Extend openssl wrappers for scitt (#6668)

include/ccf/ds/x509_time_fmt.h

@@ -11,7 +11,7 @@
 #include <time.h>
 #include <vector>
 
-namespace ds
+namespace ccf::ds
 {
   static inline std::string to_x509_time_string(const std::tm& time)
   {

src/crypto/certs.h

@@ -4,7 +4,7 @@
 
 #include "ccf/crypto/key_pair.h"
 #include "ccf/crypto/pem.h"
-#include "ds/x509_time_fmt.h"
+#include "ccf/ds/x509_time_fmt.h"
 
 #include <chrono>
 #include <string>
@@ -17,9 +17,9 @@ namespace ccf::crypto
     using namespace std::chrono_literals;
     // Note: As per RFC 5280, the validity period runs until "notAfter"
     // _inclusive_ so substract one second from the validity period.
-    auto valid_to = ::ds::time_point_from_string(valid_from) +
+    auto valid_to = ccf::ds::time_point_from_string(valid_from) +
       std::chrono::days(validity_period_days) - 1s;
-    return ::ds::to_x509_time_string(valid_to);
+    return ccf::ds::to_x509_time_string(valid_to);
   }
 
   static Pem create_self_signed_cert(

src/crypto/openssl/openssl_wrappers.h

@@ -6,8 +6,9 @@
 
 #define FMT_HEADER_ONLY
 
+#include "ccf/ds/x509_time_fmt.h"
+
 #include <chrono>
-#include <ds/x509_time_fmt.h>
 #include <fmt/format.h>
 #include <memory>
 #include <openssl/asn1.h>
@@ -360,7 +361,7 @@ namespace ccf::crypto
       Unique_X509_TIME(const std::string& s) :
         Unique_SSL_OBJECT(ASN1_TIME_new(), ASN1_TIME_free, /*check_null=*/false)
       {
-        auto t = ::ds::to_x509_time_string(s);
+        auto t = ccf::ds::to_x509_time_string(s);
         CHECK1(ASN1_TIME_set_string(*this, t.c_str()));
         CHECK1(ASN1_TIME_normalize(*this));
       }
@@ -368,7 +369,7 @@ namespace ccf::crypto
         Unique_SSL_OBJECT(t, ASN1_TIME_free, /*check_null=*/false)
       {}
       Unique_X509_TIME(const std::chrono::system_clock::time_point& t) :
-        Unique_X509_TIME(::ds::to_x509_time_string(t))
+        Unique_X509_TIME(ccf::ds::to_x509_time_string(t))
       {}
     };
 
@@ -424,5 +425,12 @@ namespace ccf::crypto
     {
       using Unique_SSL_OBJECT::Unique_SSL_OBJECT;
     };
+
+    struct Unique_EVP_PKEY
+      : public Unique_SSL_OBJECT<EVP_PKEY, EVP_PKEY_new, EVP_PKEY_free>
+    {
+      Unique_EVP_PKEY() = default;
+      Unique_EVP_PKEY(EVP_PKEY* key) : Unique_SSL_OBJECT(key, EVP_PKEY_free) {}
+    };
   }
 }

src/crypto/openssl/verifier.cpp

@@ -208,7 +208,7 @@ namespace ccf::crypto
     const std::chrono::system_clock::time_point& now) const
   {
     auto [from, to] = validity_period();
-    auto tp_to = ::ds::time_point_from_string(to);
+    auto tp_to = ccf::ds::time_point_from_string(to);
     return std::chrono::duration_cast<std::chrono::seconds>(tp_to - now)
              .count() +
       1;
@@ -218,8 +218,8 @@ namespace ccf::crypto
     const std::chrono::system_clock::time_point& now) const
   {
     auto [from, to] = validity_period();
-    auto tp_from = ::ds::time_point_from_string(from);
-    auto tp_to = ::ds::time_point_from_string(to);
+    auto tp_from = ccf::ds::time_point_from_string(from);
+    auto tp_to = ccf::ds::time_point_from_string(to);
     auto total_sec =
       std::chrono::duration_cast<std::chrono::seconds>(tp_to - tp_from)
         .count() +

src/crypto/openssl/x509_time.h

@@ -2,7 +2,7 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
-#include "ds/x509_time_fmt.h"
+#include "ccf/ds/x509_time_fmt.h"
 #include "openssl_wrappers.h"
 
 #include <openssl/asn1.h>
@@ -30,6 +30,6 @@ namespace ccf::crypto::OpenSSL
   {
     std::tm t;
     CHECK1(ASN1_TIME_to_tm(time, &t));
-    return ::ds::to_x509_time_string(t);
+    return ccf::ds::to_x509_time_string(t);
   }
 }

src/crypto/test/crypto.cpp

@@ -12,6 +12,7 @@
 #include "ccf/crypto/rsa_key_pair.h"
 #include "ccf/crypto/symmetric_key.h"
 #include "ccf/crypto/verifier.h"
+#include "ccf/ds/x509_time_fmt.h"
 #include "crypto/certs.h"
 #include "crypto/csr.h"
 #include "crypto/openssl/cose_sign.h"
@@ -21,7 +22,6 @@
 #include "crypto/openssl/symmetric_key.h"
 #include "crypto/openssl/verifier.h"
 #include "crypto/openssl/x509_time.h"
-#include "ds/x509_time_fmt.h"
 
 #include <chrono>
 #include <cstring>
@@ -189,7 +189,7 @@ ccf::crypto::Pem generate_self_signed_cert(
   constexpr size_t certificate_validity_period_days = 365;
   using namespace std::literals;
   auto valid_from =
-    ::ds::to_x509_time_string(std::chrono::system_clock::now() - 24h);
+    ccf::ds::to_x509_time_string(std::chrono::system_clock::now() - 24h);
 
   return ccf::crypto::create_self_signed_cert(
     kp, name, {}, valid_from, certificate_validity_period_days);
@@ -755,71 +755,71 @@ void run_csr(bool corrupt_csr = false)
 TEST_CASE("2-digit years")
 {
   auto time_str = "220405175422Z";
-  auto tp = ::ds::time_point_from_string(time_str);
-  auto conv = ::ds::to_x509_time_string(tp);
+  auto tp = ccf::ds::time_point_from_string(time_str);
+  auto conv = ccf::ds::to_x509_time_string(tp);
   REQUIRE(conv == std::string("20") + time_str);
 }
 
 TEST_CASE("Non-ASN.1 timepoint formats")
 {
   auto time_str = "2022-04-05 18:53:27";
-  auto tp = ::ds::time_point_from_string(time_str);
-  auto conv = ::ds::to_x509_time_string(tp);
+  auto tp = ccf::ds::time_point_from_string(time_str);
+  auto conv = ccf::ds::to_x509_time_string(tp);
   REQUIRE(conv == "20220405185327Z");
 
   time_str = "2022-04-05 18:53:27.190380";
-  tp = ::ds::time_point_from_string(time_str);
-  conv = ::ds::to_x509_time_string(tp);
+  tp = ccf::ds::time_point_from_string(time_str);
+  conv = ccf::ds::to_x509_time_string(tp);
   REQUIRE(conv == "20220405185327Z");
 
   time_str = "2022-04-05 18:53:27 +03:00";
-  tp = ::ds::time_point_from_string(time_str);
-  conv = ::ds::to_x509_time_string(tp);
+  tp = ccf::ds::time_point_from_string(time_str);
+  conv = ccf::ds::to_x509_time_string(tp);
   REQUIRE(conv == "20220405155327Z");
 
   time_str = "2022-04-05 18:53:27 +0300";
-  tp = ::ds::time_point_from_string(time_str);
-  conv = ::ds::to_x509_time_string(tp);
+  tp = ccf::ds::time_point_from_string(time_str);
+  conv = ccf::ds::to_x509_time_string(tp);
   REQUIRE(conv == "20220405155327Z");
 
   time_str = "2022-04-05 18:53:27.190380+03:00";
-  tp = ::ds::time_point_from_string(time_str);
-  conv = ::ds::to_x509_time_string(tp);
+  tp = ccf::ds::time_point_from_string(time_str);
+  conv = ccf::ds::to_x509_time_string(tp);
   REQUIRE(conv == "20220405155327Z");
 
   time_str = "2022-04-05 18:53:27 -03:00";
-  tp = ::ds::time_point_from_string(time_str);
-  conv = ::ds::to_x509_time_string(tp);
+  tp = ccf::ds::time_point_from_string(time_str);
+  conv = ccf::ds::to_x509_time_string(tp);
   REQUIRE(conv == "20220405215327Z");
 
   time_str = "2022-04-07T10:37:49.567612";
-  tp = ::ds::time_point_from_string(time_str);
-  conv = ::ds::to_x509_time_string(tp);
+  tp = ccf::ds::time_point_from_string(time_str);
+  conv = ccf::ds::to_x509_time_string(tp);
   REQUIRE(conv == "20220407103749Z");
 
   time_str = "2022-04-07T10:37:49.567612+03:00";
-  tp = ::ds::time_point_from_string(time_str);
-  conv = ::ds::to_x509_time_string(tp);
+  tp = ccf::ds::time_point_from_string(time_str);
+  conv = ccf::ds::to_x509_time_string(tp);
   REQUIRE(conv == "20220407073749Z");
 
   time_str = "2022-04-07T10:37:49.567612Z";
-  tp = ::ds::time_point_from_string(time_str);
-  conv = ::ds::to_x509_time_string(tp);
+  tp = ccf::ds::time_point_from_string(time_str);
+  conv = ccf::ds::to_x509_time_string(tp);
   REQUIRE(conv == "20220407103749Z");
 
   time_str = "220425165619+0000";
-  tp = ::ds::time_point_from_string(time_str);
-  conv = ::ds::to_x509_time_string(tp);
+  tp = ccf::ds::time_point_from_string(time_str);
+  conv = ccf::ds::to_x509_time_string(tp);
   REQUIRE(conv == "20220425165619Z");
 
   time_str = "220425165619+0200";
-  tp = ::ds::time_point_from_string(time_str);
-  conv = ::ds::to_x509_time_string(tp);
+  tp = ccf::ds::time_point_from_string(time_str);
+  conv = ccf::ds::to_x509_time_string(tp);
   REQUIRE(conv == "20220425145619Z");
 
   time_str = "20220425165619-0300";
-  tp = ::ds::time_point_from_string(time_str);
-  conv = ::ds::to_x509_time_string(tp);
+  tp = ccf::ds::time_point_from_string(time_str);
+  conv = ccf::ds::to_x509_time_string(tp);
   REQUIRE(conv == "20220425195619Z");
 }
 
@@ -987,9 +987,9 @@ TEST_CASE("x509 time")
       auto to = ccf::crypto::OpenSSL::Unique_X509_TIME(adjusted_time);
 
       // Convert to string and back to time_points
-      auto from_conv = ::ds::time_point_from_string(
+      auto from_conv = ccf::ds::time_point_from_string(
         ccf::crypto::OpenSSL::to_x509_time_string(from));
-      auto to_conv = ::ds::time_point_from_string(
+      auto to_conv = ccf::ds::time_point_from_string(
         ccf::crypto::OpenSSL::to_x509_time_string(to));
 
       // Diff is still the same amount of days
@@ -1007,7 +1007,7 @@ TEST_CASE("x509 time")
     for (auto const& days_offset : days_offsets)
     {
       auto adjusted_time = time + std::chrono::days(days_offset);
-      auto adjusted_str = ::ds::to_x509_time_string(adjusted_time);
+      auto adjusted_str = ccf::ds::to_x509_time_string(adjusted_time);
       auto asn1_time = ccf::crypto::OpenSSL::Unique_X509_TIME(adjusted_str);
       auto converted_str = ccf::crypto::OpenSSL::to_x509_time_string(asn1_time);
       REQUIRE(converted_str == adjusted_str);

src/crypto/test/kp_cert.cpp

@@ -7,7 +7,8 @@
 #include <CLI11/CLI11.hpp>
 
 constexpr size_t certificate_validity_period_days = 365;
-auto valid_from = ::ds::to_x509_time_string(std::chrono::system_clock::now());
+auto valid_from =
+  ccf::ds::to_x509_time_string(std::chrono::system_clock::now());
 auto valid_to = ccf::crypto::compute_cert_valid_to_string(
   valid_from, certificate_validity_period_days);
 

src/endpoints/authentication/cert_auth.cpp

@@ -3,13 +3,13 @@
 
 #include "ccf/endpoints/authentication/cert_auth.h"
 
+#include "ccf/ds/x509_time_fmt.h"
 #include "ccf/pal/locking.h"
 #include "ccf/rpc_context.h"
 #include "ccf/service/tables/members.h"
 #include "ccf/service/tables/nodes.h"
 #include "ccf/service/tables/users.h"
 #include "ds/lru.h"
-#include "ds/x509_time_fmt.h"
 #include "enclave/enclave_time.h"
 
 namespace ccf
@@ -49,12 +49,12 @@ namespace ccf
 
         const auto valid_from_unix_time =
           duration_cast<seconds>(
-            ::ds::time_point_from_string(valid_from_timestring)
+            ccf::ds::time_point_from_string(valid_from_timestring)
               .time_since_epoch())
             .count();
         const auto valid_to_unix_time =
           duration_cast<seconds>(
-            ::ds::time_point_from_string(valid_to_timestring)
+            ccf::ds::time_point_from_string(valid_to_timestring)
               .time_since_epoch())
             .count();
 

src/host/main.cpp

@@ -3,6 +3,7 @@
 
 #include "ccf/ds/logger.h"
 #include "ccf/ds/unit_strings.h"
+#include "ccf/ds/x509_time_fmt.h"
 #include "ccf/pal/attestation.h"
 #include "ccf/pal/platform.h"
 #include "ccf/version.h"
@@ -13,7 +14,6 @@
 #include "ds/non_blocking.h"
 #include "ds/nonstd.h"
 #include "ds/oversized.h"
-#include "ds/x509_time_fmt.h"
 #include "enclave.h"
 #include "handle_ring_buffer.h"
 #include "host/env.h"
@@ -593,7 +593,7 @@ int main(int argc, char** argv)
     LOG_INFO_FMT("Startup host time: {}", startup_host_time);
 
     startup_config.startup_host_time =
-      ::ds::to_x509_time_string(startup_host_time);
+      ccf::ds::to_x509_time_string(startup_host_time);
 
     if (config.command.type == StartType::Start)
     {

src/node/rpc/test/frontend_test_infra.h

@@ -31,7 +31,7 @@ using TResponse = ::http::SimpleResponseProcessor::Response;
 constexpr size_t certificate_validity_period_days = 365;
 using namespace std::literals;
 auto valid_from =
-  ::ds::to_x509_time_string(std::chrono::system_clock::now() - 24h);
+  ccf::ds::to_x509_time_string(std::chrono::system_clock::now() - 24h);
 auto valid_to = ccf::crypto::compute_cert_valid_to_string(
   valid_from, certificate_validity_period_days);
 
@@ -118,7 +118,7 @@ std::unique_ptr<ccf::NetworkIdentity> make_test_network_ident()
 {
   using namespace std::literals;
   const auto valid_from =
-    ::ds::to_x509_time_string(std::chrono::system_clock::now() - 24h);
+    ccf::ds::to_x509_time_string(std::chrono::system_clock::now() - 24h);
   return std::make_unique<ReplicatedNetworkIdentity>(
     "CN=CCF test network",
     ccf::crypto::service_identity_curve_choice,

src/node/test/channels.cpp

@@ -79,12 +79,13 @@ static std::pair<std::string, size_t> make_validity_pair(bool expired)
   if (expired)
   {
     return std::make_pair(
-      ::ds::to_x509_time_string(now - std::chrono::days(2 * validity_days)),
+      ccf::ds::to_x509_time_string(now - std::chrono::days(2 * validity_days)),
       validity_days);
   }
   else
   {
-    return std::make_pair(::ds::to_x509_time_string(now - 24h), validity_days);
+    return std::make_pair(
+      ccf::ds::to_x509_time_string(now - 24h), validity_days);
   }
 }
 

src/node/test/historical_queries.cpp

@@ -31,7 +31,7 @@ using NumToString = ccf::kv::Map<size_t, std::string>;
 constexpr size_t certificate_validity_period_days = 365;
 using namespace std::literals;
 auto valid_from =
-  ::ds::to_x509_time_string(std::chrono::system_clock::now() - 24h);
+  ccf::ds::to_x509_time_string(std::chrono::system_clock::now() - 24h);
 
 auto valid_to = ccf::crypto::compute_cert_valid_to_string(
   valid_from, certificate_validity_period_days);

src/node/test/history.cpp

@@ -4,10 +4,10 @@
 
 #include "ccf/app_interface.h"
 #include "ccf/ds/logger.h"
+#include "ccf/ds/x509_time_fmt.h"
 #include "ccf/service/tables/nodes.h"
 #include "crypto/certs.h"
 #include "crypto/openssl/hash.h"
-#include "ds/x509_time_fmt.h"
 #include "kv/kv_types.h"
 #include "kv/store.h"
 #include "kv/test/null_encryptor.h"
@@ -26,7 +26,7 @@ using MapT = ccf::kv::Map<size_t, size_t>;
 constexpr size_t certificate_validity_period_days = 365;
 using namespace std::literals;
 auto valid_from =
-  ::ds::to_x509_time_string(std::chrono::system_clock::now() - 24h);
+  ccf::ds::to_x509_time_string(std::chrono::system_clock::now() - 24h);
 
 auto valid_to = ccf::crypto::compute_cert_valid_to_string(
   valid_from, certificate_validity_period_days);

src/node/test/receipt.cpp

@@ -4,10 +4,10 @@
 #include "ccf/receipt.h"
 
 #include "ccf/crypto/key_pair.h"
+#include "ccf/ds/x509_time_fmt.h"
 #include "ccf/service/tables/nodes.h"
 #include "crypto/openssl/hash.h"
 #include "crypto/openssl/key_pair.h"
-#include "ds/x509_time_fmt.h"
 
 #include <doctest/doctest.h>
 #include <iostream>
@@ -31,9 +31,9 @@ void populate_receipt(std::shared_ptr<ccf::ProofReceipt> receipt)
 {
   using namespace std::literals;
   const auto valid_from =
-    ::ds::to_x509_time_string(std::chrono::system_clock::now() - 1h);
+    ccf::ds::to_x509_time_string(std::chrono::system_clock::now() - 1h);
   const auto valid_to =
-    ::ds::to_x509_time_string(std::chrono::system_clock::now() + 1h);
+    ccf::ds::to_x509_time_string(std::chrono::system_clock::now() + 1h);
 
   auto node_kp = ccf::crypto::make_key_pair();
   auto node_cert = node_kp->self_sign("CN=node", valid_from, valid_to);

src/tls/test/main.cpp

@@ -223,7 +223,7 @@ static ccf::crypto::Pem generate_self_signed_cert(
   using namespace std::literals;
   constexpr size_t certificate_validity_period_days = 365;
   auto valid_from =
-    ::ds::to_x509_time_string(std::chrono::system_clock::now() - 24h);
+    ccf::ds::to_x509_time_string(std::chrono::system_clock::now() - 24h);
 
   return ccf::crypto::create_self_signed_cert(
     kp, name, {}, valid_from, certificate_validity_period_days);
@@ -239,7 +239,7 @@ static ccf::crypto::Pem generate_endorsed_cert(
 
   using namespace std::literals;
   auto valid_from =
-    ::ds::to_x509_time_string(std::chrono::system_clock::now() - 24h);
+    ccf::ds::to_x509_time_string(std::chrono::system_clock::now() - 24h);
 
   return ccf::crypto::create_endorsed_cert(
     kp,