From c1bb07e65f550e043d9a387d3978e651a1b7a15d Mon Sep 17 00:00:00 2001 From: Determinant Date: Tue, 2 Jul 2019 03:00:31 -0400 Subject: enable TLS for replica-replica connections --- .gitignore | 1 + CMakeLists.txt | 4 ++++ hotstuff-sec0.conf | 4 +++- hotstuff-sec1.conf | 4 +++- hotstuff-sec2.conf | 4 +++- hotstuff-sec3.conf | 4 +++- hotstuff.conf | 10 +++++----- include/hotstuff/hotstuff.h | 17 +++++++++++++---- include/hotstuff/type.h | 2 ++ salticidae | 2 +- scripts/gen_conf.py | 17 ++++++++++++----- src/hotstuff.cpp | 18 +++++++++++++++--- src/hotstuff_app.cpp | 41 ++++++++++++++++++++++++++++++---------- src/hotstuff_client.cpp | 8 ++++---- src/hotstuff_tls_keygen.cpp | 46 +++++++++++++++++++++++++++++++++++++++++++++ 15 files changed, 146 insertions(+), 36 deletions(-) create mode 100644 src/hotstuff_tls_keygen.cpp diff --git a/.gitignore b/.gitignore index 68646ab..b9dda4a 100644 --- a/.gitignore +++ b/.gitignore @@ -8,6 +8,7 @@ libsecp256k1-prefix/ hotstuff-app hotstuff-client hotstuff-keygen +hotstuff-tls-keygen libhotstuff.a src/*.swo src/*.swp diff --git a/CMakeLists.txt b/CMakeLists.txt index 2a3209e..f93b944 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -96,6 +96,10 @@ add_executable(hotstuff-keygen src/hotstuff_keygen.cpp) target_link_libraries(hotstuff-keygen hotstuff_static) +add_executable(hotstuff-tls-keygen + src/hotstuff_tls_keygen.cpp) +target_link_libraries(hotstuff-tls-keygen hotstuff_static) + find_package(Doxygen) if (DOXYGEN_FOUND) add_custom_target(doc diff --git a/hotstuff-sec0.conf b/hotstuff-sec0.conf index 97fef97..bbfd3f2 100644 --- a/hotstuff-sec0.conf +++ b/hotstuff-sec0.conf @@ -1,2 +1,4 @@ -privkey = ee9dd39a8f269918ed9a27789bb4d5ddabe572e5d6397b01c643141a4568c83b +privkey = 445fa01dbbb9d0510ab6d6f630c94ab43ba21ad91f31d47da92f7b679ba2f582 +tls-privkey = 308204a10201000282010100c5a358cee61ca7592dbe62cd28225426dc3fc65b33432043efb5e8fcfaf334720b2000d10c422172e6f94f82746928a6d51193342a1555684eedb141321170cb02cc7b189f5506cc30cb5c26d9b84123328ed6df61fc1a6582b046def7a662bb15d84e29ffa279f1d853c25ca79fbe3fab0200f8c85566a5eedb98df4a958e8512a647258e55a7a56c1ca8b05607b38b01b6a2669af9a70efa59141f6079341c6044f615687be756d4830ea359139ea35e23f34ce226215a1a2fb8271cc60a037841e44c460e149a71d3e2fa907a48677ad18af2e7348343932f5f29ac5241cd20ce64e6798ada684164cd1109c3a969662d9aaf9897fedc5a4e256eb92bf7bd02011102820100516160cdaa0bcc7003c6dd6388ff139787de0661c9d0589471c35fefb2a060e3aa3a5ab06e75954d6e2a6c088a496b1784e91e7ee426e6eeb7169448058eb5f93d6341bed83211db9b9f07d3c30fa259c9861c3ddd0d7447ea84d1e356ea28a7635911205a33d7dc0dc822dadb9c2129466a3ca2acd7def9080011c55af249bd98e3f84a5475a43cc0369cf7fa5e4ecdd1c09ac0b0a41bd19d8af70cad8f1b6aec66a22179e5dbf9c446c645e9daa9080b455fca64365d8e02a686fbd707198302db43cd37629033574561c025d89d29c393746ce12fa01bbe60feb3fab292928ead3f8f6def6b9a7dffcd2139f6e8d1f79844d216b28dfae29dc6ba8c11063102818100f770f6dea12236dd39cb46ba96c171f3cfa92c961a12bfb62108e82e0bac280554a9ad4b99c4faee9287467573eaf6cfcba360753668c40ab1b015fbbb95f6a2d3c2402966971fa54540befdc39b58962f7d0cfaa96ff268df02efab32238544ed75fd6586bd93e38934c9d59b037f3cd7f727b38c854e1061de1f68bf43a26d02818100cc7963002015bd593af15276f185cb5a34a76bb36633c85bc86c6640419612a5a8eb2cc1a6ad43e51c2b545f88a7e8c0096a6110b85de7d1f458eca33267f9fde6b4489e346304787d33c8e1033e96b502a53ea6ad2c55299cae973719587d24468f164930f58a56aac2c7eabd68870a1056f06b8bcec5b3d2156c8a1375d89102818048c6df326ba0a6b9897805be68933fa20fe676868023a1cc27d57176f45fcf8918e69c61879449cdb2a041e64f451b6a4af3d1136a5b0c7b9dac42b3736857994d57400c2d3b81c7327c7468c10f9286867012e04ff3bfc47dd3afe70ebf273263f586c381fb85d982b52c4de24c52996cb21abc56818f6e3ae6fa2ddde6b74d028180180e47e1e5a83464d9c209b3a3f19f740631d06f756f80fbbd39ede97120b6e6501baae99b2371663f8ca083b5b966ad2e48c02015b0b1dc77198540604877c3848dae30bade78ff1dc9db65c4257b245aaa075ee732645f3f9c11ca3f37964080c58a26ba773d739b9e71df6193d3a6d4beef1bb618537e912fb26a98e0b01102818100950d7d5ec366f8bca918011359590c6e7d6fe4d3e8922d68468c3e24277f27621db17cb41d0dcddf1f77e289e49dc92101d8544e84281ec7732fbfd4e9194924a2adac4e22ef79c2ad61428f1fa03e6affa3b0de07f857de87a2e758953122b0d693cf49e54ede4eba44dcdc2c5cbd6751af5117fd107fc0e4ffb18f8774d79e +tls-cert = 308202e4308201cc020101300d06092a864886f70d01010505003039310b300906035504061302555331163014060355040a0c0d6c696273616c746963696461653112301006035504030c096c6f63616c686f7374301e170d3139303730323036353535365a170d3139303730323036353535365a3039310b300906035504061302555331163014060355040a0c0d6c696273616c746963696461653112301006035504030c096c6f63616c686f737430820120300d06092a864886f70d01010105000382010d00308201080282010100c5a358cee61ca7592dbe62cd28225426dc3fc65b33432043efb5e8fcfaf334720b2000d10c422172e6f94f82746928a6d51193342a1555684eedb141321170cb02cc7b189f5506cc30cb5c26d9b84123328ed6df61fc1a6582b046def7a662bb15d84e29ffa279f1d853c25ca79fbe3fab0200f8c85566a5eedb98df4a958e8512a647258e55a7a56c1ca8b05607b38b01b6a2669af9a70efa59141f6079341c6044f615687be756d4830ea359139ea35e23f34ce226215a1a2fb8271cc60a037841e44c460e149a71d3e2fa907a48677ad18af2e7348343932f5f29ac5241cd20ce64e6798ada684164cd1109c3a969662d9aaf9897fedc5a4e256eb92bf7bd020111300d06092a864886f70d0101050500038201010009fc34f2835e4c14de1e03202c0f0884acb51e7568b286a9b3a374e8b69f304600a2787303cd382e52923db352cf91587ea7a33da5116c886c67775b5f96357971dddb568948fbb12987523a8be0e2e537284f8ee591af17c6d58410e41d32fc634f99289089915fb4273feaaca45d3442820155f5014fbd5d19fef7954729e4439218cad6a83b9dcd21834aaec379a276f163599cdac6b9513d0c07310852bb4104a58141a158d302908c23761899a4c68c3bf81115f302d41f42ff38150c0b7dc798fd7319abec6bd9365e00bf0a0998c3b97fe4834f0688e95d1eea4df4031274c781c6661cab085d629cb924c5c65b865ae98aa2349875fafe62b7eacbc5 idx = 0 diff --git a/hotstuff-sec1.conf b/hotstuff-sec1.conf index e36849f..54c9b5f 100644 --- a/hotstuff-sec1.conf +++ b/hotstuff-sec1.conf @@ -1,2 +1,4 @@ -privkey = 06cf6276fa4353a1c54a9f762bb827e016f5ed4cf659010b0689cf667eda54eb +privkey = 71f2f7aa5fb0f6d8fcdebe6c6c249aa7de068eb5d617dffa0dcfbc2f1dd73177 +tls-privkey = 308204a20201000282010100abfe4a55f831720dd46e2bca05e767aef9838d2069f893f3213bf5a31f5be249c2b356476e01d3fc221581bf4ffa93a6ec41898fbed6119b7981065d07fe476fa12b7da4a22f37d4cfc8a667ff163c05d17762f789df64995a1e80c50ed0d1f7ab8e733fb543d962818ce3ba7b38bf4fe0ca39926b6e99e3fa32eff48f503cf7f66824573e9fb34cb9c4e952f0f584d30c5b7312172facb0439ed5af6d0c6f7382db15315dce8f2fe1704f11bd76e5e3fbffd6f44b240036492187a13e23c0cc8769a52f5bbc90400867093d031483b84fe5c40a7ce66d7dab7a474689de080cc2b6670359f08d5bff53cfa92bf49fc306cccfe0b6fed8c6e4edef86d81638610201110282010100a1e045f68f3d98857ca3ecfa5fe8da0e180357a609626d2110386eb7a50b2f547b032406fe1fd692f2e710b40f09f460de5bccc3866f1fa1634c423970ef524af20ad09af2ff439b1dea060786ab83c93d9d8a5263a5136327a43cf5b3975c34653ac6d28c7c17e43db1c746199ed22d0fcd635ca159094f09995a4f95f12a513ebec6fe1af47c260090fcf8908e04192bb8b9a9c75608d221110d183a80380193b076354b2cb396500c94c8ca33e45559eeadefe217ef04898a2350390fadcf3e4ccb4d1783c619168c9fe7e29701f15476e980408975050d0a8e5df4e4ea35dc6fe3e3f71964952cf600c45d88688b5e92cf5144d869448290e7cefc8f793102818100d5c267d9f5b82ce47e3b7e3fa80fa599b73406b21d240c863bfc4c20d858c729d96e89adc0e51aa6248112fb351bcf5102dada449b5226842d9e7482e65391b8e89a8a0982a1f1b0e75922d416e45f28a06842d4ef00d9c7c8fa43d47487e79121e69d25f5dbbdf49ea85dc7035cb7a92fa79cad5666a2bd4bcd29be9ec31fff02818100cdfb090f4c43c27fdaef5e4b2f4efade96b3271b964036cac4806ba4d68b6cc7fc810deafd09f5ba07e1de013183f3f8499763e0cf986bbd49604d991b2f86676c9d8323f01e9c1479187c828b6fb27f45bf291d4953876084a4cc2e4122e7a26698e7bb2d89d488e0e611118536f905c2a936ed07724630ce66cf7c4cfaa79f0281810096e39499daa01fb0591aefb476a1a21226f78c417dfb542284b2179eb6d5414ab79952204bed03c0923cfe56f84fdda2989a7bf431672a3f2f42ac98a29557cdd15e0715c59f7d6dd07b27a4c4dd7058e9b301ffb7c45d7df7473ef05241d0a2ae84ab29dab93acaca58baaa98f6274a3fc19bc5a66690fe1763a4ff06a7da59028180792a41908736eae1cc145595a35ba2a10d5a533d6771112bfb1e5d7005bb6d2a584bea11c205dbd6d775cde29598e9dd58772bb16b0e5d7e6765d34b00eec78821c610e7f6a8980c0aff584cca7df08719f7fa113a31227502bb4aee0832a65f87a53d04b16022aadea57373b7c5fbe545547aa98be8ddfe9787c5582d48265d02818006385a17426489bc3393300bfec08c440cbfd894d991b1c1e1b672f17809ff150703496fde8df3bfa9d67553f0d6d4bb1bf73706454470479fc4aec0250b0613bd028cc111f61edfeb6ad40e6801fc22afcb67788a7a514c5b3f04a3986dbf063f4277bcf5182763242781f8ba6b2cb3a8cb909332f9b1966601675297a601cf +tls-cert = 308202e4308201cc020101300d06092a864886f70d01010505003039310b300906035504061302555331163014060355040a0c0d6c696273616c746963696461653112301006035504030c096c6f63616c686f7374301e170d3139303730323036353535365a170d3139303730323036353535365a3039310b300906035504061302555331163014060355040a0c0d6c696273616c746963696461653112301006035504030c096c6f63616c686f737430820120300d06092a864886f70d01010105000382010d00308201080282010100abfe4a55f831720dd46e2bca05e767aef9838d2069f893f3213bf5a31f5be249c2b356476e01d3fc221581bf4ffa93a6ec41898fbed6119b7981065d07fe476fa12b7da4a22f37d4cfc8a667ff163c05d17762f789df64995a1e80c50ed0d1f7ab8e733fb543d962818ce3ba7b38bf4fe0ca39926b6e99e3fa32eff48f503cf7f66824573e9fb34cb9c4e952f0f584d30c5b7312172facb0439ed5af6d0c6f7382db15315dce8f2fe1704f11bd76e5e3fbffd6f44b240036492187a13e23c0cc8769a52f5bbc90400867093d031483b84fe5c40a7ce66d7dab7a474689de080cc2b6670359f08d5bff53cfa92bf49fc306cccfe0b6fed8c6e4edef86d8163861020111300d06092a864886f70d0101050500038201010069f87140cc279dfc03b89cd6de3833aa7bb824f522b46943d8ea32c0bf24b2a7d7b77da04a359fe4fa840770552794836dc6cdbf80396ab87edfe5df187915cb94ef4b142b8b20c438b54608059fca91f5792a39bfaea547c6a56fac3ae165ce89d29e7af5f914304da4aabe02961f5dab7dc94124837539958015d89a22eedfd42981819004d1af6342498aa43f58cf84c391e0427835407089d0e95b5fdfe350974cb507dffeca15e55851e03b68ce4ac640ca898ea6a75a7f5469f677f74a14d05ce4bbd44e8a2a70366edb94f6e8706246dd904847e37abe3116320dc1688a4788a8600bf7ae05932541be665efb5b564c3c964504555f09175494517469 idx = 1 diff --git a/hotstuff-sec2.conf b/hotstuff-sec2.conf index 9827647..12a361a 100644 --- a/hotstuff-sec2.conf +++ b/hotstuff-sec2.conf @@ -1,2 +1,4 @@ -privkey = 2d0d2f77fa8dc3dd590e3a4c7cd5669de0aaccd0c172c50263205a8ea29b495d +privkey = f09707974bd60c68734e45172928eb600710675fc45822b6db5a8c75eec0f5a1 +tls-privkey = 308204a20201000282010100c1460bf8018ceec075d67405e96e056e2e3acf9c7c2d7d28ee6edfe9ee8fbeef0e978ac874ceff3ee770dafde1d019d9920b2ff334a3ac115bcf95e2bdc0b70faf46b8f13c46335c4815c72d75b488de46b96f8582446e886c6b7fdfb479bc40a0da03b7c4e414fde9ab44b1957e39c5e5c167ba88a233854f29404a1f35aa29994bcd7a62b57fc2000850c37569a8a1bfa75e6e06c54c40633e0fee1672c1f97689aabee650285a41fd6df24f20cd94733aeccdae68debba30a3588b71625f9ec7669d3f4c51317192f5acdee9b968d1a6db4a98a9c0eeef63a969c2ecaba95a9ddfd5841d996977696e41a541393ba40ae44b71c00129a25b30f6c44e89d8d0201110282010071b0bbbf0ff88c713641e9e55c2299c8576de38939fca3f9f5aaa1d4e6aee8c8db683384f96ab4431ebadb2bee3e2d52ce60ef07886047194510b285608f7abdeea2126fc91a3c5466a3661abdb57dafed5e055d97ec04c8b83f3c293cfc509e7cbc7aa855b357a46b55afeffd958b6559f94c135f6e78a8c52752fe6cb627db36195ca7e30537e3a1a2cfd2dfe23c2f6c9c91a45119e8b6c128dce763157d4f21350c7293f4cc7c96201e3b63484e22b6308c2d9351e1c5b833bcc301c68f9111c10c9e79ee6f590ce7cff86e1c8e6bf970d8d0e2d0bc32a6c06997e3cdcad17657cfa6d0300966fd1c0a4ad5e9817ab4d41b5ff0010ce93c08eae7ad053ef102818100e8b87e8ca3a329afedda121b2f005533749b067a3f9b38f43252f760ed18a9cdea42bd14a3b0ac599dc6c00fb873303713e030507fda557ab3de70864de60cba13dde108eedfe57df0a5fcbe3062b0cfce80aab3739e7f83b5534215c01830234bd439afdd02fd0755da8eb9c56466c762fb3c8cec5fa4229c8e94092db7b24102818100d49b649d2389770f18ffdd5b6368b9ea78cef9f60a17a148b558d43700e8c3250706588113e5b9f9a50014173ab2b2225cd50162e750230a693a37507fc4f1fc6d9d268a69cfd6b4f8ff494fcfd526d28a46cc92fbcde915256d076a9ea17e74ae747c4002eb56610c0caa47bca2373bdd7da66d7e050bb7d64885a60aa8004d02818100b1f67ee404a9f2b3b5e2fec97e4b8c72a4768c7b9a0d49abae0335a47912dc340d7e545b13c3569ee21074c0ba39f7b1a5c98e5bad105f7bf2f5651b68befaac698b8df7c5ba46150351c14625002cdb2571737a2b3cf8196c8af64cde309d482aed95867bd51bd86ed44f0687e35da787ed4c6bc3d0aab10e4ee9acaa7d6a31028181008991b992dac25c18d3f0da866d7fffd3f3d13853e869a4987557985fd3696f36139ab1bceec1d2b097f0fdf0e9beebbbe1b700e5a4bb61f7ad8005ac8ee8d8d08329734a80b3a90bb02cb6f7685cbec477973913d01bd30daece13db93d1e8699e0f23387a5c0ab7440831f22ec350ea80423e83154e8f1c99b674989d7bc3f5028180267c5167cd1f8dce4b15611b8ea0220e6be74efbf55e3bf4a775b1edf0e49b377c12f49fbf683f24e1850c455b8b7a96d0c7eff9f47661ec75004a2a435dd741e7d7bb6423fa576053a0677b2a0b714e7fadcc37c03dc9da053069477c1ce0afac316c1c63ffb510d30e11adc0865e94177f3545c0594860c10baa51bc074e4c +tls-cert = 308202e4308201cc020101300d06092a864886f70d01010505003039310b300906035504061302555331163014060355040a0c0d6c696273616c746963696461653112301006035504030c096c6f63616c686f7374301e170d3139303730323036353535365a170d3139303730323036353535365a3039310b300906035504061302555331163014060355040a0c0d6c696273616c746963696461653112301006035504030c096c6f63616c686f737430820120300d06092a864886f70d01010105000382010d00308201080282010100c1460bf8018ceec075d67405e96e056e2e3acf9c7c2d7d28ee6edfe9ee8fbeef0e978ac874ceff3ee770dafde1d019d9920b2ff334a3ac115bcf95e2bdc0b70faf46b8f13c46335c4815c72d75b488de46b96f8582446e886c6b7fdfb479bc40a0da03b7c4e414fde9ab44b1957e39c5e5c167ba88a233854f29404a1f35aa29994bcd7a62b57fc2000850c37569a8a1bfa75e6e06c54c40633e0fee1672c1f97689aabee650285a41fd6df24f20cd94733aeccdae68debba30a3588b71625f9ec7669d3f4c51317192f5acdee9b968d1a6db4a98a9c0eeef63a969c2ecaba95a9ddfd5841d996977696e41a541393ba40ae44b71c00129a25b30f6c44e89d8d020111300d06092a864886f70d01010505000382010100706c7eb29939c38cfcbab592c62a3572e05dcaa4d54e24cce74a244972e74ac8ed6e0b3eb1add0d4de6007d392ac75a7fb9836a9a1d937d0b2c3f01a6b1994ac317328527c763eae26a6ca647752badcd09e73364ac7828d375b4966e510de1cdbd01a5be047e45533f5a3d81df00ffe9d13fe5d54e18584691abb3a9a3d423d348d7714382317547338a8e83d14f404348db41c10a05e57221eda1e220b265ae4237e59ab2db1facbe8cc8d2198ca5fe2ad074bb8c7c4dd675cbe3d60b9e29f6b12ab4c587c6576e1ce2d2512be035e4692100c6c3e47d4d84dbbc865804af1bd0240fb804ef99c7038191dae2fab73a1a1ffa09f536a0fbf49fa1a3234b62a idx = 2 diff --git a/hotstuff-sec3.conf b/hotstuff-sec3.conf index 1789083..9c36b9b 100644 --- a/hotstuff-sec3.conf +++ b/hotstuff-sec3.conf @@ -1,2 +1,4 @@ -privkey = d5e41b168dd1c1703d6e6dc69db475daacae413e86e9db31afdbeea0fd1c45d4 +privkey = 3d0cdf598a2514649a5dedf626467716d04e22d2b6a83dc0f5ca810701f728f3 +tls-privkey = 308204a20201000282010100de01b461213afa37d4aa68bdc7e1a6de12307440f1de6588e5362450694cbb4ba63b1f992a7dc88b999c7dec9088d17253ac278c33018ea8caa1f96c7d90bcb5a6a3f8568825bafa9a696699a4eaf0c6fcdd8ed7bc91a688ead564fb882a1c25c7f72bbe44eb44fda1d11d6ca090503e36de532f2fededff03da30f8f95f11b6472e9588fd6be69cad285915c68edaa7754c6524017bf08c3c336f04d0246d8e967a4de2824a3ac7486aaf9160540c63f75d36ecba9261ff6b859a7684b023ecfbc5408dc7c59942c76464040770c6097833dd770a7dffc6ed6a8716b1f683379843969f937d859d8f69a21362eda9dabd64dd6fb7131ee46b2654d3aa8dc9df02011102820100414bcba418d51c6ac61400b049d8f4d7e73b6d7c835f8746618865089770ebcaf4a7fa3c1b8e68290f0fe8cd1b7388e563e756ecfff16631a5027689521b82cc03d5dfa0faddebb31e5b3c4b4e9f73fe4a5f48215594400a26f3780dbea2f93849df4919d808f62c7ae326c598a2ea6ca6b9dc3b0e18cd873d5e4aa394a37dad88a49b91b7446343d03d4ea067b72c62ba622d68f7fb97c031a7f9259401318905e092b0aec27e643fb3efd9bf392050941d43fe06a87630412bf765a4800f57561a9fc339ff92a9b33e748efe5c6ddafe4069e99cf039794b4641ab4f199703860b4f8ee3669a04ad664379012650e68debe0ccc4c41a39e6bf8a3de15003f902818100f56482abd14db0f327311b376dc4cfac86cc3379036b6672713d296a0665797de7b115350d77a27193de1f5abd9e2b44eff6c5a323b1209c4aac68c86e3488abab89139a7cbb98a4f0c1e930c2bc276bbcf0efd47cf4dc6614b9c16c332a5f7ef339d5c746780884a66e087236ec784361fda7e72c21528c0427d7abbc9751f502818100e79a68542368e4295b8d3289c4f4da780e6597461952b9592221901b05bae53ece00df87ef7084340f28c71f188d400d0fcfbd504d0ae2bf101082214d9500b1f8480dc1ec3ea7900ece21b9e3e0c2b5279b1f21de585ff7a58eb330d841ef13107ce58c14a8a4a29b6cb438f4e551baac120603878a3ff9f00cda5589800403028181009ec890c9876e818e46892fba74340de81afc99c6c5fa333afdfa66176d8cf44268bde08bbd6b873a6ebce71c98cfc1a513bdcb2d53547e833f60800938401c32d867c163f65b44a6f6231e6ad85ba1097a418c20149e707e49a55f09c6c1109d70347b44b5207dfb7abfab1cba208a0d7ba4215958ca4478b7651314c552daad02818100cc5b10c2b5d5058de75e77e2f914484bd077c1b652944930878706ae6e77bb376a793db42d9f83b576c9a0a2f78bb0fc775cf255e9a0317b68870968adddd36fdb12667dee91a2e88588b458ba028daee6b60c692d99459e46c934b2a0b2a5c58704ca8aa8d109bca741cc32417f0be0f22e054e68890b45f1ed391e4c25a92f02818016d4c0a1d4cc7fadb7033ae8506221a7dde9c2437fe5989175e8de47791b4ff957fb485d6d04c85b9fd1d7734950dc4d032dd3fdf9c14193b04ea179839fb4560282d106b684b5712a9b140afbe4d92ff30c745a7bdca71de9808f6d2a88340e116cc4475e908993c27a27847601ec378d4357dc5e99a147c60d7258e282453e +tls-cert = 308202e4308201cc020101300d06092a864886f70d01010505003039310b300906035504061302555331163014060355040a0c0d6c696273616c746963696461653112301006035504030c096c6f63616c686f7374301e170d3139303730323036353535365a170d3139303730323036353535365a3039310b300906035504061302555331163014060355040a0c0d6c696273616c746963696461653112301006035504030c096c6f63616c686f737430820120300d06092a864886f70d01010105000382010d00308201080282010100de01b461213afa37d4aa68bdc7e1a6de12307440f1de6588e5362450694cbb4ba63b1f992a7dc88b999c7dec9088d17253ac278c33018ea8caa1f96c7d90bcb5a6a3f8568825bafa9a696699a4eaf0c6fcdd8ed7bc91a688ead564fb882a1c25c7f72bbe44eb44fda1d11d6ca090503e36de532f2fededff03da30f8f95f11b6472e9588fd6be69cad285915c68edaa7754c6524017bf08c3c336f04d0246d8e967a4de2824a3ac7486aaf9160540c63f75d36ecba9261ff6b859a7684b023ecfbc5408dc7c59942c76464040770c6097833dd770a7dffc6ed6a8716b1f683379843969f937d859d8f69a21362eda9dabd64dd6fb7131ee46b2654d3aa8dc9df020111300d06092a864886f70d010105050003820101007f9d4f2848059831e5ea7d727d9b09f826027c78fdc86d27ea83d32d727ac4a0484e55ed34851adcc8903a3ef39c1b0c447c28cd84cbc513cdcd607da3fa903495a70b7772e71873e3c8a734d3e8b9f82c7380604ccb8416bd92822e703a3b8839aff411f967d2bcc1cd96d158e7839a2bff6110ffd005808f7047fd57a7150c1e14ddcfd2e1a24a5878f99409b7ede1d5f4a385077b6f55f4818c854c6e64adb4789433667e672b9a615b680301a05852255cef958ff1031a489dd95327d045be0315359644ec51f2fd3cb724382ba2425da519dbf1d89098e10a1091f44c7a8e12733b7d0b1fce7c6d19adfee3cdac89f95ed1ae979093cb2793892724d7d9 idx = 3 diff --git a/hotstuff.conf b/hotstuff.conf index 3651b70..4bda9af 100644 --- a/hotstuff.conf +++ b/hotstuff.conf @@ -1,6 +1,6 @@ -nworker = 1 block-size = 1 -replica = 127.0.0.1:2234;22234, 028a1caf2c503a1e9b0b3ddf1d1df30253facdd50b93add05ebc7f708db00c11e4 -replica = 127.0.0.1:2235;22235, 034ca53338e69321c1bc83e2fa76b1b00d68f64911074221abda88aac8af9d2b53 -replica = 127.0.0.1:2236;22236, 0340f9d12dd1532968f7d8a99f95c3cd03992346487e15bd43265a3f273558ff2e -replica = 127.0.0.1:2237;22237, 02735def87faba2667d1a5db32b6dd50bb0c2ce875935846b3db121def62f34e83 +pace-maker = dummy +replica = 127.0.0.1:10000;20000, 039f89215177475ac408d079b45acef4591fc477dd690f2467df052cf0c7baba23, 542865a568784c4e77c172b82e99cb8a1a53b7bee5f86843b04960ea4157f420 +replica = 127.0.0.1:10001;20001, 0278740a5bec75e333b3c93965b1609163b15d2e3c2fdef141d4859ec70c238e7a, c261250345ebcd676a0edeea173526608604f626b2e8bc4fd2142d3bde1d44d5 +replica = 127.0.0.1:10002;20002, 0269eb606576a315a630c2483deed35cc4bd845abae1c693f97c440c89503fa92e, 065b010aed5629edfb5289e8b22fc6cc6b33c4013bfdd128caba80c3c02d6d78 +replica = 127.0.0.1:10003;20003, 03e6911bf17e632eecdfa0dc9fc6efc9ddca60c0e3100db469a3d3d62008044a53, 6540a0fea67efcb08f53ec3a952df4c3f0e2e07c2778fd92320807717e29a651 diff --git a/include/hotstuff/hotstuff.h b/include/hotstuff/hotstuff.h index 313511f..680abce 100644 --- a/include/hotstuff/hotstuff.h +++ b/include/hotstuff/hotstuff.h @@ -148,6 +148,7 @@ class HotStuffBase: public HotStuffCore { bool ec_loop; /** network stack */ Net pn; + std::unordered_set valid_tls_certs; #ifdef HOTSTUFF_BLK_PROFILE BlockProfiler blk_profiler; #endif @@ -189,6 +190,8 @@ class HotStuffBase: public HotStuffCore { /** receives a block */ inline void resp_blk_handler(MsgRespBlock &&, const Net::conn_t &); + inline bool conn_handler(const salticidae::ConnPool::conn_t &, bool); + void do_broadcast_proposal(const Proposal &) override; void do_vote(ReplicaID, const Vote &) override; void do_decide(Finality &&) override; @@ -215,7 +218,8 @@ class HotStuffBase: public HotStuffCore { /* Submit the command to be decided. */ void exec_command(uint256_t cmd_hash, commit_cb_t callback); - void start(std::vector> &&replicas, bool ec_loop = false); + void start(std::vector> &&replicas, + bool ec_loop = false); size_t size() const { return peers.size(); } PaceMaker &get_pace_maker() { return *pmaker; } @@ -284,10 +288,15 @@ class HotStuff: public HotStuffBase { nworker, netconfig) {} - void start(const std::vector> &replicas, bool ec_loop = false) { - std::vector> reps; + void start(const std::vector> &replicas, bool ec_loop = false) { + std::vector> reps; for (auto &r: replicas) - reps.push_back(std::make_pair(r.first, new PubKeyType(r.second))); + reps.push_back( + std::make_tuple( + std::get<0>(r), + new PubKeyType(std::get<1>(r)), + uint256_t(std::get<2>(r)) + )); HotStuffBase::start(std::move(reps), ec_loop); } }; diff --git a/include/hotstuff/type.h b/include/hotstuff/type.h index 1d5ac55..07c1e72 100644 --- a/include/hotstuff/type.h +++ b/include/hotstuff/type.h @@ -73,6 +73,8 @@ class Cloneable { using ReplicaID = uint16_t; using opcode_t = uint8_t; +using tls_pkey_bt = BoxObj; +using tls_x509_bt = BoxObj; } diff --git a/salticidae b/salticidae index 53f7769..ce84260 160000 --- a/salticidae +++ b/salticidae @@ -1 +1 @@ -Subproject commit 53f776997d0e92650b9f3a16224cef1c0c76b716 +Subproject commit ce842602ccac8c10d025a055c966bc32f204f75c diff --git a/scripts/gen_conf.py b/scripts/gen_conf.py index 391e0d6..ca61ea1 100644 --- a/scripts/gen_conf.py +++ b/scripts/gen_conf.py @@ -11,6 +11,7 @@ if __name__ == "__main__": parser.add_argument('--pport', type=int, default=10000) parser.add_argument('--cport', type=int, default=20000) parser.add_argument('--keygen', type=str, default='./hotstuff-keygen') + parser.add_argument('--tls-keygen', type=str, default='./hotstuff-tls-keygen') parser.add_argument('--nodes', type=str, default='nodes.txt') parser.add_argument('--block-size', type=int, default=1) parser.add_argument('--pace-maker', type=str, default='dummy') @@ -26,6 +27,7 @@ if __name__ == "__main__": base_pport = args.pport base_cport = args.cport keygen_bin = args.keygen + tls_keygen_bin = args.tls_keygen main_conf = open("{}.conf".format(prefix), 'w') nodes = open(args.nodes, 'w') @@ -35,14 +37,19 @@ if __name__ == "__main__": p = subprocess.Popen([keygen_bin, '--num', str(len(replicas))], stdout=subprocess.PIPE, stderr=open(os.devnull, 'w')) keys = [[t[4:] for t in l.decode('ascii').split()] for l in p.stdout] + tls_p = subprocess.Popen([tls_keygen_bin, '--num', str(len(replicas))], + stdout=subprocess.PIPE, stderr=open(os.devnull, 'w')) + tls_keys = [[t[4:] for t in l.decode('ascii').split()] for l in tls_p.stdout] if not (args.block_size is None): main_conf.write("block-size = {}\n".format(args.block_size)) if not (args.pace_maker is None): main_conf.write("pace-maker = {}\n".format(args.pace_maker)) - for r in zip(replicas, keys, itertools.count(0)): - main_conf.write("replica = {}, {}\n".format(r[0], r[1][0])) - r_conf_name = "{}-sec{}.conf".format(prefix, r[2]) - nodes.write("{}:{}\t{}\n".format(r[2], r[0], r_conf_name)) + for r in zip(replicas, keys, tls_keys, itertools.count(0)): + main_conf.write("replica = {}, {}, {}\n".format(r[0], r[1][0], r[2][2])) + r_conf_name = "{}-sec{}.conf".format(prefix, r[3]) + nodes.write("{}:{}\t{}\n".format(r[3], r[0], r_conf_name)) r_conf = open(r_conf_name, 'w') r_conf.write("privkey = {}\n".format(r[1][1])) - r_conf.write("idx = {}\n".format(r[2])) + r_conf.write("tls-privkey = {}\n".format(r[2][1])) + r_conf.write("tls-cert = {}\n".format(r[2][0])) + r_conf.write("idx = {}\n".format(r[3])) diff --git a/src/hotstuff.cpp b/src/hotstuff.cpp index 54b80e4..a59aa82 100644 --- a/src/hotstuff.cpp +++ b/src/hotstuff.cpp @@ -246,6 +246,16 @@ void HotStuffBase::resp_blk_handler(MsgRespBlock &&msg, const Net::conn_t &) { if (blk) on_fetch_blk(blk); } +bool HotStuffBase::conn_handler(const salticidae::ConnPool::conn_t &conn, bool connected) { + if (connected) + { + auto cert = conn->get_peer_cert(); + SALTICIDAE_LOG_INFO("%s", salticidae::get_hash(cert->get_der()).to_hex().c_str()); + return (!cert) || valid_tls_certs.count(salticidae::get_hash(cert->get_der())); + } + return true; +} + void HotStuffBase::print_stat() const { LOG_INFO("===== begin stats ====="); LOG_INFO("-------- queues -------"); @@ -339,6 +349,7 @@ HotStuffBase::HotStuffBase(uint32_t blk_size, pn.reg_handler(salticidae::generic_bind(&HotStuffBase::vote_handler, this, _1, _2)); pn.reg_handler(salticidae::generic_bind(&HotStuffBase::req_blk_handler, this, _1, _2)); pn.reg_handler(salticidae::generic_bind(&HotStuffBase::resp_blk_handler, this, _1, _2)); + pn.reg_conn_handler(salticidae::generic_bind(&HotStuffBase::conn_handler, this, _1, _2)); pn.start(); pn.listen(listen_addr); } @@ -377,12 +388,13 @@ void HotStuffBase::do_decide(Finality &&fin) { HotStuffBase::~HotStuffBase() {} void HotStuffBase::start( - std::vector> &&replicas, + std::vector> &&replicas, bool ec_loop) { for (size_t i = 0; i < replicas.size(); i++) { - auto &addr = replicas[i].first; - HotStuffCore::add_replica(i, addr, std::move(replicas[i].second)); + auto &addr = std::get<0>(replicas[i]); + HotStuffCore::add_replica(i, addr, std::move(std::get<1>(replicas[i]))); + valid_tls_certs.insert(std::move(std::get<2>(replicas[i]))); if (addr != listen_addr) { peers.push_back(addr); diff --git a/src/hotstuff_app.cpp b/src/hotstuff_app.cpp index 25b5698..7aa9e1d 100644 --- a/src/hotstuff_app.cpp +++ b/src/hotstuff_app.cpp @@ -142,7 +142,7 @@ class HotStuffApp: public HotStuff { const Net::Config &repnet_config, const ClientNetwork::Config &clinet_config); - void start(const std::vector> &reps); + void start(const std::vector> &reps); void stop(); }; @@ -168,6 +168,8 @@ int main(int argc, char **argv) { auto opt_idx = Config::OptValInt::create(0); auto opt_client_port = Config::OptValInt::create(-1); auto opt_privkey = Config::OptValStr::create(); + auto opt_tls_privkey = Config::OptValStr::create(); + auto opt_tls_cert = Config::OptValStr::create(); auto opt_help = Config::OptValFlag::create(false); auto opt_pace_maker = Config::OptValStr::create("dummy"); auto opt_fixed_proposer = Config::OptValInt::create(1); @@ -178,6 +180,7 @@ int main(int argc, char **argv) { auto opt_repburst = Config::OptValInt::create(100); auto opt_clinworker = Config::OptValInt::create(8); auto opt_cliburst = Config::OptValInt::create(1000); + auto opt_notls = Config::OptValFlag::create(false); config.add_opt("block-size", opt_blk_size, Config::SET_VAL); config.add_opt("parent-limit", opt_parent_limit, Config::SET_VAL); @@ -186,6 +189,8 @@ int main(int argc, char **argv) { config.add_opt("idx", opt_idx, Config::SET_VAL, 'i', "specify the index in the replica list"); config.add_opt("cport", opt_client_port, Config::SET_VAL, 'c', "specify the port listening for clients"); config.add_opt("privkey", opt_privkey, Config::SET_VAL); + config.add_opt("tls-privkey", opt_tls_privkey, Config::SET_VAL); + config.add_opt("tls-cert", opt_tls_cert, Config::SET_VAL); config.add_opt("pace-maker", opt_pace_maker, Config::SET_VAL, 'p', "specify pace maker (sticky, dummy)"); config.add_opt("proposer", opt_fixed_proposer, Config::SET_VAL, 'l', "set the fixed proposer (for dummy)"); config.add_opt("qc-timeout", opt_qc_timeout, Config::SET_VAL, 't', "set QC timeout (for sticky)"); @@ -195,6 +200,7 @@ int main(int argc, char **argv) { config.add_opt("repburst", opt_repburst, Config::SET_VAL, 'b', ""); config.add_opt("clinworker", opt_clinworker, Config::SET_VAL, 'M', "the number of threads for client network"); config.add_opt("cliburst", opt_cliburst, Config::SET_VAL, 'B', ""); + config.add_opt("notls", opt_notls, Config::SWITCH_ON, 's', "disable TLS"); config.add_opt("help", opt_help, Config::SWITCH_ON, 'h', "show this help info"); EventContext ec; @@ -206,18 +212,18 @@ int main(int argc, char **argv) { } auto idx = opt_idx->get(); auto client_port = opt_client_port->get(); - std::vector> replicas; + std::vector> replicas; for (const auto &s: opt_replicas->get()) { auto res = trim_all(split(s, ",")); - if (res.size() != 2) + if (res.size() != 3) throw HotStuffError("invalid replica info"); - replicas.push_back(std::make_pair(res[0], res[1])); + replicas.push_back(std::make_tuple(res[0], res[1], res[2])); } if (!(0 <= idx && (size_t)idx < replicas.size())) throw HotStuffError("replica idx out of range"); - std::string binding_addr = replicas[idx].first; + std::string binding_addr = std::get<0>(replicas[idx]); if (client_port == -1) { auto p = split_ip_port_cport(binding_addr); @@ -242,6 +248,19 @@ int main(int argc, char **argv) { HotStuffApp::Net::Config repnet_config; ClientNetwork::Config clinet_config; + if (!opt_tls_privkey->get().empty() && !opt_notls->get()) + { + auto tls_priv_key = new salticidae::PKey( + salticidae::PKey::create_privkey_from_der( + hotstuff::from_hex(opt_tls_privkey->get()))); + auto tls_cert = new salticidae::X509( + salticidae::X509::create_from_der( + hotstuff::from_hex(opt_tls_cert->get()))); + repnet_config + .enable_tls(true) + .tls_key(tls_priv_key) + .tls_cert(tls_cert); + } repnet_config .burst_size(opt_repburst->get()) .nworker(opt_repnworker->get()); @@ -260,12 +279,14 @@ int main(int argc, char **argv) { opt_nworker->get(), repnet_config, clinet_config); - std::vector> reps; + std::vector> reps; for (auto &r: replicas) { - auto p = split_ip_port_cport(r.first); - reps.push_back(std::make_pair( - NetAddr(p.first), hotstuff::from_hex(r.second))); + auto p = split_ip_port_cport(std::get<0>(r)); + reps.push_back(std::make_tuple( + NetAddr(p.first), + hotstuff::from_hex(std::get<1>(r)), + hotstuff::from_hex(std::get<2>(r)))); } auto shutdown = [&](int) { papp->stop(); }; salticidae::SigEvent ev_sigint(ec, shutdown); @@ -344,7 +365,7 @@ void HotStuffApp::client_request_cmd_handler(MsgReqCmd &&msg, const conn_t &conn }); } -void HotStuffApp::start(const std::vector> &reps) { +void HotStuffApp::start(const std::vector> &reps) { ev_stat_timer = TimerEvent(ec, [this](TimerEvent &) { HotStuff::print_stat(); HotStuffApp::print_stat(); diff --git a/src/hotstuff_client.cpp b/src/hotstuff_client.cpp index 08f2a2e..9f7423d 100644 --- a/src/hotstuff_client.cpp +++ b/src/hotstuff_client.cpp @@ -156,13 +156,13 @@ int main(int argc, char **argv) { auto idx = opt_idx->get(); max_iter_num = opt_max_iter_num->get(); max_async_num = opt_max_async_num->get(); - std::vector> raw; + std::vector raw; for (const auto &s: opt_replicas->get()) { auto res = salticidae::trim_all(salticidae::split(s, ",")); - if (res.size() != 2) + if (res.size() < 1) throw HotStuffError("format error"); - raw.push_back(std::make_pair(res[0], res[1])); + raw.push_back(res[0]); } if (!(0 <= idx && (size_t)idx < raw.size() && raw.size() > 0)) @@ -170,7 +170,7 @@ int main(int argc, char **argv) { cid = opt_cid->get() != -1 ? opt_cid->get() : idx; for (const auto &p: raw) { - auto _p = split_ip_port_cport(p.first); + auto _p = split_ip_port_cport(p); size_t _; replicas.push_back(NetAddr(NetAddr(_p.first).ip, htons(stoi(_p.second, &_)))); } diff --git a/src/hotstuff_tls_keygen.cpp b/src/hotstuff_tls_keygen.cpp new file mode 100644 index 0000000..1ce80f2 --- /dev/null +++ b/src/hotstuff_tls_keygen.cpp @@ -0,0 +1,46 @@ +/** + * Copyright 2018 VMware + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include "salticidae/util.h" +#include "salticidae/crypto.h" +#include "hotstuff/type.h" + +using salticidae::Config; +using hotstuff::tls_pkey_bt; +using hotstuff::tls_x509_bt; + +int main(int argc, char **argv) { + Config config("hotstuff.conf"); + tls_pkey_bt priv_key; + tls_x509_bt pub_key; + auto opt_n = Config::OptValInt::create(1); + config.add_opt("num", opt_n, Config::SET_VAL); + config.parse(argc, argv); + int n = opt_n->get(); + if (n < 1) + error(1, 0, "n must be >0"); + while (n--) + { + priv_key = new salticidae::PKey(salticidae::PKey::create_privkey_rsa()); + pub_key = new salticidae::X509(salticidae::X509::create_self_signed_from_pubkey(*priv_key)); + printf("crt:%s sec:%s cid:%s\n", + salticidae::get_hex(pub_key->get_der()).c_str(), + salticidae::get_hex(priv_key->get_privkey_der()).c_str(), + salticidae::get_hex(salticidae::get_hash(pub_key->get_der())).c_str()); + } + return 0; +} -- cgit v1.2.3-70-g09d2