microsoft · achamayou · Sep 11, 2024 · Aug 27, 2024 · Aug 28, 2024 · Aug 28, 2024
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -93,3 +93,98 @@ jobs:
             build/workspace/*/err
           if-no-files-found: ignore
         if: success() || failure()
+
+  scan_build:
+    name: "Scan build"
+    runs-on: [self-hosted, 1ES.Pool=gha-virtual-ccf-sub]
+    container:
+      image: ghcr.io/microsoft/ccf/ci/default:build-25-07-2024
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: "Run scan"
+        run: |
+          set -x
+          mkdir build
+          cd build
+          ../scripts/scan-build.sh
+
+  long-asan:
+    name: ASAN
+    runs-on: [self-hosted, 1ES.Pool=gha-virtual-ccf-sub]
+    container:
+      image: ghcr.io/microsoft/ccf/ci/default:build-25-07-2024
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: "Install deps"
+        run: |
+          sudo apt-get -y update
+          sudo apt install ansible -y
+          cd getting_started/setup_vm
+          ansible-playbook ccf-extended-testing.yml
+
+      - name: "Build"
+        run: |
+          git config --global --add safe.directory "$GITHUB_WORKSPACE"
+          mkdir build
+          cd build
+          cmake -GNinja -DCOMPILE_TARGET=virtual -DCMAKE_BUILD_TYPE=Debug -DLONG_TESTS=ON -DLVI_MITIGATIONS=OFF -DSAN=ON ..
+          ninja
+
+      - name: "Test"
+        run: |
+          set +x
+          cd build
+          ./tests.sh --output-on-failure --timeout 1600 -LE "benchmark"
+
+      - name: "Upload logs"
+        if: success() || failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: logs-asan
+          path: |
+            build/workspace/*/*.config.json
+            build/workspace/*/out
+            build/workspace/*/err
+          if-no-files-found: ignore
+
+  long-tsan:
+    name: TSAN
+    runs-on: [self-hosted, 1ES.Pool=gha-virtual-ccf-sub]
+    container:
+      image: ghcr.io/microsoft/ccf/ci/default:build-25-07-2024
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: "Build"
+        run: |
+          git config --global --add safe.directory /__w/CCF/CCF
+          mkdir build
+          cd build
+          cmake -GNinja -DCOMPILE_TARGET=virtual -DCMAKE_BUILD_TYPE=Debug -DLONG_TESTS=ON -DLVI_MITIGATIONS=OFF -DTSAN=ON -DWORKER_THREADS=2 ..
+          ninja
+
+      - name: "Test"
+        run: |
+          set +x
+          cd build
+          ./tests.sh --output-on-failure --timeout 1600 -LE "benchmark"
+
+      - name: "Upload logs"
+        if: success() || failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: logs-tsan
+          path: |
+            build/workspace/*/*.config.json
+            build/workspace/*/out
+            build/workspace/*/err
+          if-no-files-found: ignore
@@ -471,6 +471,19 @@ Signatures emitted by the primary node at regular interval, over the root of the
    :project: CCF
    :members:
 
+``cose_signatures``
+~~~~~~~~~~~~~~
+
+COSE signatures emitted by the primary node over the root of the Merkle Tree at that sequence number.
+
+**Key** Sentinel value 0, represented as a little-endian 64-bit unsigned integer.
+
+**Value**
+
+.. doxygenstruct:: ccf::CoseSignature
+   :project: CCF
+   :members:
+
 ``recovery_shares``
 ~~~~~~~~~~~~~~~~~~~
 

@@ -17,6 +17,8 @@ namespace ccf::crypto
     virtual bool verify(
       const std::span<const uint8_t>& buf,
       std::span<uint8_t>& authned_content) const = 0;
+    virtual bool verify_detached(
+      std::span<const uint8_t> buf, std::span<const uint8_t> payload) const = 0;
     virtual ~COSEVerifier() = default;
   };
 

@@ -174,6 +174,21 @@ def create_cose_sign1_finish(
     return msg.encode(sign=False)
 
 
+def validate_cose_sign1(payload: bytes, cert_pem: Pem, cose_sign1: bytes):
+    cert = load_pem_x509_certificate(cert_pem.encode("ascii"), default_backend())
+    if not isinstance(cert.public_key(), EllipticCurvePublicKey):
+        raise NotImplementedError("unsupported key type")
+
+    key = cert.public_key()
+    cose_key = from_cryptography_eckey_obj(key)
+    msg = Sign1Message.decode(cose_sign1)
+    msg.key = cose_key
+    msg.payload = payload
+
+    if not msg.verify_signature():
+        raise ValueError("signature is invalid")
+
+
 _SIGN_DESCRIPTION = """Create and sign a COSE Sign1 message for CCF governance
 
 Note that this tool writes binary COSE Sign1 to standard output.

@@ -20,6 +20,7 @@
 
 from ccf.merkletree import MerkleTree
 from ccf.tx_id import TxID
+from ccf.cose import validate_cose_sign1
 import ccf.receipt
 from hashlib import sha256
 import functools
@@ -31,6 +32,7 @@
 
 # Public table names as defined in CCF
 SIGNATURE_TX_TABLE_NAME = "public:ccf.internal.signatures"
+COSE_SIGNATURE_TX_TABLE_NAME = "public:ccf.internal.cose_signatures"
 NODES_TABLE_NAME = "public:ccf.gov.nodes.info"
 ENDORSED_NODE_CERTIFICATES_TABLE_NAME = "public:ccf.gov.nodes.endorsed_certificates"
 SERVICE_INFO_TABLE_NAME = "public:ccf.gov.service.info"
@@ -389,6 +391,7 @@ def __init__(self, accept_deprecated_entry_types: bool = True):
         self.last_verified_view = 0
 
         self.service_status = None
+        self.service_cert = None
 
     def last_verified_txid(self) -> TxID:
         return TxID(self.last_verified_view, self.last_verified_seqno)
@@ -509,6 +512,14 @@ def add_transaction(self, transaction):
             else:
                 assert self.service_status is None, self.service_status
             self.service_status = updated_status
+            self.service_cert = updated_service_json["cert"]
+
+        if COSE_SIGNATURE_TX_TABLE_NAME in tables:
+            cose_signature_table = tables[COSE_SIGNATURE_TX_TABLE_NAME]
+            cose_signature = cose_signature_table.get(WELL_KNOWN_SINGLETON_TABLE_KEY)
+            signature = json.loads(cose_signature)
+            cose_sign1 = base64.b64decode(signature["sig"])
+            self._verify_root_cose_signature(self.merkle.get_merkle_root(), cose_sign1)
 
         # Checks complete, add this transaction to tree
         self.merkle.add_leaf(transaction.get_tx_digest(), False)
@@ -558,6 +569,18 @@ def _verify_root_signature(self, tx_info: TxBundleInfo):
                 + f"\nRoot: {tx_info.existing_root.hex()}"
             ) from InvalidSignature
 
+    def _verify_root_cose_signature(self, root, cose_sign1):
+        try:
+            validate_cose_sign1(
+                payload=root, cert_pem=self.service_cert, cose_sign1=cose_sign1
+            )
+        except Exception as exc:
+            raise InvalidRootCoseSignatureException(
+                "Signature verification failed:"
+                + f"\nCertificate: {self.service_cert}"
+                + f"\nRoot: {root}"
+            ) from exc
+
     def _verify_merkle_root(self, merkletree: MerkleTree, existing_root: bytes):
         """Verify item 3, by comparing the roots from the merkle tree that's maintained by this class and from the one extracted from the ledger"""
         root = merkletree.get_merkle_root()
@@ -1061,6 +1084,10 @@ class InvalidRootSignatureException(Exception):
     """Signature of the MerkleRoot doesn't match with the signature that's reported in the signature's table"""
 
 
+class InvalidRootCoseSignatureException(Exception):
+    """COSE signature of the MerkleRoot doesn't pass COSE verification"""
+
+
 class CommitIdRangeException(Exception):
     """Missing ledger chunk in the ledger directory"""
 

@@ -6,15 +6,11 @@
 #include "ccf/ds/logger.h"
 
 #include <openssl/evp.h>
-#include <t_cose/t_cose_sign1_sign.h>
 
 namespace
 {
-  constexpr int64_t COSE_HEADER_PARAM_ALG =
-    1; // Duplicate of t_cose::COSE_HEADER_PARAM_ALG to keep it compatible.
-
   size_t estimate_buffer_size(
-    const ccf::crypto::COSEProtectedHeaders& protected_headers,
+    const std::vector<ccf::crypto::COSEParametersFactory>& protected_headers,
     std::span<const uint8_t> payload)
   {
     size_t result =
@@ -28,8 +24,8 @@ namespace
       protected_headers.begin(),
       protected_headers.end(),
       result,
-      [](auto result, const auto& kv) {
-        return result + sizeof(kv.first) + kv.second.size();
+      [](auto result, const auto& factory) {
+        return result + factory.estimated_size();
       });
 
     return result + payload.size();
@@ -38,20 +34,20 @@ namespace
   void encode_protected_headers(
     t_cose_sign1_sign_ctx* ctx,
     QCBOREncodeContext* encode_ctx,
-    const ccf::crypto::COSEProtectedHeaders& protected_headers)
+    const std::vector<ccf::crypto::COSEParametersFactory>& protected_headers)
   {
     QCBOREncode_BstrWrap(encode_ctx);
     QCBOREncode_OpenMap(encode_ctx);
 
     // This's what the t_cose implementation of `encode_protected_parameters`
     // sets unconditionally.
     QCBOREncode_AddInt64ToMapN(
-      encode_ctx, COSE_HEADER_PARAM_ALG, ctx->cose_algorithm_id);
+      encode_ctx, ccf::crypto::COSE_PHEADER_KEY_ALG, ctx->cose_algorithm_id);
 
     // Caller-provided headers follow
-    for (const auto& [label, value] : protected_headers)
+    for (const auto& factory : protected_headers)
     {
-      QCBOREncode_AddSZStringToMapN(encode_ctx, label, value.c_str());
+      factory.apply(encode_ctx);
     }
 
     QCBOREncode_CloseMap(encode_ctx);
@@ -68,7 +64,7 @@ namespace
   void encode_parameters_custom(
     struct t_cose_sign1_sign_ctx* me,
     QCBOREncodeContext* cbor_encode,
-    const ccf::crypto::COSEProtectedHeaders& protected_headers)
+    const std::vector<ccf::crypto::COSEParametersFactory>& protected_headers)
   {
     QCBOREncode_AddTag(cbor_encode, CBOR_TAG_COSE_SIGN1);
     QCBOREncode_OpenArray(cbor_encode);
@@ -83,9 +79,83 @@ namespace
 
 namespace ccf::crypto
 {
+  std::optional<int> key_to_cose_alg_id(ccf::crypto::PublicKey_OpenSSL& key)
+  {
+    const auto cid = key.get_curve_id();
+    switch (cid)
+    {
+      case ccf::crypto::CurveID::SECP256K1:
+      case ccf::crypto::CurveID::SECP256R1:
+        std::cout << "Return ES256" << std::endl;
+        return T_COSE_ALGORITHM_ES256;
+      case ccf::crypto::CurveID::SECP384R1:
+        std::cout << "Return ES384" << std::endl;
+        return T_COSE_ALGORITHM_ES384;
+      default:
+        return std::nullopt;
+    }
+  }
+
+  COSEParametersFactory cose_params_int_int(int64_t key, int64_t value)
+  {
+    const size_t args_size = sizeof(key) + sizeof(value);
+    return COSEParametersFactory(
+      [=](QCBOREncodeContext* ctx) {
+        QCBOREncode_AddInt64ToMapN(ctx, key, value);
+      },
+      args_size);
+  }
+
+  COSEParametersFactory cose_params_int_string(
+    int64_t key, std::string_view value)
+  {
+    const size_t args_size = sizeof(key) + value.size();
+    return COSEParametersFactory(
+      [=](QCBOREncodeContext* ctx) {
+        QCBOREncode_AddSZStringToMapN(ctx, key, value.data());
+      },
+      args_size);
+  }
+
+  COSEParametersFactory cose_params_string_int(
+    std::string_view key, int64_t value)
+  {
+    const size_t args_size = key.size() + sizeof(value);
+    return COSEParametersFactory(
+      [=](QCBOREncodeContext* ctx) {
+        QCBOREncode_AddSZString(ctx, key.data());
+        QCBOREncode_AddInt64(ctx, value);
+      },
+      args_size);
+  }
+
+  COSEParametersFactory cose_params_string_string(
+    std::string_view key, std::string_view value)
+  {
+    const size_t args_size = key.size() + value.size();
+    return COSEParametersFactory(
+      [=](QCBOREncodeContext* ctx) {
+        QCBOREncode_AddSZString(ctx, key.data());
+        QCBOREncode_AddSZString(ctx, value.data());
+      },
+      args_size);
+  }
+
+  COSEParametersFactory cose_params_int_bytes(
+    int64_t key, std::span<const uint8_t> value)
+  {
+    const size_t args_size = sizeof(key) + value.size();
+    q_useful_buf_c buf{value.data(), value.size()};
+    return COSEParametersFactory(
+      [=](QCBOREncodeContext* ctx) {
+        QCBOREncode_AddBytesToMapN(ctx, key, buf);
+      },
+      args_size);
+  }
+
   std::vector<uint8_t> cose_sign1(
-    EVP_PKEY* key,
-    const COSEProtectedHeaders& protected_headers,
+    KeyPair_OpenSSL& key,
+    const std::vector<COSEParametersFactory>& protected_headers,
     std::span<const uint8_t> payload)
   {
     const auto buf_size = estimate_buffer_size(protected_headers, payload);
@@ -95,11 +165,18 @@ namespace ccf::crypto
     QCBOREncode_Init(&cbor_encode, signed_cose_buffer);
 
     t_cose_sign1_sign_ctx sign_ctx;
-    t_cose_sign1_sign_init(&sign_ctx, 0, T_COSE_ALGORITHM_ES256);
+    const auto algorithm_id = key_to_cose_alg_id(key);
+    if (!algorithm_id.has_value())
+    {
+      throw ccf::crypto::COSESignError(fmt::format("Unsupported key type"));
+    }
+
+    t_cose_sign1_sign_init(&sign_ctx, 0, *algorithm_id);
 
+    EVP_PKEY* evp_key = key;
     t_cose_key signing_key;
     signing_key.crypto_lib = T_COSE_CRYPTO_LIB_OPENSSL;
-    signing_key.k.key_ptr = key;
+    signing_key.k.key_ptr = evp_key;
 
     t_cose_sign1_set_signing_key(&sign_ctx, signing_key, NULL_Q_USEFUL_BUF_C);