Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / 1e164cc096ac1820baf70ad379ab6816611634f5 / . / tests / unit-tests / security / validator.t.cpp
blob: 65c50959251325ce183ab93c07d893ba973b56eb [file] [log] [blame]
Alexander Afanasyevc169a812014-05-20 20:37:29 -0400[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
Yingdi Yu9a335352014-01-31 11:57:46 -0800[diff] [blame]2/**
Alexander Afanasyeve4f8c3b2016-06-23 16:03:48 -0700[diff] [blame]3 * Copyright (c) 2013-2016 Regents of the University of California.
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]4 *
5 * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
Alexander Afanasyevdfa52c42014-04-24 21:10:11 -0700[diff] [blame]6 *
Alexander Afanasyevc169a812014-05-20 20:37:29 -0400[diff] [blame]7 * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8 * terms of the GNU Lesser General Public License as published by the Free Software
9 * Foundation, either version 3 of the License, or (at your option) any later version.
10 *
11 * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14 *
15 * You should have received copies of the GNU General Public License and GNU Lesser
16 * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17 * <http://www.gnu.org/licenses/>.
18 *
19 * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
Yingdi Yu9a335352014-01-31 11:57:46 -0800[diff] [blame]20 */
21
Yingdi Yu9a335352014-01-31 11:57:46 -0800[diff] [blame]22#include "security/validator-null.hpp"
23#include "security/key-chain.hpp"
Junxiao Shi198c3812016-08-12 19:24:18 +0000[diff] [blame]24
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]25#include "boost-test.hpp"
Junxiao Shi198c3812016-08-12 19:24:18 +0000[diff] [blame]26#include "identity-management-fixture.hpp"
27#include "../make-interest-data.hpp"
Yingdi Yu9a335352014-01-31 11:57:46 -0800[diff] [blame]28
Yingdi Yu9a335352014-01-31 11:57:46 -0800[diff] [blame]29namespace ndn {
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]30namespace security {
Spyridon Mastorakis429634f2015-02-19 17:35:33 -0800[diff] [blame]31namespace tests {
Yingdi Yu9a335352014-01-31 11:57:46 -0800[diff] [blame]32
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]33using namespace ndn::tests;
34
Junxiao Shi198c3812016-08-12 19:24:18 +0000[diff] [blame]35BOOST_AUTO_TEST_SUITE(Security)
36BOOST_FIXTURE_TEST_SUITE(TestValidator, IdentityManagementFixture)
Yingdi Yu9a335352014-01-31 11:57:46 -0800[diff] [blame]37
38void
39onValidated(const shared_ptr<const Data>& data)
Alexander Afanasyev24b75c82014-05-31 15:59:31 +0300[diff] [blame]40{
41 BOOST_CHECK(true);
42}
Yingdi Yu9a335352014-01-31 11:57:46 -0800[diff] [blame]43
44void
Junxiao Shi198c3812016-08-12 19:24:18 +0000[diff] [blame]45onValidationFailed(const shared_ptr<const Data>& data, const std::string& failureInfo)
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]46{
47 BOOST_CHECK(false);
Yingdi Yu40587c02014-02-21 16:40:48 -0800[diff] [blame]48}
Yingdi Yu9a335352014-01-31 11:57:46 -0800[diff] [blame]49
Yingdi Yuf56c68f2014-04-24 21:50:13 -0700[diff] [blame]50BOOST_AUTO_TEST_CASE(Null)
Yingdi Yu9a335352014-01-31 11:57:46 -0800[diff] [blame]51{
Alexander Afanasyevaa0e7da2014-03-17 14:37:33 -0700[diff] [blame]52 Name identity("/TestValidator/Null");
53 identity.appendVersion();
Yingdi Yu3ed09d02014-10-13 16:24:08 -0700[diff] [blame]54 BOOST_REQUIRE(addIdentity(identity, RsaKeyParams()));
Yingdi Yu9a335352014-01-31 11:57:46 -0800[diff] [blame]55
56 Name dataName = identity;
57 dataName.append("1");
58 shared_ptr<Data> data = make_shared<Data>(dataName);
59
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]60 BOOST_CHECK_NO_THROW(m_keyChain.sign(*data,
61 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
62 identity)));
Alexander Afanasyevb1db7c62014-04-03 14:57:25 -0700[diff] [blame]63
Yingdi Yu9a335352014-01-31 11:57:46 -0800[diff] [blame]64 ValidatorNull validator;
Alexander Afanasyev0222fba2014-02-09 23:16:02 -0800[diff] [blame]65
66 // data must be a shared pointer
67 validator.validate(*data,
Yingdi Yu96e64062014-04-15 19:57:33 -0700[diff] [blame]68 bind(&onValidated, _1),
69 bind(&onValidationFailed, _1, _2));
Yingdi Yu9a335352014-01-31 11:57:46 -0800[diff] [blame]70}
71
Yingdi Yuc8f883c2014-06-20 23:25:22 -0700[diff] [blame]72const uint8_t ecdsaSigInfo[] = {
730x16, 0x1b, // SignatureInfo
74 0x1b, 0x01, // SignatureType
75 0x03,
76 0x1c, 0x16, // KeyLocator
77 0x07, 0x14, // Name
78 0x08, 0x04,
79 0x74, 0x65, 0x73, 0x74,
80 0x08, 0x03,
81 0x6b, 0x65, 0x79,
82 0x08, 0x07,
83 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72
84};
85
86const uint8_t ecdsaSigValue[] = {
870x17, 0x40, // SignatureValue
88 0x2f, 0xd6, 0xf1, 0x6e, 0x80, 0x6f, 0x10, 0xbe, 0xb1, 0x6f, 0x3e, 0x31, 0xec,
89 0xe3, 0xb9, 0xea, 0x83, 0x30, 0x40, 0x03, 0xfc, 0xa0, 0x13, 0xd9, 0xb3, 0xc6,
90 0x25, 0x16, 0x2d, 0xa6, 0x58, 0x41, 0x69, 0x62, 0x56, 0xd8, 0xb3, 0x6a, 0x38,
91 0x76, 0x56, 0xea, 0x61, 0xb2, 0x32, 0x70, 0x1c, 0xb6, 0x4d, 0x10, 0x1d, 0xdc,
92 0x92, 0x8e, 0x52, 0xa5, 0x8a, 0x1d, 0xd9, 0x96, 0x5e, 0xc0, 0x62, 0x0b
93};
94
95BOOST_AUTO_TEST_CASE(RsaSignatureVerification)
96{
Yingdi Yuc8f883c2014-06-20 23:25:22 -0700[diff] [blame]97 Name identity("/TestValidator/RsaSignatureVerification");
Yingdi Yu3ed09d02014-10-13 16:24:08 -0700[diff] [blame]98 BOOST_REQUIRE(addIdentity(identity, RsaKeyParams()));
99 Name keyName = m_keyChain.getDefaultKeyNameForIdentity(identity);
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]100 shared_ptr<v1::PublicKey> publicKey = m_keyChain.getPublicKey(keyName);
Yingdi Yuc8f883c2014-06-20 23:25:22 -0700[diff] [blame]101
102 Name identity2("/TestValidator/RsaSignatureVerification/id2");
Yingdi Yu3ed09d02014-10-13 16:24:08 -0700[diff] [blame]103 BOOST_REQUIRE(addIdentity(identity2, RsaKeyParams()));
104 Name keyName2 = m_keyChain.getDefaultKeyNameForIdentity(identity2);
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]105 shared_ptr<v1::PublicKey> publicKey2 = m_keyChain.getPublicKey(keyName2);
Yingdi Yuc8f883c2014-06-20 23:25:22 -0700[diff] [blame]106
107 Data data("/TestData/1");
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]108 BOOST_CHECK_NO_THROW(m_keyChain.sign(data,
109 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
110 identity)));
Yingdi Yuc8f883c2014-06-20 23:25:22 -0700[diff] [blame]111 BOOST_CHECK_EQUAL(Validator::verifySignature(data, *publicKey), true);
112 BOOST_CHECK_EQUAL(Validator::verifySignature(data, *publicKey2), false);
113
114 Interest interest("/TestInterest/1");
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]115 BOOST_CHECK_NO_THROW(m_keyChain.sign(interest,
116 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
117 identity)));
Yingdi Yuc8f883c2014-06-20 23:25:22 -0700[diff] [blame]118 BOOST_CHECK_EQUAL(Validator::verifySignature(interest, *publicKey), true);
119 BOOST_CHECK_EQUAL(Validator::verifySignature(interest, *publicKey2), false);
120
121 Data wrongData("/TestData/2");
122 Block ecdsaSigInfoBlock(ecdsaSigInfo, sizeof(ecdsaSigInfo));
123 Block ecdsaSigValueBlock(ecdsaSigValue, sizeof(ecdsaSigValue));
124 Signature ecdsaSig(ecdsaSigInfoBlock, ecdsaSigValueBlock);
125 wrongData.setSignature(ecdsaSig);
126 BOOST_CHECK_EQUAL(Validator::verifySignature(wrongData, *publicKey), false);
Yingdi Yuc8f883c2014-06-20 23:25:22 -0700[diff] [blame]127}
128
129const uint8_t rsaSigInfo[] = {
1300x16, 0x1b, // SignatureInfo
131 0x1b, 0x01, // SignatureType
132 0x01,
133 0x1c, 0x16, // KeyLocator
134 0x07, 0x14, // Name
135 0x08, 0x04,
136 0x74, 0x65, 0x73, 0x74,
137 0x08, 0x03,
138 0x6b, 0x65, 0x79,
139 0x08, 0x07,
140 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72
141};
142
143const uint8_t rsaSigValue[] = {
1440x17, 0x80, // SignatureValue
145 0x2f, 0xd6, 0xf1, 0x6e, 0x80, 0x6f, 0x10, 0xbe, 0xb1, 0x6f, 0x3e, 0x31, 0xec,
146 0xe3, 0xb9, 0xea, 0x83, 0x30, 0x40, 0x03, 0xfc, 0xa0, 0x13, 0xd9, 0xb3, 0xc6,
147 0x25, 0x16, 0x2d, 0xa6, 0x58, 0x41, 0x69, 0x62, 0x56, 0xd8, 0xb3, 0x6a, 0x38,
148 0x76, 0x56, 0xea, 0x61, 0xb2, 0x32, 0x70, 0x1c, 0xb6, 0x4d, 0x10, 0x1d, 0xdc,
149 0x92, 0x8e, 0x52, 0xa5, 0x8a, 0x1d, 0xd9, 0x96, 0x5e, 0xc0, 0x62, 0x0b, 0xcf,
150 0x3a, 0x9d, 0x7f, 0xca, 0xbe, 0xa1, 0x41, 0x71, 0x85, 0x7a, 0x8b, 0x5d, 0xa9,
151 0x64, 0xd6, 0x66, 0xb4, 0xe9, 0x8d, 0x0c, 0x28, 0x43, 0xee, 0xa6, 0x64, 0xe8,
152 0x55, 0xf6, 0x1c, 0x19, 0x0b, 0xef, 0x99, 0x25, 0x1e, 0xdc, 0x78, 0xb3, 0xa7,
153 0xaa, 0x0d, 0x14, 0x58, 0x30, 0xe5, 0x37, 0x6a, 0x6d, 0xdb, 0x56, 0xac, 0xa3,
154 0xfc, 0x90, 0x7a, 0xb8, 0x66, 0x9c, 0x0e, 0xf6, 0xb7, 0x64, 0xd1
155};
156
157
158BOOST_AUTO_TEST_CASE(EcdsaSignatureVerification)
159{
Yingdi Yuc8f883c2014-06-20 23:25:22 -0700[diff] [blame]160 Name identity("/TestValidator/EcdsaSignatureVerification");
Yingdi Yu3ed09d02014-10-13 16:24:08 -0700[diff] [blame]161 BOOST_REQUIRE(addIdentity(identity, EcdsaKeyParams()));
162 Name keyName = m_keyChain.getDefaultKeyNameForIdentity(identity);
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]163 shared_ptr<v1::PublicKey> publicKey = m_keyChain.getPublicKey(keyName);
Yingdi Yuc8f883c2014-06-20 23:25:22 -0700[diff] [blame]164
165 Name identity2("/TestValidator/EcdsaSignatureVerification/id2");
Yingdi Yu3ed09d02014-10-13 16:24:08 -0700[diff] [blame]166 BOOST_REQUIRE(addIdentity(identity2, EcdsaKeyParams()));
167 Name keyName2 = m_keyChain.getDefaultKeyNameForIdentity(identity2);
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]168 shared_ptr<v1::PublicKey> publicKey2 = m_keyChain.getPublicKey(keyName2);
Yingdi Yuc8f883c2014-06-20 23:25:22 -0700[diff] [blame]169
170
171 Data data("/TestData/1");
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]172 BOOST_CHECK_NO_THROW(m_keyChain.sign(data,
173 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
174 identity)));
Yingdi Yuc8f883c2014-06-20 23:25:22 -0700[diff] [blame]175 BOOST_CHECK_EQUAL(Validator::verifySignature(data, *publicKey), true);
176 BOOST_CHECK_EQUAL(Validator::verifySignature(data, *publicKey2), false);
177
178 Interest interest("/TestInterest/1");
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]179 BOOST_CHECK_NO_THROW(m_keyChain.sign(interest,
180 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
181 identity)));
Yingdi Yuc8f883c2014-06-20 23:25:22 -0700[diff] [blame]182 BOOST_CHECK_EQUAL(Validator::verifySignature(interest, *publicKey), true);
183 BOOST_CHECK_EQUAL(Validator::verifySignature(interest, *publicKey2), false);
184
185 Data wrongData("/TestData/2");
186 Block rsaSigInfoBlock(rsaSigInfo, sizeof(rsaSigInfo));
187 Block rsaSigValueBlock(rsaSigValue, sizeof(rsaSigValue));
188 Signature rsaSig(rsaSigInfoBlock, rsaSigValueBlock);
189 wrongData.setSignature(rsaSig);
190 BOOST_CHECK_EQUAL(Validator::verifySignature(wrongData, *publicKey), false);
Yingdi Yuc8f883c2014-06-20 23:25:22 -0700[diff] [blame]191}
192
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700[diff] [blame]193BOOST_AUTO_TEST_CASE(EcdsaSignatureVerification2)
194{
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700[diff] [blame]195 Name ecdsaIdentity("/SecurityTestValidator/EcdsaSignatureVerification2/ecdsa");
Yingdi Yu3ed09d02014-10-13 16:24:08 -0700[diff] [blame]196 BOOST_REQUIRE(addIdentity(ecdsaIdentity, EcdsaKeyParams()));
197 Name ecdsaCertName = m_keyChain.getDefaultCertificateNameForIdentity(ecdsaIdentity);
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]198 shared_ptr<v1::IdentityCertificate> ecdsaCert = m_keyChain.getCertificate(ecdsaCertName);
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700[diff] [blame]199
200 Name rsaIdentity("/SecurityTestValidator/EcdsaSignatureVerification2/rsa");
Yingdi Yu3ed09d02014-10-13 16:24:08 -0700[diff] [blame]201 BOOST_REQUIRE(addIdentity(rsaIdentity, RsaKeyParams()));
202 Name rsaCertName = m_keyChain.getDefaultCertificateNameForIdentity(rsaIdentity);
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]203 shared_ptr<v1::IdentityCertificate> rsaCert = m_keyChain.getCertificate(rsaCertName);
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700[diff] [blame]204
205 Name packetName("/Test/Packet/Name");
206
207 shared_ptr<Data> testDataRsa = make_shared<Data>(packetName);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]208 m_keyChain.sign(*testDataRsa,
209 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
210 rsaIdentity));
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700[diff] [blame]211 shared_ptr<Data> testDataEcdsa = make_shared<Data>(packetName);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]212 m_keyChain.sign(*testDataEcdsa,
213 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
214 ecdsaIdentity));
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700[diff] [blame]215 shared_ptr<Interest> testInterestRsa = make_shared<Interest>(packetName);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]216 m_keyChain.sign(*testInterestRsa,
217 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
218 rsaIdentity));
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700[diff] [blame]219 shared_ptr<Interest> testInterestEcdsa = make_shared<Interest>(packetName);
Yingdi Yu1b0311c2015-06-10 14:58:47 -0700[diff] [blame]220 m_keyChain.sign(*testInterestEcdsa,
221 security::SigningInfo(security::SigningInfo::SIGNER_TYPE_ID,
222 ecdsaIdentity));
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700[diff] [blame]223
224 BOOST_CHECK(Validator::verifySignature(*ecdsaCert, ecdsaCert->getPublicKeyInfo()));
225 BOOST_CHECK_EQUAL(Validator::verifySignature(*ecdsaCert, rsaCert->getPublicKeyInfo()), false);
226 BOOST_CHECK_EQUAL(Validator::verifySignature(*rsaCert, ecdsaCert->getPublicKeyInfo()), false);
227 BOOST_CHECK(Validator::verifySignature(*rsaCert, rsaCert->getPublicKeyInfo()));
228
229 BOOST_CHECK(Validator::verifySignature(*testDataEcdsa, ecdsaCert->getPublicKeyInfo()));
230 BOOST_CHECK_EQUAL(Validator::verifySignature(*testDataEcdsa, rsaCert->getPublicKeyInfo()), false);
231 BOOST_CHECK_EQUAL(Validator::verifySignature(*testDataRsa, ecdsaCert->getPublicKeyInfo()), false);
232 BOOST_CHECK(Validator::verifySignature(*testDataRsa, rsaCert->getPublicKeyInfo()));
233
234 BOOST_CHECK(Validator::verifySignature(*testInterestEcdsa, ecdsaCert->getPublicKeyInfo()));
235 BOOST_CHECK_EQUAL(Validator::verifySignature(*testInterestEcdsa, rsaCert->getPublicKeyInfo()),
236 false);
237 BOOST_CHECK_EQUAL(Validator::verifySignature(*testInterestRsa, ecdsaCert->getPublicKeyInfo()),
238 false);
239 BOOST_CHECK(Validator::verifySignature(*testInterestRsa, rsaCert->getPublicKeyInfo()));
Yingdi Yu5ec0ee32014-06-24 16:26:09 -0700[diff] [blame]240}
241
Junxiao Shi198c3812016-08-12 19:24:18 +0000[diff] [blame]242BOOST_AUTO_TEST_CASE(MalformedInterestSigInfo)
243{
244 auto interest = make_shared<Interest>("/prefix");
245 m_keyChain.sign(*interest);
246
247 setNameComponent(*interest, signed_interest::POS_SIG_INFO, "not-SignatureInfo");
248
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]249 v1::PublicKey pubkey = m_keyChain.getDefaultCertificate()->getPublicKeyInfo();
Junxiao Shi198c3812016-08-12 19:24:18 +0000[diff] [blame]250 BOOST_CHECK_EQUAL(Validator::verifySignature(*interest, pubkey), false);
251}
252
253BOOST_AUTO_TEST_CASE(MalformedInterestSigValue)
254{
255 auto interest = make_shared<Interest>("/prefix");
256 m_keyChain.sign(*interest);
257
258 setNameComponent(*interest, signed_interest::POS_SIG_VALUE, "bad-signature-bits");
259
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]260 v1::PublicKey pubkey = m_keyChain.getDefaultCertificate()->getPublicKeyInfo();
Junxiao Shi198c3812016-08-12 19:24:18 +0000[diff] [blame]261 BOOST_CHECK_EQUAL(Validator::verifySignature(*interest, pubkey), false);
262}
263
264BOOST_AUTO_TEST_SUITE_END() // TestValidator
265BOOST_AUTO_TEST_SUITE_END() // Security
Yingdi Yu9a335352014-01-31 11:57:46 -0800[diff] [blame]266
Spyridon Mastorakis429634f2015-02-19 17:35:33 -0800[diff] [blame]267} // namespace tests
Alexander Afanasyev2fa59392016-07-29 17:24:23 -0700[diff] [blame]268} // namespace security
Yingdi Yu9a335352014-01-31 11:57:46 -0800[diff] [blame]269} // namespace ndn