From 9cd5ab78ab27696753e6bf2ad709a04ac81fcd0d Mon Sep 17 00:00:00 2001 From: Pankaj Date: Wed, 27 Jul 2022 15:23:25 +0530 Subject: [PATCH] This commit contains:- i. Compilation macros (USE_CRYPTOPP_RSA and USE_EDDSA_SINGLE_SIGN) for RSA and EdDSA removed. ii. The choice of signing algorithm is now based on the value set in 'replicaMsgSigningAlgo' and 'operatorMsgSigningAlgo' config variables. --- CMakeLists.txt | 7 - .../preprocessor/tests/preprocessor_test.cpp | 25 +- .../tests/SigManager/SigManager_test.cpp | 24 +- bftengine/tests/messages/helper.cpp | 31 +- kvbc/test/pruning_test.cpp | 341 ++---------------- ...oncord_clients_transaction_signing_keys.sh | 2 +- secretsmanager/CMakeLists.txt | 14 +- secretsmanager/src/aes.cpp | 153 ++++---- secretsmanager/src/aes.h | 5 +- secretsmanager/src/base64.cpp | 106 +++--- secretsmanager/src/key_params.cpp | 24 +- tools/CMakeLists.txt | 16 - util/CMakeLists.txt | 10 +- util/src/openssl_utils.cpp | 33 +- 14 files changed, 258 insertions(+), 533 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 6fe5567cd7..626c309a3d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -24,8 +24,6 @@ if(NOT DEFINED USE_LOG4CPP) endif() option(USE_RELIC "Enable usage of Relic library for BLS threshold signature generation/verification" OFF) -option(USE_CRYPTOPP_RSA "Enable usage of Crypto++ library for RSA/ECDSA signature generation/verification" OFF) -option(USE_EDDSA_SINGLE_SIGN "Enable usage of OpenSSL library for EdDSA signature generation/verification" ON) option(RUN_APOLLO_TESTS "Enable Apollo tests run" ON) option(KEEP_APOLLO_LOGS "Retains logs from replicas in separate folder for each test in build/tests/apollo/logs" ON) option(TXN_SIGNING_ENABLED "Enable External concord client transcattion signing" ON) @@ -68,11 +66,6 @@ if(BUILD_COMM_TCP_TLS) math(EXPR COMM_MODULES "${COMM_MODULES}+1") endif() -if ((NOT USE_CRYPTOPP_RSA) AND (NOT USE_EDDSA_SINGLE_SIGN)) - message(FATAL_ERROR "At least one signature/verification algorithm implementation must be chosen. " - "Choose at least one of the following cmake options: [USE_EDDSA_SINGLE_SIGN, USE_CRYPTOPP_RSA]") -endif() - # UDP module is not part of the CMake configuration, it will be used by default # if neither of plain TCP or TLS will be chosen if(${COMM_MODULES} GREATER 1) diff --git a/bftengine/src/preprocessor/tests/preprocessor_test.cpp b/bftengine/src/preprocessor/tests/preprocessor_test.cpp index 8da8148b51..6953689a27 100644 --- a/bftengine/src/preprocessor/tests/preprocessor_test.cpp +++ b/bftengine/src/preprocessor/tests/preprocessor_test.cpp @@ -28,6 +28,7 @@ using namespace std; using namespace bft::communication; using namespace bftEngine; using namespace preprocessor; +using concord::crypto::signature::SIGN_VERIFY_ALGO; namespace { @@ -53,6 +54,7 @@ const NodeIdType replica_1 = 1; const NodeIdType replica_2 = 2; const NodeIdType replica_3 = 3; const NodeIdType replica_4 = 4; +const NodeIdType replica_5 = 5; const ViewNum viewNum = 1; PreProcessorRecorder preProcessorRecorder; std::shared_ptr sdm = make_shared(); @@ -155,8 +157,7 @@ class DummyPreProcessor : public PreProcessor { }; // clang-format off -#ifdef USE_CRYPTOPP_RSA -unordered_map replicaPrivKeys = { +unordered_map replicaRSAPrivKeys = { {replica_0, "308204BA020100300D06092A864886F70D0101010500048204A4308204A00201000282010100C55B8F7979BF24B335017082BF33EE2960E3A0" "68DCDB45CA3017214BFB3F32649400A2484E2108C7CD07AA7616290667AF7C7A1922C82B51CA01867EED9B60A57F5B6EE33783EC258B234748" "8B0FA3F99B05CFFBB45F80960669594B58C993D07B94D9A89ED8266D9931EAE70BB5E9063DEA9EFAF744393DCD92F2F5054624AA048C7EE50B" @@ -269,7 +270,7 @@ unordered_map replicaPrivKeys = { "7088BF0990AB8E232F269B5DBCD446385A66"} }; -unordered_map replicaPubKeys = { +unordered_map replicaRSAPubKeys = { {replica_0, "30820120300D06092A864886F70D01010105000382010D00308201080282010100C55B8F7979BF24B335017082BF33EE2960E3A068DCDB45CA" "3017214BFB3F32649400A2484E2108C7CD07AA7616290667AF7C7A1922C82B51CA01867EED9B60A57F5B6EE33783EC258B2347488B0FA3F99B" "05CFFBB45F80960669594B58C993D07B94D9A89ED8266D9931EAE70BB5E9063DEA9EFAF744393DCD92F2F5054624AA048C7EE50BEF374FCDCE" @@ -307,8 +308,8 @@ unordered_map replicaPubKeys = { "BF2EA16F58773514249B03A4775C6A10561AFC8CF54B551A43FD014F3C5FE12D96AC5F117645E26D125DC7430114FA60577BF7C9AA1224D190" "B2D8A83B020111"} }; -#elif USE_EDDSA_SINGLE_SIGN -unordered_map replicaPrivKeys = { + +unordered_map replicaEdDSAPrivKeys = { {replica_0, "61498efe1764b89357a02e2887d224154006ceacf26269f8695a4af561453eef"}, {replica_1, "247a74ab3620ec6b9f5feab9ee1f86521da3fa2804ad45bb5bf2c5b21ef105bc"}, {replica_2, "fb539bc3d66deda55524d903da26dbec1f4b6abf41ec5db521e617c64eb2c341"}, @@ -316,16 +317,18 @@ unordered_map replicaPrivKeys = { {replica_4, "f2f3d43da68329bfe31419636072e27cfd1a8fff259be4bfada667080eb00556"} }; -unordered_map replicaPubKeys = { +unordered_map replicaEdDSAPubKeys = { {replica_0, "386f4fb049a5d8bb0706d3793096c8f91842ce380dfc342a2001d50dfbc901f4"}, {replica_1, "3f9e7dbde90477c24c1bacf14e073a356c1eca482d352d9cc0b16560a4e7e469"}, {replica_2, "2311c6013ff657844669d8b803b2e1ed33fe06eed445f966a800a8fbb8d790e8"}, {replica_3, "1ba7449655784fc9ce193a7887de1e4d3d35f7c82b802440c4f28bf678a34b34"}, {replica_4, "c426c524c92ad9d0b740f68ee312abf0298051a7e0364a867b940e9693ae6095"} }; -#endif // clang-format on +unordered_map replicaPrivKeys; +unordered_map replicaPubKeys; + void setUpConfiguration_4() { replicaConfig.replicaId = replica_0; replicaConfig.numReplicas = numOfReplicas_4; @@ -1046,6 +1049,14 @@ TEST(requestPreprocessingState_test, rejectMsgWithInvalidView) { int main(int argc, char** argv) { ::testing::InitGoogleTest(&argc, argv); logging::initLogger("logging.properties"); + + if (replicaConfig.replicaMsgSigningAlgo == SIGN_VERIFY_ALGO::RSA) { + replicaPrivKeys = replicaRSAPrivKeys; + replicaPubKeys = replicaRSAPubKeys; + } else if (replicaConfig.replicaMsgSigningAlgo == SIGN_VERIFY_ALGO::EDDSA) { + replicaPrivKeys = replicaEdDSAPrivKeys; + replicaPubKeys = replicaEdDSAPubKeys; + } setUpConfiguration_4(); RequestProcessingState::init(numOfRequiredReplies, &preProcessorRecorder); PreProcessReplyMsg::setPreProcessorHistograms(&preProcessorRecorder); diff --git a/bftengine/tests/SigManager/SigManager_test.cpp b/bftengine/tests/SigManager/SigManager_test.cpp index eb2106c498..ff29314e8e 100644 --- a/bftengine/tests/SigManager/SigManager_test.cpp +++ b/bftengine/tests/SigManager/SigManager_test.cpp @@ -40,14 +40,9 @@ using concord::crypto::signature::SignerFactory; using concord::crypto::signature::VerifierFactory; using concord::crypto::openssl::OpenSSLCryptoImpl; using bftEngine::ReplicaConfig; +using concord::crypto::signature::SIGN_VERIFY_ALGO; -#ifdef USE_CRYPTOPP_RSA -constexpr char ALGO_NAME[] = "rsa"; -#elif USE_EDDSA_SINGLE_SIGN -constexpr char ALGO_NAME[] = "eddsa"; -#endif - -void generateKeyPairs(size_t count, const char algo[]) { +void generateKeyPairs(size_t count) { ostringstream cmd; ASSERT_EQ(0, system(cmd.str().c_str())); @@ -57,6 +52,12 @@ void generateKeyPairs(size_t count, const char algo[]) { cmd.str(""); cmd.clear(); + std::string algo; + if (ReplicaConfig::instance().replicaMsgSigningAlgo == SIGN_VERIFY_ALGO::RSA) { + algo = "rsa"; + } else if (ReplicaConfig::instance().replicaMsgSigningAlgo == SIGN_VERIFY_ALGO::EDDSA) { + algo = "eddsa"; + } cmd << KEYS_GEN_SCRIPT_PATH << " -n " << count << " -r " << PRIV_KEY_NAME << " -u " << PUB_KEY_NAME << " -o " << KEYS_BASE_PARENT_PATH << " -a " << algo; ASSERT_EQ(0, system(cmd.str().c_str())); @@ -126,7 +127,8 @@ TEST(SignerAndVerifierTest, LoadSignVerifyFromPemfiles) { string privKey, pubkey, sig; char data[RANDOM_DATA_SIZE]{0}; - generateKeyPairs(1, ALGO_NAME); + generateKeyPairs(1); + generateRandomData(data, RANDOM_DATA_SIZE); readFile(privateKeyFullPath, privKey); readFile(publicKeyFullPath, pubkey); @@ -168,7 +170,7 @@ TEST(SigManagerTest, ReplicasOnlyCheckVerify) { unique_ptr signers[numReplicas]; set> publicKeysOfReplicas; - generateKeyPairs(numReplicas, ALGO_NAME); + generateKeyPairs(numReplicas); // Load signers to simulate other replicas for (size_t i{1}; i <= numReplicas; ++i) { @@ -235,7 +237,7 @@ TEST(SigManagerTest, ReplicasOnlyCheckSign) { char data[RANDOM_DATA_SIZE]{0}; size_t expectedSignerSigLen; - generateKeyPairs(numReplicas, ALGO_NAME); + generateKeyPairs(numReplicas); // Load my private key string privateKeyFullPath({string(KEYS_BASE_PATH) + string("/") + to_string(1) + string("/") + PRIV_KEY_NAME}); @@ -298,7 +300,7 @@ TEST(SigManagerTest, ReplicasAndClientsCheckVerify) { set>> publicKeysOfClients; unordered_map principalIdToSignerIndex; - generateKeyPairs(numReplicas + numParticipantNodes, ALGO_NAME); + generateKeyPairs(numReplicas + numParticipantNodes); // Load replica signers to simulate other replicas PrincipalId currPrincipalId{0}; diff --git a/bftengine/tests/messages/helper.cpp b/bftengine/tests/messages/helper.cpp index dad4e083fe..7e53396229 100644 --- a/bftengine/tests/messages/helper.cpp +++ b/bftengine/tests/messages/helper.cpp @@ -10,11 +10,14 @@ // file. #include "helper.hpp" +#include "ReplicaConfig.hpp" typedef std::pair IdToKeyPair; -#ifdef USE_CRYPTOPP_RSA -const char replicaPrivateKey[] = +using concord::crypto::signature::SIGN_VERIFY_ALGO; +using bftEngine::ReplicaConfig; + +const std::string replicaRSAPrivateKey = { "308204BC020100300D06092A864886F70D0101010500048204A6308204A20201000282010100BCC5BEA607F4F52A493AA2F40C2D5482D7CE37" "DFC526E98131FDC92CE2ECA6035DB307B182EF52CA8471B78A65E445399816AFACB224F4CEA9597D4B6FE5E84030B7AF78A88BA0233263A9F0" "E2658A6E5BE57923D9093B7D6B70FDBAEC3CDA05C5EDE237674A598F5D607A50C1C528EEAE4B690C90820901A01BF4747C39FE6BD6DA535A9B" @@ -36,8 +39,8 @@ const char replicaPrivateKey[] = "4B1D3F7395D5D435E5D2071AD7AF5CB08758355C8686B890CDA88B798612CEFB57CCA85D5109B5A529ECAB80B79CC685D8836ECD6F7FD67D5F" "7502818100B33DC57C801E0824CF2C77D6D35EC51E321168DA1DED72238ECF69DF6BD485B19A2A67CFBE87F6819F5872463687295F4091C6D9" "9AE98AD08EB45931E761D42D9CE941CEF7DF8A493FEAD8EB571BBBA21EF6403151CB25C71A9BB457D3FB058AA34AB4C1AB474C86293A26D428" - "E77960457E2631215FF7B68013877ABCCE4322"; -const std::string pubKey = { + "E77960457E2631215FF7B68013877ABCCE4322"}; +const std::string replicaRSAPubKey = { "30820120300D06092A864886F70D01010105000382010D00308201080282010100B" "CC5BEA607F4F52A493AA2F40C2D5482D7CE37DFC526E981" "31FDC92CE2ECA6035DB307B182EF52CA8471B78A65E445399816AFACB224F4CEA95" @@ -49,19 +52,25 @@ const std::string pubKey = { "F6605C909F98B6C3F795354BBB988C9695F8A1E27FFC3CE4FFA64B549DD90727634" "04FBD352C5C1A05FA3D17377E113600B1EDCAEE17687BC4" "C1AA6F3D020111"}; -#elif USE_EDDSA_SINGLE_SIGN -const char replicaPrivateKey[] = {"09a30490ebf6f6685556046f2497fd9c7df4a552998c9a9b6ebec742e8183174"}; -const std::string pubKey = {"7363bc5ab96d7f85e71a5ffe0b284405ae38e2e0f032fb3ffe805d9f0e2d117b"}; -#endif - -const std::vector replicasPubKeys = {pubKey, pubKey, pubKey, pubKey, pubKey, pubKey, pubKey}; +const std::string replicaEdDSAPrivateKey = {"09a30490ebf6f6685556046f2497fd9c7df4a552998c9a9b6ebec742e8183174"}; +const std::string replicaEdDSAPubKey = {"7363bc5ab96d7f85e71a5ffe0b284405ae38e2e0f032fb3ffe805d9f0e2d117b"}; void loadPrivateAndPublicKeys(std::string& myPrivateKey, std::set>& publicKeysOfReplicas, ReplicaId myId, size_t numReplicas) { ConcordAssert(numReplicas <= 7); - myPrivateKey = replicaPrivateKey; + + std::string pubKey; + if (ReplicaConfig::instance().replicaMsgSigningAlgo == SIGN_VERIFY_ALGO::RSA) { + myPrivateKey = replicaRSAPrivateKey; + pubKey = replicaRSAPubKey; + } else if (ReplicaConfig::instance().replicaMsgSigningAlgo == SIGN_VERIFY_ALGO::EDDSA) { + myPrivateKey = replicaEdDSAPrivateKey; + pubKey = replicaEdDSAPubKey; + } + const std::vector replicasPubKeys{pubKey, pubKey, pubKey, pubKey, pubKey, pubKey, pubKey}; + for (size_t i{0}; i < numReplicas; ++i) { if (i == myId) continue; publicKeysOfReplicas.insert(IdToKeyPair(i, replicasPubKeys[i].c_str())); diff --git a/kvbc/test/pruning_test.cpp b/kvbc/test/pruning_test.cpp index 59ee76be4b..41def42551 100644 --- a/kvbc/test/pruning_test.cpp +++ b/kvbc/test/pruning_test.cpp @@ -36,319 +36,40 @@ using concord::kvbc::BlockId; using namespace concord::kvbc; using namespace concord::kvbc::categorization; using namespace concord::kvbc::pruning; +using concord::crypto::openssl::OpenSSLCryptoImpl; +using concord::crypto::cryptopp::RSA_SIGNATURE_LENGTH; +using concord::crypto::cryptopp::Crypto; +using concord::crypto::signature::SIGN_VERIFY_ALGO; +using bftEngine::ReplicaConfig; namespace { const NodeIdType replica_0 = 0; const NodeIdType replica_1 = 1; const NodeIdType replica_2 = 2; const NodeIdType replica_3 = 3; +constexpr uint8_t noOfReplicas = 4U; -#ifdef USE_CRYPTOPP_RSA -std::string privateKey_0 = - "308204BA020100300D06092A864886F70D0101010500048204A4308204A00201000282010100C55B8F7979BF24B335017082BF33EE2960E3" - "A0" - "68DCDB45CA3017214BFB3F32649400A2484E2108C7CD07AA7616290667AF7C7A1922C82B51CA01867EED9B60A57F5B6EE33783EC258B2347" - "48" - "8B0FA3F99B05CFFBB45F80960669594B58C993D07B94D9A89ED8266D9931EAE70BB5E9063DEA9EFAF744393DCD92F2F5054624AA048C7EE5" - "0B" - "EF374FCDCE1C8CEBCA1EF12AF492402A6F56DC9338834162F3773B119145BF4B72672E0CF2C7009EBC3D593DFE3715D942CA8749771B484F" - "72" - "A2BC8C89F86DB52ECC40763B6298879DE686C9A2A78604A503609BA34B779C4F55E3BEB0C26B1F84D8FC4EB3C79693B25A77A158EF88292D" - "4C" - "01F99EFE3CC912D09B020111028201001D05EF73BF149474B4F8AEA9D0D2EE5161126A69C6203EF8162184E586D4967833E1F9BF56C89F68" - "AD" - "35D54D99D8DB4B7BB06C4EFD95E840BBD30C3FD7A5E890CEF6DB99E284576EEED07B6C8CEBB63B4B80DAD2311D1A706A5AC95DE768F01721" - "3B" - "896B9EE38D2E3C2CFCE5BDF51ABD27391761245CDB3DCB686F05EA2FF654FA91F89DA699F14ACFA7F0D8030F74DBFEC28D55C902A27E9C03" - "AB" - "1CA2770EFC5BE541560D86FA376B1A688D92124496BB3E7A3B78A86EBF1B694683CDB32BC49431990A18B570C104E47AC6B0DE5616851F43" - "09" - "CFE7D0E20B17C154A3D85F33C7791451FFF73BFC4CDC8C16387D184F42AD2A31FCF545C3F9A498FAAC6E94E902818100F40CF9152ED4854E" - "1B" - "BF67C5EA185C52EBEA0C11875563AEE95037C2E61C8D988DDF71588A0B45C23979C5FBFD2C45F9416775E0A644CAD46792296FDC68A98148" - "F7" - "BD3164D9A5E0D6A0C2DF0141D82D610D56CB7C53F3C674771ED9ED77C0B5BF3C936498218176DC9933F1215BC831E0D41285611F512F6832" - "7E" - "4FBD9E5C5902818100CF05519FD69D7C6B61324F0A201574C647792B80E5D4D56A51CF5988927A1D54DF9AE4EA656AE25961923A0EC046F1" - "C5" - "69BAB53A64EB0E9F5AB2ABF1C9146935BA40F75E0EB68E0BE4BC29A5A0742B59DF5A55AB028F1CCC42243D2AEE4B74344CA33E72879EF2D1" - "CD" - "D874A7F237202AC7EB57AEDCBD539DEFDA094476EAE613028180396C76D7CEC897D624A581D43714CA6DDD2802D6F2AAAE0B09B885974533" - "E5" - "14D6167505C620C51EA41CA70E1D73D43AA5FA39DA81799922EB3173296109914B98B2C31AAE515434E734E28ED31E8D37DA99BA11C2E693" - "B6" - "398570ABBF6778A33C0E40CC6007E23A15C9B1DE6233B6A25304B91053166D7490FCD26D1D8EAC5102818079C6E4B86020674E392CA6F6E5" - "B2" - "44B0DEBFBF3CC36E232F7B6AE95F6538C5F5B0B57798F05CFD9DFD28D6DB8029BB6511046A9AD1F3AE3F9EC37433DFB1A74CC7E9FAEC08A7" - "9E" - "D9D1D8187F8B8FA107B08F7DAFE3633E1DCC8DC9A0C8689EB55A41E87F9B12347B6A06DB359D89D6AFC0E4CA2A9FF6E5E46EF8BA2845F396" - "65" - "0281802A89B2BD4A665A0F07DCAFA6D9DB7669B1D1276FC3365173A53F0E0D5F9CB9C3E08E68503C62EA73EB8E0DA42CCF6B136BF4A85B0A" - "C4" - "24730B4F3CAD8C31D34DD75EF2A39B6BCFE3985CCECC470CF479CF0E9B9D6C7CE1C6C70D853728925326A22352DF73B502D4D3CBC2A770DE" - "27" - "6E1C5953DF7A9614C970C94D194CAE9188"; -std::string privateKey_1 = - "308204BC020100300D06092A864886F70D0101010500048204A6308204A20201000282010100CAF26C09B1F6F056F66B54AA0EA002EA2361" - "51" - "3A721A58E44472ADE74DBD833890ED9EE8E0CFF1B84C3DFE9E6226C8CEBFFEDFE71A6BCFE5A599D02FD9940997E864D400BF440BA7B1A568" - "A5" - "ACF7688B025B5B207E5651E597141FAEF733FA9D87732B8FBA31E082BE777AEB992B00873764655C3B1F8FBF8DD2446F4F9F79883E21DBC1" - "A1" - "7431E42AF01B9D4DE54B9880E7FB397655C79D7C3A5981CA64A32E2F05FCF0B127F4C6D349056276992B7403D36E03D14C45B6F5F6678628" - "0C" - "921236A17EE0F311821BDF925A47DCA590BB31C60646692014317BE0DD32248DF557A77F80F336C82461B659266F74F495BA5CE194043505" - "B5" - "F0C363263BF73BB897020111028201005F8123C853BF8028EC6EBE6E2500015F1FB55366CC48A24D4D6324A915865BDE6251B4315ABC3583" - "E7" - "A4B40E4C4E7C9D8786FFF448AB34A84DEE079E0C096DED221154B50EB69C12ADF37C8A334740416A85580F4A82F95CFBCD3C1619FA57D1A9" - "27" - "238EEE3596D41D656705754169A90B021194D08752B47EF9899DCB1DDED5DCDDA688D9FA88F9303E99CAB040D2E47DCE866717580C2CD01D" - "B9" - "4E8FE215EAA254432E3B399B90260255DEE7FADED4643814C0DE41DE237BBB7173CFF16AC9237AADA4595FD95EB92E30D2127C7761C6A1CD" - "75" - "C1F12F5B92B6602E1CDC06E112321B0A41C8A102D785B7C4C7D2441DA983346B81873984DD680FB4B1C9AD7102818100D5E41BE52CECFB74" - "05" - "01B87C631DEFB3DD855EE95553A816BE8D3DFAE200086E1C12E9FBDDD8737F2CCE2CED1D82431ADC63C1B34EA59C27E98283EB20EAF8F5A2" - "9D" - "45ACE2E5C3173F396DF4356D54F3ED0CF9BBA222E3B9194CD15F88B6AB8FAFDFACACCC97D87555CD1E864D09DF795FB8BE3F9BE2CB8E52F6" - "41" - "FCEDC8E97902818100F2E6BDF9A552D35E9F695C52343D9BBF180BBEB50F6705A7836DF1BFF6A42C2D7A000432957516B555B5E1FBAC21CE" - "D5" - "D2788036AA5AB183A5859284ED409631289F8836D240111B56D6C4953FEFBE177EA137F08ADCABD5CAD07F709E83BB29B0F55AD09E65F5C6" - "56" - "8FE166FF4BE581F4F2066025E3902819EFC2DF0FA63E8F0281803EE8BCE90D36A44F4CC44551C2CC91CB7D637644A0A022610ADE3F67E81E" - "20" - "98DB149F2BF5F45E347696FE279F446E16F586C080081297570871AE5436DBB2A2993D50BA60DA2A5221A77AB13CE3EBCF45B885AFA82861" - "18" - "52BC3D94919F23667F058D23C3B4309AFB1E36278011F66EFE0928E58833A547FA486DC2DC8662C902818100AB75B346CF0D49E870869B85" - "52" - "0D5EE13E26687FCEA3130CD53E8C8780EC5B6B652D3023B4CB1F1696DABDA2979F64D32B27E208784004D565C7B2B82F006A0495255117A3" - "78" - "848BC4D3D60EFFF4862EB3BD186D8F325B2D801AB44F7EF3932C7CE96D47F75707D74C2953D03BBD1A79DA1440BC56FAFC588AC75C613839" - "1D" - "1902818100BBC05F561AEF4BDE1ECABB5CD313E6173F5E46AC85B4462A8CA689E4E84B95E66733081518DB01714B7B18E44B780DB5A6DA26" - "12" - "506F46E4D91C8CB582AFD54C7509C9947EC754BFDD0D35FAECE2E729DBD21A62E33C3DEF556913ECF4C8D75910E860D36AFD0977FF9114AC" - "EA" - "8F44882259C6F1D8314B653F64F4655CFD68A6"; -std::string privateKey_2 = - "308204BA020100300D06092A864886F70D0101010500048204A4308204A00201000282010100DA68B2830103028D0ECD911D20E732257F8A" - "39" - "BC5214B670C8F1F836CD1D88E6421ABD3C47F16E37E07DCFE89FC11ECBED73896FC978B7E1519F59318F3E24BB5C8962B0EA44889C3A8102" - "1C" - "C9E8EAA94099B9305B0F7731C27CC528CFEE710066CB69229F8AA04DBD842FA8C3143CB0EF1164E45E34B114FBA610DBDFC7453DAD995743" - "AD" - "1489AA131D0C730163ECA7317048C1AD1008ED31A32CB773D94B5317CAAF95674582DCA1AC9FEBE02079836B52E1E3C8D39571018A765765" - "0D" - "52D2DF3363F88A690628D64DCBECB88BBA432F27C32E7BC5BC0F1D16D0A027D1D40362F8CEDBE8BED05C2BCE96F33A75CD70014626B32E5E" - "E8" - "1EBD3116F6F1E5231B02011102820100201E749ACB716241EB96B375398B6941BFEEAE23393F480186F668444B572AB873220CC519A38126" - "55" - "B8261AAE14DEE1C1097617F7FB2A199B0FE7783AB650B22432524731828C8F7203E9B8F08422824D43C868FE55190ED8D61CFE78EE5BE978" - "87" - "5339CC2AF974D81AF7F32BBF361A050A165DD19E5646D9B68A02377F2FD417BE92D2722CEE33B3A0F7B111639C092B4024BB08ACEBE9F9BC" - "28" - "C14BB611DBE627136B568493C6995D81442F09DFEFBA4378A34DEF28F3BD862F4C28BECA87A95551FC2DB48766F82752C7E8B34E85995901" - "90" - "B12A648AC1E361FE28A3253EC615381A066BFD351C18F0B236429A950106DD4F1134A3DE6CEB1094B7CE5C7102818100EA51580294BB0FD7" - "DA" - "FDC00364A9B3C4781F70C4BBE8BDE0D82895ADE549E25388E78A53EF83CF9A3D9528F70CB5A57A9A187D5AC68682F03B26C2F6A409E1554F" - "ED" - "061BDC944985102F2988A5A8CD639BA7890FD689D7171612159AAA818F5502EF80D5D13339826A98914A321B5B4512EC24AF3EE80F982D34" - "18" - "0C85B3E38102818100EE9E7F43A98E593F72A584EEC014E0A46003116B82F5D3A21DAE4EB3F21FBC5B71D96E012B6F5FFBEACED4BEC6C147" - "AA" - "AB6F9698F0592F3A8A6CD827ABF210497635639043D5F0B461E00914B152D6ECB3EFC9138A1B9FAEE09420AB9C2E1436B6AC36EEB8AD4370" - "9B" - "BFA0ED30FBF09C1A91BAB71410E49E11BE8E2A571C649B02818044EABF8849DCAA4E8BB40B4C4AC8802AB9EB212ACDDB0AAB8ADEC29C8EBB" - "60" - "AF284419A0376300D3030DC0C121DB128D789DCA841C45AE0A6BC01B397B8A6F7371DC4D1740E051DBD79566919A2296C2F18BA0C86C46A8" - "AC" - "6FE73387D7CBC0BEA682AD6C105A5C356AA557E8A553571450DC0ACA218F8C1DB2F1343FEB16CA71028180704A963DF57029FFBD7B11614B" - "55" - "1E6B7879EA1479DD184C4A33E8CD26A585D0AE0BF7881470A5A3B9CABE77E50FA941419DEC8434DEACD04124297C14AE25C837A0A752F2BF" - "07" - "DC6A4B4F91446337F6EB43A9EB13D0C39D96DC4B9C0D42DC55FB9C5615FC8DC5622B2D006F9E94AD76A31766ECBE26113B53A4F79B744998" - "C1" - "028180124E2A5DAC7AC7017647FE1B6871484B7B38A3C060B992B871939C8A75BC35DB771F041910C0092E01B545E1910109AA827F34F563" - "27" - "15E06819ADED60117FD8B9400C3F307EA022D5AC5394E65D28EF434DC068494D33ACF70B43791C1C13C35AC680E0038DB411ADEBBC067F47" - "7E" - "01E8CF793FB076AE47BD83B935B8041DC1"; -std::string privateKey_3 = - "308204BB020100300D06092A864886F70D0101010500048204A5308204A10201000282010100B4D984129ECC2F4350596DD602EB5337B78E" - "33" - "C4D945C70C2CACFF6237037BEF897D6893079D1067F07FF023D66C77BB41F6D41215C9912D995215C6F7651F1728AAB65CF20CBE81E5E7F2" - "02" - "E474AF535E92BBC386A7A496263BC4189FD9DD5E801C3023038EFE5B5DE35AA3F70C10F87259D586C36D3DF524E9DA2140C481365985AD18" - "5E" - "1CF3E78B6B82FDD274CCD1267838A0B91F9B48544AFB2C71B158A26E6154CECB43ECEE13FFBD6CA91D8D115B6B91C55F3A88E3F389E9A2AF" - "4B" - "C381D21F9ABF2EA16F58773514249B03A4775C6A10561AFC8CF54B551A43FD014F3C5FE12D96AC5F117645E26D125DC7430114FA60577BF7" - "C9" - "AA1224D190B2D8A83B020111028201004FC95FEA18E19C6176459256E32B95A7A3CDCB8B8D08322B04A6ACE790BDC5BC806C087D19F2782D" - "DB" - "0B444C0BC6710ED9564E8073061A66F0D163F5E59D8DB764C3C8ECC523BD758B13815BA1064D597C8C078AF7A450241FED30DDAFEF2CF4FC" - "48" - "ABD336469D648B4DB70C1A2AF86D9BDC56AC6546C882BD763A963329844BF0E8C79E5E7A5C227A1CDB8473965090084BEAC728E4F86670BA" - "E0" - "5DA589FAE1EBC98A26BF207261EECE5A92759DE516306B0B2F715370586EF45447F82CC37206F70D762AAB75215482A67FE6742E9D644AB7" - "65" - "4F02476EAE15A742FCB2266DAE437DC76FB17E1698D4987945C779A4B89F5FB3F5E1B194EFA4024BA3797F2502818100E2BDA6F0031EAA02" - "7B" - "1E8099D9D2CF408B8C9D83A22BFBAAD3BCFA952469A001C25E5E2E89DAF28636633E8D7C5E1E5FD8384767DB5B384DAB38147EA46871D5E3" - "1E" - "DC110026E42E90C44F02110A369ACF0445C617CC25CD1207F116B9AF2FA78A89E6C6345EAFD0607CB145410DD6619AC0C034B54283A0065B" - "93" - "3550B8DACF02818100CC2FDB49EB3E45DB2EB644048C3C35E3BB50980453DB8EB54DD5595CA2DBC43A2F2912D0F696E6126AFBF5D7777BAB" - "B2" - "6AC931030B8896343BC19EA30B8EEBFECE2617A2564B3D66E29DF66708254877CC33E699501A2BA4D0D7D02F068B1DCF6C7A0794F24BEE83" - "BE" - "2E8453D3E436C3B59D2D9BEEB5B38541EF170544EA46D502818100AD63DA02D5359110F4BCF8EE1F0A9E7CA6F30F0A4ED6570A29726544DF" - "9C" - "10F2495738F6696B31EE29972FD59B57082B2CDFBE223E54D0B3DD49009D144FDE94808102A396B454239BE169982B25ED85712162886C8D" - "0D" - "D90DC9D67ACA3AABF8971E28F1EBCFEFDB95140F16D764EF3B947547AFD5E791D4B9915274108D5C07028180300B42A7FB1DB61574671F10" - "20" - "FF1BBD1D03E7888C33A91B99D7D8CA80AC2E2BCEDC7CE5DFAB08F546596705858682C09198C03CF3A7AADF1D1E7FADE49A196921725FE9F6" - "2F" - "D236537076365C4501FE11EE182412D8FB35D6C95E292EB7524EEC58F2B9A26C381EFF92797D22CC491EFD8E6515A1942A3D78ECF65B97BE" - "A7" - "410281806625E51F70BB9E00D0260941C56B22CDCECC7EA6DBC2C28A1CDA0E1AFAACD39C5E962E40FCFC0F5BBA57A7291A1BDC5D3D29495B" - "45" - "CE2B3BEC7748E6C351FF934537BCA246CA36B840CF68BE6D473F7EE079B0EFDFF6B1BB554B06093E18B269FC3BD3F9876376CA7C673A93F1" - "42" - "7088BF0990AB8E232F269B5DBCD446385A66"; -std::string privateKey_4 = - "308204BB020100300D06092A864886F70D0101010500048204A5308204A10201000282010100B4D984129ECC2F4350596DD602EB5337B78E" - "33" - "C4D945C70C2CACFF6237037BEF897D6893079D1067F07FF023D66C77BB41F6D41215C9912D995215C6F7651F1728AAB65CF20CBE81E5E7F2" - "02" - "E474AF535E92BBC386A7A496263BC4189FD9DD5E801C3023038EFE5B5DE35AA3F70C10F87259D586C36D3DF524E9DA2140C481365985AD18" - "5E" - "1CF3E78B6B82FDD274CCD1267838A0B91F9B48544AFB2C71B158A26E6154CECB43ECEE13FFBD6CA91D8D115B6B91C55F3A88E3F389E9A2AF" - "4B" - "C381D21F9ABF2EA16F58773514249B03A4775C6A10561AFC8CF54B551A43FD014F3C5FE12D96AC5F117645E26D125DC7430114FA60577BF7" - "C9" - "AA1224D190B2D8A83B020111028201004FC95FEA18E19C6176459256E32B95A7A3CDCB8B8D08322B04A6ACE790BDC5BC806C087D19F2782D" - "DB" - "0B444C0BC6710ED9564E8073061A66F0D163F5E59D8DB764C3C8ECC523BD758B13815BA1064D597C8C078AF7A450241FED30DDAFEF2CF4FC" - "48" - "ABD336469D648B4DB70C1A2AF86D9BDC56AC6546C882BD763A963329844BF0E8C79E5E7A5C227A1CDB8473965090084BEAC728E4F86670BA" - "E0" - "5DA589FAE1EBC98A26BF207261EECE5A92759DE516306B0B2F715370586EF45447F82CC37206F70D762AAB75215482A67FE6742E9D644AB7" - "65" - "4F02476EAE15A742FCB2266DAE437DC76FB17E1698D4987945C779A4B89F5FB3F5E1B194EFA4024BA3797F2502818100E2BDA6F0031EAA02" - "7B" - "1E8099D9D2CF408B8C9D83A22BFBAAD3BCFA952469A001C25E5E2E89DAF28636633E8D7C5E1E5FD8384767DB5B384DAB38147EA46871D5E3" - "1E" - "DC110026E42E90C44F02110A369ACF0445C617CC25CD1207F116B9AF2FA78A89E6C6345EAFD0607CB145410DD6619AC0C034B54283A0065B" - "93" - "3550B8DACF02818100CC2FDB49EB3E45DB2EB644048C3C35E3BB50980453DB8EB54DD5595CA2DBC43A2F2912D0F696E6126AFBF5D7777BAB" - "B2" - "6AC931030B8896343BC19EA30B8EEBFECE2617A2564B3D66E29DF66708254877CC33E699501A2BA4D0D7D02F068B1DCF6C7A0794F24BEE83" - "BE" - "2E8453D3E436C3B59D2D9BEEB5B38541EF170544EA46D502818100AD63DA02D5359110F4BCF8EE1F0A9E7CA6F30F0A4ED6570A29726544DF" - "9C" - "10F2495738F6696B31EE29972FD59B57082B2CDFBE223E54D0B3DD49009D144FDE94808102A396B454239BE169982B25ED85712162886C8D" - "0D" - "D90DC9D67ACA3AABF8971E28F1EBCFEFDB95140F16D764EF3B947547AFD5E791D4B9915274108D5C07028180300B42A7FB1DB61574671F10" - "20" - "FF1BBD1D03E7888C33A91B99D7D8CA80AC2E2BCEDC7CE5DFAB08F546596705858682C09198C03CF3A7AADF1D1E7FADE49A196921725FE9F6" - "2F" - "D236537076365C4501FE11EE182412D8FB35D6C95E292EB7524EEC58F2B9A26C381EFF92797D22CC491EFD8E6515A1942A3D78ECF65B97BE" - "A7" - "410281806625E51F70BB9E00D0260941C56B22CDCECC7EA6DBC2C28A1CDA0E1AFAACD39C5E962E40FCFC0F5BBA57A7291A1BDC5D3D29495B" - "45" - "CE2B3BEC7748E6C351FF934537BCA246CA36B840CF68BE6D473F7EE079B0EFDFF6B1BB554B06093E18B269FC3BD3F9876376CA7C673A93F1" - "42" - "7088BF0990AB8E232F269B5DBCD446385A66"; -std::string publicKey_0 = - "30820120300D06092A864886F70D01010105000382010D00308201080282010100C55B8F7979BF24B335017082BF33EE2960E3A068DCDB45" - "CA" - "3017214BFB3F32649400A2484E2108C7CD07AA7616290667AF7C7A1922C82B51CA01867EED9B60A57F5B6EE33783EC258B2347488B0FA3F9" - "9B" - "05CFFBB45F80960669594B58C993D07B94D9A89ED8266D9931EAE70BB5E9063DEA9EFAF744393DCD92F2F5054624AA048C7EE50BEF374FCD" - "CE" - "1C8CEBCA1EF12AF492402A6F56DC9338834162F3773B119145BF4B72672E0CF2C7009EBC3D593DFE3715D942CA8749771B484F72A2BC8C89" - "F8" - "6DB52ECC40763B6298879DE686C9A2A78604A503609BA34B779C4F55E3BEB0C26B1F84D8FC4EB3C79693B25A77A158EF88292D4C01F99EFE" - "3C" - "C912D09B020111"; -std::string publicKey_1 = - "30820120300D06092A864886F70D01010105000382010D00308201080282010100CAF26C09B1F6F056F66B54AA0EA002EA2361513A721A58" - "E4" - "4472ADE74DBD833890ED9EE8E0CFF1B84C3DFE9E6226C8CEBFFEDFE71A6BCFE5A599D02FD9940997E864D400BF440BA7B1A568A5ACF7688B" - "02" - "5B5B207E5651E597141FAEF733FA9D87732B8FBA31E082BE777AEB992B00873764655C3B1F8FBF8DD2446F4F9F79883E21DBC1A17431E42A" - "F0" - "1B9D4DE54B9880E7FB397655C79D7C3A5981CA64A32E2F05FCF0B127F4C6D349056276992B7403D36E03D14C45B6F5F66786280C921236A1" - "7E" - "E0F311821BDF925A47DCA590BB31C60646692014317BE0DD32248DF557A77F80F336C82461B659266F74F495BA5CE194043505B5F0C36326" - "3B" - "F73BB897020111"; -std::string publicKey_2 = - "30820120300D06092A864886F70D01010105000382010D00308201080282010100DA68B2830103028D0ECD911D20E732257F8A39BC5214B6" - "70" - "C8F1F836CD1D88E6421ABD3C47F16E37E07DCFE89FC11ECBED73896FC978B7E1519F59318F3E24BB5C8962B0EA44889C3A81021CC9E8EAA9" - "40" - "99B9305B0F7731C27CC528CFEE710066CB69229F8AA04DBD842FA8C3143CB0EF1164E45E34B114FBA610DBDFC7453DAD995743AD1489AA13" - "1D" - "0C730163ECA7317048C1AD1008ED31A32CB773D94B5317CAAF95674582DCA1AC9FEBE02079836B52E1E3C8D39571018A7657650D52D2DF33" - "63" - "F88A690628D64DCBECB88BBA432F27C32E7BC5BC0F1D16D0A027D1D40362F8CEDBE8BED05C2BCE96F33A75CD70014626B32E5EE81EBD3116" - "F6" - "F1E5231B020111"; -std::string publicKey_3 = - "30820120300D06092A864886F70D01010105000382010D00308201080282010100B4D984129ECC2F4350596DD602EB5337B78E33C4D945C7" - "0C" - "2CACFF6237037BEF897D6893079D1067F07FF023D66C77BB41F6D41215C9912D995215C6F7651F1728AAB65CF20CBE81E5E7F202E474AF53" - "5E" - "92BBC386A7A496263BC4189FD9DD5E801C3023038EFE5B5DE35AA3F70C10F87259D586C36D3DF524E9DA2140C481365985AD185E1CF3E78B" - "6B" - "82FDD274CCD1267838A0B91F9B48544AFB2C71B158A26E6154CECB43ECEE13FFBD6CA91D8D115B6B91C55F3A88E3F389E9A2AF4BC381D21F" - "9A" - "BF2EA16F58773514249B03A4775C6A10561AFC8CF54B551A43FD014F3C5FE12D96AC5F117645E26D125DC7430114FA60577BF7C9AA1224D1" - "90" - "B2D8A83B020111"; -std::string publicKey_4 = - "30820120300D06092A864886F70D01010105000382010D00308201080282010100B4D984129ECC2F4350596DD602EB5337B78E33C4D945C7" - "0C" - "2CACFF6237037BEF897D6893079D1067F07FF023D66C77BB41F6D41215C9912D995215C6F7651F1728AAB65CF20CBE81E5E7F202E474AF53" - "5E" - "92BBC386A7A496263BC4189FD9DD5E801C3023038EFE5B5DE35AA3F70C10F87259D586C36D3DF524E9DA2140C481365985AD185E1CF3E78B" - "6B" - "82FDD274CCD1267838A0B91F9B48544AFB2C71B158A26E6154CECB43ECEE13FFBD6CA91D8D115B6B91C55F3A88E3F389E9A2AF4BC381D21F" - "9A" - "BF2EA16F58773514249B03A4775C6A10561AFC8CF54B551A43FD014F3C5FE12D96AC5F117645E26D125DC7430114FA60577BF7C9AA1224D1" - "90" - "B2D8A83B020111"; -#elif USE_EDDSA_SINGLE_SIGN -const std::string privateKey_0 = "61498efe1764b89357a02e2887d224154006ceacf26269f8695a4af561453eef"; -const std::string privateKey_1 = "247a74ab3620ec6b9f5feab9ee1f86521da3fa2804ad45bb5bf2c5b21ef105bc"; -const std::string privateKey_2 = "fb539bc3d66deda55524d903da26dbec1f4b6abf41ec5db521e617c64eb2c341"; -const std::string privateKey_3 = "55ea66e855b83ec4a02bd8fcce6bb4426ad3db2a842fa2a2a6777f13e40a4717"; -const std::string privateKey_4 = "f2f3d43da68329bfe31419636072e27cfd1a8fff259be4bfada667080eb00556"; - -const std::string publicKey_0 = "386f4fb049a5d8bb0706d3793096c8f91842ce380dfc342a2001d50dfbc901f4"; -const std::string publicKey_1 = "3f9e7dbde90477c24c1bacf14e073a356c1eca482d352d9cc0b16560a4e7e469"; -const std::string publicKey_2 = "2311c6013ff657844669d8b803b2e1ed33fe06eed445f966a800a8fbb8d790e8"; -const std::string publicKey_3 = "1ba7449655784fc9ce193a7887de1e4d3d35f7c82b802440c4f28bf678a34b34"; -const std::string publicKey_4 = "c426c524c92ad9d0b740f68ee312abf0298051a7e0364a867b940e9693ae6095"; -#endif - +std::pair keyPair[noOfReplicas]; bftEngine::ReplicaConfig &replicaConfig = bftEngine::ReplicaConfig::instance(); std::map private_keys_of_replicas; + void setUpKeysConfiguration_4() { - replicaConfig.publicKeysOfReplicas.insert(std::pair(replica_0, publicKey_0)); - replicaConfig.publicKeysOfReplicas.insert(std::pair(replica_1, publicKey_1)); - replicaConfig.publicKeysOfReplicas.insert(std::pair(replica_2, publicKey_2)); - replicaConfig.publicKeysOfReplicas.insert(std::pair(replica_3, publicKey_3)); - private_keys_of_replicas[replica_0] = privateKey_0; - private_keys_of_replicas[replica_1] = privateKey_1; - private_keys_of_replicas[replica_2] = privateKey_2; - private_keys_of_replicas[replica_3] = privateKey_3; + for (auto i = 0; i < noOfReplicas; ++i) { + if (ReplicaConfig::instance().replicaMsgSigningAlgo == SIGN_VERIFY_ALGO::RSA) { + keyPair[i] = Crypto::instance().generateRsaKeyPair(RSA_SIGNATURE_LENGTH); + } else if (ReplicaConfig::instance().replicaMsgSigningAlgo == SIGN_VERIFY_ALGO::EDDSA) { + keyPair[i] = OpenSSLCryptoImpl::instance().generateEdDSAKeyPair(); + } + } + + replicaConfig.publicKeysOfReplicas.insert(std::pair(replica_0, keyPair[0].second)); + replicaConfig.publicKeysOfReplicas.insert(std::pair(replica_1, keyPair[1].second)); + replicaConfig.publicKeysOfReplicas.insert(std::pair(replica_2, keyPair[2].second)); + replicaConfig.publicKeysOfReplicas.insert(std::pair(replica_3, keyPair[3].second)); + private_keys_of_replicas[replica_0] = keyPair[0].first; + private_keys_of_replicas[replica_1] = keyPair[1].first; + private_keys_of_replicas[replica_2] = keyPair[2].first; + private_keys_of_replicas[replica_3] = keyPair[3].first; } class test_rocksdb : public ::testing::Test { @@ -709,7 +430,7 @@ TEST_F(test_rocksdb, sm_latest_prunable_request_correct_num_bocks_to_keep) { TestStorage storage(db); auto &blocks_deleter = storage; const auto verifier = PruningVerifier{replicaConfig.publicKeysOfReplicas}; - replicaConfig.replicaPrivateKey = privateKey_1; + replicaConfig.replicaPrivateKey = keyPair[1].first; InitBlockchainStorage(replica_count, storage); // Construct the pruning state machine with a nullptr TimeContract to verify @@ -730,7 +451,7 @@ TEST_F(test_rocksdb, sm_latest_prunable_request_big_num_blocks_to_keep) { replicaConfig.numBlocksToKeep_ = num_blocks_to_keep; replicaConfig.replicaId = 1; replicaConfig.pruningEnabled_ = true; - replicaConfig.replicaPrivateKey = privateKey_1; + replicaConfig.replicaPrivateKey = keyPair[1].first; TestStorage storage(db); auto &blocks_deleter = storage; const auto verifier = PruningVerifier{replicaConfig.publicKeysOfReplicas}; @@ -755,7 +476,7 @@ TEST_F(test_rocksdb, sm_latest_prunable_request_no_pruning_conf) { replicaConfig.numBlocksToKeep_ = num_blocks_to_keep; replicaConfig.replicaId = 1; replicaConfig.pruningEnabled_ = true; - replicaConfig.replicaPrivateKey = privateKey_1; + replicaConfig.replicaPrivateKey = keyPair[1].first; TestStorage storage(db); auto &blocks_deleter = storage; const auto verifier = PruningVerifier{replicaConfig.publicKeysOfReplicas}; @@ -782,7 +503,7 @@ TEST_F(test_rocksdb, sm_latest_prunable_request_pruning_disabled) { replicaConfig.numBlocksToKeep_ = num_blocks_to_keep; replicaConfig.replicaId = replica_idx; replicaConfig.pruningEnabled_ = false; - replicaConfig.replicaPrivateKey = privateKey_1; + replicaConfig.replicaPrivateKey = keyPair[1].first; auto storage = TestStorage(db); auto &blocks_deleter = storage; const auto verifier = PruningVerifier{replicaConfig.publicKeysOfReplicas}; @@ -806,7 +527,7 @@ TEST_F(test_rocksdb, sm_handle_prune_request_on_pruning_disabled) { replicaConfig.numBlocksToKeep_ = num_blocks_to_keep; replicaConfig.replicaId = replica_idx; replicaConfig.pruningEnabled_ = false; - replicaConfig.replicaPrivateKey = privateKey_1; + replicaConfig.replicaPrivateKey = keyPair[1].first; TestStorage storage(db); auto &blocks_deleter = storage; @@ -825,7 +546,7 @@ TEST_F(test_rocksdb, sm_handle_correct_prune_request) { replicaConfig.numBlocksToKeep_ = num_blocks_to_keep; replicaConfig.replicaId = replica_idx; replicaConfig.pruningEnabled_ = true; - replicaConfig.replicaPrivateKey = privateKey_1; + replicaConfig.replicaPrivateKey = keyPair[1].first; TestStorage storage(db); auto &blocks_deleter = storage; @@ -849,7 +570,7 @@ TEST_F(test_rocksdb, sm_handle_incorrect_prune_request) { replicaConfig.numBlocksToKeep_ = num_blocks_to_keep; replicaConfig.replicaId = replica_idx; replicaConfig.pruningEnabled_ = true; - replicaConfig.replicaPrivateKey = privateKey_1; + replicaConfig.replicaPrivateKey = keyPair[1].first; TestStorage storage(db); auto &blocks_deleter = storage; InitBlockchainStorage(replica_count, storage); diff --git a/scripts/linux/create_concord_clients_transaction_signing_keys.sh b/scripts/linux/create_concord_clients_transaction_signing_keys.sh index fb13da32c7..60c7c0b673 100755 --- a/scripts/linux/create_concord_clients_transaction_signing_keys.sh +++ b/scripts/linux/create_concord_clients_transaction_signing_keys.sh @@ -20,7 +20,7 @@ usage() { printf "\n-----\nhelp:\n-----\n" printf "%s\n\n" "-h --help, print this message" printf "%s\n\n" "-n --num_participants , mandatory" - printf "%s\n\n" "-a --algo_name, mandatory" + printf "%s\n\n" "-a --algo_name, optional, default: eddsa" printf "%s\n\n" "-r --private_key_name , optional, default: transaction_signing_priv.pem" printf "%s\n\n" "-u --public_key_name , optional, default: transaction_signing_pub.pem" printf "%s\n\n" "-d --output_folder , optional, default: transaction_signing_keys" diff --git a/secretsmanager/CMakeLists.txt b/secretsmanager/CMakeLists.txt index 74b7f103a5..b2120006ac 100644 --- a/secretsmanager/CMakeLists.txt +++ b/secretsmanager/CMakeLists.txt @@ -24,21 +24,11 @@ endif() target_link_libraries(secretsmanager PUBLIC util ${CRYPTOPP_LIBRARIES}) target_include_directories(secretsmanager PUBLIC include ${CRYPTOPP_INCLUDE_DIRS}) target_include_directories(secretsmanager PRIVATE src) +target_include_directories(secretsmanager PUBLIC ../bftengine/include/bftengine) target_link_libraries(secretsmanager_shared PUBLIC util_shared ${CRYPTOPP_LIBRARIES}) target_include_directories(secretsmanager_shared PUBLIC include ${CRYPTOPP_INCLUDE_DIRS}) - -if (USE_CRYPTOPP_RSA) - message(STATUS "Using Crypto++ RSA/ECDSA signature/verification") - target_compile_definitions(secretsmanager PUBLIC USE_CRYPTOPP_RSA) - target_compile_definitions(secretsmanager_shared PUBLIC USE_CRYPTOPP_RSA) -endif() - -if (USE_EDDSA_SINGLE_SIGN) - message(STATUS "Using OpenSSL EdDSA signature/verification") - target_compile_definitions(secretsmanager PUBLIC USE_EDDSA_SINGLE_SIGN) - target_compile_definitions(secretsmanager_shared PUBLIC USE_EDDSA_SINGLE_SIGN) -endif() +target_include_directories(secretsmanager_shared PUBLIC ../bftengine/include/bftengine) if (USE_JSON AND USE_HTTPLIB) add_subdirectory(secretretriever) diff --git a/secretsmanager/src/aes.cpp b/secretsmanager/src/aes.cpp index 58338da346..422c312b0a 100644 --- a/secretsmanager/src/aes.cpp +++ b/secretsmanager/src/aes.cpp @@ -16,95 +16,102 @@ #include "aes.h" #include "openssl_crypto.hpp" #include "assertUtils.hpp" +#include "ReplicaConfig.hpp" +#include #include namespace concord::secretsmanager { - using std::vector; using std::string; using std::unique_ptr; using concord::util::openssl_utils::OPENSSL_SUCCESS; using concord::util::openssl_utils::UniqueOpenSSLCipherContext; +using bftEngine::ReplicaConfig; +using concord::crypto::signature::SIGN_VERIFY_ALGO; AES_CBC::AES_CBC(const KeyParams& params) { -#ifdef USE_CRYPTOPP_RSA - ConcordAssertEQ(params.key.size(), 256 / 8); - aesEncryption = CryptoPP::AES::Encryption(params.key.data(), params.key.size()); - aesDecryption = CryptoPP::AES::Decryption(params.key.data(), params.key.size()); - enc = CryptoPP::CBC_Mode_ExternalCipher::Encryption(aesEncryption, params.iv.data()); - dec = CryptoPP::CBC_Mode_ExternalCipher::Decryption(aesDecryption, params.iv.data()); -#elif USE_EDDSA_SINGLE_SIGN - key = params.key; - iv = params.iv; -#endif -} - -vector AES_CBC::encrypt(const string& input) const { -#ifdef USE_CRYPTOPP_RSA - vector cipher; - CryptoPP::StringSource ss( - input, true, new CryptoPP::StreamTransformationFilter(enc, new CryptoPP::VectorSink(cipher))); - return cipher; -#elif USE_EDDSA_SINGLE_SIGN - if (input.empty()) { - return {}; + if (ReplicaConfig::instance().replicaMsgSigningAlgo == SIGN_VERIFY_ALGO::RSA) { + ConcordAssertEQ(params.key.size(), 256 / 8); + aesEncryption = CryptoPP::AES::Encryption(params.key.data(), params.key.size()); + aesDecryption = CryptoPP::AES::Decryption(params.key.data(), params.key.size()); + enc = CryptoPP::CBC_Mode_ExternalCipher::Encryption(aesEncryption, params.iv.data()); + dec = CryptoPP::CBC_Mode_ExternalCipher::Decryption(aesDecryption, params.iv.data()); + } else if (ReplicaConfig::instance().replicaMsgSigningAlgo == SIGN_VERIFY_ALGO::EDDSA) { + key = params.key; + iv = params.iv; } +} - unique_ptr ciphertext(new unsigned char[input.size() + AES_BLOCK_SIZE]); - unique_ptr plaintext(new unsigned char[input.size() + 1]); - - for (size_t i{0UL}; i < input.size(); ++i) { - plaintext.get()[i] = (unsigned char)input[i]; +vector AES_CBC::encrypt(const string& input) { + if (ReplicaConfig::instance().replicaMsgSigningAlgo == SIGN_VERIFY_ALGO::RSA) { + vector cipher; + CryptoPP::StringSource ss( + input, true, new CryptoPP::StreamTransformationFilter(enc, new CryptoPP::VectorSink(cipher))); + return cipher; + } else if (ReplicaConfig::instance().replicaMsgSigningAlgo == SIGN_VERIFY_ALGO::EDDSA) { + if (input.empty()) { + return {}; + } + + unique_ptr ciphertext(new unsigned char[input.size() + AES_BLOCK_SIZE]); + unique_ptr plaintext(new unsigned char[input.size() + 1]); + + for (size_t i{0UL}; i < input.size(); ++i) { + plaintext.get()[i] = (unsigned char)input[i]; + } + + UniqueOpenSSLCipherContext ctx(EVP_CIPHER_CTX_new()); + ConcordAssert(nullptr != ctx); + + int c_len{0}; + int f_len{0}; + + ConcordAssert(OPENSSL_SUCCESS == EVP_EncryptInit_ex(ctx.get(), EVP_aes_256_cbc(), nullptr, key.data(), iv.data())); + ConcordAssert(OPENSSL_SUCCESS == + EVP_EncryptUpdate(ctx.get(), ciphertext.get(), &c_len, plaintext.get(), input.size())); + ConcordAssert(OPENSSL_SUCCESS == EVP_EncryptFinal_ex(ctx.get(), ciphertext.get() + c_len, &f_len)); + + const int encryptedMsgLen = c_len + f_len; + vector cipher(encryptedMsgLen); + memcpy(&cipher[0], ciphertext.get(), encryptedMsgLen); + return cipher; } - - UniqueOpenSSLCipherContext ctx(EVP_CIPHER_CTX_new()); - ConcordAssert(nullptr != ctx); - - int c_len{0}; - int f_len{0}; - - ConcordAssert(OPENSSL_SUCCESS == EVP_EncryptInit_ex(ctx.get(), EVP_aes_256_cbc(), nullptr, key.data(), iv.data())); - ConcordAssert(OPENSSL_SUCCESS == - EVP_EncryptUpdate(ctx.get(), ciphertext.get(), &c_len, plaintext.get(), input.size())); - ConcordAssert(OPENSSL_SUCCESS == EVP_EncryptFinal_ex(ctx.get(), ciphertext.get() + c_len, &f_len)); - - const int encryptedMsgLen = c_len + f_len; - vector ciphertxt(encryptedMsgLen); - memcpy(&ciphertxt[0], ciphertext.get(), encryptedMsgLen); - return ciphertxt; -#endif + return {}; } -string AES_CBC::decrypt(const vector& cipher) const { -#ifdef USE_CRYPTOPP_RSA - string pt; - CryptoPP::VectorSource ss(cipher, true, new CryptoPP::StreamTransformationFilter(dec, new CryptoPP::StringSink(pt))); - return pt; -#elif USE_EDDSA_SINGLE_SIGN - if (cipher.capacity() == 0) { - return {}; +string AES_CBC::decrypt(const vector& cipher) { + if (ReplicaConfig::instance().replicaMsgSigningAlgo == SIGN_VERIFY_ALGO::RSA) { + string pt; + CryptoPP::VectorSource ss( + cipher, true, new CryptoPP::StreamTransformationFilter(dec, new CryptoPP::StringSink(pt))); + return pt; + } else if (ReplicaConfig::instance().replicaMsgSigningAlgo == SIGN_VERIFY_ALGO::EDDSA) { + if (cipher.capacity() == 0) { + return {}; + } + + const int cipherLength = cipher.capacity(); + int c_len{0}, f_len{0}; + + unique_ptr plaintext(new unsigned char[cipherLength]); + UniqueOpenSSLCipherContext ctx(EVP_CIPHER_CTX_new()); + ConcordAssert(nullptr != ctx); + + ConcordAssert(OPENSSL_SUCCESS == EVP_DecryptInit_ex(ctx.get(), EVP_aes_256_cbc(), nullptr, key.data(), iv.data())); + EVP_CIPHER_CTX_set_key_length(ctx.get(), EVP_MAX_KEY_LENGTH); + ConcordAssert( + OPENSSL_SUCCESS == + EVP_DecryptUpdate(ctx.get(), plaintext.get(), &c_len, (const unsigned char*)cipher.data(), cipherLength)); + ConcordAssert(OPENSSL_SUCCESS == EVP_DecryptFinal_ex(ctx.get(), plaintext.get() + c_len, &f_len)); + + const int plainMsgLen = c_len + f_len; + plaintext.get()[plainMsgLen] = 0; + + vector plaintxt(plainMsgLen); + memcpy(&plaintxt[0], plaintext.get(), plainMsgLen); + return string(plaintxt.begin(), plaintxt.end()); } - const int cipherLength = cipher.capacity(); - int c_len{0}, f_len{0}; - - unique_ptr plaintext(new unsigned char[cipherLength]); - UniqueOpenSSLCipherContext ctx(EVP_CIPHER_CTX_new()); - ConcordAssert(nullptr != ctx); - - ConcordAssert(OPENSSL_SUCCESS == EVP_DecryptInit_ex(ctx.get(), EVP_aes_256_cbc(), nullptr, key.data(), iv.data())); - EVP_CIPHER_CTX_set_key_length(ctx.get(), EVP_MAX_KEY_LENGTH); - ConcordAssert( - OPENSSL_SUCCESS == - EVP_DecryptUpdate(ctx.get(), plaintext.get(), &c_len, (const unsigned char*)cipher.data(), cipherLength)); - ConcordAssert(OPENSSL_SUCCESS == EVP_DecryptFinal_ex(ctx.get(), plaintext.get() + c_len, &f_len)); - - const int plainMsgLen = c_len + f_len; - plaintext.get()[plainMsgLen] = 0; - - vector plaintxt(plainMsgLen); - memcpy(&plaintxt[0], plaintext.get(), plainMsgLen); - return string(plaintxt.begin(), plaintxt.end()); -#endif + return {}; } } // namespace concord::secretsmanager diff --git a/secretsmanager/src/aes.h b/secretsmanager/src/aes.h index e826368bf1..9899d87e46 100644 --- a/secretsmanager/src/aes.h +++ b/secretsmanager/src/aes.h @@ -21,7 +21,6 @@ #include #include #include -#include #include "key_params.h" @@ -37,8 +36,8 @@ class AES_CBC { public: AES_CBC(const KeyParams& params); - std::vector encrypt(const std::string& input) const; - std::string decrypt(const std::vector& cipher) const; + std::vector encrypt(const std::string& input); + std::string decrypt(const std::vector& cipher); }; } // namespace concord::secretsmanager diff --git a/secretsmanager/src/base64.cpp b/secretsmanager/src/base64.cpp index 481bfe96e5..115e14d8c7 100644 --- a/secretsmanager/src/base64.cpp +++ b/secretsmanager/src/base64.cpp @@ -14,72 +14,76 @@ // This convenience header combines different block implementations. #include "base64.h" +#include "ReplicaConfig.hpp" #include #include namespace concord::secretsmanager { - using std::string; using std::vector; using std::string_view; +using bftEngine::ReplicaConfig; +using concord::crypto::signature::SIGN_VERIFY_ALGO; string base64Enc(const vector& msgBytes) { -#ifdef USE_CRYPTOPP_RSA - CryptoPP::Base64Encoder encoder; - encoder.Put(msgBytes.data(), msgBytes.size()); - encoder.MessageEnd(); - uint64_t output_size = encoder.MaxRetrievable(); - string output(output_size, '0'); - encoder.Get((unsigned char*)output.data(), output.size()); - - return output; -#elif USE_EDDSA_SINGLE_SIGN - if (msgBytes.capacity() == 0) { - return {}; + if (ReplicaConfig::instance().replicaMsgSigningAlgo == SIGN_VERIFY_ALGO::RSA) { + CryptoPP::Base64Encoder encoder; + encoder.Put(msgBytes.data(), msgBytes.size()); + encoder.MessageEnd(); + uint64_t output_size = encoder.MaxRetrievable(); + string output(output_size, '0'); + encoder.Get((unsigned char*)output.data(), output.size()); + + return output; + } else if (ReplicaConfig::instance().replicaMsgSigningAlgo == SIGN_VERIFY_ALGO::EDDSA) { + if (msgBytes.capacity() == 0) { + return {}; + } + BIO* b64 = BIO_new(BIO_f_base64()); + BIO* bio = BIO_new(BIO_s_mem()); + bio = BIO_push(b64, bio); + BIO_write(bio, msgBytes.data(), msgBytes.capacity()); + + BUF_MEM* bufferPtr{nullptr}; + BIO_get_mem_ptr(bio, &bufferPtr); + BIO_set_close(bio, BIO_NOCLOSE); + BIO_flush(bio); + BIO_free_all(bio); + + const auto msgLen = (*bufferPtr).length; + vector encodedMsg(msgLen); + memcpy(&encodedMsg[0], (*bufferPtr).data, msgLen); + BUF_MEM_free(bufferPtr); + return string(encodedMsg.begin(), encodedMsg.end()); } - BIO* b64 = BIO_new(BIO_f_base64()); - BIO* bio = BIO_new(BIO_s_mem()); - bio = BIO_push(b64, bio); - BIO_write(bio, msgBytes.data(), msgBytes.capacity()); - - BUF_MEM* bufferPtr{nullptr}; - BIO_get_mem_ptr(bio, &bufferPtr); - BIO_set_close(bio, BIO_NOCLOSE); - BIO_flush(bio); - BIO_free_all(bio); - - const auto msgLen = (*bufferPtr).length; - vector encodedMsg(msgLen); - memcpy(&encodedMsg[0], (*bufferPtr).data, msgLen); - BUF_MEM_free(bufferPtr); - return string(encodedMsg.begin(), encodedMsg.end()); -#endif + return {}; } vector base64Dec(const string& b64message) { -#ifdef USE_CRYPTOPP_RSA - vector dec; - CryptoPP::StringSource ss(b64message, true, new CryptoPP::Base64Decoder(new CryptoPP::VectorSink(dec))); - return dec; -#elif USE_EDDSA_SINGLE_SIGN - const string b64msg(stripPemHeaderFooter(b64message, "-----BEGIN PRIVATE KEY-----", "-----END PRIVATE KEY-----")); - - if (b64msg.empty()) { - return {}; + if (ReplicaConfig::instance().replicaMsgSigningAlgo == SIGN_VERIFY_ALGO::RSA) { + vector dec; + CryptoPP::StringSource ss(b64message, true, new CryptoPP::Base64Decoder(new CryptoPP::VectorSink(dec))); + return dec; + } else if (ReplicaConfig::instance().replicaMsgSigningAlgo == SIGN_VERIFY_ALGO::EDDSA) { + const string b64msg(stripPemHeaderFooter(b64message, "-----BEGIN PRIVATE KEY-----", "-----END PRIVATE KEY-----")); + + if (b64msg.empty()) { + return {}; + } + vector decodedOutput(calcDecodeLength(b64msg.data())); + + BIO* bio = BIO_new_mem_buf(b64msg.data(), -1); + BIO* b64 = BIO_new(BIO_f_base64()); + bio = BIO_push(b64, bio); + + const int outputLen = BIO_read(bio, decodedOutput.data(), b64msg.size()); + vector dec(outputLen); + memcpy(&dec[0], decodedOutput.data(), outputLen); + BIO_free_all(bio); + return dec; } - vector decodedOutput(calcDecodeLength(b64msg.data())); - - BIO* bio = BIO_new_mem_buf(b64msg.data(), -1); - BIO* b64 = BIO_new(BIO_f_base64()); - bio = BIO_push(b64, bio); - - const int outputLen = BIO_read(bio, decodedOutput.data(), b64msg.size()); - vector dec(outputLen); - memcpy(&dec[0], decodedOutput.data(), outputLen); - BIO_free_all(bio); - return dec; -#endif + return {}; } size_t calcDecodeLength(const char* b64message) { diff --git a/secretsmanager/src/key_params.cpp b/secretsmanager/src/key_params.cpp index e061f376c5..9f6ea306d3 100644 --- a/secretsmanager/src/key_params.cpp +++ b/secretsmanager/src/key_params.cpp @@ -1,23 +1,25 @@ #include "key_params.h" +#include "hex_tools.h" +#include "ReplicaConfig.hpp" + #include -#ifdef USE_CRYPTOPP_RSA +// CryptoPP headers. #include #include #include -#elif USE_EDDSA_SINGLE_SIGN -#include "hex_tools.h" -#endif namespace concord::secretsmanager { +using bftEngine::ReplicaConfig; +using concord::crypto::signature::SIGN_VERIFY_ALGO; KeyParams::KeyParams(const std::string& pkey, const std::string& piv) { -#ifdef USE_CRYPTOPP_RSA - CryptoPP::StringSource sskey(pkey, true, new CryptoPP::HexDecoder(new CryptoPP::VectorSink(key))); - CryptoPP::StringSource ssiv(piv, true, new CryptoPP::HexDecoder(new CryptoPP::VectorSink(iv))); -#elif USE_EDDSA_SINGLE_SIGN - key = concordUtils::unhex(pkey); - iv = concordUtils::unhex(piv); -#endif + if (ReplicaConfig::instance().replicaMsgSigningAlgo == SIGN_VERIFY_ALGO::RSA) { + CryptoPP::StringSource sskey(pkey, true, new CryptoPP::HexDecoder(new CryptoPP::VectorSink(key))); + CryptoPP::StringSource ssiv(piv, true, new CryptoPP::HexDecoder(new CryptoPP::VectorSink(iv))); + } else if (ReplicaConfig::instance().replicaMsgSigningAlgo == SIGN_VERIFY_ALGO::EDDSA) { + key = concordUtils::unhex(pkey); + iv = concordUtils::unhex(piv); + } } } // namespace concord::secretsmanager diff --git a/tools/CMakeLists.txt b/tools/CMakeLists.txt index ed0258754f..b666588304 100644 --- a/tools/CMakeLists.txt +++ b/tools/CMakeLists.txt @@ -59,22 +59,6 @@ if (BUILD_TESTING) .) endif() -if (USE_CRYPTOPP_RSA) - message(STATUS "Using Crypto++ RSA/ECDSA signature/verification") - target_compile_definitions(GenerateConcordKeys PUBLIC USE_CRYPTOPP_RSA) - if (BUILD_TESTING) - target_compile_definitions(TestGeneratedKeys PUBLIC USE_CRYPTOPP_RSA) - endif() -endif() - -if (USE_EDDSA_SINGLE_SIGN) - message(STATUS "Using OpenSSL EdDSA signature/verification") - target_compile_definitions(GenerateConcordKeys PUBLIC USE_EDDSA_SINGLE_SIGN) - if (BUILD_TESTING) - target_compile_definitions(TestGeneratedKeys PUBLIC USE_EDDSA_SINGLE_SIGN) - endif() -endif() - if (BUILD_ROCKSDB_STORAGE) add_executable(skvb_db_editor DBEditor.cpp ) target_include_directories(skvb_db_editor PUBLIC diff --git a/util/CMakeLists.txt b/util/CMakeLists.txt index ad0752df92..630acf747a 100644 --- a/util/CMakeLists.txt +++ b/util/CMakeLists.txt @@ -23,9 +23,9 @@ add_library(util_shared SHARED ${util_source_files}) # Use below macros to use CryptoPP's SHA_256 or OpenSSL's SHA_256 hashing. # USE_CRYPTOPP_SHA_256 -# USE_OPENSSL_SHA_256 -target_compile_definitions(util PUBLIC USE_OPENSSL_SHA3_256) -target_compile_definitions(util_shared PUBLIC USE_OPENSSL_SHA3_256) +# USE_OPENSSL_SHA3_256 +target_compile_definitions(util PUBLIC USE_OPENSSL_SHA_256) +target_compile_definitions(util_shared PUBLIC USE_OPENSSL_SHA_256) if(USE_OPENSSL) if(NOT BUILD_THIRDPARTY) @@ -50,13 +50,13 @@ target_link_libraries(util PUBLIC Threads::Threads ${CRYPTOPP_LIBRARIES} stdc++fs) # corebft -target_include_directories(util PUBLIC include ${CRYPTOPP_INCLUDE_DIRS}) +target_include_directories(util PUBLIC include ${CRYPTOPP_INCLUDE_DIRS} ../bftengine/include/bftengine) target_link_libraries(util_shared PUBLIC Threads::Threads ${CRYPTOPP_LIBRARIES} stdc++fs) # corebft -target_include_directories(util_shared PUBLIC include ${CRYPTOPP_INCLUDE_DIRS}) +target_include_directories(util_shared PUBLIC include ${CRYPTOPP_INCLUDE_DIRS} ../bftengine/include/bftengine) if(USE_OPENTRACING) if(NOT DEFINED OPENTRACING_INCLUDE_DIR) diff --git a/util/src/openssl_utils.cpp b/util/src/openssl_utils.cpp index 9bc85ab154..27089e4203 100644 --- a/util/src/openssl_utils.cpp +++ b/util/src/openssl_utils.cpp @@ -17,8 +17,8 @@ #include "hex_tools.h" #include "openssl_crypto.hpp" #include "crypto/eddsa/EdDSA.hpp" -#include "io.hpp" #include "util/filesystem.hpp" +#include "ReplicaConfig.hpp" #include #include @@ -28,6 +28,8 @@ using std::pair; using std::array; using std::string; using std::unique_ptr; +using bftEngine::ReplicaConfig; +using concord::crypto::signature::SIGN_VERIFY_ALGO; using concord::util::crypto::KeyFormat; using concord::util::openssl_utils::UniquePKEY; using concord::util::openssl_utils::UniqueOpenSSLPKEYContext; @@ -41,13 +43,13 @@ string CertificateUtils::generateSelfSignedCert(const string& origin_cert_path, const string& public_key, const string& signing_key) { unique_ptr fp(fopen(origin_cert_path.c_str(), "r"), fclose); - if (!fp) { + if (nullptr == fp) { LOG_ERROR(OPENSSL_LOG, "Certificate file not found, path: " << origin_cert_path); return string(); } UniqueOpenSSLX509 cert(PEM_read_X509(fp.get(), nullptr, nullptr, nullptr)); - if (!cert) { + if (nullptr == cert) { LOG_ERROR(OPENSSL_LOG, "Cannot parse certificate, path: " << origin_cert_path); return string(); } @@ -81,15 +83,16 @@ string CertificateUtils::generateSelfSignedCert(const string& origin_cert_path, return {}; } -#ifdef USE_CRYPTOPP_RSA - if (OPENSSL_FAILURE == X509_sign(cert.get(), priv_key.get(), EVP_sha256())) { - LOG_ERROR(OPENSSL_LOG, "Failed to sign certificate using private key."); - return {}; - } -#endif - if (OPENSSL_FAILURE == X509_sign(cert.get(), priv_key.get(), nullptr)) { - LOG_ERROR(OPENSSL_LOG, "Failed to sign certificate using private key."); - return {}; + if (ReplicaConfig::instance().replicaMsgSigningAlgo == SIGN_VERIFY_ALGO::RSA) { + if (OPENSSL_FAILURE == X509_sign(cert.get(), priv_key.get(), EVP_sha256())) { + LOG_ERROR(OPENSSL_LOG, "Failed to sign certificate using RSA private key."); + return {}; + } + } else if (ReplicaConfig::instance().replicaMsgSigningAlgo == SIGN_VERIFY_ALGO::EDDSA) { + if (OPENSSL_FAILURE == X509_sign(cert.get(), priv_key.get(), nullptr)) { + LOG_ERROR(OPENSSL_LOG, "Failed to sign certificate using EdDSA private key."); + return {}; + } } UniqueOpenSSLBIO outbio(BIO_new(BIO_s_mem())); @@ -115,7 +118,7 @@ bool CertificateUtils::verifyCertificate(X509& cert, const string& public_key) { if (BIO_write(pub_bio.get(), static_cast(public_key.c_str()), public_key.size()) <= 0) { return false; } - if (!PEM_read_bio_PUBKEY(pub_bio.get(), reinterpret_cast(&pub_key), nullptr, nullptr)) { + if (nullptr == PEM_read_bio_PUBKEY(pub_bio.get(), reinterpret_cast(&pub_key), nullptr, nullptr)) { return false; } return (OPENSSL_SUCCESS == X509_verify(&cert, pub_key.get())); @@ -172,13 +175,13 @@ bool CertificateUtils::verifyCertificate(const X509& cert_to_verify, : (fs::path(cert_root_directory) / std::to_string(remotePeerId) / fs::path(cert_type) / fs::path(cert_type + ".cert")); std::unique_ptr fp(fopen(local_cert_path.c_str(), "r"), fclose); - if (!fp) { + if (nullptr == fp) { LOG_ERROR(OPENSSL_LOG, "Certificate file not found, path: " << local_cert_path.string()); return false; } UniqueOpenSSLX509 localCert(PEM_read_X509(fp.get(), nullptr, nullptr, nullptr)); - if (!localCert) { + if (nullptr == localCert) { LOG_ERROR(OPENSSL_LOG, "Cannot parse certificate, path: " << local_cert_path.string()); return false; }