Skip to content

Commit

Permalink
Redirect pruning signature generation/verification to SigManager
Browse files Browse the repository at this point in the history
  • Loading branch information
WildFireFlum committed Apr 11, 2023
1 parent 5d9d14d commit 6df5b8b
Show file tree
Hide file tree
Showing 22 changed files with 249 additions and 254 deletions.
39 changes: 11 additions & 28 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -49,34 +49,17 @@ else
TCP_ENABLED__:=OFF
endif

CONCORD_BFT_CMAKE_CXX_FLAGS_RELEASE?='-O3 -g'
CONCORD_BFT_CMAKE_USE_LOG4CPP?=ON
CONCORD_BFT_CMAKE_BUILD_UTT?=TRUE
CONCORD_BFT_CMAKE_BUILD_ROCKSDB_STORAGE?=TRUE
CONCORD_BFT_CMAKE_USE_S3_OBJECT_STORE?=TRUE
CONCORD_BFT_CMAKE_USE_OPENTRACING?=TRUE
CONCORD_BFT_CMAKE_USE_PROMETHEUS?=TRUE
CONCORD_BFT_CMAKE_USE_JAEGER?=TRUE
CONCORD_BFT_CMAKE_USE_JSON?=TRUE
CONCORD_BFT_CMAKE_USE_HTTPLIB?=TRUE
CONCORD_BFT_CMAKE_EXPORT_COMPILE_COMMANDS?=TRUE
CONCORD_BFT_CMAKE_OMIT_TEST_OUTPUT?=FALSE
CONCORD_BFT_CMAKE_KEEP_APOLLO_LOGS?=TRUE
CONCORD_BFT_CMAKE_RUN_APOLLO_TESTS?=TRUE
CONCORD_BFT_CMAKE_TRANSACTION_SIGNING_ENABLED?=TRUE
CONCORD_BFT_CMAKE_BUILD_SLOWDOWN?=FALSE
# Only useful with CONCORD_BFT_CMAKE_BUILD_TYPE:=Release
CONCORD_BFT_CMAKE_BUILD_KVBC_BENCH?=TRUE
# Only usefull with CONCORD_BFT_CMAKE_CXX_FLAGS_RELEASE=-O0 -g
CONCORD_BFT_CMAKE_ASAN?=FALSE
CONCORD_BFT_CMAKE_TSAN?=FALSE
CONCORD_BFT_CMAKE_UBSAN?=FALSE
CONCORD_BFT_CMAKE_HEAPTRACK?=FALSE
CONCORD_BFT_CMAKE_CODECOVERAGE?=FALSE
CONCORD_BFT_CMAKE_CCACHE?=TRUE
CONCORD_BFT_CMAKE_USE_FAKE_CLOCK_IN_TIME_SERVICE?=FALSE
ENABLE_RESTART_RECOVERY_TESTS?=FALSE
CONCORD_ENABLE_ALL_METRICS?=FALSE
CONCORD_BFT_CMAKE_BUILD_UTT?=ON
CONCORD_BFT_CMAKE_OMIT_TEST_OUTPUT?=OFF
CONCORD_BFT_CMAKE_KEEP_APOLLO_LOGS?=ON
CONCORD_BFT_CMAKE_RUN_APOLLO_TESTS?=ON
CONCORD_BFT_CMAKE_ASAN?=OFF
CONCORD_BFT_CMAKE_TSAN?=OFF
CONCORD_BFT_CMAKE_UBSAN?=OFF
CONCORD_BFT_CMAKE_HEAPTRACK?=OFF
CONCORD_BFT_CMAKE_CODECOVERAGE?=OFF
CONCORD_BFT_CMAKE_CCACHE?=ON
ENABLE_RESTART_RECOVERY_TESTS?=OFF

# Our CMake logic won't allow more one of these flags to be raised, so having this if/else logic makes sense
ifeq (${CONCORD_BFT_CMAKE_ASAN},ON)
Expand Down
4 changes: 2 additions & 2 deletions bftengine/include/bftengine/ReplicaConfig.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -306,11 +306,11 @@ class ReplicaConfig : public concord::serialize::SerializableFactory<ReplicaConf
if (auto it = config_params_.find(param); it != config_params_.end()) return concord::util::to<T>(it->second);
return defaultValue;
}
inline std::set<std::pair<const std::string, std::set<uint16_t>>>* getPublicKeysOfClients() {
inline const std::set<std::pair<const std::string, std::set<uint16_t>>>* getPublicKeysOfClients() const {
return (clientTransactionSigningEnabled || !clientsKeysPrefix.empty()) ? &publicKeysOfClients : nullptr;
}

std::string getOperatorPublicKey() {
std::string getOperatorPublicKey() const {
std::ifstream op_key_file(pathToOperatorPublicKey_);
if (!op_key_file.fail()) {
std::stringstream buffer;
Expand Down
2 changes: 1 addition & 1 deletion bftengine/src/bftengine/ReplicaBase.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ class ReplicaBase {
static const uint16_t ALL_OTHER_REPLICAS = UINT16_MAX;

const ReplicaConfig& config_;
ReplicasInfo* repsInfo = nullptr;
const ReplicasInfo* repsInfo = nullptr;
std::shared_ptr<MsgsCommunicator> msgsCommunicator_;
std::shared_ptr<MsgHandlersRegistrator> msgHandlers_;
std::shared_ptr<IRequestsHandler> bftRequestsHandler_;
Expand Down
11 changes: 1 addition & 10 deletions bftengine/src/bftengine/ReplicaImp.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -4434,16 +4434,7 @@ ReplicaImp::ReplicaImp(bool firstTime,

if (firstTime) {
repsInfo = new ReplicasInfo(config_, dynamicCollectorForPartialProofs, dynamicCollectorForExecutionProofs);
sigManager_ = SigManager::init(config_.replicaId,
config_.replicaPrivateKey,
config_.publicKeysOfReplicas,
concord::crypto::KeyFormat::HexaDecimalStrippedFormat,
ReplicaConfig::instance().getPublicKeysOfClients(),
concord::crypto::KeyFormat::PemFormat,
{{repsInfo->getIdOfOperator(),
ReplicaConfig::instance().getOperatorPublicKey(),
concord::crypto::KeyFormat::PemFormat}},
*repsInfo);
sigManager_ = SigManager::owningInstance();
viewsManager = new ViewsManager(repsInfo);
} else {
repsInfo = replicasInfo;
Expand Down
25 changes: 7 additions & 18 deletions bftengine/src/bftengine/ReplicaLoader.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -47,25 +47,14 @@ namespace impl {
namespace {

ReplicaLoader::ErrorCode loadConfig(LoadedReplicaData &ld) {
ld.repsInfo = new ReplicasInfo(ld.repConfig, dynamicCollectorForPartialProofs, dynamicCollectorForExecutionProofs);
auto &config = ld.repConfig;
ld.sigManager = SigManager::init(config.replicaId,
config.replicaPrivateKey,
config.publicKeysOfReplicas,
concord::crypto::KeyFormat::HexaDecimalStrippedFormat,
ReplicaConfig::instance().getPublicKeysOfClients(),
concord::crypto::KeyFormat::PemFormat,
{{ld.repsInfo->getIdOfOperator(),
ReplicaConfig::instance().getOperatorPublicKey(),
concord::crypto::KeyFormat::PemFormat}},
*ld.repsInfo);

std::unique_ptr<Cryptosystem> cryptoSys = std::make_unique<Cryptosystem>(ld.repConfig.thresholdSystemType_,
ld.repConfig.thresholdSystemSubType_,
ld.repConfig.numReplicas,
ld.repConfig.numReplicas);
cryptoSys->loadKeys(ld.repConfig.thresholdPublicKey_, ld.repConfig.thresholdVerificationKeys_);
cryptoSys->loadPrivateKey(ld.repConfig.replicaId, ld.repConfig.thresholdPrivateKey_);
ld.repsInfo = new ReplicasInfo(config, dynamicCollectorForPartialProofs, dynamicCollectorForExecutionProofs);
ld.sigManager = SigManager::owningInstance();

std::unique_ptr<Cryptosystem> cryptoSys = std::make_unique<Cryptosystem>(
config.thresholdSystemType_, config.thresholdSystemSubType_, config.numReplicas, config.numReplicas);
cryptoSys->loadKeys(config.thresholdPublicKey_, config.thresholdVerificationKeys_);
cryptoSys->loadPrivateKey(config.replicaId, config.thresholdPrivateKey_);
bftEngine::CryptoManager::init(std::move(cryptoSys));

return Succ;
Expand Down
11 changes: 6 additions & 5 deletions bftengine/src/bftengine/ReplicasInfo.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -146,11 +146,12 @@ ReplicasInfo::ReplicasInfo(const ReplicaConfig& config,
}
if (start != end) LOG_INFO(GL, "Principal ids in _idsOfInternalClients: " << start << " to " << end - 1);
return ret;
}()} {
_operator_id = config.operatorEnabled_
? static_cast<PrincipalId>(config.numReplicas + config.numRoReplicas + config.numOfClientProxies +
config.numOfExternalClients + config.numOfClientServices - 1)
: 0;
}()},

_operator_id{static_cast<PrincipalId>(
config.operatorEnabled_ ? config.numReplicas + config.numRoReplicas + config.numOfClientProxies +
config.numOfExternalClients + config.numOfClientServices - 1
: 0)} {
ConcordAssert(_numberOfReplicas == (3 * _fVal + 2 * _cVal + 1));
}

Expand Down
5 changes: 4 additions & 1 deletion bftengine/src/bftengine/ReplicasInfo.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,9 @@ class ReplicaConfig;

namespace impl {

/**
* An immutable class holding the the ids of all the participants in the network
*/
class ReplicasInfo {
public:
ReplicasInfo(const ReplicaConfig&, bool dynamicCollectorForPartialProofs, bool dynamicCollectorForExecutionProofs);
Expand Down Expand Up @@ -110,7 +113,7 @@ class ReplicasInfo {
const std::set<PrincipalId> _idsOfInternalClients;

// Currently we support only a single operator entity in the system
PrincipalId _operator_id;
const PrincipalId _operator_id = 0;
};
} // namespace impl
} // namespace bftEngine
6 changes: 6 additions & 0 deletions bftengine/src/bftengine/SigManager.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,11 @@ SigManager* SigManager::instance() {
return s_sm.get();
}

std::shared_ptr<SigManager> SigManager::owningInstance() {
ConcordAssertNE(s_sm.get(), nullptr);
return s_sm;
}

void SigManager::reset(std::shared_ptr<SigManager> other) { s_sm = other; }

std::shared_ptr<SigManager> SigManager::init(
Expand Down Expand Up @@ -457,6 +462,7 @@ SeqNum SigManager::getReplicaLastExecutedSeq() const {
ConcordAssert(replicasInfo_.isIdOfReplica(myId_) || replicasInfo_.isRoReplica());
return replicaLastExecutedSeq_;
}
const ReplicasInfo& SigManager::getReplicasInfo() const { return replicasInfo_; }

} // namespace impl
} // namespace bftEngine
8 changes: 5 additions & 3 deletions bftengine/src/bftengine/SigManager.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
#include "crypto/signer.hpp"
#include "crypto/verifier.hpp"
#include "SysConsts.hpp"
#include "ReplicasInfo.hpp"
#include <utility>
#include <vector>
#include <map>
Expand All @@ -35,15 +36,14 @@ class IThresholdVerifier;
namespace bftEngine {
namespace impl {

class ReplicasInfo;

class SigManager {
public:
using Key = std::string;
using KeyIndex = uint16_t;

virtual ~SigManager() = default;
static SigManager* instance();
static std::shared_ptr<SigManager> owningInstance();
static void reset(std::shared_ptr<SigManager> other);

// It is the caller responsibility to deallocate (delete) the object
Expand Down Expand Up @@ -129,6 +129,8 @@ class SigManager {
const concord::crypto::IVerifier& extractVerifierFromMultisig(std::shared_ptr<IThresholdVerifier> thresholdVerifier,
PrincipalId id) const;

const ReplicasInfo& getReplicasInfo() const;

protected:
static constexpr uint16_t updateMetricsAggregatorThresh = 1000;

Expand All @@ -153,7 +155,7 @@ class SigManager {
std::unique_ptr<concord::crypto::ISigner> mySigner_;
std::map<PrincipalId, std::shared_ptr<concord::crypto::IVerifier>> verifiers_;
bool clientTransactionSigningEnabled_ = true;
const ReplicasInfo& replicasInfo_;
const ReplicasInfo replicasInfo_;

// The ownership model of a SigManager object depends on its use
static std::shared_ptr<SigManager> s_sm;
Expand Down
26 changes: 3 additions & 23 deletions kvbc/include/pruning_handler.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ class PruningSigner {
public:
// Construct by passing the configuration for the node the signer is running
// on.
PruningSigner(const std::string &key);
PruningSigner();
// Sign() methods sign the passed message and store the signature in the
// 'signature' field of the message. An exception is thrown on error.
//
Expand All @@ -41,9 +41,6 @@ class PruningSigner {
// application-level signature rather than a Concord-BFT Principal's RSA/EdDSA
// signature.
void sign(concord::messages::LatestPrunableBlock &);

private:
std::unique_ptr<concord::crypto::ISigner> signer_;
};

// This class verifies pruning messages that were signed by serializing message
Expand All @@ -55,7 +52,7 @@ class PruningSigner {
class PruningVerifier {
public:
// Construct by passing the system configuration.
PruningVerifier(const std::set<std::pair<uint16_t, const std::string>> &replicasPublicKeys);
PruningVerifier();
// Verify() methods verify that the message comes from the advertised sender.
// Methods return true on successful verification and false on unsuccessful.
// An exception is thrown on error.
Expand All @@ -76,22 +73,6 @@ class PruningVerifier {
};

bool verify(std::uint64_t sender, const std::string &ser, const std::string &signature) const;

using ReplicaVector = std::vector<Replica>;

// Get a replica from the replicas vector by its index.
const Replica &getReplica(ReplicaVector::size_type idx) const;

// A vector of all the replicas in the system.
ReplicaVector replicas_;
// We map a principal_id to a replica index in the replicas_ vector to be able
// to verify a message through the Replica's verifier that is associated with
// its public key.
std::unordered_map<std::uint64_t, ReplicaVector::size_type> principal_to_replica_idx_;

// Contains a set of replica principal_ids for use in verification. Filled in
// once during construction.
std::unordered_set<std::uint64_t> replica_ids_;
};
class PruningHandler : public concord::reconfiguration::OperatorCommandsReconfigurationHandler {
// This class implements the KVB pruning state machine. Main functionalities
Expand Down Expand Up @@ -171,7 +152,6 @@ class PruningHandler : public concord::reconfiguration::OperatorCommandsReconfig
// Throws on errors.
void pruneThroughBlockId(kvbc::BlockId block_id) const;
uint64_t getBlockBftSequenceNumber(kvbc::BlockId) const;
logging::Logger logger_;
PruningSigner signer_;
PruningVerifier verifier_;
kvbc::IReader &ro_storage_;
Expand All @@ -198,7 +178,7 @@ class ReadOnlyReplicaPruningHandler : public concord::reconfiguration::OperatorC
IReader &ro_storage)
: concord::reconfiguration::OperatorCommandsReconfigurationHandler{operator_pkey_path, type},
ro_storage_{ro_storage},
signer_{bftEngine::ReplicaConfig::instance().replicaPrivateKey},
signer_{},
pruning_enabled_{bftEngine::ReplicaConfig::instance().pruningEnabled_},
replica_id_{bftEngine::ReplicaConfig::instance().replicaId} {}
bool handle(const concord::messages::LatestPrunableBlockRequest &,
Expand Down
13 changes: 13 additions & 0 deletions kvbc/src/Replica.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -316,8 +316,21 @@ void Replica::saveReconfigurationCmdToResPages(const std::string &key) {

void Replica::createReplicaAndSyncState() {
ConcordAssertNE(m_kvBlockchain, nullptr);

ReplicasInfo repsInfo{replicaConfig_, dynamicCollectorForPartialProofs, dynamicCollectorForExecutionProofs};
SigManager::init(
replicaConfig_.replicaId,
replicaConfig_.replicaPrivateKey,
replicaConfig_.publicKeysOfReplicas,
concord::crypto::KeyFormat::HexaDecimalStrippedFormat,
replicaConfig_.getPublicKeysOfClients(),
concord::crypto::KeyFormat::PemFormat,
{{repsInfo.getIdOfOperator(), replicaConfig_.getOperatorPublicKey(), concord::crypto::KeyFormat::PemFormat}},
repsInfo);

auto requestHandler = KvbcRequestHandler::create(m_cmdHandler, cronTableRegistry_, *m_kvBlockchain, aggregator_);
registerReconfigurationHandlers(requestHandler);

m_replicaPtr = bftEngine::ReplicaFactory::createReplica(
replicaConfig_, requestHandler, m_stateTransfer, m_ptrComm.get(), m_metadataStorage, pm_, secretsManager_);
requestHandler->setPersistentStorage(m_replicaPtr->persistentStorage());
Expand Down
Loading

0 comments on commit 6df5b8b

Please sign in to comment.