Add sctp authentication to sctp_lib
This only works for linux >=5.4. When enabled, it will use
a shared key to authenticate messages. The functionality is
controlled by a flag and behind a linux version check.
Performance degradation is minimal, even for smaller messages
and unnoticeable when measuring overall system performance.
Change-Id: I836e61ec38a0c116fd7244b771437738ccca9828
Signed-off-by: James Kuszmaul <jabukuszmaul+collab@gmail.com>
diff --git a/aos/network/message_bridge_server.cc b/aos/network/message_bridge_server.cc
index 04b07c3..4daf9c7 100644
--- a/aos/network/message_bridge_server.cc
+++ b/aos/network/message_bridge_server.cc
@@ -5,14 +5,23 @@
#include "aos/init.h"
#include "aos/logging/dynamic_logging.h"
#include "aos/network/message_bridge_server_lib.h"
+#include "aos/network/sctp_lib.h"
#include "aos/sha256.h"
DEFINE_string(config, "aos_config.json", "Path to the config.");
DEFINE_int32(rt_priority, -1, "If > 0, run as this RT priority");
+#if HAS_SCTP_AUTH
+DEFINE_string(sctp_auth_key_file, "",
+ "When set, use the provided key for SCTP authentication as "
+ "defined in RFC 4895");
+#endif
+
namespace aos {
namespace message_bridge {
+using ::aos::util::ReadFileToVecOrDie;
+
int Main() {
aos::FlatbufferDetachedBuffer<aos::Configuration> config =
aos::configuration::ReadConfig(FLAGS_config);
@@ -22,7 +31,14 @@
event_loop.SetRuntimeRealtimePriority(FLAGS_rt_priority);
}
- MessageBridgeServer app(&event_loop, Sha256(config.span()));
+ std::vector<uint8_t> auth_key;
+#if HAS_SCTP_AUTH
+ if (!FLAGS_sctp_auth_key_file.empty()) {
+ auth_key = ReadFileToVecOrDie(FLAGS_sctp_auth_key_file);
+ }
+#endif
+ MessageBridgeServer app(&event_loop, Sha256(config.span()),
+ std::move(auth_key));
logging::DynamicLogging dynamic_logging(&event_loop);