def test_prepare_unsigned_certificate(self):
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
identityManager = IdentityManager(identityStorage, privateKeyStorage)
keyName = Name("/test/ksk-1457560485494")
identityStorage.addKey(keyName, KeyType.RSA, Blob(PUBLIC_KEY))
subjectDescriptions = []
subjectDescriptions.append(CertificateSubjectDescription(
TEST_OID, "TEST NAME"))
newCertificate = identityManager.prepareUnsignedIdentityCertificate(
keyName,
keyName.getPrefix(1), self.toyCertNotBefore,
self.toyCertNotAfter, subjectDescriptions)
# Update the generated certificate version to equal the one in toyCert.
newCertificate.setName(
Name(newCertificate.getName().getPrefix(-1).append
(self.toyCert.getName().get(-1))))
# Make a copy to test encoding.
certificateCopy = IdentityCertificate(newCertificate)
self.assertEqual(
str(self.toyCert), str(certificateCopy),
"Prepared unsigned certificate dump does not have the expected format")
def wrap_content(self, name, content, key=None, key_locator=None):
"""
@param name - name of the data
@param content - data to be wrapped
@param key - key used to sign the data
@return the content object created
wraps the given name and content into a content object
"""
co = Data(Name(name))
co.setContent(content)
co.getMetaInfo().setFreshnessPeriod(5000)
co.getMetaInfo().setFinalBlockID(Name("/%00%09")[0])
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
identityManager = IdentityManager(identityStorage, privateKeyStorage)
keyChain = KeyChain(identityManager, None)
# Initialize the storage.
keyName = Name("/ndn/bms/DSK-default")
certificateName = keyName.getSubName(0, keyName.size() - 1).append(
"KEY").append(keyName[-1]).append("ID-CERT").append("0")
identityStorage.addKey(keyName, KeyType.RSA, Blob(DEFAULT_PUBLIC_KEY_DER))
privateKeyStorage.setKeyPairForKeyName(keyName, DEFAULT_PUBLIC_KEY_DER,
DEFAULT_PRIVATE_KEY_DER)
keyChain.sign(co, certificateName)
_data = co.wireEncode()
return _data.toRawStr()
def benchmarkDecodeDataSeconds(nIterations, useCrypto, encoding):
"""
Loop to decode a data packet nIterations times.
:param int nIterations: The number of iterations.
:param bool useCrypto: If true, verify the signature. If false, don't
verify.
:param Blob encoding: The wire encoding to decode.
"""
# Initialize the private key storage in case useCrypto is true.
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
keyChain = KeyChain(IdentityManager(identityStorage, privateKeyStorage),
SelfVerifyPolicyManager(identityStorage))
keyName = Name("/testname/DSK-123")
certificateName = keyName.getSubName(0, keyName.size() - 1).append(
"KEY").append(keyName[-1]).append("ID-CERT").append("0")
identityStorage.addKey(keyName, KeyType.RSA, Blob(DEFAULT_RSA_PUBLIC_KEY_DER))
start = getNowSeconds()
for i in range(nIterations):
data = Data()
data.wireDecode(encoding)
if useCrypto:
keyChain.verifyData(data, onVerified, onVerifyFailed)
finish = getNowSeconds()
return finish - start
class CredentialStorage:
def __init__(self):
self.identityStorage = MemoryIdentityStorage()
self.privateKeyStorage = MemoryPrivateKeyStorage()
self.keyChain = KeyChain(IdentityManager(self.identityStorage, self.privateKeyStorage),
SelfVerifyPolicyManager(self.identityStorage))
keyName = Name("/testname/DSK-123")
self.defaultCertName = keyName[:-1].append(
"KEY").append(keyName[-1]).append("ID-CERT").append("0")
ecdsaKeyName = Name("/testEcdsa/DSK-123")
self.ecdsaCertName = ecdsaKeyName[:-1].append(
"KEY").append(ecdsaKeyName[-1]).append("ID-CERT").append("0")
self.identityStorage.addKey(
keyName, KeyType.RSA, Blob(DEFAULT_RSA_PUBLIC_KEY_DER))
self.privateKeyStorage.setKeyPairForKeyName(
keyName, KeyType.RSA, DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER)
self.identityStorage.addKey(
ecdsaKeyName, KeyType.ECDSA, Blob(DEFAULT_EC_PUBLIC_KEY_DER))
self.privateKeyStorage.setKeyPairForKeyName(
ecdsaKeyName, KeyType.ECDSA, DEFAULT_EC_PUBLIC_KEY_DER, DEFAULT_EC_PRIVATE_KEY_DER)
def signData(self, data, certificateName = None):
if certificateName is None:
certificateName = self.defaultCertName
self.keyChain.sign(data, certificateName)
def signDataWithSha256(self, data):
self.keyChain.signWithSha256(data)
def verifyData(self, data, verifiedCallback, failedCallback):
self.keyChain.verifyData(data, verifiedCallback, failedCallback)
def main():
# The default Face will connect using a Unix socket, or to "localhost".
face = Face()
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
keyChain = KeyChain(
IdentityManager(identityStorage, privateKeyStorage), None)
keyChain.setFace(face)
# Initialize the storage.
keyName = Name("/testname/DSK-123")
certificateName = keyName.getSubName(0, keyName.size() - 1).append(
"KEY").append(keyName[-1]).append("ID-CERT").append("0")
identityStorage.addKey(keyName, KeyType.RSA, Blob(DEFAULT_RSA_PUBLIC_KEY_DER))
privateKeyStorage.setKeyPairForKeyName(
keyName, KeyType.RSA, DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER)
echo = Echo(keyChain, certificateName)
prefix = Name("/testecho")
dump("Register prefix", prefix.toUri())
face.registerPrefix(prefix, echo.onInterest, echo.onRegisterFailed)
while echo._responseCount < 1:
face.processEvents()
# We need to sleep for a few milliseconds so we don't use 100% of the CPU.
time.sleep(0.01)
face.shutdown()
def benchmarkDecodeDataSeconds(nIterations, useCrypto, keyType, encoding):
"""
Loop to decode a data packet nIterations times.
:param int nIterations: The number of iterations.
:param bool useCrypto: If true, verify the signature. If false, don't
verify.
:param KeyType keyType: KeyType.RSA or EC, used if useCrypto is True.
:param Blob encoding: The wire encoding to decode.
:return: The number of seconds for all iterations.
:rtype: float
"""
# Initialize the private key storage in case useCrypto is true.
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
keyChain = KeyChain(IdentityManager(identityStorage, privateKeyStorage),
SelfVerifyPolicyManager(identityStorage))
keyName = Name("/testname/DSK-123")
identityStorage.addKey(
keyName, keyType, Blob(
DEFAULT_EC_PUBLIC_KEY_DER if keyType == KeyType.ECDSA else DEFAULT_RSA_PUBLIC_KEY_DER))
start = getNowSeconds()
for i in range(nIterations):
data = Data()
data.wireDecode(encoding)
if useCrypto:
keyChain.verifyData(data, onVerified, onValidationFailed)
finish = getNowSeconds()
return finish - start
def main():
face = Face("localhost")
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
keyChain = KeyChain(
IdentityManager(identityStorage, privateKeyStorage), None)
keyChain.setFace(face)
# Initialize the storage.
keyName = Name("/testname/DSK-reposerver")
certificateName = keyName.getSubName(0, keyName.size() - 1).append(
"KEY").append(keyName[-1]).append("ID-CERT").append("0")
identityStorage.addKey(keyName, KeyType.RSA, Blob(DEFAULT_PUBLIC_KEY_DER))
privateKeyStorage.setKeyPairForKeyName(
keyName, DEFAULT_PUBLIC_KEY_DER, DEFAULT_PRIVATE_KEY_DER)
echo = RepoServer(keyChain, certificateName)
prefix = Name("/ndn/ucla.edu/bms")
dump("Register prefix", prefix.toUri())
face.registerPrefix(prefix, echo.onInterest, echo.onRegisterFailed)
while True:
face.processEvents()
# We need to sleep for a few milliseconds so we don't use 100% of the CPU.
time.sleep(0.01)
face.shutdown()
def main():
interest = Interest()
interest.wireDecode(TlvInterest)
dump("Interest:")
dumpInterest(interest)
# Set the name again to clear the cached encoding so we encode again.
interest.setName(interest.getName())
encoding = interest.wireEncode()
dump("")
dump("Re-encoded interest", encoding.toHex())
reDecodedInterest = Interest()
reDecodedInterest.wireDecode(encoding)
dump("Re-decoded Interest:")
dumpInterest(reDecodedInterest)
freshInterest = Interest(Name("/ndn/abc"))
freshInterest.setMustBeFresh(False)
dump(freshInterest.toUri())
freshInterest.setMinSuffixComponents(4)
freshInterest.setMaxSuffixComponents(6)
freshInterest.getKeyLocator().setType(KeyLocatorType.KEY_LOCATOR_DIGEST)
freshInterest.getKeyLocator().setKeyData(bytearray(
[0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F]))
freshInterest.getExclude().appendComponent(Name("abc")[0]).appendAny()
freshInterest.setInterestLifetimeMilliseconds(30000)
freshInterest.setChildSelector(1)
freshInterest.setMustBeFresh(True);
freshInterest.setScope(2)
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
keyChain = KeyChain(IdentityManager(identityStorage, privateKeyStorage),
SelfVerifyPolicyManager(identityStorage))
# Initialize the storage.
keyName = Name("/testname/DSK-123")
certificateName = keyName.getSubName(0, keyName.size() - 1).append(
"KEY").append(keyName[-1]).append("ID-CERT").append("0")
identityStorage.addKey(keyName, KeyType.RSA, Blob(DEFAULT_RSA_PUBLIC_KEY_DER))
privateKeyStorage.setKeyPairForKeyName(
keyName, KeyType.RSA, DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER)
# Make a Face just so that we can sign the interest.
face = Face("localhost")
face.setCommandSigningInfo(keyChain, certificateName)
face.makeCommandInterest(freshInterest)
reDecodedFreshInterest = Interest()
reDecodedFreshInterest.wireDecode(freshInterest.wireEncode())
dump("")
dump("Re-decoded fresh Interest:")
dumpInterest(reDecodedFreshInterest)
keyChain.verifyInterest(
reDecodedFreshInterest, makeOnVerified("Freshly-signed Interest"),
makeOnVerifyFailed("Freshly-signed Interest"))
def setUp(self):
self.decryptionKeys = {} # key: Name, value: Blob
self.encryptionKeys = {} # key: Name, value: Data
# Reuse the policy_config subdirectory for the temporary SQLite files.
self.databaseFilePath = "policy_config/test.db"
try:
os.remove(self.databaseFilePath)
except OSError:
# no such file
pass
self.groupName = Name("/Prefix/READ")
self.contentName = Name("/Prefix/SAMPLE/Content")
self.cKeyName = Name("/Prefix/SAMPLE/Content/C-KEY/1")
self.eKeyName = Name("/Prefix/READ/E-KEY/1/2")
self.dKeyName = Name("/Prefix/READ/D-KEY/1/2")
self.uKeyName = Name("/U/Key")
self.uName = Name("/U")
# Generate the E-KEY and D-KEY.
params = RsaKeyParams()
self.fixtureDKeyBlob = RsaAlgorithm.generateKey(params).getKeyBits()
self.fixtureEKeyBlob = RsaAlgorithm.deriveEncryptKey(
self.fixtureDKeyBlob).getKeyBits()
# Generate the user key.
self.fixtureUDKeyBlob = RsaAlgorithm.generateKey(params).getKeyBits()
self.fixtureUEKeyBlob = RsaAlgorithm.deriveEncryptKey(
self.fixtureUDKeyBlob).getKeyBits()
# Load the C-KEY.
self.fixtureCKeyBlob = Blob(AES_KEY, False)
# Set up the keyChain.
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
self.keyChain = KeyChain(
IdentityManager(identityStorage, privateKeyStorage),
NoVerifyPolicyManager())
# Initialize the storage.
keyName = Name("/testname/DSK-123")
self.certificateName = keyName.getSubName(
0,
keyName.size() - 1).append("KEY").append(
keyName.get(-1)).append("ID-CERT").append("0")
identityStorage.addKey(keyName, KeyType.RSA,
Blob(DEFAULT_RSA_PUBLIC_KEY_DER, False))
privateKeyStorage.setKeyPairForKeyName(keyName, KeyType.RSA,
DEFAULT_RSA_PUBLIC_KEY_DER,
DEFAULT_RSA_PRIVATE_KEY_DER)
def setUp(self):
self.decryptionKeys = {} # key: Name, value: Blob
self.encryptionKeys = {} # key: Name, value: Data
# Reuse the policy_config subdirectory for the temporary SQLite files.
self.databaseFilePath = "policy_config/test.db"
try:
os.remove(self.databaseFilePath)
except OSError:
# no such file
pass
self.groupName = Name("/Prefix/READ")
self.contentName = Name("/Prefix/SAMPLE/Content")
self.cKeyName = Name("/Prefix/SAMPLE/Content/C-KEY/1")
self.eKeyName = Name("/Prefix/READ/E-KEY/1/2")
self.dKeyName = Name("/Prefix/READ/D-KEY/1/2")
self.uKeyName = Name("/U/Key")
self.uName = Name("/U")
# Generate the E-KEY and D-KEY.
params = RsaKeyParams()
self.fixtureDKeyBlob = RsaAlgorithm.generateKey(params).getKeyBits()
self.fixtureEKeyBlob = RsaAlgorithm.deriveEncryptKey(
self.fixtureDKeyBlob).getKeyBits()
# Generate the user key.
self.fixtureUDKeyBlob = RsaAlgorithm.generateKey(params).getKeyBits()
self.fixtureUEKeyBlob = RsaAlgorithm.deriveEncryptKey(
self.fixtureUDKeyBlob).getKeyBits()
# Load the C-KEY.
self.fixtureCKeyBlob = Blob(AES_KEY, False)
# Set up the keyChain.
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
self.keyChain = KeyChain(
IdentityManager(identityStorage, privateKeyStorage),
NoVerifyPolicyManager())
# Initialize the storage.
keyName = Name("/testname/DSK-123")
self.certificateName = keyName.getSubName(0, keyName.size() - 1).append(
"KEY").append(keyName.get(-1)).append("ID-CERT").append("0")
identityStorage.addKey(
keyName, KeyType.RSA, Blob(DEFAULT_RSA_PUBLIC_KEY_DER, False))
privateKeyStorage.setKeyPairForKeyName(
keyName, KeyType.RSA, DEFAULT_RSA_PUBLIC_KEY_DER,
DEFAULT_RSA_PRIVATE_KEY_DER)
def __init__(self, face, groupManagerName, dataType, dKeyDatabaseFilePath):
# Set up face
self.face = face
#self.loop = eventLoop
# Set up the keyChain.
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
self.keyChain = KeyChain(
IdentityManager(identityStorage, privateKeyStorage),
NoVerifyPolicyManager())
self.certificateName = self.keyChain.createIdentityAndCertificate(
groupManagerName)
self.dKeyDatabaseFilePath = dKeyDatabaseFilePath
self.manager = GroupManager(
groupManagerName, dataType,
Sqlite3GroupManagerDb(self.dKeyDatabaseFilePath), 2048, 1,
self.keyChain)
self.memoryContentCache = MemoryContentCache(self.face)
self.memoryContentCache.registerPrefix(groupManagerName,
self.onRegisterFailed,
self.onDataNotFound)
self.needToPublishGroupKeys = False
return
def main():
# The default Face will connect using a Unix socket, or to "localhost".
face = Face()
# Use the system default key chain and certificate name to sign commands.
#print("key1")
#keyChain = KeyChain()
#print("key2")
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
keyChain = KeyChain(IdentityManager(identityStorage, privateKeyStorage),
NoVerifyPolicyManager())
identityName = Name("TestProducer")
certificateName = keyChain.createIdentityAndCertificate(identityName)
keyChain.getIdentityManager().setDefaultIdentity(identityName)
face.setCommandSigningInfo(keyChain, keyChain.getDefaultCertificateName())
# Also use the default certificate name to sign data packets.
ubicdn = UbiCDN(keyChain, certificateName)
prefix = Name("/ubicdn/video")
dump("Register prefix", prefix.toUri())
face.registerPrefix(prefix, ubicdn.onInterest, ubicdn.onRegisterFailed)
while 1:
#while ubicdn._responseCount < 1:
face.processEvents()
# We need to sleep for a few milliseconds so we don't use 100% of the CPU.
time.sleep(0.01)
face.shutdown()
def setUp(self):
testCertDirectory = 'policy_config/certs'
self.testCertFile = os.path.join(testCertDirectory, 'test.cert')
self.identityStorage = MemoryIdentityStorage()
self.privateKeyStorage = MemoryPrivateKeyStorage()
self.identityManager = IdentityManager(self.identityStorage,
self.privateKeyStorage)
self.policyManager = ConfigPolicyManager('policy_config/simple_rules.conf')
self.identityName = Name('/TestConfigPolicyManager/temp')
# to match the anchor cert
keyName = Name(self.identityName).append('ksk-1416010123')
self.privateKeyStorage.setKeyPairForKeyName(
keyName, KeyType.RSA, TEST_RSA_PUBLIC_KEY_DER, TEST_RSA_PRIVATE_KEY_DER)
self.identityStorage.addKey(
keyName, KeyType.RSA, Blob(TEST_RSA_PUBLIC_KEY_DER))
cert = self.identityManager.selfSign(keyName)
self.identityStorage.setDefaultKeyNameForIdentity(keyName)
self.identityManager.addCertificateAsDefault(cert)
self.keyChain = KeyChain(self.identityManager, self.policyManager)
self.keyName = keyName
self.face = Face()
def main():
data = Data()
data.wireDecode(TlvData)
dump("Decoded Data:")
dumpData(data)
# Set the content again to clear the cached encoding so we encode again.
data.setContent(data.getContent())
encoding = data.wireEncode()
reDecodedData = Data()
reDecodedData.wireDecode(encoding)
dump("")
dump("Re-decoded Data:")
dumpData(reDecodedData)
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
keyChain = KeyChain(IdentityManager(identityStorage, privateKeyStorage),
SelfVerifyPolicyManager(identityStorage))
# Initialize the storage.
keyName = Name("/testname/DSK-123")
certificateName = keyName.getSubName(
0,
keyName.size() - 1).append("KEY").append(
keyName[-1]).append("ID-CERT").append("0")
identityStorage.addKey(keyName, KeyType.RSA,
Blob(DEFAULT_RSA_PUBLIC_KEY_DER))
privateKeyStorage.setKeyPairForKeyName(keyName, KeyType.RSA,
DEFAULT_RSA_PUBLIC_KEY_DER,
DEFAULT_RSA_PRIVATE_KEY_DER)
keyChain.verifyData(reDecodedData, makeOnVerified("Re-decoded Data"),
makeOnVerifyFailed("Re-decoded Data"))
freshData = Data(Name("/ndn/abc"))
freshData.setContent("SUCCESS!")
freshData.getMetaInfo().setFreshnessPeriod(5000)
freshData.getMetaInfo().setFinalBlockId(Name("/%00%09")[0])
keyChain.sign(freshData, certificateName)
dump("")
dump("Freshly-signed Data:")
dumpData(freshData)
keyChain.verifyData(freshData, makeOnVerified("Freshly-signed Data"),
makeOnVerifyFailed("Freshly-signed Data"))
def __init__(self):
self.identityStorage = MemoryIdentityStorage()
self.privateKeyStorage = MemoryPrivateKeyStorage()
self.keyChain = KeyChain(
IdentityManager(self.identityStorage, self.privateKeyStorage),
SelfVerifyPolicyManager(self.identityStorage))
keyName = Name("/testname/DSK-123")
self.defaultCertName = keyName.getSubName(
0,
keyName.size() - 1).append("KEY").append(
keyName[-1]).append("ID-CERT").append("0")
self.identityStorage.addKey(keyName, KeyType.RSA,
Blob(DEFAULT_RSA_PUBLIC_KEY_DER))
self.privateKeyStorage.setKeyPairForKeyName(
keyName, KeyType.RSA, DEFAULT_RSA_PUBLIC_KEY_DER,
DEFAULT_RSA_PRIVATE_KEY_DER)
def createVerifyKeyChain():
"""
Create an in-memory KeyChain with a default public key for verifying.
:return: A new KeyChain.
:rtype: KeyChain
"""
identityStorage = MemoryIdentityStorage()
keyChain = KeyChain(
IdentityManager(identityStorage, MemoryPrivateKeyStorage()),
SelfVerifyPolicyManager(identityStorage))
# Initialize the storage.
keyName = Name("/testname/DSK-123")
identityStorage.addKey(keyName, KeyType.RSA,
Blob(DEFAULT_RSA_PUBLIC_KEY_DER, False))
return keyChain
def createVerifyKeyChain():
"""
Create an in-memory KeyChain with a default public key for verifying.
:return: A new KeyChain.
:rtype: KeyChain
"""
identityStorage = MemoryIdentityStorage()
keyChain = KeyChain(
IdentityManager(identityStorage, MemoryPrivateKeyStorage()),
SelfVerifyPolicyManager(identityStorage))
# Initialize the storage.
keyName = Name("/testname/DSK-123")
identityStorage.addKey(
keyName, KeyType.RSA, Blob(DEFAULT_RSA_PUBLIC_KEY_DER, False))
return keyChain
def main():
data = Data()
data.wireDecode(TlvData)
dump("Decoded Data:")
dumpData(data)
# Set the content again to clear the cached encoding so we encode again.
data.setContent(data.getContent())
encoding = data.wireEncode()
reDecodedData = Data()
reDecodedData.wireDecode(encoding)
dump("")
dump("Re-decoded Data:")
dumpData(reDecodedData)
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
keyChain = KeyChain(IdentityManager(identityStorage, privateKeyStorage),
SelfVerifyPolicyManager(identityStorage))
# Initialize the storage.
keyName = Name("/testname/DSK-123")
certificateName = keyName.getSubName(0, keyName.size() - 1).append(
"KEY").append(keyName[-1]).append("ID-CERT").append("0")
identityStorage.addKey(keyName, KeyType.RSA, Blob(DEFAULT_RSA_PUBLIC_KEY_DER))
privateKeyStorage.setKeyPairForKeyName(
keyName, KeyType.RSA, DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER)
keyChain.verifyData(reDecodedData, makeOnVerified("Re-decoded Data"),
makeOnVerifyFailed("Re-decoded Data"))
freshData = Data(Name("/ndn/abc"))
freshData.setContent("SUCCESS!")
freshData.getMetaInfo().setFreshnessPeriod(5000)
freshData.getMetaInfo().setFinalBlockId(Name("/%00%09")[0])
keyChain.sign(freshData, certificateName)
dump("")
dump("Freshly-signed Data:")
dumpData(freshData)
keyChain.verifyData(freshData, makeOnVerified("Freshly-signed Data"),
makeOnVerifyFailed("Freshly-signed Data"))
def __init__(self):
self.identityStorage = MemoryIdentityStorage()
self.privateKeyStorage = MemoryPrivateKeyStorage()
self.keyChain = KeyChain(IdentityManager(self.identityStorage, self.privateKeyStorage),
SelfVerifyPolicyManager(self.identityStorage))
keyName = Name("/testname/DSK-123")
self.defaultCertName = keyName.getSubName(0, keyName.size() - 1).append(
"KEY").append(keyName[-1]).append("ID-CERT").append("0")
self.identityStorage.addKey(keyName, KeyType.RSA, Blob(DEFAULT_RSA_PUBLIC_KEY_DER))
self.privateKeyStorage.setKeyPairForKeyName(
keyName, KeyType.RSA, DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER)
def setUp(self):
# set up the keychain so we can sign data
self.identityStorage = MemoryIdentityStorage()
self.privateKeyStorage = MemoryPrivateKeyStorage()
self.keyChain = KeyChain(IdentityManager(self.identityStorage, self.privateKeyStorage))
self.privateKeyStorage = MemoryPrivateKeyStorage()
# not using keychain for verification so we don't need to set the
# policy manager
self.keyChain = KeyChain(IdentityManager(self.identityStorage, self.privateKeyStorage))
self.identityName = Name('/SecurityTestSecRule/Basic/Longer')
keyName = Name(self.identityName).append('ksk-2439872')
self.defaultCertName = self._certNameFromKeyName(keyName)
self.identityStorage.addKey(keyName, KeyType.RSA, Blob(DEFAULT_RSA_PUBLIC_KEY_DER))
self.privateKeyStorage.setKeyPairForKeyName(
keyName, KeyType.RSA, DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER)
keyName = Name('/SecurityTestSecRule/Basic/ksk-0923489')
self.identityStorage.addKey(keyName, KeyType.RSA, Blob(DEFAULT_RSA_PUBLIC_KEY_DER))
self.privateKeyStorage.setKeyPairForKeyName(
keyName, KeyType.RSA, DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER)
self.shortCertName = self._certNameFromKeyName(keyName, -2)
def __init__(self, face, username, memoryContentCache):
# Set up face
self.face = face
# Set up the keyChain.
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
self.keyChain = KeyChain(
IdentityManager(identityStorage, privateKeyStorage),
NoVerifyPolicyManager())
identityName = Name(username)
self.certificateName = self.keyChain.createIdentityAndCertificate(
identityName)
self.keyChain.getIdentityManager().setDefaultIdentity(identityName)
self.face.setCommandSigningInfo(self.keyChain, self.certificateName)
self.databaseFilePath = "../policy_config/test_producer.db"
self.catalogDatabaseFilePath = "../policy_config/test_producer_catalog.db"
try:
os.remove(self.databaseFilePath)
except OSError:
# no such file
pass
try:
os.remove(self.catalogDatabaseFilePath)
except OSError:
# no such file
pass
self.testDb = Sqlite3ProducerDb(self.databaseFilePath)
self.catalogDb = Sqlite3ProducerDb(self.catalogDatabaseFilePath)
# TODO: as of right now, catalog has a different suffix, so need another instance of producer; that producer cannot share
# the same DB with the first producer, otherwise there won't be a self.onEncryptedKeys call; as the catalog producer uses
# its own C-key, and that key won't be encrypted by an E-key as no interest goes out
# This sounds like something problematic from the library
prefix = Name(username)
suffix = Name("fitness/physical_activity/time_location")
self.producer = Producer(Name(prefix), suffix, self.face,
self.keyChain, self.testDb)
catalogSuffix = Name(suffix).append("catalog")
self.catalogProducer = Producer(Name(prefix), catalogSuffix, self.face,
self.keyChain, self.catalogDb)
self.memoryContentCache = memoryContentCache
return
class CredentialStorage:
def __init__(self):
self.identityStorage = MemoryIdentityStorage()
self.privateKeyStorage = MemoryPrivateKeyStorage()
self.keyChain = KeyChain(
IdentityManager(self.identityStorage, self.privateKeyStorage),
SelfVerifyPolicyManager(self.identityStorage))
keyName = Name("/testname/DSK-123")
self.defaultCertName = keyName[:-1].append("KEY").append(
keyName[-1]).append("ID-CERT").append("0")
ecdsaKeyName = Name("/testEcdsa/DSK-123")
self.ecdsaCertName = ecdsaKeyName[:-1].append("KEY").append(
ecdsaKeyName[-1]).append("ID-CERT").append("0")
self.identityStorage.addKey(keyName, KeyType.RSA,
Blob(DEFAULT_RSA_PUBLIC_KEY_DER))
self.privateKeyStorage.setKeyPairForKeyName(
keyName, KeyType.RSA, DEFAULT_RSA_PUBLIC_KEY_DER,
DEFAULT_RSA_PRIVATE_KEY_DER)
self.identityStorage.addKey(ecdsaKeyName, KeyType.ECDSA,
Blob(DEFAULT_EC_PUBLIC_KEY_DER))
self.privateKeyStorage.setKeyPairForKeyName(
ecdsaKeyName, KeyType.ECDSA, DEFAULT_EC_PUBLIC_KEY_DER,
DEFAULT_EC_PRIVATE_KEY_DER)
def signData(self, data, certificateName=None):
if certificateName is None:
certificateName = self.defaultCertName
self.keyChain.sign(data, certificateName)
def signDataWithSha256(self, data):
self.keyChain.signWithSha256(data)
def verifyData(self, data, verifiedCallback, failedCallback):
self.keyChain.verifyData(data, verifiedCallback, failedCallback)
def createKeyChain():
"""
Create an in-memory KeyChain with default keys.
:return: A tuple with the new KeyChain and certificate name.
:rtype: (KeyChain,Name)
"""
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
keyChain = KeyChain(
IdentityManager(identityStorage, privateKeyStorage),
NoVerifyPolicyManager())
# Initialize the storage.
keyName = Name("/testname/DSK-123")
certificateName = keyName.getSubName(0, keyName.size() - 1).append(
"KEY").append(keyName.get(-1)).append("ID-CERT").append("0")
identityStorage.addKey(
keyName, KeyType.RSA, Blob(DEFAULT_RSA_PUBLIC_KEY_DER, False))
privateKeyStorage.setKeyPairForKeyName(
keyName, KeyType.RSA, DEFAULT_RSA_PUBLIC_KEY_DER,
DEFAULT_RSA_PRIVATE_KEY_DER)
return keyChain, certificateName
def loadKey(self):
self.identityStorage = MemoryIdentityStorage()
self.privateKeyStorage = MemoryPrivateKeyStorage()
self.keychain = KeyChain(IdentityManager(self.identityStorage, self.privateKeyStorage))
f = open(key_file, "r")
self.key = RSA.importKey(f.read())
self.key_name = Name(bld_root).append(getKeyID(self.key))
key_pub_der = bytearray(self.key.publickey().exportKey(format="DER"))
key_pri_der = bytearray(self.key.exportKey(format="DER"))
self.identityStorage.addKey(self.key_name, KeyType.RSA, Blob(key_pub_der))
self.privateKeyStorage.setKeyPairForKeyName(self.key_name, key_pub_der, key_pri_der)
self.cert_name = self.key_name.getSubName(0, self.key_name.size() - 1).append(
"KEY").append(self.key_name[-1]).append("ID-CERT").append("0")
print 'KeyName = ' + self.key_name.toUri()
print 'CertName = ' + self.cert_name.toUri()
def test_verify_digest_sha256(self):
# Create a KeyChain but we don't need to add keys.
identityStorage = MemoryIdentityStorage()
keyChain = KeyChain(
IdentityManager(identityStorage, MemoryPrivateKeyStorage()),
SelfVerifyPolicyManager(identityStorage))
interest = Interest(Name("/test/signed-interest"))
keyChain.signWithSha256(interest)
# We create 'mock' objects to replace callbacks since we're not
# interested in the effect of the callbacks themselves.
failedCallback = Mock()
verifiedCallback = Mock()
keyChain.verifyInterest(interest, verifiedCallback, failedCallback)
self.assertEqual(failedCallback.call_count, 0, 'Signature verification failed')
self.assertEqual(verifiedCallback.call_count, 1, 'Verification callback was not used.')
def setUp(self):
self.decryptionKeys = {} # key: Name, value: Blob
self.encryptionKeys = {} # key: Name, value: Data
# Reuse the policy_config subdirectory for the temporary SQLite files.
self.databaseFilePath = "policy_config/test.db"
try:
os.remove(self.databaseFilePath)
except OSError:
# no such file
pass
# Set up the keyChain.
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
self.keyChain = KeyChain(
IdentityManager(identityStorage, privateKeyStorage),
NoVerifyPolicyManager())
identityName = Name("TestProducer")
self.certificateName = self.keyChain.createIdentityAndCertificate(identityName)
self.keyChain.getIdentityManager().setDefaultIdentity(identityName)
def __init__(self, face, groupManagerName, dataType, readAccessName,
dKeyDatabaseFilePath):
# Set up face
self.face = face
#self.loop = eventLoop
# Set up the keyChain.
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
self.keyChain = KeyChain(
IdentityManager(identityStorage, privateKeyStorage),
NoVerifyPolicyManager())
self.certificateName = self.keyChain.createIdentityAndCertificate(
groupManagerName)
self.face.setCommandSigningInfo(self.keyChain, self.certificateName)
self.dKeyDatabaseFilePath = dKeyDatabaseFilePath
try:
os.remove(self.dKeyDatabaseFilePath)
except OSError:
# no such file
pass
self.manager = GroupManager(
groupManagerName, dataType,
Sqlite3GroupManagerDb(self.dKeyDatabaseFilePath), 2048, 1,
self.keyChain)
self.memoryContentCache = MemoryContentCache(self.face)
self.memoryContentCache.registerPrefix(
Name(groupManagerName).append("READ"), self.onRegisterFailed,
self.onDataNotFound)
self.face.registerPrefix(readAccessName, self.onAccessInterest,
self.onAccessTimeout)
self.updateGroupKeys = False
return
def setUp(self):
# set up the keychain so we can sign data
self.identityStorage = MemoryIdentityStorage()
self.privateKeyStorage = MemoryPrivateKeyStorage()
self.keyChain = KeyChain(IdentityManager(self.identityStorage, self.privateKeyStorage))
self.privateKeyStorage = MemoryPrivateKeyStorage()
# not using keychain for verification so we don't need to set the
# policy manager
self.keyChain = KeyChain(IdentityManager(self.identityStorage, self.privateKeyStorage))
self.identityName = Name('/SecurityTestSecRule/Basic/Longer')
keyName = Name(self.identityName).append('ksk-2439872')
self.defaultCertName = self._certNameFromKeyName(keyName)
self.identityStorage.addKey(keyName, KeyType.RSA, Blob(DEFAULT_RSA_PUBLIC_KEY_DER))
self.privateKeyStorage.setKeyPairForKeyName(
keyName, KeyType.RSA, DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER)
keyName = Name('/SecurityTestSecRule/Basic/ksk-0923489')
self.identityStorage.addKey(keyName, KeyType.RSA, Blob(DEFAULT_RSA_PUBLIC_KEY_DER))
self.privateKeyStorage.setKeyPairForKeyName(
keyName, KeyType.RSA, DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER)
self.shortCertName = self._certNameFromKeyName(keyName, -2)
def benchmarkEncodeDataSeconds(nIterations, useComplex, useCrypto):
"""
Loop to encode a data packet nIterations times.
:param int nIterations: The number of iterations.
:param bool useComplex: If true, use a large name, large content and all
fields. If false, use a small name, small content and only required
fields.
:param bool useCrypto: If true, sign the data packet. If false, use a blank
signature.
:return: A tuple (duration, encoding) where duration is the number of
seconds for all iterations and encoding is the wire encoding.
:rtype: (float, Blob)
"""
if useComplex:
# Use a large name and content.
name = Name(
"/ndn/ucla.edu/apps/lwndn-test/numbers.txt/%FD%05%05%E8%0C%CE%1D/%00"
)
contentString = ""
count = 1
contentString += "%d" % count
count += 1
while len(contentString) < 1115:
contentString += " %d" % count
count += 1
content = Name.fromEscapedString(contentString)
else:
# Use a small name and content.
name = Name("/test")
content = Name.fromEscapedString("abc")
finalBlockId = Name("/%00")[0]
# Initialize the private key storage in case useCrypto is true.
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
keyChain = KeyChain(IdentityManager(identityStorage, privateKeyStorage),
SelfVerifyPolicyManager(identityStorage))
keyName = Name("/testname/DSK-123")
certificateName = keyName.getSubName(
0,
keyName.size() - 1).append("KEY").append(
keyName[-1]).append("ID-CERT").append("0")
identityStorage.addKey(keyName, KeyType.RSA,
Blob(DEFAULT_RSA_PUBLIC_KEY_DER))
privateKeyStorage.setKeyPairForKeyName(keyName, KeyType.RSA,
DEFAULT_RSA_PUBLIC_KEY_DER,
DEFAULT_RSA_PRIVATE_KEY_DER)
# Set up signatureBits in case useCrypto is false.
signatureBits = Blob(bytearray(256))
emptyBlob = Blob([])
start = getNowSeconds()
for i in range(nIterations):
data = Data(name)
data.setContent(content)
if useComplex:
data.getMetaInfo().setFreshnessPeriod(1000)
data.getMetaInfo().setFinalBlockId(finalBlockId)
if useCrypto:
# This sets the signature fields.
keyChain.sign(data, certificateName)
else:
# Imitate IdentityManager.signByCertificate to set up the signature
# fields, but don't sign.
sha256Signature = data.getSignature()
keyLocator = sha256Signature.getKeyLocator()
keyLocator.setType(KeyLocatorType.KEYNAME)
keyLocator.setKeyName(certificateName)
sha256Signature.setSignature(signatureBits)
encoding = data.wireEncode()
finish = getNowSeconds()
return (finish - start, encoding)
def setUp(self):
# Reuse the policy_config subdirectory for the temporary SQLite files.
self.dKeyDatabaseFilePath = "policy_config/manager-d-key-test.db"
try:
os.remove(self.dKeyDatabaseFilePath)
except OSError:
# no such file
pass
self.eKeyDatabaseFilePath = "policy_config/manager-e-key-test.db"
try:
os.remove(self.eKeyDatabaseFilePath)
except OSError:
# no such file
pass
self.intervalDatabaseFilePath = "policy_config/manager-interval-test.db"
try:
os.remove(self.intervalDatabaseFilePath)
except OSError:
# no such file
pass
self.groupKeyDatabaseFilePath = "policy_config/manager-group-key-test.db"
try:
os.remove(self.groupKeyDatabaseFilePath)
except OSError:
# no such file
pass
params = RsaKeyParams()
memberDecryptKey = RsaAlgorithm.generateKey(params)
self.decryptKeyBlob = memberDecryptKey.getKeyBits()
memberEncryptKey = RsaAlgorithm.deriveEncryptKey(self.decryptKeyBlob)
self.encryptKeyBlob = memberEncryptKey.getKeyBits()
# Generate the certificate.
self.certificate = IdentityCertificate()
self.certificate.setName(Name("/ndn/memberA/KEY/ksk-123/ID-CERT/123"))
contentPublicKey = PublicKey(self.encryptKeyBlob)
self.certificate.setPublicKeyInfo(contentPublicKey)
self.certificate.setNotBefore(0)
self.certificate.setNotAfter(0)
self.certificate.encode()
signatureInfoBlob = Blob(SIG_INFO, False)
signatureValueBlob = Blob(SIG_VALUE, False)
signature = TlvWireFormat.get().decodeSignatureInfoAndValue(
signatureInfoBlob.buf(), signatureValueBlob.buf())
self.certificate.setSignature(signature)
self.certificate.wireEncode()
# Set up the keyChain.
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
self.keyChain = KeyChain(
IdentityManager(identityStorage, privateKeyStorage),
NoVerifyPolicyManager())
identityName = Name("TestGroupManager")
self.keyChain.createIdentityAndCertificate(identityName)
self.keyChain.getIdentityManager().setDefaultIdentity(identityName)
def onRegisterFailed(self, prefix):
self.dump("Data prefix registration failed.")
if __name__ == '__main__':
rp = RepoCommandParameter()
dataPrefix = Name("/example/data/1/test/test1")
rp.setName(dataPrefix)
rp.setStartBlockId(0)
interest = Interest(
Name("/example/repo/1").append("insert").append(rp.wireEncode()))
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
keyChain = KeyChain(IdentityManager(identityStorage, privateKeyStorage),
SelfVerifyPolicyManager(identityStorage))
# Initialize the storage.
keyName = Name("/testname/DSK-123")
certificateName = keyName.getSubName(
0,
keyName.size() - 1).append("KEY").append(
keyName[-1]).append("ID-CERT").append("0")
identityStorage.addKey(keyName, KeyType.RSA,
Blob(DEFAULT_RSA_PUBLIC_KEY_DER))
privateKeyStorage.setKeyPairForKeyName(keyName, KeyType.RSA,
DEFAULT_RSA_PUBLIC_KEY_DER,
DEFAULT_RSA_PRIVATE_KEY_DER)
def main():
# Uncomment these lines to print ChronoSync debug messages.
# logging.getLogger('').addHandler(logging.StreamHandler(sys.stdout))
# logging.getLogger('').setLevel(logging.INFO)
screenName = promptAndInput("Enter your chat username: "******"ndn/edu/ucla/remap"
hubPrefix = promptAndInput("Enter your hub prefix [" + defaultHubPrefix + "]: ")
if hubPrefix == "":
hubPrefix = defaultHubPrefix
defaultChatRoom = "ndnchat"
chatRoom = promptAndInput("Enter the chatroom name [" + defaultChatRoom + "]: ")
if chatRoom == "":
chatRoom = defaultChatRoom
host = "localhost"
print("Connecting to " + host + ", Chatroom: " + chatRoom + ", Username: "******"")
# Set up the key chain.
face = Face(host)
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
keyChain = KeyChain(IdentityManager(identityStorage, privateKeyStorage),
NoVerifyPolicyManager())
keyChain.setFace(face)
keyName = Name("/testname/DSK-123")
certificateName = keyName.getSubName(0, keyName.size() - 1).append(
"KEY").append(keyName[-1]).append("ID-CERT").append("0")
identityStorage.addKey(keyName, KeyType.RSA, Blob(DEFAULT_RSA_PUBLIC_KEY_DER))
privateKeyStorage.setKeyPairForKeyName(
keyName, KeyType.RSA, DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER)
face.setCommandSigningInfo(keyChain, certificateName)
chat = Chat(
screenName, chatRoom, Name(hubPrefix), face, keyChain, certificateName)
# The main loop to process Chat while checking stdin to send a message.
print("Enter your chat message. To quit, enter \"leave\" or \"exit\".")
while True:
# Set timeout to 0 for an immediate check.
isReady, _, _ = select.select([sys.stdin], [], [], 0)
if len(isReady) != 0:
input = promptAndInput("")
if input == "leave" or input == "exit":
# We will send the leave message below.
break
chat.sendMessage(input)
face.processEvents()
# We need to sleep for a few milliseconds so we don't use 100% of the CPU.
time.sleep(0.01)
# The user entered the command to leave.
chat.leave()
# Wait a little bit to allow other applications to fetch the leave message.
startTime = Chat.getNowMilliseconds()
while True:
if Chat.getNowMilliseconds() - startTime >= 1000.0:
break
face.processEvents()
time.sleep(0.01)
class TestRegexMatching(ut.TestCase):
def _certNameFromKeyName(self, keyName, keyIdx=-1):
return keyName[:keyIdx].append("KEY").append(keyName[keyIdx:]).\
append("ID-CERT").append("0")
def setUp(self):
# set up the keychain so we can sign data
self.identityStorage = MemoryIdentityStorage()
self.privateKeyStorage = MemoryPrivateKeyStorage()
self.keyChain = KeyChain(
IdentityManager(self.identityStorage, self.privateKeyStorage))
self.privateKeyStorage = MemoryPrivateKeyStorage()
# not using keychain for verification so we don't need to set the
# policy manager
self.keyChain = KeyChain(
IdentityManager(self.identityStorage, self.privateKeyStorage))
self.identityName = Name('/SecurityTestSecRule/Basic/Longer')
keyName = Name(self.identityName).append('ksk-2439872')
self.defaultCertName = self._certNameFromKeyName(keyName)
self.identityStorage.addKey(keyName, KeyType.RSA,
Blob(DEFAULT_RSA_PUBLIC_KEY_DER))
self.privateKeyStorage.setKeyPairForKeyName(
keyName, KeyType.RSA, DEFAULT_RSA_PUBLIC_KEY_DER,
DEFAULT_RSA_PRIVATE_KEY_DER)
keyName = Name('/SecurityTestSecRule/Basic/ksk-0923489')
self.identityStorage.addKey(keyName, KeyType.RSA,
Blob(DEFAULT_RSA_PUBLIC_KEY_DER))
self.privateKeyStorage.setKeyPairForKeyName(
keyName, KeyType.RSA, DEFAULT_RSA_PUBLIC_KEY_DER,
DEFAULT_RSA_PRIVATE_KEY_DER)
self.shortCertName = self._certNameFromKeyName(keyName, -2)
def test_name_relation(self):
policyManagerPrefix = ConfigPolicyManager(
"policy_config/relation_ruleset_prefix.conf")
policyManagerStrict = ConfigPolicyManager(
"policy_config/relation_ruleset_strict.conf")
policyManagerEqual = ConfigPolicyManager(
"policy_config/relation_ruleset_equal.conf")
dataName = Name('/TestRule1')
self.assertIsNotNone(
policyManagerPrefix._findMatchingRule(dataName, 'data'),
"Prefix relation should match prefix name")
self.assertIsNotNone(
policyManagerEqual._findMatchingRule(dataName, 'data'),
"Equal relation should match prefix name")
self.assertIsNone(
policyManagerStrict._findMatchingRule(dataName, 'data'),
"Strict-prefix relation should not match prefix name")
dataName = Name('/TestRule1/hi')
self.assertIsNotNone(
policyManagerPrefix._findMatchingRule(dataName, 'data'),
"Prefix relation should match longer name")
self.assertIsNone(
policyManagerEqual._findMatchingRule(dataName, 'data'),
"Equal relation should not match longer name")
self.assertIsNotNone(
policyManagerStrict._findMatchingRule(dataName, 'data'),
"Strict-prefix relation should match longer name")
dataName = Name('/Bad/TestRule1/')
self.assertIsNone(
policyManagerPrefix._findMatchingRule(dataName, 'data'),
"Prefix relation should not match inner components")
self.assertIsNone(
policyManagerEqual._findMatchingRule(dataName, 'data'),
"Equal relation should not match inner components")
self.assertIsNone(
policyManagerStrict._findMatchingRule(dataName, 'data'),
"Strict-prefix relation should not match inner components")
def test_simple_regex(self):
policyManager = ConfigPolicyManager("policy_config/regex_ruleset.conf")
dataName1 = Name('/SecurityTestSecRule/Basic')
dataName2 = Name('/SecurityTestSecRule/Basic/More')
dataName3 = Name('/SecurityTestSecRule/')
dataName4 = Name('/SecurityTestSecRule/Other/TestData')
dataName5 = Name('/Basic/Data')
matchedRule1 = policyManager._findMatchingRule(dataName1, 'data')
matchedRule2 = policyManager._findMatchingRule(dataName2, 'data')
matchedRule3 = policyManager._findMatchingRule(dataName3, 'data')
matchedRule4 = policyManager._findMatchingRule(dataName4, 'data')
matchedRule5 = policyManager._findMatchingRule(dataName5, 'data')
self.assertIsNotNone(matchedRule1)
self.assertIsNone(matchedRule2)
self.assertIsNotNone(matchedRule3)
self.assertNotEqual(matchedRule3, matchedRule1,
"Rule regex matched extra components")
self.assertIsNotNone(matchedRule4)
self.assertNotEqual(matchedRule4, matchedRule1,
"Rule regex matched with missing component")
self.assertIsNone(matchedRule5)
def test_checker_hierarchical(self):
policyManager = ConfigPolicyManager(
"policy_config/hierarchical_ruleset.conf")
dataName1 = Name('/SecurityTestSecRule/Basic/Data1')
dataName2 = Name('/SecurityTestSecRule/Basic/Longer/Data2')
data1 = Data(dataName1)
data2 = Data(dataName2)
matchedRule = policyManager._findMatchingRule(dataName1, 'data')
self.assertEqual(matchedRule,
policyManager._findMatchingRule(dataName2, 'data'))
self.keyChain.sign(data1, self.defaultCertName)
self.keyChain.sign(data2, self.defaultCertName)
signatureName1 = data1.getSignature().getKeyLocator().getKeyName()
signatureName2 = data2.getSignature().getKeyLocator().getKeyName()
self.assertFalse(
policyManager._checkSignatureMatch(signatureName1, dataName1,
matchedRule),
"Hierarchical matcher matched short data name to long key name")
self.assertTrue(
policyManager._checkSignatureMatch(signatureName2, dataName2,
matchedRule))
self.keyChain.sign(data1, self.shortCertName)
self.keyChain.sign(data2, self.shortCertName)
signatureName1 = data1.getSignature().getKeyLocator().getKeyName()
signatureName2 = data2.getSignature().getKeyLocator().getKeyName()
self.assertTrue(
policyManager._checkSignatureMatch(signatureName1, dataName1,
matchedRule))
self.assertTrue(
policyManager._checkSignatureMatch(signatureName2, dataName2,
matchedRule))
def test_hyperrelation(self):
policyManager = ConfigPolicyManager(
"policy_config/hyperrelation_ruleset.conf")
dataName = Name('/SecurityTestSecRule/Basic/Longer/Data2')
data1 = Data(dataName)
data2 = Data(dataName)
matchedRule = policyManager._findMatchingRule(dataName, 'data')
self.keyChain.sign(data1, self.defaultCertName)
self.keyChain.sign(data2, self.shortCertName)
signatureName1 = data1.getSignature().getKeyLocator().getKeyName()
signatureName2 = data2.getSignature().getKeyLocator().getKeyName()
self.assertTrue(
policyManager._checkSignatureMatch(signatureName1, dataName,
matchedRule))
self.assertFalse(
policyManager._checkSignatureMatch(signatureName2, dataName,
matchedRule))
dataName = Name('/SecurityTestSecRule/Basic/Other/Data1')
data1 = Data(dataName)
data2 = Data(dataName)
matchedRule = policyManager._findMatchingRule(dataName, 'data')
self.keyChain.sign(data1, self.defaultCertName)
self.keyChain.sign(data2, self.shortCertName)
signatureName1 = data1.getSignature().getKeyLocator().getKeyName()
signatureName2 = data2.getSignature().getKeyLocator().getKeyName()
self.assertFalse(
policyManager._checkSignatureMatch(signatureName1, dataName,
matchedRule))
self.assertTrue(
policyManager._checkSignatureMatch(signatureName2, dataName,
matchedRule))
def test_interest_matching(self):
# make sure we chop off timestamp, nonce, and signature info from
# signed interests
pass
def startFileSync():
global EXIT
screenName = promptAndInput("Enter your name: ")
defaultHubPrefix = "ndn/no/ntnu"
hubPrefix = promptAndInput("Enter your hub prefix [" + defaultHubPrefix + "]: ")
if hubPrefix == "":
hubPrefix = defaultHubPrefix
defaultpkList = "pklist"
pkListName = promptAndInput("Sync with public key list [" + defaultpkList + "]: ")
if pkListName == "":
pkListName = defaultpkList
host = "localhost"
# host = "129.241.208.115"
logging.info("Connecting to " + host + ", public Key List: " + pkListName + ", Name: " + screenName)
# Set up the key chain.
face = Face(host)
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
# privateKeyStorage = OSXPrivateKeyStorage()
identityManager = IdentityManager(identityStorage, privateKeyStorage)
# identityManager.createIdentity(Name("/name/"))
keyChain = KeyChain(identityManager, NoVerifyPolicyManager())
keyChain.setFace(face)
keyName = Name("/testname/DSK-123")
certificateName = keyName.getSubName(0, keyName.size() - 1).append("KEY").append(keyName[-1]).append("ID-CERT").append("0")
identityStorage.addKey(keyName, KeyType.RSA, Blob(DEFAULT_RSA_PUBLIC_KEY_DER))
privateKeyStorage.setKeyPairForKeyName(keyName, KeyType.RSA, DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER)
face.setCommandSigningInfo(keyChain, certificateName)
# keyName = Name("/ndn/no/ntnu/stud/haakonmo/ksk-1426537450856")
# certificateName = Name("/ndn/no/ntnu/KEY/stud/haakonmo/ksk-1426537450856/ID-CERT/%FD%00%00%01L%26%D9E%92")
# publicKey = privateKeyStorage.getPublicKey(keyName)
# identityStorage.addKey(keyName, publicKey.getKeyType(), publicKey.getKeyDer())
# face.setCommandSigningInfo(keyChain, certificateName)
# print(identityStorage.getCertificate(certificateName))
# print(identityStorage.getKey(keyName))
path = './files/'
fileSyncer = FileSync(screenName, pkListName, Name(hubPrefix), face, keyChain, certificateName, path)
fileSyncer.initial()
fileWatcher = FileWatch(fileSyncer, path)
# TODO:
# 1. Generate new public key or use existing?
# 2. Watch new public key
# 3. sendUpdatedPublicKey if key is changed
# 4. Download and store other keys
# 5. Verify data packet
while not EXIT:
isReady, _, _ = select.select([sys.stdin], [], [], 0)
if len(isReady) != 0:
input = promptAndInput("")
if input == "leave" or input == "exit":
EXIT = True
break
#fileSyncer.onFileUpdate(input)
fileSyncer.face.processEvents()
# We need to sleep for a few milliseconds so we don't use 100% of the CPU.
time.sleep(0.01)
fileSyncer.unsubscribe()
startTime = FileSync.getNowMilliseconds()
while True:
if FileSync.getNowMilliseconds() - startTime >= 1000.0:
break
face.processEvents()
time.sleep(0.01)
# Shutdown all services
fileSyncer.face.shutdown()
fileWatcher.stopFileWatch()
cipher = PKCS1_v1_5.new(self.usr_key)
ciphertext = cipher.encrypt(self.symkey)
symkey_name = self.prefix.append(bytearray(self.timestamp)).append(bytearray(keyid))
symkey_data = Data(symkey_name)
symkey_data.setContent(bytearray(ciphertext))
self.keychain.sign(symkey_data, self.cert_name)
self.publisher.put(symkey_data)
print symkey_data.getName().toUri()
print 'Simple KDS stop'
# Only for testing
if __name__ == "__main__":
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
keyChain = KeyChain(IdentityManager(identityStorage, privateKeyStorage))
key_file = "../keychain/keys/melnitz_root.pem"
f = open(key_file, "r")
key = RSA.importKey(f.read())
keyid = hashlib.sha256(key.publickey().exportKey("DER")).digest()
bld_root = Name("/ndn/ucla.edu/bms/melnitz")
key_name = bld_root.append(bytearray(keyid))
key_pub_der = bytearray(key.publickey().exportKey(format="DER"))
key_pri_der = bytearray(key.exportKey(format="DER"))
identityStorage.addKey(key_name, KeyType.RSA, Blob(key_pub_der))
privateKeyStorage.setKeyPairForKeyName(key_name, key_pub_der, key_pri_der)
cert_name = key_name.getSubName(0, key_name.size() - 1).append(
"KEY").append(key_name[-1]).append("ID-CERT").append("0")
def main():
# Uncomment these lines to print ChronoSync debug messages.
# logging.getLogger('').addHandler(logging.StreamHandler(sys.stdout))
# logging.getLogger('').setLevel(logging.INFO)
screenName = promptAndInput("Enter your chat username: "******"ndn/edu/ucla/remap"
hubPrefix = promptAndInput("Enter your hub prefix [" + defaultHubPrefix +
"]: ")
if hubPrefix == "":
hubPrefix = defaultHubPrefix
defaultChatRoom = "ndnchat"
chatRoom = promptAndInput("Enter the chatroom name [" + defaultChatRoom +
"]: ")
if chatRoom == "":
chatRoom = defaultChatRoom
host = "localhost"
print("Connecting to " + host + ", Chatroom: " + chatRoom +
", Username: "******"")
# Set up the key chain.
face = Face(host)
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
keyChain = KeyChain(IdentityManager(identityStorage, privateKeyStorage),
NoVerifyPolicyManager())
keyChain.setFace(face)
keyName = Name("/testname/DSK-123")
certificateName = keyName.getSubName(
0,
keyName.size() - 1).append("KEY").append(
keyName[-1]).append("ID-CERT").append("0")
identityStorage.addKey(keyName, KeyType.RSA,
Blob(DEFAULT_RSA_PUBLIC_KEY_DER))
privateKeyStorage.setKeyPairForKeyName(keyName, KeyType.RSA,
DEFAULT_RSA_PUBLIC_KEY_DER,
DEFAULT_RSA_PRIVATE_KEY_DER)
face.setCommandSigningInfo(keyChain, certificateName)
chat = Chat(screenName, chatRoom, Name(hubPrefix), face, keyChain,
certificateName)
# The main loop to process Chat while checking stdin to send a message.
print("Enter your chat message. To quit, enter \"leave\" or \"exit\".")
while True:
# Set timeout to 0 for an immediate check.
isReady, _, _ = select.select([sys.stdin], [], [], 0)
if len(isReady) != 0:
input = promptAndInput("")
if input == "leave" or input == "exit":
# We will send the leave message below.
break
chat.sendMessage(input)
face.processEvents()
# We need to sleep for a few milliseconds so we don't use 100% of the CPU.
time.sleep(0.01)
# The user entered the command to leave.
chat.leave()
# Wait a little bit to allow other applications to fetch the leave message.
startTime = Chat.getNowMilliseconds()
while True:
if Chat.getNowMilliseconds() - startTime >= 1000.0:
break
face.processEvents()
time.sleep(0.01)
def main():
interest = Interest()
interest.wireDecode(TlvInterest)
dump("Interest:")
dumpInterest(interest)
# Set the name again to clear the cached encoding so we encode again.
interest.setName(interest.getName())
encoding = interest.wireEncode()
dump("")
dump("Re-encoded interest", encoding.toHex())
reDecodedInterest = Interest()
reDecodedInterest.wireDecode(encoding)
dump("Re-decoded Interest:")
dumpInterest(reDecodedInterest)
freshInterest = (Interest(
Name("/ndn/abc")).setMustBeFresh(False).setMinSuffixComponents(
4).setMaxSuffixComponents(6).setInterestLifetimeMilliseconds(
30000).setChildSelector(1).setMustBeFresh(True))
freshInterest.getKeyLocator().setType(KeyLocatorType.KEY_LOCATOR_DIGEST)
freshInterest.getKeyLocator().setKeyData(
bytearray([
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A,
0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
]))
freshInterest.getExclude().appendComponent(Name("abc")[0]).appendAny()
dump(freshInterest.toUri())
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
keyChain = KeyChain(IdentityManager(identityStorage, privateKeyStorage),
SelfVerifyPolicyManager(identityStorage))
# Initialize the storage.
keyName = Name("/testname/DSK-123")
certificateName = keyName.getSubName(
0,
keyName.size() - 1).append("KEY").append(
keyName[-1]).append("ID-CERT").append("0")
identityStorage.addKey(keyName, KeyType.RSA,
Blob(DEFAULT_RSA_PUBLIC_KEY_DER))
privateKeyStorage.setKeyPairForKeyName(keyName, KeyType.RSA,
DEFAULT_RSA_PUBLIC_KEY_DER,
DEFAULT_RSA_PRIVATE_KEY_DER)
# Make a Face just so that we can sign the interest.
face = Face("localhost")
face.setCommandSigningInfo(keyChain, certificateName)
face.makeCommandInterest(freshInterest)
reDecodedFreshInterest = Interest()
reDecodedFreshInterest.wireDecode(freshInterest.wireEncode())
dump("")
dump("Re-decoded fresh Interest:")
dumpInterest(reDecodedFreshInterest)
keyChain.verifyInterest(reDecodedFreshInterest,
makeOnVerified("Freshly-signed Interest"),
makeOnVerifyFailed("Freshly-signed Interest"))
class BACnetAggregator(BIPSimpleApplication, Logging):
def __init__(self, config):
if _debug: BACnetAggregator._debug("__init__ %r", config)
# get local address from the config file
laddr = config.get('BACpypes', 'address')
# make a local device object
local_device = \
LocalDeviceObject( objectName=config.get('BACpypes','objectName')
, objectIdentifier=config.getint('BACpypes','objectIdentifier')
, maxApduLengthAccepted=config.getint('BACpypes','maxApduLengthAccepted')
, segmentationSupported=config.get('BACpypes','segmentationSupported')
, vendorIdentifier=config.getint('BACpypes','vendorIdentifier')
)
# build a bit string that knows about the bit names
pss = ServicesSupported()
pss['whoIs'] = 1
pss['iAm'] = 1
pss['readProperty'] = 1
pss['writeProperty'] = 1
# set the property value to be just the bits
local_device.protocolServicesSupported = pss.value
# make a simple application
BIPSimpleApplication.__init__(self, local_device, laddr)
# create logger
self.logger = BACnetDataLogger(self, config)
self.loadKey()
# keep track of requests to line up responses
self._request = None
# connect to local repo
self.publisher = RepoSocketPublisher(12345)
self.interval = 5 # in seconds
def loadKey(self):
self.identityStorage = MemoryIdentityStorage()
self.privateKeyStorage = MemoryPrivateKeyStorage()
self.keychain = KeyChain(IdentityManager(self.identityStorage, self.privateKeyStorage))
f = open(key_file, "r")
self.key = RSA.importKey(f.read())
self.key_name = Name(bld_root).append(getKeyID(self.key))
key_pub_der = bytearray(self.key.publickey().exportKey(format="DER"))
key_pri_der = bytearray(self.key.exportKey(format="DER"))
self.identityStorage.addKey(self.key_name, KeyType.RSA, Blob(key_pub_der))
self.privateKeyStorage.setKeyPairForKeyName(self.key_name, key_pub_der, key_pri_der)
self.cert_name = self.key_name.getSubName(0, self.key_name.size() - 1).append(
"KEY").append(self.key_name[-1]).append("ID-CERT").append("0")
print 'KeyName = ' + self.key_name.toUri()
print 'CertName = ' + self.cert_name.toUri()
def publishData(self, name_str, payload, timestamp):
data = Data(Name(name_str).append(bytearray(timestamp)))
iv = Random.new().read(AES.block_size)
encryptor = AES.new(key, AES.MODE_CBC, iv)
data.setContent(bytearray(time_s + iv + encryptor.encrypt(pad(json.dumps(payload)))))
data.getMetaInfo().setFreshnessPeriod(10000)
self.keychain.sign(data, self.cert_name)
self.publisher.put(data)
#print payload
#print 'Publish ' + data.getName().toUri()
def request(self, apdu):
if _debug: BACnetAggregator._debug("request %r", apdu)
# save a copy of the request
self._request = apdu
# forward it along
BIPSimpleApplication.request(self, apdu)
def confirmation(self, apdu):
#print thread.get_ident()
global kds_count, key, time_s, point_count
if _debug: BACnetAggregator._debug("confirmation %r", apdu)
if isinstance(apdu, Error):
sys.stdout.write("error: %s\n" % (apdu.errorCode,))
sys.stdout.flush()
elif isinstance(apdu, AbortPDU):
apdu.debug_contents()
elif (isinstance(self._request, ReadPropertyRequest)) and (isinstance(apdu, ReadPropertyACK)):
# find the datatype
datatype = get_datatype(apdu.objectIdentifier[0], apdu.propertyIdentifier)
BACnetAggregator._debug(" - datatype: %r", datatype)
if not datatype:
raise TypeError, "unknown datatype"
# special case for array parts, others are managed by cast_out
if issubclass(datatype, Array) and (apdu.propertyArrayIndex is not None):
if apdu.propertyArrayIndex == 0:
value = apdu.propertyValue.cast_out(Unsigned)
else:
value = apdu.propertyValue.cast_out(datatype.subtype)
else:
value = apdu.propertyValue.cast_out(datatype)
BACnetAggregator._debug(" - value: %r", value)
#sys.stdout.write(str(value) + '\n')
#sys.stdout.flush()
# KDS
if kds_count % 1200 == 0:
time_t = int(time.time() * 1000)
time_s = struct.pack("!Q", time_t)
key = Random.new().read(32)
kds_thread = kds.SimpleKDSPublisher(Name(bld_root), self.keychain, self.cert_name, key, time_s)
kds_thread.start()
kds_count = 0
kds_count = kds_count + 1
#
now = int(time.time() * 1000) # in milliseconds
payload = {'ts': now, 'val': value}
timestamp = struct.pack("!Q", now)
self.publishData(datapoints[point_count]['prefix'], payload, timestamp)
point_count = (point_count + 1) % len(datapoints)
#
#
# We could move the 'sleep&read' looping into logger thread so
# that we could parallel read and write processes. For now we
# only work on a single thread. The logger thread simply kicks
# off the initial request and then exits.
#
if point_count == 0:
time.sleep(self.interval)
self.logger.do_read()
def indication(self, apdu):
if _debug: BACnetAggregator._debug("indication %r", apdu)
if (isinstance(self._request, WhoIsRequest)) and (isinstance(apdu, IAmRequest)):
device_type, device_instance = apdu.iAmDeviceIdentifier
if device_type != 'device':
raise DecodingError, "invalid object type"
if (self._request.deviceInstanceRangeLowLimit is not None) and \
(device_instance < self._request.deviceInstanceRangeLowLimit):
pass
elif (self._request.deviceInstanceRangeHighLimit is not None) and \
(device_instance > self._request.deviceInstanceRangeHighLimit):
pass
else:
# print out the contents
sys.stdout.write('pduSource = ' + repr(apdu.pduSource) + '\n')
sys.stdout.write('iAmDeviceIdentifier = ' + str(apdu.iAmDeviceIdentifier) + '\n')
sys.stdout.write('maxAPDULengthAccepted = ' + str(apdu.maxAPDULengthAccepted) + '\n')
sys.stdout.write('segmentationSupported = ' + str(apdu.segmentationSupported) + '\n')
sys.stdout.write('vendorID = ' + str(apdu.vendorID) + '\n')
sys.stdout.flush()
# forward it along
BIPSimpleApplication.indication(self, apdu)
def main():
# Uncomment these lines to print ChronoSync debug messages.
# logging.getLogger('').addHandler(logging.StreamHandler(sys.stdout))
# logging.getLogger('').setLevel(logging.INFO)
defaultUserPrefix = "com/newspaper/USER/bob"
userPrefix = promptAndInput("Enter user prefix: [" + defaultUserPrefix + "]")
if userPrefix == "":
userPrefix = defaultUserPrefix
defaultNamespacePrefix = "/ndn/hackathon/cnl-demo/slides" #"com/newspaper"
namespacePrefix = promptAndInput("Enter namespace prefix [" + defaultNamespacePrefix + "]: ")
if namespacePrefix == "":
namespacePrefix = defaultNamespacePrefix
host = "localhost" #"memoria.ndn.ucla.edu"
print("Connecting to " + host)
print("")
# Set up the key chain.
face = Face(host)
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
keyChain = KeyChain(IdentityManager(identityStorage, privateKeyStorage),
NoVerifyPolicyManager())
keyChain.setFace(face)
keyName = Name("/testname/DSK-123")
certificateName = keyName.getSubName(0, keyName.size() - 1).append(
"KEY").append(keyName[-1]).append("ID-CERT").append("0")
identityStorage.addKey(keyName, KeyType.RSA, Blob(DEFAULT_RSA_PUBLIC_KEY_DER))
privateKeyStorage.setKeyPairForKeyName(
keyName, KeyType.RSA, DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER)
face.setCommandSigningInfo(keyChain, certificateName)
newspaper = Namespace(namespacePrefix)
def onContentSet(namespace, contentNamespace, callbackId):
global currentSlideName
if contentNamespace == namespace:
print("content size "+str(contentNamespace.content.size()))
currentSlideName = contentNamespace.getName()
displayImage(contentNamespace.content.toRawStr(), contentNamespace.getName().toUri())
# dump("Got segmented content ", contentNamespace.content.toRawStr())
def onNewName(namespace, addedNamespace, callbackId):
print("namespace ("+addedNamespace.getName().toUri()+") added to "+namespace.getName().toUri())
if addedNamespace.getName().get(-1).isSegment() and addedNamespace.getName().get(-1).toSegment() == 0:
addedNamespace.getParent().addOnContentSet(onContentSet)
SegmentedContent(addedNamespace.getParent()).start()
newspaper.addOnNameAdded(onNewName)
newspaper.setFace(face)
namesync = NameSyncHandler(newspaper, userPrefix, keyChain, certificateName)
# The main loop to process Chat while checking stdin to send a message.
print("Enter your namespace update. To quit, enter \"exit\".")
def process():
# while True:
# Set timeout to 0 for an immediate check.
isReady, _, _ = select.select([sys.stdin], [], [], 0)
if len(isReady) != 0:
input = promptAndInput("")
if input == "exit":
stopGui()
# We will send the leave message below.
# break
# before producer has namespace.publish call, we manually call onNameAdded as a hack to publish
namesync.onNameAdded(None, Namespace(Name(input)), 0, True)
face.processEvents()
if root:
root.after(100, process)
def leftKey(event):
global currentSlideName
allVersions = newspaper.getChildComponents()
currentVersion = currentSlideName[-1]
selected = allVersions[0]
for c in allVersions:
print(str(c.toVersion()))
if c.toVersion() == currentVersion.toVersion():
break
selected = c
currentSlideName = Name(newspaper.getName()).append(selected)
displayImage(newspaper.getChild(selected).content.toRawStr(), currentSlideName.toUri())
def rightKey(event):
global currentSlideName
allVersions = newspaper.getChildComponents()
currentVersion = currentSlideName[-1]
selected = None
for c in allVersions[::-1]:
if c.toVersion() == currentVersion.toVersion():
break
selected = c
if selected:
currentSlideName = Name(newspaper.getName()).append(selected)
displayImage(newspaper.getChild(selected).content.toRawStr(), currentSlideName.toUri())
else:
print("no slides to show")
runGui(process, leftKey, rightKey)
def benchmarkEncodeDataSeconds(nIterations, useComplex, useCrypto):
"""
Loop to encode a data packet nIterations times.
:param int nIterations: The number of iterations.
:param bool useComplex: If true, use a large name, large content and all
fields. If false, use a small name, small content and only required
fields.
:param bool useCrypto: If true, sign the data packet. If false, use a blank
signature.
:return: A tuple (duration, encoding) where duration is the number of
seconds for all iterations and encoding is the wire encoding.
:rtype: (float, Blob)
"""
if useComplex:
# Use a large name and content.
name = Name(
"/ndn/ucla.edu/apps/lwndn-test/numbers.txt/%FD%05%05%E8%0C%CE%1D/%00")
contentString = ""
count = 1
contentString += "%d" % count
count += 1
while len(contentString) < 1115:
contentString += " %d" % count
count += 1
content = Name.fromEscapedString(contentString)
else:
# Use a small name and content.
name = Name("/test")
content = Name.fromEscapedString("abc")
finalBlockId = Name("/%00")[0]
# Initialize the private key storage in case useCrypto is true.
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
keyChain = KeyChain(IdentityManager(identityStorage, privateKeyStorage),
SelfVerifyPolicyManager(identityStorage))
keyName = Name("/testname/DSK-123")
certificateName = keyName.getSubName(0, keyName.size() - 1).append(
"KEY").append(keyName[-1]).append("ID-CERT").append("0")
identityStorage.addKey(keyName, KeyType.RSA, Blob(DEFAULT_RSA_PUBLIC_KEY_DER))
privateKeyStorage.setKeyPairForKeyName(
keyName, KeyType.RSA, DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER)
# Set up signatureBits in case useCrypto is false.
signatureBits = Blob(bytearray(256))
emptyBlob = Blob([])
start = getNowSeconds()
for i in range(nIterations):
data = Data(name)
data.setContent(content)
if useComplex:
data.getMetaInfo().setFreshnessPeriod(1000)
data.getMetaInfo().setFinalBlockId(finalBlockId)
if useCrypto:
# This sets the signature fields.
keyChain.sign(data, certificateName)
else:
# Imitate IdentityManager.signByCertificate to set up the signature
# fields, but don't sign.
sha256Signature = data.getSignature()
keyLocator = sha256Signature.getKeyLocator()
keyLocator.setType(KeyLocatorType.KEYNAME)
keyLocator.setKeyName(certificateName)
sha256Signature.setSignature(signatureBits)
encoding = data.wireEncode()
finish = getNowSeconds()
return (finish - start, encoding)
def onInterest(self, prefix, interest, transport, registeredPrefixId):
self.dump("Interest received from repo, name:", interest.getName().toUri())
def onRegisterFailed(self, prefix):
self.dump("Data prefix registration failed.")
if __name__ == '__main__':
rp = RepoCommandParameter()
dataPrefix = Name("/example/data/1/test/test1")
rp.setName(dataPrefix)
rp.setStartBlockId(0)
interest = Interest(Name("/example/repo/1").append("insert").append(rp.wireEncode()))
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
keyChain = KeyChain(IdentityManager(identityStorage, privateKeyStorage),
SelfVerifyPolicyManager(identityStorage))
# Initialize the storage.
keyName = Name("/testname/DSK-123")
certificateName = keyName.getSubName(0, keyName.size() - 1).append(
"KEY").append(keyName[-1]).append("ID-CERT").append("0")
identityStorage.addKey(keyName, KeyType.RSA, Blob(DEFAULT_RSA_PUBLIC_KEY_DER))
privateKeyStorage.setKeyPairForKeyName(
keyName, KeyType.RSA, DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER)
# Make a Face just so that we can sign the interest.
face = Face("localhost")
face.setCommandSigningInfo(keyChain, certificateName)
class TestRegexMatching(ut.TestCase):
def _certNameFromKeyName(self, keyName, keyIdx=-1):
return keyName[:keyIdx].append("KEY").append(keyName[keyIdx:]).\
append("ID-CERT").append("0")
def setUp(self):
# set up the keychain so we can sign data
self.identityStorage = MemoryIdentityStorage()
self.privateKeyStorage = MemoryPrivateKeyStorage()
self.keyChain = KeyChain(IdentityManager(self.identityStorage, self.privateKeyStorage))
self.privateKeyStorage = MemoryPrivateKeyStorage()
# not using keychain for verification so we don't need to set the
# policy manager
self.keyChain = KeyChain(IdentityManager(self.identityStorage, self.privateKeyStorage))
self.identityName = Name('/SecurityTestSecRule/Basic/Longer')
keyName = Name(self.identityName).append('ksk-2439872')
self.defaultCertName = self._certNameFromKeyName(keyName)
self.identityStorage.addKey(keyName, KeyType.RSA, Blob(DEFAULT_RSA_PUBLIC_KEY_DER))
self.privateKeyStorage.setKeyPairForKeyName(
keyName, KeyType.RSA, DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER)
keyName = Name('/SecurityTestSecRule/Basic/ksk-0923489')
self.identityStorage.addKey(keyName, KeyType.RSA, Blob(DEFAULT_RSA_PUBLIC_KEY_DER))
self.privateKeyStorage.setKeyPairForKeyName(
keyName, KeyType.RSA, DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER)
self.shortCertName = self._certNameFromKeyName(keyName, -2)
def test_name_relation(self):
policyManagerPrefix = ConfigPolicyManager("policy_config/relation_ruleset_prefix.conf")
policyManagerStrict = ConfigPolicyManager("policy_config/relation_ruleset_strict.conf")
policyManagerEqual = ConfigPolicyManager("policy_config/relation_ruleset_equal.conf")
dataName = Name('/TestRule1')
self.assertIsNotNone(
policyManagerPrefix._findMatchingRule(dataName, 'data'),
"Prefix relation should match prefix name")
self.assertIsNotNone(
policyManagerEqual._findMatchingRule(dataName, 'data'),
"Equal relation should match prefix name")
self.assertIsNone(
policyManagerStrict._findMatchingRule(dataName, 'data'),
"Strict-prefix relation should not match prefix name")
dataName = Name('/TestRule1/hi')
self.assertIsNotNone(
policyManagerPrefix._findMatchingRule(dataName, 'data'),
"Prefix relation should match longer name")
self.assertIsNone(
policyManagerEqual._findMatchingRule(dataName, 'data'),
"Equal relation should not match longer name")
self.assertIsNotNone(
policyManagerStrict._findMatchingRule(dataName, 'data'),
"Strict-prefix relation should match longer name")
dataName = Name('/Bad/TestRule1/')
self.assertIsNone(
policyManagerPrefix._findMatchingRule(dataName, 'data'),
"Prefix relation should not match inner components")
self.assertIsNone(
policyManagerEqual._findMatchingRule(dataName, 'data'),
"Equal relation should not match inner components")
self.assertIsNone(
policyManagerStrict._findMatchingRule(dataName, 'data'),
"Strict-prefix relation should not match inner components")
def test_simple_regex(self):
policyManager = ConfigPolicyManager("policy_config/regex_ruleset.conf")
dataName1 = Name('/SecurityTestSecRule/Basic')
dataName2 = Name('/SecurityTestSecRule/Basic/More')
dataName3 = Name('/SecurityTestSecRule/')
dataName4 = Name('/SecurityTestSecRule/Other/TestData')
dataName5 = Name('/Basic/Data')
matchedRule1 = policyManager._findMatchingRule(dataName1, 'data')
matchedRule2 = policyManager._findMatchingRule(dataName2, 'data')
matchedRule3 = policyManager._findMatchingRule(dataName3, 'data')
matchedRule4 = policyManager._findMatchingRule(dataName4, 'data')
matchedRule5 = policyManager._findMatchingRule(dataName5, 'data')
self.assertIsNotNone(matchedRule1)
self.assertIsNone(matchedRule2)
self.assertIsNotNone(matchedRule3)
self.assertNotEqual(matchedRule3, matchedRule1,
"Rule regex matched extra components")
self.assertIsNotNone(matchedRule4)
self.assertNotEqual(matchedRule4, matchedRule1,
"Rule regex matched with missing component")
self.assertIsNone(matchedRule5)
def test_checker_hierarchical(self):
policyManager = ConfigPolicyManager("policy_config/hierarchical_ruleset.conf")
dataName1 = Name('/SecurityTestSecRule/Basic/Data1')
dataName2 = Name('/SecurityTestSecRule/Basic/Longer/Data2')
data1 = Data(dataName1)
data2 = Data(dataName2)
matchedRule = policyManager._findMatchingRule(dataName1, 'data')
self.assertEqual(matchedRule,
policyManager._findMatchingRule(dataName2, 'data'))
self.keyChain.sign(data1, self.defaultCertName)
self.keyChain.sign(data2, self.defaultCertName)
signatureName1 = data1.getSignature().getKeyLocator().getKeyName()
signatureName2 = data2.getSignature().getKeyLocator().getKeyName()
self.assertFalse(policyManager._checkSignatureMatch(signatureName1,
dataName1, matchedRule),
"Hierarchical matcher matched short data name to long key name")
self.assertTrue(policyManager._checkSignatureMatch(signatureName2,
dataName2, matchedRule))
self.keyChain.sign(data1, self.shortCertName)
self.keyChain.sign(data2, self.shortCertName)
signatureName1 = data1.getSignature().getKeyLocator().getKeyName()
signatureName2 = data2.getSignature().getKeyLocator().getKeyName()
self.assertTrue(policyManager._checkSignatureMatch(signatureName1,
dataName1, matchedRule))
self.assertTrue(policyManager._checkSignatureMatch(signatureName2,
dataName2, matchedRule))
def test_hyperrelation(self):
policyManager = ConfigPolicyManager("policy_config/hyperrelation_ruleset.conf")
dataName = Name('/SecurityTestSecRule/Basic/Longer/Data2')
data1 = Data(dataName)
data2 = Data(dataName)
matchedRule = policyManager._findMatchingRule(dataName, 'data')
self.keyChain.sign(data1, self.defaultCertName)
self.keyChain.sign(data2, self.shortCertName)
signatureName1 = data1.getSignature().getKeyLocator().getKeyName()
signatureName2 = data2.getSignature().getKeyLocator().getKeyName()
self.assertTrue(policyManager._checkSignatureMatch(signatureName1,
dataName, matchedRule))
self.assertFalse(policyManager._checkSignatureMatch(signatureName2,
dataName, matchedRule))
dataName = Name('/SecurityTestSecRule/Basic/Other/Data1')
data1 = Data(dataName)
data2 = Data(dataName)
matchedRule = policyManager._findMatchingRule(dataName, 'data')
self.keyChain.sign(data1, self.defaultCertName)
self.keyChain.sign(data2, self.shortCertName)
signatureName1 = data1.getSignature().getKeyLocator().getKeyName()
signatureName2 = data2.getSignature().getKeyLocator().getKeyName()
self.assertFalse(policyManager._checkSignatureMatch(signatureName1,
dataName, matchedRule))
self.assertTrue(policyManager._checkSignatureMatch(signatureName2,
dataName, matchedRule))
def test_interest_matching(self):
# make sure we chop off timestamp, nonce, and signature info from
# signed interests
pass
class TestConfigPolicyManager(ut.TestCase):
def setUp(self):
testCertDirectory = 'policy_config/certs'
self.testCertFile = os.path.join(testCertDirectory, 'test.cert')
self.identityStorage = MemoryIdentityStorage()
self.privateKeyStorage = MemoryPrivateKeyStorage()
self.identityManager = IdentityManager(self.identityStorage,
self.privateKeyStorage)
self.policyManager = ConfigPolicyManager('policy_config/simple_rules.conf')
self.identityName = Name('/TestConfigPolicyManager/temp')
# to match the anchor cert
keyName = Name(self.identityName).append('ksk-1416010123')
self.privateKeyStorage.setKeyPairForKeyName(
keyName, KeyType.RSA, TEST_RSA_PUBLIC_KEY_DER, TEST_RSA_PRIVATE_KEY_DER)
self.identityStorage.addKey(
keyName, KeyType.RSA, Blob(TEST_RSA_PUBLIC_KEY_DER))
cert = self.identityManager.selfSign(keyName)
self.identityStorage.setDefaultKeyNameForIdentity(keyName)
self.identityManager.addCertificateAsDefault(cert)
self.keyChain = KeyChain(self.identityManager, self.policyManager)
self.keyName = keyName
self.face = Face()
def tearDown(self):
self.privateKeyStorage.deleteKeyPair(self.keyName)
self.face.shutdown()
try:
os.remove(self.testCertFile)
except OSError:
pass
def test_no_verify(self):
policyManager = NoVerifyPolicyManager()
identityName = Name('TestValidator/Null').appendVersion(int(time.time()))
keyChain = KeyChain(self.identityManager, policyManager)
keyChain.createIdentityAndCertificate(identityName)
data = Data(Name(identityName).append('data'))
keyChain.signByIdentity(data, identityName)
vr = doVerify(policyManager, data)
self.assertFalse(vr.hasFurtherSteps,
"NoVerifyPolicyManager returned a ValidationRequest")
self.assertEqual(vr.failureCount, 0,
"Verification failed with NoVerifyPolicyManager")
self.assertEqual(vr.successCount, 1,
"Verification success called {} times instead of 1".format(
vr.successCount))
def test_self_verification(self):
policyManager = SelfVerifyPolicyManager(self.identityStorage)
keyChain = KeyChain(self.identityManager, policyManager)
identityName = Name('TestValidator/RsaSignatureVerification')
keyChain.createIdentityAndCertificate(identityName)
data = Data(Name('/TestData/1'))
keyChain.signByIdentity(data, identityName)
vr = doVerify(policyManager, data)
self.assertFalse(vr.hasFurtherSteps,
"SelfVerifyPolicyManager returned a ValidationRequest")
self.assertEqual(vr.failureCount, 0,
"Verification of identity-signed data failed")
self.assertEqual(vr.successCount, 1,
"Verification success called {} times instead of 1".format(
vr.successCount))
data2 = Data(Name('/TestData/2'))
vr = doVerify(policyManager,
data2)
self.assertFalse(vr.hasFurtherSteps,
"SelfVerifyPolicyManager returned a ValidationRequest")
self.assertEqual(vr.successCount, 0,
"Verification of unsigned data succeeded")
self.assertEqual(vr.failureCount, 1,
"Verification failure callback called {} times instead of 1".format(
vr.failureCount))
def test_interest_timestamp(self):
interestName = Name('/ndn/ucla/edu/something')
certName = self.identityManager.getDefaultCertificateNameForIdentity(
self.identityName)
self.face.setCommandSigningInfo(self.keyChain, certName)
oldInterest = Interest(interestName)
self.face.makeCommandInterest(oldInterest)
time.sleep(0.1) # make sure timestamps are different
newInterest = Interest(interestName)
self.face.makeCommandInterest(newInterest)
vr = doVerify(self.policyManager,
newInterest)
self.assertFalse(vr.hasFurtherSteps,
"ConfigPolicyManager returned ValidationRequest but certificate is known")
self.assertEqual(vr.failureCount, 0,
"Verification of valid interest failed")
self.assertEqual(vr.successCount, 1,
"Verification success called {} times instead of 1".format(
vr.successCount))
vr = doVerify(self.policyManager,
oldInterest)
self.assertFalse(vr.hasFurtherSteps,
"ConfigPolicyManager returned ValidationRequest but certificate is known")
self.assertEqual(vr.successCount, 0,
"Verification of stale interest succeeded")
self.assertEqual(vr.failureCount, 1,
"Failure callback called {} times instead of 1".format(
vr.failureCount))
def _removeFile(self, filename):
try:
os.remove(filename)
except OSError:
# no such file
pass
def test_refresh_10s(self):
with open('policy_config/testData', 'r') as dataFile:
encodedData = dataFile.read()
data = Data()
dataBlob = Blob(b64decode(encodedData))
data.wireDecode(dataBlob)
# needed, since the KeyChain will express interests in unknown
# certificates
vr = doVerify(self.policyManager, data)
self.assertTrue(vr.hasFurtherSteps,
"ConfigPolicyManager did not create ValidationRequest for unknown certificate")
self.assertEqual(vr.successCount, 0,
"ConfigPolicyManager called success callback with pending ValidationRequest")
self.assertEqual(vr.failureCount, 0,
"ConfigPolicyManager called failure callback with pending ValidationRequest")
# now save the cert data to our anchor directory, and wait
# we have to sign it with the current identity or the
# policy manager will create an interest for the signing certificate
with open(self.testCertFile, 'w') as certFile:
cert = IdentityCertificate()
certData = b64decode(CERT_DUMP)
cert.wireDecode(Blob(certData, False))
self.keyChain.signByIdentity(cert, self.identityName)
encodedCert = b64encode(cert.wireEncode().toBytes())
certFile.write(Blob(encodedCert, False).toRawStr())
# still too early for refresh to pick it up
vr = doVerify(self.policyManager, data)
self.assertTrue(vr.hasFurtherSteps,
"ConfigPolicyManager refresh occured sooner than specified")
self.assertEqual(vr.successCount, 0,
"ConfigPolicyManager called success callback with pending ValidationRequest")
self.assertEqual(vr.failureCount, 0,
"ConfigPolicyManager called failure callback with pending ValidationRequest")
time.sleep(6)
# now we should find it
vr = doVerify(self.policyManager, data)
self.assertFalse(vr.hasFurtherSteps,
"ConfigPolicyManager did not refresh certificate store")
self.assertEqual(vr.successCount, 1,
"Verification success called {} times instead of 1".format(
vr.successCount))
self.assertEqual(vr.failureCount, 0,
"ConfigPolicyManager did not verify valid signed data")
class SensorDataLogger:
def __init__(self, data_interval):
# connect to modbus
self.master = modbus_tcp.TcpMaster("172.17.66.246", 502)
# self.master.set_timeout(120) # in seconds
# connect to local repo
self.publisher = RepoSocketPublisher(12345)
self.prefix = "/ndn/ucla.edu/bms/strathmore/data/demand"
self.interval = data_interval # in seconds
self.loadKey()
def loadKey(self):
self.identityStorage = MemoryIdentityStorage()
self.privateKeyStorage = MemoryPrivateKeyStorage()
self.keychain = KeyChain(IdentityManager(self.identityStorage, self.privateKeyStorage))
f = open(key_file, "r")
self.key = RSA.importKey(f.read())
self.key_name = Name(bld_root).append(getKeyID(self.key))
key_pub_der = bytearray(self.key.publickey().exportKey(format="DER"))
key_pri_der = bytearray(self.key.exportKey(format="DER"))
self.identityStorage.addKey(self.key_name, KeyType.RSA, Blob(key_pub_der))
self.privateKeyStorage.setKeyPairForKeyName(self.key_name, key_pub_der, key_pri_der)
self.cert_name = self.key_name.getSubName(0, self.key_name.size() - 1).append(
"KEY").append(self.key_name[-1]).append("ID-CERT").append("0")
print 'KeyName = ' + self.key_name.toUri()
print 'CertName = ' + self.cert_name.toUri()
def publishData(self, key, key_ts, payload, timestamp):
data = Data(Name(self.prefix).append(bytearray(timestamp)))
iv = Random.new().read(AES.block_size)
encryptor = AES.new(key, AES.MODE_CBC, iv)
data.setContent(bytearray(key_ts + iv + encryptor.encrypt(pad(json.dumps(payload)))))
data.getMetaInfo().setFreshnessPeriod(5000)
self.keychain.sign(data, self.cert_name)
self.publisher.put(data)
#print payload
#print data.getName().toUri()
def run(self):
key_ts = struct.pack('!Q', int(time.time() * 1000))
key = Random.new().read(32)
kds_count = -1
while (True):
# KDS
kds_count = kds_count + 1
if kds_count % 120 == 0:
key_ts = struct.pack("!Q", int(time.time() * 1000))
key = Random.new().read(32)
kds_thread = kds.SimpleKDSPublisher(Name(bld_root), self.keychain, self.cert_name, key, key_ts)
kds_thread.start()
kds_count = 0
# Data
now = int(time.time() * 1000) # in milliseconds
a = self.master.execute(100, cst.READ_HOLDING_REGISTERS, 166, 1)
b = self.master.execute(100, cst.READ_HOLDING_REGISTERS, 167, 1)
vln = (b[0] << 16) + a[0]
c = self.master.execute(1, cst.READ_HOLDING_REGISTERS, 150, 1)
la = c[0]
payload = {'ts': now, 'vlna': vln, 'la': la}
timestamp = struct.pack("!Q", now) # timestamp is in milliseconds
self.publishData(key, key_ts, payload, timestamp)
time.sleep(self.interval)