security: Support ECDSA verification in all related classes.
This commit also addresses some old issues, such as "using namespace std".
Change-Id: I62b8ff97fb2b6f6cfe04b0ad5866bc0797e6e43b
Refs: #1660
diff --git a/tests/integrated/test-validator-config.cpp b/tests/integrated/test-validator-config.cpp
index eb3f4bf..34f8fee 100644
--- a/tests/integrated/test-validator-config.cpp
+++ b/tests/integrated/test-validator-config.cpp
@@ -1544,6 +1544,107 @@
boost::filesystem::remove(CERT_PATH4);
}
+BOOST_AUTO_TEST_CASE(FixedSignerChecker2)
+{
+ KeyChain keyChain("sqlite3", "file");
+
+ Name rsaIdentity("/TestValidatorConfig/FixedSignerChecker2/Rsa");
+ Name rsaCertName = keyChain.createIdentity(rsaIdentity);
+
+ EcdsaKeyParams params;
+ Name ecdsaIdentity("/TestValidatorConfig/FixedSignerChecker2/Ecdsa");
+ Name ecdsaCertName = keyChain.createIdentity(ecdsaIdentity, params);
+ shared_ptr<IdentityCertificate> ecdsaCert = keyChain.getCertificate(ecdsaCertName);
+ io::save(*ecdsaCert, "trust-anchor-11.cert");
+
+
+ Name dataName("/TestValidatorConfig/FixedSignerChecker2");
+ shared_ptr<Data> dataRsa = make_shared<Data>(dataName);
+ keyChain.signByIdentity(*dataRsa, rsaIdentity);
+ shared_ptr<Data> dataEcdsa = make_shared<Data>(dataName);
+ keyChain.signByIdentity(*dataEcdsa, ecdsaIdentity);
+
+ shared_ptr<Interest> interestRsa = make_shared<Interest>(dataName);
+ keyChain.signByIdentity(*interestRsa, rsaIdentity);
+ shared_ptr<Interest> interestEcdsa = make_shared<Interest>(dataName);
+ keyChain.signByIdentity(*interestEcdsa, ecdsaIdentity);
+
+ const std::string CONFIG =
+ "rule\n"
+ "{\n"
+ " id \"FixedSignerChecker Data Rule\"\n"
+ " for data\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " name /TestValidatorConfig/FixedSignerChecker2\n"
+ " relation equal\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type fixed-signer\n"
+ " sig-type ecdsa-sha256\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-11.cert\"\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "rule\n"
+ "{\n"
+ " id \"FixedSignerChecker Interest Rule\"\n"
+ " for interest\n"
+ " filter"
+ " {\n"
+ " type name\n"
+ " name /TestValidatorConfig/FixedSignerChecker2\n"
+ " relation equal\n"
+ " }\n"
+ " checker\n"
+ " {\n"
+ " type fixed-signer\n"
+ " sig-type ecdsa-sha256\n"
+ " signer\n"
+ " {\n"
+ " type file\n"
+ " file-name \"trust-anchor-11.cert\"\n"
+ " }\n"
+ " }\n"
+ "}\n";
+ const boost::filesystem::path CONFIG_PATH =
+ (boost::filesystem::current_path() / std::string("unit-test.conf"));
+
+
+ Face face;
+ ValidatorConfig validator(face);
+ validator.load(CONFIG, CONFIG_PATH.native());
+
+ validator.validate(*dataEcdsa,
+ bind(&onValidated, _1),
+ bind(&onValidationFailed, _1, _2));
+
+ validator.validate(*dataRsa,
+ bind(&onIntentionalFailureValidated, _1),
+ bind(&onIntentionalFailureInvalidated, _1, _2));
+
+ validator.validate(*interestEcdsa,
+ bind(&onValidated2, _1),
+ bind(&onValidationFailed2, _1, _2));
+
+ validator.validate(*interestRsa,
+ bind(&onIntentionalFailureValidated2, _1),
+ bind(&onIntentionalFailureInvalidated2, _1, _2));
+
+
+ keyChain.deleteIdentity(rsaIdentity);
+ keyChain.deleteIdentity(ecdsaIdentity);
+
+ const boost::filesystem::path CERT_PATH =
+ (boost::filesystem::current_path() / std::string("trust-anchor-11.cert"));
+ boost::filesystem::remove(CERT_PATH);
+}
+
BOOST_AUTO_TEST_SUITE_END()
diff --git a/tests/unit-tests/security/test-conf-checker.cpp b/tests/unit-tests/security/test-conf-checker.cpp
new file mode 100644
index 0000000..9135a50
--- /dev/null
+++ b/tests/unit-tests/security/test-conf-checker.cpp
@@ -0,0 +1,552 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2014 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#include "security/conf/checker.hpp"
+#include "security/key-chain.hpp"
+#include "boost-test.hpp"
+
+namespace ndn {
+
+BOOST_AUTO_TEST_SUITE(SecurityTestConfChecker)
+
+void
+interestChecked(const shared_ptr<const Interest>& interest)
+{
+ BOOST_CHECK(true);
+}
+
+void
+interestCheckFailed(const shared_ptr<const Interest>& interest,
+ const std::string& failureInfo)
+{
+ std::cerr << failureInfo << std::endl;
+ BOOST_CHECK(false);
+}
+
+void
+interestCheckedFalse(const shared_ptr<const Interest>& interest)
+{
+ BOOST_CHECK(false);
+}
+
+void
+interestCheckFailedFalse(const shared_ptr<const Interest>& interest,
+ const std::string& failureInfo)
+{
+ BOOST_CHECK(true);
+}
+
+void
+dataChecked(const shared_ptr<const Data>& interest)
+{
+ BOOST_CHECK(true);
+}
+
+void
+dataCheckFailed(const shared_ptr<const Data>& interest,
+ const std::string& failureInfo)
+{
+ std::cerr << failureInfo << std::endl;
+ BOOST_CHECK(false);
+}
+
+void
+dataCheckedFalse(const shared_ptr<const Data>& interest)
+{
+ BOOST_CHECK(false);
+}
+
+void
+dataCheckFailedFalse(const shared_ptr<const Data>& interest,
+ const std::string& failureInfo)
+{
+ BOOST_CHECK(true);
+}
+
+
+BOOST_AUTO_TEST_CASE(CustomizedCheckerTest1)
+{
+ using security::conf::CustomizedChecker;
+ using security::conf::KeyLocatorChecker;
+ using security::conf::RelationKeyLocatorNameChecker;
+
+ KeyChain keyChain("sqlite3", "file");
+
+ Name identity("/SecurityTestConfChecker/CustomizedCheckerTest1");
+ Name certName = keyChain.createIdentity(identity);
+
+ Name identity2("/SecurityTestConfChecker/CustomizedCheckerTest1Wrong");
+ Name certName2 = keyChain.createIdentity(identity2);
+
+ Name packetName("/SecurityTestConfChecker/CustomizedCheckerTest1/Data");
+ shared_ptr<Data> data1 = make_shared<Data>(packetName);
+ keyChain.signByIdentity(*data1, identity);
+
+ shared_ptr<Data> data2 = make_shared<Data>(packetName);
+ keyChain.signByIdentity(*data2, identity2);
+
+ shared_ptr<Interest> interest1 = make_shared<Interest>(packetName);
+ keyChain.signByIdentity(*interest1, identity);
+
+ shared_ptr<Interest> interest2 = make_shared<Interest>(packetName);
+ keyChain.signByIdentity(*interest2, identity2);
+
+ int8_t result = 0;
+
+
+ shared_ptr<RelationKeyLocatorNameChecker> keyLocatorCheckerEqual1 =
+ make_shared<RelationKeyLocatorNameChecker>(certName.getPrefix(-1),
+ KeyLocatorChecker::RELATION_EQUAL);
+ CustomizedChecker checker1(Tlv::SignatureSha256WithRsa, keyLocatorCheckerEqual1);
+
+ result = checker1.check(*data1,
+ bind(dataChecked, _1),
+ bind(dataCheckFailed, _1, _2));
+ BOOST_CHECK_EQUAL(result, 0);
+
+ result = checker1.check(*data2,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+ result = checker1.check(*interest1,
+ bind(interestChecked, _1),
+ bind(interestCheckFailed, _1, _2));
+ BOOST_CHECK_EQUAL(result, 0);
+
+ result = checker1.check(*interest2,
+ bind(interestCheckedFalse, _1),
+ bind(interestCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+
+ shared_ptr<RelationKeyLocatorNameChecker> keyLocatorCheckerEqual2 =
+ make_shared<RelationKeyLocatorNameChecker>(identity,
+ KeyLocatorChecker::RELATION_EQUAL);
+ CustomizedChecker checker2(Tlv::SignatureSha256WithRsa, keyLocatorCheckerEqual2);
+
+ result = checker2.check(*data1,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+ result = checker2.check(*interest1,
+ bind(interestCheckedFalse, _1),
+ bind(interestCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+
+ shared_ptr<RelationKeyLocatorNameChecker> keyLocatorCheckerPrefix1 =
+ make_shared<RelationKeyLocatorNameChecker>(certName.getPrefix(-1),
+ KeyLocatorChecker::RELATION_IS_PREFIX_OF);
+ CustomizedChecker checker3(Tlv::SignatureSha256WithRsa, keyLocatorCheckerPrefix1);
+
+ result = checker3.check(*data1,
+ bind(dataChecked, _1),
+ bind(dataCheckFailed, _1, _2));
+ BOOST_CHECK_EQUAL(result, 0);
+
+ result = checker3.check(*data2,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+
+ shared_ptr<RelationKeyLocatorNameChecker> keyLocatorCheckerPrefix2 =
+ make_shared<RelationKeyLocatorNameChecker>(identity,
+ KeyLocatorChecker::RELATION_IS_PREFIX_OF);
+ CustomizedChecker checker4(Tlv::SignatureSha256WithRsa, keyLocatorCheckerPrefix2);
+
+ result = checker4.check(*data1,
+ bind(dataChecked, _1),
+ bind(dataCheckFailed, _1, _2));
+ BOOST_CHECK_EQUAL(result, 0);
+
+ result = checker4.check(*data2,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+
+ shared_ptr<RelationKeyLocatorNameChecker> keyLocatorCheckerStrict1 =
+ make_shared<RelationKeyLocatorNameChecker>(certName.getPrefix(-1),
+ KeyLocatorChecker::RELATION_IS_STRICT_PREFIX_OF);
+ CustomizedChecker checker5(Tlv::SignatureSha256WithRsa, keyLocatorCheckerStrict1);
+
+ result = checker5.check(*data1,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+ result = checker5.check(*data2,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+ shared_ptr<RelationKeyLocatorNameChecker> keyLocatorCheckerStrict2 =
+ make_shared<RelationKeyLocatorNameChecker>(identity,
+ KeyLocatorChecker::RELATION_IS_STRICT_PREFIX_OF);
+ CustomizedChecker checker6(Tlv::SignatureSha256WithRsa, keyLocatorCheckerStrict2);
+
+ result = checker6.check(*data1,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, 0);
+
+ result = checker6.check(*data2,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+
+ keyChain.deleteIdentity(identity);
+ keyChain.deleteIdentity(identity2);
+}
+
+BOOST_AUTO_TEST_CASE(CustomizedCheckerTest2)
+{
+ using security::conf::CustomizedChecker;
+ using security::conf::KeyLocatorChecker;
+ using security::conf::RegexKeyLocatorNameChecker;
+
+ KeyChain keyChain("sqlite3", "file");
+
+ Name identity("/SecurityTestConfChecker/CustomizedCheckerTest2");
+ Name certName = keyChain.createIdentity(identity);
+
+ Name identity2("/SecurityTestConfChecker/CustomizedCheckerTest2Wrong");
+ Name certName2 = keyChain.createIdentity(identity2);
+
+ Name packetName("/SecurityTestConfChecker/CustomizedCheckerTest2/Data");
+ shared_ptr<Data> data1 = make_shared<Data>(packetName);
+ keyChain.signByIdentity(*data1, identity);
+
+ shared_ptr<Data> data2 = make_shared<Data>(packetName);
+ keyChain.signByIdentity(*data2, identity2);
+
+ shared_ptr<Interest> interest1 = make_shared<Interest>(packetName);
+ keyChain.signByIdentity(*interest1, identity);
+
+ shared_ptr<Interest> interest2 = make_shared<Interest>(packetName);
+ keyChain.signByIdentity(*interest2, identity2);
+
+ int8_t result = 0;
+
+
+ shared_ptr<RegexKeyLocatorNameChecker> keyLocatorCheckerRegex1 =
+ make_shared<RegexKeyLocatorNameChecker>(
+ Regex("^<SecurityTestConfChecker><CustomizedCheckerTest2>"));
+ CustomizedChecker checker1(Tlv::SignatureSha256WithRsa, keyLocatorCheckerRegex1);
+
+ result = checker1.check(*data1,
+ bind(dataChecked, _1),
+ bind(dataCheckFailed, _1, _2));
+ BOOST_CHECK_EQUAL(result, 0);
+
+ result = checker1.check(*data2,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+ result = checker1.check(*interest1,
+ bind(interestChecked, _1),
+ bind(interestCheckFailed, _1, _2));
+ BOOST_CHECK_EQUAL(result, 0);
+
+ result = checker1.check(*interest2,
+ bind(interestCheckedFalse, _1),
+ bind(interestCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+ keyChain.deleteIdentity(identity);
+ keyChain.deleteIdentity(identity2);
+}
+
+BOOST_AUTO_TEST_CASE(CustomizedCheckerTest3)
+{
+ using security::conf::CustomizedChecker;
+ using security::conf::KeyLocatorChecker;
+ using security::conf::RegexKeyLocatorNameChecker;
+
+ KeyChain keyChain("sqlite3", "file");
+
+ EcdsaKeyParams params;
+
+ Name identity("/SecurityTestConfChecker/CustomizedCheckerTest3");
+ Name certName = keyChain.createIdentity(identity, params);
+
+ Name identity2("/SecurityTestConfChecker/CustomizedCheckerTest3Wrong");
+ Name certName2 = keyChain.createIdentity(identity2, params);
+
+ Name packetName("/SecurityTestConfChecker/CustomizedCheckerTest3/Data");
+ shared_ptr<Data> data1 = make_shared<Data>(packetName);
+ keyChain.signByIdentity(*data1, identity);
+
+ shared_ptr<Data> data2 = make_shared<Data>(packetName);
+ keyChain.signByIdentity(*data2, identity2);
+
+ shared_ptr<Interest> interest1 = make_shared<Interest>(packetName);
+ keyChain.signByIdentity(*interest1, identity);
+
+ shared_ptr<Interest> interest2 = make_shared<Interest>(packetName);
+ keyChain.signByIdentity(*interest2, identity2);
+
+ int8_t result = 0;
+
+
+ shared_ptr<RegexKeyLocatorNameChecker> keyLocatorCheckerRegex1 =
+ make_shared<RegexKeyLocatorNameChecker>(
+ Regex("^<SecurityTestConfChecker><CustomizedCheckerTest3>"));
+ CustomizedChecker checker1(Tlv::SignatureSha256WithEcdsa, keyLocatorCheckerRegex1);
+
+ result = checker1.check(*data1,
+ bind(dataChecked, _1),
+ bind(dataCheckFailed, _1, _2));
+ BOOST_CHECK_EQUAL(result, 0);
+
+ result = checker1.check(*data2,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+ result = checker1.check(*interest1,
+ bind(interestChecked, _1),
+ bind(interestCheckFailed, _1, _2));
+ BOOST_CHECK_EQUAL(result, 0);
+
+ result = checker1.check(*interest2,
+ bind(interestCheckedFalse, _1),
+ bind(interestCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+
+ CustomizedChecker checker2(Tlv::SignatureSha256WithRsa, keyLocatorCheckerRegex1);
+
+ result = checker2.check(*data1,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+
+ keyChain.deleteIdentity(identity);
+ keyChain.deleteIdentity(identity2);
+}
+
+BOOST_AUTO_TEST_CASE(HierarchicalCheckerTest1)
+{
+ using security::conf::HierarchicalChecker;
+
+ KeyChain keyChain("sqlite3", "file");
+
+ EcdsaKeyParams params;
+
+ Name identity("/SecurityTestConfChecker/HierarchicalCheckerTest1");
+ Name certName = keyChain.createIdentity(identity, params);
+
+ Name identity2("/SecurityTestConfChecker/HierarchicalCheckerTest1/Data");
+ Name certName2 = keyChain.createIdentity(identity2);
+
+ Name packetName("/SecurityTestConfChecker/HierarchicalCheckerTest1/Data");
+ Name packetName2("/SecurityTestConfChecker");
+ Name packetName3("/SecurityTestConfChecker/HierarchicalCheckerTest1");
+
+ shared_ptr<Data> data1 = make_shared<Data>(packetName);
+ keyChain.signByIdentity(*data1, identity);
+
+ shared_ptr<Data> data2 = make_shared<Data>(packetName2);
+ keyChain.signByIdentity(*data2, identity);
+
+ shared_ptr<Data> data3 = make_shared<Data>(packetName3);
+ keyChain.signByIdentity(*data3, identity);
+
+ shared_ptr<Data> data4 = make_shared<Data>(packetName);
+ keyChain.signByIdentity(*data4, identity2);
+
+ shared_ptr<Data> data5 = make_shared<Data>(packetName2);
+ keyChain.signByIdentity(*data5, identity2);
+
+ shared_ptr<Data> data6 = make_shared<Data>(packetName3);
+ keyChain.signByIdentity(*data6, identity2);
+
+ int8_t result = 0;
+
+ HierarchicalChecker checker1(Tlv::SignatureSha256WithEcdsa);
+
+ result = checker1.check(*data1,
+ bind(dataChecked, _1),
+ bind(dataCheckFailed, _1, _2));
+ BOOST_CHECK_EQUAL(result, 0);
+
+ result = checker1.check(*data2,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+ result = checker1.check(*data3,
+ bind(dataChecked, _1),
+ bind(dataCheckFailed, _1, _2));
+ BOOST_CHECK_EQUAL(result, 0);
+
+ result = checker1.check(*data4,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+ result = checker1.check(*data5,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+ result = checker1.check(*data6,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+
+ HierarchicalChecker checker2(Tlv::SignatureSha256WithRsa);
+
+ result = checker2.check(*data1,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+ result = checker2.check(*data2,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+ result = checker2.check(*data3,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+ result = checker2.check(*data4,
+ bind(dataChecked, _1),
+ bind(dataCheckFailed, _1, _2));
+ BOOST_CHECK_EQUAL(result, 0);
+
+ result = checker2.check(*data5,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+ result = checker2.check(*data6,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+
+ keyChain.deleteIdentity(identity);
+ keyChain.deleteIdentity(identity2);
+}
+
+BOOST_AUTO_TEST_CASE(FixedSignerCheckerTest1)
+{
+ using security::conf::FixedSignerChecker;
+
+ KeyChain keyChain("sqlite3", "file");
+
+ EcdsaKeyParams params;
+
+ Name identity("/SecurityTestConfChecker/FixedSignerCheckerTest1");
+ Name certName = keyChain.createIdentity(identity, params);
+ shared_ptr<IdentityCertificate> cert1 = keyChain.getCertificate(certName);
+
+ Name identity2("/SecurityTestConfChecker/FixedSignerCheckerTest1Wrong");
+ Name certName2 = keyChain.createIdentity(identity2);
+ shared_ptr<IdentityCertificate> cert2 = keyChain.getCertificate(certName2);
+
+ Name packetName("/Test/Data");
+
+ shared_ptr<Data> data1 = make_shared<Data>(packetName);
+ keyChain.signByIdentity(*data1, identity);
+
+ shared_ptr<Data> data2 = make_shared<Data>(packetName);
+ keyChain.signByIdentity(*data2, identity2);
+
+ std::vector<shared_ptr<IdentityCertificate> > certSet1;
+ certSet1.push_back(cert1);
+
+ std::vector<shared_ptr<IdentityCertificate> > certSet2;
+ certSet2.push_back(cert2);
+
+
+ int8_t result = 0;
+
+ FixedSignerChecker checker1(Tlv::SignatureSha256WithEcdsa, certSet1);
+
+ result = checker1.check(*data1,
+ bind(dataChecked, _1),
+ bind(dataCheckFailed, _1, _2));
+ BOOST_CHECK_EQUAL(result, 1);
+
+ result = checker1.check(*data2,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+
+ FixedSignerChecker checker2(Tlv::SignatureSha256WithRsa, certSet1);
+
+ result = checker2.check(*data1,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+ result = checker2.check(*data2,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+
+ FixedSignerChecker checker3(Tlv::SignatureSha256WithEcdsa, certSet2);
+
+ result = checker3.check(*data1,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+ result = checker3.check(*data2,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+
+ FixedSignerChecker checker4(Tlv::SignatureSha256WithRsa, certSet2);
+
+ result = checker4.check(*data1,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+ result = checker4.check(*data2,
+ bind(dataChecked, _1),
+ bind(dataCheckFailed, _1, _2));
+ BOOST_CHECK_EQUAL(result, 1);
+
+
+ keyChain.deleteIdentity(identity);
+ keyChain.deleteIdentity(identity2);
+}
+
+BOOST_AUTO_TEST_SUITE_END()
+
+} // namespace ndn
diff --git a/tests/unit-tests/security/test-keychain.cpp b/tests/unit-tests/security/test-keychain.cpp
index 1149dce..dad7e75 100644
--- a/tests/unit-tests/security/test-keychain.cpp
+++ b/tests/unit-tests/security/test-keychain.cpp
@@ -24,11 +24,11 @@
#include "boost-test.hpp"
-using namespace std;
-
namespace ndn {
namespace tests {
+using std::vector;
+
class KeychainConfigFileFixture
{
public:
@@ -116,29 +116,29 @@
keyChain.deleteIdentity(identity);
- BOOST_REQUIRE(keyChain.doesIdentityExist(identity) == false);
- BOOST_REQUIRE(keyChain.doesPublicKeyExist(keyName) == false);
- BOOST_REQUIRE(keyChain.doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE) == false);
- BOOST_REQUIRE(keyChain.doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC) == false);
- BOOST_REQUIRE(keyChain.doesCertificateExist(certName) == false);
+ BOOST_CHECK_EQUAL(keyChain.doesIdentityExist(identity), false);
+ BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName), false);
+ BOOST_CHECK_EQUAL(keyChain.doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE), false);
+ BOOST_CHECK_EQUAL(keyChain.doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC), false);
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName), false);
SecuredBag imported;
imported.wireDecode(block);
keyChain.importIdentity(imported, "1234");
- BOOST_REQUIRE(keyChain.doesIdentityExist(identity));
- BOOST_REQUIRE(keyChain.doesPublicKeyExist(keyName));
- BOOST_REQUIRE(keyChain.doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE));
- BOOST_REQUIRE(keyChain.doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC));
- BOOST_REQUIRE(keyChain.doesCertificateExist(certName));
+ BOOST_CHECK(keyChain.doesIdentityExist(identity));
+ BOOST_CHECK(keyChain.doesPublicKeyExist(keyName));
+ BOOST_CHECK(keyChain.doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE));
+ BOOST_CHECK(keyChain.doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC));
+ BOOST_CHECK(keyChain.doesCertificateExist(certName));
keyChain.deleteIdentity(identity);
- BOOST_REQUIRE(keyChain.doesIdentityExist(identity) == false);
- BOOST_REQUIRE(keyChain.doesPublicKeyExist(keyName) == false);
- BOOST_REQUIRE(keyChain.doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE) == false);
- BOOST_REQUIRE(keyChain.doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC) == false);
- BOOST_REQUIRE(keyChain.doesCertificateExist(certName) == false);
+ BOOST_CHECK_EQUAL(keyChain.doesIdentityExist(identity), false);
+ BOOST_CHECK_EQUAL(keyChain.doesPublicKeyExist(keyName), false);
+ BOOST_CHECK_EQUAL(keyChain.doesKeyExistInTpm(keyName, KEY_CLASS_PRIVATE), false);
+ BOOST_CHECK_EQUAL(keyChain.doesKeyExistInTpm(keyName, KEY_CLASS_PUBLIC), false);
+ BOOST_CHECK_EQUAL(keyChain.doesCertificateExist(certName), false);
}
BOOST_AUTO_TEST_CASE(PrepareIdentityCertificate)
@@ -154,14 +154,14 @@
Name lowerIdentity = identity;
lowerIdentity.append("Lower").appendVersion();
Name lowerKeyName = keyChain.generateRsaKeyPair(lowerIdentity, true);
- shared_ptr<IdentityCertificate> idCert
- = keyChain.prepareUnsignedIdentityCertificate(lowerKeyName, identity,
- time::system_clock::now(),
- time::system_clock::now() + time::days(365),
- subjectDescription);
+ shared_ptr<IdentityCertificate> idCert =
+ keyChain.prepareUnsignedIdentityCertificate(lowerKeyName, identity,
+ time::system_clock::now(),
+ time::system_clock::now() + time::days(365),
+ subjectDescription);
BOOST_CHECK(static_cast<bool>(idCert));
- BOOST_CHECK(idCert->getName().getPrefix(5) ==
- Name().append(identity).append("KEY").append("Lower"));
+ BOOST_CHECK_EQUAL(idCert->getName().getPrefix(5),
+ Name().append(identity).append("KEY").append("Lower"));
shared_ptr<IdentityCertificate> idCert11 =
keyChain.prepareUnsignedIdentityCertificate(lowerKeyName, identity,
@@ -170,46 +170,46 @@
subjectDescription,
lowerIdentity);
BOOST_CHECK(static_cast<bool>(idCert11));
- BOOST_CHECK(idCert11->getName().getPrefix(6) ==
+ BOOST_CHECK_EQUAL(idCert11->getName().getPrefix(6),
Name().append(lowerIdentity).append("KEY"));
Name anotherIdentity("/TestKeyChain/PrepareIdentityCertificate/Another/");
anotherIdentity.appendVersion();
Name anotherKeyName = keyChain.generateRsaKeyPair(anotherIdentity, true);
- shared_ptr<IdentityCertificate> idCert2
- = keyChain.prepareUnsignedIdentityCertificate(anotherKeyName, identity,
- time::system_clock::now(),
- time::system_clock::now() + time::days(365),
- subjectDescription);
+ shared_ptr<IdentityCertificate> idCert2 =
+ keyChain.prepareUnsignedIdentityCertificate(anotherKeyName, identity,
+ time::system_clock::now(),
+ time::system_clock::now() + time::days(365),
+ subjectDescription);
BOOST_CHECK(static_cast<bool>(idCert2));
- BOOST_CHECK(idCert2->getName().getPrefix(5) == Name().append(anotherIdentity).append("KEY"));
+ BOOST_CHECK_EQUAL(idCert2->getName().getPrefix(5), Name().append(anotherIdentity).append("KEY"));
Name wrongKeyName1;
- shared_ptr<IdentityCertificate> idCert3
- = keyChain.prepareUnsignedIdentityCertificate(wrongKeyName1, identity,
- time::system_clock::now(),
- time::system_clock::now() + time::days(365),
- subjectDescription);
- BOOST_CHECK(!static_cast<bool>(idCert3));
+ shared_ptr<IdentityCertificate> idCert3 =
+ keyChain.prepareUnsignedIdentityCertificate(wrongKeyName1, identity,
+ time::system_clock::now(),
+ time::system_clock::now() + time::days(365),
+ subjectDescription);
+ BOOST_CHECK_EQUAL(static_cast<bool>(idCert3), false);
Name wrongKeyName2("/TestKeyChain/PrepareIdentityCertificate");
- shared_ptr<IdentityCertificate> idCert4
- = keyChain.prepareUnsignedIdentityCertificate(wrongKeyName2, identity,
- time::system_clock::now(),
- time::system_clock::now() + time::days(365),
- subjectDescription);
- BOOST_CHECK(!static_cast<bool>(idCert4));
+ shared_ptr<IdentityCertificate> idCert4 =
+ keyChain.prepareUnsignedIdentityCertificate(wrongKeyName2, identity,
+ time::system_clock::now(),
+ time::system_clock::now() + time::days(365),
+ subjectDescription);
+ BOOST_CHECK_EQUAL(static_cast<bool>(idCert4), false);
Name wrongKeyName3("/TestKeyChain/PrepareIdentityCertificate/ksk-1234");
- shared_ptr<IdentityCertificate> idCert5
- = keyChain.prepareUnsignedIdentityCertificate(wrongKeyName3, identity,
- time::system_clock::now(),
- time::system_clock::now() + time::days(365),
- subjectDescription);
- BOOST_CHECK(!static_cast<bool>(idCert5));
+ shared_ptr<IdentityCertificate> idCert5 =
+ keyChain.prepareUnsignedIdentityCertificate(wrongKeyName3, identity,
+ time::system_clock::now(),
+ time::system_clock::now() + time::days(365),
+ subjectDescription);
+ BOOST_CHECK_EQUAL(static_cast<bool>(idCert5), false);
keyChain.deleteIdentity(identity);
keyChain.deleteIdentity(lowerIdentity);
diff --git a/tests/unit-tests/security/test-sec-rule.cpp b/tests/unit-tests/security/test-sec-rule.cpp
new file mode 100644
index 0000000..8686b2d
--- /dev/null
+++ b/tests/unit-tests/security/test-sec-rule.cpp
@@ -0,0 +1,101 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2014 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#include "security/sec-rule-specific.hpp"
+#include "security/sec-rule-relative.hpp"
+#include "security/key-chain.hpp"
+
+#include "boost-test.hpp"
+
+namespace ndn {
+
+BOOST_AUTO_TEST_SUITE(SecurityTestSecRule)
+
+BOOST_AUTO_TEST_CASE(SecRuleSpecificTest)
+{
+ KeyChain keyChain("sqlite3", "file");
+
+ Name rsaIdentity("/SecurityTestSecRule/Basic/Rsa");
+ keyChain.createIdentity(rsaIdentity);
+ Name ecdsaIdentity("/SecurityTestSecRule/Basic/Ecdsa");
+ keyChain.createIdentity(ecdsaIdentity);
+
+ Name dataName("SecurityTestSecRule/Basic");
+ Data rsaData(dataName);
+ keyChain.signByIdentity(rsaData, rsaIdentity);
+ Data ecdsaData(dataName);
+ keyChain.signByIdentity(ecdsaData, ecdsaIdentity);
+ Data sha256Data(dataName);
+ keyChain.signWithSha256(sha256Data);
+
+ shared_ptr<Regex> dataRegex =
+ make_shared<Regex>("^<SecurityTestSecRule><Basic>$");
+ shared_ptr<Regex> signerRegex =
+ make_shared<Regex>("^<SecurityTestSecRule><Basic><><KEY><><>$");
+
+ SecRuleSpecific rule(dataRegex, signerRegex);
+ BOOST_CHECK(rule.satisfy(rsaData));
+ BOOST_CHECK(rule.satisfy(ecdsaData));
+ BOOST_CHECK_EQUAL(rule.satisfy(sha256Data), false);
+
+ BOOST_CHECK(rule.matchSignerName(rsaData));
+ BOOST_CHECK(rule.matchSignerName(ecdsaData));
+ BOOST_CHECK_EQUAL(rule.matchSignerName(sha256Data), false);
+
+ keyChain.deleteIdentity(rsaIdentity);
+ keyChain.deleteIdentity(ecdsaIdentity);
+}
+
+BOOST_AUTO_TEST_CASE(SecRuleRelativeTest)
+{
+ KeyChain keyChain("sqlite3", "file");
+
+ Name rsaIdentity("/SecurityTestSecRule/Basic/Rsa");
+ keyChain.createIdentity(rsaIdentity);
+ Name ecdsaIdentity("/SecurityTestSecRule/Basic/Ecdsa");
+ keyChain.createIdentity(ecdsaIdentity);
+
+ Name dataName("SecurityTestSecRule/Basic");
+ Data rsaData(dataName);
+ keyChain.signByIdentity(rsaData, rsaIdentity);
+ Data ecdsaData(dataName);
+ keyChain.signByIdentity(ecdsaData, ecdsaIdentity);
+ Data sha256Data(dataName);
+ keyChain.signWithSha256(sha256Data);
+
+ SecRuleRelative rule("^(<SecurityTestSecRule><Basic>)$",
+ "^(<SecurityTestSecRule><Basic>)<><KEY><><>$",
+ "==", "\\1", "\\1", true);
+ BOOST_CHECK(rule.satisfy(rsaData));
+ BOOST_CHECK(rule.satisfy(ecdsaData));
+ BOOST_CHECK_EQUAL(rule.satisfy(sha256Data), false);
+
+ BOOST_CHECK(rule.matchSignerName(rsaData));
+ BOOST_CHECK(rule.matchSignerName(ecdsaData));
+ BOOST_CHECK_EQUAL(rule.matchSignerName(sha256Data), false);
+
+ keyChain.deleteIdentity(rsaIdentity);
+ keyChain.deleteIdentity(ecdsaIdentity);
+}
+
+BOOST_AUTO_TEST_SUITE_END()
+
+} // namespace ndn
diff --git a/tests/unit-tests/security/test-validator.cpp b/tests/unit-tests/security/test-validator.cpp
index bd91280..f917ae7 100644
--- a/tests/unit-tests/security/test-validator.cpp
+++ b/tests/unit-tests/security/test-validator.cpp
@@ -25,10 +25,10 @@
#include "boost-test.hpp"
-using namespace std;
-
namespace ndn {
+using std::string;
+
BOOST_AUTO_TEST_SUITE(SecurityTestValidator)
void
@@ -204,6 +204,52 @@
keyChain.deleteIdentity(identity2);
}
+BOOST_AUTO_TEST_CASE(EcdsaSignatureVerification2)
+{
+ KeyChain keyChain("sqlite3", "file");
+
+ EcdsaKeyParams params;
+
+ Name ecdsaIdentity("/SecurityTestValidator/EcdsaSignatureVerification2/ecdsa");
+ Name ecdsaCertName = keyChain.createIdentity(ecdsaIdentity, params);
+ shared_ptr<IdentityCertificate> ecdsaCert = keyChain.getCertificate(ecdsaCertName);
+
+ Name rsaIdentity("/SecurityTestValidator/EcdsaSignatureVerification2/rsa");
+ Name rsaCertName = keyChain.createIdentity(rsaIdentity);
+ shared_ptr<IdentityCertificate> rsaCert = keyChain.getCertificate(rsaCertName);
+
+ Name packetName("/Test/Packet/Name");
+
+ shared_ptr<Data> testDataRsa = make_shared<Data>(packetName);
+ keyChain.signByIdentity(*testDataRsa, rsaIdentity);
+ shared_ptr<Data> testDataEcdsa = make_shared<Data>(packetName);
+ keyChain.signByIdentity(*testDataEcdsa, ecdsaIdentity);
+ shared_ptr<Interest> testInterestRsa = make_shared<Interest>(packetName);
+ keyChain.signByIdentity(*testInterestRsa, rsaIdentity);
+ shared_ptr<Interest> testInterestEcdsa = make_shared<Interest>(packetName);
+ keyChain.signByIdentity(*testInterestEcdsa, ecdsaIdentity);
+
+ BOOST_CHECK(Validator::verifySignature(*ecdsaCert, ecdsaCert->getPublicKeyInfo()));
+ BOOST_CHECK_EQUAL(Validator::verifySignature(*ecdsaCert, rsaCert->getPublicKeyInfo()), false);
+ BOOST_CHECK_EQUAL(Validator::verifySignature(*rsaCert, ecdsaCert->getPublicKeyInfo()), false);
+ BOOST_CHECK(Validator::verifySignature(*rsaCert, rsaCert->getPublicKeyInfo()));
+
+ BOOST_CHECK(Validator::verifySignature(*testDataEcdsa, ecdsaCert->getPublicKeyInfo()));
+ BOOST_CHECK_EQUAL(Validator::verifySignature(*testDataEcdsa, rsaCert->getPublicKeyInfo()), false);
+ BOOST_CHECK_EQUAL(Validator::verifySignature(*testDataRsa, ecdsaCert->getPublicKeyInfo()), false);
+ BOOST_CHECK(Validator::verifySignature(*testDataRsa, rsaCert->getPublicKeyInfo()));
+
+ BOOST_CHECK(Validator::verifySignature(*testInterestEcdsa, ecdsaCert->getPublicKeyInfo()));
+ BOOST_CHECK_EQUAL(Validator::verifySignature(*testInterestEcdsa, rsaCert->getPublicKeyInfo()),
+ false);
+ BOOST_CHECK_EQUAL(Validator::verifySignature(*testInterestRsa, ecdsaCert->getPublicKeyInfo()),
+ false);
+ BOOST_CHECK(Validator::verifySignature(*testInterestRsa, rsaCert->getPublicKeyInfo()));
+
+ keyChain.deleteIdentity(ecdsaIdentity);
+ keyChain.deleteIdentity(rsaIdentity);
+}
+
BOOST_AUTO_TEST_SUITE_END()
} // namespace ndn