diff options
Diffstat (limited to 'libtransport/includes/hicn/transport/security')
9 files changed, 0 insertions, 546 deletions
diff --git a/libtransport/includes/hicn/transport/security/CMakeLists.txt b/libtransport/includes/hicn/transport/security/CMakeLists.txt deleted file mode 100644 index 58a96780b..000000000 --- a/libtransport/includes/hicn/transport/security/CMakeLists.txt +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright (c) 2017-2019 Cisco and/or its affiliates. -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at: -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -cmake_minimum_required(VERSION 3.5 FATAL_ERROR) - -list(APPEND HEADER_FILES - ${CMAKE_CURRENT_SOURCE_DIR}/signer.h - ${CMAKE_CURRENT_SOURCE_DIR}/verifier.h - ${CMAKE_CURRENT_SOURCE_DIR}/crypto_hasher.h - ${CMAKE_CURRENT_SOURCE_DIR}/crypto_suite.h - ${CMAKE_CURRENT_SOURCE_DIR}/crypto_hash.h - ${CMAKE_CURRENT_SOURCE_DIR}/crypto_hash_type.h - ${CMAKE_CURRENT_SOURCE_DIR}/identity.h - ${CMAKE_CURRENT_SOURCE_DIR}/key_id.h -) - -set(HEADER_FILES ${HEADER_FILES} PARENT_SCOPE)
\ No newline at end of file diff --git a/libtransport/includes/hicn/transport/security/crypto_hash.h b/libtransport/includes/hicn/transport/security/crypto_hash.h deleted file mode 100644 index 5a58f258b..000000000 --- a/libtransport/includes/hicn/transport/security/crypto_hash.h +++ /dev/null @@ -1,119 +0,0 @@ -/* - * Copyright (c) 2017-2019 Cisco and/or its affiliates. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#pragma once - -#include <hicn/transport/errors/runtime_exception.h> -#include <hicn/transport/portability/portability.h> -#include <hicn/transport/security/crypto_hash_type.h> -#include <hicn/transport/utils/array.h> - -extern "C" { -#include <parc/security/parc_CryptoHash.h> -}; - -#include <cstring> -#include <unordered_map> - -namespace utils { - -class CryptoHasher; - -struct EnumClassHash { - template <typename T> - std::size_t operator()(T t) const { - return static_cast<std::size_t>(t); - } -}; - -static std::unordered_map<CryptoHashType, std::size_t, EnumClassHash> - hash_size_map = {{CryptoHashType::SHA_256, 32}, - {CryptoHashType::CRC32C, 4}, - {CryptoHashType::SHA_512, 64}}; - -class Signer; -class Verifier; - -class CryptoHash { - friend class CryptoHasher; - friend class Signer; - friend class Verifier; - - public: - CryptoHash() : hash_(nullptr) {} - - CryptoHash(const CryptoHash& other) { - if (other.hash_) { - hash_ = parcCryptoHash_Acquire(other.hash_); - } - } - - CryptoHash(CryptoHash&& other) { - if (other.hash_) { - hash_ = parcCryptoHash_Acquire(other.hash_); - } - } - - template <typename T> - CryptoHash(const T* buffer, std::size_t length, CryptoHashType hash_type) { - hash_ = parcCryptoHash_CreateFromArray( - static_cast<PARCCryptoHashType>(hash_type), buffer, length); - } - - ~CryptoHash() { - if (hash_) { - parcCryptoHash_Release(&hash_); - } - } - - CryptoHash& operator=(const CryptoHash& other) { - if (other.hash_) { - hash_ = parcCryptoHash_Acquire(other.hash_); - } - - return *this; - } - - template <typename T> - utils::Array<T> getDigest() const { - return utils::Array<T>( - static_cast<T*>(parcBuffer_Overlay(parcCryptoHash_GetDigest(hash_), 0)), - parcBuffer_Remaining(parcCryptoHash_GetDigest(hash_))); - } - - CryptoHashType getType() { - return static_cast<CryptoHashType>(parcCryptoHash_GetDigestType(hash_)); - } - - template <typename T> - static bool compareBinaryDigest(const T* digest1, const T* digest2, - CryptoHashType hash_type) { - if (hash_size_map.find(hash_type) == hash_size_map.end()) { - return false; - } - - return !static_cast<bool>( - std::memcmp(digest1, digest2, hash_size_map[hash_type])); - } - - TRANSPORT_ALWAYS_INLINE void display() { - parcBuffer_Display(parcCryptoHash_GetDigest(hash_), 2); - } - - private: - PARCCryptoHash* hash_; -}; - -} // namespace utils
\ No newline at end of file diff --git a/libtransport/includes/hicn/transport/security/crypto_hash_type.h b/libtransport/includes/hicn/transport/security/crypto_hash_type.h deleted file mode 100644 index b7597e208..000000000 --- a/libtransport/includes/hicn/transport/security/crypto_hash_type.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright (c) 2017-2019 Cisco and/or its affiliates. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#pragma once - -extern "C" { -#include <parc/security/parc_CryptoHashType.h> -}; - -namespace utils { - -enum class CryptoHashType : uint8_t { - SHA_256 = PARCCryptoHashType_SHA256, - SHA_512 = PARCCryptoHashType_SHA512, - CRC32C = PARCCryptoHashType_CRC32C, - NULL_HASH = PARCCryptoHashType_NULL -}; - -}
\ No newline at end of file diff --git a/libtransport/includes/hicn/transport/security/crypto_hasher.h b/libtransport/includes/hicn/transport/security/crypto_hasher.h deleted file mode 100644 index 9367c3bc8..000000000 --- a/libtransport/includes/hicn/transport/security/crypto_hasher.h +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright (c) 2017-2019 Cisco and/or its affiliates. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#pragma once - -#include <hicn/transport/security/crypto_hash.h> - -extern "C" { -#include <parc/security/parc_CryptoHasher.h> -}; - -namespace utils { - -class CryptoHasher { - public: - CryptoHasher(CryptoHashType hash_type) - : hasher_(parcCryptoHasher_Create( - static_cast<PARCCryptoHashType>(hash_type))), - managed_(true) {} - - CryptoHasher(PARCCryptoHasher* hasher) : hasher_(hasher), managed_(false) {} - - ~CryptoHasher() { - if (managed_) { - parcCryptoHasher_Release(&hasher_); - } - } - - CryptoHasher& init() { - if (parcCryptoHasher_Init(hasher_) == -1) { - throw errors::RuntimeException("Cryptohash init failed."); - } - - return *this; - } - - template <typename T> - CryptoHasher& updateBytes(const T* buffer, std::size_t length) { - if (parcCryptoHasher_UpdateBytes(hasher_, buffer, length) == -1) { - throw errors::RuntimeException("Cryptohash updateBytes failed."); - } - return *this; - } - - CryptoHash finalize() { - CryptoHash hash; - hash.hash_ = parcCryptoHasher_Finalize(hasher_); - return hash; - } - - private: - PARCCryptoHasher* hasher_; - bool managed_; -}; - -} // namespace utils
\ No newline at end of file diff --git a/libtransport/includes/hicn/transport/security/crypto_suite.h b/libtransport/includes/hicn/transport/security/crypto_suite.h deleted file mode 100644 index 017938f8f..000000000 --- a/libtransport/includes/hicn/transport/security/crypto_suite.h +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright (c) 2017-2019 Cisco and/or its affiliates. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#pragma once - -extern "C" { -#include <parc/security/parc_CryptoSuite.h> -}; - -#include <cstdint> - -namespace utils { - -enum class CryptoSuite : uint8_t { - RSA_SHA256 = PARCCryptoSuite_RSA_SHA256, - DSA_SHA256 = PARCCryptoSuite_DSA_SHA256, - RSA_SHA512 = PARCCryptoSuite_RSA_SHA512, - HMAC_SHA256 = PARCCryptoSuite_HMAC_SHA256, - HMAC_SHA512 = PARCCryptoSuite_HMAC_SHA512, - NULL_CRC32C = PARCCryptoSuite_NULL_CRC32C, - ECDSA_256K1 = PARCCryptoSuite_ECDSA_SHA256, - UNKNOWN = PARCCryptoSuite_UNKNOWN -}; -} diff --git a/libtransport/includes/hicn/transport/security/identity.h b/libtransport/includes/hicn/transport/security/identity.h deleted file mode 100644 index a575af134..000000000 --- a/libtransport/includes/hicn/transport/security/identity.h +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Copyright (c) 2017-2019 Cisco and/or its affiliates. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#pragma once - -#include <hicn/transport/security/crypto_suite.h> -#include <hicn/transport/security/signer.h> - -extern "C" { -#include <parc/security/parc_Identity.h> -#include <parc/security/parc_IdentityFile.h> -#include <parc/security/parc_Pkcs12KeyStore.h> -}; - -#include <string> - -namespace utils { - -class Identity { - public: - Identity(const std::string &keystore_name, - const std::string &keystore_password, CryptoSuite suite, - unsigned int signature_length, unsigned int validity_days, - const std::string &subject_name); - - Identity(const Identity &other); - - Identity(std::string &file_name, std::string &password, - utils::CryptoHashType hash_algorithm); - - ~Identity(); - - static Identity generateIdentity(const std::string &subject_name); - - std::string getFileName(); - - std::string getPassword(); - - std::shared_ptr<Signer> getSigner(); - - size_t getSignatureLength() const; - - private: - PARCIdentity *identity_; - std::shared_ptr<Signer> signer_; - utils::CryptoHashType hash_algorithm_; -}; - -} // namespace utils diff --git a/libtransport/includes/hicn/transport/security/key_id.h b/libtransport/includes/hicn/transport/security/key_id.h deleted file mode 100644 index d67b73d7a..000000000 --- a/libtransport/includes/hicn/transport/security/key_id.h +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright (c) 2017-2019 Cisco and/or its affiliates. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#pragma once - -#include <cstdint> -#include <utility> - -namespace utils { - -using KeyId = std::pair<uint8_t*, uint8_t>; - -} diff --git a/libtransport/includes/hicn/transport/security/signer.h b/libtransport/includes/hicn/transport/security/signer.h deleted file mode 100644 index 45bcdb516..000000000 --- a/libtransport/includes/hicn/transport/security/signer.h +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Copyright (c) 2017-2019 Cisco and/or its affiliates. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#pragma once - -#include <hicn/transport/core/packet.h> - -extern "C" { -#include <parc/security/parc_CryptoHashType.h> -#include <parc/security/parc_CryptoSuite.h> -#include <parc/security/parc_KeyStore.h> -#include <parc/security/parc_Signer.h> -#include <parc/security/parc_SymmetricKeySigner.h> -} - -namespace utils { - -using Packet = transport::core::Packet; - -/** - * A signer can use a single key (asymmetric or symmetric) to sign a packet. - */ -class Signer { - friend class Identity; - - public: - /** - * Create a Signer - * - * @param keyStore A keystore containing a private key or simmetric key to - * use to sign packet with this Signer. - * @param suite CryptoSuite to use to verify the signature - */ - Signer(PARCKeyStore *keyStore, CryptoSuite suite); - - /** - * Create a Signer - * - * @param passphrase A string from which the symmetric key will be derived - * @param suite CryptoSuite to use to verify the signature - */ - Signer(const std::string &passphrase, CryptoSuite suite); - - Signer(const PARCSigner *signer, CryptoSuite suite); - - Signer(const PARCSigner *signer); - - ~Signer(); - - /** - * @brief Sign a packet - * - * This method is general and must be used for Public-private key signature, - * HMAC and CRC. - * - * @param packet A pointer to the header of the packet to sign. Mutable - * field in the packet must be set to 0. - * @param key_id Indentifier of the key to use to generate the signature. - */ - void sign(Packet &packet); - - size_t getSignatureLength(); - - PARCKeyStore *getKeyStore(); - - private: - CryptoSuite suite_; - PARCSigner *signer_ = nullptr; - PARCKeyId *key_id_ = nullptr; - size_t signature_length_; -}; - -} // namespace utils diff --git a/libtransport/includes/hicn/transport/security/verifier.h b/libtransport/includes/hicn/transport/security/verifier.h deleted file mode 100644 index 838868427..000000000 --- a/libtransport/includes/hicn/transport/security/verifier.h +++ /dev/null @@ -1,94 +0,0 @@ -/* - * Copyright (c) 2017-2019 Cisco and/or its affiliates. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#pragma once - -#include <hicn/transport/core/packet.h> - -extern "C" { -#include <parc/security/parc_CertificateFactory.h> -#include <parc/security/parc_InMemoryVerifier.h> -#include <parc/security/parc_KeyId.h> -#include <parc/security/parc_Security.h> -#include <parc/security/parc_SymmetricKeySigner.h> -#include <parc/security/parc_Verifier.h> -} - -namespace utils { - -using Packet = transport::core::Packet; - -/** - * A verifier holds a crypto cache that contains all the keys to use for - * verify signatures/hmacs. - */ -class Verifier { - public: - Verifier(); - - ~Verifier(); - - /** - * @brief Check if a key is already in this Verifier. - * - * A PARCVerifier contains a CryptoCache with a set of key to use for - * verification purposes. - * - * @param keyId Identifier of the key to match in the CryptoCache of the - * Verifier. - * @return true if the key is found, false otherwise. - */ - bool hasKey(PARCKeyId *keyId); - - /** - * @brief Add a key to this Verifier - * - * @param key to add - * @return true if the key was added successfully, false otherwise. - */ - bool addKey(PARCKey *key); - - PARCKeyId *addKeyFromPassphrase(const std::string &passphrase, - CryptoSuite suite); - - PARCKeyId *addKeyFromCertificate(const std::string &file_name); - - /** - * @brief Verify a Signature - * - * This method is general and must be used for Public-private key signature, - * HMAC and CRC. - * - * @param signature A pointer to the buffer holding the signature - * @param sign_len Lenght of the signature (must be consistent with the type - * of the key) - * @param bufferSigned A pointer to the packet header signed with - * signature. Mutable fields and the signature field in the packet must be - * set to 0 - * @param buf_len Lenght of bufferSigned - * @param suite CryptoSuite to use to verify the signature - * @param key_id Indentifier of the key to use to verify the signature. The - * key must be already present in the Verifier. - */ - int verify(const Packet &packet); - - CryptoHash getPacketHash(const Packet &packet, CryptoHasher &hasher); - - private: - PARCVerifier *verifier_ = nullptr; - PARCSigner *signer_ = nullptr; -}; - -} // namespace utils |