Move crypto.hpp to util/crypto.hpp

vmware · Sep 11, 2022 · 0fa99a5 · 0fa99a5
1 parent 04a4614
commit 0fa99a5
Show file tree

Hide file tree

Showing 72 changed files with 625 additions and 754 deletions.
diff --git a/bftengine/include/bftengine/CryptoManager.hpp b/bftengine/include/bftengine/CryptoManager.hpp
@@ -18,7 +18,7 @@
 #include "ReplicaConfig.hpp"
 #include "IKeyExchanger.hpp"
 #include "Logger.hpp"
-#include "crypto/crypto.h"
+#include "crypto/crypto.hpp"
 
 namespace bftEngine {
 typedef std::int64_t SeqNum;                    // TODO [TK] redefinition

diff --git a/bftengine/include/bftengine/IKeyExchanger.hpp b/bftengine/include/bftengine/IKeyExchanger.hpp
@@ -10,11 +10,10 @@
 // file.
 
 #pragma once
-#include "crypto.hpp"
 #include <string>
 #include <cstdint>
 #include <tuple>
-#include <crypto/crypto.h>
+#include "crypto/crypto.hpp"
 
 // Interface for objects that need to be notified on key rotation
 class IKeyExchanger {

diff --git a/bftengine/include/bftengine/KeyExchangeManager.hpp b/bftengine/include/bftengine/KeyExchangeManager.hpp
@@ -18,7 +18,7 @@
 #include "Metrics.hpp"
 #include "secrets_manager_impl.h"
 #include "SysConsts.hpp"
-#include "crypto.hpp"
+#include "crypto/crypto.hpp"
 #include <future>
 
 namespace bftEngine::impl {

diff --git a/bftengine/src/bcstatetransfer/AsyncStateTransferCRE.cpp b/bftengine/src/bcstatetransfer/AsyncStateTransferCRE.cpp
@@ -73,13 +73,11 @@ class Communication : public ICommunication {
 
 class InternalSigner : public concord::crypto::ISigner {
  public:
-  std::string sign(const std::string& data) override {
-    std::string out;
-    out.resize(bftEngine::impl::SigManager::instance()->getMySigLength());
-    bftEngine::impl::SigManager::instance()->sign(data.data(), data.size(), out.data());
-    return out;
+  size_t signBuffer(const concord::Byte* dataIn, size_t dataLen, concord::Byte* sigOutBuffer) override {
+    return bftEngine::impl::SigManager::instance()->sign(dataIn, dataLen, sigOutBuffer);
   }
-  uint32_t signatureLength() const override { return bftEngine::impl::SigManager::instance()->getMySigLength(); }
+
+  size_t signatureLength() const override { return bftEngine::impl::SigManager::instance()->getMySigLength(); }
   std::string getPrivKey() const override { return ""; }
 };
 

diff --git a/bftengine/src/bftengine/KeyExchangeManager.cpp b/bftengine/src/bftengine/KeyExchangeManager.cpp
@@ -22,8 +22,9 @@
 #include "communication/StateControl.hpp"
 #include "ReplicaImp.hpp"
 #include "crypto/factory.hpp"
-#include "crypto.hpp"
+#include "crypto/crypto.hpp"
 #include "openssl/utils.hpp"
+#include "crypto/cryptopp/keygen.hpp"
 
 namespace bftEngine::impl {
 

diff --git a/bftengine/src/bftengine/ReplicaImp.cpp b/bftengine/src/bftengine/ReplicaImp.cpp
@@ -5312,9 +5312,8 @@ void ReplicaImp::onExecutionFinish() {
     // Mark this request as an internal one
     std::vector<uint8_t> data_vec;
     concord::messages::serialize(data_vec, req);
-    std::string sig(SigManager::instance()->getMySigLength(), '\0');
-    SigManager::instance()->sign(reinterpret_cast<char *>(data_vec.data()), data_vec.size(), sig.data());
-    req.signature = std::vector<uint8_t>(sig.begin(), sig.end());
+    req.signature.resize(SigManager::instance()->getMySigLength());
+    SigManager::instance()->sign(data_vec.data(), data_vec.size(), req.signature.data());
     data_vec.clear();
     concord::messages::serialize(data_vec, req);
     std::string strMsg(data_vec.begin(), data_vec.end());

diff --git a/bftengine/src/bftengine/SigManager.cpp b/bftengine/src/bftengine/SigManager.cpp
@@ -26,6 +26,7 @@ namespace impl {
 
 using concord::crypto::IVerifier;
 using concord::crypto::Factory;
+using concord::crypto::KeyFormat;
 
 concord::messages::keys_and_signatures::ClientsPublicKeys clientsPublicKeys_;
 
@@ -203,14 +204,14 @@ uint16_t SigManager::getSigLength(PrincipalId pid) const {
 }
 
 bool SigManager::verifySig(
-    PrincipalId pid, const char* data, size_t dataLength, const char* sig, uint16_t sigLength) const {
+    PrincipalId pid, const concord::Byte* data, size_t dataLength, const concord::Byte* sig, uint16_t sigLength) const {
+
   bool result = false;
   {
-    std::string str_data(data, dataLength);
-    std::string str_sig(sig, sigLength);
     std::shared_lock lock(mutex_);
     if (auto pos = verifiers_.find(pid); pos != verifiers_.end()) {
-      result = pos->second->verify(str_data, str_sig);
+      result = pos->second->verifyBuffer(data,dataLength,
+                                         sig, sigLength);
     } else {
       LOG_ERROR(GL, "Unrecognized pid " << pid);
       metrics_.sigVerificationFailedOnUnrecognizedParticipantId_++;
@@ -245,10 +246,12 @@ bool SigManager::verifySig(
   return result;
 }
 
-void SigManager::sign(const char* data, size_t dataLength, char* outSig) const {
-  std::string str_data(data, dataLength);
-  std::string sig = mySigner_->sign(str_data);
-  std::memcpy(outSig, sig.c_str(), sig.size());
+size_t SigManager::sign(const concord::Byte* data, size_t dataLength, concord::Byte* outSig) const {
+  return mySigner_->signBuffer(data, dataLength, outSig);
+}
+
+size_t SigManager::sign(const char* data, size_t dataLength, char* outSig) const {
+  return sign(reinterpret_cast<const uint8_t*>(data), dataLength, reinterpret_cast<uint8_t*>(outSig));
 }
 
 uint16_t SigManager::getMySigLength() const { return (uint16_t)mySigner_->signatureLength(); }
@@ -273,6 +276,10 @@ void SigManager::setClientPublicKey(const std::string& key, PrincipalId id, KeyF
 bool SigManager::hasVerifier(PrincipalId pid) { return verifiers_.find(pid) != verifiers_.end(); }
 
 concord::crypto::SignatureAlgorithm SigManager::getMainKeyAlgorithm() const { return concord::crypto::EdDSA; }
+concord::crypto::ISigner& SigManager::getSigner() { return *mySigner_; }
+const concord::crypto::IVerifier& SigManager::getVerifier(PrincipalId otherPrincipal) const {
+  return *verifiers_.at(otherPrincipal);
+}
 
 }  // namespace impl
 }  // namespace bftEngine
diff --git a/bftengine/src/bftengine/SigManager.hpp b/bftengine/src/bftengine/SigManager.hpp
@@ -13,7 +13,7 @@
 #include "PrimitiveTypes.hpp"
 #include "assertUtils.hpp"
 #include "Metrics.hpp"
-#include "crypto.hpp"
+#include "crypto/crypto.hpp"
 #include "crypto/signer.hpp"
 #include "crypto/verifier.hpp"
 
@@ -29,7 +29,6 @@ using concordMetrics::AtomicCounterHandle;
 namespace bftEngine {
 namespace impl {
 
-
 class ReplicasInfo;
 
 class SigManager {
@@ -53,29 +52,43 @@ class SigManager {
   static SigManager* init(ReplicaId myId,
                           const Key& mySigPrivateKey,
                           const std::set<std::pair<PrincipalId, const std::string>>& publicKeysOfReplicas,
-                          concord::util::crypto::KeyFormat replicasKeysFormat,
+                          concord::crypto::KeyFormat replicasKeysFormat,
                           const std::set<std::pair<const std::string, std::set<uint16_t>>>* publicKeysOfClients,
-                          concord::util::crypto::KeyFormat clientsKeysFormat,
+                          concord::crypto::KeyFormat clientsKeysFormat,
                           ReplicasInfo& replicasInfo);
 
   // returns 0 if pid is invalid - caller might consider throwing an exception
   uint16_t getSigLength(PrincipalId pid) const;
   // returns false if actual verification failed, or if pid is invalid
-  bool verifySig(PrincipalId pid, const char* data, size_t dataLength, const char* sig, uint16_t sigLength) const;
-  void sign(const char* data, size_t dataLength, char* outSig) const;
+  bool verifySig(PrincipalId pid, const concord::Byte* data, size_t dataLength, const concord::Byte* sig, uint16_t sigLength) const;
+
+  template <typename DataContainer, typename SignatureContainer>
+  bool verifySig(PrincipalId pid, const DataContainer& data, const SignatureContainer& sig) const {
+    static_assert(sizeof(typename DataContainer::value_type) == sizeof(concord::Byte),
+                  "data elements are not byte-sized");
+    static_assert(sizeof(typename SignatureContainer::value_type) == sizeof(concord::Byte),
+                  "signature elements are not byte-sized");
+    return verifySig(pid, reinterpret_cast<const concord::Byte*>(data.data()), data.size(),
+              reinterpret_cast<const concord::Byte*>(sig.data()), static_cast<uint16_t>(sig.size()));
+  }
+
+  size_t sign(const concord::Byte* data, size_t dataLength, concord::Byte* outSig) const;
+  size_t sign(const char* data, size_t dataLength, char* outSig) const;
   uint16_t getMySigLength() const;
   bool isClientTransactionSigningEnabled() { return clientTransactionSigningEnabled_; }
   void SetAggregator(std::shared_ptr<concordMetrics::Aggregator> aggregator) {
     metrics_component_.SetAggregator(aggregator);
   }
-  void setClientPublicKey(const std::string& key, PrincipalId, concord::util::crypto::KeyFormat);
+  void setClientPublicKey(const std::string& key, PrincipalId, concord::crypto::KeyFormat);
   bool hasVerifier(PrincipalId pid);
   SigManager(const SigManager&) = delete;
   SigManager& operator=(const SigManager&) = delete;
   SigManager(SigManager&&) = delete;
   SigManager& operator=(SigManager&&) = delete;
 
   concord::crypto::SignatureAlgorithm getMainKeyAlgorithm() const;
+  concord::crypto::ISigner& getSigner();
+  const concord::crypto::IVerifier& getVerifier(PrincipalId otherPrincipal) const;
 
   std::string getClientsPublicKeys();
   std::string getPublicKeyOfVerifier(uint32_t id) const {
@@ -89,18 +102,18 @@ class SigManager {
 
   SigManager(PrincipalId myId,
              uint16_t numReplicas,
-             const std::pair<Key, concord::util::crypto::KeyFormat>& mySigPrivateKey,
-             const std::vector<std::pair<Key, concord::util::crypto::KeyFormat>>& publickeys,
+             const std::pair<Key, concord::crypto::KeyFormat>& mySigPrivateKey,
+             const std::vector<std::pair<Key, concord::crypto::KeyFormat>>& publickeys,
              const std::map<PrincipalId, KeyIndex>& publicKeysMapping,
              bool clientTransactionSigningEnabled,
              ReplicasInfo& replicasInfo);
 
   static SigManager* initImpl(ReplicaId myId,
                               const Key& mySigPrivateKey,
                               const std::set<std::pair<PrincipalId, const std::string>>& publicKeysOfReplicas,
-                              concord::util::crypto::KeyFormat replicasKeysFormat,
+                              concord::crypto::KeyFormat replicasKeysFormat,
                               const std::set<std::pair<const std::string, std::set<uint16_t>>>* publicKeysOfClients,
-                              concord::util::crypto::KeyFormat clientsKeysFormat,
+                              concord::crypto::KeyFormat clientsKeysFormat,
                               ReplicasInfo& replicasInfo);
 
   const PrincipalId myId_;
@@ -131,9 +144,9 @@ class SigManager {
       ReplicaId myId,
       const Key& mySigPrivateKey,
       const std::set<std::pair<PrincipalId, const std::string>>& publicKeysOfReplicas,
-      concord::util::crypto::KeyFormat replicasKeysFormat,
+      concord::crypto::KeyFormat replicasKeysFormat,
       const std::set<std::pair<const std::string, std::set<uint16_t>>>* publicKeysOfClients,
-      concord::util::crypto::KeyFormat clientsKeysFormat,
+      concord::crypto::KeyFormat clientsKeysFormat,
       ReplicasInfo& replicasInfo) {
     return initImpl(myId,
                     mySigPrivateKey,

diff --git a/bftengine/src/bftengine/messages/CheckpointMsg.cpp b/bftengine/src/bftengine/messages/CheckpointMsg.cpp
@@ -65,7 +65,8 @@ void CheckpointMsg::validate(const ReplicasInfo& repInfo) const {
   }
 
   if (!sigManager->verifySig(
-          idOfGeneratedReplica(), body(), sizeof(Header), body() + sizeof(Header) + spanContextSize(), sigLen))
+          idOfGeneratedReplica(), std::string_view{body(), sizeof(Header)},
+          std::string_view{body() + sizeof(Header) + spanContextSize(), sigLen}))
     throw std::runtime_error(__PRETTY_FUNCTION__ + std::string(": verifySig"));
   // TODO(GG): consider to protect against messages that are larger than needed (here and in other messages)
 }

diff --git a/bftengine/src/bftengine/messages/ClientRequestMsg.cpp b/bftengine/src/bftengine/messages/ClientRequestMsg.cpp
@@ -196,7 +196,7 @@ void ClientRequestMsg::validateImp(const ReplicasInfo& repInfo) const {
   }
   if (doSigVerify) {
     if (!sigManager->verifySig(
-            clientId, requestBuf(), header->requestLength, requestSignature(), header->reqSignatureLength)) {
+            clientId, std::string_view{requestBuf(), header->requestLength}, std::string_view{requestSignature(), header->reqSignatureLength})) {
       std::stringstream msg;
       LOG_WARN(CNSUS, "Signature verification failed for" << KVLOG(header->reqSeqNum, this->senderId(), clientId));
       msg << "Signature verification failed for: "

diff --git a/bftengine/src/bftengine/messages/ReplicaAsksToLeaveViewMsg.cpp b/bftengine/src/bftengine/messages/ReplicaAsksToLeaveViewMsg.cpp
@@ -61,7 +61,7 @@ void ReplicaAsksToLeaveViewMsg::validate(const ReplicasInfo& repInfo) const {
   uint16_t sigLen = sigManager->getSigLength(idOfGeneratedReplica());
   if (size() < totalSize + sigLen) throw std::runtime_error(__PRETTY_FUNCTION__ + std::string(": size"));
 
-  if (!sigManager->verifySig(idOfGeneratedReplica(), body(), sizeof(Header), body() + totalSize, sigLen))
+  if (!sigManager->verifySig(idOfGeneratedReplica(), std::string_view{body(), sizeof(Header)}, std::string_view{body() + totalSize, sigLen}))
     throw std::runtime_error(__PRETTY_FUNCTION__ + std::string(": verifySig"));
 }
 

diff --git a/bftengine/src/bftengine/messages/ReplicaRestartReadyMsg.cpp b/bftengine/src/bftengine/messages/ReplicaRestartReadyMsg.cpp
@@ -52,7 +52,7 @@ ReplicaRestartReadyMsg* ReplicaRestartReadyMsg::create(ReplicaId senderId,
   ReplicaRestartReadyMsg* m = new ReplicaRestartReadyMsg(senderId, s, sigLen, r, extraData, spanContext);
   auto dataSize = sizeof(Header) + m->getExtraDataLength() + spanContext.data().size();
   auto position = m->body() + dataSize;
-  sigManager->sign(m->body(), dataSize, position);
+  sigManager->sign(reinterpret_cast<const uint8_t*>(m->body()), dataSize, reinterpret_cast<uint8_t*>(position));
   //+-----------+-----------+----------+
   //| Header    | extraData | Signature|
   //+-----------+-----------+----------+
@@ -75,7 +75,7 @@ void ReplicaRestartReadyMsg::validate(const ReplicasInfo& repInfo) const {
   uint16_t sigLen = sigManager->getSigLength(idOfSenderReplica);
   if (size() < dataSize + sigLen) throw std::runtime_error(__PRETTY_FUNCTION__ + std::string(": size"));
 
-  if (!sigManager->verifySig(idOfSenderReplica, body(), dataSize, body() + dataSize, sigLen))
+  if (!sigManager->verifySig(idOfSenderReplica, std::string_view{body(), dataSize}, std::string_view{body() + dataSize, sigLen}))
     throw std::runtime_error(__PRETTY_FUNCTION__ + std::string(": verifySig"));
 }
 

diff --git a/bftengine/src/bftengine/messages/ReplicasRestartReadyProofMsg.cpp b/bftengine/src/bftengine/messages/ReplicasRestartReadyProofMsg.cpp
@@ -106,7 +106,7 @@ bool ReplicasRestartReadyProofMsg::checkElements(const ReplicasInfo& repInfo, ui
       return false;
     if (repInfo.myId() != hdr->genReplicaId) {
       auto dataSize = sizeof(ReplicaRestartReadyMsg::Header) + hdr->extraDataLen;
-      if (!sigManager->verifySig(hdr->genReplicaId, currLoc, dataSize, currLoc + dataSize, hdr->sigLength)) {
+      if (!sigManager->verifySig(hdr->genReplicaId, std::string_view{currLoc, dataSize}, std::string_view{currLoc + dataSize, hdr->sigLength})) {
         return false;
       }
     }

diff --git a/bftengine/src/bftengine/messages/ViewChangeMsg.cpp b/bftengine/src/bftengine/messages/ViewChangeMsg.cpp
@@ -179,7 +179,7 @@ void ViewChangeMsg::validate(const ReplicasInfo& repInfo) const {
   uint16_t sigLen = sigManager->getSigLength(idOfGeneratedReplica());
 
   if (size() < (dataLength + sigLen)) throw std::runtime_error(__PRETTY_FUNCTION__ + std::string(": size"));
-  if (!sigManager->verifySig(idOfGeneratedReplica(), body(), dataLength, body() + dataLength, sigLen))
+  if (!sigManager->verifySig(idOfGeneratedReplica(), std::string_view{body(), dataLength}, std::string_view{body() + dataLength, sigLen}))
     throw std::runtime_error(__PRETTY_FUNCTION__ + std::string(": verifySig"));
   if (!checkElements(sigLen))  // check elements in message
     throw std::runtime_error(__PRETTY_FUNCTION__ + std::string(": check elements in message"));

diff --git a/bftengine/src/preprocessor/RequestProcessingState.cpp b/bftengine/src/preprocessor/RequestProcessingState.cpp
@@ -106,10 +106,8 @@ void RequestProcessingState::handlePrimaryPreProcessed(const char *preProcessRes
   // information.
   if (preProcessResult != OperationResult::SUCCESS) setupPreProcessResultData(preProcessResult);
   auto sm = SigManager::instance();
-  std::vector<char> sig(sm->getMySigLength());
-  sm->sign(reinterpret_cast<const char *>(primaryPreProcessResultHash_.data()),
-           primaryPreProcessResultHash_.size(),
-           sig.data());
+  std::vector<uint8_t> sig(sm->getMySigLength());
+  sm->sign(primaryPreProcessResultHash_.data(), primaryPreProcessResultHash_.size(), sig.data());
   if (!preProcessingResultHashes_[primaryPreProcessResultHash_]
            .emplace(std::move(sig), myReplicaId_, preProcessResult)
            .second) {
@@ -231,10 +229,8 @@ void RequestProcessingState::modifyPrimaryResult(
   memcpy(const_cast<char *>(primaryPreProcessResultData_), result.first.c_str(), primaryPreProcessResultLen_);
   primaryPreProcessResultHash_ = result.second;
   auto sm = SigManager::instance();
-  std::vector<char> sig(sm->getMySigLength());
-  sm->sign(reinterpret_cast<const char *>(primaryPreProcessResultHash_.data()),
-           primaryPreProcessResultHash_.size(),
-           sig.data());
+  std::vector<uint8_t> sig(sm->getMySigLength());
+  sm->sign(primaryPreProcessResultHash_.data(), primaryPreProcessResultHash_.size(), sig.data());
   if (!preProcessingResultHashes_[primaryPreProcessResultHash_]
            .emplace(std::move(sig), myReplicaId_, primaryPreProcessResult_)
            .second) {

diff --git a/bftengine/src/preprocessor/messages/PreProcessReplyMsg.cpp b/bftengine/src/preprocessor/messages/PreProcessReplyMsg.cpp
@@ -83,21 +83,21 @@ void PreProcessReplyMsg::validate(const ReplicasInfo& repInfo) const {
     }
     concord::diagnostics::TimeRecorder scoped_timer(*preProcessorHistograms_->verifyPreProcessReplySig);
     if (!sigManager->verifySig(msgHeader.senderId,
-                               (char*)msgBody()->resultsHash,
+                               msgBody()->resultsHash,
                                SHA3_256::SIZE_IN_BYTES,
-                               (char*)msgBody() + headerSize,
+                               reinterpret_cast<concord::Byte*>(msgBody()) + headerSize,
                                sigLen))
       throw runtime_error(__PRETTY_FUNCTION__ + string(": verifySig failed"));
   }
 }  // namespace preprocessor
 
-std::vector<char> PreProcessReplyMsg::getResultHashSignature() const {
+std::vector<uint8_t> PreProcessReplyMsg::getResultHashSignature() const {
   const uint64_t headerSize = sizeof(Header);
   const auto& msgHeader = *msgBody();
   auto sigManager = SigManager::instance();
   uint16_t sigLen = sigManager->getSigLength(msgHeader.senderId);
 
-  return std::vector<char>((char*)msgBody() + headerSize, (char*)msgBody() + headerSize + sigLen);
+  return std::vector<uint8_t>((uint8_t*)msgBody() + headerSize, (uint8_t*)msgBody() + headerSize + sigLen);
 }
 
 void PreProcessReplyMsg::setParams(NodeIdType senderId,
@@ -154,7 +154,7 @@ void PreProcessReplyMsg::setupMsgBody(const char* preProcessResultBuf,
   memcpy(msgBody()->resultsHash, hash.data(), SHA3_256::SIZE_IN_BYTES);
   {
     concord::diagnostics::TimeRecorder scoped_timer(*preProcessorHistograms_->signPreProcessReplyHash);
-    sigManager->sign((char*)hash.data(), SHA3_256::SIZE_IN_BYTES, body() + sizeof(Header));
+    sigManager->sign(hash.data(), SHA3_256::SIZE_IN_BYTES, reinterpret_cast<concord::Byte*>(body() + sizeof(Header)));
   }
   setLeftMsgParams(reqCid, sigSize);
 }

diff --git a/bftengine/src/preprocessor/messages/PreProcessReplyMsg.hpp b/bftengine/src/preprocessor/messages/PreProcessReplyMsg.hpp
@@ -58,7 +58,7 @@ class PreProcessReplyMsg : public MessageBase {
   const ReplyStatus status() const { return msgBody()->status; }
   const bftEngine::OperationResult preProcessResult() const { return msgBody()->preProcessResult; }
   const ViewNum viewNum() const { return msgBody()->viewNum; }
-  std::vector<char> getResultHashSignature() const;
+  std::vector<uint8_t> getResultHashSignature() const;
   std::string getCid() const;
 
   static void setPreProcessorHistograms(preprocessor::PreProcessorRecorder* histograms) {

diff --git a/bftengine/src/preprocessor/messages/PreProcessRequestMsg.cpp b/bftengine/src/preprocessor/messages/PreProcessRequestMsg.cpp
@@ -101,7 +101,9 @@ void PreProcessRequestMsg::validate(const ReplicasInfo& repInfo) const {
   if (requestSignature) {
     ConcordAssert(sigManager->isClientTransactionSigningEnabled());
     if (!sigManager->verifySig(
-            header->clientId, requestBuf(), header->requestLength, requestSignature, header->reqSignatureLength)) {
+            header->clientId,
+            std::string_view{requestBuf(), header->requestLength},
+            std::string_view{requestSignature, header->reqSignatureLength})) {
       std::stringstream msg;
       LOG_WARN(logger(),
                "Signature verification failed for " << KVLOG(header->reqSeqNum, header->clientId, this->senderId()));