[HICN-690] Transport Library Major Refactory

The current patch provides a major refactory of the transportlibrary.
A summary of the different components that underwent major modifications is
reported below.

- Transport protocol updates
The hierarchy of classes has been optimized to have common transport services
across different transport protocols. This can allow to customize a transport
protocol with new features.

- A new real-time communication protocol
The RTC protocol has been optimized in terms of algorithms to reduce
consumer-producer synchronization latency.

- A novel socket API
The API has been reworked to be easier to consumer but also to have a more
efficient integration in L4 proxies.

- Several performance improvements
A large number of performance improvements have been included in
particular to make the entire stack zero-copy and optimize cache miss.

- New memory buffer framework
Memory management has been reworked entirely to provide a more efficient infra
with a richer API. Buffers are now allocated in blocks and a single buffer
holds the memory for (1) the shared_ptr control block, (2) the metadata of the
packet (e.g. name, pointer to other buffers if buffer is chained and relevant
offsets), and (3) the packet itself, as it is sent/received over the network.

- A new slab allocator
Dynamic memory allocation is now managed by a novel slab allocator that is
optimised for packet processing and connection management. Memory is organized
in pools of blocks all of the same size which are used during the processing of
outgoing/incoming packets. When a memory block Is allocated is always taken
from a global pool and when it is deallocated is returned to the pool, thus
avoiding the cost of any heap allocation in the data path.

- New transport connectors
Consumer and producer end-points can communication either using an hicn packet
forwarder or with direct connector based on shared memories or sockets.
The usage of transport connectors typically for unit and funcitonal
testing but may have additional usage.

- Support for FEC/ECC for transport services
FEC/ECC via reed solomon is supported by default and made available to
transport services as a modular component. Reed solomon block codes is a
default FEC model that can be replaced in a modular way by many other
codes including RLNC not avaiable in this distribution.
The current FEC framework support variable size padding and efficiently
makes use of the infra memory buffers to avoid additiona copies.

- Secure transport framework for signature computation and verification
Crypto support is nativelty used in hICN for integrity and authenticity.
Novel support that includes RTC has been implemented and made modular
and reusable acrosso different transport protocols.

- TLS - Transport layer security over hicn
Point to point confidentiality is provided by integrating TLS on top of
hICN reliable and non-reliable transport. The integration is common and
makes a different use of the TLS record.

- MLS - Messaging layer security over hicn
MLS integration on top of hICN is made by using the MLSPP implemetation
open sourced by Cisco. We have included instrumentation tools to deploy
performance and functional tests of groups of end-points.

- Android support
The overall code has been heavily tested in Android environments and
has received heavy lifting to better run natively in recent Android OS.

Co-authored-by: Mauro Sardara <msardara@cisco.com>
Co-authored-by: Michele Papalini <micpapal@cisco.com>
Co-authored-by: Olivier Roques <oroques+fdio@cisco.com>
Co-authored-by: Giulio Grassi <gigrassi@cisco.com>
Change-Id: If477ba2fa686e6f47bdf96307ac60938766aef69
Signed-off-by: Luca Muscariello <muscariello@ieee.org>

4 files changed, 681 insertions, 0 deletions

diff --git a/libtransport/src/auth/CMakeLists.txt b/libtransport/src/auth/CMakeLists.txt
new file mode 100644
index 000000000..0e7b5832b
--- /dev/null
+++ b/libtransport/src/auth/CMakeLists.txt
@@ -0,0 +1,22 @@
+# Copyright (c) 2017-2019 Cisco and/or its affiliates.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+cmake_minimum_required(VERSION 3.5 FATAL_ERROR)
+
+list(APPEND SOURCE_FILES
+  ${CMAKE_CURRENT_SOURCE_DIR}/signer.cc
+  ${CMAKE_CURRENT_SOURCE_DIR}/verifier.cc
+  ${CMAKE_CURRENT_SOURCE_DIR}/identity.cc
+)
+
+set(SOURCE_FILES ${SOURCE_FILES} PARENT_SCOPE)
diff --git a/libtransport/src/auth/identity.cc b/libtransport/src/auth/identity.cc
new file mode 100644
index 000000000..bd787b9b6
--- /dev/null
+++ b/libtransport/src/auth/identity.cc
@@ -0,0 +1,116 @@
+/*
+ * Copyright (c) 2017-2019 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <hicn/transport/auth/identity.h>
+
+using namespace std;
+
+namespace transport {
+namespace auth {
+
+Identity::Identity(const string &keystore_path, const string &keystore_pwd,
+                   CryptoSuite suite, unsigned int signature_len,
+                   unsigned int validity_days, const string &subject_name)
+    : identity_(nullptr), signer_(nullptr) {
+  parcSecurity_Init();
+
+  bool success = parcPkcs12KeyStore_CreateFile(
+      keystore_path.c_str(), keystore_pwd.c_str(), subject_name.c_str(),
+      parcCryptoSuite_GetSigningAlgorithm(static_cast<PARCCryptoSuite>(suite)),
+      signature_len, validity_days);
+
+  parcAssertTrue(
+      success,
+      "parcPkcs12KeyStore_CreateFile('%s', '%s', '%s', %d, %d, %d) failed.",
+      keystore_path.c_str(), keystore_pwd.c_str(), subject_name.c_str(),
+      static_cast<int>(suite), static_cast<int>(signature_len), validity_days);
+
+  PARCIdentityFile *identity_file =
+      parcIdentityFile_Create(keystore_path.c_str(), keystore_pwd.c_str());
+
+  identity_ =
+      parcIdentity_Create(identity_file, PARCIdentityFileAsPARCIdentity);
+
+  PARCSigner *signer = parcIdentity_CreateSigner(
+      identity_,
+      parcCryptoSuite_GetCryptoHash(static_cast<PARCCryptoSuite>(suite)));
+
+  signer_ = make_shared<AsymmetricSigner>(signer);
+
+  parcSigner_Release(&signer);
+  parcIdentityFile_Release(&identity_file);
+}
+
+Identity::Identity(string &keystore_path, string &keystore_pwd,
+                   CryptoHashType hash_type)
+    : identity_(nullptr), signer_(nullptr) {
+  parcSecurity_Init();
+
+  PARCIdentityFile *identity_file =
+      parcIdentityFile_Create(keystore_path.c_str(), keystore_pwd.c_str());
+
+  identity_ =
+      parcIdentity_Create(identity_file, PARCIdentityFileAsPARCIdentity);
+
+  PARCSigner *signer = parcIdentity_CreateSigner(
+      identity_, static_cast<PARCCryptoHashType>(hash_type));
+
+  signer_ = make_shared<AsymmetricSigner>(signer);
+
+  parcSigner_Release(&signer);
+  parcIdentityFile_Release(&identity_file);
+}
+
+Identity::Identity(const Identity &other)
+    : identity_(nullptr), signer_(other.signer_) {
+  parcSecurity_Init();
+  identity_ = parcIdentity_Acquire(other.identity_);
+}
+
+Identity::Identity(Identity &&other)
+    : identity_(nullptr), signer_(move(other.signer_)) {
+  parcSecurity_Init();
+  identity_ = parcIdentity_Acquire(other.identity_);
+  parcIdentity_Release(&other.identity_);
+}
+
+Identity::~Identity() {
+  if (identity_) parcIdentity_Release(&identity_);
+  parcSecurity_Fini();
+}
+
+shared_ptr<AsymmetricSigner> Identity::getSigner() const { return signer_; }
+
+string Identity::getFilename() const {
+  return string(parcIdentity_GetFileName(identity_));
+}
+
+string Identity::getPassword() const {
+  return string(parcIdentity_GetPassWord(identity_));
+}
+
+Identity Identity::generateIdentity(const string &subject_name) {
+  string keystore_name = "keystore";
+  string keystore_password = "password";
+  size_t key_length = 1024;
+  unsigned int validity_days = 30;
+  CryptoSuite suite = CryptoSuite::RSA_SHA256;
+
+  return Identity(keystore_name, keystore_password, suite,
+                  (unsigned int)key_length, validity_days, subject_name);
+}
+
+}  // namespace auth
+}  // namespace transport
diff --git a/libtransport/src/auth/signer.cc b/libtransport/src/auth/signer.cc
new file mode 100644
index 000000000..281b9c59a
--- /dev/null
+++ b/libtransport/src/auth/signer.cc
@@ -0,0 +1,208 @@
+/*
+ * Copyright (c) 2017-2021 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <hicn/transport/auth/signer.h>
+
+extern "C" {
+#ifndef _WIN32
+TRANSPORT_CLANG_DISABLE_WARNING("-Wextern-c-compat")
+#endif
+#include <hicn/hicn.h>
+}
+
+#include <chrono>
+
+#define ALLOW_UNALIGNED_READS 1
+
+using namespace std;
+
+namespace transport {
+namespace auth {
+
+Signer::Signer() : signer_(nullptr), key_id_(nullptr) { parcSecurity_Init(); }
+
+Signer::Signer(PARCSigner *signer) : Signer() { setSigner(signer); }
+
+Signer::~Signer() {
+  if (signer_) parcSigner_Release(&signer_);
+  if (key_id_) parcKeyId_Release(&key_id_);
+  parcSecurity_Fini();
+}
+
+void Signer::signPacket(PacketPtr packet) {
+  parcAssertNotNull(signer_, "Expected non-null signer");
+
+  const utils::MemBuf &header_chain = *packet;
+  core::Packet::Format format = packet->getFormat();
+  auto suite = getCryptoSuite();
+  size_t signature_len = getSignatureSize();
+
+  if (!packet->authenticationHeader()) {
+    throw errors::MalformedAHPacketException();
+  }
+
+  packet->setSignatureSize(signature_len);
+
+  // Copy IP+TCP / ICMP header before zeroing them
+  hicn_header_t header_copy;
+  hicn_packet_copy_header(format, packet->packet_start_, &header_copy, false);
+  packet->resetForHash();
+
+  // Fill in the HICN_AH header
+  auto now = chrono::duration_cast<chrono::milliseconds>(
+                 chrono::system_clock::now().time_since_epoch())
+                 .count();
+  packet->setSignatureTimestamp(now);
+  packet->setValidationAlgorithm(suite);
+
+  // Set the key ID
+  KeyId key_id;
+  key_id.first = static_cast<uint8_t *>(
+      parcBuffer_Overlay((PARCBuffer *)parcKeyId_GetKeyId(key_id_), 0));
+  packet->setKeyId(key_id);
+
+  // Calculate hash
+  CryptoHasher hasher(parcSigner_GetCryptoHasher(signer_));
+  const utils::MemBuf *current = &header_chain;
+
+  hasher.init();
+
+  do {
+    hasher.updateBytes(current->data(), current->length());
+    current = current->next();
+  } while (current != &header_chain);
+
+  CryptoHash hash = hasher.finalize();
+
+  // Compute signature
+  PARCSignature *signature = parcSigner_SignDigestNoAlloc(
+      signer_, hash.hash_, packet->getSignature(), signature_len);
+  PARCBuffer *buffer = parcSignature_GetSignature(signature);
+  size_t bytes_len = parcBuffer_Remaining(buffer);
+
+  if (bytes_len > signature_len) {
+    throw errors::MalformedAHPacketException();
+  }
+
+  // Put signature in AH header
+  hicn_packet_copy_header(format, &header_copy, packet->packet_start_, false);
+
+  // Release allocated objects
+  parcSignature_Release(&signature);
+}
+
+void Signer::setSigner(PARCSigner *signer) {
+  parcAssertNotNull(signer, "Expected non-null signer");
+
+  if (signer_) parcSigner_Release(&signer_);
+  if (key_id_) parcKeyId_Release(&key_id_);
+
+  signer_ = parcSigner_Acquire(signer);
+  key_id_ = parcSigner_CreateKeyId(signer_);
+}
+
+size_t Signer::getSignatureSize() const {
+  parcAssertNotNull(signer_, "Expected non-null signer");
+  return parcSigner_GetSignatureSize(signer_);
+}
+
+CryptoSuite Signer::getCryptoSuite() const {
+  parcAssertNotNull(signer_, "Expected non-null signer");
+  return static_cast<CryptoSuite>(parcSigner_GetCryptoSuite(signer_));
+}
+
+CryptoHashType Signer::getCryptoHashType() const {
+  parcAssertNotNull(signer_, "Expected non-null signer");
+  return static_cast<CryptoHashType>(parcSigner_GetCryptoHashType(signer_));
+}
+
+PARCSigner *Signer::getParcSigner() const { return signer_; }
+
+PARCKeyStore *Signer::getParcKeyStore() const {
+  parcAssertNotNull(signer_, "Expected non-null signer");
+  return parcSigner_GetKeyStore(signer_);
+}
+
+AsymmetricSigner::AsymmetricSigner(CryptoSuite suite, PARCKeyStore *key_store) {
+  parcAssertNotNull(key_store, "Expected non-null key_store");
+
+  auto crypto_suite = static_cast<PARCCryptoSuite>(suite);
+
+  switch (suite) {
+    case CryptoSuite::DSA_SHA256:
+    case CryptoSuite::RSA_SHA256:
+    case CryptoSuite::RSA_SHA512:
+    case CryptoSuite::ECDSA_256K1:
+      break;
+    default:
+      throw errors::RuntimeException(
+          "Invalid crypto suite for asymmetric signer");
+  }
+
+  setSigner(
+      parcSigner_Create(parcPublicKeySigner_Create(key_store, crypto_suite),
+                        PARCPublicKeySignerAsSigner));
+}
+
+SymmetricSigner::SymmetricSigner(CryptoSuite suite, PARCKeyStore *key_store) {
+  parcAssertNotNull(key_store, "Expected non-null key_store");
+
+  auto crypto_suite = static_cast<PARCCryptoSuite>(suite);
+
+  switch (suite) {
+    case CryptoSuite::HMAC_SHA256:
+    case CryptoSuite::HMAC_SHA512:
+      break;
+    default:
+      throw errors::RuntimeException(
+          "Invalid crypto suite for symmetric signer");
+  }
+
+  setSigner(parcSigner_Create(parcSymmetricKeySigner_Create(
+                                  (PARCSymmetricKeyStore *)key_store,
+                                  parcCryptoSuite_GetCryptoHash(crypto_suite)),
+                              PARCSymmetricKeySignerAsSigner));
+}
+
+SymmetricSigner::SymmetricSigner(CryptoSuite suite, const string &passphrase) {
+  auto crypto_suite = static_cast<PARCCryptoSuite>(suite);
+
+  switch (suite) {
+    case CryptoSuite::HMAC_SHA256:
+    case CryptoSuite::HMAC_SHA512:
+      break;
+    default:
+      throw errors::RuntimeException(
+          "Invalid crypto suite for symmetric signer");
+  }
+
+  PARCBufferComposer *composer = parcBufferComposer_Create();
+  parcBufferComposer_PutString(composer, passphrase.c_str());
+  PARCBuffer *key_buf = parcBufferComposer_ProduceBuffer(composer);
+  parcBufferComposer_Release(&composer);
+
+  PARCSymmetricKeyStore *key_store = parcSymmetricKeyStore_Create(key_buf);
+  PARCSymmetricKeySigner *key_signer = parcSymmetricKeySigner_Create(
+      key_store, parcCryptoSuite_GetCryptoHash(crypto_suite));
+
+  setSigner(parcSigner_Create(key_signer, PARCSymmetricKeySignerAsSigner));
+
+  parcSymmetricKeySigner_Release(&key_signer);
+  parcSymmetricKeyStore_Release(&key_store);
+  parcBuffer_Release(&key_buf);
+}
+
+}  // namespace auth
+}  // namespace transport
diff --git a/libtransport/src/auth/verifier.cc b/libtransport/src/auth/verifier.cc
new file mode 100644
index 000000000..c6648a763
--- /dev/null
+++ b/libtransport/src/auth/verifier.cc
@@ -0,0 +1,335 @@
+/*
+ * Copyright (c) 2017-2021 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <hicn/transport/auth/verifier.h>
+#include <protocols/errors.h>
+
+extern "C" {
+#ifndef _WIN32
+TRANSPORT_CLANG_DISABLE_WARNING("-Wextern-c-compat")
+#endif
+#include <hicn/hicn.h>
+}
+
+#include <sys/stat.h>
+
+using namespace std;
+
+namespace transport {
+namespace auth {
+
+const std::vector<VerificationPolicy> Verifier::DEFAULT_FAILED_POLICIES = {
+    VerificationPolicy::DROP,
+    VerificationPolicy::ABORT,
+};
+
+Verifier::Verifier()
+    : hasher_(nullptr),
+      verifier_(nullptr),
+      verification_failed_cb_(interface::VOID_HANDLER),
+      failed_policies_(DEFAULT_FAILED_POLICIES) {
+  parcSecurity_Init();
+  PARCInMemoryVerifier *in_memory_verifier = parcInMemoryVerifier_Create();
+  verifier_ =
+      parcVerifier_Create(in_memory_verifier, PARCInMemoryVerifierAsVerifier);
+  parcInMemoryVerifier_Release(&in_memory_verifier);
+}
+
+Verifier::~Verifier() {
+  if (hasher_) parcCryptoHasher_Release(&hasher_);
+  if (verifier_) parcVerifier_Release(&verifier_);
+  parcSecurity_Fini();
+}
+
+bool Verifier::verifyPacket(PacketPtr packet) {
+  bool valid_packet = false;
+  core::Packet::Format format = packet->getFormat();
+
+  if (!packet->authenticationHeader()) {
+    throw errors::MalformedAHPacketException();
+  }
+
+  // Get crypto suite and hash type
+  auto suite = static_cast<PARCCryptoSuite>(packet->getValidationAlgorithm());
+  PARCCryptoHashType hash_type = parcCryptoSuite_GetCryptoHash(suite);
+
+  // Copy IP+TCP / ICMP header before zeroing them
+  hicn_header_t header_copy;
+  hicn_packet_copy_header(format, packet->packet_start_, &header_copy, false);
+
+  // Fetch packet signature
+  uint8_t *packet_signature = packet->getSignature();
+  size_t signature_len = Verifier::getSignatureSize(packet);
+  vector<uint8_t> signature_raw(packet_signature,
+                                packet_signature + signature_len);
+
+  // Create a signature buffer from the raw packet signature
+  PARCBuffer *bits =
+      parcBuffer_Wrap(signature_raw.data(), signature_len, 0, signature_len);
+  parcBuffer_Rewind(bits);
+
+  // If the signature algo is ECDSA, the signature might be shorter than the
+  // signature field
+  PARCSigningAlgorithm algo = parcCryptoSuite_GetSigningAlgorithm(suite);
+  if (algo == PARCSigningAlgorithm_ECDSA) {
+    while (parcBuffer_HasRemaining(bits) && parcBuffer_GetUint8(bits) == 0)
+      ;
+    parcBuffer_SetPosition(bits, parcBuffer_Position(bits) - 1);
+  }
+
+  if (!parcBuffer_HasRemaining(bits)) {
+    parcBuffer_Release(&bits);
+    return false;
+  }
+
+  // Create a signature object from the signature buffer
+  PARCSignature *signature = parcSignature_Create(
+      parcCryptoSuite_GetSigningAlgorithm(suite), hash_type, bits);
+
+  // Fetch the key to verify the signature
+  KeyId key_buffer = packet->getKeyId();
+  PARCBuffer *buffer = parcBuffer_Wrap(key_buffer.first, key_buffer.second, 0,
+                                       key_buffer.second);
+  PARCKeyId *key_id = parcKeyId_Create(buffer);
+
+  // Reset fields that are not used to compute signature
+  packet->resetForHash();
+
+  // Compute the packet hash
+  if (!hasher_)
+    setHasher(parcVerifier_GetCryptoHasher(verifier_, key_id, hash_type));
+  CryptoHash local_hash = computeHash(packet);
+
+  // Compare the packet signature to the locally computed one
+  valid_packet = parcVerifier_VerifyDigestSignature(
+      verifier_, key_id, local_hash.hash_, suite, signature);
+
+  // Restore the fields that were reset
+  hicn_packet_copy_header(format, &header_copy, packet->packet_start_, false);
+
+  // Release allocated objects
+  parcBuffer_Release(&buffer);
+  parcKeyId_Release(&key_id);
+  parcSignature_Release(&signature);
+  parcBuffer_Release(&bits);
+
+  return valid_packet;
+}
+
+vector<VerificationPolicy> Verifier::verifyPackets(
+    const vector<PacketPtr> &packets) {
+  vector<VerificationPolicy> policies(packets.size(), VerificationPolicy::DROP);
+
+  for (unsigned int i = 0; i < packets.size(); ++i) {
+    if (verifyPacket(packets[i])) {
+      policies[i] = VerificationPolicy::ACCEPT;
+    }
+
+    callVerificationFailedCallback(packets[i], policies[i]);
+  }
+
+  return policies;
+}
+
+vector<VerificationPolicy> Verifier::verifyPackets(
+    const vector<PacketPtr> &packets,
+    const unordered_map<Suffix, HashEntry> &suffix_map) {
+  vector<VerificationPolicy> policies(packets.size(),
+                                      VerificationPolicy::UNKNOWN);
+
+  for (unsigned int i = 0; i < packets.size(); ++i) {
+    uint32_t suffix = packets[i]->getName().getSuffix();
+    auto manifest_hash = suffix_map.find(suffix);
+
+    if (manifest_hash != suffix_map.end()) {
+      CryptoHashType hash_type = manifest_hash->second.first;
+      CryptoHash packet_hash = packets[i]->computeDigest(hash_type);
+
+      if (!CryptoHash::compareBinaryDigest(
+              packet_hash.getDigest<uint8_t>().data(),
+              manifest_hash->second.second.data(), hash_type)) {
+        policies[i] = VerificationPolicy::ABORT;
+      } else {
+        policies[i] = VerificationPolicy::ACCEPT;
+      }
+    }
+
+    callVerificationFailedCallback(packets[i], policies[i]);
+  }
+
+  return policies;
+}
+
+void Verifier::addKey(PARCKey *key) { parcVerifier_AddKey(verifier_, key); }
+
+void Verifier::setHasher(PARCCryptoHasher *hasher) {
+  parcAssertNotNull(hasher, "Expected non-null hasher");
+  if (hasher_) parcCryptoHasher_Release(&hasher_);
+  hasher_ = parcCryptoHasher_Acquire(hasher);
+}
+
+void Verifier::setVerificationFailedCallback(
+    VerificationFailedCallback verfication_failed_cb,
+    const vector<VerificationPolicy> &failed_policies) {
+  verification_failed_cb_ = verfication_failed_cb;
+  failed_policies_ = failed_policies;
+}
+
+void Verifier::getVerificationFailedCallback(
+    VerificationFailedCallback **verfication_failed_cb) {
+  *verfication_failed_cb = &verification_failed_cb_;
+}
+
+size_t Verifier::getSignatureSize(const PacketPtr packet) {
+  return packet->getSignatureSize();
+}
+
+CryptoHash Verifier::computeHash(PacketPtr packet) {
+  parcAssertNotNull(hasher_, "Expected non-null hasher");
+
+  CryptoHasher crypto_hasher(hasher_);
+  const utils::MemBuf &header_chain = *packet;
+  const utils::MemBuf *current = &header_chain;
+
+  crypto_hasher.init();
+
+  do {
+    crypto_hasher.updateBytes(current->data(), current->length());
+    current = current->next();
+  } while (current != &header_chain);
+
+  return crypto_hasher.finalize();
+}
+
+void Verifier::callVerificationFailedCallback(PacketPtr packet,
+                                              VerificationPolicy &policy) {
+  if (verification_failed_cb_ == interface::VOID_HANDLER) {
+    return;
+  }
+
+  if (find(failed_policies_.begin(), failed_policies_.end(), policy) !=
+      failed_policies_.end()) {
+    policy = verification_failed_cb_(
+        static_cast<const core::ContentObject &>(*packet),
+        make_error_code(
+            protocol::protocol_error::signature_verification_failed));
+  }
+}
+
+bool VoidVerifier::verifyPacket(PacketPtr packet) { return true; }
+
+vector<VerificationPolicy> VoidVerifier::verifyPackets(
+    const vector<PacketPtr> &packets) {
+  return vector<VerificationPolicy>(packets.size(), VerificationPolicy::ACCEPT);
+}
+
+vector<VerificationPolicy> VoidVerifier::verifyPackets(
+    const vector<PacketPtr> &packets,
+    const unordered_map<Suffix, HashEntry> &suffix_map) {
+  return vector<VerificationPolicy>(packets.size(), VerificationPolicy::ACCEPT);
+}
+
+AsymmetricVerifier::AsymmetricVerifier(PARCKey *pub_key) { addKey(pub_key); }
+
+AsymmetricVerifier::AsymmetricVerifier(const string &cert_path) {
+  setCertificate(cert_path);
+}
+
+void AsymmetricVerifier::setCertificate(const string &cert_path) {
+  PARCCertificateFactory *factory = parcCertificateFactory_Create(
+      PARCCertificateType_X509, PARCContainerEncoding_PEM);
+
+  struct stat buffer;
+  if (stat(cert_path.c_str(), &buffer) != 0) {
+    throw errors::RuntimeException("Certificate does not exist");
+  }
+
+  PARCCertificate *certificate =
+      parcCertificateFactory_CreateCertificateFromFile(factory,
+                                                       cert_path.c_str(), NULL);
+  PARCKey *key = parcCertificate_GetPublicKey(certificate);
+
+  addKey(key);
+
+  parcKey_Release(&key);
+  parcCertificateFactory_Release(&factory);
+}
+
+SymmetricVerifier::SymmetricVerifier(const string &passphrase)
+    : passphrase_(nullptr), signer_(nullptr) {
+  setPassphrase(passphrase);
+}
+
+SymmetricVerifier::~SymmetricVerifier() {
+  if (passphrase_) parcBuffer_Release(&passphrase_);
+  if (signer_) parcSigner_Release(&signer_);
+}
+
+void SymmetricVerifier::setPassphrase(const string &passphrase) {
+  if (passphrase_) parcBuffer_Release(&passphrase_);
+
+  PARCBufferComposer *composer = parcBufferComposer_Create();
+  parcBufferComposer_PutString(composer, passphrase.c_str());
+  passphrase_ = parcBufferComposer_ProduceBuffer(composer);
+  parcBufferComposer_Release(&composer);
+}
+
+void SymmetricVerifier::setSigner(const PARCCryptoSuite &suite) {
+  parcAssertNotNull(passphrase_, "Expected non-null passphrase");
+
+  if (signer_) parcSigner_Release(&signer_);
+
+  PARCSymmetricKeyStore *key_store = parcSymmetricKeyStore_Create(passphrase_);
+  PARCSymmetricKeySigner *key_signer = parcSymmetricKeySigner_Create(
+      key_store, parcCryptoSuite_GetCryptoHash(suite));
+  signer_ = parcSigner_Create(key_signer, PARCSymmetricKeySignerAsSigner);
+
+  PARCKeyId *key_id = parcSigner_CreateKeyId(signer_);
+  PARCKey *key = parcKey_CreateFromSymmetricKey(
+      key_id, parcSigner_GetSigningAlgorithm(signer_), passphrase_);
+
+  addKey(key);
+  setHasher(parcSigner_GetCryptoHasher(signer_));
+
+  parcSymmetricKeyStore_Release(&key_store);
+  parcSymmetricKeySigner_Release(&key_signer);
+  parcKeyId_Release(&key_id);
+  parcKey_Release(&key);
+}
+
+vector<VerificationPolicy> SymmetricVerifier::verifyPackets(
+    const vector<PacketPtr> &packets) {
+  vector<VerificationPolicy> policies(packets.size(), VerificationPolicy::DROP);
+
+  for (unsigned int i = 0; i < packets.size(); ++i) {
+    auto suite =
+        static_cast<PARCCryptoSuite>(packets[i]->getValidationAlgorithm());
+
+    if (!signer_ || suite != parcSigner_GetCryptoSuite(signer_)) {
+      setSigner(suite);
+    }
+
+    if (verifyPacket(packets[i])) {
+      policies[i] = VerificationPolicy::ACCEPT;
+    }
+
+    callVerificationFailedCallback(packets[i], policies[i]);
+  }
+
+  return policies;
+}
+
+}  // namespace auth
+}  // namespace transport