From a1ac96f497719b897793ac14b287cb8d840651c1 Mon Sep 17 00:00:00 2001 From: Luca Muscariello Date: Fri, 22 Apr 2022 17:55:01 +0200 Subject: HICN-722: Updates on transport, RTC, manifest usage for RTC, infra. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Mauro Sardara Co-authored-by: Jordan Augé Co-authored-by: Michele Papalini Co-authored-by: Angelo Mantellini Co-authored-by: Jacques Samain Co-authored-by: Olivier Roques Co-authored-by: Enrico Loparco Co-authored-by: Giulio Grassi manifest: optimize manifest processing manifest: add FEC parameters to manifests manifest: refactor verification process manifest: report auth alerts in hiperf instead of aborting manifest: remove FEC buffer callback in consumer manifest: refactor and enable manifests by default manifest: update manifest header with transport parameters manifest: batch interests for first manifest from RTC producer manifest: refactor processing of RTC manifests manifest: update manifest-related socket options of consumers manifest: update unit tests for manifests manifest: pack manifest headers manifest: verify FEC packets auth: add consumer socket option to set max unverified delay manifest: process manifests after full FEC decoding manifest: manage forward jumps in RTC verifier fec: remove useless fec codes rs: add new code rate rs: add new code rate rs: add new code rate rs: add new code rate libtransport: increase internal packet cache size remove internal cisco info in cmake manifest: add option to set manifest capacity data_input_node.c: add information about adj_index[VLIB_RX] on received data packetsi sysrepo plugin: update build Change-Id: I0cf64d91bd0a1b7cad4eeaa9871f58f5f10434af Signed-off-by: Mauro Sardara Signed-off-by: Luca Muscariello --- libtransport/src/auth/crypto_hash.cc | 40 +++++++++++++++------------ libtransport/src/auth/signer.cc | 53 +++++++++++++++++++++++------------- libtransport/src/auth/verifier.cc | 49 ++++++++++++++++++++------------- 3 files changed, 87 insertions(+), 55 deletions(-) (limited to 'libtransport/src/auth') diff --git a/libtransport/src/auth/crypto_hash.cc b/libtransport/src/auth/crypto_hash.cc index f60f46051..08be47aff 100644 --- a/libtransport/src/auth/crypto_hash.cc +++ b/libtransport/src/auth/crypto_hash.cc @@ -14,6 +14,9 @@ */ #include +#include + +#include "glog/logging.h" namespace transport { namespace auth { @@ -27,18 +30,20 @@ CryptoHash::CryptoHash(const CryptoHash &other) CryptoHash::CryptoHash(CryptoHash &&other) : digest_type_(std::move(other.digest_type_)), - digest_(other.digest_), - digest_size_(other.digest_size_) { - other.reset(); -} + digest_(std::move(other.digest_)), + digest_size_(other.digest_size_) {} -CryptoHash::CryptoHash(CryptoHashType hash_type) { setType(hash_type); } +CryptoHash::CryptoHash(CryptoHashType hash_type) + : digest_(core::PacketManager<>::getInstance().getMemBuf()) { + setType(hash_type); +} CryptoHash::CryptoHash(const uint8_t *hash, size_t size, CryptoHashType hash_type) : digest_type_(hash_type), digest_size_(size) { - digest_.resize(size); - memcpy(digest_.data(), hash, size); + digest_ = core::PacketManager<>::getInstance().getMemBuf(); + digest_->append(size); + memcpy(digest_->writableData(), hash, size); } CryptoHash::CryptoHash(const std::vector &hash, @@ -55,7 +60,7 @@ CryptoHash &CryptoHash::operator=(const CryptoHash &other) { } bool CryptoHash::operator==(const CryptoHash &other) const { - return (digest_type_ == other.digest_type_ && digest_ == other.digest_); + return (digest_type_ == other.digest_type_ && *digest_ == *other.digest_); } void CryptoHash::computeDigest(const uint8_t *buffer, size_t len) { @@ -65,8 +70,8 @@ void CryptoHash::computeDigest(const uint8_t *buffer, size_t len) { throw errors::RuntimeException("Unknown hash type"); } - EVP_Digest(buffer, len, digest_.data(), (unsigned int *)&digest_size_, - (*hash_evp)(), nullptr); + EVP_Digest(buffer, len, digest_->writableData(), + (unsigned int *)&digest_size_, (*hash_evp)(), nullptr); } void CryptoHash::computeDigest(const std::vector &buffer) { @@ -95,7 +100,7 @@ void CryptoHash::computeDigest(const utils::MemBuf *buffer) { p = p->next(); } while (p != buffer); - if (EVP_DigestFinal_ex(mcdtx, digest_.data(), + if (EVP_DigestFinal_ex(mcdtx, digest_->writableData(), (unsigned int *)&digest_size_) != 1) { throw errors::RuntimeException("Digest computation failed"); } @@ -103,15 +108,16 @@ void CryptoHash::computeDigest(const utils::MemBuf *buffer) { EVP_MD_CTX_free(mcdtx); } -std::vector CryptoHash::getDigest() const { return digest_; } +const utils::MemBuf::Ptr &CryptoHash::getDigest() const { return digest_; } std::string CryptoHash::getStringDigest() const { std::stringstream string_digest; string_digest << std::hex << std::setfill('0'); - for (auto byte : digest_) { - string_digest << std::hex << std::setw(2) << static_cast(byte); + for (size_t i = 0; i < digest_size_; ++i) { + string_digest << std::hex << std::setw(2) + << static_cast(digest_->data()[i]); } return string_digest.str(); @@ -122,10 +128,10 @@ CryptoHashType CryptoHash::getType() const { return digest_type_; } size_t CryptoHash::getSize() const { return digest_size_; } void CryptoHash::setType(CryptoHashType hash_type) { - reset(); digest_type_ = hash_type; digest_size_ = CryptoHash::getSize(hash_type); - digest_.resize(digest_size_); + DCHECK(digest_size_ <= digest_->tailroom()); + digest_->setLength(digest_size_); } void CryptoHash::display() { @@ -152,8 +158,8 @@ void CryptoHash::display() { void CryptoHash::reset() { digest_type_ = CryptoHashType::UNKNOWN; - digest_.clear(); digest_size_ = 0; + digest_->setLength(0); } CryptoHashEVP CryptoHash::getEVP(CryptoHashType hash_type) { diff --git a/libtransport/src/auth/signer.cc b/libtransport/src/auth/signer.cc index e74e2f1b8..918e271f5 100644 --- a/libtransport/src/auth/signer.cc +++ b/libtransport/src/auth/signer.cc @@ -17,6 +17,8 @@ #include #include +#include "hicn/transport/core/global_object_pool.h" + namespace transport { namespace auth { @@ -24,7 +26,10 @@ namespace auth { // Base Signer // --------------------------------------------------------- Signer::Signer() - : suite_(CryptoSuite::UNKNOWN), signature_len_(0), key_(nullptr) {} + : suite_(CryptoSuite::UNKNOWN), + signature_(core::PacketManager<>::getInstance().getMemBuf()), + signature_len_(0), + key_(nullptr) {} Signer::~Signer() {} @@ -51,8 +56,8 @@ void Signer::signPacket(PacketPtr packet) { packet->setValidationAlgorithm(suite_); // Set key ID - std::vector key_id = key_id_.getDigest(); - packet->setKeyId({key_id.data(), key_id.size()}); + const utils::MemBuf::Ptr &key_id = key_id_.getDigest(); + packet->setKeyId({key_id->writableData(), key_id->length()}); // Reset fields to compute the packet hash packet->resetForHash(); @@ -93,14 +98,16 @@ void Signer::signBuffer(const std::vector &buffer) { throw errors::RuntimeException("Digest computation failed"); } - signature_.resize(signature_len_); + DCHECK(signature_len_ <= signature_->tailroom()); + signature_->setLength(signature_len_); - if (EVP_DigestSignFinal(mdctx.get(), signature_.data(), &signature_len_) != - 1) { + if (EVP_DigestSignFinal(mdctx.get(), signature_->writableData(), + &signature_len_) != 1) { throw errors::RuntimeException("Digest computation failed"); } - signature_.resize(signature_len_); + DCHECK(signature_len_ <= signature_->tailroom()); + signature_->setLength(signature_len_); } void Signer::signBuffer(const utils::MemBuf *buffer) { @@ -135,24 +142,27 @@ void Signer::signBuffer(const utils::MemBuf *buffer) { throw errors::RuntimeException("Digest computation failed"); } - signature_.resize(signature_len_); + DCHECK(signature_len_ <= signature_->tailroom()); + signature_->setLength(signature_len_); - if (EVP_DigestSignFinal(mdctx.get(), signature_.data(), &signature_len_) != - 1) { + if (EVP_DigestSignFinal(mdctx.get(), signature_->writableData(), + &signature_len_) != 1) { throw errors::RuntimeException("Digest computation failed"); } - signature_.resize(signature_len_); + DCHECK(signature_len_ <= signature_->tailroom()); + signature_->setLength(signature_len_); } -std::vector Signer::getSignature() const { return signature_; } +const utils::MemBuf::Ptr &Signer::getSignature() const { return signature_; } std::string Signer::getStringSignature() const { std::stringstream string_sig; string_sig << std::hex << std::setfill('0'); - for (auto byte : signature_) { - string_sig << std::hex << std::setw(2) << static_cast(byte); + for (size_t i = 0; i < signature_len_; ++i) { + string_sig << std::hex << std::setw(2) + << static_cast(signature_->data()[i]); } return string_sig.str(); @@ -193,12 +203,14 @@ void VoidSigner::signBuffer(const utils::MemBuf *buffer) {} // --------------------------------------------------------- AsymmetricSigner::AsymmetricSigner(CryptoSuite suite, std::shared_ptr key, - std::shared_ptr pub_key) { + std::shared_ptr pub_key) + : Signer() { setKey(suite, key, pub_key); } AsymmetricSigner::AsymmetricSigner(std::string keystore_path, - std::string password) { + std::string password) + : Signer() { FILE *p12file = fopen(keystore_path.c_str(), "r"); if (p12file == nullptr) { @@ -230,7 +242,8 @@ void AsymmetricSigner::setKey(CryptoSuite suite, std::shared_ptr key, suite_ = suite; key_ = key; signature_len_ = EVP_PKEY_size(key.get()); - signature_.resize(signature_len_); + DCHECK(signature_len_ <= signature_->tailroom()); + signature_->setLength(signature_len_); std::vector pbk(i2d_PublicKey(pub_key.get(), nullptr)); uint8_t *pbk_ptr = pbk.data(); @@ -254,7 +267,8 @@ size_t AsymmetricSigner::getSignatureFieldSize() const { // Symmetric Signer // --------------------------------------------------------- SymmetricSigner::SymmetricSigner(CryptoSuite suite, - const std::string &passphrase) { + const std::string &passphrase) + : Signer() { suite_ = suite; key_ = std::shared_ptr( EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, nullptr, @@ -270,7 +284,8 @@ SymmetricSigner::SymmetricSigner(CryptoSuite suite, } signature_len_ = EVP_MD_size((*hash_evp)()); - signature_.resize(signature_len_); + DCHECK(signature_len_ <= signature_->tailroom()); + signature_->setLength(signature_len_); key_id_.computeDigest((uint8_t *)passphrase.c_str(), passphrase.size()); } diff --git a/libtransport/src/auth/verifier.cc b/libtransport/src/auth/verifier.cc index 0c35437f3..5d5f01711 100644 --- a/libtransport/src/auth/verifier.cc +++ b/libtransport/src/auth/verifier.cc @@ -14,8 +14,11 @@ */ #include +#include #include +#include "glog/logging.h" + namespace transport { namespace auth { @@ -49,8 +52,10 @@ bool Verifier::verifyPacket(PacketPtr packet) { hicn_packet_copy_header(format, packet->packet_start_, &header_copy, false); // Retrieve packet signature - std::vector signature_raw = packet->getSignature(); - signature_raw.resize(packet->getSignatureSize()); + utils::MemBuf::Ptr signature_raw = packet->getSignature(); + std::size_t signature_len = packet->getSignatureSize(); + DCHECK(signature_len <= signature_raw->tailroom()); + signature_raw->setLength(signature_len); // Reset fields that are not used to compute signature packet->resetForHash(); @@ -62,7 +67,7 @@ bool Verifier::verifyPacket(PacketPtr packet) { // Restore header hicn_packet_copy_header(format, &header_copy, packet->packet_start_, false); packet->setSignature(signature_raw); - packet->setSignatureSize(signature_raw.size()); + packet->setSignatureSize(signature_raw->length()); return valid_packet; } @@ -165,13 +170,13 @@ void Verifier::callVerificationFailedCallback(Suffix suffix, bool VoidVerifier::verifyPacket(PacketPtr packet) { return true; } bool VoidVerifier::verifyBuffer(const std::vector &buffer, - const std::vector &signature, + const utils::MemBuf::Ptr &signature, CryptoHashType hash_type) { return true; } bool VoidVerifier::verifyBuffer(const utils::MemBuf *buffer, - const std::vector &signature, + const utils::MemBuf::Ptr &signature, CryptoHashType hash_type) { return true; } @@ -232,7 +237,7 @@ void AsymmetricVerifier::useCertificate(std::shared_ptr cert) { } bool AsymmetricVerifier::verifyBuffer(const std::vector &buffer, - const std::vector &signature, + const utils::MemBuf::Ptr &signature, CryptoHashType hash_type) { CryptoHashEVP hash_evp = CryptoHash::getEVP(hash_type); @@ -255,12 +260,12 @@ bool AsymmetricVerifier::verifyBuffer(const std::vector &buffer, throw errors::RuntimeException("Digest update failed"); } - return EVP_DigestVerifyFinal(mdctx.get(), signature.data(), - signature.size()) == 1; + return EVP_DigestVerifyFinal(mdctx.get(), signature->data(), + signature->length()) == 1; } bool AsymmetricVerifier::verifyBuffer(const utils::MemBuf *buffer, - const std::vector &signature, + const utils::MemBuf::Ptr &signature, CryptoHashType hash_type) { CryptoHashEVP hash_evp = CryptoHash::getEVP(hash_type); @@ -288,8 +293,8 @@ bool AsymmetricVerifier::verifyBuffer(const utils::MemBuf *buffer, p = p->next(); } while (p != buffer); - return EVP_DigestVerifyFinal(mdctx.get(), signature.data(), - signature.size()) == 1; + return EVP_DigestVerifyFinal(mdctx.get(), signature->data(), + signature->length()) == 1; } // --------------------------------------------------------- @@ -309,7 +314,7 @@ void SymmetricVerifier::setPassphrase(const std::string &passphrase) { } bool SymmetricVerifier::verifyBuffer(const std::vector &buffer, - const std::vector &signature, + const utils::MemBuf::Ptr &signature, CryptoHashType hash_type) { CryptoHashEVP hash_evp = CryptoHash::getEVP(hash_type); @@ -317,7 +322,9 @@ bool SymmetricVerifier::verifyBuffer(const std::vector &buffer, throw errors::RuntimeException("Unknown hash type"); } - std::vector signature_bis(signature.size()); + const utils::MemBuf::Ptr &signature_bis = + core::PacketManager<>::getInstance().getMemBuf(); + signature_bis->append(signature->length()); size_t signature_bis_len; std::shared_ptr mdctx(EVP_MD_CTX_create(), EVP_MD_CTX_free); @@ -334,16 +341,17 @@ bool SymmetricVerifier::verifyBuffer(const std::vector &buffer, throw errors::RuntimeException("Digest update failed"); } - if (EVP_DigestSignFinal(mdctx.get(), signature_bis.data(), + if (EVP_DigestSignFinal(mdctx.get(), signature_bis->writableData(), &signature_bis_len) != 1) { throw errors::RuntimeException("Digest computation failed"); } - return signature == signature_bis && signature.size() == signature_bis_len; + return signature->length() == signature_bis_len && + *signature == *signature_bis; } bool SymmetricVerifier::verifyBuffer(const utils::MemBuf *buffer, - const std::vector &signature, + const utils::MemBuf::Ptr &signature, CryptoHashType hash_type) { CryptoHashEVP hash_evp = CryptoHash::getEVP(hash_type); @@ -352,7 +360,9 @@ bool SymmetricVerifier::verifyBuffer(const utils::MemBuf *buffer, } const utils::MemBuf *p = buffer; - std::vector signature_bis(signature.size()); + const utils::MemBuf::Ptr &signature_bis = + core::PacketManager<>::getInstance().getMemBuf(); + signature_bis->append(signature->length()); size_t signature_bis_len; std::shared_ptr mdctx(EVP_MD_CTX_create(), EVP_MD_CTX_free); @@ -373,12 +383,13 @@ bool SymmetricVerifier::verifyBuffer(const utils::MemBuf *buffer, p = p->next(); } while (p != buffer); - if (EVP_DigestSignFinal(mdctx.get(), signature_bis.data(), + if (EVP_DigestSignFinal(mdctx.get(), signature_bis->writableData(), &signature_bis_len) != 1) { throw errors::RuntimeException("Digest computation failed"); } - return signature == signature_bis && signature.size() == signature_bis_len; + return signature->length() == signature_bis_len && + *signature == *signature_bis; } } // namespace auth -- cgit 1.2.3-korg