YPC  0.2.0
allowance_interface.h
1 #pragma once
2 #include "ypc/core_t/analyzer/data_source.h"
3 #include "ypc/core_t/analyzer/interface/keymgr_interface.h"
4 #include "ypc/core_t/analyzer/internal/data_streams/multi_data_stream.h"
5 #include "ypc/core_t/analyzer/internal/data_streams/noinput_data_stream.h"
6 #include "ypc/core_t/analyzer/internal/data_streams/raw_data_stream.h"
7 #include "ypc/core_t/analyzer/internal/data_streams/sealed_data_stream.h"
8 #include "ypc/core_t/analyzer/var/data_source_var.h"
9 #include "ypc/core_t/analyzer/var/enclave_hash_var.h"
10 #include "ypc/core_t/analyzer/var/model_var.h"
11 #include "ypc/corecommon/allowance.h"
12 #include "ypc/stbox/ebyte.h"
13 
14 namespace ypc {
15 template <typename ModelT>
16 struct check_model_allowance : virtual public internal::model_var<ModelT> {
17 
18  typedef internal::model_var<ModelT> model_var_t;
19  uint32_t check_allowance_m(const std::vector<stbox::bytes> &checked_pkey) {
20 #ifdef DEBUG
21  LOG(INFO) << "expect allowance for model with hash: "
22  << model_var_t::m_model_hash << " with pkey "
23  << model_var_t::m_model_pkey;
24 #endif
25  for (auto pkey : checked_pkey) {
26  if (pkey == model_var_t::m_model_pkey + model_var_t::m_model_hash) {
27  return stbox::stx_status::success;
28  }
29  }
30  return stbox::stx_status::model_allowance_miss;
31  }
32 };
33 template <> struct check_model_allowance<void> {
34  uint32_t check_allowance_m(const std::vector<stbox::bytes> &checked_pkey) {
35  return stbox::stx_status::success;
36  }
37 };
38 
39 template <typename ModelT> struct ignore_model_allowance {
40  uint32_t check_allowance_m(const std::vector<stbox::bytes> &checked_pkey) {
41  return stbox::stx_status::success;
42  }
43 };
44 
45 template <typename DataSession> struct check_data_allowance {
46  uint32_t check_allowance_d(const std::vector<stbox::bytes> &checked_pkey) {
47  return stbox::stx_status::success;
48  }
49 };
50 template <>
51 struct check_data_allowance<sealed_data_stream>
52  : virtual public internal::data_source_var<sealed_data_stream> {
53  uint32_t check_allowance_d(const std::vector<stbox::bytes> &checked_pkey) {
54  typedef internal::data_source_var<sealed_data_stream> data_source_var_t;
55  stbox::bytes pkey = data_source_var_t::m_ds_use_pkey;
56  for (auto pk : checked_pkey) {
57  if (pk == pkey) {
58  return stbox::stx_status::success;
59  }
60  }
61 
62  LOG(ERROR) << "data source "
63  << data_source_var_t::m_datasource->expect_data_hash()
64  << " have no allowance";
65  return stbox::stx_status::data_allowance_miss;
66  }
67 };
68 template <>
69 struct check_data_allowance<multi_data_stream>
70  : virtual public internal::data_source_var<multi_data_stream> {
71  uint32_t check_allowance_d(const std::vector<stbox::bytes> &checked_pkey) {
72  for (auto dsp : data_source_var<multi_data_stream>::m_ds_use_pkey) {
73  bool used = false;
74  for (auto pk : checked_pkey) {
75  if (pk == dsp) {
76  used = true;
77  break;
78  }
79  }
80  if (!used) {
81  LOG(ERROR) << "cannot find allowance to access data with pkey: " << dsp;
82  return stbox::stx_status::data_allowance_miss;
83  }
84  }
85  return stbox::stx_status::success;
86  }
87 };
88 
89 template <typename DataSession> struct ignore_data_allowance {
90  uint32_t check_allowance_d(const std::vector<stbox::bytes> &checked_pkey) {
91  return stbox::stx_status::success;
92  }
93 };
94 
95 namespace internal {
96 
97 template <typename Crypto, typename ModelT, typename DataSession,
98  template <typename> class DataAllowancePolicy,
99  template <typename> class ModelAllowancePolicy>
100 struct check_allowance_interface
101  : virtual public ModelAllowancePolicy<ModelT>,
102  virtual public DataAllowancePolicy<DataSession>,
103  virtual public keymgr_interface<Crypto>,
104  virtual public enclave_hash_var {
105  typedef keymgr_interface<Crypto> keymgr_interface_t;
106  typedef nt<stbox::bytes> ntt;
107  typedef ModelAllowancePolicy<ModelT> model_checker_t;
108  typedef DataAllowancePolicy<DataSession> data_checker_t;
109 
110 public:
111  uint32_t check_allowance(const ntt::param_t &param) {
112  auto param_data = param.get<ntt::param_data>();
113  stbox::bytes param_hash;
114  auto ret = Crypto::hash_256(param_data, param_hash);
115 #ifdef DEBUG
116  LOG(INFO) << "param: " << param_data << ", param_hash: " << param_hash;
117 #endif
118  if (ret) {
119  LOG(ERROR) << "hash_256 failed: " << stbox::status_string(ret);
120  return ret;
121  }
122 
123  std::vector<stbox::bytes> checked_pkey;
124 
125  auto allowances = param.get<ntt::allowances>();
126 #ifdef DEBUG
127  LOG(INFO) << "to check " << allowances.size() << " allowances";
128 #endif
129  for (auto allowance_i : allowances) {
130  stbox::bytes pkey4v = allowance_i.get<ntt::pkey>();
131  if (pkey4v.size() != 0) {
132  stbox::bytes private_key;
133  stbox::bytes dian_pkey;
134  ret = keymgr_interface_t::request_private_key_for_public_key(
135  pkey4v, private_key, dian_pkey);
136  if (ret) {
137  LOG(ERROR) << "request_private_key failed: "
138  << stbox::status_string(ret);
139  return ret;
140  }
141 
142  stbox::bytes allow = allowance_i.get<ntt::signature>();
143  if (allow.size() == 0) {
144 #ifdef DEBUG
145  LOG(INFO) << "got empty allowance and ignore it for data: "
146  << allowance_i.get<ntt::data_hash>();
147 #endif
148  continue;
149  }
150 
151  stbox::bytes to_check_data =
152  param_hash + enclave_hash_var::m_enclave_hash + dian_pkey +
153  allowance_i.get<ntt::data_hash>();
154 #ifdef DEBUG
155  LOG(INFO) << "to check allowance data " << to_check_data
156  << ", allow: " << allow;
157 #endif
158 
159  ret = allowance<Crypto>::check(private_key, to_check_data, allow);
160  if (ret) {
161  LOG(INFO) << "to check data: " << to_check_data;
162  LOG(WARNING) << "check_allowance" << allow
163  << " failed: " << stbox::status_string(ret)
164  << ", ignore it";
165  } else {
166 #ifdef DEBUG
167  LOG(INFO) << "check allowance succ for data "
168  << allowance_i.get<ntt::data_hash>();
169 #endif
170  checked_pkey.push_back(pkey4v + allowance_i.get<ntt::data_hash>());
171  }
172  }
173  }
174 #ifdef DEBUG
175  LOG(INFO) << "check all allowances done, start check model allowance";
176 #endif
177 
178  ret = model_checker_t::check_allowance_m(checked_pkey);
179  if (ret) {
180  LOG(ERROR) << "check_model_allowance failed: "
181  << stbox::status_string(ret);
182  return ret;
183  }
184 #ifdef DEBUG
185  LOG(INFO) << "check model allowance done, start check data allowance";
186 #endif
187  ret = data_checker_t::check_allowance_d(checked_pkey);
188  if (ret) {
189  LOG(ERROR) << "check_data_allowance failed: "
190  << stbox::status_string(ret);
191  return ret;
192  }
193 #ifdef DEBUG
194  LOG(INFO) << "check allowance done";
195 #endif
196  return ret;
197  }
198 };
199 
200 } // namespace internal
201 } // namespace ypc
ypc::internal::check_allowance_interface
Definition: allowance_interface.h:100
ypc::internal::model_var
Definition: model_var.h:8
ypc::ignore_model_allowance
Definition: allowance_interface.h:39
ypc::ignore_data_allowance
Definition: allowance_interface.h:89
ypc::internal::data_source_var
Definition: data_source_var.h:10
ypc::nt
Definition: nt_cols.h:6
ypc::check_model_allowance
Definition: allowance_interface.h:16
ypc::internal::multi_data_stream
Definition: multi_data_stream.h:9
ypc::internal::enclave_hash_var
Definition: enclave_hash_var.h:7
ypc::internal::sealed_data_stream
Definition: sealed_data_stream.h:8
ypc::check_data_allowance
Definition: allowance_interface.h:45
ypc::internal::keymgr_interface
Definition: keymgr_interface.h:18
ypc::crypto::crypto_pack
Definition: crypto_pack.h:14
ypc::allowance
Definition: allowance.h:7
Generated by   doxygen 1.8.17