diff --git a/common/tools/idemixgen/idemixca/idemixca_test.go b/common/tools/idemixgen/idemixca/idemixca_test.go index 7097258e47..8b4f1d10cf 100644 --- a/common/tools/idemixgen/idemixca/idemixca_test.go +++ b/common/tools/idemixgen/idemixca/idemixca_test.go @@ -12,7 +12,9 @@ import ( "path/filepath" "testing" - "crypto/elliptic" + "crypto/x509" + + "encoding/pem" "github.com/golang/protobuf/proto" "github.com/hyperledger/fabric/idemix" @@ -37,7 +39,11 @@ func TestIdemixCa(t *testing.T) { err = proto.Unmarshal(ipkBytes, ipk) assert.NoError(t, err) - writeVerifierToFile(ipkBytes, elliptic.Marshal(elliptic.P384(), revocationkey.X, revocationkey.Y)) + encodedRevocationPK, err := x509.MarshalPKIXPublicKey(revocationkey.Public()) + assert.NoError(t, err) + pemEncodedRevocationPK := pem.EncodeToMemory(&pem.Block{Type: "PUBLIC KEY", Bytes: encodedRevocationPK}) + + writeVerifierToFile(ipkBytes, pemEncodedRevocationPK) key := &idemix.IssuerKey{Isk: isk, Ipk: ipk} diff --git a/common/tools/idemixgen/idemixgen.go b/common/tools/idemixgen/idemixgen.go index 8dbcee4365..907bcb2433 100644 --- a/common/tools/idemixgen/idemixgen.go +++ b/common/tools/idemixgen/idemixgen.go @@ -18,10 +18,10 @@ import ( "os" "path/filepath" - "crypto/elliptic" - "crypto/ecdsa" + "encoding/pem" + "github.com/golang/protobuf/proto" "github.com/hyperledger/fabric/common/tools/idemixgen/idemixca" "github.com/hyperledger/fabric/common/tools/idemixgen/metadata" @@ -64,9 +64,13 @@ func main() { revocationKey, err := idemix.GenerateLongTermRevocationKey() handleError(err) - revocationKeyBytes, err := x509.MarshalECPrivateKey(revocationKey) + encodedRevocationSK, err := x509.MarshalECPrivateKey(revocationKey) + handleError(err) + pemEncodedRevocationSK := pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: encodedRevocationSK}) handleError(err) - revocationPkBytes := elliptic.Marshal(elliptic.P384(), revocationKey.X, revocationKey.Y) + encodedRevocationPK, err := x509.MarshalPKIXPublicKey(revocationKey.Public()) + handleError(err) + pemEncodedRevocationPK := pem.EncodeToMemory(&pem.Block{Type: "PUBLIC KEY", Bytes: encodedRevocationPK}) // Prevent overwriting the existing key path := filepath.Join(*outputDir, IdemixDirIssuer) @@ -79,9 +83,9 @@ func main() { handleError(os.MkdirAll(filepath.Join(*outputDir, IdemixDirIssuer), 0770)) handleError(os.MkdirAll(filepath.Join(*outputDir, msp.IdemixConfigDirMsp), 0770)) writeFile(filepath.Join(*outputDir, IdemixDirIssuer, IdemixConfigIssuerSecretKey), isk) - writeFile(filepath.Join(*outputDir, IdemixDirIssuer, IdemixConfigRevocationKey), revocationKeyBytes) + writeFile(filepath.Join(*outputDir, IdemixDirIssuer, IdemixConfigRevocationKey), pemEncodedRevocationSK) writeFile(filepath.Join(*outputDir, IdemixDirIssuer, msp.IdemixConfigFileIssuerPublicKey), ipk) - writeFile(filepath.Join(*outputDir, msp.IdemixConfigDirMsp, msp.IdemixConfigFileRevocationPublicKey), revocationPkBytes) + writeFile(filepath.Join(*outputDir, msp.IdemixConfigDirMsp, msp.IdemixConfigFileRevocationPublicKey), pemEncodedRevocationPK) writeFile(filepath.Join(*outputDir, msp.IdemixConfigDirMsp, msp.IdemixConfigFileIssuerPublicKey), ipk) case genSignerConfig.FullCommand(): @@ -134,7 +138,12 @@ func readRevocationKey() *ecdsa.PrivateKey { if err != nil { handleError(errors.Wrapf(err, "failed to open revocation secret key file: %s", path)) } - key, err := x509.ParseECPrivateKey(keyBytes) + + block, _ := pem.Decode(keyBytes) + if block == nil { + handleError(errors.Errorf("failed to decode ECDSA private key")) + } + key, err := x509.ParseECPrivateKey(block.Bytes) handleError(err) return key diff --git a/msp/idemixmsp.go b/msp/idemixmsp.go index b653d31980..a7020c9f45 100644 --- a/msp/idemixmsp.go +++ b/msp/idemixmsp.go @@ -13,7 +13,11 @@ import ( "crypto/ecdsa" - "crypto/elliptic" + "crypto/x509" + + "encoding/pem" + + "reflect" "github.com/golang/protobuf/proto" "github.com/hyperledger/fabric-amcl/amcl" @@ -131,12 +135,19 @@ func (msp *idemixmsp) Setup(conf1 *m.MSPConfig) error { msp.rng = rng // get the revocation public key from the config - revPkX, revPkY := elliptic.Unmarshal(elliptic.P384(), conf.RevocationPk) - msp.revocationPK = &ecdsa.PublicKey{ - Curve: elliptic.P384(), - X: revPkX, - Y: revPkY, + blockPub, _ := pem.Decode(conf.RevocationPk) + if blockPub == nil { + return errors.New("Failed to decode revocation ECDSA public key") + } + revocationPk, err := x509.ParsePKIXPublicKey(blockPub.Bytes) + if err != nil { + return errors.Wrap(err, "Failed to parse revocation ECDSA public key bytes") + } + ecdsaPublicKey, isECDSA := revocationPk.(*ecdsa.PublicKey) + if !isECDSA { + return errors.Errorf("key is of type %v, not of type ECDSA", reflect.TypeOf(revocationPk)) } + msp.revocationPK = ecdsaPublicKey if conf.Signer == nil { // No credential in config, so we don't setup a default signer diff --git a/msp/testdata/idemix/MSP1OU1/ca/IssuerPublicKey b/msp/testdata/idemix/MSP1OU1/ca/IssuerPublicKey index 97cb69f3fc..9517ed3fbe 100644 Binary files a/msp/testdata/idemix/MSP1OU1/ca/IssuerPublicKey and b/msp/testdata/idemix/MSP1OU1/ca/IssuerPublicKey differ diff --git a/msp/testdata/idemix/MSP1OU1/ca/IssuerSecretKey b/msp/testdata/idemix/MSP1OU1/ca/IssuerSecretKey index 52ac4758c8..567cea7428 100644 Binary files a/msp/testdata/idemix/MSP1OU1/ca/IssuerSecretKey and b/msp/testdata/idemix/MSP1OU1/ca/IssuerSecretKey differ diff --git a/msp/testdata/idemix/MSP1OU1/ca/RevocationKey b/msp/testdata/idemix/MSP1OU1/ca/RevocationKey index 0b3f252785..ea38540156 100644 Binary files a/msp/testdata/idemix/MSP1OU1/ca/RevocationKey and b/msp/testdata/idemix/MSP1OU1/ca/RevocationKey differ diff --git a/msp/testdata/idemix/MSP1OU1/msp/IssuerPublicKey b/msp/testdata/idemix/MSP1OU1/msp/IssuerPublicKey index 97cb69f3fc..9517ed3fbe 100644 Binary files a/msp/testdata/idemix/MSP1OU1/msp/IssuerPublicKey and b/msp/testdata/idemix/MSP1OU1/msp/IssuerPublicKey differ diff --git a/msp/testdata/idemix/MSP1OU1/msp/RevocationPublicKey b/msp/testdata/idemix/MSP1OU1/msp/RevocationPublicKey index b8ba888eac..9f3c415a9f 100644 Binary files a/msp/testdata/idemix/MSP1OU1/msp/RevocationPublicKey and b/msp/testdata/idemix/MSP1OU1/msp/RevocationPublicKey differ diff --git a/msp/testdata/idemix/MSP1OU1/user/SignerConfig b/msp/testdata/idemix/MSP1OU1/user/SignerConfig index 330d3900eb..63cd64cc2e 100644 Binary files a/msp/testdata/idemix/MSP1OU1/user/SignerConfig and b/msp/testdata/idemix/MSP1OU1/user/SignerConfig differ diff --git a/msp/testdata/idemix/MSP1OU1Admin/ca/IssuerPublicKey b/msp/testdata/idemix/MSP1OU1Admin/ca/IssuerPublicKey index 97cb69f3fc..9517ed3fbe 100644 Binary files a/msp/testdata/idemix/MSP1OU1Admin/ca/IssuerPublicKey and b/msp/testdata/idemix/MSP1OU1Admin/ca/IssuerPublicKey differ diff --git a/msp/testdata/idemix/MSP1OU1Admin/ca/IssuerSecretKey b/msp/testdata/idemix/MSP1OU1Admin/ca/IssuerSecretKey index 52ac4758c8..567cea7428 100644 Binary files a/msp/testdata/idemix/MSP1OU1Admin/ca/IssuerSecretKey and b/msp/testdata/idemix/MSP1OU1Admin/ca/IssuerSecretKey differ diff --git a/msp/testdata/idemix/MSP1OU1Admin/ca/RevocationKey b/msp/testdata/idemix/MSP1OU1Admin/ca/RevocationKey index 0b3f252785..ea38540156 100644 Binary files a/msp/testdata/idemix/MSP1OU1Admin/ca/RevocationKey and b/msp/testdata/idemix/MSP1OU1Admin/ca/RevocationKey differ diff --git a/msp/testdata/idemix/MSP1OU1Admin/msp/IssuerPublicKey b/msp/testdata/idemix/MSP1OU1Admin/msp/IssuerPublicKey index 97cb69f3fc..9517ed3fbe 100644 Binary files a/msp/testdata/idemix/MSP1OU1Admin/msp/IssuerPublicKey and b/msp/testdata/idemix/MSP1OU1Admin/msp/IssuerPublicKey differ diff --git a/msp/testdata/idemix/MSP1OU1Admin/msp/RevocationPublicKey b/msp/testdata/idemix/MSP1OU1Admin/msp/RevocationPublicKey index b8ba888eac..9f3c415a9f 100644 Binary files a/msp/testdata/idemix/MSP1OU1Admin/msp/RevocationPublicKey and b/msp/testdata/idemix/MSP1OU1Admin/msp/RevocationPublicKey differ diff --git a/msp/testdata/idemix/MSP1OU1Admin/user/SignerConfig b/msp/testdata/idemix/MSP1OU1Admin/user/SignerConfig index aab4e5d205..cc51eec672 100644 Binary files a/msp/testdata/idemix/MSP1OU1Admin/user/SignerConfig and b/msp/testdata/idemix/MSP1OU1Admin/user/SignerConfig differ diff --git a/msp/testdata/idemix/MSP1OU2/ca/IssuerPublicKey b/msp/testdata/idemix/MSP1OU2/ca/IssuerPublicKey index 97cb69f3fc..9517ed3fbe 100644 Binary files a/msp/testdata/idemix/MSP1OU2/ca/IssuerPublicKey and b/msp/testdata/idemix/MSP1OU2/ca/IssuerPublicKey differ diff --git a/msp/testdata/idemix/MSP1OU2/ca/IssuerSecretKey b/msp/testdata/idemix/MSP1OU2/ca/IssuerSecretKey index 52ac4758c8..567cea7428 100644 Binary files a/msp/testdata/idemix/MSP1OU2/ca/IssuerSecretKey and b/msp/testdata/idemix/MSP1OU2/ca/IssuerSecretKey differ diff --git a/msp/testdata/idemix/MSP1OU2/ca/RevocationKey b/msp/testdata/idemix/MSP1OU2/ca/RevocationKey index 0b3f252785..ea38540156 100644 Binary files a/msp/testdata/idemix/MSP1OU2/ca/RevocationKey and b/msp/testdata/idemix/MSP1OU2/ca/RevocationKey differ diff --git a/msp/testdata/idemix/MSP1OU2/msp/IssuerPublicKey b/msp/testdata/idemix/MSP1OU2/msp/IssuerPublicKey index 97cb69f3fc..9517ed3fbe 100644 Binary files a/msp/testdata/idemix/MSP1OU2/msp/IssuerPublicKey and b/msp/testdata/idemix/MSP1OU2/msp/IssuerPublicKey differ diff --git a/msp/testdata/idemix/MSP1OU2/msp/RevocationPublicKey b/msp/testdata/idemix/MSP1OU2/msp/RevocationPublicKey index b8ba888eac..9f3c415a9f 100644 Binary files a/msp/testdata/idemix/MSP1OU2/msp/RevocationPublicKey and b/msp/testdata/idemix/MSP1OU2/msp/RevocationPublicKey differ diff --git a/msp/testdata/idemix/MSP1OU2/user/SignerConfig b/msp/testdata/idemix/MSP1OU2/user/SignerConfig index fed8f3cdd5..305167d256 100644 Binary files a/msp/testdata/idemix/MSP1OU2/user/SignerConfig and b/msp/testdata/idemix/MSP1OU2/user/SignerConfig differ diff --git a/msp/testdata/idemix/MSP1Verifier/ca/IssuerPublicKey b/msp/testdata/idemix/MSP1Verifier/ca/IssuerPublicKey index 97cb69f3fc..9517ed3fbe 100644 Binary files a/msp/testdata/idemix/MSP1Verifier/ca/IssuerPublicKey and b/msp/testdata/idemix/MSP1Verifier/ca/IssuerPublicKey differ diff --git a/msp/testdata/idemix/MSP1Verifier/ca/IssuerSecretKey b/msp/testdata/idemix/MSP1Verifier/ca/IssuerSecretKey index 52ac4758c8..567cea7428 100644 Binary files a/msp/testdata/idemix/MSP1Verifier/ca/IssuerSecretKey and b/msp/testdata/idemix/MSP1Verifier/ca/IssuerSecretKey differ diff --git a/msp/testdata/idemix/MSP1Verifier/ca/RevocationKey b/msp/testdata/idemix/MSP1Verifier/ca/RevocationKey index 0b3f252785..ea38540156 100644 Binary files a/msp/testdata/idemix/MSP1Verifier/ca/RevocationKey and b/msp/testdata/idemix/MSP1Verifier/ca/RevocationKey differ diff --git a/msp/testdata/idemix/MSP1Verifier/msp/IssuerPublicKey b/msp/testdata/idemix/MSP1Verifier/msp/IssuerPublicKey index 97cb69f3fc..9517ed3fbe 100644 Binary files a/msp/testdata/idemix/MSP1Verifier/msp/IssuerPublicKey and b/msp/testdata/idemix/MSP1Verifier/msp/IssuerPublicKey differ diff --git a/msp/testdata/idemix/MSP1Verifier/msp/RevocationPublicKey b/msp/testdata/idemix/MSP1Verifier/msp/RevocationPublicKey index b8ba888eac..9f3c415a9f 100644 Binary files a/msp/testdata/idemix/MSP1Verifier/msp/RevocationPublicKey and b/msp/testdata/idemix/MSP1Verifier/msp/RevocationPublicKey differ diff --git a/msp/testdata/idemix/MSP2OU1/ca/IssuerPublicKey b/msp/testdata/idemix/MSP2OU1/ca/IssuerPublicKey index f0f4372c45..b75c3f3ae3 100644 Binary files a/msp/testdata/idemix/MSP2OU1/ca/IssuerPublicKey and b/msp/testdata/idemix/MSP2OU1/ca/IssuerPublicKey differ diff --git a/msp/testdata/idemix/MSP2OU1/ca/IssuerSecretKey b/msp/testdata/idemix/MSP2OU1/ca/IssuerSecretKey index f920cfe2a9..2ff2a23524 100644 --- a/msp/testdata/idemix/MSP2OU1/ca/IssuerSecretKey +++ b/msp/testdata/idemix/MSP2OU1/ca/IssuerSecretKey @@ -1 +1 @@ -"ïB™Ý¢xʱLîËë\tybõCU©?Zœ( -ä%ü 5Ÿªñ÷„ˆüV*µ„ËÈòÞ \ No newline at end of file +-----BEGIN PUBLIC KEY----- +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEPxN4FO+VZCjn9BQ1zhSurncwXRtGXjsF +TB4gZYYy5Wds0UHv3B8hiVMt6QfV38pmc5DAAy2IH6bu9cg3WtiDGbSyL8cPzMm4 +Z0mOasXUQHocwO95ssXOnmRr1n/LAOpi +-----END PUBLIC KEY----- diff --git a/msp/testdata/idemix/MSP2OU1/user/SignerConfig b/msp/testdata/idemix/MSP2OU1/user/SignerConfig index a8a85e31df..b871770a0f 100644 Binary files a/msp/testdata/idemix/MSP2OU1/user/SignerConfig and b/msp/testdata/idemix/MSP2OU1/user/SignerConfig differ