signing-info.cpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2 /*
3  * Copyright (c) 2013-2021 Regents of the University of California.
4  *
5  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6  *
7  * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8  * terms of the GNU Lesser General Public License as published by the Free Software
9  * Foundation, either version 3 of the License, or (at your option) any later version.
10  *
11  * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13  * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14  *
15  * You should have received copies of the GNU General Public License and GNU Lesser
16  * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17  * <http://www.gnu.org/licenses/>.
18  *
19  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20  */
21 
23 
29 
30 namespace ndn {
31 namespace security {
32 
33 const Name&
35 {
36  static Name digestSha256Identity("/localhost/identity/digest-sha256");
37  return digestSha256Identity;
38 }
39 
40 const Name&
42 {
43  static Name hmacIdentity("/localhost/identity/hmac");
44  return hmacIdentity;
45 }
46 
48  const Name& signerName,
49  const SignatureInfo& signatureInfo)
50  : m_type(signerType)
51  , m_name(signerName)
52  , m_digestAlgorithm(DigestAlgorithm::SHA256)
53  , m_info(signatureInfo)
54  , m_signedInterestFormat(SignedInterestFormat::V02)
55 {
56  BOOST_ASSERT(signerType >= SIGNER_TYPE_NULL && signerType <= SIGNER_TYPE_HMAC);
57 }
58 
60  : SigningInfo(SIGNER_TYPE_NULL)
61 {
62  this->setPibIdentity(identity);
63 }
64 
66  : SigningInfo(SIGNER_TYPE_NULL)
67 {
68  this->setPibKey(key);
69 }
70 
71 SigningInfo::SigningInfo(const std::string& signingStr)
72  : SigningInfo(SIGNER_TYPE_NULL)
73 {
74  if (signingStr.empty()) {
75  return;
76  }
77 
78  size_t pos = signingStr.find(':');
79  if (pos == std::string::npos) {
80  NDN_THROW(std::invalid_argument("Invalid signing string cannot represent SigningInfo"));
81  }
82 
83  std::string scheme = signingStr.substr(0, pos);
84  std::string nameArg = signingStr.substr(pos + 1);
85 
86  if (scheme == "id") {
87  if (nameArg == getDigestSha256Identity().toUri()) {
89  }
90  else {
91  setSigningIdentity(nameArg);
92  }
93  }
94  else if (scheme == "key") {
95  setSigningKeyName(nameArg);
96  }
97  else if (scheme == "cert") {
98  setSigningCertName(nameArg);
99  }
100  else if (scheme == "hmac-sha256") {
101  setSigningHmacKey(nameArg);
103  }
104  else {
105  NDN_THROW(std::invalid_argument("Invalid signing string scheme"));
106  }
107 }
108 
111 {
112  m_type = SIGNER_TYPE_ID;
113  m_name = identity;
114  m_identity = Identity();
115  return *this;
116 }
117 
120 {
121  m_type = SIGNER_TYPE_KEY;
122  m_name = keyName;
123  m_key = Key();
124  return *this;
125 }
126 
128 SigningInfo::setSigningCertName(const Name& certificateName)
129 {
130  m_type = SIGNER_TYPE_CERT;
131  m_name = certificateName;
132  return *this;
133 }
134 
136 SigningInfo::setSigningHmacKey(const std::string& hmacKey)
137 {
138  m_type = SIGNER_TYPE_HMAC;
139 
140  OBufferStream os;
141  transform::bufferSource(hmacKey) >>
142  transform::base64Decode(false) >>
144  m_hmacKey = make_shared<transform::PrivateKey>();
145  m_hmacKey->loadRaw(KeyType::HMAC, *os.buf());
146 
147  // generate key name
148  m_name = getHmacIdentity();
149  m_name.append(name::Component(m_hmacKey->getKeyDigest(DigestAlgorithm::SHA256)));
150 
151  return *this;
152 }
153 
156 {
157  m_type = SIGNER_TYPE_SHA256;
158  m_name.clear();
159  return *this;
160 }
161 
164 {
165  m_type = SIGNER_TYPE_ID;
166  m_name = identity ? identity.getName() : Name();
167  m_identity = identity;
168  return *this;
169 }
170 
173 {
174  m_type = SIGNER_TYPE_KEY;
175  m_name = key ? key.getName() : Name();
176  m_key = key;
177  return *this;
178 }
179 
182 {
183  m_info = signatureInfo;
184  return *this;
185 }
186 
187 std::ostream&
188 operator<<(std::ostream& os, const SigningInfo& si)
189 {
190  switch (si.getSignerType()) {
192  return os;
194  return os << "id:" << si.getSignerName();
196  return os << "key:" << si.getSignerName();
198  return os << "cert:" << si.getSignerName();
200  return os << "id:" << SigningInfo::getDigestSha256Identity();
202  return os << "id:" << si.getSignerName();
203  }
204  return os << "Unknown signer type " << to_underlying(si.getSignerType());
205 }
206 
207 std::ostream&
208 operator<<(std::ostream& os, const SignedInterestFormat& format)
209 {
210  switch (format) {
212  return os << "Signed Interest v0.3";
214  return os << "Signed Interest v0.2";
215  }
216  return os << "Unknown signed Interest format " << to_underlying(format);
217 }
218 
219 } // namespace security
220 } // namespace ndn
Represents an absolute name.
Definition: name.hpp:46
void clear()
Remove all components.
Definition: name.cpp:280
Name & append(const Component &component)
Append a component.
Definition: name.hpp:279
implements an output stream that constructs ndn::Buffer
shared_ptr< Buffer > buf()
Flush written data to the stream and return shared pointer to the underlying buffer.
Represents a SignatureInfo or InterestSignatureInfo TLV element.
Represents a name component.
Signing parameters passed to KeyChain.
SigningInfo(SignerType signerType=SIGNER_TYPE_NULL, const Name &signerName=Name(), const SignatureInfo &signatureInfo=SignatureInfo())
Constructor.
SigningInfo & setPibIdentity(const Identity &identity)
Set signer as a PIB identity handler identity.
const Name & getSignerName() const
SigningInfo & setSigningIdentity(const Name &identity)
Set signer as an identity with name identity.
static const Name & getDigestSha256Identity()
A localhost identity to indicate that the signature is generated using SHA-256.
SigningInfo & setSha256Signing()
Set SHA-256 as the signing method.
SigningInfo & setSigningCertName(const Name &certificateName)
Set signer as a certificate with name certificateName.
SigningInfo & setSigningHmacKey(const std::string &hmacKey)
Set signer to a base64-encoded HMAC key.
static const Name & getHmacIdentity()
A localhost identity to indicate that the signature is generated using an HMAC key.
SigningInfo & setSignatureInfo(const SignatureInfo &signatureInfo)
Set a semi-prepared SignatureInfo.
SignerType getSignerType() const
@ SIGNER_TYPE_CERT
Signer is a certificate, use it directly.
@ SIGNER_TYPE_SHA256
Use a SHA-256 digest only, no signer needs to be specified.
@ SIGNER_TYPE_HMAC
Signer is a HMAC key.
@ SIGNER_TYPE_NULL
No signer is specified, use default setting or follow the trust schema.
@ SIGNER_TYPE_ID
Signer is an identity, use its default key and default certificate.
@ SIGNER_TYPE_KEY
Signer is a key, use its default certificate.
SigningInfo & setDigestAlgorithm(const DigestAlgorithm &algorithm)
Set the digest algorithm for signing operations.
SigningInfo & setSigningKeyName(const Name &keyName)
Set signer as a key with name keyName.
SigningInfo & setPibKey(const Key &key)
Set signer as a PIB key handler key.
A frontend handle of an Identity.
Definition: identity.hpp:48
const Name & getName() const
Get the name of the identity.
Definition: identity.cpp:37
A frontend handle of a key instance.
Definition: key.hpp:50
const Name & getName() const
Get key name.
Definition: key.cpp:38
#define NDN_THROW(e)
Definition: exception.hpp:61
unique_ptr< Sink > streamSink(std::ostream &os)
Definition: stream-sink.cpp:53
unique_ptr< Transform > base64Decode(bool expectNewlineEvery64Bytes)
std::ostream & operator<<(std::ostream &os, const AdditionalDescription &desc)
@ V03
Sign Interest using Packet Specification v0.3 semantics.
@ V02
Sign Interest using Packet Specification v0.2 semantics.
@ Name
Definition: tlv.hpp:67
Definition: data.cpp:25
@ HMAC
HMAC key, supports sign/verify operations.
@ SHA256
Use the SHA-256 hash of the public key as key id.
constexpr std::underlying_type_t< T > to_underlying(T val) noexcept
Definition: backports.hpp:136