Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sign/verify implementations using OpenSSL library. #6

Open
wants to merge 59 commits into
base: crypto-decoupling-openssl-lib
Choose a base branch
from
Open

Sign/verify implementations using OpenSSL library. #6

wants to merge 59 commits into from

Conversation

pkthapa
Copy link
Collaborator

@pkthapa pkthapa commented May 19, 2022
edited
Loading

  • Problem Overview
    The cryptographic algorithm involved in sign/verify operations should be changed to using OpenSSL's EdDSA algorithm.
    i) Cryptopp RSA signing and verification are replaced by OpenSSL EdDSA signing and verification.
    ii) Encryption and decryption using AES-256 bit Cipher algorithm using CBC mode implemented using OpenSSL library.
    iii) Base64 encoding and decoding using OpenSSL library APIs.
    iv) Introduced USE_RELIC and USE_EDDSA_OPENSSL compilation macros for BLS multi-sig and EdDSA multi-sig implementation.
    v) Introduced replicaMsgSigningAlgo and operatorMsgSigningAlgo config flags to hop between RSA, ECDSA and EdDSA signing and verification.

  • Testing Done
    i) Gtest for EdDSA sign/verify, AES-CBC encrypt/decrypt, and Base64 encode/decode are working for OpenSSL library only. The same gtest cases for Cryptopp RSA sign/verify, AES-CBC-256 encrypt/decrypt, and base64 encoding/decoding are commented.
    ii) Apollo test cases for OpenSSL library.
    iii) Benchmark tool [picobench] added for comparing EdDSA signing/verification vs RSA signing/verification.
    iv) Added missed OpenSSL digest holder test cases.

@arc-vmware arc-vmware force-pushed the crypto-decoupling-openssl-lib branch 2 times, most recently from 7b02ba2 to 16c6c50 Compare May 25, 2022 07:34
@pkthapa pkthapa force-pushed the openssl-sign-verify branch 2 times, most recently from 06b3943 to 6bcf209 Compare June 10, 2022 15:54
@arc-vmware arc-vmware force-pushed the crypto-decoupling-openssl-lib branch from 2f9f332 to efd7b2a Compare June 13, 2022 03:45
@pkthapa pkthapa force-pushed the openssl-sign-verify branch 4 times, most recently from 8a43b8b to 4f9b348 Compare June 13, 2022 15:02
@pkthapa pkthapa force-pushed the openssl-sign-verify branch 2 times, most recently from 985f38e to 6dc4b49 Compare June 13, 2022 15:49
WildFireFlum
WildFireFlum reviewed Jun 13, 2022
View reviewed changes
bftengine/src/bcstatetransfer/AsyncStateTransferCRE.cpp Outdated Show resolved Hide resolved
bftengine/src/bftengine/KeyExchangeManager.cpp Outdated Show resolved Hide resolved
bftengine/src/bftengine/SigManager.cpp Outdated Show resolved Hide resolved
bftengine/src/preprocessor/tests/preprocessor_test.cpp Outdated Show resolved Hide resolved
bftengine/src/preprocessor/tests/preprocessor_test.cpp Outdated Show resolved Hide resolved
util/include/openssl_utils.hpp Outdated Show resolved Hide resolved
util/include/openssl_utils.hpp Outdated Show resolved Hide resolved
util/include/openssl_utils.hpp Outdated Show resolved Hide resolved
util/include/openssl_utils.hpp Outdated Show resolved Hide resolved
util/src/cryptopp_utils.cpp Outdated Show resolved Hide resolved
@pkthapa pkthapa force-pushed the openssl-sign-verify branch 6 times, most recently from 6c81258 to 9e6237f Compare June 16, 2022 18:31
nkumar04
nkumar04 reviewed Jun 21, 2022
View reviewed changes
secretsmanager/src/aes.h Outdated Show resolved Hide resolved
nkumar04
nkumar04 reviewed Jun 21, 2022
View reviewed changes
tools/KeyfileIOUtils.cpp Outdated
@@ -39,17 +39,27 @@ void outputReplicaKeyfile(uint16_t numReplicas,
<< "c_val: " << config.cVal << "\n"
<< "replica_id: " << config.replicaId << "\n"
<< "read-only: " << config.isReadOnly << "\n\n"
#ifdef USE_CRYPTOPP
<< "# RSA non-threshold replica public keys\n"
<< "rsa_public_keys:\n";
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Object store integrity checker code look for this "rsa_public_keys" . Please check if we need to make relevant changes there?

@pkthapa pkthapa force-pushed the openssl-sign-verify branch from c9f9870 to ab57a5a Compare June 23, 2022 14:59
@toly-kournik
Copy link

@pkthapa, we have already 274 comments in this PR and it's not converging.
There are 116 affected files, which makes it impossible to make a comprehensive review.
I propose to close it and open new ones per topic, starting from digests refactoring.

@pkthapa
Copy link
Collaborator Author

pkthapa commented Jul 27, 2022

@pkthapa, we have already 274 comments in this PR and it's not converging. There are 116 affected files, which makes it impossible to make a comprehensive review. I propose to close it and open new ones per topic, starting from digests refactoring.

@toly-kournik New PR created here: #12

@pkthapa pkthapa force-pushed the openssl-sign-verify branch 2 times, most recently from 6c91764 to 57c20fe Compare July 28, 2022 10:48
This commit contains:-
9cd5ab7 
i. Compilation macros (USE_CRYPTOPP_RSA and USE_EDDSA_SINGLE_SIGN) for RSA and EdDSA removed.
ii. The choice of signing algorithm is now based on the value set in 'replicaMsgSigningAlgo' and 'operatorMsgSigningAlgo' config variables.
@pkthapa pkthapa force-pushed the openssl-sign-verify branch from 57c20fe to 9cd5ab7 Compare July 28, 2022 10:57
@pkthapa
Copy link
Collaborator Author

pkthapa commented Jul 28, 2022

EdDSASigner

Namespace changed to concord::crypto::openssl for class EdDSASigner.

arc-vmware pushed a commit that referenced this pull request Aug 23, 2022
@evdzhurov
Merge pull request #6 from evdzhurov/utt-test-automation
97c6ef0 
Utt test automation
@arc-vmware arc-vmware force-pushed the crypto-decoupling-openssl-lib branch from 60f690d to f73a522 Compare August 25, 2022 07:04
@WildFireFlum WildFireFlum mentioned this pull request Sep 6, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nkumar04 nkumar04 nkumar04 left review comments

@toly-kournik toly-kournik toly-kournik left review comments

@WildFireFlum WildFireFlum WildFireFlum requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@pkthapa @toly-kournik @WildFireFlum @nkumar04 @arc-vmware