diff options
author | Alberto Compagno <acompagn+fdio@cisco.com> | 2020-02-21 17:30:49 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@fd.io> | 2020-02-21 17:30:49 +0000 |
commit | e1135db42f05a94c6790c8650a3ac20396e0d78c (patch) | |
tree | 65b48490ced07f11597aedc2b752381b0d9e4b30 /libtransport/src/hicn/transport/utils | |
parent | 1b9512282a5324b2bd2b28b8e5555e15676cb54c (diff) | |
parent | 35058cdfe0134c88f1aa8d23342d1d7b9d39e296 (diff) |
Merge "[HICN-2] Added P2P confidential communication on hICN"
Diffstat (limited to 'libtransport/src/hicn/transport/utils')
-rw-r--r-- | libtransport/src/hicn/transport/utils/content_store.cc | 56 | ||||
-rw-r--r-- | libtransport/src/hicn/transport/utils/content_store.h | 1 | ||||
-rw-r--r-- | libtransport/src/hicn/transport/utils/identity.cc | 32 | ||||
-rw-r--r-- | libtransport/src/hicn/transport/utils/identity.h | 5 | ||||
-rw-r--r-- | libtransport/src/hicn/transport/utils/signer.cc | 111 | ||||
-rw-r--r-- | libtransport/src/hicn/transport/utils/signer.h | 25 | ||||
-rw-r--r-- | libtransport/src/hicn/transport/utils/suffix_strategy.h | 1 | ||||
-rw-r--r-- | libtransport/src/hicn/transport/utils/verifier.cc | 137 | ||||
-rw-r--r-- | libtransport/src/hicn/transport/utils/verifier.h | 20 |
9 files changed, 250 insertions, 138 deletions
diff --git a/libtransport/src/hicn/transport/utils/content_store.cc b/libtransport/src/hicn/transport/utils/content_store.cc index 8e3435507..ba13bef41 100644 --- a/libtransport/src/hicn/transport/utils/content_store.cc +++ b/libtransport/src/hicn/transport/utils/content_store.cc @@ -40,41 +40,48 @@ void ContentStore::insert( content_store_hash_table_.size(), fifo_list_.size()); } - // Check if the content can be cached - if (content_object->getLifetime() > 0) { - if (content_store_hash_table_.size() >= max_content_store_size_) { - content_store_hash_table_.erase(fifo_list_.back()); - fifo_list_.pop_back(); - } - - // Insert new item - - auto it = content_store_hash_table_.find(content_object->getName()); - if (it != content_store_hash_table_.end()) { - fifo_list_.erase(it->second.second); - content_store_hash_table_.erase(content_object->getName()); - } + if (content_store_hash_table_.size() >= max_content_store_size_) { + content_store_hash_table_.erase(fifo_list_.back()); + fifo_list_.pop_back(); + } - fifo_list_.push_front(std::cref(content_object->getName())); - auto pos = fifo_list_.begin(); - content_store_hash_table_[content_object->getName()] = ContentStoreEntry( - ObjectTimeEntry(content_object, std::chrono::steady_clock::now()), pos); + // Insert new item + auto it = content_store_hash_table_.find(content_object->getName()); + if (it != content_store_hash_table_.end()) { + fifo_list_.erase(it->second.second); + content_store_hash_table_.erase(content_object->getName()); } + + fifo_list_.push_front(std::cref(content_object->getName())); + auto pos = fifo_list_.begin(); + content_store_hash_table_[content_object->getName()] = ContentStoreEntry( + ObjectTimeEntry(content_object, std::chrono::steady_clock::now()), pos); } const std::shared_ptr<ContentObject> ContentStore::find( const Interest &interest) { utils::SpinLock::Acquire locked(cs_mutex_); + + std::shared_ptr<ContentObject> ret = empty_reference_; auto it = content_store_hash_table_.find(interest.getName()); if (it != content_store_hash_table_.end()) { - if (std::chrono::duration_cast<std::chrono::milliseconds>( + + auto content_lifetime = it->second.first.first->getLifetime(); + auto time_passed_since_creation = + std::chrono::duration_cast<std::chrono::milliseconds>( std::chrono::steady_clock::now() - it->second.first.second) - .count() < it->second.first.first->getLifetime()) { - return it->second.first.first; + .count(); + + if (time_passed_since_creation > content_lifetime) { + fifo_list_.erase(it->second.second); + content_store_hash_table_.erase(it); + } + else { + ret = it->second.first.first; } } - return empty_reference_; + return ret; } void ContentStore::erase(const Name &exact_name) { @@ -103,7 +110,10 @@ void ContentStore::printContent() { for (auto &item : content_store_hash_table_) { if (item.second.first.first->getPayloadType() == transport::core::PayloadType::MANIFEST) { - TRANSPORT_LOGI("Manifest: %s\n", + TRANSPORT_LOGI("Manifest: %s", + item.second.first.first->getName().toString().c_str()); + } else { + TRANSPORT_LOGI("Data Packet: %s", item.second.first.first->getName().toString().c_str()); } } diff --git a/libtransport/src/hicn/transport/utils/content_store.h b/libtransport/src/hicn/transport/utils/content_store.h index f7dc41835..613ffcbc2 100644 --- a/libtransport/src/hicn/transport/utils/content_store.h +++ b/libtransport/src/hicn/transport/utils/content_store.h @@ -16,6 +16,7 @@ #pragma once #include <hicn/transport/interfaces/socket.h> +#include <hicn/transport/utils/spinlock.h> #include <mutex> diff --git a/libtransport/src/hicn/transport/utils/identity.cc b/libtransport/src/hicn/transport/utils/identity.cc index d84129537..c5ab03e44 100644 --- a/libtransport/src/hicn/transport/utils/identity.cc +++ b/libtransport/src/hicn/transport/utils/identity.cc @@ -49,18 +49,14 @@ Identity::Identity(const std::string &keystore_name, identity_, parcCryptoSuite_GetCryptoHash(static_cast<PARCCryptoSuite>(suite))); - signer_ = std::make_shared<Signer>(signer); - - signature_length_ = (unsigned int)parcSigner_GetSignatureSize(signer); + signer_ = std::make_shared<Signer>(signer, suite); parcSigner_Release(&signer); parcIdentityFile_Release(&identity_file); } Identity::Identity(const Identity &other) - : signer_(other.signer_), - hash_algorithm_(other.hash_algorithm_), - signature_length_(other.signature_length_) { + : signer_(other.signer_), hash_algorithm_(other.hash_algorithm_) { parcSecurity_Init(); identity_ = parcIdentity_Acquire(other.identity_); } @@ -90,27 +86,13 @@ Identity::Identity(std::string &file_name, std::string &password, PARCSigner *signer = parcIdentity_CreateSigner( identity_, static_cast<PARCCryptoHashType>(hash_algorithm)); - signer_ = std::make_shared<Signer>(signer); - - signature_length_ = (unsigned int)parcSigner_GetSignatureSize(signer); + signer_ = std::make_shared<Signer>( + signer, CryptoSuite(parcSigner_GetCryptoSuite(signer))); parcSigner_Release(&signer); parcIdentityFile_Release(&identity_file); } -// Identity::Identity(Identity &&other) { -// identity_ = parcIdentity_Acquire(other.identity_); -//} - -// Identity& Identity::operator=(const Identity& other) { -// signer_ = other.signer_; -// hash_algorithm_ = other.hash_algorithm_; -// signature_length_ = other.signature_length_; -// identity_ = parcIdentity_Acquire(other.identity_); - -// parcSecurity_Init(); -// } - Identity::~Identity() { parcIdentity_Release(&identity_); parcSecurity_Fini(); @@ -124,8 +106,10 @@ std::string Identity::getPassword() { return std::string(parcIdentity_GetPassWord(identity_)); } -Signer &Identity::getSigner() { return *signer_; } +std::shared_ptr<Signer> Identity::getSigner() { return signer_; } -unsigned int Identity::getSignatureLength() const { return signature_length_; } +size_t Identity::getSignatureLength() const { + return signer_->getSignatureLength(); +} } // namespace utils diff --git a/libtransport/src/hicn/transport/utils/identity.h b/libtransport/src/hicn/transport/utils/identity.h index 349b38914..e9801a005 100644 --- a/libtransport/src/hicn/transport/utils/identity.h +++ b/libtransport/src/hicn/transport/utils/identity.h @@ -49,15 +49,14 @@ class Identity { std::string getPassword(); - Signer &getSigner(); + std::shared_ptr<Signer> getSigner(); - unsigned int getSignatureLength() const; + size_t getSignatureLength() const; private: PARCIdentity *identity_; std::shared_ptr<Signer> signer_; transport::core::HashAlgorithm hash_algorithm_; - unsigned int signature_length_; }; } // namespace utils diff --git a/libtransport/src/hicn/transport/utils/signer.cc b/libtransport/src/hicn/transport/utils/signer.cc index 981e5f02b..9ac9a2c45 100644 --- a/libtransport/src/hicn/transport/utils/signer.cc +++ b/libtransport/src/hicn/transport/utils/signer.cc @@ -39,54 +39,96 @@ namespace utils { uint8_t Signer::zeros[200] = {0}; /*One signer_ per Private Key*/ -Signer::Signer(PARCKeyStore *keyStore, PARCCryptoSuite suite) { +Signer::Signer(PARCKeyStore *keyStore, CryptoSuite suite) { + parcSecurity_Init(); + switch (suite) { - case PARCCryptoSuite_NULL_CRC32C: - break; - case PARCCryptoSuite_ECDSA_SHA256: - case PARCCryptoSuite_RSA_SHA256: - case PARCCryptoSuite_DSA_SHA256: - case PARCCryptoSuite_RSA_SHA512: + case CryptoSuite::DSA_SHA256: + case CryptoSuite::RSA_SHA256: + case CryptoSuite::RSA_SHA512: + case CryptoSuite::ECDSA_256K1: { this->signer_ = - parcSigner_Create(parcPublicKeySigner_Create(keyStore, suite), + parcSigner_Create(parcPublicKeySigner_Create( + keyStore, static_cast<PARCCryptoSuite>(suite)), PARCPublicKeySignerAsSigner); - this->key_id_ = parcSigner_CreateKeyId(this->signer_); break; + } + case CryptoSuite::HMAC_SHA256: + case CryptoSuite::HMAC_SHA512: { + this->signer_ = + parcSigner_Create(parcSymmetricKeySigner_Create( + (PARCSymmetricKeyStore *)keyStore, + parcCryptoSuite_GetCryptoHash( + static_cast<PARCCryptoSuite>(suite))), + PARCSymmetricKeySignerAsSigner); + break; + } + default: { return; } + } + + suite_ = suite; + key_id_ = parcSigner_CreateKeyId(this->signer_); + signature_length_ = parcSigner_GetSignatureSize(this->signer_); +} + +Signer::Signer(const std::string &passphrase, CryptoSuite suite) { + parcSecurity_Init(); - case PARCCryptoSuite_HMAC_SHA512: - case PARCCryptoSuite_HMAC_SHA256: - default: + switch (suite) { + case CryptoSuite::HMAC_SHA256: + case CryptoSuite::HMAC_SHA512: { + composer_ = parcBufferComposer_Create(); + parcBufferComposer_PutString(composer_, passphrase.c_str()); + key_buffer_ = parcBufferComposer_ProduceBuffer(composer_); + symmetricKeyStore_ = parcSymmetricKeyStore_Create(key_buffer_); this->signer_ = parcSigner_Create( - parcSymmetricKeySigner_Create((PARCSymmetricKeyStore *)keyStore, - parcCryptoSuite_GetCryptoHash(suite)), + parcSymmetricKeySigner_Create( + symmetricKeyStore_, parcCryptoSuite_GetCryptoHash( + static_cast<PARCCryptoSuite>(suite))), PARCSymmetricKeySignerAsSigner); - this->key_id_ = parcSigner_CreateKeyId(this->signer_); break; + } + default: { return; } } + + suite_ = suite; + key_id_ = parcSigner_CreateKeyId(this->signer_); + signature_length_ = parcSigner_GetSignatureSize(this->signer_); } -Signer::Signer(const PARCSigner *signer) +Signer::Signer(const PARCSigner *signer, CryptoSuite suite) : signer_(parcSigner_Acquire(signer)), - key_id_(parcSigner_CreateKeyId(this->signer_)) {} + key_id_(parcSigner_CreateKeyId(this->signer_)), + suite_(suite), + signature_length_(parcSigner_GetSignatureSize(this->signer_)) { + parcSecurity_Init(); +} + +Signer::Signer(const PARCSigner *signer) + : Signer(signer, CryptoSuite::UNKNOWN) {} Signer::~Signer() { - parcSigner_Release(&signer_); - parcKeyId_Release(&key_id_); + if (signature_) parcSignature_Release(&signature_); + if (symmetricKeyStore_) parcSymmetricKeyStore_Release(&symmetricKeyStore_); + if (key_buffer_) parcBuffer_Release(&key_buffer_); + if (composer_) parcBufferComposer_Release(&composer_); + if (signer_) parcSigner_Release(&signer_); + if (key_id_) parcKeyId_Release(&key_id_); + parcSecurity_Fini(); } void Signer::sign(Packet &packet) { // header chain points to the IP + TCP hicn header + AH Header - utils::MemBuf *header_chain = packet.header_head_; - utils::MemBuf *payload_chain = packet.payload_head_; + MemBuf *header_chain = packet.header_head_; + MemBuf *payload_chain = packet.payload_head_; uint8_t *hicn_packet = (uint8_t *)header_chain->writableData(); Packet::Format format = packet.getFormat(); - std::size_t sign_len_bytes = parcSigner_GetSignatureSize(signer_); if (!(format & HFO_AH)) { throw errors::MalformedAHPacketException(); } - packet.setSignatureSize(sign_len_bytes); + packet.setSignatureSize(signature_length_); // Copy IP+TCP/ICMP header before zeroing them hicn_header_t header_copy; @@ -102,8 +144,7 @@ void Signer::sign(Packet &packet) { auto now = duration_cast<milliseconds>(system_clock::now().time_since_epoch()) .count(); packet.setSignatureTimestamp(now); - packet.setValidationAlgorithm( - CryptoSuite(parcSigner_GetCryptoSuite(this->signer_))); + packet.setValidationAlgorithm(suite_); KeyId key_id; key_id.first = (uint8_t *)parcBuffer_Overlay( @@ -111,25 +152,25 @@ void Signer::sign(Packet &packet) { packet.setKeyId(key_id); // Calculate hash - utils::CryptoHasher hasher(parcSigner_GetCryptoHasher(signer_)); + CryptoHasher hasher(parcSigner_GetCryptoHasher(signer_)); hasher.init(); - hasher.updateBytes(hicn_packet, header_len + sign_len_bytes); + hasher.updateBytes(hicn_packet, header_len + signature_length_); - for (utils::MemBuf *current = payload_chain; current != header_chain; + for (MemBuf *current = payload_chain; current != header_chain; current = current->next()) { hasher.updateBytes(current->data(), current->length()); } - utils::CryptoHash hash = hasher.finalize(); + CryptoHash hash = hasher.finalize(); - PARCSignature *signature = parcSigner_SignDigestNoAlloc( - this->signer_, hash.hash_, packet.getSignature(), - (uint32_t)sign_len_bytes); - PARCBuffer *buffer = parcSignature_GetSignature(signature); + signature_ = parcSigner_SignDigestNoAlloc(this->signer_, hash.hash_, + packet.getSignature(), + (uint32_t)signature_length_); + PARCBuffer *buffer = parcSignature_GetSignature(signature_); size_t bytes_len = parcBuffer_Remaining(buffer); - if (bytes_len > sign_len_bytes) { + if (bytes_len > signature_length_) { throw errors::MalformedAHPacketException(); } @@ -137,6 +178,8 @@ void Signer::sign(Packet &packet) { (hicn_header_t *)packet.packet_start_, false); } +size_t Signer::getSignatureLength() { return signature_length_; } + PARCKeyStore *Signer::getKeyStore() { return parcSigner_GetKeyStore(this->signer_); } diff --git a/libtransport/src/hicn/transport/utils/signer.h b/libtransport/src/hicn/transport/utils/signer.h index 6afb9544c..31b21462b 100644 --- a/libtransport/src/hicn/transport/utils/signer.h +++ b/libtransport/src/hicn/transport/utils/signer.h @@ -22,6 +22,7 @@ extern "C" { #include <parc/security/parc_CryptoSuite.h> #include <parc/security/parc_KeyStore.h> #include <parc/security/parc_Signer.h> +#include <parc/security/parc_SymmetricKeySigner.h> } namespace utils { @@ -42,7 +43,17 @@ class Signer { * use to sign packet with this Signer. * @param suite CryptoSuite to use to verify the signature */ - Signer(PARCKeyStore *keyStore, PARCCryptoSuite suite); + Signer(PARCKeyStore *keyStore, CryptoSuite suite); + + /** + * Create a Signer + * + * @param passphrase A string from which the symmetric key will be derived + * @param suite CryptoSuite to use to verify the signature + */ + Signer(const std::string &passphrase, CryptoSuite suite); + + Signer(const PARCSigner *signer, CryptoSuite suite); Signer(const PARCSigner *signer); @@ -60,11 +71,19 @@ class Signer { */ void sign(Packet &packet); + size_t getSignatureLength(); + PARCKeyStore *getKeyStore(); private: - PARCSigner *signer_; - PARCKeyId *key_id_; + PARCBufferComposer *composer_ = nullptr; + PARCBuffer *key_buffer_ = nullptr; + PARCSymmetricKeyStore *symmetricKeyStore_ = nullptr; + PARCSigner *signer_ = nullptr; + PARCSignature *signature_ = nullptr; + PARCKeyId *key_id_ = nullptr; + CryptoSuite suite_; + size_t signature_length_; static uint8_t zeros[200]; }; diff --git a/libtransport/src/hicn/transport/utils/suffix_strategy.h b/libtransport/src/hicn/transport/utils/suffix_strategy.h index 0ed3c5b0e..ab9b1eff6 100644 --- a/libtransport/src/hicn/transport/utils/suffix_strategy.h +++ b/libtransport/src/hicn/transport/utils/suffix_strategy.h @@ -16,6 +16,7 @@ #pragma once #include <hicn/transport/core/manifest_format.h> +#include <limits> namespace utils { diff --git a/libtransport/src/hicn/transport/utils/verifier.cc b/libtransport/src/hicn/transport/utils/verifier.cc index 69b2101da..281ee21dc 100644 --- a/libtransport/src/hicn/transport/utils/verifier.cc +++ b/libtransport/src/hicn/transport/utils/verifier.cc @@ -25,9 +25,6 @@ extern "C" { TRANSPORT_CLANG_DISABLE_WARNING("-Wextern-c-compat") #endif #include <hicn/hicn.h> -#include <parc/security/parc_CertificateFactory.h> -#include <parc/security/parc_InMemoryVerifier.h> -#include <parc/security/parc_Security.h> } #include <sys/stat.h> @@ -46,11 +43,18 @@ Verifier::Verifier() { PARCInMemoryVerifier *in_memory_verifier = parcInMemoryVerifier_Create(); this->verifier_ = parcVerifier_Create(in_memory_verifier, PARCInMemoryVerifierAsVerifier); - parcInMemoryVerifier_Release(&in_memory_verifier); } Verifier::~Verifier() { - parcVerifier_Release(&verifier_); + if (key_) parcKey_Release(&key_); + if (keyId_) parcKeyId_Release(&keyId_); + if (signer_) parcSigner_Release(&signer_); + if (symmetricKeyStore_) parcSymmetricKeyStore_Release(&symmetricKeyStore_); + if (key_buffer_) parcBuffer_Release(&key_buffer_); + if (composer_) parcBufferComposer_Release(&composer_); + if (certificate_) parcCertificate_Release(&certificate_); + if (factory_) parcCertificateFactory_Release(&factory_); + if (verifier_) parcVerifier_Release(&verifier_); parcSecurity_Fini(); } @@ -67,10 +71,30 @@ bool Verifier::addKey(PARCKey *key) { return true; } +PARCKeyId *Verifier::addKeyFromPassphrase(const std::string &passphrase, + CryptoSuite suite) { + composer_ = parcBufferComposer_Create(); + parcBufferComposer_PutString(composer_, passphrase.c_str()); + key_buffer_ = parcBufferComposer_ProduceBuffer(composer_); + + symmetricKeyStore_ = parcSymmetricKeyStore_Create(key_buffer_); + signer_ = parcSigner_Create( + parcSymmetricKeySigner_Create( + symmetricKeyStore_, + parcCryptoSuite_GetCryptoHash(static_cast<PARCCryptoSuite>(suite))), + PARCSymmetricKeySignerAsSigner); + keyId_ = parcSigner_CreateKeyId(signer_); + key_ = parcKey_CreateFromSymmetricKey( + keyId_, parcSigner_GetSigningAlgorithm(signer_), key_buffer_); + + addKey(key_); + return keyId_; +} + PARCKeyId *Verifier::addKeyFromCertificate(const std::string &file_name) { - PARCCertificateFactory *factory = parcCertificateFactory_Create( - PARCCertificateType_X509, PARCContainerEncoding_PEM); - parcAssertNotNull(factory, "Expected non-NULL factory"); + factory_ = parcCertificateFactory_Create(PARCCertificateType_X509, + PARCContainerEncoding_PEM); + parcAssertNotNull(factory_, "Expected non-NULL factory"); if (!file_exists(file_name)) { TRANSPORT_LOGW("Warning! The certificate %s file does not exist", @@ -78,31 +102,23 @@ PARCKeyId *Verifier::addKeyFromCertificate(const std::string &file_name) { return nullptr; } - PARCCertificate *certificate = - parcCertificateFactory_CreateCertificateFromFile( - factory, (char *)file_name.c_str(), NULL); - - PARCKey *key = parcCertificate_GetPublicKey(certificate); - addKey(key); - - PARCKeyId *ret = parcKeyId_Acquire(parcKey_GetKeyId(key)); - - // parcKey_Release(&key); - // parcCertificate_Release(&certificate); - // parcCertificateFactory_Release(&factory); - - return ret; + certificate_ = parcCertificateFactory_CreateCertificateFromFile( + factory_, (char *)file_name.c_str(), NULL); + PARCBuffer *derEncodedVersion = + parcCertificate_GetDEREncodedPublicKey(certificate_); + PARCCryptoHash *keyDigest = parcCertificate_GetPublicKeyDigest(certificate_); + keyId_ = parcKeyId_Create(parcCryptoHash_GetDigest(keyDigest)); + key_ = parcKey_CreateFromDerEncodedPublicKey(keyId_, PARCSigningAlgorithm_RSA, + derEncodedVersion); + + addKey(key_); + return keyId_; } int Verifier::verify(const Packet &packet) { + // to initialize packet.payload_head_ + const_cast<Packet *>(&packet)->separateHeaderPayload(); bool valid = false; - - // initialize packet.payload_head_ - const_cast<Packet*>(&packet)->separateHeaderPayload(); - // header chain points to the IP + TCP hicn header - utils::MemBuf *header_chain = packet.header_head_; - utils::MemBuf *payload_chain = packet.payload_head_; - uint8_t *hicn_packet = header_chain->writableData(); Packet::Format format = packet.getFormat(); if (!(packet.format_ & HFO_AH)) { @@ -114,10 +130,9 @@ int Verifier::verify(const Packet &packet) { hicn_packet_copy_header(format, (const hicn_header_t *)packet.packet_start_, &header_copy, false); - std::size_t header_len = Packet::getHeaderSizeFromFormat(format); - PARCCryptoSuite suite = static_cast<PARCCryptoSuite>(packet.getValidationAlgorithm()); + PARCCryptoHashType hashtype = parcCryptoSuite_GetCryptoHash(suite); KeyId _key_id = packet.getKeyId(); PARCBuffer *buffer = parcBuffer_Wrap(_key_id.first, _key_id.second, 0, _key_id.second); @@ -127,27 +142,30 @@ int Verifier::verify(const Packet &packet) { int ah_payload_len = (int)packet.getSignatureSize(); uint8_t *_signature = packet.getSignature(); uint8_t *signature = new uint8_t[ah_payload_len]; - // TODO Remove signature copy at this point, by not setting to zero // the validation payload. std::memcpy(signature, _signature, ah_payload_len); - // Reset fields that should not appear in the signature - const_cast<Packet &>(packet).resetForHash(); - - PARCCryptoHashType hashtype = parcCryptoSuite_GetCryptoHash(suite); - utils::CryptoHasher hasher( - parcVerifier_GetCryptoHasher(verifier_, key_id, hashtype)); - - hasher.init().updateBytes(hicn_packet, header_len + ah_payload_len); - - for (utils::MemBuf *current = payload_chain; current != header_chain; - current = current->next()) { - hasher.updateBytes(current->data(), current->length()); + std::shared_ptr<CryptoHasher> hasher; + switch (CryptoSuite(suite)) { + case CryptoSuite::DSA_SHA256: + case CryptoSuite::RSA_SHA256: + case CryptoSuite::RSA_SHA512: + case CryptoSuite::ECDSA_256K1: { + hasher = std::make_shared<CryptoHasher>( + parcVerifier_GetCryptoHasher(verifier_, key_id, hashtype)); + break; + } + case CryptoSuite::HMAC_SHA256: + case CryptoSuite::HMAC_SHA512: { + if (!signer_) return false; + hasher = + std::make_shared<CryptoHasher>(parcSigner_GetCryptoHasher(signer_)); + break; + } + default: { return false; } } - - utils::CryptoHash hash = hasher.finalize(); - PARCCryptoHash *hash_computed_locally = hash.hash_; + CryptoHash hash_computed_locally = getPacketHash(packet, hasher); PARCBuffer *bits = parcBuffer_Wrap(signature, ah_payload_len, 0, ah_payload_len); @@ -178,20 +196,39 @@ int Verifier::verify(const Packet &packet) { } valid = parcVerifier_VerifyDigestSignature( - verifier_, key_id, hash_computed_locally, suite, signatureToVerify); + verifier_, key_id, hash_computed_locally.hash_, suite, signatureToVerify); /* Restore the resetted fields */ hicn_packet_copy_header(format, &header_copy, (hicn_header_t *)packet.packet_start_, false); delete[] signature; - parcKeyId_Release(&key_id); - parcBuffer_Release(&bits); parcSignature_Release(&signatureToVerify); return valid; } +CryptoHash Verifier::getPacketHash(const Packet &packet, + std::shared_ptr<CryptoHasher> hasher) { + MemBuf *header_chain = packet.header_head_; + MemBuf *payload_chain = packet.payload_head_; + Packet::Format format = packet.getFormat(); + int ah_payload_len = (int)packet.getSignatureSize(); + uint8_t *hicn_packet = header_chain->writableData(); + std::size_t header_len = Packet::getHeaderSizeFromFormat(format); + + // Reset fields that should not appear in the signature + const_cast<Packet &>(packet).resetForHash(); + hasher->init().updateBytes(hicn_packet, header_len + ah_payload_len); + + for (MemBuf *current = payload_chain; current != header_chain; + current = current->next()) { + hasher->updateBytes(current->data(), current->length()); + } + + return hasher->finalize(); +} + } // namespace utils diff --git a/libtransport/src/hicn/transport/utils/verifier.h b/libtransport/src/hicn/transport/utils/verifier.h index 6313a7240..7ec6e7eda 100644 --- a/libtransport/src/hicn/transport/utils/verifier.h +++ b/libtransport/src/hicn/transport/utils/verifier.h @@ -18,7 +18,11 @@ #include <hicn/transport/core/packet.h> extern "C" { +#include <parc/security/parc_CertificateFactory.h> +#include <parc/security/parc_InMemoryVerifier.h> #include <parc/security/parc_KeyId.h> +#include <parc/security/parc_Security.h> +#include <parc/security/parc_SymmetricKeySigner.h> #include <parc/security/parc_Verifier.h> } @@ -56,6 +60,9 @@ class Verifier { */ bool addKey(PARCKey *key); + PARCKeyId *addKeyFromPassphrase(const std::string &passphrase, + CryptoSuite suite); + PARCKeyId *addKeyFromCertificate(const std::string &file_name); /** @@ -77,8 +84,19 @@ class Verifier { */ int verify(const Packet &packet); + CryptoHash getPacketHash(const Packet &packet, + std::shared_ptr<CryptoHasher> hasher); + private: - PARCVerifier *verifier_; + PARCVerifier *verifier_ = nullptr; + PARCCertificateFactory *factory_ = nullptr; + PARCCertificate *certificate_ = nullptr; + PARCKeyId *keyId_ = nullptr; + PARCKey *key_ = nullptr; + PARCBuffer *key_buffer_ = nullptr; + PARCSymmetricKeyStore *symmetricKeyStore_ = nullptr; + PARCSigner *signer_ = nullptr; + PARCBufferComposer *composer_ = nullptr; static uint8_t zeros[200]; }; |