aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMauro Sardara <msardara@cisco.com>2019-02-12 00:07:11 +0100
committerMauro Sardara <msardara@cisco.com>2019-02-12 16:17:06 +0000
commit45ae2768f2842cc55f153a71fa66b1d3e25e9ab7 (patch)
tree64c37894239daf920cd50d886e918271106d14b8
parentfbd4dd9c5eba6f8f10bcc0db30a72ea3378c149b (diff)
[HICN-52] Fix signature computation and verification in libtransport
Change-Id: I9b30a9c9e95e2cb2f135fe7efd43e633235196d9 Signed-off-by: Mauro Sardara <msardara@cisco.com>
-rw-r--r--lib/src/protocol/ah.c30
-rw-r--r--libtransport/src/hicn/transport/core/packet.cc21
-rw-r--r--libtransport/src/hicn/transport/utils/signer.cc25
-rw-r--r--libtransport/src/hicn/transport/utils/verifier.cc29
-rw-r--r--utils/src/ping_server.cc4
5 files changed, 60 insertions, 49 deletions
diff --git a/lib/src/protocol/ah.c b/lib/src/protocol/ah.c
index 8bd9bca83..5a30f66f6 100644
--- a/lib/src/protocol/ah.c
+++ b/lib/src/protocol/ah.c
@@ -144,8 +144,7 @@ ah_get_header_length (hicn_type_t type, const hicn_protocol_t * h,
}
int
-ah_get_signature (hicn_type_t type, hicn_protocol_t * h,
- uint8_t ** signature)
+ah_get_signature (hicn_type_t type, hicn_protocol_t * h, uint8_t ** signature)
{
*signature = h->ah.validationPayload;
return HICN_LIB_ERROR_NONE;
@@ -163,29 +162,31 @@ int
ah_set_signature_size (hicn_type_t type, hicn_protocol_t * h,
const size_t signature_size)
{
- h->ah.payloadlen = (u8)(signature_size >> 2);
+ h->ah.payloadlen = (u8) (signature_size >> 2);
return HICN_LIB_ERROR_NONE;
}
int
-ah_set_signature_timestamp(hicn_type_t type, hicn_protocol_t * h,
- uint64_t signature_timestamp)
+ah_set_signature_timestamp (hicn_type_t type, hicn_protocol_t * h,
+ uint64_t signature_timestamp)
{
- memcpy(h->ah.timestamp_as_u8, &signature_timestamp, 8);
+ uint64_t netwok_order_timestamp = htonll (signature_timestamp);
+ memcpy (h->ah.timestamp_as_u8, &netwok_order_timestamp, sizeof (uint64_t));
return HICN_LIB_ERROR_NONE;
}
int
ah_get_signature_timestamp (hicn_type_t type, const hicn_protocol_t * h,
- uint64_t * signature_timestamp)
+ uint64_t * signature_timestamp)
{
- memcpy(signature_timestamp, h->ah.timestamp_as_u8, 8);
+ memcpy (signature_timestamp, h->ah.timestamp_as_u8, sizeof (uint64_t));
+ *signature_timestamp = ntohll (*signature_timestamp);
return HICN_LIB_ERROR_NONE;
}
int
ah_set_validation_algorithm (hicn_type_t type, hicn_protocol_t * h,
- uint8_t validation_algorithm)
+ uint8_t validation_algorithm)
{
h->ah.validationAlgorithm = validation_algorithm;
return HICN_LIB_ERROR_NONE;
@@ -193,26 +194,25 @@ ah_set_validation_algorithm (hicn_type_t type, hicn_protocol_t * h,
int
ah_get_validation_algorithm (hicn_type_t type, const hicn_protocol_t * h,
- uint8_t * validation_algorithm)
+ uint8_t * validation_algorithm)
{
*validation_algorithm = h->ah.validationAlgorithm;
return HICN_LIB_ERROR_NONE;
}
int
-ah_set_key_id (hicn_type_t type, hicn_protocol_t * h,
- uint8_t *key_id)
+ah_set_key_id (hicn_type_t type, hicn_protocol_t * h, uint8_t * key_id)
{
- memcpy(h->ah.keyId, key_id, sizeof(h->ah.keyId));
+ memcpy (h->ah.keyId, key_id, sizeof (h->ah.keyId));
return HICN_LIB_ERROR_NONE;
}
int
ah_get_key_id (hicn_type_t type, hicn_protocol_t * h,
- uint8_t **key_id, uint8_t *key_id_size)
+ uint8_t ** key_id, uint8_t * key_id_size)
{
*key_id = h->ah.keyId;
- *key_id_size = sizeof(h->ah.keyId);
+ *key_id_size = sizeof (h->ah.keyId);
return HICN_LIB_ERROR_NONE;
}
diff --git a/libtransport/src/hicn/transport/core/packet.cc b/libtransport/src/hicn/transport/core/packet.cc
index 761668116..b3e5526ab 100644
--- a/libtransport/src/hicn/transport/core/packet.cc
+++ b/libtransport/src/hicn/transport/core/packet.cc
@@ -52,14 +52,13 @@ Packet::Packet(MemBufPtr &&buffer)
payload_head_(nullptr),
format_(getFormatFromBuffer(packet_start_)) {
int signature_size = 0;
+
if (_is_ah(format_)) {
signature_size = (uint32_t)getSignatureSize();
}
auto header_size = getHeaderSizeFromFormat(format_, signature_size);
-
- auto payload_length = packet_->length() - header_size - signature_size;
-
+ auto payload_length = packet_->length() - header_size;
if (!payload_length) {
return;
}
@@ -69,7 +68,7 @@ Packet::Packet(MemBufPtr &&buffer)
if (payload_length) {
auto payload = packet_->cloneOne();
payload_head_ = payload.get();
- payload_head_->advance(header_size + signature_size);
+ payload_head_->advance(header_size);
payload_head_->append(payload_length);
packet_->prependChain(std::move(payload));
packet_->append(header_size);
@@ -264,12 +263,15 @@ Packet::Format Packet::getFormat() const {
const std::shared_ptr<utils::MemBuf> Packet::data() { return packet_; }
void Packet::dump() const {
- TRANSPORT_LOGI("The header length is: %zu", headerSize());
- TRANSPORT_LOGI("The payload length is: %zu", payloadSize());
- std::cerr << std::endl;
+ std::cout << "HEADER -- Length: " << headerSize() << std::endl;
+ hicn_packet_dump((uint8_t *)header_head_->data(), headerSize());
- hicn_packet_dump((uint8_t *)packet_->data(), headerSize());
- // hicn_packet_dump((uint8_t *)packet_->next()->data(), payloadSize());
+ std::cout << std::endl << "PAYLOAD -- Length: " << payloadSize() << std::endl;
+ for (utils::MemBuf *current = payload_head_;
+ current && current != header_head_; current = current->next()) {
+ std::cout << "First MemBuf Length: " << current->length() << std::endl;
+ hicn_packet_dump((uint8_t *)current->data(), current->length());
+ }
}
void Packet::setSignatureSize(std::size_t size_bytes) {
@@ -281,6 +283,7 @@ void Packet::setSignatureSize(std::size_t size_bytes) {
}
packet_->append(size_bytes);
+ updateLength();
}
uint8_t *Packet::getSignature() const {
diff --git a/libtransport/src/hicn/transport/utils/signer.cc b/libtransport/src/hicn/transport/utils/signer.cc
index 22bdf54d0..d3a322a5e 100644
--- a/libtransport/src/hicn/transport/utils/signer.cc
+++ b/libtransport/src/hicn/transport/utils/signer.cc
@@ -87,12 +87,17 @@ void Signer::sign(Packet &packet) {
throw errors::MalformedAHPacketException();
}
+ packet.setSignatureSize(sign_len_bytes);
+
// Copy IP+TCP/ICMP header before zeroing them
hicn_header_t header_copy;
- if (format & HFO_INET) {
- memcpy(&header_copy, hicn_packet, sizeof(hicn_v4_hdr_t));
- } else if (format & HFO_INET6) {
- memcpy(&header_copy, hicn_packet, sizeof(hicn_v6_hdr_t));
+ if (format == HF_INET_TCP_AH) {
+ memcpy(&header_copy, hicn_packet, HICN_V4_TCP_HDRLEN);
+ } else if (format == HF_INET6_TCP_AH) {
+ memcpy(&header_copy, hicn_packet, HICN_V6_TCP_HDRLEN);
+ } else {
+ throw errors::RuntimeException(
+ "Signer::sign -- Packet format not expected.");
}
std::size_t header_len = Packet::getHeaderSizeFromFormat(format);
@@ -104,7 +109,6 @@ void Signer::sign(Packet &packet) {
auto now = duration_cast<milliseconds>(system_clock::now().time_since_epoch())
.count();
packet.setSignatureTimestamp(now);
-
packet.setValidationAlgorithm(
CryptoSuite(parcSigner_GetCryptoSuite(this->signer_)));
@@ -117,7 +121,6 @@ void Signer::sign(Packet &packet) {
utils::CryptoHasher hasher(parcSigner_GetCryptoHasher(signer_));
hasher.init();
hasher.updateBytes(hicn_packet, header_len + sign_len_bytes);
- // hasher.updateBytes(zeros, sign_len_bytes);
for (utils::MemBuf *current = payload_chain; current != header_chain;
current = current->next()) {
@@ -126,10 +129,10 @@ void Signer::sign(Packet &packet) {
utils::CryptoHash hash = hasher.finalize();
- PARCSignature *signature =
- parcSigner_SignDigest(this->signer_, hash.hash_, packet.getSignature(),
- (uint32_t)sign_len_bytes);
+ PARCSignature *signature = parcSigner_SignDigest(
+ this->signer_, hash.hash_, packet.getSignature(), sign_len_bytes);
PARCBuffer *buffer = parcSignature_GetSignature(signature);
+
size_t bytes_len = parcBuffer_Remaining(buffer);
if (bytes_len > sign_len_bytes) {
@@ -138,9 +141,9 @@ void Signer::sign(Packet &packet) {
/* Restore the resetted fields */
if (format & HFO_INET) {
- memcpy(hicn_packet, &header_copy, sizeof(hicn_v4_hdr_t));
+ memcpy(hicn_packet, &header_copy, HICN_V4_TCP_HDRLEN);
} else if (format & HFO_INET6) {
- memcpy(hicn_packet, &header_copy, sizeof(hicn_v6_hdr_t));
+ memcpy(hicn_packet, &header_copy, HICN_V6_TCP_HDRLEN);
}
}
diff --git a/libtransport/src/hicn/transport/utils/verifier.cc b/libtransport/src/hicn/transport/utils/verifier.cc
index bc460b821..aec80cff6 100644
--- a/libtransport/src/hicn/transport/utils/verifier.cc
+++ b/libtransport/src/hicn/transport/utils/verifier.cc
@@ -109,10 +109,13 @@ int Verifier::verify(const Packet &packet) {
// Copy IP+TCP/ICMP header before zeroing them
hicn_header_t header_copy;
- if (format & HFO_INET) {
- memcpy(&header_copy, hicn_packet, sizeof(hicn_v4_hdr_t));
- } else if (format & HFO_INET6) {
- memcpy(&header_copy, hicn_packet, sizeof(hicn_v6_hdr_t));
+ if (format == HF_INET_TCP_AH) {
+ memcpy(&header_copy, hicn_packet, HICN_V4_TCP_HDRLEN);
+ } else if (format == HF_INET6_TCP_AH) {
+ memcpy(&header_copy, hicn_packet, HICN_V6_TCP_HDRLEN);
+ } else {
+ throw errors::RuntimeException(
+ "Verifier::verify -- Packet format not expected.");
}
std::size_t header_len = Packet::getHeaderSizeFromFormat(format);
@@ -125,8 +128,13 @@ int Verifier::verify(const Packet &packet) {
PARCKeyId *key_id = parcKeyId_Create(buffer);
parcBuffer_Release(&buffer);
- int ah_payload_len = (int)(header_chain->next()->length());
- uint8_t *signature = header_chain->next()->writableData();
+ int ah_payload_len = packet.getSignatureSize();
+ uint8_t *_signature = packet.getSignature();
+ uint8_t signature[ah_payload_len];
+
+ // TODO Remove signature copy at this point, by not setting to zero
+ // the validation payload.
+ std::memcpy(signature, _signature, ah_payload_len);
// Reset fields that should not appear in the signature
const_cast<Packet &>(packet).resetForHash();
@@ -135,9 +143,7 @@ int Verifier::verify(const Packet &packet) {
utils::CryptoHasher hasher(
parcVerifier_GetCryptoHasher(verifier_, key_id, hashtype));
- hasher.init()
- .updateBytes(hicn_packet, header_len)
- .updateBytes(zeros, ah_payload_len);
+ hasher.init().updateBytes(hicn_packet, header_len + ah_payload_len);
for (utils::MemBuf *current = payload_chain; current != header_chain;
current = current->next()) {
@@ -180,9 +186,9 @@ int Verifier::verify(const Packet &packet) {
/* Restore the resetted fields */
if (format & HFO_INET) {
- memcpy(hicn_packet, &header_copy, sizeof(hicn_v4_hdr_t));
+ memcpy(hicn_packet, &header_copy, HICN_V4_TCP_HDRLEN);
} else if (format & HFO_INET6) {
- memcpy(hicn_packet, &header_copy, sizeof(hicn_v6_hdr_t));
+ memcpy(hicn_packet, &header_copy, HICN_V6_TCP_HDRLEN);
}
parcKeyId_Release(&key_id);
@@ -192,4 +198,5 @@ int Verifier::verify(const Packet &packet) {
return valid;
}
+
} // namespace utils
diff --git a/utils/src/ping_server.cc b/utils/src/ping_server.cc
index 7d1df2448..e3500a4ba 100644
--- a/utils/src/ping_server.cc
+++ b/utils/src/ping_server.cc
@@ -108,9 +108,7 @@ class CallbackContainer {
content_object->setDstPort(interest.getSrcPort());
content_object->setTTL(ttl_);
- if (sign_) {
- content_object->setSignatureSize(identity_->getSignatureLength());
- } else {
+ if (!sign_) {
content_object->resetFlags();
}