From fff98b4f6404bc48a13be37db90c7124c632c110 Mon Sep 17 00:00:00 2001 From: Ruben Nijveld Date: Tue, 8 Oct 2024 07:02:03 +0900 Subject: [PATCH] Re-add signing operations --- statime/src/port/master.rs | 81 ++++++++++++++++++++++++++++++++++---- statime/src/port/mod.rs | 1 + statime/src/port/slave.rs | 39 +++++++++++++++--- 3 files changed, 108 insertions(+), 13 deletions(-) diff --git a/statime/src/port/master.rs b/statime/src/port/master.rs index e91a84b8f..64996c4ef 100644 --- a/statime/src/port/master.rs +++ b/statime/src/port/master.rs @@ -2,6 +2,7 @@ use arrayvec::ArrayVec; use super::{state::PortState, ForwardedTLVProvider, Port, PortActionIterator, Running}; use crate::{ + crypto::SecurityAssociationProvider, datastructures::{ common::{PortIdentity, Tlv, TlvSetBuilder, TlvType}, messages::{DelayReqMessage, Header, Message, MAX_DATA_LEN}, @@ -12,17 +13,28 @@ use crate::{ time::Time, }; -impl<'a, A, C, F: Filter, R, P, S: PtpInstanceStateMutex> Port<'a, Running, A, R, C, F, P, S> { +impl<'a, A, C, F: Filter, R, P: SecurityAssociationProvider, S: PtpInstanceStateMutex> + Port<'a, Running, A, R, C, F, P, S> +{ pub(super) fn send_sync(&mut self) -> PortActionIterator { if matches!(self.port_state, PortState::Master) { log::trace!("sending sync message"); let seq_id = self.sync_seq_ids.generate(); - let packet_length = match self + let mut message = self .instance_state - .with_ref(|state| Message::sync(&state.default_ds, self.port_identity, seq_id)) - .serialize(&mut self.packet_buffer) - { + .with_ref(|state| Message::sync(&state.default_ds, self.port_identity, seq_id)); + let mut temp_buffer = [0; MAX_DATA_LEN]; + if let Some(spp) = self.config.spp { + if message + .add_signature(spp, &self.security_provider, &mut temp_buffer) + .is_err() + { + log::error!("Could not add signature to sync, sending without") + } + } + + let packet_length = match message.serialize(&mut self.packet_buffer) { Ok(message) => message, Err(error) => { log::error!("Statime bug: Could not serialize sync: {:?}", error); @@ -49,6 +61,19 @@ impl<'a, A, C, F: Filter, R, P, S: PtpInstanceStateMutex> Port<'a, Running, A, R pub(super) fn handle_sync_timestamp(&mut self, id: u16, timestamp: Time) -> PortActionIterator { if matches!(self.port_state, PortState::Master) { + let mut message = self.instance_state.with_ref(|state| { + Message::follow_up(&state.default_ds, self.port_identity, id, timestamp) + }); + let mut temp_buffer = [0; MAX_DATA_LEN]; + if let Some(spp) = self.config.spp { + if message + .add_signature(spp, &self.security_provider, &mut temp_buffer) + .is_err() + { + log::error!("Could not sign follow up message, sending unsigned"); + } + } + let packet_length = match self .instance_state .with_ref(|state| { @@ -141,6 +166,16 @@ impl<'a, A, C, F: Filter, R, P, S: PtpInstanceStateMutex> Port<'a, Running, A, R message.suffix = tlv_builder.build(); + let mut temp_buffer = [0; MAX_DATA_LEN]; + if let Some(spp) = self.config.spp { + if message + .add_signature(spp, &self.security_provider, &mut temp_buffer) + .is_err() + { + log::error!("Could not sign announce message, sending unsigned"); + } + } + let packet_length = match message.serialize(&mut self.packet_buffer) { Ok(length) => length, Err(error) => { @@ -174,7 +209,7 @@ impl<'a, A, C, F: Filter, R, P, S: PtpInstanceStateMutex> Port<'a, Running, A, R ) -> PortActionIterator { if matches!(self.port_state, PortState::Master) { log::debug!("Received DelayReq"); - let delay_resp_message = Message::delay_resp( + let mut delay_resp_message = Message::delay_resp( header, message, self.port_identity, @@ -182,6 +217,16 @@ impl<'a, A, C, F: Filter, R, P, S: PtpInstanceStateMutex> Port<'a, Running, A, R timestamp, ); + let mut temp_buffer = [0; MAX_DATA_LEN]; + if let Some(spp) = self.config.spp { + if delay_resp_message + .add_signature(spp, &self.security_provider, &mut temp_buffer) + .is_err() + { + log::error!("Could not sign delay response message, sending unsigned"); + } + } + let packet_length = match delay_resp_message.serialize(&mut self.packet_buffer) { Ok(length) => length, Err(error) => { @@ -205,10 +250,20 @@ impl<'a, A, C, F: Filter, R, P, S: PtpInstanceStateMutex> Port<'a, Running, A, R timestamp: Time, ) -> PortActionIterator { log::debug!("Received PDelayReq"); - let pdelay_resp_message = self.instance_state.with_ref(|state| { + let mut pdelay_resp_message = self.instance_state.with_ref(|state| { Message::pdelay_resp(&state.default_ds, self.port_identity, header, timestamp) }); + let mut temp_buffer = [0; MAX_DATA_LEN]; + if let Some(spp) = self.config.spp { + if pdelay_resp_message + .add_signature(spp, &self.security_provider, &mut temp_buffer) + .is_err() + { + log::error!("Could not sign pdelay response message, sending unsigned"); + } + } + let packet_length = match pdelay_resp_message.serialize(&mut self.packet_buffer) { Ok(length) => length, Err(error) => { @@ -235,7 +290,7 @@ impl<'a, A, C, F: Filter, R, P, S: PtpInstanceStateMutex> Port<'a, Running, A, R requestor_identity: PortIdentity, timestamp: Time, ) -> PortActionIterator { - let pdelay_resp_follow_up_messgae = self.instance_state.with_ref(|state| { + let mut pdelay_resp_follow_up_messgae = self.instance_state.with_ref(|state| { Message::pdelay_resp_follow_up( &state.default_ds, self.port_identity, @@ -245,6 +300,16 @@ impl<'a, A, C, F: Filter, R, P, S: PtpInstanceStateMutex> Port<'a, Running, A, R ) }); + let mut temp_buffer = [0; MAX_DATA_LEN]; + if let Some(spp) = self.config.spp { + if pdelay_resp_follow_up_messgae + .add_signature(spp, &self.security_provider, &mut temp_buffer) + .is_err() + { + log::error!("Could not sign pdelay response follow up message, sending unsigned"); + } + } + let packet_length = match pdelay_resp_follow_up_messgae.serialize(&mut self.packet_buffer) { Ok(length) => length, Err(error) => { diff --git a/statime/src/port/mod.rs b/statime/src/port/mod.rs index 0ad9b2e2e..2f71d5b05 100644 --- a/statime/src/port/mod.rs +++ b/statime/src/port/mod.rs @@ -533,6 +533,7 @@ impl< } } +#[allow(clippy::type_complexity)] impl<'a, A, C, F: Filter, R, P, S> Port<'a, InBmca, A, R, C, F, P, S> { /// End a BMCA cycle and make the /// [`handle_*`](`Port::handle_send_timestamp`) methods available again diff --git a/statime/src/port/slave.rs b/statime/src/port/slave.rs index 03772f79e..7cda5c0bd 100644 --- a/statime/src/port/slave.rs +++ b/statime/src/port/slave.rs @@ -6,12 +6,16 @@ use super::{ }; use crate::{ config::DelayMechanism, + crypto::SecurityAssociationProvider, datastructures::messages::{ DelayRespMessage, FollowUpMessage, Header, Message, PDelayRespFollowUpMessage, PDelayRespMessage, SyncMessage, }, filters::Filter, - port::{actions::TimestampContextInner, state::SyncState, PortAction, TimestampContext}, + port::{ + actions::TimestampContextInner, state::SyncState, PortAction, TimestampContext, + MAX_DATA_LEN, + }, ptp_instance::PtpInstanceStateMutex, time::{Duration, Interval, Time}, Clock, @@ -456,8 +460,15 @@ impl<'a, A, C: Clock, F: Filter, R, P, S> Port<'a, Running, A, R, C, F, P, S> { } } -impl<'a, A, C: Clock, F: Filter, R: Rng, P, S: PtpInstanceStateMutex> - Port<'a, Running, A, R, C, F, P, S> +impl< + 'a, + A, + C: Clock, + F: Filter, + R: Rng, + P: SecurityAssociationProvider, + S: PtpInstanceStateMutex, + > Port<'a, Running, A, R, C, F, P, S> { pub(super) fn send_delay_request(&mut self) -> PortActionIterator { match self.config.delay_mechanism { @@ -472,9 +483,18 @@ impl<'a, A, C: Clock, F: Filter, R: Rng, P, S: PtpInstanceStateMutex> ) -> PortActionIterator { let pdelay_id = self.pdelay_seq_ids.generate(); - let pdelay_req = self.instance_state.with_ref(|state| { + let mut pdelay_req = self.instance_state.with_ref(|state| { Message::pdelay_req(&state.default_ds, self.port_identity, pdelay_id) }); + let mut temp_buffer = [0; MAX_DATA_LEN]; + if let Some(spp) = self.config.spp { + if pdelay_req + .add_signature(spp, &self.security_provider, &mut temp_buffer) + .is_err() + { + log::error!("Could not sign delay request, sending without signature"); + } + } let message_length = match pdelay_req.serialize(&mut self.packet_buffer) { Ok(length) => length, Err(error) => { @@ -519,9 +539,18 @@ impl<'a, A, C: Clock, F: Filter, R: Rng, P, S: PtpInstanceStateMutex> log::debug!("Starting new delay measurement"); let delay_id = self.delay_seq_ids.generate(); - let delay_req = self.instance_state.with_ref(|state| { + let mut delay_req = self.instance_state.with_ref(|state| { Message::delay_req(&state.default_ds, self.port_identity, delay_id) }); + let mut temp_buffer = [0; MAX_DATA_LEN]; + if let Some(spp) = self.config.spp { + if delay_req + .add_signature(spp, &self.security_provider, &mut temp_buffer) + .is_err() + { + log::error!("Could not sign delay request, sending without signature"); + } + } let message_length = match delay_req.serialize(&mut self.packet_buffer) { Ok(length) => length,