* don't set SECP256R1 as signature algorithm instance in the tests, only use it when the nodes are started as their own processes
Signed-off-by: Daniel Lehrner <daniel@io.builders>
* renamed some variables for better readability
Signed-off-by: Daniel Lehrner <daniel@io.builders>
Fetching the hash from the java security providers is often longer than
the hashing itself, so we should cache results from the providers in a
reusable fashion.
Signed-off-by: Danno Ferrin <danno.ferrin@gmail.com>
Remove all but 4 log4j2.xml config files
* The main config for the besu CLI app
* The config for the evmTool CLI app
* The config for acceptance tests
* A config in testUtil
If any tests depend on a log4j file they should import testutil.
Signed-off-by: Danno Ferrin <danno.ferrin@gmail.com>
Adding the Log4j "jul" (java.util.logging) adapter resulted in many
messages like this at startup:
`main INFO Registered Log4j as the java.util.logging.LogManager.`
These come from the Log4j status logger. We can get rid of those by
setting the status attribute on all configurations to a higher logging
level. WARN is the next higher level.
Signed-off-by: Danno Ferrin <danno.ferrin@gmail.com>
Allows nodes in a network to not strictly prefer older peers. This
helps break up impenetrable cliques in small, stable networks (private
networks often fit this description). We generate a random mask for the
lifetime of the process and use that to xor against the nodeId of a
potential peer. The desired behavior of the network is that some of the
nodes will allow the new peer to make an inbound connection but that
peer can't try to farm a nodeId that would make prioritize it over all
other peers in a guaranteed fashion.
Signed-off-by: Ratan Rai Sur <ratan.r.sur@gmail.com>
Upgrade to ErrorProne 2.4.0
* public constructors on abstract classes are removed
* Javadoc must have meaningfull documentation
* lambdas should not be variables
* Added to the list of confusing inner class names (Entry and Type)
* no assert keyword in tests
* Obsolete JDK classes produce errors now
Signed-off-by: Danno Ferrin <danno.ferrin@gmail.com>
* Indicate that it is the node public key displayed in the log
feat: add `public` in key pair loading for clarity purpose
Signed-off-by: Alexandre PARIS-VERGNE <alexpv14@gmail.com>
Introduced Security Module Plugin API. This allows to switch to a different security module provider to provide cryptographic function that can be used by NodeKey (such as sign, ECDHKeyAgreement etc.). By default register KeyPairSecurityModule otherwise attempt to load Security Module via plugin API.
CLI Options:
--security-module=<name>. (defaults to localfile)
Signed-off-by: Usman Saleem <usman@usmans.info>
Enable native encryption by default, but retain the feature flags. The problem with acceptance tests is that the new native libraries added some startup overhead, which when translated to starting up 12 nodes on the same vm resulted in longer time getting to a testable state. Start up timeout was increased to 60 seconds.
Signed-off-by: Danno Ferrin <danno.ferrin@gmail.com>
Via JNA use native scep256k1 and altbn128 libraries.
This is gated by two feature flags and is disabled by default.
* `--Xsecp256k1-native-enabled` enables native secp256k1 across all of besu
* `--Xaltbn128-native-enabled` enables native altbn128 in the precompiled contracts
Signed-off-by: Danno Ferrin <danno.ferrin@gmail.com>
Security frameworks create signatures of 64-bytes (for a 256-bit keys) - and do not produce the recId.
Furthermore, the signatures created maybe in the upper-half of the curve, which is illegal under Ethereum.
As these checks must be applied to signatures generated by the jce, it is prudent to separate the concept of signature generation, from the post-operations.
Signed-off-by: Trent Mohay <trent.mohay@consensys.net>
This change allows the newly defined "SecurityModule" to work against a generic API, while the NodeKey interface adapts these generic types to the types already used throughout Besu (i.e. those defined in Secp256k1).
Signed-off-by: Trent Mohay <trent.mohay@consensys.net>
It was identified that during the creation of injectable crypto, that the NodeKey effectively offered duplicated functionality between ECDH and ECIES key agreements. The ECIES was superfluous and has been removed.
Signed-off-by: Trent Mohay <trent.mohay@consensys.net>
Update the Handhshaking classes to use an injected NodeKey object for ECIES encryption.
This has necessitated an update of NodeKey to support the creation of Key and ECIES agreement creation.
Signed-off-by: Trent Mohay <trent.mohay@consensys.net>
Currently, Besu injects a KeyPair from the initial entry, through the hierarchy of classes and into various leaf classes. The leaf classes then execute statically defined cryptographic functions (eg Secp256k1.sign) using the injected key.
Thus the implementation of the cryptographic function is hardcoded by the leaf node, and cannot be injected - and thus its implementation cannot be altered.
This change combines the node's KeyPair with associated cryptographic functions in a single class, which can then be injected. This in turn enables other cryptographic backends to be utilised by Besu.
Signed-off-by: Trent Mohay <trent.mohay@consensys.net>
Removes as many Gradle 7.0 compatibility issues as possible
* `baseName` -> `archiveBaseName`
* `extension` -> `archiveExtension`
* `destinationDir` -> `destinationDirectory`
* `runtime` -> `runtimeOnly`
* Change some log4j-api and log4j-core dependencies
* Remove an unneeded and outdated plugin (`net.ltgt.apt`)
* tweak the plugin-api change detector's property annotations.
Warnings still exist with one external plugin used for license file
checking that we do not control the source code for.
Signed-off-by: Danno Ferrin <danno.ferrin@gmail.com>
This was turned off a number of months ago because of long build times.
However it appears either because of code structure changes or fixed
errorprone that this finishes in a reasonable time now.
Code that violated this check is also fixed.
Signed-off-by: Danno Ferrin <danno.ferrin@gmail.com>
Update dependencies to most current version
- except picocli which is a major version update
Alphabetize dependencies
Signed-off-by: Danno Ferrin <danno.ferrin@gmail.com>
* adding in spdx-license-identifier & updated check for the same; removing license check from spotless
Signed-off-by: Joshua Fernandes <joshua.fernandes@consensys.net>
* Change CheckSpdxHeader to a task.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
* Ensure `plugin-api` module gets published at the correct maven path
* Move `plugins` to `plugin-api`
Signed-off-by: Edward Evans <edward.evans@consensys.net>
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
* Return plugin-api to the main repo
* Spotless
* Migrate all external plugin-api references to the project in this repo
* Add licence header
* Update repo reference for publish, even if commented
* Use real configuration for publishing plugin-api
This was tested with the
`:plugins:publishMavenJavaPublicationToMavenLocal` task and checking the
local Maven repo to make sure it was using the correct paths
Signed-off-by: Edward Evans <edward.evans@consensys.net>
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
* Rich Data for Events Plugin
* plugin-api -> api
* use BinaryData as a root and add getValue to UInt256Value
* bring rick data changes in line with proposed APIs.
Undo orthagonal naming changes.
* add size
* use log and transaction interfaces from rich data api
* update to released plugin api version and add new event listener.
* add tests
* fix acceptance tests
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
* [PAN-2842] Blake 2b tweaks
* Adjust endianess on byte payload
* f flag can have only 0 or 1
* Fewer successful vector tests
* Tests for failure and edge cases
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
BlockDataGenerator (a testing util) uses the default key generation code, which
is set to a production grade SecureRandom seed by default. However this creates
non-deterministic results with the block data.
This changes the generator for test data to use a deterministic set of key
pairs.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
* Don't copy collections if we don't need to. Change types higher up if needed.
* Don't use Guava's Object.equal, use Java's Objects.equals.
** add errorprone test to enforce the banning of Guava's Objects class.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
Biggest change is that UnusedVariable and UnusedMethod went to WARN by
default. Since our build is a no warning build this means we either need
to turn them off or fix them. I mostly opted for the latter. Test code
was mostly fixed, unused loggers were deleted, and other shipped code
was mostly suppressed.
Two less noisy fixes to not use `SortedSet` and to use zero based
comparable results instead of -1, 0, and 1. Also a compiler nit in
errorprone was suppressed, per the description it won't affect us.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
* Upgrade errorprone
* Upgrade errorprone from 2.3.1 to 2.3.2
* Upgrade Jenkinsfile so that CI will use Java 11
* Suppress these new rules:
* EqualsGetClass
* ImmutableEnumChecker
* UnnecessaryParentheses
* Change code to conform to these new rules:
* BadImport
* BadInstanceof
* InconsistentHashCode
* LockNotBeforeTry
* MathAbsoluteRandom
* ModifiedButNotUsed
* UndefinedEquals
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
Update value returned by web3_clientVersion to be ethstats friendly
* Version part starts with a v
* SNAPSHOT builds report 32 bits of the git hash
* OS and architecture are sniffed out and reported
* JVM version and branding are sniffed out and reported
Example values (not all real):
pantheon/v0.9.0-dev-f800a0b1/osx-x86_64/oracle-java-1.8
pantheon/v0.9.0-dev-27960b57/osx-x86_64/zulu-java-11
pantheon/v0.9.0/linux-arm64/openjdk-java-12
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>