Adding Crypto++ and OpenSSL macro in CMakeLists.txt

CMakeLists.txt

@@ -23,6 +23,8 @@ if (NOT DEFINED USE_LOG4CPP)
   option(USE_LOG4CPP "Enable LOG4CPP" ON)
 endif()
 
+option(USE_CRYPTOPP "Enable usage of Crypto++ library for RSA/ECDSA signature generation/verification" OFF)
+option(USE_EDDSA_OPENSSL "Enable usage of OpenSSL library for EdDSA signature generation/verification" ON)
 option(RUN_APOLLO_TESTS "Enable Apollo tests run" ON)
 option(KEEP_APOLLO_LOGS "Retains logs from replicas in separate folder for each test in build/tests/apollo/logs" ON)
 option(TXN_SIGNING_ENABLED "Enable External concord client transcattion signing" ON)
@@ -46,6 +48,11 @@ option(BUILD_THIRDPARTY "Wheter to build third party librarie or use preinstalle
 option(CODECOVERAGE "Enable Code Coverage Metrics in Clang" OFF)
 option(ENABLE_RESTART_RECOVERY_TESTS "Enable tests for restart recovery" OFF)
 
+if ((NOT USE_CRYPTOPP) AND (NOT USE_EDDSA_OPENSSL))
+    message(FATAL_ERROR "At least one signature/verification algorithm implementation must be chosen. "
+            "Choose at least one of the following cmake options: [USE_EDDSA_OPENSSL, USE_CRYPTOPP]")
+endif()
+
 if(USE_OPENSSL AND NOT BUILD_THIRDPARTY)
     set(OPENSSL_ROOT_DIR /usr/local/ssl) # not to confuse with system ssl libs
 endif()

bftengine/src/bftengine/SigManager.cpp

@@ -24,12 +24,12 @@ using namespace std;
 namespace bftEngine {
 namespace impl {
 
-#define RSA_Algo false
-
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
 using concord::util::cryptopp_utils::RSASigner;
 using concord::util::cryptopp_utils::RSAVerifier;
-#else
+#endif
+
+#ifdef USE_EDDSA_OPENSSL
 using concord::util::openssl_utils::EdDSA_Signer;
 using concord::util::openssl_utils::EdDSA_Verifier;
 #endif
@@ -147,9 +147,11 @@ SigManager::SigManager(PrincipalId myId,
 
   ConcordAssert(publicKeysMapping.size() >= numPublickeys);
   if (!mySigPrivateKey.first.empty()) {
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
     mySigner_.reset(new RSASigner(mySigPrivateKey.first.c_str(), mySigPrivateKey.second));
-#else
+#endif
+
+#ifdef USE_EDDSA_OPENSSL
     mySigner_.reset(new EdDSA_Signer(mySigPrivateKey.first, mySigPrivateKey.second));
 #endif
   }
@@ -160,9 +162,11 @@ SigManager::SigManager(PrincipalId myId,
     auto iter = publicKeyIndexToVerifier.find(p.second);
     const auto& [key, format] = publickeys[p.second];
     if (iter == publicKeyIndexToVerifier.end()) {
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
       verifiers_[p.first] = std::make_shared<RSAVerifier>(key.c_str(), format);
-#else
+#endif
+
+#ifdef USE_EDDSA_OPENSSL
       verifiers_[p.first] = std::make_shared<EdDSA_Verifier>(key, format);
 #endif
       publicKeyIndexToVerifier[p.second] = verifiers_[p.first];
@@ -272,9 +276,11 @@ void SigManager::setClientPublicKey(const std::string& key, PrincipalId id, conc
   if (replicasInfo_.isIdOfExternalClient(id) || replicasInfo_.isIdOfClientService(id)) {
     try {
       std::unique_lock lock(mutex_);
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
       verifiers_.insert_or_assign(id, std::make_shared<RSAVerifier>(key.c_str(), format));
-#else
+#endif
+
+#ifdef USE_EDDSA_OPENSSL
       verifiers_.insert_or_assign(id, std::make_shared<EdDSA_Verifier>(key, format));
 #endif
     } catch (const std::exception& e) {

bftengine/tests/SigManager/SigManager_test.cpp

@@ -26,14 +26,14 @@
 #include <random>
 #include <memory>
 
-#define RSA_Algo false
-
 using namespace std;
 using concord::util::crypto::KeyFormat;
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
 using concord::util::cryptopp_utils::RSASigner;
 using concord::util::cryptopp_utils::RSAVerifier;
-#else
+#endif
+
+#ifdef USE_EDDSA_OPENSSL
 using concord::util::openssl_utils::EdDSA_Signer;
 using concord::util::openssl_utils::EdDSA_Verifier;
 #endif
@@ -95,10 +95,12 @@ TEST(SignerAndVerifierTest, LoadSignVerifyFromPemfiles) {
   generateRandomData(data, RANDOM_DATA_SIZE);
   readFile(privateKeyFullPath, privKey);
   readFile(publicKeyFullPath, pubkey);
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
   auto verifier_ = unique_ptr<RSAVerifier>(new RSAVerifier(pubkey, KeyFormat::PemFormat));
   auto signer_ = unique_ptr<RSASigner>(new RSASigner(privKey, KeyFormat::PemFormat));
-#else
+#endif
+
+#ifdef USE_EDDSA_OPENSSL
   auto verifier_ = unique_ptr<EdDSA_Verifier>(new EdDSA_Verifier(pubkey, KeyFormat::PemFormat));
   auto signer_ = unique_ptr<EdDSA_Signer>(new EdDSA_Signer(privKey, KeyFormat::PemFormat));
 #endif
@@ -133,9 +135,11 @@ TEST(SigManagerTest, ReplicasOnlyCheckVerify) {
   constexpr PrincipalId myId{0};
   string myPrivKey;
   string myPrivateKeyFullPath;
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
   unique_ptr<RSASigner> signers[numReplicas];
-#else
+#endif
+
+#ifdef USE_EDDSA_OPENSSL
   unique_ptr<EdDSA_Signer> signers[numReplicas];
 #endif
   set<pair<PrincipalId, const string>> publicKeysOfReplicas;
@@ -155,16 +159,20 @@ TEST(SigManagerTest, ReplicasOnlyCheckVerify) {
       continue;
     }
 
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
     signers[pid].reset(new RSASigner(privKey, KeyFormat::PemFormat));
-#else
+#endif
+
+#ifdef USE_EDDSA_OPENSSL
     signers[pid].reset(new EdDSA_Signer(privKey, KeyFormat::PemFormat));
 #endif
     string pubKeyFullPath({string(KEYS_BASE_PATH) + string("/") + to_string(i) + string("/") + PUB_KEY_NAME});
     readFile(pubKeyFullPath, pubKey);
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
     publicKeysOfReplicas.insert(make_pair(pid, pubKey));
-#else
+#endif
+
+#ifdef USE_EDDSA_OPENSSL
     publicKeysOfReplicas.insert(make_pair(pid, pubKey));
 #endif
   }
@@ -211,9 +219,11 @@ TEST(SigManagerTest, ReplicasOnlyCheckSign) {
   constexpr size_t numReplicas{4};
   constexpr PrincipalId myId{0};
   string myPrivKey, privKey, pubKey, sig;
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
   unique_ptr<RSAVerifier> verifier;
-#else
+#endif
+
+#ifdef USE_EDDSA_OPENSSL
   unique_ptr<EdDSA_Verifier> verifier;
 #endif
   set<pair<PrincipalId, const string>> publicKeysOfReplicas;
@@ -229,19 +239,23 @@ TEST(SigManagerTest, ReplicasOnlyCheckSign) {
   // Load single other replica's verifier (mock)
   string pubKeyFullPath({string(KEYS_BASE_PATH) + string("/") + to_string(1) + string("/") + PUB_KEY_NAME});
   readFile(pubKeyFullPath, pubKey);
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
   verifier.reset(new RSAVerifier(pubKey, KeyFormat::PemFormat));
-#else
+#endif
+
+#ifdef USE_EDDSA_OPENSSL
   verifier.reset(new EdDSA_Verifier(pubKey, KeyFormat::PemFormat));
 #endif
 
   // load public key of other replicas, must be done for SigManager ctor
   for (size_t i{2}; i <= numReplicas; ++i) {
     pubKeyFullPath = string(KEYS_BASE_PATH) + string("/") + to_string(i) + string("/") + PUB_KEY_NAME;
     readFile(pubKeyFullPath, pubKey);
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
     publicKeysOfReplicas.insert(make_pair(i - 1, pubKey));
-#else
+#endif
+
+#ifdef USE_EDDSA_OPENSSL
     publicKeysOfReplicas.insert(make_pair(i - 1, pubKey));
 #endif
   }
@@ -284,10 +298,12 @@ TEST(SigManagerTest, ReplicasAndClientsCheckVerify) {
   string myPrivKey;
   string myPrivateKeyFullPath;
   size_t i, signerIndex{0};
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
   unique_ptr<RSASigner>
       signers[numReplicas + numParticipantNodes];  // only external clients and consensus replicas sign
-#else
+#endif
+
+#ifdef USE_EDDSA_OPENSSL
   unique_ptr<EdDSA_Signer>
       signers[numReplicas + numParticipantNodes];  // only external clients and consensus replicas sign
 #endif
@@ -309,9 +325,11 @@ TEST(SigManagerTest, ReplicasAndClientsCheckVerify) {
       myPrivateKeyFullPath = privateKeyFullPath;
       continue;
     }
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
     signers[signerIndex].reset(new RSASigner(privKey, KeyFormat::PemFormat));
-#else
+#endif
+
+#ifdef USE_EDDSA_OPENSSL
     signers[signerIndex].reset(new EdDSA_Signer(privKey, KeyFormat::PemFormat));
 #endif
 
@@ -329,9 +347,11 @@ TEST(SigManagerTest, ReplicasAndClientsCheckVerify) {
     string privateKeyFullPath({string(KEYS_BASE_PATH) + string("/") + to_string(i) + string("/") + PRIV_KEY_NAME});
     readFile(privateKeyFullPath, privKey);
 
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
     signers[signerIndex].reset(new RSASigner(privKey, KeyFormat::PemFormat));
-#else
+#endif
+
+#ifdef USE_EDDSA_OPENSSL
     signers[signerIndex].reset(new EdDSA_Signer(privKey, KeyFormat::PemFormat));
 #endif
     string pubKeyFullPath({string(KEYS_BASE_PATH) + string("/") + to_string(i) + string("/") + PUB_KEY_NAME});

bftengine/tests/clientsManager/ClientsManager_test.cpp

@@ -42,12 +42,12 @@ using std::this_thread::sleep_for;
 using std::unique_ptr;
 using std::vector;
 
-#define RSA_Algo false
-
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
 using concord::util::cryptopp_utils::RSASigner;
 using concord::util::cryptopp_utils::Crypto;
-#else
+#endif
+
+#ifdef USE_EDDSA_OPENSSL
 using concord::util::openssl_utils::EdDSA_Signer;
 using concord::util::openssl_utils::Crypto;
 #endif
@@ -235,9 +235,11 @@ static bool verifyClientPublicKeyLoadedToKEM(NodeIdType client_id, const pair<st
     return false;
   }
 
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
   RSASigner signer(expected_key.first, kKeyFormatForTesting);
-#else
+#endif
+
+#ifdef USE_EDDSA_OPENSSL
   EdDSA_Signer signer(expected_key.first, kKeyFormatForTesting);
 #endif
   string signature = signer.sign(kArbitraryMessageForTestingKeyAgreement);

client/bftclient/src/bft_client.cpp

@@ -24,11 +24,11 @@ using namespace bftEngine;
 using namespace bftEngine::impl;
 using concord::util::crypto::KeyFormat;
 
-#define RSA_Algo false
-
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
 using concord::util::cryptopp_utils::RSASigner;
-#else
+#endif
+
+#ifdef USE_EDDSA_OPENSSL
 using concord::util::openssl_utils::EdDSA_Signer;
 #endif
 
@@ -66,9 +66,11 @@ Client::Client(SharedCommPtr comm, const ClientConfig& config, std::shared_ptr<c
 
     key_plaintext = secretsManager->decryptFile(file_path);
     if (!key_plaintext) throw InvalidPrivateKeyException(file_path, config.secrets_manager_config != std::nullopt);
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
     transaction_signer_ = std::make_unique<RSASigner>(key_plaintext.value().c_str(), KeyFormat::PemFormat);
-#else
+#endif
+
+#ifdef USE_EDDSA_OPENSSL
     transaction_signer_ = std::make_unique<EdDSA_Signer>(key_plaintext.value(), KeyFormat::PemFormat);
 #endif
   }

client/bftclient/test/bft_client_api_tests.cpp

@@ -58,8 +58,6 @@ constexpr char ENC_IV[] = "38106509f6528ff859c366747aa04f21";
 constexpr char KEYS_GEN_SCRIPT_PATH[] =
     "/concord-bft//scripts/linux/create_concord_clients_transaction_signing_keys.sh";
 
-#define RSA_Algo false
-
 class ClientApiTestFixture : public ::testing::Test {
  public:
   ClientConfig test_config_ = {ClientId{5},
@@ -188,9 +186,11 @@ TEST_P(ClientApiTestParametrizedFixture, print_received_messages_and_timeout) {
     std::stringstream stream;
     stream << file.rdbuf();
     auto pub_key_str = stream.str();
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
     transaction_verifier_.reset(new RSAVerifier(pub_key_str, KeyFormat::PemFormat));
-#else
+#endif
+
+#ifdef USE_EDDSA_OPENSSL
     transaction_verifier_.reset(new EdDSA_Verifier(pub_key_str, KeyFormat::PemFormat));
 #endif
   }

kvbc/src/pruning_handler.cpp

@@ -20,13 +20,13 @@
 
 namespace concord::kvbc::pruning {
 
-#define RSA_Algo false
-
 using concord::util::crypto::KeyFormat;
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
 using concord::util::cryptopp_utils::RSASigner;
 using concord::util::cryptopp_utils::RSAVerifier;
-#else
+#endif
+
+#ifdef USE_EDDSA_OPENSSL
 using concord::util::openssl_utils::EdDSA_Signer;
 using concord::util::openssl_utils::EdDSA_Verifier;
 #endif
@@ -42,23 +42,25 @@ void PruningSigner::sign(concord::messages::LatestPrunableBlock& block) {
 
 PruningSigner::PruningSigner(const std::string& key)
     :
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
       signer_ {
   std::make_unique<RSASigner>(key, KeyFormat::HexaDecimalStrippedFormat)
 }
-#else
-      signer_ {
-  std::make_unique<EdDSA_Signer>(key, KeyFormat::HexaDecimalStrippedFormat)
-}
+#endif
+
+#ifdef USE_EDDSA_OPENSSL
+signer_ { std::make_unique<EdDSA_Signer>(key, KeyFormat::HexaDecimalStrippedFormat) }
 #endif
 {}
 
 PruningVerifier::PruningVerifier(const std::set<std::pair<uint16_t, const std::string>>& replicasPublicKeys) {
   auto i = 0u;
   for (auto& [idx, pkey] : replicasPublicKeys) {
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
     replicas_.push_back(Replica{idx, std::make_unique<RSAVerifier>(pkey, KeyFormat::HexaDecimalStrippedFormat)});
-#else
+#endif
+
+#ifdef USE_EDDSA_OPENSSL
     replicas_.push_back(Replica{idx, std::make_unique<EdDSA_Verifier>(pkey, KeyFormat::HexaDecimalStrippedFormat)});
 #endif
     const auto ins_res = replica_ids_.insert(replicas_.back().principal_id);

kvbc/test/pruning_test.cpp

@@ -38,13 +38,12 @@ using namespace concord::kvbc;
 using namespace concord::kvbc::categorization;
 using namespace concord::kvbc::pruning;
 namespace {
-#define RSA_Algo false
 const NodeIdType replica_0 = 0;
 const NodeIdType replica_1 = 1;
 const NodeIdType replica_2 = 2;
 const NodeIdType replica_3 = 3;
 
-#if RSA_Algo
+#ifdef USE_CRYPTOPP
 std::string privateKey_0 =
     "308204BA020100300D06092A864886F70D0101010500048204A4308204A00201000282010100C55B8F7979BF24B335017082BF33EE2960E3"
     "A0"
@@ -325,7 +324,9 @@ std::string publicKey_4 =
     "BF2EA16F58773514249B03A4775C6A10561AFC8CF54B551A43FD014F3C5FE12D96AC5F117645E26D125DC7430114FA60577BF7C9AA1224D1"
     "90"
     "B2D8A83B020111";
-#else
+#endif
+
+#ifdef USE_EDDSA_OPENSSL
 const std::string privateKey_0 = "61498efe1764b89357a02e2887d224154006ceacf26269f8695a4af561453eef";
 const std::string privateKey_1 = "247a74ab3620ec6b9f5feab9ee1f86521da3fa2804ad45bb5bf2c5b21ef105bc";
 const std::string privateKey_2 = "fb539bc3d66deda55524d903da26dbec1f4b6abf41ec5db521e617c64eb2c341";