mirror of
https://github.com/corda/corda.git
synced 2025-01-11 23:43:03 +00:00
* Upgrade of Bouncy Castle to resolve security issue * Changed default signature scheme * Reverted default change in draft * Key conversion for BC with ed25519 * Initializing BC provider to use X509EdDSAEngine for Signature.Ed25519 * removed unsude imports Co-authored-by: Nick Dunstone <nick.a.dunstone@gmail.com> Co-authored-by: Alexey Kadyrov <67952405+alexey-kadyrov-r3@users.noreply.github.com>
This commit is contained in:
parent
0659932be0
commit
d41f608e4e
@ -20,7 +20,7 @@ quasarVersion11=0.8.1_r3
|
|||||||
jdkClassifier11=jdk11
|
jdkClassifier11=jdk11
|
||||||
dockerJavaVersion=3.2.5
|
dockerJavaVersion=3.2.5
|
||||||
proguardVersion=6.1.1
|
proguardVersion=6.1.1
|
||||||
bouncycastleVersion=1.66
|
bouncycastleVersion=1.68
|
||||||
classgraphVersion=4.8.90
|
classgraphVersion=4.8.90
|
||||||
disruptorVersion=3.4.2
|
disruptorVersion=3.4.2
|
||||||
typesafeConfigVersion=1.3.4
|
typesafeConfigVersion=1.3.4
|
||||||
|
@ -35,6 +35,7 @@ val cordaBouncyCastleProvider = BouncyCastleProvider().apply {
|
|||||||
putAll(EdDSASecurityProvider())
|
putAll(EdDSASecurityProvider())
|
||||||
// Override the normal EdDSA engine with one which can handle X509 keys.
|
// Override the normal EdDSA engine with one which can handle X509 keys.
|
||||||
put("Signature.${EdDSAEngine.SIGNATURE_ALGORITHM}", X509EdDSAEngine::class.java.name)
|
put("Signature.${EdDSAEngine.SIGNATURE_ALGORITHM}", X509EdDSAEngine::class.java.name)
|
||||||
|
put("Signature.Ed25519", X509EdDSAEngine::class.java.name)
|
||||||
addKeyInfoConverter(`id-Curve25519ph`, object : AsymmetricKeyInfoConverter {
|
addKeyInfoConverter(`id-Curve25519ph`, object : AsymmetricKeyInfoConverter {
|
||||||
override fun generatePublic(keyInfo: SubjectPublicKeyInfo) = decodePublicKey(EDDSA_ED25519_SHA512, keyInfo.encoded)
|
override fun generatePublic(keyInfo: SubjectPublicKeyInfo) = decodePublicKey(EDDSA_ED25519_SHA512, keyInfo.encoded)
|
||||||
override fun generatePrivate(keyInfo: PrivateKeyInfo) = decodePrivateKey(EDDSA_ED25519_SHA512, keyInfo.encoded)
|
override fun generatePrivate(keyInfo: PrivateKeyInfo) = decodePrivateKey(EDDSA_ED25519_SHA512, keyInfo.encoded)
|
||||||
@ -46,6 +47,7 @@ val cordaBouncyCastleProvider = BouncyCastleProvider().apply {
|
|||||||
// TODO: Find a way to make JKS work with bouncy castle provider or implement our own provide so we don't have to register bouncy castle provider.
|
// TODO: Find a way to make JKS work with bouncy castle provider or implement our own provide so we don't have to register bouncy castle provider.
|
||||||
Security.addProvider(it)
|
Security.addProvider(it)
|
||||||
}
|
}
|
||||||
|
|
||||||
val bouncyCastlePQCProvider = BouncyCastlePQCProvider().apply {
|
val bouncyCastlePQCProvider = BouncyCastlePQCProvider().apply {
|
||||||
require(name == "BCPQC") { "Invalid PQCProvider name" }
|
require(name == "BCPQC") { "Invalid PQCProvider name" }
|
||||||
}.also {
|
}.also {
|
||||||
|
Loading…
Reference in New Issue
Block a user