Use hsm-crypto v1.0.0 (FISCO-BCOS#1929)

* add log show use hardware or software crypto * rename sdf to hsm * use hsm-crypto v1.0.0
hnustyangjieyu · May 7, 2021 · fdf3751 · fdf3751
1 parent 923f1df
commit fdf3751
Show file tree

Hide file tree

Showing 11 changed files with 94 additions and 64 deletions.
diff --git a/cmake/Options.cmake b/cmake/Options.cmake
@@ -77,8 +77,8 @@ macro(configure_project)
     # hardware crypto sdf interface
     eth_default_option(USE_HSM_SDF OFF)
     if(USE_HSM_SDF)
-        if(NOT "${ARCHITECTURE}" MATCHES "aarch64")
-            message(FATAL "${CMAKE_SYSTEM_NAME} ${ARCHITECTURE} does not support compiling hardware secure module")
+        if(NOT "${CMAKE_SYSTEM_NAME}" MATCHES "Linux")
+            message(FATAL "${CMAKE_SYSTEM_NAME} ${ARCHITECTURE} does not support by hardware secure module")
         endif()
         add_definitions(-DFISCO_SDF)
     endif()

diff --git a/cmake/ProjectSDF.cmake b/cmake/ProjectSDF.cmake
@@ -20,23 +20,19 @@
 include(ExternalProject)
 
 if("${CMAKE_HOST_SYSTEM_NAME}" MATCHES "Linux")
-    if("${ARCHITECTURE}" MATCHES "aarch64")
-        set(SDF_LIB_NAME libsdf-crypto_arm.a)
-    else()
-        message(FATAL "HSM  SDF only support aarch64 Linux, the ${CMAKE_HOST_SYSTEM_NAME} ${ARCHITECTURE} is not supported.")
-    endif()
+    set(SDF_LIB_NAME libsdf-crypto_arm.a)
 elseif(APPLE)
-    message(FATAL "HSM  SDF only support aarch64 Linux, the ${CMAKE_HOST_SYSTEM_NAME} ${ARCHITECTURE} is not supported.")
+    message(FATAL "HSM  SDF only support Linux, the ${CMAKE_HOST_SYSTEM_NAME} ${ARCHITECTURE} is not supported.")
 else()
-    message(FATAL "HSM  SDF only support aarch64 Linux, the ${CMAKE_HOST_SYSTEM_NAME} ${ARCHITECTURE} is not supported.")
+    message(FATAL "HSM  SDF only support Linux, the ${CMAKE_HOST_SYSTEM_NAME} ${ARCHITECTURE} is not supported.")
 endif()
 
 ExternalProject_Add(libsdf
     PREFIX ${CMAKE_SOURCE_DIR}/deps
-    DOWNLOAD_NAME sdf.tar.gz
+    DOWNLOAD_NAME sdf.zip
     DOWNLOAD_NO_PROGRESS 1
-    URL https://github.com/WeBankBlockchain/sdf-crypto/archive/refs/tags/V0.1.1.tar.gz
-    URL_HASH SHA256=dc4b7c919f5f5e59f55869e75b828744f4ea8e01391ad4e777f698c3a76b4fb6
+    URL https://github.com/WeBankBlockchain/hsm-crypto/archive/refs/heads/v1.0.0.zip   
+    URL_HASH SHA256=eee9f05add9b590f7f9c1ec86fee6e841b4bb08a94cc2ffeaebed306118940f7
     BUILD_IN_SOURCE 1
     LOG_CONFIGURE 1
     LOG_BUILD 1
@@ -49,12 +45,13 @@ ExternalProject_Add(libsdf
 ExternalProject_Get_Property(libsdf SOURCE_DIR)
 add_library(SDF STATIC IMPORTED)
 
-set(SDF_INCLUDE_DIR ${SOURCE_DIR}/include)
+set(HSM_INCLUDE_DIR ${SOURCE_DIR}/include)
+set(SDF_INCLUDE_DIR ${SOURCE_DIR}/include/sdf)
 file(MAKE_DIRECTORY ${SDF_INCLUDE_DIR})  # Must exist.
 
 set(SDF_LIB "${SOURCE_DIR}/lib/libsdf-crypto_arm.a")
 
 set_property(TARGET SDF PROPERTY IMPORTED_LOCATION ${SDF_LIB})
-set_property(TARGET SDF PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${SDF_INCLUDE_DIR})
+set_property(TARGET SDF PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${HSM_INCLUDE_DIR} ${SDF_INCLUDE_DIR})
 add_dependencies(SDF libsdf)
 unset(SOURCE_DIR)
diff --git a/fisco-bcos/crypto/mini-crypto.cpp b/fisco-bcos/crypto/mini-crypto.cpp
@@ -26,8 +26,8 @@
 #include <libdevcrypto/Hash.h>
 #include <libdevcrypto/SM2Signature.h>
 #include <libdevcrypto/SM3Hash.h>
-#include <libdevcrypto/sdf/SDFSM2Signature.h>
-#include <libdevcrypto/sdf/SDFSM3Hash.h>
+#include <libdevcrypto/hsm/HSMHash.h>
+#include <libdevcrypto/hsm/HSMSignature.h>
 using namespace dev::crypto;
 using namespace dev;
 int main(int, const char* argv[])
@@ -42,7 +42,7 @@ int main(int, const char* argv[])
     KeyPair kp = KeyPair::create();
 
     std::string pubHex = toHex(kp.pub().data(), kp.pub().data() + 64, "04");
-    h256 h(fromHex("0x68b5bae5fe19851624298fd1e9b4d788627ac27c13aad3240102ffd292a17911"));
+    h256 h(dev::fromHex("0x68b5bae5fe19851624298fd1e9b4d788627ac27c13aad3240102ffd292a17911"));
     std::shared_ptr<crypto::Signature> swResult = sm2Sign(kp, h);
     std::shared_ptr<crypto::Signature> sdfResult = SDFSM2Sign(kp, h);
     bool result1 = sm2Verify(kp.pub(), swResult, h);

diff --git a/libdevcrypto/CMakeLists.txt b/libdevcrypto/CMakeLists.txt
@@ -11,8 +11,8 @@ aux_source_directory(./sm4 SRC_LIST)
 include_directories(./sm4)
 
 if (USE_HSM_SDF)
-aux_source_directory(./sdf SRC_LIST)
-include_directories(./sdf)
+aux_source_directory(./hsm SRC_LIST)
+include_directories(./hsm)
 endif()
 
 add_library(devcrypto ${SRC_LIST} ${HEADERS})

diff --git a/libdevcrypto/CryptoInterface.cpp b/libdevcrypto/CryptoInterface.cpp
@@ -30,9 +30,9 @@
 #include "libdevcore/Log.h"
 #include "libdevcore/RLP.h"
 #if FISCO_SDF
-#include "sdf/SDFSM2Signature.h"
-#include "sdf/SDFSM3Hash.h"
-#include "sdf/SDFSM4Crypto.h"
+#include "hsm/HSMCrypto.h"
+#include "hsm/HSMHash.h"
+#include "hsm/HSMSignature.h"
 #endif
 #include <libconfig/GlobalConfigure.h>
 #define CRYPTO_LOG(LEVEL) LOG(LEVEL) << "[CRYPTO] "
@@ -58,7 +58,7 @@ std::function<std::shared_ptr<crypto::Signature>(RLP const& _rlp, size_t _start)
 std::function<std::shared_ptr<crypto::Signature>(std::vector<unsigned char>)>
     dev::crypto::SignatureFromBytes = ecdsaSignatureFromBytes;
 
-std::function<std::shared_ptr<crypto::Signature>(KeyPair const& _keyPair, const h256& _hash)>
+std::function<std::shared_ptr<crypto::Signature>(dev::KeyPair const& _keyPair, const h256& _hash)>
     dev::crypto::Sign = ecdsaSign;
 std::function<bool(h512 const& _pubKey, std::shared_ptr<crypto::Signature> _sig, const h256& _hash)>
     dev::crypto::Verify = ecdsaVerify;

diff --git a/libdevcrypto/sdf/SDFSM4Crypto.cpp → libdevcrypto/hsm/HSMCrypto.cpp b/libdevcrypto/sdf/SDFSM4Crypto.cpp → libdevcrypto/hsm/HSMCrypto.cpp
@@ -18,16 +18,22 @@
  * @author maggie
  * @date 2021-04-02
  */
-#include "SDFSM4Crypto.h"
-#include "SDFCryptoProvider.h"
+#include "HSMCrypto.h"
+#include "CryptoProvider.h"
 #include "libdevcore/Common.h"
+#include "sdf/SDFCryptoProvider.h"
 
 using namespace std;
 using namespace dev;
 using namespace crypto;
 
+#if FISCO_SDF
+using namespace hsm;
+using namespace hsm::sdf;
+#endif
+
 std::string dev::crypto::SDFSM4Encrypt(const unsigned char* _plainData, size_t _plainDataSize,
-    const unsigned char* _key, size_t _keySize, const unsigned char* _ivData)
+    const unsigned char* _key, size_t, const unsigned char* _ivData)
 {
     // Add padding
     int padding = _plainDataSize % 16;
@@ -38,8 +44,10 @@ std::string dev::crypto::SDFSM4Encrypt(const unsigned char* _plainData, size_t _
     memset(inDataV.data() + _plainDataSize, nSize, nSize);
     // Encrypt
     Key key = Key();
-    key.setPrivateKey((unsigned char*)_key, _keySize);
-    SDFCryptoProvider& provider = SDFCryptoProvider::GetInstance();
+    std::shared_ptr<const std::vector<byte>> pbKeyValue =
+        std::make_shared<const std::vector<byte>>(_key, _key + 32);
+    key.setSymmetricKey(pbKeyValue);
+    CryptoProvider& provider = SDFCryptoProvider::GetInstance();
     unsigned int size;
     string enData;
     enData.resize(inDataVLen);
@@ -48,13 +56,15 @@ std::string dev::crypto::SDFSM4Encrypt(const unsigned char* _plainData, size_t _
     return enData;
 }
 std::string dev::crypto::SDFSM4Decrypt(const unsigned char* _cypherData, size_t _cypherDataSize,
-    const unsigned char* _key, size_t _keySize, const unsigned char* _ivData)
+    const unsigned char* _key, size_t, const unsigned char* _ivData)
 {
     string deData;
     deData.resize(_cypherDataSize);
     Key key = Key();
-    key.setPrivateKey((unsigned char*)_key, _keySize);
-    SDFCryptoProvider& provider = SDFCryptoProvider::GetInstance();
+    std::shared_ptr<const std::vector<byte>> pbKeyValue =
+        std::make_shared<const std::vector<byte>>(_key, _key + 32);
+    key.setSymmetricKey(pbKeyValue);
+    CryptoProvider& provider = SDFCryptoProvider::GetInstance();
     unsigned int size;
     provider.Decrypt(key, SM4_CBC, (unsigned char*)_ivData, _cypherData, _cypherDataSize,
         (unsigned char*)deData.data(), &size);

diff --git a/libdevcrypto/sdf/SDFSM4Crypto.h → libdevcrypto/hsm/HSMCrypto.h b/libdevcrypto/sdf/SDFSM4Crypto.h → libdevcrypto/hsm/HSMCrypto.h
diff --git a/libdevcrypto/sdf/SDFSM3Hash.cpp → libdevcrypto/hsm/HSMHash.cpp b/libdevcrypto/sdf/SDFSM3Hash.cpp → libdevcrypto/hsm/HSMHash.cpp
@@ -19,22 +19,27 @@
  * @date 2021-02-01
  */
 
-#include "SDFSM3Hash.h"
-#include "SDFCryptoProvider.h"
+#include "HSMHash.h"
+#include "CryptoProvider.h"
+#include "sdf/SDFCryptoProvider.h"
 #include <libdevcore/FixedHash.h>
 using namespace std;
 using namespace dev;
 using namespace dev::crypto;
+#if FISCO_SDF
+using namespace hsm;
+using namespace hsm::sdf;
+#endif
 
 unsigned int dev::crypto::SDFSM3(bytesConstRef _input, bytesRef o_output)
 {
     // FIXME: What with unaligned memory?
     if (o_output.size() != 32)
         return false;
     // get provider
-    SDFCryptoProvider& provider = SDFCryptoProvider::GetInstance();
+    CryptoProvider& provider = SDFCryptoProvider::GetInstance();
     unsigned int uiHashResultLen;
-    unsigned int code = provider.Hash(nullptr, SM3, _input.data(), _input.size(),
-        (unsigned char*)o_output.data(), &uiHashResultLen);
+    unsigned int code = provider.Hash(nullptr, SM3, (const unsigned char*)_input.data(),
+        _input.size(), (unsigned char*)o_output.data(), &uiHashResultLen);
     return code;
 }
diff --git a/libdevcrypto/sdf/SDFSM3Hash.h → libdevcrypto/hsm/HSMHash.h b/libdevcrypto/sdf/SDFSM3Hash.h → libdevcrypto/hsm/HSMHash.h
@@ -20,11 +20,16 @@
  */
 
 #pragma once
-#include "SDFCryptoProvider.h"
+#include "CryptoProvider.h"
 #include "csmsds.h"
+#include "sdf/SDFCryptoProvider.h"
 #include <libdevcore/FixedHash.h>
 #include <libdevcore/vector_ref.h>
 #include <string>
+#if FISCO_SDF
+using namespace hsm;
+using namespace hsm::sdf;
+#endif
 
 namespace dev
 {
@@ -36,11 +41,12 @@ inline h256 SDFSM3(bytesSec const& _input);
 /// Calculate SM3-256 hash of the given input, returning as a 256-bit hash.
 inline h256 SDFSM3(bytesConstRef _input)
 {
+    CryptoProvider& provider = SDFCryptoProvider::GetInstance();
     h256 ret;
     unsigned int code = SDFSM3(_input, ret.ref());
     if (code != SDR_OK)
     {
-        throw SDFCryptoProvider::GetErrorMessage(code);
+        throw provider.GetErrorMessage(code);
     }
     return ret;
 }

diff --git a/libdevcrypto/sdf/SDFSM2Signature.cpp → libdevcrypto/hsm/HSMSignature.cpp b/libdevcrypto/sdf/SDFSM2Signature.cpp → libdevcrypto/hsm/HSMSignature.cpp
@@ -18,30 +18,35 @@
  * @author maggiewu
  * @date 2021-02-01
  */
-#include "SDFSM2Signature.h"
-#include "SDFCryptoProvider.h"
+#include "HSMSignature.h"
+#include "CryptoProvider.h"
 #include "csmsds.h"
 #include "libdevcore/Common.h"
 #include "libdevcore/FixedHash.h"
 #include "libdevcrypto/Common.h"
 #include "libdevcrypto/SM2Signature.h"
 #include "libdevcrypto/sm2/sm2.h"
+#include "sdf/SDFCryptoProvider.h"
+#include <memory>
+#include <vector>
 
 using namespace std;
 using namespace dev;
 using namespace dev::crypto;
+#if FISCO_SDF
+using namespace hsm;
+using namespace hsm::sdf;
+#endif
 
 std::shared_ptr<crypto::Signature> dev::crypto::SDFSM2Sign(
     KeyPair const& _keyPair, const h256& _hash)
 {
-    SDFCryptoProvider& provider = SDFCryptoProvider::GetInstance();
-    unsigned char signature[64];
-    unsigned int signLen;
+    CryptoProvider& provider = SDFCryptoProvider::GetInstance();
     Key key = Key();
-    key.setPrivateKey((unsigned char*)_keyPair.secret().ref().data(), 32);
-    key.setPublicKey((unsigned char*)_keyPair.pub().ref().data(), 64);
-    h256 privk((byte const*)key.PrivateKey(),
-        FixedHash<32>::ConstructFromPointerType::ConstructFromPointer);
+    std::shared_ptr<const vector<byte>> privKey = std::make_shared<const std::vector<byte>>(
+        (byte*)_keyPair.secret().data(), (byte*)_keyPair.secret().data() + 32);
+    key.setPrivateKey(privKey);
+    std::vector<byte> signature(64);
 
     // According to the SM2 standard
     // step 1 : calculate M' = Za || M
@@ -53,30 +58,34 @@ std::shared_ptr<crypto::Signature> dev::crypto::SDFSM2Sign(
     unsigned char zValue[SM3_DIGEST_LENGTH];
     size_t zValueLen = SM3_DIGEST_LENGTH;
     std::string pubHex = toHex(_keyPair.pub().ref().data(), _keyPair.pub().ref().data() + 64, "04");
-    bool getZ = SM2::sm2GetZFromPublicKey(pubHex,zValue,zValueLen);
-    if(!getZ){
+    bool getZ = SM2::sm2GetZFromPublicKey(pubHex, zValue, zValueLen);
+    if (!getZ)
+    {
         CRYPTO_LOG(ERROR) << "[SM2::veify] ERROR of compute z" << LOG_KV("pubKey", pubHex);
         return nullptr;
     }
 
     // step 2 : e = H(M')
     unsigned char hashResult[SM3_DIGEST_LENGTH];
     unsigned int uiHashResultLen;
-    unsigned int code = provider.HashWithZ(nullptr, SM3, zValue, zValueLen, _hash.data(),
+    unsigned int code = provider.HashWithZ(nullptr, hsm::SM3, zValue, zValueLen, _hash.data(),
         SM3_DIGEST_LENGTH, (unsigned char*)hashResult, &uiHashResultLen);
     if (code != SDR_OK)
     {
         throw provider.GetErrorMessage(code);
     }
 
     // step 3 : signature = Sign(e)
-    code = provider.Sign(key, SM2, (const unsigned char*)hashResult, 32, signature, &signLen);
+    unsigned int signLen;
+    code = provider.Sign(
+        key, hsm::SM2, (const unsigned char*)hashResult, 32, signature.data(), &signLen);
     if (code != SDR_OK)
     {
         throw provider.GetErrorMessage(code);
     }
-    h256 r((byte const*)signature, FixedHash<32>::ConstructFromPointerType::ConstructFromPointer);
-    h256 s((byte const*)(signature + 32),
+    h256 r((byte const*)signature.data(),
+        FixedHash<32>::ConstructFromPointerType::ConstructFromPointer);
+    h256 s((byte const*)(signature.data() + 32),
         FixedHash<32>::ConstructFromPointerType::ConstructFromPointer);
     return make_shared<SM2Signature>(r, s, _keyPair.pub());
 }
@@ -85,34 +94,37 @@ bool dev::crypto::SDFSM2Verify(
     h512 const& _pubKey, std::shared_ptr<crypto::Signature> _sig, const h256& _hash)
 {
     // get provider
-    SDFCryptoProvider& provider = SDFCryptoProvider::GetInstance();
+    CryptoProvider& provider = SDFCryptoProvider::GetInstance();
 
     // parse input
     Key key = Key();
-    key.setPublicKey((unsigned char*)_pubKey.ref().data(), 64);
+    std::shared_ptr<const vector<byte>> pubKey = std::make_shared<const std::vector<byte>>(
+        (byte*)_pubKey.ref().data(), (byte*)_pubKey.ref().data() + 64);
+    key.setPublicKey(pubKey);
     bool verifyResult = false;
 
     // Get Z
     unsigned char zValue[SM3_DIGEST_LENGTH];
     size_t zValueLen = SM3_DIGEST_LENGTH;
     std::string pubHex = toHex(_pubKey.data(), _pubKey.data() + 64, "04");
-    bool getZ = SM2::sm2GetZFromPublicKey(pubHex,zValue,zValueLen);
-    if(!getZ){
+    bool getZ = SM2::sm2GetZFromPublicKey(pubHex, zValue, zValueLen);
+    if (!getZ)
+    {
         CRYPTO_LOG(ERROR) << "[SM2::veify] ERROR of compute z" << LOG_KV("pubKey", pubHex);
         return false;
     }
 
-    unsigned char hashResult[SM3_DIGEST_LENGTH];
+    vector<byte> hashResult(SM3_DIGEST_LENGTH);
     unsigned int uiHashResultLen;
-    unsigned int code = provider.HashWithZ(nullptr, SM3, zValue, zValueLen, _hash.data(),
-        SM3_DIGEST_LENGTH, (unsigned char*)hashResult, &uiHashResultLen);
+    unsigned int code = provider.HashWithZ(nullptr, hsm::SM3, zValue, zValueLen, _hash.data(),
+        SM3_DIGEST_LENGTH, (unsigned char*)hashResult.data(), &uiHashResultLen);
     if (code != SDR_OK)
     {
         throw provider.GetErrorMessage(code);
     }
 
-    code = provider.Verify(
-        key, SM2, (const unsigned char*)hashResult, 32, _sig->asBytes().data(), 64, &verifyResult);
+    code = provider.Verify(key, hsm::SM2, (const unsigned char*)hashResult.data(),
+        SM3_DIGEST_LENGTH, _sig->asBytes().data(), 64, &verifyResult);
 
     if (code == SDR_OK)
     {

diff --git a/libdevcrypto/sdf/SDFSM2Signature.h → libdevcrypto/hsm/HSMSignature.h b/libdevcrypto/sdf/SDFSM2Signature.h → libdevcrypto/hsm/HSMSignature.h
@@ -21,12 +21,12 @@
 
 #pragma once
 #include "libdevcore/RLP.h"
+#include "libdevcrypto/Common.h"
 #include "libdevcrypto/Signature.h"
-#include <vector>
 
+#include <vector>
 namespace dev
 {
-class KeyPair;
 namespace crypto
 {
 std::shared_ptr<crypto::Signature> SDFSM2Sign(KeyPair const& _keyPair, const h256& _hash);