lacchain · eum602 · Jul 7, 2023 · Jul 5, 2023 · Jul 7, 2023
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
diff --git a/build.gradle b/build.gradle
@@ -116,14 +116,6 @@ allprojects {
  targetCompatibility = 17
 
  repositories {
- maven {
- url 'https://maven.pkg.github.com/lacchain/liboqs-java'
- content { includeGroupByRegex('org\\.openquantumsafe(\\..*)?') }
- credentials {
- username = project.findProperty("gpr.user") ?: System.getenv("USERNAME")
- password = project.findProperty("gpr.key") ?: System.getenv("TOKEN")
- }
- }
  maven {
  url 'https://hyperledger.jfrog.io/hyperledger/besu-maven'
  content { includeGroupByRegex('org\\.hyperledger\\..*') }
@@ -685,7 +677,6 @@ task distDocker {
  dependsOn dockerDistUntar
  inputs.dir("build/docker-besu/")
  def dockerBuildDir = "build/docker-besu/"
- def imageName = "ghcr.io/lacchain/besu"
 
  doLast {
  for (def jvmVariant in dockerVariants) {
@@ -730,8 +721,8 @@ task testDocker {
  doLast {
  for (def variant in dockerVariants) {
  exec {
- def image = project.hasProperty('release.releaseVersion') ? "ghcr.io/lacchain/besu:" + project.property('release.releaseVersion') : "ghcr.io/lacchain/besu:${project.version}"
- workingDir "docker/${variant}"
+ def image = project.hasProperty('release.releaseVersion') ? "${dockerImageName}:" + project.property('release.releaseVersion') : "${dockerImageName}:${project.version}"
+ workingDir "${projectDir}/docker/${variant}"
  executable "sh"
  args "-c", "bash ../test.sh ${image}-${variant}"
  }
@@ -740,9 +731,9 @@ task testDocker {
 }
 
 task dockerUpload {
- def imageName = "ghcr.io/lacchain/besu"
- def azureImageName = "hyperledger.azurecr.io/besu"
- def image = "${imageName}:${dockerBuildVersion}"
+ dependsOn distDocker
+ def architecture = System.getenv('architecture')
+ def image = "${dockerImageName}:${dockerBuildVersion}"
  def additionalTags = []
 
  if (project.hasProperty('branch') && project.property('branch') == 'main') {

diff --git a/crypto/algorithms/build.gradle b/crypto/algorithms/build.gradle
@@ -29,7 +29,7 @@ jar {
 }
 
 dependencies {
- api 'org.bouncycastle:bcprov-jdk15on'
+ api 'org.bouncycastle:bcprov-jdk18on'
  api 'org.slf4j:slf4j-api'
 
  implementation 'net.java.dev.jna:jna'

diff --git a/docker/openjdk-11/Dockerfile b/docker/openjdk-11/Dockerfile
diff --git a/enclave/build.gradle b/enclave/build.gradle
@@ -9,7 +9,7 @@ dependencies {
  implementation 'io.vertx:vertx-web'
  implementation 'org.apache.tuweni:tuweni-net'
 
- runtimeOnly('org.bouncycastle:bcpkix-jdk15on')
+ runtimeOnly('org.bouncycastle:bcpkix-jdk18on')
 
  // test dependencies.
  testImplementation project(':testutil')
@@ -20,7 +20,7 @@ dependencies {
  // integration test dependencies.
  integrationTestImplementation project(':testutil')
  integrationTestImplementation 'org.assertj:assertj-core'
- integrationTestImplementation 'org.bouncycastle:bcpkix-jdk15on'
+ integrationTestImplementation 'org.bouncycastle:bcpkix-jdk18on'
  integrationTestImplementation 'org.awaitility:awaitility'
  integrationTestImplementation 'org.junit.jupiter:junit-jupiter-api'
  integrationTestImplementation 'org.mockito:mockito-core'

diff --git a/ethereum/api/build.gradle b/ethereum/api/build.gradle
@@ -69,14 +69,14 @@ dependencies {
  implementation 'org.apache.tuweni:tuweni-toml'
  implementation 'org.apache.tuweni:tuweni-units'
  implementation 'org.antlr:antlr4-runtime'
- implementation 'org.bouncycastle:bcprov-jdk15on'
+ implementation 'org.bouncycastle:bcprov-jdk18on'
  implementation 'org.springframework.security:spring-security-crypto'
  implementation 'org.xerial.snappy:snappy-java'
 
  annotationProcessor "org.immutables:value"
  implementation "org.immutables:value-annotations"
 
- runtimeOnly 'org.bouncycastle:bcpkix-jdk15on'
+ runtimeOnly 'org.bouncycastle:bcpkix-jdk18on'
  runtimeOnly 'io.netty:netty-transport-native-epoll'
  runtimeOnly 'io.netty:netty-transport-native-kqueue'
 
@@ -106,7 +106,7 @@ dependencies {
 
  testRuntimeOnly 'org.junit.vintage:junit-vintage-engine'
 
- testSupportImplementation 'org.bouncycastle:bcpkix-jdk15on'
+ testSupportImplementation 'org.bouncycastle:bcpkix-jdk18on'
 
  integrationTestImplementation project(':config')
  integrationTestImplementation project(path: ':config', configuration: 'testSupportArtifacts')
@@ -125,7 +125,7 @@ dependencies {
 
 artifacts { testSupportArtifacts testSupportJar }
 
-task generateTestBlockchain() {
+tasks.register('generateTestBlockchain') {
  def srcFiles = 'src/test/resources/org/hyperledger/besu/ethereum/api/jsonrpc/trace/chain-data'
  def dataPath = "$buildDir/generated/data"
  def blocksBin = "$buildDir/resources/test/org/hyperledger/besu/ethereum/api/jsonrpc/trace/chain-data/blocks.bin"

diff --git a/ethereum/core/build.gradle b/ethereum/core/build.gradle
@@ -60,7 +60,6 @@ dependencies {
  implementation 'org.apache.tuweni:tuweni-rlp'
  implementation 'org.hyperledger.besu:bls12-381'
  implementation 'org.immutables:value-annotations'
- implementation 'org.openquantumsafe:liboqs-java'
 
  implementation 'io.prometheus:simpleclient_guava'
 

diff --git a/ethereum/evmtool/build.gradle b/ethereum/evmtool/build.gradle
@@ -101,7 +101,7 @@ tasks.register("dockerDistUntar") {
  }
 }
 
-task distDocker(type: Exec) {
+tasks.register('distDocker', Exec) {
  dependsOn dockerDistUntar
  def dockerBuildVersion = project.hasProperty('release.releaseVersion') ? project.property('release.releaseVersion') : "${rootProject.version}"
  def dockerOrgName = project.hasProperty('dockerOrgName') ? project.getProperty("dockerOrgName") : "hyperledger"
@@ -123,9 +123,9 @@ task distDocker(type: Exec) {
  args "-c", "docker build --build-arg BUILD_DATE=${buildTime()} --build-arg VERSION=${dockerBuildVersion} --build-arg VCS_REF=${getCheckedOutGitCommitHash()} -t ${image} ."
 }
 
-task dockerUpload(type: Exec) {
+tasks.register('dockerUpload', Exec) {
  dependsOn distDocker
- def dockerBuildVersion = project.hasProperty('release.releaseVersion') ? project.property('release.releaseVersion') : "${rootProject.version}"
+ String dockerBuildVersion = project.hasProperty('release.releaseVersion') ? project.property('release.releaseVersion') : "${rootProject.version}"
  def dockerOrgName = project.hasProperty('dockerOrgName') ? project.getProperty("dockerOrgName") : "hyperledger"
  def dockerArtifactName = project.hasProperty("dockerArtifactName") ? project.getProperty("dockerArtifactName") : "besu-evmtool"
  def imageName = "${dockerOrgName}/${dockerArtifactName}"

diff --git a/ethereum/trie/build.gradle b/ethereum/trie/build.gradle
@@ -37,7 +37,7 @@ dependencies {
  implementation 'com.google.guava:guava'
  implementation 'io.opentelemetry:opentelemetry-api'
  implementation 'org.apache.tuweni:tuweni-bytes'
- implementation 'org.bouncycastle:bcprov-jdk15on'
+ implementation 'org.bouncycastle:bcprov-jdk18on'
 
  annotationProcessor 'org.immutables:value'
 

diff --git a/ethereum/verkletrie/build.gradle b/ethereum/verkletrie/build.gradle
@@ -37,7 +37,7 @@ dependencies {
  implementation 'io.opentelemetry:opentelemetry-api'
  implementation 'org.apache.tuweni:tuweni-bytes'
  implementation 'org.apache.tuweni:tuweni-units'
- implementation 'org.bouncycastle:bcprov-jdk15on'
+ implementation 'org.bouncycastle:bcprov-jdk18on'
  implementation 'org.hyperledger.besu:ipa-multipoint'
 
  annotationProcessor "org.immutables:value"

diff --git a/evm/build.gradle b/evm/build.gradle
@@ -40,7 +40,6 @@ dependencies {
  implementation 'com.github.ben-manes.caffeine:caffeine'
  implementation 'com.google.guava:guava'
  implementation 'net.java.dev.jna:jna'
- implementation 'org.openquantumsafe:liboqs-java'
  implementation 'org.apache.tuweni:tuweni-bytes'
  implementation 'org.apache.tuweni:tuweni-units'
  implementation 'org.hyperledger.besu:arithmetic'

diff --git a/evm/src/main/java/org/hyperledger/besu/evm/precompile/FalconPrecompiledContract.java b/evm/src/main/java/org/hyperledger/besu/evm/precompile/FalconPrecompiledContract.java
@@ -20,38 +20,39 @@
 import org.hyperledger.besu.evm.frame.MessageFrame;
 import org.hyperledger.besu.evm.gascalculator.GasCalculator;
 
+import javax.annotation.Nonnull;
+
 import org.apache.tuweni.bytes.Bytes;
 import org.apache.tuweni.bytes.Bytes32;
-import org.openquantumsafe.Signature;
+import org.bouncycastle.pqc.crypto.falcon.FalconParameters;
+import org.bouncycastle.pqc.crypto.falcon.FalconPublicKeyParameters;
+import org.bouncycastle.pqc.crypto.falcon.FalconSigner;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-/**
- * note: Liboqs - random number generation defaults to /dev/urandom a better form is to use the
- * OQS_RAND_agl_openssl "OpenSSL" random number algorithm, then set the environment default engine
- * to IBRand for quantum entropy
- */
 public class FalconPrecompiledContract extends AbstractPrecompiledContract {
 
  private static final Logger LOG = LoggerFactory.getLogger(AbstractBLS12PrecompiledContract.class);
 
  private static final Bytes METHOD_ABI =
  Hash.keccak256(Bytes.of("verify(bytes,bytes,bytes)".getBytes(UTF_8))).slice(0, 4);
- // taken from liboqs C sig.h header, OQS_SIG_alg_falcon_512
  private static final String SIGNATURE_ALGORITHM = "Falcon-512";
 
+ private final FalconSigner falconSigner = new FalconSigner();
+
  public FalconPrecompiledContract(final GasCalculator gasCalculator) {
  super("Falcon", gasCalculator);
  }
 
  @Override
  public long gasRequirement(final Bytes input) {
- long value = gasCalculator().sha256PrecompiledContractGasCost(input);
- return value;
+ return gasCalculator().sha256PrecompiledContractGasCost(input);
  }
 
+ @Nonnull
  @Override
- public Bytes compute(final Bytes methodInput, final MessageFrame messageFrame) {
+ public PrecompileContractResult computePrecompile(
+ final Bytes methodInput, @Nonnull final MessageFrame messageFrame) {
  Bytes methodAbi = methodInput.slice(0, METHOD_ABI.size());
  if (!methodAbi.xor(METHOD_ABI).isZero()) {
  throw new IllegalArgumentException("Unexpected method ABI: " + methodAbi.toHexString());
@@ -66,7 +67,10 @@ public Bytes compute(final Bytes methodInput, final MessageFrame messageFrame) {
  int dataLength = input.slice(dataOffset, 32).trimLeadingZeros().toInt();
 
  Bytes signatureSlice = input.slice(signatureOffset + 32, signatureLength);
- Bytes pubKeySlice = input.slice(pubKeyOffset + 32, pubKeyLength);
+ Bytes pubKeySlice =
+ input.slice(
+ pubKeyOffset + 32 + 1,
+ pubKeyLength - 1); // BouncyCastle omits the first byte since it is always zero
  Bytes dataSlice = input.slice(dataOffset + 32, dataLength);
 
  if (LOG.isTraceEnabled()) {
@@ -77,16 +81,18 @@ public Bytes compute(final Bytes methodInput, final MessageFrame messageFrame) {
  pubKeySlice.toHexString(),
  dataSlice.toHexString());
  }
- Signature verifier = new Signature(SIGNATURE_ALGORITHM);
+ FalconPublicKeyParameters falconPublicKeyParameters =
+ new FalconPublicKeyParameters(FalconParameters.falcon_512, pubKeySlice.toArray());
+ falconSigner.init(false, falconPublicKeyParameters);
  final boolean verifies =
- verifier.verify(dataSlice.toArray(), signatureSlice.toArray(), pubKeySlice.toArray());
+ falconSigner.verifySignature(dataSlice.toArray(), signatureSlice.toArray());
 
  if (verifies) {
  LOG.debug("Signature is VALID");
- return Bytes32.leftPad(Bytes.of(0));
+ return PrecompileContractResult.success(Bytes32.leftPad(Bytes.of(0)));
  } else {
  LOG.debug("Signature is INVALID");
- return Bytes32.leftPad(Bytes.of(1));
+ return PrecompileContractResult.success(Bytes32.leftPad(Bytes.of(1)));
  }
  }
 }