github.com/leonlxy/hyperledger@v1.0.0-alpha.0.20170427033203-34922035d248/gossip/api/crypto.go

github.com/leonlxy/hyperledger@v1.0.0-alpha.0.20170427033203-34922035d248/gossip/api/crypto.go (about)

     1  /*
     2  Copyright IBM Corp. 2016 All Rights Reserved.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8  		 http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package api
    18  
    19  import "github.com/hyperledger/fabric/gossip/common"
    20  
    21  // MessageCryptoService is the contract between the gossip component and the
    22  // peer's cryptographic layer and is used by the gossip component to verify,
    23  // and authenticate remote peers and data they send, as well as to verify
    24  // received blocks from the ordering service.
    25  type MessageCryptoService interface {
    26  
    27  	// GetPKIidOfCert returns the PKI-ID of a peer's identity
    28  	// If any error occurs, the method return nil
    29  	// This method does not validate peerIdentity.
    30  	// This validation is supposed to be done appropriately during the execution flow.
    31  	GetPKIidOfCert(peerIdentity PeerIdentityType) common.PKIidType
    32  
    33  	// VerifyBlock returns nil if the block is properly signed,
    34  	// else returns error
    35  	VerifyBlock(chainID common.ChainID, signedBlock []byte) error
    36  
    37  	// Sign signs msg with this peer's signing key and outputs
    38  	// the signature if no error occurred.
    39  	Sign(msg []byte) ([]byte, error)
    40  
    41  	// Verify checks that signature is a valid signature of message under a peer's verification key.
    42  	// If the verification succeeded, Verify returns nil meaning no error occurred.
    43  	// If peerIdentity is nil, then the verification fails.
    44  	Verify(peerIdentity PeerIdentityType, signature, message []byte) error
    45  
    46  	// VerifyByChannel checks that signature is a valid signature of message
    47  	// under a peer's verification key, but also in the context of a specific channel.
    48  	// If the verification succeeded, Verify returns nil meaning no error occurred.
    49  	// If peerIdentity is nil, then the verification fails.
    50  	VerifyByChannel(chainID common.ChainID, peerIdentity PeerIdentityType, signature, message []byte) error
    51  
    52  	// ValidateIdentity validates the identity of a remote peer.
    53  	// If the identity is invalid, revoked, expired it returns an error.
    54  	// Else, returns nil
    55  	ValidateIdentity(peerIdentity PeerIdentityType) error
    56  }
    57  
    58  // PeerIdentityType is the peer's certificate
    59  type PeerIdentityType []byte
    60  
    61  // PeerSuspector returns whether a peer with a given identity is suspected
    62  // as being revoked, or its CA is revoked
    63  type PeerSuspector func(identity PeerIdentityType) bool