ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2025-01-11 15:32:49 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

CORDA-4098 assumption test (#6871) (#6873) (#6874)

Browse Source 
* Upgrade of Bouncy Castle to resolve security issue

* Changed default signature scheme

* Reverted default change in draft

* Key conversion for BC with ed25519

* Initializing BC provider to use X509EdDSAEngine for Signature.Ed25519

* removed unsude imports

Co-authored-by: Nick Dunstone <nick.a.dunstone@gmail.com>

Co-authored-by: Alexey Kadyrov <67952405+alexey-kadyrov-r3@users.noreply.github.com>

Co-authored-by: Alexey Kadyrov <67952405+alexey-kadyrov-r3@users.noreply.github.com>
This commit is contained in:
Nick Dunstone 2021-02-17 17:14:05 +00:00 committed by GitHub
parent 7261442c98
commit 42bb25462d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
constants.properties
View File

@ -20,7 +20,7 @@ quasarVersion11=0.8.1_r3
jdkClassifier11=jdk11 jdkClassifier11=jdk11
dockerJavaVersion=3.2.5 dockerJavaVersion=3.2.5
proguardVersion=6.1.1 proguardVersion=6.1.1
bouncycastleVersion=1.66 bouncycastleVersion=1.68
classgraphVersion=4.8.90 classgraphVersion=4.8.90
disruptorVersion=3.4.2 disruptorVersion=3.4.2
typesafeConfigVersion=1.3.4 typesafeConfigVersion=1.3.4

2
core/src/main/kotlin/net/corda/core/crypto/internal/ProviderMap.kt
View File

@ -35,6 +35,7 @@ val cordaBouncyCastleProvider = BouncyCastleProvider().apply {
putAll(EdDSASecurityProvider()) putAll(EdDSASecurityProvider())
// Override the normal EdDSA engine with one which can handle X509 keys. // Override the normal EdDSA engine with one which can handle X509 keys.
put("Signature.${EdDSAEngine.SIGNATURE_ALGORITHM}", X509EdDSAEngine::class.java.name) put("Signature.${EdDSAEngine.SIGNATURE_ALGORITHM}", X509EdDSAEngine::class.java.name)
put("Signature.Ed25519", X509EdDSAEngine::class.java.name)
addKeyInfoConverter(`id-Curve25519ph`, object : AsymmetricKeyInfoConverter { addKeyInfoConverter(`id-Curve25519ph`, object : AsymmetricKeyInfoConverter {
override fun generatePublic(keyInfo: SubjectPublicKeyInfo) = decodePublicKey(EDDSA_ED25519_SHA512, keyInfo.encoded) override fun generatePublic(keyInfo: SubjectPublicKeyInfo) = decodePublicKey(EDDSA_ED25519_SHA512, keyInfo.encoded)
override fun generatePrivate(keyInfo: PrivateKeyInfo) = decodePrivateKey(EDDSA_ED25519_SHA512, keyInfo.encoded) override fun generatePrivate(keyInfo: PrivateKeyInfo) = decodePrivateKey(EDDSA_ED25519_SHA512, keyInfo.encoded)
@ -46,6 +47,7 @@ val cordaBouncyCastleProvider = BouncyCastleProvider().apply {
// TODO: Find a way to make JKS work with bouncy castle provider or implement our own provide so we don't have to register bouncy castle provider. // TODO: Find a way to make JKS work with bouncy castle provider or implement our own provide so we don't have to register bouncy castle provider.
Security.addProvider(it) Security.addProvider(it)
} }
val bouncyCastlePQCProvider = BouncyCastlePQCProvider().apply { val bouncyCastlePQCProvider = BouncyCastlePQCProvider().apply {
require(name == "BCPQC") { "Invalid PQCProvider name" } require(name == "BCPQC") { "Invalid PQCProvider name" }
}.also { }.also {