security: Validator::verifySignature don't throw on Interest with malformed signature
refs #3723
Change-Id: I7de6ab667ffbcc531a5ea8bccae1551e1699cefd
diff --git a/src/security/security-common.hpp b/src/security/security-common.hpp
index 8594581..542e169 100644
--- a/src/security/security-common.hpp
+++ b/src/security/security-common.hpp
@@ -33,8 +33,16 @@
const ssize_t POS_RANDOM_VAL = -3;
const ssize_t POS_TIMESTAMP = -4;
+/** \brief minimal number of components for Command Interest
+ * \sa https://redmine.named-data.net/projects/ndn-cxx/wiki/CommandInterest
+ */
const size_t MIN_LENGTH = 4;
+/** \brief minimal number of components for Signed Interest
+ * \sa https://redmine.named-data.net/projects/ndn-cxx/wiki/SignedInterest
+ */
+const size_t MIN_LENGTH_SIG_ONLY = 2;
+
} // namespace signed_interest
enum class KeyType {
diff --git a/src/security/validator.cpp b/src/security/validator.cpp
index 488d0d7..1ef7a05 100644
--- a/src/security/validator.cpp
+++ b/src/security/validator.cpp
@@ -22,8 +22,6 @@
* @author Jeff Thompson <jefft0@remap.ucla.edu>
*/
-#include "common.hpp"
-
#include "validator.hpp"
#include "../util/crypto.hpp"
@@ -115,27 +113,27 @@
bool
Validator::verifySignature(const Interest& interest, const PublicKey& key)
{
- const Name& interestName = interest.getName();
+ const Name& name = interest.getName();
- if (interestName.size() < 2)
+ if (name.size() < signed_interest::MIN_LENGTH_SIG_ONLY)
return false;
+ Signature sig;
try {
- const Block& nameBlock = interestName.wireEncode();
-
- Signature sig(interestName[signed_interest::POS_SIG_INFO].blockFromValue(),
- interestName[signed_interest::POS_SIG_VALUE].blockFromValue());
-
- if (!sig.hasKeyLocator())
- return false;
-
- return verifySignature(nameBlock.value(),
- nameBlock.value_size() - interestName[signed_interest::POS_SIG_VALUE].size(),
- sig, key);
+ sig.setInfo(name[signed_interest::POS_SIG_INFO].blockFromValue());
+ sig.setValue(name[signed_interest::POS_SIG_VALUE].blockFromValue());
}
- catch (const Block::Error& e) {
+ catch (const tlv::Error&) {
return false;
}
+
+ if (!sig.hasKeyLocator())
+ return false;
+
+ const Block& nameWire = name.wireEncode();
+ return verifySignature(nameWire.value(),
+ nameWire.value_size() - name[signed_interest::POS_SIG_VALUE].size(),
+ sig, key);
}
bool
diff --git a/src/security/validator.hpp b/src/security/validator.hpp
index bf8e1ca..1f06c83 100644
--- a/src/security/validator.hpp
+++ b/src/security/validator.hpp
@@ -25,9 +25,6 @@
#ifndef NDN_SECURITY_VALIDATOR_HPP
#define NDN_SECURITY_VALIDATOR_HPP
-#include "../common.hpp"
-
-#include "../data.hpp"
#include "../face.hpp"
#include "public-key.hpp"
#include "signature-sha256-with-rsa.hpp"
@@ -39,9 +36,7 @@
namespace ndn {
/**
- * @brief Validator is one of the main classes of the security library.
- *
- * The Validator class provides the interfaces for packet validation.
+ * @brief provides the interfaces for packet validation.
*/
class Validator
{