From c46e5df56b67bb8ea7a068d39324c640084ead2b Mon Sep 17 00:00:00 2001 From: Luca Muscariello Date: Wed, 30 Mar 2022 22:29:28 +0200 Subject: feat: boostrap hicn 22.02 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The current patch provides several new features, improvements, bug fixes and also complete rewrite of entire components. - lib The hicn packet parser has been improved with a new packet format fully based on UDP. The TCP header is still temporarily supported but the UDP header will replace completely the new hicn packet format. Improvements have been made to make sure every packet parsing operation is made via this library. The current new header can be used as header between the payload and the UDP header or as trailer in the UDP surplus area to be tested when UDP options will start to be used. - hicn-light The portable packet forwarder has been completely rewritten from scratch with the twofold objective to improve performance and code size but also to drop dependencies such as libparc which is now removed by the current implementation. - hicn control the control library is the agent that is used to program the packet forwarders via their binary API. This component has benefited from significant improvements in terms of interaction model which is now event driven and more robust to failures. - VPP plugin has been updated to support VPP 22.02 - transport Major improvement have been made to the RTC protocol, to the support of IO modules and to the security sub system. Signed manifests are the default data authenticity and integrity framework. Confidentiality can be enabled by sharing the encryption key to the prod/cons layer. The library has been tested with group key based applications such as broadcast/multicast and real-time on-line meetings with trusted server keys or MLS. - testing Unit testing has been introduced using GoogleTest. One third of the code base is covered by unit testing with priority on critical features. Functional testing has also been introduce using Docker, linux bridging and Robot Framework to define test with Less Code techniques to facilitate the extension of the coverage. Co-authored-by: Mauro Sardara Co-authored-by: Jordan Augé Co-authored-by: Michele Papalini Co-authored-by: Angelo Mantellini Co-authored-by: Jacques Samain Co-authored-by: Olivier Roques Co-authored-by: Enrico Loparco Co-authored-by: Giulio Grassi Change-Id: I75d0ef70f86d921e3ef503c99271216ff583c215 Signed-off-by: Luca Muscariello Signed-off-by: Mauro Sardara --- libtransport/src/test/test_auth.cc | 178 ++++++++++++++++++++++++++++--------- 1 file changed, 136 insertions(+), 42 deletions(-) (limited to 'libtransport/src/test/test_auth.cc') diff --git a/libtransport/src/test/test_auth.cc b/libtransport/src/test/test_auth.cc index db1c3b52f..d7fd55433 100644 --- a/libtransport/src/test/test_auth.cc +++ b/libtransport/src/test/test_auth.cc @@ -15,10 +15,15 @@ #include #include -#include #include #include #include +#include + +using BN_ptr = std::unique_ptr; +using RSA_ptr = std::unique_ptr; +using EC_KEY_ptr = std::unique_ptr; +using DSA_ptr = std::unique_ptr; namespace transport { namespace auth { @@ -50,11 +55,23 @@ TEST_F(AuthTest, VoidVerifier) { } TEST_F(AuthTest, AsymmetricRSA) { - // Create the RSA signer from an Identity object - Identity identity("test_rsa.p12", PASSPHRASE, CryptoSuite::RSA_SHA256, 1024u, - 30, "RSAVerifier"); - - std::shared_ptr signer = identity.getSigner(); + // Create the RSA keys + std::shared_ptr privateKey(EVP_PKEY_new(), EVP_PKEY_free); + std::shared_ptr pubKey(EVP_PKEY_new(), EVP_PKEY_free); + RSA_ptr rsa(RSA_new(), ::RSA_free); + BN_ptr pub_exp(BN_new(), ::BN_free); + + BN_set_word(pub_exp.get(), RSA_F4); + if (1 != RSA_generate_key_ex(rsa.get(), 2048u, pub_exp.get(), NULL)) + throw errors::RuntimeException("can't generate the key"); + RSA_ptr rsa_pub(RSAPublicKey_dup(rsa.get()), ::RSA_free); + RSA_ptr rsa_priv(RSAPrivateKey_dup(rsa.get()), ::RSA_free); + if (1 != EVP_PKEY_set1_RSA(pubKey.get(), rsa_pub.get())) + throw errors::RuntimeException("can't generate the key"); + if (1 != EVP_PKEY_set1_RSA(privateKey.get(), rsa_priv.get())) + throw errors::RuntimeException("can't generate the key"); + std::shared_ptr signer = std::make_shared( + CryptoSuite::RSA_SHA256, privateKey, pubKey); // Create a content object core::ContentObject packet(HF_INET6_TCP_AH, signer->getSignatureSize()); @@ -68,61 +85,112 @@ TEST_F(AuthTest, AsymmetricRSA) { // Create the RSA verifier std::shared_ptr verifier = - std::make_shared(identity.getCertificate()); + std::make_shared(pubKey); EXPECT_EQ(packet.getFormat(), HF_INET6_TCP_AH); EXPECT_EQ(signer->getHashType(), CryptoHashType::SHA256); EXPECT_EQ(signer->getSuite(), CryptoSuite::RSA_SHA256); - EXPECT_EQ(signer->getSignatureSize(), 128u); + EXPECT_EQ(signer->getSignatureSize(), 256u); EXPECT_EQ(verifier->verifyPackets(&packet), VerificationPolicy::ACCEPT); } TEST_F(AuthTest, AsymmetricBufferRSA) { - // Create the RSA signer from an Identity object - Identity identity("test_rsa.p12", PASSPHRASE, CryptoSuite::RSA_SHA256, 1024u, - 30, "RSAVerifier"); + // Create the RSA keys + std::shared_ptr privateKey(EVP_PKEY_new(), EVP_PKEY_free); + std::shared_ptr pubKey(EVP_PKEY_new(), EVP_PKEY_free); + RSA_ptr rsa(RSA_new(), ::RSA_free); + BN_ptr pub_exp(BN_new(), ::BN_free); + + BN_set_word(pub_exp.get(), RSA_F4); + if (1 != RSA_generate_key_ex(rsa.get(), 2048u, pub_exp.get(), NULL)) + throw errors::RuntimeException("can't generate the key"); + RSA_ptr rsa_pub(RSAPublicKey_dup(rsa.get()), ::RSA_free); + RSA_ptr rsa_priv(RSAPrivateKey_dup(rsa.get()), ::RSA_free); + if (1 != EVP_PKEY_set1_RSA(pubKey.get(), rsa_pub.get())) + throw errors::RuntimeException("can't generate the key"); + if (1 != EVP_PKEY_set1_RSA(privateKey.get(), rsa_priv.get())) + throw errors::RuntimeException("can't generate the key"); + std::shared_ptr signer = std::make_shared( + CryptoSuite::RSA_SHA256, privateKey, pubKey); - std::shared_ptr signer = identity.getSigner(); std::string payload = "bonjour"; std::vector buffer(payload.begin(), payload.end()); signer->signBuffer(buffer); std::vector sig = signer->getSignature(); - std::shared_ptr cert = identity.getCertificate(); - AsymmetricVerifier verif(cert); - bool res = verif.verifyBuffer( + std::shared_ptr verif = + std::make_shared(pubKey); + bool res = verif->verifyBuffer( buffer, std::vector(sig.data(), sig.data() + sig.size()), CryptoHashType::SHA256); EXPECT_EQ(res, true); } TEST_F(AuthTest, AsymmetricBufferDSA) { - // Create the DSA signer from an Identity object - Identity identity("test_dsa.p12", PASSPHRASE, CryptoSuite::DSA_SHA256, 1024u, - 30, "DSAVerifier"); + // Create the DSA keys + + std::shared_ptr privateKey(EVP_PKEY_new(), EVP_PKEY_free); + + DSA_ptr dsa(DSA_new(), ::DSA_free); + unsigned char buf[32]; + if (RAND_bytes(buf, sizeof(buf)) != 1) { + throw errors::RuntimeException("can't generate the key"); + } + if (DSA_generate_parameters_ex(dsa.get(), 1024u, buf, sizeof(buf), NULL, NULL, + NULL) != 1) + throw errors::RuntimeException("can't generate the key"); + if (DSA_generate_key(dsa.get()) != 1) + throw errors::RuntimeException("can't generate the key"); + if (EVP_PKEY_set1_DSA(privateKey.get(), dsa.get()) != 1) + throw errors::RuntimeException("can't generate the key"); + if (1 != EVP_PKEY_set1_DSA(privateKey.get(), dsa.get())) + throw errors::RuntimeException("can't generate the key"); + + std::shared_ptr cert(X509_new(), ::X509_free); + X509_set_pubkey(cert.get(), privateKey.get()); + std::shared_ptr pubKey(X509_get_pubkey(cert.get()), EVP_PKEY_free); + std::shared_ptr signer = std::make_shared( + CryptoSuite::DSA_SHA256, privateKey, pubKey); - std::shared_ptr signer = identity.getSigner(); std::string payload = "bonjour"; std::vector buffer(payload.begin(), payload.end()); signer->signBuffer(buffer); std::vector sig = signer->getSignature(); - std::shared_ptr cert = identity.getCertificate(); - AsymmetricVerifier verif(cert); - bool res = verif.verifyBuffer( + std::shared_ptr verif = + std::make_shared(pubKey); + bool res = verif->verifyBuffer( buffer, std::vector(sig.data(), sig.data() + sig.size()), CryptoHashType::SHA256); EXPECT_EQ(res, true); } TEST_F(AuthTest, AsymmetricVerifierDSA) { - // Create the DSA signer from an Identity object - Identity identity("test_dsa.p12", PASSPHRASE, CryptoSuite::DSA_SHA256, 1024u, - 30, "DSAVerifier"); + // Create the DSA keys + std::shared_ptr privateKey(EVP_PKEY_new(), EVP_PKEY_free); - std::shared_ptr signer = identity.getSigner(); + DSA_ptr dsa(DSA_new(), ::DSA_free); + unsigned char buf[32]; + if (RAND_bytes(buf, sizeof(buf)) != 1) { + throw errors::RuntimeException("can't generate the key"); + } + if (DSA_generate_parameters_ex(dsa.get(), 1024u, buf, sizeof(buf), NULL, NULL, + NULL) != 1) + throw errors::RuntimeException("can't generate the key"); + if (DSA_generate_key(dsa.get()) != 1) + throw errors::RuntimeException("can't generate the key"); + if (EVP_PKEY_set1_DSA(privateKey.get(), dsa.get()) != 1) + throw errors::RuntimeException("can't generate the key"); + if (1 != EVP_PKEY_set1_DSA(privateKey.get(), dsa.get())) + throw errors::RuntimeException("can't generate the key"); + + std::shared_ptr cert(X509_new(), ::X509_free); + X509_set_pubkey(cert.get(), privateKey.get()); + std::shared_ptr pubKey(X509_get_pubkey(cert.get()), EVP_PKEY_free); + std::shared_ptr signer = std::make_shared( + CryptoSuite::DSA_SHA256, privateKey, pubKey); // Create a content object core::ContentObject packet(HF_INET6_TCP_AH, signer->getSignatureSize()); @@ -134,7 +202,7 @@ TEST_F(AuthTest, AsymmetricVerifierDSA) { // EXPECT_EQ(signer->getSignatureSize(), 256u); signer->signPacket(&packet); std::shared_ptr verifier = - std::make_shared(identity.getCertificate()); + std::make_shared(cert); EXPECT_EQ(packet.getFormat(), HF_INET6_TCP_AH); EXPECT_EQ(signer->getHashType(), CryptoHashType::SHA256); @@ -143,33 +211,59 @@ TEST_F(AuthTest, AsymmetricVerifierDSA) { } TEST_F(AuthTest, AsymmetricBufferECDSA) { - // Create the ECDSA signer from an Identity object - Identity identity("test_ecdsa.p12", PASSPHRASE, CryptoSuite::ECDSA_SHA256, - 256u, 30, "ECDSAVerifier"); + // Create the ECDSA keys + std::shared_ptr privateKey(EVP_PKEY_new(), EVP_PKEY_free); + std::shared_ptr pubKey(EVP_PKEY_new(), EVP_PKEY_free); + EC_KEY_ptr ec_priv(EC_KEY_new_by_curve_name(NID_secp256k1), ::EC_KEY_free); + EC_KEY_ptr ec_pub(EC_KEY_new(), ::EC_KEY_free); + EC_KEY_set_asn1_flag(ec_priv.get(), OPENSSL_EC_NAMED_CURVE); + if (EC_KEY_generate_key(ec_priv.get()) == 0) + throw errors::RuntimeException("can't generate the ecdsa key"); + if (1 != EVP_PKEY_set1_EC_KEY(privateKey.get(), ec_priv.get())) + throw errors::RuntimeException("can't generate the key"); + EC_KEY_set_group(ec_pub.get(), EC_KEY_get0_group(ec_priv.get())); + EC_KEY_set_public_key(ec_pub.get(), EC_KEY_get0_public_key(ec_priv.get())); + if (1 != EVP_PKEY_set1_EC_KEY(pubKey.get(), ec_pub.get())) + throw errors::RuntimeException("can't generate the key"); + + std::shared_ptr signer = std::make_shared( + CryptoSuite::ECDSA_SHA256, privateKey, pubKey); - std::shared_ptr signer = identity.getSigner(); std::string payload = "bonjour"; std::vector buffer(payload.begin(), payload.end()); signer->signBuffer(buffer); std::vector sig = signer->getSignature(); - std::shared_ptr cert = identity.getCertificate(); - AsymmetricVerifier verif(cert); - bool res = verif.verifyBuffer( + std::shared_ptr verif = + std::make_shared(pubKey); + bool res = verif->verifyBuffer( buffer, std::vector(sig.data(), sig.data() + sig.size()), CryptoHashType::SHA256); EXPECT_EQ(res, true); -} +} // namespace auth TEST_F(AuthTest, AsymmetricVerifierECDSA) { - Identity identity("test_ecdsa.p12", PASSPHRASE, CryptoSuite::ECDSA_SHA256, - 256u, 30, "ECDSAVerifier"); - - std::shared_ptr signer = identity.getSigner(); - std::shared_ptr verifier = - std::make_shared(identity.getCertificate()); - // Create a content object + // Create the ECDSA keys + std::shared_ptr privateKey(EVP_PKEY_new(), EVP_PKEY_free); + std::shared_ptr pubKey(EVP_PKEY_new(), EVP_PKEY_free); + EC_KEY_ptr ec_priv(EC_KEY_new_by_curve_name(NID_secp256k1), ::EC_KEY_free); + EC_KEY_ptr ec_pub(EC_KEY_new(), ::EC_KEY_free); + EC_KEY_set_asn1_flag(ec_priv.get(), OPENSSL_EC_NAMED_CURVE); + if (EC_KEY_generate_key(ec_priv.get()) == 0) + throw errors::RuntimeException("can't generate the ecdsa key"); + if (1 != EVP_PKEY_set1_EC_KEY(privateKey.get(), ec_priv.get())) + throw errors::RuntimeException("can't generate the key"); + EC_KEY_set_group(ec_pub.get(), EC_KEY_get0_group(ec_priv.get())); + EC_KEY_set_public_key(ec_pub.get(), EC_KEY_get0_public_key(ec_priv.get())); + if (1 != EVP_PKEY_set1_EC_KEY(pubKey.get(), ec_pub.get())) + throw errors::RuntimeException("can't generate the key"); + + std::shared_ptr signer = std::make_shared( + CryptoSuite::ECDSA_SHA256, privateKey, pubKey); + + std::shared_ptr verifier = + std::make_shared(pubKey); for (int i = 0; i < 100; i++) { core::ContentObject packet(HF_INET6_TCP_AH, signer->getSignatureSize()); -- cgit 1.2.3-korg