diff options
Diffstat (limited to 'libtransport/includes/hicn/transport/auth')
11 files changed, 710 insertions, 0 deletions
diff --git a/libtransport/includes/hicn/transport/auth/CMakeLists.txt b/libtransport/includes/hicn/transport/auth/CMakeLists.txt new file mode 100644 index 000000000..d855125b0 --- /dev/null +++ b/libtransport/includes/hicn/transport/auth/CMakeLists.txt @@ -0,0 +1,29 @@ +# Copyright (c) 2017-2019 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +cmake_minimum_required(VERSION 3.5 FATAL_ERROR) + +list(APPEND HEADER_FILES + ${CMAKE_CURRENT_SOURCE_DIR}/common.h + ${CMAKE_CURRENT_SOURCE_DIR}/crypto_hash.h + ${CMAKE_CURRENT_SOURCE_DIR}/crypto_hash_type.h + ${CMAKE_CURRENT_SOURCE_DIR}/crypto_hasher.h + ${CMAKE_CURRENT_SOURCE_DIR}/crypto_suite.h + ${CMAKE_CURRENT_SOURCE_DIR}/identity.h + ${CMAKE_CURRENT_SOURCE_DIR}/key_id.h + ${CMAKE_CURRENT_SOURCE_DIR}/policies.h + ${CMAKE_CURRENT_SOURCE_DIR}/signer.h + ${CMAKE_CURRENT_SOURCE_DIR}/verifier.h +) + +set(HEADER_FILES ${HEADER_FILES} PARENT_SCOPE) diff --git a/libtransport/includes/hicn/transport/auth/common.h b/libtransport/includes/hicn/transport/auth/common.h new file mode 100644 index 000000000..911bcbc6a --- /dev/null +++ b/libtransport/includes/hicn/transport/auth/common.h @@ -0,0 +1,29 @@ +/* + * Copyright (c) 2017-2019 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include <hicn/transport/core/packet.h> + +namespace transport { +namespace auth { + +using Hash = std::vector<uint8_t>; +using HashEntry = std::pair<CryptoHashType, Hash>; +using PacketPtr = core::Packet *; +using Suffix = uint32_t; + +} // namespace auth +} // namespace transport diff --git a/libtransport/includes/hicn/transport/auth/crypto_hash.h b/libtransport/includes/hicn/transport/auth/crypto_hash.h new file mode 100644 index 000000000..26c251b38 --- /dev/null +++ b/libtransport/includes/hicn/transport/auth/crypto_hash.h @@ -0,0 +1,121 @@ +/* + * Copyright (c) 2017-2019 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include <hicn/transport/errors/runtime_exception.h> +#include <hicn/transport/portability/portability.h> +#include <hicn/transport/auth/crypto_hash_type.h> +#include <hicn/transport/utils/array.h> + +extern "C" { +#include <parc/security/parc_CryptoHash.h> +}; + +#include <cstring> +#include <unordered_map> + +namespace transport { +namespace auth { + +class CryptoHasher; + +struct EnumClassHash { + template <typename T> + std::size_t operator()(T t) const { + return static_cast<std::size_t>(t); + } +}; + +static std::unordered_map<CryptoHashType, std::size_t, EnumClassHash> + hash_size_map = {{CryptoHashType::SHA_256, 32}, + {CryptoHashType::CRC32C, 4}, + {CryptoHashType::SHA_512, 64}}; + +class Signer; +class Verifier; + +class CryptoHash { + friend class CryptoHasher; + friend class Signer; + friend class Verifier; + + public: + CryptoHash() : hash_(nullptr) {} + + CryptoHash(const CryptoHash& other) { + if (other.hash_) { + hash_ = parcCryptoHash_Acquire(other.hash_); + } + } + + CryptoHash(CryptoHash&& other) { + if (other.hash_) { + hash_ = parcCryptoHash_Acquire(other.hash_); + } + } + + template <typename T> + CryptoHash(const T* buffer, std::size_t length, CryptoHashType hash_type) { + hash_ = parcCryptoHash_CreateFromArray( + static_cast<PARCCryptoHashType>(hash_type), buffer, length); + } + + ~CryptoHash() { + if (hash_) { + parcCryptoHash_Release(&hash_); + } + } + + CryptoHash& operator=(const CryptoHash& other) { + if (other.hash_) { + hash_ = parcCryptoHash_Acquire(other.hash_); + } + + return *this; + } + + template <typename T> + utils::Array<T> getDigest() const { + return utils::Array<T>( + static_cast<T*>(parcBuffer_Overlay(parcCryptoHash_GetDigest(hash_), 0)), + parcBuffer_Remaining(parcCryptoHash_GetDigest(hash_))); + } + + CryptoHashType getType() { + return static_cast<CryptoHashType>(parcCryptoHash_GetDigestType(hash_)); + } + + template <typename T> + static bool compareBinaryDigest(const T* digest1, const T* digest2, + CryptoHashType hash_type) { + if (hash_size_map.find(hash_type) == hash_size_map.end()) { + return false; + } + + return !static_cast<bool>( + std::memcmp(digest1, digest2, hash_size_map[hash_type])); + } + + TRANSPORT_ALWAYS_INLINE void display() { + parcBuffer_Display(parcCryptoHash_GetDigest(hash_), 2); + } + + private: + PARCCryptoHash* hash_; +}; + +} // namespace auth +} // namespace transport diff --git a/libtransport/includes/hicn/transport/auth/crypto_hash_type.h b/libtransport/includes/hicn/transport/auth/crypto_hash_type.h new file mode 100644 index 000000000..9d792624e --- /dev/null +++ b/libtransport/includes/hicn/transport/auth/crypto_hash_type.h @@ -0,0 +1,35 @@ +/* + * Copyright (c) 2017-2019 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +extern "C" { +#include <parc/security/parc_CryptoHashType.h> +}; + +#include <cstdint> + +namespace transport { +namespace auth { + +enum class CryptoHashType : uint8_t { + SHA_256 = PARCCryptoHashType_SHA256, + SHA_512 = PARCCryptoHashType_SHA512, + CRC32C = PARCCryptoHashType_CRC32C, + NULL_HASH = PARCCryptoHashType_NULL +}; + +} // namespace auth +} // namespace transport diff --git a/libtransport/includes/hicn/transport/auth/crypto_hasher.h b/libtransport/includes/hicn/transport/auth/crypto_hasher.h new file mode 100644 index 000000000..ada1a6ee8 --- /dev/null +++ b/libtransport/includes/hicn/transport/auth/crypto_hasher.h @@ -0,0 +1,70 @@ +/* + * Copyright (c) 2017-2019 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include <hicn/transport/auth/crypto_hash.h> + +extern "C" { +#include <parc/security/parc_CryptoHasher.h> +}; + +namespace transport { +namespace auth { + +class CryptoHasher { + public: + CryptoHasher(CryptoHashType hash_type) + : hasher_(parcCryptoHasher_Create( + static_cast<PARCCryptoHashType>(hash_type))), + managed_(true) {} + + CryptoHasher(PARCCryptoHasher* hasher) : hasher_(hasher), managed_(false) {} + + ~CryptoHasher() { + if (managed_) { + parcCryptoHasher_Release(&hasher_); + } + } + + CryptoHasher& init() { + if (parcCryptoHasher_Init(hasher_) == -1) { + throw errors::RuntimeException("Cryptohash init failed."); + } + + return *this; + } + + template <typename T> + CryptoHasher& updateBytes(const T* buffer, std::size_t length) { + if (parcCryptoHasher_UpdateBytes(hasher_, buffer, length) == -1) { + throw errors::RuntimeException("Cryptohash updateBytes failed."); + } + return *this; + } + + CryptoHash finalize() { + CryptoHash hash; + hash.hash_ = parcCryptoHasher_Finalize(hasher_); + return hash; + } + + private: + PARCCryptoHasher* hasher_; + bool managed_; +}; + +} // namespace auth +} // namespace transport diff --git a/libtransport/includes/hicn/transport/auth/crypto_suite.h b/libtransport/includes/hicn/transport/auth/crypto_suite.h new file mode 100644 index 000000000..11df6ac06 --- /dev/null +++ b/libtransport/includes/hicn/transport/auth/crypto_suite.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2017-2019 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +extern "C" { +#include <parc/security/parc_CryptoSuite.h> +}; + +#include <cstdint> + +namespace transport { +namespace auth { + +enum class CryptoSuite : uint8_t { + RSA_SHA256 = PARCCryptoSuite_RSA_SHA256, + DSA_SHA256 = PARCCryptoSuite_DSA_SHA256, + RSA_SHA512 = PARCCryptoSuite_RSA_SHA512, + HMAC_SHA256 = PARCCryptoSuite_HMAC_SHA256, + HMAC_SHA512 = PARCCryptoSuite_HMAC_SHA512, + NULL_CRC32C = PARCCryptoSuite_NULL_CRC32C, + ECDSA_256K1 = PARCCryptoSuite_ECDSA_SHA256, + UNKNOWN = PARCCryptoSuite_UNKNOWN +}; + +} // namespace auth +} // namespace transport diff --git a/libtransport/includes/hicn/transport/auth/identity.h b/libtransport/includes/hicn/transport/auth/identity.h new file mode 100644 index 000000000..19157952e --- /dev/null +++ b/libtransport/includes/hicn/transport/auth/identity.h @@ -0,0 +1,66 @@ +/* + * Copyright (c) 2017-2021 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include <hicn/transport/auth/signer.h> + +extern "C" { +#include <parc/security/parc_Identity.h> +#include <parc/security/parc_IdentityFile.h> +#include <parc/security/parc_Pkcs12KeyStore.h> +#include <parc/security/parc_Security.h> +}; + +namespace transport { +namespace auth { + +class Identity { + // This class holds several information about a client, including its public + // key. + public: + // Generate a new identity from the given parameters. The identity will be + // saved in 'keystore_path' and encrypted using 'keystore_pwd'. + Identity(const std::string &keystore_path, const std::string &keystore_pwd, + CryptoSuite suite, unsigned int signature_len, + unsigned int validity_days, const std::string &subject_name); + + // Create an identity from an already existing keystore path. + Identity(std::string &keystore_path, std::string &keystore_pwd, + CryptoHashType hash_type); + + Identity(const Identity &other); + Identity(Identity &&other); + ~Identity(); + + // Return the asymmetric signer object created from the public key. + std::shared_ptr<AsymmetricSigner> getSigner() const; + + // Return the key store filename. + std::string getFilename() const; + + // Return the key store password. + std::string getPassword() const; + + // Generate a new random identity. + static Identity generateIdentity(const std::string &subject_name = ""); + + private: + PARCIdentity *identity_; + std::shared_ptr<AsymmetricSigner> signer_; +}; + +} // namespace auth +} // namespace transport diff --git a/libtransport/includes/hicn/transport/auth/key_id.h b/libtransport/includes/hicn/transport/auth/key_id.h new file mode 100644 index 000000000..3aa09336f --- /dev/null +++ b/libtransport/includes/hicn/transport/auth/key_id.h @@ -0,0 +1,27 @@ +/* + * Copyright (c) 2017-2019 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include <cstdint> +#include <utility> + +namespace transport { +namespace auth { + +using KeyId = std::pair<uint8_t *, uint8_t>; + +} // namespace auth +} // namespace transport diff --git a/libtransport/includes/hicn/transport/auth/policies.h b/libtransport/includes/hicn/transport/auth/policies.h new file mode 100644 index 000000000..00464d54b --- /dev/null +++ b/libtransport/includes/hicn/transport/auth/policies.h @@ -0,0 +1,33 @@ +/* + * Copyright (c) 2021 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +namespace transport { +namespace auth { + +/** + * These policies allows the verifier to tell the transport what action to + * perform after verification. + */ +enum class VerificationPolicy { + ABORT, + ACCEPT, + DROP, + UNKNOWN, +}; + +} // namespace auth +} // namespace transport diff --git a/libtransport/includes/hicn/transport/auth/signer.h b/libtransport/includes/hicn/transport/auth/signer.h new file mode 100644 index 000000000..fd5c4e6c6 --- /dev/null +++ b/libtransport/includes/hicn/transport/auth/signer.h @@ -0,0 +1,92 @@ +/* + * Copyright (c) 2017-2021 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include <hicn/transport/auth/common.h> +#include <hicn/transport/errors/errors.h> + +extern "C" { +#include <parc/security/parc_PublicKeySigner.h> +#include <parc/security/parc_Security.h> +#include <parc/security/parc_Signer.h> +#include <parc/security/parc_SymmetricKeySigner.h> +} + +namespace transport { +namespace auth { + +class Signer { + // The base class from which all signer classes derive. + public: + Signer(); + + Signer(PARCSigner *signer); + + virtual ~Signer(); + + // Sign a packet. + virtual void signPacket(PacketPtr packet); + + // Set the signer object used to sign packets. + void setSigner(PARCSigner *signer); + + // Return the signature size. + size_t getSignatureSize() const; + + // Return the crypto suite associated to the signer. + CryptoSuite getCryptoSuite() const; + + // Return the hash algorithm associated to the signer. + CryptoHashType getCryptoHashType() const; + + // Return the PARC signer. + PARCSigner *getParcSigner() const; + + // Return the PARC key store containing the signer key. + PARCKeyStore *getParcKeyStore() const; + + protected: + PARCSigner *signer_; + PARCKeyId *key_id_; +}; + +class AsymmetricSigner : public Signer { + // This class uses asymmetric verification to sign packets. The public key + // must be given from a PARCKeyStore. + public: + AsymmetricSigner() = default; + AsymmetricSigner(PARCSigner *signer) : Signer(signer){}; + + // Construct an AsymmetricSigner from a key store and a given crypto suite. + AsymmetricSigner(CryptoSuite suite, PARCKeyStore *key_store); +}; + +class SymmetricSigner : public Signer { + // This class uses symmetric verification to sign packets. The symmetric + // key is derived from a passphrase. + public: + SymmetricSigner() = default; + SymmetricSigner(PARCSigner *signer) : Signer(signer){}; + + // Construct an SymmetricSigner from a key store and a given crypto suite. + SymmetricSigner(CryptoSuite suite, PARCKeyStore *key_store); + + // Construct an AsymmetricSigner from a passphrase and a given crypto suite. + SymmetricSigner(CryptoSuite suite, const std::string &passphrase); +}; + +} // namespace auth +} // namespace transport diff --git a/libtransport/includes/hicn/transport/auth/verifier.h b/libtransport/includes/hicn/transport/auth/verifier.h new file mode 100644 index 000000000..e6e561918 --- /dev/null +++ b/libtransport/includes/hicn/transport/auth/verifier.h @@ -0,0 +1,169 @@ +/* + * Copyright (c) 2017-2021 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include <hicn/transport/auth/common.h> +#include <hicn/transport/auth/policies.h> +#include <hicn/transport/core/content_object.h> +#include <hicn/transport/errors/errors.h> +#include <hicn/transport/interfaces/callbacks.h> + +#include <algorithm> + +extern "C" { +#include <parc/security/parc_CertificateFactory.h> +#include <parc/security/parc_InMemoryVerifier.h> +#include <parc/security/parc_Security.h> +#include <parc/security/parc_SymmetricKeySigner.h> +#include <parc/security/parc_Verifier.h> +} + +namespace transport { +namespace auth { + +class Verifier { + // The base class from which all verifier classes derive. + public: + // The VerificationFailedCallback will be called by the transport if a data + // packet (either a manifest or a content object) cannot be verified. The + // application decides what to do then by returning a VerificationPolicy + // object. + using VerificationFailedCallback = std::function<auth::VerificationPolicy( + const core::ContentObject &content_object, std::error_code ec)>; + + // The list of VerificationPolicy that will trigger the + // VerificationFailedCallback. + static const std::vector<VerificationPolicy> DEFAULT_FAILED_POLICIES; + + Verifier(); + + virtual ~Verifier(); + + // Verify a single packet and return whether or not the packet signature is + // valid. + virtual bool verifyPacket(PacketPtr packet); + + // Verify a batch of packets. Return a vector with the same size as the packet + // list, element i of that vector will contain the VerificationPolicy for + // packet i. + virtual std::vector<VerificationPolicy> verifyPackets( + const std::vector<PacketPtr> &packets); + VerificationPolicy verifyPackets(PacketPtr packet) { + return verifyPackets(std::vector<PacketPtr>{packet}).front(); + } + + // Verify that a batch of packets are valid using a map from packet suffixes + // to hashes. A packet is considered valid if its hash correspond to the hash + // present in the map. Return a vector with the same size as the packet list, + // element i of that vector will contain the VerificationPolicy for packet i. + virtual std::vector<VerificationPolicy> verifyPackets( + const std::vector<PacketPtr> &packets, + const std::unordered_map<Suffix, HashEntry> &suffix_map); + VerificationPolicy verifyPackets( + PacketPtr packet, + const std::unordered_map<Suffix, HashEntry> &suffix_map) { + return verifyPackets(std::vector<PacketPtr>{packet}, suffix_map).front(); + } + + // Add a general PARC key which can be used to verify packet signatures. + void addKey(PARCKey *key); + + // Set the hasher object used to compute packet hashes. + void setHasher(PARCCryptoHasher *hasher); + + // Set the callback for the case packet verification fails. + void setVerificationFailedCallback( + VerificationFailedCallback verification_failed_cb, + const std::vector<VerificationPolicy> &failed_policies = + DEFAULT_FAILED_POLICIES); + + // Retrieve the VerificationFailedCallback function. + void getVerificationFailedCallback( + VerificationFailedCallback **verification_failed_cb); + + static size_t getSignatureSize(const PacketPtr); + + protected: + PARCCryptoHasher *hasher_; + PARCVerifier *verifier_; + VerificationFailedCallback verification_failed_cb_; + std::vector<VerificationPolicy> failed_policies_; + + // Internally compute a packet hash using the hasher object. + virtual CryptoHash computeHash(PacketPtr packet); + + // Call VerificationFailedCallback if it is set and update the packet policy. + void callVerificationFailedCallback(PacketPtr packet, + VerificationPolicy &policy); +}; + +class VoidVerifier : public Verifier { + // This class is the default socket verifier. It ignores completely the packet + // signature and always returns true. + public: + bool verifyPacket(PacketPtr packet) override; + + std::vector<VerificationPolicy> verifyPackets( + const std::vector<PacketPtr> &packets) override; + + std::vector<VerificationPolicy> verifyPackets( + const std::vector<PacketPtr> &packets, + const std::unordered_map<Suffix, HashEntry> &suffix_map) override; +}; + +class AsymmetricVerifier : public Verifier { + // This class uses asymmetric verification to validate packets. The public key + // can be set directly or extracted from a certificate. + public: + AsymmetricVerifier() = default; + + // Add a public key to the verifier. + AsymmetricVerifier(PARCKey *pub_key); + + // Construct an AsymmetricVerifier from a certificate file. + AsymmetricVerifier(const std::string &cert_path); + + // Extract the public key of a certificate file. + void setCertificate(const std::string &cert_path); +}; + +class SymmetricVerifier : public Verifier { + // This class uses symmetric verification to validate packets. The symmetric + // key is derived from a passphrase. + public: + SymmetricVerifier() = default; + + // Construct a SymmetricVerifier from a passphrase. + SymmetricVerifier(const std::string &passphrase); + + ~SymmetricVerifier(); + + // Create and set a symmetric key from a passphrase. + void setPassphrase(const std::string &passphrase); + + // Construct a signer object. Passphrase must be set beforehand. + void setSigner(const PARCCryptoSuite &suite); + + virtual std::vector<VerificationPolicy> verifyPackets( + const std::vector<PacketPtr> &packets) override; + + protected: + PARCBuffer *passphrase_; + PARCSigner *signer_; +}; + +} // namespace auth +} // namespace transport |