signing-info.cpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2 /*
3  * Copyright (c) 2013-2021 Regents of the University of California.
4  *
5  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6  *
7  * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8  * terms of the GNU Lesser General Public License as published by the Free Software
9  * Foundation, either version 3 of the License, or (at your option) any later version.
10  *
11  * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13  * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14  *
15  * You should have received copies of the GNU General Public License and GNU Lesser
16  * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17  * <http://www.gnu.org/licenses/>.
18  *
19  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20  */
21 
22 #include "ndn-cxx/security/signing-info.hpp"
23 
24 #include "ndn-cxx/encoding/buffer-stream.hpp"
25 #include "ndn-cxx/security/transform/base64-decode.hpp"
26 #include "ndn-cxx/security/transform/buffer-source.hpp"
27 #include "ndn-cxx/security/transform/digest-filter.hpp"
28 #include "ndn-cxx/security/transform/stream-sink.hpp"
29 
30 namespace ndn {
31 namespace security {
32 
33 const Name&
34 SigningInfo::getDigestSha256Identity()
35 {
36  static Name digestSha256Identity("/localhost/identity/digest-sha256");
37  return digestSha256Identity;
38 }
39 
40 const Name&
41 SigningInfo::getHmacIdentity()
42 {
43  static Name hmacIdentity("/localhost/identity/hmac");
44  return hmacIdentity;
45 }
46 
47 SigningInfo::SigningInfo(SignerType signerType,
48  const Name& signerName,
49  const SignatureInfo& signatureInfo)
50  : m_type(signerType)
51  , m_name(signerName)
52  , m_digestAlgorithm(DigestAlgorithm::SHA256)
53  , m_info(signatureInfo)
54  , m_signedInterestFormat(SignedInterestFormat::V02)
55 {
56  BOOST_ASSERT(signerType >= SIGNER_TYPE_NULL && signerType <= SIGNER_TYPE_HMAC);
57 }
58 
59 SigningInfo::SigningInfo(const Identity& identity)
60  : SigningInfo(SIGNER_TYPE_NULL)
61 {
62  this->setPibIdentity(identity);
63 }
64 
65 SigningInfo::SigningInfo(const Key& key)
66  : SigningInfo(SIGNER_TYPE_NULL)
67 {
68  this->setPibKey(key);
69 }
70 
71 SigningInfo::SigningInfo(const std::string& signingStr)
72  : SigningInfo(SIGNER_TYPE_NULL)
73 {
74  if (signingStr.empty()) {
75  return;
76  }
77 
78  size_t pos = signingStr.find(':');
79  if (pos == std::string::npos) {
80  NDN_THROW(std::invalid_argument("Invalid signing string cannot represent SigningInfo"));
81  }
82 
83  std::string scheme = signingStr.substr(0, pos);
84  std::string nameArg = signingStr.substr(pos + 1);
85 
86  if (scheme == "id") {
87  if (nameArg == getDigestSha256Identity().toUri()) {
88  setSha256Signing();
89  }
90  else {
91  setSigningIdentity(nameArg);
92  }
93  }
94  else if (scheme == "key") {
95  setSigningKeyName(nameArg);
96  }
97  else if (scheme == "cert") {
98  setSigningCertName(nameArg);
99  }
100  else if (scheme == "hmac-sha256") {
101  setSigningHmacKey(nameArg);
102  setDigestAlgorithm(DigestAlgorithm::SHA256);
103  }
104  else {
105  NDN_THROW(std::invalid_argument("Invalid signing string scheme"));
106  }
107 }
108 
109 SigningInfo&
110 SigningInfo::setSigningIdentity(const Name& identity)
111 {
112  m_type = SIGNER_TYPE_ID;
113  m_name = identity;
114  m_identity = Identity();
115  return *this;
116 }
117 
118 SigningInfo&
119 SigningInfo::setSigningKeyName(const Name& keyName)
120 {
121  m_type = SIGNER_TYPE_KEY;
122  m_name = keyName;
123  m_key = Key();
124  return *this;
125 }
126 
127 SigningInfo&
128 SigningInfo::setSigningCertName(const Name& certificateName)
129 {
130  m_type = SIGNER_TYPE_CERT;
131  m_name = certificateName;
132  return *this;
133 }
134 
135 SigningInfo&
136 SigningInfo::setSigningHmacKey(const std::string& hmacKey)
137 {
138  m_type = SIGNER_TYPE_HMAC;
139 
140  OBufferStream os;
141  transform::bufferSource(hmacKey) >>
142  transform::base64Decode(false) >>
143  transform::streamSink(os);
144  m_hmacKey = make_shared<transform::PrivateKey>();
145  m_hmacKey->loadRaw(KeyType::HMAC, *os.buf());
146 
147  // generate key name
148  m_name = getHmacIdentity();
149  m_name.append(name::Component(m_hmacKey->getKeyDigest(DigestAlgorithm::SHA256)));
150 
151  return *this;
152 }
153 
154 SigningInfo&
155 SigningInfo::setSha256Signing()
156 {
157  m_type = SIGNER_TYPE_SHA256;
158  m_name.clear();
159  return *this;
160 }
161 
162 SigningInfo&
163 SigningInfo::setPibIdentity(const Identity& identity)
164 {
165  m_type = SIGNER_TYPE_ID;
166  m_name = identity ? identity.getName() : Name();
167  m_identity = identity;
168  return *this;
169 }
170 
171 SigningInfo&
172 SigningInfo::setPibKey(const Key& key)
173 {
174  m_type = SIGNER_TYPE_KEY;
175  m_name = key ? key.getName() : Name();
176  m_key = key;
177  return *this;
178 }
179 
180 SigningInfo&
181 SigningInfo::setSignatureInfo(const SignatureInfo& signatureInfo)
182 {
183  m_info = signatureInfo;
184  return *this;
185 }
186 
187 std::ostream&
188 operator<<(std::ostream& os, const SigningInfo& si)
189 {
190  switch (si.getSignerType()) {
191  case SigningInfo::SIGNER_TYPE_NULL:
192  return os;
193  case SigningInfo::SIGNER_TYPE_ID:
194  return os << "id:" << si.getSignerName();
195  case SigningInfo::SIGNER_TYPE_KEY:
196  return os << "key:" << si.getSignerName();
197  case SigningInfo::SIGNER_TYPE_CERT:
198  return os << "cert:" << si.getSignerName();
199  case SigningInfo::SIGNER_TYPE_SHA256:
200  return os << "id:" << SigningInfo::getDigestSha256Identity();
201  case SigningInfo::SIGNER_TYPE_HMAC:
202  return os << "id:" << si.getSignerName();
203  }
204  return os << "Unknown signer type " << to_underlying(si.getSignerType());
205 }
206 
207 std::ostream&
208 operator<<(std::ostream& os, const SignedInterestFormat& format)
209 {
210  switch (format) {
211  case SignedInterestFormat::V03:
212  return os << "Signed Interest v0.3";
213  case SignedInterestFormat::V02:
214  return os << "Signed Interest v0.2";
215  }
216  return os << "Unknown signed Interest format " << to_underlying(format);
217 }
218 
219 } // namespace security
220 } // namespace ndn
ndn::Name
Represents an absolute name.
Definition: name.hpp:44
ndn::Name::clear
void clear()
Remove all components.
Definition: name.cpp:281
ndn::Name::append
Name & append(const Component &component)
Append a name component.
Definition: name.hpp:283
ndn::OBufferStream
An output stream that writes to a Buffer.
Definition: buffer-stream.hpp:70
ndn::OBufferStream::buf
shared_ptr< Buffer > buf()
Return a shared pointer to the underlying buffer.
Definition: buffer-stream.cpp:58
ndn::SignatureInfo
Represents a SignatureInfo or InterestSignatureInfo TLV element.
Definition: signature-info.hpp:34
ndn::name::Component
Represents a name component.
Definition: name-component.hpp:114
ndn::security::SigningInfo
Signing parameters passed to KeyChain.
Definition: signing-info.hpp:53
ndn::security::SigningInfo::SigningInfo
SigningInfo(SignerType signerType=SIGNER_TYPE_NULL, const Name &signerName=Name(), const SignatureInfo &signatureInfo=SignatureInfo())
Constructor.
Definition: signing-info.cpp:47
ndn::security::SigningInfo::setPibIdentity
SigningInfo & setPibIdentity(const Identity &identity)
Set signer as a PIB identity handle identity.
Definition: signing-info.cpp:163
ndn::security::SigningInfo::getSignerName
const Name & getSignerName() const
Definition: signing-info.hpp:181
ndn::security::SigningInfo::setSigningIdentity
SigningInfo & setSigningIdentity(const Name &identity)
Set signer as an identity with name identity.
Definition: signing-info.cpp:110
ndn::security::SigningInfo::getDigestSha256Identity
static const Name & getDigestSha256Identity()
A localhost identity to indicate that the signature is generated using SHA-256.
Definition: signing-info.cpp:34
ndn::security::SigningInfo::setSha256Signing
SigningInfo & setSha256Signing()
Set SHA-256 as the signing method.
Definition: signing-info.cpp:155
ndn::security::SigningInfo::setSigningCertName
SigningInfo & setSigningCertName(const Name &certificateName)
Set signer as a certificate with name certificateName.
Definition: signing-info.cpp:128
ndn::security::SigningInfo::setSigningHmacKey
SigningInfo & setSigningHmacKey(const std::string &hmacKey)
Set signer to a base64-encoded HMAC key.
Definition: signing-info.cpp:136
ndn::security::SigningInfo::getHmacIdentity
static const Name & getHmacIdentity()
A localhost identity to indicate that the signature is generated using an HMAC key.
Definition: signing-info.cpp:41
ndn::security::SigningInfo::setSignatureInfo
SigningInfo & setSignatureInfo(const SignatureInfo &signatureInfo)
Set a semi-prepared SignatureInfo.
Definition: signing-info.cpp:181
ndn::security::SigningInfo::getSignerType
SignerType getSignerType() const
Return the signer type.
Definition: signing-info.hpp:172
ndn::security::SigningInfo::SIGNER_TYPE_CERT
@ SIGNER_TYPE_CERT
Signer is a certificate, use it directly.
Definition: signing-info.hpp:69
ndn::security::SigningInfo::SIGNER_TYPE_SHA256
@ SIGNER_TYPE_SHA256
Use a SHA-256 digest only, no signer needs to be specified.
Definition: signing-info.hpp:71
ndn::security::SigningInfo::SIGNER_TYPE_HMAC
@ SIGNER_TYPE_HMAC
Signer is a HMAC key.
Definition: signing-info.hpp:73
ndn::security::SigningInfo::SIGNER_TYPE_NULL
@ SIGNER_TYPE_NULL
No signer is specified, use default setting or follow the trust schema.
Definition: signing-info.hpp:63
ndn::security::SigningInfo::SIGNER_TYPE_ID
@ SIGNER_TYPE_ID
Signer is an identity, use its default key and default certificate.
Definition: signing-info.hpp:65
ndn::security::SigningInfo::SIGNER_TYPE_KEY
@ SIGNER_TYPE_KEY
Signer is a key, use its default certificate.
Definition: signing-info.hpp:67
ndn::security::SigningInfo::setDigestAlgorithm
SigningInfo & setDigestAlgorithm(const DigestAlgorithm &algorithm)
Set the digest algorithm for signing operations.
Definition: signing-info.hpp:220
ndn::security::SigningInfo::setSigningKeyName
SigningInfo & setSigningKeyName(const Name &keyName)
Set signer as a key with name keyName.
Definition: signing-info.cpp:119
ndn::security::SigningInfo::setPibKey
SigningInfo & setPibKey(const Key &key)
Set signer as a PIB key handle key.
Definition: signing-info.cpp:172
ndn::security::pib::Identity
Frontend handle for an identity in the PIB.
Definition: identity.hpp:50
ndn::security::pib::Identity::getName
const Name & getName() const
Return the name of the identity.
Definition: identity.cpp:37
ndn::security::pib::Key
Frontend handle for a key in the PIB.
Definition: key.hpp:51
ndn::security::pib::Key::getName
const Name & getName() const
Return the name of the key.
Definition: key.cpp:37
NDN_THROW
#define NDN_THROW(e)
Definition: exception.hpp:61
ndn::security::transform::streamSink
unique_ptr< Sink > streamSink(std::ostream &os)
Definition: stream-sink.cpp:53
ndn::security::transform::base64Decode
unique_ptr< Transform > base64Decode(bool expectNewlineEvery64Bytes)
Definition: base64-decode.cpp:126
ndn::security::v2::operator<<
std::ostream & operator<<(std::ostream &os, const AdditionalDescription &desc)
Definition: additional-description.cpp:167
ndn::security::SignedInterestFormat::V03
@ V03
Sign Interest using Packet Specification v0.3 semantics.
ndn::security::SignedInterestFormat::V02
@ V02
Sign Interest using Packet Specification v0.2 semantics.
ndn::tlv::Name
@ Name
Definition: tlv.hpp:71
ndn
Definition: data.cpp:25
ndn::KeyType::HMAC
@ HMAC
HMAC key, supports sign/verify operations.
ndn::KeyIdType::SHA256
@ SHA256
Use the SHA-256 hash of the public key as key id.
ndn::to_underlying
constexpr std::underlying_type_t< T > to_underlying(T val) noexcept
Definition: backports.hpp:125