bool
PolicyManager::verifySha256WithEcdsaSignature
(const Blob& signature, const SignedBlob& signedBlob, const Blob& publicKeyDer)
{
// Set signedPortionDigest to the digest of the signed portion of the signedBlob.
uint8_t signedPortionDigest[SHA256_DIGEST_LENGTH];
ndn_digestSha256
(signedBlob.signedBuf(), signedBlob.signedSize(), signedPortionDigest);
// Verify the signedPortionDigest.
// Use a temporary pointer since d2i updates it.
const uint8_t *derPointer = publicKeyDer.buf();
EC_KEY *ecPublicKey = d2i_EC_PUBKEY(NULL, &derPointer, publicKeyDer.size());
if (!ecPublicKey)
throw UnrecognizedKeyFormatException
("Error decoding public key in d2i_EC_PUBKEY");
int success = ECDSA_verify
(NID_sha256, signedPortionDigest, sizeof(signedPortionDigest),
(uint8_t *)signature.buf(),signature.size(), ecPublicKey);
// Free the public key before checking for success.
EC_KEY_free(ecPublicKey);
// ECDSA_verify returns 1 for a valid signature.
return (success == 1);
}
/**
* Verify the RSA signature on the SignedBlob using the given public key.
* TODO: Move this general verification code to a more central location.
* @param signature The Sha256WithRsaSignature.
* @param signedBlob the SignedBlob with the signed portion to verify.
* @param publicKeyDer The DER-encoded public key used to verify the signature.
* @return true if the signature verifies, false if not.
*/
static bool
verifySha256WithRsaSignature
(const Sha256WithRsaSignature* signature, const SignedBlob& signedBlob,
const Blob& publicKeyDer)
{
// Set signedPortionDigest to the digest of the signed portion of the wire encoding.
uint8_t signedPortionDigest[SHA256_DIGEST_LENGTH];
// wireEncode returns the cached encoding if available.
ndn_digestSha256
(signedBlob.signedBuf(), signedBlob.signedSize(), signedPortionDigest);
// Verify the signedPortionDigest.
// Use a temporary pointer since d2i updates it.
const uint8_t *derPointer = publicKeyDer.buf();
RSA *rsaPublicKey = d2i_RSA_PUBKEY(NULL, &derPointer, publicKeyDer.size());
if (!rsaPublicKey)
throw UnrecognizedKeyFormatException("Error decoding public key in d2i_RSAPublicKey");
int success = RSA_verify
(NID_sha256, signedPortionDigest, sizeof(signedPortionDigest), (uint8_t *)signature->getSignature().buf(),
signature->getSignature().size(), rsaPublicKey);
// Free the public key before checking for success.
RSA_free(rsaPublicKey);
// RSA_verify returns 1 for a valid signature.
return (success == 1);
}
bool
PolicyManager::verifyDigestSha256Signature
(const Blob& signature, const SignedBlob& signedBlob)
{
// Set signedPortionDigest to the digest of the signed portion of the signedBlob.
uint8_t signedPortionDigest[SHA256_DIGEST_LENGTH];
ndn_digestSha256
(signedBlob.signedBuf(), signedBlob.signedSize(), signedPortionDigest);
return signature.size() == sizeof(signedPortionDigest) && ndn_memcmp
(signature.buf(), signedPortionDigest, sizeof(signedPortionDigest)) == 0;
}
int
ndn_RsaPublicKey_verifyWithSha256
(const struct ndn_RsaPublicKey *self, const uint8_t *signature,
size_t signatureLength, const uint8_t *data, size_t dataLength)
{
// Set digest to the digest of the signed portion of the signedBlob.
uint8_t digest[ndn_SHA256_DIGEST_SIZE];
ndn_digestSha256(data, dataLength, digest);
return RSA_verify
(NID_sha256, digest, sizeof(digest), (uint8_t *)signature, signatureLength,
self->publicKey) == 1;
}
void
NdndIdFetcher::operator()(const ptr_lib::shared_ptr<const Interest>& interest, const ptr_lib::shared_ptr<Data>& ndndIdData)
{
if (ndndIdData->getSignature().getType() == Signature::Sha256WithRsa)
{
ndndId_.resize(32);
ndn_digestSha256(ndndIdData->getContent().value(), ndndIdData->getContent().value_size(), ndndId_.buf());
onSuccess_();
}
else
onFailure_();
}
Blob
PublicKey::getDigest(DigestAlgorithm digestAlgorithm) const
{
if (digestAlgorithm == DIGEST_ALGORITHM_SHA256) {
uint8_t digest[SHA256_DIGEST_LENGTH];
ndn_digestSha256(keyDer_.buf(), keyDer_.size(), digest);
return Blob(digest, sizeof(digest));
}
else
throw UnrecognizedDigestAlgorithmException("Wrong format!");
}
string
FilePrivateKeyStorage::nameTransform
(const string& keyName, const string& extension)
{
uint8_t hash[SHA256_DIGEST_LENGTH];
ndn_digestSha256((uint8_t*)&keyName[0], keyName.size(), hash);
string digest = toBase64(hash, sizeof(hash));
trim(digest);
std::replace(digest.begin(), digest.end(), '/', '%');
return keyStorePath_ + "/" + digest + extension;
}
ndn_Error
ndn_RsaPrivateKey_signWithSha256
(const struct ndn_RsaPrivateKey *self, const uint8_t *data, size_t dataLength,
uint8_t *signature, size_t *signatureLength)
{
// Make a temporary length variable of the correct type.
unsigned int tempSignatureLength;
uint8_t digest[ndn_SHA256_DIGEST_SIZE];
ndn_digestSha256(data, dataLength, digest);
if (!RSA_sign(NID_sha256, digest, sizeof(digest), (unsigned char *)signature,
&tempSignatureLength, self->privateKey))
return NDN_ERROR_Error_in_sign_operation;
*signatureLength = tempSignatureLength;
return NDN_ERROR_success;
}
void
IdentityManager::signWithSha256(Data &data, WireFormat& wireFormat)
{
data.setSignature(DigestSha256Signature());
// Encode once to get the signed portion.
SignedBlob encoding = data.wireEncode(wireFormat);
// Digest and set the signature.
uint8_t signedPortionDigest[ndn_SHA256_DIGEST_SIZE];
ndn_digestSha256
(encoding.signedBuf(), encoding.signedSize(), signedPortionDigest);
data.getSignature()->setSignature
(Blob(signedPortionDigest, sizeof(signedPortionDigest)));
// Encode again to include the signature.
data.wireEncode(wireFormat);
}
void
IdentityManager::signInterestWithSha256
(Interest& interest, WireFormat& wireFormat)
{
DigestSha256Signature signature;
// Append the encoded SignatureInfo.
interest.getName().append(wireFormat.encodeSignatureInfo(signature));
// Append an empty signature so that the "signedPortion" is correct.
interest.getName().append(Name::Component());
// Encode once to get the signed portion.
SignedBlob encoding = interest.wireEncode(wireFormat);
// Digest and set the signature.
uint8_t signedPortionDigest[ndn_SHA256_DIGEST_SIZE];
ndn_digestSha256
(encoding.signedBuf(), encoding.signedSize(), signedPortionDigest);
signature.setSignature(Blob(signedPortionDigest, sizeof(signedPortionDigest)));
// Remove the empty signature and append the real one.
interest.setName(interest.getName().getPrefix(-1).append
(wireFormat.encodeSignatureValue(signature)));
}
Blob
FilePrivateKeyStorage::sign
(const uint8_t *data, size_t dataLength, const Name& keyName,
DigestAlgorithm digestAlgorithm)
{
string keyURI = keyName.toUri();
if (!doesKeyExist(keyName, KEY_CLASS_PRIVATE))
throw SecurityException
("FilePrivateKeyStorage::sign: private key doesn't exist");
if (digestAlgorithm != DIGEST_ALGORITHM_SHA256)
throw SecurityException
("FilePrivateKeyStorage::sign: Unsupported digest algorithm");
// Read the private key.
ifstream file(nameTransform(keyURI, ".pri").c_str());
stringstream base64;
base64 << file.rdbuf();
vector<uint8_t> pkcs8Der;
fromBase64(base64.str(), pkcs8Der);
// The private key is generated by NFD which stores as PKCS #8. Decode it
// to find the algorithm OID and the inner private key DER.
ptr_lib::shared_ptr<DerNode> parsedNode = DerNode::parse(&pkcs8Der[0], 0);
const std::vector<ptr_lib::shared_ptr<DerNode> >& pkcs8Children =
parsedNode->getChildren();
// Get the algorithm OID and parameters.
const std::vector<ptr_lib::shared_ptr<DerNode> >& algorithmIdChildren =
DerNode::getSequence(pkcs8Children, 1).getChildren();
string oidString
(dynamic_cast<DerNode::DerOid&>(*algorithmIdChildren[0]).toVal().toRawStr());
ptr_lib::shared_ptr<DerNode> algorithmParameters = algorithmIdChildren[1];
// Get the value of the 3rd child which is the octet string.
Blob privateKeyDer = pkcs8Children[2]->toVal();
// Get the digest to sign.
uint8_t digest[SHA256_DIGEST_LENGTH];
ndn_digestSha256(data, dataLength, digest);
// TODO: use RSA_size, etc. to get the proper size of the signature buffer.
uint8_t signatureBits[1000];
unsigned int signatureBitsLength;
// Decode the private key and sign.
if (oidString == RSA_ENCRYPTION_OID) {
// Use a temporary pointer since d2i updates it.
const uint8_t* derPointer = privateKeyDer.buf();
rsa_st* privateKey = d2i_RSAPrivateKey(NULL, &derPointer, privateKeyDer.size());
if (!privateKey)
throw SecurityException
("FilePrivateKeyStorage::sign: Error decoding the RSA private key DER");
int success = RSA_sign
(NID_sha256, digest, sizeof(digest), signatureBits, &signatureBitsLength,
privateKey);
// Free the private key before checking for success.
RSA_free(privateKey);
if (!success)
throw SecurityException("FilePrivateKeyStorage::sign: Error in RSA_sign");
}
else if (oidString == EC_ENCRYPTION_OID) {
ec_key_st* privateKey = decodeEcPrivateKey(algorithmParameters, privateKeyDer);
int success = ECDSA_sign
(NID_sha256, digest, sizeof(digest), signatureBits, &signatureBitsLength,
privateKey);
// Free the private key before checking for success.
EC_KEY_free(privateKey);
if (!success)
throw SecurityException("FilePrivateKeyStorage::sign: Error in ECDSA_sign");
}
else
throw SecurityException
("FilePrivateKeyStorage::sign: Unrecognized private key OID");
return Blob(signatureBits, (size_t)signatureBitsLength);
}
