Skip to content

Commit

Permalink
Move crypto.hpp to util/crypto.hpp
Browse files Browse the repository at this point in the history
  • Loading branch information
WildFireFlum committed Sep 11, 2022
1 parent 04a4614 commit 4a8e54e
Show file tree
Hide file tree
Showing 72 changed files with 634 additions and 767 deletions.
2 changes: 1 addition & 1 deletion bftengine/include/bftengine/CryptoManager.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
#include "ReplicaConfig.hpp"
#include "IKeyExchanger.hpp"
#include "Logger.hpp"
#include "crypto/crypto.h"
#include "crypto/crypto.hpp"

namespace bftEngine {
typedef std::int64_t SeqNum; // TODO [TK] redefinition
Expand Down
3 changes: 1 addition & 2 deletions bftengine/include/bftengine/IKeyExchanger.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,10 @@
// file.

#pragma once
#include "crypto.hpp"
#include <string>
#include <cstdint>
#include <tuple>
#include <crypto/crypto.h>
#include "crypto/crypto.hpp"

// Interface for objects that need to be notified on key rotation
class IKeyExchanger {
Expand Down
2 changes: 1 addition & 1 deletion bftengine/include/bftengine/KeyExchangeManager.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
#include "Metrics.hpp"
#include "secrets_manager_impl.h"
#include "SysConsts.hpp"
#include "crypto.hpp"
#include "crypto/crypto.hpp"
#include <future>

namespace bftEngine::impl {
Expand Down
10 changes: 4 additions & 6 deletions bftengine/src/bcstatetransfer/AsyncStateTransferCRE.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -73,13 +73,11 @@ class Communication : public ICommunication {

class InternalSigner : public concord::crypto::ISigner {
public:
std::string sign(const std::string& data) override {
std::string out;
out.resize(bftEngine::impl::SigManager::instance()->getMySigLength());
bftEngine::impl::SigManager::instance()->sign(data.data(), data.size(), out.data());
return out;
size_t signBuffer(const concord::Byte* dataIn, size_t dataLen, concord::Byte* sigOutBuffer) override {
return bftEngine::impl::SigManager::instance()->sign(dataIn, dataLen, sigOutBuffer);
}
uint32_t signatureLength() const override { return bftEngine::impl::SigManager::instance()->getMySigLength(); }

size_t signatureLength() const override { return bftEngine::impl::SigManager::instance()->getMySigLength(); }
std::string getPrivKey() const override { return ""; }
};

Expand Down
3 changes: 2 additions & 1 deletion bftengine/src/bftengine/KeyExchangeManager.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,9 @@
#include "communication/StateControl.hpp"
#include "ReplicaImp.hpp"
#include "crypto/factory.hpp"
#include "crypto.hpp"
#include "crypto/crypto.hpp"
#include "openssl/utils.hpp"
#include "crypto/cryptopp/keygen.hpp"

namespace bftEngine::impl {

Expand Down
5 changes: 2 additions & 3 deletions bftengine/src/bftengine/ReplicaImp.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -5312,9 +5312,8 @@ void ReplicaImp::onExecutionFinish() {
// Mark this request as an internal one
std::vector<uint8_t> data_vec;
concord::messages::serialize(data_vec, req);
std::string sig(SigManager::instance()->getMySigLength(), '\0');
SigManager::instance()->sign(reinterpret_cast<char *>(data_vec.data()), data_vec.size(), sig.data());
req.signature = std::vector<uint8_t>(sig.begin(), sig.end());
req.signature.resize(SigManager::instance()->getMySigLength());
SigManager::instance()->sign(data_vec.data(), data_vec.size(), req.signature.data());
data_vec.clear();
concord::messages::serialize(data_vec, req);
std::string strMsg(data_vec.begin(), data_vec.end());
Expand Down
21 changes: 13 additions & 8 deletions bftengine/src/bftengine/SigManager.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ namespace impl {

using concord::crypto::IVerifier;
using concord::crypto::Factory;
using concord::crypto::KeyFormat;

concord::messages::keys_and_signatures::ClientsPublicKeys clientsPublicKeys_;

Expand Down Expand Up @@ -203,14 +204,12 @@ uint16_t SigManager::getSigLength(PrincipalId pid) const {
}

bool SigManager::verifySig(
PrincipalId pid, const char* data, size_t dataLength, const char* sig, uint16_t sigLength) const {
PrincipalId pid, const concord::Byte* data, size_t dataLength, const concord::Byte* sig, uint16_t sigLength) const {
bool result = false;
{
std::string str_data(data, dataLength);
std::string str_sig(sig, sigLength);
std::shared_lock lock(mutex_);
if (auto pos = verifiers_.find(pid); pos != verifiers_.end()) {
result = pos->second->verify(str_data, str_sig);
result = pos->second->verifyBuffer(data, dataLength, sig, sigLength);
} else {
LOG_ERROR(GL, "Unrecognized pid " << pid);
metrics_.sigVerificationFailedOnUnrecognizedParticipantId_++;
Expand Down Expand Up @@ -245,10 +244,12 @@ bool SigManager::verifySig(
return result;
}

void SigManager::sign(const char* data, size_t dataLength, char* outSig) const {
std::string str_data(data, dataLength);
std::string sig = mySigner_->sign(str_data);
std::memcpy(outSig, sig.c_str(), sig.size());
size_t SigManager::sign(const concord::Byte* data, size_t dataLength, concord::Byte* outSig) const {
return mySigner_->signBuffer(data, dataLength, outSig);
}

size_t SigManager::sign(const char* data, size_t dataLength, char* outSig) const {
return sign(reinterpret_cast<const uint8_t*>(data), dataLength, reinterpret_cast<uint8_t*>(outSig));
}

uint16_t SigManager::getMySigLength() const { return (uint16_t)mySigner_->signatureLength(); }
Expand All @@ -273,6 +274,10 @@ void SigManager::setClientPublicKey(const std::string& key, PrincipalId id, KeyF
bool SigManager::hasVerifier(PrincipalId pid) { return verifiers_.find(pid) != verifiers_.end(); }

concord::crypto::SignatureAlgorithm SigManager::getMainKeyAlgorithm() const { return concord::crypto::EdDSA; }
concord::crypto::ISigner& SigManager::getSigner() { return *mySigner_; }
const concord::crypto::IVerifier& SigManager::getVerifier(PrincipalId otherPrincipal) const {
return *verifiers_.at(otherPrincipal);
}

} // namespace impl
} // namespace bftEngine
46 changes: 33 additions & 13 deletions bftengine/src/bftengine/SigManager.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
#include "PrimitiveTypes.hpp"
#include "assertUtils.hpp"
#include "Metrics.hpp"
#include "crypto.hpp"
#include "crypto/crypto.hpp"
#include "crypto/signer.hpp"
#include "crypto/verifier.hpp"

Expand All @@ -29,7 +29,6 @@ using concordMetrics::AtomicCounterHandle;
namespace bftEngine {
namespace impl {


class ReplicasInfo;

class SigManager {
Expand All @@ -53,29 +52,50 @@ class SigManager {
static SigManager* init(ReplicaId myId,
const Key& mySigPrivateKey,
const std::set<std::pair<PrincipalId, const std::string>>& publicKeysOfReplicas,
concord::util::crypto::KeyFormat replicasKeysFormat,
concord::crypto::KeyFormat replicasKeysFormat,
const std::set<std::pair<const std::string, std::set<uint16_t>>>* publicKeysOfClients,
concord::util::crypto::KeyFormat clientsKeysFormat,
concord::crypto::KeyFormat clientsKeysFormat,
ReplicasInfo& replicasInfo);

// returns 0 if pid is invalid - caller might consider throwing an exception
uint16_t getSigLength(PrincipalId pid) const;
// returns false if actual verification failed, or if pid is invalid
bool verifySig(PrincipalId pid, const char* data, size_t dataLength, const char* sig, uint16_t sigLength) const;
void sign(const char* data, size_t dataLength, char* outSig) const;
bool verifySig(PrincipalId pid,
const concord::Byte* data,
size_t dataLength,
const concord::Byte* sig,
uint16_t sigLength) const;

template <typename DataContainer, typename SignatureContainer>
bool verifySig(PrincipalId pid, const DataContainer& data, const SignatureContainer& sig) const {
static_assert(sizeof(typename DataContainer::value_type) == sizeof(concord::Byte),
"data elements are not byte-sized");
static_assert(sizeof(typename SignatureContainer::value_type) == sizeof(concord::Byte),
"signature elements are not byte-sized");
return verifySig(pid,
reinterpret_cast<const concord::Byte*>(data.data()),
data.size(),
reinterpret_cast<const concord::Byte*>(sig.data()),
static_cast<uint16_t>(sig.size()));
}

size_t sign(const concord::Byte* data, size_t dataLength, concord::Byte* outSig) const;
size_t sign(const char* data, size_t dataLength, char* outSig) const;
uint16_t getMySigLength() const;
bool isClientTransactionSigningEnabled() { return clientTransactionSigningEnabled_; }
void SetAggregator(std::shared_ptr<concordMetrics::Aggregator> aggregator) {
metrics_component_.SetAggregator(aggregator);
}
void setClientPublicKey(const std::string& key, PrincipalId, concord::util::crypto::KeyFormat);
void setClientPublicKey(const std::string& key, PrincipalId, concord::crypto::KeyFormat);
bool hasVerifier(PrincipalId pid);
SigManager(const SigManager&) = delete;
SigManager& operator=(const SigManager&) = delete;
SigManager(SigManager&&) = delete;
SigManager& operator=(SigManager&&) = delete;

concord::crypto::SignatureAlgorithm getMainKeyAlgorithm() const;
concord::crypto::ISigner& getSigner();
const concord::crypto::IVerifier& getVerifier(PrincipalId otherPrincipal) const;

std::string getClientsPublicKeys();
std::string getPublicKeyOfVerifier(uint32_t id) const {
Expand All @@ -89,18 +109,18 @@ class SigManager {

SigManager(PrincipalId myId,
uint16_t numReplicas,
const std::pair<Key, concord::util::crypto::KeyFormat>& mySigPrivateKey,
const std::vector<std::pair<Key, concord::util::crypto::KeyFormat>>& publickeys,
const std::pair<Key, concord::crypto::KeyFormat>& mySigPrivateKey,
const std::vector<std::pair<Key, concord::crypto::KeyFormat>>& publickeys,
const std::map<PrincipalId, KeyIndex>& publicKeysMapping,
bool clientTransactionSigningEnabled,
ReplicasInfo& replicasInfo);

static SigManager* initImpl(ReplicaId myId,
const Key& mySigPrivateKey,
const std::set<std::pair<PrincipalId, const std::string>>& publicKeysOfReplicas,
concord::util::crypto::KeyFormat replicasKeysFormat,
concord::crypto::KeyFormat replicasKeysFormat,
const std::set<std::pair<const std::string, std::set<uint16_t>>>* publicKeysOfClients,
concord::util::crypto::KeyFormat clientsKeysFormat,
concord::crypto::KeyFormat clientsKeysFormat,
ReplicasInfo& replicasInfo);

const PrincipalId myId_;
Expand Down Expand Up @@ -131,9 +151,9 @@ class SigManager {
ReplicaId myId,
const Key& mySigPrivateKey,
const std::set<std::pair<PrincipalId, const std::string>>& publicKeysOfReplicas,
concord::util::crypto::KeyFormat replicasKeysFormat,
concord::crypto::KeyFormat replicasKeysFormat,
const std::set<std::pair<const std::string, std::set<uint16_t>>>* publicKeysOfClients,
concord::util::crypto::KeyFormat clientsKeysFormat,
concord::crypto::KeyFormat clientsKeysFormat,
ReplicasInfo& replicasInfo) {
return initImpl(myId,
mySigPrivateKey,
Expand Down
5 changes: 3 additions & 2 deletions bftengine/src/bftengine/messages/CheckpointMsg.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -64,8 +64,9 @@ void CheckpointMsg::validate(const ReplicasInfo& repInfo) const {
throw std::runtime_error(__PRETTY_FUNCTION__ + std::string(": size"));
}

if (!sigManager->verifySig(
idOfGeneratedReplica(), body(), sizeof(Header), body() + sizeof(Header) + spanContextSize(), sigLen))
if (!sigManager->verifySig(idOfGeneratedReplica(),
std::string_view{body(), sizeof(Header)},
std::string_view{body() + sizeof(Header) + spanContextSize(), sigLen}))
throw std::runtime_error(__PRETTY_FUNCTION__ + std::string(": verifySig"));
// TODO(GG): consider to protect against messages that are larger than needed (here and in other messages)
}
Expand Down
5 changes: 3 additions & 2 deletions bftengine/src/bftengine/messages/ClientRequestMsg.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -195,8 +195,9 @@ void ClientRequestMsg::validateImp(const ReplicasInfo& repInfo) const {
throw std::runtime_error(msg.str());
}
if (doSigVerify) {
if (!sigManager->verifySig(
clientId, requestBuf(), header->requestLength, requestSignature(), header->reqSignatureLength)) {
if (!sigManager->verifySig(clientId,
std::string_view{requestBuf(), header->requestLength},
std::string_view{requestSignature(), header->reqSignatureLength})) {
std::stringstream msg;
LOG_WARN(CNSUS, "Signature verification failed for" << KVLOG(header->reqSeqNum, this->senderId(), clientId));
msg << "Signature verification failed for: "
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,9 @@ void ReplicaAsksToLeaveViewMsg::validate(const ReplicasInfo& repInfo) const {
uint16_t sigLen = sigManager->getSigLength(idOfGeneratedReplica());
if (size() < totalSize + sigLen) throw std::runtime_error(__PRETTY_FUNCTION__ + std::string(": size"));

if (!sigManager->verifySig(idOfGeneratedReplica(), body(), sizeof(Header), body() + totalSize, sigLen))
if (!sigManager->verifySig(idOfGeneratedReplica(),
std::string_view{body(), sizeof(Header)},
std::string_view{body() + totalSize, sigLen}))
throw std::runtime_error(__PRETTY_FUNCTION__ + std::string(": verifySig"));
}

Expand Down
5 changes: 3 additions & 2 deletions bftengine/src/bftengine/messages/ReplicaRestartReadyMsg.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ ReplicaRestartReadyMsg* ReplicaRestartReadyMsg::create(ReplicaId senderId,
ReplicaRestartReadyMsg* m = new ReplicaRestartReadyMsg(senderId, s, sigLen, r, extraData, spanContext);
auto dataSize = sizeof(Header) + m->getExtraDataLength() + spanContext.data().size();
auto position = m->body() + dataSize;
sigManager->sign(m->body(), dataSize, position);
sigManager->sign(reinterpret_cast<const uint8_t*>(m->body()), dataSize, reinterpret_cast<uint8_t*>(position));
//+-----------+-----------+----------+
//| Header | extraData | Signature|
//+-----------+-----------+----------+
Expand All @@ -75,7 +75,8 @@ void ReplicaRestartReadyMsg::validate(const ReplicasInfo& repInfo) const {
uint16_t sigLen = sigManager->getSigLength(idOfSenderReplica);
if (size() < dataSize + sigLen) throw std::runtime_error(__PRETTY_FUNCTION__ + std::string(": size"));

if (!sigManager->verifySig(idOfSenderReplica, body(), dataSize, body() + dataSize, sigLen))
if (!sigManager->verifySig(
idOfSenderReplica, std::string_view{body(), dataSize}, std::string_view{body() + dataSize, sigLen}))
throw std::runtime_error(__PRETTY_FUNCTION__ + std::string(": verifySig"));
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,9 @@ bool ReplicasRestartReadyProofMsg::checkElements(const ReplicasInfo& repInfo, ui
return false;
if (repInfo.myId() != hdr->genReplicaId) {
auto dataSize = sizeof(ReplicaRestartReadyMsg::Header) + hdr->extraDataLen;
if (!sigManager->verifySig(hdr->genReplicaId, currLoc, dataSize, currLoc + dataSize, hdr->sigLength)) {
if (!sigManager->verifySig(hdr->genReplicaId,
std::string_view{currLoc, dataSize},
std::string_view{currLoc + dataSize, hdr->sigLength})) {
return false;
}
}
Expand Down
3 changes: 2 additions & 1 deletion bftengine/src/bftengine/messages/ViewChangeMsg.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -179,7 +179,8 @@ void ViewChangeMsg::validate(const ReplicasInfo& repInfo) const {
uint16_t sigLen = sigManager->getSigLength(idOfGeneratedReplica());

if (size() < (dataLength + sigLen)) throw std::runtime_error(__PRETTY_FUNCTION__ + std::string(": size"));
if (!sigManager->verifySig(idOfGeneratedReplica(), body(), dataLength, body() + dataLength, sigLen))
if (!sigManager->verifySig(
idOfGeneratedReplica(), std::string_view{body(), dataLength}, std::string_view{body() + dataLength, sigLen}))
throw std::runtime_error(__PRETTY_FUNCTION__ + std::string(": verifySig"));
if (!checkElements(sigLen)) // check elements in message
throw std::runtime_error(__PRETTY_FUNCTION__ + std::string(": check elements in message"));
Expand Down
12 changes: 4 additions & 8 deletions bftengine/src/preprocessor/RequestProcessingState.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -106,10 +106,8 @@ void RequestProcessingState::handlePrimaryPreProcessed(const char *preProcessRes
// information.
if (preProcessResult != OperationResult::SUCCESS) setupPreProcessResultData(preProcessResult);
auto sm = SigManager::instance();
std::vector<char> sig(sm->getMySigLength());
sm->sign(reinterpret_cast<const char *>(primaryPreProcessResultHash_.data()),
primaryPreProcessResultHash_.size(),
sig.data());
std::vector<uint8_t> sig(sm->getMySigLength());
sm->sign(primaryPreProcessResultHash_.data(), primaryPreProcessResultHash_.size(), sig.data());
if (!preProcessingResultHashes_[primaryPreProcessResultHash_]
.emplace(std::move(sig), myReplicaId_, preProcessResult)
.second) {
Expand Down Expand Up @@ -231,10 +229,8 @@ void RequestProcessingState::modifyPrimaryResult(
memcpy(const_cast<char *>(primaryPreProcessResultData_), result.first.c_str(), primaryPreProcessResultLen_);
primaryPreProcessResultHash_ = result.second;
auto sm = SigManager::instance();
std::vector<char> sig(sm->getMySigLength());
sm->sign(reinterpret_cast<const char *>(primaryPreProcessResultHash_.data()),
primaryPreProcessResultHash_.size(),
sig.data());
std::vector<uint8_t> sig(sm->getMySigLength());
sm->sign(primaryPreProcessResultHash_.data(), primaryPreProcessResultHash_.size(), sig.data());
if (!preProcessingResultHashes_[primaryPreProcessResultHash_]
.emplace(std::move(sig), myReplicaId_, primaryPreProcessResult_)
.second) {
Expand Down
10 changes: 5 additions & 5 deletions bftengine/src/preprocessor/messages/PreProcessReplyMsg.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -83,21 +83,21 @@ void PreProcessReplyMsg::validate(const ReplicasInfo& repInfo) const {
}
concord::diagnostics::TimeRecorder scoped_timer(*preProcessorHistograms_->verifyPreProcessReplySig);
if (!sigManager->verifySig(msgHeader.senderId,
(char*)msgBody()->resultsHash,
msgBody()->resultsHash,
SHA3_256::SIZE_IN_BYTES,
(char*)msgBody() + headerSize,
reinterpret_cast<concord::Byte*>(msgBody()) + headerSize,
sigLen))
throw runtime_error(__PRETTY_FUNCTION__ + string(": verifySig failed"));
}
} // namespace preprocessor

std::vector<char> PreProcessReplyMsg::getResultHashSignature() const {
std::vector<uint8_t> PreProcessReplyMsg::getResultHashSignature() const {
const uint64_t headerSize = sizeof(Header);
const auto& msgHeader = *msgBody();
auto sigManager = SigManager::instance();
uint16_t sigLen = sigManager->getSigLength(msgHeader.senderId);

return std::vector<char>((char*)msgBody() + headerSize, (char*)msgBody() + headerSize + sigLen);
return std::vector<uint8_t>((uint8_t*)msgBody() + headerSize, (uint8_t*)msgBody() + headerSize + sigLen);
}

void PreProcessReplyMsg::setParams(NodeIdType senderId,
Expand Down Expand Up @@ -154,7 +154,7 @@ void PreProcessReplyMsg::setupMsgBody(const char* preProcessResultBuf,
memcpy(msgBody()->resultsHash, hash.data(), SHA3_256::SIZE_IN_BYTES);
{
concord::diagnostics::TimeRecorder scoped_timer(*preProcessorHistograms_->signPreProcessReplyHash);
sigManager->sign((char*)hash.data(), SHA3_256::SIZE_IN_BYTES, body() + sizeof(Header));
sigManager->sign(hash.data(), SHA3_256::SIZE_IN_BYTES, reinterpret_cast<concord::Byte*>(body() + sizeof(Header)));
}
setLeftMsgParams(reqCid, sigSize);
}
Expand Down
2 changes: 1 addition & 1 deletion bftengine/src/preprocessor/messages/PreProcessReplyMsg.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ class PreProcessReplyMsg : public MessageBase {
const ReplyStatus status() const { return msgBody()->status; }
const bftEngine::OperationResult preProcessResult() const { return msgBody()->preProcessResult; }
const ViewNum viewNum() const { return msgBody()->viewNum; }
std::vector<char> getResultHashSignature() const;
std::vector<uint8_t> getResultHashSignature() const;
std::string getCid() const;

static void setPreProcessorHistograms(preprocessor::PreProcessorRecorder* histograms) {
Expand Down
5 changes: 3 additions & 2 deletions bftengine/src/preprocessor/messages/PreProcessRequestMsg.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -100,8 +100,9 @@ void PreProcessRequestMsg::validate(const ReplicasInfo& repInfo) const {

if (requestSignature) {
ConcordAssert(sigManager->isClientTransactionSigningEnabled());
if (!sigManager->verifySig(
header->clientId, requestBuf(), header->requestLength, requestSignature, header->reqSignatureLength)) {
if (!sigManager->verifySig(header->clientId,
std::string_view{requestBuf(), header->requestLength},
std::string_view{requestSignature, header->reqSignatureLength})) {
std::stringstream msg;
LOG_WARN(logger(),
"Signature verification failed for " << KVLOG(header->reqSeqNum, header->clientId, this->senderId()));
Expand Down
Loading

0 comments on commit 4a8e54e

Please sign in to comment.