RSA provider (#29)

Signed-off-by: turuslan <[email protected]>

Author: sergkaprovich

include/libp2p/crypto/rsa_provider.hpp

@@ -0,0 +1,44 @@
+/**
+ * Copyright Soramitsu Co., Ltd. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#ifndef LIBP2P_CRYPTO_RSA_PROVIDER_HPP
+#define LIBP2P_CRYPTO_RSA_PROVIDER_HPP
+
+#include <gsl/span>
+#include <libp2p/outcome/outcome.hpp>
+#include <libp2p/crypto/rsa_types.hpp>
+
+namespace libp2p::crypto::rsa {
+
+  /**
+   * @class RSA provider interface
+   */
+  class RsaProvider {
+   public:
+    /**
+     * Sign a message using private key. Message digest calculated as SHA512
+     * @param message - the source message as bytes sequence
+     * @param private_key - private key bytes
+     * @return signature as bytes sequence
+     */
+    virtual outcome::result<Signature> sign(gsl::span<uint8_t> message,
+                                            const PrivateKey &private_key) const = 0;
+
+    /**
+     * @brief Verify signature for a message
+     * @param message - signed data
+     * @param signature - target for verifying
+     * @param key - key for signature verifying
+     * @return Result of the verification or error code
+     */
+    virtual outcome::result<bool> verify(gsl::span<uint8_t> message,
+                                         const Signature &signature,
+                                         const PublicKey &key) const = 0;
+
+    virtual ~RsaProvider() = default;
+  };
+};  // namespace libp2p::crypto::rsa
+
+#endif  // LIBP2P_CRYPTO_RSA_PROVIDER_HPP

include/libp2p/crypto/rsa_provider/rsa_provider_impl.hpp

@@ -0,0 +1,40 @@
+/**
+ * Copyright Soramitsu Co., Ltd. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#ifndef LIBP2P_CRYPTO_RSA_PROVIDER_IMPL_HPP
+#define LIBP2P_CRYPTO_RSA_PROVIDER_IMPL_HPP
+
+#include <memory>
+
+#include <openssl/rsa.h>
+#include <libp2p/crypto/error.hpp>
+#include <libp2p/crypto/rsa_provider.hpp>
+
+namespace libp2p::crypto::rsa {
+
+  /**
+   * @class RSA provider implementation declaration
+   */
+  class RsaProviderImpl : public RsaProvider {
+   public:
+    outcome::result<Signature> sign(gsl::span<uint8_t> message,
+                                    const PrivateKey &private_key) const override;
+
+    outcome::result<bool> verify(gsl::span<uint8_t> message,
+                                 const Signature &signature,
+                                 const PublicKey &key) const override;
+
+   private:
+    /**
+     * @brief Convert key to OpenSSL type
+     * @param input_key - public key bytes
+     * @return Converted key or error code
+     */
+    static outcome::result<std::shared_ptr<X509_PUBKEY>> getPublicKeyFromBytes(
+        const PublicKey &input_key);
+  };
+};  // namespace libp2p::crypto::rsa
+
+#endif  // LIBP2P_CRYPTO_RSA_PROVIDER_IMPL_HPP

include/libp2p/crypto/rsa_types.hpp

@@ -0,0 +1,43 @@
+/**
+ * Copyright Soramitsu Co., Ltd. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#ifndef LIBP2P_CRYPTO_RSA_TYPES_HPP
+#define LIBP2P_CRYPTO_RSA_TYPES_HPP
+
+#include <vector>
+
+namespace libp2p::crypto::rsa {
+  /**
+   * @brief Common types
+   */
+  using PrivateKey = std::vector<uint8_t>; /**< RSA private key */
+  using PublicKey = std::vector<uint8_t>;  /**< RSA public key */
+  using Signature = std::vector<uint8_t>;  /**< RSA signature of a message */
+
+  struct KeyPair {
+    PrivateKey private_key; /**< RSA private key */
+    PublicKey public_key;  /**< RSA public key */
+
+    /**
+     * @brief Comparing keypairs
+     * @param other - second keypair to compare
+     * @return true, if keypairs are equal
+     */
+    bool operator==(const KeyPair &other) {
+      return other.private_key == private_key && other.public_key == public_key;
+    }
+
+    /**
+     * @brief Comparing keypairs
+     * @param other - second keypair to compare
+     * @return true, if keypairs aren't equal
+     */
+    bool operator!=(const KeyPair &other) {
+      return !operator==(other);
+    }
+  };
+};  // namespace libp2p::crypto::rsa
+
+#endif  // LIBP2P_CRYPTO_RSA_TYPES_HPP

src/crypto/CMakeLists.txt

@@ -12,6 +12,7 @@ add_subdirectory(key_marshaller)
 add_subdirectory(key_validator)
 add_subdirectory(protobuf)
 add_subdirectory(random_generator)
+add_subdirectory(rsa_provider)
 add_subdirectory(secp256k1_provider)
 add_subdirectory(sha)
 

src/crypto/crypto_provider/crypto_provider_impl.cpp

@@ -77,22 +77,14 @@ namespace libp2p::crypto {
     }
 
     outcome::result<PublicKey> deriveRsa(const PrivateKey &key) {
-      BIO *bio_private = BIO_new_mem_buf(
-          static_cast<const void *>(key.data.data()), key.data.size());
-      if (nullptr == bio_private) {
-        return KeyGeneratorError::KEY_DERIVATION_FAILED;
-      }
-      auto free_bio =
-          gsl::finally([bio_private]() { BIO_free_all(bio_private); });
-
       const unsigned char *data_pointer = key.data.data();
       RSA *rsa = d2i_RSAPrivateKey(nullptr, &data_pointer, key.data.size());
       if (nullptr == rsa) {
         return KeyGeneratorError::KEY_DERIVATION_FAILED;
       }
       auto cleanup_rsa = gsl::finally([rsa]() { RSA_free(rsa); });
 
-      OUTCOME_TRY(public_bytes, detail::encodeKeyDer(rsa, i2d_RSAPublicKey));
+      OUTCOME_TRY(public_bytes, detail::encodeKeyDer(rsa, i2d_RSA_PUBKEY));
 
       return PublicKey{{key.type, std::move(public_bytes)}};
     }
@@ -170,10 +162,10 @@ namespace libp2p::crypto {
      *  We encode the private key as a PKCS1 key using ASN.1 DER.
      *
      *  according to openssl manual:
-     *  https://www.openssl.org/docs/man1.0.2/man3/i2d_RSAPublicKey.html
-     *  d2i_RSAPublicKey() and i2d_RSAPublicKey() decode and encode a PKCS#1
+     *  https://www.openssl.org/docs/man1.1.1/man3/i2d_RSA_PUBKEY.html
+     *  d2i_RSA_PUBKEY() and i2d_RSA_PUBKEY() decode and encode a PKIX
      *
-     *  https://www.openssl.org/docs/man1.0.2/man3/i2d_RSAPrivateKey.html
+     *  https://www.openssl.org/docs/man1.1.1/man3/i2d_RSAPrivateKey.html
      *  d2i_RSAPrivateKey(), i2d_RSAPrivateKey() decode and encode a PKCS#1
      */
     outcome::result<std::pair<CryptoProvider::Buffer, CryptoProvider::Buffer>>
@@ -207,7 +199,7 @@ namespace libp2p::crypto {
         return KeyGeneratorError::KEY_GENERATION_FAILED;
       }
 
-      OUTCOME_TRY(public_bytes, detail::encodeKeyDer(rsa, i2d_RSAPublicKey));
+      OUTCOME_TRY(public_bytes, detail::encodeKeyDer(rsa, i2d_RSA_PUBKEY));
       OUTCOME_TRY(private_bytes, detail::encodeKeyDer(rsa, i2d_RSAPrivateKey));
 
       return {std::move(public_bytes), std::move(private_bytes)};

src/crypto/rsa_provider/CMakeLists.txt

@@ -0,0 +1,14 @@
+#
+# Copyright Soramitsu Co., Ltd. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+
+add_library(p2p_rsa
+    rsa_provider_impl.cpp
+    )
+
+target_link_libraries(p2p_rsa
+    p2p_sha
+    p2p_crypto_error
+    OpenSSL::Crypto
+    )

src/crypto/rsa_provider/rsa_provider_impl.cpp

@@ -0,0 +1,68 @@
+/**
+ * Copyright Soramitsu Co., Ltd. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#include "libp2p/crypto/rsa_provider/rsa_provider_impl.hpp"
+
+#include "libp2p/crypto/sha/sha256.hpp"
+#include <memory>
+#include <openssl/err.h>
+#include <openssl/rsa.h>
+#include <openssl/x509.h>
+
+using Hash256 = libp2p::common::Hash256;
+
+namespace libp2p::crypto::rsa {
+
+  outcome::result<std::shared_ptr<RSA>> rsaFromPrivateKey(
+      const PrivateKey &private_key) {
+    const unsigned char *data_pointer = private_key.data();
+    std::shared_ptr<RSA> rsa{
+        d2i_RSAPrivateKey(nullptr, &data_pointer, private_key.size()),
+        RSA_free};
+    if (nullptr == rsa) {
+      return KeyValidatorError::INVALID_PRIVATE_KEY;
+    }
+    return rsa;
+  }
+
+  outcome::result<Signature> RsaProviderImpl::sign(
+      gsl::span<uint8_t> message, const PrivateKey &private_key) const {
+    OUTCOME_TRY(rsa, rsaFromPrivateKey(private_key));
+    Hash256 digest = sha256(message);
+    Signature signature(RSA_size(rsa.get()));
+    unsigned int signature_size;
+    if (1
+        != RSA_sign(NID_sha256, digest.data(), digest.size(), signature.data(),
+                    &signature_size, rsa.get())) {
+      return CryptoProviderError::SIGNATURE_GENERATION_FAILED;
+    }
+
+    return signature;
+  }
+
+  outcome::result<bool> RsaProviderImpl::verify(gsl::span<uint8_t> message,
+                                                const Signature &signature,
+                                                const PublicKey &public_key) const {
+    OUTCOME_TRY(x509_key, RsaProviderImpl::getPublicKeyFromBytes(public_key));
+    EVP_PKEY *key = X509_PUBKEY_get0(x509_key.get());
+    std::unique_ptr<RSA, void (*)(RSA *)> rsa{EVP_PKEY_get1_RSA(key), RSA_free};
+    Hash256 digest = sha256(message);
+    int result = RSA_verify(NID_sha256, digest.data(), digest.size(),
+                            signature.data(), signature.size(), rsa.get());
+    return result == 1 ? true : false;
+  }
+
+  outcome::result<std::shared_ptr<X509_PUBKEY>>
+  RsaProviderImpl::getPublicKeyFromBytes(const PublicKey &input_key) {
+    const uint8_t *bytes = input_key.data();
+    std::shared_ptr<X509_PUBKEY> key{X509_PUBKEY_new(), X509_PUBKEY_free};
+    X509_PUBKEY *key_ptr = key.get();
+    if (d2i_X509_PUBKEY(&key_ptr, &bytes, input_key.size()) == nullptr) {
+      return KeyValidatorError::INVALID_PUBLIC_KEY;
+    }
+    return key;
+  }
+
+};  // namespace libp2p::crypto::rsa

test/libp2p/crypto/CMakeLists.txt

@@ -61,6 +61,13 @@ target_link_libraries(key_validator_test
     p2p_key_validator
     )
 
+addtest(rsa_provider_test
+    rsa_provider_test.cpp
+    )
+target_link_libraries(rsa_provider_test
+    p2p_rsa
+    )
+
 addtest(secp256k1_test
     secp256k1_test.cpp
     )

test/libp2p/crypto/key_generator_test.cpp

@@ -150,6 +150,18 @@ class KeyGoCompatibility : public ::testing::Test {
   std::shared_ptr<CryptoProvider> crypto_provider_;
 };
 
+TEST_F(KeyGoCompatibility, RSA) {
+  PrivateKey privateKey{
+      {Key::Type::RSA,
+       "3082025e02010002818100bcaf3ee0f2bc3ac58ab3fcb3c23b2386230564331653ae34e9e09ea6fb0b9cfcf9c6ef76c9337d9b8ed29b4505c8e57a06a9a008ecb89ece3a6e809af64342be4367e06ba1bec131c8944465ba1f5cead836e84932097aea1f6aefc97e84f76219b9dec8afd7a1d0fa90802bd84b1d021112daf026c60ad958db4247e56dc39d0203010001028180407fdb8bc40e6a3ccafc59ff0cff705653346d9b351fa7e678a88b33639005bb489b2392c496b07273b134d8b47087595e5bafd43d2fa341b621be1ebade253b149ba6df498b94269b708547406aeb5da7d71e4fa52fff331cfbae3db55c51ed896d914e93bc0a703aaafed6fe83e7f9af20c2fcfd7207d34426b6b4ed8283b5024100e678fb31b2489505bdb0cf16c23fd6e4ff5069de71f72c12e5a1b0c295aa4fa6e2b691fd5c5ea98473d0884dd969a258f48e5593bdc15f8c72f9da775ca0aeff024100d1955ed85222b96e55e1f9d7865dcb78467a12839f0a3f5b17791b15a1d5b14c20e96bb6d352988f628030282a1c44027e168bb79dac7eb858c1bb3c6ffce963024100d298a808203dfc96336055cb1912d69d87c3060a729f0651fa2cc664f7f7993308a5053fbb60f08b8c7c77a09352d83b6ab488f428878374c63712eed0e02f27024100b94ed2ef7da00a488e5321aef8b511e4a49be6a6ce062782893ca13ffd398e6bfb65a7c19d1398a49eb92cdb36708b8990a6aa9e8d21296221c8199f147d9075024100a7abd450a0c8fe8f3cb2c0d8fca3f15094b512dce328ce543977c14f80dcb7e41ac4ae7fb2925fae724b6e2494231d0c51572ae89510b4ce6e984623ddf2c923"_unhex}};
+
+  auto derivedPublicKey = crypto_provider_->derivePublicKey(privateKey).value();
+
+  EXPECT_EQ(
+      derivedPublicKey.data,
+      "30819f300d06092a864886f70d010101050003818d0030818902818100bcaf3ee0f2bc3ac58ab3fcb3c23b2386230564331653ae34e9e09ea6fb0b9cfcf9c6ef76c9337d9b8ed29b4505c8e57a06a9a008ecb89ece3a6e809af64342be4367e06ba1bec131c8944465ba1f5cead836e84932097aea1f6aefc97e84f76219b9dec8afd7a1d0fa90802bd84b1d021112daf026c60ad958db4247e56dc39d0203010001"_unhex);
+}
+
 TEST_F(KeyGoCompatibility, ECDSA) {
   PrivateKey privateKey{
       {Key::Type::ECDSA,