diff options
author | Mauro Sardara <msardara@cisco.com> | 2019-02-12 00:07:11 +0100 |
---|---|---|
committer | Mauro Sardara <msardara@cisco.com> | 2019-02-12 16:17:06 +0000 |
commit | 45ae2768f2842cc55f153a71fa66b1d3e25e9ab7 (patch) | |
tree | 64c37894239daf920cd50d886e918271106d14b8 | |
parent | fbd4dd9c5eba6f8f10bcc0db30a72ea3378c149b (diff) |
[HICN-52] Fix signature computation and verification in libtransport
Change-Id: I9b30a9c9e95e2cb2f135fe7efd43e633235196d9
Signed-off-by: Mauro Sardara <msardara@cisco.com>
-rw-r--r-- | lib/src/protocol/ah.c | 30 | ||||
-rw-r--r-- | libtransport/src/hicn/transport/core/packet.cc | 21 | ||||
-rw-r--r-- | libtransport/src/hicn/transport/utils/signer.cc | 25 | ||||
-rw-r--r-- | libtransport/src/hicn/transport/utils/verifier.cc | 29 | ||||
-rw-r--r-- | utils/src/ping_server.cc | 4 |
5 files changed, 60 insertions, 49 deletions
diff --git a/lib/src/protocol/ah.c b/lib/src/protocol/ah.c index 8bd9bca83..5a30f66f6 100644 --- a/lib/src/protocol/ah.c +++ b/lib/src/protocol/ah.c @@ -144,8 +144,7 @@ ah_get_header_length (hicn_type_t type, const hicn_protocol_t * h, } int -ah_get_signature (hicn_type_t type, hicn_protocol_t * h, - uint8_t ** signature) +ah_get_signature (hicn_type_t type, hicn_protocol_t * h, uint8_t ** signature) { *signature = h->ah.validationPayload; return HICN_LIB_ERROR_NONE; @@ -163,29 +162,31 @@ int ah_set_signature_size (hicn_type_t type, hicn_protocol_t * h, const size_t signature_size) { - h->ah.payloadlen = (u8)(signature_size >> 2); + h->ah.payloadlen = (u8) (signature_size >> 2); return HICN_LIB_ERROR_NONE; } int -ah_set_signature_timestamp(hicn_type_t type, hicn_protocol_t * h, - uint64_t signature_timestamp) +ah_set_signature_timestamp (hicn_type_t type, hicn_protocol_t * h, + uint64_t signature_timestamp) { - memcpy(h->ah.timestamp_as_u8, &signature_timestamp, 8); + uint64_t netwok_order_timestamp = htonll (signature_timestamp); + memcpy (h->ah.timestamp_as_u8, &netwok_order_timestamp, sizeof (uint64_t)); return HICN_LIB_ERROR_NONE; } int ah_get_signature_timestamp (hicn_type_t type, const hicn_protocol_t * h, - uint64_t * signature_timestamp) + uint64_t * signature_timestamp) { - memcpy(signature_timestamp, h->ah.timestamp_as_u8, 8); + memcpy (signature_timestamp, h->ah.timestamp_as_u8, sizeof (uint64_t)); + *signature_timestamp = ntohll (*signature_timestamp); return HICN_LIB_ERROR_NONE; } int ah_set_validation_algorithm (hicn_type_t type, hicn_protocol_t * h, - uint8_t validation_algorithm) + uint8_t validation_algorithm) { h->ah.validationAlgorithm = validation_algorithm; return HICN_LIB_ERROR_NONE; @@ -193,26 +194,25 @@ ah_set_validation_algorithm (hicn_type_t type, hicn_protocol_t * h, int ah_get_validation_algorithm (hicn_type_t type, const hicn_protocol_t * h, - uint8_t * validation_algorithm) + uint8_t * validation_algorithm) { *validation_algorithm = h->ah.validationAlgorithm; return HICN_LIB_ERROR_NONE; } int -ah_set_key_id (hicn_type_t type, hicn_protocol_t * h, - uint8_t *key_id) +ah_set_key_id (hicn_type_t type, hicn_protocol_t * h, uint8_t * key_id) { - memcpy(h->ah.keyId, key_id, sizeof(h->ah.keyId)); + memcpy (h->ah.keyId, key_id, sizeof (h->ah.keyId)); return HICN_LIB_ERROR_NONE; } int ah_get_key_id (hicn_type_t type, hicn_protocol_t * h, - uint8_t **key_id, uint8_t *key_id_size) + uint8_t ** key_id, uint8_t * key_id_size) { *key_id = h->ah.keyId; - *key_id_size = sizeof(h->ah.keyId); + *key_id_size = sizeof (h->ah.keyId); return HICN_LIB_ERROR_NONE; } diff --git a/libtransport/src/hicn/transport/core/packet.cc b/libtransport/src/hicn/transport/core/packet.cc index 761668116..b3e5526ab 100644 --- a/libtransport/src/hicn/transport/core/packet.cc +++ b/libtransport/src/hicn/transport/core/packet.cc @@ -52,14 +52,13 @@ Packet::Packet(MemBufPtr &&buffer) payload_head_(nullptr), format_(getFormatFromBuffer(packet_start_)) { int signature_size = 0; + if (_is_ah(format_)) { signature_size = (uint32_t)getSignatureSize(); } auto header_size = getHeaderSizeFromFormat(format_, signature_size); - - auto payload_length = packet_->length() - header_size - signature_size; - + auto payload_length = packet_->length() - header_size; if (!payload_length) { return; } @@ -69,7 +68,7 @@ Packet::Packet(MemBufPtr &&buffer) if (payload_length) { auto payload = packet_->cloneOne(); payload_head_ = payload.get(); - payload_head_->advance(header_size + signature_size); + payload_head_->advance(header_size); payload_head_->append(payload_length); packet_->prependChain(std::move(payload)); packet_->append(header_size); @@ -264,12 +263,15 @@ Packet::Format Packet::getFormat() const { const std::shared_ptr<utils::MemBuf> Packet::data() { return packet_; } void Packet::dump() const { - TRANSPORT_LOGI("The header length is: %zu", headerSize()); - TRANSPORT_LOGI("The payload length is: %zu", payloadSize()); - std::cerr << std::endl; + std::cout << "HEADER -- Length: " << headerSize() << std::endl; + hicn_packet_dump((uint8_t *)header_head_->data(), headerSize()); - hicn_packet_dump((uint8_t *)packet_->data(), headerSize()); - // hicn_packet_dump((uint8_t *)packet_->next()->data(), payloadSize()); + std::cout << std::endl << "PAYLOAD -- Length: " << payloadSize() << std::endl; + for (utils::MemBuf *current = payload_head_; + current && current != header_head_; current = current->next()) { + std::cout << "First MemBuf Length: " << current->length() << std::endl; + hicn_packet_dump((uint8_t *)current->data(), current->length()); + } } void Packet::setSignatureSize(std::size_t size_bytes) { @@ -281,6 +283,7 @@ void Packet::setSignatureSize(std::size_t size_bytes) { } packet_->append(size_bytes); + updateLength(); } uint8_t *Packet::getSignature() const { diff --git a/libtransport/src/hicn/transport/utils/signer.cc b/libtransport/src/hicn/transport/utils/signer.cc index 22bdf54d0..d3a322a5e 100644 --- a/libtransport/src/hicn/transport/utils/signer.cc +++ b/libtransport/src/hicn/transport/utils/signer.cc @@ -87,12 +87,17 @@ void Signer::sign(Packet &packet) { throw errors::MalformedAHPacketException(); } + packet.setSignatureSize(sign_len_bytes); + // Copy IP+TCP/ICMP header before zeroing them hicn_header_t header_copy; - if (format & HFO_INET) { - memcpy(&header_copy, hicn_packet, sizeof(hicn_v4_hdr_t)); - } else if (format & HFO_INET6) { - memcpy(&header_copy, hicn_packet, sizeof(hicn_v6_hdr_t)); + if (format == HF_INET_TCP_AH) { + memcpy(&header_copy, hicn_packet, HICN_V4_TCP_HDRLEN); + } else if (format == HF_INET6_TCP_AH) { + memcpy(&header_copy, hicn_packet, HICN_V6_TCP_HDRLEN); + } else { + throw errors::RuntimeException( + "Signer::sign -- Packet format not expected."); } std::size_t header_len = Packet::getHeaderSizeFromFormat(format); @@ -104,7 +109,6 @@ void Signer::sign(Packet &packet) { auto now = duration_cast<milliseconds>(system_clock::now().time_since_epoch()) .count(); packet.setSignatureTimestamp(now); - packet.setValidationAlgorithm( CryptoSuite(parcSigner_GetCryptoSuite(this->signer_))); @@ -117,7 +121,6 @@ void Signer::sign(Packet &packet) { utils::CryptoHasher hasher(parcSigner_GetCryptoHasher(signer_)); hasher.init(); hasher.updateBytes(hicn_packet, header_len + sign_len_bytes); - // hasher.updateBytes(zeros, sign_len_bytes); for (utils::MemBuf *current = payload_chain; current != header_chain; current = current->next()) { @@ -126,10 +129,10 @@ void Signer::sign(Packet &packet) { utils::CryptoHash hash = hasher.finalize(); - PARCSignature *signature = - parcSigner_SignDigest(this->signer_, hash.hash_, packet.getSignature(), - (uint32_t)sign_len_bytes); + PARCSignature *signature = parcSigner_SignDigest( + this->signer_, hash.hash_, packet.getSignature(), sign_len_bytes); PARCBuffer *buffer = parcSignature_GetSignature(signature); + size_t bytes_len = parcBuffer_Remaining(buffer); if (bytes_len > sign_len_bytes) { @@ -138,9 +141,9 @@ void Signer::sign(Packet &packet) { /* Restore the resetted fields */ if (format & HFO_INET) { - memcpy(hicn_packet, &header_copy, sizeof(hicn_v4_hdr_t)); + memcpy(hicn_packet, &header_copy, HICN_V4_TCP_HDRLEN); } else if (format & HFO_INET6) { - memcpy(hicn_packet, &header_copy, sizeof(hicn_v6_hdr_t)); + memcpy(hicn_packet, &header_copy, HICN_V6_TCP_HDRLEN); } } diff --git a/libtransport/src/hicn/transport/utils/verifier.cc b/libtransport/src/hicn/transport/utils/verifier.cc index bc460b821..aec80cff6 100644 --- a/libtransport/src/hicn/transport/utils/verifier.cc +++ b/libtransport/src/hicn/transport/utils/verifier.cc @@ -109,10 +109,13 @@ int Verifier::verify(const Packet &packet) { // Copy IP+TCP/ICMP header before zeroing them hicn_header_t header_copy; - if (format & HFO_INET) { - memcpy(&header_copy, hicn_packet, sizeof(hicn_v4_hdr_t)); - } else if (format & HFO_INET6) { - memcpy(&header_copy, hicn_packet, sizeof(hicn_v6_hdr_t)); + if (format == HF_INET_TCP_AH) { + memcpy(&header_copy, hicn_packet, HICN_V4_TCP_HDRLEN); + } else if (format == HF_INET6_TCP_AH) { + memcpy(&header_copy, hicn_packet, HICN_V6_TCP_HDRLEN); + } else { + throw errors::RuntimeException( + "Verifier::verify -- Packet format not expected."); } std::size_t header_len = Packet::getHeaderSizeFromFormat(format); @@ -125,8 +128,13 @@ int Verifier::verify(const Packet &packet) { PARCKeyId *key_id = parcKeyId_Create(buffer); parcBuffer_Release(&buffer); - int ah_payload_len = (int)(header_chain->next()->length()); - uint8_t *signature = header_chain->next()->writableData(); + int ah_payload_len = packet.getSignatureSize(); + uint8_t *_signature = packet.getSignature(); + uint8_t signature[ah_payload_len]; + + // TODO Remove signature copy at this point, by not setting to zero + // the validation payload. + std::memcpy(signature, _signature, ah_payload_len); // Reset fields that should not appear in the signature const_cast<Packet &>(packet).resetForHash(); @@ -135,9 +143,7 @@ int Verifier::verify(const Packet &packet) { utils::CryptoHasher hasher( parcVerifier_GetCryptoHasher(verifier_, key_id, hashtype)); - hasher.init() - .updateBytes(hicn_packet, header_len) - .updateBytes(zeros, ah_payload_len); + hasher.init().updateBytes(hicn_packet, header_len + ah_payload_len); for (utils::MemBuf *current = payload_chain; current != header_chain; current = current->next()) { @@ -180,9 +186,9 @@ int Verifier::verify(const Packet &packet) { /* Restore the resetted fields */ if (format & HFO_INET) { - memcpy(hicn_packet, &header_copy, sizeof(hicn_v4_hdr_t)); + memcpy(hicn_packet, &header_copy, HICN_V4_TCP_HDRLEN); } else if (format & HFO_INET6) { - memcpy(hicn_packet, &header_copy, sizeof(hicn_v6_hdr_t)); + memcpy(hicn_packet, &header_copy, HICN_V6_TCP_HDRLEN); } parcKeyId_Release(&key_id); @@ -192,4 +198,5 @@ int Verifier::verify(const Packet &packet) { return valid; } + } // namespace utils diff --git a/utils/src/ping_server.cc b/utils/src/ping_server.cc index 7d1df2448..e3500a4ba 100644 --- a/utils/src/ping_server.cc +++ b/utils/src/ping_server.cc @@ -108,9 +108,7 @@ class CallbackContainer { content_object->setDstPort(interest.getSrcPort()); content_object->setTTL(ttl_); - if (sign_) { - content_object->setSignatureSize(identity_->getSignatureLength()); - } else { + if (!sign_) { content_object->resetFlags(); } |