From 15ad7220f8c1b334a040fb8b27407887d81f13f5 Mon Sep 17 00:00:00 2001 From: Jamie Date: Wed, 28 Aug 2024 19:52:07 +0800 Subject: [PATCH] repo-sync-2024-08-28T18:19:29+0800 (#379) * repo-sync-2024-08-28T18:19:29+0800 * Update arg_set.cc * Update item.cc * Update kdf_test.cc --- .bazelrc | 7 ++ GETTING_STARTED.md | 1 + bazel/config/BUILD.bazel | 19 ++++ bazel/hash_drbg.BUILD | 2 +- bazel/patches/brpc.patch | 6 +- bazel/patches/brpc_crypto.patch | 30 ++++++ bazel/repositories.bzl | 19 +++- bazel/tongsuo.BUILD | 67 +++++++++++++ bazel/yacl.bzl | 15 ++- yacl/crypto/BUILD.bazel | 8 +- yacl/crypto/aead/BUILD.bazel | 24 ++--- .../crypto/aead/{gcm_crypto.cc => all_gcm.cc} | 10 +- yacl/crypto/aead/{gcm_crypto.h => all_gcm.h} | 24 +++-- .../{gcm_crypto_test.cc => all_gcm_test.cc} | 37 +++---- yacl/crypto/aead/{sm4_mac.cc => sm4_mte.cc} | 2 +- yacl/crypto/aead/{sm4_mac.h => sm4_mte.h} | 0 .../aead/{sm4_mac_test.cc => sm4_mte_test.cc} | 2 +- yacl/crypto/ecc/openssl/BUILD.bazel | 1 - yacl/crypto/envelope/BUILD.bazel | 4 +- yacl/crypto/envelope/digital_envelope.h | 4 +- .../experimental/sync_drbg/sync_drbg.cc | 23 ++++- yacl/crypto/experimental/tpre/BUILD.bazel | 2 +- yacl/crypto/experimental/tpre/kdf_test.cc | 2 +- yacl/crypto/experimental/tpre/tpre.cc | 2 +- yacl/crypto/hash/BUILD.bazel | 3 +- yacl/crypto/hash/blake3_test.cc | 3 +- yacl/crypto/hash/hash_interface.h | 6 +- yacl/crypto/hash/hash_utils.cc | 2 + yacl/crypto/hash/hash_utils.h | 11 ++- yacl/crypto/hash/ssl_hash.h | 4 + yacl/crypto/hash/ssl_hash_all_test.cc | 12 ++- yacl/crypto/key_utils.h | 1 + yacl/crypto/openssl_wrappers.h | 2 - .../rand/entropy_source/factory_test.cc | 11 ++- .../rand/entropy_source/rdseed_factory.cc | 14 ++- .../rand/entropy_source/rdseed_factory.h | 2 +- .../rand/entropy_source/urandom_factory.cc | 2 +- yacl/crypto/tools/ro.h | 13 +-- yacl/crypto/tools/ro_test.cc | 4 - yacl/io/circuit/bristol_fashion.h | 4 +- yacl/link/BUILD.bazel | 1 + yacl/link/factory_test.cc | 98 +++++++++++++++++-- yacl/link/ssl_options.h | 9 +- yacl/link/transport/brpc_link.cc | 2 + yacl/link/transport/channel.cc | 5 +- yacl/utils/circuit_executor.cc | 2 +- yacl/utils/spi/argument/arg_set.cc | 1 + yacl/utils/spi/item.cc | 3 +- 48 files changed, 411 insertions(+), 115 deletions(-) create mode 100644 bazel/config/BUILD.bazel create mode 100644 bazel/patches/brpc_crypto.patch create mode 100644 bazel/tongsuo.BUILD rename yacl/crypto/aead/{gcm_crypto.cc => all_gcm.cc} (96%) rename yacl/crypto/aead/{gcm_crypto.h => all_gcm.h} (84%) rename yacl/crypto/aead/{gcm_crypto_test.cc => all_gcm_test.cc} (81%) rename yacl/crypto/aead/{sm4_mac.cc => sm4_mte.cc} (98%) rename yacl/crypto/aead/{sm4_mac.h => sm4_mte.h} (100%) rename yacl/crypto/aead/{sm4_mac_test.cc => sm4_mte_test.cc} (96%) diff --git a/.bazelrc b/.bazelrc index d332aaf..3c80c9a 100644 --- a/.bazelrc +++ b/.bazelrc @@ -42,3 +42,10 @@ build:ubsan --features=ubsan test --keep_going test --test_output=errors test --test_timeout=360 + +# make sure brpc is built with tongsuo in gm mode +# this flag is used by the brpc project +build:gm --define BRPC_WITH_TONGSUO=true + +# make sure yacl is built with tongsuo in gm mode +build:gm --define YACL_WITH_TONGSUO=true \ No newline at end of file diff --git a/GETTING_STARTED.md b/GETTING_STARTED.md index 8b57abe..ddb06e2 100644 --- a/GETTING_STARTED.md +++ b/GETTING_STARTED.md @@ -59,6 +59,7 @@ To build Yacl, at yacl's root directory, run the following bazel build //... bazel build //... -c opt # build as optimized mode bazel build //... -c dbg # build as debug mode +bazel build //... --config gm # build with gm mode ``` To test Yacl diff --git a/bazel/config/BUILD.bazel b/bazel/config/BUILD.bazel new file mode 100644 index 0000000..5263dea --- /dev/null +++ b/bazel/config/BUILD.bazel @@ -0,0 +1,19 @@ +# Copyright 2024 Ant Group Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +config_setting( + name = "gm", + define_values = {"YACL_WITH_TONGSUO": "true"}, + visibility = ["//visibility:public"], +) diff --git a/bazel/hash_drbg.BUILD b/bazel/hash_drbg.BUILD index 26b8eef..025628c 100644 --- a/bazel/hash_drbg.BUILD +++ b/bazel/hash_drbg.BUILD @@ -24,6 +24,6 @@ cc_library( copts = ["-Wno-parentheses"], visibility = ["//visibility:public"], deps = [ - "@com_github_openssl_openssl//:openssl", + "@yacl//yacl/crypto:openssl_wrappers", ], ) diff --git a/bazel/patches/brpc.patch b/bazel/patches/brpc.patch index 357afe7..cf08f1f 100644 --- a/bazel/patches/brpc.patch +++ b/bazel/patches/brpc.patch @@ -96,7 +96,7 @@ index 0bdaa4d3..b23881b3 100644 "src/butil/time/time_mac.cc", "src/butil/mac/scoped_mach_port.cc", ], -@@ -326,17 +326,17 @@ cc_library( +@@ -326,13 +326,13 @@ cc_library( visibility = ["//visibility:public"], deps = [ "@com_github_gflags_gflags//:gflags", @@ -112,10 +112,6 @@ index 0bdaa4d3..b23881b3 100644 "//conditions:default": [], }) + select({ "//bazel/config:brpc_with_boringssl": ["@boringssl//:ssl", "@boringssl//:crypto"], -- "//conditions:default": ["@openssl//:ssl", "@openssl//:crypto"], -+ "//conditions:default": ["@com_github_openssl_openssl//:openssl"], - }), - ) diff --git a/bazel/config/BUILD.bazel b/bazel/config/BUILD.bazel index 4471bad1..d9cc6bd6 100644 diff --git a/bazel/patches/brpc_crypto.patch b/bazel/patches/brpc_crypto.patch new file mode 100644 index 0000000..79d95fc --- /dev/null +++ b/bazel/patches/brpc_crypto.patch @@ -0,0 +1,30 @@ +diff --git a/BUILD.bazel b/BUILD.bazel +index b2a453e0..10eeee74 100644 +--- a/BUILD.bazel ++++ b/BUILD.bazel +@@ -337,7 +337,8 @@ cc_library( + "//conditions:default": [], + }) + select({ + "//bazel/config:brpc_with_boringssl": ["@boringssl//:ssl", "@boringssl//:crypto"], +- "//conditions:default": ["@openssl//:ssl", "@openssl//:crypto"], ++ "//bazel/config:brpc_with_tongsuo": ["@com_github_tongsuo_tongsuo//:tongsuo"], ++ "//conditions:default": ["@com_github_openssl_openssl//:openssl"], + }), + ) + +diff --git a/bazel/config/BUILD.bazel b/bazel/config/BUILD.bazel +index bed04d3b..8049ec3e 100644 +--- a/bazel/config/BUILD.bazel ++++ b/bazel/config/BUILD.bazel +@@ -108,4 +108,10 @@ config_setting( + name = "brpc_with_boringssl", + define_values = {"BRPC_WITH_BORINGSSL": "true"}, + visibility = ["//visibility:public"], +-) ++) ++ ++config_setting( ++ name = "brpc_with_tongsuo", ++ define_values = {"BRPC_WITH_TONGSUO": "true"}, ++ visibility = ["//visibility:public"], ++) diff --git a/bazel/repositories.bzl b/bazel/repositories.bzl index 9dcaf31..e0c79c7 100644 --- a/bazel/repositories.bzl +++ b/bazel/repositories.bzl @@ -34,8 +34,11 @@ def yacl_deps(): _com_github_msgpack_msgpack() _com_github_greendow_hash_drbg() - # crypto related + # ssl + _com_github_tongsuo_tongsuo() _com_github_openssl_openssl() + + # crypto related _com_github_blake3team_blake3() _com_github_libsodium() _com_github_libtom_libtommath() @@ -92,6 +95,7 @@ def _com_github_brpc_brpc(): patches = [ "@yacl//bazel:patches/brpc.patch", "@yacl//bazel:patches/brpc_m1.patch", + "@yacl//bazel:patches/brpc_crypto.patch", ], urls = [ "https://github.com/apache/brpc/archive/refs/tags/1.10.0.tar.gz", @@ -177,6 +181,19 @@ def _com_github_openssl_openssl(): build_file = "@yacl//bazel:openssl.BUILD", ) +def _com_github_tongsuo_tongsuo(): + maybe( + http_archive, + name = "com_github_tongsuo_tongsuo", + sha256 = "57c2741750a699bfbdaa1bbe44a5733e9c8fc65d086c210151cfbc2bbd6fc975", + type = "tar.gz", + strip_prefix = "Tongsuo-8.4.0", + urls = [ + "https://github.com/Tongsuo-Project/Tongsuo/archive/refs/tags/8.4.0.tar.gz", + ], + build_file = "@yacl//bazel:tongsuo.BUILD", + ) + def _com_github_fmtlib_fmt(): maybe( http_archive, diff --git a/bazel/tongsuo.BUILD b/bazel/tongsuo.BUILD new file mode 100644 index 0000000..bb5de9f --- /dev/null +++ b/bazel/tongsuo.BUILD @@ -0,0 +1,67 @@ +# Copyright 2024 Ant Group Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +load("@yacl//bazel:yacl.bzl", "yacl_configure_make") + +filegroup( + name = "all_srcs", + srcs = glob( + include = ["**"], + exclude = ["*.bazel"], + ), +) + +CONFIGURE_OPTIONS = [ + # fixed openssl work dir for deterministic build. + "--openssldir=/tmp/openssl", + "--libdir=lib", + "no-legacy", + "no-weak-ssl-ciphers", + "no-tests", + "no-shared", + "no-ui-console", + "enable-ntls", # for GM +] + +MAKE_TARGETS = [ + "build_programs", + "install_sw", +] + +yacl_configure_make( + name = "tongsuo", + args = ["-j 4"], + configure_command = "Configure", + configure_in_place = True, + configure_options = CONFIGURE_OPTIONS, + env = select({ + "@platforms//os:macos": { + "AR": "", + }, + "//conditions:default": { + "MODULESDIR": "", + }, + }), + lib_name = "tongsuo", + lib_source = ":all_srcs", + linkopts = ["-ldl"], + # Note that for Linux builds, libssl must come before libcrypto on the linker command-line. + # As such, libssl must be listed before libcrypto + out_static_libs = [ + "libssl.a", + "libcrypto.a", + ], + targets = MAKE_TARGETS, + visibility = ["//visibility:public"], +) diff --git a/bazel/yacl.bzl b/bazel/yacl.bzl index 59f2e57..cd638d1 100644 --- a/bazel/yacl.bzl +++ b/bazel/yacl.bzl @@ -68,7 +68,10 @@ def yacl_cc_binary( linkopts = [], **kargs): cc_binary( - copts = copts + _yacl_copts(), + copts = copts + _yacl_copts() + select({ + "//bazel/config:gm": ["-DYACL_WITH_TONGSUO"], + "//conditions:default": [], + }), linkopts = linkopts + ["-ldl"], **kargs ) @@ -78,7 +81,10 @@ def yacl_cc_library( deps = [], **kargs): cc_library( - copts = _yacl_copts() + copts, + copts = _yacl_copts() + copts + select({ + "//bazel/config:gm": ["-DYACL_WITH_TONGSUO"], + "//conditions:default": [], + }), deps = deps + [ "@com_github_gabime_spdlog//:spdlog", ], @@ -101,7 +107,10 @@ def yacl_cc_test( linkopts = [], **kwargs): cc_test( - copts = _yacl_copts() + copts, + copts = _yacl_copts() + copts + select({ + "//bazel/config:gm": ["-DYACL_WITH_TONGSUO"], + "//conditions:default": [], + }), deps = deps + [ "@com_google_googletest//:gtest_main", ], diff --git a/yacl/crypto/BUILD.bazel b/yacl/crypto/BUILD.bazel index 31c0f59..58ab011 100644 --- a/yacl/crypto/BUILD.bazel +++ b/yacl/crypto/BUILD.bazel @@ -24,10 +24,11 @@ yacl_cc_library( deps = [ "//yacl/base:byte_container_view", "//yacl/base:exception", - "//yacl/crypto/hash:hash_interface", "//yacl/utils:scope_guard", - "@com_github_openssl_openssl//:openssl", - ], + ] + select({ + "//bazel/config:gm": ["@com_github_tongsuo_tongsuo//:tongsuo"], + "//conditions:default": ["@com_github_openssl_openssl//:openssl"], + }), ) yacl_cc_library( @@ -39,6 +40,7 @@ yacl_cc_library( deps = [ ":openssl_wrappers", "//yacl:secparam", + "//yacl/crypto/hash:hash_interface", "//yacl/io/stream", ], ) diff --git a/yacl/crypto/aead/BUILD.bazel b/yacl/crypto/aead/BUILD.bazel index 9775456..42c0095 100644 --- a/yacl/crypto/aead/BUILD.bazel +++ b/yacl/crypto/aead/BUILD.bazel @@ -17,9 +17,9 @@ load("//bazel:yacl.bzl", "yacl_cc_library", "yacl_cc_test") package(default_visibility = ["//visibility:public"]) yacl_cc_library( - name = "gcm_crypto", - srcs = ["gcm_crypto.cc"], - hdrs = ["gcm_crypto.h"], + name = "all_gcm", + srcs = ["all_gcm.cc"], + hdrs = ["all_gcm.h"], deps = [ "//yacl:secparam", "//yacl/base:int128", @@ -28,17 +28,17 @@ yacl_cc_library( ) yacl_cc_test( - name = "gcm_crypto_test", - srcs = ["gcm_crypto_test.cc"], + name = "all_gcm_test", + srcs = ["all_gcm_test.cc"], deps = [ - ":gcm_crypto", + ":all_gcm", ], ) yacl_cc_library( - name = "sm4_mac", - srcs = ["sm4_mac.cc"], - hdrs = ["sm4_mac.h"], + name = "sm4_mte", + srcs = ["sm4_mte.cc"], + hdrs = ["sm4_mte.h"], deps = [ "//yacl:secparam", "//yacl/crypto/block_cipher:symmetric_crypto", @@ -48,9 +48,9 @@ yacl_cc_library( ) yacl_cc_test( - name = "sm4_mac_test", - srcs = ["sm4_mac_test.cc"], + name = "sm4_mte_test", + srcs = ["sm4_mte_test.cc"], deps = [ - ":sm4_mac", + ":sm4_mte", ], ) diff --git a/yacl/crypto/aead/gcm_crypto.cc b/yacl/crypto/aead/all_gcm.cc similarity index 96% rename from yacl/crypto/aead/gcm_crypto.cc rename to yacl/crypto/aead/all_gcm.cc index 92df763..390560e 100644 --- a/yacl/crypto/aead/gcm_crypto.cc +++ b/yacl/crypto/aead/all_gcm.cc @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -#include "yacl/crypto/aead/gcm_crypto.h" +#include "yacl/crypto/aead/all_gcm.h" #include "yacl/crypto/openssl_wrappers.h" @@ -21,14 +21,18 @@ namespace yacl::crypto { namespace { constexpr size_t kAesMacSize = 16; +// constexpr size_t kSm4MacSize = 16; size_t GetMacSize(GcmCryptoSchema schema) { switch (schema) { case GcmCryptoSchema::AES128_GCM: case GcmCryptoSchema::AES256_GCM: return kAesMacSize; - // case GcmCryptoSchema::SM4_GCM: - // return kAesMacSize; +#ifdef YACL_WITH_TONGSUO + case GcmCryptoSchema::SM4_GCM: + return kAesMacSize; +#endif + default: YACL_THROW("Unknown crypto schema: {}", static_cast(schema)); } diff --git a/yacl/crypto/aead/gcm_crypto.h b/yacl/crypto/aead/all_gcm.h similarity index 84% rename from yacl/crypto/aead/gcm_crypto.h rename to yacl/crypto/aead/all_gcm.h index 031bd91..601cbc3 100644 --- a/yacl/crypto/aead/gcm_crypto.h +++ b/yacl/crypto/aead/all_gcm.h @@ -22,14 +22,16 @@ #include "yacl/secparam.h" /* security parameter declaration */ -YACL_MODULE_DECLARE("aes_gcm", SecParam::C::k128, SecParam::S::INF); +YACL_MODULE_DECLARE("all_gcm", SecParam::C::k128, SecParam::S::INF); namespace yacl::crypto { enum class GcmCryptoSchema : int { AES128_GCM, /* security level = 128 */ AES256_GCM, /* security level = 256 */ - // SM4_GCM /* TODO openssl 3.2 supports SM4 GCM */ +#ifdef YACL_WITH_TONGSUO + SM4_GCM /* NOTE only Yacl built with gm mode supports this feature */ +#endif }; // ------------- @@ -72,11 +74,13 @@ class Aes256GcmCrypto : public GcmCrypto { : GcmCrypto(GcmCryptoSchema::AES256_GCM, key, iv) {} }; -// class Sm4GcmCrypto : public GcmCrypto { -// public: -// Sm4GcmCrypto(ByteContainerView key, ByteContainerView iv) -// : GcmCrypto(GcmCryptoSchema::SM4_GCM, key, iv) {} -// }; +#ifdef YACL_WITH_TONGSUO +class Sm4GcmCrypto : public GcmCrypto { + public: + Sm4GcmCrypto(ByteContainerView key, ByteContainerView iv) + : GcmCrypto(GcmCryptoSchema::SM4_GCM, key, iv) {} +}; +#endif /* to a string which openssl recognizes */ inline const char* ToString(GcmCryptoSchema scheme) { @@ -85,8 +89,10 @@ inline const char* ToString(GcmCryptoSchema scheme) { return "aes-128-gcm"; case GcmCryptoSchema::AES256_GCM: return "aes-256-gcm"; - // case GcmCryptoSchema::SM4_GCM: - // return "sm4-gcm"; +#ifdef YACL_WITH_TONGSUO + case GcmCryptoSchema::SM4_GCM: + return "sm4-gcm"; +#endif default: YACL_THROW("Unsupported gcm scheme: {}", static_cast(scheme)); } diff --git a/yacl/crypto/aead/gcm_crypto_test.cc b/yacl/crypto/aead/all_gcm_test.cc similarity index 81% rename from yacl/crypto/aead/gcm_crypto_test.cc rename to yacl/crypto/aead/all_gcm_test.cc index 821f885..f8986cd 100644 --- a/yacl/crypto/aead/gcm_crypto_test.cc +++ b/yacl/crypto/aead/all_gcm_test.cc @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -#include "yacl/crypto/aead/gcm_crypto.h" +#include "yacl/crypto/aead/all_gcm.h" #include #include @@ -32,18 +32,22 @@ constexpr char iv_96[] = "000000000000"; } // namespace template -class AesGcmCryptoTest : public testing::Test {}; +class AllGcmTest : public testing::Test {}; using MyTypes = ::testing::Types; -TYPED_TEST_SUITE(AesGcmCryptoTest, MyTypes); -TYPED_TEST(AesGcmCryptoTest, EncryptDecrypt_ShouldOk) { +TYPED_TEST_SUITE(AllGcmTest, MyTypes); + +TYPED_TEST(AllGcmTest, EncryptDecrypt_ShouldOk) { std::string key; - if (std::is_same::value) { - key = std::string(key_128); - } else if (std::is_same::value) { + if (std::is_same::value) { key = std::string(key_256); + } else { + key = std::string(key_128); } TypeParam crypto(key, ByteContainerView(iv_96, sizeof(iv_96) - 1)); std::string plaintext = "I am a plaintext."; @@ -61,13 +65,12 @@ TYPED_TEST(AesGcmCryptoTest, EncryptDecrypt_ShouldOk) { EXPECT_EQ(plaintext, std::string(decrypted.begin(), decrypted.end())); } -TYPED_TEST(AesGcmCryptoTest, - EncryptDecrypt_withErrorGMAC_ShouldThrowException) { +TYPED_TEST(AllGcmTest, EncryptDecrypt_withErrorGMAC_ShouldThrowException) { std::string key; - if (std::is_same::value) { - key = std::string(key_128); - } else if (std::is_same::value) { + if (std::is_same::value) { key = std::string(key_256); + } else { + key = std::string(key_128); } TypeParam crypto(key, ByteContainerView(iv_96, sizeof(iv_96) - 1)); std::string plaintext = "I am a plaintext."; @@ -87,13 +90,13 @@ TYPED_TEST(AesGcmCryptoTest, }); } -TYPED_TEST(AesGcmCryptoTest, EncryptDecrypt_withErrorAAD_ShouldThrowException) { +TYPED_TEST(AllGcmTest, EncryptDecrypt_withErrorAAD_ShouldThrowException) { // GIVEN std::string key; - if (std::is_same::value) { - key = std::string(key_128); - } else if (std::is_same::value) { + if (std::is_same::value) { key = std::string(key_256); + } else { + key = std::string(key_128); } TypeParam crypto(key, ByteContainerView(iv_96, sizeof(iv_96) - 1)); std::string plaintext = "I am a plaintext."; diff --git a/yacl/crypto/aead/sm4_mac.cc b/yacl/crypto/aead/sm4_mte.cc similarity index 98% rename from yacl/crypto/aead/sm4_mac.cc rename to yacl/crypto/aead/sm4_mte.cc index bd94c5e..63226aa 100644 --- a/yacl/crypto/aead/sm4_mac.cc +++ b/yacl/crypto/aead/sm4_mte.cc @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -#include "yacl/crypto/aead/sm4_mac.h" +#include "yacl/crypto/aead/sm4_mte.h" #include "yacl/base/exception.h" diff --git a/yacl/crypto/aead/sm4_mac.h b/yacl/crypto/aead/sm4_mte.h similarity index 100% rename from yacl/crypto/aead/sm4_mac.h rename to yacl/crypto/aead/sm4_mte.h diff --git a/yacl/crypto/aead/sm4_mac_test.cc b/yacl/crypto/aead/sm4_mte_test.cc similarity index 96% rename from yacl/crypto/aead/sm4_mac_test.cc rename to yacl/crypto/aead/sm4_mte_test.cc index 9184bb6..2a8028c 100644 --- a/yacl/crypto/aead/sm4_mac_test.cc +++ b/yacl/crypto/aead/sm4_mte_test.cc @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -#include "yacl/crypto/aead/sm4_mac.h" +#include "yacl/crypto/aead/sm4_mte.h" #include "gtest/gtest.h" diff --git a/yacl/crypto/ecc/openssl/BUILD.bazel b/yacl/crypto/ecc/openssl/BUILD.bazel index 6be9a1b..6d13828 100644 --- a/yacl/crypto/ecc/openssl/BUILD.bazel +++ b/yacl/crypto/ecc/openssl/BUILD.bazel @@ -30,7 +30,6 @@ yacl_cc_library( "//yacl/crypto/ecc:spi", "//yacl/crypto/hash:blake3", "//yacl/crypto/hash:ssl_hash", - "@com_github_openssl_openssl//:openssl", "@yacl//yacl/utils:parallel", ], alwayslink = 1, diff --git a/yacl/crypto/envelope/BUILD.bazel b/yacl/crypto/envelope/BUILD.bazel index c6fcfba..1894d2c 100644 --- a/yacl/crypto/envelope/BUILD.bazel +++ b/yacl/crypto/envelope/BUILD.bazel @@ -21,8 +21,8 @@ yacl_cc_library( srcs = ["digital_envelope.cc"], hdrs = ["digital_envelope.h"], deps = [ - "//yacl/crypto/aead:gcm_crypto", - "//yacl/crypto/aead:sm4_mac", + "//yacl/crypto/aead:all_gcm", + "//yacl/crypto/aead:sm4_mte", "//yacl/crypto/block_cipher:symmetric_crypto", "//yacl/crypto/hash:ssl_hash", "//yacl/crypto/hmac:hmac_sm3", diff --git a/yacl/crypto/envelope/digital_envelope.h b/yacl/crypto/envelope/digital_envelope.h index d717da4..c1f5e81 100644 --- a/yacl/crypto/envelope/digital_envelope.h +++ b/yacl/crypto/envelope/digital_envelope.h @@ -19,8 +19,8 @@ #include "yacl/base/byte_container_view.h" /* submodules */ -#include "yacl/crypto/aead/gcm_crypto.h" -#include "yacl/crypto/aead/sm4_mac.h" +#include "yacl/crypto/aead/all_gcm.h" +#include "yacl/crypto/aead/sm4_mte.h" #include "yacl/crypto/block_cipher/symmetric_crypto.h" #include "yacl/crypto/hash/ssl_hash.h" #include "yacl/crypto/hmac/hmac_sm3.h" diff --git a/yacl/crypto/experimental/sync_drbg/sync_drbg.cc b/yacl/crypto/experimental/sync_drbg/sync_drbg.cc index 78291cf..28e770a 100644 --- a/yacl/crypto/experimental/sync_drbg/sync_drbg.cc +++ b/yacl/crypto/experimental/sync_drbg/sync_drbg.cc @@ -82,13 +82,32 @@ SyncDrbg::SyncDrbg(ByteContainerView nonce, ByteContainerView personal_string) { // default seeded using yacl's entropy source auto es = EntropySourceFactory::Instance().Create("auto"); - Buffer seed = es->GetEntropy(kSeedByteLen); + + // For intel chips: + // The assessed entropy from the noise source is min(Hr, Hc, HI) = 0.6 bits + // of entropy per bit of data. Therefore, to acquire n bits of entropy, the + // output bitstring length (in bytes) would be (ceil(n/0.6) + 7 / 8) + // + // For amd chips: + // The assessed entropy from the noise source is approx. min(Hr, Hc, HI) = + // 0.3 bits per 128-bit rdseed output. + // + // Therefore it's sufficient for us to request (entropy_bits / 0.3) random + // bits in both cases. + // + // For more detailed info, please see: + // + yacl/crypto/rand/entropy_source/rdseed_factory.cc + // + // In this case, we assume kSeedByteLen = entropy_bits + // + uint32_t num_bytes = ((kSeedByteLen * 8 * 10 + 2) / 3 + 7) / 8; + Buffer seed = es->GetEntropy(num_bytes); // instantiate drbg context const EVP_MD* md = EVP_sha256(); /* use sha256 */ ctx_ = HashDrbgCtx(hash_drbg_ctx_new()); YACL_ENFORCE(hash_drbg_instantiate(md, (unsigned char*)seed.data(), - kSeedByteLen, (unsigned char*)nonce.data(), + seed.size(), (unsigned char*)nonce.data(), nonce.size(), (unsigned char*)personal_string.data(), personal_string.size(), ctx_.get()) == 0); diff --git a/yacl/crypto/experimental/tpre/BUILD.bazel b/yacl/crypto/experimental/tpre/BUILD.bazel index 80abf76..8ea8f1f 100644 --- a/yacl/crypto/experimental/tpre/BUILD.bazel +++ b/yacl/crypto/experimental/tpre/BUILD.bazel @@ -115,7 +115,7 @@ yacl_cc_library( deps = [ ":capsule", ":keys", - "//yacl/crypto/aead:sm4_mac", + "//yacl/crypto/aead:sm4_mte", "//yacl/crypto/ecc:spi", ], ) diff --git a/yacl/crypto/experimental/tpre/kdf_test.cc b/yacl/crypto/experimental/tpre/kdf_test.cc index 467b255..784ce27 100644 --- a/yacl/crypto/experimental/tpre/kdf_test.cc +++ b/yacl/crypto/experimental/tpre/kdf_test.cc @@ -14,8 +14,8 @@ #include "yacl/crypto/experimental/tpre/kdf.h" -#include "gtest/gtest.h" #include "fmt/ranges.h" +#include "gtest/gtest.h" namespace yacl::crypto::test { diff --git a/yacl/crypto/experimental/tpre/tpre.cc b/yacl/crypto/experimental/tpre/tpre.cc index 096229f..654b773 100644 --- a/yacl/crypto/experimental/tpre/tpre.cc +++ b/yacl/crypto/experimental/tpre/tpre.cc @@ -16,7 +16,7 @@ #include -#include "yacl/crypto/aead/sm4_mac.h" +#include "yacl/crypto/aead/sm4_mte.h" #include "yacl/crypto/experimental/tpre/capsule.h" namespace yacl::crypto { diff --git a/yacl/crypto/hash/BUILD.bazel b/yacl/crypto/hash/BUILD.bazel index dc9b0a5..292a9a6 100644 --- a/yacl/crypto/hash/BUILD.bazel +++ b/yacl/crypto/hash/BUILD.bazel @@ -25,7 +25,6 @@ yacl_cc_library( "//yacl/base:exception", "//yacl/crypto:openssl_wrappers", "//yacl/utils:scope_guard", - "@com_github_openssl_openssl//:openssl", ], ) @@ -72,7 +71,7 @@ yacl_cc_library( deps = [ "//yacl:secparam", "//yacl/base:byte_container_view", - "@com_github_openssl_openssl//:openssl", + "//yacl/crypto:openssl_wrappers", ], ) diff --git a/yacl/crypto/hash/blake3_test.cc b/yacl/crypto/hash/blake3_test.cc index f9f89dc..542e9ea 100644 --- a/yacl/crypto/hash/blake3_test.cc +++ b/yacl/crypto/hash/blake3_test.cc @@ -123,7 +123,8 @@ TEST(Blake3HashTest, CustomOutLength) { Blake3Hash blake3(i); std::string vector1_bytes; - ASSERT_TRUE(absl::HexStringToBytes(test_data_blake3.vector1, &vector1_bytes)); + ASSERT_TRUE( + absl::HexStringToBytes(test_data_blake3.vector1, &vector1_bytes)); // Shorter outputs are prefixes of longer ones. // reference diff --git a/yacl/crypto/hash/hash_interface.h b/yacl/crypto/hash/hash_interface.h index e8dd72a..322e29e 100644 --- a/yacl/crypto/hash/hash_interface.h +++ b/yacl/crypto/hash/hash_interface.h @@ -38,7 +38,9 @@ enum class HashAlgorithm : int { SM3 = 6, - BLAKE2B = 7, +#ifndef YACL_WITH_TONGSUO + BLAKE2B = 7, // blake2 is disabled by tongsuo +#endif BLAKE3 = 8 }; @@ -99,8 +101,10 @@ inline const char *ToString(HashAlgorithm hash_algo) { // return "sha1"; case HashAlgorithm::SM3: return "sm3"; +#ifndef YACL_WITH_TONGSUO case HashAlgorithm::BLAKE2B: return "blake2b-512"; +#endif default: YACL_THROW("Unsupported hash algo: {}", static_cast(hash_algo)); } diff --git a/yacl/crypto/hash/hash_utils.cc b/yacl/crypto/hash/hash_utils.cc index c95838b..bf80438 100644 --- a/yacl/crypto/hash/hash_utils.cc +++ b/yacl/crypto/hash/hash_utils.cc @@ -40,6 +40,7 @@ std::array Sm3(ByteContainerView data) { return out; } +#ifndef YACL_WITH_TONGSUO std::array Blake2(ByteContainerView data) { auto buf = SslHash(HashAlgorithm::BLAKE2B).Update(data).CumulativeHash(); YACL_ENFORCE(buf.size() >= 64); @@ -47,6 +48,7 @@ std::array Blake2(ByteContainerView data) { memcpy(out.data(), buf.data(), 64); return out; } +#endif std::array Blake3(ByteContainerView data) { YACL_ENFORCE(BLAKE3_OUT_LEN == 32); diff --git a/yacl/crypto/hash/hash_utils.h b/yacl/crypto/hash/hash_utils.h index b0e9451..df00dd3 100644 --- a/yacl/crypto/hash/hash_utils.h +++ b/yacl/crypto/hash/hash_utils.h @@ -25,8 +25,6 @@ std::array Sha256(ByteContainerView data); // 256-bits std::array Sm3(ByteContainerView data); // 256-bits -std::array Blake2(ByteContainerView data); // 512-bits - std::array Blake3(ByteContainerView data); // 256-bits #define DECLARE_HASH_OUT_128(func) \ @@ -41,7 +39,14 @@ std::array Blake3(ByteContainerView data); // 256-bits DECLARE_HASH_OUT_128(Sha256); // uint128_t Sha256_128(ByteContainerView data); DECLARE_HASH_OUT_128(Sm3); // uint128_t Sm3_128(ByteContainerView data); -DECLARE_HASH_OUT_128(Blake2); // uint128_t Blake2_128(ByteContainerView data); + DECLARE_HASH_OUT_128(Blake3); // uint128_t Blake3_128(ByteContainerView data); +#ifndef YACL_WITH_TONGSUO +std::array Blake2(ByteContainerView data); // 512-bits +DECLARE_HASH_OUT_128(Blake2); // uint128_t Blake2_128(ByteContainerView data); +#endif + +#undef DECLARE_HASH_OUT_128 + } // namespace yacl::crypto diff --git a/yacl/crypto/hash/ssl_hash.h b/yacl/crypto/hash/ssl_hash.h index 4287457..78e97d2 100644 --- a/yacl/crypto/hash/ssl_hash.h +++ b/yacl/crypto/hash/ssl_hash.h @@ -53,10 +53,14 @@ class Sha256Hash final : public SslHash { Sha256Hash() : SslHash(HashAlgorithm::SHA256) {} }; +#ifndef YACL_WITH_TONGSUO + // Blake2Hash implements HashInterface for the Blake2b512 hash function. class Blake2Hash final : public SslHash { public: Blake2Hash() : SslHash(HashAlgorithm::BLAKE2B) {} }; +#endif + } // namespace yacl::crypto diff --git a/yacl/crypto/hash/ssl_hash_all_test.cc b/yacl/crypto/hash/ssl_hash_all_test.cc index 56c4b90..9755fc0 100644 --- a/yacl/crypto/hash/ssl_hash_all_test.cc +++ b/yacl/crypto/hash/ssl_hash_all_test.cc @@ -71,9 +71,12 @@ class SslHashTest : public testing::Test { return test_data_sm3_; } else if (std::is_same::value) { return test_data_sha256_; - } else if (std::is_same::value) { + } +#ifndef YACL_WITH_TONGSUO + else if (std::is_same::value) { return test_data_blake2b_; } +#endif YACL_THROW("Unsupported type name!"); } @@ -83,7 +86,12 @@ class SslHashTest : public testing::Test { TestData test_data_blake2b_; }; -using MyTypes = ::testing::Types; +using MyTypes = ::testing::Types; TYPED_TEST_SUITE(SslHashTest, MyTypes); TYPED_TEST(SslHashTest, TestVector1) { diff --git a/yacl/crypto/key_utils.h b/yacl/crypto/key_utils.h index 4e3b166..07bd434 100644 --- a/yacl/crypto/key_utils.h +++ b/yacl/crypto/key_utils.h @@ -18,6 +18,7 @@ #include #include +#include "yacl/crypto/hash/hash_interface.h" #include "yacl/crypto/openssl_wrappers.h" namespace yacl::crypto { diff --git a/yacl/crypto/openssl_wrappers.h b/yacl/crypto/openssl_wrappers.h index b5c47d4..4436791 100644 --- a/yacl/crypto/openssl_wrappers.h +++ b/yacl/crypto/openssl_wrappers.h @@ -16,9 +16,7 @@ #include #include -#include -#include "hash/hash_interface.h" /* yacl hash to openssl hash */ #include "openssl/bio.h" #include "openssl/bn.h" #include "openssl/core.h" diff --git a/yacl/crypto/rand/entropy_source/factory_test.cc b/yacl/crypto/rand/entropy_source/factory_test.cc index 5854c7f..6ca407b 100644 --- a/yacl/crypto/rand/entropy_source/factory_test.cc +++ b/yacl/crypto/rand/entropy_source/factory_test.cc @@ -33,7 +33,8 @@ TEST(OpensslTest, HardwareESWorks) { EXPECT_GE(x.size() * 8, kBitOfEntropy); EXPECT_GE(y.size() * 8, kBitOfEntropy); - EXPECT_NE(std::memcmp(x.data(), y.data(), kBitOfEntropy), 0); + EXPECT_EQ(x.size(), y.size()); + EXPECT_FALSE(x == y); } #endif @@ -47,7 +48,8 @@ TEST(OpensslTest, SoftwareESWorks) { EXPECT_GE(x.size() * 8, kBitOfEntropy); EXPECT_GE(y.size() * 8, kBitOfEntropy); - EXPECT_NE(std::memcmp(x.data(), y.data(), kBitOfEntropy), 0); + EXPECT_EQ(x.size(), y.size()); + EXPECT_FALSE(x == y); } TEST(OpensslTest, AutoESWorks) { @@ -55,11 +57,12 @@ TEST(OpensslTest, AutoESWorks) { auto x = es->GetEntropy(kBitOfEntropy); auto y = es->GetEntropy(kBitOfEntropy); - SPDLOG_INFO(es->Name()); + // SPDLOG_INFO(es->Name()); EXPECT_GE(x.size() * 8, kBitOfEntropy); EXPECT_GE(y.size() * 8, kBitOfEntropy); - EXPECT_NE(std::memcmp(x.data(), y.data(), kBitOfEntropy), 0); + EXPECT_EQ(x.size(), y.size()); + EXPECT_FALSE(x == y); } } // namespace yacl::crypto diff --git a/yacl/crypto/rand/entropy_source/rdseed_factory.cc b/yacl/crypto/rand/entropy_source/rdseed_factory.cc index 05a0731..539e210 100644 --- a/yacl/crypto/rand/entropy_source/rdseed_factory.cc +++ b/yacl/crypto/rand/entropy_source/rdseed_factory.cc @@ -54,7 +54,7 @@ Buffer RdSeedEntropySource::GetEntropy(uint32_t bits_of_entropy) noexcept { // output bitstring length (in bytes) would be (ceil(n/0.6) + 7 / 8) uint32_t num_bytes = ((bits_of_entropy * 5 + 2) / 3 + 7) / 8; - Buffer out(num_bytes); + std::vector out(num_bytes); // Batched Random Entropy Generation size_t batch_size = sizeof(uint64_t); @@ -77,11 +77,10 @@ Buffer RdSeedEntropySource::GetEntropy(uint32_t bits_of_entropy) noexcept { // [retry forever ... ] Maybe add loops / pauses in the future } - std::memcpy(static_cast(out.data()) + current_pos, &temp_rand, - current_batch_size); + std::memcpy(out.data() + current_pos, &temp_rand, current_batch_size); } - return out; + return {out.data(), out.size()}; } else if (std::strcmp(cpu_features::GetX86Info().vendor, CPU_FEATURES_VENDOR_AUTHENTIC_AMD) == 0) { // from amd's report, section 7 @@ -91,7 +90,7 @@ Buffer RdSeedEntropySource::GetEntropy(uint32_t bits_of_entropy) noexcept { // The assessed entropy from the noise source is approx. min(Hr, Hc, HI) = // 0.3 bits per 128-bit rdseed output. uint32_t num_bytes = ((bits_of_entropy * 10 + 2) / 3 + 7) / 8; - Buffer out(num_bytes); + std::vector out(num_bytes); // Batched Random Entropy Generation size_t batch_size = sizeof(uint64_t); @@ -114,11 +113,10 @@ Buffer RdSeedEntropySource::GetEntropy(uint32_t bits_of_entropy) noexcept { // [retry forever ... ] Maybe add loops / pauses in the future } - std::memcpy(static_cast(out.data()) + current_pos, &temp_rand, - current_batch_size); + std::memcpy(out.data() + current_pos, &temp_rand, current_batch_size); } - return out; + return {out.data(), out.size()}; } else { SPDLOG_WARN( "Unconfigured CPU verndors, continue gracefully without generating " diff --git a/yacl/crypto/rand/entropy_source/rdseed_factory.h b/yacl/crypto/rand/entropy_source/rdseed_factory.h index b554949..244be9c 100644 --- a/yacl/crypto/rand/entropy_source/rdseed_factory.h +++ b/yacl/crypto/rand/entropy_source/rdseed_factory.h @@ -67,7 +67,7 @@ class RdSeedEntropySource : public EntropySource { Buffer GetEntropy(uint32_t bits_of_entropy) noexcept override; - std::string Name() override { return "Rdseed entropy source"; } + std::string Name() override { return "rdseed entropy source"; } }; } // namespace yacl::crypto diff --git a/yacl/crypto/rand/entropy_source/urandom_factory.cc b/yacl/crypto/rand/entropy_source/urandom_factory.cc index 37ec94c..51d0632 100644 --- a/yacl/crypto/rand/entropy_source/urandom_factory.cc +++ b/yacl/crypto/rand/entropy_source/urandom_factory.cc @@ -44,7 +44,7 @@ Buffer UrandomEntropySource::GetEntropy(uint32_t num_bytes) { return out; } -REGISTER_ENTROPY_SOURCE_LIBRARY("urandom", 100, UrandomEntropySource::Check, +REGISTER_ENTROPY_SOURCE_LIBRARY("urandom", 90, UrandomEntropySource::Check, UrandomEntropySource::Create); } // namespace yacl::crypto diff --git a/yacl/crypto/tools/ro.h b/yacl/crypto/tools/ro.h index 7c9dacb..8397099 100644 --- a/yacl/crypto/tools/ro.h +++ b/yacl/crypto/tools/ro.h @@ -49,8 +49,7 @@ namespace yacl::crypto { // security concerns, see: https://eprint.iacr.org/1998/011.pdf): // 1. SHA256 (with 32 bytes output) // 2. SM3 (with 32 bytes output) -// 3. BLAKE2B (with 64 bytes output) -// 4. BLAKE3 (with 32 bytes output) +// 3. BLAKE3 (with 32 bytes output) // // TODO(@shanzhu): Implement RO by a function ensemble @@ -78,14 +77,11 @@ class RandomOracle { case HashAlgorithm::SM3: // outlen = 32 (256bits) YACL_ENFORCE(outlen <= 32); return {Sm3(x).data(), outlen}; - case HashAlgorithm::BLAKE2B: // outlen = 64 (512bits) - YACL_ENFORCE(outlen <= 64); - return {Blake2(x).data(), outlen}; case HashAlgorithm::BLAKE3: YACL_ENFORCE(outlen <= 32); // outlen = 32 (256bits) return {Blake3(x).data(), outlen}; default: - YACL_THROW("Unsupported hash algorithm: {}", + YACL_THROW("Unsupported hash algorithm for random oracle: {}", static_cast(hash_alg_)); } } @@ -121,10 +117,9 @@ class RandomOracle { if (hash_alg_ == HashAlgorithm::SHA256 || hash_alg_ == HashAlgorithm::SM3 || hash_alg_ == HashAlgorithm::BLAKE3) { YACL_ENFORCE(outlen_ <= 32); - } else if (hash_alg_ == HashAlgorithm::BLAKE2B) { - YACL_ENFORCE(outlen_ <= 64); } else { - YACL_THROW("Unsupported hash algorithm: {}", static_cast(hash_alg_)); + YACL_THROW("Unsupported hash algorithm for random oracle: {}", + static_cast(hash_alg_)); } } diff --git a/yacl/crypto/tools/ro_test.cc b/yacl/crypto/tools/ro_test.cc index 8f926f4..de639c2 100644 --- a/yacl/crypto/tools/ro_test.cc +++ b/yacl/crypto/tools/ro_test.cc @@ -52,10 +52,6 @@ TEST(RandomOracleTest, EdgeTest2) { EXPECT_THROW(RandomOracle(HashAlgorithm::BLAKE3, 33);, yacl::EnforceNotMet); } -TEST(RandomOracleTest, EdgeTest3) { - EXPECT_THROW(RandomOracle(HashAlgorithm::BLAKE2B, 65);, yacl::EnforceNotMet); -} - template void inline CheckType(const RandomOracle& ro, ByteContainerView input) { EXPECT_EQ(ro.Gen(input), ro.Gen(input)); diff --git a/yacl/io/circuit/bristol_fashion.h b/yacl/io/circuit/bristol_fashion.h index 5dcb063..3b669ab 100644 --- a/yacl/io/circuit/bristol_fashion.h +++ b/yacl/io/circuit/bristol_fashion.h @@ -66,6 +66,8 @@ class CircuitReader { Init(path); } + ~CircuitReader() = default; + void ReadMeta(); void ReadAllGates(); void ReadAll() { ReadAllGates(); } @@ -80,7 +82,7 @@ class CircuitReader { in_->Close(); } if (circ_ != nullptr) { - circ_.release(); + circ_.reset(); } } diff --git a/yacl/link/BUILD.bazel b/yacl/link/BUILD.bazel index ca459ef..1460f25 100644 --- a/yacl/link/BUILD.bazel +++ b/yacl/link/BUILD.bazel @@ -93,6 +93,7 @@ yacl_cc_test( ":context", ":factory", ":link", + "//yacl/crypto:key_utils", ], ) diff --git a/yacl/link/factory_test.cc b/yacl/link/factory_test.cc index c91a22c..d273e92 100644 --- a/yacl/link/factory_test.cc +++ b/yacl/link/factory_test.cc @@ -16,28 +16,106 @@ #include #include +#include #include "fmt/format.h" #include "gtest/gtest.h" +#include "yacl/crypto/key_utils.h" #include "yacl/link/context.h" #include "yacl/link/link.h" namespace yacl::link::test { +template +struct TestTypes { + static size_t get_mode() { return MODE; } + static T get_t_instance() { return T(); } +}; + +enum class SslMode { + NONE, // mode = 0 + RSA_SHA256, // mode = 1 + SM2_SM3, // mode = 2 +}; + +inline std::pair GenCertFiles( + const std::string& prefix, const SslMode mode) { + auto pk_path = fmt::format("{}_pk.pem", prefix); + auto sk_path = fmt::format("{}_sk.pem", prefix); + auto cert_path = fmt::format("{}.cer", prefix); + + if (mode == SslMode::RSA_SHA256) { + auto key_pair = crypto::GenRsaKeyPair(); + crypto::ExportPublicKeyToPemFile(key_pair, pk_path); + crypto::ExportSecretKeyToPemBuf(key_pair, sk_path); + auto cert = crypto::MakeX509Cert(crypto::LoadKeyFromFile(pk_path), + crypto::LoadKeyFromFile(sk_path), + { + {"C", "CN"}, + {"ST", "ZJ"}, + {"L", "HZ"}, + {"O", "TEE"}, + {"OU", "EGG"}, + {"CN", "demo.trustedegg.com"}, + }, + 3, crypto::HashAlgorithm::SHA256); + crypto::ExportX509CertToFile(cert, cert_path); + } else if (mode == SslMode::SM2_SM3) { + auto key_pair = crypto::GenSm2KeyPair(); + crypto::ExportPublicKeyToPemFile(key_pair, pk_path); + crypto::ExportSecretKeyToPemBuf(key_pair, sk_path); + auto cert = crypto::MakeX509Cert(crypto::LoadKeyFromFile(pk_path), + crypto::LoadKeyFromFile(sk_path), + { + {"C", "CN"}, + {"ST", "ZJ"}, + {"L", "HZ"}, + {"O", "TEE"}, + {"OU", "EGG"}, + {"CN", "demo.trustedegg.com"}, + }, + 3, crypto::HashAlgorithm::SM3); + crypto::ExportX509CertToFile(cert, cert_path); + } else { + YACL_THROW("Unknown SSL mode."); + } + + return {sk_path, cert_path}; +} + +inline ContextDesc MakeDesc(int count, const SslMode mode) { + ContextDesc desc; + desc.id = fmt::format("world_{}", count); + desc.parties.push_back(ContextDesc::Party("alice", "127.0.0.1:63927")); + desc.parties.push_back(ContextDesc::Party("bob", "127.0.0.1:63921")); + if (mode != SslMode::NONE) { + desc.enable_ssl = true; + desc.server_ssl_opts.ciphers = ""; // auto detect + + // export rsa keys to files + auto [server_sk_path, server_cer_path] = GenCertFiles("server", mode); + auto [client_sk_path, client_cer_path] = GenCertFiles("client", mode); + + desc.server_ssl_opts.cert.certificate_path = server_cer_path; + desc.server_ssl_opts.cert.private_key_path = server_sk_path; + + desc.client_ssl_opts.cert.certificate_path = client_cer_path; + desc.client_ssl_opts.cert.private_key_path = client_sk_path; + } + return desc; +} + template class FactoryTest : public ::testing::Test { public: void SetUp() override { static int desc_count = 0; contexts_.resize(2); - ContextDesc desc; - desc.id = fmt::format("world_{}", desc_count++); - desc.parties.push_back(ContextDesc::Party("alice", "127.0.0.1:63927")); - desc.parties.push_back(ContextDesc::Party("bob", "127.0.0.1:63921")); + auto desc = MakeDesc(desc_count++, SslMode(M::get_mode())); auto create_brpc = [&](int self_rank) { - contexts_[self_rank] = M().CreateContext(desc, self_rank); + contexts_[self_rank] = M::get_t_instance().CreateContext(desc, self_rank); }; std::vector> creates; @@ -66,7 +144,15 @@ class FactoryTest : public ::testing::Test { std::vector> contexts_; }; -using FactoryTestTypes = ::testing::Types; +using FactoryTestTypes = + ::testing::Types, TestTypes, + TestTypes +#ifdef YACL_WITH_TONGSUO + , + TestTypes +#endif + >; + TYPED_TEST_SUITE(FactoryTest, FactoryTestTypes); TYPED_TEST(FactoryTest, SendAsync) { diff --git a/yacl/link/ssl_options.h b/yacl/link/ssl_options.h index 38083b4..f49cd62 100644 --- a/yacl/link/ssl_options.h +++ b/yacl/link/ssl_options.h @@ -46,9 +46,16 @@ struct SSLOptions { // Options used to verify the peer's certificate VerifyOptions verify; + // Cipher suites allowed for each SSL handshake. The format of this string + // should follow that in `man 1 ciphers'. If empty, SSL engine will choose + // a default cipher based on the certificate information + // Default: "" + // GM: "ECC-SM2-SM4-GCM-SM3", "ECC-SM2-SM4-CBC-SM3" + std::string ciphers; // default cipher selected by SSL engine + SSLOptions() = default; - SSLOptions(const SSLOptionsProto& pb) { + explicit SSLOptions(const SSLOptionsProto& pb) { cert.certificate_path = pb.certificate_path(); cert.private_key_path = pb.private_key_path(); diff --git a/yacl/link/transport/brpc_link.cc b/yacl/link/transport/brpc_link.cc index 690c989..179ebb2 100644 --- a/yacl/link/transport/brpc_link.cc +++ b/yacl/link/transport/brpc_link.cc @@ -99,7 +99,9 @@ std::string ReceiverLoopBrpc::Start(const std::string& host, ssl_opts->verify.verify_depth; options.mutable_ssl_options()->verify.ca_file_path = ssl_opts->verify.ca_file_path; + options.mutable_ssl_options()->ciphers = ssl_opts->ciphers; } + if (server_.Start(host.data(), &options) != 0) { YACL_THROW_IO_ERROR("brpc server failed start"); } diff --git a/yacl/link/transport/channel.cc b/yacl/link/transport/channel.cc index a8c3fb2..56e9f2d 100644 --- a/yacl/link/transport/channel.cc +++ b/yacl/link/transport/channel.cc @@ -115,7 +115,7 @@ void Channel::StartSendThread() { send_thread_ = std::thread([&]() { try { SendThread(); - } catch (const yacl::Exception& e) { + } catch (const std::exception& e) { SPDLOG_ERROR("SendThread error {}", e.what()); if (exit_if_async_error_) { exit(-1); @@ -265,6 +265,9 @@ class SendChunkedTask { } catch (const Exception& e) { except = std::make_unique(e); task->token_->SetException(std::move(except)); + } catch (const std::exception& e) { + except = std::make_unique(e); + task->token_->SetException(std::move(except)); } return nullptr; } diff --git a/yacl/utils/circuit_executor.cc b/yacl/utils/circuit_executor.cc index 9552b7d..856b8cb 100644 --- a/yacl/utils/circuit_executor.cc +++ b/yacl/utils/circuit_executor.cc @@ -92,7 +92,7 @@ void PlainExecutor::Finalize(absl::Span outputs) { for (size_t j = 0; j < circ_->now[i]; ++j) { result[j] = wires_[index - circ_->now[i] + j]; } - outputs[circ_->nov - i - 1] = *(uint128_t*)result.data(); + outputs[circ_->nov - i - 1] = *(T*)result.data(); index -= circ_->now[i]; } } diff --git a/yacl/utils/spi/argument/arg_set.cc b/yacl/utils/spi/argument/arg_set.cc index c938067..9cd82e3 100644 --- a/yacl/utils/spi/argument/arg_set.cc +++ b/yacl/utils/spi/argument/arg_set.cc @@ -13,6 +13,7 @@ // limitations under the License. #include "yacl/utils/spi/argument/arg_set.h" + #include "fmt/ranges.h" // formatter to format SpiArgs values diff --git a/yacl/utils/spi/item.cc b/yacl/utils/spi/item.cc index d3e1dca..34a4fce 100644 --- a/yacl/utils/spi/item.cc +++ b/yacl/utils/spi/item.cc @@ -14,9 +14,10 @@ #include "yacl/utils/spi/item.h" -#include "yacl/math/mpint/mp_int.h" #include "fmt/ranges.h" +#include "yacl/math/mpint/mp_int.h" + namespace yacl { namespace {