diff --git a/.github/workflows/asan.yml b/.github/workflows/asan.yml index 3158f7594a..aa4a866fc3 100644 --- a/.github/workflows/asan.yml +++ b/.github/workflows/asan.yml @@ -35,9 +35,6 @@ jobs: script -q -e -c "make pull" sudo df -h script -q -e -c "CONCORD_BFT_CMAKE_OMIT_TEST_OUTPUT=TRUE CONCORD_BFT_CMAKE_KEEP_APOLLO_LOGS=FALSE CONCORD_BFT_CMAKE_ASAN=TRUE CONCORD_BFT_CMAKE_USE_FAKE_CLOCK_IN_TIME_SERVICE=TRUE \ - CONCORD_BFT_CMAKE_USE_CRYPTOPP_HASH=TRUE \ - CONCORD_BFT_CMAKE_USE_OPENSSL_SHA_256=FALSE \ - CONCORD_BFT_CMAKE_USE_OPENSSL_SHA3_256=FALSE \ make build" \ && script -q -e -c "make test" - name: Check if ASAN passed diff --git a/.github/workflows/build_and_test_clang_debug.yml b/.github/workflows/build_and_test_clang_debug.yml index ad46288759..3f3e4805eb 100644 --- a/.github/workflows/build_and_test_clang_debug.yml +++ b/.github/workflows/build_and_test_clang_debug.yml @@ -59,9 +59,6 @@ jobs: -DUSE_OPENTRACING=ON \ -DOMIT_TEST_OUTPUT=OFF\ -DKEEP_APOLLO_LOGS=TRUE\ - -DUSE_CRYPTOPP_HASH=TRUE\ - -DUSE_OPENSSL_SHA_256=FALSE\ - -DUSE_OPENSSL_SHA3_256=FALSE\ -DUSE_FAKE_CLOCK_IN_TIME_SERVICE=TRUE\" "\ && script -q -e -c "make test" - name: Prepare artifacts diff --git a/.github/workflows/build_and_test_clang_release.yml b/.github/workflows/build_and_test_clang_release.yml index e1ade905a1..65e6a0e50b 100644 --- a/.github/workflows/build_and_test_clang_release.yml +++ b/.github/workflows/build_and_test_clang_release.yml @@ -60,9 +60,6 @@ jobs: -DUSE_OPENTRACING=ON \ -DOMIT_TEST_OUTPUT=OFF\ -DKEEP_APOLLO_LOGS=TRUE\ - -DUSE_CRYPTOPP_HASH=TRUE\ - -DUSE_OPENSSL_SHA_256=FALSE\ - -DUSE_OPENSSL_SHA3_256=FALSE\ -DUSE_FAKE_CLOCK_IN_TIME_SERVICE=TRUE\" "\ && script -q -e -c "make test" - name: Prepare artifacts diff --git a/.github/workflows/build_and_test_gcc_debug.yml b/.github/workflows/build_and_test_gcc_debug.yml index f55ea78f1d..96a068ec6c 100644 --- a/.github/workflows/build_and_test_gcc_debug.yml +++ b/.github/workflows/build_and_test_gcc_debug.yml @@ -59,9 +59,6 @@ jobs: -DOMIT_TEST_OUTPUT=OFF\ -DKEEP_APOLLO_LOGS=TRUE\ -DRUN_APOLLO_TESTS=FALSE\ - -DUSE_CRYPTOPP_HASH=TRUE\ - -DUSE_OPENSSL_SHA_256=FALSE\ - -DUSE_OPENSSL_SHA3_256=FALSE\ -DUSE_FAKE_CLOCK_IN_TIME_SERVICE=TRUE\" "\ && script -q -e -c "make test" - name: Prepare artifacts diff --git a/.github/workflows/build_and_test_gcc_release.yml b/.github/workflows/build_and_test_gcc_release.yml index 20e71606c2..b7bfe63eb3 100644 --- a/.github/workflows/build_and_test_gcc_release.yml +++ b/.github/workflows/build_and_test_gcc_release.yml @@ -59,9 +59,6 @@ jobs: -DOMIT_TEST_OUTPUT=OFF\ -DKEEP_APOLLO_LOGS=TRUE\ -DRUN_APOLLO_TESTS=FALSE\ - -DUSE_CRYPTOPP_HASH=TRUE\ - -DUSE_OPENSSL_SHA_256=FALSE\ - -DUSE_OPENSSL_SHA3_256=FALSE\ -DUSE_FAKE_CLOCK_IN_TIME_SERVICE=TRUE\" "\ && script -q -e -c "make test" - name: Prepare artifacts diff --git a/.github/workflows/clang-tidy.yml b/.github/workflows/clang-tidy.yml index bcbcd734af..cffc519666 100644 --- a/.github/workflows/clang-tidy.yml +++ b/.github/workflows/clang-tidy.yml @@ -37,9 +37,6 @@ jobs: -DUSE_S3_OBJECT_STORE=TRUE \ -DUSE_OPENTRACING=ON \ -DOMIT_TEST_OUTPUT=OFF\ - -DUSE_CRYPTOPP_HASH=TRUE\ - -DUSE_OPENSSL_SHA_256=FALSE\ - -DUSE_OPENSSL_SHA3_256=FALSE\ -DUSE_FAKE_CLOCK_IN_TIME_SERVICE=TRUE\" "\ - name: Print failure info if: failure() diff --git a/.github/workflows/codecoverage.yml b/.github/workflows/codecoverage.yml index 9002c2e1d0..95def91f2d 100644 --- a/.github/workflows/codecoverage.yml +++ b/.github/workflows/codecoverage.yml @@ -30,9 +30,6 @@ jobs: sudo df -h script -q -e -c "CONCORD_BFT_CONTAINER_CC=clang CONCORD_BFT_CONTAINER_CXX=clang++ \ CONCORD_BFT_CMAKE_CODECOVERAGE=TRUE CONCORD_BFT_CMAKE_TRANSPORT=UDP \ - CONCORD_BFT_CMAKE_USE_CRYPTOPP_HASH=TRUE \ - CONCORD_BFT_CMAKE_USE_OPENSSL_SHA_256=FALSE \ - CONCORD_BFT_CMAKE_USE_OPENSSL_SHA3_256=FALSE \ make build" && script -q -e -c "make test" continue-on-error: true diff --git a/.github/workflows/tsan.yml b/.github/workflows/tsan.yml index 74b292db2a..5a69f94ee5 100644 --- a/.github/workflows/tsan.yml +++ b/.github/workflows/tsan.yml @@ -35,9 +35,6 @@ jobs: script -q -e -c "make pull" sudo df -h script -q -e -c "CONCORD_BFT_CMAKE_OMIT_TEST_OUTPUT=TRUE CONCORD_BFT_CMAKE_KEEP_APOLLO_LOGS=FALSE CONCORD_BFT_CMAKE_TSAN=TRUE CONCORD_BFT_CMAKE_USE_FAKE_CLOCK_IN_TIME_SERVICE=TRUE \ - CONCORD_BFT_CMAKE_USE_CRYPTOPP_HASH=TRUE \ - CONCORD_BFT_CMAKE_USE_OPENSSL_SHA_256=FALSE \ - CONCORD_BFT_CMAKE_USE_OPENSSL_SHA3_256=FALSE \ make build" \ && script -q -e -c "make test" - name: Check if TSAN passed diff --git a/CMakeLists.txt b/CMakeLists.txt index f03a0f30a2..5689c5d5bc 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -114,19 +114,6 @@ if(CODECOVERAGE) message( "-- Building with llvm Code Coverage Tools") endif() -if(USE_CRYPTOPP_HASH) - message("-- USE_CRYPTOPP_HASH Enabled") - string(APPEND CMAKE_CXX_FLAGS " -DUSE_CRYPTOPP_HASH") -elseif(USE_OPENSSL_SHA_256) - message("-- USE_OPENSSL_SHA_256 Enabled") - string(APPEND CMAKE_CXX_FLAGS " -DUSE_OPENSSL_SHA_256") -elseif(USE_OPENSSL_SHA3_256) - message("-- USE_OPENSSL_SHA3_256 Enabled") - string(APPEND CMAKE_CXX_FLAGS " -DUSE_OPENSSL_SHA3_256") -else() - message(FATAL_ERROR "None of the cryptographic hashing libraries are enabled.") -endif() - if(USE_S3_OBJECT_STORE) add_compile_definitions(USE_S3_OBJECT_STORE=1) endif() diff --git a/Makefile b/Makefile index 7ec787e150..a1c7826631 100644 --- a/Makefile +++ b/Makefile @@ -57,9 +57,6 @@ CONCORD_BFT_CMAKE_TSAN?=FALSE CONCORD_BFT_CMAKE_CODECOVERAGE?=FALSE CONCORD_BFT_CMAKE_USE_FAKE_CLOCK_IN_TIME_SERVICE?=FALSE ENABLE_RESTART_RECOVERY_TESTS?=FALSE -CONCORD_BFT_CMAKE_USE_CRYPTOPP_HASH?=TRUE -CONCORD_BFT_CMAKE_USE_OPENSSL_SHA_256?=FALSE -CONCORD_BFT_CMAKE_USE_OPENSSL_SHA3_256?=FALSE ifeq (${CONCORD_BFT_CMAKE_ASAN},TRUE) CONCORD_BFT_CMAKE_CXX_FLAGS_RELEASE='-O0 -g' @@ -94,10 +91,7 @@ CONCORD_BFT_CMAKE_FLAGS?= \ -DTHREADCHECK=${CONCORD_BFT_CMAKE_TSAN} \ -DCODECOVERAGE=${CONCORD_BFT_CMAKE_CODECOVERAGE} \ -DTXN_SIGNING_ENABLED=${CONCORD_BFT_CMAKE_TRANSACTION_SIGNING_ENABLED} \ - -DENABLE_RESTART_RECOVERY_TESTS=${ENABLE_RESTART_RECOVERY_TESTS} \ - -DUSE_OPENSSL_SHA_256=${CONCORD_BFT_CMAKE_USE_OPENSSL_SHA_256} \ - -DUSE_OPENSSL_SHA3_256=${CONCORD_BFT_CMAKE_USE_OPENSSL_SHA3_256} \ - -DUSE_CRYPTOPP_HASH=${CONCORD_BFT_CMAKE_USE_CRYPTOPP_HASH} + -DENABLE_RESTART_RECOVERY_TESTS=${ENABLE_RESTART_RECOVERY_TESTS} # The consistency parameter makes sense only at MacOS. # It is ignored at all other platforms. diff --git a/util/CMakeLists.txt b/util/CMakeLists.txt index 84a6811da3..4f4ed8a9a6 100644 --- a/util/CMakeLists.txt +++ b/util/CMakeLists.txt @@ -18,6 +18,12 @@ set(util_source_files add_library(util STATIC ${util_source_files}) add_library(util_shared SHARED ${util_source_files}) +# Use below macros to use CryptoPP's SHA_256 or OpenSSL's SHA_256 hashing. +# USE_CRYPTOPP_SHA_256=FALSE +# USE_OPENSSL_SHA_256=FALSE +target_compile_definitions(util PUBLIC USE_OPENSSL_SHA3_256) +target_compile_definitions(util_shared PUBLIC USE_OPENSSL_SHA3_256) + if(USE_OPENSSL) if(NOT BUILD_THIRDPARTY) find_package(OpenSSL REQUIRED) diff --git a/util/include/DigestImpl.ipp b/util/include/DigestImpl.ipp deleted file mode 100644 index d52fa8a714..0000000000 --- a/util/include/DigestImpl.ipp +++ /dev/null @@ -1,144 +0,0 @@ -// Concord -// -// Copyright (c) 2022 VMware, Inc. All Rights Reserved. -// -// This product is licensed to you under the Apache 2.0 license (the "License"). You may not use this product except in -// compliance with the Apache 2.0 License. -// -// This product may include a number of subcomponents with separate copyright notices and license terms. Your use of -// these subcomponents is subject to the terms and conditions of the subcomponent's license, as noted in the LICENSE -// file. - -#pragma once - -#include -#include -#include -#include - -#include "sha_hash.hpp" -#include "DigestType.hpp" -#include "hex_tools.h" - -namespace concord::util::digest { - -class DigestUtil { - public: - static size_t digestLength(); - static bool compute(const char* input, size_t inputLength, char* outBufferForDigest, size_t lengthOfBufferForDigest); - - class Context { - public: - Context(); - void update(const char* data, size_t len); - void writeDigest(char* outDigest); // write digest to outDigest, and invalidate the Context object - ~Context(); - - private: - void* internalState; - }; -}; - -class DigestCreator { - public: - virtual ~DigestCreator() = default; - - virtual void init() = 0; - virtual void compute() = 0; - virtual void update() = 0; - virtual void final() = 0; -}; - -template >> -class DigestHolder { - public: - DigestHolder() { std::memset(d, 0, DIGEST_SIZE); } - DigestHolder(unsigned char initVal) { std::memset(d, initVal, DIGEST_SIZE); } - DigestHolder(const char* other) { std::memcpy(d, other, DIGEST_SIZE); } - DigestHolder(char* buf, size_t len) { DigestUtil::compute(buf, len, (char*)d, DIGEST_SIZE); } - DigestHolder(const DigestHolder& other) { std::memcpy(d, other.d, DIGEST_SIZE); } - - char* content() const { return (char*)d; } // Can be replaced by getForUpdate(). - void makeZero() { std::memset(d, 0, DIGEST_SIZE); } - std::string toString() const { return concordUtils::bufferToHex(d, DIGEST_SIZE, false); } - void print() { printf("digest=[%s]", toString().c_str()); } - const char* const get() const { return d; } - char* getForUpdate() { return d; } - - bool isZero() const { - for (int i = 0; i < DIGEST_SIZE; ++i) { - if (d[i] != 0) return false; - } - return true; - } - - int hash() const { - uint64_t* p = (uint64_t*)d; - int h = (int)p[0]; - return h; - } - - bool operator==(const DigestHolder& other) const { - int r = std::memcmp(d, other.d, DIGEST_SIZE); - return (r == 0); - } - - bool operator!=(const DigestHolder& other) const { - int r = std::memcmp(d, other.d, DIGEST_SIZE); - return (r != 0); - } - - DigestHolder& operator=(const DigestHolder& other) { - if (this == &other) { - return *this; - } - std::memcpy(d, other.d, DIGEST_SIZE); - return *this; - } - - static void digestOfDigest(const DigestHolder& inDigest, DigestHolder& outDigest) { - DigestUtil::compute(inDigest.d, sizeof(DigestHolder), outDigest.d, sizeof(DigestHolder)); - } - - static void calcCombination(const DigestHolder& inDigest, int64_t inDataA, int64_t inDataB, DigestHolder& outDigest) { - const size_t X = ((DIGEST_SIZE / sizeof(uint64_t)) / 2); - - std::memcpy(outDigest.d, inDigest.d, DIGEST_SIZE); - - uint64_t* ptr = (uint64_t*)outDigest.d; - size_t locationA = ptr[0] % X; - size_t locationB = (ptr[0] >> 8) % X; - ptr[locationA] = ptr[locationA] ^ (inDataA); - ptr[locationB] = ptr[locationB] ^ (inDataB); - } - - private: - char d[DIGEST_SIZE]; // DIGEST_SIZE should be >= 8 bytes; // Stores digest. -}; - -// Implements digest using Crypto++ library. -class CryptoppDigestCreator : public DigestCreator { - public: - void init() override {} - void compute() override {} - void update() override {} - void final() override {} - virtual ~CryptoppDigestCreator() = default; -}; - -// Implements digest using OpenSSL library. -template || - std::is_same_v>> -class OpenSSLDigestCreator : public DigestCreator { - public: - virtual ~OpenSSLDigestCreator() = default; - void init() override {} - void compute() override {} - void update() override {} - void final() override {} - - private: - SHACTX hash_ctx_; -}; -} // namespace concord::util::digest diff --git a/util/include/cryptopp_digest_creator.hpp b/util/include/cryptopp_digest_creator.hpp index c4b78e85be..cc9ebc4de9 100644 --- a/util/include/cryptopp_digest_creator.hpp +++ b/util/include/cryptopp_digest_creator.hpp @@ -11,7 +11,6 @@ #pragma once -#include "digest_creator.hpp" #include "digest_type.hpp" #if defined MD5_DIGEST @@ -25,8 +24,8 @@ namespace concord::util::digest { -// Implements digest creator using Crypto++ library. -class CryptoppDigestCreator : public DigestCreator { +// A class that generates SHA digest using CryptoPP library. +class CryptoppDigestCreator { public: CryptoppDigestCreator(); virtual ~CryptoppDigestCreator(); @@ -35,13 +34,10 @@ class CryptoppDigestCreator : public DigestCreator { CryptoppDigestCreator(const CryptoppDigestCreator&) = delete; CryptoppDigestCreator& operator=(const CryptoppDigestCreator&) = delete; - void update(const char* data, size_t len) override; - void writeDigest(char* outDigest) override; - size_t digestLength() const override; - bool compute(const char* input, - size_t inputLength, - char* outBufferForDigest, - size_t lengthOfBufferForDigest) override; + void update(const char* data, size_t len); + void writeDigest(char* outDigest); + size_t digestLength() const; + bool compute(const char* input, size_t inputLength, char* outBufferForDigest, size_t lengthOfBufferForDigest); private: void* internalState_; diff --git a/util/include/digest.hpp b/util/include/digest.hpp index 6819fd5758..2ad8b55d66 100644 --- a/util/include/digest.hpp +++ b/util/include/digest.hpp @@ -14,13 +14,13 @@ #include "digest_type.hpp" #include "digest_holder.hpp" #include "cryptopp_digest_creator.hpp" -#include "openssl_digest_creator.ipp" +#include "openssl_digest_creator.hpp" namespace concord::util::digest { using BlockDigest = std::array; -#if defined USE_CRYPTOPP_HASH +#if defined USE_CRYPTOPP_SHA_256 using Digest = DigestHolder; using DigestGenerator = CryptoppDigestCreator; #elif defined USE_OPENSSL_SHA_256 diff --git a/util/include/digest_creator.hpp b/util/include/digest_creator.hpp deleted file mode 100644 index bfff275e21..0000000000 --- a/util/include/digest_creator.hpp +++ /dev/null @@ -1,32 +0,0 @@ -// Concord -// -// Copyright (c) 2022 VMware, Inc. All Rights Reserved. -// -// This product is licensed to you under the Apache 2.0 license (the "License"). You may not use this product except in -// compliance with the Apache 2.0 License. -// -// This product may include a number of subcomponents with separate copyright notices and license terms. Your use of -// these subcomponents is subject to the terms and conditions of the subcomponent's license, as noted in the LICENSE -// file. -// -// Design doc: -// https://confluence.eng.vmware.com/pages/viewpage.action?spaceKey=BLOC&title=Align+cryptographic+algorithms+across+Concord - -#pragma once - -namespace concord::util::digest { - -// It is responsible for generating the digest. -class DigestCreator { - public: - virtual ~DigestCreator() = default; - - virtual void update(const char* data, size_t len) = 0; - virtual void writeDigest(char* outDigest) = 0; - virtual size_t digestLength() const = 0; - virtual bool compute(const char* input, - size_t inputLength, - char* outBufferForDigest, - size_t lengthOfBufferForDigest) = 0; -}; -} // namespace concord::util::digest diff --git a/util/include/digest_holder.hpp b/util/include/digest_holder.hpp index a77ab36f92..543fd2d52a 100644 --- a/util/include/digest_holder.hpp +++ b/util/include/digest_holder.hpp @@ -15,13 +15,13 @@ #include #include "digest_type.hpp" -#include "digest_creator.hpp" #include "hex_tools.h" namespace concord::util::digest { -// It is responsible for holding the generated digest. The digest is generated by DigestCreator class. -template >> +// It is responsible for holding the generated digest. The digest is generated by digest generator classes such as +// OpenSSLDigestCreator and CryptoPPDigestCreator classes. +template class DigestHolder { public: DigestHolder() { std::memset(d, 0, DIGEST_SIZE); } diff --git a/util/include/openssl_digest_creator.ipp b/util/include/openssl_digest_creator.hpp similarity index 95% rename from util/include/openssl_digest_creator.ipp rename to util/include/openssl_digest_creator.hpp index bc1ff35e7d..63431e6400 100644 --- a/util/include/openssl_digest_creator.ipp +++ b/util/include/openssl_digest_creator.hpp @@ -12,19 +12,18 @@ #pragma once #include -#include #include #include -#include "digest_creator.hpp" #include "sha_hash.hpp" namespace concord::util::digest { +// A class that generates SHA digest using OpenSSL library. template || std::is_same_v>> -class OpenSSLDigestCreator : public DigestCreator { +class OpenSSLDigestCreator { public: OpenSSLDigestCreator() = default; diff --git a/util/src/DigestImpl.cpp b/util/src/DigestImpl.cpp deleted file mode 100644 index 683ce983e8..0000000000 --- a/util/src/DigestImpl.cpp +++ /dev/null @@ -1,92 +0,0 @@ -// Concord -// -// Copyright (c) 2022 VMware, Inc. All Rights Reserved. -// -// This product is licensed to you under the Apache 2.0 license (the "License"). You may not use this product except in -// compliance with the Apache 2.0 License. -// -// This product may include a number of subcomponents with separate copyright notices and license terms. Your use of -// these subcomponents is subject to the terms and conditions of the subcomponent's license, as noted in the LICENSE -// file. - -#include -#include -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wpedantic" -#include -#include -#pragma GCC diagnostic pop - -#include "assertUtils.hpp" -#include -#include -#include - -#include "DigestImpl.ipp" - -#if defined MD5_DIGEST -#include -#define DigestType Weak1::MD5 -#elif defined SHA256_DIGEST -#define DigestType SHA256 -#elif defined SHA512_DIGEST -#define DigestType SHA512 -#endif - -using namespace CryptoPP; - -namespace concord::util::digest { - -size_t DigestUtil::digestLength() { return DigestType::DIGESTSIZE; } - -bool DigestUtil::compute(const char* input, - size_t inputLength, - char* outBufferForDigest, - size_t lengthOfBufferForDigest) { - DigestType dig; - - size_t size = dig.DigestSize(); - - if (lengthOfBufferForDigest < size) return false; - - SecByteBlock digest(size); - - dig.Update((CryptoPP::byte*)input, inputLength); - dig.Final(digest); - const CryptoPP::byte* h = digest; - memcpy(outBufferForDigest, h, size); - - return true; -} - -DigestUtil::Context::Context() { - DigestType* p = new DigestType(); - internalState = p; -} - -void DigestUtil::Context::update(const char* data, size_t len) { - ConcordAssert(internalState != NULL); - DigestType* p = (DigestType*)internalState; - p->Update((CryptoPP::byte*)data, len); -} - -void DigestUtil::Context::writeDigest(char* outDigest) { - ConcordAssert(internalState != NULL); - DigestType* p = (DigestType*)internalState; - SecByteBlock digest(digestLength()); - p->Final(digest); - const CryptoPP::byte* h = digest; - memcpy(outDigest, h, digestLength()); - - delete p; - internalState = NULL; -} - -DigestUtil::Context::~Context() { - if (internalState != NULL) { - DigestType* p = (DigestType*)internalState; - delete p; - internalState = NULL; - } -} -} // namespace concord::util::digest diff --git a/util/test/openssl_digest_creator_test.cpp b/util/test/openssl_digest_creator_test.cpp index 36dc0e7774..1c6f52989b 100644 --- a/util/test/openssl_digest_creator_test.cpp +++ b/util/test/openssl_digest_creator_test.cpp @@ -15,7 +15,7 @@ #include "gtest/gtest.h" #include "hex_tools.h" #include "sha_hash.hpp" -#include "openssl_digest_creator.ipp" +#include "openssl_digest_creator.hpp" using concord::util::SHA2_256; using concord::util::SHA3_256;