[DRAFT] feat/CORDA-3823-hash-agility-qa-ready (#6789)

* wip

* wip

* wip (need to review IEE comments)

* wip

* wip

* Small refactoring, fixed network-verifier's TestNotaryFlow

* Added command line option to explicitly enable hash agility support

* wip-do-not-push

* wip

* wip

* wip

* aligned merkletree/transaction hash algorithms

* wip

* Added mixed algorithm support for nodes vs leaves and corrected mixed algorithm tests

* moved global computeNonce and componentHash to DigestService

* added comment for failing test to fix

* wip

* Minor cleanups, added deprecated componentHash/computeNonce

* restored exploratory changes to failing SignedTransaction test

* cleaned up and minor rafactoring

* Fixed some tests with hardcoded hash algorithm

* some changes and cleanups following code review

* WIP commit before large change

* WIP Fixed 3 tests

* WIP removed direct references to randomSHA256() and sha256()

* Updated/added liquibase migrations to support larger hash algorithms

* Reviewed, cleanups, comments, fixes

* removing direct references to sha256()

* WIP verifying obligations test errors

* reviewing obligation/attachment issues with sha3_256

* Full review before PR - intermediate commits

* Reviewed and cleaned up

* Futher cleanup

* Fixed partial tree backward compatible json and cleanups

* all tests passing

* Removed couple of unused imports

* Reworked global componentHash function to avoid deprecated warnings

* replaced SHA3s with some alternate SHA2s

* Removed SHA3-256 and SHA3-512 references

* fixed some tests using non ubiquitous hash algorithms

* Fixed ABI compatibility (not for TransactionBuilder)

* Fixed ABI compatibility to TransactionBuilder

* couple of fixes

* fixed DigestService's randomHash

* Removed constructor with loosely typed args for private constructor of LedgerTransaction class (API removal)

* re-introduced LedgerTransaction deprecated ctor for deserialization

* Add possibility to load CustomMessageDigest bypassing JCA (#6798)

* Change api-current for DigestAlgorithm

* disable flaky tests

Co-authored-by: Denis Rekalov <denis.rekalov@r3.com>

core-deterministic/testing/src/test/kotlin/net/corda/deterministic/contracts/PrivacySaltTest.kt

@@ -21,14 +21,14 @@ class PrivacySaltTest {
     }
 
     @Test(timeout=300_000)
-	fun testTooShortPrivacySalt() {
+	fun testTooShortPrivacySaltForSHA256() {
         val ex = assertFailsWith<IllegalArgumentException> { PrivacySalt(ByteArray(SALT_SIZE - 1) { 0x7f }) }
-        assertEquals("Privacy salt should be 32 bytes.", ex.message)
+        assertEquals("Privacy salt should be at least 32 bytes.", ex.message)
     }
 
     @Test(timeout=300_000)
-	fun testTooLongPrivacySalt() {
-        val ex = assertFailsWith<IllegalArgumentException> { PrivacySalt(ByteArray(SALT_SIZE + 1) { 0x7f }) }
-        assertEquals("Privacy salt should be 32 bytes.", ex.message)
+	fun testTooShortPrivacySaltForSHA512() {
+        val ex = assertFailsWith<IllegalArgumentException> { PrivacySalt(ByteArray(SALT_SIZE) { 0x7f }).apply { validateFor("SHA-512") } }
+        assertEquals("Privacy salt should be at least 64 bytes for SHA-512.", ex.message)
     }
-}
+}

core-deterministic/testing/src/test/kotlin/net/corda/deterministic/crypto/MerkleTreeTest.kt

@@ -1,14 +1,50 @@
 package net.corda.deterministic.crypto
 
+import net.corda.core.crypto.DigestService
 import net.corda.core.crypto.MerkleTree
 import net.corda.core.crypto.SecureHash
 import org.junit.Assert.assertEquals
 import org.junit.Test
 
 class MerkleTreeTest {
+    private fun leafs(algorithm : String) : List<SecureHash> =
+            listOf(SecureHash.allOnesHashFor(algorithm), SecureHash.zeroHashFor(algorithm))
+
     @Test(timeout=300_000)
 	fun testCreate() {
-        val merkle = MerkleTree.getMerkleTree(listOf(SecureHash.allOnesHash, SecureHash.zeroHash))
-        assertEquals(SecureHash.parse("A5DE9B714ACCD8AFAAABF1CBD6E1014C9D07FF95C2AE154D91EC68485B31E7B5"), merkle.hash)
+        val merkle = MerkleTree.getMerkleTree(leafs(SecureHash.SHA2_256), DigestService.sha2_256)
+        assertEquals(SecureHash.create("A5DE9B714ACCD8AFAAABF1CBD6E1014C9D07FF95C2AE154D91EC68485B31E7B5"), merkle.hash)
     }
+
+    @Test(timeout=300_000)
+    fun `test create SHA2-384`() {
+        val merkle = MerkleTree.getMerkleTree(leafs(SecureHash.SHA2_384), DigestService.sha2_384)
+        assertEquals(SecureHash.create("SHA-384:2B83D37859E3665D7C239964D769CF950EE6478C13E4CA2D6643C23B6C4EAE035C88F654D22E0D65E7CA40BAE4F3718F"), merkle.hash)
+    }
+
+    @Test(timeout=300_000)
+    fun `test create SHA2-256 to SHA2-384`() {
+        val merkle = MerkleTree.getMerkleTree(leafs(SecureHash.SHA2_256), DigestService.sha2_384)
+        assertEquals(SecureHash.create("SHA-384:02A4E8EA5AA4BBAFE80C0E7127B15994B84030BE8616EA2A0127D85203CF34221403635C08084A6BDDB1DB06333F0A49"), merkle.hash)
+    }
+
+//    @Test(timeout=300_000)
+//    fun testCreateSHA3256() {
+//        val merkle = MerkleTree.getMerkleTree(listOf(SecureHash.allOnesHashFor(SecureHash.SHA3_256),
+//                SecureHash.zeroHashFor(SecureHash.SHA3_256)), DigestService.sha3_256)
+//        assertEquals(SecureHash.create("SHA3-256:80673DBEEC8F6761ACBB121E7E45F61D4279CCD8B8E2231741ECD0716F4C9EDC"), merkle.hash)
+//    }
+//
+//    @Test(timeout=300_000)
+//    fun testCreateSHA2256toSHA3256() {
+//        val merkle = MerkleTree.getMerkleTree(listOf(SecureHash.allOnesHash, SecureHash.zeroHash), DigestService.sha3_256)
+//        assertEquals(SecureHash.create("SHA3-256:80673DBEEC8F6761ACBB121E7E45F61D4279CCD8B8E2231741ECD0716F4C9EDC"), merkle.hash)
+//    }
+//
+//    @Test(timeout=300_000)
+//    fun testCreateSHA3256toSHA2256() {
+//        val merkle = MerkleTree.getMerkleTree(listOf(SecureHash.allOnesHashFor(SecureHash.SHA3_256),
+//                SecureHash.zeroHashFor(SecureHash.SHA3_256)), DigestService.sha2_256)
+//        assertEquals(SecureHash.create("A5DE9B714ACCD8AFAAABF1CBD6E1014C9D07FF95C2AE154D91EC68485B31E7B5"), merkle.hash)
+//    }
 }

core-deterministic/testing/src/test/kotlin/net/corda/deterministic/crypto/SecureHashTest.kt

@@ -10,7 +10,7 @@ class SecureHashTest {
     @Test(timeout=300_000)
 	fun testSHA256() {
         val hash = SecureHash.sha256(byteArrayOf(0x64, -0x13, 0x42, 0x3a))
-        assertEquals(SecureHash.parse("6D1687C143DF792A011A1E80670A4E4E0C25D0D87A39514409B1ABFC2043581F"), hash)
+        assertEquals(SecureHash.create("6D1687C143DF792A011A1E80670A4E4E0C25D0D87A39514409B1ABFC2043581F"), hash)
         assertEquals("6D1687C143DF792A011A1E80670A4E4E0C25D0D87A39514409B1ABFC2043581F", hash.toString())
     }
 

core-deterministic/testing/src/test/kotlin/net/corda/deterministic/crypto/TransactionSignatureTest.kt

@@ -65,7 +65,7 @@ class TransactionSignatureTest {
         val txSignature = signMultipleTx(txIds, keyPair)
 
         // The hash of all txIds are used as leaves.
-        val merkleTree = MerkleTree.getMerkleTree(txIds.map { it.sha256() })
+        val merkleTree = MerkleTree.getMerkleTree(txIds.map { it.sha256() }, DigestService.default)
 
         // We haven't added the partial tree yet.
         assertNull(txSignature.partialMerkleTree)
@@ -128,7 +128,7 @@ class TransactionSignatureTest {
 
     // Returns a TransactionSignature over the Merkle root, but the partial tree is null.
     private fun signMultipleTx(txIds: List<SecureHash>, keyPair: KeyPair): TransactionSignature {
-        val merkleTreeRoot = MerkleTree.getMerkleTree(txIds.map { it.sha256() }).hash
+        val merkleTreeRoot = MerkleTree.getMerkleTree(txIds.map { it.sha256() }, DigestService.default).hash
         return signOneTx(merkleTreeRoot, keyPair)
     }