Add sctp authentication to sctp_lib
This only works for linux >=5.4. When enabled, it will use
a shared key to authenticate messages. The functionality is
controlled by a flag and behind a linux version check.
Performance degradation is minimal, even for smaller messages
and unnoticeable when measuring overall system performance.
Change-Id: I836e61ec38a0c116fd7244b771437738ccca9828
Signed-off-by: James Kuszmaul <jabukuszmaul+collab@gmail.com>
diff --git a/aos/network/message_bridge_client.cc b/aos/network/message_bridge_client.cc
index c3f55ba..afe2a90 100644
--- a/aos/network/message_bridge_client.cc
+++ b/aos/network/message_bridge_client.cc
@@ -2,14 +2,24 @@
#include "aos/init.h"
#include "aos/logging/dynamic_logging.h"
#include "aos/network/message_bridge_client_lib.h"
+#include "aos/network/sctp_lib.h"
#include "aos/sha256.h"
+#include "aos/util/file.h"
DEFINE_string(config, "aos_config.json", "Path to the config.");
DEFINE_int32(rt_priority, -1, "If > 0, run as this RT priority");
+#if HAS_SCTP_AUTH
+DEFINE_string(sctp_auth_key_file, "",
+ "When set, use the provided key for SCTP authentication as "
+ "defined in RFC 4895. The file should be binary-encoded");
+#endif
+
namespace aos {
namespace message_bridge {
+using ::aos::util::ReadFileToVecOrDie;
+
int Main() {
aos::FlatbufferDetachedBuffer<aos::Configuration> config =
aos::configuration::ReadConfig(FLAGS_config);
@@ -19,7 +29,14 @@
event_loop.SetRuntimeRealtimePriority(FLAGS_rt_priority);
}
- MessageBridgeClient app(&event_loop, Sha256(config.span()));
+ std::vector<uint8_t> auth_key;
+#if HAS_SCTP_AUTH
+ if (!FLAGS_sctp_auth_key_file.empty()) {
+ auth_key = ReadFileToVecOrDie(FLAGS_sctp_auth_key_file);
+ }
+#endif
+ MessageBridgeClient app(&event_loop, Sha256(config.span()),
+ std::move(auth_key));
logging::DynamicLogging dynamic_logging(&event_loop);
// TODO(austin): Save messages into a vector to be logged. One file per