aboutsummaryrefslogtreecommitdiffstats
path: root/libtransport/src/hicn/transport/utils
diff options
context:
space:
mode:
Diffstat (limited to 'libtransport/src/hicn/transport/utils')
-rw-r--r--libtransport/src/hicn/transport/utils/content_store.cc56
-rw-r--r--libtransport/src/hicn/transport/utils/content_store.h1
-rw-r--r--libtransport/src/hicn/transport/utils/identity.cc32
-rw-r--r--libtransport/src/hicn/transport/utils/identity.h5
-rw-r--r--libtransport/src/hicn/transport/utils/signer.cc111
-rw-r--r--libtransport/src/hicn/transport/utils/signer.h25
-rw-r--r--libtransport/src/hicn/transport/utils/suffix_strategy.h1
-rw-r--r--libtransport/src/hicn/transport/utils/verifier.cc137
-rw-r--r--libtransport/src/hicn/transport/utils/verifier.h20
9 files changed, 250 insertions, 138 deletions
diff --git a/libtransport/src/hicn/transport/utils/content_store.cc b/libtransport/src/hicn/transport/utils/content_store.cc
index 8e3435507..ba13bef41 100644
--- a/libtransport/src/hicn/transport/utils/content_store.cc
+++ b/libtransport/src/hicn/transport/utils/content_store.cc
@@ -40,41 +40,48 @@ void ContentStore::insert(
content_store_hash_table_.size(), fifo_list_.size());
}
- // Check if the content can be cached
- if (content_object->getLifetime() > 0) {
- if (content_store_hash_table_.size() >= max_content_store_size_) {
- content_store_hash_table_.erase(fifo_list_.back());
- fifo_list_.pop_back();
- }
-
- // Insert new item
-
- auto it = content_store_hash_table_.find(content_object->getName());
- if (it != content_store_hash_table_.end()) {
- fifo_list_.erase(it->second.second);
- content_store_hash_table_.erase(content_object->getName());
- }
+ if (content_store_hash_table_.size() >= max_content_store_size_) {
+ content_store_hash_table_.erase(fifo_list_.back());
+ fifo_list_.pop_back();
+ }
- fifo_list_.push_front(std::cref(content_object->getName()));
- auto pos = fifo_list_.begin();
- content_store_hash_table_[content_object->getName()] = ContentStoreEntry(
- ObjectTimeEntry(content_object, std::chrono::steady_clock::now()), pos);
+ // Insert new item
+ auto it = content_store_hash_table_.find(content_object->getName());
+ if (it != content_store_hash_table_.end()) {
+ fifo_list_.erase(it->second.second);
+ content_store_hash_table_.erase(content_object->getName());
}
+
+ fifo_list_.push_front(std::cref(content_object->getName()));
+ auto pos = fifo_list_.begin();
+ content_store_hash_table_[content_object->getName()] = ContentStoreEntry(
+ ObjectTimeEntry(content_object, std::chrono::steady_clock::now()), pos);
}
const std::shared_ptr<ContentObject> ContentStore::find(
const Interest &interest) {
utils::SpinLock::Acquire locked(cs_mutex_);
+
+ std::shared_ptr<ContentObject> ret = empty_reference_;
auto it = content_store_hash_table_.find(interest.getName());
if (it != content_store_hash_table_.end()) {
- if (std::chrono::duration_cast<std::chrono::milliseconds>(
+
+ auto content_lifetime = it->second.first.first->getLifetime();
+ auto time_passed_since_creation =
+ std::chrono::duration_cast<std::chrono::milliseconds>(
std::chrono::steady_clock::now() - it->second.first.second)
- .count() < it->second.first.first->getLifetime()) {
- return it->second.first.first;
+ .count();
+
+ if (time_passed_since_creation > content_lifetime) {
+ fifo_list_.erase(it->second.second);
+ content_store_hash_table_.erase(it);
+ }
+ else {
+ ret = it->second.first.first;
}
}
- return empty_reference_;
+ return ret;
}
void ContentStore::erase(const Name &exact_name) {
@@ -103,7 +110,10 @@ void ContentStore::printContent() {
for (auto &item : content_store_hash_table_) {
if (item.second.first.first->getPayloadType() ==
transport::core::PayloadType::MANIFEST) {
- TRANSPORT_LOGI("Manifest: %s\n",
+ TRANSPORT_LOGI("Manifest: %s",
+ item.second.first.first->getName().toString().c_str());
+ } else {
+ TRANSPORT_LOGI("Data Packet: %s",
item.second.first.first->getName().toString().c_str());
}
}
diff --git a/libtransport/src/hicn/transport/utils/content_store.h b/libtransport/src/hicn/transport/utils/content_store.h
index f7dc41835..613ffcbc2 100644
--- a/libtransport/src/hicn/transport/utils/content_store.h
+++ b/libtransport/src/hicn/transport/utils/content_store.h
@@ -16,6 +16,7 @@
#pragma once
#include <hicn/transport/interfaces/socket.h>
+#include <hicn/transport/utils/spinlock.h>
#include <mutex>
diff --git a/libtransport/src/hicn/transport/utils/identity.cc b/libtransport/src/hicn/transport/utils/identity.cc
index d84129537..c5ab03e44 100644
--- a/libtransport/src/hicn/transport/utils/identity.cc
+++ b/libtransport/src/hicn/transport/utils/identity.cc
@@ -49,18 +49,14 @@ Identity::Identity(const std::string &keystore_name,
identity_,
parcCryptoSuite_GetCryptoHash(static_cast<PARCCryptoSuite>(suite)));
- signer_ = std::make_shared<Signer>(signer);
-
- signature_length_ = (unsigned int)parcSigner_GetSignatureSize(signer);
+ signer_ = std::make_shared<Signer>(signer, suite);
parcSigner_Release(&signer);
parcIdentityFile_Release(&identity_file);
}
Identity::Identity(const Identity &other)
- : signer_(other.signer_),
- hash_algorithm_(other.hash_algorithm_),
- signature_length_(other.signature_length_) {
+ : signer_(other.signer_), hash_algorithm_(other.hash_algorithm_) {
parcSecurity_Init();
identity_ = parcIdentity_Acquire(other.identity_);
}
@@ -90,27 +86,13 @@ Identity::Identity(std::string &file_name, std::string &password,
PARCSigner *signer = parcIdentity_CreateSigner(
identity_, static_cast<PARCCryptoHashType>(hash_algorithm));
- signer_ = std::make_shared<Signer>(signer);
-
- signature_length_ = (unsigned int)parcSigner_GetSignatureSize(signer);
+ signer_ = std::make_shared<Signer>(
+ signer, CryptoSuite(parcSigner_GetCryptoSuite(signer)));
parcSigner_Release(&signer);
parcIdentityFile_Release(&identity_file);
}
-// Identity::Identity(Identity &&other) {
-// identity_ = parcIdentity_Acquire(other.identity_);
-//}
-
-// Identity& Identity::operator=(const Identity& other) {
-// signer_ = other.signer_;
-// hash_algorithm_ = other.hash_algorithm_;
-// signature_length_ = other.signature_length_;
-// identity_ = parcIdentity_Acquire(other.identity_);
-
-// parcSecurity_Init();
-// }
-
Identity::~Identity() {
parcIdentity_Release(&identity_);
parcSecurity_Fini();
@@ -124,8 +106,10 @@ std::string Identity::getPassword() {
return std::string(parcIdentity_GetPassWord(identity_));
}
-Signer &Identity::getSigner() { return *signer_; }
+std::shared_ptr<Signer> Identity::getSigner() { return signer_; }
-unsigned int Identity::getSignatureLength() const { return signature_length_; }
+size_t Identity::getSignatureLength() const {
+ return signer_->getSignatureLength();
+}
} // namespace utils
diff --git a/libtransport/src/hicn/transport/utils/identity.h b/libtransport/src/hicn/transport/utils/identity.h
index 349b38914..e9801a005 100644
--- a/libtransport/src/hicn/transport/utils/identity.h
+++ b/libtransport/src/hicn/transport/utils/identity.h
@@ -49,15 +49,14 @@ class Identity {
std::string getPassword();
- Signer &getSigner();
+ std::shared_ptr<Signer> getSigner();
- unsigned int getSignatureLength() const;
+ size_t getSignatureLength() const;
private:
PARCIdentity *identity_;
std::shared_ptr<Signer> signer_;
transport::core::HashAlgorithm hash_algorithm_;
- unsigned int signature_length_;
};
} // namespace utils
diff --git a/libtransport/src/hicn/transport/utils/signer.cc b/libtransport/src/hicn/transport/utils/signer.cc
index 981e5f02b..9ac9a2c45 100644
--- a/libtransport/src/hicn/transport/utils/signer.cc
+++ b/libtransport/src/hicn/transport/utils/signer.cc
@@ -39,54 +39,96 @@ namespace utils {
uint8_t Signer::zeros[200] = {0};
/*One signer_ per Private Key*/
-Signer::Signer(PARCKeyStore *keyStore, PARCCryptoSuite suite) {
+Signer::Signer(PARCKeyStore *keyStore, CryptoSuite suite) {
+ parcSecurity_Init();
+
switch (suite) {
- case PARCCryptoSuite_NULL_CRC32C:
- break;
- case PARCCryptoSuite_ECDSA_SHA256:
- case PARCCryptoSuite_RSA_SHA256:
- case PARCCryptoSuite_DSA_SHA256:
- case PARCCryptoSuite_RSA_SHA512:
+ case CryptoSuite::DSA_SHA256:
+ case CryptoSuite::RSA_SHA256:
+ case CryptoSuite::RSA_SHA512:
+ case CryptoSuite::ECDSA_256K1: {
this->signer_ =
- parcSigner_Create(parcPublicKeySigner_Create(keyStore, suite),
+ parcSigner_Create(parcPublicKeySigner_Create(
+ keyStore, static_cast<PARCCryptoSuite>(suite)),
PARCPublicKeySignerAsSigner);
- this->key_id_ = parcSigner_CreateKeyId(this->signer_);
break;
+ }
+ case CryptoSuite::HMAC_SHA256:
+ case CryptoSuite::HMAC_SHA512: {
+ this->signer_ =
+ parcSigner_Create(parcSymmetricKeySigner_Create(
+ (PARCSymmetricKeyStore *)keyStore,
+ parcCryptoSuite_GetCryptoHash(
+ static_cast<PARCCryptoSuite>(suite))),
+ PARCSymmetricKeySignerAsSigner);
+ break;
+ }
+ default: { return; }
+ }
+
+ suite_ = suite;
+ key_id_ = parcSigner_CreateKeyId(this->signer_);
+ signature_length_ = parcSigner_GetSignatureSize(this->signer_);
+}
+
+Signer::Signer(const std::string &passphrase, CryptoSuite suite) {
+ parcSecurity_Init();
- case PARCCryptoSuite_HMAC_SHA512:
- case PARCCryptoSuite_HMAC_SHA256:
- default:
+ switch (suite) {
+ case CryptoSuite::HMAC_SHA256:
+ case CryptoSuite::HMAC_SHA512: {
+ composer_ = parcBufferComposer_Create();
+ parcBufferComposer_PutString(composer_, passphrase.c_str());
+ key_buffer_ = parcBufferComposer_ProduceBuffer(composer_);
+ symmetricKeyStore_ = parcSymmetricKeyStore_Create(key_buffer_);
this->signer_ = parcSigner_Create(
- parcSymmetricKeySigner_Create((PARCSymmetricKeyStore *)keyStore,
- parcCryptoSuite_GetCryptoHash(suite)),
+ parcSymmetricKeySigner_Create(
+ symmetricKeyStore_, parcCryptoSuite_GetCryptoHash(
+ static_cast<PARCCryptoSuite>(suite))),
PARCSymmetricKeySignerAsSigner);
- this->key_id_ = parcSigner_CreateKeyId(this->signer_);
break;
+ }
+ default: { return; }
}
+
+ suite_ = suite;
+ key_id_ = parcSigner_CreateKeyId(this->signer_);
+ signature_length_ = parcSigner_GetSignatureSize(this->signer_);
}
-Signer::Signer(const PARCSigner *signer)
+Signer::Signer(const PARCSigner *signer, CryptoSuite suite)
: signer_(parcSigner_Acquire(signer)),
- key_id_(parcSigner_CreateKeyId(this->signer_)) {}
+ key_id_(parcSigner_CreateKeyId(this->signer_)),
+ suite_(suite),
+ signature_length_(parcSigner_GetSignatureSize(this->signer_)) {
+ parcSecurity_Init();
+}
+
+Signer::Signer(const PARCSigner *signer)
+ : Signer(signer, CryptoSuite::UNKNOWN) {}
Signer::~Signer() {
- parcSigner_Release(&signer_);
- parcKeyId_Release(&key_id_);
+ if (signature_) parcSignature_Release(&signature_);
+ if (symmetricKeyStore_) parcSymmetricKeyStore_Release(&symmetricKeyStore_);
+ if (key_buffer_) parcBuffer_Release(&key_buffer_);
+ if (composer_) parcBufferComposer_Release(&composer_);
+ if (signer_) parcSigner_Release(&signer_);
+ if (key_id_) parcKeyId_Release(&key_id_);
+ parcSecurity_Fini();
}
void Signer::sign(Packet &packet) {
// header chain points to the IP + TCP hicn header + AH Header
- utils::MemBuf *header_chain = packet.header_head_;
- utils::MemBuf *payload_chain = packet.payload_head_;
+ MemBuf *header_chain = packet.header_head_;
+ MemBuf *payload_chain = packet.payload_head_;
uint8_t *hicn_packet = (uint8_t *)header_chain->writableData();
Packet::Format format = packet.getFormat();
- std::size_t sign_len_bytes = parcSigner_GetSignatureSize(signer_);
if (!(format & HFO_AH)) {
throw errors::MalformedAHPacketException();
}
- packet.setSignatureSize(sign_len_bytes);
+ packet.setSignatureSize(signature_length_);
// Copy IP+TCP/ICMP header before zeroing them
hicn_header_t header_copy;
@@ -102,8 +144,7 @@ void Signer::sign(Packet &packet) {
auto now = duration_cast<milliseconds>(system_clock::now().time_since_epoch())
.count();
packet.setSignatureTimestamp(now);
- packet.setValidationAlgorithm(
- CryptoSuite(parcSigner_GetCryptoSuite(this->signer_)));
+ packet.setValidationAlgorithm(suite_);
KeyId key_id;
key_id.first = (uint8_t *)parcBuffer_Overlay(
@@ -111,25 +152,25 @@ void Signer::sign(Packet &packet) {
packet.setKeyId(key_id);
// Calculate hash
- utils::CryptoHasher hasher(parcSigner_GetCryptoHasher(signer_));
+ CryptoHasher hasher(parcSigner_GetCryptoHasher(signer_));
hasher.init();
- hasher.updateBytes(hicn_packet, header_len + sign_len_bytes);
+ hasher.updateBytes(hicn_packet, header_len + signature_length_);
- for (utils::MemBuf *current = payload_chain; current != header_chain;
+ for (MemBuf *current = payload_chain; current != header_chain;
current = current->next()) {
hasher.updateBytes(current->data(), current->length());
}
- utils::CryptoHash hash = hasher.finalize();
+ CryptoHash hash = hasher.finalize();
- PARCSignature *signature = parcSigner_SignDigestNoAlloc(
- this->signer_, hash.hash_, packet.getSignature(),
- (uint32_t)sign_len_bytes);
- PARCBuffer *buffer = parcSignature_GetSignature(signature);
+ signature_ = parcSigner_SignDigestNoAlloc(this->signer_, hash.hash_,
+ packet.getSignature(),
+ (uint32_t)signature_length_);
+ PARCBuffer *buffer = parcSignature_GetSignature(signature_);
size_t bytes_len = parcBuffer_Remaining(buffer);
- if (bytes_len > sign_len_bytes) {
+ if (bytes_len > signature_length_) {
throw errors::MalformedAHPacketException();
}
@@ -137,6 +178,8 @@ void Signer::sign(Packet &packet) {
(hicn_header_t *)packet.packet_start_, false);
}
+size_t Signer::getSignatureLength() { return signature_length_; }
+
PARCKeyStore *Signer::getKeyStore() {
return parcSigner_GetKeyStore(this->signer_);
}
diff --git a/libtransport/src/hicn/transport/utils/signer.h b/libtransport/src/hicn/transport/utils/signer.h
index 6afb9544c..31b21462b 100644
--- a/libtransport/src/hicn/transport/utils/signer.h
+++ b/libtransport/src/hicn/transport/utils/signer.h
@@ -22,6 +22,7 @@ extern "C" {
#include <parc/security/parc_CryptoSuite.h>
#include <parc/security/parc_KeyStore.h>
#include <parc/security/parc_Signer.h>
+#include <parc/security/parc_SymmetricKeySigner.h>
}
namespace utils {
@@ -42,7 +43,17 @@ class Signer {
* use to sign packet with this Signer.
* @param suite CryptoSuite to use to verify the signature
*/
- Signer(PARCKeyStore *keyStore, PARCCryptoSuite suite);
+ Signer(PARCKeyStore *keyStore, CryptoSuite suite);
+
+ /**
+ * Create a Signer
+ *
+ * @param passphrase A string from which the symmetric key will be derived
+ * @param suite CryptoSuite to use to verify the signature
+ */
+ Signer(const std::string &passphrase, CryptoSuite suite);
+
+ Signer(const PARCSigner *signer, CryptoSuite suite);
Signer(const PARCSigner *signer);
@@ -60,11 +71,19 @@ class Signer {
*/
void sign(Packet &packet);
+ size_t getSignatureLength();
+
PARCKeyStore *getKeyStore();
private:
- PARCSigner *signer_;
- PARCKeyId *key_id_;
+ PARCBufferComposer *composer_ = nullptr;
+ PARCBuffer *key_buffer_ = nullptr;
+ PARCSymmetricKeyStore *symmetricKeyStore_ = nullptr;
+ PARCSigner *signer_ = nullptr;
+ PARCSignature *signature_ = nullptr;
+ PARCKeyId *key_id_ = nullptr;
+ CryptoSuite suite_;
+ size_t signature_length_;
static uint8_t zeros[200];
};
diff --git a/libtransport/src/hicn/transport/utils/suffix_strategy.h b/libtransport/src/hicn/transport/utils/suffix_strategy.h
index 0ed3c5b0e..ab9b1eff6 100644
--- a/libtransport/src/hicn/transport/utils/suffix_strategy.h
+++ b/libtransport/src/hicn/transport/utils/suffix_strategy.h
@@ -16,6 +16,7 @@
#pragma once
#include <hicn/transport/core/manifest_format.h>
+#include <limits>
namespace utils {
diff --git a/libtransport/src/hicn/transport/utils/verifier.cc b/libtransport/src/hicn/transport/utils/verifier.cc
index 69b2101da..281ee21dc 100644
--- a/libtransport/src/hicn/transport/utils/verifier.cc
+++ b/libtransport/src/hicn/transport/utils/verifier.cc
@@ -25,9 +25,6 @@ extern "C" {
TRANSPORT_CLANG_DISABLE_WARNING("-Wextern-c-compat")
#endif
#include <hicn/hicn.h>
-#include <parc/security/parc_CertificateFactory.h>
-#include <parc/security/parc_InMemoryVerifier.h>
-#include <parc/security/parc_Security.h>
}
#include <sys/stat.h>
@@ -46,11 +43,18 @@ Verifier::Verifier() {
PARCInMemoryVerifier *in_memory_verifier = parcInMemoryVerifier_Create();
this->verifier_ =
parcVerifier_Create(in_memory_verifier, PARCInMemoryVerifierAsVerifier);
- parcInMemoryVerifier_Release(&in_memory_verifier);
}
Verifier::~Verifier() {
- parcVerifier_Release(&verifier_);
+ if (key_) parcKey_Release(&key_);
+ if (keyId_) parcKeyId_Release(&keyId_);
+ if (signer_) parcSigner_Release(&signer_);
+ if (symmetricKeyStore_) parcSymmetricKeyStore_Release(&symmetricKeyStore_);
+ if (key_buffer_) parcBuffer_Release(&key_buffer_);
+ if (composer_) parcBufferComposer_Release(&composer_);
+ if (certificate_) parcCertificate_Release(&certificate_);
+ if (factory_) parcCertificateFactory_Release(&factory_);
+ if (verifier_) parcVerifier_Release(&verifier_);
parcSecurity_Fini();
}
@@ -67,10 +71,30 @@ bool Verifier::addKey(PARCKey *key) {
return true;
}
+PARCKeyId *Verifier::addKeyFromPassphrase(const std::string &passphrase,
+ CryptoSuite suite) {
+ composer_ = parcBufferComposer_Create();
+ parcBufferComposer_PutString(composer_, passphrase.c_str());
+ key_buffer_ = parcBufferComposer_ProduceBuffer(composer_);
+
+ symmetricKeyStore_ = parcSymmetricKeyStore_Create(key_buffer_);
+ signer_ = parcSigner_Create(
+ parcSymmetricKeySigner_Create(
+ symmetricKeyStore_,
+ parcCryptoSuite_GetCryptoHash(static_cast<PARCCryptoSuite>(suite))),
+ PARCSymmetricKeySignerAsSigner);
+ keyId_ = parcSigner_CreateKeyId(signer_);
+ key_ = parcKey_CreateFromSymmetricKey(
+ keyId_, parcSigner_GetSigningAlgorithm(signer_), key_buffer_);
+
+ addKey(key_);
+ return keyId_;
+}
+
PARCKeyId *Verifier::addKeyFromCertificate(const std::string &file_name) {
- PARCCertificateFactory *factory = parcCertificateFactory_Create(
- PARCCertificateType_X509, PARCContainerEncoding_PEM);
- parcAssertNotNull(factory, "Expected non-NULL factory");
+ factory_ = parcCertificateFactory_Create(PARCCertificateType_X509,
+ PARCContainerEncoding_PEM);
+ parcAssertNotNull(factory_, "Expected non-NULL factory");
if (!file_exists(file_name)) {
TRANSPORT_LOGW("Warning! The certificate %s file does not exist",
@@ -78,31 +102,23 @@ PARCKeyId *Verifier::addKeyFromCertificate(const std::string &file_name) {
return nullptr;
}
- PARCCertificate *certificate =
- parcCertificateFactory_CreateCertificateFromFile(
- factory, (char *)file_name.c_str(), NULL);
-
- PARCKey *key = parcCertificate_GetPublicKey(certificate);
- addKey(key);
-
- PARCKeyId *ret = parcKeyId_Acquire(parcKey_GetKeyId(key));
-
- // parcKey_Release(&key);
- // parcCertificate_Release(&certificate);
- // parcCertificateFactory_Release(&factory);
-
- return ret;
+ certificate_ = parcCertificateFactory_CreateCertificateFromFile(
+ factory_, (char *)file_name.c_str(), NULL);
+ PARCBuffer *derEncodedVersion =
+ parcCertificate_GetDEREncodedPublicKey(certificate_);
+ PARCCryptoHash *keyDigest = parcCertificate_GetPublicKeyDigest(certificate_);
+ keyId_ = parcKeyId_Create(parcCryptoHash_GetDigest(keyDigest));
+ key_ = parcKey_CreateFromDerEncodedPublicKey(keyId_, PARCSigningAlgorithm_RSA,
+ derEncodedVersion);
+
+ addKey(key_);
+ return keyId_;
}
int Verifier::verify(const Packet &packet) {
+ // to initialize packet.payload_head_
+ const_cast<Packet *>(&packet)->separateHeaderPayload();
bool valid = false;
-
- // initialize packet.payload_head_
- const_cast<Packet*>(&packet)->separateHeaderPayload();
- // header chain points to the IP + TCP hicn header
- utils::MemBuf *header_chain = packet.header_head_;
- utils::MemBuf *payload_chain = packet.payload_head_;
- uint8_t *hicn_packet = header_chain->writableData();
Packet::Format format = packet.getFormat();
if (!(packet.format_ & HFO_AH)) {
@@ -114,10 +130,9 @@ int Verifier::verify(const Packet &packet) {
hicn_packet_copy_header(format, (const hicn_header_t *)packet.packet_start_,
&header_copy, false);
- std::size_t header_len = Packet::getHeaderSizeFromFormat(format);
-
PARCCryptoSuite suite =
static_cast<PARCCryptoSuite>(packet.getValidationAlgorithm());
+ PARCCryptoHashType hashtype = parcCryptoSuite_GetCryptoHash(suite);
KeyId _key_id = packet.getKeyId();
PARCBuffer *buffer =
parcBuffer_Wrap(_key_id.first, _key_id.second, 0, _key_id.second);
@@ -127,27 +142,30 @@ int Verifier::verify(const Packet &packet) {
int ah_payload_len = (int)packet.getSignatureSize();
uint8_t *_signature = packet.getSignature();
uint8_t *signature = new uint8_t[ah_payload_len];
-
// TODO Remove signature copy at this point, by not setting to zero
// the validation payload.
std::memcpy(signature, _signature, ah_payload_len);
- // Reset fields that should not appear in the signature
- const_cast<Packet &>(packet).resetForHash();
-
- PARCCryptoHashType hashtype = parcCryptoSuite_GetCryptoHash(suite);
- utils::CryptoHasher hasher(
- parcVerifier_GetCryptoHasher(verifier_, key_id, hashtype));
-
- hasher.init().updateBytes(hicn_packet, header_len + ah_payload_len);
-
- for (utils::MemBuf *current = payload_chain; current != header_chain;
- current = current->next()) {
- hasher.updateBytes(current->data(), current->length());
+ std::shared_ptr<CryptoHasher> hasher;
+ switch (CryptoSuite(suite)) {
+ case CryptoSuite::DSA_SHA256:
+ case CryptoSuite::RSA_SHA256:
+ case CryptoSuite::RSA_SHA512:
+ case CryptoSuite::ECDSA_256K1: {
+ hasher = std::make_shared<CryptoHasher>(
+ parcVerifier_GetCryptoHasher(verifier_, key_id, hashtype));
+ break;
+ }
+ case CryptoSuite::HMAC_SHA256:
+ case CryptoSuite::HMAC_SHA512: {
+ if (!signer_) return false;
+ hasher =
+ std::make_shared<CryptoHasher>(parcSigner_GetCryptoHasher(signer_));
+ break;
+ }
+ default: { return false; }
}
-
- utils::CryptoHash hash = hasher.finalize();
- PARCCryptoHash *hash_computed_locally = hash.hash_;
+ CryptoHash hash_computed_locally = getPacketHash(packet, hasher);
PARCBuffer *bits =
parcBuffer_Wrap(signature, ah_payload_len, 0, ah_payload_len);
@@ -178,20 +196,39 @@ int Verifier::verify(const Packet &packet) {
}
valid = parcVerifier_VerifyDigestSignature(
- verifier_, key_id, hash_computed_locally, suite, signatureToVerify);
+ verifier_, key_id, hash_computed_locally.hash_, suite, signatureToVerify);
/* Restore the resetted fields */
hicn_packet_copy_header(format, &header_copy,
(hicn_header_t *)packet.packet_start_, false);
delete[] signature;
-
parcKeyId_Release(&key_id);
-
parcBuffer_Release(&bits);
parcSignature_Release(&signatureToVerify);
return valid;
}
+CryptoHash Verifier::getPacketHash(const Packet &packet,
+ std::shared_ptr<CryptoHasher> hasher) {
+ MemBuf *header_chain = packet.header_head_;
+ MemBuf *payload_chain = packet.payload_head_;
+ Packet::Format format = packet.getFormat();
+ int ah_payload_len = (int)packet.getSignatureSize();
+ uint8_t *hicn_packet = header_chain->writableData();
+ std::size_t header_len = Packet::getHeaderSizeFromFormat(format);
+
+ // Reset fields that should not appear in the signature
+ const_cast<Packet &>(packet).resetForHash();
+ hasher->init().updateBytes(hicn_packet, header_len + ah_payload_len);
+
+ for (MemBuf *current = payload_chain; current != header_chain;
+ current = current->next()) {
+ hasher->updateBytes(current->data(), current->length());
+ }
+
+ return hasher->finalize();
+}
+
} // namespace utils
diff --git a/libtransport/src/hicn/transport/utils/verifier.h b/libtransport/src/hicn/transport/utils/verifier.h
index 6313a7240..7ec6e7eda 100644
--- a/libtransport/src/hicn/transport/utils/verifier.h
+++ b/libtransport/src/hicn/transport/utils/verifier.h
@@ -18,7 +18,11 @@
#include <hicn/transport/core/packet.h>
extern "C" {
+#include <parc/security/parc_CertificateFactory.h>
+#include <parc/security/parc_InMemoryVerifier.h>
#include <parc/security/parc_KeyId.h>
+#include <parc/security/parc_Security.h>
+#include <parc/security/parc_SymmetricKeySigner.h>
#include <parc/security/parc_Verifier.h>
}
@@ -56,6 +60,9 @@ class Verifier {
*/
bool addKey(PARCKey *key);
+ PARCKeyId *addKeyFromPassphrase(const std::string &passphrase,
+ CryptoSuite suite);
+
PARCKeyId *addKeyFromCertificate(const std::string &file_name);
/**
@@ -77,8 +84,19 @@ class Verifier {
*/
int verify(const Packet &packet);
+ CryptoHash getPacketHash(const Packet &packet,
+ std::shared_ptr<CryptoHasher> hasher);
+
private:
- PARCVerifier *verifier_;
+ PARCVerifier *verifier_ = nullptr;
+ PARCCertificateFactory *factory_ = nullptr;
+ PARCCertificate *certificate_ = nullptr;
+ PARCKeyId *keyId_ = nullptr;
+ PARCKey *key_ = nullptr;
+ PARCBuffer *key_buffer_ = nullptr;
+ PARCSymmetricKeyStore *symmetricKeyStore_ = nullptr;
+ PARCSigner *signer_ = nullptr;
+ PARCBufferComposer *composer_ = nullptr;
static uint8_t zeros[200];
};