security: Add SignatureSha256
Change-Id: Id9a61f898d12a6b289a24adb594471b26d3513d6
diff --git a/src/security/certificate-cache-ttl.cpp b/src/security/certificate-cache-ttl.cpp
index 0892789..6f831d0 100644
--- a/src/security/certificate-cache-ttl.cpp
+++ b/src/security/certificate-cache-ttl.cpp
@@ -11,7 +11,7 @@
#include "../util/logging.hpp"
-INIT_LOGGER("CertificateCacheTtl")
+INIT_LOGGER("ndn.CertificateCacheTtl")
using namespace std;
diff --git a/src/security/certificate.cpp b/src/security/certificate.cpp
index f0dfdf2..0312fd5 100644
--- a/src/security/certificate.cpp
+++ b/src/security/certificate.cpp
@@ -19,7 +19,7 @@
#include "../encoding/cryptopp/asn_ext.hpp"
-INIT_LOGGER("ndn.security.Certificate");
+INIT_LOGGER("ndn.Certificate");
using namespace std;
diff --git a/src/security/key-chain.hpp b/src/security/key-chain.hpp
index e1fcb79..28642ae 100644
--- a/src/security/key-chain.hpp
+++ b/src/security/key-chain.hpp
@@ -12,9 +12,11 @@
#include "identity-certificate.hpp"
#include "public-key.hpp"
#include "signature-sha256-with-rsa.hpp"
+#include "signature-sha256.hpp"
#include "secured-bag.hpp"
#include "../interest.hpp"
#include "../util/random.hpp"
+#include "../util/crypto.hpp"
//PublicInfo
#include "sec-public-info-sqlite3.hpp"
@@ -288,7 +290,7 @@
// We either get or create the signing certificate, sign packet! (no exception unless fatal error in TPM)
sign(packet, signingCertificateName);
}
-
+
/**
* @brief Sign the byte array using the default certificate of a particular identity.
*
@@ -316,6 +318,24 @@
}
/**
+ * @brief Set Sha256 weak signature.
+ *
+ * @param data.
+ */
+ void
+ signWithSha256(Data& data)
+ {
+ SignatureSha256 sig;
+ data.setSignature(sig);
+
+ Block sigValue(Tlv::SignatureValue,
+ crypto::sha256(data.wireEncode().value(),
+ data.wireEncode().value_size() - data.getSignature().getValue().size()));
+ data.setSignatureValue(sigValue);
+
+ }
+
+ /**
* @brief Generate a self-signed certificate for a public key.
*
* @param keyName The name of the public key.
diff --git a/src/security/sec-public-info-sqlite3.cpp b/src/security/sec-public-info-sqlite3.cpp
index 3cf24a8..16041d3 100644
--- a/src/security/sec-public-info-sqlite3.cpp
+++ b/src/security/sec-public-info-sqlite3.cpp
@@ -26,7 +26,7 @@
-INIT_LOGGER("BasicKeyMetaInfo");
+INIT_LOGGER("ndn.SecPublicInfoSqlite3");
using namespace std;
diff --git a/src/security/sec-rule-relative.cpp b/src/security/sec-rule-relative.cpp
index db3e653..1fdfa7d 100644
--- a/src/security/sec-rule-relative.cpp
+++ b/src/security/sec-rule-relative.cpp
@@ -14,7 +14,7 @@
#include "../util/logging.hpp"
-INIT_LOGGER ("SecRuleRelative");
+INIT_LOGGER ("ndn.SecRuleRelative");
using namespace std;
diff --git a/src/security/sec-tpm-osx.cpp b/src/security/sec-tpm-osx.cpp
index 383f021..6436b5a 100644
--- a/src/security/sec-tpm-osx.cpp
+++ b/src/security/sec-tpm-osx.cpp
@@ -26,7 +26,7 @@
using namespace std;
-INIT_LOGGER("SecTpmOsx");
+INIT_LOGGER("ndn.SecTpmOsx");
namespace ndn {
diff --git a/src/security/signature-sha256-with-rsa.hpp b/src/security/signature-sha256-with-rsa.hpp
index c9db4a3..e04ef78 100644
--- a/src/security/signature-sha256-with-rsa.hpp
+++ b/src/security/signature-sha256-with-rsa.hpp
@@ -1,7 +1,6 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
/**
* Copyright (C) 2013 Regents of the University of California.
- * @author: Jeff Thompson <jefft0@remap.ucla.edu>
* See COPYING for copyright and distribution information.
*/
diff --git a/src/security/signature-sha256.hpp b/src/security/signature-sha256.hpp
new file mode 100644
index 0000000..99b550d
--- /dev/null
+++ b/src/security/signature-sha256.hpp
@@ -0,0 +1,38 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
+/**
+ * Copyright (C) 2013 Regents of the University of California.
+ * See COPYING for copyright and distribution information.
+ */
+
+#ifndef NDN_SECURITY_SIGNATURE_SHA256_HPP
+#define NDN_SECURITY_SIGNATURE_SHA256_HPP
+
+#include "../data.hpp"
+#include "../encoding/tlv.hpp"
+
+namespace ndn {
+
+/**
+ * Representing of SHA256 signature in a data packet.
+ */
+class SignatureSha256 : public Signature {
+public:
+ SignatureSha256()
+ {
+ info_ = Block(Tlv::SignatureInfo);
+
+ type_ = Signature::Sha256;
+ info_.push_back(nonNegativeIntegerBlock(Tlv::SignatureType, Tlv::DigestSha256));
+ }
+
+ SignatureSha256(const Signature &signature)
+ : Signature(signature)
+ {
+ if (getType() != Signature::Sha256)
+ throw Signature::Error("Incorrect signature type");
+ }
+};
+
+} // namespace ndn
+
+#endif //NDN_SECURITY_SIGNATURE_SHA256_HPP
diff --git a/src/security/validator-regex.cpp b/src/security/validator-regex.cpp
index 85fb534..ec22de8 100644
--- a/src/security/validator-regex.cpp
+++ b/src/security/validator-regex.cpp
@@ -13,7 +13,7 @@
#include "../util/logging.hpp"
-INIT_LOGGER("ndn::ValidatorRegex");
+INIT_LOGGER("ndn.ValidatorRegex");
using namespace std;
diff --git a/src/security/validator.cpp b/src/security/validator.cpp
index cabd082..1e5aedc 100644
--- a/src/security/validator.cpp
+++ b/src/security/validator.cpp
@@ -10,12 +10,16 @@
#include "validator.hpp"
#include "../util/logging.hpp"
+#include "../util/crypto.hpp"
#include <cryptopp/rsa.h>
+#include <cryptopp/files.h>
+#include <cryptopp/hex.h>
+
using namespace std;
-INIT_LOGGER("ndn::Validator");
+INIT_LOGGER("ndn.Validator");
namespace ndn {
@@ -137,7 +141,7 @@
}
bool
-Validator::verifySignature(const Interest &interest, const PublicKey &key)
+Validator::verifySignature(const Interest& interest, const PublicKey& key)
{
const Name &interestName = interest.getName();
@@ -181,7 +185,7 @@
}
bool
-Validator::verifySignature(const Buffer &data, const Signature &sig, const PublicKey &key)
+Validator::verifySignature(const Buffer& data, const Signature& sig, const PublicKey& key)
{
try
{
@@ -207,7 +211,7 @@
}
bool
-Validator::verifySignature(const uint8_t* buf, const size_t size, const SignatureSha256WithRsa &sig, const PublicKey &key)
+Validator::verifySignature(const uint8_t* buf, const size_t size, const SignatureSha256WithRsa& sig, const PublicKey& key)
{
try
{
@@ -229,4 +233,35 @@
}
}
+bool
+Validator::verifySignature(const uint8_t* buf, const size_t size, const SignatureSha256& sig)
+{
+ try
+ {
+ ConstBufferPtr buffer = crypto::sha256(buf, size);
+ const Block& sigValue = sig.getValue();
+
+ if(static_cast<bool>(buffer)
+ && buffer->size() == sigValue.value_size()
+ && buffer->size() == crypto::SHA256_DIGEST_LENGTH)
+ {
+
+ const uint8_t* p1 = buffer->buf();
+ const uint8_t* p2 = sigValue.value();
+
+ for(int i = 0; i < crypto::SHA256_DIGEST_LENGTH; i++)
+ if(p1[i] != p2[i])
+ return false;
+ return true;
+ }
+ else
+ return false;
+ }
+ catch(CryptoPP::Exception& e)
+ {
+ _LOG_DEBUG("verifySignature: " << e.what());
+ return false;
+ }
+}
+
} // namespace ndn
diff --git a/src/security/validator.hpp b/src/security/validator.hpp
index 4aae107..5147dd7 100644
--- a/src/security/validator.hpp
+++ b/src/security/validator.hpp
@@ -15,6 +15,7 @@
#include "../face.hpp"
#include "public-key.hpp"
#include "signature-sha256-with-rsa.hpp"
+#include "signature-sha256.hpp"
#include "validation-request.hpp"
namespace ndn {
@@ -59,15 +60,15 @@
/// @brief Verify the data using the publicKey.
static bool
- verifySignature (const Data &data, const PublicKey &publicKey);
+ verifySignature (const Data& data, const PublicKey& publicKey);
/// @brief Verify the signed Interest using the publicKey.
static bool
- verifySignature (const Interest &interest, const PublicKey &publicKey);
+ verifySignature (const Interest& interest, const PublicKey& publicKey);
/// @brief Verify the blob using the publicKey against the signature.
static bool
- verifySignature (const Buffer &blob, const Signature &sig, const PublicKey &publicKey);
+ verifySignature (const Buffer& blob, const Signature& sig, const PublicKey& publicKey);
/// @brief Verify the data using the publicKey against the SHA256-RSA signature.
static bool
@@ -78,13 +79,31 @@
/// @brief Verify the blob using the publicKey against the SHA256-RSA signature.
static bool
- verifySignature (const Buffer &blob, const SignatureSha256WithRsa &sig, const PublicKey &publicKey)
+ verifySignature (const Buffer& blob, const SignatureSha256WithRsa& sig, const PublicKey& publicKey)
{ return verifySignature (blob.buf(), blob.size(), sig, publicKey); }
/// @brief Verify the blob using the publicKey against the SHA256-RSA signature.
static bool
verifySignature (const uint8_t* buf, const size_t size, const SignatureSha256WithRsa &sig, const PublicKey &publicKey);
+
+ /// @brief Verify the data against the SHA256 signature.
+ static bool
+ verifySignature (const Data& data, const SignatureSha256& sig)
+ { return verifySignature (data.wireEncode().value(),
+ data.wireEncode().value_size() - data.getSignature().getValue().size(),
+ sig); }
+
+ /// @brief Verify the blob against the SHA256 signature.
+ static bool
+ verifySignature (const Buffer& blob, const SignatureSha256& sig)
+ { return verifySignature (blob.buf(), blob.size(), sig); }
+
+ /// @brief Verify the blob against the SHA256 signature.
+ static bool
+ verifySignature (const uint8_t* buf, const size_t size, const SignatureSha256& sig);
+
+
protected:
/**
* @brief Check the Data against validation policy and return the next validation step if necessary.