forked from tw-bc-group/fabric
-
Notifications
You must be signed in to change notification settings - Fork 0
/
signer.go
78 lines (66 loc) · 2.18 KB
/
signer.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
/*
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
*/
package signer
import (
"crypto"
"io"
"github.com/hyperledger/fabric/bccsp"
"github.com/hyperledger/fabric/bccsp/utils"
"github.com/pkg/errors"
)
// bccspCryptoSigner is the BCCSP-based implementation of a crypto.Signer
type bccspCryptoSigner struct {
csp bccsp.BCCSP
key bccsp.Key
pk interface{}
}
// New returns a new BCCSP-based crypto.Signer
// for the given BCCSP instance and key.
func New(csp bccsp.BCCSP, key bccsp.Key) (crypto.Signer, error) {
// Validate arguments
if csp == nil {
return nil, errors.New("bccsp instance must be different from nil.")
}
if key == nil {
return nil, errors.New("key must be different from nil.")
}
if key.Symmetric() {
return nil, errors.New("key must be asymmetric.")
}
// Marshall the bccsp public key as a crypto.PublicKey
pub, err := key.PublicKey()
if err != nil {
return nil, errors.Wrap(err, "failed getting public key")
}
raw, err := pub.Bytes()
if err != nil {
return nil, errors.Wrap(err, "failed marshalling public key")
}
pk, err := utils.DERToPublicKey(raw)
if err != nil {
return nil, errors.Wrap(err, "failed marshalling der to public key")
}
return &bccspCryptoSigner{csp, key, pk}, nil
}
// Public returns the public key corresponding to the opaque,
// private key.
func (s *bccspCryptoSigner) Public() crypto.PublicKey {
return s.pk
}
// Sign signs digest with the private key, possibly using entropy from rand.
// For an (EC)DSA key, it should be a DER-serialised, ASN.1 signature
// structure.
//
// Hash implements the SignerOpts interface and, in most cases, one can
// simply pass in the hash function used as opts. Sign may also attempt
// to type assert opts to other types in order to obtain algorithm
// specific values. See the documentation in each package for details.
//
// Note that when a signature of a hash of a larger message is needed,
// the caller is responsible for hashing the larger message and passing
// the hash (as digest) and the hash function (as opts) to Sign.
func (s *bccspCryptoSigner) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error) {
return s.csp.Sign(s.key, digest, opts)
}