From 35058cdfe0134c88f1aa8d23342d1d7b9d39e296 Mon Sep 17 00:00:00 2001
From: Alberto Compagno <acompagn+fdio@cisco.com>
Date: Tue, 7 Jan 2020 11:46:02 +0100
Subject: [HICN-2] Added P2P confidential communication on hICN

P2P confidential communications exploit the TLS 1.3 protocol to let a consumer to
establish a secure communication on an hICN name. Currently we don't support the
consumer authentication (mutual authentication in TLS) and the 0-rtt session
establishment.

Change-Id: I2be073847c08a17f28c837d444081920c5e57a07
Signed-off-by: Alberto Compagno <acompagn+fdio@cisco.com>
Signed-off-by: Olivier Roques <oroques+fdio@cisco.com>
Signed-off-by: Mauro Sardara <msardara@cisco.com>
---
 libtransport/src/hicn/transport/utils/signer.cc | 111 ++++++++++++++++--------
 1 file changed, 77 insertions(+), 34 deletions(-)

(limited to 'libtransport/src/hicn/transport/utils/signer.cc')

diff --git a/libtransport/src/hicn/transport/utils/signer.cc b/libtransport/src/hicn/transport/utils/signer.cc
index 981e5f02b..9ac9a2c45 100644
--- a/libtransport/src/hicn/transport/utils/signer.cc
+++ b/libtransport/src/hicn/transport/utils/signer.cc
@@ -39,54 +39,96 @@ namespace utils {
 uint8_t Signer::zeros[200] = {0};
 
 /*One signer_ per Private Key*/
-Signer::Signer(PARCKeyStore *keyStore, PARCCryptoSuite suite) {
+Signer::Signer(PARCKeyStore *keyStore, CryptoSuite suite) {
+  parcSecurity_Init();
+
   switch (suite) {
-    case PARCCryptoSuite_NULL_CRC32C:
-      break;
-    case PARCCryptoSuite_ECDSA_SHA256:
-    case PARCCryptoSuite_RSA_SHA256:
-    case PARCCryptoSuite_DSA_SHA256:
-    case PARCCryptoSuite_RSA_SHA512:
+    case CryptoSuite::DSA_SHA256:
+    case CryptoSuite::RSA_SHA256:
+    case CryptoSuite::RSA_SHA512:
+    case CryptoSuite::ECDSA_256K1: {
       this->signer_ =
-          parcSigner_Create(parcPublicKeySigner_Create(keyStore, suite),
+          parcSigner_Create(parcPublicKeySigner_Create(
+                                keyStore, static_cast<PARCCryptoSuite>(suite)),
                             PARCPublicKeySignerAsSigner);
-      this->key_id_ = parcSigner_CreateKeyId(this->signer_);
       break;
+    }
+    case CryptoSuite::HMAC_SHA256:
+    case CryptoSuite::HMAC_SHA512: {
+      this->signer_ =
+          parcSigner_Create(parcSymmetricKeySigner_Create(
+                                (PARCSymmetricKeyStore *)keyStore,
+                                parcCryptoSuite_GetCryptoHash(
+                                    static_cast<PARCCryptoSuite>(suite))),
+                            PARCSymmetricKeySignerAsSigner);
+      break;
+    }
+    default: { return; }
+  }
+
+  suite_ = suite;
+  key_id_ = parcSigner_CreateKeyId(this->signer_);
+  signature_length_ = parcSigner_GetSignatureSize(this->signer_);
+}
+
+Signer::Signer(const std::string &passphrase, CryptoSuite suite) {
+  parcSecurity_Init();
 
-    case PARCCryptoSuite_HMAC_SHA512:
-    case PARCCryptoSuite_HMAC_SHA256:
-    default:
+  switch (suite) {
+    case CryptoSuite::HMAC_SHA256:
+    case CryptoSuite::HMAC_SHA512: {
+      composer_ = parcBufferComposer_Create();
+      parcBufferComposer_PutString(composer_, passphrase.c_str());
+      key_buffer_ = parcBufferComposer_ProduceBuffer(composer_);
+      symmetricKeyStore_ = parcSymmetricKeyStore_Create(key_buffer_);
       this->signer_ = parcSigner_Create(
-          parcSymmetricKeySigner_Create((PARCSymmetricKeyStore *)keyStore,
-                                        parcCryptoSuite_GetCryptoHash(suite)),
+          parcSymmetricKeySigner_Create(
+              symmetricKeyStore_, parcCryptoSuite_GetCryptoHash(
+                                      static_cast<PARCCryptoSuite>(suite))),
           PARCSymmetricKeySignerAsSigner);
-      this->key_id_ = parcSigner_CreateKeyId(this->signer_);
       break;
+    }
+    default: { return; }
   }
+
+  suite_ = suite;
+  key_id_ = parcSigner_CreateKeyId(this->signer_);
+  signature_length_ = parcSigner_GetSignatureSize(this->signer_);
 }
 
-Signer::Signer(const PARCSigner *signer)
+Signer::Signer(const PARCSigner *signer, CryptoSuite suite)
     : signer_(parcSigner_Acquire(signer)),
-      key_id_(parcSigner_CreateKeyId(this->signer_)) {}
+      key_id_(parcSigner_CreateKeyId(this->signer_)),
+      suite_(suite),
+      signature_length_(parcSigner_GetSignatureSize(this->signer_)) {
+  parcSecurity_Init();
+}
+
+Signer::Signer(const PARCSigner *signer)
+    : Signer(signer, CryptoSuite::UNKNOWN) {}
 
 Signer::~Signer() {
-  parcSigner_Release(&signer_);
-  parcKeyId_Release(&key_id_);
+  if (signature_) parcSignature_Release(&signature_);
+  if (symmetricKeyStore_) parcSymmetricKeyStore_Release(&symmetricKeyStore_);
+  if (key_buffer_) parcBuffer_Release(&key_buffer_);
+  if (composer_) parcBufferComposer_Release(&composer_);
+  if (signer_) parcSigner_Release(&signer_);
+  if (key_id_) parcKeyId_Release(&key_id_);
+  parcSecurity_Fini();
 }
 
 void Signer::sign(Packet &packet) {
   // header chain points to the IP + TCP hicn header + AH Header
-  utils::MemBuf *header_chain = packet.header_head_;
-  utils::MemBuf *payload_chain = packet.payload_head_;
+  MemBuf *header_chain = packet.header_head_;
+  MemBuf *payload_chain = packet.payload_head_;
   uint8_t *hicn_packet = (uint8_t *)header_chain->writableData();
   Packet::Format format = packet.getFormat();
-  std::size_t sign_len_bytes = parcSigner_GetSignatureSize(signer_);
 
   if (!(format & HFO_AH)) {
     throw errors::MalformedAHPacketException();
   }
 
-  packet.setSignatureSize(sign_len_bytes);
+  packet.setSignatureSize(signature_length_);
 
   // Copy IP+TCP/ICMP header before zeroing them
   hicn_header_t header_copy;
@@ -102,8 +144,7 @@ void Signer::sign(Packet &packet) {
   auto now = duration_cast<milliseconds>(system_clock::now().time_since_epoch())
                  .count();
   packet.setSignatureTimestamp(now);
-  packet.setValidationAlgorithm(
-      CryptoSuite(parcSigner_GetCryptoSuite(this->signer_)));
+  packet.setValidationAlgorithm(suite_);
 
   KeyId key_id;
   key_id.first = (uint8_t *)parcBuffer_Overlay(
@@ -111,25 +152,25 @@ void Signer::sign(Packet &packet) {
   packet.setKeyId(key_id);
 
   // Calculate hash
-  utils::CryptoHasher hasher(parcSigner_GetCryptoHasher(signer_));
+  CryptoHasher hasher(parcSigner_GetCryptoHasher(signer_));
   hasher.init();
-  hasher.updateBytes(hicn_packet, header_len + sign_len_bytes);
+  hasher.updateBytes(hicn_packet, header_len + signature_length_);
 
-  for (utils::MemBuf *current = payload_chain; current != header_chain;
+  for (MemBuf *current = payload_chain; current != header_chain;
        current = current->next()) {
     hasher.updateBytes(current->data(), current->length());
   }
 
-  utils::CryptoHash hash = hasher.finalize();
+  CryptoHash hash = hasher.finalize();
 
-  PARCSignature *signature = parcSigner_SignDigestNoAlloc(
-      this->signer_, hash.hash_, packet.getSignature(),
-      (uint32_t)sign_len_bytes);
-  PARCBuffer *buffer = parcSignature_GetSignature(signature);
+  signature_ = parcSigner_SignDigestNoAlloc(this->signer_, hash.hash_,
+                                            packet.getSignature(),
+                                            (uint32_t)signature_length_);
+  PARCBuffer *buffer = parcSignature_GetSignature(signature_);
 
   size_t bytes_len = parcBuffer_Remaining(buffer);
 
-  if (bytes_len > sign_len_bytes) {
+  if (bytes_len > signature_length_) {
     throw errors::MalformedAHPacketException();
   }
 
@@ -137,6 +178,8 @@ void Signer::sign(Packet &packet) {
                           (hicn_header_t *)packet.packet_start_, false);
 }
 
+size_t Signer::getSignatureLength() { return signature_length_; }
+
 PARCKeyStore *Signer::getKeyStore() {
   return parcSigner_GetKeyStore(this->signer_);
 }
-- 
cgit 1.2.3-korg