Sign/verify implementations using OpenSSL library. by pkthapa · Pull Request #6 · arc-vmware/concord-bft

pkthapa · 2022-05-19T11:35:40Z

Problem Overview
The cryptographic algorithm involved in sign/verify operations should be changed to using OpenSSL's EdDSA algorithm.
i) Cryptopp RSA signing and verification are replaced by OpenSSL EdDSA signing and verification.
ii) Encryption and decryption using AES-256 bit Cipher algorithm using CBC mode implemented using OpenSSL library.
iii) Base64 encoding and decoding using OpenSSL library APIs.
iv) Introduced USE_RELIC and USE_EDDSA_OPENSSL compilation macros for BLS multi-sig and EdDSA multi-sig implementation.
v) Introduced replicaMsgSigningAlgo and operatorMsgSigningAlgo config flags to hop between RSA, ECDSA and EdDSA signing and verification.
Testing Done
i) Gtest for EdDSA sign/verify, AES-CBC encrypt/decrypt, and Base64 encode/decode are working for OpenSSL library only. The same gtest cases for Cryptopp RSA sign/verify, AES-CBC-256 encrypt/decrypt, and base64 encoding/decoding are commented.
ii) Apollo test cases for OpenSSL library.
iii) Benchmark tool [picobench] added for comparing EdDSA signing/verification vs RSA signing/verification.
iv) Added missed OpenSSL digest holder test cases.

nkumar04 · 2022-06-21T10:55:05Z

         << "read-only: " << config.isReadOnly << "\n\n"
+#ifdef USE_CRYPTOPP
         << "# RSA non-threshold replica public keys\n"
         << "rsa_public_keys:\n";


Object store integrity checker code look for this "rsa_public_keys" . Please check if we need to make relevant changes there?

toly-kournik · 2022-07-26T08:47:40Z

@pkthapa, we have already 274 comments in this PR and it's not converging.
There are 116 affected files, which makes it impossible to make a comprehensive review.
I propose to close it and open new ones per topic, starting from digests refactoring.

pkthapa · 2022-07-27T04:51:25Z

@pkthapa, we have already 274 comments in this PR and it's not converging. There are 116 affected files, which makes it impossible to make a comprehensive review. I propose to close it and open new ones per topic, starting from digests refactoring.

@toly-kournik New PR created here: #12

i. Compilation macros (USE_CRYPTOPP_RSA and USE_EDDSA_SINGLE_SIGN) for RSA and EdDSA removed. ii. The choice of signing algorithm is now based on the value set in 'replicaMsgSigningAlgo' and 'operatorMsgSigningAlgo' config variables.

pkthapa · 2022-07-28T11:13:52Z

EdDSASigner

Namespace changed to concord::crypto::openssl for class EdDSASigner.

Utt test automation

arc-vmware force-pushed the crypto-decoupling-openssl-lib branch 2 times, most recently from 7b02ba2 to 16c6c50 Compare May 25, 2022 07:34

pkthapa force-pushed the openssl-sign-verify branch 2 times, most recently from 06b3943 to 6bcf209 Compare June 10, 2022 15:54

arc-vmware force-pushed the crypto-decoupling-openssl-lib branch from 2f9f332 to efd7b2a Compare June 13, 2022 03:45

pkthapa force-pushed the openssl-sign-verify branch 4 times, most recently from 8a43b8b to 4f9b348 Compare June 13, 2022 15:02

WildFireFlum reviewed Jun 13, 2022

View reviewed changes

Comment thread bftengine/include/bcstatetransfer/SimpleBCStateTransfer.hpp Outdated

pkthapa force-pushed the openssl-sign-verify branch 2 times, most recently from 985f38e to 6dc4b49 Compare June 13, 2022 15:49

WildFireFlum reviewed Jun 13, 2022

View reviewed changes

pkthapa force-pushed the openssl-sign-verify branch 6 times, most recently from 6c81258 to 9e6237f Compare June 16, 2022 18:31

nkumar04 reviewed Jun 17, 2022

View reviewed changes

Comment thread util/include/crypto_utils.hpp Outdated

nkumar04 reviewed Jun 17, 2022

View reviewed changes

Comment thread bftengine/src/bftengine/KeyExchangeManager.cpp Outdated

nkumar04 reviewed Jun 17, 2022

View reviewed changes

Comment thread bftengine/src/bftengine/SigManager.hpp Outdated

nkumar04 reviewed Jun 21, 2022

View reviewed changes

Comment thread client/reconfiguration/src/default_handlers.cpp

nkumar04 reviewed Jun 21, 2022

View reviewed changes

Comment thread secretsmanager/src/aes.cpp Outdated

nkumar04 reviewed Jun 21, 2022

View reviewed changes

Comment thread secretsmanager/src/aes.h Outdated

nkumar04 reviewed Jun 21, 2022

View reviewed changes

pkthapa force-pushed the openssl-sign-verify branch from c9f9870 to ab57a5a Compare June 23, 2022 14:59

toly-kournik reviewed Jun 27, 2022

View reviewed changes

Comment thread bftengine/include/bcstatetransfer/SimpleBCStateTransfer.hpp Outdated

toly-kournik reviewed Jun 27, 2022

View reviewed changes

Comment thread util/include/digest.hpp

toly-kournik reviewed Jun 27, 2022

View reviewed changes

Comment thread bftengine/src/bftengine/KeyExchangeManager.cpp