zzy34407230
/
mindspore2022
Not watched
1
0
Fork 0
Code
Releases 22 Wiki evaluate Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain HPC
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
Tree: 7afcdfd211
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '7afcdfd211'
${ noResults }
mindspore2022/mindspore/ccsrc/fl/server/cert_verify.h

111 lines
4.0 kB
Raw Blame History 

  1. /**

  2.  * Copyright 2020 Huawei Technologies Co., Ltd

  3.  *

  4.  * Licensed under the Apache License, Version 2.0 (the "License");

  5.  * you may not use this file except in compliance with the License.

  6.  * You may obtain a copy of the License at

  7.  *

  8.  * http://www.apache.org/licenses/LICENSE-2.0

  9.  *

  10.  * Unless required by applicable law or agreed to in writing, software

  11.  * distributed under the License is distributed on an "AS IS" BASIS,

  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13.  * See the License for the specific language governing permissions and

  14.  * limitations under the License.

  15.  */

  16. 

  17. #ifndef MINDSPORE_CCSRC_FL_SERVER_CERT_VERIFY_H

  18. #define MINDSPORE_CCSRC_FL_SERVER_CERT_VERIFY_H

  19. 

  20. #include <assert.h>

  21. #ifndef _WIN32

  22. #include <openssl/evp.h>

  23. #include <openssl/rsa.h>

  24. #include <openssl/x509v3.h>

  25. #include <openssl/err.h>

  26. #include <openssl/pem.h>

  27. #include <openssl/sha.h>

  28. #endif

  29. #include <iostream>

  30. #include <fstream>

  31. #include <string>

  32. #include "utils/log_adapter.h"

  33. #include "fl/server/common.h"

  34. 

  35. namespace mindspore {

  36. namespace ps {

  37. namespace server {

  38. class CertVerify {

  39.  public:

  40.   static CertVerify &GetInstance() {

  41.     static CertVerify instance;

  42.     return instance;

  43.   }

  44. 

  45.   CertVerify() {}

  46.   ~CertVerify() = default;

  47. 

  48.   bool verifyCertAndSign(const std::string &flID, const std::string &timeStamp, const unsigned char *signData,

  49.                          const std::string &keyAttestation, const std::string &equipCert,

  50.                          const std::string &equipCACert, const std::string &rootFirstCAPath,

  51.                          const std::string &rootSecondCAPath, const std::string &equipCrlPath);

  52. 

  53.   static bool initRootCertAndCRL(const std::string rootFirstCaFilePath, const std::string rootSecondCaFilePath,

  54.                                  const std::string equipCrlPath, uint64_t replay_attack_time_diff_);

  55. 

  56.   // verify valid of sign data

  57.   bool verifyRSAKey(const std::string &keyAttestation, const uint8_t *srcData, const uint8_t *signData, int srcDataLen);

  58. 

  59.   void sha256Hash(const uint8_t *src, const int src_len, uint8_t *hash, const int len) const;

  60. 

  61.   // verify valid of time stamp of request

  62.   bool verifyTimeStamp(const std::string &flID, const std::string &timeStamp) const;

  63. 

  64. #ifndef _WIN32

  65. 

  66.  private:

  67.   // read certificate from file path

  68.   static X509 *readCertFromFile(const std::string &certPath);

  69. 

  70.   // read Certificate Revocation List from file absolute path

  71.   static X509_CRL *readCrlFromFile(const std::string &crlPath);

  72. 

  73.   // read certificate from pem string

  74.   X509 *readCertFromPerm(std::string cert);

  75. 

  76.   // verify valid of certificate time

  77.   bool verifyCertTime(const X509 *cert) const;

  78. 

  79.   // verify valid of certificate chain

  80.   bool verifyCAChain(const std::string &keyAttestation, const std::string &equipCert, const std::string &equipCACert,

  81.                      const std::string &rootFirstCAPath, const std::string &rootSecondCAPath);

  82. 

  83.   // verify valid of sign data

  84.   bool verifyRSAKey(const std::string &keyAttestation, const unsigned char *signData, const std::string &flID,

  85.                     const std::string &timeStamp);

  86. 

  87.   // verify valid of equip certificate with CRL

  88.   bool verifyCRL(const std::string &equipCert, const std::string &equipCrlPath);

  89. 

  90.   // verify valid of flID with sha256(equip cert)

  91.   bool verifyEquipCertAndFlID(const std::string &flID, const std::string &equipCert);

  92. 

  93.   void sha256Hash(const std::string &src, uint8_t *hash, const int len) const;

  94. 

  95.   std::string toHexString(const unsigned char *data, const int len);

  96. 

  97.   bool verifyCertCommonName(const X509 *caCert, const X509 *subCert) const;

  98. 

  99.   bool verifyExtendedAttributes(const X509 *cert) const;

  100. 

  101.   bool verifyCertKeyID(const X509 *caCert, const X509 *subCert) const;

  102. 

  103.   bool verifyPublicKey(const X509 *keyAttestationCertObj, const X509 *equipCertObj, const X509 *equipCACertObj,

  104.                        const X509 *rootFirstCA, const X509 *rootSecondCA) const;

  105. #endif

  106. };

  107. }  // namespace server

  108. }  // namespace ps

  109. }  // namespace mindspore

  110. #endif  // MINDSPORE_CCSRC_FL_SERVER_CERT_VERIFY_H