Refactor Crypto Provider Implementation (#50)

* Enable RSA crypto provider
* Make secure use of user's input buffers in crypto providers
* Enable ECDSA crypto provider
* Enable Secp256k1 crypto provider
* Remove all the legacy and redundant code from the crypto provider
* Use boost::optional in Kademlia and apply clang-format
* Refactor keygen test

Signed-off-by: Igor Egorov <[email protected]>

Author: Igor Egorov

example/02-kad/factory.cpp

@@ -8,10 +8,13 @@
 
 // implementations
 #include <libp2p/crypto/crypto_provider/crypto_provider_impl.hpp>
+#include <libp2p/crypto/ecdsa_provider/ecdsa_provider_impl.hpp>
 #include <libp2p/crypto/ed25519_provider/ed25519_provider_impl.hpp>
 #include <libp2p/crypto/key_marshaller/key_marshaller_impl.hpp>
 #include <libp2p/crypto/key_validator/key_validator_impl.hpp>
 #include <libp2p/crypto/random_generator/boost_generator.hpp>
+#include <libp2p/crypto/rsa_provider/rsa_provider_impl.hpp>
+#include <libp2p/crypto/secp256k1_provider/secp256k1_provider_impl.hpp>
 #include <libp2p/host/basic_host.hpp>
 #include <libp2p/muxer/mplex.hpp>
 #include <libp2p/muxer/yamux.hpp>
@@ -40,8 +43,8 @@
 
 namespace libp2p::protocol::kademlia::example {
 
-  std::optional<libp2p::peer::PeerInfo> str2peerInfo(const std::string &str) {
-    using R = std::optional<libp2p::peer::PeerInfo>;
+  boost::optional<libp2p::peer::PeerInfo> str2peerInfo(const std::string &str) {
+    using R = boost::optional<libp2p::peer::PeerInfo>;
 
     auto server_ma_res = libp2p::multi::Multiaddress::create(str);
     if (!server_ma_res) {
@@ -76,8 +79,15 @@ namespace libp2p::protocol::kademlia::example {
       auto csprng = std::make_shared<crypto::random::BoostRandomGenerator>();
       auto ed25519_provider =
           std::make_shared<crypto::ed25519::Ed25519ProviderImpl>();
-      auto crypto_provider = std::make_shared<crypto::CryptoProviderImpl>(
-          csprng, ed25519_provider);
+      auto rsa_provider = std::make_shared<crypto::rsa::RsaProviderImpl>();
+      auto ecdsa_provider =
+          std::make_shared<crypto::ecdsa::EcdsaProviderImpl>();
+      auto secp256k1_provider =
+          std::make_shared<crypto::secp256k1::Secp256k1ProviderImpl>();
+      std::shared_ptr<crypto::CryptoProvider> crypto_provider =
+          std::make_shared<crypto::CryptoProviderImpl>(
+              csprng, ed25519_provider, rsa_provider, ecdsa_provider,
+              secp256k1_provider);
       auto validator = std::make_shared<crypto::validator::KeyValidatorImpl>(
           crypto_provider);
 
@@ -128,7 +138,8 @@ namespace libp2p::protocol::kademlia::example {
     }
   }  // namespace
 
-  void createPerHostObjects(PerHostObjects &objects, const KademliaConfig& conf) {
+  void createPerHostObjects(PerHostObjects &objects,
+                            const KademliaConfig &conf) {
     auto injector = makeInjector(boost::di::bind<boost::asio::io_context>.to(
         createIOContext())[boost::di::override]);
 
@@ -137,12 +148,9 @@ namespace libp2p::protocol::kademlia::example {
         injector.create<std::shared_ptr<libp2p::crypto::CryptoProvider>>();
     objects.key_marshaller = injector.create<
         std::shared_ptr<libp2p::crypto::marshaller::KeyMarshaller>>();
-    objects.routing_table =
-        std::make_shared<RoutingTableImpl>(
-            injector.create<std::shared_ptr<peer::IdentityManager>>(),
-            injector.create<std::shared_ptr<event::Bus>>(),
-            conf
-    );
+    objects.routing_table = std::make_shared<RoutingTableImpl>(
+        injector.create<std::shared_ptr<peer::IdentityManager>>(),
+        injector.create<std::shared_ptr<event::Bus>>(), conf);
   }
 
   std::shared_ptr<boost::asio::io_context> createIOContext() {
@@ -151,4 +159,4 @@ namespace libp2p::protocol::kademlia::example {
     return c;
   }
 
-}  // namespace libp2p::kad_example
+}  // namespace libp2p::protocol::kademlia::example

example/02-kad/factory.hpp

@@ -21,9 +21,10 @@ namespace libp2p::protocol::kademlia::example {
     std::shared_ptr<crypto::marshaller::KeyMarshaller> key_marshaller;
   };
 
-  void createPerHostObjects(PerHostObjects &objects, const KademliaConfig& conf);
+  void createPerHostObjects(PerHostObjects &objects,
+                            const KademliaConfig &conf);
 
-  std::optional<libp2p::peer::PeerInfo> str2peerInfo(const std::string &str);
+  boost::optional<libp2p::peer::PeerInfo> str2peerInfo(const std::string &str);
 
 }  // namespace libp2p::protocol::kademlia::example
 

example/02-kad/kad_peer_discovery_example.cpp

@@ -29,7 +29,7 @@ namespace libp2p::protocol::kademlia::example {
         .value();
   }
 
-  const KademliaConfig& getConfig() {
+  const KademliaConfig &getConfig() {
     static KademliaConfig config = ([] {
       KademliaConfig c;
       c.randomWalk.delay = 5s;
@@ -45,21 +45,21 @@ namespace libp2p::protocol::kademlia::example {
       std::shared_ptr<KadImpl> kad;
       std::string listen_to;
       std::string connect_to;
-      std::optional<libp2p::peer::PeerId> find_id;
+      boost::optional<libp2p::peer::PeerId> find_id;
       Scheduler::Handle htimer;
       Scheduler::Handle hbootstrap;
       bool found = false;
       bool verbose = true;
       bool request_sent = false;
 
       Host(size_t i, std::shared_ptr<Scheduler> sch, PerHostObjects obj)
-        : index(i), o(std::move(obj))
+          : index(i),
+            o(std::move(obj))
 
       {
-        kad = std::make_shared<KadImpl>(
-            o.host, std::move(sch), o.routing_table,
-            createDefaultValueStoreBackend(), getConfig()
-        );
+        kad = std::make_shared<KadImpl>(o.host, std::move(sch), o.routing_table,
+                                        createDefaultValueStoreBackend(),
+                                        getConfig());
       }
 
       void checkPeers() {
@@ -90,7 +90,6 @@ namespace libp2p::protocol::kademlia::example {
         kad->start(true);
       }
 
-
       void connect() {
         if (connect_to.empty())
           return;
@@ -100,8 +99,10 @@ namespace libp2p::protocol::kademlia::example {
 
       void findPeer(const libp2p::peer::PeerId &id) {
         find_id = id;
-        htimer = kad->scheduler().schedule(20000, [this] { onFindPeerTimer(); });
-        hbootstrap = kad->scheduler().schedule(100, [this] { onBootstrapTimer(); });
+        htimer =
+            kad->scheduler().schedule(20000, [this] { onFindPeerTimer(); });
+        hbootstrap =
+            kad->scheduler().schedule(100, [this] { onBootstrapTimer(); });
       }
 
       void onBootstrapTimer() {
@@ -110,7 +111,7 @@ namespace libp2p::protocol::kademlia::example {
           request_sent =
               kad->findPeer(genRandomPeerId(*o.key_gen, *o.key_marshaller),
                             [this](const libp2p::peer::PeerId &peer,
-                                   Kad::FindPeerQueryResult res) { //NOLINT
+                                   Kad::FindPeerQueryResult res) {  // NOLINT
                               logger->info(
                                   "bootstrap return from findPeer, i={}, "
                                   "peer={} peers={} ({})",
@@ -151,8 +152,8 @@ namespace libp2p::protocol::kademlia::example {
           logger->info("onFindPeer: i={}, res: success={}, peers={}", index,
                        res.success, res.closer_peers.size());
 
-        htimer =
-            kad->scheduler().schedule(1000, [this, peers = std::move(res.closer_peers)] {
+        htimer = kad->scheduler().schedule(
+            1000, [this, peers = std::move(res.closer_peers)] {
               kad->findPeer(find_id.value(),
                             [this](const libp2p::peer::PeerId &peer,
                                    Kad::FindPeerQueryResult res) {
@@ -172,7 +173,7 @@ namespace libp2p::protocol::kademlia::example {
 
     std::vector<Host> hosts;
 
-    Hosts(size_t n, const std::shared_ptr<Scheduler>& sch) {
+    Hosts(size_t n, const std::shared_ptr<Scheduler> &sch) {
       hosts.reserve(n);
 
       for (size_t i = 0; i < n; ++i) {
@@ -182,7 +183,7 @@ namespace libp2p::protocol::kademlia::example {
       makeConnectTopologyCircle();
     }
 
-    void newHost(const std::shared_ptr<Scheduler>& sch) {
+    void newHost(const std::shared_ptr<Scheduler> &sch) {
       size_t index = hosts.size();
       PerHostObjects o;
       createPerHostObjects(o, getConfig());
@@ -264,9 +265,9 @@ int main(int argc, char *argv[]) {
     size_t hosts_count = 6;
     bool kad_log_debug = false;
     if (argc > 1)
-      hosts_count = atoi(argv[1]); //NOLINT
+      hosts_count = atoi(argv[1]);  // NOLINT
     if (argc > 2)
-      kad_log_debug = (atoi(argv[2]) != 0); //NOLINT
+      kad_log_debug = (atoi(argv[2]) != 0);  // NOLINT
 
     x::setupLoggers(kad_log_debug);
 

include/libp2p/crypto/crypto_provider.hpp

@@ -6,12 +6,13 @@
 #ifndef LIBP2P_CRYPTO_PROVIDER_HPP
 #define LIBP2P_CRYPTO_PROVIDER_HPP
 
+#include <vector>
+
 #include <boost/filesystem.hpp>
 #include <gsl/span>
 #include <libp2p/crypto/common.hpp>
 #include <libp2p/crypto/key.hpp>
 #include <libp2p/outcome/outcome.hpp>
-#include <vector>
 
 namespace libp2p::crypto {
   /**
@@ -27,9 +28,12 @@ namespace libp2p::crypto {
     /**
      * @brief generates new key pair of specified type
      * @param key_type key type
+     * @param rsa_bitness specifies the length of RSA key
      * @return new generated key pair of public and private key or error
      */
-    virtual outcome::result<KeyPair> generateKeys(Key::Type key_type) const = 0;
+    virtual outcome::result<KeyPair> generateKeys(
+        Key::Type key_type,
+        common::RSAKeyType rsa_bitness = common::RSAKeyType::RSA2048) const = 0;
 
     /**
      * @brief derives public key from private key
@@ -46,7 +50,8 @@ namespace libp2p::crypto {
      * @return signature bytes
      */
     virtual outcome::result<Buffer> sign(
-        gsl::span<uint8_t> message, const PrivateKey &private_key) const = 0;
+        gsl::span<const uint8_t> message,
+        const PrivateKey &private_key) const = 0;
 
     /**
      * @brief verifies validness of the signature for a given message and public
@@ -56,8 +61,8 @@ namespace libp2p::crypto {
      * @param public_key to validate against
      * @return true - if the signature matches the message and the public key
      */
-    virtual outcome::result<bool> verify(gsl::span<uint8_t> message,
-                                         gsl::span<uint8_t> signature,
+    virtual outcome::result<bool> verify(gsl::span<const uint8_t> message,
+                                         gsl::span<const uint8_t> signature,
                                          const PublicKey &public_key) const = 0;
     /**
      * Generate an ephemeral public key and return a function that will

include/libp2p/crypto/crypto_provider/crypto_provider_impl.hpp

@@ -15,25 +15,38 @@ namespace libp2p::crypto {
   namespace ed25519 {
     class Ed25519Provider;
   }
+  namespace rsa {
+    class RsaProvider;
+  }
+  namespace ecdsa {
+    class EcdsaProvider;
+  }
+  namespace secp256k1 {
+    class Secp256k1Provider;
+  }
 
   class CryptoProviderImpl : public CryptoProvider {
    public:
     ~CryptoProviderImpl() override = default;
 
     explicit CryptoProviderImpl(
         std::shared_ptr<random::CSPRNG> random_provider,
-        std::shared_ptr<ed25519::Ed25519Provider> ed25519_provider);
+        std::shared_ptr<ed25519::Ed25519Provider> ed25519_provider,
+        std::shared_ptr<rsa::RsaProvider> rsa_provider,
+        std::shared_ptr<ecdsa::EcdsaProvider> ecdsa_provider,
+        std::shared_ptr<secp256k1::Secp256k1Provider> secp256k1_provider);
 
-    outcome::result<KeyPair> generateKeys(Key::Type key_type) const override;
+    outcome::result<KeyPair> generateKeys(
+        Key::Type key_type, common::RSAKeyType rsa_bitness) const override;
 
     outcome::result<PublicKey> derivePublicKey(
         const PrivateKey &private_key) const override;
 
-    outcome::result<Buffer> sign(gsl::span<uint8_t> message,
+    outcome::result<Buffer> sign(gsl::span<const uint8_t> message,
                                  const PrivateKey &private_key) const override;
 
-    outcome::result<bool> verify(gsl::span<uint8_t> message,
-                                 gsl::span<uint8_t> signature,
+    outcome::result<bool> verify(gsl::span<const uint8_t> message,
+                                 gsl::span<const uint8_t> signature,
                                  const PublicKey &public_key) const override;
 
     outcome::result<EphemeralKeyPair> generateEphemeralKeyPair(
@@ -46,24 +59,47 @@ namespace libp2p::crypto {
    private:
     void initialize();
 
-    //    outcome::result<KeyPair> generateRsa(common::RSAKeyType key_type)
-    //    const;
-    outcome::result<KeyPair> generateEd25519() const;
-    outcome::result<KeyPair> generateSecp256k1() const;
-    outcome::result<KeyPair> generateEcdsa() const;
+    // RSA
+    outcome::result<KeyPair> generateRsa(common::RSAKeyType rsa_bitness) const;
+    outcome::result<PublicKey> deriveRsa(const PrivateKey &key) const;
+    outcome::result<Buffer> signRsa(gsl::span<const uint8_t> message,
+                                    const PrivateKey &private_key) const;
+    outcome::result<bool> verifyRsa(gsl::span<const uint8_t> message,
+                                    gsl::span<const uint8_t> signature,
+                                    const PublicKey &public_key) const;
 
+    // Ed25519
+    outcome::result<KeyPair> generateEd25519() const;
     outcome::result<PublicKey> deriveEd25519(const PrivateKey &key) const;
-    outcome::result<Buffer> signEd25519(gsl::span<uint8_t> message,
+    outcome::result<Buffer> signEd25519(gsl::span<const uint8_t> message,
                                         const PrivateKey &private_key) const;
-    outcome::result<bool> verifyEd25519(gsl::span<uint8_t> message,
-                                        gsl::span<uint8_t> signature,
+    outcome::result<bool> verifyEd25519(gsl::span<const uint8_t> message,
+                                        gsl::span<const uint8_t> signature,
                                         const PublicKey &public_key) const;
 
-    outcome::result<KeyPair> generateEcdsa256WithCurve(Key::Type key_type,
-                                                       int curve_nid) const;
+    // Secp256k1
+    outcome::result<KeyPair> generateSecp256k1() const;
+    outcome::result<PublicKey> deriveSecp256k1(const PrivateKey &key) const;
+    outcome::result<Buffer> signSecp256k1(gsl::span<const uint8_t> message,
+                                          const PrivateKey &private_key) const;
+    outcome::result<bool> verifySecp256k1(gsl::span<const uint8_t> message,
+                                          gsl::span<const uint8_t> signature,
+                                          const PublicKey &public_key) const;
+
+    // ECDSA
+    outcome::result<KeyPair> generateEcdsa() const;
+    outcome::result<PublicKey> deriveEcdsa(const PrivateKey &key) const;
+    outcome::result<Buffer> signEcdsa(gsl::span<const uint8_t> message,
+                                      const PrivateKey &private_key) const;
+    outcome::result<bool> verifyEcdsa(gsl::span<const uint8_t> message,
+                                      gsl::span<const uint8_t> signature,
+                                      const PublicKey &public_key) const;
 
     std::shared_ptr<random::CSPRNG> random_provider_;
     std::shared_ptr<ed25519::Ed25519Provider> ed25519_provider_;
+    std::shared_ptr<rsa::RsaProvider> rsa_provider_;
+    std::shared_ptr<ecdsa::EcdsaProvider> ecdsa_provider_;
+    std::shared_ptr<secp256k1::Secp256k1Provider> secp256k1_provider_;
   };
 }  // namespace libp2p::crypto
 

include/libp2p/crypto/ecdsa_provider.hpp

@@ -17,22 +17,22 @@ namespace libp2p::crypto::ecdsa {
      * @brief Generate private and public keys
      * @return ECDSA key pair or error code
      */
-    virtual outcome::result<KeyPair> GenerateKeyPair() const = 0;
+    virtual outcome::result<KeyPair> generate() const = 0;
 
     /**
      * @brief Generate ECDSA public key from private key
      * @param key - ECDSA private key
      * @return Generated public key or error code
      */
-    virtual outcome::result<PublicKey> DerivePublicKey(const PrivateKey &key) const = 0;
+    virtual outcome::result<PublicKey> derive(const PrivateKey &key) const = 0;
 
     /**
      * @brief Create signature for a message
      * @param message - data to signing
      * @param privateKey - key for signing
      * @return ECDSA signature or error code
      */
-    virtual outcome::result<Signature> Sign(gsl::span<uint8_t> message,
+    virtual outcome::result<Signature> sign(gsl::span<const uint8_t> message,
                                             const PrivateKey &key) const = 0;
 
     /**
@@ -42,7 +42,7 @@ namespace libp2p::crypto::ecdsa {
      * @param publicKey - key for signature verifying
      * @return Result of the verification or error code
      */
-    virtual outcome::result<bool> Verify(gsl::span<uint8_t> message,
+    virtual outcome::result<bool> verify(gsl::span<const uint8_t> message,
                                          const Signature &signature,
                                          const PublicKey &publicKey) const = 0;