diff options
author | Luca Muscariello <lumuscar@cisco.com> | 2022-03-30 22:29:28 +0200 |
---|---|---|
committer | Mauro Sardara <msardara@cisco.com> | 2022-03-31 19:51:47 +0200 |
commit | c46e5df56b67bb8ea7a068d39324c640084ead2b (patch) | |
tree | eddeb17785938e09bc42eec98ee09b8a28846de6 /libtransport/src/implementation/p2psecure_socket_producer.cc | |
parent | 18fa668f25d3cc5463417ce7df6637e31578e898 (diff) |
feat: boostrap hicn 22.02
The current patch provides several new features, improvements,
bug fixes and also complete rewrite of entire components.
- lib
The hicn packet parser has been improved with a new packet
format fully based on UDP. The TCP header is still temporarily
supported but the UDP header will replace completely the new hicn
packet format. Improvements have been made to make sure every
packet parsing operation is made via this library. The current
new header can be used as header between the payload and the
UDP header or as trailer in the UDP surplus area to be tested
when UDP options will start to be used.
- hicn-light
The portable packet forwarder has been completely rewritten from
scratch with the twofold objective to improve performance and
code size but also to drop dependencies such as libparc which is
now removed by the current implementation.
- hicn control
the control library is the agent that is used to program the
packet forwarders via their binary API. This component has
benefited from significant improvements in terms of interaction
model which is now event driven and more robust to failures.
- VPP plugin has been updated to support VPP 22.02
- transport
Major improvement have been made to the RTC protocol, to the
support of IO modules and to the security sub system. Signed
manifests are the default data authenticity and integrity framework.
Confidentiality can be enabled by sharing the encryption key to the
prod/cons layer. The library has been tested with group key based
applications such as broadcast/multicast and real-time on-line
meetings with trusted server keys or MLS.
- testing
Unit testing has been introduced using GoogleTest. One third of
the code base is covered by unit testing with priority on
critical features. Functional testing has also been introduce
using Docker, linux bridging and Robot Framework to define
test with Less Code techniques to facilitate the extension
of the coverage.
Co-authored-by: Mauro Sardara <msardara@cisco.com>
Co-authored-by: Jordan Augé <jordan.auge+fdio@cisco.com>
Co-authored-by: Michele Papalini <micpapal@cisco.com>
Co-authored-by: Angelo Mantellini <manangel@cisco.com>
Co-authored-by: Jacques Samain <jsamain@cisco.com>
Co-authored-by: Olivier Roques <oroques+fdio@cisco.com>
Co-authored-by: Enrico Loparco <eloparco@cisco.com>
Co-authored-by: Giulio Grassi <gigrassi@cisco.com>
Change-Id: I75d0ef70f86d921e3ef503c99271216ff583c215
Signed-off-by: Luca Muscariello <muscariello@ieee.org>
Signed-off-by: Mauro Sardara <msardara@cisco.com>
Diffstat (limited to 'libtransport/src/implementation/p2psecure_socket_producer.cc')
-rw-r--r-- | libtransport/src/implementation/p2psecure_socket_producer.cc | 71 |
1 files changed, 21 insertions, 50 deletions
diff --git a/libtransport/src/implementation/p2psecure_socket_producer.cc b/libtransport/src/implementation/p2psecure_socket_producer.cc index 3748001fc..ee78ea53b 100644 --- a/libtransport/src/implementation/p2psecure_socket_producer.cc +++ b/libtransport/src/implementation/p2psecure_socket_producer.cc @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2020 Cisco and/or its affiliates. + * Copyright (c) 2021 Cisco and/or its affiliates. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at: @@ -20,6 +20,7 @@ #include <interfaces/tls_rtc_socket_producer.h> #include <interfaces/tls_socket_producer.h> #include <openssl/bio.h> +#include <openssl/pkcs12.h> #include <openssl/rand.h> #include <openssl/ssl.h> @@ -41,7 +42,7 @@ P2PSecureProducerSocket::P2PSecureProducerSocket( P2PSecureProducerSocket::P2PSecureProducerSocket( interface::ProducerSocket *producer_socket, bool rtc, - const std::shared_ptr<auth::Identity> &identity) + std::string &keystore_path, std::string &keystore_pwd) : ProducerSocket(producer_socket, ProductionProtocolAlgorithms::BYTE_STREAM), rtc_(rtc), @@ -50,8 +51,16 @@ P2PSecureProducerSocket::P2PSecureProducerSocket( map_producers(), list_producers() { /* Setup SSL context (identity and parameter to use TLS 1.3) */ - cert_509_ = identity->getCertificate().get(); - pkey_rsa_ = identity->getPrivateKey().get(); + FILE *p12file = fopen(keystore_path.c_str(), "r"); + if (p12file == NULL) + throw errors::RuntimeException("impossible open keystore"); + std::unique_ptr<PKCS12, decltype(&::PKCS12_free)> p12( + d2i_PKCS12_fp(p12file, NULL), ::PKCS12_free); + // now we parse the file to get the first key and certificate + if (1 != PKCS12_parse(p12.get(), keystore_pwd.c_str(), &pkey_rsa_, &cert_509_, + NULL)) + throw errors::RuntimeException("impossible to get the private key"); + fclose(p12file); /* Set the callback so that when an interest is received we catch it and we * decrypt the payload before passing it to the application. */ @@ -133,15 +142,15 @@ uint32_t P2PSecureProducerSocket::produceDatagram( // TODO throw errors::NotImplementedException(); - if (!rtc_) { - throw errors::RuntimeException( - "RTC must be the transport protocol to start the production of current " - "data. Aborting."); - } + // if (!rtc_) { + // throw errors::RuntimeException( + // "RTC must be the transport protocol to start the production of + // current " "data. Aborting."); + // } - std::unique_lock<std::mutex> lck(mtx_); + // std::unique_lock<std::mutex> lck(mtx_); - if (list_producers.empty()) cv_.wait(lck); + // if (list_producers.empty()) cv_.wait(lck); // TODO // for (auto it = list_producers.cbegin(); it != list_producers.cend(); it++) @@ -151,7 +160,7 @@ uint32_t P2PSecureProducerSocket::produceDatagram( // rtc_producer->produce(utils::MemBuf::copyBuffer(buffer, buffer_size)); // } - return 0; + // return 0; } uint32_t P2PSecureProducerSocket::produceStream( @@ -197,44 +206,6 @@ uint32_t P2PSecureProducerSocket::produceStream(const Name &content_name, return segments; } -// void P2PSecureProducerSocket::asyncProduce(const Name &content_name, -// const uint8_t *buf, -// size_t buffer_size, bool is_last, -// uint32_t *start_offset) { -// if (rtc_) { -// throw errors::RuntimeException( -// "RTC transport protocol is not compatible with the production of " -// "current data. Aborting."); -// } - -// std::unique_lock<std::mutex> lck(mtx_); -// if (list_producers.empty()) cv_.wait(lck); - -// for (auto it = list_producers.cbegin(); it != list_producers.cend(); it++) -// { -// (*it)->asyncProduce(content_name, buf, buffer_size, is_last, -// start_offset); -// } -// } - -void P2PSecureProducerSocket::asyncProduce( - Name content_name, std::unique_ptr<utils::MemBuf> &&buffer, bool is_last, - uint32_t offset, uint32_t **last_segment) { - if (rtc_) { - throw errors::RuntimeException( - "RTC transport protocol is not compatible with the production of " - "current data. Aborting."); - } - - std::unique_lock<std::mutex> lck(mtx_); - if (list_producers.empty()) cv_.wait(lck); - - for (auto it = list_producers.cbegin(); it != list_producers.cend(); it++) { - (*it)->asyncProduce(content_name, buffer->clone(), is_last, offset, - last_segment); - } -} - /* Redefinition of socket options to avoid name hiding */ int P2PSecureProducerSocket::setSocketOption( int socket_option_key, ProducerInterestCallback socket_option_value) { |