signing-info.cpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2 /*
3  * Copyright (c) 2013-2020 Regents of the University of California.
4  *
5  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6  *
7  * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8  * terms of the GNU Lesser General Public License as published by the Free Software
9  * Foundation, either version 3 of the License, or (at your option) any later version.
10  *
11  * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13  * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14  *
15  * You should have received copies of the GNU General Public License and GNU Lesser
16  * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17  * <http://www.gnu.org/licenses/>.
18  *
19  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20  */
21 
22 #include "ndn-cxx/security/signing-info.hpp"
23 
24 #include "ndn-cxx/encoding/buffer-stream.hpp"
25 #include "ndn-cxx/security/transform/base64-decode.hpp"
26 #include "ndn-cxx/security/transform/buffer-source.hpp"
27 #include "ndn-cxx/security/transform/digest-filter.hpp"
28 #include "ndn-cxx/security/transform/stream-sink.hpp"
29 
30 namespace ndn {
31 namespace security {
32 
33 const Name&
34 SigningInfo::getEmptyName()
35 {
36  static Name emptyName;
37  return emptyName;
38 }
39 
40 const SignatureInfo&
41 SigningInfo::getEmptySignatureInfo()
42 {
43  static SignatureInfo emptySignatureInfo;
44  return emptySignatureInfo;
45 }
46 
47 const Name&
48 SigningInfo::getDigestSha256Identity()
49 {
50  static Name digestSha256Identity("/localhost/identity/digest-sha256");
51  return digestSha256Identity;
52 }
53 
54 const Name&
55 SigningInfo::getHmacIdentity()
56 {
57  static Name hmacIdentity("/localhost/identity/hmac");
58  return hmacIdentity;
59 }
60 
61 SigningInfo::SigningInfo(SignerType signerType,
62  const Name& signerName,
63  const SignatureInfo& signatureInfo)
64  : m_type(signerType)
65  , m_name(signerName)
66  , m_digestAlgorithm(DigestAlgorithm::SHA256)
67  , m_info(signatureInfo)
68  , m_signedInterestFormat(SignedInterestFormat::V02)
69 {
70  BOOST_ASSERT(signerType >= SIGNER_TYPE_NULL && signerType <= SIGNER_TYPE_HMAC);
71 }
72 
73 SigningInfo::SigningInfo(const Identity& identity)
74  : SigningInfo(SIGNER_TYPE_NULL)
75 {
76  this->setPibIdentity(identity);
77 }
78 
79 SigningInfo::SigningInfo(const Key& key)
80  : SigningInfo(SIGNER_TYPE_NULL)
81 {
82  this->setPibKey(key);
83 }
84 
85 SigningInfo::SigningInfo(const std::string& signingStr)
86  : SigningInfo(SIGNER_TYPE_NULL)
87 {
88  if (signingStr.empty()) {
89  return;
90  }
91 
92  size_t pos = signingStr.find(':');
93  if (pos == std::string::npos) {
94  NDN_THROW(std::invalid_argument("Invalid signing string cannot represent SigningInfo"));
95  }
96 
97  std::string scheme = signingStr.substr(0, pos);
98  std::string nameArg = signingStr.substr(pos + 1);
99 
100  if (scheme == "id") {
101  if (nameArg == getDigestSha256Identity().toUri()) {
102  setSha256Signing();
103  }
104  else {
105  setSigningIdentity(nameArg);
106  }
107  }
108  else if (scheme == "key") {
109  setSigningKeyName(nameArg);
110  }
111  else if (scheme == "cert") {
112  setSigningCertName(nameArg);
113  }
114  else if (scheme == "hmac-sha256") {
115  setSigningHmacKey(nameArg);
116  setDigestAlgorithm(DigestAlgorithm::SHA256);
117  }
118  else {
119  NDN_THROW(std::invalid_argument("Invalid signing string scheme"));
120  }
121 }
122 
123 SigningInfo&
124 SigningInfo::setSigningIdentity(const Name& identity)
125 {
126  m_type = SIGNER_TYPE_ID;
127  m_name = identity;
128  m_identity = Identity();
129  return *this;
130 }
131 
132 SigningInfo&
133 SigningInfo::setSigningKeyName(const Name& keyName)
134 {
135  m_type = SIGNER_TYPE_KEY;
136  m_name = keyName;
137  m_key = Key();
138  return *this;
139 }
140 
141 SigningInfo&
142 SigningInfo::setSigningCertName(const Name& certificateName)
143 {
144  m_type = SIGNER_TYPE_CERT;
145  m_name = certificateName;
146  return *this;
147 }
148 
149 SigningInfo&
150 SigningInfo::setSigningHmacKey(const std::string& hmacKey)
151 {
152  m_type = SIGNER_TYPE_HMAC;
153 
154  OBufferStream os;
155  transform::bufferSource(hmacKey) >>
156  transform::base64Decode(false) >>
157  transform::streamSink(os);
158  m_hmacKey = make_shared<transform::PrivateKey>();
159  m_hmacKey->loadRaw(KeyType::HMAC, os.buf()->data(), os.buf()->size());
160 
161  // generate key name
162  m_name = getHmacIdentity();
163  m_name.append(name::Component(m_hmacKey->getKeyDigest(DigestAlgorithm::SHA256)));
164 
165  return *this;
166 }
167 
168 SigningInfo&
169 SigningInfo::setSha256Signing()
170 {
171  m_type = SIGNER_TYPE_SHA256;
172  m_name.clear();
173  return *this;
174 }
175 
176 SigningInfo&
177 SigningInfo::setPibIdentity(const Identity& identity)
178 {
179  m_type = SIGNER_TYPE_ID;
180  m_name = identity ? identity.getName() : Name();
181  m_identity = identity;
182  return *this;
183 }
184 
185 SigningInfo&
186 SigningInfo::setPibKey(const Key& key)
187 {
188  m_type = SIGNER_TYPE_KEY;
189  m_name = key ? key.getName() : Name();
190  m_key = key;
191  return *this;
192 }
193 
194 SigningInfo&
195 SigningInfo::setSignatureInfo(const SignatureInfo& signatureInfo)
196 {
197  m_info = signatureInfo;
198  return *this;
199 }
200 
201 std::ostream&
202 operator<<(std::ostream& os, const SigningInfo& si)
203 {
204  switch (si.getSignerType()) {
205  case SigningInfo::SIGNER_TYPE_NULL:
206  return os;
207  case SigningInfo::SIGNER_TYPE_ID:
208  return os << "id:" << si.getSignerName();
209  case SigningInfo::SIGNER_TYPE_KEY:
210  return os << "key:" << si.getSignerName();
211  case SigningInfo::SIGNER_TYPE_CERT:
212  return os << "cert:" << si.getSignerName();
213  case SigningInfo::SIGNER_TYPE_SHA256:
214  return os << "id:" << SigningInfo::getDigestSha256Identity();
215  case SigningInfo::SIGNER_TYPE_HMAC:
216  return os << "id:" << si.getSignerName();
217  }
218  NDN_THROW(std::invalid_argument("Unknown signer type"));
219  return os;
220 }
221 
222 std::ostream&
223 operator<<(std::ostream& os, const SignedInterestFormat& format)
224 {
225  switch (format) {
226  case SignedInterestFormat::V03:
227  return os << "Signed Interest v0.3";
228  case SignedInterestFormat::V02:
229  return os << "Signed Interest v0.2";
230  }
231  NDN_THROW(std::invalid_argument("Unknown signed Interest format"));
232  return os;
233 }
234 
235 } // namespace security
236 } // namespace ndn
ndn::security::SigningInfo::setPibIdentity
SigningInfo & setPibIdentity(const Identity &identity)
Set signer as a PIB identity handler identity.
Definition: signing-info.cpp:177
ndn::security::SignedInterestFormat::V03
Sign Interest using Packet Specification v0.3 semantics.
ndn
Definition: data.cpp:26
ndn::SignatureInfo
Represents a SignatureInfo or InterestSignatureInfo TLV element.
Definition: signature-info.hpp:32
ndn::security::transform::base64Decode
unique_ptr< Transform > base64Decode(bool expectNewlineEvery64Bytes)
Definition: base64-decode.cpp:129
ndn::security::SigningInfo::setDigestAlgorithm
SigningInfo & setDigestAlgorithm(const DigestAlgorithm &algorithm)
Set the digest algorithm for signing operations.
Definition: signing-info.hpp:220
ndn::security::SigningInfo::SIGNER_TYPE_SHA256
Use a SHA-256 digest only, no signer needs to be specified.
Definition: signing-info.hpp:71
ndn::security::SignedInterestFormat::V02
Sign Interest using Packet Specification v0.2 semantics.
ndn::Name::append
Name & append(const Component &component)
Append a component.
Definition: name.hpp:278
ndn::security::SigningInfo
Signing parameters passed to KeyChain.
Definition: signing-info.hpp:52
NDN_THROW
#define NDN_THROW(e)
Definition: exception.hpp:61
ndn::KeyType::HMAC
HMAC key, supports sign/verify operations.
ndn::security::SigningInfo::getSignerName
const Name & getSignerName() const
Definition: signing-info.hpp:181
ndn::security::pib::Key
A frontend handle of a key instance.
Definition: key.hpp:49
ndn::security::SigningInfo::setSha256Signing
SigningInfo & setSha256Signing()
Set SHA-256 as the signing method.
Definition: signing-info.cpp:169
ndn::security::SigningInfo::SIGNER_TYPE_NULL
No signer is specified, use default setting or follow the trust schema.
Definition: signing-info.hpp:63
ndn::security::transform::streamSink
unique_ptr< Sink > streamSink(std::ostream &os)
Definition: stream-sink.cpp:53
ndn::security::SigningInfo::getDigestSha256Identity
static const Name & getDigestSha256Identity()
A localhost identity to indicate that the signature is generated using SHA-256.
Definition: signing-info.cpp:48
ndn::KeyIdType::SHA256
Use the SHA-256 hash of the public key as key id.
ndn::Name
Represents an absolute name.
Definition: name.hpp:44
ndn::security::pib::Key::getName
const Name & getName() const
Get key name.
Definition: key.cpp:38
ndn::security::SigningInfo::SIGNER_TYPE_CERT
Signer is a certificate, use it directly.
Definition: signing-info.hpp:69
ndn::security::SigningInfo::getEmptySignatureInfo
static const SignatureInfo & getEmptySignatureInfo()
Get a SignatureInfo constructed with default values.
Definition: signing-info.cpp:41
ndn::security::SigningInfo::setSigningCertName
SigningInfo & setSigningCertName(const Name &certificateName)
Set signer as a certificate with name certificateName.
Definition: signing-info.cpp:142
ndn::security::SigningInfo::SIGNER_TYPE_KEY
Signer is a key, use its default certificate.
Definition: signing-info.hpp:67
ndn::security::SigningInfo::setSignatureInfo
SigningInfo & setSignatureInfo(const SignatureInfo &signatureInfo)
Set a semi-prepared SignatureInfo.
Definition: signing-info.cpp:195
ndn::name::Component
Represents a name component.
Definition: name-component.hpp:102
ndn::security::SigningInfo::getEmptyName
static const Name & getEmptyName()
Definition: signing-info.cpp:34
ndn::OBufferStream::buf
shared_ptr< Buffer > buf()
Flush written data to the stream and return shared pointer to the underlying buffer.
Definition: buffer-stream.cpp:54
ndn::security::pib::Identity::getName
const Name & getName() const
Get the name of the identity.
Definition: identity.cpp:37
ndn::security::SigningInfo::SigningInfo
SigningInfo(SignerType signerType=SIGNER_TYPE_NULL, const Name &signerName=Name(), const SignatureInfo &signatureInfo=SignatureInfo())
Constructor.
Definition: signing-info.cpp:61
ndn::security::SigningInfo::setSigningIdentity
SigningInfo & setSigningIdentity(const Name &identity)
Set signer as an identity with name identity.
Definition: signing-info.cpp:124
ndn::security::SigningInfo::SIGNER_TYPE_ID
Signer is an identity, use its default key and default certificate.
Definition: signing-info.hpp:65
ndn::security::pib::Identity
A frontend handle of an Identity.
Definition: identity.hpp:42
ndn::OBufferStream
implements an output stream that constructs ndn::Buffer
Definition: buffer-stream.hpp:70
ndn::security::SigningInfo::setPibKey
SigningInfo & setPibKey(const Key &key)
Set signer as a PIB key handler key.
Definition: signing-info.cpp:186
ndn::Name::clear
void clear()
Remove all components.
Definition: name.cpp:280
ndn::security::operator<<
std::ostream & operator<<(std::ostream &os, const SigningInfo &si)
Definition: signing-info.cpp:202
ndn::security::SigningInfo::getHmacIdentity
static const Name & getHmacIdentity()
A localhost identity to indicate that the signature is generated using an HMAC key.
Definition: signing-info.cpp:55
ndn::security::SigningInfo::setSigningHmacKey
SigningInfo & setSigningHmacKey(const std::string &hmacKey)
Set signer to a base64-encoded HMAC key.
Definition: signing-info.cpp:150
ndn::security::SigningInfo::setSigningKeyName
SigningInfo & setSigningKeyName(const Name &keyName)
Set signer as a key with name keyName.
Definition: signing-info.cpp:133
ndn::security::SigningInfo::getSignerType
SignerType getSignerType() const
Definition: signing-info.hpp:172