diff options
| author |   Luca Muscariello <muscariello@ieee.org> | 2022-04-22 17:55:01 +0200 |
|---|---|---|
| committer |   Mauro Sardara <msardara@cisco.com> | 2022-04-26 15:30:21 +0200 |
| commit | a1ac96f497719b897793ac14b287cb8d840651c1 (patch) | |
| tree | 12c608fe352c21d944b0340ce8d3f0be0fb23b11 /libtransport/src/auth/verifier.cc | |
| parent | 1ac07d842a3a6ce0fb7fa4039241c8ec1a71419b (diff) | |
HICN-722: Updates on transport, RTC, manifest usage for RTC, infra.
Co-authored-by: Mauro Sardara <msardara@cisco.com>
Co-authored-by: Jordan Augé <jordan.auge+fdio@cisco.com>
Co-authored-by: Michele Papalini <micpapal@cisco.com>
Co-authored-by: Angelo Mantellini <manangel@cisco.com>
Co-authored-by: Jacques Samain <jsamain@cisco.com>
Co-authored-by: Olivier Roques <oroques+fdio@cisco.com>
Co-authored-by: Enrico Loparco <eloparco@cisco.com>
Co-authored-by: Giulio Grassi <gigrassi@cisco.com>
manifest: optimize manifest processing
manifest: add FEC parameters to manifests
manifest: refactor verification process
manifest: report auth alerts in hiperf instead of aborting
manifest: remove FEC buffer callback in consumer
manifest: refactor and enable manifests by default
manifest: update manifest header with transport parameters
manifest: batch interests for first manifest from RTC producer
manifest: refactor processing of RTC manifests
manifest: update manifest-related socket options of consumers
manifest: update unit tests for manifests
manifest: pack manifest headers
manifest: verify FEC packets
auth: add consumer socket option to set max unverified delay
manifest: process manifests after full FEC decoding
manifest: manage forward jumps in RTC verifier
fec: remove useless fec codes
rs: add new code rate
rs: add new code rate
rs: add new code rate
rs: add new code rate
libtransport: increase internal packet cache size
remove internal cisco info in cmake
manifest: add option to set manifest capacity
data_input_node.c: add information about adj_index[VLIB_RX] on received data packetsi
sysrepo plugin: update build
Change-Id: I0cf64d91bd0a1b7cad4eeaa9871f58f5f10434af
Signed-off-by: Mauro Sardara <msardara@cisco.com>
Signed-off-by: Luca Muscariello <muscariello@ieee.org>
Diffstat (limited to 'libtransport/src/auth/verifier.cc')
| -rw-r--r-- | libtransport/src/auth/verifier.cc | 49 |
1 files changed, 30 insertions, 19 deletions
diff --git a/libtransport/src/auth/verifier.cc b/libtransport/src/auth/verifier.cc index 0c35437f3..5d5f01711 100644 --- a/libtransport/src/auth/verifier.cc +++ b/libtransport/src/auth/verifier.cc @@ -14,8 +14,11 @@ */ #include <hicn/transport/auth/verifier.h> +#include <hicn/transport/core/global_object_pool.h> #include <protocols/errors.h> +#include "glog/logging.h" + namespace transport { namespace auth { @@ -49,8 +52,10 @@ bool Verifier::verifyPacket(PacketPtr packet) { hicn_packet_copy_header(format, packet->packet_start_, &header_copy, false); // Retrieve packet signature - std::vector<uint8_t> signature_raw = packet->getSignature(); - signature_raw.resize(packet->getSignatureSize()); + utils::MemBuf::Ptr signature_raw = packet->getSignature(); + std::size_t signature_len = packet->getSignatureSize(); + DCHECK(signature_len <= signature_raw->tailroom()); + signature_raw->setLength(signature_len); // Reset fields that are not used to compute signature packet->resetForHash(); @@ -62,7 +67,7 @@ bool Verifier::verifyPacket(PacketPtr packet) { // Restore header hicn_packet_copy_header(format, &header_copy, packet->packet_start_, false); packet->setSignature(signature_raw); - packet->setSignatureSize(signature_raw.size()); + packet->setSignatureSize(signature_raw->length()); return valid_packet; } @@ -165,13 +170,13 @@ void Verifier::callVerificationFailedCallback(Suffix suffix, bool VoidVerifier::verifyPacket(PacketPtr packet) { return true; } bool VoidVerifier::verifyBuffer(const std::vector<uint8_t> &buffer, - const std::vector<uint8_t> &signature, + const utils::MemBuf::Ptr &signature, CryptoHashType hash_type) { return true; } bool VoidVerifier::verifyBuffer(const utils::MemBuf *buffer, - const std::vector<uint8_t> &signature, + const utils::MemBuf::Ptr &signature, CryptoHashType hash_type) { return true; } @@ -232,7 +237,7 @@ void AsymmetricVerifier::useCertificate(std::shared_ptr<X509> cert) { } bool AsymmetricVerifier::verifyBuffer(const std::vector<uint8_t> &buffer, - const std::vector<uint8_t> &signature, + const utils::MemBuf::Ptr &signature, CryptoHashType hash_type) { CryptoHashEVP hash_evp = CryptoHash::getEVP(hash_type); @@ -255,12 +260,12 @@ bool AsymmetricVerifier::verifyBuffer(const std::vector<uint8_t> &buffer, throw errors::RuntimeException("Digest update failed"); } - return EVP_DigestVerifyFinal(mdctx.get(), signature.data(), - signature.size()) == 1; + return EVP_DigestVerifyFinal(mdctx.get(), signature->data(), + signature->length()) == 1; } bool AsymmetricVerifier::verifyBuffer(const utils::MemBuf *buffer, - const std::vector<uint8_t> &signature, + const utils::MemBuf::Ptr &signature, CryptoHashType hash_type) { CryptoHashEVP hash_evp = CryptoHash::getEVP(hash_type); @@ -288,8 +293,8 @@ bool AsymmetricVerifier::verifyBuffer(const utils::MemBuf *buffer, p = p->next(); } while (p != buffer); - return EVP_DigestVerifyFinal(mdctx.get(), signature.data(), - signature.size()) == 1; + return EVP_DigestVerifyFinal(mdctx.get(), signature->data(), + signature->length()) == 1; } // --------------------------------------------------------- @@ -309,7 +314,7 @@ void SymmetricVerifier::setPassphrase(const std::string &passphrase) { } bool SymmetricVerifier::verifyBuffer(const std::vector<uint8_t> &buffer, - const std::vector<uint8_t> &signature, + const utils::MemBuf::Ptr &signature, CryptoHashType hash_type) { CryptoHashEVP hash_evp = CryptoHash::getEVP(hash_type); @@ -317,7 +322,9 @@ bool SymmetricVerifier::verifyBuffer(const std::vector<uint8_t> &buffer, throw errors::RuntimeException("Unknown hash type"); } - std::vector<uint8_t> signature_bis(signature.size()); + const utils::MemBuf::Ptr &signature_bis = + core::PacketManager<>::getInstance().getMemBuf(); + signature_bis->append(signature->length()); size_t signature_bis_len; std::shared_ptr<EVP_MD_CTX> mdctx(EVP_MD_CTX_create(), EVP_MD_CTX_free); @@ -334,16 +341,17 @@ bool SymmetricVerifier::verifyBuffer(const std::vector<uint8_t> &buffer, throw errors::RuntimeException("Digest update failed"); } - if (EVP_DigestSignFinal(mdctx.get(), signature_bis.data(), + if (EVP_DigestSignFinal(mdctx.get(), signature_bis->writableData(), &signature_bis_len) != 1) { throw errors::RuntimeException("Digest computation failed"); } - return signature == signature_bis && signature.size() == signature_bis_len; + return signature->length() == signature_bis_len && + *signature == *signature_bis; } bool SymmetricVerifier::verifyBuffer(const utils::MemBuf *buffer, - const std::vector<uint8_t> &signature, + const utils::MemBuf::Ptr &signature, CryptoHashType hash_type) { CryptoHashEVP hash_evp = CryptoHash::getEVP(hash_type); @@ -352,7 +360,9 @@ bool SymmetricVerifier::verifyBuffer(const utils::MemBuf *buffer, } const utils::MemBuf *p = buffer; - std::vector<uint8_t> signature_bis(signature.size()); + const utils::MemBuf::Ptr &signature_bis = + core::PacketManager<>::getInstance().getMemBuf(); + signature_bis->append(signature->length()); size_t signature_bis_len; std::shared_ptr<EVP_MD_CTX> mdctx(EVP_MD_CTX_create(), EVP_MD_CTX_free); @@ -373,12 +383,13 @@ bool SymmetricVerifier::verifyBuffer(const utils::MemBuf *buffer, p = p->next(); } while (p != buffer); - if (EVP_DigestSignFinal(mdctx.get(), signature_bis.data(), + if (EVP_DigestSignFinal(mdctx.get(), signature_bis->writableData(), &signature_bis_len) != 1) { throw errors::RuntimeException("Digest computation failed"); } - return signature == signature_bis && signature.size() == signature_bis_len; + return signature->length() == signature_bis_len && + *signature == *signature_bis; } } // namespace auth |