From 26b3d2eeb2042ae043ea4282e1ebac63ca3e56ac Mon Sep 17 00:00:00 2001 From: Sudesh Shetty Date: Wed, 22 Nov 2017 16:37:03 -0500 Subject: [PATCH] [FAB-6983] bccsp import refactoring Change highlights: - Internal bccsp is not directly referred anywhere in SDK including internal fabric-ca. - All bccsp call is going through cryptosuitebridge - Internal bccsp is still referred in some mocks and integration-test for testdata. Change-Id: I267361869ace224842ebf3ebeffad551aed6c0ef Signed-off-by: Sudesh Shetty --- api/apicryptosuite/cryptosuite.go | 13 +- .../hyperledger/fabric-ca/lib/clientconfig.go | 2 +- .../hyperledger/fabric-ca/lib/tls/tls.go | 6 +- .../cryptosuitebridge/cryptosuitebridge.go | 172 ++++++++++++++++ .../hyperledger/fabric-ca/util/csp.go | 36 ++-- .../hyperledger/fabric-ca/util/util.go | 8 +- .../fabric/common/channelconfig/util.go | 2 +- .../hyperledger/fabric/common/util/utils.go | 5 +- .../github.com/hyperledger/fabric/msp/cert.go | 2 +- .../hyperledger/fabric/msp/identities.go | 13 +- .../hyperledger/fabric/msp/mspimpl.go | 20 +- .../hyperledger/fabric/msp/mspimplsetup.go | 2 +- .../fabric/protos/utils/proputils.go | 5 +- .../cryptosuitebridge/cryptosuitebridge.go | 172 ++++++++++++++++ pkg/cryptosuite/bccsp/cryptosuite.go | 30 ++- pkg/cryptosuite/bccsp/cryptosuite_test.go | 62 ++---- pkg/fabric-ca-client/fabricca.go | 16 +- pkg/fabric-ca-client/fabricca_test.go | 22 +- pkg/fabric-client/client_test.go | 8 +- pkg/fabric-client/events/eventmocks.go | 13 +- pkg/fabric-client/mocks/mockcryptosuite.go | 5 + pkg/fabric-client/signingmgr/signingmgr.go | 4 +- .../fabric-ca/apply_fabric_ca_client_utils.sh | 34 ++-- .../fabric-ca/apply_upstream.sh | 3 +- .../fabric-ca/patches/0004-cryptosuite.patch | 191 ++++++++++++++++++ .../fabric/apply_fabric_client_utils.sh | 28 ++- .../fabric/apply_fabric_protos_internal.sh | 2 + .../third_party_pins/fabric/apply_upstream.sh | 2 +- .../fabric/patches/0004-cryptosuite.patch | 191 ++++++++++++++++++ 29 files changed, 886 insertions(+), 183 deletions(-) create mode 100644 internal/github.com/hyperledger/fabric-ca/sdkpatch/cryptosuitebridge/cryptosuitebridge.go create mode 100644 internal/github.com/hyperledger/fabric/sdkpatch/cryptosuitebridge/cryptosuitebridge.go create mode 100644 scripts/third_party_pins/fabric-ca/patches/0004-cryptosuite.patch create mode 100644 scripts/third_party_pins/fabric/patches/0004-cryptosuite.patch diff --git a/api/apicryptosuite/cryptosuite.go b/api/apicryptosuite/cryptosuite.go index f9f2d4a58e..d1df4029d7 100644 --- a/api/apicryptosuite/cryptosuite.go +++ b/api/apicryptosuite/cryptosuite.go @@ -23,7 +23,10 @@ CryptoSuite interface defined in this file acts as a wrapper for package apicryptosuite -import "crypto" +import ( + "crypto" + "hash" +) //CryptoSuite adaptor for all bccsp functionalities used by SDK type CryptoSuite interface { @@ -43,6 +46,10 @@ type CryptoSuite interface { // If opts is nil, the default hash function will be used. Hash(msg []byte, opts HashOpts) (hash []byte, err error) + // GetHash returns and instance of hash.Hash using options opts. + // If opts is nil, the default hash function will be returned. + GetHash(opts HashOpts) (h hash.Hash, err error) + // Sign signs digest using key k. // The opts argument should be appropriate for the algorithm used. // @@ -50,6 +57,10 @@ type CryptoSuite interface { // the caller is responsible for hashing the larger message and passing // the hash (as digest). Sign(k Key, digest []byte, opts SignerOpts) (signature []byte, err error) + + // Verify verifies signature against key k and digest + // The opts argument should be appropriate for the algorithm used. + Verify(k Key, signature, digest []byte, opts SignerOpts) (valid bool, err error) } // Key represents a cryptographic key diff --git a/internal/github.com/hyperledger/fabric-ca/lib/clientconfig.go b/internal/github.com/hyperledger/fabric-ca/lib/clientconfig.go index 060394a1e6..cea8b1d85c 100644 --- a/internal/github.com/hyperledger/fabric-ca/lib/clientconfig.go +++ b/internal/github.com/hyperledger/fabric-ca/lib/clientconfig.go @@ -23,7 +23,7 @@ package lib import ( "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/api" "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/lib/tls" - "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory" + factory "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/sdkpatch/cryptosuitebridge" ) // ClientConfig is the fabric-ca client's config diff --git a/internal/github.com/hyperledger/fabric-ca/lib/tls/tls.go b/internal/github.com/hyperledger/fabric-ca/lib/tls/tls.go index 4c148179a0..cdb23124b3 100644 --- a/internal/github.com/hyperledger/fabric-ca/lib/tls/tls.go +++ b/internal/github.com/hyperledger/fabric-ca/lib/tls/tls.go @@ -27,13 +27,11 @@ import ( "time" "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" - cryptosuite "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp" - "github.com/hyperledger/fabric-sdk-go/pkg/errors" + factory "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/sdkpatch/cryptosuitebridge" log "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/sdkpatch/logbridge" "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/util" - "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory" ) // ServerTLSConfig defines key material for a TLS server @@ -68,7 +66,7 @@ func GetClientTLSConfig(cfg *ClientTLSConfig, csp apicryptosuite.CryptoSuite) (* var certs []tls.Certificate if csp == nil { - csp = cryptosuite.GetSuite(factory.GetDefault()) + csp = factory.GetDefault() } log.Debugf("CA Files: %+v\n", cfg.CertFiles) diff --git a/internal/github.com/hyperledger/fabric-ca/sdkpatch/cryptosuitebridge/cryptosuitebridge.go b/internal/github.com/hyperledger/fabric-ca/sdkpatch/cryptosuitebridge/cryptosuitebridge.go new file mode 100644 index 0000000000..677aa8b3ce --- /dev/null +++ b/internal/github.com/hyperledger/fabric-ca/sdkpatch/cryptosuitebridge/cryptosuitebridge.go @@ -0,0 +1,172 @@ +/* +Copyright SecureKey Technologies Inc. All Rights Reserved. + +SPDX-License-Identifier: Apache-2.0 +*/ +/* +Notice: This file has been modified for Hyperledger Fabric SDK Go usage. +Please review third_party pinning scripts and patches for more details. +*/ + +package cryptosuitebridge + +import ( + "crypto" + "crypto/ecdsa" + + "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" + "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" + "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory" + cspsigner "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/signer" + "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/sw" + "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/utils" + cryptosuite "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp" +) + +const ( + ECDSA = bccsp.ECDSA + ECDSAP256 = bccsp.ECDSAP256 + ECDSAP384 = bccsp.ECDSAP384 + ECDSAReRand = bccsp.ECDSAReRand + RSA = bccsp.RSA + RSA1024 = bccsp.RSA1024 + RSA2048 = bccsp.RSA2048 + RSA3072 = bccsp.RSA3072 + RSA4096 = bccsp.RSA4096 + AES = bccsp.AES + AES128 = bccsp.AES128 + AES192 = bccsp.AES192 + AES256 = bccsp.AES256 + HMAC = bccsp.HMAC + HMACTruncated256 = bccsp.HMACTruncated256 + SHA = bccsp.SHA + SHA2 = bccsp.SHA2 + SHA3 = bccsp.SHA3 + SHA256 = bccsp.SHA256 + SHA384 = bccsp.SHA384 + SHA3_256 = bccsp.SHA3_256 + SHA3_384 = bccsp.SHA3_384 + X509Certificate = bccsp.X509Certificate +) + +// FactoryOpts holds configuration information used to initialize bccsp factory implementations +type FactoryOpts struct { + *factory.FactoryOpts +} + +//GetBCCSPFromOpts is a bridge for factory.GetBCCSPFromOpts(config) +func GetBCCSPFromOpts(config *FactoryOpts) (apicryptosuite.CryptoSuite, error) { + bccsp, err := factory.GetBCCSPFromOpts(getFactoryOpts(config)) + if err != nil { + return nil, err + } + return cryptosuite.GetSuite(bccsp), nil +} + +//InitFactories is a bridge for bccsp factory.InitFactories(config) +func InitFactories(config *FactoryOpts) error { + return factory.InitFactories(getFactoryOpts(config)) +} + +// PEMtoPrivateKey is a bridge for bccsp utils.PEMtoPrivateKey() +func PEMtoPrivateKey(raw []byte, pwd []byte) (interface{}, error) { + return utils.PEMtoPrivateKey(raw, pwd) +} + +// PrivateKeyToDER marshals is bridge for utils.PrivateKeyToDER +func PrivateKeyToDER(privateKey *ecdsa.PrivateKey) ([]byte, error) { + return utils.PrivateKeyToDER(privateKey) +} + +// NewCspsigner is a bridge for bccsp signer.New call +func NewCspsigner(csp apicryptosuite.CryptoSuite, key apicryptosuite.Key) (crypto.Signer, error) { + return cspsigner.New(csp, key) +} + +//NewEmptySwOpts creates new empty bccsp factory.SwOpts +func NewSwOpts() *factory.SwOpts { + return &factory.SwOpts{} +} + +//NewEmptyFileKeystoreOpts creates new empty bccsp factory.FileKeystoreOpts +func NewFileKeystoreOpts() *factory.FileKeystoreOpts { + return &factory.FileKeystoreOpts{} +} + +//GetFactoryDefaultCryptoSuite creates new cryptosuite from bccsp factory default +func GetDefault() apicryptosuite.CryptoSuite { + return cryptosuite.GetSuite(factory.GetDefault()) +} + +//SignatureToLowS is a bridge for bccsp sw.SignatureToLowS() +func SignatureToLowS(k *ecdsa.PublicKey, signature []byte) ([]byte, error) { + return sw.SignatureToLowS(k, signature) +} + +//GetHashOpt is a bridge for bccsp util GetHashOpt +func GetHashOpt(hashFunction string) (apicryptosuite.HashOpts, error) { + return bccsp.GetHashOpt(hashFunction) +} + +func getFactoryOpts(config *FactoryOpts) *factory.FactoryOpts { + if config == nil { + return nil + } + return &factory.FactoryOpts{ + SwOpts: config.SwOpts, + ProviderName: config.ProviderName, + Pkcs11Opts: config.Pkcs11Opts, + PluginOpts: config.PluginOpts, + } +} + +//GetSHAOpts returns options for computing SHA. +func GetSHAOpts() apicryptosuite.HashOpts { + return &bccsp.SHAOpts{} +} + +//GetSHA256Opts returns options relating to SHA-256. +func GetSHA256Opts() apicryptosuite.HashOpts { + return &bccsp.SHA256Opts{} +} + +//GetRSA2048KeyGenOpts returns options for RSA key generation at 2048 security. +func GetRSA2048KeyGenOpts(ephemeral bool) apicryptosuite.KeyGenOpts { + return &bccsp.RSA2048KeyGenOpts{Temporary: ephemeral} +} + +//GetRSA3072KeyGenOpts returns options for RSA key generation at 3072 security. +func GetRSA3072KeyGenOpts(ephemeral bool) apicryptosuite.KeyGenOpts { + return &bccsp.RSA3072KeyGenOpts{Temporary: ephemeral} +} + +//GetRSA4096KeyGenOpts returns options for RSA key generation at 4096 security. +func GetRSA4096KeyGenOpts(ephemeral bool) apicryptosuite.KeyGenOpts { + return &bccsp.RSA4096KeyGenOpts{Temporary: ephemeral} +} + +// GetECDSAKeyGenOpts returns options for ECDSA key generation. +func GetECDSAKeyGenOpts(ephemeral bool) apicryptosuite.KeyGenOpts { + return &bccsp.ECDSAKeyGenOpts{Temporary: ephemeral} +} + +//GetECDSAP256KeyGenOpts returns options for ECDSA key generation with curve P-256. +func GetECDSAP256KeyGenOpts(ephemeral bool) apicryptosuite.KeyGenOpts { + return &bccsp.ECDSAP256KeyGenOpts{Temporary: ephemeral} +} + +//GetECDSAP384KeyGenOpts options for ECDSA key generation with curve P-384. +func GetECDSAP384KeyGenOpts(ephemeral bool) apicryptosuite.KeyGenOpts { + return &bccsp.ECDSAP384KeyGenOpts{Temporary: ephemeral} +} + +//GetX509PublicKeyImportOpts options for importing public keys from an x509 certificate +func GetX509PublicKeyImportOpts(ephemeral bool) apicryptosuite.KeyImportOpts { + return &bccsp.X509PublicKeyImportOpts{Temporary: ephemeral} +} + +//GetECDSAPrivateKeyImportOpts options for ECDSA secret key importation in DER format +// or PKCS#8 format. +func GetECDSAPrivateKeyImportOpts(ephemeral bool) apicryptosuite.KeyImportOpts { + return &bccsp.ECDSAPrivateKeyImportOpts{Temporary: ephemeral} +} diff --git a/internal/github.com/hyperledger/fabric-ca/util/csp.go b/internal/github.com/hyperledger/fabric-ca/util/csp.go index e3655f94fb..5b498aab96 100644 --- a/internal/github.com/hyperledger/fabric-ca/util/csp.go +++ b/internal/github.com/hyperledger/fabric-ca/util/csp.go @@ -37,12 +37,8 @@ import ( "github.com/cloudflare/cfssl/csr" "github.com/cloudflare/cfssl/helpers" + factory "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/sdkpatch/cryptosuitebridge" log "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/sdkpatch/logbridge" - "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" - "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory" - cspsigner "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/signer" - "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/utils" - cryptosuite "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp" ) // InitBCCSP initializes BCCSP @@ -73,7 +69,7 @@ func ConfigureBCCSP(optsPtr **factory.FactoryOpts, mspDir, homeDir string) error } if strings.ToUpper(opts.ProviderName) == "SW" { if opts.SwOpts == nil { - opts.SwOpts = &factory.SwOpts{} + opts.SwOpts = factory.NewSwOpts() } if opts.SwOpts.HashFamily == "" { opts.SwOpts.HashFamily = "SHA2" @@ -82,7 +78,7 @@ func ConfigureBCCSP(optsPtr **factory.FactoryOpts, mspDir, homeDir string) error opts.SwOpts.SecLevel = 256 } if opts.SwOpts.FileKeystore == nil { - opts.SwOpts.FileKeystore = &factory.FileKeystoreOpts{} + opts.SwOpts.FileKeystore = factory.NewFileKeystoreOpts() } // The mspDir overrides the KeyStorePath; otherwise, if not set, set default if mspDir != "" { @@ -119,7 +115,7 @@ func GetBCCSP(opts *factory.FactoryOpts, homeDir string) (apicryptosuite.CryptoS if err != nil { return nil, errors.WithMessage(err, "Failed to get BCCSP with opts") } - return cryptosuite.GetSuite(csp), nil + return csp, nil } // makeFileNamesAbsolute makes all relative file names associated with CSP absolute, @@ -137,18 +133,18 @@ func makeFileNamesAbsolute(opts *factory.FactoryOpts, homeDir string) error { // This supports ECDSA and RSA. func getBCCSPKeyOpts(kr csr.KeyRequest, ephemeral bool) (opts apicryptosuite.KeyGenOpts, err error) { if kr == nil { - return &bccsp.ECDSAKeyGenOpts{Temporary: ephemeral}, nil + return factory.GetECDSAKeyGenOpts(ephemeral), nil } log.Debugf("generate key from request: algo=%s, size=%d", kr.Algo(), kr.Size()) switch kr.Algo() { case "rsa": switch kr.Size() { case 2048: - return &bccsp.RSA2048KeyGenOpts{Temporary: ephemeral}, nil + return factory.GetRSA2048KeyGenOpts(ephemeral), nil case 3072: - return &bccsp.RSA3072KeyGenOpts{Temporary: ephemeral}, nil + return factory.GetRSA3072KeyGenOpts(ephemeral), nil case 4096: - return &bccsp.RSA4096KeyGenOpts{Temporary: ephemeral}, nil + return factory.GetRSA4096KeyGenOpts(ephemeral), nil default: // Need to add a way to specify arbitrary RSA key size to bccsp return nil, errors.Errorf("Invalid RSA key size: %d", kr.Size()) @@ -156,9 +152,9 @@ func getBCCSPKeyOpts(kr csr.KeyRequest, ephemeral bool) (opts apicryptosuite.Key case "ecdsa": switch kr.Size() { case 256: - return &bccsp.ECDSAP256KeyGenOpts{Temporary: ephemeral}, nil + return factory.GetECDSAP256KeyGenOpts(ephemeral), nil case 384: - return &bccsp.ECDSAP384KeyGenOpts{Temporary: ephemeral}, nil + return factory.GetECDSAP384KeyGenOpts(ephemeral), nil case 521: // Need to add curve P521 to bccsp // return &bccsp.ECDSAP512KeyGenOpts{Temporary: false}, nil @@ -177,7 +173,7 @@ func GetSignerFromCert(cert *x509.Certificate, csp apicryptosuite.CryptoSuite) ( return nil, nil, errors.New("CSP was not initialized") } // get the public key in the right format - certPubK, err := csp.KeyImport(cert, &bccsp.X509PublicKeyImportOpts{Temporary: true}) + certPubK, err := csp.KeyImport(cert, factory.GetX509PublicKeyImportOpts(true)) if err != nil { return nil, nil, errors.WithMessage(err, "Failed to import certificate's public key") } @@ -187,7 +183,7 @@ func GetSignerFromCert(cert *x509.Certificate, csp apicryptosuite.CryptoSuite) ( return nil, nil, errors.WithMessage(err, "Could not find matching private key for SKI") } // Construct and initialize the signer - signer, err := cspsigner.New(csp, privateKey) + signer, err := factory.NewCspsigner(csp, privateKey) if err != nil { return nil, nil, errors.WithMessage(err, "Failed to load ski from bccsp") } @@ -224,7 +220,7 @@ func BCCSPKeyRequestGenerate(req *csr.CertificateRequest, myCSP apicryptosuite.C return nil, nil, err } - cspSigner, err := cspsigner.New(myCSP, key) + cspSigner, err := factory.NewCspsigner(myCSP, key) if err != nil { return nil, nil, errors.WithMessage(err, "Failed initializing CryptoSigner") } @@ -237,17 +233,17 @@ func ImportBCCSPKeyFromPEM(keyFile string, myCSP apicryptosuite.CryptoSuite, tem if err != nil { return nil, err } - key, err := utils.PEMtoPrivateKey(keyBuff, nil) + key, err := factory.PEMtoPrivateKey(keyBuff, nil) if err != nil { return nil, errors.WithMessage(err, fmt.Sprintf("Failed parsing private key from %s", keyFile)) } switch key.(type) { case *ecdsa.PrivateKey: - priv, err := utils.PrivateKeyToDER(key.(*ecdsa.PrivateKey)) + priv, err := factory.PrivateKeyToDER(key.(*ecdsa.PrivateKey)) if err != nil { return nil, errors.WithMessage(err, fmt.Sprintf("Failed to convert ECDSA private key for '%s'", keyFile)) } - sk, err := myCSP.KeyImport(priv, &bccsp.ECDSAPrivateKeyImportOpts{Temporary: temporary}) + sk, err := myCSP.KeyImport(priv, factory.GetECDSAPrivateKeyImportOpts(temporary)) if err != nil { return nil, errors.WithMessage(err, fmt.Sprintf("Failed to import ECDSA private key for '%s'", keyFile)) } diff --git a/internal/github.com/hyperledger/fabric-ca/util/util.go b/internal/github.com/hyperledger/fabric-ca/util/util.go index 6cca660a5e..286e0b4ed4 100644 --- a/internal/github.com/hyperledger/fabric-ca/util/util.go +++ b/internal/github.com/hyperledger/fabric-ca/util/util.go @@ -31,6 +31,10 @@ import ( "io/ioutil" "math/big" mrand "math/rand" + + "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" + factory "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/sdkpatch/cryptosuitebridge" + "net/http" "path/filepath" "reflect" @@ -38,10 +42,8 @@ import ( "strings" "time" - "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" "github.com/hyperledger/fabric-sdk-go/pkg/errors" - "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" "golang.org/x/crypto/ocsp" ) @@ -168,7 +170,7 @@ func GenECDSAToken(csp apicryptosuite.CryptoSuite, cert []byte, key apicryptosui b64cert := B64Encode(cert) bodyAndcert := b64body + "." + b64cert - digest, digestError := csp.Hash([]byte(bodyAndcert), &bccsp.SHAOpts{}) + digest, digestError := csp.Hash([]byte(bodyAndcert), factory.GetSHAOpts()) if digestError != nil { return "", errors.WithMessage(digestError, fmt.Sprintf("Hash failed on '%s'", bodyAndcert)) } diff --git a/internal/github.com/hyperledger/fabric/common/channelconfig/util.go b/internal/github.com/hyperledger/fabric/common/channelconfig/util.go index 0a5ae1ca9a..69581c68fa 100644 --- a/internal/github.com/hyperledger/fabric/common/channelconfig/util.go +++ b/internal/github.com/hyperledger/fabric/common/channelconfig/util.go @@ -13,7 +13,7 @@ package channelconfig import ( "math" - "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" + bccsp "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/sdkpatch/cryptosuitebridge" ) const ( diff --git a/internal/github.com/hyperledger/fabric/common/util/utils.go b/internal/github.com/hyperledger/fabric/common/util/utils.go index 8a47776c8b..bd1e1078b3 100644 --- a/internal/github.com/hyperledger/fabric/common/util/utils.go +++ b/internal/github.com/hyperledger/fabric/common/util/utils.go @@ -25,8 +25,7 @@ import ( "time" "github.com/golang/protobuf/ptypes/timestamp" - "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" - "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory" + factory "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/sdkpatch/cryptosuitebridge" ) type alg struct { @@ -41,7 +40,7 @@ var availableIDgenAlgs = map[string]alg{ // ComputeSHA256 returns SHA2-256 on data func ComputeSHA256(data []byte) (hash []byte) { - hash, err := factory.GetDefault().Hash(data, &bccsp.SHA256Opts{}) + hash, err := factory.GetDefault().Hash(data, factory.GetSHA256Opts()) if err != nil { panic(fmt.Errorf("Failed computing SHA256 on [% x]", data)) } diff --git a/internal/github.com/hyperledger/fabric/msp/cert.go b/internal/github.com/hyperledger/fabric/msp/cert.go index 6ef3b6893f..a5793375a5 100644 --- a/internal/github.com/hyperledger/fabric/msp/cert.go +++ b/internal/github.com/hyperledger/fabric/msp/cert.go @@ -31,7 +31,7 @@ import ( "math/big" "time" - "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/sw" + sw "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/sdkpatch/cryptosuitebridge" "github.com/hyperledger/fabric-sdk-go/pkg/errors" ) diff --git a/internal/github.com/hyperledger/fabric/msp/identities.go b/internal/github.com/hyperledger/fabric/msp/identities.go index bd67d6ca6f..49977e9358 100644 --- a/internal/github.com/hyperledger/fabric/msp/identities.go +++ b/internal/github.com/hyperledger/fabric/msp/identities.go @@ -25,11 +25,14 @@ import ( "crypto/rand" "crypto/x509" "encoding/hex" + + "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" + "encoding/pem" "time" "github.com/golang/protobuf/proto" - "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" + bccsp "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/sdkpatch/cryptosuitebridge" flogging "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/sdkpatch/logbridge" logging "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/sdkpatch/logbridge" "github.com/hyperledger/fabric-sdk-go/pkg/errors" @@ -46,13 +49,13 @@ type identity struct { cert *x509.Certificate // this is the public key of this instance - pk bccsp.Key + pk apicryptosuite.Key // reference to the MSP that "owns" this identity msp *bccspmsp } -func newIdentity(cert *x509.Certificate, pk bccsp.Key, msp *bccspmsp) (Identity, error) { +func newIdentity(cert *x509.Certificate, pk apicryptosuite.Key, msp *bccspmsp) (Identity, error) { if mspIdentityLogger.IsEnabledFor(logging.DEBUG) { mspIdentityLogger.Debugf("Creating identity instance for cert %s", certToPEM(cert)) } @@ -184,7 +187,7 @@ func (id *identity) Serialize() ([]byte, error) { return idBytes, nil } -func (id *identity) getHashOpt(hashFamily string) (bccsp.HashOpts, error) { +func (id *identity) getHashOpt(hashFamily string) (apicryptosuite.HashOpts, error) { switch hashFamily { case bccsp.SHA2: return bccsp.GetHashOpt(bccsp.SHA256) @@ -202,7 +205,7 @@ type signingidentity struct { signer crypto.Signer } -func newSigningIdentity(cert *x509.Certificate, pk bccsp.Key, signer crypto.Signer, msp *bccspmsp) (SigningIdentity, error) { +func newSigningIdentity(cert *x509.Certificate, pk apicryptosuite.Key, signer crypto.Signer, msp *bccspmsp) (SigningIdentity, error) { //mspIdentityLogger.Infof("Creating signing identity instance for ID %s", id) mspId, err := newIdentity(cert, pk, msp) if err != nil { diff --git a/internal/github.com/hyperledger/fabric/msp/mspimpl.go b/internal/github.com/hyperledger/fabric/msp/mspimpl.go index 4a8b3507f9..654025241b 100644 --- a/internal/github.com/hyperledger/fabric/msp/mspimpl.go +++ b/internal/github.com/hyperledger/fabric/msp/mspimpl.go @@ -19,10 +19,8 @@ import ( "fmt" "github.com/golang/protobuf/proto" - "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" - "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory" - "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/signer" - cryptosuite "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp" + "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" + factory "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/sdkpatch/cryptosuitebridge" "github.com/hyperledger/fabric-sdk-go/pkg/errors" m "github.com/hyperledger/fabric-sdk-go/third_party/github.com/hyperledger/fabric/protos/msp" ) @@ -71,7 +69,7 @@ type bccspmsp struct { admins []Identity // the crypto provider - bccsp bccsp.BCCSP + bccsp apicryptosuite.CryptoSuite // the provider identifier for this MSP name string @@ -141,7 +139,7 @@ func (msp *bccspmsp) getCertFromPem(idBytes []byte) (*x509.Certificate, error) { return cert, nil } -func (msp *bccspmsp) getIdentityFromConf(idBytes []byte) (Identity, bccsp.Key, error) { +func (msp *bccspmsp) getIdentityFromConf(idBytes []byte) (Identity, apicryptosuite.Key, error) { // get a cert cert, err := msp.getCertFromPem(idBytes) if err != nil { @@ -149,7 +147,7 @@ func (msp *bccspmsp) getIdentityFromConf(idBytes []byte) (Identity, bccsp.Key, e } // get the public key in the right format - certPubK, err := msp.bccsp.KeyImport(cert, &bccsp.X509PublicKeyImportOpts{Temporary: true}) + certPubK, err := msp.bccsp.KeyImport(cert, factory.GetX509PublicKeyImportOpts(true)) mspId, err := newIdentity(cert, certPubK, msp) if err != nil { @@ -180,14 +178,14 @@ func (msp *bccspmsp) getSigningIdentityFromConf(sidInfo *m.SigningIdentityInfo) } pemKey, _ := pem.Decode(sidInfo.PrivateSigner.KeyMaterial) - privKey, err = msp.bccsp.KeyImport(pemKey.Bytes, &bccsp.ECDSAPrivateKeyImportOpts{Temporary: true}) + privKey, err = msp.bccsp.KeyImport(pemKey.Bytes, factory.GetECDSAPrivateKeyImportOpts(true)) if err != nil { return nil, errors.WithMessage(err, "getIdentityFromBytes error: Failed to import EC private key") } } // get the peer signer - peerSigner, err := signer.New(cryptosuite.GetSuite(msp.bccsp), cryptosuite.GetKey(privKey)) + peerSigner, err := factory.NewCspsigner(msp.bccsp, privKey) if err != nil { return nil, errors.WithMessage(err, "getIdentityFromBytes error: Failed initializing bccspCryptoSigner") } @@ -319,7 +317,7 @@ func (msp *bccspmsp) deserializeIdentityInternal(serializedIdentity []byte) (Ide // We can't do it yet because there is no standardized way // (yet) to encode the MSP ID into the x.509 body of a cert - pub, err := msp.bccsp.KeyImport(cert, &bccsp.X509PublicKeyImportOpts{Temporary: true}) + pub, err := msp.bccsp.KeyImport(cert, factory.GetX509PublicKeyImportOpts(true)) if err != nil { return nil, errors.WithMessage(err, "failed to import certificate's public key") } @@ -512,7 +510,7 @@ func (msp *bccspmsp) getCertificationChainIdentifier(id Identity) ([]byte, error func (msp *bccspmsp) getCertificationChainIdentifierFromChain(chain []*x509.Certificate) ([]byte, error) { // Hash the chain // Use the hash of the identity's certificate as id in the IdentityIdentifier - hashOpt, err := bccsp.GetHashOpt(msp.cryptoConfig.IdentityIdentifierHashFunction) + hashOpt, err := factory.GetHashOpt(msp.cryptoConfig.IdentityIdentifierHashFunction) if err != nil { return nil, errors.WithMessage(err, "failed getting hash function options") } diff --git a/internal/github.com/hyperledger/fabric/msp/mspimplsetup.go b/internal/github.com/hyperledger/fabric/msp/mspimplsetup.go index 1752349a40..189303f25f 100644 --- a/internal/github.com/hyperledger/fabric/msp/mspimplsetup.go +++ b/internal/github.com/hyperledger/fabric/msp/mspimplsetup.go @@ -16,7 +16,7 @@ import ( "crypto/x509/pkix" "fmt" - "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" + bccsp "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/sdkpatch/cryptosuitebridge" "github.com/hyperledger/fabric-sdk-go/pkg/errors" m "github.com/hyperledger/fabric-sdk-go/third_party/github.com/hyperledger/fabric/protos/msp" ) diff --git a/internal/github.com/hyperledger/fabric/protos/utils/proputils.go b/internal/github.com/hyperledger/fabric/protos/utils/proputils.go index 9dcb26a973..059b8395e0 100644 --- a/internal/github.com/hyperledger/fabric/protos/utils/proputils.go +++ b/internal/github.com/hyperledger/fabric/protos/utils/proputils.go @@ -16,10 +16,9 @@ import ( "encoding/hex" "github.com/golang/protobuf/proto" - "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" - "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory" "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/common/crypto" "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/common/util" + factory "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/sdkpatch/cryptosuitebridge" "github.com/hyperledger/fabric-sdk-go/third_party/github.com/hyperledger/fabric/protos/common" "github.com/hyperledger/fabric-sdk-go/third_party/github.com/hyperledger/fabric/protos/peer" ) @@ -283,7 +282,7 @@ func ComputeProposalTxID(nonce, creator []byte) (string, error) { // channel configuration digest, err := factory.GetDefault().Hash( append(nonce, creator...), - &bccsp.SHA256Opts{}) + factory.GetSHA256Opts()) if err != nil { return "", err } diff --git a/internal/github.com/hyperledger/fabric/sdkpatch/cryptosuitebridge/cryptosuitebridge.go b/internal/github.com/hyperledger/fabric/sdkpatch/cryptosuitebridge/cryptosuitebridge.go new file mode 100644 index 0000000000..677aa8b3ce --- /dev/null +++ b/internal/github.com/hyperledger/fabric/sdkpatch/cryptosuitebridge/cryptosuitebridge.go @@ -0,0 +1,172 @@ +/* +Copyright SecureKey Technologies Inc. All Rights Reserved. + +SPDX-License-Identifier: Apache-2.0 +*/ +/* +Notice: This file has been modified for Hyperledger Fabric SDK Go usage. +Please review third_party pinning scripts and patches for more details. +*/ + +package cryptosuitebridge + +import ( + "crypto" + "crypto/ecdsa" + + "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" + "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" + "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory" + cspsigner "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/signer" + "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/sw" + "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/utils" + cryptosuite "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp" +) + +const ( + ECDSA = bccsp.ECDSA + ECDSAP256 = bccsp.ECDSAP256 + ECDSAP384 = bccsp.ECDSAP384 + ECDSAReRand = bccsp.ECDSAReRand + RSA = bccsp.RSA + RSA1024 = bccsp.RSA1024 + RSA2048 = bccsp.RSA2048 + RSA3072 = bccsp.RSA3072 + RSA4096 = bccsp.RSA4096 + AES = bccsp.AES + AES128 = bccsp.AES128 + AES192 = bccsp.AES192 + AES256 = bccsp.AES256 + HMAC = bccsp.HMAC + HMACTruncated256 = bccsp.HMACTruncated256 + SHA = bccsp.SHA + SHA2 = bccsp.SHA2 + SHA3 = bccsp.SHA3 + SHA256 = bccsp.SHA256 + SHA384 = bccsp.SHA384 + SHA3_256 = bccsp.SHA3_256 + SHA3_384 = bccsp.SHA3_384 + X509Certificate = bccsp.X509Certificate +) + +// FactoryOpts holds configuration information used to initialize bccsp factory implementations +type FactoryOpts struct { + *factory.FactoryOpts +} + +//GetBCCSPFromOpts is a bridge for factory.GetBCCSPFromOpts(config) +func GetBCCSPFromOpts(config *FactoryOpts) (apicryptosuite.CryptoSuite, error) { + bccsp, err := factory.GetBCCSPFromOpts(getFactoryOpts(config)) + if err != nil { + return nil, err + } + return cryptosuite.GetSuite(bccsp), nil +} + +//InitFactories is a bridge for bccsp factory.InitFactories(config) +func InitFactories(config *FactoryOpts) error { + return factory.InitFactories(getFactoryOpts(config)) +} + +// PEMtoPrivateKey is a bridge for bccsp utils.PEMtoPrivateKey() +func PEMtoPrivateKey(raw []byte, pwd []byte) (interface{}, error) { + return utils.PEMtoPrivateKey(raw, pwd) +} + +// PrivateKeyToDER marshals is bridge for utils.PrivateKeyToDER +func PrivateKeyToDER(privateKey *ecdsa.PrivateKey) ([]byte, error) { + return utils.PrivateKeyToDER(privateKey) +} + +// NewCspsigner is a bridge for bccsp signer.New call +func NewCspsigner(csp apicryptosuite.CryptoSuite, key apicryptosuite.Key) (crypto.Signer, error) { + return cspsigner.New(csp, key) +} + +//NewEmptySwOpts creates new empty bccsp factory.SwOpts +func NewSwOpts() *factory.SwOpts { + return &factory.SwOpts{} +} + +//NewEmptyFileKeystoreOpts creates new empty bccsp factory.FileKeystoreOpts +func NewFileKeystoreOpts() *factory.FileKeystoreOpts { + return &factory.FileKeystoreOpts{} +} + +//GetFactoryDefaultCryptoSuite creates new cryptosuite from bccsp factory default +func GetDefault() apicryptosuite.CryptoSuite { + return cryptosuite.GetSuite(factory.GetDefault()) +} + +//SignatureToLowS is a bridge for bccsp sw.SignatureToLowS() +func SignatureToLowS(k *ecdsa.PublicKey, signature []byte) ([]byte, error) { + return sw.SignatureToLowS(k, signature) +} + +//GetHashOpt is a bridge for bccsp util GetHashOpt +func GetHashOpt(hashFunction string) (apicryptosuite.HashOpts, error) { + return bccsp.GetHashOpt(hashFunction) +} + +func getFactoryOpts(config *FactoryOpts) *factory.FactoryOpts { + if config == nil { + return nil + } + return &factory.FactoryOpts{ + SwOpts: config.SwOpts, + ProviderName: config.ProviderName, + Pkcs11Opts: config.Pkcs11Opts, + PluginOpts: config.PluginOpts, + } +} + +//GetSHAOpts returns options for computing SHA. +func GetSHAOpts() apicryptosuite.HashOpts { + return &bccsp.SHAOpts{} +} + +//GetSHA256Opts returns options relating to SHA-256. +func GetSHA256Opts() apicryptosuite.HashOpts { + return &bccsp.SHA256Opts{} +} + +//GetRSA2048KeyGenOpts returns options for RSA key generation at 2048 security. +func GetRSA2048KeyGenOpts(ephemeral bool) apicryptosuite.KeyGenOpts { + return &bccsp.RSA2048KeyGenOpts{Temporary: ephemeral} +} + +//GetRSA3072KeyGenOpts returns options for RSA key generation at 3072 security. +func GetRSA3072KeyGenOpts(ephemeral bool) apicryptosuite.KeyGenOpts { + return &bccsp.RSA3072KeyGenOpts{Temporary: ephemeral} +} + +//GetRSA4096KeyGenOpts returns options for RSA key generation at 4096 security. +func GetRSA4096KeyGenOpts(ephemeral bool) apicryptosuite.KeyGenOpts { + return &bccsp.RSA4096KeyGenOpts{Temporary: ephemeral} +} + +// GetECDSAKeyGenOpts returns options for ECDSA key generation. +func GetECDSAKeyGenOpts(ephemeral bool) apicryptosuite.KeyGenOpts { + return &bccsp.ECDSAKeyGenOpts{Temporary: ephemeral} +} + +//GetECDSAP256KeyGenOpts returns options for ECDSA key generation with curve P-256. +func GetECDSAP256KeyGenOpts(ephemeral bool) apicryptosuite.KeyGenOpts { + return &bccsp.ECDSAP256KeyGenOpts{Temporary: ephemeral} +} + +//GetECDSAP384KeyGenOpts options for ECDSA key generation with curve P-384. +func GetECDSAP384KeyGenOpts(ephemeral bool) apicryptosuite.KeyGenOpts { + return &bccsp.ECDSAP384KeyGenOpts{Temporary: ephemeral} +} + +//GetX509PublicKeyImportOpts options for importing public keys from an x509 certificate +func GetX509PublicKeyImportOpts(ephemeral bool) apicryptosuite.KeyImportOpts { + return &bccsp.X509PublicKeyImportOpts{Temporary: ephemeral} +} + +//GetECDSAPrivateKeyImportOpts options for ECDSA secret key importation in DER format +// or PKCS#8 format. +func GetECDSAPrivateKeyImportOpts(ephemeral bool) apicryptosuite.KeyImportOpts { + return &bccsp.ECDSAPrivateKeyImportOpts{Temporary: ephemeral} +} diff --git a/pkg/cryptosuite/bccsp/cryptosuite.go b/pkg/cryptosuite/bccsp/cryptosuite.go index 1337220a44..7a7450d34d 100644 --- a/pkg/cryptosuite/bccsp/cryptosuite.go +++ b/pkg/cryptosuite/bccsp/cryptosuite.go @@ -9,7 +9,7 @@ package bccsp import ( "fmt" - "encoding/json" + "hash" "github.com/hyperledger/fabric-sdk-go/api/apiconfig" "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" @@ -28,7 +28,7 @@ func GetSuite(bccsp bccsp.BCCSP) apicryptosuite.CryptoSuite { //GetSuiteByConfig returns cryptosuite adaptor for bccsp loaded according to given config func GetSuiteByConfig(config apiconfig.Config) (apicryptosuite.CryptoSuite, error) { - opts := getOptsByConfig(config) + opts := GetOptsByConfig(config) bccsp, err := bccspFactory.GetBCCSPFromOpts(opts) if err != nil { @@ -37,22 +37,8 @@ func GetSuiteByConfig(config apiconfig.Config) (apicryptosuite.CryptoSuite, erro return &cryptoSuite{bccsp}, nil } -//GetCryptoOptsJSON returns factory opts in json format -func GetCryptoOptsJSON(config apiconfig.Config) ([]byte, error) { - opts := getOptsByConfig(config) - jsonBytes, err := json.Marshal(opts) - if err != nil { - return nil, err - } - return jsonBytes, nil -} - -//GetSHAOpts returns bccsp SHA hashing opts -func GetSHAOpts() apicryptosuite.HashOpts { - return &bccsp.SHAOpts{} -} - -func getOptsByConfig(c apiconfig.Config) *bccspFactory.FactoryOpts { +//GetOptsByConfig Returns Factory opts for given SDK config +func GetOptsByConfig(c apiconfig.Config) *bccspFactory.FactoryOpts { var opts *bccspFactory.FactoryOpts switch c.SecurityProvider() { @@ -124,10 +110,18 @@ func (c *cryptoSuite) Hash(msg []byte, opts apicryptosuite.HashOpts) (hash []byt return c.bccsp.Hash(msg, opts) } +func (c *cryptoSuite) GetHash(opts apicryptosuite.HashOpts) (h hash.Hash, err error) { + return c.bccsp.GetHash(opts) +} + func (c *cryptoSuite) Sign(k apicryptosuite.Key, digest []byte, opts apicryptosuite.SignerOpts) (signature []byte, err error) { return c.bccsp.Sign(k.(*key).key, digest, opts) } +func (c *cryptoSuite) Verify(k apicryptosuite.Key, signature, digest []byte, opts apicryptosuite.SignerOpts) (valid bool, err error) { + return c.bccsp.Verify(k.(*key).key, signature, digest, opts) +} + type key struct { key bccsp.Key } diff --git a/pkg/cryptosuite/bccsp/cryptosuite_test.go b/pkg/cryptosuite/bccsp/cryptosuite_test.go index 1e62ddfdbe..28b16c7984 100644 --- a/pkg/cryptosuite/bccsp/cryptosuite_test.go +++ b/pkg/cryptosuite/bccsp/cryptosuite_test.go @@ -25,15 +25,14 @@ import ( ) const ( - mockIdentifier = "mock-test" - signedIdentifier = "-signed" - signingKey = "signing-key" - hashMessage = "-msg-bytes" - sampleKey = "sample-key" - getKey = "-getkey" - keyImport = "-keyimport" - keyGen = "-keygent" - shaHashOptsAlgorithm = "SHA" + mockIdentifier = "mock-test" + signedIdentifier = "-signed" + signingKey = "signing-key" + hashMessage = "-msg-bytes" + sampleKey = "sample-key" + getKey = "-getkey" + keyImport = "-keyimport" + keyGen = "-keygent" ) // TestMain Load testing config @@ -128,39 +127,6 @@ func TestCryptoSuiteByConfigFailures(t *testing.T) { } -func TestGetCryptoOptsJSON(t *testing.T) { - - expectedJSON := "{\"default\":\"SW\",\"SW\":{\"security\":256,\"hash\":\"SHA2\",\"filekeystore\":{\"KeyStorePath\":\"/tmp/msp\"}}}" - - //Prepare Config - mockCtrl := gomock.NewController(t) - defer mockCtrl.Finish() - mockConfig := mock_apiconfig.NewMockConfig(mockCtrl) - mockConfig.EXPECT().SecurityProvider().Return("SW") - mockConfig.EXPECT().SecurityAlgorithm().Return("SHA2") - mockConfig.EXPECT().SecurityLevel().Return(256) - mockConfig.EXPECT().KeyStorePath().Return("/tmp/msp") - mockConfig.EXPECT().Ephemeral().Return(false) - - //Get cryptosuite using config - cryptOptsJSON, err := GetCryptoOptsJSON(mockConfig) - utils.VerifyEmpty(t, err, "Not supposed to get error on GetCryptoOptsJSON call : %s", err) - utils.VerifyNotEmpty(t, cryptOptsJSON, "Supposed to get valid crypto opts") - - if string(cryptOptsJSON) != expectedJSON { - t.Fatalf("Found unexpected crypto opts JSON, \n expected: %s, \n received: %s", expectedJSON, string(cryptOptsJSON)) - } - -} - -func TestCryptoSuiteHashOpts(t *testing.T) { - //Get CryptoSuite SHA Opts - shaHashOpts := GetSHAOpts() - utils.VerifyNotEmpty(t, shaHashOpts, "Not supposed to be empty shaHashOpts") - utils.VerifyTrue(t, shaHashOpts.Algorithm() == shaHashOptsAlgorithm, "Unexpected SHA hash opts, expected [%s], got [%s]", shaHashOptsAlgorithm, shaHashOpts.Algorithm()) - -} - func verifyCryptoSuite(t *testing.T, samplecryptoSuite apicryptosuite.CryptoSuite) { //Test cryptosuite.Sign signedBytes, err := samplecryptoSuite.Sign(GetKey(getMockKey(signingKey)), nil, nil) @@ -228,6 +194,16 @@ func verifyCryptoSuite(t *testing.T, samplecryptoSuite apicryptosuite.CryptoSuit publikey, err = key.PublicKey() utils.VerifyEmpty(t, err, "Not supposed to get any error for samplecryptoSuite.KeyGen().PublicKey()") utils.VerifyNotEmpty(t, publikey, "Not supposed to get empty key for samplecryptoSuite.KeyGen().PublicKey()") + + //Test cryptosuite.GetHash + hash, err := samplecryptoSuite.GetHash(&bccsp.SHA256Opts{}) + utils.VerifyNotEmpty(t, err, "Supposed to get error for samplecryptoSuite.GetHash") + utils.VerifyEmpty(t, hash, "Supposed to get empty hash for samplecryptoSuite.GetHash") + + //Test cryptosuite.GetHash + valid, err := samplecryptoSuite.Verify(GetKey(getMockKey(signingKey)), nil, nil, nil) + utils.VerifyEmpty(t, err, "Not supposed to get error for samplecryptoSuite.Verify") + utils.VerifyTrue(t, valid, "Supposed to get true for samplecryptoSuite.Verify") } /* @@ -275,7 +251,7 @@ func (mock *mockBCCSP) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) ( } func (mock *mockBCCSP) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (valid bool, err error) { - return false, nil + return true, nil } func (mock *mockBCCSP) Encrypt(k bccsp.Key, plaintext []byte, opts bccsp.EncrypterOpts) (ciphertext []byte, err error) { diff --git a/pkg/fabric-ca-client/fabricca.go b/pkg/fabric-ca-client/fabricca.go index 11337e77d7..c726f0f019 100644 --- a/pkg/fabric-ca-client/fabricca.go +++ b/pkg/fabric-ca-client/fabricca.go @@ -16,10 +16,8 @@ import ( "github.com/hyperledger/fabric-sdk-go/pkg/config/urlutil" "github.com/hyperledger/fabric-sdk-go/pkg/logging" - "encoding/json" - "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" - bccspFactory "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory" + factory "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/sdkpatch/cryptosuitebridge" cryptosuite "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp" ) @@ -86,16 +84,8 @@ func NewFabricCAClient(config config.Config, org string) (*FabricCA, error) { c.Config.MSPDir = config.CAKeyStorePath() //Factory opts - //TODO below logic needs to be moved to internal/cryptosuite bridge - c.Config.CSP = &bccspFactory.FactoryOpts{} - optsbytes, err := cryptosuite.GetCryptoOptsJSON(config) - if err != nil { - return nil, err - } - err = json.Unmarshal(optsbytes, c.Config.CSP) - if err != nil { - return nil, err - } + opts := cryptosuite.GetOptsByConfig(config) + c.Config.CSP = &factory.FactoryOpts{opts} fabricCAClient := FabricCA{fabricCAClient: c} diff --git a/pkg/fabric-ca-client/fabricca_test.go b/pkg/fabric-ca-client/fabricca_test.go index 51cd54e6f0..d2223cf517 100644 --- a/pkg/fabric-ca-client/fabricca_test.go +++ b/pkg/fabric-ca-client/fabricca_test.go @@ -15,13 +15,12 @@ import ( "github.com/golang/mock/gomock" "github.com/hyperledger/fabric-sdk-go/api/apiconfig/mocks" - "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" "github.com/hyperledger/fabric-sdk-go/pkg/errors" config "github.com/hyperledger/fabric-sdk-go/api/apiconfig" ca "github.com/hyperledger/fabric-sdk-go/api/apifabca" - bccspFactory "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory" + factory "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/sdkpatch/cryptosuitebridge" cryptosuite "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp" "github.com/hyperledger/fabric-sdk-go/pkg/fabric-ca-client/mocks" "github.com/hyperledger/fabric-sdk-go/pkg/logging" @@ -122,7 +121,7 @@ func TestRegister(t *testing.T) { } user.SetEnrollmentCertificate(readCert(t)) - key, err := cryptosuite.GetSuite(bccspFactory.GetDefault()).KeyGen(&bccsp.ECDSAP256KeyGenOpts{}) + key, err := factory.GetDefault().KeyGen(factory.GetECDSAP256KeyGenOpts(true)) if err != nil { t.Fatalf("KeyGen return error %v", err) } @@ -215,7 +214,7 @@ func TestReenroll(t *testing.T) { } // Reenroll with appropriate user user.SetEnrollmentCertificate(readCert(t)) - key, err := cryptosuite.GetSuite(bccspFactory.GetDefault()).KeyGen(&bccsp.ECDSAP256KeyGenOpts{}) + key, err := factory.GetDefault().KeyGen(factory.GetECDSAP256KeyGenOpts(true)) if err != nil { t.Fatalf("KeyGen return error %v", err) } @@ -391,21 +390,6 @@ func TestCreateValidBCCSPOptsForNewFabricClient(t *testing.T) { } } -// createBCCSPProviderFactoryOptions is a helper function to return BCCSP Factory Options object -func createBCCSPProviderFactoryOptions(providerName string, hashFamily string, securityLevel int) *bccspFactory.FactoryOpts { - return &bccspFactory.FactoryOpts{ - ProviderName: providerName, - SwOpts: &bccspFactory.SwOpts{ - HashFamily: hashFamily, - SecLevel: securityLevel, - FileKeystore: &bccspFactory.FileKeystoreOpts{ - KeyStorePath: os.TempDir(), - }, - Ephemeral: false, - }, - } -} - // readCert Reads a random cert for testing func readCert(t *testing.T) []byte { cert, err := ioutil.ReadFile("../../test/fixtures/root.pem") diff --git a/pkg/fabric-client/client_test.go b/pkg/fabric-client/client_test.go index 3f86da8c48..448959cf0a 100644 --- a/pkg/fabric-client/client_test.go +++ b/pkg/fabric-client/client_test.go @@ -14,8 +14,7 @@ import ( "time" fab "github.com/hyperledger/fabric-sdk-go/api/apifabclient" - bccspFactory "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory" - cryptosuite "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp" + factory "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/sdkpatch/cryptosuitebridge" "github.com/hyperledger/fabric-sdk-go/pkg/fabric-client/identity" kvs "github.com/hyperledger/fabric-sdk-go/pkg/fabric-client/keyvaluestore" mocks "github.com/hyperledger/fabric-sdk-go/pkg/fabric-client/mocks" @@ -28,13 +27,12 @@ func TestClientMethods(t *testing.T) { if client.CryptoSuite() != nil { t.Fatalf("Client CryptoSuite should initially be nil") } - err := bccspFactory.InitFactories(nil) + err := factory.InitFactories(nil) if err != nil { t.Fatalf("Failed getting ephemeral software-based BCCSP [%s]", err) } - cryptoSuiteProvider := bccspFactory.GetDefault() - client.SetCryptoSuite(cryptosuite.GetSuite(cryptoSuiteProvider)) + client.SetCryptoSuite(factory.GetDefault()) if client.CryptoSuite() == nil { t.Fatalf("Client CryptoSuite should not be nil after setCryptoSuite") } diff --git a/pkg/fabric-client/events/eventmocks.go b/pkg/fabric-client/events/eventmocks.go index bfaa604f24..716635f843 100644 --- a/pkg/fabric-client/events/eventmocks.go +++ b/pkg/fabric-client/events/eventmocks.go @@ -16,12 +16,9 @@ import ( "github.com/hyperledger/fabric-sdk-go/third_party/github.com/hyperledger/fabric/protos/common" pb "github.com/hyperledger/fabric-sdk-go/third_party/github.com/hyperledger/fabric/protos/peer" - "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" - "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" - "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory" ledger_util "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/core/ledger/util" fcConsumer "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/events/consumer" - cryptosuite "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp" + factory "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/sdkpatch/cryptosuitebridge" "github.com/hyperledger/fabric-sdk-go/pkg/errors" client "github.com/hyperledger/fabric-sdk-go/pkg/fabric-client" internal "github.com/hyperledger/fabric-sdk-go/pkg/fabric-client/internal" @@ -319,9 +316,9 @@ func generateTxID() apitxn.TransactionID { if err != nil { panic(errors.WithMessage(err, "GenerateRandomNonce failed")) } - digest, err := getDefaultBCCSPSuite().Hash( + digest, err := factory.GetDefault().Hash( nonce, - &bccsp.SHA256Opts{}) + factory.GetSHA256Opts()) if err != nil { panic(errors.Wrap(err, "hashing nonce failed")) } @@ -333,7 +330,3 @@ func generateTxID() apitxn.TransactionID { return txnid } - -func getDefaultBCCSPSuite() apicryptosuite.CryptoSuite { - return cryptosuite.GetSuite(factory.GetDefault()) -} diff --git a/pkg/fabric-client/mocks/mockcryptosuite.go b/pkg/fabric-client/mocks/mockcryptosuite.go index 3e5554f42c..912d07cefd 100644 --- a/pkg/fabric-client/mocks/mockcryptosuite.go +++ b/pkg/fabric-client/mocks/mockcryptosuite.go @@ -47,3 +47,8 @@ func (m *MockCryptoSuite) Sign(k apicryptosuite.Key, digest []byte, opts apicryptosuite.SignerOpts) (signature []byte, err error) { return []byte("testSignature"), nil } + +//Verify mock verify implementation +func (m *MockCryptoSuite) Verify(k apicryptosuite.Key, signature, digest []byte, opts apicryptosuite.SignerOpts) (valid bool, err error) { + return true, nil +} diff --git a/pkg/fabric-client/signingmgr/signingmgr.go b/pkg/fabric-client/signingmgr/signingmgr.go index dc9343e386..5547ef7bac 100644 --- a/pkg/fabric-client/signingmgr/signingmgr.go +++ b/pkg/fabric-client/signingmgr/signingmgr.go @@ -9,8 +9,8 @@ package signingmgr import ( "github.com/hyperledger/fabric-sdk-go/api/apiconfig" "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" - cryptosuite "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp" + "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/sdkpatch/cryptosuitebridge" "github.com/hyperledger/fabric-sdk-go/pkg/errors" ) @@ -26,7 +26,7 @@ type SigningManager struct { // @param {Config} config - configuration provider // @returns {SigningManager} new signing manager func NewSigningManager(cryptoProvider apicryptosuite.CryptoSuite, config apiconfig.Config) (*SigningManager, error) { - return &SigningManager{cryptoProvider: cryptoProvider, hashOpts: cryptosuite.GetSHAOpts()}, nil + return &SigningManager{cryptoProvider: cryptoProvider, hashOpts: cryptosuitebridge.GetSHAOpts()}, nil } // Sign will sign the given object using provided key diff --git a/scripts/third_party_pins/fabric-ca/apply_fabric_ca_client_utils.sh b/scripts/third_party_pins/fabric-ca/apply_fabric_ca_client_utils.sh index 761b7a77dc..03259e918f 100755 --- a/scripts/third_party_pins/fabric-ca/apply_fabric_ca_client_utils.sh +++ b/scripts/third_party_pins/fabric-ca/apply_fabric_ca_client_utils.sh @@ -19,6 +19,7 @@ declare -a PKGS=( "lib" "lib/tls" "sdkpatch/logbridge" + "sdkpatch/cryptosuitebridge" "util" ) @@ -37,6 +38,7 @@ declare -a FILES=( "sdkpatch/logbridge/logbridge.go" "sdkpatch/logbridge/syslogwriter.go" + "sdkpatch/cryptosuitebridge/cryptosuitebridge.go" "util/util.go" "util/csp.go" @@ -89,7 +91,7 @@ sed -i'' -e 's/bccsp.Key/apicryptosuite.Key/g' "${TMP_PROJECT_PATH}/${FILTER_FIL FILTER_FILENAME="lib/signer.go" FILTER_FN="newSigner,Key,Cert" gofilter -sed -i'' -e '/"github.com\// a\ +sed -i'' -e '/"github.com\/cloudflare/ a\ "github.com\/hyperledger\/fabric-sdk-go\/api\/apicryptosuite"\ ' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" sed -i'' -e 's/bccsp.Key/apicryptosuite.Key/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" @@ -108,11 +110,7 @@ gofilter sed -i'' -e '/log "github.com\// a\ "github.com\/hyperledger\/fabric-sdk-go\/api\/apicryptosuite"\ ' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" -sed -i'' -e '/"crypto\// a\ -cryptosuite "github.com\/hyperledger\/fabric-sdk-go\/pkg\/cryptosuite\/bccsp"\ -' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" sed -i'' -e 's/bccsp.BCCSP/apicryptosuite.CryptoSuite/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" -sed -i'' -e 's/csp = factory.GetDefault()/csp = cryptosuite.GetSuite(factory.GetDefault())/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" FILTER_FILENAME="util/csp.go" @@ -126,15 +124,23 @@ sed -i'' -e '/\"github.com\/cloudflare\/cfssl\/ocsp\"/d' "${TMP_PROJECT_PATH}/${ sed -i'' -e '/log "github.com\// a\ "github.com\/hyperledger\/fabric-sdk-go\/api\/apicryptosuite"\ ' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" -sed -i'' -e '/cspsigner "github.com\// a\ -cryptosuite "github.com\/hyperledger\/fabric-sdk-go\/pkg\/cryptosuite\/bccsp"\ -' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" sed -i'' -e 's/bccsp.BCCSP/apicryptosuite.CryptoSuite/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" sed -i'' -e 's/bccsp.Key/apicryptosuite.Key/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" -# skip first substitution of "return csp, nil" -START_LINE=`grep -n "return csp, nil" "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" | head -n 1 | awk -F':' '{print $1}'` -START_LINE=$((START_LINE+1)) -sed -i'' -e ${START_LINE}',$ s/return csp, nil/return cryptosuite.GetSuite(csp), nil/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/&factory.SwOpts{}/factory.NewSwOpts()/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/&factory.FileKeystoreOpts{}/factory.NewFileKeystoreOpts()/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/&bccsp.ECDSAKeyGenOpts{Temporary: ephemeral}/factory.GetECDSAKeyGenOpts(ephemeral)/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/&bccsp.RSA2048KeyGenOpts{Temporary: ephemeral}/factory.GetRSA2048KeyGenOpts(ephemeral)/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/&bccsp.RSA3072KeyGenOpts{Temporary: ephemeral}/factory.GetRSA3072KeyGenOpts(ephemeral)/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/&bccsp.RSA4096KeyGenOpts{Temporary: ephemeral}/factory.GetRSA4096KeyGenOpts(ephemeral)/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/&bccsp.ECDSAP256KeyGenOpts{Temporary: ephemeral}/factory.GetECDSAP256KeyGenOpts(ephemeral)/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/&bccsp.ECDSAP384KeyGenOpts{Temporary: ephemeral}/factory.GetECDSAP384KeyGenOpts(ephemeral)/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/&bccsp.ECDSAP512KeyGenOpts{Temporary: ephemeral}/factory.GetECDSAP512KeyGenOpts(ephemeral)/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/&bccsp.X509PublicKeyImportOpts{Temporary: true}/factory.GetX509PublicKeyImportOpts(true)/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/&bccsp.ECDSAPrivateKeyImportOpts{Temporary: temporary}/factory.GetECDSAPrivateKeyImportOpts(temporary)/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/cspsigner.New(/factory.NewCspsigner(/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/utils.PrivateKeyToDER/factory.PrivateKeyToDER/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/utils.PEMtoPrivateKey/factory.PEMtoPrivateKey/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" + FILTER_FILENAME="util/util.go" FILTER_FN="ReadFile,HTTPRequestToString,HTTPResponseToString" @@ -146,8 +152,12 @@ gofilter sed -i'' -e '/log "golang.org\/x/ a\ "github.com\/hyperledger\/fabric-sdk-go\/api\/apicryptosuite"\ ' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e '/mrand "math\// a\ +factory "github.com\/hyperledger\/fabric-sdk-go\/internal\/github.com\/hyperledger\/fabric-ca\/sdkpatch\/cryptosuitebridge"\ +' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" sed -i'' -e 's/bccsp.BCCSP/apicryptosuite.CryptoSuite/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" sed -i'' -e 's/bccsp.Key/apicryptosuite.Key/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/&bccsp.SHAOpts{}/factory.GetSHAOpts()/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" # Apply patching echo "Patching import paths on upstream project ..." diff --git a/scripts/third_party_pins/fabric-ca/apply_upstream.sh b/scripts/third_party_pins/fabric-ca/apply_upstream.sh index 75d41eb1be..26bb66eeb4 100755 --- a/scripts/third_party_pins/fabric-ca/apply_upstream.sh +++ b/scripts/third_party_pins/fabric-ca/apply_upstream.sh @@ -45,7 +45,8 @@ echo "Pinning and patching fabric-ca client utils..." declare -a CLIENT_UTILS_IMPORT_SUBSTS=( 's/\"github.com\/pkg\/errors/\"github.com\/hyperledger\/fabric-sdk-go\/pkg\/errors/g' 's/\"github.com\/hyperledger\/fabric-ca/\"github.com\/hyperledger\/fabric-sdk-go\/internal\/github.com\/hyperledger\/fabric-ca/g' - 's/\"github.com\/hyperledger\/fabric\/bccsp/\"github.com\/hyperledger\/fabric-sdk-go\/internal\/github.com\/hyperledger\/fabric\/bccsp/g' + 's/\"github.com\/hyperledger\/fabric\/bccsp\/factory/factory\"github.com\/hyperledger\/fabric-sdk-go\/internal\/github.com\/hyperledger\/fabric-ca\/sdkpatch\/cryptosuitebridge/g' + 's/\"github.com\/hyperledger\/fabric\/bccsp/\"github.com\/hyperledger\/fabric-sdk-go\/pkg\/cryptosuite\/bccsp/g' '/clog.\"github.com\/cloudflare\/cfssl\/log/!s/\"github.com\/cloudflare\/cfssl\/log/log\"github.com\/hyperledger\/fabric-sdk-go\/internal\/github.com\/hyperledger\/fabric-ca\/sdkpatch\/logbridge/g' 's/\"github.com\/hyperledger\/fabric\//\"github.com\/hyperledger\/fabric-sdk-go\/internal\/github.com\/hyperledger\/fabric\//g' ) diff --git a/scripts/third_party_pins/fabric-ca/patches/0004-cryptosuite.patch b/scripts/third_party_pins/fabric-ca/patches/0004-cryptosuite.patch new file mode 100644 index 0000000000..5763754011 --- /dev/null +++ b/scripts/third_party_pins/fabric-ca/patches/0004-cryptosuite.patch @@ -0,0 +1,191 @@ +From 162c758b47c8f90c1967b7e5979c18739d83913a Mon Sep 17 00:00:00 2001 +From: Sudesh Shetty +Date: Wed, 22 Nov 2017 15:40:22 -0500 +Subject: [PATCH] cryptosuite + +Copyright SecureKey Technologies Inc. All Rights Reserved. +SPDX-License-Identifier: Apache-2.0 + +Signed-off-by: Sudesh Shetty +--- + .../cryptosuitebridge/cryptosuitebridge.go | 168 +++++++++++++++++++++ + 1 file changed, 168 insertions(+) + create mode 100644 sdkpatch/cryptosuitebridge/cryptosuitebridge.go + +diff --git a/sdkpatch/cryptosuitebridge/cryptosuitebridge.go b/sdkpatch/cryptosuitebridge/cryptosuitebridge.go +new file mode 100644 +index 0000000..31d17ca +--- /dev/null ++++ b/sdkpatch/cryptosuitebridge/cryptosuitebridge.go +@@ -0,0 +1,168 @@ ++/* ++Copyright SecureKey Technologies Inc. All Rights Reserved. ++ ++SPDX-License-Identifier: Apache-2.0 ++*/ ++ ++package cryptosuitebridge ++ ++import ( ++ "crypto" ++ "crypto/ecdsa" ++ ++ "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" ++ "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" ++ "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory" ++ cspsigner "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/signer" ++ "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/sw" ++ "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/utils" ++ cryptosuite "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp" ++) ++ ++const ( ++ ECDSA = bccsp.ECDSA ++ ECDSAP256 = bccsp.ECDSAP256 ++ ECDSAP384 = bccsp.ECDSAP384 ++ ECDSAReRand = bccsp.ECDSAReRand ++ RSA = bccsp.RSA ++ RSA1024 = bccsp.RSA1024 ++ RSA2048 = bccsp.RSA2048 ++ RSA3072 = bccsp.RSA3072 ++ RSA4096 = bccsp.RSA4096 ++ AES = bccsp.AES ++ AES128 = bccsp.AES128 ++ AES192 = bccsp.AES192 ++ AES256 = bccsp.AES256 ++ HMAC = bccsp.HMAC ++ HMACTruncated256 = bccsp.HMACTruncated256 ++ SHA = bccsp.SHA ++ SHA2 = bccsp.SHA2 ++ SHA3 = bccsp.SHA3 ++ SHA256 = bccsp.SHA256 ++ SHA384 = bccsp.SHA384 ++ SHA3_256 = bccsp.SHA3_256 ++ SHA3_384 = bccsp.SHA3_384 ++ X509Certificate = bccsp.X509Certificate ++) ++ ++// FactoryOpts holds configuration information used to initialize bccsp factory implementations ++type FactoryOpts struct { ++ *factory.FactoryOpts ++} ++ ++//GetBCCSPFromOpts is a bridge for factory.GetBCCSPFromOpts(config) ++func GetBCCSPFromOpts(config *FactoryOpts) (apicryptosuite.CryptoSuite, error) { ++ bccsp, err := factory.GetBCCSPFromOpts(getFactoryOpts(config)) ++ if err != nil { ++ return nil, err ++ } ++ return cryptosuite.GetSuite(bccsp), nil ++} ++ ++//InitFactories is a bridge for bccsp factory.InitFactories(config) ++func InitFactories(config *FactoryOpts) error { ++ return factory.InitFactories(getFactoryOpts(config)) ++} ++ ++// PEMtoPrivateKey is a bridge for bccsp utils.PEMtoPrivateKey() ++func PEMtoPrivateKey(raw []byte, pwd []byte) (interface{}, error) { ++ return utils.PEMtoPrivateKey(raw, pwd) ++} ++ ++// PrivateKeyToDER marshals is bridge for utils.PrivateKeyToDER ++func PrivateKeyToDER(privateKey *ecdsa.PrivateKey) ([]byte, error) { ++ return utils.PrivateKeyToDER(privateKey) ++} ++ ++// NewCspsigner is a bridge for bccsp signer.New call ++func NewCspsigner(csp apicryptosuite.CryptoSuite, key apicryptosuite.Key) (crypto.Signer, error) { ++ return cspsigner.New(csp, key) ++} ++ ++//NewEmptySwOpts creates new empty bccsp factory.SwOpts ++func NewSwOpts() *factory.SwOpts { ++ return &factory.SwOpts{} ++} ++ ++//NewEmptyFileKeystoreOpts creates new empty bccsp factory.FileKeystoreOpts ++func NewFileKeystoreOpts() *factory.FileKeystoreOpts { ++ return &factory.FileKeystoreOpts{} ++} ++ ++//GetFactoryDefaultCryptoSuite creates new cryptosuite from bccsp factory default ++func GetDefault() apicryptosuite.CryptoSuite { ++ return cryptosuite.GetSuite(factory.GetDefault()) ++} ++ ++//SignatureToLowS is a bridge for bccsp sw.SignatureToLowS() ++func SignatureToLowS(k *ecdsa.PublicKey, signature []byte) ([]byte, error) { ++ return sw.SignatureToLowS(k, signature) ++} ++ ++//GetHashOpt is a bridge for bccsp util GetHashOpt ++func GetHashOpt(hashFunction string) (apicryptosuite.HashOpts, error) { ++ return bccsp.GetHashOpt(hashFunction) ++} ++ ++func getFactoryOpts(config *FactoryOpts) *factory.FactoryOpts { ++ if config == nil { ++ return nil ++ } ++ return &factory.FactoryOpts{ ++ SwOpts: config.SwOpts, ++ ProviderName: config.ProviderName, ++ Pkcs11Opts: config.Pkcs11Opts, ++ PluginOpts: config.PluginOpts, ++ } ++} ++ ++//GetSHAOpts returns options for computing SHA. ++func GetSHAOpts() apicryptosuite.HashOpts { ++ return &bccsp.SHAOpts{} ++} ++ ++//GetSHA256Opts returns options relating to SHA-256. ++func GetSHA256Opts() apicryptosuite.HashOpts { ++ return &bccsp.SHA256Opts{} ++} ++ ++//GetRSA2048KeyGenOpts returns options for RSA key generation at 2048 security. ++func GetRSA2048KeyGenOpts(ephemeral bool) apicryptosuite.KeyGenOpts { ++ return &bccsp.RSA2048KeyGenOpts{Temporary: ephemeral} ++} ++ ++//GetRSA3072KeyGenOpts returns options for RSA key generation at 3072 security. ++func GetRSA3072KeyGenOpts(ephemeral bool) apicryptosuite.KeyGenOpts { ++ return &bccsp.RSA3072KeyGenOpts{Temporary: ephemeral} ++} ++ ++//GetRSA4096KeyGenOpts returns options for RSA key generation at 4096 security. ++func GetRSA4096KeyGenOpts(ephemeral bool) apicryptosuite.KeyGenOpts { ++ return &bccsp.RSA4096KeyGenOpts{Temporary: ephemeral} ++} ++ ++// GetECDSAKeyGenOpts returns options for ECDSA key generation. ++func GetECDSAKeyGenOpts(ephemeral bool) apicryptosuite.KeyGenOpts { ++ return &bccsp.ECDSAKeyGenOpts{Temporary: ephemeral} ++} ++ ++//GetECDSAP256KeyGenOpts returns options for ECDSA key generation with curve P-256. ++func GetECDSAP256KeyGenOpts(ephemeral bool) apicryptosuite.KeyGenOpts { ++ return &bccsp.ECDSAP256KeyGenOpts{Temporary: ephemeral} ++} ++ ++//GetECDSAP384KeyGenOpts options for ECDSA key generation with curve P-384. ++func GetECDSAP384KeyGenOpts(ephemeral bool) apicryptosuite.KeyGenOpts { ++ return &bccsp.ECDSAP384KeyGenOpts{Temporary: ephemeral} ++} ++ ++//GetX509PublicKeyImportOpts options for importing public keys from an x509 certificate ++func GetX509PublicKeyImportOpts(ephemeral bool) apicryptosuite.KeyImportOpts { ++ return &bccsp.X509PublicKeyImportOpts{Temporary: ephemeral} ++} ++ ++//GetECDSAPrivateKeyImportOpts options for ECDSA secret key importation in DER format ++// or PKCS#8 format. ++func GetECDSAPrivateKeyImportOpts(ephemeral bool) apicryptosuite.KeyImportOpts { ++ return &bccsp.ECDSAPrivateKeyImportOpts{Temporary: ephemeral} ++} +-- +2.7.4 + diff --git a/scripts/third_party_pins/fabric/apply_fabric_client_utils.sh b/scripts/third_party_pins/fabric/apply_fabric_client_utils.sh index f07785b752..baa2f1406a 100755 --- a/scripts/third_party_pins/fabric/apply_fabric_client_utils.sh +++ b/scripts/third_party_pins/fabric/apply_fabric_client_utils.sh @@ -31,6 +31,7 @@ declare -a PKGS=( "common/ledger" "sdkpatch/logbridge" + "sdkpatch/cryptosuitebridge" "core/common/ccprovider" @@ -110,6 +111,7 @@ declare -a FILES=( "core/common/ccprovider/ccprovider.go" "sdkpatch/logbridge/logbridge.go" + "sdkpatch/cryptosuitebridge/cryptosuitebridge.go" "core/ledger/ledger_interface.go" "core/ledger/kvledger/txmgmt/rwsetutil/rwset_proto_util.go" @@ -159,7 +161,7 @@ FILTERS_ENABLED="fn" FILTER_FILENAME="bccsp/signer/signer.go" FILTER_FN=New,Public,Sign gofilter -sed -i'' -e '/"github.com\// a \ +sed -i'' -e '/"crypto"/ a \ "github.com\/hyperledger\/fabric-sdk-go\/api\/apicryptosuite"\ ' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" sed -i'' -e 's/bccsp.BCCSP/apicryptosuite.CryptoSuite/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" @@ -176,6 +178,8 @@ gofilter FILTER_FILENAME="common/util/utils.go" FILTER_FN="GenerateIDfromTxSHAHash,ComputeSHA256,CreateUtcTimestamp,ConcatenateBytes" gofilter +sed -i'' -e 's/&bccsp.SHA256Opts{}/factory.GetSHA256Opts()/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/"github.com\/hyperledger\/fabric\/bccsp\/factory"/factory "github.com\/hyperledger\/fabric-sdk-go\/internal\/github.com\/hyperledger\/fabric\/sdkpatch\/cryptosuitebridge"/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" FILTER_FILENAME="common/attrmgr/attrmgr.go" FILTER_FN= @@ -192,6 +196,7 @@ gofilter FILTER_FILENAME="common/channelconfig/util.go" FILTER_FN= gofilter +sed -i'' -e 's/"github.com\/hyperledger\/fabric\/bccsp"/bccsp "github.com\/hyperledger\/fabric-sdk-go\/internal\/github.com\/hyperledger\/fabric\/sdkpatch\/cryptosuitebridge"/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" FILTER_FILENAME="common/channelconfig/orderer.go" FILTER_FN= @@ -234,6 +239,7 @@ gofilter FILTER_FILENAME="msp/cert.go" FILTER_FN="certToPEM,isECDSASignedCert,sanitizeECDSASignedCert,certFromX509Cert,String" gofilter +sed -i'' -e 's/"github.com\/hyperledger\/fabric\/bccsp\/sw"/sw "github.com\/hyperledger\/fabric-sdk-go\/internal\/github.com\/hyperledger\/fabric\/sdkpatch\/cryptosuitebridge"/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" FILTER_FILENAME="msp/configbuilder.go" FILTER_FN= @@ -244,6 +250,12 @@ FILTER_FN="newIdentity,newSigningIdentity,ExpiresAt,GetIdentifier,GetMSPIdentifi FILTER_FN+=",GetOrganizationalUnits,SatisfiesPrincipal,Serialize,Validate,Verify" FILTER_FN+=",getHashOpt,GetPublicVersion,Sign" gofilter +sed -i'' -e '/"encoding\/hex/ a\ +"github.com\/hyperledger\/fabric-sdk-go\/api\/apicryptosuite"\ +' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/"github.com\/hyperledger\/fabric\/bccsp"/bccsp "github.com\/hyperledger\/fabric-sdk-go\/internal\/github.com\/hyperledger\/fabric\/sdkpatch\/cryptosuitebridge"/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/bccsp.Key/apicryptosuite.Key/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/bccsp.HashOpts/apicryptosuite.HashOpts/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" FILTER_FILENAME="msp/msp.go" FILTER_FN= @@ -261,16 +273,22 @@ FILTER_FN+=",newBccspMsp,IsWellFormed,GetVersion" gofilter # TODO - adapt to msp/factory.go rather than changing newBccspMsp sed -i'' -e 's/newBccspMsp/NewBccspMsp/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" -sed -i'' -e '/m "github.com\// a \ -cryptosuite "github.com\/hyperledger\/fabric-sdk-go\/pkg\/cryptosuite\/bccsp"\ -' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" -sed -i'' -e 's/signer.New(msp.bccsp, privKey)/signer.New(cryptosuite.GetSuite(msp.bccsp), cryptosuite.GetKey(privKey))/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/"github.com\/hyperledger\/fabric\/bccsp\/factory"/factory "github.com\/hyperledger\/fabric-sdk-go\/internal\/github.com\/hyperledger\/fabric\/sdkpatch\/cryptosuitebridge"/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/bccsp.BCCSP/apicryptosuite.CryptoSuite/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/bccsp.Key,/apicryptosuite.Key,/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/bccsp.GetHashOpt/factory.GetHashOpt/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/signer.New(/factory.NewCspsigner(/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/&bccsp.ECDSAPrivateKeyImportOpts{Temporary: true}/factory.GetECDSAPrivateKeyImportOpts(true)/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/&bccsp.X509PublicKeyImportOpts{Temporary: true}/factory.GetX509PublicKeyImportOpts(true)/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" + +#sed -i'' -e 's/signer.New(msp.bccsp, privKey)/signer.New(cryptosuite.GetSuite(msp.bccsp), cryptosuite.GetKey(privKey))/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" FILTER_FILENAME="msp/mspimplsetup.go" FILTER_FN="setupCrypto,setupCAs,setupAdmins,setupCRLs,finalizeSetupCAs,setupSigningIdentity" FILTER_FN+=",setupOUs,setupTLSCAs,setupV1,setupV11,getCertifiersIdentifier" FILTER_FN+=",preSetupV1,postSetupV1,setupNodeOUs" gofilter +sed -i'' -e 's/"github.com\/hyperledger\/fabric\/bccsp"/bccsp "github.com\/hyperledger\/fabric-sdk-go\/internal\/github.com\/hyperledger\/fabric\/sdkpatch\/cryptosuitebridge"/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" FILTER_FILENAME="msp/mspimplvalidate.go" FILTER_FN="validateTLSCAIdentity,validateCAIdentity,validateIdentity,validateIdentityAgainstChain" diff --git a/scripts/third_party_pins/fabric/apply_fabric_protos_internal.sh b/scripts/third_party_pins/fabric/apply_fabric_protos_internal.sh index 18e92d1bf5..5960e753e7 100755 --- a/scripts/third_party_pins/fabric/apply_fabric_protos_internal.sh +++ b/scripts/third_party_pins/fabric/apply_fabric_protos_internal.sh @@ -70,6 +70,8 @@ FILTER_FN+=",CreateChaincodeProposalWithTxIDNonceAndTransient,CreateDeployPropos FILTER_FN+=",createProposalFromCDS,CreateProposalFromCIS,CreateInstallProposalFromCDS,GetTransaction,GetPayload" FILTER_FN+=",GetChaincodeActionPayload,GetProposalResponsePayload,GetChaincodeAction,GetChaincodeEvents,GetBytesChaincodeEvent,GetBytesEnvelope" gofilter +sed -i'' -e 's/"github.com\/hyperledger\/fabric\/bccsp\/factory"/factory "github.com\/hyperledger\/fabric-sdk-go\/internal\/github.com\/hyperledger\/fabric\/sdkpatch\/cryptosuitebridge"/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/&bccsp.SHA256Opts{}/factory.GetSHA256Opts()/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" FILTER_FILENAME="protos/utils/txutils.go" FILTER_FN="GetBytesProposalPayloadForTx,GetEnvelopeFromBlock" diff --git a/scripts/third_party_pins/fabric/apply_upstream.sh b/scripts/third_party_pins/fabric/apply_upstream.sh index d8fd6d59c9..94f2f799e9 100755 --- a/scripts/third_party_pins/fabric/apply_upstream.sh +++ b/scripts/third_party_pins/fabric/apply_upstream.sh @@ -87,7 +87,7 @@ eval "INTERNAL_PATH=$THIRDPARTY_FABRIC_API_PATH TMP_PROJECT_PATH=$TMP_PROJECT_PA echo "Pinning and patching protos (internal) ..." declare -a PROTOS_INTERNAL_IMPORT_SUBSTS=( 's/\"github.com\/pkg\/errors/\"github.com\/hyperledger\/fabric-sdk-go\/pkg\/errors/g' - 's/\"github.com\/hyperledger\/fabric\/common\/flogging/flogging\"github.com\/hyperledger\/fabric-sdk-go\/internal\/github.com\/hyperledger\/fabric\/sdkpatch\/logbridge/g' + 's/\"github.com\/hyperledger\/fabric\/common\/flogging/factory\"github.com\/hyperledger\/fabric-sdk-go\/internal\/github.com\/hyperledger\/fabric\/sdkpatch\/logbridge/g' 's/\"github.com\/hyperledger\/fabric\/bccsp/\"github.com\/hyperledger\/fabric-sdk-go\/internal\/github.com\/hyperledger\/fabric\/bccsp/g' 's/\"github.com\/hyperledger\/fabric\/protos\/common/\"github.com\/hyperledger\/fabric-sdk-go\/third_party\/github.com\/hyperledger\/fabric\/protos\/common/g' 's/\"github.com\/hyperledger\/fabric\/protos\/peer/\"github.com\/hyperledger\/fabric-sdk-go\/third_party\/github.com\/hyperledger\/fabric\/protos\/peer/g' diff --git a/scripts/third_party_pins/fabric/patches/0004-cryptosuite.patch b/scripts/third_party_pins/fabric/patches/0004-cryptosuite.patch new file mode 100644 index 0000000000..5763754011 --- /dev/null +++ b/scripts/third_party_pins/fabric/patches/0004-cryptosuite.patch @@ -0,0 +1,191 @@ +From 162c758b47c8f90c1967b7e5979c18739d83913a Mon Sep 17 00:00:00 2001 +From: Sudesh Shetty +Date: Wed, 22 Nov 2017 15:40:22 -0500 +Subject: [PATCH] cryptosuite + +Copyright SecureKey Technologies Inc. All Rights Reserved. +SPDX-License-Identifier: Apache-2.0 + +Signed-off-by: Sudesh Shetty +--- + .../cryptosuitebridge/cryptosuitebridge.go | 168 +++++++++++++++++++++ + 1 file changed, 168 insertions(+) + create mode 100644 sdkpatch/cryptosuitebridge/cryptosuitebridge.go + +diff --git a/sdkpatch/cryptosuitebridge/cryptosuitebridge.go b/sdkpatch/cryptosuitebridge/cryptosuitebridge.go +new file mode 100644 +index 0000000..31d17ca +--- /dev/null ++++ b/sdkpatch/cryptosuitebridge/cryptosuitebridge.go +@@ -0,0 +1,168 @@ ++/* ++Copyright SecureKey Technologies Inc. All Rights Reserved. ++ ++SPDX-License-Identifier: Apache-2.0 ++*/ ++ ++package cryptosuitebridge ++ ++import ( ++ "crypto" ++ "crypto/ecdsa" ++ ++ "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" ++ "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" ++ "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory" ++ cspsigner "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/signer" ++ "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/sw" ++ "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/utils" ++ cryptosuite "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp" ++) ++ ++const ( ++ ECDSA = bccsp.ECDSA ++ ECDSAP256 = bccsp.ECDSAP256 ++ ECDSAP384 = bccsp.ECDSAP384 ++ ECDSAReRand = bccsp.ECDSAReRand ++ RSA = bccsp.RSA ++ RSA1024 = bccsp.RSA1024 ++ RSA2048 = bccsp.RSA2048 ++ RSA3072 = bccsp.RSA3072 ++ RSA4096 = bccsp.RSA4096 ++ AES = bccsp.AES ++ AES128 = bccsp.AES128 ++ AES192 = bccsp.AES192 ++ AES256 = bccsp.AES256 ++ HMAC = bccsp.HMAC ++ HMACTruncated256 = bccsp.HMACTruncated256 ++ SHA = bccsp.SHA ++ SHA2 = bccsp.SHA2 ++ SHA3 = bccsp.SHA3 ++ SHA256 = bccsp.SHA256 ++ SHA384 = bccsp.SHA384 ++ SHA3_256 = bccsp.SHA3_256 ++ SHA3_384 = bccsp.SHA3_384 ++ X509Certificate = bccsp.X509Certificate ++) ++ ++// FactoryOpts holds configuration information used to initialize bccsp factory implementations ++type FactoryOpts struct { ++ *factory.FactoryOpts ++} ++ ++//GetBCCSPFromOpts is a bridge for factory.GetBCCSPFromOpts(config) ++func GetBCCSPFromOpts(config *FactoryOpts) (apicryptosuite.CryptoSuite, error) { ++ bccsp, err := factory.GetBCCSPFromOpts(getFactoryOpts(config)) ++ if err != nil { ++ return nil, err ++ } ++ return cryptosuite.GetSuite(bccsp), nil ++} ++ ++//InitFactories is a bridge for bccsp factory.InitFactories(config) ++func InitFactories(config *FactoryOpts) error { ++ return factory.InitFactories(getFactoryOpts(config)) ++} ++ ++// PEMtoPrivateKey is a bridge for bccsp utils.PEMtoPrivateKey() ++func PEMtoPrivateKey(raw []byte, pwd []byte) (interface{}, error) { ++ return utils.PEMtoPrivateKey(raw, pwd) ++} ++ ++// PrivateKeyToDER marshals is bridge for utils.PrivateKeyToDER ++func PrivateKeyToDER(privateKey *ecdsa.PrivateKey) ([]byte, error) { ++ return utils.PrivateKeyToDER(privateKey) ++} ++ ++// NewCspsigner is a bridge for bccsp signer.New call ++func NewCspsigner(csp apicryptosuite.CryptoSuite, key apicryptosuite.Key) (crypto.Signer, error) { ++ return cspsigner.New(csp, key) ++} ++ ++//NewEmptySwOpts creates new empty bccsp factory.SwOpts ++func NewSwOpts() *factory.SwOpts { ++ return &factory.SwOpts{} ++} ++ ++//NewEmptyFileKeystoreOpts creates new empty bccsp factory.FileKeystoreOpts ++func NewFileKeystoreOpts() *factory.FileKeystoreOpts { ++ return &factory.FileKeystoreOpts{} ++} ++ ++//GetFactoryDefaultCryptoSuite creates new cryptosuite from bccsp factory default ++func GetDefault() apicryptosuite.CryptoSuite { ++ return cryptosuite.GetSuite(factory.GetDefault()) ++} ++ ++//SignatureToLowS is a bridge for bccsp sw.SignatureToLowS() ++func SignatureToLowS(k *ecdsa.PublicKey, signature []byte) ([]byte, error) { ++ return sw.SignatureToLowS(k, signature) ++} ++ ++//GetHashOpt is a bridge for bccsp util GetHashOpt ++func GetHashOpt(hashFunction string) (apicryptosuite.HashOpts, error) { ++ return bccsp.GetHashOpt(hashFunction) ++} ++ ++func getFactoryOpts(config *FactoryOpts) *factory.FactoryOpts { ++ if config == nil { ++ return nil ++ } ++ return &factory.FactoryOpts{ ++ SwOpts: config.SwOpts, ++ ProviderName: config.ProviderName, ++ Pkcs11Opts: config.Pkcs11Opts, ++ PluginOpts: config.PluginOpts, ++ } ++} ++ ++//GetSHAOpts returns options for computing SHA. ++func GetSHAOpts() apicryptosuite.HashOpts { ++ return &bccsp.SHAOpts{} ++} ++ ++//GetSHA256Opts returns options relating to SHA-256. ++func GetSHA256Opts() apicryptosuite.HashOpts { ++ return &bccsp.SHA256Opts{} ++} ++ ++//GetRSA2048KeyGenOpts returns options for RSA key generation at 2048 security. ++func GetRSA2048KeyGenOpts(ephemeral bool) apicryptosuite.KeyGenOpts { ++ return &bccsp.RSA2048KeyGenOpts{Temporary: ephemeral} ++} ++ ++//GetRSA3072KeyGenOpts returns options for RSA key generation at 3072 security. ++func GetRSA3072KeyGenOpts(ephemeral bool) apicryptosuite.KeyGenOpts { ++ return &bccsp.RSA3072KeyGenOpts{Temporary: ephemeral} ++} ++ ++//GetRSA4096KeyGenOpts returns options for RSA key generation at 4096 security. ++func GetRSA4096KeyGenOpts(ephemeral bool) apicryptosuite.KeyGenOpts { ++ return &bccsp.RSA4096KeyGenOpts{Temporary: ephemeral} ++} ++ ++// GetECDSAKeyGenOpts returns options for ECDSA key generation. ++func GetECDSAKeyGenOpts(ephemeral bool) apicryptosuite.KeyGenOpts { ++ return &bccsp.ECDSAKeyGenOpts{Temporary: ephemeral} ++} ++ ++//GetECDSAP256KeyGenOpts returns options for ECDSA key generation with curve P-256. ++func GetECDSAP256KeyGenOpts(ephemeral bool) apicryptosuite.KeyGenOpts { ++ return &bccsp.ECDSAP256KeyGenOpts{Temporary: ephemeral} ++} ++ ++//GetECDSAP384KeyGenOpts options for ECDSA key generation with curve P-384. ++func GetECDSAP384KeyGenOpts(ephemeral bool) apicryptosuite.KeyGenOpts { ++ return &bccsp.ECDSAP384KeyGenOpts{Temporary: ephemeral} ++} ++ ++//GetX509PublicKeyImportOpts options for importing public keys from an x509 certificate ++func GetX509PublicKeyImportOpts(ephemeral bool) apicryptosuite.KeyImportOpts { ++ return &bccsp.X509PublicKeyImportOpts{Temporary: ephemeral} ++} ++ ++//GetECDSAPrivateKeyImportOpts options for ECDSA secret key importation in DER format ++// or PKCS#8 format. ++func GetECDSAPrivateKeyImportOpts(ephemeral bool) apicryptosuite.KeyImportOpts { ++ return &bccsp.ECDSAPrivateKeyImportOpts{Temporary: ephemeral} ++} +-- +2.7.4 +