void NdnSigner::sign( Data& data ) const
{
//////// configure key locator ///////////
// encode public key
std::string keystr;
CryptoPP::StringSink sink(keystr);
m_public_key.Save(sink);
// make key locator and insert key as key digest
KeyLocator loc;
auto buffer = make_shared<const Buffer>( (uint8_t*)keystr.c_str(), keystr.length() );
loc.setKeyDigest( buffer );
// setup signature info
Signature sig = data.getSignature();
SignatureInfo sinfo = sig.getSignatureInfo();
sinfo.setSignatureType( tlv::SignatureSha256WithRsa);
sinfo.setKeyLocator( loc );
sig.setInfo( sinfo );
data.setSignature( sig );
// sign data
Block sig_block = signBlock( data.wireEncode() );
// set signature
sig.setValue( sig_block );
data.setSignature( sig );
data.wireEncode();
}
void
SelectorHelper::applySelectors(Interest& interest, Context* context)
{
int minSuffix = -1;
context->getContextOption(MIN_SUFFIX_COMP_S, minSuffix);
if (minSuffix >= 0)
{
interest.setMinSuffixComponents(minSuffix);
}
int maxSuffix = -1;
context->getContextOption(MAX_SUFFIX_COMP_S, maxSuffix);
if (maxSuffix >= 0)
{
interest.setMaxSuffixComponents(maxSuffix);
}
Exclude exclusion;
context->getContextOption(EXCLUDE_S, exclusion);
if (!exclusion.empty())
{
interest.setExclude(exclusion);
}
bool mustBeFresh = false;
context->getContextOption(MUST_BE_FRESH_S, mustBeFresh);
if (mustBeFresh)
{
interest.setMustBeFresh(mustBeFresh);
}
int child = -10;
context->getContextOption(RIGHTMOST_CHILD_S, child);
if (child != -10)
{
interest.setChildSelector(child);
}
KeyLocator keyLocator;
context->getContextOption(KEYLOCATOR_S, keyLocator);
if (!keyLocator.empty())
{
interest.setPublisherPublicKeyLocator(keyLocator);
}
}
const ndn::ConstBufferPtr
Index::computeKeyLocatorHash(const KeyLocator& keyLocator)
{
const Block& block = keyLocator.wireEncode();
ndn::ConstBufferPtr keyLocatorHash = ndn::crypto::sha256(block.wire(), block.size());
return keyLocatorHash;
}
ptr_lib::shared_ptr<IdentityCertificate>
IdentityManager::createIdentityCertificate(const Name& certificatePrefix,
const PublicKey& publicKey,
const Name& signerCertificateName,
const MillisecondsSince1970& notBefore,
const MillisecondsSince1970& notAfter)
{
ptr_lib::shared_ptr<IdentityCertificate> certificate(new IdentityCertificate());
Name keyName = getKeyNameFromCertificatePrefix(certificatePrefix);
Name certificateName = certificatePrefix;
MillisecondsSince1970 ti = ::ndn_getNowMilliseconds();
// Get the number of seconds.
ostringstream oss;
oss << floor(ti / 1000.0);
certificateName.append("ID-CERT").append(oss.str());
certificate->setName(certificateName);
certificate->setNotBefore(notBefore);
certificate->setNotAfter(notAfter);
certificate->setPublicKeyInfo(publicKey);
certificate->addSubjectDescription(CertificateSubjectDescription("2.5.4.41", keyName.toUri()));
certificate->encode();
ptr_lib::shared_ptr<Sha256WithRsaSignature> sha256Sig(new Sha256WithRsaSignature());
KeyLocator keyLocator;
keyLocator.setType(ndn_KeyLocatorType_KEYNAME);
keyLocator.setKeyName(signerCertificateName);
sha256Sig->setKeyLocator(keyLocator);
sha256Sig->getPublisherPublicKeyDigest().setPublisherPublicKeyDigest(publicKey.getDigest());
certificate->setSignature(*sha256Sig);
SignedBlob unsignedData = certificate->wireEncode();
ptr_lib::shared_ptr<IdentityCertificate> signerCertificate = getCertificate(signerCertificateName);
Name signerkeyName = signerCertificate->getPublicKeyName();
Blob sigBits = privateKeyStorage_->sign(unsignedData, signerkeyName);
sha256Sig->setSignature(sigBits);
return certificate;
}
virtual bool
check(const Name& packetName,
const KeyLocator& keyLocator,
std::string& failInfo)
{
try
{
if (m_regex.match(keyLocator.getName()))
return true;
failInfo = "KeyLocatorChecker failed!";
return false;
}
catch (KeyLocator::Error& e)
{
failInfo = "KeyLocator does not have name";
return false;
}
}
virtual bool
check(const Name& packetName,
const KeyLocator& keyLocator,
std::string& failInfo)
{
try
{
if (m_hyperPRegex->match(packetName) &&
m_hyperKRegex->match(keyLocator.getName()) &&
checkRelation(m_hyperRelation,
m_hyperKRegex->expand(),
m_hyperPRegex->expand()))
return true;
failInfo = "KeyLocatorChecker failed!";
return false;
}
catch (KeyLocator::Error& e)
{
failInfo = "KeyLocator does not have name";
return false;
}
}
bool
KeyLocator::operator==(const KeyLocator& other) const
{
return wireEncode() == other.wireEncode();
}
std::pair<int64_t,Name>
Index::selectChild(const Interest& interest,
IndexContainer::const_iterator startingPoint) const
{
BOOST_ASSERT(startingPoint != m_indexContainer.end());
bool isLeftmost = (interest.getChildSelector() <= 0);
ndn::ConstBufferPtr hash;
if (!interest.getPublisherPublicKeyLocator().empty())
{
KeyLocator keyLocator = interest.getPublisherPublicKeyLocator();
const Block& block = keyLocator.wireEncode();
hash = ndn::crypto::sha256(block.wire(), block.size());
}
if (isLeftmost)
{
for (IndexContainer::const_iterator it = startingPoint;
it != m_indexContainer.end(); ++it)
{
if (!interest.getName().isPrefixOf(it->getName()))
return std::make_pair(0, Name());
if (matchesSimpleSelectors(interest, hash, (*it)))
return std::make_pair(it->getId(), it->getName());
}
}
else
{
IndexContainer::const_iterator boundary = m_indexContainer.lower_bound(interest.getName());
if (boundary == m_indexContainer.end() || !interest.getName().isPrefixOf(boundary->getName()))
return std::make_pair(0, Name());
Name successor = interest.getName().getSuccessor();
IndexContainer::const_iterator last = interest.getName().size() == 0 ?
m_indexContainer.end() : m_indexContainer.lower_bound(interest.getName().getSuccessor());
while (true)
{
IndexContainer::const_iterator prev = last;
if (prev != boundary) {
--prev;
}
if (prev == boundary)
{
bool isMatch = matchesSimpleSelectors(interest, hash, (*prev));
if (isMatch)
{
return std::make_pair(prev->getId(), prev->getName());
}
else
return std::make_pair(0, Name());
}
IndexContainer::const_iterator first =
m_indexContainer.lower_bound(prev->getName().getPrefix(interest.getName().size() + 1));
IndexContainer::const_iterator match =
std::find_if(first, last, bind(&matchesSimpleSelectors, interest, hash, _1));
if (match != last)
{
return std::make_pair(match->getId(), match->getName());
}
last = first;
}
}
return std::make_pair(0, Name());
}
/**
* Loop to encode a data packet nIterations times using C++.
* @param nIterations The number of iterations.
* @param useComplex If true, use a large name, large content and all fields. If false, use a small name, small content
* and only required fields.
* @param useCrypto If true, sign the data packet. If false, use a blank signature.
* @param encoding Set this to the wire encoding.
* @return The number of seconds for all iterations.
*/
static double
benchmarkEncodeDataSecondsCpp(int nIterations, bool useComplex, bool useCrypto, Blob& encoding)
{
Name name;
Blob content;
if (useComplex) {
// Use a large name and content.
name = Name("/ndn/ucla.edu/apps/lwndn-test/numbers.txt/%FD%05%05%E8%0C%CE%1D/%00");
ostringstream contentStream;
int count = 1;
contentStream << (count++);
while (contentStream.str().length() < 1115)
contentStream << " " << (count++);
content = Blob((uint8_t*)contentStream.str().c_str(), contentStream.str().length());
}
else {
// Use a small name and content.
name = Name("/test");
content = Blob((uint8_t*)"abc", 3);
}
Blob finalBlockId((uint8_t*)"\x00", 1);
// Initialize the KeyChain storage in case useCrypto is true.
ptr_lib::shared_ptr<MemoryIdentityStorage> identityStorage(new MemoryIdentityStorage());
ptr_lib::shared_ptr<MemoryPrivateKeyStorage> privateKeyStorage(new MemoryPrivateKeyStorage());
KeyChain keyChain
(ptr_lib::make_shared<IdentityManager>(identityStorage, privateKeyStorage),
ptr_lib::make_shared<SelfVerifyPolicyManager>(identityStorage.get()));
Name keyName("/testname/DSK-123");
Name certificateName = keyName.getSubName(0, keyName.size() - 1).append("KEY").append
(keyName.get(keyName.size() - 1)).append("ID-CERT").append("0");
privateKeyStorage->setKeyPairForKeyName
(keyName, KEY_TYPE_RSA, DEFAULT_RSA_PUBLIC_KEY_DER,
sizeof(DEFAULT_RSA_PUBLIC_KEY_DER), DEFAULT_RSA_PRIVATE_KEY_DER,
sizeof(DEFAULT_RSA_PRIVATE_KEY_DER));
uint8_t signatureBitsArray[256];
memset(signatureBitsArray, 0, sizeof(signatureBitsArray));
Blob signatureBits(signatureBitsArray, sizeof(signatureBitsArray));
double start = getNowSeconds();
for (int i = 0; i < nIterations; ++i) {
Data data(name);
data.setContent(content);
if (useComplex) {
data.getMetaInfo().setFreshnessPeriod(1000);
data.getMetaInfo().setFinalBlockId(finalBlockId);
}
if (useCrypto)
// This sets the signature fields.
keyChain.sign(data, certificateName);
else {
// Imitate IdentityManager::signByCertificate to set up the signature fields, but don't sign.
KeyLocator keyLocator;
keyLocator.setType(ndn_KeyLocatorType_KEYNAME);
keyLocator.setKeyName(certificateName);
Sha256WithRsaSignature* sha256Signature = (Sha256WithRsaSignature*)data.getSignature();
sha256Signature->setKeyLocator(keyLocator);
sha256Signature->setSignature(signatureBits);
}
encoding = data.wireEncode();
}
double finish = getNowSeconds();
return finish - start;
}
