Skip to content

Commit

Permalink
Merge pull request #3 from lacchain/falcon_oqs_to_bouncycastle
Browse files Browse the repository at this point in the history 
Migrate from OpenQuantumSafe library to BouncyCastle v1.75
  • Loading branch information
@eum602
eum602 authored Jul 7, 2023
2 parents d170588 + c92e49f commit 4652400
Show file tree
Hide file tree
Showing 16 changed files with 125 additions and 135 deletions.
22 changes: 0 additions & 22 deletions .github/workflows/deploy.yml
View file

This file was deleted.

19 changes: 5 additions & 14 deletions build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,14 +116,6 @@ allprojects {
targetCompatibility = 17

repositories {
maven {
url 'https://maven.pkg.github.com/lacchain/liboqs-java'
content { includeGroupByRegex('org\\.openquantumsafe(\\..*)?') }
credentials {
username = project.findProperty("gpr.user") ?: System.getenv("USERNAME")
password = project.findProperty("gpr.key") ?: System.getenv("TOKEN")
}
}
maven {
url 'https://hyperledger.jfrog.io/hyperledger/besu-maven'
content { includeGroupByRegex('org\\.hyperledger\\..*') }
Expand Down Expand Up @@ -685,7 +677,6 @@ task distDocker {
dependsOn dockerDistUntar
inputs.dir("build/docker-besu/")
def dockerBuildDir = "build/docker-besu/"
def imageName = "ghcr.io/lacchain/besu"

doLast {
for (def jvmVariant in dockerVariants) {
Expand Down Expand Up @@ -730,8 +721,8 @@ task testDocker {
doLast {
for (def variant in dockerVariants) {
exec {
def image = project.hasProperty('release.releaseVersion') ? "ghcr.io/lacchain/besu:" + project.property('release.releaseVersion') : "ghcr.io/lacchain/besu:${project.version}"
workingDir "docker/${variant}"
def image = project.hasProperty('release.releaseVersion') ? "${dockerImageName}:" + project.property('release.releaseVersion') : "${dockerImageName}:${project.version}"
workingDir "${projectDir}/docker/${variant}"
executable "sh"
args "-c", "bash ../test.sh ${image}-${variant}"
}
Expand All @@ -740,9 +731,9 @@ task testDocker {
}

task dockerUpload {
def imageName = "ghcr.io/lacchain/besu"
def azureImageName = "hyperledger.azurecr.io/besu"
def image = "${imageName}:${dockerBuildVersion}"
dependsOn distDocker
def architecture = System.getenv('architecture')
def image = "${dockerImageName}:${dockerBuildVersion}"
def additionalTags = []

if (project.hasProperty('branch') && project.property('branch') == 'main') {
Expand Down
2 changes: 1 addition & 1 deletion crypto/algorithms/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ jar {
}

dependencies {
api 'org.bouncycastle:bcprov-jdk15on'
api 'org.bouncycastle:bcprov-jdk18on'
api 'org.slf4j:slf4j-api'

implementation 'net.java.dev.jna:jna'
Expand Down
64 changes: 0 additions & 64 deletions docker/openjdk-11/Dockerfile
View file

This file was deleted.

4 changes: 2 additions & 2 deletions enclave/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ dependencies {
implementation 'io.vertx:vertx-web'
implementation 'org.apache.tuweni:tuweni-net'

runtimeOnly('org.bouncycastle:bcpkix-jdk15on')
runtimeOnly('org.bouncycastle:bcpkix-jdk18on')

// test dependencies.
testImplementation project(':testutil')
Expand All @@ -20,7 +20,7 @@ dependencies {
// integration test dependencies.
integrationTestImplementation project(':testutil')
integrationTestImplementation 'org.assertj:assertj-core'
integrationTestImplementation 'org.bouncycastle:bcpkix-jdk15on'
integrationTestImplementation 'org.bouncycastle:bcpkix-jdk18on'
integrationTestImplementation 'org.awaitility:awaitility'
integrationTestImplementation 'org.junit.jupiter:junit-jupiter-api'
integrationTestImplementation 'org.mockito:mockito-core'
Expand Down
8 changes: 4 additions & 4 deletions ethereum/api/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,14 +69,14 @@ dependencies {
implementation 'org.apache.tuweni:tuweni-toml'
implementation 'org.apache.tuweni:tuweni-units'
implementation 'org.antlr:antlr4-runtime'
implementation 'org.bouncycastle:bcprov-jdk15on'
implementation 'org.bouncycastle:bcprov-jdk18on'
implementation 'org.springframework.security:spring-security-crypto'
implementation 'org.xerial.snappy:snappy-java'

annotationProcessor "org.immutables:value"
implementation "org.immutables:value-annotations"

runtimeOnly 'org.bouncycastle:bcpkix-jdk15on'
runtimeOnly 'org.bouncycastle:bcpkix-jdk18on'
runtimeOnly 'io.netty:netty-transport-native-epoll'
runtimeOnly 'io.netty:netty-transport-native-kqueue'

Expand Down Expand Up @@ -106,7 +106,7 @@ dependencies {

testRuntimeOnly 'org.junit.vintage:junit-vintage-engine'

testSupportImplementation 'org.bouncycastle:bcpkix-jdk15on'
testSupportImplementation 'org.bouncycastle:bcpkix-jdk18on'

integrationTestImplementation project(':config')
integrationTestImplementation project(path: ':config', configuration: 'testSupportArtifacts')
Expand All @@ -125,7 +125,7 @@ dependencies {

artifacts { testSupportArtifacts testSupportJar }

task generateTestBlockchain() {
tasks.register('generateTestBlockchain') {
def srcFiles = 'src/test/resources/org/hyperledger/besu/ethereum/api/jsonrpc/trace/chain-data'
def dataPath = "$buildDir/generated/data"
def blocksBin = "$buildDir/resources/test/org/hyperledger/besu/ethereum/api/jsonrpc/trace/chain-data/blocks.bin"
Expand Down
1 change: 0 additions & 1 deletion ethereum/core/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,6 @@ dependencies {
implementation 'org.apache.tuweni:tuweni-rlp'
implementation 'org.hyperledger.besu:bls12-381'
implementation 'org.immutables:value-annotations'
implementation 'org.openquantumsafe:liboqs-java'

implementation 'io.prometheus:simpleclient_guava'

Expand Down
6 changes: 3 additions & 3 deletions ethereum/evmtool/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,7 @@ tasks.register("dockerDistUntar") {
}
}

task distDocker(type: Exec) {
tasks.register('distDocker', Exec) {
dependsOn dockerDistUntar
def dockerBuildVersion = project.hasProperty('release.releaseVersion') ? project.property('release.releaseVersion') : "${rootProject.version}"
def dockerOrgName = project.hasProperty('dockerOrgName') ? project.getProperty("dockerOrgName") : "hyperledger"
Expand All @@ -123,9 +123,9 @@ task distDocker(type: Exec) {
args "-c", "docker build --build-arg BUILD_DATE=${buildTime()} --build-arg VERSION=${dockerBuildVersion} --build-arg VCS_REF=${getCheckedOutGitCommitHash()} -t ${image} ."
}

task dockerUpload(type: Exec) {
tasks.register('dockerUpload', Exec) {
dependsOn distDocker
def dockerBuildVersion = project.hasProperty('release.releaseVersion') ? project.property('release.releaseVersion') : "${rootProject.version}"
String dockerBuildVersion = project.hasProperty('release.releaseVersion') ? project.property('release.releaseVersion') : "${rootProject.version}"
def dockerOrgName = project.hasProperty('dockerOrgName') ? project.getProperty("dockerOrgName") : "hyperledger"
def dockerArtifactName = project.hasProperty("dockerArtifactName") ? project.getProperty("dockerArtifactName") : "besu-evmtool"
def imageName = "${dockerOrgName}/${dockerArtifactName}"
Expand Down
2 changes: 1 addition & 1 deletion ethereum/trie/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ dependencies {
implementation 'com.google.guava:guava'
implementation 'io.opentelemetry:opentelemetry-api'
implementation 'org.apache.tuweni:tuweni-bytes'
implementation 'org.bouncycastle:bcprov-jdk15on'
implementation 'org.bouncycastle:bcprov-jdk18on'

annotationProcessor 'org.immutables:value'

Expand Down
2 changes: 1 addition & 1 deletion ethereum/verkletrie/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ dependencies {
implementation 'io.opentelemetry:opentelemetry-api'
implementation 'org.apache.tuweni:tuweni-bytes'
implementation 'org.apache.tuweni:tuweni-units'
implementation 'org.bouncycastle:bcprov-jdk15on'
implementation 'org.bouncycastle:bcprov-jdk18on'
implementation 'org.hyperledger.besu:ipa-multipoint'

annotationProcessor "org.immutables:value"
Expand Down
1 change: 0 additions & 1 deletion evm/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,6 @@ dependencies {
implementation 'com.github.ben-manes.caffeine:caffeine'
implementation 'com.google.guava:guava'
implementation 'net.java.dev.jna:jna'
implementation 'org.openquantumsafe:liboqs-java'
implementation 'org.apache.tuweni:tuweni-bytes'
implementation 'org.apache.tuweni:tuweni-units'
implementation 'org.hyperledger.besu:arithmetic'
Expand Down
36 changes: 21 additions & 15 deletions evm/src/main/java/org/hyperledger/besu/evm/precompile/FalconPrecompiledContract.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,38 +20,39 @@
import org.hyperledger.besu.evm.frame.MessageFrame;
import org.hyperledger.besu.evm.gascalculator.GasCalculator;

import javax.annotation.Nonnull;

import org.apache.tuweni.bytes.Bytes;
import org.apache.tuweni.bytes.Bytes32;
import org.openquantumsafe.Signature;
import org.bouncycastle.pqc.crypto.falcon.FalconParameters;
import org.bouncycastle.pqc.crypto.falcon.FalconPublicKeyParameters;
import org.bouncycastle.pqc.crypto.falcon.FalconSigner;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
* note: Liboqs - random number generation defaults to /dev/urandom a better form is to use the
* OQS_RAND_agl_openssl "OpenSSL" random number algorithm, then set the environment default engine
* to IBRand for quantum entropy
*/
public class FalconPrecompiledContract extends AbstractPrecompiledContract {

private static final Logger LOG = LoggerFactory.getLogger(AbstractBLS12PrecompiledContract.class);

private static final Bytes METHOD_ABI =
Hash.keccak256(Bytes.of("verify(bytes,bytes,bytes)".getBytes(UTF_8))).slice(0, 4);
// taken from liboqs C sig.h header, OQS_SIG_alg_falcon_512
private static final String SIGNATURE_ALGORITHM = "Falcon-512";

private final FalconSigner falconSigner = new FalconSigner();

public FalconPrecompiledContract(final GasCalculator gasCalculator) {
super("Falcon", gasCalculator);
}

@Override
public long gasRequirement(final Bytes input) {
long value = gasCalculator().sha256PrecompiledContractGasCost(input);
return value;
return gasCalculator().sha256PrecompiledContractGasCost(input);
}

@Nonnull
@Override
public Bytes compute(final Bytes methodInput, final MessageFrame messageFrame) {
public PrecompileContractResult computePrecompile(
final Bytes methodInput, @Nonnull final MessageFrame messageFrame) {
Bytes methodAbi = methodInput.slice(0, METHOD_ABI.size());
if (!methodAbi.xor(METHOD_ABI).isZero()) {
throw new IllegalArgumentException("Unexpected method ABI: " + methodAbi.toHexString());
Expand All @@ -66,7 +67,10 @@ public Bytes compute(final Bytes methodInput, final MessageFrame messageFrame) {
int dataLength = input.slice(dataOffset, 32).trimLeadingZeros().toInt();

Bytes signatureSlice = input.slice(signatureOffset + 32, signatureLength);
Bytes pubKeySlice = input.slice(pubKeyOffset + 32, pubKeyLength);
Bytes pubKeySlice =
input.slice(
pubKeyOffset + 32 + 1,
pubKeyLength - 1); // BouncyCastle omits the first byte since it is always zero
Bytes dataSlice = input.slice(dataOffset + 32, dataLength);

if (LOG.isTraceEnabled()) {
Expand All @@ -77,16 +81,18 @@ public Bytes compute(final Bytes methodInput, final MessageFrame messageFrame) {
pubKeySlice.toHexString(),
dataSlice.toHexString());
}
Signature verifier = new Signature(SIGNATURE_ALGORITHM);
FalconPublicKeyParameters falconPublicKeyParameters =
new FalconPublicKeyParameters(FalconParameters.falcon_512, pubKeySlice.toArray());
falconSigner.init(false, falconPublicKeyParameters);
final boolean verifies =
verifier.verify(dataSlice.toArray(), signatureSlice.toArray(), pubKeySlice.toArray());
falconSigner.verifySignature(dataSlice.toArray(), signatureSlice.toArray());

if (verifies) {
LOG.debug("Signature is VALID");
return Bytes32.leftPad(Bytes.of(0));
return PrecompileContractResult.success(Bytes32.leftPad(Bytes.of(0)));
} else {
LOG.debug("Signature is INVALID");
return Bytes32.leftPad(Bytes.of(1));
return PrecompileContractResult.success(Bytes32.leftPad(Bytes.of(1)));
}
}
}
Loading

0 comments on commit 4652400

Please sign in to comment.