diff options
author | Luca Muscariello <muscariello@ieee.org> | 2022-04-22 17:55:01 +0200 |
---|---|---|
committer | Mauro Sardara <msardara@cisco.com> | 2022-04-26 15:30:21 +0200 |
commit | a1ac96f497719b897793ac14b287cb8d840651c1 (patch) | |
tree | 12c608fe352c21d944b0340ce8d3f0be0fb23b11 /libtransport/src/auth | |
parent | 1ac07d842a3a6ce0fb7fa4039241c8ec1a71419b (diff) |
HICN-722: Updates on transport, RTC, manifest usage for RTC, infra.
Co-authored-by: Mauro Sardara <msardara@cisco.com>
Co-authored-by: Jordan Augé <jordan.auge+fdio@cisco.com>
Co-authored-by: Michele Papalini <micpapal@cisco.com>
Co-authored-by: Angelo Mantellini <manangel@cisco.com>
Co-authored-by: Jacques Samain <jsamain@cisco.com>
Co-authored-by: Olivier Roques <oroques+fdio@cisco.com>
Co-authored-by: Enrico Loparco <eloparco@cisco.com>
Co-authored-by: Giulio Grassi <gigrassi@cisco.com>
manifest: optimize manifest processing
manifest: add FEC parameters to manifests
manifest: refactor verification process
manifest: report auth alerts in hiperf instead of aborting
manifest: remove FEC buffer callback in consumer
manifest: refactor and enable manifests by default
manifest: update manifest header with transport parameters
manifest: batch interests for first manifest from RTC producer
manifest: refactor processing of RTC manifests
manifest: update manifest-related socket options of consumers
manifest: update unit tests for manifests
manifest: pack manifest headers
manifest: verify FEC packets
auth: add consumer socket option to set max unverified delay
manifest: process manifests after full FEC decoding
manifest: manage forward jumps in RTC verifier
fec: remove useless fec codes
rs: add new code rate
rs: add new code rate
rs: add new code rate
rs: add new code rate
libtransport: increase internal packet cache size
remove internal cisco info in cmake
manifest: add option to set manifest capacity
data_input_node.c: add information about adj_index[VLIB_RX] on received data packetsi
sysrepo plugin: update build
Change-Id: I0cf64d91bd0a1b7cad4eeaa9871f58f5f10434af
Signed-off-by: Mauro Sardara <msardara@cisco.com>
Signed-off-by: Luca Muscariello <muscariello@ieee.org>
Diffstat (limited to 'libtransport/src/auth')
-rw-r--r-- | libtransport/src/auth/crypto_hash.cc | 40 | ||||
-rw-r--r-- | libtransport/src/auth/signer.cc | 53 | ||||
-rw-r--r-- | libtransport/src/auth/verifier.cc | 49 |
3 files changed, 87 insertions, 55 deletions
diff --git a/libtransport/src/auth/crypto_hash.cc b/libtransport/src/auth/crypto_hash.cc index f60f46051..08be47aff 100644 --- a/libtransport/src/auth/crypto_hash.cc +++ b/libtransport/src/auth/crypto_hash.cc @@ -14,6 +14,9 @@ */ #include <hicn/transport/auth/crypto_hash.h> +#include <hicn/transport/core/global_object_pool.h> + +#include "glog/logging.h" namespace transport { namespace auth { @@ -27,18 +30,20 @@ CryptoHash::CryptoHash(const CryptoHash &other) CryptoHash::CryptoHash(CryptoHash &&other) : digest_type_(std::move(other.digest_type_)), - digest_(other.digest_), - digest_size_(other.digest_size_) { - other.reset(); -} + digest_(std::move(other.digest_)), + digest_size_(other.digest_size_) {} -CryptoHash::CryptoHash(CryptoHashType hash_type) { setType(hash_type); } +CryptoHash::CryptoHash(CryptoHashType hash_type) + : digest_(core::PacketManager<>::getInstance().getMemBuf()) { + setType(hash_type); +} CryptoHash::CryptoHash(const uint8_t *hash, size_t size, CryptoHashType hash_type) : digest_type_(hash_type), digest_size_(size) { - digest_.resize(size); - memcpy(digest_.data(), hash, size); + digest_ = core::PacketManager<>::getInstance().getMemBuf(); + digest_->append(size); + memcpy(digest_->writableData(), hash, size); } CryptoHash::CryptoHash(const std::vector<uint8_t> &hash, @@ -55,7 +60,7 @@ CryptoHash &CryptoHash::operator=(const CryptoHash &other) { } bool CryptoHash::operator==(const CryptoHash &other) const { - return (digest_type_ == other.digest_type_ && digest_ == other.digest_); + return (digest_type_ == other.digest_type_ && *digest_ == *other.digest_); } void CryptoHash::computeDigest(const uint8_t *buffer, size_t len) { @@ -65,8 +70,8 @@ void CryptoHash::computeDigest(const uint8_t *buffer, size_t len) { throw errors::RuntimeException("Unknown hash type"); } - EVP_Digest(buffer, len, digest_.data(), (unsigned int *)&digest_size_, - (*hash_evp)(), nullptr); + EVP_Digest(buffer, len, digest_->writableData(), + (unsigned int *)&digest_size_, (*hash_evp)(), nullptr); } void CryptoHash::computeDigest(const std::vector<uint8_t> &buffer) { @@ -95,7 +100,7 @@ void CryptoHash::computeDigest(const utils::MemBuf *buffer) { p = p->next(); } while (p != buffer); - if (EVP_DigestFinal_ex(mcdtx, digest_.data(), + if (EVP_DigestFinal_ex(mcdtx, digest_->writableData(), (unsigned int *)&digest_size_) != 1) { throw errors::RuntimeException("Digest computation failed"); } @@ -103,15 +108,16 @@ void CryptoHash::computeDigest(const utils::MemBuf *buffer) { EVP_MD_CTX_free(mcdtx); } -std::vector<uint8_t> CryptoHash::getDigest() const { return digest_; } +const utils::MemBuf::Ptr &CryptoHash::getDigest() const { return digest_; } std::string CryptoHash::getStringDigest() const { std::stringstream string_digest; string_digest << std::hex << std::setfill('0'); - for (auto byte : digest_) { - string_digest << std::hex << std::setw(2) << static_cast<int>(byte); + for (size_t i = 0; i < digest_size_; ++i) { + string_digest << std::hex << std::setw(2) + << static_cast<int>(digest_->data()[i]); } return string_digest.str(); @@ -122,10 +128,10 @@ CryptoHashType CryptoHash::getType() const { return digest_type_; } size_t CryptoHash::getSize() const { return digest_size_; } void CryptoHash::setType(CryptoHashType hash_type) { - reset(); digest_type_ = hash_type; digest_size_ = CryptoHash::getSize(hash_type); - digest_.resize(digest_size_); + DCHECK(digest_size_ <= digest_->tailroom()); + digest_->setLength(digest_size_); } void CryptoHash::display() { @@ -152,8 +158,8 @@ void CryptoHash::display() { void CryptoHash::reset() { digest_type_ = CryptoHashType::UNKNOWN; - digest_.clear(); digest_size_ = 0; + digest_->setLength(0); } CryptoHashEVP CryptoHash::getEVP(CryptoHashType hash_type) { diff --git a/libtransport/src/auth/signer.cc b/libtransport/src/auth/signer.cc index e74e2f1b8..918e271f5 100644 --- a/libtransport/src/auth/signer.cc +++ b/libtransport/src/auth/signer.cc @@ -17,6 +17,8 @@ #include <hicn/transport/auth/signer.h> #include <hicn/transport/utils/chrono_typedefs.h> +#include "hicn/transport/core/global_object_pool.h" + namespace transport { namespace auth { @@ -24,7 +26,10 @@ namespace auth { // Base Signer // --------------------------------------------------------- Signer::Signer() - : suite_(CryptoSuite::UNKNOWN), signature_len_(0), key_(nullptr) {} + : suite_(CryptoSuite::UNKNOWN), + signature_(core::PacketManager<>::getInstance().getMemBuf()), + signature_len_(0), + key_(nullptr) {} Signer::~Signer() {} @@ -51,8 +56,8 @@ void Signer::signPacket(PacketPtr packet) { packet->setValidationAlgorithm(suite_); // Set key ID - std::vector<uint8_t> key_id = key_id_.getDigest(); - packet->setKeyId({key_id.data(), key_id.size()}); + const utils::MemBuf::Ptr &key_id = key_id_.getDigest(); + packet->setKeyId({key_id->writableData(), key_id->length()}); // Reset fields to compute the packet hash packet->resetForHash(); @@ -93,14 +98,16 @@ void Signer::signBuffer(const std::vector<uint8_t> &buffer) { throw errors::RuntimeException("Digest computation failed"); } - signature_.resize(signature_len_); + DCHECK(signature_len_ <= signature_->tailroom()); + signature_->setLength(signature_len_); - if (EVP_DigestSignFinal(mdctx.get(), signature_.data(), &signature_len_) != - 1) { + if (EVP_DigestSignFinal(mdctx.get(), signature_->writableData(), + &signature_len_) != 1) { throw errors::RuntimeException("Digest computation failed"); } - signature_.resize(signature_len_); + DCHECK(signature_len_ <= signature_->tailroom()); + signature_->setLength(signature_len_); } void Signer::signBuffer(const utils::MemBuf *buffer) { @@ -135,24 +142,27 @@ void Signer::signBuffer(const utils::MemBuf *buffer) { throw errors::RuntimeException("Digest computation failed"); } - signature_.resize(signature_len_); + DCHECK(signature_len_ <= signature_->tailroom()); + signature_->setLength(signature_len_); - if (EVP_DigestSignFinal(mdctx.get(), signature_.data(), &signature_len_) != - 1) { + if (EVP_DigestSignFinal(mdctx.get(), signature_->writableData(), + &signature_len_) != 1) { throw errors::RuntimeException("Digest computation failed"); } - signature_.resize(signature_len_); + DCHECK(signature_len_ <= signature_->tailroom()); + signature_->setLength(signature_len_); } -std::vector<uint8_t> Signer::getSignature() const { return signature_; } +const utils::MemBuf::Ptr &Signer::getSignature() const { return signature_; } std::string Signer::getStringSignature() const { std::stringstream string_sig; string_sig << std::hex << std::setfill('0'); - for (auto byte : signature_) { - string_sig << std::hex << std::setw(2) << static_cast<int>(byte); + for (size_t i = 0; i < signature_len_; ++i) { + string_sig << std::hex << std::setw(2) + << static_cast<int>(signature_->data()[i]); } return string_sig.str(); @@ -193,12 +203,14 @@ void VoidSigner::signBuffer(const utils::MemBuf *buffer) {} // --------------------------------------------------------- AsymmetricSigner::AsymmetricSigner(CryptoSuite suite, std::shared_ptr<EVP_PKEY> key, - std::shared_ptr<EVP_PKEY> pub_key) { + std::shared_ptr<EVP_PKEY> pub_key) + : Signer() { setKey(suite, key, pub_key); } AsymmetricSigner::AsymmetricSigner(std::string keystore_path, - std::string password) { + std::string password) + : Signer() { FILE *p12file = fopen(keystore_path.c_str(), "r"); if (p12file == nullptr) { @@ -230,7 +242,8 @@ void AsymmetricSigner::setKey(CryptoSuite suite, std::shared_ptr<EVP_PKEY> key, suite_ = suite; key_ = key; signature_len_ = EVP_PKEY_size(key.get()); - signature_.resize(signature_len_); + DCHECK(signature_len_ <= signature_->tailroom()); + signature_->setLength(signature_len_); std::vector<uint8_t> pbk(i2d_PublicKey(pub_key.get(), nullptr)); uint8_t *pbk_ptr = pbk.data(); @@ -254,7 +267,8 @@ size_t AsymmetricSigner::getSignatureFieldSize() const { // Symmetric Signer // --------------------------------------------------------- SymmetricSigner::SymmetricSigner(CryptoSuite suite, - const std::string &passphrase) { + const std::string &passphrase) + : Signer() { suite_ = suite; key_ = std::shared_ptr<EVP_PKEY>( EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, nullptr, @@ -270,7 +284,8 @@ SymmetricSigner::SymmetricSigner(CryptoSuite suite, } signature_len_ = EVP_MD_size((*hash_evp)()); - signature_.resize(signature_len_); + DCHECK(signature_len_ <= signature_->tailroom()); + signature_->setLength(signature_len_); key_id_.computeDigest((uint8_t *)passphrase.c_str(), passphrase.size()); } diff --git a/libtransport/src/auth/verifier.cc b/libtransport/src/auth/verifier.cc index 0c35437f3..5d5f01711 100644 --- a/libtransport/src/auth/verifier.cc +++ b/libtransport/src/auth/verifier.cc @@ -14,8 +14,11 @@ */ #include <hicn/transport/auth/verifier.h> +#include <hicn/transport/core/global_object_pool.h> #include <protocols/errors.h> +#include "glog/logging.h" + namespace transport { namespace auth { @@ -49,8 +52,10 @@ bool Verifier::verifyPacket(PacketPtr packet) { hicn_packet_copy_header(format, packet->packet_start_, &header_copy, false); // Retrieve packet signature - std::vector<uint8_t> signature_raw = packet->getSignature(); - signature_raw.resize(packet->getSignatureSize()); + utils::MemBuf::Ptr signature_raw = packet->getSignature(); + std::size_t signature_len = packet->getSignatureSize(); + DCHECK(signature_len <= signature_raw->tailroom()); + signature_raw->setLength(signature_len); // Reset fields that are not used to compute signature packet->resetForHash(); @@ -62,7 +67,7 @@ bool Verifier::verifyPacket(PacketPtr packet) { // Restore header hicn_packet_copy_header(format, &header_copy, packet->packet_start_, false); packet->setSignature(signature_raw); - packet->setSignatureSize(signature_raw.size()); + packet->setSignatureSize(signature_raw->length()); return valid_packet; } @@ -165,13 +170,13 @@ void Verifier::callVerificationFailedCallback(Suffix suffix, bool VoidVerifier::verifyPacket(PacketPtr packet) { return true; } bool VoidVerifier::verifyBuffer(const std::vector<uint8_t> &buffer, - const std::vector<uint8_t> &signature, + const utils::MemBuf::Ptr &signature, CryptoHashType hash_type) { return true; } bool VoidVerifier::verifyBuffer(const utils::MemBuf *buffer, - const std::vector<uint8_t> &signature, + const utils::MemBuf::Ptr &signature, CryptoHashType hash_type) { return true; } @@ -232,7 +237,7 @@ void AsymmetricVerifier::useCertificate(std::shared_ptr<X509> cert) { } bool AsymmetricVerifier::verifyBuffer(const std::vector<uint8_t> &buffer, - const std::vector<uint8_t> &signature, + const utils::MemBuf::Ptr &signature, CryptoHashType hash_type) { CryptoHashEVP hash_evp = CryptoHash::getEVP(hash_type); @@ -255,12 +260,12 @@ bool AsymmetricVerifier::verifyBuffer(const std::vector<uint8_t> &buffer, throw errors::RuntimeException("Digest update failed"); } - return EVP_DigestVerifyFinal(mdctx.get(), signature.data(), - signature.size()) == 1; + return EVP_DigestVerifyFinal(mdctx.get(), signature->data(), + signature->length()) == 1; } bool AsymmetricVerifier::verifyBuffer(const utils::MemBuf *buffer, - const std::vector<uint8_t> &signature, + const utils::MemBuf::Ptr &signature, CryptoHashType hash_type) { CryptoHashEVP hash_evp = CryptoHash::getEVP(hash_type); @@ -288,8 +293,8 @@ bool AsymmetricVerifier::verifyBuffer(const utils::MemBuf *buffer, p = p->next(); } while (p != buffer); - return EVP_DigestVerifyFinal(mdctx.get(), signature.data(), - signature.size()) == 1; + return EVP_DigestVerifyFinal(mdctx.get(), signature->data(), + signature->length()) == 1; } // --------------------------------------------------------- @@ -309,7 +314,7 @@ void SymmetricVerifier::setPassphrase(const std::string &passphrase) { } bool SymmetricVerifier::verifyBuffer(const std::vector<uint8_t> &buffer, - const std::vector<uint8_t> &signature, + const utils::MemBuf::Ptr &signature, CryptoHashType hash_type) { CryptoHashEVP hash_evp = CryptoHash::getEVP(hash_type); @@ -317,7 +322,9 @@ bool SymmetricVerifier::verifyBuffer(const std::vector<uint8_t> &buffer, throw errors::RuntimeException("Unknown hash type"); } - std::vector<uint8_t> signature_bis(signature.size()); + const utils::MemBuf::Ptr &signature_bis = + core::PacketManager<>::getInstance().getMemBuf(); + signature_bis->append(signature->length()); size_t signature_bis_len; std::shared_ptr<EVP_MD_CTX> mdctx(EVP_MD_CTX_create(), EVP_MD_CTX_free); @@ -334,16 +341,17 @@ bool SymmetricVerifier::verifyBuffer(const std::vector<uint8_t> &buffer, throw errors::RuntimeException("Digest update failed"); } - if (EVP_DigestSignFinal(mdctx.get(), signature_bis.data(), + if (EVP_DigestSignFinal(mdctx.get(), signature_bis->writableData(), &signature_bis_len) != 1) { throw errors::RuntimeException("Digest computation failed"); } - return signature == signature_bis && signature.size() == signature_bis_len; + return signature->length() == signature_bis_len && + *signature == *signature_bis; } bool SymmetricVerifier::verifyBuffer(const utils::MemBuf *buffer, - const std::vector<uint8_t> &signature, + const utils::MemBuf::Ptr &signature, CryptoHashType hash_type) { CryptoHashEVP hash_evp = CryptoHash::getEVP(hash_type); @@ -352,7 +360,9 @@ bool SymmetricVerifier::verifyBuffer(const utils::MemBuf *buffer, } const utils::MemBuf *p = buffer; - std::vector<uint8_t> signature_bis(signature.size()); + const utils::MemBuf::Ptr &signature_bis = + core::PacketManager<>::getInstance().getMemBuf(); + signature_bis->append(signature->length()); size_t signature_bis_len; std::shared_ptr<EVP_MD_CTX> mdctx(EVP_MD_CTX_create(), EVP_MD_CTX_free); @@ -373,12 +383,13 @@ bool SymmetricVerifier::verifyBuffer(const utils::MemBuf *buffer, p = p->next(); } while (p != buffer); - if (EVP_DigestSignFinal(mdctx.get(), signature_bis.data(), + if (EVP_DigestSignFinal(mdctx.get(), signature_bis->writableData(), &signature_bis_len) != 1) { throw errors::RuntimeException("Digest computation failed"); } - return signature == signature_bis && signature.size() == signature_bis_len; + return signature->length() == signature_bis_len && + *signature == *signature_bis; } } // namespace auth |