Crypto++ and OpenSSL macros added in CMakeLists.txt

CMakeLists.txt

@@ -23,6 +23,8 @@ if (NOT DEFINED USE_LOG4CPP)
   option(USE_LOG4CPP "Enable LOG4CPP" ON)
 endif()
 
+option(USE_CRYPTOPP "Enable usage of Crypto++ library for RSA/ECDSA signature generation/verification" OFF)
+option(USE_EDDSA_OPENSSL "Enable usage of OpenSSL library for EdDSA signature generation/verification" ON)
 option(RUN_APOLLO_TESTS "Enable Apollo tests run" ON)
 option(KEEP_APOLLO_LOGS "Retains logs from replicas in separate folder for each test in build/tests/apollo/logs" ON)
 option(TXN_SIGNING_ENABLED "Enable External concord client transcattion signing" ON)
@@ -46,6 +48,11 @@ option(BUILD_THIRDPARTY "Wheter to build third party librarie or use preinstalle
 option(CODECOVERAGE "Enable Code Coverage Metrics in Clang" OFF)
 option(ENABLE_RESTART_RECOVERY_TESTS "Enable tests for restart recovery" OFF)
 
+if ((NOT USE_CRYPTOPP) AND (NOT USE_EDDSA_OPENSSL))
+    message(FATAL_ERROR "At least one signature/verification algorithm implementation must be chosen. "
+            "Choose at least one of the following cmake options: [USE_EDDSA_OPENSSL, USE_CRYPTOPP]")
+endif()
+
 if(USE_OPENSSL AND NOT BUILD_THIRDPARTY)
     set(OPENSSL_ROOT_DIR /usr/local/ssl) # not to confuse with system ssl libs
 endif()

bftengine/src/bftengine/SigManager.cpp

@@ -24,12 +24,10 @@ using namespace std;
 namespace bftEngine {
 namespace impl {
 
-#define RSA_Algo false
-
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
 using concord::util::cryptopp_utils::RSASigner;
 using concord::util::cryptopp_utils::RSAVerifier;
-#else
+#elif USE_EDDSA_OPENSSL
 using concord::util::openssl_utils::EdDSA_Signer;
 using concord::util::openssl_utils::EdDSA_Verifier;
 #endif
@@ -147,9 +145,9 @@ SigManager::SigManager(PrincipalId myId,
 
   ConcordAssert(publicKeysMapping.size() >= numPublickeys);
   if (!mySigPrivateKey.first.empty()) {
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
     mySigner_.reset(new RSASigner(mySigPrivateKey.first.c_str(), mySigPrivateKey.second));
-#else
+#elif USE_EDDSA_OPENSSL
     mySigner_.reset(new EdDSA_Signer(mySigPrivateKey.first, mySigPrivateKey.second));
 #endif
   }
@@ -160,9 +158,9 @@ SigManager::SigManager(PrincipalId myId,
     auto iter = publicKeyIndexToVerifier.find(p.second);
     const auto& [key, format] = publickeys[p.second];
     if (iter == publicKeyIndexToVerifier.end()) {
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
       verifiers_[p.first] = std::make_shared<RSAVerifier>(key.c_str(), format);
-#else
+#elif USE_EDDSA_OPENSSL
       verifiers_[p.first] = std::make_shared<EdDSA_Verifier>(key, format);
 #endif
       publicKeyIndexToVerifier[p.second] = verifiers_[p.first];
@@ -272,9 +270,9 @@ void SigManager::setClientPublicKey(const std::string& key, PrincipalId id, conc
   if (replicasInfo_.isIdOfExternalClient(id) || replicasInfo_.isIdOfClientService(id)) {
     try {
       std::unique_lock lock(mutex_);
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
       verifiers_.insert_or_assign(id, std::make_shared<RSAVerifier>(key.c_str(), format));
-#else
+#elif USE_EDDSA_OPENSSL
       verifiers_.insert_or_assign(id, std::make_shared<EdDSA_Verifier>(key, format));
 #endif
     } catch (const std::exception& e) {

bftengine/tests/SigManager/SigManager_test.cpp

@@ -26,14 +26,12 @@
 #include <random>
 #include <memory>
 
-#define RSA_Algo false
-
 using namespace std;
 using concord::util::crypto::KeyFormat;
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
 using concord::util::cryptopp_utils::RSASigner;
 using concord::util::cryptopp_utils::RSAVerifier;
-#else
+#elif USE_EDDSA_OPENSSL
 using concord::util::openssl_utils::EdDSA_Signer;
 using concord::util::openssl_utils::EdDSA_Verifier;
 #endif
@@ -95,10 +93,10 @@ TEST(SignerAndVerifierTest, LoadSignVerifyFromPemfiles) {
   generateRandomData(data, RANDOM_DATA_SIZE);
   readFile(privateKeyFullPath, privKey);
   readFile(publicKeyFullPath, pubkey);
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
   auto verifier_ = unique_ptr<RSAVerifier>(new RSAVerifier(pubkey, KeyFormat::PemFormat));
   auto signer_ = unique_ptr<RSASigner>(new RSASigner(privKey, KeyFormat::PemFormat));
-#else
+#elif USE_EDDSA_OPENSSL
   auto verifier_ = unique_ptr<EdDSA_Verifier>(new EdDSA_Verifier(pubkey, KeyFormat::PemFormat));
   auto signer_ = unique_ptr<EdDSA_Signer>(new EdDSA_Signer(privKey, KeyFormat::PemFormat));
 #endif
@@ -132,10 +130,9 @@ TEST(SigManagerTest, ReplicasOnlyCheckVerify) {
   constexpr size_t numReplicas{4};
   constexpr PrincipalId myId{0};
   string myPrivKey;
-  string myPrivateKeyFullPath;
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
   unique_ptr<RSASigner> signers[numReplicas];
-#else
+#elif USE_EDDSA_OPENSSL
   unique_ptr<EdDSA_Signer> signers[numReplicas];
 #endif
   set<pair<PrincipalId, const string>> publicKeysOfReplicas;
@@ -151,20 +148,19 @@ TEST(SigManagerTest, ReplicasOnlyCheckVerify) {
 
     if (pid == myId) {
       myPrivKey = privKey;
-      myPrivateKeyFullPath = privateKeyFullPath;
       continue;
     }
 
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
     signers[pid].reset(new RSASigner(privKey, KeyFormat::PemFormat));
-#else
+#elif USE_EDDSA_OPENSSL
     signers[pid].reset(new EdDSA_Signer(privKey, KeyFormat::PemFormat));
 #endif
     string pubKeyFullPath({string(KEYS_BASE_PATH) + string("/") + to_string(i) + string("/") + PUB_KEY_NAME});
     readFile(pubKeyFullPath, pubKey);
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
     publicKeysOfReplicas.insert(make_pair(pid, pubKey));
-#else
+#elif USE_EDDSA_OPENSSL
     publicKeysOfReplicas.insert(make_pair(pid, pubKey));
 #endif
   }
@@ -211,9 +207,9 @@ TEST(SigManagerTest, ReplicasOnlyCheckSign) {
   constexpr size_t numReplicas{4};
   constexpr PrincipalId myId{0};
   string myPrivKey, privKey, pubKey, sig;
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
   unique_ptr<RSAVerifier> verifier;
-#else
+#elif USE_EDDSA_OPENSSL
   unique_ptr<EdDSA_Verifier> verifier;
 #endif
   set<pair<PrincipalId, const string>> publicKeysOfReplicas;
@@ -229,19 +225,19 @@ TEST(SigManagerTest, ReplicasOnlyCheckSign) {
   // Load single other replica's verifier (mock)
   string pubKeyFullPath({string(KEYS_BASE_PATH) + string("/") + to_string(1) + string("/") + PUB_KEY_NAME});
   readFile(pubKeyFullPath, pubKey);
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
   verifier.reset(new RSAVerifier(pubKey, KeyFormat::PemFormat));
-#else
+#elif USE_EDDSA_OPENSSL
   verifier.reset(new EdDSA_Verifier(pubKey, KeyFormat::PemFormat));
 #endif
 
   // load public key of other replicas, must be done for SigManager ctor
   for (size_t i{2}; i <= numReplicas; ++i) {
     pubKeyFullPath = string(KEYS_BASE_PATH) + string("/") + to_string(i) + string("/") + PUB_KEY_NAME;
     readFile(pubKeyFullPath, pubKey);
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
     publicKeysOfReplicas.insert(make_pair(i - 1, pubKey));
-#else
+#elif USE_EDDSA_OPENSSL
     publicKeysOfReplicas.insert(make_pair(i - 1, pubKey));
 #endif
   }
@@ -282,12 +278,11 @@ TEST(SigManagerTest, ReplicasAndClientsCheckVerify) {
   constexpr size_t totalNumberofExternalBftClients{1200};  // numOfExternaClients * numBftClientsInExternalClient
   constexpr PrincipalId myId{0};
   string myPrivKey;
-  string myPrivateKeyFullPath;
   size_t i, signerIndex{0};
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
   unique_ptr<RSASigner>
       signers[numReplicas + numParticipantNodes];  // only external clients and consensus replicas sign
-#else
+#elif USE_EDDSA_OPENSSL
   unique_ptr<EdDSA_Signer>
       signers[numReplicas + numParticipantNodes];  // only external clients and consensus replicas sign
 #endif
@@ -306,12 +301,11 @@ TEST(SigManagerTest, ReplicasAndClientsCheckVerify) {
 
     if (currPrincipalId == myId) {
       myPrivKey = privKey;
-      myPrivateKeyFullPath = privateKeyFullPath;
       continue;
     }
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
     signers[signerIndex].reset(new RSASigner(privKey, KeyFormat::PemFormat));
-#else
+#elif USE_EDDSA_OPENSSL
     signers[signerIndex].reset(new EdDSA_Signer(privKey, KeyFormat::PemFormat));
 #endif
 
@@ -329,9 +323,9 @@ TEST(SigManagerTest, ReplicasAndClientsCheckVerify) {
     string privateKeyFullPath({string(KEYS_BASE_PATH) + string("/") + to_string(i) + string("/") + PRIV_KEY_NAME});
     readFile(privateKeyFullPath, privKey);
 
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
     signers[signerIndex].reset(new RSASigner(privKey, KeyFormat::PemFormat));
-#else
+#elif USE_EDDSA_OPENSSL
     signers[signerIndex].reset(new EdDSA_Signer(privKey, KeyFormat::PemFormat));
 #endif
     string pubKeyFullPath({string(KEYS_BASE_PATH) + string("/") + to_string(i) + string("/") + PUB_KEY_NAME});

bftengine/tests/clientsManager/ClientsManager_test.cpp

@@ -42,24 +42,27 @@ using std::this_thread::sleep_for;
 using std::unique_ptr;
 using std::vector;
 
-#define RSA_Algo false
-
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
 using concord::util::cryptopp_utils::RSASigner;
 using concord::util::cryptopp_utils::Crypto;
-#else
+#elif USE_EDDSA_OPENSSL
 using concord::util::openssl_utils::EdDSA_Signer;
 using concord::util::openssl_utils::Crypto;
 #endif
 
 // Testing values to be used for certain Concord-BFT configuration that ClientsManager and/or its dependencies may
 // reference.
 const ReplicaId kReplicaIdForTesting = 0;
-// const uint32_t kRSASigLengthForTesting = 2048;
 const KeyFormat kKeyFormatForTesting = KeyFormat::HexaDecimalStrippedFormat;
+
+#ifdef USE_CRYPTOPP
+const uint32_t kRSASigLengthForTesting = 2048;
 const SigManager::Key kReplicaPrivateKeyForTesting(
-    /*Crypto::instance().generateRsaKeyPair(kRSASigLengthForTesting, kKeyFormatForTesting).first*/
-    Crypto::instance().generateEdDSAKeyPair().first);
+    Crypto::instance().generateRsaKeyPair(kRSASigLengthForTesting, kKeyFormatForTesting).first);
+#elif USE_EDDSA_OPENSSL
+const SigManager::Key kReplicaPrivateKeyForTesting(Crypto::instance().generateEdDSAKeyPair().first);
+#endif
+
 const set<pair<PrincipalId, const string>> kPublicKeysOfReplicasForTesting{};
 const set<pair<const string, set<uint16_t>>> kInitialPublicKeysOfClientsForTesting;
 unique_ptr<ReplicasInfo> sigManagerReplicasInfoForTesting;
@@ -235,9 +238,9 @@ static bool verifyClientPublicKeyLoadedToKEM(NodeIdType client_id, const pair<st
     return false;
   }
 
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
   RSASigner signer(expected_key.first, kKeyFormatForTesting);
-#else
+#elif USE_EDDSA_OPENSSL
   EdDSA_Signer signer(expected_key.first, kKeyFormatForTesting);
 #endif
   string signature = signer.sign(kArbitraryMessageForTestingKeyAgreement);
@@ -325,9 +328,12 @@ TEST(ClientsManager, loadInfoFromReservedPagesLoadsCorrectInfo) {
   set<NodeIdType> internal_client_ids{};
 
   map<NodeIdType, pair<string, string>> client_keys;
-  client_keys[2] =
-      Crypto::instance().generateEdDSAKeyPair(); /*Crypto::instance().generateRsaKeyPair(kRSASigLengthForTesting,
-                                                   kKeyFormatForTesting)*/
+
+#ifdef USE_CRYPTOPP
+  client_keys[2] = Crypto::instance().generateRsaKeyPair(kRSASigLengthForTesting, kKeyFormatForTesting);
+#elif USE_EDDSA_OPENSSL
+  client_keys[2] = Crypto::instance().generateEdDSAKeyPair();
+#endif
 
   map<NodeIdType, pair<ReqId, string>> client_replies;
   client_replies[2] = {9, "reply 9 to client 2"};
@@ -445,9 +451,13 @@ TEST(ClientsManager, loadInfoFromReservedPagesHandlesNoInfoAvailable) {
 }
 
 TEST(ClientsManager, loadInfoFromReservedPagesHandlesSingleClientClientsManager) {
+#ifdef USE_CRYPTOPP
   pair<string, string> client_key_pair =
-      Crypto::instance().generateEdDSAKeyPair(); /*Crypto::instance().generateRsaKeyPair(kRSASigLengthForTesting,
-                                                   kKeyFormatForTesting)*/
+      Crypto::instance().generateRsaKeyPair(kRSASigLengthForTesting, kKeyFormatForTesting);
+#elif USE_EDDSA_OPENSSL
+  pair<string, string> client_key_pair = Crypto::instance().generateEdDSAKeyPair();
+#endif
+
   string reply_message = "reply 1 to client 2";
 
   resetMockReservedPages();
@@ -1323,12 +1333,16 @@ TEST(ClientsManager, isInternal) {
 TEST(ClientsManager, setClientPublicKey) {
   resetMockReservedPages();
   map<NodeIdType, pair<string, string>> client_keys;
-  /*pair<string, string> client_2_key =
+
+#ifdef USE_CRYPTOPP
+  pair<string, string> client_2_key =
       Crypto::instance().generateRsaKeyPair(kRSASigLengthForTesting, kKeyFormatForTesting);
   pair<string, string> client_7_key =
-      Crypto::instance().generateRsaKeyPair(kRSASigLengthForTesting, kKeyFormatForTesting);*/
+      Crypto::instance().generateRsaKeyPair(kRSASigLengthForTesting, kKeyFormatForTesting);
+#elif USE_EDDSA_OPENSSL
   pair<string, string> client_2_key = Crypto::instance().generateEdDSAKeyPair();
   pair<string, string> client_7_key = Crypto::instance().generateEdDSAKeyPair();
+#endif
 
   unique_ptr<ClientsManager> cm(new ClientsManager({}, {4, 5, 7}, {}, {}, metrics));
   cm->setClientPublicKey(7, client_7_key.second, kKeyFormatForTesting);

bftengine/tests/messages/helper.cpp

@@ -13,10 +13,8 @@
 
 typedef std::pair<uint16_t, std::string> IdToKeyPair;
 
-const char replicaPrivateKey[] = {"09a30490ebf6f6685556046f2497fd9c7df4a552998c9a9b6ebec742e8183174"};
-const std::string pubKey = {"7363bc5ab96d7f85e71a5ffe0b284405ae38e2e0f032fb3ffe805d9f0e2d117b"};
-
-/*const char replicaPrivateKey[] =
+#ifdef USE_CRYPTOPP
+const char replicaPrivateKey[] =
     "308204BC020100300D06092A864886F70D0101010500048204A6308204A20201000282010100BCC5BEA607F4F52A493AA2F40C2D5482D7CE37"
     "DFC526E98131FDC92CE2ECA6035DB307B182EF52CA8471B78A65E445399816AFACB224F4CEA9597D4B6FE5E84030B7AF78A88BA0233263A9F0"
     "E2658A6E5BE57923D9093B7D6B70FDBAEC3CDA05C5EDE237674A598F5D607A50C1C528EEAE4B690C90820901A01BF4747C39FE6BD6DA535A9B"
@@ -50,7 +48,12 @@ const std::string pubKey = {
     "6BD1A984C7DD11E36293A45EDBBFB61E438C189C2B73A69"
     "F6605C909F98B6C3F795354BBB988C9695F8A1E27FFC3CE4FFA64B549DD90727634"
     "04FBD352C5C1A05FA3D17377E113600B1EDCAEE17687BC4"
-    "C1AA6F3D020111"};*/
+    "C1AA6F3D020111"};
+#elif USE_EDDSA_OPENSSL
+const char replicaPrivateKey[] = {"09a30490ebf6f6685556046f2497fd9c7df4a552998c9a9b6ebec742e8183174"};
+const std::string pubKey = {"7363bc5ab96d7f85e71a5ffe0b284405ae38e2e0f032fb3ffe805d9f0e2d117b"};
+#endif
+
 const std::vector<std::string> replicasPubKeys = {pubKey, pubKey, pubKey, pubKey, pubKey, pubKey, pubKey};
 
 void loadPrivateAndPublicKeys(std::string& myPrivateKey,

client/bftclient/src/bft_client.cpp

@@ -24,11 +24,9 @@ using namespace bftEngine;
 using namespace bftEngine::impl;
 using concord::util::crypto::KeyFormat;
 
-#define RSA_Algo false
-
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
 using concord::util::cryptopp_utils::RSASigner;
-#else
+#elif USE_EDDSA_OPENSSL
 using concord::util::openssl_utils::EdDSA_Signer;
 #endif
 
@@ -66,9 +64,9 @@ Client::Client(SharedCommPtr comm, const ClientConfig& config, std::shared_ptr<c
 
     key_plaintext = secretsManager->decryptFile(file_path);
     if (!key_plaintext) throw InvalidPrivateKeyException(file_path, config.secrets_manager_config != std::nullopt);
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
     transaction_signer_ = std::make_unique<RSASigner>(key_plaintext.value().c_str(), KeyFormat::PemFormat);
-#else
+#elif USE_EDDSA_OPENSSL
     transaction_signer_ = std::make_unique<EdDSA_Signer>(key_plaintext.value(), KeyFormat::PemFormat);
 #endif
   }