[FAB-17467] Create signature for config update #687

DereckLuo · 2020-02-17T16:01:39Z

Signed-off-by: Chongxin Luo Chongxin.Luo@ibm.com

Type of change

Improvement (improvement to code, performance, etc)

Description

additional fixes that addresses this PR: [FAB-17462] Create signature for config update #669

Additional details

Changed the structure name from Signer to SigningIdentity.
Added parallel execution for all unit tests.
Removed MarshalOrPanic function.
Removed Public method from SigningIdentity , as it does not implement crypto.Signer anymore.
Removed package level state publicKey, privateKey in unit tests.

Related issues

FAB-17467

pkg/config/signer_test.go

pkg/config/signer.go

pkg/config/signer_test.go

pkg/config/signer.go

pkg/config/config.go

wlahti · 2020-02-18T15:46:09Z

pkg/config/signer.go

-// NewSigner creates a new signer for configuration updates. The publicCert
-// and privateKey should be pem encoded.
-func NewSigner(publicCert []byte, privateCert []byte, mspID string) (*Signer, error) {
+// NewSigningIdentity creates a new signingIdentity for configuration updates.


nit: I feel like this should just read as English and not reference the type, i.e. "signing identity". If we feel it's best to include the type though, let's make sure the capitalization matches. :)

+1 @wlahti The term signer and signer's public/private key are widely used as far as I know based on the famous crypto book that I have been reading -- Applied Cryptography: Protocols, Algorithms and Source Code in C. Hence, Signer looks more natural to me than SigningIdentity here. This is similar to having Validator or Committer as the struct name (which we have used).

A signer signs things; this is more than a signer as it also includes the MSPID and the certificate that goes into the the signature header. The overloaded use of “signer” also adds confusion with respect to crypto.Signer from the standard library.

Within Fabric, across components, we refer to this collection of identity, cert, and key as a SigningIdentity. Hence the original request to change.

fabric/msp/msp.go

Line 78 in 43ff898

GetSigningIdentity(identifier *IdentityIdentifier) (SigningIdentity, error)

I believe Will’s comment was that the godoc should use the term “signing identity” instead of the type; if the type is used, it should at least be done in consistent case. He can clarify if I’m wrong.

Correct, I was simply referring to the godoc in my previous comment. Things look good to me now.

Got it. Thanks, @sykesm, for the detailed explanation.

Even though GetSigningIdentity exists in the MSP interface, in my opinion it creates an un-needed coupling between signing and verification.

What if you have an idemix MSP for a specific organization OrgA but not for the rest of the organizations? If a peer from OrgB now gets an API call to verify an idemix signature it needs to ask from the idemix MSP, which means an instance of the said MSP exists, however - the implementation of the idemix MSP on any org other than OrgA is undefined since only OrgA can issue idemix proofs.

If you ask me - the signing part should have never been placed inside the MSP interface, but it should have been in its own interface.

cendhu · 2020-02-19T12:31:08Z

pkg/config/config.go

 	if err != nil {
 		return nil, err
 	}

+	sh, err := proto.Marshal(signatureHeader)
+	if err != nil {
+		return nil, fmt.Errorf("failed to marshal signature header: %v", err)


Nit. Need to avoid fmt.Errorf() as per error handling guideline. Use github.com/pkg/errors package instead.

We're treating this package as a library and are avoiding as many dependencies as possible as well as fabric-specific error/logging preferences.

As Will stated, we are avoiding dependencies and projecting our coding standards into consuming environments.

Got it. Thanks, @wlahti.

cendhu · 2020-02-19T12:56:10Z

pkg/config/signer.go

-// NewSigner creates a new signer for configuration updates. The publicCert
-// and privateKey should be pem encoded.
-func NewSigner(publicCert []byte, privateCert []byte, mspID string) (*Signer, error) {
+// NewSigningIdentity creates a new signingIdentity for configuration updates.


+1 @wlahti The term signer and signer's public/private key are widely used as far as I know based on the famous crypto book that I have been reading -- Applied Cryptography: Protocols, Algorithms and Source Code in C. Hence, Signer looks more natural to me than SigningIdentity here. This is similar to having Validator or Committer as the struct name (which we have used).

sykesm · 2020-02-19T13:45:21Z

pkg/config/config.go

@@ -44,13 +53,3 @@ func concatenateBytes(data ...[]byte) []byte {
 	}


Looking up a few lines, concatenateBytes looks very inefficient. Why isn’t as simple as:

func concatenateBytes(data ...[]byte) []byte { var res []byte for i := range data { res = append(res, data[i]...) } return res }

sykesm · 2020-02-19T13:51:14Z

pkg/config/signer.go

-// Signer holds the information necessary to sign a configuration update.
-// It implements the crypto.Signer interface for ECDSA keys.
-type Signer struct {
+// SigningIdentity holds the information necessary to sign a configuration update.


If you were a consumer, would this description of a SigningIdentity (or an Identity, or a Signer) be enough to help you understand what it is? I’d expect it to say something like:

A SigningIdentity is an MSP Identity that can be used to sign configuration updates and transaction.

We can elaborate on that later but we want to focus on what it is and its role with respect to consumers, not the implementation.

Signed-off-by: Chongxin Luo <Chongxin.Luo@ibm.com>

DereckLuo · 2020-02-24T16:23:50Z

rebased to current master. will address additional requests in a separate PR.

sykesm

Comments will be handled offline.

DereckLuo requested a review from a team as a code owner February 17, 2020 16:01

DereckLuo mentioned this pull request Feb 17, 2020

[FAB-17462] Create signature for config update #669

Merged