From 45ae2768f2842cc55f153a71fa66b1d3e25e9ab7 Mon Sep 17 00:00:00 2001 From: Mauro Sardara Date: Tue, 12 Feb 2019 00:07:11 +0100 Subject: [HICN-52] Fix signature computation and verification in libtransport Change-Id: I9b30a9c9e95e2cb2f135fe7efd43e633235196d9 Signed-off-by: Mauro Sardara --- libtransport/src/hicn/transport/utils/verifier.cc | 29 ++++++++++++++--------- 1 file changed, 18 insertions(+), 11 deletions(-) (limited to 'libtransport/src/hicn/transport/utils/verifier.cc') diff --git a/libtransport/src/hicn/transport/utils/verifier.cc b/libtransport/src/hicn/transport/utils/verifier.cc index bc460b821..aec80cff6 100644 --- a/libtransport/src/hicn/transport/utils/verifier.cc +++ b/libtransport/src/hicn/transport/utils/verifier.cc @@ -109,10 +109,13 @@ int Verifier::verify(const Packet &packet) { // Copy IP+TCP/ICMP header before zeroing them hicn_header_t header_copy; - if (format & HFO_INET) { - memcpy(&header_copy, hicn_packet, sizeof(hicn_v4_hdr_t)); - } else if (format & HFO_INET6) { - memcpy(&header_copy, hicn_packet, sizeof(hicn_v6_hdr_t)); + if (format == HF_INET_TCP_AH) { + memcpy(&header_copy, hicn_packet, HICN_V4_TCP_HDRLEN); + } else if (format == HF_INET6_TCP_AH) { + memcpy(&header_copy, hicn_packet, HICN_V6_TCP_HDRLEN); + } else { + throw errors::RuntimeException( + "Verifier::verify -- Packet format not expected."); } std::size_t header_len = Packet::getHeaderSizeFromFormat(format); @@ -125,8 +128,13 @@ int Verifier::verify(const Packet &packet) { PARCKeyId *key_id = parcKeyId_Create(buffer); parcBuffer_Release(&buffer); - int ah_payload_len = (int)(header_chain->next()->length()); - uint8_t *signature = header_chain->next()->writableData(); + int ah_payload_len = packet.getSignatureSize(); + uint8_t *_signature = packet.getSignature(); + uint8_t signature[ah_payload_len]; + + // TODO Remove signature copy at this point, by not setting to zero + // the validation payload. + std::memcpy(signature, _signature, ah_payload_len); // Reset fields that should not appear in the signature const_cast(packet).resetForHash(); @@ -135,9 +143,7 @@ int Verifier::verify(const Packet &packet) { utils::CryptoHasher hasher( parcVerifier_GetCryptoHasher(verifier_, key_id, hashtype)); - hasher.init() - .updateBytes(hicn_packet, header_len) - .updateBytes(zeros, ah_payload_len); + hasher.init().updateBytes(hicn_packet, header_len + ah_payload_len); for (utils::MemBuf *current = payload_chain; current != header_chain; current = current->next()) { @@ -180,9 +186,9 @@ int Verifier::verify(const Packet &packet) { /* Restore the resetted fields */ if (format & HFO_INET) { - memcpy(hicn_packet, &header_copy, sizeof(hicn_v4_hdr_t)); + memcpy(hicn_packet, &header_copy, HICN_V4_TCP_HDRLEN); } else if (format & HFO_INET6) { - memcpy(hicn_packet, &header_copy, sizeof(hicn_v6_hdr_t)); + memcpy(hicn_packet, &header_copy, HICN_V6_TCP_HDRLEN); } parcKeyId_Release(&key_id); @@ -192,4 +198,5 @@ int Verifier::verify(const Packet &packet) { return valid; } + } // namespace utils -- cgit 1.2.3-korg