-
Notifications
You must be signed in to change notification settings - Fork 0
/
csp.go
130 lines (111 loc) · 2.58 KB
/
csp.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
/*
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
*/
package csp
import (
"crypto"
"crypto/ecdsa"
"crypto/x509"
"encoding/pem"
"io/ioutil"
"os"
"path/filepath"
"strings"
"github.com/hyperledger/fabric/bccsp"
"github.com/hyperledger/fabric/bccsp/factory"
"github.com/hyperledger/fabric/bccsp/signer"
"github.com/pkg/errors"
)
// LoadPrivateKey loads a private key from file in keystorePath
func LoadPrivateKey(keystorePath string) (bccsp.Key, crypto.Signer, error) {
var err error
var priv bccsp.Key
var s crypto.Signer
opts := &factory.FactoryOpts{
ProviderName: "SW",
SwOpts: &factory.SwOpts{
HashFamily: "SHA2",
SecLevel: 256,
FileKeystore: &factory.FileKeystoreOpts{
KeyStorePath: keystorePath,
},
},
}
csp, err := factory.GetBCCSPFromOpts(opts)
if err != nil {
return nil, nil, err
}
walkFunc := func(path string, info os.FileInfo, err error) error {
if strings.HasSuffix(path, "_sk") {
rawKey, err := ioutil.ReadFile(path)
if err != nil {
return err
}
block, _ := pem.Decode(rawKey)
if block == nil {
return errors.Errorf("%s: wrong PEM encoding", path)
}
priv, err = csp.KeyImport(block.Bytes, &bccsp.ECDSAPrivateKeyImportOpts{Temporary: true})
if err != nil {
return err
}
s, err = signer.New(csp, priv)
if err != nil {
return err
}
return nil
}
return nil
}
err = filepath.Walk(keystorePath, walkFunc)
if err != nil {
return nil, nil, err
}
return priv, s, err
}
// GeneratePrivateKey creates a private key and stores it in keystorePath
func GeneratePrivateKey(keystorePath string) (bccsp.Key,
crypto.Signer, error) {
var err error
var priv bccsp.Key
var s crypto.Signer
opts := &factory.FactoryOpts{
ProviderName: "SW",
SwOpts: &factory.SwOpts{
HashFamily: "SHA2",
SecLevel: 256,
FileKeystore: &factory.FileKeystoreOpts{
KeyStorePath: keystorePath,
},
},
}
csp, err := factory.GetBCCSPFromOpts(opts)
if err == nil {
// generate a key
priv, err = csp.KeyGen(&bccsp.ECDSAP256KeyGenOpts{Temporary: false})
if err == nil {
// create a crypto.Signer
s, err = signer.New(csp, priv)
}
}
return priv, s, err
}
func GetECPublicKey(priv bccsp.Key) (*ecdsa.PublicKey, error) {
// get the public key
pubKey, err := priv.PublicKey()
if err != nil {
return nil, err
}
// marshal to bytes
pubKeyBytes, err := pubKey.Bytes()
if err != nil {
return nil, err
}
// unmarshal using pkix
ecPubKey, err := x509.ParsePKIXPublicKey(pubKeyBytes)
if err != nil {
return nil, err
}
return ecPubKey.(*ecdsa.PublicKey), nil
}