Split keypair.h (#828)

Author: jumaffre

src/consensus/pbft/libbyz/parameters.h

@@ -6,6 +6,7 @@
 #pragma once
 
 #include "tls/keypair.h"
+#include "tls/verifier.h"
 
 #include <cstddef>
 

src/enclave/httpsig.h

@@ -5,7 +5,7 @@
 #include "httpparser.h"
 #include "node/clientsignatures.h"
 #include "tls/base64.h"
-#include "tls/keypair.h"
+#include "tls/hash.h"
 
 #include <fmt/format_header_only.h>
 #include <optional>

src/node/genesisgen.h

@@ -12,7 +12,7 @@
 #include "rpc/consts.h"
 #include "rpc/jsonrpc.h"
 #include "runtime_config/default_whitelists.h"
-#include "tls/keypair.h"
+#include "tls/verifier.h"
 #include "values.h"
 
 #include <algorithm>

src/node/history.h

@@ -2,15 +2,15 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
-#include "../consensus/pbft/pbfttypes.h"
-#include "../crypto/hash.h"
-#include "../ds/logger.h"
-#include "../kv/kvtypes.h"
-#include "../tls/keypair.h"
-#include "../tls/tls.h"
+#include "consensus/pbft/pbfttypes.h"
+#include "crypto/hash.h"
+#include "ds/logger.h"
 #include "entities.h"
+#include "kv/kvtypes.h"
 #include "nodes.h"
 #include "signatures.h"
+#include "tls/tls.h"
+#include "tls/verifier.h"
 
 #include <array>
 #include <deque>

src/node/rpc/frontend.h

@@ -12,6 +12,7 @@
 #include "node/nodes.h"
 #include "nodeinterface.h"
 #include "rpcexception.h"
+#include "tls/verifier.h"
 
 #include <fmt/format_header_only.h>
 #include <mutex>

src/node/rpc/test/nodefrontend_test.cpp

@@ -10,6 +10,7 @@
 #include "node/rpc/nodefrontend.h"
 #include "node_stub.h"
 #include "tls/pem.h"
+#include "tls/verifier.h"
 
 using namespace ccf;
 using namespace nlohmann;

src/tls/curve.h

@@ -0,0 +1,168 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the Apache 2.0 License.
+#pragma once
+
+#include "ds/logger.h"
+#include "tls.h"
+
+#include <secp256k1/include/secp256k1.h>
+#include <secp256k1/include/secp256k1_recovery.h>
+#include <stdexcept>
+#include <string>
+
+namespace tls
+{
+  enum class CurveImpl
+  {
+    secp384r1 = 1,
+#ifdef MOD_MBEDTLS
+    ed25519 = 2,
+#endif
+    secp256k1_mbedtls = 3,
+    secp256k1_bitcoin = 4,
+
+#if SERVICE_IDENTITY_CURVE_CHOICE_SECP384R1
+    service_identity_curve_choice = secp384r1,
+#elif SERVICE_IDENTITY_CURVE_CHOICE_ED25519
+    service_identity_curve_choice = ed25519,
+#elif SERVICE_IDENTITY_CURVE_CHOICE_SECP256K1_MBEDTLS
+    service_identity_curve_choice = secp256k1_mbedtls,
+#elif SERVICE_IDENTITY_CURVE_CHOICE_SECP256K1_BITCOIN
+    service_identity_curve_choice = secp256k1_bitcoin,
+#else
+#  pragma message( \
+    "No service identity curve specified - defaulting to secp384r1")
+    service_identity_curve_choice = secp384r1,
+#endif
+  };
+
+  // 2 implementations of secp256k1 are available - mbedtls and bitcoin. Either
+  // can be asked for explicitly via the CurveImpl enum. For cases where we
+  // receive a raw 256k1 key/signature/cert only, this flag determines which
+  // implementation is used
+  static constexpr bool prefer_bitcoin_secp256k1 = true;
+
+  // Helper to access elliptic curve id from context
+  inline mbedtls_ecp_group_id get_ec_from_context(const mbedtls_pk_context& ctx)
+  {
+    return mbedtls_pk_ec(ctx)->grp.id;
+  }
+
+  // Get mbedtls elliptic curve for given CCF curve implementation
+  inline mbedtls_ecp_group_id get_ec_for_curve_impl(CurveImpl curve)
+  {
+    switch (curve)
+    {
+      case CurveImpl::secp384r1:
+      {
+        return MBEDTLS_ECP_DP_SECP384R1;
+      }
+#ifdef MOD_MBEDTLS
+      case CurveImpl::ed25519:
+      {
+        return MBEDTLS_ECP_DP_CURVE25519;
+      }
+#endif
+      case CurveImpl::secp256k1_mbedtls:
+      case CurveImpl::secp256k1_bitcoin:
+      {
+        return MBEDTLS_ECP_DP_SECP256K1;
+      }
+      default:
+      {
+        throw std::logic_error(
+          "Unhandled curve type: " +
+          std::to_string(static_cast<size_t>(curve)));
+      }
+    }
+  }
+
+  // Get message digest algorithm to use for given elliptic curve
+  inline mbedtls_md_type_t get_md_for_ec(mbedtls_ecp_group_id ec)
+  {
+    switch (ec)
+    {
+      case MBEDTLS_ECP_DP_SECP384R1:
+      {
+        return MBEDTLS_MD_SHA384;
+      }
+#ifdef MOD_MBEDTLS
+      case MBEDTLS_ECP_DP_CURVE25519:
+      {
+        return MBEDTLS_MD_SHA512;
+      }
+#endif
+      case MBEDTLS_ECP_DP_SECP256K1:
+      {
+        return MBEDTLS_MD_SHA256;
+      }
+      default:
+      {
+        throw std::logic_error(
+          std::string("Unhandled ecp group id: ") +
+          mbedtls_ecp_curve_info_from_grp_id(ec)->name);
+      }
+    }
+  }
+
+  inline bool verify_secp256k_bc(
+    secp256k1_context* ctx,
+    const uint8_t* signature,
+    size_t signature_size,
+    const uint8_t* hash,
+    size_t hash_size,
+    const secp256k1_pubkey* public_key)
+  {
+    if (hash_size != 32)
+      return false;
+
+    secp256k1_ecdsa_signature sig;
+    if (
+      secp256k1_ecdsa_signature_parse_der(
+        ctx, &sig, signature, signature_size) != 1)
+      return false;
+
+    secp256k1_ecdsa_signature norm_sig;
+    if (secp256k1_ecdsa_signature_normalize(ctx, &norm_sig, &sig) == 1)
+    {
+      LOG_TRACE_FMT("secp256k1 normalized a signature to lower-S form");
+    }
+
+    return secp256k1_ecdsa_verify(ctx, &norm_sig, hash, public_key) == 1;
+  }
+
+  static void secp256k1_illegal_callback(const char* str, void*)
+  {
+    throw std::logic_error(
+      fmt::format("[libsecp256k1] illegal argument: {}", str));
+  }
+
+  // Wrap calls to secp256k1_context_create, setting illegal callback to throw
+  // catchable errors rather than aborting, and ensuring destroy is called when
+  // this goes out of scope
+  class BCk1Context
+  {
+  public:
+    secp256k1_context* p = nullptr;
+
+    BCk1Context(unsigned int flags)
+    {
+      p = secp256k1_context_create(flags);
+
+      secp256k1_context_set_illegal_callback(
+        p, secp256k1_illegal_callback, nullptr);
+    }
+
+    ~BCk1Context()
+    {
+      secp256k1_context_destroy(p);
+    }
+  };
+
+  using BCk1ContextPtr = std::unique_ptr<BCk1Context>;
+
+  inline BCk1ContextPtr make_bc_context(unsigned int flags)
+  {
+    return std::make_unique<BCk1Context>(flags);
+  }
+}

src/tls/hash.h

@@ -0,0 +1,66 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the Apache 2.0 License.
+#pragma once
+
+#include "curve.h"
+
+#include <vector>
+
+namespace tls
+{
+  using HashBytes = std::vector<uint8_t>;
+
+  /**
+   * Hash the given data, with the specified digest algorithm
+   *
+   * @return 0 on success
+   */
+  inline int do_hash(
+    const uint8_t* data_ptr,
+    size_t data_size,
+    HashBytes& o_hash,
+    mbedtls_md_type_t md_type)
+  {
+    const auto md_info = mbedtls_md_info_from_type(md_type);
+    const auto hash_size = mbedtls_md_get_size(md_info);
+
+    if (o_hash.size() < hash_size)
+    {
+      o_hash.resize(hash_size);
+    }
+
+    return mbedtls_md(md_info, data_ptr, data_size, o_hash.data());
+  }
+
+  /**
+   * Hash the given data, with an algorithm chosen by key type
+   *
+   * @return 0 on success
+   */
+  inline int do_hash(
+    const mbedtls_pk_context& ctx,
+    const uint8_t* data_ptr,
+    size_t data_size,
+    HashBytes& o_hash,
+    mbedtls_md_type_t md_type_ = MBEDTLS_MD_NONE)
+  {
+    const auto ec = get_ec_from_context(ctx);
+    mbedtls_md_type_t md_type;
+    if (md_type_ != MBEDTLS_MD_NONE)
+    {
+      md_type = md_type_;
+    }
+    else
+    {
+      md_type = get_md_for_ec(ec);
+    }
+    const auto md_info = mbedtls_md_info_from_type(md_type);
+    const auto hash_size = mbedtls_md_get_size(md_info);
+
+    if (o_hash.size() < hash_size)
+      o_hash.resize(hash_size);
+
+    return mbedtls_md(md_info, data_ptr, data_size, o_hash.data());
+  }
+
+}