From a5f7941f49160021506ecae0da090f0b204b75ea Mon Sep 17 00:00:00 2001
From: Olivier Roques <oroques@cisco.com>
Date: Thu, 17 Nov 2022 11:26:23 +0000
Subject: feat(auth): add support for ED25519 and ED448

Ref: HICN-818

Signed-off-by: Olivier Roques <oroques@cisco.com>
Change-Id: I8672f022b74be387e16496660a78edf3c1da4bf1
---
 .../includes/hicn/transport/auth/crypto_hash.h     |  8 ++-----
 .../includes/hicn/transport/auth/crypto_suite.h    | 20 +++++++++-------
 libtransport/includes/hicn/transport/auth/signer.h |  2 ++
 .../includes/hicn/transport/auth/verifier.h        | 28 +++++++++++++++-------
 4 files changed, 36 insertions(+), 22 deletions(-)

(limited to 'libtransport/includes')

diff --git a/libtransport/includes/hicn/transport/auth/crypto_hash.h b/libtransport/includes/hicn/transport/auth/crypto_hash.h
index 29ea27114..fbe1d5160 100644
--- a/libtransport/includes/hicn/transport/auth/crypto_hash.h
+++ b/libtransport/includes/hicn/transport/auth/crypto_hash.h
@@ -27,8 +27,6 @@ extern "C" {
 namespace transport {
 namespace auth {
 
-typedef const EVP_MD *(*CryptoHashEVP)(void);
-
 enum class CryptoHashType : uint8_t {
   UNKNOWN,
   SHA256,
@@ -57,8 +55,6 @@ class CryptoHash {
   // Compute the hash of given buffer
   void computeDigest(const uint8_t *buffer, std::size_t len);
   void computeDigest(const std::vector<uint8_t> &buffer);
-
-  // Compute the hash of given membuf
   void computeDigest(const utils::MemBuf *buffer);
 
   // Return the computed hash
@@ -82,8 +78,8 @@ class CryptoHash {
   // Reset hash
   void reset();
 
-  // Return OpenSSL EVP function associated to a given hash type
-  static CryptoHashEVP getEVP(CryptoHashType hash_type);
+  // Return the OpenSSL EVP_MD pointer associated to a given hash type
+  static const EVP_MD *getMD(CryptoHashType hash_type);
 
   // Return hash size
   static std::size_t getSize(CryptoHashType hash_type);
diff --git a/libtransport/includes/hicn/transport/auth/crypto_suite.h b/libtransport/includes/hicn/transport/auth/crypto_suite.h
index ed21abb91..f3b535264 100644
--- a/libtransport/includes/hicn/transport/auth/crypto_suite.h
+++ b/libtransport/includes/hicn/transport/auth/crypto_suite.h
@@ -26,22 +26,24 @@ namespace auth {
 
 enum class CryptoSuite : uint8_t {
   UNKNOWN,
+  DSA_BLAKE2B512,
+  DSA_BLAKE2S256,
+  DSA_SHA256,
+  DSA_SHA512,
   ECDSA_BLAKE2B512,
   ECDSA_BLAKE2S256,
   ECDSA_SHA256,
   ECDSA_SHA512,
-  RSA_BLAKE2B512,
-  RSA_BLAKE2S256,
-  RSA_SHA256,
-  RSA_SHA512,
+  ED25519,
+  ED448,
   HMAC_BLAKE2B512,
   HMAC_BLAKE2S256,
   HMAC_SHA256,
   HMAC_SHA512,
-  DSA_BLAKE2B512,
-  DSA_BLAKE2S256,
-  DSA_SHA256,
-  DSA_SHA512,
+  RSA_BLAKE2B512,
+  RSA_BLAKE2S256,
+  RSA_SHA256,
+  RSA_SHA512,
 };
 
 // Return the suite associated to the given NID
@@ -53,5 +55,7 @@ std::string getStringSuite(CryptoSuite suite);
 // Return the hash type associated to the given suite
 CryptoHashType getHashType(CryptoSuite suite);
 
+// Return the OpenSSL EVP_MD pointer associated to a given suite
+const EVP_MD *getMD(CryptoSuite suite);
 }  // namespace auth
 }  // namespace transport
diff --git a/libtransport/includes/hicn/transport/auth/signer.h b/libtransport/includes/hicn/transport/auth/signer.h
index e1b3cae5c..f9e07efae 100644
--- a/libtransport/includes/hicn/transport/auth/signer.h
+++ b/libtransport/includes/hicn/transport/auth/signer.h
@@ -42,6 +42,7 @@ class Signer {
 
   // Sign a packet.
   virtual void signPacket(PacketPtr packet);
+  virtual void signBuffer(const uint8_t *buffer, std::size_t len);
   virtual void signBuffer(const std::vector<uint8_t> &buffer);
   virtual void signBuffer(const utils::MemBuf *buffer);
 
@@ -82,6 +83,7 @@ class VoidSigner : public Signer {
   VoidSigner() = default;
 
   void signPacket(PacketPtr packet) override;
+  void signBuffer(const uint8_t *buffer, std::size_t len) override;
   void signBuffer(const std::vector<uint8_t> &buffer) override;
   void signBuffer(const utils::MemBuf *buffer) override;
 };
diff --git a/libtransport/includes/hicn/transport/auth/verifier.h b/libtransport/includes/hicn/transport/auth/verifier.h
index c89138339..2e086df4f 100644
--- a/libtransport/includes/hicn/transport/auth/verifier.h
+++ b/libtransport/includes/hicn/transport/auth/verifier.h
@@ -54,12 +54,15 @@ class Verifier {
 
   // Verify a single packet or buffer.
   virtual bool verifyPacket(PacketPtr packet);
+  virtual bool verifyBuffer(const uint8_t *buffer, std::size_t len,
+                            const utils::MemBuf::Ptr &signature,
+                            CryptoSuite suite) = 0;
   virtual bool verifyBuffer(const std::vector<uint8_t> &buffer,
                             const utils::MemBuf::Ptr &signature,
-                            CryptoHashType hash_type) = 0;
+                            CryptoSuite suite) = 0;
   virtual bool verifyBuffer(const utils::MemBuf *buffer,
                             const utils::MemBuf::Ptr &signature,
-                            CryptoHashType hash_type) = 0;
+                            CryptoSuite suite) = 0;
 
   // Verify a batch of packets. Return a mapping from packet suffixes to their
   // VerificationPolicy.
@@ -110,12 +113,15 @@ class VoidVerifier : public Verifier {
   // and always returns true.
  public:
   bool verifyPacket(PacketPtr packet) override;
+  bool verifyBuffer(const uint8_t *buffer, std::size_t len,
+                    const utils::MemBuf::Ptr &signature,
+                    CryptoSuite suite) override;
   bool verifyBuffer(const std::vector<uint8_t> &buffer,
                     const utils::MemBuf::Ptr &signature,
-                    CryptoHashType hash_type) override;
+                    CryptoSuite suite) override;
   bool verifyBuffer(const utils::MemBuf *buffer,
                     const utils::MemBuf::Ptr &signature,
-                    CryptoHashType hash_type) override;
+                    CryptoSuite suite) override;
 
   PolicyMap verifyPackets(const std::vector<PacketPtr> &packets) override;
 
@@ -143,12 +149,15 @@ class AsymmetricVerifier : public Verifier {
   void useCertificate(const std::string &cert_path);
   void useCertificate(std::shared_ptr<X509> cert);
 
+  bool verifyBuffer(const uint8_t *buffer, std::size_t len,
+                    const utils::MemBuf::Ptr &signature,
+                    CryptoSuite suite) override;
   bool verifyBuffer(const std::vector<uint8_t> &buffer,
                     const utils::MemBuf::Ptr &signature,
-                    CryptoHashType hash_type) override;
+                    CryptoSuite suite) override;
   bool verifyBuffer(const utils::MemBuf *buffer,
                     const utils::MemBuf::Ptr &signature,
-                    CryptoHashType hash_type) override;
+                    CryptoSuite suite) override;
 
  private:
   std::shared_ptr<EVP_PKEY> key_;
@@ -166,12 +175,15 @@ class SymmetricVerifier : public Verifier {
   // Create and set a symmetric key from a passphrase.
   void setPassphrase(const std::string &passphrase);
 
+  bool verifyBuffer(const uint8_t *buffer, std::size_t len,
+                    const utils::MemBuf::Ptr &signature,
+                    CryptoSuite suite) override;
   bool verifyBuffer(const std::vector<uint8_t> &buffer,
                     const utils::MemBuf::Ptr &signature,
-                    CryptoHashType hash_type) override;
+                    CryptoSuite suite) override;
   bool verifyBuffer(const utils::MemBuf *buffer,
                     const utils::MemBuf::Ptr &signature,
-                    CryptoHashType hash_type) override;
+                    CryptoSuite suite) override;
 
  protected:
   std::shared_ptr<EVP_PKEY> key_;
-- 
cgit 1.2.3-korg