This commit has below changes:

- EdDSA_Signer & EdDSA_Verifier classes implemented.
- All gtest (only) are working for OpenSSL library's EdDSA_Signer and EdDSA_Verifier.
- All gtest (only) are working for AES_CBC_256 encryption and decryption using OpenSSL's EVP APIs.
- All gtest (only) for testing RSASigner, RSAVerifier, and AES_CBC_256 encryption/decryption using CryptoPP library APIs are preserved and commented.
- Apollo test cases: WIP

bftengine/src/bftengine/SigManager.cpp

@@ -12,12 +12,18 @@
 #include "SigManager.hpp"
 #include "assertUtils.hpp"
 #include "ReplicasInfo.hpp"
+#include "openssl_utils.hpp"
 
 #include <algorithm>
 #include "keys_and_signatures.cmf.hpp"
 #include "ReplicaConfig.hpp"
+#include "hex_tools.h"
 
 using namespace std;
+// using concord::util::cryptopp_utils::RSASigner;
+// using concord::util::cryptopp_utils::RSAVerifier;
+using concord::util::openssl_utils::EdDSA_Signer;
+using concord::util::openssl_utils::EdDSA_Verifier;
 
 namespace bftEngine {
 namespace impl {
@@ -143,7 +149,8 @@ SigManager::SigManager(PrincipalId myId,
     auto iter = publicKeyIndexToVerifier.find(p.second);
     const auto& [key, format] = publickeys[p.second];
     if (iter == publicKeyIndexToVerifier.end()) {
-      verifiers_[p.first] = std::make_shared<concord::util::cryptopp_utils::RSAVerifier>(key.c_str(), format);
+      verifiers_[p.first] = std::make_shared<EdDSA_Verifier>(key, format);
+      // verifiers_[p.first] = std::make_shared<RSAVerifier>(key.c_str(), format);
       publicKeyIndexToVerifier[p.second] = verifiers_[p.first];
     } else {
       verifiers_[p.first] = iter->second;
@@ -252,8 +259,8 @@ void SigManager::setClientPublicKey(const std::string& key, PrincipalId id, conc
   if (replicasInfo_.isIdOfExternalClient(id) || replicasInfo_.isIdOfClientService(id)) {
     try {
       std::unique_lock lock(mutex_);
-      verifiers_.insert_or_assign(id,
-                                  std::make_shared<concord::util::cryptopp_utils::RSAVerifier>(key.c_str(), format));
+      // verifiers_.insert_or_assign(id, std::make_shared<RSAVerifier>(key.c_str(), format));
+      verifiers_.insert_or_assign(id, std::make_shared<EdDSA_Verifier>(key, format));
     } catch (const std::exception& e) {
       LOG_ERROR(KEY_EX_LOG, "failed to add a key for client: " << id << " reason: " << e.what());
       throw;

bftengine/src/preprocessor/tests/preprocessor_test.cpp

@@ -155,6 +155,21 @@ class DummyPreProcessor : public PreProcessor {
 };
 
 // clang-format off
+const vector<string> eddsaPrivateKey = { //use different keys pair.
+  {"09a30490ebf6f6685556046f2497fd9c7df4a552998c9a9b6ebec742e8183174"},
+  {"09a30490ebf6f6685556046f2497fd9c7df4a552998c9a9b6ebec742e8183174"},
+  {"09a30490ebf6f6685556046f2497fd9c7df4a552998c9a9b6ebec742e8183174"},
+  {"09a30490ebf6f6685556046f2497fd9c7df4a552998c9a9b6ebec742e8183174"},
+  {"09a30490ebf6f6685556046f2497fd9c7df4a552998c9a9b6ebec742e8183174"}
+};
+const vector<string> eddsaPublicKey = {
+  {"7363bc5ab96d7f85e71a5ffe0b284405ae38e2e0f032fb3ffe805d9f0e2d117b"},
+  {"7363bc5ab96d7f85e71a5ffe0b284405ae38e2e0f032fb3ffe805d9f0e2d117b"},
+  {"7363bc5ab96d7f85e71a5ffe0b284405ae38e2e0f032fb3ffe805d9f0e2d117b"},
+  {"7363bc5ab96d7f85e71a5ffe0b284405ae38e2e0f032fb3ffe805d9f0e2d117b"},
+  {"7363bc5ab96d7f85e71a5ffe0b284405ae38e2e0f032fb3ffe805d9f0e2d117b"}
+};
+
 const vector<string> privateKeys = {
   {
     "308204BA020100300D06092A864886F70D0101010500048204A4308204A00201000282010100C55B8F7979BF24B335017082BF33EE2960E3A0"
@@ -332,17 +347,22 @@ void setUpConfiguration_4() {
   replicaConfig.numOfExternalClients = 15;
   replicaConfig.clientBatchingEnabled = true;
 
-  replicaConfig.publicKeysOfReplicas.insert(pair<uint16_t, const string>(replica_0, publicKeys[replica_0]));
-  replicaConfig.publicKeysOfReplicas.insert(pair<uint16_t, const string>(replica_1, publicKeys[replica_1]));
-  replicaConfig.publicKeysOfReplicas.insert(pair<uint16_t, const string>(replica_2, publicKeys[replica_2]));
-  replicaConfig.publicKeysOfReplicas.insert(pair<uint16_t, const string>(replica_3, publicKeys[replica_3]));
-  replicaConfig.replicaPrivateKey = privateKeys[0];
+  replicaConfig.publicKeysOfReplicas.insert(
+      pair<uint16_t, const string>(replica_0, eddsaPublicKey /*publicKeys*/[replica_0]));
+  replicaConfig.publicKeysOfReplicas.insert(
+      pair<uint16_t, const string>(replica_1, eddsaPublicKey /*publicKeys*/[replica_1]));
+  replicaConfig.publicKeysOfReplicas.insert(
+      pair<uint16_t, const string>(replica_2, eddsaPublicKey /*publicKeys*/[replica_2]));
+  replicaConfig.publicKeysOfReplicas.insert(
+      pair<uint16_t, const string>(replica_3, eddsaPublicKey /*publicKeys*/[replica_3]));
+  replicaConfig.replicaPrivateKey = eddsaPrivateKey[0] /*privateKeys[0]*/;
 
   for (auto i = 0; i < replicaConfig.numReplicas; i++) {
     replicaConfig.replicaId = i;
     replicasInfo[i] = std::make_unique<ReplicasInfo>(replicaConfig, true, true);
     sigManager[i].reset(SigManager::initInTesting(i,
-                                                  privateKeys[i],
+                                                  /*privateKeys[i],*/
+                                                  eddsaPrivateKey[i],
                                                   replicaConfig.publicKeysOfReplicas,
                                                   concord::util::crypto::KeyFormat::HexaDecimalStrippedFormat,
                                                   nullptr,
@@ -358,8 +378,8 @@ void setUpConfiguration_7() {
   replicaConfig.numReplicas = numOfReplicas_7;
   replicaConfig.fVal = fVal_7;
 
-  replicaConfig.publicKeysOfReplicas.insert(pair<uint16_t, const string>(replica_4, publicKeys[4]));
-  replicaConfig.replicaPrivateKey = privateKeys[4];
+  replicaConfig.publicKeysOfReplicas.insert(pair<uint16_t, const string>(replica_4, eddsaPublicKey /*publicKeys*/[4]));
+  replicaConfig.replicaPrivateKey = eddsaPrivateKey[4] /*privateKeys[4]*/;
 }
 
 void setUpCommunication() {

bftengine/tests/SigManager/SigManager_test.cpp

@@ -18,14 +18,25 @@
 #include <cryptopp/base64.h>
 #include <cryptopp/files.h>
 #include "gtest/gtest.h"
+#include "openssl_utils.hpp"
 
 #include <string>
 #include <vector>
 #include <ctime>
 #include <random>
 #include <memory>
 
+#define RSA_Algo false
+
 using namespace std;
+using concord::util::crypto::KeyFormat;
+#if RSA_Algo
+using concord::util::cryptopp_utils::RSASigner;
+using concord::util::cryptopp_utils::RSAVerifier;
+#else
+using concord::util::openssl_utils::EdDSA_Signer;
+using concord::util::openssl_utils::EdDSA_Verifier;
+#endif
 
 constexpr char KEYS_BASE_PARENT_PATH[] = "/tmp/";
 constexpr char KEYS_BASE_PATH[] = "/tmp/transaction_signing_keys";
@@ -84,10 +95,13 @@ TEST(RsaSignerAndRsaVerifierTest, LoadSignVerifyFromPemfiles) {
   generateRandomData(data, RANDOM_DATA_SIZE);
   readFile(privateKeyFullPath, privKey);
   readFile(publicKeyFullPath, pubkey);
-  auto verifier_ = unique_ptr<concord::util::cryptopp_utils::RSAVerifier>(
-      new concord::util::cryptopp_utils::RSAVerifier(pubkey, concord::util::crypto::KeyFormat::PemFormat));
-  auto signer_ = unique_ptr<concord::util::cryptopp_utils::RSASigner>(
-      new concord::util::cryptopp_utils::RSASigner(privKey, concord::util::crypto::KeyFormat::PemFormat));
+#if RSA_Algo
+  auto verifier_ = unique_ptr<RSAVerifier>(new RSAVerifier(pubkey, KeyFormat::PemFormat));
+  auto signer_ = unique_ptr<RSASigner>(new RSASigner(privKey, KeyFormat::PemFormat));
+#else
+  auto verifier_ = unique_ptr<EdDSA_Verifier>(new EdDSA_Verifier(pubkey, KeyFormat::PemFormat));
+  auto signer_ = unique_ptr<EdDSA_Signer>(new EdDSA_Signer(privKey, KeyFormat::PemFormat));
+#endif
 
   // sign with RSASigner
   size_t expectedSignerSigLen = signer_->signatureLength();
@@ -118,7 +132,12 @@ TEST(SigManagerTest, ReplicasOnlyCheckVerify) {
   constexpr size_t numReplicas{4};
   constexpr PrincipalId myId{0};
   string myPrivKey;
-  unique_ptr<concord::util::cryptopp_utils::RSASigner> signers[numReplicas];
+  string myPrivateKeyFullPath;
+#if RSA_Algo
+  unique_ptr<RSASigner> signers[numReplicas];
+#else
+  unique_ptr<EdDSA_Signer> signers[numReplicas];
+#endif
   set<pair<PrincipalId, const string>> publicKeysOfReplicas;
 
   generateKeyPairs(numReplicas);
@@ -132,24 +151,27 @@ TEST(SigManagerTest, ReplicasOnlyCheckVerify) {
 
     if (pid == myId) {
       myPrivKey = privKey;
+      myPrivateKeyFullPath = privateKeyFullPath;
       continue;
     }
 
-    signers[pid].reset(
-        new concord::util::cryptopp_utils::RSASigner(privKey, concord::util::crypto::KeyFormat::PemFormat));
+#if RSA_Algo
+    signers[pid].reset(new RSASigner(privKey, KeyFormat::PemFormat));
+#else
+    signers[pid].reset(new EdDSA_Signer(privKey, KeyFormat::PemFormat));
+#endif
     string pubKeyFullPath({string(KEYS_BASE_PATH) + string("/") + to_string(i) + string("/") + PUB_KEY_NAME});
     readFile(pubKeyFullPath, pubKey);
+#if RSA_Algo
+    publicKeysOfReplicas.insert(make_pair(pid, pubKey));
+#else
     publicKeysOfReplicas.insert(make_pair(pid, pubKey));
+#endif
   }
 
   ReplicasInfo replicaInfo(createReplicaConfig(), false, false);
-  unique_ptr<SigManager> sigManager(SigManager::init(myId,
-                                                     myPrivKey,
-                                                     publicKeysOfReplicas,
-                                                     concord::util::crypto::KeyFormat::PemFormat,
-                                                     nullptr,
-                                                     concord::util::crypto::KeyFormat::PemFormat,
-                                                     replicaInfo));
+  unique_ptr<SigManager> sigManager(SigManager::init(
+      myId, myPrivKey, publicKeysOfReplicas, KeyFormat::PemFormat, nullptr, KeyFormat::PemFormat, replicaInfo));
 
   for (size_t i{0}; i < numReplicas; ++i) {
     const auto& signer = signers[i];
@@ -189,7 +211,11 @@ TEST(SigManagerTest, ReplicasOnlyCheckSign) {
   constexpr size_t numReplicas{4};
   constexpr PrincipalId myId{0};
   string myPrivKey, privKey, pubKey, sig;
-  unique_ptr<concord::util::cryptopp_utils::RSAVerifier> verifier;
+#if RSA_Algo
+  unique_ptr<RSAVerifier> verifier;
+#else
+  unique_ptr<EdDSA_Verifier> verifier;
+#endif
   set<pair<PrincipalId, const string>> publicKeysOfReplicas;
   char data[RANDOM_DATA_SIZE]{0};
   size_t expectedSignerSigLen;
@@ -203,23 +229,26 @@ TEST(SigManagerTest, ReplicasOnlyCheckSign) {
   // Load single other replica's verifier (mock)
   string pubKeyFullPath({string(KEYS_BASE_PATH) + string("/") + to_string(1) + string("/") + PUB_KEY_NAME});
   readFile(pubKeyFullPath, pubKey);
-  verifier.reset(new concord::util::cryptopp_utils::RSAVerifier(pubKey, concord::util::crypto::KeyFormat::PemFormat));
+#if RSA_Algo
+  verifier.reset(new RSAVerifier(pubKey, KeyFormat::PemFormat));
+#else
+  verifier.reset(new EdDSA_Verifier(pubKey, KeyFormat::PemFormat));
+#endif
 
   // load public key of other replicas, must be done for SigManager ctor
   for (size_t i{2}; i <= numReplicas; ++i) {
     pubKeyFullPath = string(KEYS_BASE_PATH) + string("/") + to_string(i) + string("/") + PUB_KEY_NAME;
     readFile(pubKeyFullPath, pubKey);
+#if RSA_Algo
     publicKeysOfReplicas.insert(make_pair(i - 1, pubKey));
+#else
+    publicKeysOfReplicas.insert(make_pair(i - 1, pubKey));
+#endif
   }
 
   ReplicasInfo replicaInfo(createReplicaConfig(), false, false);
-  unique_ptr<SigManager> sigManager(SigManager::init(myId,
-                                                     myPrivKey,
-                                                     publicKeysOfReplicas,
-                                                     concord::util::crypto::KeyFormat::PemFormat,
-                                                     nullptr,
-                                                     concord::util::crypto::KeyFormat::PemFormat,
-                                                     replicaInfo));
+  unique_ptr<SigManager> sigManager(SigManager::init(
+      myId, myPrivKey, publicKeysOfReplicas, KeyFormat::PemFormat, nullptr, KeyFormat::PemFormat, replicaInfo));
   // sign with SigManager
   expectedSignerSigLen = sigManager->getSigLength(myId);
   generateRandomData(data, RANDOM_DATA_SIZE);
@@ -253,9 +282,15 @@ TEST(SigManagerTest, ReplicasAndClientsCheckVerify) {
   constexpr size_t totalNumberofExternalBftClients{1200};  // numOfExternaClients * numBftClientsInExternalClient
   constexpr PrincipalId myId{0};
   string myPrivKey;
+  string myPrivateKeyFullPath;
   size_t i, signerIndex{0};
-  unique_ptr<concord::util::cryptopp_utils::RSASigner>
+#if RSA_Algo
+  unique_ptr<RSASigner>
+      signers[numReplicas + numParticipantNodes];  // only external clients and consensus replicas sign
+#else
+  unique_ptr<EdDSA_Signer>
       signers[numReplicas + numParticipantNodes];  // only external clients and consensus replicas sign
+#endif
   set<pair<PrincipalId, const string>> publicKeysOfReplicas;
   set<pair<const string, set<uint16_t>>> publicKeysOfClients;
   unordered_map<PrincipalId, size_t> principalIdToSignerIndex;
@@ -271,10 +306,15 @@ TEST(SigManagerTest, ReplicasAndClientsCheckVerify) {
 
     if (currPrincipalId == myId) {
       myPrivKey = privKey;
+      myPrivateKeyFullPath = privateKeyFullPath;
       continue;
     }
-    signers[signerIndex].reset(
-        new concord::util::cryptopp_utils::RSASigner(privKey, concord::util::crypto::KeyFormat::PemFormat));
+#if RSA_Algo
+    signers[signerIndex].reset(new RSASigner(privKey, KeyFormat::PemFormat));
+#else
+    signers[signerIndex].reset(new EdDSA_Signer(privKey, KeyFormat::PemFormat));
+#endif
+
     string pubKeyFullPath({string(KEYS_BASE_PATH) + string("/") + to_string(i) + string("/") + PUB_KEY_NAME});
     readFile(pubKeyFullPath, pubKey);
     publicKeysOfReplicas.insert(make_pair(currPrincipalId, pubKey));
@@ -289,9 +329,11 @@ TEST(SigManagerTest, ReplicasAndClientsCheckVerify) {
     string privateKeyFullPath({string(KEYS_BASE_PATH) + string("/") + to_string(i) + string("/") + PRIV_KEY_NAME});
     readFile(privateKeyFullPath, privKey);
 
-    signers[signerIndex].reset(
-        new concord::util::cryptopp_utils::RSASigner(privKey, concord::util::crypto::KeyFormat::PemFormat));
-
+#if RSA_Algo
+    signers[signerIndex].reset(new RSASigner(privKey, KeyFormat::PemFormat));
+#else
+    signers[signerIndex].reset(new EdDSA_Signer(privKey, KeyFormat::PemFormat));
+#endif
     string pubKeyFullPath({string(KEYS_BASE_PATH) + string("/") + to_string(i) + string("/") + PUB_KEY_NAME});
     set<PrincipalId> principalIds;
     for (size_t j{0}; j < numBftClientsInParticipantNodes; ++j) {
@@ -314,9 +356,9 @@ TEST(SigManagerTest, ReplicasAndClientsCheckVerify) {
   unique_ptr<SigManager> sigManager(SigManager::init(myId,
                                                      myPrivKey,
                                                      publicKeysOfReplicas,
-                                                     concord::util::crypto::KeyFormat::PemFormat,
+                                                     KeyFormat::PemFormat,
                                                      &publicKeysOfClients,
-                                                     concord::util::crypto::KeyFormat::PemFormat,
+                                                     KeyFormat::PemFormat,
                                                      replicaInfo));
 
   // principalIdToSignerIndex carries all principal ids for replica, read only replicas and bft-clients.
@@ -335,9 +377,9 @@ TEST(SigManagerTest, ReplicasAndClientsCheckVerify) {
 
     PrincipalId signerPrincipalId = static_cast<PrincipalId>(distribution(generator));
     auto iter = principalIdToSignerIndex.find(signerPrincipalId);
-    if (iter != principalIdToSignerIndex.end())
+    if (iter != principalIdToSignerIndex.end()) {
       signerIndex = iter->second;
-    else {
+    } else {
       signerIndex = 1;  // sign with signer index 1, so we can check the target SigManager
       expectFailure = true;
     }
@@ -346,8 +388,8 @@ TEST(SigManagerTest, ReplicasAndClientsCheckVerify) {
     expectedSignerSigLen = signers[signerIndex]->signatureLength();
     sig.reserve(expectedSignerSigLen);
     generateRandomData(data, RANDOM_DATA_SIZE);
-    std::string str_date(data, RANDOM_DATA_SIZE);
-    sig = signers[signerIndex]->sign(str_date);
+    std::string str_data(data, RANDOM_DATA_SIZE);
+    sig = signers[signerIndex]->sign(str_data);
     lenRetData = sig.size();
     ASSERT_EQ(lenRetData, expectedSignerSigLen);