signing-info.cpp
Go to the documentation of this file.
1 /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2 /*
3  * Copyright (c) 2013-2023 Regents of the University of California.
4  *
5  * This file is part of ndn-cxx library (NDN C++ library with eXperimental eXtensions).
6  *
7  * ndn-cxx library is free software: you can redistribute it and/or modify it under the
8  * terms of the GNU Lesser General Public License as published by the Free Software
9  * Foundation, either version 3 of the License, or (at your option) any later version.
10  *
11  * ndn-cxx library is distributed in the hope that it will be useful, but WITHOUT ANY
12  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
13  * PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
14  *
15  * You should have received copies of the GNU General Public License and GNU Lesser
16  * General Public License along with ndn-cxx, e.g., in COPYING.md file. If not, see
17  * <http://www.gnu.org/licenses/>.
18  *
19  * See AUTHORS.md for complete list of ndn-cxx authors and contributors.
20  */
21 
23 
28 
29 namespace ndn::security {
30 
31 const Name&
33 {
34  static Name digestSha256Identity("/localhost/identity/digest-sha256");
35  return digestSha256Identity;
36 }
37 
38 const Name&
40 {
41  static Name hmacIdentity("/localhost/identity/hmac");
42  return hmacIdentity;
43 }
44 
46  const Name& signerName,
47  const SignatureInfo& signatureInfo)
48  : m_type(signerType)
49  , m_name(signerName)
50  , m_digestAlgorithm(DigestAlgorithm::SHA256)
51  , m_info(signatureInfo)
52  , m_signedInterestFormat(SignedInterestFormat::V02)
53 {
54  BOOST_ASSERT(signerType >= SIGNER_TYPE_NULL && signerType <= SIGNER_TYPE_HMAC);
55 }
56 
58  : SigningInfo(SIGNER_TYPE_NULL)
59 {
60  this->setPibIdentity(identity);
61 }
62 
64  : SigningInfo(SIGNER_TYPE_NULL)
65 {
66  this->setPibKey(key);
67 }
68 
69 SigningInfo::SigningInfo(std::string_view signingStr)
70  : SigningInfo(SIGNER_TYPE_NULL)
71 {
72  if (signingStr.empty()) {
73  return;
74  }
75 
76  auto pos = signingStr.find(':');
77  if (pos == std::string_view::npos) {
78  NDN_THROW(std::invalid_argument("Invalid signing string cannot represent SigningInfo"));
79  }
80 
81  auto scheme = signingStr.substr(0, pos);
82  auto nameArg = signingStr.substr(pos + 1);
83 
84  if (scheme == "id") {
85  if (nameArg == getDigestSha256Identity().toUri()) {
87  }
88  else {
89  setSigningIdentity(Name(nameArg));
90  }
91  }
92  else if (scheme == "key") {
93  setSigningKeyName(Name(nameArg));
94  }
95  else if (scheme == "cert") {
96  setSigningCertName(Name(nameArg));
97  }
98  else if (scheme == "hmac-sha256") {
99  setSigningHmacKey(nameArg);
101  }
102  else {
103  NDN_THROW(std::invalid_argument("Invalid signing string scheme"));
104  }
105 }
106 
109 {
110  m_type = SIGNER_TYPE_ID;
111  m_name = identity;
112  m_identity = Identity();
113  return *this;
114 }
115 
118 {
119  m_type = SIGNER_TYPE_KEY;
120  m_name = keyName;
121  m_key = Key();
122  return *this;
123 }
124 
126 SigningInfo::setSigningCertName(const Name& certificateName)
127 {
128  m_type = SIGNER_TYPE_CERT;
129  m_name = certificateName;
130  return *this;
131 }
132 
134 SigningInfo::setSigningHmacKey(std::string_view hmacKey)
135 {
136  m_type = SIGNER_TYPE_HMAC;
137 
138  OBufferStream os;
139  transform::bufferSource(hmacKey) >>
140  transform::base64Decode(false) >>
142  m_hmacKey = make_shared<transform::PrivateKey>();
143  m_hmacKey->loadRaw(KeyType::HMAC, *os.buf());
144 
145  // generate key name
146  m_name = getHmacIdentity();
147  m_name.append(name::Component(m_hmacKey->getKeyDigest(DigestAlgorithm::SHA256)));
148 
149  return *this;
150 }
151 
154 {
155  m_type = SIGNER_TYPE_SHA256;
156  m_name.clear();
157  return *this;
158 }
159 
162 {
163  m_type = SIGNER_TYPE_ID;
164  m_name = identity ? identity.getName() : Name();
165  m_identity = identity;
166  return *this;
167 }
168 
171 {
172  m_type = SIGNER_TYPE_KEY;
173  m_name = key ? key.getName() : Name();
174  m_key = key;
175  return *this;
176 }
177 
180 {
181  m_info = signatureInfo;
182  return *this;
183 }
184 
185 std::ostream&
186 operator<<(std::ostream& os, const SigningInfo& si)
187 {
188  switch (si.getSignerType()) {
190  return os;
192  return os << "id:" << si.getSignerName();
194  return os << "key:" << si.getSignerName();
196  return os << "cert:" << si.getSignerName();
198  return os << "id:" << SigningInfo::getDigestSha256Identity();
200  return os << "id:" << si.getSignerName();
201  }
202  return os << "Unknown signer type " << to_underlying(si.getSignerType());
203 }
204 
205 std::ostream&
206 operator<<(std::ostream& os, const SignedInterestFormat& format)
207 {
208  switch (format) {
210  return os << "Signed Interest v0.3";
212  return os << "Signed Interest v0.2";
213  }
214  return os << "Unknown signed Interest format " << to_underlying(format);
215 }
216 
217 } // namespace ndn::security
Represents an absolute name.
Definition: name.hpp:45
void clear()
Remove all components.
Definition: name.cpp:256
Name & append(const Component &component)
Append a name component.
Definition: name.hpp:308
An output stream that writes to a Buffer.
std::shared_ptr< Buffer > buf()
Return a shared pointer to the underlying buffer.
Represents a SignatureInfo or InterestSignatureInfo TLV element.
Represents a name component.
Signing parameters passed to KeyChain.
SigningInfo(SignerType signerType=SIGNER_TYPE_NULL, const Name &signerName=Name(), const SignatureInfo &signatureInfo=SignatureInfo())
Constructor.
SigningInfo & setPibIdentity(const Identity &identity)
Set signer as a PIB identity handle identity.
const Name & getSignerName() const
SigningInfo & setSigningIdentity(const Name &identity)
Set signer as an identity with name identity.
static const Name & getDigestSha256Identity()
A localhost identity to indicate that the signature is generated using SHA-256.
SigningInfo & setSha256Signing()
Set SHA-256 as the signing method.
SigningInfo & setSigningCertName(const Name &certificateName)
Set signer as a certificate with name certificateName.
static const Name & getHmacIdentity()
A localhost identity to indicate that the signature is generated using an HMAC key.
SigningInfo & setSignatureInfo(const SignatureInfo &signatureInfo)
Set a semi-prepared SignatureInfo.
SignerType getSignerType() const
Return the signer type.
SigningInfo & setSigningHmacKey(std::string_view hmacKey)
Set signer to a base64-encoded HMAC key.
@ SIGNER_TYPE_CERT
Signer is a certificate, use it directly.
@ SIGNER_TYPE_SHA256
Use a SHA-256 digest only, no signer needs to be specified.
@ SIGNER_TYPE_HMAC
Signer is a HMAC key.
@ SIGNER_TYPE_NULL
No signer is specified, use default setting or follow the trust schema.
@ SIGNER_TYPE_ID
Signer is an identity, use its default key and default certificate.
@ SIGNER_TYPE_KEY
Signer is a key, use its default certificate.
SigningInfo & setDigestAlgorithm(const DigestAlgorithm &algorithm)
Set the digest algorithm for signing operations.
SigningInfo & setSigningKeyName(const Name &keyName)
Set signer as a key with name keyName.
SigningInfo & setPibKey(const Key &key)
Set signer as a PIB key handle key.
Frontend handle for an identity in the PIB.
Definition: identity.hpp:44
const Name & getName() const
Return the name of the identity.
Definition: identity.cpp:35
Frontend handle for a key in the PIB.
Definition: key.hpp:45
const Name & getName() const
Return the name of the key.
Definition: key.cpp:36
#define NDN_THROW(e)
Definition: exception.hpp:56
unique_ptr< Sink > streamSink(std::ostream &os)
Definition: stream-sink.cpp:51
unique_ptr< Transform > base64Decode(bool expectNewlineEvery64Bytes)
Contains the ndn-cxx security framework.
std::ostream & operator<<(std::ostream &os, const AdditionalDescription &desc)
@ V03
Sign Interest using Packet Specification v0.3 semantics.
@ V02
Sign Interest using Packet Specification v0.2 semantics.
@ Name
Definition: tlv.hpp:71
@ HMAC
HMAC key, supports sign/verify operations.
@ SHA256
Use the SHA-256 hash of the public key as key id.
constexpr std::underlying_type_t< T > to_underlying(T val) noexcept
Definition: backports.hpp:44