[HICN-595] Bring TLS up to date

HICN-2 would enable TLS only if OpenSSL 1.1.1 was present.
However the mechanism to do so was broken and hiperf always
ended up using normal consumer and producer sockets.

This patch fixes that by updating the build files. It also fixes
various bugs in the TLS implementation that went unnoticed and
cleans up the code.

Change-Id: Ifda75a9929e14460af43fe79d737d0c926bb671e
Signed-off-by: Olivier Roques <oroques+fdio@cisco.com>
Signed-off-by: Mauro Sardara <msardara@cisco.com>

1 files changed, 94 insertions, 104 deletions

diff --git a/libtransport/src/implementation/p2psecure_socket_producer.cc b/libtransport/src/implementation/p2psecure_socket_producer.cc
index d0852539a..15c7d25cd 100644
--- a/libtransport/src/implementation/p2psecure_socket_producer.cc
+++ b/libtransport/src/implementation/p2psecure_socket_producer.cc
@@ -37,9 +37,8 @@ P2PSecureProducerSocket::P2PSecureProducerSocket(
     : ProducerSocket(producer_socket),
       mtx_(),
       cv_(),
-      map_secure_producers(),
-      map_secure_rtc_producers(),
-      list_secure_producers() {}
+      map_producers(),
+      list_producers() {}
 
 P2PSecureProducerSocket::P2PSecureProducerSocket(
     interface::ProducerSocket *producer_socket, bool rtc,
@@ -48,12 +47,9 @@ P2PSecureProducerSocket::P2PSecureProducerSocket(
       rtc_(rtc),
       mtx_(),
       cv_(),
-      map_secure_producers(),
-      map_secure_rtc_producers(),
-      list_secure_producers() {
-  /*
-   * Setup SSL context (identity and parameter to use TLS 1.3)
-   */
+      map_producers(),
+      list_producers() {
+  /* Setup SSL context (identity and parameter to use TLS 1.3) */
   der_cert_ = parcKeyStore_GetDEREncodedCertificate(
       (identity->getSigner()->getKeyStore()));
   der_prk_ = parcKeyStore_GetDEREncodedPrivateKey(
@@ -68,10 +64,8 @@ P2PSecureProducerSocket::P2PSecureProducerSocket(
   cert_509_ = d2i_X509(NULL, &cert, cert_size);
   pkey_rsa_ = d2i_AutoPrivateKey(NULL, &prk, prk_size);
 
-  /*
-   * Set the callback so that when an interest is received we catch it and we
-   * decrypt the payload before passing it to the application.
-   */
+  /* Set the callback so that when an interest is received we catch it and we
+   * decrypt the payload before passing it to the application.  */
   ProducerSocket::setSocketOption(
       ProducerCallbacksOptions::INTEREST_INPUT,
       (ProducerInterestCallback)std::bind(
@@ -84,53 +78,61 @@ P2PSecureProducerSocket::~P2PSecureProducerSocket() {
   if (der_prk_) parcBuffer_Release(&der_prk_);
 }
 
+void P2PSecureProducerSocket::initSessionSocket(
+    std::unique_ptr<TLSProducerSocket> &producer) {
+  producer->on_content_produced_application_ =
+      this->on_content_produced_application_;
+  producer->setSocketOption(CONTENT_OBJECT_EXPIRY_TIME,
+                            this->content_object_expiry_time_);
+  producer->setSocketOption(SIGNER, this->signer_);
+  producer->setSocketOption(MAKE_MANIFEST, this->making_manifest_);
+  producer->setSocketOption(DATA_PACKET_SIZE,
+                            (uint32_t)(this->data_packet_size_));
+  producer->output_buffer_.setLimit(this->output_buffer_.getLimit());
+
+  if (!rtc_) {
+    producer->setInterface(new interface::TLSProducerSocket(producer.get()));
+  } else {
+    TLSRTCProducerSocket *rtc_producer =
+        dynamic_cast<TLSRTCProducerSocket *>(producer.get());
+    rtc_producer->setInterface(
+        new interface::TLSRTCProducerSocket(rtc_producer));
+  }
+}
+
 void P2PSecureProducerSocket::onInterestCallback(interface::ProducerSocket &p,
                                                  Interest &interest) {
   std::unique_lock<std::mutex> lck(mtx_);
+  std::unique_ptr<TLSProducerSocket> tls_producer;
+  auto it = map_producers.find(interest.getName());
+
+  if (it != map_producers.end()) {
+    return;
+  }
+
+  if (!rtc_) {
+    tls_producer =
+        std::make_unique<TLSProducerSocket>(nullptr, this, interest.getName());
+  } else {
+    tls_producer = std::make_unique<TLSRTCProducerSocket>(nullptr, this,
+                                                          interest.getName());
+  }
+
+  initSessionSocket(tls_producer);
+  TLSProducerSocket *tls_producer_ptr = tls_producer.get();
+  map_producers.insert({interest.getName(), move(tls_producer)});
 
   TRANSPORT_LOGD("Start handshake at %s",
                  interest.getName().toString().c_str());
+
   if (!rtc_) {
-    auto it = map_secure_producers.find(interest.getName());
-    if (it != map_secure_producers.end()) return;
-    TLSProducerSocket *tls_producer =
-        new TLSProducerSocket(nullptr, this, interest.getName());
-    tls_producer->setInterface(new interface::TLSProducerSocket(tls_producer));
-
-    tls_producer->on_content_produced_application_ =
-        this->on_content_produced_application_;
-    tls_producer->setSocketOption(CONTENT_OBJECT_EXPIRY_TIME,
-                                  this->content_object_expiry_time_);
-    tls_producer->setSocketOption(SIGNER, this->signer_);
-    tls_producer->setSocketOption(MAKE_MANIFEST, this->making_manifest_);
-    tls_producer->setSocketOption(DATA_PACKET_SIZE,
-                                  (uint32_t)(this->data_packet_size_));
-    tls_producer->output_buffer_.setLimit(this->output_buffer_.getLimit());
-    map_secure_producers.insert(
-        {interest.getName(), std::unique_ptr<TLSProducerSocket>(tls_producer)});
-    tls_producer->onInterest(*tls_producer, interest);
-    tls_producer->async_accept();
+    tls_producer_ptr->onInterest(*tls_producer_ptr, interest);
+    tls_producer_ptr->async_accept();
   } else {
-    auto it = map_secure_rtc_producers.find(interest.getName());
-    if (it != map_secure_rtc_producers.end()) return;
-    TLSRTCProducerSocket *tls_producer =
-        new TLSRTCProducerSocket(nullptr, this, interest.getName());
-    tls_producer->setInterface(
-        new interface::TLSRTCProducerSocket(tls_producer));
-    tls_producer->on_content_produced_application_ =
-        this->on_content_produced_application_;
-    tls_producer->setSocketOption(CONTENT_OBJECT_EXPIRY_TIME,
-                                  this->content_object_expiry_time_);
-    tls_producer->setSocketOption(SIGNER, this->signer_);
-    tls_producer->setSocketOption(MAKE_MANIFEST, this->making_manifest_);
-    tls_producer->setSocketOption(DATA_PACKET_SIZE,
-                                  (uint32_t)(this->data_packet_size_));
-    tls_producer->output_buffer_.setLimit(this->output_buffer_.getLimit());
-    map_secure_rtc_producers.insert(
-        {interest.getName(),
-         std::unique_ptr<TLSRTCProducerSocket>(tls_producer)});
-    tls_producer->onInterest(*tls_producer, interest);
-    tls_producer->async_accept();
+    TLSRTCProducerSocket *rtc_producer_ptr =
+        dynamic_cast<TLSRTCProducerSocket *>(tls_producer_ptr);
+    rtc_producer_ptr->onInterest(*rtc_producer_ptr, interest);
+    rtc_producer_ptr->async_accept();
   }
 }
 
@@ -143,11 +145,13 @@ void P2PSecureProducerSocket::produce(const uint8_t *buffer,
   }
 
   std::unique_lock<std::mutex> lck(mtx_);
-  if (list_secure_rtc_producers.empty()) cv_.wait(lck);
 
-  for (auto it = list_secure_rtc_producers.cbegin();
-       it != list_secure_rtc_producers.cend(); it++) {
-    (*it)->produce(utils::MemBuf::copyBuffer(buffer, buffer_size));
+  if (list_producers.empty()) cv_.wait(lck);
+
+  for (auto it = list_producers.cbegin(); it != list_producers.cend(); it++) {
+    TLSRTCProducerSocket *rtc_producer =
+        dynamic_cast<TLSRTCProducerSocket *>(it->get());
+    rtc_producer->produce(utils::MemBuf::copyBuffer(buffer, buffer_size));
   }
 }
 
@@ -162,12 +166,13 @@ uint32_t P2PSecureProducerSocket::produce(
 
   std::unique_lock<std::mutex> lck(mtx_);
   uint32_t segments = 0;
-  if (list_secure_producers.empty()) cv_.wait(lck);
 
-  for (auto it = list_secure_producers.cbegin();
-       it != list_secure_producers.cend(); it++)
+  if (list_producers.empty()) cv_.wait(lck);
+
+  for (auto it = list_producers.cbegin(); it != list_producers.cend(); it++)
     segments +=
         (*it)->produce(content_name, buffer->clone(), is_last, start_offset);
+
   return segments;
 }
 
@@ -183,12 +188,12 @@ uint32_t P2PSecureProducerSocket::produce(Name content_name,
 
   std::unique_lock<std::mutex> lck(mtx_);
   uint32_t segments = 0;
-  if (list_secure_producers.empty()) cv_.wait(lck);
+  if (list_producers.empty()) cv_.wait(lck);
 
-  for (auto it = list_secure_producers.cbegin();
-       it != list_secure_producers.cend(); it++)
+  for (auto it = list_producers.cbegin(); it != list_producers.cend(); it++)
     segments += (*it)->produce(content_name, buffer, buffer_size, is_last,
                                start_offset);
+
   return segments;
 }
 
@@ -203,10 +208,9 @@ void P2PSecureProducerSocket::asyncProduce(const Name &content_name,
   }
 
   std::unique_lock<std::mutex> lck(mtx_);
-  if (list_secure_producers.empty()) cv_.wait(lck);
+  if (list_producers.empty()) cv_.wait(lck);
 
-  for (auto it = list_secure_producers.cbegin();
-       it != list_secure_producers.cend(); it++) {
+  for (auto it = list_producers.cbegin(); it != list_producers.cend(); it++) {
     (*it)->asyncProduce(content_name, buf, buffer_size, is_last, start_offset);
   }
 }
@@ -221,22 +225,19 @@ void P2PSecureProducerSocket::asyncProduce(
   }
 
   std::unique_lock<std::mutex> lck(mtx_);
-  if (list_secure_producers.empty()) cv_.wait(lck);
+  if (list_producers.empty()) cv_.wait(lck);
 
-  for (auto it = list_secure_producers.cbegin();
-       it != list_secure_producers.cend(); it++) {
+  for (auto it = list_producers.cbegin(); it != list_producers.cend(); it++) {
     (*it)->asyncProduce(content_name, buffer->clone(), is_last, offset,
                         last_segment);
   }
 }
 
-// Socket Option Redefinition to avoid name hiding
-
+/* Redefinition of socket options to avoid name hiding */
 int P2PSecureProducerSocket::setSocketOption(
     int socket_option_key, ProducerInterestCallback socket_option_value) {
-  if (!list_secure_producers.empty()) {
-    for (auto it = list_secure_producers.cbegin();
-         it != list_secure_producers.cend(); it++)
+  if (!list_producers.empty()) {
+    for (auto it = list_producers.cbegin(); it != list_producers.cend(); it++)
       (*it)->setSocketOption(socket_option_key, socket_option_value);
   }
 
@@ -269,9 +270,8 @@ int P2PSecureProducerSocket::setSocketOption(
 int P2PSecureProducerSocket::setSocketOption(
     int socket_option_key,
     const std::shared_ptr<utils::Signer> &socket_option_value) {
-  if (!list_secure_producers.empty())
-    for (auto it = list_secure_producers.cbegin();
-         it != list_secure_producers.cend(); it++)
+  if (!list_producers.empty())
+    for (auto it = list_producers.cbegin(); it != list_producers.cend(); it++)
       (*it)->setSocketOption(socket_option_key, socket_option_value);
 
   switch (socket_option_key) {
@@ -288,9 +288,8 @@ int P2PSecureProducerSocket::setSocketOption(
 
 int P2PSecureProducerSocket::setSocketOption(int socket_option_key,
                                              uint32_t socket_option_value) {
-  if (!list_secure_producers.empty()) {
-    for (auto it = list_secure_producers.cbegin();
-         it != list_secure_producers.cend(); it++)
+  if (!list_producers.empty()) {
+    for (auto it = list_producers.cbegin(); it != list_producers.cend(); it++)
       (*it)->setSocketOption(socket_option_key, socket_option_value);
   }
   switch (socket_option_key) {
@@ -305,9 +304,8 @@ int P2PSecureProducerSocket::setSocketOption(int socket_option_key,
 
 int P2PSecureProducerSocket::setSocketOption(int socket_option_key,
                                              bool socket_option_value) {
-  if (!list_secure_producers.empty())
-    for (auto it = list_secure_producers.cbegin();
-         it != list_secure_producers.cend(); it++)
+  if (!list_producers.empty())
+    for (auto it = list_producers.cbegin(); it != list_producers.cend(); it++)
       (*it)->setSocketOption(socket_option_key, socket_option_value);
 
   return ProducerSocket::setSocketOption(socket_option_key,
@@ -316,9 +314,8 @@ int P2PSecureProducerSocket::setSocketOption(int socket_option_key,
 
 int P2PSecureProducerSocket::setSocketOption(int socket_option_key,
                                              Name *socket_option_value) {
-  if (!list_secure_producers.empty())
-    for (auto it = list_secure_producers.cbegin();
-         it != list_secure_producers.cend(); it++)
+  if (!list_producers.empty())
+    for (auto it = list_producers.cbegin(); it != list_producers.cend(); it++)
       (*it)->setSocketOption(socket_option_key, socket_option_value);
 
   return ProducerSocket::setSocketOption(socket_option_key,
@@ -327,9 +324,8 @@ int P2PSecureProducerSocket::setSocketOption(int socket_option_key,
 
 int P2PSecureProducerSocket::setSocketOption(
     int socket_option_key, std::list<Prefix> socket_option_value) {
-  if (!list_secure_producers.empty())
-    for (auto it = list_secure_producers.cbegin();
-         it != list_secure_producers.cend(); it++)
+  if (!list_producers.empty())
+    for (auto it = list_producers.cbegin(); it != list_producers.cend(); it++)
       (*it)->setSocketOption(socket_option_key, socket_option_value);
 
   return ProducerSocket::setSocketOption(socket_option_key,
@@ -338,9 +334,8 @@ int P2PSecureProducerSocket::setSocketOption(
 
 int P2PSecureProducerSocket::setSocketOption(
     int socket_option_key, ProducerContentObjectCallback socket_option_value) {
-  if (!list_secure_producers.empty())
-    for (auto it = list_secure_producers.cbegin();
-         it != list_secure_producers.cend(); it++)
+  if (!list_producers.empty())
+    for (auto it = list_producers.cbegin(); it != list_producers.cend(); it++)
       (*it)->setSocketOption(socket_option_key, socket_option_value);
 
   return ProducerSocket::setSocketOption(socket_option_key,
@@ -349,9 +344,8 @@ int P2PSecureProducerSocket::setSocketOption(
 
 int P2PSecureProducerSocket::setSocketOption(
     int socket_option_key, ProducerContentCallback socket_option_value) {
-  if (!list_secure_producers.empty())
-    for (auto it = list_secure_producers.cbegin();
-         it != list_secure_producers.cend(); it++)
+  if (!list_producers.empty())
+    for (auto it = list_producers.cbegin(); it != list_producers.cend(); it++)
       (*it)->setSocketOption(socket_option_key, socket_option_value);
 
   switch (socket_option_key) {
@@ -368,9 +362,8 @@ int P2PSecureProducerSocket::setSocketOption(
 
 int P2PSecureProducerSocket::setSocketOption(
     int socket_option_key, utils::CryptoHashType socket_option_value) {
-  if (!list_secure_producers.empty())
-    for (auto it = list_secure_producers.cbegin();
-         it != list_secure_producers.cend(); it++)
+  if (!list_producers.empty())
+    for (auto it = list_producers.cbegin(); it != list_producers.cend(); it++)
       (*it)->setSocketOption(socket_option_key, socket_option_value);
 
   return ProducerSocket::setSocketOption(socket_option_key,
@@ -379,9 +372,8 @@ int P2PSecureProducerSocket::setSocketOption(
 
 int P2PSecureProducerSocket::setSocketOption(
     int socket_option_key, utils::CryptoSuite socket_option_value) {
-  if (!list_secure_producers.empty())
-    for (auto it = list_secure_producers.cbegin();
-         it != list_secure_producers.cend(); it++)
+  if (!list_producers.empty())
+    for (auto it = list_producers.cbegin(); it != list_producers.cend(); it++)
       (*it)->setSocketOption(socket_option_key, socket_option_value);
 
   return ProducerSocket::setSocketOption(socket_option_key,
@@ -390,9 +382,8 @@ int P2PSecureProducerSocket::setSocketOption(
 
 int P2PSecureProducerSocket::setSocketOption(
     int socket_option_key, const std::string &socket_option_value) {
-  if (!list_secure_producers.empty())
-    for (auto it = list_secure_producers.cbegin();
-         it != list_secure_producers.cend(); it++)
+  if (!list_producers.empty())
+    for (auto it = list_producers.cbegin(); it != list_producers.cend(); it++)
       (*it)->setSocketOption(socket_option_key, socket_option_value);
 
   return ProducerSocket::setSocketOption(socket_option_key,
@@ -400,5 +391,4 @@ int P2PSecureProducerSocket::setSocketOption(
 }
 
 }  // namespace implementation
-
 }  // namespace transport