diff options
Diffstat (limited to 'libtransport/src/security/signer.cc')
-rw-r--r-- | libtransport/src/security/signer.cc | 185 |
1 files changed, 0 insertions, 185 deletions
diff --git a/libtransport/src/security/signer.cc b/libtransport/src/security/signer.cc deleted file mode 100644 index aa2751611..000000000 --- a/libtransport/src/security/signer.cc +++ /dev/null @@ -1,185 +0,0 @@ -/* - * Copyright (c) 2017-2019 Cisco and/or its affiliates. - * Copyright 2017 Facebook, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include <hicn/transport/errors/malformed_ahpacket_exception.h> -#include <hicn/transport/security/key_id.h> -#include <hicn/transport/security/signer.h> -#include <hicn/transport/utils/membuf.h> - -extern "C" { -#ifndef _WIN32 -TRANSPORT_CLANG_DISABLE_WARNING("-Wextern-c-compat") -#endif -#include <hicn/hicn.h> -#include <parc/security/parc_PublicKeySigner.h> -#include <parc/security/parc_Security.h> -#include <parc/security/parc_SymmetricKeySigner.h> -} - -#include <chrono> - -#define ALLOW_UNALIGNED_READS 1 - -namespace utils { - -Signer::Signer(PARCKeyStore *keyStore, CryptoSuite suite) { - parcSecurity_Init(); - - switch (suite) { - case CryptoSuite::DSA_SHA256: - case CryptoSuite::RSA_SHA256: - case CryptoSuite::RSA_SHA512: - case CryptoSuite::ECDSA_256K1: { - this->signer_ = - parcSigner_Create(parcPublicKeySigner_Create( - keyStore, static_cast<PARCCryptoSuite>(suite)), - PARCPublicKeySignerAsSigner); - break; - } - case CryptoSuite::HMAC_SHA256: - case CryptoSuite::HMAC_SHA512: { - this->signer_ = - parcSigner_Create(parcSymmetricKeySigner_Create( - (PARCSymmetricKeyStore *)keyStore, - parcCryptoSuite_GetCryptoHash( - static_cast<PARCCryptoSuite>(suite))), - PARCSymmetricKeySignerAsSigner); - break; - } - default: { return; } - } - - suite_ = suite; - key_id_ = parcSigner_CreateKeyId(this->signer_); - signature_length_ = parcSigner_GetSignatureSize(this->signer_); -} - -Signer::Signer(const std::string &passphrase, CryptoSuite suite) { - parcSecurity_Init(); - - switch (suite) { - case CryptoSuite::HMAC_SHA256: - case CryptoSuite::HMAC_SHA512: { - PARCBufferComposer *composer = parcBufferComposer_Create(); - parcBufferComposer_PutString(composer, passphrase.c_str()); - PARCBuffer *key_buffer = parcBufferComposer_ProduceBuffer(composer); - PARCSymmetricKeyStore *symmetricKeyStore = - parcSymmetricKeyStore_Create(key_buffer); - this->signer_ = parcSigner_Create( - parcSymmetricKeySigner_Create( - symmetricKeyStore, parcCryptoSuite_GetCryptoHash( - static_cast<PARCCryptoSuite>(suite))), - PARCSymmetricKeySignerAsSigner); - - parcBuffer_Release(&key_buffer); - parcSymmetricKeyStore_Release(&symmetricKeyStore); - parcBufferComposer_Release(&composer); - break; - } - default: { return; } - } - - suite_ = suite; - key_id_ = parcSigner_CreateKeyId(this->signer_); - signature_length_ = parcSigner_GetSignatureSize(this->signer_); -} - -Signer::Signer(const PARCSigner *signer, CryptoSuite suite) - : suite_(suite), - signer_(parcSigner_Acquire(signer)), - key_id_(parcSigner_CreateKeyId(this->signer_)), - signature_length_(parcSigner_GetSignatureSize(this->signer_)) { - parcSecurity_Init(); -} - -Signer::Signer(const PARCSigner *signer) - : Signer(signer, CryptoSuite::UNKNOWN) {} - -Signer::~Signer() { - if (signer_) parcSigner_Release(&signer_); - if (key_id_) parcKeyId_Release(&key_id_); - parcSecurity_Fini(); -} - -void Signer::sign(Packet &packet) { - /* header chain points to the IP + TCP hicn header + AH Header */ - MemBuf *header_chain = packet.header_head_; - MemBuf *payload_chain = packet.payload_head_; - uint8_t *hicn_packet = (uint8_t *)header_chain->writableData(); - Packet::Format format = packet.getFormat(); - - if (!(format & HFO_AH)) { - throw errors::MalformedAHPacketException(); - } - - packet.setSignatureSize(signature_length_); - - /* Copy IP+TCP/ICMP header before zeroing them */ - hicn_header_t header_copy; - hicn_packet_copy_header(format, (const hicn_header_t *)packet.packet_start_, - &header_copy, false); - - std::size_t header_len = Packet::getHeaderSizeFromFormat(format); - - packet.resetForHash(); - - /* Fill the hicn_ah header */ - using namespace std::chrono; - auto now = duration_cast<milliseconds>(system_clock::now().time_since_epoch()) - .count(); - packet.setSignatureTimestamp(now); - packet.setValidationAlgorithm(suite_); - - KeyId key_id; - key_id.first = (uint8_t *)parcBuffer_Overlay( - (PARCBuffer *)parcKeyId_GetKeyId(this->key_id_), 0); - packet.setKeyId(key_id); - - /* Calculate hash */ - CryptoHasher hasher(parcSigner_GetCryptoHasher(signer_)); - hasher.init(); - hasher.updateBytes(hicn_packet, header_len + signature_length_); - - for (MemBuf *current = payload_chain; current != header_chain; - current = current->next()) { - hasher.updateBytes(current->data(), current->length()); - } - - CryptoHash hash = hasher.finalize(); - PARCSignature *signature = parcSigner_SignDigestNoAlloc( - this->signer_, hash.hash_, packet.getSignature(), - (uint32_t)signature_length_); - PARCBuffer *buffer = parcSignature_GetSignature(signature); - size_t bytes_len = parcBuffer_Remaining(buffer); - - if (bytes_len > signature_length_) { - throw errors::MalformedAHPacketException(); - } - - hicn_packet_copy_header(format, &header_copy, - (hicn_header_t *)packet.packet_start_, false); - - parcSignature_Release(&signature); -} - -size_t Signer::getSignatureLength() { return signature_length_; } - -PARCKeyStore *Signer::getKeyStore() { - return parcSigner_GetKeyStore(this->signer_); -} - -} // namespace utils |