• Stars
    star
    169
  • Rank 224,453 (Top 5 %)
  • Language
    Java
  • License
    Apache License 2.0
  • Created over 6 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Tessera - Enterprise Implementation of Quorum's transaction manager

Build Status codecov Docker Pulls

Important: Breaking change
Users running on 21.10.0 and previous versions will need to perform a database upgrade to work with the latest version of Tessera.

  • For non-H2 users, existing database schema will need to be updated. Execute the appropriate alter script provided.
  • For H2 users, a complete database migration is required before running the alter script. This is due to the considerable number of changes between version 1.4.200 and version 2.0.202 onwards. See more details from H2 release and their recommended upgrade process. Example migration scripts can be found here

  • Important: If using version 21.4.1 and earlier
    Tessera is now released as a zipped distribution instead of an uber jar. If using version 21.4.1 and earlier, see the previous README.

    Tessera is a stateless Java system that is used to enable the encryption, decryption, and distribution of private transactions for Quorum and/or Besu

    Each Tessera node:

    • Generates and maintains a number of private/public key pairs

    • Self manages and discovers all nodes in the network (i.e. their public keys) by connecting to as few as one other node

    • Provides Private and Public API interfaces for communication:

      • Private API - This is used for communication with Quorum
      • Public API - This is used for communication between Tessera peer nodes
    • Provides two way SSL using TLS certificates and various trust models like Trust On First Use (TOFU), whitelist, certificate authority, etc.

    • Supports IP whitelist

    • Connects to any SQL DB which supports the JDBC client

    Documentation

    Docs

    Artefacts

    Runnable distributions

    Tessera

    Remote Enclave Server

    Optional Artefacts

    The following artefacts can be added to a distribution to provide additional functionality.

    Key Vaults

    • Azure: Add support for key pairs stored in Azure Key Vault
    • AWS: Add support for key pairs stored in AWS Secret Store
    • Hashicorp: Add support for key pairs stored in Hashicorp Vault

    Encryptors

    • jnacl: (already included in Tessera and Remote Enclave Server distributions) Add support for NaCl key pairs using jnacl library
    • Elliptical Curve: Add support for elliptic curve key pairs
    • kalium: Add support for NaCl key pairs using kalium library

    Prerequisites

    • Java

      • Java 17+
    • Optional: Gradle

      • If you want to use a locally installed Gradle rather than the included wrapper. Note: wrapper currently uses Gradle 7.0.2.

    Building Tessera from source

    To build and install Tessera:

    1. Clone this repo
    2. Build using the included Gradle Wrapper file
      ./gradlew build   
      

    Installing Tessera

    Download and unpack distribution:

    $ tar xvf tessera-[version].tar
    $ tree tessera-[version]
    tessera-[version]
    ├── bin
    │   ├── tessera
    │   └── tessera.bat
    └── lib
        ├── HikariCP-3.2.0.jar
        ...
    

    Run Tessera (use correct /bin script for your system):

    ./tessera-[version]/bin/tessera help
    

    Supplementing the distribution

    Additional functionality can be added to a distribution by adding .jar files to the /lib directory.

    Adding Tessera artefacts

    Download and unpack the artefact:

    $ tar xvf aws-key-vault-[version].tar
    $ tree aws-key-vault-[version]
    aws-key-vault-[version].tar
    └── lib
        ├── annotations-2.10.25.jar
        ...
    

    Copy the contents of the artefact's /lib into the distribution /lib (make sure to resolve any version conflicts/duplicated .jar files introduced during the copy):

     cp -a aws-key-vault-[version]/lib/. tessera-[version]/lib/
    

    Supporting alternate databases

    By default, Tessera uses an H2 database. To use an alternative database, add the necessary drivers to the lib/ dir:

    For example, to use Oracle database:

    cp ojdbc7.jar tessera-[version]/lib/
    

    DDLs have been provided to help with defining these databases.

    Since Tessera 0.7 a timestamp is recorded with each encrypted transaction stored in the Tessera DB. To update an existing DB to work with Tessera 0.7+, execute one of the provided alter scripts.

    Docker images

    Configuration

    Config File

    A configuration file detailing database, server and network peer information must be provided using the -configfile command line property.

    An in-depth look at configuring Tessera can be found in the Tessera Documentation and includes details on all aspects of configuration including:

    • Cryptographic key config:
      • Using existing private/public key pairs with Tessera
      • How to use Tessera to generate new key pairs
    • TLS config
      • How to enable TLS
      • Choosing a trust mode

    Obfuscate database password in config file

    Certain entries in Tessera config file must be obfuscated in order to prevent any attempts from attackers to gain access to critical part of the application (i.e. database). For the time being, Tessera users have the ability to enable encryption for database password to avoid it being exposed as plain text in the configuration file.

    In Tessera, jasypt library was used together with its Jaxb integration to encrypt/decrypt config values.

    To enable this feature, simply replace your plain-text database password with its encrypted value and wrap it inside an ENC() function.

        "jdbc": {
            "username": "sa",
            "password": "ENC(ujMeokIQ9UFHSuBYetfRjQTpZASgaua3)",
            "url": "jdbc:h2:/qdata/c1/db1",
            "autoCreateTables": true
        }

    Being a Password-Based Encryptor, Jasypt requires a secret key (password) and a configured algorithm to encrypt/decrypt this config entry. This password can either be loaded into Tessera from file system or user input. For file system input, the location of this secret file needs to be set in Environment Variable TESSERA_CONFIG_SECRET

    If the database password is not being wrapped inside ENC() function, Tessera will simply treat it as a plain-text password however this approach is not recommended for production environment.

    • Please note at the moment jasypt encryption is only enabled on jdbc.password field.
    Encrypt database password

    Download and unzip the jasypt package. Redirect to bin directory and the follow commands can be used to encrypt a string

    bash-3.2$ ./encrypt.sh input=dbpassword password=quorum
    
    ----ENVIRONMENT-----------------
    
    Runtime: Oracle Corporation Java HotSpot(TM) 64-Bit Server VM 25.171-b11
    
    
    
    ----ARGUMENTS-------------------
    
    input: dbpassword
    password: quorum
    
    
    
    ----OUTPUT----------------------
    
    rJ70hNidkrpkTwHoVn2sGSp3h3uBWxjb
    

    Pick up this output and wrap it inside ENC() function, we should have the following ENC(rJ70hNidkrpkTwHoVn2sGSp3h3uBWxjb) in the config json file.

    Further reading

    • The Tessera Documentation provides additional information on how Tessera works, migrating from Constellation to Tessera, configuration details, and more.
    • Quorum is an Ethereum-based distributed ledger protocol that uses Tessera to provide transaction privacy.
    • Follow the Quorum Examples to see Tessera in action in a demo Quorum network.

    Reporting Security Bugs

    Security is part of our commitment to our users. At Quorum we have a close relationship with the security community, we understand the realm, and encourage security researchers to become part of our mission of building secure reliable software. This section explains how to submit security bugs, and what to expect in return.

    All security bugs in Quorum and its ecosystem (Tessera, Constellation, Cakeshop, ..etc) should be reported by email to [email protected]. Please use the prefix [security] in your subject. This email is delivered to Quorum security team. Your email will be acknowledged, and you'll receive a more detailed response to your email as soon as possible indicating the next steps in handling your report. After the initial reply to your report, the security team will endeavor to keep you informed of the progress being made towards a fix and full announcement.

    If you have not received a reply to your email or you have not heard from the security team please contact any team member through Discord. Please note that Discord channels are public discussion forum. When escalating to this medium, please do not disclose the details of the issue. Simply state that you're trying to reach a member of the security team.

    Responsible Disclosure Process

    Quorum project uses the following responsible disclosure process:

    Once the security report is received it is assigned a primary handler. This person coordinates the fix and release process. The issue is confirmed and a list of affected software is determined. Code is audited to find any potential similar problems. If it is determined, in consultation with the submitter, that a CVE-ID is required, the primary handler will trigger the process. Fixes are applied to the public repository and a new release is issued. On the date that the fixes are applied, announcements are sent to Quorum-announce. At this point you would be able to disclose publicly your finding.

    Note: This process can take some time. Every effort will be made to handle the security bug in as timely a manner as possible, however it's important that we follow the process described above to ensure that disclosures are handled consistently.

    Receiving Security Updates

    The best way to receive security announcements is to subscribe to the Quorum-announce mailing list/channel. Any messages pertaining to a security issue will be prefixed with [security].

    Comments on This Policy If you have any suggestions to improve this policy, please send an email to [email protected] for discussion.

    Contributing

    Tessera is built open source and we welcome external contribution on features and enhancements. Upon review you will be required to complete a Contributor License Agreement (CLA) before we are able to merge. If you have any questions about the contribution process, please feel free to send an email to [email protected]. Please see the Contributors guide for more information about the process.

    Getting Help

    Stuck at some step? Please join our community for support.

    More Repositories

    1

    smart-contract-best-practices

    A guide to smart contract security best practices
    HTML
    7,473
    star
    2

    ethereum-developer-tools-list

    A guide to available tools and platforms for developing on Ethereum.
    5,321
    star
    3

    quorum

    A permissioned implementation of Ethereum supporting data privacy
    Go
    4,581
    star
    4

    mythril

    Security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Hedera, Quorum, Vechain, Rootstock, Tron and other EVM-compatible blockchains.
    Python
    3,817
    star
    5

    Tokens

    Ethereum Token Contracts
    JavaScript
    2,059
    star
    6

    eth-lightwallet

    Lightweight JS Wallet for Node and the browser
    JavaScript
    1,466
    star
    7

    gnark

    gnark is a fast zk-SNARK library that offers a high-level API to design circuits. The library is open source and developed under the Apache 2.0 license
    Go
    1,383
    star
    8

    surya

    A set of utilities for exploring Solidity contracts
    JavaScript
    1,076
    star
    9

    ethql

    A GraphQL interface to Ethereum 🔥
    TypeScript
    623
    star
    10

    abi-decoder

    Nodejs and Javascript library for decoding data params and events from ethereum transactions
    JavaScript
    605
    star
    11

    vscode-solidity-auditor

    Solidity language support and visual security auditor for Visual Studio Code
    JavaScript
    568
    star
    12

    teku

    Java Implementation of the Ethereum 2.0 Beacon Chain
    Java
    557
    star
    13

    cakeshop

    An integrated development environment and SDK for Ethereum-like ledgers
    JavaScript
    507
    star
    14

    gnark-crypto

    gnark-crypto provides elliptic curve and pairing-based cryptography on BN, BLS12, BLS24 and BW6 curves. It also provides various algorithms (algebra, crypto) of particular interest to zero knowledge proof systems.
    Go
    487
    star
    15

    Token-Factory

    Basic Token Factory dapp.
    JavaScript
    479
    star
    16

    constellation

    Peer-to-peer encrypted message exchange
    Haskell
    379
    star
    17

    UniversalToken

    Implementation of Universal Token for Assets and Payments
    JavaScript
    346
    star
    18

    doc.linea

    Linea documentation
    JavaScript
    338
    star
    19

    quorum-examples

    Examples for Quorum
    Shell
    317
    star
    20

    scribble

    Scribble instrumentation tool
    TypeScript
    315
    star
    21

    anonymous-zether

    A private payment system for Ethereum-based blockchains, with no trusted setup.
    Solidity
    295
    star
    22

    defi-score

    DeFi Score: An open framework for evaluating DeFi protocols
    Python
    280
    star
    23

    EthOn

    EthOn - The Ethereum Ontology
    HTML
    245
    star
    24

    solidity-metrics

    Solidity Code Metrics
    JavaScript
    235
    star
    25

    Mahuta

    IPFS Storage service with search capability
    Java
    230
    star
    26

    PLCRVoting

    Partial Lock Commit Reveal Voting System that utilizes ERC20 Tokens
    JavaScript
    169
    star
    27

    ethjsonrpc

    Python JSON-RPC client for the Ethereum blockchain
    Python
    156
    star
    28

    linea-attestation-registry

    Verax is a shared registry for storing attestations of public interest on EVM chains, designed to enhance data discoverability and consumption for dApps across the network.
    TypeScript
    129
    star
    29

    zero-knowledge-proofs

    Zero Knowledge Proofs and how they can be implemented in Quorum
    C++
    128
    star
    30

    evm-dafny

    An EVM interpreter in Dafny
    Dafny
    125
    star
    31

    python-solidity-parser

    An experimental Solidity parser for Python built on top of a robust ANTLR4 grammar 📚
    Python
    125
    star
    32

    truffle-security

    MythX smart contract security verification plugin for Truffle Framework
    JavaScript
    124
    star
    33

    solc-typed-ast

    A TypeScript package providing a normalized typed Solidity AST along with the utilities necessary to generate the AST (from Solc) and traverse/manipulate it.
    TypeScript
    123
    star
    34

    web3signer

    Web3Signer is an open-source signing service capable of signing on multiple platforms (Ethereum1 and 2, Filecoin) using private keys stored in an external vault, or encrypted on a disk.
    Java
    122
    star
    35

    daedaluzz

    Benchmark Generator for Smart-Contract Fuzzers
    Solidity
    120
    star
    36

    btcrelay-fetchd

    Just the fetchd script of btcrelay
    Python
    116
    star
    37

    ethsigner

    DEPRECATED. A transaction signing application to be used with a web3 provider.
    Java
    112
    star
    38

    ethereum-dissectors

    🔍Wireshark dissectors for Ethereum devp2p protocols
    C
    109
    star
    39

    quorum-dev-quickstart

    The Quorum Developer Quickstart utility can be used to rapidly generate local Quorum blockchain networks for development and demo purposes using Besu, GoQuorum, and Codefi Orchestrate.
    Solidity
    108
    star
    40

    truffle-webpack-demo

    A demo Webpack + React App using truffle-solidity-loader
    JavaScript
    95
    star
    41

    orion

    Orion is a PegaSys component for doing private transactions
    Java
    92
    star
    42

    blockchainSecurityDB

    JavaScript
    90
    star
    43

    quorum-kubernetes

    Helm charts for Hyperledger Besu and GoQuorum
    Mustache
    85
    star
    44

    quorum-docs

    Documentation assets for Quorum
    84
    star
    45

    mythx-cli

    A command line interface for the MythX smart contract security analysis API
    Python
    83
    star
    46

    gpact

    General Purpose Atomic Crosschain Transaction Protocol
    Java
    81
    star
    47

    bytecode-verifier

    Compile Solidity source code and verify its bytecode matches the blockchain
    JavaScript
    80
    star
    48

    goff

    goff (go finite field) is a unix-like tool that generates fast field arithmetic in Go.
    Go
    76
    star
    49

    starknet-snap

    The MetaMask Snap for Starknet
    TypeScript
    74
    star
    50

    linea-contracts

    Linea smart-contracts
    Solidity
    73
    star
    51

    eth2.0-dafny

    Eth2.0 spec in Dafny
    Dafny
    72
    star
    52

    zsl-q

    ZSL on Quorum
    C++
    71
    star
    53

    security-workshop-for-devs

    Secure smart contract development workshop hosted by ConsenSys Diligence and MythX.
    70
    star
    54

    Legions

    Ethereum/EVM Node Security Toolkit
    Python
    69
    star
    55

    support-metamask-io

    Public-facing repository of content live on support.metamask.io. Open for contributions and suggestions.
    MDX
    66
    star
    56

    quorum-docker-Nnodes

    Run a bunch of Quorum nodes, each in a separate Docker container.
    Shell
    65
    star
    57

    Project-Alchemy

    Ethereum-Zcash Integration effort
    63
    star
    58

    handel

    Multi-Signature Aggregation in a Large Byzantine Committees
    Go
    53
    star
    59

    qubernetes

    Quorum on Kubernetes.
    Go
    52
    star
    60

    Uniswap-audit-report-2018-12

    51
    star
    61

    quorum-tools

    Tools for running Quorum clusters and integration tests
    Haskell
    51
    star
    62

    doc.teku

    ConsenSys Ethereum 2.0 client
    CSS
    47
    star
    63

    vscode-solidity-metrics

    Generate Solidity Source Code Metrics, Complexity and Risk profile reports for your project.
    JavaScript
    46
    star
    64

    private-networks-deployment-scripts

    This repository contains out-of-the-box deployment scripts for private PoA networks
    Shell
    45
    star
    65

    awesome-quorum

    A curated list of awesome softwares, libraries, tools, articles, educational resources, discussion channels and more to build on ConsenSys Quorum.
    45
    star
    66

    wittgenstein

    Simulator for some PoS or consensus algorithms. Includes dfinity, casper IMD and others
    Java
    45
    star
    67

    linea-tutorials

    An EVM-equivalent zk-rollup for scaling Ethereum dapps
    Shell
    43
    star
    68

    vscode-ethover

    Ethereum Account Address Hover Info and Actions
    JavaScript
    42
    star
    69

    permissioning-smart-contracts

    Smart contracts for the Besu permissioning system
    TypeScript
    41
    star
    70

    besu-sample-networks

    Hyperledger Besu Ethereum client quick-start makes you able to simply test all Besu features.
    40
    star
    71

    linea-token-list

    Linea Token List
    TypeScript
    39
    star
    72

    0x-review

    Security review of 0x smart contracts
    HTML
    39
    star
    73

    quorum-key-manager

    A universal Key & Account Management solution for blockchain applications.
    Go
    39
    star
    74

    mythx-playground

    Exercises to go along with smart contract security workshops by MythX and ConsenSys Diligence
    Solidity
    39
    star
    75

    kubernetes-action

    GitHub Action to run kubectl
    Dockerfile
    38
    star
    76

    evm-analyzer-benchmark-suite

    A benchmark suite for evaluating the precision of EVM code analysis tools.
    HTML
    38
    star
    77

    quorum-cloud

    Deploy Quorum network in a cloud provider of choice
    HCL
    36
    star
    78

    quorum.js

    Quorum.js is an extension to web3.js providing support for JP Morgan's Quorum API
    JavaScript
    36
    star
    79

    web3js-eea

    EEA JavaScript libraries.
    JavaScript
    35
    star
    80

    truffle-solidity-loader

    A Webpack loader that will parse and provision Solidity files to Javascript using Truffle for compilation
    JavaScript
    35
    star
    81

    secureum-diligence-bootcamp

    Solidity
    35
    star
    82

    rimble-app-demo

    React Ethereum dApp demonstrating onboarding and transaction UX
    JavaScript
    35
    star
    83

    linea-monorepo

    The principal Linea repository. This mainly includes the smart contracts covering Linea's core functions, the prover in charge of generating ZK proofs, the coordinator responsible for multiple orchestrations, and the postman to execute bridge messages.
    Go
    35
    star
    84

    linea-tracer

    Part of the Linea stack responsible for extracting data from the execution of an EVM client in order to construct large matrices called execution traces.
    Java
    34
    star
    85

    infura-sdk

    Infura NFT SDK
    TypeScript
    34
    star
    86

    web3studio-soy

    Static Websites on the Distributed Web
    JavaScript
    33
    star
    87

    pythx

    A Python library for the MythX smart contract security analysis platform
    Python
    33
    star
    88

    quorum-aws

    Tools for deploying Quorum clusters to AWS
    HCL
    33
    star
    89

    react-metamask

    JavaScript
    32
    star
    90

    diligence-fuzzing

    Python
    32
    star
    91

    boilerplate-react

    React app boilerplate by ConsenSys France
    JavaScript
    29
    star
    92

    hellhound

    HellHound is a decentralized blind computation platform.
    Go
    29
    star
    93

    aragraph

    Visualize your Aragon DAO Templates
    JavaScript
    29
    star
    94

    quorum-wizard

    Quorum Wizard is a command line tool that allow users to set up a development Quorum network on their local machine in less than 2 minutes.
    JavaScript
    28
    star
    95

    doc.goquorum

    Documentation site for GoQuorum, the ConsenSys Enterprise Ethereum client
    CSS
    27
    star
    96

    quorum-explorer

    A light-weight front-end explorer for Besu and GoQuorum to visualise private networks and deploy smart contracts
    TypeScript
    27
    star
    97

    mythxjs

    TypeScript
    26
    star
    98

    hackathon-2021-dapp-workshop

    JavaScript
    25
    star
    99

    0x_audit_report_2018-07-23

    0x Protocol v2 Audit
    HTML
    24
    star
    100

    web3js-quorum

    JavaScript
    24
    star