-
Notifications
You must be signed in to change notification settings - Fork 0
/
bccsp.go
171 lines (145 loc) · 6.38 KB
/
bccsp.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
/*
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
*/
package idemix
import (
"reflect"
"github.com/hyperledger/fabric/bccsp/idemix/bridge"
"github.com/hyperledger/fabric/bccsp/idemix/handlers"
"github.com/hyperledger/fabric/bccsp"
"github.com/hyperledger/fabric/bccsp/sw"
"github.com/pkg/errors"
)
type csp struct {
*sw.CSP
}
func New(keyStore bccsp.KeyStore) (*csp, error) {
base, err := sw.New(keyStore)
if err != nil {
return nil, errors.Wrap(err, "failed instantiating base bccsp")
}
csp := &csp{CSP: base}
// key generators
base.AddWrapper(reflect.TypeOf(&bccsp.IdemixIssuerKeyGenOpts{}), &handlers.IssuerKeyGen{Issuer: &bridge.Issuer{NewRand: bridge.NewRandOrPanic}})
base.AddWrapper(reflect.TypeOf(&bccsp.IdemixUserSecretKeyGenOpts{}), &handlers.UserKeyGen{User: &bridge.User{NewRand: bridge.NewRandOrPanic}})
base.AddWrapper(reflect.TypeOf(&bccsp.IdemixRevocationKeyGenOpts{}), &handlers.RevocationKeyGen{Revocation: &bridge.Revocation{}})
// key derivers
base.AddWrapper(reflect.TypeOf(handlers.NewUserSecretKey(nil, false)), &handlers.NymKeyDerivation{
User: &bridge.User{NewRand: bridge.NewRandOrPanic},
})
// signers
base.AddWrapper(reflect.TypeOf(handlers.NewUserSecretKey(nil, false)), &userSecreKeySignerMultiplexer{
signer: &handlers.Signer{SignatureScheme: &bridge.SignatureScheme{NewRand: bridge.NewRandOrPanic}},
nymSigner: &handlers.NymSigner{NymSignatureScheme: &bridge.NymSignatureScheme{NewRand: bridge.NewRandOrPanic}},
credentialRequestSigner: &handlers.CredentialRequestSigner{CredRequest: &bridge.CredRequest{NewRand: bridge.NewRandOrPanic}},
})
base.AddWrapper(reflect.TypeOf(handlers.NewIssuerSecretKey(nil, false)), &handlers.CredentialSigner{
Credential: &bridge.Credential{NewRand: bridge.NewRandOrPanic},
})
base.AddWrapper(reflect.TypeOf(handlers.NewRevocationSecretKey(nil, false)), &handlers.CriSigner{
Revocation: &bridge.Revocation{},
})
// verifiers
base.AddWrapper(reflect.TypeOf(handlers.NewIssuerPublicKey(nil)), &issuerPublicKeyVerifierMultiplexer{
verifier: &handlers.Verifier{SignatureScheme: &bridge.SignatureScheme{NewRand: bridge.NewRandOrPanic}},
credentialRequestVerifier: &handlers.CredentialRequestVerifier{CredRequest: &bridge.CredRequest{NewRand: bridge.NewRandOrPanic}},
})
base.AddWrapper(reflect.TypeOf(handlers.NewNymPublicKey(nil)), &handlers.NymVerifier{
NymSignatureScheme: &bridge.NymSignatureScheme{NewRand: bridge.NewRandOrPanic},
})
base.AddWrapper(reflect.TypeOf(handlers.NewUserSecretKey(nil, false)), &handlers.CredentialVerifier{
Credential: &bridge.Credential{NewRand: bridge.NewRandOrPanic},
})
base.AddWrapper(reflect.TypeOf(handlers.NewRevocationPublicKey(nil)), &handlers.CriVerifier{
Revocation: &bridge.Revocation{},
})
// importers
base.AddWrapper(reflect.TypeOf(&bccsp.IdemixUserSecretKeyImportOpts{}), &handlers.UserKeyImporter{
User: &bridge.User{},
})
base.AddWrapper(reflect.TypeOf(&bccsp.IdemixIssuerPublicKeyImportOpts{}), &handlers.IssuerPublicKeyImporter{
Issuer: &bridge.Issuer{},
})
base.AddWrapper(reflect.TypeOf(&bccsp.IdemixNymPublicKeyImportOpts{}), &handlers.NymPublicKeyImporter{
User: &bridge.User{},
})
base.AddWrapper(reflect.TypeOf(&bccsp.IdemixRevocationPublicKeyImportOpts{}), &handlers.RevocationPublicKeyImporter{})
return csp, nil
}
// Sign signs digest using key k.
// The opts argument should be appropriate for the primitive used.
//
// Note that when a signature of a hash of a larger message is needed,
// the caller is responsible for hashing the larger message and passing
// the hash (as digest).
// Notice that this is overriding the Sign methods of the sw impl. to avoid the digest check.
func (csp *csp) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) (signature []byte, err error) {
// Validate arguments
if k == nil {
return nil, errors.New("Invalid Key. It must not be nil.")
}
// Do not check for digest
keyType := reflect.TypeOf(k)
signer, found := csp.Signers[keyType]
if !found {
return nil, errors.Errorf("Unsupported 'SignKey' provided [%s]", keyType)
}
signature, err = signer.Sign(k, digest, opts)
if err != nil {
return nil, errors.Wrapf(err, "Failed signing with opts [%v]", opts)
}
return
}
// Verify verifies signature against key k and digest
// Notice that this is overriding the Sign methods of the sw impl. to avoid the digest check.
func (csp *csp) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (valid bool, err error) {
// Validate arguments
if k == nil {
return false, errors.New("Invalid Key. It must not be nil.")
}
if len(signature) == 0 {
return false, errors.New("Invalid signature. Cannot be empty.")
}
// Do not check for digest
verifier, found := csp.Verifiers[reflect.TypeOf(k)]
if !found {
return false, errors.Errorf("Unsupported 'VerifyKey' provided [%v]", k)
}
valid, err = verifier.Verify(k, signature, digest, opts)
if err != nil {
return false, errors.Wrapf(err, "Failed verifing with opts [%v]", opts)
}
return
}
type userSecreKeySignerMultiplexer struct {
signer *handlers.Signer
nymSigner *handlers.NymSigner
credentialRequestSigner *handlers.CredentialRequestSigner
}
func (s *userSecreKeySignerMultiplexer) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) (signature []byte, err error) {
switch opts.(type) {
case *bccsp.IdemixSignerOpts:
return s.signer.Sign(k, digest, opts)
case *bccsp.IdemixNymSignerOpts:
return s.nymSigner.Sign(k, digest, opts)
case *bccsp.IdemixCredentialRequestSignerOpts:
return s.credentialRequestSigner.Sign(k, digest, opts)
default:
return nil, errors.New("invalid opts, expected *bccsp.IdemixSignerOpt or *bccsp.IdemixNymSignerOpts or *bccsp.IdemixCredentialRequestSignerOpts")
}
}
type issuerPublicKeyVerifierMultiplexer struct {
verifier *handlers.Verifier
credentialRequestVerifier *handlers.CredentialRequestVerifier
}
func (v *issuerPublicKeyVerifierMultiplexer) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (valid bool, err error) {
switch opts.(type) {
case *bccsp.IdemixSignerOpts:
return v.verifier.Verify(k, signature, digest, opts)
case *bccsp.IdemixCredentialRequestSignerOpts:
return v.credentialRequestVerifier.Verify(k, signature, digest, opts)
default:
return false, errors.New("invalid opts, expected *bccsp.IdemixSignerOpts or *bccsp.IdemixCredentialRequestSignerOpts")
}
}