security: Support ECDSA verification in all related classes.
This commit also addresses some old issues, such as "using namespace std".
Change-Id: I62b8ff97fb2b6f6cfe04b0ad5866bc0797e6e43b
Refs: #1660
diff --git a/tests/unit-tests/security/test-conf-checker.cpp b/tests/unit-tests/security/test-conf-checker.cpp
new file mode 100644
index 0000000..9135a50
--- /dev/null
+++ b/tests/unit-tests/security/test-conf-checker.cpp
@@ -0,0 +1,552 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2013-2014 Regents of the University of California.
+ *
+ * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
+ *
+ * ndn-cxx library is free software: you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free Software
+ * Foundation, either version 3 of the License, or (at your option) any later version.
+ *
+ * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+ * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
+ *
+ * You should have received copies of the GNU General Public License and GNU Lesser
+ * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
+ */
+
+#include "security/conf/checker.hpp"
+#include "security/key-chain.hpp"
+#include "boost-test.hpp"
+
+namespace ndn {
+
+BOOST_AUTO_TEST_SUITE(SecurityTestConfChecker)
+
+void
+interestChecked(const shared_ptr<const Interest>& interest)
+{
+ BOOST_CHECK(true);
+}
+
+void
+interestCheckFailed(const shared_ptr<const Interest>& interest,
+ const std::string& failureInfo)
+{
+ std::cerr << failureInfo << std::endl;
+ BOOST_CHECK(false);
+}
+
+void
+interestCheckedFalse(const shared_ptr<const Interest>& interest)
+{
+ BOOST_CHECK(false);
+}
+
+void
+interestCheckFailedFalse(const shared_ptr<const Interest>& interest,
+ const std::string& failureInfo)
+{
+ BOOST_CHECK(true);
+}
+
+void
+dataChecked(const shared_ptr<const Data>& interest)
+{
+ BOOST_CHECK(true);
+}
+
+void
+dataCheckFailed(const shared_ptr<const Data>& interest,
+ const std::string& failureInfo)
+{
+ std::cerr << failureInfo << std::endl;
+ BOOST_CHECK(false);
+}
+
+void
+dataCheckedFalse(const shared_ptr<const Data>& interest)
+{
+ BOOST_CHECK(false);
+}
+
+void
+dataCheckFailedFalse(const shared_ptr<const Data>& interest,
+ const std::string& failureInfo)
+{
+ BOOST_CHECK(true);
+}
+
+
+BOOST_AUTO_TEST_CASE(CustomizedCheckerTest1)
+{
+ using security::conf::CustomizedChecker;
+ using security::conf::KeyLocatorChecker;
+ using security::conf::RelationKeyLocatorNameChecker;
+
+ KeyChain keyChain("sqlite3", "file");
+
+ Name identity("/SecurityTestConfChecker/CustomizedCheckerTest1");
+ Name certName = keyChain.createIdentity(identity);
+
+ Name identity2("/SecurityTestConfChecker/CustomizedCheckerTest1Wrong");
+ Name certName2 = keyChain.createIdentity(identity2);
+
+ Name packetName("/SecurityTestConfChecker/CustomizedCheckerTest1/Data");
+ shared_ptr<Data> data1 = make_shared<Data>(packetName);
+ keyChain.signByIdentity(*data1, identity);
+
+ shared_ptr<Data> data2 = make_shared<Data>(packetName);
+ keyChain.signByIdentity(*data2, identity2);
+
+ shared_ptr<Interest> interest1 = make_shared<Interest>(packetName);
+ keyChain.signByIdentity(*interest1, identity);
+
+ shared_ptr<Interest> interest2 = make_shared<Interest>(packetName);
+ keyChain.signByIdentity(*interest2, identity2);
+
+ int8_t result = 0;
+
+
+ shared_ptr<RelationKeyLocatorNameChecker> keyLocatorCheckerEqual1 =
+ make_shared<RelationKeyLocatorNameChecker>(certName.getPrefix(-1),
+ KeyLocatorChecker::RELATION_EQUAL);
+ CustomizedChecker checker1(Tlv::SignatureSha256WithRsa, keyLocatorCheckerEqual1);
+
+ result = checker1.check(*data1,
+ bind(dataChecked, _1),
+ bind(dataCheckFailed, _1, _2));
+ BOOST_CHECK_EQUAL(result, 0);
+
+ result = checker1.check(*data2,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+ result = checker1.check(*interest1,
+ bind(interestChecked, _1),
+ bind(interestCheckFailed, _1, _2));
+ BOOST_CHECK_EQUAL(result, 0);
+
+ result = checker1.check(*interest2,
+ bind(interestCheckedFalse, _1),
+ bind(interestCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+
+ shared_ptr<RelationKeyLocatorNameChecker> keyLocatorCheckerEqual2 =
+ make_shared<RelationKeyLocatorNameChecker>(identity,
+ KeyLocatorChecker::RELATION_EQUAL);
+ CustomizedChecker checker2(Tlv::SignatureSha256WithRsa, keyLocatorCheckerEqual2);
+
+ result = checker2.check(*data1,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+ result = checker2.check(*interest1,
+ bind(interestCheckedFalse, _1),
+ bind(interestCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+
+ shared_ptr<RelationKeyLocatorNameChecker> keyLocatorCheckerPrefix1 =
+ make_shared<RelationKeyLocatorNameChecker>(certName.getPrefix(-1),
+ KeyLocatorChecker::RELATION_IS_PREFIX_OF);
+ CustomizedChecker checker3(Tlv::SignatureSha256WithRsa, keyLocatorCheckerPrefix1);
+
+ result = checker3.check(*data1,
+ bind(dataChecked, _1),
+ bind(dataCheckFailed, _1, _2));
+ BOOST_CHECK_EQUAL(result, 0);
+
+ result = checker3.check(*data2,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+
+ shared_ptr<RelationKeyLocatorNameChecker> keyLocatorCheckerPrefix2 =
+ make_shared<RelationKeyLocatorNameChecker>(identity,
+ KeyLocatorChecker::RELATION_IS_PREFIX_OF);
+ CustomizedChecker checker4(Tlv::SignatureSha256WithRsa, keyLocatorCheckerPrefix2);
+
+ result = checker4.check(*data1,
+ bind(dataChecked, _1),
+ bind(dataCheckFailed, _1, _2));
+ BOOST_CHECK_EQUAL(result, 0);
+
+ result = checker4.check(*data2,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+
+ shared_ptr<RelationKeyLocatorNameChecker> keyLocatorCheckerStrict1 =
+ make_shared<RelationKeyLocatorNameChecker>(certName.getPrefix(-1),
+ KeyLocatorChecker::RELATION_IS_STRICT_PREFIX_OF);
+ CustomizedChecker checker5(Tlv::SignatureSha256WithRsa, keyLocatorCheckerStrict1);
+
+ result = checker5.check(*data1,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+ result = checker5.check(*data2,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+ shared_ptr<RelationKeyLocatorNameChecker> keyLocatorCheckerStrict2 =
+ make_shared<RelationKeyLocatorNameChecker>(identity,
+ KeyLocatorChecker::RELATION_IS_STRICT_PREFIX_OF);
+ CustomizedChecker checker6(Tlv::SignatureSha256WithRsa, keyLocatorCheckerStrict2);
+
+ result = checker6.check(*data1,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, 0);
+
+ result = checker6.check(*data2,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+
+ keyChain.deleteIdentity(identity);
+ keyChain.deleteIdentity(identity2);
+}
+
+BOOST_AUTO_TEST_CASE(CustomizedCheckerTest2)
+{
+ using security::conf::CustomizedChecker;
+ using security::conf::KeyLocatorChecker;
+ using security::conf::RegexKeyLocatorNameChecker;
+
+ KeyChain keyChain("sqlite3", "file");
+
+ Name identity("/SecurityTestConfChecker/CustomizedCheckerTest2");
+ Name certName = keyChain.createIdentity(identity);
+
+ Name identity2("/SecurityTestConfChecker/CustomizedCheckerTest2Wrong");
+ Name certName2 = keyChain.createIdentity(identity2);
+
+ Name packetName("/SecurityTestConfChecker/CustomizedCheckerTest2/Data");
+ shared_ptr<Data> data1 = make_shared<Data>(packetName);
+ keyChain.signByIdentity(*data1, identity);
+
+ shared_ptr<Data> data2 = make_shared<Data>(packetName);
+ keyChain.signByIdentity(*data2, identity2);
+
+ shared_ptr<Interest> interest1 = make_shared<Interest>(packetName);
+ keyChain.signByIdentity(*interest1, identity);
+
+ shared_ptr<Interest> interest2 = make_shared<Interest>(packetName);
+ keyChain.signByIdentity(*interest2, identity2);
+
+ int8_t result = 0;
+
+
+ shared_ptr<RegexKeyLocatorNameChecker> keyLocatorCheckerRegex1 =
+ make_shared<RegexKeyLocatorNameChecker>(
+ Regex("^<SecurityTestConfChecker><CustomizedCheckerTest2>"));
+ CustomizedChecker checker1(Tlv::SignatureSha256WithRsa, keyLocatorCheckerRegex1);
+
+ result = checker1.check(*data1,
+ bind(dataChecked, _1),
+ bind(dataCheckFailed, _1, _2));
+ BOOST_CHECK_EQUAL(result, 0);
+
+ result = checker1.check(*data2,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+ result = checker1.check(*interest1,
+ bind(interestChecked, _1),
+ bind(interestCheckFailed, _1, _2));
+ BOOST_CHECK_EQUAL(result, 0);
+
+ result = checker1.check(*interest2,
+ bind(interestCheckedFalse, _1),
+ bind(interestCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+ keyChain.deleteIdentity(identity);
+ keyChain.deleteIdentity(identity2);
+}
+
+BOOST_AUTO_TEST_CASE(CustomizedCheckerTest3)
+{
+ using security::conf::CustomizedChecker;
+ using security::conf::KeyLocatorChecker;
+ using security::conf::RegexKeyLocatorNameChecker;
+
+ KeyChain keyChain("sqlite3", "file");
+
+ EcdsaKeyParams params;
+
+ Name identity("/SecurityTestConfChecker/CustomizedCheckerTest3");
+ Name certName = keyChain.createIdentity(identity, params);
+
+ Name identity2("/SecurityTestConfChecker/CustomizedCheckerTest3Wrong");
+ Name certName2 = keyChain.createIdentity(identity2, params);
+
+ Name packetName("/SecurityTestConfChecker/CustomizedCheckerTest3/Data");
+ shared_ptr<Data> data1 = make_shared<Data>(packetName);
+ keyChain.signByIdentity(*data1, identity);
+
+ shared_ptr<Data> data2 = make_shared<Data>(packetName);
+ keyChain.signByIdentity(*data2, identity2);
+
+ shared_ptr<Interest> interest1 = make_shared<Interest>(packetName);
+ keyChain.signByIdentity(*interest1, identity);
+
+ shared_ptr<Interest> interest2 = make_shared<Interest>(packetName);
+ keyChain.signByIdentity(*interest2, identity2);
+
+ int8_t result = 0;
+
+
+ shared_ptr<RegexKeyLocatorNameChecker> keyLocatorCheckerRegex1 =
+ make_shared<RegexKeyLocatorNameChecker>(
+ Regex("^<SecurityTestConfChecker><CustomizedCheckerTest3>"));
+ CustomizedChecker checker1(Tlv::SignatureSha256WithEcdsa, keyLocatorCheckerRegex1);
+
+ result = checker1.check(*data1,
+ bind(dataChecked, _1),
+ bind(dataCheckFailed, _1, _2));
+ BOOST_CHECK_EQUAL(result, 0);
+
+ result = checker1.check(*data2,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+ result = checker1.check(*interest1,
+ bind(interestChecked, _1),
+ bind(interestCheckFailed, _1, _2));
+ BOOST_CHECK_EQUAL(result, 0);
+
+ result = checker1.check(*interest2,
+ bind(interestCheckedFalse, _1),
+ bind(interestCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+
+ CustomizedChecker checker2(Tlv::SignatureSha256WithRsa, keyLocatorCheckerRegex1);
+
+ result = checker2.check(*data1,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+
+ keyChain.deleteIdentity(identity);
+ keyChain.deleteIdentity(identity2);
+}
+
+BOOST_AUTO_TEST_CASE(HierarchicalCheckerTest1)
+{
+ using security::conf::HierarchicalChecker;
+
+ KeyChain keyChain("sqlite3", "file");
+
+ EcdsaKeyParams params;
+
+ Name identity("/SecurityTestConfChecker/HierarchicalCheckerTest1");
+ Name certName = keyChain.createIdentity(identity, params);
+
+ Name identity2("/SecurityTestConfChecker/HierarchicalCheckerTest1/Data");
+ Name certName2 = keyChain.createIdentity(identity2);
+
+ Name packetName("/SecurityTestConfChecker/HierarchicalCheckerTest1/Data");
+ Name packetName2("/SecurityTestConfChecker");
+ Name packetName3("/SecurityTestConfChecker/HierarchicalCheckerTest1");
+
+ shared_ptr<Data> data1 = make_shared<Data>(packetName);
+ keyChain.signByIdentity(*data1, identity);
+
+ shared_ptr<Data> data2 = make_shared<Data>(packetName2);
+ keyChain.signByIdentity(*data2, identity);
+
+ shared_ptr<Data> data3 = make_shared<Data>(packetName3);
+ keyChain.signByIdentity(*data3, identity);
+
+ shared_ptr<Data> data4 = make_shared<Data>(packetName);
+ keyChain.signByIdentity(*data4, identity2);
+
+ shared_ptr<Data> data5 = make_shared<Data>(packetName2);
+ keyChain.signByIdentity(*data5, identity2);
+
+ shared_ptr<Data> data6 = make_shared<Data>(packetName3);
+ keyChain.signByIdentity(*data6, identity2);
+
+ int8_t result = 0;
+
+ HierarchicalChecker checker1(Tlv::SignatureSha256WithEcdsa);
+
+ result = checker1.check(*data1,
+ bind(dataChecked, _1),
+ bind(dataCheckFailed, _1, _2));
+ BOOST_CHECK_EQUAL(result, 0);
+
+ result = checker1.check(*data2,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+ result = checker1.check(*data3,
+ bind(dataChecked, _1),
+ bind(dataCheckFailed, _1, _2));
+ BOOST_CHECK_EQUAL(result, 0);
+
+ result = checker1.check(*data4,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+ result = checker1.check(*data5,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+ result = checker1.check(*data6,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+
+ HierarchicalChecker checker2(Tlv::SignatureSha256WithRsa);
+
+ result = checker2.check(*data1,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+ result = checker2.check(*data2,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+ result = checker2.check(*data3,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+ result = checker2.check(*data4,
+ bind(dataChecked, _1),
+ bind(dataCheckFailed, _1, _2));
+ BOOST_CHECK_EQUAL(result, 0);
+
+ result = checker2.check(*data5,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+ result = checker2.check(*data6,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+
+ keyChain.deleteIdentity(identity);
+ keyChain.deleteIdentity(identity2);
+}
+
+BOOST_AUTO_TEST_CASE(FixedSignerCheckerTest1)
+{
+ using security::conf::FixedSignerChecker;
+
+ KeyChain keyChain("sqlite3", "file");
+
+ EcdsaKeyParams params;
+
+ Name identity("/SecurityTestConfChecker/FixedSignerCheckerTest1");
+ Name certName = keyChain.createIdentity(identity, params);
+ shared_ptr<IdentityCertificate> cert1 = keyChain.getCertificate(certName);
+
+ Name identity2("/SecurityTestConfChecker/FixedSignerCheckerTest1Wrong");
+ Name certName2 = keyChain.createIdentity(identity2);
+ shared_ptr<IdentityCertificate> cert2 = keyChain.getCertificate(certName2);
+
+ Name packetName("/Test/Data");
+
+ shared_ptr<Data> data1 = make_shared<Data>(packetName);
+ keyChain.signByIdentity(*data1, identity);
+
+ shared_ptr<Data> data2 = make_shared<Data>(packetName);
+ keyChain.signByIdentity(*data2, identity2);
+
+ std::vector<shared_ptr<IdentityCertificate> > certSet1;
+ certSet1.push_back(cert1);
+
+ std::vector<shared_ptr<IdentityCertificate> > certSet2;
+ certSet2.push_back(cert2);
+
+
+ int8_t result = 0;
+
+ FixedSignerChecker checker1(Tlv::SignatureSha256WithEcdsa, certSet1);
+
+ result = checker1.check(*data1,
+ bind(dataChecked, _1),
+ bind(dataCheckFailed, _1, _2));
+ BOOST_CHECK_EQUAL(result, 1);
+
+ result = checker1.check(*data2,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+
+ FixedSignerChecker checker2(Tlv::SignatureSha256WithRsa, certSet1);
+
+ result = checker2.check(*data1,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+ result = checker2.check(*data2,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+
+ FixedSignerChecker checker3(Tlv::SignatureSha256WithEcdsa, certSet2);
+
+ result = checker3.check(*data1,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+ result = checker3.check(*data2,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+
+ FixedSignerChecker checker4(Tlv::SignatureSha256WithRsa, certSet2);
+
+ result = checker4.check(*data1,
+ bind(dataCheckedFalse, _1),
+ bind(dataCheckFailedFalse, _1, _2));
+ BOOST_CHECK_EQUAL(result, -1);
+
+ result = checker4.check(*data2,
+ bind(dataChecked, _1),
+ bind(dataCheckFailed, _1, _2));
+ BOOST_CHECK_EQUAL(result, 1);
+
+
+ keyChain.deleteIdentity(identity);
+ keyChain.deleteIdentity(identity2);
+}
+
+BOOST_AUTO_TEST_SUITE_END()
+
+} // namespace ndn