microsoft · achamayou · Jun 27, 2024 · Jun 27, 2024 · Jun 27, 2024 · Jun 27, 2024
@@ -17,6 +17,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.
  - `::threading` is now `ccf::threading`, and `ccf/ds/thread_ids.h` has moved to `ccf/threading/thread_ids.h`
  - `::consensus` is now `ccf::consensus`
  - `::tls` is now `ccf::tls`
+ - `::crypto` is now `ccf::crypto`
 - The `programmability` sample app now demonstrates how applications can define their own extensions, creating bindings between C++ and JS state, and allowing JS endpoints to call functions implemented in C++.
 - Introduce `DynamicJSEndpointRegistry::record_action_for_audit_v1` and `DynamicJSEndpointRegistry::check_action_not_replayed_v1` to allow an application making use of the programmability feature to easily implement auditability, and protect users allowed to update the application against replay attacks (#6285).
 - Endpoints now support a `ToBackup` redirection strategy, for requests which should never be executed on a primary. These must also be read-only. These are configured similar to `ToPrimary` endpoints, with a `to_backup` object (specifying by-role or statically-addressed targets) in each node's configuration.

@@ -39,9 +39,9 @@ The following table describes the structure of a serialised transaction as it is
 + +------------------------------------------+-------------------------------------------------------------------------+
 | | :cpp:type:`kv::Version` | Transaction version |
 + +------------------------------------------+-------------------------------------------------------------------------+
-| | :cpp:type:`crypto::Sha256Hash` | User-defined claims digest, when entry type is WriteSetWith.*Claims |
+| | :cpp:type:`ccf::crypto::Sha256Hash` | User-defined claims digest, when entry type is WriteSetWith.*Claims |
 + +------------------------------------------+-------------------------------------------------------------------------+
-| | :cpp:type:`crypto::Sha256Hash` | Commit evidence digest, when entry type is WriteSetWithCommitEvidence.* |
+| | :cpp:type:`ccf::crypto::Sha256Hash` | Commit evidence digest, when entry type is WriteSetWithCommitEvidence.* |
 + +------------------------------------------+-------------------------------------------------------------------------+
 | | :cpp:type:`kv::Version` | Unused, reserved for compatibility |
 + +------------------------------------------+-------------------------------------------------------------------------+

@@ -8,17 +8,17 @@ For convenience, CCF provides access to commonly used cryptographic primitives t
 Hashing
 -------
 
-.. doxygenfunction:: crypto::sha256(const std::vector<uint8_t> &data)
+.. doxygenfunction:: ccf::crypto::sha256(const std::vector<uint8_t> &data)
  :project: CCF
 
-.. doxygenfunction:: crypto::hmac(MDType, const std::vector<uint8_t>&, const std::vector<uint8_t>&)
+.. doxygenfunction:: ccf::crypto::hmac(MDType, const std::vector<uint8_t>&, const std::vector<uint8_t>&)
  :project: CCF
 
-.. doxygenClass:: crypto::HashProvider
+.. doxygenClass:: ccf::crypto::HashProvider
  :project: CCF
  :members:
 
-.. doxygenfunction:: crypto::make_hash_provider
+.. doxygenfunction:: ccf::crypto::make_hash_provider
  :project: CCF
 
 
@@ -27,49 +27,49 @@ Asymmetric Keys
 
 CCF supports EC and RSA keys; public keys are held in (RSA)PublicKey objects and
 private keys in (RSA)KeyPair objects. (RSA)KeyPairs automatically generate random
-keys when constructed via :cpp:func:`KeyPairPtr crypto::make_key_pair(CurveID)` or
-:cpp:func:`RSAKeyPairPtr crypto::make_rsa_key_pair(size_t, size_t)`.
+keys when constructed via :cpp:func:`KeyPairPtr ccf::crypto::make_key_pair(CurveID)` or
+:cpp:func:`RSAKeyPairPtr ccf::crypto::make_rsa_key_pair(size_t, size_t)`.
 
-.. doxygenclass:: crypto::PublicKey
+.. doxygenclass:: ccf::crypto::PublicKey
  :project: CCF
  :members:
 
-.. doxygenclass:: crypto::KeyPair
+.. doxygenclass:: ccf::crypto::KeyPair
  :project: CCF
  :members:
 
-.. doxygenclass:: crypto::RSAPublicKey
+.. doxygenclass:: ccf::crypto::RSAPublicKey
  :project: CCF
  :members:
 
-.. doxygenclass:: crypto::RSAKeyPair
+.. doxygenclass:: ccf::crypto::RSAKeyPair
  :project: CCF
  :members:
 
-.. doxygenenum:: crypto::CurveID
+.. doxygenenum:: ccf::crypto::CurveID
  :project: CCF
 
-.. doxygenfunction:: crypto::make_key_pair(CurveID)
+.. doxygenfunction:: ccf::crypto::make_key_pair(CurveID)
  :project: CCF
 
-.. doxygenfunction:: crypto::make_key_pair(const Pem&)
+.. doxygenfunction:: ccf::crypto::make_key_pair(const Pem&)
  :project: CCF
 
-.. doxygenfunction:: crypto::make_rsa_key_pair(size_t, size_t)
+.. doxygenfunction:: ccf::crypto::make_rsa_key_pair(size_t, size_t)
  :project: CCF
 
 Symmetric Keys
 --------------------
 
-Currently, only AES-GCM is supported for symmetric encryption. New keys are generated via :cpp:func:`crypto::Entropy::random`
+Currently, only AES-GCM is supported for symmetric encryption. New keys are generated via :cpp:func:`ccf::crypto::Entropy::random`
 
-.. doxygenfunction:: crypto::aes_gcm_encrypt
+.. doxygenfunction:: ccf::crypto::aes_gcm_encrypt
  :project: CCF
 
-.. doxygenfunction:: crypto::aes_gcm_decrypt
+.. doxygenfunction:: ccf::crypto::aes_gcm_decrypt
  :project: CCF
 
-.. doxygenclass:: crypto::Entropy
+.. doxygenclass:: ccf::crypto::Entropy
  :project: CCF
  :members:
 
@@ -78,7 +78,7 @@ Signatures
 
 Verification of signatures is supported via the :cpp:class:`Verifier` class.
 
-.. doxygenclass:: crypto::Verifier
+.. doxygenclass:: ccf::crypto::Verifier
  :project: CCF
  :members:
 
@@ -88,36 +88,36 @@ Key Wrapping
 
 PKCS11 2.1.8 CKM_RSA_PKCS_OAEP
 
-.. doxygenfunction:: crypto::ckm_rsa_pkcs_oaep_wrap(RSAPublicKeyPtr, const std::vector<uint8_t>&, const std::optional<std::vector<uint8_t>>&)
+.. doxygenfunction:: ccf::crypto::ckm_rsa_pkcs_oaep_wrap(RSAPublicKeyPtr, const std::vector<uint8_t>&, const std::optional<std::vector<uint8_t>>&)
  :project: CCF
 
-.. doxygenfunction:: crypto::ckm_rsa_pkcs_oaep_wrap(const Pem&, const std::vector<uint8_t>&, const std::optional<std::vector<uint8_t>>&)
+.. doxygenfunction:: ccf::crypto::ckm_rsa_pkcs_oaep_wrap(const Pem&, const std::vector<uint8_t>&, const std::optional<std::vector<uint8_t>>&)
  :project: CCF
 
-.. doxygenfunction:: crypto::ckm_rsa_pkcs_oaep_unwrap(RSAKeyPairPtr, const std::vector<uint8_t>&, const std::optional<std::vector<uint8_t>>&)
+.. doxygenfunction:: ccf::crypto::ckm_rsa_pkcs_oaep_unwrap(RSAKeyPairPtr, const std::vector<uint8_t>&, const std::optional<std::vector<uint8_t>>&)
  :project: CCF
 
-.. doxygenfunction:: crypto::ckm_rsa_pkcs_oaep_unwrap(const Pem&, const std::vector<uint8_t>&, const std::optional<std::vector<uint8_t>>&)
+.. doxygenfunction:: ccf::crypto::ckm_rsa_pkcs_oaep_unwrap(const Pem&, const std::vector<uint8_t>&, const std::optional<std::vector<uint8_t>>&)
  :project: CCF
 
 PKCS11 2.14.3 CKM_AES_KEY_WRAP_PAD (RFC 5649)
 
-.. doxygenfunction:: crypto::ckm_aes_key_wrap_pad
+.. doxygenfunction:: ccf::crypto::ckm_aes_key_wrap_pad
  :project: CCF
 
-.. doxygenfunction:: crypto::ckm_aes_key_unwrap_pad
+.. doxygenfunction:: ccf::crypto::ckm_aes_key_unwrap_pad
  :project: CCF
 
 PKCS11 2.1.21 CKM_RSA_AES_KEY_WRAP
 
-.. doxygenfunction:: crypto::ckm_rsa_aes_key_wrap(size_t, RSAPublicKeyPtr, const std::vector<uint8_t>&, const std::optional<std::vector<uint8_t>>&)
+.. doxygenfunction:: ccf::crypto::ckm_rsa_aes_key_wrap(size_t, RSAPublicKeyPtr, const std::vector<uint8_t>&, const std::optional<std::vector<uint8_t>>&)
  :project: CCF
 
-.. doxygenfunction:: crypto::ckm_rsa_aes_key_wrap(size_t, const Pem&, const std::vector<uint8_t>&, const std::optional<std::vector<uint8_t>>&)
+.. doxygenfunction:: ccf::crypto::ckm_rsa_aes_key_wrap(size_t, const Pem&, const std::vector<uint8_t>&, const std::optional<std::vector<uint8_t>>&)
  :project: CCF
 
-.. doxygenfunction:: crypto::ckm_rsa_aes_key_unwrap(RSAKeyPairPtr, const std::vector<uint8_t>&, const std::optional<std::vector<uint8_t>>&)
+.. doxygenfunction:: ccf::crypto::ckm_rsa_aes_key_unwrap(RSAKeyPairPtr, const std::vector<uint8_t>&, const std::optional<std::vector<uint8_t>>&)
  :project: CCF
 
-.. doxygenfunction:: crypto::ckm_rsa_aes_key_unwrap(const Pem&, const std::vector<uint8_t>&, const std::optional<std::vector<uint8_t>>&)
+.. doxygenfunction:: ccf::crypto::ckm_rsa_aes_key_unwrap(const Pem&, const std::vector<uint8_t>&, const std::optional<std::vector<uint8_t>>&)
  :project: CCF
@@ -228,14 +228,16 @@ namespace ccf
  /** Get the certificate (PEM) of a given user id.
  */
  ApiResult get_user_cert_v1(
- kv::ReadOnlyTx& tx, const UserId& user_id, crypto::Pem& user_cert_pem);
+ kv::ReadOnlyTx& tx,
+ const UserId& user_id,
+ ccf::crypto::Pem& user_cert_pem);
 
  /** Get the certificate (PEM) of a given member id.
  */
  ApiResult get_member_cert_v1(
  kv::ReadOnlyTx& tx,
  const MemberId& member_id,
- crypto::Pem& member_cert_pem);
+ ccf::crypto::Pem& member_cert_pem);
 
  /** Get untrusted time from the host of the currently executing node.
  */

@@ -9,7 +9,7 @@ namespace ccf
  class ClaimsDigest
  {
  public:
- using Digest = crypto::Sha256Hash;
+ using Digest = ccf::crypto::Sha256Hash;
 
  private:
  bool is_set = false;

@@ -5,7 +5,7 @@
 #include <string>
 #include <vector>
 
-namespace crypto
+namespace ccf::crypto
 {
  std::vector<uint8_t> raw_from_b64(const std::string_view& b64_string);
 

@@ -9,7 +9,7 @@
 
 #include <chrono>
 
-namespace crypto
+namespace ccf::crypto
 {
  class COSEVerifier
  {

@@ -11,7 +11,7 @@
 #include <stdexcept>
 #include <string>
 
-namespace crypto
+namespace ccf::crypto
 {
  // SNIPPET_START: supported_curves
  enum class CurveID

@@ -6,7 +6,7 @@
 
 #include <vector>
 
-namespace crypto
+namespace ccf::crypto
 {
  /** Converts R and S signature parameters to RFC 3279 DER
  * encoding.

@@ -16,7 +16,7 @@
 #include <string>
 #include <vector>
 
-namespace crypto
+namespace ccf::crypto
 {
  class EdDSAKeyPair
  {

@@ -10,7 +10,7 @@
 #include <string>
 #include <vector>
 
-namespace crypto
+namespace ccf::crypto
 {
  class EdDSAPublicKey
  {

@@ -27,7 +27,7 @@
 // issue.`
 #define RDRAND_RETRIES 10
 
-namespace crypto
+namespace ccf::crypto
 {
  using rng_func_t = int (*)(void* ctx, unsigned char* output, size_t len);
 

@@ -5,7 +5,7 @@
 #include <cstdint>
 #include <vector>
 
-namespace crypto
+namespace ccf::crypto
 {
  using HashBytes = std::vector<uint8_t>;
 }
@@ -11,7 +11,7 @@
 #include <iostream>
 #include <vector>
 
-namespace crypto
+namespace ccf::crypto
 {
  class HashProvider
  {

@@ -7,7 +7,7 @@
 #include <span>
 #include <vector>
 
-namespace crypto
+namespace ccf::crypto
 {
  /** Perform HKDF key derivation */
  std::vector<uint8_t> hkdf(

@@ -5,7 +5,7 @@
 #include "ccf/crypto/hash_bytes.h"
 #include "ccf/crypto/md_type.h"
 
-namespace crypto
+namespace ccf::crypto
 {
  /** Compute the HMAC of @p key and @p data
  */

@@ -8,7 +8,7 @@
 
 #include <string>
 
-namespace crypto
+namespace ccf::crypto
 {
  enum class JsonWebKeyType
  {

@@ -13,7 +13,7 @@
 #include <string>
 #include <vector>
 
-namespace crypto
+namespace ccf::crypto
 {
  class KeyPair
  {

@@ -9,7 +9,7 @@
 #include <cstdint>
 #include <vector>
 
-namespace crypto
+namespace ccf::crypto
 {
  /// PKCS11 2.1.8 CKM_RSA_PKCS_OAEP wrap
  /// @param wrapping_key The wrapping (encryption) key

@@ -4,7 +4,7 @@
 
 #include "ccf/ds/json.h"
 
-namespace crypto
+namespace ccf::crypto
 {
  enum class MDType
  {

@@ -11,7 +11,7 @@
 #include <string_view>
 #include <vector>
 
-namespace crypto
+namespace ccf::crypto
 {
  // Convenience class ensuring null termination of PEM-encoded certificates
  class Pem
@@ -128,11 +128,11 @@ namespace crypto
  return "Pem";
  }
 
- static std::vector<crypto::Pem> split_x509_cert_bundle(
+ static std::vector<ccf::crypto::Pem> split_x509_cert_bundle(
  const std::string_view& pem)
  {
  std::string separator("-----END CERTIFICATE-----");
- std::vector<crypto::Pem> pems;
+ std::vector<ccf::crypto::Pem> pems;
  auto separator_end = 0;
  auto next_separator_start = pem.find(separator);
  while (next_separator_start != std::string_view::npos)
@@ -154,9 +154,9 @@ namespace crypto
 namespace std
 {
  template <>
- struct hash<crypto::Pem>
+ struct hash<ccf::crypto::Pem>
  {
- size_t operator()(const crypto::Pem& pem) const
+ size_t operator()(const ccf::crypto::Pem& pem) const
  {
  return std::hash<std::string>()(pem.str());
  }

@@ -13,7 +13,7 @@
 #include <string>
 #include <vector>
 
-namespace crypto
+namespace ccf::crypto
 {
  class PublicKey
  {

@@ -12,7 +12,7 @@
 #include <string>
 #include <vector>
 
-namespace crypto
+namespace ccf::crypto
 {
  class RSAKeyPair
  {

@@ -10,7 +10,7 @@
 #include <string>
 #include <vector>
 
-namespace crypto
+namespace ccf::crypto
 {
  class RSAPublicKey
  {