port: support Mbed TLS 3.x

README.md

@@ -17,7 +17,7 @@ NDNph can also work independently on Linux and other platforms.
 Packet encoding and decoding
 
 * Interest and Data
-  * [v0.3](https://named-data.net/doc/NDN-packet-spec/0.3/) format only
+  * [v0.3](https://docs.named-data.net/NDN-packet-spec/0.3/) format only
   * TLV evolvability: yes
   * forwarding hint: yes, limited to one name
 * [NDNLPv2](https://redmine.named-data.net/projects/nfd/wiki/NDNLPv2)
@@ -26,7 +26,7 @@ Packet encoding and decoding
   * PIT token: yes
   * congestion mark: no
   * link layer reliability: no
-* Signed Interest: [v0.3 format](https://named-data.net/doc/NDN-packet-spec/0.3/signed-interest.html)
+* Signed Interest: [v0.3 format](https://docs.named-data.net/NDN-packet-spec/0.3/signed-interest.html)
 * Naming Convention: [rev3 format](https://named-data.net/publications/techreports/ndn-tr-22-3-ndn-memo-naming-conventions/)
 
 Transports
@@ -36,14 +36,14 @@ Transports
 
 KeyChain
 
-* Crypto: using [Mbed TLS](https://github.com/ARMmbed/mbedtls) library
+* Crypto: using [Mbed TLS](https://github.com/Mbed-TLS/mbedtls) library
   * SHA256: yes
   * ECDSA: P-256 curve only
   * HMAC-SHA256: yes
   * RSA: no
   * Ed25519: no
   * Null: yes
-* [NDN certificates](https://named-data.net/doc/ndn-cxx/0.8.0/specs/certificate.html): basic support
+* [NDN certificates](https://docs.named-data.net/NDN-packet-spec/0.3/certificate.html): basic support
 * Persistent key and certificate storage: binary files
 * Trust schema: no
 
@@ -65,9 +65,9 @@ For Linux,
    * C++ compiler such as GCC, install Ubuntu package `build-essential`
    * [Meson](https://mesonbuild.com/), install pip package `meson`
    * [Ninja build system](https://ninja-build.org/), install Ubuntu package `ninja-build`
-   * [Mbed TLS](https://github.com/ARMmbed/mbedtls) 2.16+, install from source or Ubuntu 20.04 package `libmbedtls-dev`
+   * [Mbed TLS](https://github.com/ARMmbed/mbedtls) 2.16+ or 3.x, install from source or Ubuntu package `libmbedtls-dev`
    * [Boost](https://www.boost.org/) header-only libraries, install Ubuntu package `libboost-dev`
-   * [libmemif](https://s3-docs.fd.io/vpp/22.06/interfacing/libmemif/) 4.0, install from VPP 22.06 source
+   * [libmemif](https://s3-docs.fd.io/vpp/22.06/interfacing/libmemif/) 4.0, install from VPP 22.06+ source
    * Note: all dependencies are optional, but omitting a dependency may necessitate extra porting work
 2. Create build directory: `meson setup build`
 3. Enter build directory and execute build: `meson compile -C build`

src/ndnph/app/ndncert/client.hpp

@@ -177,7 +177,7 @@ class ChallengeRequest : public packet_struct::ChallengeRequest<Challenge> {
     NDNPH_ASSERT(challenge != nullptr);
     Encoder encoder(region);
     encoder.prepend(
-      [=](Encoder& encoder) { encoder.prependTlv(TT::SelectedChallenge, challenge->getId()); },
+      [this](Encoder& encoder) { encoder.prependTlv(TT::SelectedChallenge, challenge->getId()); },
       params);
     encoder.trim();
     if (!encoder) {

src/ndnph/face/transport-rxqueue.hpp

@@ -142,7 +142,7 @@ class DynamicRxQueueMixin : public RxQueueMixin {
    */
   explicit DynamicRxQueueMixin(size_t bufLen = DEFAULT_BUFLEN)
     : m_region(sizeofSubRegions(bufLen, NDNPH_TRANSPORT_RXQUEUELEN)) {
-    this->initAllocBuffers([=] { return makeSubRegion(m_region, bufLen); });
+    this->initAllocBuffers([this, bufLen] { return makeSubRegion(m_region, bufLen); });
   }
 
 private:

src/ndnph/port/ec/mbed.hpp

@@ -4,6 +4,12 @@
 #include "../mbed-common.hpp"
 #include <mbedtls/ecdsa.h>
 
+#if MBEDTLS_VERSION_MAJOR >= 3
+#define NDNPH_MBEDTLS_PVT3(mem) MBEDTLS_PRIVATE(mem)
+#else
+#define NDNPH_MBEDTLS_PVT3(mem) mem
+#endif
+
 namespace ndnph {
 namespace port_ec_mbed {
 
@@ -31,7 +37,7 @@ class EcKeyBase {
 protected:
   EcKeyBase() {
     mbedtls_ecp_keypair_init(&keypair);
-    mbedtls_ecp_group_copy(&keypair.grp, mbedtls::P256::group());
+    mbedtls_ecp_group_copy(&keypair.NDNPH_MBEDTLS_PVT3(grp), mbedtls::P256::group());
   }
 
   ~EcKeyBase() {
@@ -49,8 +55,10 @@ class EcKeyBase {
 class EcPvt : public EcKeyBase {
 public:
   bool import(const uint8_t* bits) {
-    return mbedtls_mpi_read_binary(&this->keypair.d, bits, mbedtls::P256::PvtLen::value) == 0 &&
-           mbedtls_ecp_check_privkey(&this->keypair.grp, &this->keypair.d) == 0;
+    return mbedtls_mpi_read_binary(&this->keypair.NDNPH_MBEDTLS_PVT3(d), bits,
+                                   mbedtls::P256::PvtLen::value) == 0 &&
+           mbedtls_ecp_check_privkey(&this->keypair.NDNPH_MBEDTLS_PVT3(grp),
+                                     &this->keypair.NDNPH_MBEDTLS_PVT3(d)) == 0;
   }
 
   ssize_t sign(const uint8_t* digest, uint8_t* sig) const {
@@ -62,6 +70,9 @@ class EcPvt : public EcKeyBase {
 
     size_t sigLen;
     return mbedtls_ecdsa_write_signature(ctx, MBEDTLS_MD_SHA256, digest, NDNPH_SHA256_LEN, sig,
+#if MBEDTLS_VERSION_MAJOR >= 3
+                                         mbedtls::P256::MaxSigLen::value,
+#endif
                                          &sigLen, nullptr, nullptr) == 0
              ? sigLen
              : -1;
@@ -71,9 +82,11 @@ class EcPvt : public EcKeyBase {
 class EcPub : public EcKeyBase {
 public:
   bool import(const uint8_t* bits) {
-    return mbedtls_ecp_point_read_binary(&this->keypair.grp, &this->keypair.Q, bits,
+    return mbedtls_ecp_point_read_binary(&this->keypair.NDNPH_MBEDTLS_PVT3(grp),
+                                         &this->keypair.NDNPH_MBEDTLS_PVT3(Q), bits,
                                          mbedtls::P256::PubLen::value) == 0 &&
-           mbedtls_ecp_check_pubkey(&this->keypair.grp, &this->keypair.Q) == 0;
+           mbedtls_ecp_check_pubkey(&this->keypair.NDNPH_MBEDTLS_PVT3(grp),
+                                    &this->keypair.NDNPH_MBEDTLS_PVT3(Q)) == 0;
   }
 
   bool verify(const uint8_t* digest, const uint8_t* sig, size_t sigLen) const {
@@ -91,12 +104,14 @@ class EcKeyGen : public EcKeyBase {
 public:
   bool generate(uint8_t* pvtBits, uint8_t* pubBits) {
     size_t pubLen;
-    return mbedtls_ecp_gen_keypair(&this->keypair.grp, &this->keypair.d, &this->keypair.Q,
-                                   mbedtls::rng, nullptr) == 0 &&
-           mbedtls_mpi_write_binary(&this->keypair.d, pvtBits, mbedtls::P256::PvtLen::value) == 0 &&
-           mbedtls_ecp_point_write_binary(&this->keypair.grp, &this->keypair.Q,
-                                          MBEDTLS_ECP_PF_UNCOMPRESSED, &pubLen, pubBits,
-                                          mbedtls::P256::PubLen::value) == 0 &&
+    return mbedtls_ecp_gen_keypair(
+             &this->keypair.NDNPH_MBEDTLS_PVT3(grp), &this->keypair.NDNPH_MBEDTLS_PVT3(d),
+             &this->keypair.NDNPH_MBEDTLS_PVT3(Q), mbedtls::rng, nullptr) == 0 &&
+           mbedtls_mpi_write_binary(&this->keypair.NDNPH_MBEDTLS_PVT3(d), pvtBits,
+                                    mbedtls::P256::PvtLen::value) == 0 &&
+           mbedtls_ecp_point_write_binary(
+             &this->keypair.NDNPH_MBEDTLS_PVT3(grp), &this->keypair.NDNPH_MBEDTLS_PVT3(Q),
+             MBEDTLS_ECP_PF_UNCOMPRESSED, &pubLen, pubBits, mbedtls::P256::PubLen::value) == 0 &&
            pubLen == mbedtls::P256::PubLen::value;
   }
 };

src/ndnph/port/mbed-common.hpp

@@ -15,6 +15,12 @@
 #error MBEDTLS_ECDSA_DETERMINISTIC must be declared
 #endif
 
+#if MBEDTLS_VERSION_MAJOR >= 3
+#define NDNPH_MBEDTLS_RET2(func) func
+#else
+#define NDNPH_MBEDTLS_RET2(func) func##_ret
+#endif
+
 namespace ndnph {
 /** @brief Wrappers of Mbed TLS crypto library. */
 namespace mbedtls {
@@ -31,19 +37,19 @@ class Sha256 {
 public:
   explicit Sha256() {
     mbedtls_sha256_init(&m_ctx);
-    m_ok = mbedtls_sha256_starts_ret(&m_ctx, 0) == 0;
+    m_ok = NDNPH_MBEDTLS_RET2(mbedtls_sha256_starts)(&m_ctx, 0) == 0;
   }
 
   ~Sha256() {
     mbedtls_sha256_free(&m_ctx);
   }
 
   void update(const uint8_t* chunk, size_t size) {
-    m_ok = m_ok && mbedtls_sha256_update_ret(&m_ctx, chunk, size) == 0;
+    m_ok = m_ok && NDNPH_MBEDTLS_RET2(mbedtls_sha256_update)(&m_ctx, chunk, size) == 0;
   }
 
   bool final(uint8_t digest[NDNPH_SHA256_LEN]) {
-    m_ok = m_ok && mbedtls_sha256_finish_ret(&m_ctx, digest) == 0;
+    m_ok = m_ok && NDNPH_MBEDTLS_RET2(mbedtls_sha256_finish)(&m_ctx, digest) == 0;
     return m_ok;
   }
 

src/ndnph/port/transport/socket/ipv6-endpointid.hpp

@@ -18,6 +18,10 @@ namespace port_transport_socket {
 template<int capacity>
 class Ipv6EndpointIdHelper {
 public:
+  Ipv6EndpointIdHelper() {
+    m_interns.fill({});
+  }
+
   /**
    * @brief Pack IP address+port into EndpointId.
    * @param addr IP address, 4 or 16 bytes.

tests/meson.build

@@ -7,5 +7,6 @@ unittest_exe = executable('unittest',
   unittest_files,
   dependencies: [ndnph_dep, gmock, gtest],
   include_directories: ['.'],
+  cpp_args: '-D_GLIBCXX_DEBUG=1',
 )
 test('unittest', unittest_exe)

tests/unit/packet/data.t.cpp

@@ -47,11 +47,14 @@ TEST(Data, EncodeFull) {
                   "finalblock=1A03080142"
                   "content=1502C0C1"
                   "siginfo=160A sigtype=1B0110 keylocator=1C05070308014B sigvalue=1704F0F1F2F3");
+  EXPECT_EQ(wire.size(), 56);
+  const uint8_t* wire0 = wire.data();
+
   data.setName(Name::parse(region, "/A/B"));
   data.setContentType(0x01);
   data.setFreshnessPeriod(500);
   data.setIsFinalBlock(true);
-  data.setContent(tlv::Value(&wire[36], 2));
+  data.setContent(tlv::Value(&wire0[36], 2));
   auto keyLocatorName = Name::parse(region, "/K");
   {
     ScopedEncoder encoder(region);
@@ -62,8 +65,8 @@ TEST(Data, EncodeFull) {
         sigInfo.sigType = 0x10;
         sigInfo.name = keyLocatorName;
       });
-      EXPECT_CALL(key, doSign(g::ElementsAreArray(&wire[12], &wire[50]), g::_))
-        .WillOnce(g::DoAll(g::SetArrayArgument<1>(&wire[52], &wire[56]), g::Return(4)));
+      EXPECT_CALL(key, doSign(g::ElementsAreArray(&wire0[12], &wire0[50]), g::_))
+        .WillOnce(g::DoAll(g::SetArrayArgument<1>(&wire0[52], &wire0[56]), g::Return(4)));
       ASSERT_TRUE(encoder.prepend(lp::encode(data.sign(key), lp::PitToken::from4(0xB0B1B2B3))));
     }
     EXPECT_THAT(std::vector<uint8_t>(encoder.begin(), encoder.end()), g::ElementsAreArray(wire));
@@ -85,8 +88,8 @@ TEST(Data, EncodeFull) {
 
   {
     MockPublicKey key;
-    EXPECT_CALL(key, doVerify(g::ElementsAreArray(&wire[12], &wire[50]),
-                              g::ElementsAreArray(&wire[52], &wire[56])))
+    EXPECT_CALL(key, doVerify(g::ElementsAreArray(&wire0[12], &wire0[50]),
+                              g::ElementsAreArray(&wire0[52], &wire0[56])))
       .WillOnce(g::Return(true));
     EXPECT_TRUE(decoded.verify(key));
   }