));
101
102 CommandInterestGenerator generator;
103 CommandInterestValidator validator;
104
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]105 validator.addInterestRule("^<TestCommandInterest><Validation>",
106 *keyChain.getCertificate(certName));
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800[diff] [blame]107
108 //Test a legitimate command
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]109 shared_ptr<Interest> commandInterest1 =
110 make_shared<Interest>("/TestCommandInterest/Validation/Command1");
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800[diff] [blame]111 generator.generateWithIdentity(*commandInterest1, identity);
112 validator.validate(*commandInterest1,
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]113 bind(&CommandInterestFixture::validated, this, _1),
114 bind(&CommandInterestFixture::validationFailed, this, _1, _2));
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]115
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800[diff] [blame]116 BOOST_CHECK_EQUAL(m_validity, true);
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]117
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800[diff] [blame]118 //Test an outdated command
119 reset();
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]120 shared_ptr<Interest> commandInterest2 =
121 make_shared<Interest>("/TestCommandInterest/Validation/Command2");
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]122 time::milliseconds timestamp = time::toUnixTimestamp(time::system_clock::now());
123 timestamp -= time::seconds(5);
124
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800[diff] [blame]125 Name commandName = commandInterest2->getName();
126 commandName
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]127 .appendNumber(timestamp.count())
128 .appendNumber(random::generateWord64());
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800[diff] [blame]129 commandInterest2->setName(commandName);
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]130
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800[diff] [blame]131 keyChain.signByIdentity(*commandInterest2, identity);
132 validator.validate(*commandInterest2,
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]133 bind(&CommandInterestFixture::validated, this, _1),
134 bind(&CommandInterestFixture::validationFailed, this, _1, _2));
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]135
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800[diff] [blame]136 BOOST_CHECK_EQUAL(m_validity, false);
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]137
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800[diff] [blame]138 //Test an unauthorized command
139 Name identity2("/TestCommandInterest/Validation2");
140 Name certName2;
141 BOOST_REQUIRE_NO_THROW(certName2 = keyChain.createIdentity(identity2));
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]142
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]143 shared_ptr<Interest> commandInterest3 =
144 make_shared<Interest>("/TestCommandInterest/Validation/Command3");
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800[diff] [blame]145 generator.generateWithIdentity(*commandInterest3, identity2);
146 validator.validate(*commandInterest3,
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]147 bind(&CommandInterestFixture::validated, this, _1),
148 bind(&CommandInterestFixture::validationFailed, this, _1, _2));
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]149
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800[diff] [blame]150 BOOST_CHECK_EQUAL(m_validity, false);
151
152 //Test another unauthorized command
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]153 shared_ptr<Interest> commandInterest4 =
154 make_shared<Interest>("/TestCommandInterest/Validation2/Command");
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800[diff] [blame]155 generator.generateWithIdentity(*commandInterest4, identity);
156 validator.validate(*commandInterest4,
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]157 bind(&CommandInterestFixture::validated, this, _1),
158 bind(&CommandInterestFixture::validationFailed, this, _1, _2));
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]159
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800[diff] [blame]160 BOOST_CHECK_EQUAL(m_validity, false);
161
162 BOOST_CHECK_NO_THROW(keyChain.deleteIdentity(identity));
163 BOOST_CHECK_NO_THROW(keyChain.deleteIdentity(identity2));
164}
165
Yingdi Yu0fc447c2014-04-29 19:38:32 -0700[diff] [blame]166BOOST_FIXTURE_TEST_CASE(Exemption, CommandInterestFixture)
167{
168 KeyChain keyChain;
169 Name identity("/TestCommandInterest/AnyKey");
170
171 Name certName;
172 BOOST_REQUIRE_NO_THROW(certName = keyChain.createIdentity(identity));
173
174 CommandInterestGenerator generator;
175 CommandInterestValidator validator;
176
177 validator.addInterestBypassRule("^<TestCommandInterest><Exemption>");
178
179 //Test a legitimate command
180 shared_ptr<Interest> commandInterest1 =
181 make_shared<Interest>("/TestCommandInterest/Exemption/Command1");
182 generator.generateWithIdentity(*commandInterest1, identity);
183 validator.validate(*commandInterest1,
184 bind(&CommandInterestFixture::validated, this, _1),
185 bind(&CommandInterestFixture::validationFailed, this, _1, _2));
186
187 BOOST_CHECK_EQUAL(m_validity, true);
188
189 BOOST_CHECK_NO_THROW(keyChain.deleteIdentity(identity));
190}
191
192
Alexander Afanasyev9cbf70a2014-02-17 18:07:51 -0800[diff] [blame]193
Yingdi Yu4270f202014-01-28 14:19:16 -0800[diff] [blame]194BOOST_AUTO_TEST_SUITE_END()
Alexander Afanasyev0abb2da2014-01-30 18:07:57 -0800[diff] [blame]195
196} // namespace ndn