-
Notifications
You must be signed in to change notification settings - Fork 8.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ed25519 support #3343
base: main
Are you sure you want to change the base?
Add ed25519 support #3343
Commits on May 28, 2024
-
Due to some considering NIST curves insecure and Golang having ed25519 native support, there was not a reason for not implementing in Fabric. Tests cases for ed25519 were also added. Since ed25519 key derivation is not called by any function, I left as a TODO. As I am working on ed25519 support for node fabric-gateway, I needed to add ed25519 support for cryptogen also, aiming to pass tests with certificates containing ed25519 keys. Since the node fabric-gateway tests generate their crypto material with cryptogen, I adapted cryptogen to support ed25519 keys. Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 8d22eba - Browse repository at this point
Copy the full SHA 8d22ebaView commit details -
Add initial integration tests for ed25519
Based on the raft integration test, they are mainly the same tests, but executed in a network created with ed25519 crypto material. Note that in this commit we did not added the ed25519 integration test network creation, implemented in the "integration/nwo" folder. The present commit only add the tests. Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for e1c2f94 - Browse repository at this point
Copy the full SHA e1c2f94View commit details -
Add ed25519 channel and msp capabilities
This commit has the changes in the channel capabilities, introducing channel capabilities version V2_0, which invokes a new msp version "MSPv_1_4_4". This is the only msp version which accepts ed25519 identities. This ensures that, during the upgrade process to support ed25519, the blockchain will not become inconsistent. Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 46598c2 - Browse repository at this point
Copy the full SHA 46598c2View commit details -
Enhance capabilities and add ed25519 integration tests
This commit will be forcibly squashed afterwards, but it is intended to save partially capabilities enhancements and ed25519 integration tests. About Channel capabilities, I renamed the Channel capabilities that support ed25519 from v2_1 to v2_4. Likewise, the MSP version was also renamed to MSPv2_4. Integration tests and the needed modifications were also added, to ensure proper behavior of the Channel v2_4 capabilities. The test's main goal was to prove that a peer without ed25519 support will stop validating blocks for the a channel with v2_4 capabilities. Cryptogen flag "--keyalg" was removed from my previous commit to keep it simple. I also added a field on the parsed crypto- config.yaml to generate ed25519 keys. Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 97d19b4 - Browse repository at this point
Copy the full SHA 97d19b4View commit details -
Delete integration/ed25519 folder and revert vendor file
On previous commits, I made a changed on the vendored package "vendor/github.com/hyperledger/fabric-config/configtx/signer.go", since the tests on "integration/ed25519" required such change. However, since this folder is being deleted and changes to the vendored package would require another pull request, I decided to revert the changes on the file. Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for d64e4db - Browse repository at this point
Copy the full SHA d64e4dbView commit details -
Update Channel capabilities and msp version to V3_0
As requested by the fabric Code Owner yacovm, the capabilities and the msp version name must be renamed to V3_0, because the ed25519-support will probably enter as a feature in Fabric 3.0. Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for c63c459 - Browse repository at this point
Copy the full SHA c63c459View commit details -
Remove oldPeerRunner from integration test net
Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 1c7e082 - Browse repository at this point
Copy the full SHA 1c7e082View commit details -
Update ed25519 integration test case
Due to the renaming of the ed25519 Channel capabilities to "v3_0" and other requests by fabric Code Owner yacovm, the ed25519 integration test had to be updated. Now the ed25519 integration test cases use a raft network with three orderers. Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 5df422e - Browse repository at this point
Copy the full SHA 5df422eView commit details -
Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 1a3f83d - Browse repository at this point
Copy the full SHA 1a3f83dView commit details -
Update signer interface documentation and params
Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 199fe83 - Browse repository at this point
Copy the full SHA 199fe83View commit details -
Previously, the golang ed25519 library was being used to sign hashes. However, the golang ed25519 library must have the full message as parameter and it calculates the hash in the "ed25519.Sign()" function. To solve that problem, the Sign and Verify methods in "msp/identities.go" calculate the hash only if the certificate does not have a ed25519 key. Some parameters' names were also changed to keep the coherence with the ed25519 Sign and Verify methods. Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 2182795 - Browse repository at this point
Copy the full SHA 2182795View commit details -
Dereference *ed25519.PublicKey and *ed25519.PrivateKey
This is an implementation correction. Since the methods to store keys deals with interfaces, the ed25519 pointers were not causing errors on compilation. However, ed25519 key pointers would cause errors in execution time. Even though these methods to store keys are not used in production, they might be one day. Golang deals with ECDSA keys as pointers but not with ED25519 and I cannot see a reason for that. However, I believe that dealing with pointers, when it is possible, is better for memory performance. Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 3647eed - Browse repository at this point
Copy the full SHA 3647eedView commit details -
Removing keyalg flag from cryptogen
Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 903a5ca - Browse repository at this point
Copy the full SHA 903a5caView commit details -
Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 3f4662d - Browse repository at this point
Copy the full SHA 3f4662dView commit details -
Add identities ed25519 test cases
Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 6dc26ed - Browse repository at this point
Copy the full SHA 6dc26edView commit details -
Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 804fe1a - Browse repository at this point
Copy the full SHA 804fe1aView commit details -
Fix fileks and keys for ed25519
Changes regarding dealing with pointers to ed25519 keys versus the values. This is a concern because golang generally deals with ed25519 keys by value. This causes a difference between the default way to deal with ecdsa keys (pointers) and ed25519 ones (values). As I implemented, the ed25519 keys storing and parsing follow the general rules: 1) Ed25519 keys are parsed from files as values (ed25519.PrivateKey or ed25519.PublicKey) but are eventually converted to pointers to fit the structs ed25519PrivateKey and ed25519PublicKey. 2) To store ed25519 keys in the fileks, they are dealt with as pointers until the marshalling method, from the x509 golang library. This fits test cases for storing "nil" keys, that would cause panic if the key were treated as value. Fileks test cases for ed25519 were added. Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for cd6d9da - Browse repository at this point
Copy the full SHA cd6d9daView commit details -
Gen ed25519 or ecdsa crypto for users
Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for f6254b8 - Browse repository at this point
Copy the full SHA f6254b8View commit details -
Gen ed25519 or ecdsa crypto for templates
Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 5fb6800 - Browse repository at this point
Copy the full SHA 5fb6800View commit details -
Add PublicKeyAlgorithm to default spec
Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 0b0934c - Browse repository at this point
Copy the full SHA 0b0934cView commit details -
Enhance warning for unsupported key
The warning in the logs when a key algorithm was not supported was to big. Only the common names are used now, instead of the whole subject and issuer. Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for f8b3282 - Browse repository at this point
Copy the full SHA f8b3282View commit details -
Update capabilities test to ginkgo v2
Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 0393599 - Browse repository at this point
Copy the full SHA 0393599View commit details -
Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 0a58142 - Browse repository at this point
Copy the full SHA 0a58142View commit details -
Fix channelV30 test for MSPv3_0
Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for d8463fd - Browse repository at this point
Copy the full SHA d8463fdView commit details -
Fix cryptogen default config and test
Some tabs were introduced on previous commits causing a parsing error on the defaultConfig. A test was added to prevent this error from happening again. Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for b7fd2b6 - Browse repository at this point
Copy the full SHA b7fd2b6View commit details -
Add CA's PublicKeyAlgorithm to default config
This commit adds the field PublicKeyAlgorithm to cryptogen's default config. CAs crypto-material keys might be generated using ed25519 or ecdsa. Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 4805a27 - Browse repository at this point
Copy the full SHA 4805a27View commit details -
Add ecdsa as default PublicKeyAlgorithm for CA
Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 9e6c617 - Browse repository at this point
Copy the full SHA 9e6c617View commit details -
Configuration menu - View commit details
-
Copy full SHA for db87f33 - Browse repository at this point
Copy the full SHA db87f33View commit details -
compute SHA256 only for ECDSA keys
Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 6116fd8 - Browse repository at this point
Copy the full SHA 6116fd8View commit details -
fix comments assuming ECDSA-only support
Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 88a2f02 - Browse repository at this point
Copy the full SHA 88a2f02View commit details -
Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 1bb5565 - Browse repository at this point
Copy the full SHA 1bb5565View commit details -
Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 2714ba4 - Browse repository at this point
Copy the full SHA 2714ba4View commit details -
Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 4d9a50a - Browse repository at this point
Copy the full SHA 4d9a50aView commit details -
Improve ed25519 lifecycle integration test
- instead of changing cryptogen config, we give ed25519 keys by changing the certificate and the keys. - Now, the test is compatible with a network without a system channel. - Other improvements were made Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 5bab4b0 - Browse repository at this point
Copy the full SHA 5bab4b0View commit details -
Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 433bfbb - Browse repository at this point
Copy the full SHA 433bfbbView commit details -
remove unecessary line from ed25519 test
Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 9df7bf1 - Browse repository at this point
Copy the full SHA 9df7bf1View commit details -
fix nwo.UpdateConfig() call from discovery test
Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 44c37b8 - Browse repository at this point
Copy the full SHA 44c37b8View commit details -
use gomega funcs instead of println
Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 66524a7 - Browse repository at this point
Copy the full SHA 66524a7View commit details -
Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for 2b19c89 - Browse repository at this point
Copy the full SHA 2b19c89View commit details
Commits on Jun 6, 2024
-
Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for c3019ef - Browse repository at this point
Copy the full SHA c3019efView commit details -
fix integration test chaincode deploy
Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
Configuration menu - View commit details
-
Copy full SHA for b4f60ac - Browse repository at this point
Copy the full SHA b4f60acView commit details