bug/SKALE-3751-enable-zeromq

f0baecee · kladko · ebc75da4 · f0baecee · f0baecee · f0baecee
Unverified Commit f0baecee authored Feb 05, 2021 by kladko
Showing with 68 additions and 39 deletions

ServerWorker.cpp ServerWorker.cpp +1 -3

ZMQClient.cpp ZMQClient.cpp +15 -9

ZMQClient.h ZMQClient.h +1 -1

ZMQMessage.cpp ZMQMessage.cpp +46 -23

ZMQMessage.h ZMQMessage.h +5 -3

No files found.
--- a/ServerWorker.cpp
+++ b/ServerWorker.cpp
@@ -104,12 +104,10 @@ void ServerWorker::work() {

            CHECK_STATE(msg.size() > 5 || msgData.at(0) == '{' || msgData[msg.size()] == '}');

-
            memcpy(msgData.data(), msg.data(), msg.size());

            auto parsedMsg = ZMQMessage::parse(
-                    (const char *) msgData.data(), msg.size(), true);
-
+                    (const char *) msgData.data(), msg.size(), true, checkSignature);
            CHECK_STATE(parsedMsg);

            result = parsedMsg->process();

--- a/ZMQClient.cpp
+++ b/ZMQClient.cpp
@@ -52,10 +52,6 @@ shared_ptr <ZMQMessage> ZMQClient::doRequestReply(Json::Value &_req) {

        string msgToSign = fastWriter.write(_req);

-        std::regex r("\\s+");
-
-        msgToSign = std::regex_replace(msgToSign, r, "");
-
        _req["msgSig"] = signString(pkey, msgToSign);
    }

@@ -76,7 +72,7 @@ shared_ptr <ZMQMessage> ZMQClient::doRequestReply(Json::Value &_req) {
        CHECK_STATE(resultStr.back() == '}')


-        return ZMQMessage::parse(resultStr.c_str(), resultStr.size(), false);
+        return ZMQMessage::parse(resultStr.c_str(), resultStr.size(), false, false);
    } catch (std::exception &e) {
        spdlog::error(string("Error in doRequestReply:") + e.what());
        throw;
@@ -141,9 +137,13 @@ string ZMQClient::readFileIntoString(const string &_fileName) {
 }


-void ZMQClient::verifySig(EVP_PKEY* _pubkey, const string& _str, const string _sig) {
+void ZMQClient::verifySig(EVP_PKEY* _pubkey, const string& _str, const string& _sig) {
+
+    CHECK_STATE(_pubkey);
+    CHECK_STATE(!_str.empty());

-     CHECK_STATE(_pubkey);
+    static std::regex r("\\s+");
+    auto msgToSign = std::regex_replace(_str, r, "");


    vector<uint8_t> binSig(256,0);
@@ -163,7 +163,7 @@ void ZMQClient::verifySig(EVP_PKEY* _pubkey, const string& _str, const string _s

    CHECK_STATE((EVP_DigestVerifyInit(mdctx, NULL, EVP_sha256(), NULL, _pubkey) == 1));

-    CHECK_STATE(EVP_DigestVerifyUpdate(mdctx, _str.c_str(), _str.size()) == 1);
+    CHECK_STATE(EVP_DigestVerifyUpdate(mdctx, msgToSign.c_str(), msgToSign.size()) == 1);

 /* First call EVP_DigestSignFinal with a NULL sig parameter to obtain the length of the
 * signature. Length is returned in slen */
@@ -181,6 +181,12 @@ void ZMQClient::verifySig(EVP_PKEY* _pubkey, const string& _str, const string _s
 string ZMQClient::signString(EVP_PKEY* _pkey, const string& _str) {

    CHECK_STATE(_pkey);
+    CHECK_STATE(!_str.empty());
+
+    static std::regex r("\\s+");
+    auto msgToSign = std::regex_replace(_str, r, "");
+
+

    EVP_MD_CTX *mdctx = NULL;
    int ret = 0;
@@ -194,7 +200,7 @@ string ZMQClient::signString(EVP_PKEY* _pkey, const string& _str) {
    CHECK_STATE((EVP_DigestSignInit(mdctx, NULL, EVP_sha256(), NULL, _pkey) == 1));


-    CHECK_STATE(EVP_DigestSignUpdate(mdctx, _str.c_str(), _str.size()) == 1);
+    CHECK_STATE(EVP_DigestSignUpdate(mdctx, msgToSign.c_str(), msgToSign.size()) == 1);

 /* First call EVP_DigestSignFinal with a NULL sig parameter to obtain the length of the
 * signature. Length is returned in slen */

--- a/ZMQClient.h
+++ b/ZMQClient.h
@@ -92,7 +92,7 @@ public:

    static string signString(EVP_PKEY* _pkey, const string& _str);

-    static void   verifySig(EVP_PKEY* _pubkey, const string& _str, const string _sig);
+    static void   verifySig(EVP_PKEY* _pubkey, const string& _str, const string& _sig);

    string blsSignMessageHash(const std::string &keyShareName, const std::string &messageHash, int t, int n);


--- a/ZMQMessage.cpp
+++ b/ZMQMessage.cpp
@@ -51,10 +51,9 @@ string ZMQMessage::getStringRapid(const char *_name) {
 };


-
-
-shared_ptr <ZMQMessage> ZMQMessage::parse(const char* _msg,
-                                          size_t _size, bool _isRequest) {
+shared_ptr <ZMQMessage> ZMQMessage::parse(const char *_msg,
+                                          size_t _size, bool _isRequest,
+                                          bool _verifySig) {

    CHECK_STATE(_msg);
    CHECK_STATE(_size > 5);
@@ -76,13 +75,15 @@ shared_ptr <ZMQMessage> ZMQMessage::parse(const char* _msg,
    CHECK_STATE((*d)["type"].IsString());
    string type = (*d)["type"].GetString();

-    if (d->HasMember("cert")) {
+    if (_verifySig) {
+        CHECK_STATE(d->HasMember("cert"));
+        CHECK_STATE(d->HasMember("msgSig"));
        CHECK_STATE((*d)["cert"].IsString());
        auto cert = make_shared<string>((*d)["cert"].GetString());

        string hash = cryptlite::sha256::hash_hex(*cert);

-        auto filepath  = "/tmp/sgx_wallet_cert_hash_" + hash;
+        auto filepath = "/tmp/sgx_wallet_cert_hash_" + hash;

        std::ofstream outFile(filepath);

@@ -90,26 +91,47 @@ shared_ptr <ZMQMessage> ZMQMessage::parse(const char* _msg,

        outFile.close();

+        static recursive_mutex m;

-        if (!verifiedCerts.exists(*cert)) {
-            CHECK_STATE(SGXWalletServer::verifyCert(filepath));
+        EVP_PKEY *publicKey = nullptr;

-            auto handles = ZMQClient::readPublicKeyFromCertStr(*cert);
-            CHECK_STATE(handles.first);
-            CHECK_STATE(handles.second);
+        {
+            lock_guard <recursive_mutex> lock(m);

-            verifiedCerts.put(*cert, handles);
-            remove(cert->c_str());
-        }
+            if (!verifiedCerts.exists(*cert)) {
+                CHECK_STATE(SGXWalletServer::verifyCert(filepath));
+                auto handles = ZMQClient::readPublicKeyFromCertStr(*cert);
+                CHECK_STATE(handles.first);
+                CHECK_STATE(handles.second);

-    }
+                verifiedCerts.put(*cert, handles);
+                remove(cert->c_str());
+            }
+
+            publicKey = verifiedCerts.get(*cert).first;
+
+            CHECK_STATE(publicKey);
+
+            CHECK_STATE((*d)["msgSig"].IsString());
+            auto msgSig = make_shared<string>((*d)["msgSig"].GetString());
+            cerr << "Got msgSig:" << msgSig << endl;
+
+            d->RemoveMember("msgSig");

-    if (d->HasMember("msgSig")) {
-        CHECK_STATE((*d)["msgSig"].IsString());
-        auto msgSig = make_shared<string>((*d)["msgSig"].GetString());
-        cerr << "Got msgSig:" << msgSig << endl;
+            rapidjson::StringBuffer buffer;
+
+            rapidjson::Writer<rapidjson::StringBuffer> w(buffer);
+
+            d->Accept(w);
+
+            auto msgToVerify = buffer.GetString();
+
+            ZMQClient::verifySig(publicKey,msgToVerify, *msgSig );
+
+        }
    }

+
    shared_ptr <ZMQMessage> result;

    if (_isRequest) {
@@ -119,7 +141,7 @@ shared_ptr <ZMQMessage> ZMQMessage::parse(const char* _msg,
    }
 }

-shared_ptr <ZMQMessage> ZMQMessage::buildRequest(string& _type, shared_ptr<rapidjson::Document> _d) {
+shared_ptr <ZMQMessage> ZMQMessage::buildRequest(string &_type, shared_ptr <rapidjson::Document> _d) {
    if (_type == ZMQMessage::BLS_SIGN_REQ) {
        return make_shared<BLSSignReqMessage>(_d);
    } else if (_type == ZMQMessage::ECDSA_SIGN_REQ) {
@@ -127,11 +149,11 @@ shared_ptr <ZMQMessage> ZMQMessage::buildRequest(string& _type, shared_ptr<rapid
                make_shared<ECDSASignReqMessage>(_d);
    } else {
        BOOST_THROW_EXCEPTION(SGXException(-301, "Incorrect zmq message type: " +
-                                     string(_type)));
+                                                 string(_type)));
    }
 }

-shared_ptr <ZMQMessage> ZMQMessage::buildResponse(string& _type, shared_ptr<rapidjson::Document> _d) {
+shared_ptr <ZMQMessage> ZMQMessage::buildResponse(string &_type, shared_ptr <rapidjson::Document> _d) {
    if (_type == ZMQMessage::BLS_SIGN_RSP) {
        return
                make_shared<BLSSignRspMessage>(_d);
@@ -145,4 +167,5 @@ shared_ptr <ZMQMessage> ZMQMessage::buildResponse(string& _type, shared_ptr<rapi
    }
 }

-cache::lru_cache<string, pair<EVP_PKEY*, X509*>> ZMQMessage::verifiedCerts(256);
\ No newline at end of file
+cache::lru_cache<string, pair < EVP_PKEY * , X509 *>>
+ZMQMessage::verifiedCerts(256);
\ No newline at end of file
--- a/ZMQMessage.h
+++ b/ZMQMessage.h
@@ -38,6 +38,9 @@
 #include "abstractstubserver.h"

 #include "document.h"
+#include "stringbuffer.h"
+#include "writer.h"
+
 #include "SGXException.h"

 using namespace std;
@@ -54,7 +57,6 @@ protected:

 public:

-    void verifySig();

    static constexpr const char *BLS_SIGN_REQ = "BLSSignReq";
    static constexpr const char *BLS_SIGN_RSP = "BLSSignRsp";
@@ -72,8 +74,8 @@ public:
        return getUint64Rapid("status");
    }

-    static shared_ptr<ZMQMessage> parse(vector<uint8_t> &_msg, bool _isRequest);
-    static shared_ptr <ZMQMessage> parse(const char* _msg, size_t _size, bool _isRequest);
+    static shared_ptr <ZMQMessage> parse(const char* _msg, size_t _size, bool _isRequest,
+                                         bool _verifySig);

    static shared_ptr<ZMQMessage> buildRequest(string& type, shared_ptr<rapidjson::Document> _d);
    static shared_ptr<ZMQMessage> buildResponse(string& type, shared_ptr<rapidjson::Document> _d);