repo-sync-2023-12-27T12:20:50+0800 (#178)

* repo-sync-2023-12-27T12:20:50+0800

* Update tommath_ext_types.h

bazel/repositories.bzl

@@ -18,11 +18,12 @@ load("@bazel_tools//tools/build_defs/repo:git.bzl", "git_repository")
 
 SECRETFLOW_GIT = "https://github.com/secretflow"
 
-IC_COMMIT_ID = "b4a657d5ac39fe584dbccb7808fcbc8897ed2077"
+IC_COMMIT_ID = "e9a64bfe1ae57f358b41790a1bdd82c390dd50da"
 
 SIMPLEST_OT_COMMIT_ID = "4e39b7c35721c7fd968da6e047f59c0ac92e8088"
 
 def yacl_deps():
+    _rule_proto()
     _rule_python()
     _rules_foreign_cc()
     _com_github_madler_zlib()
@@ -232,6 +233,17 @@ def _com_github_blake3team_blake3():
         ],
     )
 
+def _rule_proto():
+    maybe(
+        http_archive,
+        name = "rules_proto",
+        sha256 = "dc3fb206a2cb3441b485eb1e423165b231235a1ea9b031b4433cf7bc1fa460dd",
+        strip_prefix = "rules_proto-5.3.0-21.7",
+        urls = [
+            "https://github.com/bazelbuild/rules_proto/archive/refs/tags/5.3.0-21.7.tar.gz",
+        ],
+    )
+
 # Required by protobuf
 def _rule_python():
     maybe(

yacl/crypto/base/BUILD.bazel

@@ -39,6 +39,7 @@ yacl_cc_library(
     ],
     deps = [
         ":openssl_wrappers",
+        "//yacl/crypto/utils:secparam",
         "//yacl/io/stream",
     ],
 )

yacl/crypto/base/aead/BUILD.bazel

@@ -23,6 +23,7 @@ yacl_cc_library(
     deps = [
         "//yacl/base:int128",
         "//yacl/crypto/base:key_utils",
+        "//yacl/crypto/utils:secparam",
     ],
 )
 
@@ -42,6 +43,7 @@ yacl_cc_library(
         "//yacl/crypto/base/block_cipher:symmetric_crypto",
         "//yacl/crypto/base/hash:ssl_hash",
         "//yacl/crypto/base/hmac:hmac_sm3",
+        "//yacl/crypto/utils:secparam",
     ],
 )
 

yacl/crypto/base/aead/gcm_crypto.cc

@@ -47,29 +47,29 @@ void GcmCrypto::Encrypt(ByteContainerView plaintext, ByteContainerView aad,
   YACL_ENFORCE(ctx != nullptr, "Failed to new evp cipher context.");
   const auto cipher = openssl::FetchEvpCipher(ToString(schema_));
   YACL_ENFORCE(cipher != nullptr);
-
   YACL_ENFORCE(key_.size() == (size_t)EVP_CIPHER_key_length(cipher.get()));
   YACL_ENFORCE(iv_.size() == (size_t)EVP_CIPHER_iv_length(cipher.get()));
-  YACL_ENFORCE(EVP_EncryptInit_ex(ctx.get(), cipher.get(), nullptr, key_.data(),
-                                  iv_.data()) > 0);
+
+  OSSL_RET_1(EVP_EncryptInit_ex(ctx.get(), cipher.get(), nullptr, key_.data(),
+                                iv_.data()));
 
   // Provide AAD data if exist
   int out_length = 0;
   const auto aad_len = aad.size();
   if (aad_len > 0) {
-    YACL_ENFORCE(EVP_EncryptUpdate(ctx.get(), nullptr, &out_length, aad.data(),
-                                   aad_len) > 0);
+    OSSL_RET_1(EVP_EncryptUpdate(ctx.get(), nullptr, &out_length, aad.data(),
+                                 aad_len));
     YACL_ENFORCE(out_length == (int)aad.size());
   }
-  YACL_ENFORCE(EVP_EncryptUpdate(ctx.get(), ciphertext.data(), &out_length,
-                                 plaintext.data(), plaintext.size()) > 0);
+  OSSL_RET_1(EVP_EncryptUpdate(ctx.get(), ciphertext.data(), &out_length,
+                               plaintext.data(), plaintext.size()));
   YACL_ENFORCE(out_length == (int)plaintext.size(),
                "Unexpected encrypte out length.");
 
   // Note that get no output here as the data is always aligned for GCM.
   EVP_EncryptFinal_ex(ctx.get(), nullptr, &out_length);
-  YACL_ENFORCE(EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_GET_TAG,
-                                   GetMacSize(schema_), mac.data()) > 0);
+  OSSL_RET_1(EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_GET_TAG,
+                                 GetMacSize(schema_), mac.data()));
 }
 
 void GcmCrypto::Decrypt(ByteContainerView ciphertext, ByteContainerView aad,
@@ -79,32 +79,33 @@ void GcmCrypto::Decrypt(ByteContainerView ciphertext, ByteContainerView aad,
   YACL_ENFORCE_EQ(mac.size(), GetMacSize(schema_));
 
   // init openssl evp cipher context
-  EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new();
-  YACL_ENFORCE(ctx, "Failed to new evp cipher context.");
-  ON_SCOPE_EXIT([&] { EVP_CIPHER_CTX_free(ctx); });
+  auto ctx = openssl::UniqueCipherCtx(EVP_CIPHER_CTX_new());
+
+  YACL_ENFORCE(ctx.get(), "Failed to new evp cipher context.");
+
   const auto cipher = openssl::FetchEvpCipher(ToString(schema_));
   YACL_ENFORCE_EQ(key_.size(), (size_t)EVP_CIPHER_key_length(cipher.get()));
   YACL_ENFORCE_EQ(iv_.size(), (size_t)EVP_CIPHER_iv_length(cipher.get()));
-  YACL_ENFORCE(
-      EVP_DecryptInit_ex(ctx, cipher.get(), nullptr, key_.data(), iv_.data()));
+  YACL_ENFORCE(EVP_DecryptInit_ex(ctx.get(), cipher.get(), nullptr, key_.data(),
+                                  iv_.data()));
 
   // Provide AAD data if exist
   int out_length = 0;
   const auto aad_len = aad.size();
   if (aad_len > 0) {
-    YACL_ENFORCE(
-        EVP_DecryptUpdate(ctx, nullptr, &out_length, aad.data(), aad_len) > 0);
+    OSSL_RET_1(EVP_DecryptUpdate(ctx.get(), nullptr, &out_length, aad.data(),
+                                 aad_len));
     YACL_ENFORCE(out_length == (int)aad.size());
   }
-  YACL_ENFORCE(EVP_DecryptUpdate(ctx, plaintext.data(), &out_length,
-                                 ciphertext.data(), ciphertext.size()) > 0);
+  OSSL_RET_1(EVP_DecryptUpdate(ctx.get(), plaintext.data(), &out_length,
+                               ciphertext.data(), ciphertext.size()));
   YACL_ENFORCE(out_length == (int)plaintext.size(),
                "Unexpcted decryption out length.");
-  YACL_ENFORCE(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG,
-                                   GetMacSize(schema_), (void*)mac.data()) > 0);
+  OSSL_RET_1(EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_SET_TAG,
+                                 GetMacSize(schema_), (void*)mac.data()));
 
   // Note that get no output here as the data is always aligned for GCM.
-  YACL_ENFORCE(EVP_DecryptFinal_ex(ctx, nullptr, &out_length) > 0,
+  YACL_ENFORCE(EVP_DecryptFinal_ex(ctx.get(), nullptr, &out_length) > 0,
                "Failed to verfiy mac.");
 }
 

yacl/crypto/base/aead/gcm_crypto.h

@@ -19,12 +19,16 @@
 #include "absl/types/span.h"
 
 #include "yacl/base/byte_container_view.h"
+#include "yacl/crypto/utils/secparam.h"
+
+/* security parameter declaration */
+YACL_MODULE_DECLARE("aes_gcm", SecParam::C::k128, SecParam::S::INF);
 
 namespace yacl::crypto {
 
 enum class GcmCryptoSchema : int {
-  AES128_GCM,
-  AES256_GCM,
+  AES128_GCM, /* security level = 128 */
+  AES256_GCM, /* security level = 256 */
   // SM4_GCM /* TODO openssl 3.2 supports SM4 GCM */
 };
 

yacl/crypto/base/aead/gcm_crypto_test.cc

@@ -15,9 +15,9 @@
 #include "yacl/crypto/base/aead/gcm_crypto.h"
 
 #include <memory>
+#include <string>
 
 #include "gtest/gtest.h"
-#include "openssl/evp.h"
 
 #include "yacl/base/exception.h"
 

yacl/crypto/base/aead/sm4_mac.cc

@@ -15,9 +15,6 @@
 #include "yacl/crypto/base/aead/sm4_mac.h"
 
 #include "yacl/base/exception.h"
-#include "yacl/crypto/base/block_cipher/symmetric_crypto.h"
-#include "yacl/crypto/base/hash/ssl_hash.h"
-#include "yacl/crypto/base/hmac/hmac_sm3.h"
 
 namespace yacl::crypto {
 

yacl/crypto/base/aead/sm4_mac.h

@@ -17,6 +17,15 @@
 #include <vector>
 
 #include "yacl/base/byte_container_view.h"
+#include "yacl/crypto/utils/secparam.h"
+
+/* submodules */
+#include "yacl/crypto/base/block_cipher/symmetric_crypto.h"
+#include "yacl/crypto/base/hash/ssl_hash.h"
+#include "yacl/crypto/base/hmac/hmac_sm3.h"
+
+/* security parameter declaration */
+YACL_MODULE_DECLARE("sm4_mac", SecParam::C::k128, SecParam::S::INF);
 
 namespace yacl::crypto {
 

yacl/crypto/base/aes/BUILD.bazel

@@ -34,7 +34,10 @@ yacl_cc_library(
         "aes_intrinsics.h",
     ],
     copts = AES_COPT_FLAGS,
-    deps = ["//yacl/base:int128"] + select({
+    deps = [
+        "//yacl/base:int128",
+        "//yacl/crypto/utils:secparam",
+    ] + select({
         "@platforms//cpu:aarch64": [
             "@com_github_dltcollab_sse2neon//:sse2neon",
         ],

yacl/crypto/base/aes/aes_intrinsics.h

@@ -56,6 +56,7 @@
 
 #include "yacl/base/exception.h"
 #include "yacl/base/int128.h"
+#include "yacl/crypto/utils/secparam.h"
 
 #ifndef __aarch64__
 // sse
@@ -67,6 +68,8 @@
 #include "sse2neon.h"
 #endif
 
+/* security parameter declaration */
+YACL_MODULE_DECLARE("aes_intrinsics", SecParam::C::k128, SecParam::S::INF);
 namespace yacl::crypto {
 
 namespace internal {

yacl/crypto/base/block_cipher/BUILD.bazel

@@ -28,7 +28,7 @@ yacl_cc_library(
     deps = [
         "//yacl/base:int128",
         "//yacl/crypto/base:openssl_wrappers",
-        "//yacl/crypto/base/aes:aes_intrinsics",
+        "//yacl/crypto/utils:secparam",
     ],
 )
 

yacl/crypto/base/block_cipher/symmetric_crypto.cc

@@ -18,10 +18,6 @@
 #include <climits>
 #include <iterator>
 
-#include "openssl/aes.h"
-#include "openssl/crypto.h"
-#include "openssl/err.h"
-#include "openssl/evp.h"
 #include "spdlog/spdlog.h"
 
 #include "yacl/base/exception.h"
@@ -45,20 +41,20 @@ openssl::UniqueCipherCtx CreateEVPCipherCtx(SymmetricCrypto::CryptoType type,
   // cbc mode need to set iv
   if ((type == SymmetricCrypto::CryptoType::AES128_ECB) ||
       (type == SymmetricCrypto::CryptoType::SM4_ECB)) {
-    YACL_ENFORCE(EVP_CipherInit_ex(ctx.get(), cipher.get(), nullptr, key_data,
-                                   nullptr, enc));
+    OSSL_RET_1(EVP_CipherInit_ex(ctx.get(), cipher.get(), nullptr, key_data,
+                                 nullptr, enc));
   } else {
     /**
      * @brief cbc and ctr mode set iv
      * for ctr the iv is the initiator counter, most case counter set 0
      */
     const auto* iv_data = reinterpret_cast<const uint8_t*>(&iv);
-    YACL_ENFORCE(EVP_CipherInit_ex(ctx.get(), cipher.get(), nullptr, key_data,
-                                   iv_data, enc));
+    OSSL_RET_1(EVP_CipherInit_ex(ctx.get(), cipher.get(), nullptr, key_data,
+                                 iv_data, enc));
   }
 
   // No padding needed for aligned blocks.
-  YACL_ENFORCE(EVP_CIPHER_CTX_set_padding(ctx.get(), 0));
+  OSSL_RET_1(EVP_CIPHER_CTX_set_padding(ctx.get(), 0));
 
   return ctx;
 }

yacl/crypto/base/block_cipher/symmetric_crypto.h

@@ -22,12 +22,14 @@
 #include <vector>
 
 #include "absl/types/span.h"
-#include "openssl/evp.h"
 
 #include "yacl/base/byte_container_view.h"
 #include "yacl/base/int128.h"
-#include "yacl/crypto/base/aes/aes_intrinsics.h"
 #include "yacl/crypto/base/openssl_wrappers.h"
+#include "yacl/crypto/utils/secparam.h"
+
+/* security parameter declaration */
+YACL_MODULE_DECLARE("aes_all_modes", SecParam::C::k128, SecParam::S::INF);
 
 namespace yacl::crypto {
 namespace internal {

yacl/crypto/base/ecc/BUILD.bazel

@@ -90,30 +90,3 @@ yacl_cc_test(
         "@yacl//yacl/utils:parallel",
     ],
 )
-
-yacl_cc_library(
-    name = "pairing_spi",
-    srcs = ["pairing_spi.cc"],
-    hdrs = ["pairing_spi.h"],
-    deps = [
-        ":spi",
-        "//yacl/crypto/base/field:field_spi",
-        "@com_google_absl//absl/strings",
-    ],
-)
-
-yacl_cc_library(
-    name = "pairing",
-    deps = [
-        "//yacl/crypto/base/ecc/mcl:pairing",
-    ],
-)
-
-yacl_cc_test(
-    name = "pairing_test",
-    srcs = ["pairing_test.cc"],
-    deps = [
-        ":pairing",
-        "@yacl//yacl/utils:parallel",
-    ],
-)

yacl/crypto/base/ecc/curve_meta.cc

@@ -826,7 +826,7 @@ std::vector<CurveMeta> kPredefinedCurves = {
 
 CurveName CurveMeta::LowerName() const { return absl::AsciiStrToLower(name); }
 
-bool CurveMeta::IsEquivalent(CurveMeta rhs) const {
+bool CurveMeta::IsEquivalent(const CurveMeta& rhs) const {
   return std::tie(form, field_type, secure_bits) ==
          std::tie(rhs.form, rhs.field_type, rhs.secure_bits);
 }

yacl/crypto/base/ecc/curve_meta.h

@@ -68,7 +68,7 @@ struct CurveMeta {
   size_t secure_bits;
 
   CurveName LowerName() const;
-  bool IsEquivalent(CurveMeta rhs) const;
+  bool IsEquivalent(const CurveMeta& rhs) const;
 };
 
 CurveMeta GetCurveMetaByName(const CurveName& name);