rippled
Manifest.h
1 //------------------------------------------------------------------------------
2 /*
3  This file is part of rippled: https://github.com/ripple/rippled
4  Copyright (c) 2012, 2013 Ripple Labs Inc.
5 
6  Permission to use, copy, modify, and/or distribute this software for any
7  purpose with or without fee is hereby granted, provided that the above
8  copyright notice and this permission notice appear in all copies.
9 
10  THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11  WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12  MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13  ANY SPECIAL , DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14  WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15  ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16  OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18 //==============================================================================
19 
20 #ifndef RIPPLE_APP_MISC_MANIFEST_H_INCLUDED
21 #define RIPPLE_APP_MISC_MANIFEST_H_INCLUDED
22 
23 #include <ripple/basics/UnorderedContainers.h>
24 #include <ripple/beast/utility/Journal.h>
25 #include <ripple/protocol/PublicKey.h>
26 #include <ripple/protocol/SecretKey.h>
27 
28 #include <optional>
29 #include <shared_mutex>
30 #include <string>
31 
32 namespace ripple {
33 
34 /*
35  Validator key manifests
36  -----------------------
37 
38  Suppose the secret keys installed on a Ripple validator are compromised. Not
39  only do you have to generate and install new key pairs on each validator,
40  EVERY rippled needs to have its config updated with the new public keys, and
41  is vulnerable to forged validation signatures until this is done. The
42  solution is a new layer of indirection: A master secret key under
43  restrictive access control is used to sign a "manifest": essentially, a
44  certificate including the master public key, an ephemeral public key for
45  verifying validations (which will be signed by its secret counterpart), a
46  sequence number, and a digital signature.
47 
48  The manifest has two serialized forms: one which includes the digital
49  signature and one which doesn't. There is an obvious causal dependency
50  relationship between the (latter) form with no signature, the signature
51  of that form, and the (former) form which includes that signature. In
52  other words, a message can't contain a signature of itself. The code
53  below stores a serialized manifest which includes the signature, and
54  dynamically generates the signatureless form when it needs to verify
55  the signature.
56 
57  An instance of ManifestCache stores, for each trusted validator, (a) its
58  master public key, and (b) the most senior of all valid manifests it has
59  seen for that validator, if any. On startup, the [validator_token] config
60  entry (which contains the manifest for this validator) is decoded and
61  added to the manifest cache. Other manifests are added as "gossip"
62  received from rippled peers.
63 
64  When an ephemeral key is compromised, a new signing key pair is created,
65  along with a new manifest vouching for it (with a higher sequence number),
66  signed by the master key. When a rippled peer receives the new manifest,
67  it verifies it with the master key and (assuming it's valid) discards the
68  old ephemeral key and stores the new one. If the master key itself gets
69  compromised, a manifest with sequence number 0xFFFFFFFF will supersede a
70  prior manifest and discard any existing ephemeral key without storing a
71  new one. These revocation manifests are loaded from the
72  [validator_key_revocation] config entry as well as received as gossip from
73  peers. Since no further manifests for this master key will be accepted
74  (since no higher sequence number is possible), and no signing key is on
75  record, no validations will be accepted from the compromised validator.
76 */
77 
78 //------------------------------------------------------------------------------
79 
80 struct Manifest
81 {
83  std::string serialized;
84 
86  PublicKey masterKey;
87 
89  PublicKey signingKey;
90 
92  std::uint32_t sequence = 0;
93 
95  std::string domain;
96 
97  Manifest() = default;
98  Manifest(Manifest const& other) = delete;
99  Manifest&
100  operator=(Manifest const& other) = delete;
101  Manifest(Manifest&& other) = default;
102  Manifest&
103  operator=(Manifest&& other) = default;
104 
106  bool
107  verify() const;
108 
110  uint256
111  hash() const;
112 
114  bool
115  revoked() const;
116 
118  std::optional<Blob>
119  getSignature() const;
120 
122  Blob
123  getMasterSignature() const;
124 };
125 
127 std::string
128 to_string(Manifest const& m);
129 
140 std::optional<Manifest>
141 deserializeManifest(Slice s, beast::Journal journal);
142 
143 inline std::optional<Manifest>
144 deserializeManifest(
145  std::string const& s,
146  beast::Journal journal = beast::Journal(beast::Journal::getNullSink()))
147 {
148  return deserializeManifest(makeSlice(s), journal);
149 }
150 
151 template <
152  class T,
153  class = std::enable_if_t<
154  std::is_same<T, char>::value || std::is_same<T, unsigned char>::value>>
155 std::optional<Manifest>
156 deserializeManifest(
157  std::vector<T> const& v,
158  beast::Journal journal = beast::Journal(beast::Journal::getNullSink()))
159 {
160  return deserializeManifest(makeSlice(v), journal);
161 }
164 inline bool
165 operator==(Manifest const& lhs, Manifest const& rhs)
166 {
167  // In theory, comparing the two serialized strings should be
168  // sufficient.
169  return lhs.sequence == rhs.sequence && lhs.masterKey == rhs.masterKey &&
170  lhs.signingKey == rhs.signingKey && lhs.domain == rhs.domain &&
171  lhs.serialized == rhs.serialized;
172 }
173 
174 inline bool
175 operator!=(Manifest const& lhs, Manifest const& rhs)
176 {
177  return !(lhs == rhs);
178 }
179 
180 struct ValidatorToken
181 {
182  std::string manifest;
183  SecretKey validationSecret;
184 };
185 
186 std::optional<ValidatorToken>
187 loadValidatorToken(
188  std::vector<std::string> const& blob,
189  beast::Journal journal = beast::Journal(beast::Journal::getNullSink()));
190 
191 enum class ManifestDisposition {
193  accepted = 0,
194 
196  stale,
197 
199  badMasterKey,
200 
202  badEphemeralKey,
203 
205  invalid
206 };
207 
208 inline std::string
209 to_string(ManifestDisposition m)
210 {
211  switch (m)
212  {
213  case ManifestDisposition::accepted:
214  return "accepted";
215  case ManifestDisposition::stale:
216  return "stale";
217  case ManifestDisposition::badMasterKey:
218  return "badMasterKey";
219  case ManifestDisposition::badEphemeralKey:
220  return "badEphemeralKey";
221  case ManifestDisposition::invalid:
222  return "invalid";
223  default:
224  return "unknown";
225  }
226 }
227 
228 class DatabaseCon;
229 
231 class ManifestCache
232 {
233 private:
234  beast::Journal j_;
235  std::shared_mutex mutable mutex_;
236 
238  hash_map<PublicKey, Manifest> map_;
239 
241  hash_map<PublicKey, PublicKey> signingToMasterKeys_;
242 
243  std::atomic<std::uint32_t> seq_{0};
244 
245 public:
246  explicit ManifestCache(
247  beast::Journal j = beast::Journal(beast::Journal::getNullSink()))
248  : j_(j)
249  {
250  }
251 
253  std::uint32_t
254  sequence() const
255  {
256  return seq_.load();
257  }
258 
269  PublicKey
270  getSigningKey(PublicKey const& pk) const;
271 
282  PublicKey
283  getMasterKey(PublicKey const& pk) const;
284 
290  std::optional<std::uint32_t>
291  getSequence(PublicKey const& pk) const;
292 
298  std::optional<std::string>
299  getDomain(PublicKey const& pk) const;
300 
306  std::optional<std::string>
307  getManifest(PublicKey const& pk) const;
308 
317  bool
318  revoked(PublicKey const& pk) const;
319 
331  ManifestDisposition
332  applyManifest(Manifest m);
333 
350  bool
351  load(
352  DatabaseCon& dbCon,
353  std::string const& dbTable,
354  std::string const& configManifest,
355  std::vector<std::string> const& configRevocation);
356 
367  void
368  load(DatabaseCon& dbCon, std::string const& dbTable);
369 
380  void
381  save(
382  DatabaseCon& dbCon,
383  std::string const& dbTable,
384  std::function<bool(PublicKey const&)> const& isTrusted);
385 
399  template <class Function>
400  void
401  for_each_manifest(Function&& f) const
402  {
403  std::shared_lock lock{mutex_};
404  for (auto const& [_, manifest] : map_)
405  {
406  (void)_;
407  f(manifest);
408  }
409  }
410 
427  template <class PreFun, class EachFun>
428  void
429  for_each_manifest(PreFun&& pf, EachFun&& f) const
430  {
431  std::shared_lock lock{mutex_};
432  pf(map_.size());
433  for (auto const& [_, manifest] : map_)
434  {
435  (void)_;
436  f(manifest);
437  }
438  }
439 };
440 
441 } // namespace ripple
442 
443 #endif
ripple::ManifestCache::mutex_
std::shared_mutex mutex_
Definition: Manifest.h:235
std::is_same
ripple::Manifest::domain
std::string domain
The domain, if one was specified in the manifest; empty otherwise.
Definition: Manifest.h:95
ripple::makeSlice
std::enable_if_t< std::is_same< T, char >::value||std::is_same< T, unsigned char >::value, Slice > makeSlice(std::array< T, N > const &a)
Definition: Slice.h:241
std::string
STL class.
ripple::ManifestDisposition
ManifestDisposition
Definition: Manifest.h:191
ripple::ManifestCache::getMasterKey
PublicKey getMasterKey(PublicKey const &pk) const
Returns ephemeral signing key's master public key.
Definition: app/misc/impl/Manifest.cpp:303
ripple::loadValidatorToken
std::optional< ValidatorToken > loadValidatorToken(std::vector< std::string > const &blob, beast::Journal journal)
Definition: app/misc/impl/Manifest.cpp:244
ripple::Manifest
Definition: Manifest.h:80
ripple::Slice
An immutable linear range of bytes.
Definition: Slice.h:44
ripple::HashPrefix::manifest
@ manifest
Manifest.
ripple::Manifest::signingKey
PublicKey signingKey
The ephemeral key associated with this manifest.
Definition: Manifest.h:89
std::vector< unsigned char >
ripple::Manifest::serialized
std::string serialized
The manifest in serialized form.
Definition: Manifest.h:83
ripple::Manifest::masterKey
PublicKey masterKey
The master key associated with this manifest.
Definition: Manifest.h:86
ripple::Manifest::verify
bool verify() const
Returns true if manifest signature is valid.
Definition: app/misc/impl/Manifest.cpp:189
ripple::ManifestCache::for_each_manifest
void for_each_manifest(PreFun &&pf, EachFun &&f) const
Invokes the callback once for every populated manifest.
Definition: Manifest.h:429
ripple::ValidatorToken
Definition: Manifest.h:180
ripple::ManifestCache::map_
hash_map< PublicKey, Manifest > map_
Active manifests stored by master public key.
Definition: Manifest.h:238
ripple::ManifestDisposition::badEphemeralKey
@ badEphemeralKey
The ephemeral key is not acceptable to us.
std::function
ripple::ValidatorToken::manifest
std::string manifest
Definition: Manifest.h:182
beast::Journal::getNullSink
static Sink & getNullSink()
Returns a Sink which does nothing.
Definition: beast_Journal.cpp:72
ripple::Manifest::revoked
bool revoked() const
Returns true if manifest revokes master key.
Definition: app/misc/impl/Manifest.cpp:214
ripple::ManifestCache::save
void save(DatabaseCon &dbCon, std::string const &dbTable, std::function< bool(PublicKey const &)> const &isTrusted)
Save cached manifests to database.
Definition: app/misc/impl/Manifest.cpp:577
ripple::operator==
bool operator==(Manifest const &lhs, Manifest const &rhs)
Definition: Manifest.h:165
ripple::Manifest::Manifest
Manifest()=default
ripple::base_uint< 256 >
ripple::ManifestCache::signingToMasterKeys_
hash_map< PublicKey, PublicKey > signingToMasterKeys_
Master public keys stored by current ephemeral public key.
Definition: Manifest.h:241
ripple::ManifestDisposition::badMasterKey
@ badMasterKey
The master key is not acceptable to us.
ripple::PublicKey
A public key.
Definition: PublicKey.h:59
std::atomic::load
T load(T... args)
std::enable_if_t
ripple::operator!=
bool operator!=(Manifest const &lhs, Manifest const &rhs)
Definition: Manifest.h:175
ripple::Manifest::getSignature
std::optional< Blob > getSignature() const
Returns manifest signature.
Definition: app/misc/impl/Manifest.cpp:224
ripple::ManifestCache::revoked
bool revoked(PublicKey const &pk) const
Returns true if master key has been revoked in a manifest.
Definition: app/misc/impl/Manifest.cpp:351
ripple::ManifestCache::j_
beast::Journal j_
Definition: Manifest.h:234
ripple::ManifestCache::for_each_manifest
void for_each_manifest(Function &&f) const
Invokes the callback once for every populated manifest.
Definition: Manifest.h:401
ripple::ManifestCache::seq_
std::atomic< std::uint32_t > seq_
Definition: Manifest.h:243
ripple::ManifestCache::getSigningKey
PublicKey getSigningKey(PublicKey const &pk) const
Returns master key's current signing key.
Definition: app/misc/impl/Manifest.cpp:291
beast::Journal
A generic endpoint for log messages.
Definition: Journal.h:58
std::uint32_t
ripple::SecretKey
A secret key.
Definition: SecretKey.h:36
ripple::Manifest::getMasterSignature
Blob getMasterSignature() const
Returns manifest master key signature.
Definition: app/misc/impl/Manifest.cpp:235
std::atomic< std::uint32_t >
ripple::ManifestDisposition::invalid
@ invalid
Timely, but invalid signature.
ripple::ManifestCache::getSequence
std::optional< std::uint32_t > getSequence(PublicKey const &pk) const
Returns master key's current manifest sequence.
Definition: app/misc/impl/Manifest.cpp:315
ripple::ManifestDisposition::accepted
@ accepted
Manifest is valid.
ripple::Manifest::sequence
std::uint32_t sequence
The sequence number of this manifest.
Definition: Manifest.h:92
ripple::ManifestCache
Remembers manifests with the highest sequence number.
Definition: Manifest.h:231
ripple::ManifestCache::getManifest
std::optional< std::string > getManifest(PublicKey const &pk) const
Returns mainfest corresponding to a given public key.
Definition: app/misc/impl/Manifest.cpp:339
ripple::ManifestCache::getDomain
std::optional< std::string > getDomain(PublicKey const &pk) const
Returns domain claimed by a given public key.
Definition: app/misc/impl/Manifest.cpp:327
ripple::ManifestDisposition::stale
@ stale
Sequence is too old.
ripple
Use hash_* containers for keys that do not need a cryptographically secure hashing algorithm.
Definition: RCLCensorshipDetector.h:29
ripple::ManifestCache::ManifestCache
ManifestCache(beast::Journal j=beast::Journal(beast::Journal::getNullSink()))
Definition: Manifest.h:246
ripple::Manifest::operator=
Manifest & operator=(Manifest const &other)=delete
ripple::DatabaseCon
Definition: DatabaseCon.h:81
ripple::Manifest::hash
uint256 hash() const
Returns hash of serialized manifest data.
Definition: app/misc/impl/Manifest.cpp:205
optional
ripple::to_string
std::string to_string(Manifest const &m)
Format the specified manifest to a string for debugging purposes.
Definition: app/misc/impl/Manifest.cpp:41
ripple::deserializeManifest
std::optional< Manifest > deserializeManifest(Slice s, beast::Journal journal)
Constructs Manifest from serialized string.
Definition: app/misc/impl/Manifest.cpp:53
ripple::ManifestCache::load
bool load(DatabaseCon &dbCon, std::string const &dbTable, std::string const &configManifest, std::vector< std::string > const &configRevocation)
Populate manifest cache with manifests in database and config.
Definition: app/misc/impl/Manifest.cpp:520
ripple::ManifestCache::applyManifest
ManifestDisposition applyManifest(Manifest m)
Add manifest to cache.
Definition: app/misc/impl/Manifest.cpp:363
shared_mutex
std::unordered_map
STL class.
ripple::ValidatorToken::validationSecret
SecretKey validationSecret
Definition: Manifest.h:183
std::shared_lock
STL class.
ripple::ManifestCache::sequence
std::uint32_t sequence() const
A monotonically increasing number used to detect new manifests.
Definition: Manifest.h:254
string
Generated by   doxygen 1.8.17