diff options
Diffstat (limited to 'libccnx-common/ccnx/common/validation')
15 files changed, 1709 insertions, 0 deletions
diff --git a/libccnx-common/ccnx/common/validation/ccnxValidation_CRC32C.c b/libccnx-common/ccnx/common/validation/ccnxValidation_CRC32C.c new file mode 100644 index 00000000..f8ff7ba4 --- /dev/null +++ b/libccnx-common/ccnx/common/validation/ccnxValidation_CRC32C.c @@ -0,0 +1,214 @@ +/* + * Copyright (c) 2017 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * See SCTP for a discussion of CRC32C http://tools.ietf.org/html/rfc4960#appendix-B + * It is also used by iSCSI and other protocols. + * + * CRC-32C uses an initial value of 0xFFFFFFFF and a final XOR value of 0xFFFFFFFF. + * + */ +#include <config.h> +#include <stdio.h> +#include <LongBow/runtime.h> + +#include <parc/algol/parc_Memory.h> +#include <parc/security/parc_CryptoHasher.h> + +#include <ccnx/common/internal/ccnx_ValidationFacadeV1.h> +#include <ccnx/common/codec/schema_v1/ccnxCodecSchemaV1_TlvDictionary.h> + +#include <fcntl.h> +#include <errno.h> + +typedef struct crc32_signer { + PARCCryptoHasher *hasher; +} _CRC32Signer; + +typedef struct crc32_verifier { + PARCCryptoHasher *hasher; +} _CRC32Verifier; + +bool +ccnxValidationCRC32C_Set(CCNxTlvDictionary *message) +{ + bool success = true; + switch (ccnxTlvDictionary_GetSchemaVersion(message)) { + case CCNxTlvDictionary_SchemaVersion_V1: { + success &= ccnxTlvDictionary_PutInteger(message, CCNxCodecSchemaV1TlvDictionary_ValidationFastArray_CRYPTO_SUITE, PARCCryptoSuite_NULL_CRC32C); + + break; + } + + default: + trapIllegalValue(message, "Unknown schema version: %d", ccnxTlvDictionary_GetSchemaVersion(message)); + } + return success; +} + +bool +ccnxValidationCRC32C_Test(const CCNxTlvDictionary *message) +{ + switch (ccnxTlvDictionary_GetSchemaVersion(message)) { + case CCNxTlvDictionary_SchemaVersion_V1: { + if (ccnxTlvDictionary_IsValueInteger(message, CCNxCodecSchemaV1TlvDictionary_ValidationFastArray_CRYPTO_SUITE)) { + uint64_t cryptosuite = ccnxTlvDictionary_GetInteger(message, CCNxCodecSchemaV1TlvDictionary_ValidationFastArray_CRYPTO_SUITE); + return (cryptosuite == PARCCryptoSuite_NULL_CRC32C); + } + return false; + } + + default: + trapIllegalValue(message, "Unknown schema version: %d", ccnxTlvDictionary_GetSchemaVersion(message)); + } + return false; +} + +static bool +_crc32cSigner_Destructor(_CRC32Signer **interfaceContextPtr) +{ + _CRC32Signer *signer = *interfaceContextPtr; + parcCryptoHasher_Release(&signer->hasher); + return true; +} + +parcObject_ImplementAcquire(_crc32CSigner, _CRC32Signer); +parcObject_ImplementRelease(_crc32CSigner, _CRC32Signer); + +parcObject_Override(_CRC32Signer, PARCObject, + .destructor = (PARCObjectDestructor *) _crc32cSigner_Destructor); + +static bool +_crc32Verifier_Destructor(_CRC32Verifier **verifierPtr) +{ + _CRC32Verifier *verifier = (_CRC32Verifier *) *verifierPtr; + + parcCryptoHasher_Release(&(verifier->hasher)); + return true; +} + +parcObject_ImplementAcquire(_crc32Verifier, _CRC32Verifier); +parcObject_ImplementRelease(_crc32Verifier, _CRC32Verifier); + +parcObject_Override(_CRC32Verifier, PARCObject, + .destructor = (PARCObjectDestructor *) _crc32Verifier_Destructor); + +static PARCSignature * +_crc32Signer_SignDigest(_CRC32Signer *interfaceContext, const PARCCryptoHash *cryptoHash) +{ + PARCSignature *signature = + parcSignature_Create(PARCSigningAlgortihm_NULL, PARCCryptoHashType_CRC32C, parcCryptoHash_GetDigest(cryptoHash)); + return signature; +} + +static PARCSigningAlgorithm +_crc32Signer_GetSigningAlgorithm(_CRC32Signer *interfaceContext) +{ + return PARCSigningAlgortihm_NULL; +} + +static PARCCryptoHashType +_crc32Signer_GetCryptoHashType(_CRC32Signer *interfaceContext) +{ + return PARCCryptoHashType_CRC32C; +} + +static PARCCryptoHasher * +_crc32Signer_GetCryptoHasher(_CRC32Signer *signer) +{ + return signer->hasher; +} + +static PARCCryptoHasher * +_crc32Verifier_GetCryptoHasher(_CRC32Verifier *verifier, PARCKeyId *keyid, PARCCryptoHashType hashType) +{ + assertTrue(hashType == PARCCryptoHashType_CRC32C, "Only supports PARCCryptoHashType_CRC32C, got request for %s", parcCryptoHashType_ToString(hashType)); + + return verifier->hasher; +} + +static bool +_crc32Verifier_VerifyDigest(_CRC32Verifier *verifier, PARCKeyId *keyid, PARCCryptoHash *locallyComputedHash, + PARCCryptoSuite suite, PARCSignature *signatureToVerify) +{ + assertTrue(suite == PARCCryptoSuite_NULL_CRC32C, "Only supports PARC_SUITE_NULL_CRC32C, got request for %d", suite); + + PARCBuffer *calculatedCrc = parcCryptoHash_GetDigest(locallyComputedHash); + + // the signature is the CRC, so we just need to compare to the to calculated CRC32C "hash" + PARCBuffer *crcToVerify = parcSignature_GetSignature(signatureToVerify); + + return parcBuffer_Equals(calculatedCrc, crcToVerify); +} + +static bool +_crc32Verifier_AllowedCryptoSuite(_CRC32Verifier *verifier, PARCKeyId *keyid, PARCCryptoSuite suite) +{ + return (suite == PARCCryptoSuite_NULL_CRC32C); +} + +PARCSigningInterface *CRC32SignerAsPARCSigner = &(PARCSigningInterface) { + .GetCryptoHasher = (PARCCryptoHasher * (*)(void *))_crc32Signer_GetCryptoHasher, + .SignDigest = (PARCSignature * (*)(void *, const PARCCryptoHash *))_crc32Signer_SignDigest, + .GetSigningAlgorithm = (PARCSigningAlgorithm (*)(void *))_crc32Signer_GetSigningAlgorithm, + .GetCryptoHashType = (PARCCryptoHashType (*)(void *))_crc32Signer_GetCryptoHashType +}; + +PARCVerifierInterface *CRC32VerifierAsPARCVerifier = &(PARCVerifierInterface) { + .GetCryptoHasher = (PARCCryptoHasher * (*)(void *, PARCKeyId *, PARCCryptoHashType))_crc32Verifier_GetCryptoHasher, + .VerifyDigest = (bool (*)(void *, PARCKeyId *, PARCCryptoHash *, PARCCryptoSuite, PARCSignature *))_crc32Verifier_VerifyDigest, + .AddKey = NULL, + .RemoveKeyId = NULL, + .AllowedCryptoSuite = (bool (*)(void *, PARCKeyId *, PARCCryptoSuite))_crc32Verifier_AllowedCryptoSuite, +}; + +static PARCSigner * +_crc32Signer_Create(void) +{ + _CRC32Signer *crc32Signer = parcObject_CreateInstance(_CRC32Signer); + assertNotNull(crc32Signer, "parcObject_CreateInstance returned NULL"); + + crc32Signer->hasher = parcCryptoHasher_Create(PARCCryptoHashType_CRC32C); + PARCSigner *signer = parcSigner_Create(crc32Signer, CRC32SignerAsPARCSigner); + _crc32CSigner_Release(&crc32Signer); + + return signer; +} + +PARCSigner * +ccnxValidationCRC32C_CreateSigner(void) +{ + return _crc32Signer_Create(); +} + +static PARCVerifier * +_crc32Verifier_Create(void) +{ + _CRC32Verifier *crcVerifier = parcObject_CreateInstance(_CRC32Verifier); + assertNotNull(crcVerifier, "parcObject_CreateInstance returned NULL"); + + crcVerifier->hasher = parcCryptoHasher_Create(PARCCryptoHashType_CRC32C); + + PARCVerifier *verifier = parcVerifier_Create(crcVerifier, CRC32VerifierAsPARCVerifier); + _crc32Verifier_Release(&crcVerifier); + + return verifier; +} + +PARCVerifier * +ccnxValidationCRC32C_CreateVerifier(void) +{ + return _crc32Verifier_Create(); +} diff --git a/libccnx-common/ccnx/common/validation/ccnxValidation_CRC32C.h b/libccnx-common/ccnx/common/validation/ccnxValidation_CRC32C.h new file mode 100755 index 00000000..4d26015a --- /dev/null +++ b/libccnx-common/ccnx/common/validation/ccnxValidation_CRC32C.h @@ -0,0 +1,87 @@ +/* + * Copyright (c) 2017 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @file ccnxValidation_CRC32C.h + * @brief <#Brief Description#> + * + * <#Detailed Description#> + * + */ +#ifndef CCNx_Common_ccnxValidation_CRC32C_h +#define CCNx_Common_ccnxValidation_CRC32C_h + +#include <parc/security/parc_Signer.h> +#include <parc/security/parc_Verifier.h> +#include <ccnx/common/internal/ccnx_TlvDictionary.h> + +/** + * Sets the Validation algorithm to RSA-SHA256 + * + * Sets the validation algorithm to be RSA with a SHA-256 digest. Optionally includes + * a KeyId and KeyLocator with the message. + * + * @param [in] message The message dictionary + * + * @return `true` success + * @return `false` failure + * + * Example: + * @code + * <#example#> + * @endcode + */ +bool ccnxValidationCRC32C_Set(CCNxTlvDictionary *message); + +/** + * Determines if the validation algorithm is RSA-SHA256 * + * @param [in] message The message to check + * + * @return `true` The validation algorithm in the dictionary is this one + * @return `false` The validaiton algorithm in the dictionary is something else or not present + * + * Example: + * @code + * <#example#> + * @endcode + */ +bool ccnxValidationCRC32C_Test(const CCNxTlvDictionary *message); + +/** + * Creates a signer to compute a CRC32C + * + * @return non-null An allocated signer + * @return null An error + * + * Example: + * @code + * <#example#> + * @endcode + */ +PARCSigner *ccnxValidationCRC32C_CreateSigner(void); + +/** + * Creates a verifier to check a CRC32C "signature" + * + * @return non-null An allocated verifier + * @return null An error + * + * Example: + * @code + * <#example#> + * @endcode + */ +PARCVerifier *ccnxValidationCRC32C_CreateVerifier(void); +#endif // CCNx_Common_ccnxValidation_CRC32C_h diff --git a/libccnx-common/ccnx/common/validation/ccnxValidation_EcSecp256K1.c b/libccnx-common/ccnx/common/validation/ccnxValidation_EcSecp256K1.c new file mode 100755 index 00000000..d40a8378 --- /dev/null +++ b/libccnx-common/ccnx/common/validation/ccnxValidation_EcSecp256K1.c @@ -0,0 +1,75 @@ +/* + * Copyright (c) 2017 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + */ +#include <config.h> +#include <stdio.h> +#include <LongBow/runtime.h> + +#include <ccnx/common/internal/ccnx_ValidationFacadeV1.h> +#include <ccnx/common/codec/schema_v1/ccnxCodecSchemaV1_TlvDictionary.h> + +// ======================================================================================== + +/** + * Sets the Validation algorithm to EC-SECP-256K1 + * + * Sets the validation algorithm to be Elliptical Curve with SECP-256K1 parameters. Optionally includes + * a KeyId and KeyLocator with the message. + * + * @param [in] message The message dictionary + * @param [in] keyid (Optional) The KEYID to include the the message + * @param [in] keyLocator (Optional) The KEY LOCATOR to include in the message + * + * @return <#value#> <#explanation#> + * + * Example: + * @code + * <#example#> + * @endcode + */ +bool +ccnxValidationEcSecp256K1_Set(CCNxTlvDictionary *message, const PARCBuffer *keyid, const CCNxKeyLocator *keyLocator) +{ + bool success = true; + switch (ccnxTlvDictionary_GetSchemaVersion(message)) { + case CCNxTlvDictionary_SchemaVersion_V1: { + success &= ccnxTlvDictionary_PutInteger(message, CCNxCodecSchemaV1TlvDictionary_ValidationFastArray_CRYPTO_SUITE, PARCCryptoSuite_EC_SECP_256K1); + + if (keyid) { + success &= ccnxTlvDictionary_PutBuffer(message, CCNxCodecSchemaV1TlvDictionary_ValidationFastArray_KEYID, keyid); + } + + success &= ccnxValidationFacadeV1_SetKeyLocator(message, (CCNxKeyLocator *) keyLocator); // un-consting + + break; + } + + default: + trapIllegalValue(message, "Unknown schema version: %d", ccnxTlvDictionary_GetSchemaVersion(message)); + } + return success; +} + +bool +ccnxValidationEcSecp256K1_Test(const CCNxTlvDictionary *message) +{ + if (ccnxTlvDictionary_IsValueInteger(message, CCNxCodecSchemaV1TlvDictionary_ValidationFastArray_CRYPTO_SUITE)) { + uint64_t cryptosuite = ccnxTlvDictionary_GetInteger(message, CCNxCodecSchemaV1TlvDictionary_ValidationFastArray_CRYPTO_SUITE); + return (cryptosuite == PARCCryptoSuite_EC_SECP_256K1); + } + return false; +} diff --git a/libccnx-common/ccnx/common/validation/ccnxValidation_EcSecp256K1.h b/libccnx-common/ccnx/common/validation/ccnxValidation_EcSecp256K1.h new file mode 100755 index 00000000..3c949769 --- /dev/null +++ b/libccnx-common/ccnx/common/validation/ccnxValidation_EcSecp256K1.h @@ -0,0 +1,129 @@ +/* + * Copyright (c) 2017 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @file ccnxValidation_EcSecp256K1.h + * @brief <#Brief Description#> + * + * <#Detailed Description#> + * + */ +#ifndef CCNx_Common_ccnxValidation_EcSecp256K1_h +#define CCNx_Common_ccnxValidation_EcSecp256K1_h + +#include <stdbool.h> +#include <ccnx/common/internal/ccnx_TlvDictionary.h> +#include <ccnx/common/ccnx_KeyLocator.h> + +/** + * + * Sets the validation algorithm to be Elliptical Curve with SECP-256K1 parameters. + * Optionally includes a KeyId and KeyLocator with the message. + * + * @param [in] message The message dictionary + * @param [in] keyid (Optional) The KEYID to include the the message + * @param [in] keyLocator (Optional) The KEY LOCATOR to include in the message + * + * @return true success + * @return false failure + * + * Example: + * @code + * <#example#> + * @endcode + */ +bool ccnxValidationEcSecp256K1_Set(CCNxTlvDictionary *message, const PARCBuffer *keyid, const CCNxKeyLocator *keyLocator); + +/** + * Determines if the validation algorithm is Elliptical Curve with SECP-256K1 parameters. + * + * <#Paragraphs Of Explanation#> + * + * @param [in] message The message to check + * + * @return true The validation algorithm in the dictionary is this one + * @return false The validaiton algorithm in the dictionary is something else or not present + * + * Example: + * @code + * <#example#> + * @endcode + */ +bool ccnxValidationEcSecp256K1_Test(const CCNxTlvDictionary *message); + +/** + * Returns the KeyId associated with the validation algorithm + * + * <#Paragraphs Of Explanation#> + * + * @param [in] message The message to check + * + * @return non-NULL the keyid + * @return null An error or no keyid or no validation algorithm in the message + * + * Example: + * @code + * <#example#> + * @endcode + */ +PARCBuffer *ccnxValidationEcSecp256K1_GetKeyId(const CCNxTlvDictionary *message); + +/** + * Returns the KeyName associated with the validation algorithm + * + * This should return a LINK, see case 1018 + * + * @param [in] message The message to check + * + * @return non-NULL the KeyName + * @return null An error or no keyid or no validation algorithm in the message + * + * Example: + * @code + * <#example#> + * @endcode + */ +CCNxName *ccnxValidationEcSecp256K1_GetKeyLocatorName(const CCNxTlvDictionary *message); + +/** + * Returns the PublicKey associated with the validation algorithm + * + * @param [in] message The message to check + * + * @return non-NULL the PublicKey (DER encoded) + * @return null An error or no public key or no validation algorithm in the message + * + * Example: + * @code + * <#example#> + * @endcode + */ +PARCBuffer *ccnxValidationEcSecp256K1_GetKeyLocatorPublicKey(const CCNxTlvDictionary *message); + +/** + * Returns the Certificate associated with the validation algorithm + * + * @param [in] message The message to check + * + * @return non-NULL the Certificate (DER encoded) + * @return null An error or no certificate or no validation algorithm in the message + * + * Example: + * @code + * <#example#> + * @endcode + */ +PARCBuffer *ccnxValidationEcSecp256K1_GetKeyLocatorCertificate(const CCNxTlvDictionary *message); +#endif // CCNx_Common_ccnxValidation_EcSecp256K1_h diff --git a/libccnx-common/ccnx/common/validation/ccnxValidation_HmacSha256.c b/libccnx-common/ccnx/common/validation/ccnxValidation_HmacSha256.c new file mode 100644 index 00000000..5202508e --- /dev/null +++ b/libccnx-common/ccnx/common/validation/ccnxValidation_HmacSha256.c @@ -0,0 +1,100 @@ +/* + * Copyright (c) 2017 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + */ +#include <config.h> +#include <stdio.h> +#include <LongBow/runtime.h> + +#include <ccnx/common/codec/schema_v1/ccnxCodecSchemaV1_TlvDictionary.h> + +#include <parc/security/parc_Verifier.h> +#include <parc/security/parc_SymmetricKeyStore.h> +#include <parc/security/parc_SymmetricKeySigner.h> + +/** + * Sets the Validation algorithm to HMAC with SHA-256 hash + * + * Sets the validation algorithm to be HMAC with a SHA-256 digest. Optionally includes + * a KeyId with the message. + * + * @param [in] message The message dictionary + * @param [in] keyid (Optional) The KEYID to include the the message + * + * @return <#value#> <#explanation#> + * + * Example: + * @code + * <#example#> + * @endcode + */ +bool +ccnxValidationHmacSha256_Set(CCNxTlvDictionary *message, const PARCBuffer *keyid) +{ + bool success = true; + switch (ccnxTlvDictionary_GetSchemaVersion(message)) { + case CCNxTlvDictionary_SchemaVersion_V1: { + success &= ccnxTlvDictionary_PutInteger(message, CCNxCodecSchemaV1TlvDictionary_ValidationFastArray_CRYPTO_SUITE, PARCCryptoSuite_HMAC_SHA256); + + if (keyid) { + success &= ccnxTlvDictionary_PutBuffer(message, CCNxCodecSchemaV1TlvDictionary_ValidationFastArray_KEYID, keyid); + } + + break; + } + + default: + trapIllegalValue(message, "Unknown schema version: %d", ccnxTlvDictionary_GetSchemaVersion(message)); + } + return success; +} + +bool +ccnxValidationHmacSha256_Test(const CCNxTlvDictionary *message) +{ + switch (ccnxTlvDictionary_GetSchemaVersion(message)) { + case CCNxTlvDictionary_SchemaVersion_V1: { + if (ccnxTlvDictionary_IsValueInteger(message, CCNxCodecSchemaV1TlvDictionary_ValidationFastArray_CRYPTO_SUITE)) { + uint64_t cryptosuite = ccnxTlvDictionary_GetInteger(message, CCNxCodecSchemaV1TlvDictionary_ValidationFastArray_CRYPTO_SUITE); + return (cryptosuite == PARCCryptoSuite_HMAC_SHA256); + } + return false; + } + + default: + trapIllegalValue(message, "Unknown schema version: %d", ccnxTlvDictionary_GetSchemaVersion(message)); + } + return false; +} + +PARCSigner * +ccnxValidationHmacSha256_CreateSigner(PARCBuffer *secretKey) +{ + PARCSymmetricKeyStore *keyStore = parcSymmetricKeyStore_Create(secretKey); + PARCSymmetricKeySigner *symmetricSigner = parcSymmetricKeySigner_Create(keyStore, PARCCryptoHashType_SHA256); + parcSymmetricKeyStore_Release(&keyStore); + + PARCSigner *signer = parcSigner_Create(symmetricSigner, PARCSymmetricKeySignerAsSigner); + parcSymmetricKeySigner_Release(&symmetricSigner); + + return signer; +} + +PARCVerifier * +ccnxValidationHmacSha256_CreateVerifier(PARCBuffer *secretKey) +{ + trapNotImplemented("not finished yet"); +} diff --git a/libccnx-common/ccnx/common/validation/ccnxValidation_HmacSha256.h b/libccnx-common/ccnx/common/validation/ccnxValidation_HmacSha256.h new file mode 100755 index 00000000..94f6af75 --- /dev/null +++ b/libccnx-common/ccnx/common/validation/ccnxValidation_HmacSha256.h @@ -0,0 +1,100 @@ +/* + * Copyright (c) 2017 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @file ccnxValidation_HmacSha256.h + * @brief <#Brief Description#> + * + * <#Detailed Description#> + * + */ +#ifndef CCNx_Common_ccnxValidation_HmacSha256_h +#define CCNx_Common_ccnxValidation_HmacSha256_h + +#include <parc/security/parc_Signer.h> +#include <parc/security/parc_Verifier.h> +#include <ccnx/common/internal/ccnx_TlvDictionary.h> + +/** + * Sets the Validation algorithm to HMAC-SHA256 + * + * Sets the validation algorithm to be HMAC with a SHA-256 digest. Optionally includes a KeyId + * + * @param [in] message The message dictionary + * @param [in] keyid (Optional) The KEYID to include the the message + * + * @return true success + * @return false failure + * + * Example: + * @code + * <#example#> + * @endcode + */ +bool ccnxValidationHmacSha256_Set(CCNxTlvDictionary *message, const PARCBuffer *keyid); + +/** + * Determines if the validation algorithm is RSA-SHA256 + * + * <#Paragraphs Of Explanation#> + * + * @param [in] message The message to check + * + * @return true The validation algorithm in the dictionary is this one + * @return false The validaiton algorithm in the dictionary is something else or not present + * + * Example: + * @code + * <#example#> + * @endcode + */ +bool ccnxValidationHmacSha256_Test(const CCNxTlvDictionary *message); + +/** + * Creates a signer using a specified secret key + * + * <#Paragraphs Of Explanation#> + * + * @param [in] secretKey The key to use as the authenticator + * + * @return non-null An allocated signer + * @return null An error + * + * Example: + * @code + * <#example#> + * @endcode + */ +PARCSigner *ccnxValidationHmacSha256_CreateSigner(PARCBuffer *secretKey); + +/** + * Creates a verifier to check a CRC32C "signature" + * + * Once the Verifier is created, you can add more keys using + * parcVerifier_AddKey(). If you provide a secretKey in the call, it will + * be added to the verifier automatically. + * + * @param [in] secretKey (Optional) The key to use as the authenticator, or NULL. + * + * @return non-null An allocated verifier + * @return null An error + * + * Example: + * @code + * <#example#> + * @endcode + */ +PARCVerifier *ccnxValidationHmacSha256_CreateVerifier(PARCBuffer *secretKey); +#endif // CCNx_Common_ccnxValidation_HmacSha256_h diff --git a/libccnx-common/ccnx/common/validation/ccnxValidation_RsaSha256.c b/libccnx-common/ccnx/common/validation/ccnxValidation_RsaSha256.c new file mode 100644 index 00000000..39590a9d --- /dev/null +++ b/libccnx-common/ccnx/common/validation/ccnxValidation_RsaSha256.c @@ -0,0 +1,51 @@ +/* + * Copyright (c) 2017 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + */ +#include <config.h> +#include <stdio.h> +#include <LongBow/runtime.h> + +#include <ccnx/common/internal/ccnx_ValidationFacadeV1.h> + +#include <ccnx/common/codec/schema_v1/ccnxCodecSchemaV1_TlvDictionary.h> + +// ======================================================================================== + +bool +ccnxValidationRsaSha256_Set(CCNxTlvDictionary *message, const PARCBuffer *keyid, const CCNxKeyLocator *keyLocator) +{ + bool success = true; + success &= ccnxTlvDictionary_PutInteger(message, CCNxCodecSchemaV1TlvDictionary_ValidationFastArray_CRYPTO_SUITE, PARCCryptoSuite_RSA_SHA256); + + if (keyid) { + success &= ccnxTlvDictionary_PutBuffer(message, CCNxCodecSchemaV1TlvDictionary_ValidationFastArray_KEYID, keyid); + } + + success &= ccnxValidationFacadeV1_SetKeyLocator(message, (CCNxKeyLocator *) keyLocator); // un-consting + + return success; +} + +bool +ccnxValidationRsaSha256_Test(const CCNxTlvDictionary *message) +{ + if (ccnxTlvDictionary_IsValueInteger(message, CCNxCodecSchemaV1TlvDictionary_ValidationFastArray_CRYPTO_SUITE)) { + uint64_t cryptosuite = ccnxTlvDictionary_GetInteger(message, CCNxCodecSchemaV1TlvDictionary_ValidationFastArray_CRYPTO_SUITE); + return (cryptosuite == PARCCryptoSuite_RSA_SHA256); + } + return false; +} diff --git a/libccnx-common/ccnx/common/validation/ccnxValidation_RsaSha256.h b/libccnx-common/ccnx/common/validation/ccnxValidation_RsaSha256.h new file mode 100755 index 00000000..f1835dca --- /dev/null +++ b/libccnx-common/ccnx/common/validation/ccnxValidation_RsaSha256.h @@ -0,0 +1,68 @@ +/* + * Copyright (c) 2017 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @file ccnxValidation_RsaSha256.h + * @brief <#Brief Description#> + * + * The RsaSha256 validation algorithm uses standard locations for KeyId, PublicKey, Certificate, and KeyName, + * so you should use ccnxValidationFacade getters to retrieve them. + * + */ +#ifndef CCNx_Common_ccnxValidation_RsaSha256_h +#define CCNx_Common_ccnxValidation_RsaSha256_h + +#include <stdbool.h> +#include <parc/algol/parc_Buffer.h> +#include <ccnx/common/ccnx_KeyLocator.h> +#include <ccnx/common/internal/ccnx_TlvDictionary.h> + +/** + * Sets the Validation algorithm to RSA-SHA256 + * + * Sets the validation algorithm to be RSA with a SHA-256 digest. Optionally includes + * a KeyId and KeyLocator with the message. + * + * @param [in] message The message dictionary + * @param [in] keyid (Optional) The KEYID to include the the message + * @param [in] keyLocator (Optional) The KEY LOCATOR to include in the message + * + * @return true success + * @return false failure + * + * Example: + * @code + * <#example#> + * @endcode + */ +bool ccnxValidationRsaSha256_Set(CCNxTlvDictionary *message, const PARCBuffer *keyid, const CCNxKeyLocator *keyLocator); + +/** + * Determines if the validation algorithm is RSA-SHA256 + * + * <#Paragraphs Of Explanation#> + * + * @param [in] message The message to check + * + * @return true The validation algorithm in the dictionary is this one + * @return false The validaiton algorithm in the dictionary is something else or not present + * + * Example: + * @code + * <#example#> + * @endcode + */ +bool ccnxValidationRsaSha256_Test(const CCNxTlvDictionary *message); +#endif // CCNx_Common_ccnxValidation_RsaSha256_h diff --git a/libccnx-common/ccnx/common/validation/test/.gitignore b/libccnx-common/ccnx/common/validation/test/.gitignore new file mode 100644 index 00000000..d5f2004f --- /dev/null +++ b/libccnx-common/ccnx/common/validation/test/.gitignore @@ -0,0 +1,4 @@ +test_ccnxValidation_CRC32C +test_ccnxValidation_EcSecp256K1 +test_ccnxValidation_HmacSha256 +test_ccnxValidation_RsaSha256 diff --git a/libccnx-common/ccnx/common/validation/test/CMakeLists.txt b/libccnx-common/ccnx/common/validation/test/CMakeLists.txt new file mode 100644 index 00000000..90f678f7 --- /dev/null +++ b/libccnx-common/ccnx/common/validation/test/CMakeLists.txt @@ -0,0 +1,16 @@ +# Enable gcov output for the tests +add_definitions(--coverage) +set(CMAKE_EXE_LINKER_FLAGS ${CMAKE_EXE_LINKER_FLAGS} " --coverage") + +set(TestsExpectedToPass + test_ccnxValidation_CRC32C + test_ccnxValidation_EcSecp256K1 + test_ccnxValidation_HmacSha256 + test_ccnxValidation_RsaSha256 +) + + +foreach(test ${TestsExpectedToPass}) + AddTest(${test}) +endforeach() + diff --git a/libccnx-common/ccnx/common/validation/test/test_ccnxValidation_CRC32C.c b/libccnx-common/ccnx/common/validation/test/test_ccnxValidation_CRC32C.c new file mode 100755 index 00000000..90eae917 --- /dev/null +++ b/libccnx-common/ccnx/common/validation/test/test_ccnxValidation_CRC32C.c @@ -0,0 +1,203 @@ +/* + * Copyright (c) 2017 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + */ + +// Include the file(s) containing the functions to be tested. +// This permits internal static functions to be visible to this Test Framework. +#include "../ccnxValidation_CRC32C.c" +#include <parc/algol/parc_SafeMemory.h> + +#include <LongBow/unit-test.h> +#include "testrig_validation.c" + +#include <sys/time.h> + +/* + * Ground truth set derived from CRC RevEng http://reveng.sourceforge.net + * e.g. reveng -c -m CRC-32C 313233343536373839 gives the canonical check value 0xe306928e + * + * You can also calcaulate them online at http://www.zorc.breitbandkatze.de/crc.html using + * CRC polynomial 0x1EDC6F41, init 0xFFFFFFFF, final 0xFFFFFFFF, reverse data bytes (check), + * and reverse CRC result before final XOR (check). + * + */ +struct test_vector { + uint32_t crc32c; + int length; + uint8_t *buffer; +} vectors[] = { + { .crc32c = 0xe3069283, .length = 9, .buffer = (uint8_t []) { '1', '2', '3', '4', '5', '6', '7', '8', '9' } }, + { .crc32c = 0xddb65633, .length = 1, .buffer = (uint8_t []) { 0x3D } }, + { .crc32c = 0xc203c1fd, .length = 2, .buffer = (uint8_t []) { 0x3D, 0x41 } }, + { .crc32c = 0x80a9d169, .length = 3, .buffer = (uint8_t []) { 'b', 'e', 'e' } }, + { .crc32c = 0xa099f534, .length = 4, .buffer = (uint8_t []) { 'h', 'e', 'l', 'l' } }, + { .crc32c = 0x9a71bb4c, .length = 5, .buffer = (uint8_t []) { 'h', 'e', 'l', 'l', 'o' } }, + { .crc32c = 0x2976E503, .length = 6, .buffer = (uint8_t []) { 'g', 'r', 'u', 'm', 'p', 'y' } }, + { .crc32c = 0xe627f441, .length = 7, .buffer = (uint8_t []) { 'a', 'b', 'c', 'd', 'e', 'f', 'g' } }, + { .crc32c = 0x2d265c1d, .length = 13, .buffer = (uint8_t []) { 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'a', 'b', 'c', 'd', 'e', 'f'} }, + { .crc32c = 0, .length = 0, .buffer = NULL } +}; + +LONGBOW_TEST_RUNNER(ccnxValidation_CRC32C) +{ + // The following Test Fixtures will run their corresponding Test Cases. + // Test Fixtures are run in the order specified, but all tests should be idempotent. + // Never rely on the execution order of tests or share state between them. + LONGBOW_RUN_TEST_FIXTURE(Global); +} + +// The Test Runner calls this function once before any Test Fixtures are run. +LONGBOW_TEST_RUNNER_SETUP(ccnxValidation_CRC32C) +{ + parcMemory_SetInterface(&PARCSafeMemoryAsPARCMemory); + return LONGBOW_STATUS_SUCCEEDED; +} + +// The Test Runner calls this function once after all the Test Fixtures are run. +LONGBOW_TEST_RUNNER_TEARDOWN(ccnxValidation_CRC32C) +{ + return LONGBOW_STATUS_SUCCEEDED; +} + +// =========================================================== + +LONGBOW_TEST_FIXTURE(Global) +{ + LONGBOW_RUN_TEST_CASE(Global, ccnxValidationCRC32C_Set); + LONGBOW_RUN_TEST_CASE(Global, ccnxValidationCRC32C_CreateSigner); + LONGBOW_RUN_TEST_CASE(Global, ccnxValidationCRC32C_CreateVerifier); + LONGBOW_RUN_TEST_CASE(Global, ccnxValidationCRC32C_DictionaryCryptoSuiteValue); +} + +LONGBOW_TEST_FIXTURE_SETUP(Global) +{ + longBowTestCase_SetClipBoardData(testCase, commonSetup()); + return LONGBOW_STATUS_SUCCEEDED; +} + +LONGBOW_TEST_FIXTURE_TEARDOWN(Global) +{ + commonTeardown(longBowTestCase_GetClipBoardData(testCase)); + + uint32_t outstandingAllocations = parcSafeMemory_ReportAllocation(STDERR_FILENO); + if (outstandingAllocations != 0) { + printf("%s leaks memory by %d allocations\n", longBowTestCase_GetName(testCase), outstandingAllocations); + return LONGBOW_STATUS_MEMORYLEAK; + } + return LONGBOW_STATUS_SUCCEEDED; +} + +LONGBOW_TEST_CASE(Global, ccnxValidationCRC32C_Set) +{ + // do not test on V0 packets, no support + TestData *data = longBowTestCase_GetClipBoardData(testCase); + testValidationSet_NoParam(data, ccnxValidationCRC32C_Set, ccnxValidationCRC32C_Test, false, true); +} + +LONGBOW_TEST_CASE(Global, ccnxValidationCRC32C_CreateSigner) +{ + PARCSigner *signer = ccnxValidationCRC32C_CreateSigner(); + assertNotNull(signer, "Got null signer"); + + // now run all the test vectors through it + + for (int i = 0; vectors[i].buffer != NULL; i++) { + PARCCryptoHasher *hasher = parcSigner_GetCryptoHasher(signer); + + parcCryptoHasher_Init(hasher); + parcCryptoHasher_UpdateBytes(hasher, vectors[i].buffer, vectors[i].length); + PARCCryptoHash *hash = parcCryptoHasher_Finalize(hasher); + + PARCSignature *sig = parcSigner_SignDigest(signer, hash); + PARCBuffer *sigbits = parcSignature_GetSignature(sig); + uint32_t testCrc = parcBuffer_GetUint32(sigbits); + assertTrue(testCrc == vectors[i].crc32c, + "CRC32C values wrong, index %d got 0x%08x expected 0x%08x\n", + i, testCrc, vectors[i].crc32c); + + parcSignature_Release(&sig); + parcCryptoHash_Release(&hash); + } + + parcSigner_Release(&signer); +} + +LONGBOW_TEST_CASE(Global, ccnxValidationCRC32C_CreateVerifier) +{ + PARCSigner *signer = ccnxValidationCRC32C_CreateSigner(); + assertNotNull(signer, "Got null signer"); + + PARCVerifier *verifier = ccnxValidationCRC32C_CreateVerifier(); + assertNotNull(verifier, "Got null verifier"); + + for (int i = 0; vectors[i].buffer != NULL; i++) { + // Produce the signature + PARCSignature *sig = NULL; + { + PARCCryptoHasher *signingHasher = parcSigner_GetCryptoHasher(signer); + parcCryptoHasher_Init(signingHasher); + parcCryptoHasher_UpdateBytes(signingHasher, vectors[i].buffer, vectors[i].length); + PARCCryptoHash *signingHash = parcCryptoHasher_Finalize(signingHasher); + sig = parcSigner_SignDigest(signer, signingHash); + parcCryptoHash_Release(&signingHash); + } + + // Now do the verification stage + PARCCryptoHash *verifierHash = NULL; + { + PARCCryptoHasher *verifyHasher = parcVerifier_GetCryptoHasher(verifier, NULL, PARCCryptoHashType_CRC32C); + parcCryptoHasher_Init(verifyHasher); + parcCryptoHasher_UpdateBytes(verifyHasher, vectors[i].buffer, vectors[i].length); + verifierHash = parcCryptoHasher_Finalize(verifyHasher); + } + + bool success = parcVerifier_VerifyDigestSignature(verifier, NULL, verifierHash, PARCCryptoSuite_NULL_CRC32C, sig); + + assertTrue(success, + "Failed to verify signature, index %d expected 0x%08x\n", + i, vectors[i].crc32c); + + parcSignature_Release(&sig); + parcCryptoHash_Release(&verifierHash); + } + parcSigner_Release(&signer); + parcVerifier_Release(&verifier); +} + +LONGBOW_TEST_CASE(Global, ccnxValidationCRC32C_DictionaryCryptoSuiteValue) +{ + TestData *data = longBowTestCase_GetClipBoardData(testCase); + + CCNxTlvDictionary *dictionary = ccnxContentObject_CreateWithImplAndPayload(&CCNxContentObjectFacadeV1_Implementation, + data->keyname, + CCNxPayloadType_DATA, + NULL); + ccnxValidationCRC32C_Set(dictionary); + uint64_t cryptosuite = ccnxTlvDictionary_GetInteger(dictionary, CCNxCodecSchemaV1TlvDictionary_ValidationFastArray_CRYPTO_SUITE); + assertTrue(cryptosuite == PARCCryptoSuite_NULL_CRC32C, "Unexpected PARCCryptoSuite value in dictionary"); + + ccnxTlvDictionary_Release(&dictionary); +} + +int +main(int argc, char *argv[]) +{ + LongBowRunner *testRunner = LONGBOW_TEST_RUNNER_CREATE(ccnxValidation_CRC32C); + int exitStatus = longBowMain(argc, argv, testRunner, NULL); + longBowTestRunner_Destroy(&testRunner); + exit(exitStatus); +} diff --git a/libccnx-common/ccnx/common/validation/test/test_ccnxValidation_EcSecp256K1.c b/libccnx-common/ccnx/common/validation/test/test_ccnxValidation_EcSecp256K1.c new file mode 100755 index 00000000..8fe00f35 --- /dev/null +++ b/libccnx-common/ccnx/common/validation/test/test_ccnxValidation_EcSecp256K1.c @@ -0,0 +1,116 @@ +/* + * Copyright (c) 2017 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + */ + +// Include the file(s) containing the functions to be tested. +// This permits internal static functions to be visible to this Test Framework. +#include "../ccnxValidation_EcSecp256K1.c" +#include <parc/algol/parc_SafeMemory.h> + +#include <LongBow/unit-test.h> +#include "testrig_validation.c" + +LONGBOW_TEST_RUNNER(ccnxValidation_EcSecp256K1) +{ + // The following Test Fixtures will run their corresponding Test Cases. + // Test Fixtures are run in the order specified, but all tests should be idempotent. + // Never rely on the execution order of tests or share state between them. + LONGBOW_RUN_TEST_FIXTURE(Global); + LONGBOW_RUN_TEST_FIXTURE(Local); +} + +// The Test Runner calls this function once before any Test Fixtures are run. +LONGBOW_TEST_RUNNER_SETUP(ccnxValidation_EcSecp256K1) +{ + parcMemory_SetInterface(&PARCSafeMemoryAsPARCMemory); + return LONGBOW_STATUS_SUCCEEDED; +} + +// The Test Runner calls this function once after all the Test Fixtures are run. +LONGBOW_TEST_RUNNER_TEARDOWN(ccnxValidation_EcSecp256K1) +{ + return LONGBOW_STATUS_SUCCEEDED; +} + +LONGBOW_TEST_FIXTURE(Global) +{ + LONGBOW_RUN_TEST_CASE(Global, ccnxValidationEcSecp256K1_Set); + LONGBOW_RUN_TEST_CASE(Global, ccnxValidationEcSecp256K1_DictionaryCryptoSuiteValue); +} + +LONGBOW_TEST_FIXTURE_SETUP(Global) +{ + longBowTestCase_SetClipBoardData(testCase, commonSetup()); + return LONGBOW_STATUS_SUCCEEDED; +} + +LONGBOW_TEST_FIXTURE_TEARDOWN(Global) +{ + commonTeardown(longBowTestCase_GetClipBoardData(testCase)); + + uint32_t outstandingAllocations = parcSafeMemory_ReportAllocation(STDERR_FILENO); + if (outstandingAllocations != 0) { + printf("%s leaks memory by %d allocations\n", longBowTestCase_GetName(testCase), outstandingAllocations); + return LONGBOW_STATUS_MEMORYLEAK; + } + return LONGBOW_STATUS_SUCCEEDED; +} + +LONGBOW_TEST_CASE(Global, ccnxValidationEcSecp256K1_Set) +{ + // Do not run over V0 packets, no support + TestData *data = longBowTestCase_GetClipBoardData(testCase); + testValidationSet_KeyId_KeyLocator(data, ccnxValidationEcSecp256K1_Set, ccnxValidationEcSecp256K1_Test, false, true); +} + +LONGBOW_TEST_CASE(Global, ccnxValidationEcSecp256K1_DictionaryCryptoSuiteValue) +{ + TestData *data = longBowTestCase_GetClipBoardData(testCase); + + CCNxTlvDictionary *dictionary = ccnxContentObject_CreateWithImplAndPayload(&CCNxContentObjectFacadeV1_Implementation, + data->keyname, + CCNxPayloadType_DATA, + NULL); + ccnxValidationEcSecp256K1_Set(dictionary, data->keyid, NULL); + uint64_t cryptosuite = ccnxTlvDictionary_GetInteger(dictionary, CCNxCodecSchemaV1TlvDictionary_ValidationFastArray_CRYPTO_SUITE); + assertTrue(cryptosuite == PARCCryptoSuite_EC_SECP_256K1, "Unexpected PARCCryptoSuite value in dictionary"); + + ccnxTlvDictionary_Release(&dictionary); +} + +LONGBOW_TEST_FIXTURE(Local) +{ +} + +LONGBOW_TEST_FIXTURE_SETUP(Local) +{ + return LONGBOW_STATUS_SUCCEEDED; +} + +LONGBOW_TEST_FIXTURE_TEARDOWN(Local) +{ + return LONGBOW_STATUS_SUCCEEDED; +} + +int +main(int argc, char *argv[]) +{ + LongBowRunner *testRunner = LONGBOW_TEST_RUNNER_CREATE(ccnxValidation_EcSecp256K1); + int exitStatus = longBowMain(argc, argv, testRunner, NULL); + longBowTestRunner_Destroy(&testRunner); + exit(exitStatus); +} diff --git a/libccnx-common/ccnx/common/validation/test/test_ccnxValidation_HmacSha256.c b/libccnx-common/ccnx/common/validation/test/test_ccnxValidation_HmacSha256.c new file mode 100755 index 00000000..4d095567 --- /dev/null +++ b/libccnx-common/ccnx/common/validation/test/test_ccnxValidation_HmacSha256.c @@ -0,0 +1,130 @@ +/* + * Copyright (c) 2017 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + */ + +// Include the file(s) containing the functions to be tested. +// This permits internal static functions to be visible to this Test Framework. +#include "../ccnxValidation_HmacSha256.c" +#include <parc/algol/parc_SafeMemory.h> + +#include <parc/algol/parc_Object.h> + +#include <LongBow/unit-test.h> +#include "testrig_validation.c" + +LONGBOW_TEST_RUNNER(ccnxValidation_HmacSha256) +{ + // The following Test Fixtures will run their corresponding Test Cases. + // Test Fixtures are run in the order specified, but all tests should be idempotent. + // Never rely on the execution order of tests or share state between them. + LONGBOW_RUN_TEST_FIXTURE(Global); + LONGBOW_RUN_TEST_FIXTURE(Local); +} + +// The Test Runner calls this function once before any Test Fixtures are run. +LONGBOW_TEST_RUNNER_SETUP(ccnxValidation_HmacSha256) +{ + parcMemory_SetInterface(&PARCSafeMemoryAsPARCMemory); + return LONGBOW_STATUS_SUCCEEDED; +} + +// The Test Runner calls this function once after all the Test Fixtures are run. +LONGBOW_TEST_RUNNER_TEARDOWN(ccnxValidation_HmacSha256) +{ + return LONGBOW_STATUS_SUCCEEDED; +} + +LONGBOW_TEST_FIXTURE(Global) +{ + LONGBOW_RUN_TEST_CASE(Global, ccnxValidationHmacSha256_Set); + LONGBOW_RUN_TEST_CASE(Global, ccnxValidationHmacSha256_CreateSigner); + LONGBOW_RUN_TEST_CASE(Global, ccnxValidationHmacSha256_DictionaryCryptoSuiteValue); +} + +LONGBOW_TEST_FIXTURE_SETUP(Global) +{ + longBowTestCase_SetClipBoardData(testCase, commonSetup()); + return LONGBOW_STATUS_SUCCEEDED; +} + +LONGBOW_TEST_FIXTURE_TEARDOWN(Global) +{ + commonTeardown(longBowTestCase_GetClipBoardData(testCase)); + + uint32_t outstandingAllocations = parcSafeMemory_ReportAllocation(STDERR_FILENO); + if (outstandingAllocations != 0) { + printf("%s leaks memory by %d allocations\n", longBowTestCase_GetName(testCase), outstandingAllocations); + return LONGBOW_STATUS_MEMORYLEAK; + } + return LONGBOW_STATUS_SUCCEEDED; +} + +LONGBOW_TEST_CASE(Global, ccnxValidationHmacSha256_Set) +{ + TestData *data = longBowTestCase_GetClipBoardData(testCase); + testValidationSet_KeyId(data, ccnxValidationHmacSha256_Set, ccnxValidationHmacSha256_Test, true, true); +} + +LONGBOW_TEST_CASE(Global, ccnxValidationHmacSha256_CreateSigner) +{ + char secretKeyString[] = "0123456789ABCDEF0123456789ABCDEF"; + PARCBuffer *secretKey = bufferFromString(strlen(secretKeyString), secretKeyString); + + PARCSigner *signer = ccnxValidationHmacSha256_CreateSigner(secretKey); + assertNotNull(signer, "Got null signer"); + + parcSigner_Release(&signer); + parcBuffer_Release(&secretKey); +} + +LONGBOW_TEST_CASE(Global, ccnxValidationHmacSha256_DictionaryCryptoSuiteValue) +{ + TestData *data = longBowTestCase_GetClipBoardData(testCase); + + CCNxTlvDictionary *dictionary = ccnxContentObject_CreateWithImplAndPayload(&CCNxContentObjectFacadeV1_Implementation, + data->keyname, + CCNxPayloadType_DATA, + NULL); + ccnxValidationHmacSha256_Set(dictionary, data->keyid); + uint64_t cryptosuite = ccnxTlvDictionary_GetInteger(dictionary, CCNxCodecSchemaV1TlvDictionary_ValidationFastArray_CRYPTO_SUITE); + assertTrue(cryptosuite == PARCCryptoSuite_HMAC_SHA256, "Unexpected PARCCryptoSuite value in dictionary"); + + ccnxTlvDictionary_Release(&dictionary); +} + +LONGBOW_TEST_FIXTURE(Local) +{ +} + +LONGBOW_TEST_FIXTURE_SETUP(Local) +{ + return LONGBOW_STATUS_SUCCEEDED; +} + +LONGBOW_TEST_FIXTURE_TEARDOWN(Local) +{ + return LONGBOW_STATUS_SUCCEEDED; +} + +int +main(int argc, char *argv[]) +{ + LongBowRunner *testRunner = LONGBOW_TEST_RUNNER_CREATE(ccnxValidation_HmacSha256); + int exitStatus = longBowMain(argc, argv, testRunner, NULL); + longBowTestRunner_Destroy(&testRunner); + exit(exitStatus); +} diff --git a/libccnx-common/ccnx/common/validation/test/test_ccnxValidation_RsaSha256.c b/libccnx-common/ccnx/common/validation/test/test_ccnxValidation_RsaSha256.c new file mode 100755 index 00000000..5119a262 --- /dev/null +++ b/libccnx-common/ccnx/common/validation/test/test_ccnxValidation_RsaSha256.c @@ -0,0 +1,118 @@ +/* + * Copyright (c) 2017 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + */ + +// Include the file(s) containing the functions to be tested. +// This permits internal static functions to be visible to this Test Framework. +#include "../ccnxValidation_RsaSha256.c" +#include <parc/algol/parc_SafeMemory.h> + +#include <LongBow/unit-test.h> +#include "testrig_validation.c" +#include <ccnx/common/validation/ccnxValidation_HmacSha256.h> + + +LONGBOW_TEST_RUNNER(ccnxValidation_RsaSha256) +{ + // The following Test Fixtures will run their corresponding Test Cases. + // Test Fixtures are run in the order specified, but all tests should be idempotent. + // Never rely on the execution order of tests or share state between them. + LONGBOW_RUN_TEST_FIXTURE(Global); + LONGBOW_RUN_TEST_FIXTURE(Local); +} + +// The Test Runner calls this function once before any Test Fixtures are run. +LONGBOW_TEST_RUNNER_SETUP(ccnxValidation_RsaSha256) +{ + parcMemory_SetInterface(&PARCSafeMemoryAsPARCMemory); + return LONGBOW_STATUS_SUCCEEDED; +} + +// The Test Runner calls this function once after all the Test Fixtures are run. +LONGBOW_TEST_RUNNER_TEARDOWN(ccnxValidation_RsaSha256) +{ + return LONGBOW_STATUS_SUCCEEDED; +} + +LONGBOW_TEST_FIXTURE(Global) +{ + LONGBOW_RUN_TEST_CASE(Global, ccnxValidationRsaSha256_Set); + LONGBOW_RUN_TEST_CASE(Global, ccnxValidationRsaSha256_DictionaryCryptoSuiteValue); +} + +LONGBOW_TEST_FIXTURE_SETUP(Global) +{ + longBowTestCase_SetClipBoardData(testCase, commonSetup()); + return LONGBOW_STATUS_SUCCEEDED; +} + +LONGBOW_TEST_FIXTURE_TEARDOWN(Global) +{ + commonTeardown(longBowTestCase_GetClipBoardData(testCase)); + + uint32_t outstandingAllocations = parcSafeMemory_ReportAllocation(STDERR_FILENO); + if (outstandingAllocations != 0) { + printf("%s leaks memory by %d allocations\n", longBowTestCase_GetName(testCase), outstandingAllocations); + return LONGBOW_STATUS_MEMORYLEAK; + } + return LONGBOW_STATUS_SUCCEEDED; +} + +LONGBOW_TEST_CASE(Global, ccnxValidationRsaSha256_Set) +{ + TestData *data = longBowTestCase_GetClipBoardData(testCase); + testValidationSet_KeyId_KeyLocator(data, ccnxValidationRsaSha256_Set, ccnxValidationRsaSha256_Test, true, true); +} + +LONGBOW_TEST_CASE(Global, ccnxValidationRsaSha256_DictionaryCryptoSuiteValue) +{ + TestData *data = longBowTestCase_GetClipBoardData(testCase); + + CCNxTlvDictionary *dictionary = ccnxContentObject_CreateWithImplAndPayload(&CCNxContentObjectFacadeV1_Implementation, + data->keyname, + CCNxPayloadType_DATA, + NULL); + ccnxValidationRsaSha256_Set(dictionary, data->keyid, NULL); + + uint64_t cryptosuite = ccnxTlvDictionary_GetInteger(dictionary, CCNxCodecSchemaV1TlvDictionary_ValidationFastArray_CRYPTO_SUITE); + assertTrue(cryptosuite == PARCCryptoSuite_RSA_SHA256, "Unexpected PARCCryptoSuite value in dictionary"); + + ccnxTlvDictionary_Release(&dictionary); +} + +LONGBOW_TEST_FIXTURE(Local) +{ +} + +LONGBOW_TEST_FIXTURE_SETUP(Local) +{ + return LONGBOW_STATUS_SUCCEEDED; +} + +LONGBOW_TEST_FIXTURE_TEARDOWN(Local) +{ + return LONGBOW_STATUS_SUCCEEDED; +} + +int +main(int argc, char *argv[]) +{ + LongBowRunner *testRunner = LONGBOW_TEST_RUNNER_CREATE(ccnxValidation_RsaSha256); + int exitStatus = longBowMain(argc, argv, testRunner, NULL); + longBowTestRunner_Destroy(&testRunner); + exit(exitStatus); +} diff --git a/libccnx-common/ccnx/common/validation/test/testrig_validation.c b/libccnx-common/ccnx/common/validation/test/testrig_validation.c new file mode 100755 index 00000000..185be143 --- /dev/null +++ b/libccnx-common/ccnx/common/validation/test/testrig_validation.c @@ -0,0 +1,298 @@ +/* + * Copyright (c) 2017 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * Common routines to test validators + * + */ + +#include <ccnx/common/ccnx_KeyLocator.h> +#include <ccnx/common/internal/ccnx_ValidationFacadeV1.h> + +#include <ccnx/common/ccnx_ContentObject.h> + +#include <parc/algol/parc_Buffer.h> + +typedef struct test_data { + PARCBuffer *keyid; + PARCBuffer *key; + PARCBuffer *cert; + CCNxName *keyname; + + CCNxKeyLocator *locatorByKey; + CCNxKeyLocator *locatorByName; +} TestData; + +PARCBuffer * +bufferFromString(size_t length, const char string[length]) +{ + return parcBuffer_Flip(parcBuffer_PutArray(parcBuffer_Allocate(length), length, (const uint8_t *) string)); +} + +TestData * +testData_Create(void) +{ + char keyidString[] = "the keyid"; + char keyString[] = "Memory, all alone in the moonlight"; + char certString[] = "The quick brown fox"; + + TestData *data = parcMemory_AllocateAndClear(sizeof(TestData)); + assertNotNull(data, "parcMemory_AllocateAndClear(%zu) returned NULL", sizeof(TestData)); + + data->keyid = bufferFromString(sizeof(keyidString), keyidString); + data->key = bufferFromString(sizeof(keyString), keyString); + data->cert = bufferFromString(sizeof(certString), certString); + data->keyname = ccnxName_CreateFromCString("lci:/lazy/dog"); + + PARCBuffer *bb_id = parcBuffer_Wrap("choo choo", 9, 0, 9); + PARCKeyId *keyid = parcKeyId_Create(bb_id); + parcBuffer_Release(&bb_id); + + PARCKey *key = parcKey_CreateFromDerEncodedPublicKey(keyid, PARCSigningAlgorithm_RSA, data->key); + + data->locatorByKey = ccnxKeyLocator_CreateFromKey(key); + parcKey_Release(&key); + parcKeyId_Release(&keyid); + + CCNxLink *link = ccnxLink_Create(data->keyname, NULL, NULL); + data->locatorByName = ccnxKeyLocator_CreateFromKeyLink(link); + ccnxLink_Release(&link); + + return data; +} + +void +testData_Release(TestData **dataPtr) +{ + TestData *data = *dataPtr; + + ccnxKeyLocator_Release(&data->locatorByKey); + ccnxKeyLocator_Release(&data->locatorByName); + ccnxName_Release(&data->keyname); + parcBuffer_Release(&data->cert); + parcBuffer_Release(&data->key); + parcBuffer_Release(&data->keyid); + + parcMemory_Deallocate((void **) &data); + *dataPtr = NULL; +} + +TestData * +commonSetup(void) +{ + TestData *data = testData_Create(); + return data; +} + +int +commonTeardown(TestData *data) +{ + testData_Release(&data); + return 0; +} + +// === V1 + +void +testValidationSetV1_NoParam(TestData *data, bool (*set)(CCNxTlvDictionary *message), bool (*test)(const CCNxTlvDictionary *message)) +{ + CCNxName *name = ccnxName_CreateFromCString("lci:/parc/validation/test"); + CCNxTlvDictionary *packetV1 = ccnxContentObject_CreateWithImplAndPayload(&CCNxContentObjectFacadeV1_Implementation, + name, + CCNxPayloadType_DATA, + NULL); + bool success = set(packetV1); + assertTrue(success, "Failed to set on V1"); + + bool testResult = test(packetV1); + assertTrue(testResult, "Test function failed on V1 packet"); + + ccnxName_Release(&name); + ccnxTlvDictionary_Release(&packetV1); +} + +void +testValidationSetV1_KeyId_Null(TestData *data, bool (*set)(CCNxTlvDictionary *message, const PARCBuffer *keyid), bool (*test)(const CCNxTlvDictionary *message)) +{ + CCNxName *name = ccnxName_CreateFromCString("lci:/parc/validation/test"); + CCNxTlvDictionary *packetV1 = ccnxContentObject_CreateWithImplAndPayload(&CCNxContentObjectFacadeV1_Implementation, + name, + CCNxPayloadType_DATA, + NULL); + bool success = set(packetV1, NULL); + assertTrue(success, "Failed to set on V1"); + + bool testResult = test(packetV1); + assertTrue(testResult, "Test function failed on V1 packet"); + + ccnxName_Release(&name); + ccnxTlvDictionary_Release(&packetV1); +} + +void +testValidationSetV1_KeyId_KeyId(TestData *data, bool (*set)(CCNxTlvDictionary *message, const PARCBuffer *keyid), bool (*test)(const CCNxTlvDictionary *message)) +{ + CCNxName *name = ccnxName_CreateFromCString("lci:/parc/validation/test"); + CCNxTlvDictionary *packetV1 = ccnxContentObject_CreateWithImplAndPayload(&CCNxContentObjectFacadeV1_Implementation, + name, + CCNxPayloadType_DATA, + NULL); + bool success = set(packetV1, data->keyid); + assertTrue(success, "Failed to set on V1"); + + bool testResult = test(packetV1); + assertTrue(testResult, "Test function failed on V1 packet"); + + PARCBuffer *testKeyId = ccnxValidationFacadeV1_GetKeyId(packetV1); + assertTrue(parcBuffer_Equals(testKeyId, data->keyid), "keyid not equal"); + + ccnxName_Release(&name); + ccnxTlvDictionary_Release(&packetV1); +} + +void +testValidationSetV1_KeyId_KeyLocator_Null_Null(TestData *data, + bool (*set)(CCNxTlvDictionary *message, const PARCBuffer *keyid, + const CCNxKeyLocator *keyLocator), + bool (*test)(const CCNxTlvDictionary *message)) +{ + CCNxName *name = ccnxName_CreateFromCString("lci:/parc/validation/test"); + CCNxTlvDictionary *packetV1 = ccnxContentObject_CreateWithImplAndPayload(&CCNxContentObjectFacadeV1_Implementation, + name, + CCNxPayloadType_DATA, + NULL); + bool success = set(packetV1, NULL, NULL); + assertTrue(success, "Failed to set on V1"); + + bool testResult = test(packetV1); + assertTrue(testResult, "Test function failed on V1 packet"); + + ccnxName_Release(&name); + ccnxTlvDictionary_Release(&packetV1); +} + +void +testValidationSetV1_KeyId_KeyLocator_KeyId_Null(TestData *data, + bool (*set)(CCNxTlvDictionary *message, const PARCBuffer *keyid, + const CCNxKeyLocator *keyLocator), + bool (*test)(const CCNxTlvDictionary *message)) +{ + CCNxName *name = ccnxName_CreateFromCString("lci:/parc/validation/test"); + CCNxTlvDictionary *packetV1 = ccnxContentObject_CreateWithImplAndPayload(&CCNxContentObjectFacadeV1_Implementation, + name, + CCNxPayloadType_DATA, + NULL); + bool success = set(packetV1, data->keyid, NULL); + assertTrue(success, "Failed to set on V1"); + + bool testResult = test(packetV1); + assertTrue(testResult, "Test function failed on V1 packet"); + + PARCBuffer *testKeyId = ccnxValidationFacadeV1_GetKeyId(packetV1); + assertTrue(parcBuffer_Equals(testKeyId, data->keyid), "keyid not equal"); + + ccnxName_Release(&name); + ccnxTlvDictionary_Release(&packetV1); +} + +void +testValidationSetV1_KeyId_KeyLocator_KeyId_Key(TestData *data, + bool (*set)(CCNxTlvDictionary *message, const PARCBuffer *keyid, + const CCNxKeyLocator *keyLocator), + bool (*test)(const CCNxTlvDictionary *message)) +{ + CCNxName *name = ccnxName_CreateFromCString("lci:/parc/validation/test"); + CCNxTlvDictionary *packetV1 = ccnxContentObject_CreateWithImplAndPayload(&CCNxContentObjectFacadeV1_Implementation, + name, + CCNxPayloadType_DATA, + NULL); + bool success = set(packetV1, data->keyid, data->locatorByKey); + assertTrue(success, "Failed to set on V1"); + + bool testResult = test(packetV1); + assertTrue(testResult, "Test function failed on V1 packet"); + + PARCBuffer *testKeyId = ccnxValidationFacadeV1_GetKeyId(packetV1); + assertTrue(parcBuffer_Equals(testKeyId, data->keyid), "keyid not equal"); + + PARCBuffer *testKey = ccnxValidationFacadeV1_GetPublicKey(packetV1); + assertTrue(parcBuffer_Equals(testKey, data->key), "keys not equal"); + + ccnxName_Release(&name); + ccnxTlvDictionary_Release(&packetV1); +} + +void +testValidationSetV1_KeyId_KeyLocator_KeyId_KeyName(TestData *data, + bool (*set)(CCNxTlvDictionary *message, const PARCBuffer *keyid, + const CCNxKeyLocator *keyLocator), + bool (*test)(const CCNxTlvDictionary *message)) +{ + CCNxName *name = ccnxName_CreateFromCString("lci:/parc/validation/test"); + CCNxTlvDictionary *packetV1 = ccnxContentObject_CreateWithImplAndPayload(&CCNxContentObjectFacadeV1_Implementation, + name, + CCNxPayloadType_DATA, + NULL); + bool success = set(packetV1, data->keyid, data->locatorByName); + assertTrue(success, "Failed to set on V1"); + + bool testResult = test(packetV1); + assertTrue(testResult, "Test function failed on V1 packet"); + + PARCBuffer *testKeyId = ccnxValidationFacadeV1_GetKeyId(packetV1); + assertTrue(parcBuffer_Equals(testKeyId, data->keyid), "keyid not equal"); + + // XXX: TODO: GetKeyName() returns a Link, so it should be GetLink(). + // It also creates a new object (the CCNxLink), so... needs thinking about. + // See BugzId: 3322 + + CCNxLink *testLink = ccnxValidationFacadeV1_GetKeyName(packetV1); + assertTrue(ccnxName_Equals(ccnxLink_GetName(testLink), data->keyname), "Keynames not equal"); + ccnxLink_Release(&testLink); + + ccnxName_Release(&name); + ccnxTlvDictionary_Release(&packetV1); +} + +// === General test for public key algs + +void +testValidationSet_KeyId_KeyLocator(TestData *data, bool (*set)(CCNxTlvDictionary *message, const PARCBuffer *keyid, const CCNxKeyLocator *keyLocator), bool (*test)(const CCNxTlvDictionary *message), bool v0ok, bool v1ok) +{ + if (v1ok) { + testValidationSetV1_KeyId_KeyLocator_Null_Null(data, set, test); + testValidationSetV1_KeyId_KeyLocator_KeyId_Null(data, set, test); + testValidationSetV1_KeyId_KeyLocator_KeyId_Key(data, set, test); + testValidationSetV1_KeyId_KeyLocator_KeyId_KeyName(data, set, test); + } +} + +void +testValidationSet_KeyId(TestData *data, bool (*set)(CCNxTlvDictionary *message, const PARCBuffer *keyid), bool (*test)(const CCNxTlvDictionary *message), bool v0ok, bool v1ok) +{ + if (v1ok) { + testValidationSetV1_KeyId_Null(data, set, test); + testValidationSetV1_KeyId_KeyId(data, set, test); + } +} + +void +testValidationSet_NoParam(TestData *data, bool (*set)(CCNxTlvDictionary *message), bool (*test)(const CCNxTlvDictionary *message), bool v0ok, bool v1ok) +{ + if (v1ok) { + testValidationSetV1_NoParam(data, set, test); + testValidationSetV1_NoParam(data, set, test); + } +} |