use unique ECDH state / Encryption key for request in CA
Change-Id: If9f5471664d2eec7562b963c40f404ecfa3e5269
diff --git a/tests/unit-tests/ca-memory.t.cpp b/tests/unit-tests/ca-memory.t.cpp
index 242c4b3..4581eb8 100644
--- a/tests/unit-tests/ca-memory.t.cpp
+++ b/tests/unit-tests/ca-memory.t.cpp
@@ -82,7 +82,7 @@
auto cert1 = key1.getDefaultCertificate();
// add operation
- RequestState request1(Name("/ndn/site1"), "123", RequestType::NEW, Status::BEFORE_CHALLENGE, cert1);
+ RequestState request1(Name("/ndn/site1"), "123", RequestType::NEW, Status::BEFORE_CHALLENGE, cert1, makeStringBlock(tlv::ContentType_Key, "PretendItIsAKey"));
BOOST_CHECK_NO_THROW(storage.addRequest(request1));
// get operation
@@ -90,13 +90,14 @@
BOOST_CHECK_EQUAL(request1.m_cert, result.m_cert);
BOOST_CHECK(request1.m_status == result.m_status);
BOOST_CHECK_EQUAL(request1.m_caPrefix, result.m_caPrefix);
+ BOOST_CHECK_EQUAL(request1.m_encryptionKey, result.m_encryptionKey);
JsonSection json;
json.put("code", "1234");
// update operation
RequestState request2(Name("/ndn/site1"), "123", RequestType::NEW, Status::CHALLENGE, cert1,
- "email", "test", time::system_clock::now(), 3, time::seconds(3600), std::move(json));
+ "email", "test", time::system_clock::now(), 3, time::seconds(3600), std::move(json), makeStringBlock(tlv::ContentType_Key, "PretendItIsAKey"));
storage.updateRequest(request2);
result = storage.getRequest("123");
BOOST_CHECK_EQUAL(request2.m_cert, result.m_cert);
@@ -106,7 +107,7 @@
auto identity2 = addIdentity(Name("/ndn/site2"));
auto key2 = identity2.getDefaultKey();
auto cert2 = key2.getDefaultCertificate();
- RequestState request3(Name("/ndn/site2"), "456", RequestType::NEW, Status::BEFORE_CHALLENGE, cert2);
+ RequestState request3(Name("/ndn/site2"), "456", RequestType::NEW, Status::BEFORE_CHALLENGE, cert2, makeStringBlock(tlv::ContentType_Key, "PretendItIsAKey"));
storage.addRequest(request3);
// list operation
diff --git a/tests/unit-tests/ca-module.t.cpp b/tests/unit-tests/ca-module.t.cpp
index 075d067..365cb90 100644
--- a/tests/unit-tests/ca-module.t.cpp
+++ b/tests/unit-tests/ca-module.t.cpp
@@ -202,8 +202,9 @@
BOOST_CHECK(challengeBlockCount != 0);
client.onNewRenewRevokeResponse(response);
+ auto ca_encryption_key = ca.getCaStorage()->getRequest(readString(contentBlock.get(tlv_request_id))).m_encryptionKey;
BOOST_CHECK_EQUAL_COLLECTIONS(client.m_aesKey, client.m_aesKey + sizeof(client.m_aesKey),
- ca.m_aesKey, ca.m_aesKey + sizeof(ca.m_aesKey));
+ ca_encryption_key.value(), ca_encryption_key.value() + ca_encryption_key.value_size());
});
face.receive(*interest);
@@ -427,7 +428,7 @@
signatureInfo.setValidityPeriod(security::ValidityPeriod(time::system_clock::now(),
time::system_clock::now() + time::hours(10)));
m_keyChain.sign(clientCert, signingByKey(clientKey.getName()).setSignatureInfo(signatureInfo));
- RequestState certRequest(Name("/ndn"), "122", RequestType::NEW, Status::SUCCESS, clientCert);
+ RequestState certRequest(Name("/ndn"), "122", RequestType::NEW, Status::SUCCESS, clientCert, makeEmptyBlock(tlv::ContentType_Key));
auto issuedCert = ca.issueCertificate(certRequest);
ClientModule client(m_keyChain);
@@ -459,8 +460,9 @@
BOOST_CHECK(challengeBlockCount != 0);
client.onNewRenewRevokeResponse(response);
+ auto ca_encryption_key = ca.getCaStorage()->getRequest(readString(contentBlock.get(tlv_request_id))).m_encryptionKey;
BOOST_CHECK_EQUAL_COLLECTIONS(client.m_aesKey, client.m_aesKey + sizeof(client.m_aesKey),
- ca.m_aesKey, ca.m_aesKey + sizeof(ca.m_aesKey));
+ ca_encryption_key.value(), ca_encryption_key.value() + ca_encryption_key.value_size());
});
face.receive(*interest);
diff --git a/tests/unit-tests/ca-sqlite.t.cpp b/tests/unit-tests/ca-sqlite.t.cpp
index 2a0d013..4bfb740 100644
--- a/tests/unit-tests/ca-sqlite.t.cpp
+++ b/tests/unit-tests/ca-sqlite.t.cpp
@@ -81,7 +81,7 @@
auto cert1 = key1.getDefaultCertificate();
// add operation
- RequestState request1(Name("/ndn/site1"), "123", RequestType::NEW, Status::BEFORE_CHALLENGE, cert1);
+ RequestState request1(Name("/ndn/site1"), "123", RequestType::NEW, Status::BEFORE_CHALLENGE, cert1, makeStringBlock(tlv::ContentType_Key, "PretendItIsAKey"));
BOOST_CHECK_NO_THROW(storage.addRequest(request1));
// get operation
@@ -89,12 +89,13 @@
BOOST_CHECK_EQUAL(request1.m_cert, result.m_cert);
BOOST_CHECK(request1.m_status == result.m_status);
BOOST_CHECK_EQUAL(request1.m_caPrefix, result.m_caPrefix);
+ BOOST_CHECK_EQUAL(request1.m_encryptionKey, result.m_encryptionKey);
// update operation
JsonSection json;
json.put("test", "4567");
RequestState request2(Name("/ndn/site1"), "123", RequestType::NEW, Status::CHALLENGE, cert1,
- "email", "test", time::system_clock::now(), 3, time::seconds(3600), std::move(json));
+ "email", "test", time::system_clock::now(), 3, time::seconds(3600), std::move(json), makeEmptyBlock(tlv::ContentType_Key));
storage.updateRequest(request2);
result = storage.getRequest("123");
BOOST_CHECK_EQUAL(request2.m_cert, result.m_cert);
@@ -104,7 +105,7 @@
auto identity2 = addIdentity(Name("/ndn/site2"));
auto key2 = identity2.getDefaultKey();
auto cert2 = key2.getDefaultCertificate();
- RequestState request3(Name("/ndn/site2"), "456", RequestType::NEW, Status::BEFORE_CHALLENGE, cert2);
+ RequestState request3(Name("/ndn/site2"), "456", RequestType::NEW, Status::BEFORE_CHALLENGE, cert2, makeStringBlock(tlv::ContentType_Key, "PretendItIsAKey"));
storage.addRequest(request3);
// list operation
diff --git a/tests/unit-tests/challenge-credential.t.cpp b/tests/unit-tests/challenge-credential.t.cpp
index 46eccb2..2f31433 100644
--- a/tests/unit-tests/challenge-credential.t.cpp
+++ b/tests/unit-tests/challenge-credential.t.cpp
@@ -55,7 +55,7 @@
auto identityA = addIdentity(Name("/example"));
auto keyA = identityA.getDefaultKey();
auto certA = key.getDefaultCertificate();
- RequestState request(Name("/example"), "123", RequestType::NEW, Status::BEFORE_CHALLENGE, certA);
+ RequestState request(Name("/example"), "123", RequestType::NEW, Status::BEFORE_CHALLENGE, certA, makeEmptyBlock(tlv::ContentType_Key));
// create requester's credential
auto identityB = addIdentity(Name("/trust/cert"));
diff --git a/tests/unit-tests/challenge-email.t.cpp b/tests/unit-tests/challenge-email.t.cpp
index 5f647d1..b29884e 100644
--- a/tests/unit-tests/challenge-email.t.cpp
+++ b/tests/unit-tests/challenge-email.t.cpp
@@ -45,7 +45,7 @@
auto identity = addIdentity(Name("/ndn/site1"));
auto key = identity.getDefaultKey();
auto cert = key.getDefaultCertificate();
- RequestState request(Name("/ndn/site1"), "123", RequestType::NEW, Status::BEFORE_CHALLENGE, cert);
+ RequestState request(Name("/ndn/site1"), "123", RequestType::NEW, Status::BEFORE_CHALLENGE, cert, makeEmptyBlock(tlv::ContentType_Key));
Block paramTLV = makeEmptyBlock(tlv_encrypted_payload);
paramTLV.push_back(makeStringBlock(tlv_parameter_key, ChallengeEmail::PARAMETER_KEY_EMAIL));
@@ -94,7 +94,7 @@
auto identity = addIdentity(Name("/ndn/site1"));
auto key = identity.getDefaultKey();
auto cert = key.getDefaultCertificate();
- RequestState request(Name("/ndn/site1"), "123", RequestType::NEW, Status::BEFORE_CHALLENGE, cert);
+ RequestState request(Name("/ndn/site1"), "123", RequestType::NEW, Status::BEFORE_CHALLENGE, cert, makeEmptyBlock(tlv::ContentType_Key));
Block paramTLV = makeEmptyBlock(tlv_encrypted_payload);
paramTLV.push_back(makeStringBlock(tlv_parameter_key, ChallengeEmail::PARAMETER_KEY_EMAIL));
@@ -115,7 +115,7 @@
json.put(ChallengeEmail::PARAMETER_KEY_CODE, "4567");
RequestState request(Name("/ndn/site1"), "123", RequestType::NEW, Status::CHALLENGE, cert,
"email", ChallengeEmail::NEED_CODE, time::system_clock::now(),
- 3, time::seconds(3600), std::move(json));
+ 3, time::seconds(3600), std::move(json), makeEmptyBlock(tlv::ContentType_Key));
Block paramTLV = makeEmptyBlock(tlv_encrypted_payload);
paramTLV.push_back(makeStringBlock(tlv_parameter_key, ChallengeEmail::PARAMETER_KEY_CODE));
@@ -137,7 +137,7 @@
json.put(ChallengeEmail::PARAMETER_KEY_CODE, "4567");
RequestState request(Name("/ndn/site1"), "123", RequestType::NEW, Status::CHALLENGE, cert,
"email", ChallengeEmail::NEED_CODE, time::system_clock::now(),
- 3, time::seconds(3600), std::move(json));
+ 3, time::seconds(3600), std::move(json), makeEmptyBlock(tlv::ContentType_Key));
Block paramTLV = makeEmptyBlock(tlv_encrypted_payload);
paramTLV.push_back(makeStringBlock(tlv_parameter_key, ChallengeEmail::PARAMETER_KEY_CODE));
diff --git a/tests/unit-tests/challenge-pin.t.cpp b/tests/unit-tests/challenge-pin.t.cpp
index 90df736..49df787 100644
--- a/tests/unit-tests/challenge-pin.t.cpp
+++ b/tests/unit-tests/challenge-pin.t.cpp
@@ -38,7 +38,7 @@
auto identity = addIdentity(Name("/ndn/site1"));
auto key = identity.getDefaultKey();
auto cert = key.getDefaultCertificate();
- RequestState request(Name("/ndn/site1"), "123", RequestType::NEW, Status::BEFORE_CHALLENGE, cert);
+ RequestState request(Name("/ndn/site1"), "123", RequestType::NEW, Status::BEFORE_CHALLENGE, cert, makeEmptyBlock(tlv::ContentType_Key));
ChallengePin challenge;
challenge.handleChallengeRequest(makeEmptyBlock(tlv_encrypted_payload), request);
@@ -57,7 +57,7 @@
secret.add(ChallengePin::PARAMETER_KEY_CODE, "12345");
RequestState request(Name("/ndn/site1"), "123", RequestType::NEW, Status::CHALLENGE, cert,
"pin", ChallengePin::NEED_CODE, time::system_clock::now(),
- 3, time::seconds(3600), std::move(secret));
+ 3, time::seconds(3600), std::move(secret), makeEmptyBlock(tlv::ContentType_Key));
Block paramTLV = makeEmptyBlock(tlv_encrypted_payload);
paramTLV.push_back(makeStringBlock(tlv_parameter_key, ChallengePin::PARAMETER_KEY_CODE));
@@ -79,7 +79,7 @@
secret.add(ChallengePin::PARAMETER_KEY_CODE, "12345");
RequestState request(Name("/ndn/site1"), "123", RequestType::NEW, Status::CHALLENGE, cert,
"pin", ChallengePin::NEED_CODE, time::system_clock::now(),
- 3, time::seconds(3600), std::move(secret));
+ 3, time::seconds(3600), std::move(secret), makeEmptyBlock(tlv::ContentType_Key));
Block paramTLV = makeEmptyBlock(tlv_encrypted_payload);
paramTLV.push_back(makeStringBlock(tlv_parameter_key, ChallengePin::PARAMETER_KEY_CODE));