summaryrefslogtreecommitdiffstats
path: root/libtransport/src/auth
diff options
context:
space:
mode:
authorLuca Muscariello <muscariello@ieee.org>2022-04-22 17:55:01 +0200
committerMauro Sardara <msardara@cisco.com>2022-04-26 15:30:21 +0200
commita1ac96f497719b897793ac14b287cb8d840651c1 (patch)
tree12c608fe352c21d944b0340ce8d3f0be0fb23b11 /libtransport/src/auth
parent1ac07d842a3a6ce0fb7fa4039241c8ec1a71419b (diff)
HICN-722: Updates on transport, RTC, manifest usage for RTC, infra.
Co-authored-by: Mauro Sardara <msardara@cisco.com> Co-authored-by: Jordan Augé <jordan.auge+fdio@cisco.com> Co-authored-by: Michele Papalini <micpapal@cisco.com> Co-authored-by: Angelo Mantellini <manangel@cisco.com> Co-authored-by: Jacques Samain <jsamain@cisco.com> Co-authored-by: Olivier Roques <oroques+fdio@cisco.com> Co-authored-by: Enrico Loparco <eloparco@cisco.com> Co-authored-by: Giulio Grassi <gigrassi@cisco.com> manifest: optimize manifest processing manifest: add FEC parameters to manifests manifest: refactor verification process manifest: report auth alerts in hiperf instead of aborting manifest: remove FEC buffer callback in consumer manifest: refactor and enable manifests by default manifest: update manifest header with transport parameters manifest: batch interests for first manifest from RTC producer manifest: refactor processing of RTC manifests manifest: update manifest-related socket options of consumers manifest: update unit tests for manifests manifest: pack manifest headers manifest: verify FEC packets auth: add consumer socket option to set max unverified delay manifest: process manifests after full FEC decoding manifest: manage forward jumps in RTC verifier fec: remove useless fec codes rs: add new code rate rs: add new code rate rs: add new code rate rs: add new code rate libtransport: increase internal packet cache size remove internal cisco info in cmake manifest: add option to set manifest capacity data_input_node.c: add information about adj_index[VLIB_RX] on received data packetsi sysrepo plugin: update build Change-Id: I0cf64d91bd0a1b7cad4eeaa9871f58f5f10434af Signed-off-by: Mauro Sardara <msardara@cisco.com> Signed-off-by: Luca Muscariello <muscariello@ieee.org>
Diffstat (limited to 'libtransport/src/auth')
-rw-r--r--libtransport/src/auth/crypto_hash.cc40
-rw-r--r--libtransport/src/auth/signer.cc53
-rw-r--r--libtransport/src/auth/verifier.cc49
3 files changed, 87 insertions, 55 deletions
diff --git a/libtransport/src/auth/crypto_hash.cc b/libtransport/src/auth/crypto_hash.cc
index f60f46051..08be47aff 100644
--- a/libtransport/src/auth/crypto_hash.cc
+++ b/libtransport/src/auth/crypto_hash.cc
@@ -14,6 +14,9 @@
*/
#include <hicn/transport/auth/crypto_hash.h>
+#include <hicn/transport/core/global_object_pool.h>
+
+#include "glog/logging.h"
namespace transport {
namespace auth {
@@ -27,18 +30,20 @@ CryptoHash::CryptoHash(const CryptoHash &other)
CryptoHash::CryptoHash(CryptoHash &&other)
: digest_type_(std::move(other.digest_type_)),
- digest_(other.digest_),
- digest_size_(other.digest_size_) {
- other.reset();
-}
+ digest_(std::move(other.digest_)),
+ digest_size_(other.digest_size_) {}
-CryptoHash::CryptoHash(CryptoHashType hash_type) { setType(hash_type); }
+CryptoHash::CryptoHash(CryptoHashType hash_type)
+ : digest_(core::PacketManager<>::getInstance().getMemBuf()) {
+ setType(hash_type);
+}
CryptoHash::CryptoHash(const uint8_t *hash, size_t size,
CryptoHashType hash_type)
: digest_type_(hash_type), digest_size_(size) {
- digest_.resize(size);
- memcpy(digest_.data(), hash, size);
+ digest_ = core::PacketManager<>::getInstance().getMemBuf();
+ digest_->append(size);
+ memcpy(digest_->writableData(), hash, size);
}
CryptoHash::CryptoHash(const std::vector<uint8_t> &hash,
@@ -55,7 +60,7 @@ CryptoHash &CryptoHash::operator=(const CryptoHash &other) {
}
bool CryptoHash::operator==(const CryptoHash &other) const {
- return (digest_type_ == other.digest_type_ && digest_ == other.digest_);
+ return (digest_type_ == other.digest_type_ && *digest_ == *other.digest_);
}
void CryptoHash::computeDigest(const uint8_t *buffer, size_t len) {
@@ -65,8 +70,8 @@ void CryptoHash::computeDigest(const uint8_t *buffer, size_t len) {
throw errors::RuntimeException("Unknown hash type");
}
- EVP_Digest(buffer, len, digest_.data(), (unsigned int *)&digest_size_,
- (*hash_evp)(), nullptr);
+ EVP_Digest(buffer, len, digest_->writableData(),
+ (unsigned int *)&digest_size_, (*hash_evp)(), nullptr);
}
void CryptoHash::computeDigest(const std::vector<uint8_t> &buffer) {
@@ -95,7 +100,7 @@ void CryptoHash::computeDigest(const utils::MemBuf *buffer) {
p = p->next();
} while (p != buffer);
- if (EVP_DigestFinal_ex(mcdtx, digest_.data(),
+ if (EVP_DigestFinal_ex(mcdtx, digest_->writableData(),
(unsigned int *)&digest_size_) != 1) {
throw errors::RuntimeException("Digest computation failed");
}
@@ -103,15 +108,16 @@ void CryptoHash::computeDigest(const utils::MemBuf *buffer) {
EVP_MD_CTX_free(mcdtx);
}
-std::vector<uint8_t> CryptoHash::getDigest() const { return digest_; }
+const utils::MemBuf::Ptr &CryptoHash::getDigest() const { return digest_; }
std::string CryptoHash::getStringDigest() const {
std::stringstream string_digest;
string_digest << std::hex << std::setfill('0');
- for (auto byte : digest_) {
- string_digest << std::hex << std::setw(2) << static_cast<int>(byte);
+ for (size_t i = 0; i < digest_size_; ++i) {
+ string_digest << std::hex << std::setw(2)
+ << static_cast<int>(digest_->data()[i]);
}
return string_digest.str();
@@ -122,10 +128,10 @@ CryptoHashType CryptoHash::getType() const { return digest_type_; }
size_t CryptoHash::getSize() const { return digest_size_; }
void CryptoHash::setType(CryptoHashType hash_type) {
- reset();
digest_type_ = hash_type;
digest_size_ = CryptoHash::getSize(hash_type);
- digest_.resize(digest_size_);
+ DCHECK(digest_size_ <= digest_->tailroom());
+ digest_->setLength(digest_size_);
}
void CryptoHash::display() {
@@ -152,8 +158,8 @@ void CryptoHash::display() {
void CryptoHash::reset() {
digest_type_ = CryptoHashType::UNKNOWN;
- digest_.clear();
digest_size_ = 0;
+ digest_->setLength(0);
}
CryptoHashEVP CryptoHash::getEVP(CryptoHashType hash_type) {
diff --git a/libtransport/src/auth/signer.cc b/libtransport/src/auth/signer.cc
index e74e2f1b8..918e271f5 100644
--- a/libtransport/src/auth/signer.cc
+++ b/libtransport/src/auth/signer.cc
@@ -17,6 +17,8 @@
#include <hicn/transport/auth/signer.h>
#include <hicn/transport/utils/chrono_typedefs.h>
+#include "hicn/transport/core/global_object_pool.h"
+
namespace transport {
namespace auth {
@@ -24,7 +26,10 @@ namespace auth {
// Base Signer
// ---------------------------------------------------------
Signer::Signer()
- : suite_(CryptoSuite::UNKNOWN), signature_len_(0), key_(nullptr) {}
+ : suite_(CryptoSuite::UNKNOWN),
+ signature_(core::PacketManager<>::getInstance().getMemBuf()),
+ signature_len_(0),
+ key_(nullptr) {}
Signer::~Signer() {}
@@ -51,8 +56,8 @@ void Signer::signPacket(PacketPtr packet) {
packet->setValidationAlgorithm(suite_);
// Set key ID
- std::vector<uint8_t> key_id = key_id_.getDigest();
- packet->setKeyId({key_id.data(), key_id.size()});
+ const utils::MemBuf::Ptr &key_id = key_id_.getDigest();
+ packet->setKeyId({key_id->writableData(), key_id->length()});
// Reset fields to compute the packet hash
packet->resetForHash();
@@ -93,14 +98,16 @@ void Signer::signBuffer(const std::vector<uint8_t> &buffer) {
throw errors::RuntimeException("Digest computation failed");
}
- signature_.resize(signature_len_);
+ DCHECK(signature_len_ <= signature_->tailroom());
+ signature_->setLength(signature_len_);
- if (EVP_DigestSignFinal(mdctx.get(), signature_.data(), &signature_len_) !=
- 1) {
+ if (EVP_DigestSignFinal(mdctx.get(), signature_->writableData(),
+ &signature_len_) != 1) {
throw errors::RuntimeException("Digest computation failed");
}
- signature_.resize(signature_len_);
+ DCHECK(signature_len_ <= signature_->tailroom());
+ signature_->setLength(signature_len_);
}
void Signer::signBuffer(const utils::MemBuf *buffer) {
@@ -135,24 +142,27 @@ void Signer::signBuffer(const utils::MemBuf *buffer) {
throw errors::RuntimeException("Digest computation failed");
}
- signature_.resize(signature_len_);
+ DCHECK(signature_len_ <= signature_->tailroom());
+ signature_->setLength(signature_len_);
- if (EVP_DigestSignFinal(mdctx.get(), signature_.data(), &signature_len_) !=
- 1) {
+ if (EVP_DigestSignFinal(mdctx.get(), signature_->writableData(),
+ &signature_len_) != 1) {
throw errors::RuntimeException("Digest computation failed");
}
- signature_.resize(signature_len_);
+ DCHECK(signature_len_ <= signature_->tailroom());
+ signature_->setLength(signature_len_);
}
-std::vector<uint8_t> Signer::getSignature() const { return signature_; }
+const utils::MemBuf::Ptr &Signer::getSignature() const { return signature_; }
std::string Signer::getStringSignature() const {
std::stringstream string_sig;
string_sig << std::hex << std::setfill('0');
- for (auto byte : signature_) {
- string_sig << std::hex << std::setw(2) << static_cast<int>(byte);
+ for (size_t i = 0; i < signature_len_; ++i) {
+ string_sig << std::hex << std::setw(2)
+ << static_cast<int>(signature_->data()[i]);
}
return string_sig.str();
@@ -193,12 +203,14 @@ void VoidSigner::signBuffer(const utils::MemBuf *buffer) {}
// ---------------------------------------------------------
AsymmetricSigner::AsymmetricSigner(CryptoSuite suite,
std::shared_ptr<EVP_PKEY> key,
- std::shared_ptr<EVP_PKEY> pub_key) {
+ std::shared_ptr<EVP_PKEY> pub_key)
+ : Signer() {
setKey(suite, key, pub_key);
}
AsymmetricSigner::AsymmetricSigner(std::string keystore_path,
- std::string password) {
+ std::string password)
+ : Signer() {
FILE *p12file = fopen(keystore_path.c_str(), "r");
if (p12file == nullptr) {
@@ -230,7 +242,8 @@ void AsymmetricSigner::setKey(CryptoSuite suite, std::shared_ptr<EVP_PKEY> key,
suite_ = suite;
key_ = key;
signature_len_ = EVP_PKEY_size(key.get());
- signature_.resize(signature_len_);
+ DCHECK(signature_len_ <= signature_->tailroom());
+ signature_->setLength(signature_len_);
std::vector<uint8_t> pbk(i2d_PublicKey(pub_key.get(), nullptr));
uint8_t *pbk_ptr = pbk.data();
@@ -254,7 +267,8 @@ size_t AsymmetricSigner::getSignatureFieldSize() const {
// Symmetric Signer
// ---------------------------------------------------------
SymmetricSigner::SymmetricSigner(CryptoSuite suite,
- const std::string &passphrase) {
+ const std::string &passphrase)
+ : Signer() {
suite_ = suite;
key_ = std::shared_ptr<EVP_PKEY>(
EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, nullptr,
@@ -270,7 +284,8 @@ SymmetricSigner::SymmetricSigner(CryptoSuite suite,
}
signature_len_ = EVP_MD_size((*hash_evp)());
- signature_.resize(signature_len_);
+ DCHECK(signature_len_ <= signature_->tailroom());
+ signature_->setLength(signature_len_);
key_id_.computeDigest((uint8_t *)passphrase.c_str(), passphrase.size());
}
diff --git a/libtransport/src/auth/verifier.cc b/libtransport/src/auth/verifier.cc
index 0c35437f3..5d5f01711 100644
--- a/libtransport/src/auth/verifier.cc
+++ b/libtransport/src/auth/verifier.cc
@@ -14,8 +14,11 @@
*/
#include <hicn/transport/auth/verifier.h>
+#include <hicn/transport/core/global_object_pool.h>
#include <protocols/errors.h>
+#include "glog/logging.h"
+
namespace transport {
namespace auth {
@@ -49,8 +52,10 @@ bool Verifier::verifyPacket(PacketPtr packet) {
hicn_packet_copy_header(format, packet->packet_start_, &header_copy, false);
// Retrieve packet signature
- std::vector<uint8_t> signature_raw = packet->getSignature();
- signature_raw.resize(packet->getSignatureSize());
+ utils::MemBuf::Ptr signature_raw = packet->getSignature();
+ std::size_t signature_len = packet->getSignatureSize();
+ DCHECK(signature_len <= signature_raw->tailroom());
+ signature_raw->setLength(signature_len);
// Reset fields that are not used to compute signature
packet->resetForHash();
@@ -62,7 +67,7 @@ bool Verifier::verifyPacket(PacketPtr packet) {
// Restore header
hicn_packet_copy_header(format, &header_copy, packet->packet_start_, false);
packet->setSignature(signature_raw);
- packet->setSignatureSize(signature_raw.size());
+ packet->setSignatureSize(signature_raw->length());
return valid_packet;
}
@@ -165,13 +170,13 @@ void Verifier::callVerificationFailedCallback(Suffix suffix,
bool VoidVerifier::verifyPacket(PacketPtr packet) { return true; }
bool VoidVerifier::verifyBuffer(const std::vector<uint8_t> &buffer,
- const std::vector<uint8_t> &signature,
+ const utils::MemBuf::Ptr &signature,
CryptoHashType hash_type) {
return true;
}
bool VoidVerifier::verifyBuffer(const utils::MemBuf *buffer,
- const std::vector<uint8_t> &signature,
+ const utils::MemBuf::Ptr &signature,
CryptoHashType hash_type) {
return true;
}
@@ -232,7 +237,7 @@ void AsymmetricVerifier::useCertificate(std::shared_ptr<X509> cert) {
}
bool AsymmetricVerifier::verifyBuffer(const std::vector<uint8_t> &buffer,
- const std::vector<uint8_t> &signature,
+ const utils::MemBuf::Ptr &signature,
CryptoHashType hash_type) {
CryptoHashEVP hash_evp = CryptoHash::getEVP(hash_type);
@@ -255,12 +260,12 @@ bool AsymmetricVerifier::verifyBuffer(const std::vector<uint8_t> &buffer,
throw errors::RuntimeException("Digest update failed");
}
- return EVP_DigestVerifyFinal(mdctx.get(), signature.data(),
- signature.size()) == 1;
+ return EVP_DigestVerifyFinal(mdctx.get(), signature->data(),
+ signature->length()) == 1;
}
bool AsymmetricVerifier::verifyBuffer(const utils::MemBuf *buffer,
- const std::vector<uint8_t> &signature,
+ const utils::MemBuf::Ptr &signature,
CryptoHashType hash_type) {
CryptoHashEVP hash_evp = CryptoHash::getEVP(hash_type);
@@ -288,8 +293,8 @@ bool AsymmetricVerifier::verifyBuffer(const utils::MemBuf *buffer,
p = p->next();
} while (p != buffer);
- return EVP_DigestVerifyFinal(mdctx.get(), signature.data(),
- signature.size()) == 1;
+ return EVP_DigestVerifyFinal(mdctx.get(), signature->data(),
+ signature->length()) == 1;
}
// ---------------------------------------------------------
@@ -309,7 +314,7 @@ void SymmetricVerifier::setPassphrase(const std::string &passphrase) {
}
bool SymmetricVerifier::verifyBuffer(const std::vector<uint8_t> &buffer,
- const std::vector<uint8_t> &signature,
+ const utils::MemBuf::Ptr &signature,
CryptoHashType hash_type) {
CryptoHashEVP hash_evp = CryptoHash::getEVP(hash_type);
@@ -317,7 +322,9 @@ bool SymmetricVerifier::verifyBuffer(const std::vector<uint8_t> &buffer,
throw errors::RuntimeException("Unknown hash type");
}
- std::vector<uint8_t> signature_bis(signature.size());
+ const utils::MemBuf::Ptr &signature_bis =
+ core::PacketManager<>::getInstance().getMemBuf();
+ signature_bis->append(signature->length());
size_t signature_bis_len;
std::shared_ptr<EVP_MD_CTX> mdctx(EVP_MD_CTX_create(), EVP_MD_CTX_free);
@@ -334,16 +341,17 @@ bool SymmetricVerifier::verifyBuffer(const std::vector<uint8_t> &buffer,
throw errors::RuntimeException("Digest update failed");
}
- if (EVP_DigestSignFinal(mdctx.get(), signature_bis.data(),
+ if (EVP_DigestSignFinal(mdctx.get(), signature_bis->writableData(),
&signature_bis_len) != 1) {
throw errors::RuntimeException("Digest computation failed");
}
- return signature == signature_bis && signature.size() == signature_bis_len;
+ return signature->length() == signature_bis_len &&
+ *signature == *signature_bis;
}
bool SymmetricVerifier::verifyBuffer(const utils::MemBuf *buffer,
- const std::vector<uint8_t> &signature,
+ const utils::MemBuf::Ptr &signature,
CryptoHashType hash_type) {
CryptoHashEVP hash_evp = CryptoHash::getEVP(hash_type);
@@ -352,7 +360,9 @@ bool SymmetricVerifier::verifyBuffer(const utils::MemBuf *buffer,
}
const utils::MemBuf *p = buffer;
- std::vector<uint8_t> signature_bis(signature.size());
+ const utils::MemBuf::Ptr &signature_bis =
+ core::PacketManager<>::getInstance().getMemBuf();
+ signature_bis->append(signature->length());
size_t signature_bis_len;
std::shared_ptr<EVP_MD_CTX> mdctx(EVP_MD_CTX_create(), EVP_MD_CTX_free);
@@ -373,12 +383,13 @@ bool SymmetricVerifier::verifyBuffer(const utils::MemBuf *buffer,
p = p->next();
} while (p != buffer);
- if (EVP_DigestSignFinal(mdctx.get(), signature_bis.data(),
+ if (EVP_DigestSignFinal(mdctx.get(), signature_bis->writableData(),
&signature_bis_len) != 1) {
throw errors::RuntimeException("Digest computation failed");
}
- return signature == signature_bis && signature.size() == signature_bis_len;
+ return signature->length() == signature_bis_len &&
+ *signature == *signature_bis;
}
} // namespace auth