From ccf9d8b00d75c25ffa04d1e1c0bf647d1d78283e Mon Sep 17 00:00:00 2001 From: Yiftach Kaplan <67583323+yift-r3@users.noreply.github.com> Date: Mon, 11 Dec 2023 12:15:12 +0000 Subject: [PATCH] CORE-18620: Add authentication protocol data (#1385) * CORE-18620: Add authentication protocol data * Add more common fields * Add specific revocation mode enum * Rename header to common details * Rename field * Set the version to the correct version --- ...AuthenticatedEncryptionSessionDetails.avsc | 23 ++++ .../protocol/AuthenticatedSessionDetails.avsc | 15 +++ .../AuthenticationProtocolCommonDetails.avsc | 106 ++++++++++++++++++ ...uthenticationProtocolInitiatorDetails.avsc | 56 +++++++++ ...uthenticationProtocolResponderDetails.avsc | 56 +++++++++ .../p2p/crypto/protocol/CheckCertificate.avsc | 26 +++++ .../protocol/HandshakeIdentityData.avsc | 19 ++++ .../p2p/crypto/protocol/SecretKeySpec.avsc | 15 +++ .../data/p2p/crypto/protocol/Session.avsc | 22 ++++ .../protocol/SharedHandshakeSecrets.avsc | 31 +++++ gradle.properties | 2 +- 11 files changed, 370 insertions(+), 1 deletion(-) create mode 100644 data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/AuthenticatedEncryptionSessionDetails.avsc create mode 100644 data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/AuthenticatedSessionDetails.avsc create mode 100644 data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/AuthenticationProtocolCommonDetails.avsc create mode 100644 data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/AuthenticationProtocolInitiatorDetails.avsc create mode 100644 data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/AuthenticationProtocolResponderDetails.avsc create mode 100644 data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/CheckCertificate.avsc create mode 100644 data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/HandshakeIdentityData.avsc create mode 100644 data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/SecretKeySpec.avsc create mode 100644 data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/Session.avsc create mode 100644 data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/SharedHandshakeSecrets.avsc diff --git a/data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/AuthenticatedEncryptionSessionDetails.avsc b/data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/AuthenticatedEncryptionSessionDetails.avsc new file mode 100644 index 0000000000..551ac2ece5 --- /dev/null +++ b/data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/AuthenticatedEncryptionSessionDetails.avsc @@ -0,0 +1,23 @@ +{ + "type": "record", + "name": "AuthenticatedEncryptionSessionDetails", + "namespace": "net.corda.data.p2p.crypto.protocol", + "fields": [ + { + "name": "outboundSecretKey", + "type": "net.corda.data.p2p.crypto.protocol.SecretKeySpec" + }, + { + "name": "outboundNonce", + "type": "bytes" + }, + { + "name": "inboundSecretKey", + "type": "net.corda.data.p2p.crypto.protocol.SecretKeySpec" + }, + { + "name": "inboundNonce", + "type": "bytes" + } + ] +} \ No newline at end of file diff --git a/data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/AuthenticatedSessionDetails.avsc b/data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/AuthenticatedSessionDetails.avsc new file mode 100644 index 0000000000..6e011ecf30 --- /dev/null +++ b/data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/AuthenticatedSessionDetails.avsc @@ -0,0 +1,15 @@ +{ + "type": "record", + "name": "AuthenticatedSessionDetails", + "namespace": "net.corda.data.p2p.crypto.protocol", + "fields": [ + { + "name": "outboundSecretKey", + "type": "net.corda.data.p2p.crypto.protocol.SecretKeySpec" + }, + { + "name": "inboundSecretKey", + "type": "net.corda.data.p2p.crypto.protocol.SecretKeySpec" + } + ] +} \ No newline at end of file diff --git a/data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/AuthenticationProtocolCommonDetails.avsc b/data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/AuthenticationProtocolCommonDetails.avsc new file mode 100644 index 0000000000..487ff6fe3b --- /dev/null +++ b/data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/AuthenticationProtocolCommonDetails.avsc @@ -0,0 +1,106 @@ +{ + "type": "record", + "name": "AuthenticationProtocolCommonDetails", + "namespace": "net.corda.data.p2p.crypto.protocol", + "fields": [ + { + "name": "sessionId", + "type": "string" + }, + { + "name": "ourMaxMessageSize", + "type": "int" + }, + { + "name": "session", + "type": [ + "null", + "net.corda.data.p2p.crypto.protocol.Session" + ] + }, + { + "name": "myPrivateDHKey", + "type": [ + "null", + "string" + ] + }, + { + "name": "myPublicDHKey", + "type": [ + "null", + "bytes" + ] + }, + { + "name": "peerPublicDHKey", + "type": [ + "null", + "string" + ] + }, + { + "name": "sharedDHSecret", + "type": [ + "null", + "bytes" + ] + }, + { + "name": "selectedMode", + "type": [ + "null", + "net.corda.data.p2p.crypto.ProtocolMode" + ] + }, + { + "name": "sharedHandshakeSecrets", + "type": [ + "null", + "net.corda.data.p2p.crypto.protocol.SharedHandshakeSecrets" + ] + }, + { + "name": "initiatorHelloMessage", + "type": [ + "null", + "net.corda.data.p2p.crypto.InitiatorHelloMessage" + ] + }, + { + "name": "responderHelloMessage", + "type": [ + "null", + "net.corda.data.p2p.crypto.ResponderHelloMessage" + ] + }, + { + "name": "initiatorHelloToResponderHelloBytes", + "type": [ + "null", + "bytes" + ] + }, + { + "name": "initiatorHandshakePayloadBytes", + "type": [ + "null", + "bytes" + ] + }, + { + "name": "responderHandshakePayloadBytes", + "type": [ + "null", + "bytes" + ] + }, + { + "name": "agreedMaxMessageSize", + "type": [ + "null", + "int" + ] + } + ] +} diff --git a/data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/AuthenticationProtocolInitiatorDetails.avsc b/data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/AuthenticationProtocolInitiatorDetails.avsc new file mode 100644 index 0000000000..3f9d889496 --- /dev/null +++ b/data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/AuthenticationProtocolInitiatorDetails.avsc @@ -0,0 +1,56 @@ +{ + "type": "record", + "name": "AuthenticationProtocolInitiatorDetails", + "namespace": "net.corda.data.p2p.crypto.protocol", + "fields": [ + { + "name": "protocolCommonDetails", + "type": "net.corda.data.p2p.crypto.protocol.AuthenticationProtocolCommonDetails" + }, + { + "name": "step", + "type": { + "type": "enum", + "name": "InitiatorStep", + "symbols" : [ + "INIT", + "SENT_MY_DH_KEY", + "RECEIVED_PEER_DH_KEY", + "GENERATED_HANDSHAKE_SECRETS", + "SENT_HANDSHAKE_MESSAGE", + "RECEIVED_HANDSHAKE_MESSAGE", + "SESSION_ESTABLISHED" + ] + } + }, + { + "name": "supportedModes", + "type": { + "type": "array", + "items": "net.corda.data.p2p.crypto.ProtocolMode" + } + }, + { + "name": "ourPublicKey", + "type": "string" + }, + { + "name": "groupId", + "type": "string" + }, + { + "name": "certificateCheckMode", + "type": [ + "null", + "net.corda.data.p2p.crypto.protocol.CheckCertificate" + ] + }, + { + "name": "initiatorHandshakeMessage", + "type": [ + "null", + "net.corda.data.p2p.crypto.InitiatorHandshakeMessage" + ] + } + ] +} \ No newline at end of file diff --git a/data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/AuthenticationProtocolResponderDetails.avsc b/data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/AuthenticationProtocolResponderDetails.avsc new file mode 100644 index 0000000000..84ae553e42 --- /dev/null +++ b/data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/AuthenticationProtocolResponderDetails.avsc @@ -0,0 +1,56 @@ +{ + "type": "record", + "name": "AuthenticationProtocolResponderDetails", + "namespace": "net.corda.data.p2p.crypto.protocol", + "fields": [ + { + "name": "protocolCommonDetails", + "type": "net.corda.data.p2p.crypto.protocol.AuthenticationProtocolCommonDetails" + }, + { + "name": "step", + "type": { + "type": "enum", + "name": "ResponderStep", + "symbols" : [ + "INIT", + "RECEIVED_PEER_DH_KEY", + "SENT_MY_DH_KEY", + "GENERATED_HANDSHAKE_SECRETS", + "RECEIVED_HANDSHAKE_MESSAGE", + "VALIDATED_ENCRYPTED_EXTENSIONS", + "SENT_HANDSHAKE_MESSAGE", + "SESSION_ESTABLISHED" + ] + } + }, + { + "name": "handshakeIdentityData", + "type": [ + "null", + "net.corda.data.p2p.crypto.protocol.HandshakeIdentityData" + ] + }, + { + "name": "responderHandshakeMessage", + "type": [ + "null", + "net.corda.data.p2p.crypto.ResponderHandshakeMessage" + ] + }, + { + "name": "encryptedExtensions", + "type": [ + "null", + "net.corda.data.p2p.crypto.internal.InitiatorEncryptedExtensions" + ] + }, + { + "name": "initiatorPublicKey", + "type": [ + "null", + "string" + ] + } + ] +} \ No newline at end of file diff --git a/data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/CheckCertificate.avsc b/data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/CheckCertificate.avsc new file mode 100644 index 0000000000..ff39a9c167 --- /dev/null +++ b/data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/CheckCertificate.avsc @@ -0,0 +1,26 @@ +{ + "type": "record", + "name": "CheckCertificate", + "namespace": "net.corda.data.p2p.crypto.protocol", + "fields": [ + { + "name": "truststore", + "type": { + "type": "array", + "items": "string" + } + }, + { + "name": "revocationCheckMode", + "type": { + "type": "enum", + "name": "RevocationCheckMode", + "symbols" : [ + "OFF", + "SOFT_FAIL", + "HARD_FAIL" + ] + } + } + ] +} \ No newline at end of file diff --git a/data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/HandshakeIdentityData.avsc b/data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/HandshakeIdentityData.avsc new file mode 100644 index 0000000000..e378ba4946 --- /dev/null +++ b/data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/HandshakeIdentityData.avsc @@ -0,0 +1,19 @@ +{ + "type": "record", + "name": "HandshakeIdentityData", + "namespace": "net.corda.data.p2p.crypto.protocol", + "fields": [ + { + "name": "initiatorPublicKeyHash", + "type": "bytes" + }, + { + "name": "responderPublicKeyHash", + "type": "bytes" + }, + { + "name": "groupId", + "type": "string" + } + ] +} \ No newline at end of file diff --git a/data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/SecretKeySpec.avsc b/data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/SecretKeySpec.avsc new file mode 100644 index 0000000000..e08059bfac --- /dev/null +++ b/data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/SecretKeySpec.avsc @@ -0,0 +1,15 @@ +{ + "type": "record", + "name": "SecretKeySpec", + "namespace": "net.corda.data.p2p.crypto.protocol", + "fields": [ + { + "name": "algorithm", + "type": "string" + }, + { + "name": "key", + "type": "bytes" + } + ] +} \ No newline at end of file diff --git a/data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/Session.avsc b/data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/Session.avsc new file mode 100644 index 0000000000..ced09af1ff --- /dev/null +++ b/data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/Session.avsc @@ -0,0 +1,22 @@ +{ + "type": "record", + "name": "Session", + "namespace": "net.corda.data.p2p.crypto.protocol", + "fields": [ + { + "name": "sessionId", + "type": "string" + }, + { + "name": "maxMessageSize", + "type": "int" + }, + { + "name": "details", + "type": [ + "net.corda.data.p2p.crypto.protocol.AuthenticatedSessionDetails", + "net.corda.data.p2p.crypto.protocol.AuthenticatedEncryptionSessionDetails" + ] + } + ] +} \ No newline at end of file diff --git a/data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/SharedHandshakeSecrets.avsc b/data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/SharedHandshakeSecrets.avsc new file mode 100644 index 0000000000..9b50436685 --- /dev/null +++ b/data/avro-schema/src/main/resources/avro/net/corda/data/p2p/crypto/protocol/SharedHandshakeSecrets.avsc @@ -0,0 +1,31 @@ +{ + "type": "record", + "name": "SharedHandshakeSecrets", + "namespace": "net.corda.data.p2p.crypto.protocol", + "fields": [ + { + "name": "initiatorAuthKey", + "type": "net.corda.data.p2p.crypto.protocol.SecretKeySpec" + }, + { + "name": "responderAuthKey", + "type": "net.corda.data.p2p.crypto.protocol.SecretKeySpec" + }, + { + "name": "initiatorEncryptionKey", + "type": "net.corda.data.p2p.crypto.protocol.SecretKeySpec" + }, + { + "name": "responderEncryptionKey", + "type": "net.corda.data.p2p.crypto.protocol.SecretKeySpec" + }, + { + "name": "initiatorNonce", + "type": "bytes" + }, + { + "name": "responderNonce", + "type": "bytes" + } + ] +} diff --git a/gradle.properties b/gradle.properties index 039f7c3e0b..1805f8a32e 100644 --- a/gradle.properties +++ b/gradle.properties @@ -9,7 +9,7 @@ cordaProductVersion = 5.2.0 # NOTE: update this each time this module contains a breaking change ## NOTE: currently this is a top level revision, so all API versions will line up, but this could be moved to ## a per module property in which case module versions can change independently. -cordaApiRevision = 11 +cordaApiRevision = 12 # Main kotlinVersion = 1.8.21