diff options
Diffstat (limited to 'libtransport/includes/hicn/transport/auth')
9 files changed, 229 insertions, 308 deletions
diff --git a/libtransport/includes/hicn/transport/auth/CMakeLists.txt b/libtransport/includes/hicn/transport/auth/CMakeLists.txt index d855125b0..1e9fe4698 100644 --- a/libtransport/includes/hicn/transport/auth/CMakeLists.txt +++ b/libtransport/includes/hicn/transport/auth/CMakeLists.txt @@ -11,13 +11,9 @@ # See the License for the specific language governing permissions and # limitations under the License. -cmake_minimum_required(VERSION 3.5 FATAL_ERROR) - list(APPEND HEADER_FILES ${CMAKE_CURRENT_SOURCE_DIR}/common.h ${CMAKE_CURRENT_SOURCE_DIR}/crypto_hash.h - ${CMAKE_CURRENT_SOURCE_DIR}/crypto_hash_type.h - ${CMAKE_CURRENT_SOURCE_DIR}/crypto_hasher.h ${CMAKE_CURRENT_SOURCE_DIR}/crypto_suite.h ${CMAKE_CURRENT_SOURCE_DIR}/identity.h ${CMAKE_CURRENT_SOURCE_DIR}/key_id.h diff --git a/libtransport/includes/hicn/transport/auth/common.h b/libtransport/includes/hicn/transport/auth/common.h index 911bcbc6a..fb0e82eb7 100644 --- a/libtransport/includes/hicn/transport/auth/common.h +++ b/libtransport/includes/hicn/transport/auth/common.h @@ -20,8 +20,6 @@ namespace transport { namespace auth { -using Hash = std::vector<uint8_t>; -using HashEntry = std::pair<CryptoHashType, Hash>; using PacketPtr = core::Packet *; using Suffix = uint32_t; diff --git a/libtransport/includes/hicn/transport/auth/crypto_hash.h b/libtransport/includes/hicn/transport/auth/crypto_hash.h index 26c251b38..90f1627e9 100644 --- a/libtransport/includes/hicn/transport/auth/crypto_hash.h +++ b/libtransport/includes/hicn/transport/auth/crypto_hash.h @@ -16,105 +16,86 @@ #pragma once #include <hicn/transport/errors/runtime_exception.h> -#include <hicn/transport/portability/portability.h> -#include <hicn/transport/auth/crypto_hash_type.h> -#include <hicn/transport/utils/array.h> +#include <hicn/transport/utils/membuf.h> -extern "C" { -#include <parc/security/parc_CryptoHash.h> -}; +#include <iomanip> -#include <cstring> -#include <unordered_map> +extern "C" { +#include <openssl/evp.h> +} namespace transport { namespace auth { -class CryptoHasher; +typedef const EVP_MD *(*CryptoHashEVP)(void); -struct EnumClassHash { - template <typename T> - std::size_t operator()(T t) const { - return static_cast<std::size_t>(t); - } +enum class CryptoHashType : uint8_t { + UNKNOWN, + SHA256, + SHA512, + BLAKE2B512, + BLAKE2S256, }; -static std::unordered_map<CryptoHashType, std::size_t, EnumClassHash> - hash_size_map = {{CryptoHashType::SHA_256, 32}, - {CryptoHashType::CRC32C, 4}, - {CryptoHashType::SHA_512, 64}}; +class CryptoHash { + public: + // Constructors + CryptoHash(); + CryptoHash(const CryptoHash &other); + CryptoHash(CryptoHash &&other); + CryptoHash(CryptoHashType hash_type); + CryptoHash(const uint8_t *hash, std::size_t size, CryptoHashType hash_type); + CryptoHash(const std::vector<uint8_t> &hash, CryptoHashType hash_type); -class Signer; -class Verifier; + // Destructor + ~CryptoHash() = default; -class CryptoHash { - friend class CryptoHasher; - friend class Signer; - friend class Verifier; + // Operators + CryptoHash &operator=(const CryptoHash &other); + bool operator==(const CryptoHash &other) const; - public: - CryptoHash() : hash_(nullptr) {} - - CryptoHash(const CryptoHash& other) { - if (other.hash_) { - hash_ = parcCryptoHash_Acquire(other.hash_); - } - } - - CryptoHash(CryptoHash&& other) { - if (other.hash_) { - hash_ = parcCryptoHash_Acquire(other.hash_); - } - } - - template <typename T> - CryptoHash(const T* buffer, std::size_t length, CryptoHashType hash_type) { - hash_ = parcCryptoHash_CreateFromArray( - static_cast<PARCCryptoHashType>(hash_type), buffer, length); - } - - ~CryptoHash() { - if (hash_) { - parcCryptoHash_Release(&hash_); - } - } - - CryptoHash& operator=(const CryptoHash& other) { - if (other.hash_) { - hash_ = parcCryptoHash_Acquire(other.hash_); - } - - return *this; - } - - template <typename T> - utils::Array<T> getDigest() const { - return utils::Array<T>( - static_cast<T*>(parcBuffer_Overlay(parcCryptoHash_GetDigest(hash_), 0)), - parcBuffer_Remaining(parcCryptoHash_GetDigest(hash_))); - } - - CryptoHashType getType() { - return static_cast<CryptoHashType>(parcCryptoHash_GetDigestType(hash_)); - } - - template <typename T> - static bool compareBinaryDigest(const T* digest1, const T* digest2, - CryptoHashType hash_type) { - if (hash_size_map.find(hash_type) == hash_size_map.end()) { - return false; - } - - return !static_cast<bool>( - std::memcmp(digest1, digest2, hash_size_map[hash_type])); - } - - TRANSPORT_ALWAYS_INLINE void display() { - parcBuffer_Display(parcCryptoHash_GetDigest(hash_), 2); - } + // Compute the hash of given buffer + void computeDigest(const uint8_t *buffer, std::size_t len); + void computeDigest(const std::vector<uint8_t> &buffer); + + // Compute the hash of given membuf + void computeDigest(const utils::MemBuf *buffer); + + // Return the computed hash + std::vector<uint8_t> getDigest() const; + + // Return the computed hash as a string + std::string getStringDigest() const; + + // Return hash type + CryptoHashType getType() const; + + // Return hash size + std::size_t getSize() const; + + // Change hash type + void setType(CryptoHashType hash_type); + + // Print hash to stdout + void display(); + + // Reset hash + void reset(); + + // Return OpenSSL EVP function associated to a given hash type + static CryptoHashEVP getEVP(CryptoHashType hash_type); + + // Return hash size + static std::size_t getSize(CryptoHashType hash_type); + + // Compare two raw buffers + static bool compareDigest(const uint8_t *h1, const uint8_t *h2, + CryptoHashType hash_type); private: - PARCCryptoHash* hash_; + CryptoHashType digest_type_; + std::vector<uint8_t> digest_; + std::size_t digest_size_; }; } // namespace auth diff --git a/libtransport/includes/hicn/transport/auth/crypto_hash_type.h b/libtransport/includes/hicn/transport/auth/crypto_hash_type.h deleted file mode 100644 index 9d792624e..000000000 --- a/libtransport/includes/hicn/transport/auth/crypto_hash_type.h +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) 2017-2019 Cisco and/or its affiliates. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#pragma once - -extern "C" { -#include <parc/security/parc_CryptoHashType.h> -}; - -#include <cstdint> - -namespace transport { -namespace auth { - -enum class CryptoHashType : uint8_t { - SHA_256 = PARCCryptoHashType_SHA256, - SHA_512 = PARCCryptoHashType_SHA512, - CRC32C = PARCCryptoHashType_CRC32C, - NULL_HASH = PARCCryptoHashType_NULL -}; - -} // namespace auth -} // namespace transport diff --git a/libtransport/includes/hicn/transport/auth/crypto_hasher.h b/libtransport/includes/hicn/transport/auth/crypto_hasher.h deleted file mode 100644 index ada1a6ee8..000000000 --- a/libtransport/includes/hicn/transport/auth/crypto_hasher.h +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright (c) 2017-2019 Cisco and/or its affiliates. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#pragma once - -#include <hicn/transport/auth/crypto_hash.h> - -extern "C" { -#include <parc/security/parc_CryptoHasher.h> -}; - -namespace transport { -namespace auth { - -class CryptoHasher { - public: - CryptoHasher(CryptoHashType hash_type) - : hasher_(parcCryptoHasher_Create( - static_cast<PARCCryptoHashType>(hash_type))), - managed_(true) {} - - CryptoHasher(PARCCryptoHasher* hasher) : hasher_(hasher), managed_(false) {} - - ~CryptoHasher() { - if (managed_) { - parcCryptoHasher_Release(&hasher_); - } - } - - CryptoHasher& init() { - if (parcCryptoHasher_Init(hasher_) == -1) { - throw errors::RuntimeException("Cryptohash init failed."); - } - - return *this; - } - - template <typename T> - CryptoHasher& updateBytes(const T* buffer, std::size_t length) { - if (parcCryptoHasher_UpdateBytes(hasher_, buffer, length) == -1) { - throw errors::RuntimeException("Cryptohash updateBytes failed."); - } - return *this; - } - - CryptoHash finalize() { - CryptoHash hash; - hash.hash_ = parcCryptoHasher_Finalize(hasher_); - return hash; - } - - private: - PARCCryptoHasher* hasher_; - bool managed_; -}; - -} // namespace auth -} // namespace transport diff --git a/libtransport/includes/hicn/transport/auth/crypto_suite.h b/libtransport/includes/hicn/transport/auth/crypto_suite.h index 11df6ac06..d0f1de395 100644 --- a/libtransport/includes/hicn/transport/auth/crypto_suite.h +++ b/libtransport/includes/hicn/transport/auth/crypto_suite.h @@ -15,25 +15,40 @@ #pragma once -extern "C" { -#include <parc/security/parc_CryptoSuite.h> -}; +#include <hicn/transport/auth/crypto_hash.h> -#include <cstdint> +extern "C" { +#include <openssl/obj_mac.h> +} namespace transport { namespace auth { enum class CryptoSuite : uint8_t { - RSA_SHA256 = PARCCryptoSuite_RSA_SHA256, - DSA_SHA256 = PARCCryptoSuite_DSA_SHA256, - RSA_SHA512 = PARCCryptoSuite_RSA_SHA512, - HMAC_SHA256 = PARCCryptoSuite_HMAC_SHA256, - HMAC_SHA512 = PARCCryptoSuite_HMAC_SHA512, - NULL_CRC32C = PARCCryptoSuite_NULL_CRC32C, - ECDSA_256K1 = PARCCryptoSuite_ECDSA_SHA256, - UNKNOWN = PARCCryptoSuite_UNKNOWN + UNKNOWN, + ECDSA_BLAKE2B512, + ECDSA_BLAKE2S256, + ECDSA_SHA256, + ECDSA_SHA512, + RSA_BLAKE2B512, + RSA_BLAKE2S256, + RSA_SHA256, + RSA_SHA512, + HMAC_BLAKE2B512, + HMAC_BLAKE2S256, + HMAC_SHA256, + HMAC_SHA512, + DSA_BLAKE2B512, + DSA_BLAKE2S256, + DSA_SHA256, + DSA_SHA512, }; +// Return the suite associated to the given NID +CryptoSuite getSuite(int nid); + +// Return the hash type associated to the given suite +CryptoHashType getHashType(CryptoSuite suite); + } // namespace auth } // namespace transport diff --git a/libtransport/includes/hicn/transport/auth/identity.h b/libtransport/includes/hicn/transport/auth/identity.h index 19157952e..be072f5d3 100644 --- a/libtransport/includes/hicn/transport/auth/identity.h +++ b/libtransport/includes/hicn/transport/auth/identity.h @@ -15,14 +15,17 @@ #pragma once +#include <errno.h> +#include <fcntl.h> #include <hicn/transport/auth/signer.h> +#include <unistd.h> extern "C" { -#include <parc/security/parc_Identity.h> -#include <parc/security/parc_IdentityFile.h> -#include <parc/security/parc_Pkcs12KeyStore.h> -#include <parc/security/parc_Security.h> -}; +#include <openssl/pkcs12.h> +#include <openssl/rand.h> +#include <openssl/x509.h> +#include <openssl/x509v3.h> +} namespace transport { namespace auth { @@ -54,12 +57,20 @@ class Identity { // Return the key store password. std::string getPassword() const; + std::shared_ptr<X509> getCertificate() const; + + std::shared_ptr<EVP_PKEY> getPrivateKey() const; + // Generate a new random identity. static Identity generateIdentity(const std::string &subject_name = ""); private: - PARCIdentity *identity_; + static void free_key(EVP_PKEY *T) { EVP_PKEY_free(T); } + + std::string pwd_; + std::string filename_; std::shared_ptr<AsymmetricSigner> signer_; + std::shared_ptr<X509> cert_; }; } // namespace auth diff --git a/libtransport/includes/hicn/transport/auth/signer.h b/libtransport/includes/hicn/transport/auth/signer.h index fd5c4e6c6..405dd83cf 100644 --- a/libtransport/includes/hicn/transport/auth/signer.h +++ b/libtransport/includes/hicn/transport/auth/signer.h @@ -16,62 +16,79 @@ #pragma once #include <hicn/transport/auth/common.h> +#include <hicn/transport/auth/crypto_hash.h> +#include <hicn/transport/auth/crypto_suite.h> #include <hicn/transport/errors/errors.h> +#include <hicn/transport/utils/membuf.h> extern "C" { -#include <parc/security/parc_PublicKeySigner.h> -#include <parc/security/parc_Security.h> -#include <parc/security/parc_Signer.h> -#include <parc/security/parc_SymmetricKeySigner.h> +#include <openssl/evp.h> +#include <openssl/hmac.h> } namespace transport { namespace auth { +class Identity; class Signer { // The base class from which all signer classes derive. + friend class Identity; + public: Signer(); - Signer(PARCSigner *signer); - virtual ~Signer(); // Sign a packet. virtual void signPacket(PacketPtr packet); + virtual void signBuffer(const std::vector<uint8_t> &buffer); + virtual void signBuffer(const utils::MemBuf *buffer); + + // Return the signature. + std::vector<uint8_t> getSignature() const; - // Set the signer object used to sign packets. - void setSigner(PARCSigner *signer); + // Return the signature size in bytes. + virtual std::size_t getSignatureSize() const; - // Return the signature size. - size_t getSignatureSize() const; + // Return the field size necessary to hold the signature. The field size is + // always a multiple of 4. Use this function when allocating the signature + // packet header. + virtual std::size_t getSignatureFieldSize() const; // Return the crypto suite associated to the signer. - CryptoSuite getCryptoSuite() const; + CryptoSuite getSuite() const; // Return the hash algorithm associated to the signer. - CryptoHashType getCryptoHashType() const; + CryptoHashType getHashType() const; - // Return the PARC signer. - PARCSigner *getParcSigner() const; + protected: + CryptoSuite suite_; + std::vector<uint8_t> signature_; + std::size_t signature_len_; + std::shared_ptr<EVP_PKEY> key_; + CryptoHash key_id_; +}; - // Return the PARC key store containing the signer key. - PARCKeyStore *getParcKeyStore() const; +class VoidSigner : public Signer { + // This class is the default socket signer. It does not sign packet. + public: + VoidSigner() = default; - protected: - PARCSigner *signer_; - PARCKeyId *key_id_; + void signPacket(PacketPtr packet) override; + void signBuffer(const std::vector<uint8_t> &buffer) override; + void signBuffer(const utils::MemBuf *buffer) override; }; class AsymmetricSigner : public Signer { - // This class uses asymmetric verification to sign packets. The public key - // must be given from a PARCKeyStore. + // This class uses asymmetric verification to sign packets. public: AsymmetricSigner() = default; - AsymmetricSigner(PARCSigner *signer) : Signer(signer){}; // Construct an AsymmetricSigner from a key store and a given crypto suite. - AsymmetricSigner(CryptoSuite suite, PARCKeyStore *key_store); + AsymmetricSigner(CryptoSuite suite, std::shared_ptr<EVP_PKEY> key, + std::shared_ptr<EVP_PKEY> pub_key); + + std::size_t getSignatureFieldSize() const override; }; class SymmetricSigner : public Signer { @@ -79,12 +96,8 @@ class SymmetricSigner : public Signer { // key is derived from a passphrase. public: SymmetricSigner() = default; - SymmetricSigner(PARCSigner *signer) : Signer(signer){}; - - // Construct an SymmetricSigner from a key store and a given crypto suite. - SymmetricSigner(CryptoSuite suite, PARCKeyStore *key_store); - // Construct an AsymmetricSigner from a passphrase and a given crypto suite. + // Construct a SymmetricSigner from a passphrase and a given crypto suite. SymmetricSigner(CryptoSuite suite, const std::string &passphrase); }; diff --git a/libtransport/includes/hicn/transport/auth/verifier.h b/libtransport/includes/hicn/transport/auth/verifier.h index e6e561918..6321d4ed5 100644 --- a/libtransport/includes/hicn/transport/auth/verifier.h +++ b/libtransport/includes/hicn/transport/auth/verifier.h @@ -21,26 +21,26 @@ #include <hicn/transport/errors/errors.h> #include <hicn/transport/interfaces/callbacks.h> -#include <algorithm> - extern "C" { -#include <parc/security/parc_CertificateFactory.h> -#include <parc/security/parc_InMemoryVerifier.h> -#include <parc/security/parc_Security.h> -#include <parc/security/parc_SymmetricKeySigner.h> -#include <parc/security/parc_Verifier.h> +#include <openssl/evp.h> +#include <openssl/hmac.h> +#include <openssl/pem.h> +#include <openssl/x509.h> } namespace transport { namespace auth { class Verifier { - // The base class from which all verifier classes derive. + // The base Verifier class. public: - // The VerificationFailedCallback will be called by the transport if a data - // packet (either a manifest or a content object) cannot be verified. The - // application decides what to do then by returning a VerificationPolicy - // object. + using SuffixMap = std::unordered_map<Suffix, CryptoHash>; + using PolicyMap = std::unordered_map<Suffix, VerificationPolicy>; + + // The VerificationFailedCallback will be called by the transport if a + // data packet (either a manifest or a content object) was not validated. + // The application decides what to do then by returning a + // VerificationPolicy object. using VerificationFailedCallback = std::function<auth::VerificationPolicy( const core::ContentObject &content_object, std::error_code ec)>; @@ -52,39 +52,41 @@ class Verifier { virtual ~Verifier(); - // Verify a single packet and return whether or not the packet signature is - // valid. + // Verify a single packet or buffer. virtual bool verifyPacket(PacketPtr packet); - - // Verify a batch of packets. Return a vector with the same size as the packet - // list, element i of that vector will contain the VerificationPolicy for - // packet i. - virtual std::vector<VerificationPolicy> verifyPackets( - const std::vector<PacketPtr> &packets); + virtual bool verifyBuffer(const std::vector<uint8_t> &buffer, + const std::vector<uint8_t> &signature, + CryptoHashType hash_type) = 0; + virtual bool verifyBuffer(const utils::MemBuf *buffer, + const std::vector<uint8_t> &signature, + CryptoHashType hash_type) = 0; + + // Verify a batch of packets. Return a mapping from packet suffixes to their + // VerificationPolicy. + virtual PolicyMap verifyPackets(const std::vector<PacketPtr> &packets); VerificationPolicy verifyPackets(PacketPtr packet) { - return verifyPackets(std::vector<PacketPtr>{packet}).front(); + return verifyPackets(std::vector<PacketPtr>{packet}) + .at(packet->getName().getSuffix()); } + // Verify that a set of packet hashes are present in another set of hashes + // that was extracted from manifests. Return a mapping from packet suffixes to + // their VerificationPolicy. + virtual PolicyMap verifyHashes(const SuffixMap &packet_map, + const SuffixMap &suffix_map); + // Verify that a batch of packets are valid using a map from packet suffixes - // to hashes. A packet is considered valid if its hash correspond to the hash - // present in the map. Return a vector with the same size as the packet list, - // element i of that vector will contain the VerificationPolicy for packet i. - virtual std::vector<VerificationPolicy> verifyPackets( - const std::vector<PacketPtr> &packets, - const std::unordered_map<Suffix, HashEntry> &suffix_map); - VerificationPolicy verifyPackets( - PacketPtr packet, - const std::unordered_map<Suffix, HashEntry> &suffix_map) { - return verifyPackets(std::vector<PacketPtr>{packet}, suffix_map).front(); + // to hashes. A packet is considered valid if its hash is present in the map. + // Return a mapping from packet suffixes to their VerificationPolicy. + virtual PolicyMap verifyPackets(const std::vector<PacketPtr> &packets, + const SuffixMap &suffix_map); + VerificationPolicy verifyPackets(PacketPtr packet, + const SuffixMap &suffix_map) { + return verifyPackets(std::vector<PacketPtr>{packet}, suffix_map) + .at(packet->getName().getSuffix()); } - // Add a general PARC key which can be used to verify packet signatures. - void addKey(PARCKey *key); - - // Set the hasher object used to compute packet hashes. - void setHasher(PARCCryptoHasher *hasher); - - // Set the callback for the case packet verification fails. + // Set the callback called when packet verification fails. void setVerificationFailedCallback( VerificationFailedCallback verification_failed_cb, const std::vector<VerificationPolicy> &failed_policies = @@ -94,50 +96,62 @@ class Verifier { void getVerificationFailedCallback( VerificationFailedCallback **verification_failed_cb); - static size_t getSignatureSize(const PacketPtr); - protected: - PARCCryptoHasher *hasher_; - PARCVerifier *verifier_; VerificationFailedCallback verification_failed_cb_; std::vector<VerificationPolicy> failed_policies_; - // Internally compute a packet hash using the hasher object. - virtual CryptoHash computeHash(PacketPtr packet); - // Call VerificationFailedCallback if it is set and update the packet policy. void callVerificationFailedCallback(PacketPtr packet, VerificationPolicy &policy); }; class VoidVerifier : public Verifier { - // This class is the default socket verifier. It ignores completely the packet - // signature and always returns true. + // This class is the default socket verifier. It ignores any packet signature + // and always returns true. public: bool verifyPacket(PacketPtr packet) override; + bool verifyBuffer(const std::vector<uint8_t> &buffer, + const std::vector<uint8_t> &signature, + CryptoHashType hash_type) override; + bool verifyBuffer(const utils::MemBuf *buffer, + const std::vector<uint8_t> &signature, + CryptoHashType hash_type) override; - std::vector<VerificationPolicy> verifyPackets( - const std::vector<PacketPtr> &packets) override; + PolicyMap verifyPackets(const std::vector<PacketPtr> &packets) override; - std::vector<VerificationPolicy> verifyPackets( - const std::vector<PacketPtr> &packets, - const std::unordered_map<Suffix, HashEntry> &suffix_map) override; + PolicyMap verifyPackets(const std::vector<PacketPtr> &packets, + const SuffixMap &suffix_map) override; }; class AsymmetricVerifier : public Verifier { // This class uses asymmetric verification to validate packets. The public key - // can be set directly or extracted from a certificate. + // can be directly set or extracted from a certificate. public: AsymmetricVerifier() = default; - // Add a public key to the verifier. - AsymmetricVerifier(PARCKey *pub_key); + // Construct an AsymmetricVerifier from an asymmetric key. + AsymmetricVerifier(std::shared_ptr<EVP_PKEY> key); // Construct an AsymmetricVerifier from a certificate file. AsymmetricVerifier(const std::string &cert_path); + AsymmetricVerifier(std::shared_ptr<X509> cert); + + // Set the asymmetric key. + void setKey(std::shared_ptr<EVP_PKEY> key); + + // Extract the public key from a certificate. + void useCertificate(const std::string &cert_path); + void useCertificate(std::shared_ptr<X509> cert); - // Extract the public key of a certificate file. - void setCertificate(const std::string &cert_path); + bool verifyBuffer(const std::vector<uint8_t> &buffer, + const std::vector<uint8_t> &signature, + CryptoHashType hash_type) override; + bool verifyBuffer(const utils::MemBuf *buffer, + const std::vector<uint8_t> &signature, + CryptoHashType hash_type) override; + + private: + std::shared_ptr<EVP_PKEY> key_; }; class SymmetricVerifier : public Verifier { @@ -149,20 +163,18 @@ class SymmetricVerifier : public Verifier { // Construct a SymmetricVerifier from a passphrase. SymmetricVerifier(const std::string &passphrase); - ~SymmetricVerifier(); - // Create and set a symmetric key from a passphrase. void setPassphrase(const std::string &passphrase); - // Construct a signer object. Passphrase must be set beforehand. - void setSigner(const PARCCryptoSuite &suite); - - virtual std::vector<VerificationPolicy> verifyPackets( - const std::vector<PacketPtr> &packets) override; + bool verifyBuffer(const std::vector<uint8_t> &buffer, + const std::vector<uint8_t> &signature, + CryptoHashType hash_type) override; + bool verifyBuffer(const utils::MemBuf *buffer, + const std::vector<uint8_t> &signature, + CryptoHashType hash_type) override; protected: - PARCBuffer *passphrase_; - PARCSigner *signer_; + std::shared_ptr<EVP_PKEY> key_; }; } // namespace auth |