diff options
author | Olivier Roques <oroques+fdio@cisco.com> | 2020-04-08 15:29:55 +0200 |
---|---|---|
committer | Olivier Roques <oroques+fdio@cisco.com> | 2020-04-11 17:25:30 +0200 |
commit | eb9119968cfc53f41526981924e5c8d44612f98a (patch) | |
tree | 065b282b91e48fc62a01f5de5a5fe1bd29092c5c /utils/src | |
parent | 0ea5735b98f38beacf92dfdca74b7a6d5b3f7182 (diff) |
[HICN-595] Bring TLS up to date
HICN-2 would enable TLS only if OpenSSL 1.1.1 was present.
However the mechanism to do so was broken and hiperf always
ended up using normal consumer and producer sockets.
This patch fixes that by updating the build files. It also fixes
various bugs in the TLS implementation that went unnoticed and
cleans up the code.
Change-Id: Ifda75a9929e14460af43fe79d737d0c926bb671e
Signed-off-by: Olivier Roques <oroques+fdio@cisco.com>
Signed-off-by: Mauro Sardara <msardara@cisco.com>
Diffstat (limited to 'utils/src')
-rw-r--r-- | utils/src/hiperf.cc | 479 |
1 files changed, 231 insertions, 248 deletions
diff --git a/utils/src/hiperf.cc b/utils/src/hiperf.cc index 151e4df3d..0b1578b6f 100644 --- a/utils/src/hiperf.cc +++ b/utils/src/hiperf.cc @@ -64,25 +64,15 @@ namespace interface { */ struct ClientConfiguration { ClientConfiguration() - : name("b001::abcd", 0), - verify(false), - beta(-1.f), - drop_factor(-1.f), - window(-1), - producer_certificate(""), - passphrase(""), - receive_buffer(nullptr), - receive_buffer_size_(128 * 1024), - download_size(0), - report_interval_milliseconds_(1000), - transport_protocol_(CBR), - rtc_(false), - test_mode_(false), + : name("b001::abcd", 0), verify(false), beta(-1.f), drop_factor(-1.f), + window(-1), producer_certificate(""), passphrase(""), + receive_buffer(nullptr), receive_buffer_size_(128 * 1024), + download_size(0), report_interval_milliseconds_(1000), + transport_protocol_(CBR), rtc_(false), test_mode_(false), #ifdef SECURE_HICNTRANSPORT secure_(false), #endif - producer_prefix_(), - interest_lifetime_(500) { + producer_prefix_(), interest_lifetime_(500) { } Name name; @@ -110,7 +100,7 @@ struct ClientConfiguration { * Class for handling the production rate for the RTC producer. */ class Rate { - public: +public: Rate() : rate_kbps_(0) {} Rate(const std::string &rate) { @@ -140,7 +130,7 @@ class Rate { (uint32_t)std::round(packet_size * 1000.0 * 8.0 / (double)rate_kbps_)); } - private: +private: float rate_kbps_; }; @@ -149,23 +139,13 @@ class Rate { */ struct ServerConfiguration { ServerConfiguration() - : name("b001::abcd/64"), - virtual_producer(true), - manifest(false), - live_production(false), - sign(false), - content_lifetime(600000000_U32), - content_object_size(1440), - download_size(20 * 1024 * 1024), - hash_algorithm(utils::CryptoHashType::SHA_256), - keystore_name(""), - passphrase(""), - keystore_password("cisco"), - multiphase_produce_(false), - rtc_(false), - interactive_(false), - production_rate_(std::string("2048kbps")), - payload_size_(1440) + : name("b001::abcd/64"), virtual_producer(true), manifest(false), + live_production(false), sign(false), content_lifetime(600000000_U32), + content_object_size(1440), download_size(20 * 1024 * 1024), + hash_algorithm(utils::CryptoHashType::SHA_256), keystore_name(""), + passphrase(""), keystore_password("cisco"), multiphase_produce_(false), + rtc_(false), interactive_(false), + production_rate_(std::string("2048kbps")), payload_size_(1440) #ifdef SECURE_HICNTRANSPORT , secure_(false) @@ -214,13 +194,10 @@ class HIperfClient { friend class KeyCallback; friend class RTCCallback; - public: +public: HIperfClient(const ClientConfiguration &conf) - : configuration_(conf), - total_duration_milliseconds_(0), - old_bytes_value_(0), - signals_(io_service_, SIGINT), - expected_seg_(0), + : configuration_(conf), total_duration_milliseconds_(0), + old_bytes_value_(0), signals_(io_service_, SIGINT), expected_seg_(0), lost_packets_(std::unordered_set<uint32_t>()), rtc_callback_(configuration_.rtc_ ? new RTCCallback(*this) : nullptr), callback_(configuration_.rtc_ ? nullptr : new Callback(*this)), @@ -234,13 +211,14 @@ class HIperfClient { void checkReceivedRtcContent(ConsumerSocket &c, const ContentObject &contentObject) { - if (!configuration_.test_mode_) return; + if (!configuration_.test_mode_) + return; uint32_t receivedSeg = contentObject.getName().getSuffix(); auto payload = contentObject.getPayload(); - if ((uint32_t)payload->length() == 8) { // 8 is the size of the NACK - // payload + if ((uint32_t)payload->length() == 8) { // 8 is the size of the NACK + // payload uint32_t *payloadPtr = (uint32_t *)payload->data(); uint32_t productionSeg = *(payloadPtr); uint32_t productionRate = *(++payloadPtr); @@ -299,7 +277,8 @@ class HIperfClient { void handleTimerExpiration(ConsumerSocket &c, const TransportStatistics &stats) { - if (configuration_.rtc_) return; + if (configuration_.rtc_) + return; const char separator = ' '; const int width = 20; @@ -361,7 +340,7 @@ class HIperfClient { configuration_.transport_protocol_ = CBR; } -#ifdef SECURE_HICNSOCKET +#ifdef SECURE_HICNTRANSPORT if (configuration_.secure_) { consumer_socket_ = std::make_shared<P2PSecureConsumerSocket>( RAAQM, configuration_.transport_protocol_); @@ -378,7 +357,7 @@ class HIperfClient { #endif consumer_socket_ = std::make_shared<ConsumerSocket>(configuration_.transport_protocol_); -#ifdef SECURE_HICNSOCKET +#ifdef SECURE_HICNTRANSPORT } #endif @@ -431,13 +410,15 @@ class HIperfClient { if (!configuration_.producer_certificate.empty()) { key_id_ = verifier->addKeyFromCertificate( configuration_.producer_certificate); - if (key_id_ == nullptr) return ERROR_SETUP; + if (key_id_ == nullptr) + return ERROR_SETUP; } if (!configuration_.passphrase.empty()) { key_id_ = verifier->addKeyFromPassphrase( configuration_.passphrase, utils::CryptoSuite::HMAC_SHA256); - if (key_id_ == nullptr) return ERROR_SETUP; + if (key_id_ == nullptr) + return ERROR_SETUP; } if (consumer_socket_->setSocketOption(GeneralTransportOptions::VERIFIER, @@ -528,11 +509,11 @@ class HIperfClient { return ERROR_SUCCESS; } - private: +private: class RTCCallback : public ConsumerSocket::ReadCallback { static constexpr std::size_t mtu = 1500; - public: + public: RTCCallback(HIperfClient &hiperf_client) : client_(hiperf_client) { client_.configuration_.receive_buffer = utils::MemBuf::create(mtu); } @@ -559,12 +540,12 @@ class HIperfClient { std::cout << "Data successfully read" << std::endl; } - private: + private: HIperfClient &client_; }; class Callback : public ConsumerSocket::ReadCallback { - public: + public: Callback(HIperfClient &hiperf_client) : client_(hiperf_client) { client_.configuration_.receive_buffer = utils::MemBuf::create(client_.configuration_.receive_buffer_size_); @@ -610,14 +591,14 @@ class HIperfClient { client_.io_service_.stop(); } - private: + private: HIperfClient &client_; }; class KeyCallback : public ConsumerSocket::ReadCallback { static constexpr std::size_t read_size = 16 * 1024; - public: + public: KeyCallback(HIperfClient &hiperf_client) : client_(hiperf_client), key_(nullptr) {} @@ -643,14 +624,13 @@ class HIperfClient { client_.io_service_.stop(); } - bool verifyKey() { return !key_->empty(); } + bool validateKey() { return !key_->empty(); } void readSuccess(std::size_t total_size) noexcept override { std::cout << "Key size: " << total_size << " bytes" << std::endl; - afterRead(); } - void afterRead() { + void readKey() { std::shared_ptr<utils::Verifier> verifier = std::make_shared<utils::Verifier>(); verifier->addKeyFromPassphrase(*key_, utils::CryptoSuite::HMAC_SHA256); @@ -661,26 +641,30 @@ class HIperfClient { consumer_socket_->setSocketOption(GeneralTransportOptions::VERIFIER, verifier); } else { - std::cout << "Could not set verifier" << std::endl; + std::cout << "Consumer socket not set" << std::endl; return; } - if (consumer_socket_->verifyKeyPackets()) { - std::cout << "Verification of packet signatures successful" - << std::endl; + if (validateKey()) { + std::cout << "Key has been authenticated" << std::endl; } else { - std::cout << "Could not verify packet signatures" << std::endl; + std::cout << "Key could not be authenticated" << std::endl; return; } - std::cout << "Key retrieval done" << std::endl; + if (consumer_socket_->verifyKeyPackets()) { + std::cout << "Signatures of key packets are valid" << std::endl; + } else { + std::cout << "Signatures of key packets are not valid" << std::endl; + return; + } } void setConsumer(std::shared_ptr<ConsumerSocket> consumer_socket) { consumer_socket_ = consumer_socket; } - private: + private: HIperfClient &client_; std::unique_ptr<std::string> key_; std::shared_ptr<ConsumerSocket> consumer_socket_; @@ -699,7 +683,7 @@ class HIperfClient { RTCCallback *rtc_callback_; Callback *callback_; KeyCallback *key_callback_; -}; // namespace interface +}; // namespace interface /** * Hiperf server class: configure and setup an hicn producer following the @@ -708,19 +692,16 @@ class HIperfClient { class HIperfServer { const std::size_t log2_content_object_buffer_size = 8; - public: +public: HIperfServer(ServerConfiguration &conf) - : configuration_(conf), - signals_(io_service_, SIGINT), - rtc_timer_(io_service_), - unsatisfied_interests_(), + : configuration_(conf), signals_(io_service_, SIGINT), + rtc_timer_(io_service_), unsatisfied_interests_(), content_objects_((std::uint16_t)(1 << log2_content_object_buffer_size)), content_objects_index_(0), mask_((std::uint16_t)(1 << log2_content_object_buffer_size) - 1), last_segment_(0), #ifndef _WIN32 - ptr_last_segment_(&last_segment_), - input_(io_service_), + ptr_last_segment_(&last_segment_), input_(io_service_), rtc_running_(false) #else ptr_last_segment_(&last_segment_) @@ -843,9 +824,10 @@ class HIperfServer { std::placeholders::_1, std::placeholders::_2)); } - std::shared_ptr<utils::Identity> getProducerIdentity( - std::string &keystore_name, std::string &keystore_password, - utils::CryptoHashType &hash_algorithm) { + std::shared_ptr<utils::Identity> + getProducerIdentity(std::string &keystore_name, + std::string &keystore_password, + utils::CryptoHashType &hash_algorithm) { if (access(keystore_name.c_str(), F_OK) != -1) { return std::make_shared<utils::Identity>(keystore_name, keystore_password, hash_algorithm); @@ -859,7 +841,7 @@ class HIperfServer { int setup() { int ret; -#ifdef SECURE_HICNSOCKET +#ifdef SECURE_HICNTRANSPORT if (configuration_.secure_) { auto identity = getProducerIdentity(configuration_.keystore_name, configuration_.keystore_password, @@ -873,7 +855,7 @@ class HIperfServer { } else { producer_socket_ = std::make_unique<ProducerSocket>(); } -#ifdef SECURE_HICNSOCKET +#ifdef SECURE_HICNTRANSPORT } #endif @@ -974,7 +956,8 @@ class HIperfServer { } void sendRTCContentObjectCallback(std::error_code ec) { - if (ec) return; + if (ec) + return; rtc_timer_.expires_from_now( configuration_.production_rate_.getMicrosecondsForPacket( configuration_.payload_size_)); @@ -1007,11 +990,11 @@ class HIperfServer { std::placeholders::_1)); } - input_buffer_.consume(length); // Remove newline from input. - asio::async_read_until( - input_, input_buffer_, '\n', - std::bind(&HIperfServer::handleInput, this, std::placeholders::_1, - std::placeholders::_2)); + input_buffer_.consume(length); // Remove newline from input. + asio::async_read_until(input_, input_buffer_, '\n', + std::bind(&HIperfServer::handleInput, this, + std::placeholders::_1, + std::placeholders::_2)); } #endif @@ -1027,10 +1010,10 @@ class HIperfServer { if (configuration_.rtc_) { #ifndef _WIN32 if (configuration_.interactive_) { - asio::async_read_until( - input_, input_buffer_, '\n', - std::bind(&HIperfServer::handleInput, this, std::placeholders::_1, - std::placeholders::_2)); + asio::async_read_until(input_, input_buffer_, '\n', + std::bind(&HIperfServer::handleInput, this, + std::placeholders::_1, + std::placeholders::_2)); } else { rtc_running_ = true; rtc_timer_.expires_from_now( @@ -1055,7 +1038,7 @@ class HIperfServer { return ERROR_SUCCESS; } - private: +private: ServerConfiguration configuration_; asio::io_service io_service_; asio::signal_set signals_; @@ -1072,7 +1055,7 @@ class HIperfServer { asio::streambuf input_buffer_; bool rtc_running_; #endif -}; // namespace interface +}; // namespace interface void usage() { std::cerr << "HIPERF - A tool for performing network throughput " @@ -1211,174 +1194,174 @@ int main(int argc, char *argv[]) { "DSCf:b:d:W:RM:c:vA:s:rmlK:k:y:p:hi:xE:P:B:ItL:")) != -1) { switch (opt) { - // Common - case 'D': { - daemon = true; - break; - } - case 'I': { - server_configuration.interactive_ = true; - break; - } + // Common + case 'D': { + daemon = true; + break; + } + case 'I': { + server_configuration.interactive_ = true; + break; + } #else while ((opt = getopt(argc, argv, "SCf:b:d:W:RM:c:vA:s:rmlK:k:y:p:hi:xB:E:P:tL:")) != -1) { switch (opt) { #endif - case 'f': { - log_file = optarg; - break; - } - case 'R': { - client_configuration.rtc_ = true; - server_configuration.rtc_ = true; - break; - } + case 'f': { + log_file = optarg; + break; + } + case 'R': { + client_configuration.rtc_ = true; + server_configuration.rtc_ = true; + break; + } - // Server or Client - case 'S': { - role -= 1; - break; - } - case 'C': { - role += 1; - break; - } - case 'k': { - server_configuration.passphrase = std::string(optarg); - client_configuration.passphrase = std::string(optarg); - server_configuration.sign = true; - options = -1; - break; - } + // Server or Client + case 'S': { + role -= 1; + break; + } + case 'C': { + role += 1; + break; + } + case 'k': { + server_configuration.passphrase = std::string(optarg); + client_configuration.passphrase = std::string(optarg); + server_configuration.sign = true; + options = -1; + break; + } - // Client specifc - case 'b': { - client_configuration.beta = std::stod(optarg); - options = 1; - break; - } - case 'd': { - client_configuration.drop_factor = std::stod(optarg); - options = 1; - break; - } - case 'W': { - client_configuration.window = std::stod(optarg); - options = 1; - break; - } - case 'M': { - client_configuration.receive_buffer_size_ = std::stoull(optarg); - options = 1; - break; - } + // Client specifc + case 'b': { + client_configuration.beta = std::stod(optarg); + options = 1; + break; + } + case 'd': { + client_configuration.drop_factor = std::stod(optarg); + options = 1; + break; + } + case 'W': { + client_configuration.window = std::stod(optarg); + options = 1; + break; + } + case 'M': { + client_configuration.receive_buffer_size_ = std::stoull(optarg); + options = 1; + break; + } #ifdef SECURE_HICNTRANSPORT - case 'P': { - client_configuration.producer_prefix_ = Prefix(optarg); - client_configuration.secure_ = true; - break; - } + case 'P': { + client_configuration.producer_prefix_ = Prefix(optarg); + client_configuration.secure_ = true; + break; + } #endif - case 'c': { - client_configuration.producer_certificate = std::string(optarg); - options = 1; - break; - } - case 'v': { - client_configuration.verify = true; - options = 1; - break; - } - case 'i': { - client_configuration.report_interval_milliseconds_ = std::stoul(optarg); - options = 1; - break; - } - case 't': { - client_configuration.test_mode_ = true; - options = 1; - break; - } - case 'L': { - client_configuration.interest_lifetime_ = std::stoul(optarg); - options = 1; - break; - } - // Server specific - case 'A': { - server_configuration.download_size = std::stoul(optarg); - options = -1; - break; - } - case 's': { - server_configuration.payload_size_ = std::stoul(optarg); - options = -1; - break; - } - case 'r': { - server_configuration.virtual_producer = false; - options = -1; - break; - } - case 'm': { - server_configuration.manifest = true; - options = -1; - break; - } - case 'l': { - server_configuration.live_production = true; - options = -1; - break; - } - case 'K': { - server_configuration.keystore_name = std::string(optarg); - server_configuration.sign = true; - options = -1; - break; - } - case 'y': { - if (strncasecmp(optarg, "sha256", 6) == 0) { - server_configuration.hash_algorithm = utils::CryptoHashType::SHA_256; - } else if (strncasecmp(optarg, "sha512", 6) == 0) { - server_configuration.hash_algorithm = utils::CryptoHashType::SHA_512; - } else if (strncasecmp(optarg, "crc32", 5) == 0) { - server_configuration.hash_algorithm = utils::CryptoHashType::CRC32C; - } else { - std::cerr << "Ignored unknown hash algorithm. Using SHA 256." - << std::endl; - } - options = -1; - break; - } - case 'p': { - server_configuration.keystore_password = std::string(optarg); - options = -1; - break; - } - case 'x': { - server_configuration.multiphase_produce_ = true; - options = -1; - break; - } - case 'B': { - auto str = std::string(optarg); - std::transform(str.begin(), str.end(), str.begin(), ::tolower); - server_configuration.production_rate_ = str; - options = -1; - break; + case 'c': { + client_configuration.producer_certificate = std::string(optarg); + options = 1; + break; + } + case 'v': { + client_configuration.verify = true; + options = 1; + break; + } + case 'i': { + client_configuration.report_interval_milliseconds_ = std::stoul(optarg); + options = 1; + break; + } + case 't': { + client_configuration.test_mode_ = true; + options = 1; + break; + } + case 'L': { + client_configuration.interest_lifetime_ = std::stoul(optarg); + options = 1; + break; + } + // Server specific + case 'A': { + server_configuration.download_size = std::stoul(optarg); + options = -1; + break; + } + case 's': { + server_configuration.payload_size_ = std::stoul(optarg); + options = -1; + break; + } + case 'r': { + server_configuration.virtual_producer = false; + options = -1; + break; + } + case 'm': { + server_configuration.manifest = true; + options = -1; + break; + } + case 'l': { + server_configuration.live_production = true; + options = -1; + break; + } + case 'K': { + server_configuration.keystore_name = std::string(optarg); + server_configuration.sign = true; + options = -1; + break; + } + case 'y': { + if (strncasecmp(optarg, "sha256", 6) == 0) { + server_configuration.hash_algorithm = utils::CryptoHashType::SHA_256; + } else if (strncasecmp(optarg, "sha512", 6) == 0) { + server_configuration.hash_algorithm = utils::CryptoHashType::SHA_512; + } else if (strncasecmp(optarg, "crc32", 5) == 0) { + server_configuration.hash_algorithm = utils::CryptoHashType::CRC32C; + } else { + std::cerr << "Ignored unknown hash algorithm. Using SHA 256." + << std::endl; } + options = -1; + break; + } + case 'p': { + server_configuration.keystore_password = std::string(optarg); + options = -1; + break; + } + case 'x': { + server_configuration.multiphase_produce_ = true; + options = -1; + break; + } + case 'B': { + auto str = std::string(optarg); + std::transform(str.begin(), str.end(), str.begin(), ::tolower); + server_configuration.production_rate_ = str; + options = -1; + break; + } #ifdef SECURE_HICNTRANSPORT - case 'E': { - server_configuration.keystore_name = std::string(optarg); - server_configuration.secure_ = true; - break; - } + case 'E': { + server_configuration.keystore_name = std::string(optarg); + server_configuration.secure_ = true; + break; + } #endif - case 'h': - default: - usage(); - return EXIT_FAILURE; + case 'h': + default: + usage(); + return EXIT_FAILURE; } } @@ -1457,9 +1440,9 @@ int main(int argc, char *argv[]) { return 0; } -} // end namespace interface +} // end namespace interface -} // end namespace transport +} // end namespace transport int main(int argc, char *argv[]) { return transport::interface::main(argc, argv); |