Remove RSA crypto operations from BCCSP

The RSA operations are not used within Fabric.

FAB-15753 #done

Change-Id: I23d565b5f7990597dde79e6c7194e106371d45d3
Signed-off-by: Matthew Sykes <sykesmat@us.ibm.com>

Author: sykesm

bccsp/bccsp.go

@@ -1,17 +1,7 @@
 /*
-Copyright IBM Corp. 2016 All Rights Reserved.
+Copyright IBM Corp. All Rights Reserved.
 
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-		 http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
+SPDX-License-Identifier: Apache-2.0
 */
 
 package bccsp

bccsp/bccsp_test.go

@@ -46,23 +46,6 @@ func TestAESOpts(t *testing.T) {
 	assert.False(t, opts.Ephemeral())
 }
 
-func TestRSAOpts(t *testing.T) {
-	test := func(ephemeral bool) {
-		for _, opts := range []KeyGenOpts{
-			&RSA1024KeyGenOpts{ephemeral},
-			&RSA2048KeyGenOpts{ephemeral},
-			&RSA3072KeyGenOpts{ephemeral},
-			&RSA4096KeyGenOpts{ephemeral},
-		} {
-			expectedAlgorithm := reflect.TypeOf(opts).String()[7:14]
-			assert.Equal(t, expectedAlgorithm, opts.Algorithm())
-			assert.Equal(t, ephemeral, opts.Ephemeral())
-		}
-	}
-	test(true)
-	test(false)
-}
-
 func TestECDSAOpts(t *testing.T) {
 	test := func(ephemeral bool) {
 		for _, opts := range []KeyGenOpts{
@@ -133,17 +116,13 @@ func TestHMAC(t *testing.T) {
 
 func TestKeyGenOpts(t *testing.T) {
 	expectedAlgorithms := map[reflect.Type]string{
-		reflect.TypeOf(&HMACImportKeyOpts{}):        "HMAC",
-		reflect.TypeOf(&RSAKeyGenOpts{}):            "RSA",
-		reflect.TypeOf(&RSAGoPublicKeyImportOpts{}): "RSA",
-		reflect.TypeOf(&X509PublicKeyImportOpts{}):  "X509Certificate",
-		reflect.TypeOf(&AES256ImportKeyOpts{}):      "AES",
+		reflect.TypeOf(&HMACImportKeyOpts{}):       "HMAC",
+		reflect.TypeOf(&X509PublicKeyImportOpts{}): "X509Certificate",
+		reflect.TypeOf(&AES256ImportKeyOpts{}):     "AES",
 	}
 	test := func(ephemeral bool) {
 		for _, opts := range []KeyGenOpts{
 			&HMACImportKeyOpts{ephemeral},
-			&RSAKeyGenOpts{ephemeral},
-			&RSAGoPublicKeyImportOpts{ephemeral},
 			&X509PublicKeyImportOpts{ephemeral},
 			&AES256ImportKeyOpts{ephemeral},
 		} {

bccsp/idemixerrs.go

@@ -3,6 +3,7 @@ Copyright IBM Corp. All Rights Reserved.
 
 SPDX-License-Identifier: Apache-2.0
 */
+
 package bccsp
 
 import (

bccsp/opts.go

@@ -1,17 +1,7 @@
 /*
-Copyright IBM Corp. 2016 All Rights Reserved.
+Copyright IBM Corp. All Rights Reserved.
 
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-		 http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
+SPDX-License-Identifier: Apache-2.0
 */
 
 package bccsp
@@ -32,19 +22,6 @@ const (
 	// ECDSAReRand ECDSA key re-randomization
 	ECDSAReRand = "ECDSA_RERAND"
 
-	// RSA at the default security level.
-	// Each BCCSP may or may not support default security level. If not supported than
-	// an error will be returned.
-	RSA = "RSA"
-	// RSA at 1024 bit security level.
-	RSA1024 = "RSA1024"
-	// RSA at 2048 bit security level.
-	RSA2048 = "RSA2048"
-	// RSA at 3072 bit security level.
-	RSA3072 = "RSA3072"
-	// RSA at 4096 bit security level.
-	RSA4096 = "RSA4096"
-
 	// AES Advanced Encryption Standard at the default security level.
 	// Each BCCSP may or may not support default security level. If not supported than
 	// an error will be returned.
@@ -265,46 +242,13 @@ func (opts *HMACImportKeyOpts) Ephemeral() bool {
 }
 
 // SHAOpts contains options for computing SHA.
-type SHAOpts struct {
-}
+type SHAOpts struct{}
 
 // Algorithm returns the hash algorithm identifier (to be used).
 func (opts *SHAOpts) Algorithm() string {
 	return SHA
 }
 
-// RSAKeyGenOpts contains options for RSA key generation.
-type RSAKeyGenOpts struct {
-	Temporary bool
-}
-
-// Algorithm returns the key generation algorithm identifier (to be used).
-func (opts *RSAKeyGenOpts) Algorithm() string {
-	return RSA
-}
-
-// Ephemeral returns true if the key to generate has to be ephemeral,
-// false otherwise.
-func (opts *RSAKeyGenOpts) Ephemeral() bool {
-	return opts.Temporary
-}
-
-// RSAGoPublicKeyImportOpts contains options for RSA key importation from rsa.PublicKey
-type RSAGoPublicKeyImportOpts struct {
-	Temporary bool
-}
-
-// Algorithm returns the key importation algorithm identifier (to be used).
-func (opts *RSAGoPublicKeyImportOpts) Algorithm() string {
-	return RSA
-}
-
-// Ephemeral returns true if the key to generate has to be ephemeral,
-// false otherwise.
-func (opts *RSAGoPublicKeyImportOpts) Ephemeral() bool {
-	return opts.Temporary
-}
-
 // X509PublicKeyImportOpts contains options for importing public keys from an x509 certificate
 type X509PublicKeyImportOpts struct {
 	Temporary bool

bccsp/pkcs11/conf.go

@@ -20,7 +20,6 @@ type config struct {
 	ellipticCurve asn1.ObjectIdentifier
 	hashFunction  func() hash.Hash
 	aesBitLength  int
-	rsaBitLength  int
 }
 
 func (conf *config) setSecurityLevel(securityLevel int, hashFamily string) (err error) {
@@ -40,12 +39,10 @@ func (conf *config) setSecurityLevelSHA2(level int) (err error) {
 	case 256:
 		conf.ellipticCurve = oidNamedCurveP256
 		conf.hashFunction = sha256.New
-		conf.rsaBitLength = 2048
 		conf.aesBitLength = 32
 	case 384:
 		conf.ellipticCurve = oidNamedCurveP384
 		conf.hashFunction = sha512.New384
-		conf.rsaBitLength = 3072
 		conf.aesBitLength = 32
 	default:
 		err = fmt.Errorf("Security level not supported [%d]", level)
@@ -58,12 +55,10 @@ func (conf *config) setSecurityLevelSHA3(level int) (err error) {
 	case 256:
 		conf.ellipticCurve = oidNamedCurveP256
 		conf.hashFunction = sha3.New256
-		conf.rsaBitLength = 2048
 		conf.aesBitLength = 32
 	case 384:
 		conf.ellipticCurve = oidNamedCurveP384
 		conf.hashFunction = sha3.New384
-		conf.rsaBitLength = 3072
 		conf.aesBitLength = 32
 	default:
 		err = fmt.Errorf("Security level not supported [%d]", level)

bccsp/pkcs11/ecdsakey_test.go

@@ -34,5 +34,5 @@ func TestX509PublicKeyImportOptsKeyImporter(t *testing.T) {
 	cert.PublicKey = "Hello world"
 	_, err = ki.KeyImport(cert, &bccsp.X509PublicKeyImportOpts{})
 	assert.Error(t, err)
-	assert.Contains(t, err.Error(), "Certificate's public key type not recognized. Supported keys: [ECDSA, RSA]")
+	assert.Contains(t, err.Error(), "Certificate's public key type not recognized. Supported keys: [ECDSA]")
 }

bccsp/pkcs11/impl.go

@@ -8,7 +8,6 @@ package pkcs11
 
 import (
 	"crypto/ecdsa"
-	"crypto/rsa"
 	"crypto/x509"
 	"os"
 
@@ -138,10 +137,8 @@ func (csp *impl) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (k bccsp.K
 		switch pk.(type) {
 		case *ecdsa.PublicKey:
 			return csp.KeyImport(pk, &bccsp.ECDSAGoPublicKeyImportOpts{Temporary: opts.Ephemeral()})
-		case *rsa.PublicKey:
-			return csp.KeyImport(pk, &bccsp.RSAGoPublicKeyImportOpts{Temporary: opts.Ephemeral()})
 		default:
-			return nil, errors.New("Certificate's public key type not recognized. Supported keys: [ECDSA, RSA]")
+			return nil, errors.New("Certificate's public key type not recognized. Supported keys: [ECDSA]")
 		}
 
 	default: