feat: boostrap hicn 22.02

The current patch provides several new features, improvements, bug fixes and also complete rewrite of entire components. - lib The hicn packet parser has been improved with a new packet format fully based on UDP. The TCP header is still temporarily supported but the UDP header will replace completely the new hicn packet format. Improvements have been made to make sure every packet parsing operation is made via this library. The current new header can be used as header between the payload and the UDP header or as trailer in the UDP surplus area to be tested when UDP options will start to be used. - hicn-light The portable packet forwarder has been completely rewritten from scratch with the twofold objective to improve performance and code size but also to drop dependencies such as libparc which is now removed by the current implementation. - hicn control the control library is the agent that is used to program the packet forwarders via their binary API. This component has benefited from significant improvements in terms of interaction model which is now event driven and more robust to failures. - VPP plugin has been updated to support VPP 22.02 - transport Major improvement have been made to the RTC protocol, to the support of IO modules and to the security sub system. Signed manifests are the default data authenticity and integrity framework. Confidentiality can be enabled by sharing the encryption key to the prod/cons layer. The library has been tested with group key based applications such as broadcast/multicast and real-time on-line meetings with trusted server keys or MLS. - testing Unit testing has been introduced using GoogleTest. One third of the code base is covered by unit testing with priority on critical features. Functional testing has also been introduce using Docker, linux bridging and Robot Framework to define test with Less Code techniques to facilitate the extension of the coverage. Co-authored-by: Mauro Sardara <msardara@cisco.com> Co-authored-by: Jordan Augé <jordan.auge+fdio@cisco.com> Co-authored-by: Michele Papalini <micpapal@cisco.com> Co-authored-by: Angelo Mantellini <manangel@cisco.com> Co-authored-by: Jacques Samain <jsamain@cisco.com> Co-authored-by: Olivier Roques <oroques+fdio@cisco.com> Co-authored-by: Enrico Loparco <eloparco@cisco.com> Co-authored-by: Giulio Grassi <gigrassi@cisco.com> Change-Id: I75d0ef70f86d921e3ef503c99271216ff583c215 Signed-off-by: Luca Muscariello <muscariello@ieee.org> Signed-off-by: Mauro Sardara <msardara@cisco.com>
author: Luca Muscariello <lumuscar@cisco.com> 2022-03-30 22:29:28 +0200
committer: Mauro Sardara <msardara@cisco.com> 2022-03-31 19:51:47 +0200
commit: c46e5df56b67bb8ea7a068d39324c640084ead2b (patch)
tree: eddeb17785938e09bc42eec98ee09b8a28846de6 /libtransport/src/test/test_auth.cc
parent: 18fa668f25d3cc5463417ce7df6637e31578e898 (diff)
1 files changed, 136 insertions, 42 deletions
diff --git a/libtransport/src/test/test_auth.cc b/libtransport/src/test/test_auth.cc
index db1c3b52f..d7fd55433 100644
--- a/libtransport/src/test/test_auth.cc
+++ b/libtransport/src/test/test_auth.cc
@@ -15,10 +15,15 @@
 
 #include <gtest/gtest.h>
 #include <hicn/transport/auth/crypto_hash.h>
-#include <hicn/transport/auth/identity.h>
 #include <hicn/transport/auth/signer.h>
 #include <hicn/transport/auth/verifier.h>
 #include <hicn/transport/core/content_object.h>
+#include <openssl/rand.h>
+
+using BN_ptr = std::unique_ptr<BIGNUM, decltype(&::BN_free)>;
+using RSA_ptr = std::unique_ptr<RSA, decltype(&::RSA_free)>;
+using EC_KEY_ptr = std::unique_ptr<EC_KEY, decltype(&::EC_KEY_free)>;
+using DSA_ptr = std::unique_ptr<DSA, decltype(&::DSA_free)>;
 
 namespace transport {
 namespace auth {
@@ -50,11 +55,23 @@ TEST_F(AuthTest, VoidVerifier) {
 }
 
 TEST_F(AuthTest, AsymmetricRSA) {
-  // Create the RSA signer from an Identity object
-  Identity identity("test_rsa.p12", PASSPHRASE, CryptoSuite::RSA_SHA256, 1024u,
-                    30, "RSAVerifier");
-
-  std::shared_ptr<Signer> signer = identity.getSigner();
+  // Create the RSA keys
+  std::shared_ptr<EVP_PKEY> privateKey(EVP_PKEY_new(), EVP_PKEY_free);
+  std::shared_ptr<EVP_PKEY> pubKey(EVP_PKEY_new(), EVP_PKEY_free);
+  RSA_ptr rsa(RSA_new(), ::RSA_free);
+  BN_ptr pub_exp(BN_new(), ::BN_free);
+
+  BN_set_word(pub_exp.get(), RSA_F4);
+  if (1 != RSA_generate_key_ex(rsa.get(), 2048u, pub_exp.get(), NULL))
+    throw errors::RuntimeException("can't generate the key");
+  RSA_ptr rsa_pub(RSAPublicKey_dup(rsa.get()), ::RSA_free);
+  RSA_ptr rsa_priv(RSAPrivateKey_dup(rsa.get()), ::RSA_free);
+  if (1 != EVP_PKEY_set1_RSA(pubKey.get(), rsa_pub.get()))
+    throw errors::RuntimeException("can't generate the key");
+  if (1 != EVP_PKEY_set1_RSA(privateKey.get(), rsa_priv.get()))
+    throw errors::RuntimeException("can't generate the key");
+  std::shared_ptr<AsymmetricSigner> signer = std::make_shared<AsymmetricSigner>(
+      CryptoSuite::RSA_SHA256, privateKey, pubKey);
 
   // Create a content object
   core::ContentObject packet(HF_INET6_TCP_AH, signer->getSignatureSize());
@@ -68,61 +85,112 @@ TEST_F(AuthTest, AsymmetricRSA) {
 
   // Create the RSA verifier
   std::shared_ptr<Verifier> verifier =
-      std::make_shared<AsymmetricVerifier>(identity.getCertificate());
+      std::make_shared<AsymmetricVerifier>(pubKey);
 
   EXPECT_EQ(packet.getFormat(), HF_INET6_TCP_AH);
   EXPECT_EQ(signer->getHashType(), CryptoHashType::SHA256);
   EXPECT_EQ(signer->getSuite(), CryptoSuite::RSA_SHA256);
-  EXPECT_EQ(signer->getSignatureSize(), 128u);
+  EXPECT_EQ(signer->getSignatureSize(), 256u);
   EXPECT_EQ(verifier->verifyPackets(&packet), VerificationPolicy::ACCEPT);
 }
 
 TEST_F(AuthTest, AsymmetricBufferRSA) {
-  // Create the RSA signer from an Identity object
-  Identity identity("test_rsa.p12", PASSPHRASE, CryptoSuite::RSA_SHA256, 1024u,
-                    30, "RSAVerifier");
+  // Create the RSA keys
+  std::shared_ptr<EVP_PKEY> privateKey(EVP_PKEY_new(), EVP_PKEY_free);
+  std::shared_ptr<EVP_PKEY> pubKey(EVP_PKEY_new(), EVP_PKEY_free);
+  RSA_ptr rsa(RSA_new(), ::RSA_free);
+  BN_ptr pub_exp(BN_new(), ::BN_free);
+
+  BN_set_word(pub_exp.get(), RSA_F4);
+  if (1 != RSA_generate_key_ex(rsa.get(), 2048u, pub_exp.get(), NULL))
+    throw errors::RuntimeException("can't generate the key");
+  RSA_ptr rsa_pub(RSAPublicKey_dup(rsa.get()), ::RSA_free);
+  RSA_ptr rsa_priv(RSAPrivateKey_dup(rsa.get()), ::RSA_free);
+  if (1 != EVP_PKEY_set1_RSA(pubKey.get(), rsa_pub.get()))
+    throw errors::RuntimeException("can't generate the key");
+  if (1 != EVP_PKEY_set1_RSA(privateKey.get(), rsa_priv.get()))
+    throw errors::RuntimeException("can't generate the key");
+  std::shared_ptr<AsymmetricSigner> signer = std::make_shared<AsymmetricSigner>(
+      CryptoSuite::RSA_SHA256, privateKey, pubKey);
 
-  std::shared_ptr<AsymmetricSigner> signer = identity.getSigner();
   std::string payload = "bonjour";
 
   std::vector<uint8_t> buffer(payload.begin(), payload.end());
   signer->signBuffer(buffer);
   std::vector<uint8_t> sig = signer->getSignature();
 
-  std::shared_ptr<X509> cert = identity.getCertificate();
-  AsymmetricVerifier verif(cert);
-  bool res = verif.verifyBuffer(
+  std::shared_ptr<AsymmetricVerifier> verif =
+      std::make_shared<AsymmetricVerifier>(pubKey);
+  bool res = verif->verifyBuffer(
       buffer, std::vector<uint8_t>(sig.data(), sig.data() + sig.size()),
       CryptoHashType::SHA256);
   EXPECT_EQ(res, true);
 }
 
 TEST_F(AuthTest, AsymmetricBufferDSA) {
-  // Create the DSA signer from an Identity object
-  Identity identity("test_dsa.p12", PASSPHRASE, CryptoSuite::DSA_SHA256, 1024u,
-                    30, "DSAVerifier");
+  // Create the DSA keys
+
+  std::shared_ptr<EVP_PKEY> privateKey(EVP_PKEY_new(), EVP_PKEY_free);
+
+  DSA_ptr dsa(DSA_new(), ::DSA_free);
+  unsigned char buf[32];
+  if (RAND_bytes(buf, sizeof(buf)) != 1) {
+    throw errors::RuntimeException("can't generate the key");
+  }
+  if (DSA_generate_parameters_ex(dsa.get(), 1024u, buf, sizeof(buf), NULL, NULL,
+                                 NULL) != 1)
+    throw errors::RuntimeException("can't generate the key");
+  if (DSA_generate_key(dsa.get()) != 1)
+    throw errors::RuntimeException("can't generate the key");
+  if (EVP_PKEY_set1_DSA(privateKey.get(), dsa.get()) != 1)
+    throw errors::RuntimeException("can't generate the key");
+  if (1 != EVP_PKEY_set1_DSA(privateKey.get(), dsa.get()))
+    throw errors::RuntimeException("can't generate the key");
+
+  std::shared_ptr<X509> cert(X509_new(), ::X509_free);
+  X509_set_pubkey(cert.get(), privateKey.get());
+  std::shared_ptr<EVP_PKEY> pubKey(X509_get_pubkey(cert.get()), EVP_PKEY_free);
+  std::shared_ptr<AsymmetricSigner> signer = std::make_shared<AsymmetricSigner>(
+      CryptoSuite::DSA_SHA256, privateKey, pubKey);
 
-  std::shared_ptr<AsymmetricSigner> signer = identity.getSigner();
   std::string payload = "bonjour";
 
   std::vector<uint8_t> buffer(payload.begin(), payload.end());
   signer->signBuffer(buffer);
   std::vector<uint8_t> sig = signer->getSignature();
 
-  std::shared_ptr<X509> cert = identity.getCertificate();
-  AsymmetricVerifier verif(cert);
-  bool res = verif.verifyBuffer(
+  std::shared_ptr<AsymmetricVerifier> verif =
+      std::make_shared<AsymmetricVerifier>(pubKey);
+  bool res = verif->verifyBuffer(
       buffer, std::vector<uint8_t>(sig.data(), sig.data() + sig.size()),
       CryptoHashType::SHA256);
   EXPECT_EQ(res, true);
 }
 
 TEST_F(AuthTest, AsymmetricVerifierDSA) {
-  // Create the DSA signer from an Identity object
-  Identity identity("test_dsa.p12", PASSPHRASE, CryptoSuite::DSA_SHA256, 1024u,
-                    30, "DSAVerifier");
+  // Create the DSA keys
+  std::shared_ptr<EVP_PKEY> privateKey(EVP_PKEY_new(), EVP_PKEY_free);
 
-  std::shared_ptr<Signer> signer = identity.getSigner();
+  DSA_ptr dsa(DSA_new(), ::DSA_free);
+  unsigned char buf[32];
+  if (RAND_bytes(buf, sizeof(buf)) != 1) {
+    throw errors::RuntimeException("can't generate the key");
+  }
+  if (DSA_generate_parameters_ex(dsa.get(), 1024u, buf, sizeof(buf), NULL, NULL,
+                                 NULL) != 1)
+    throw errors::RuntimeException("can't generate the key");
+  if (DSA_generate_key(dsa.get()) != 1)
+    throw errors::RuntimeException("can't generate the key");
+  if (EVP_PKEY_set1_DSA(privateKey.get(), dsa.get()) != 1)
+    throw errors::RuntimeException("can't generate the key");
+  if (1 != EVP_PKEY_set1_DSA(privateKey.get(), dsa.get()))
+    throw errors::RuntimeException("can't generate the key");
+
+  std::shared_ptr<X509> cert(X509_new(), ::X509_free);
+  X509_set_pubkey(cert.get(), privateKey.get());
+  std::shared_ptr<EVP_PKEY> pubKey(X509_get_pubkey(cert.get()), EVP_PKEY_free);
+  std::shared_ptr<AsymmetricSigner> signer = std::make_shared<AsymmetricSigner>(
+      CryptoSuite::DSA_SHA256, privateKey, pubKey);
 
   // Create a content object
   core::ContentObject packet(HF_INET6_TCP_AH, signer->getSignatureSize());
@@ -134,7 +202,7 @@ TEST_F(AuthTest, AsymmetricVerifierDSA) {
   // EXPECT_EQ(signer->getSignatureSize(), 256u);
   signer->signPacket(&packet);
   std::shared_ptr<Verifier> verifier =
-      std::make_shared<AsymmetricVerifier>(identity.getCertificate());
+      std::make_shared<AsymmetricVerifier>(cert);
 
   EXPECT_EQ(packet.getFormat(), HF_INET6_TCP_AH);
   EXPECT_EQ(signer->getHashType(), CryptoHashType::SHA256);
@@ -143,33 +211,59 @@ TEST_F(AuthTest, AsymmetricVerifierDSA) {
 }
 
 TEST_F(AuthTest, AsymmetricBufferECDSA) {
-  // Create the ECDSA signer from an Identity object
-  Identity identity("test_ecdsa.p12", PASSPHRASE, CryptoSuite::ECDSA_SHA256,
-                    256u, 30, "ECDSAVerifier");
+  // Create the ECDSA keys
+  std::shared_ptr<EVP_PKEY> privateKey(EVP_PKEY_new(), EVP_PKEY_free);
+  std::shared_ptr<EVP_PKEY> pubKey(EVP_PKEY_new(), EVP_PKEY_free);
+  EC_KEY_ptr ec_priv(EC_KEY_new_by_curve_name(NID_secp256k1), ::EC_KEY_free);
+  EC_KEY_ptr ec_pub(EC_KEY_new(), ::EC_KEY_free);
+  EC_KEY_set_asn1_flag(ec_priv.get(), OPENSSL_EC_NAMED_CURVE);
+  if (EC_KEY_generate_key(ec_priv.get()) == 0)
+    throw errors::RuntimeException("can't generate the ecdsa key");
+  if (1 != EVP_PKEY_set1_EC_KEY(privateKey.get(), ec_priv.get()))
+    throw errors::RuntimeException("can't generate the key");
+  EC_KEY_set_group(ec_pub.get(), EC_KEY_get0_group(ec_priv.get()));
+  EC_KEY_set_public_key(ec_pub.get(), EC_KEY_get0_public_key(ec_priv.get()));
+  if (1 != EVP_PKEY_set1_EC_KEY(pubKey.get(), ec_pub.get()))
+    throw errors::RuntimeException("can't generate the key");
+
+  std::shared_ptr<AsymmetricSigner> signer = std::make_shared<AsymmetricSigner>(
+      CryptoSuite::ECDSA_SHA256, privateKey, pubKey);
 
-  std::shared_ptr<AsymmetricSigner> signer = identity.getSigner();
   std::string payload = "bonjour";
 
   std::vector<uint8_t> buffer(payload.begin(), payload.end());
   signer->signBuffer(buffer);
   std::vector<uint8_t> sig = signer->getSignature();
 
-  std::shared_ptr<X509> cert = identity.getCertificate();
-  AsymmetricVerifier verif(cert);
-  bool res = verif.verifyBuffer(
+  std::shared_ptr<AsymmetricVerifier> verif =
+      std::make_shared<AsymmetricVerifier>(pubKey);
+  bool res = verif->verifyBuffer(
       buffer, std::vector<uint8_t>(sig.data(), sig.data() + sig.size()),
       CryptoHashType::SHA256);
   EXPECT_EQ(res, true);
-}
+}  // namespace auth
 
 TEST_F(AuthTest, AsymmetricVerifierECDSA) {
-  Identity identity("test_ecdsa.p12", PASSPHRASE, CryptoSuite::ECDSA_SHA256,
-                    256u, 30, "ECDSAVerifier");
-
-  std::shared_ptr<Signer> signer = identity.getSigner();
-  std::shared_ptr<Verifier> verifier =
-      std::make_shared<AsymmetricVerifier>(identity.getCertificate());
-  // Create a content object
+  // Create the ECDSA keys
+  std::shared_ptr<EVP_PKEY> privateKey(EVP_PKEY_new(), EVP_PKEY_free);
+  std::shared_ptr<EVP_PKEY> pubKey(EVP_PKEY_new(), EVP_PKEY_free);
+  EC_KEY_ptr ec_priv(EC_KEY_new_by_curve_name(NID_secp256k1), ::EC_KEY_free);
+  EC_KEY_ptr ec_pub(EC_KEY_new(), ::EC_KEY_free);
+  EC_KEY_set_asn1_flag(ec_priv.get(), OPENSSL_EC_NAMED_CURVE);
+  if (EC_KEY_generate_key(ec_priv.get()) == 0)
+    throw errors::RuntimeException("can't generate the ecdsa key");
+  if (1 != EVP_PKEY_set1_EC_KEY(privateKey.get(), ec_priv.get()))
+    throw errors::RuntimeException("can't generate the key");
+  EC_KEY_set_group(ec_pub.get(), EC_KEY_get0_group(ec_priv.get()));
+  EC_KEY_set_public_key(ec_pub.get(), EC_KEY_get0_public_key(ec_priv.get()));
+  if (1 != EVP_PKEY_set1_EC_KEY(pubKey.get(), ec_pub.get()))
+    throw errors::RuntimeException("can't generate the key");
+
+  std::shared_ptr<AsymmetricSigner> signer = std::make_shared<AsymmetricSigner>(
+      CryptoSuite::ECDSA_SHA256, privateKey, pubKey);
+
+  std::shared_ptr<AsymmetricVerifier> verifier =
+      std::make_shared<AsymmetricVerifier>(pubKey);
   for (int i = 0; i < 100; i++) {
     core::ContentObject packet(HF_INET6_TCP_AH, signer->getSignatureSize());
author	Luca Muscariello <lumuscar@cisco.com>	2022-03-30 22:29:28 +0200
committer	Mauro Sardara <msardara@cisco.com>	2022-03-31 19:51:47 +0200
commit	c46e5df56b67bb8ea7a068d39324c640084ead2b (patch)
tree	eddeb17785938e09bc42eec98ee09b8a28846de6 /libtransport/src/test/test_auth.cc
parent	18fa668f25d3cc5463417ce7df6637e31578e898 (diff)