rippled
Manifest.h
1 //------------------------------------------------------------------------------
2 /*
3  This file is part of rippled: https://github.com/ripple/rippled
4  Copyright (c) 2012, 2013 Ripple Labs Inc.
5 
6  Permission to use, copy, modify, and/or distribute this software for any
7  purpose with or without fee is hereby granted, provided that the above
8  copyright notice and this permission notice appear in all copies.
9 
10  THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11  WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12  MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13  ANY SPECIAL , DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14  WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15  ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16  OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18 //==============================================================================
19 
20 #ifndef RIPPLE_APP_MISC_MANIFEST_H_INCLUDED
21 #define RIPPLE_APP_MISC_MANIFEST_H_INCLUDED
22 
23 #include <ripple/basics/UnorderedContainers.h>
24 #include <ripple/beast/utility/Journal.h>
25 #include <ripple/protocol/PublicKey.h>
26 #include <ripple/protocol/SecretKey.h>
27 
28 #include <optional>
29 #include <shared_mutex>
30 #include <string>
31 
32 namespace ripple {
33 
34 /*
35  Validator key manifests
36  -----------------------
37 
38  Suppose the secret keys installed on a Ripple validator are compromised. Not
39  only do you have to generate and install new key pairs on each validator,
40  EVERY rippled needs to have its config updated with the new public keys, and
41  is vulnerable to forged validation signatures until this is done. The
42  solution is a new layer of indirection: A master secret key under
43  restrictive access control is used to sign a "manifest": essentially, a
44  certificate including the master public key, an ephemeral public key for
45  verifying validations (which will be signed by its secret counterpart), a
46  sequence number, and a digital signature.
47 
48  The manifest has two serialized forms: one which includes the digital
49  signature and one which doesn't. There is an obvious causal dependency
50  relationship between the (latter) form with no signature, the signature
51  of that form, and the (former) form which includes that signature. In
52  other words, a message can't contain a signature of itself. The code
53  below stores a serialized manifest which includes the signature, and
54  dynamically generates the signatureless form when it needs to verify
55  the signature.
56 
57  An instance of ManifestCache stores, for each trusted validator, (a) its
58  master public key, and (b) the most senior of all valid manifests it has
59  seen for that validator, if any. On startup, the [validator_token] config
60  entry (which contains the manifest for this validator) is decoded and
61  added to the manifest cache. Other manifests are added as "gossip"
62  received from rippled peers.
63 
64  When an ephemeral key is compromised, a new signing key pair is created,
65  along with a new manifest vouching for it (with a higher sequence number),
66  signed by the master key. When a rippled peer receives the new manifest,
67  it verifies it with the master key and (assuming it's valid) discards the
68  old ephemeral key and stores the new one. If the master key itself gets
69  compromised, a manifest with sequence number 0xFFFFFFFF will supersede a
70  prior manifest and discard any existing ephemeral key without storing a
71  new one. These revocation manifests are loaded from the
72  [validator_key_revocation] config entry as well as received as gossip from
73  peers. Since no further manifests for this master key will be accepted
74  (since no higher sequence number is possible), and no signing key is on
75  record, no validations will be accepted from the compromised validator.
76 */
77 
78 //------------------------------------------------------------------------------
79 
80 struct Manifest
81 {
83  std::string serialized;
84 
86  PublicKey masterKey;
87 
89  PublicKey signingKey;
90 
92  std::uint32_t sequence = 0;
93 
95  std::string domain;
96 
97  Manifest() = default;
98  Manifest(Manifest const& other) = delete;
99  Manifest&
100  operator=(Manifest const& other) = delete;
101  Manifest(Manifest&& other) = default;
102  Manifest&
103  operator=(Manifest&& other) = default;
104 
106  bool
107  verify() const;
108 
110  uint256
111  hash() const;
112 
114  bool
115  revoked() const;
116 
118  std::optional<Blob>
119  getSignature() const;
120 
122  Blob
123  getMasterSignature() const;
124 };
125 
127 std::string
128 to_string(Manifest const& m);
129 
140 std::optional<Manifest>
141 deserializeManifest(Slice s);
142 
143 inline std::optional<Manifest>
144 deserializeManifest(std::string const& s)
145 {
146  return deserializeManifest(makeSlice(s));
147 }
148 
149 template <
150  class T,
151  class = std::enable_if_t<
152  std::is_same<T, char>::value || std::is_same<T, unsigned char>::value>>
153 std::optional<Manifest>
154 deserializeManifest(std::vector<T> const& v)
155 {
156  return deserializeManifest(makeSlice(v));
157 }
160 inline bool
161 operator==(Manifest const& lhs, Manifest const& rhs)
162 {
163  // In theory, comparing the two serialized strings should be
164  // sufficient.
165  return lhs.sequence == rhs.sequence && lhs.masterKey == rhs.masterKey &&
166  lhs.signingKey == rhs.signingKey && lhs.domain == rhs.domain &&
167  lhs.serialized == rhs.serialized;
168 }
169 
170 inline bool
171 operator!=(Manifest const& lhs, Manifest const& rhs)
172 {
173  return !(lhs == rhs);
174 }
175 
176 struct ValidatorToken
177 {
178  std::string manifest;
179  SecretKey validationSecret;
180 };
181 
182 std::optional<ValidatorToken>
183 loadValidatorToken(std::vector<std::string> const& blob);
184 
185 enum class ManifestDisposition {
187  accepted = 0,
188 
190  stale,
191 
193  badMasterKey,
194 
196  badEphemeralKey,
197 
199  invalid
200 };
201 
202 inline std::string
203 to_string(ManifestDisposition m)
204 {
205  switch (m)
206  {
207  case ManifestDisposition::accepted:
208  return "accepted";
209  case ManifestDisposition::stale:
210  return "stale";
211  case ManifestDisposition::badMasterKey:
212  return "badMasterKey";
213  case ManifestDisposition::badEphemeralKey:
214  return "badEphemeralKey";
215  case ManifestDisposition::invalid:
216  return "invalid";
217  default:
218  return "unknown";
219  }
220 }
221 
222 class DatabaseCon;
223 
225 class ManifestCache
226 {
227 private:
228  beast::Journal j_;
229  std::shared_mutex mutable mutex_;
230 
232  hash_map<PublicKey, Manifest> map_;
233 
235  hash_map<PublicKey, PublicKey> signingToMasterKeys_;
236 
237  std::atomic<std::uint32_t> seq_{0};
238 
239 public:
240  explicit ManifestCache(
241  beast::Journal j = beast::Journal(beast::Journal::getNullSink()))
242  : j_(j)
243  {
244  }
245 
247  std::uint32_t
248  sequence() const
249  {
250  return seq_.load();
251  }
252 
263  PublicKey
264  getSigningKey(PublicKey const& pk) const;
265 
276  PublicKey
277  getMasterKey(PublicKey const& pk) const;
278 
284  std::optional<std::uint32_t>
285  getSequence(PublicKey const& pk) const;
286 
292  std::optional<std::string>
293  getDomain(PublicKey const& pk) const;
294 
300  std::optional<std::string>
301  getManifest(PublicKey const& pk) const;
302 
311  bool
312  revoked(PublicKey const& pk) const;
313 
325  ManifestDisposition
326  applyManifest(Manifest m);
327 
344  bool
345  load(
346  DatabaseCon& dbCon,
347  std::string const& dbTable,
348  std::string const& configManifest,
349  std::vector<std::string> const& configRevocation);
350 
361  void
362  load(DatabaseCon& dbCon, std::string const& dbTable);
363 
374  void
375  save(
376  DatabaseCon& dbCon,
377  std::string const& dbTable,
378  std::function<bool(PublicKey const&)> const& isTrusted);
379 
393  template <class Function>
394  void
395  for_each_manifest(Function&& f) const
396  {
397  std::shared_lock lock{mutex_};
398  for (auto const& [_, manifest] : map_)
399  {
400  (void)_;
401  f(manifest);
402  }
403  }
404 
421  template <class PreFun, class EachFun>
422  void
423  for_each_manifest(PreFun&& pf, EachFun&& f) const
424  {
425  std::shared_lock lock{mutex_};
426  pf(map_.size());
427  for (auto const& [_, manifest] : map_)
428  {
429  (void)_;
430  f(manifest);
431  }
432  }
433 };
434 
435 } // namespace ripple
436 
437 #endif
ripple::ManifestCache::mutex_
std::shared_mutex mutex_
Definition: Manifest.h:229
std::is_same
ripple::Manifest::domain
std::string domain
The domain, if one was specified in the manifest; empty otherwise.
Definition: Manifest.h:95
ripple::makeSlice
std::enable_if_t< std::is_same< T, char >::value||std::is_same< T, unsigned char >::value, Slice > makeSlice(std::array< T, N > const &a)
Definition: Slice.h:241
std::string
STL class.
ripple::ManifestDisposition
ManifestDisposition
Definition: Manifest.h:185
ripple::ManifestCache::getMasterKey
PublicKey getMasterKey(PublicKey const &pk) const
Returns ephemeral signing key's master public key.
Definition: app/misc/impl/Manifest.cpp:299
ripple::Manifest
Definition: Manifest.h:80
ripple::Slice
An immutable linear range of bytes.
Definition: Slice.h:44
ripple::HashPrefix::manifest
@ manifest
Manifest.
ripple::Manifest::signingKey
PublicKey signingKey
The ephemeral key associated with this manifest.
Definition: Manifest.h:89
std::vector< unsigned char >
ripple::Manifest::serialized
std::string serialized
The manifest in serialized form.
Definition: Manifest.h:83
ripple::Manifest::masterKey
PublicKey masterKey
The master key associated with this manifest.
Definition: Manifest.h:86
ripple::Manifest::verify
bool verify() const
Returns true if manifest signature is valid.
Definition: app/misc/impl/Manifest.cpp:187
ripple::ManifestCache::for_each_manifest
void for_each_manifest(PreFun &&pf, EachFun &&f) const
Invokes the callback once for every populated manifest.
Definition: Manifest.h:423
ripple::ValidatorToken
Definition: Manifest.h:176
ripple::ManifestCache::map_
hash_map< PublicKey, Manifest > map_
Active manifests stored by master public key.
Definition: Manifest.h:232
ripple::ManifestDisposition::badEphemeralKey
@ badEphemeralKey
The ephemeral key is not acceptable to us.
std::function
ripple::ValidatorToken::manifest
std::string manifest
Definition: Manifest.h:178
beast::Journal::getNullSink
static Sink & getNullSink()
Returns a Sink which does nothing.
Definition: beast_Journal.cpp:72
ripple::Manifest::revoked
bool revoked() const
Returns true if manifest revokes master key.
Definition: app/misc/impl/Manifest.cpp:212
ripple::ManifestCache::save
void save(DatabaseCon &dbCon, std::string const &dbTable, std::function< bool(PublicKey const &)> const &isTrusted)
Save cached manifests to database.
Definition: app/misc/impl/Manifest.cpp:573
ripple::operator==
bool operator==(Manifest const &lhs, Manifest const &rhs)
Definition: Manifest.h:161
ripple::Manifest::Manifest
Manifest()=default
ripple::base_uint< 256 >
ripple::ManifestCache::signingToMasterKeys_
hash_map< PublicKey, PublicKey > signingToMasterKeys_
Master public keys stored by current ephemeral public key.
Definition: Manifest.h:235
ripple::ManifestDisposition::badMasterKey
@ badMasterKey
The master key is not acceptable to us.
ripple::PublicKey
A public key.
Definition: PublicKey.h:59
std::atomic::load
T load(T... args)
std::enable_if_t
ripple::operator!=
bool operator!=(Manifest const &lhs, Manifest const &rhs)
Definition: Manifest.h:171
ripple::Manifest::getSignature
std::optional< Blob > getSignature() const
Returns manifest signature.
Definition: app/misc/impl/Manifest.cpp:222
ripple::ManifestCache::revoked
bool revoked(PublicKey const &pk) const
Returns true if master key has been revoked in a manifest.
Definition: app/misc/impl/Manifest.cpp:347
ripple::ManifestCache::j_
beast::Journal j_
Definition: Manifest.h:228
ripple::ManifestCache::for_each_manifest
void for_each_manifest(Function &&f) const
Invokes the callback once for every populated manifest.
Definition: Manifest.h:395
ripple::loadValidatorToken
std::optional< ValidatorToken > loadValidatorToken(std::vector< std::string > const &blob)
Definition: app/misc/impl/Manifest.cpp:242
ripple::ManifestCache::seq_
std::atomic< std::uint32_t > seq_
Definition: Manifest.h:237
ripple::ManifestCache::getSigningKey
PublicKey getSigningKey(PublicKey const &pk) const
Returns master key's current signing key.
Definition: app/misc/impl/Manifest.cpp:287
beast::Journal
A generic endpoint for log messages.
Definition: Journal.h:58
std::uint32_t
ripple::SecretKey
A secret key.
Definition: SecretKey.h:36
ripple::Manifest::getMasterSignature
Blob getMasterSignature() const
Returns manifest master key signature.
Definition: app/misc/impl/Manifest.cpp:233
std::atomic< std::uint32_t >
ripple::ManifestDisposition::invalid
@ invalid
Timely, but invalid signature.
ripple::ManifestCache::getSequence
std::optional< std::uint32_t > getSequence(PublicKey const &pk) const
Returns master key's current manifest sequence.
Definition: app/misc/impl/Manifest.cpp:311
ripple::ManifestDisposition::accepted
@ accepted
Manifest is valid.
ripple::Manifest::sequence
std::uint32_t sequence
The sequence number of this manifest.
Definition: Manifest.h:92
ripple::ManifestCache
Remembers manifests with the highest sequence number.
Definition: Manifest.h:225
ripple::ManifestCache::getManifest
std::optional< std::string > getManifest(PublicKey const &pk) const
Returns mainfest corresponding to a given public key.
Definition: app/misc/impl/Manifest.cpp:335
ripple::ManifestCache::getDomain
std::optional< std::string > getDomain(PublicKey const &pk) const
Returns domain claimed by a given public key.
Definition: app/misc/impl/Manifest.cpp:323
ripple::ManifestDisposition::stale
@ stale
Sequence is too old.
ripple
Use hash_* containers for keys that do not need a cryptographically secure hashing algorithm.
Definition: RCLCensorshipDetector.h:29
ripple::ManifestCache::ManifestCache
ManifestCache(beast::Journal j=beast::Journal(beast::Journal::getNullSink()))
Definition: Manifest.h:240
ripple::Manifest::operator=
Manifest & operator=(Manifest const &other)=delete
ripple::DatabaseCon
Definition: DatabaseCon.h:81
ripple::Manifest::hash
uint256 hash() const
Returns hash of serialized manifest data.
Definition: app/misc/impl/Manifest.cpp:203
optional
ripple::to_string
std::string to_string(Manifest const &m)
Format the specified manifest to a string for debugging purposes.
Definition: app/misc/impl/Manifest.cpp:41
ripple::ManifestCache::load
bool load(DatabaseCon &dbCon, std::string const &dbTable, std::string const &configManifest, std::vector< std::string > const &configRevocation)
Populate manifest cache with manifests in database and config.
Definition: app/misc/impl/Manifest.cpp:516
ripple::ManifestCache::applyManifest
ManifestDisposition applyManifest(Manifest m)
Add manifest to cache.
Definition: app/misc/impl/Manifest.cpp:359
shared_mutex
std::unordered_map
STL class.
ripple::deserializeManifest
std::optional< Manifest > deserializeManifest(Slice s)
Constructs Manifest from serialized string.
Definition: app/misc/impl/Manifest.cpp:53
ripple::ValidatorToken::validationSecret
SecretKey validationSecret
Definition: Manifest.h:179
std::shared_lock
STL class.
ripple::ManifestCache::sequence
std::uint32_t sequence() const
A monotonically increasing number used to detect new manifests.
Definition: Manifest.h:248
string
Generated by   doxygen 1.8.17