github.com/lzy4123/fabric@v2.1.1+incompatible/bccsp/idemix/bccsp.go

github.com/lzy4123/fabric@v2.1.1+incompatible/bccsp/idemix/bccsp.go (about)

     1  /*
     2  Copyright IBM Corp. All Rights Reserved.
     3  
     4  SPDX-License-Identifier: Apache-2.0
     5  */
     6  package idemix
     7  
     8  import (
     9  	"reflect"
    10  
    11  	"github.com/hyperledger/fabric/bccsp/idemix/bridge"
    12  
    13  	"github.com/hyperledger/fabric/bccsp/idemix/handlers"
    14  
    15  	"github.com/hyperledger/fabric/bccsp"
    16  	"github.com/hyperledger/fabric/bccsp/sw"
    17  	"github.com/pkg/errors"
    18  )
    19  
    20  type csp struct {
    21  	*sw.CSP
    22  }
    23  
    24  func New(keyStore bccsp.KeyStore) (*csp, error) {
    25  	base, err := sw.New(keyStore)
    26  	if err != nil {
    27  		return nil, errors.Wrap(err, "failed instantiating base bccsp")
    28  	}
    29  
    30  	csp := &csp{CSP: base}
    31  
    32  	// key generators
    33  	base.AddWrapper(reflect.TypeOf(&bccsp.IdemixIssuerKeyGenOpts{}), &handlers.IssuerKeyGen{Issuer: &bridge.Issuer{NewRand: bridge.NewRandOrPanic}})
    34  	base.AddWrapper(reflect.TypeOf(&bccsp.IdemixUserSecretKeyGenOpts{}), &handlers.UserKeyGen{User: &bridge.User{NewRand: bridge.NewRandOrPanic}})
    35  	base.AddWrapper(reflect.TypeOf(&bccsp.IdemixRevocationKeyGenOpts{}), &handlers.RevocationKeyGen{Revocation: &bridge.Revocation{}})
    36  
    37  	// key derivers
    38  	base.AddWrapper(reflect.TypeOf(handlers.NewUserSecretKey(nil, false)), &handlers.NymKeyDerivation{
    39  		User: &bridge.User{NewRand: bridge.NewRandOrPanic},
    40  	})
    41  
    42  	// signers
    43  	base.AddWrapper(reflect.TypeOf(handlers.NewUserSecretKey(nil, false)), &userSecreKeySignerMultiplexer{
    44  		signer:                  &handlers.Signer{SignatureScheme: &bridge.SignatureScheme{NewRand: bridge.NewRandOrPanic}},
    45  		nymSigner:               &handlers.NymSigner{NymSignatureScheme: &bridge.NymSignatureScheme{NewRand: bridge.NewRandOrPanic}},
    46  		credentialRequestSigner: &handlers.CredentialRequestSigner{CredRequest: &bridge.CredRequest{NewRand: bridge.NewRandOrPanic}},
    47  	})
    48  	base.AddWrapper(reflect.TypeOf(handlers.NewIssuerSecretKey(nil, false)), &handlers.CredentialSigner{
    49  		Credential: &bridge.Credential{NewRand: bridge.NewRandOrPanic},
    50  	})
    51  	base.AddWrapper(reflect.TypeOf(handlers.NewRevocationSecretKey(nil, false)), &handlers.CriSigner{
    52  		Revocation: &bridge.Revocation{},
    53  	})
    54  
    55  	// verifiers
    56  	base.AddWrapper(reflect.TypeOf(handlers.NewIssuerPublicKey(nil)), &issuerPublicKeyVerifierMultiplexer{
    57  		verifier:                  &handlers.Verifier{SignatureScheme: &bridge.SignatureScheme{NewRand: bridge.NewRandOrPanic}},
    58  		credentialRequestVerifier: &handlers.CredentialRequestVerifier{CredRequest: &bridge.CredRequest{NewRand: bridge.NewRandOrPanic}},
    59  	})
    60  	base.AddWrapper(reflect.TypeOf(handlers.NewNymPublicKey(nil)), &handlers.NymVerifier{
    61  		NymSignatureScheme: &bridge.NymSignatureScheme{NewRand: bridge.NewRandOrPanic},
    62  	})
    63  	base.AddWrapper(reflect.TypeOf(handlers.NewUserSecretKey(nil, false)), &handlers.CredentialVerifier{
    64  		Credential: &bridge.Credential{NewRand: bridge.NewRandOrPanic},
    65  	})
    66  	base.AddWrapper(reflect.TypeOf(handlers.NewRevocationPublicKey(nil)), &handlers.CriVerifier{
    67  		Revocation: &bridge.Revocation{},
    68  	})
    69  
    70  	// importers
    71  	base.AddWrapper(reflect.TypeOf(&bccsp.IdemixUserSecretKeyImportOpts{}), &handlers.UserKeyImporter{
    72  		User: &bridge.User{},
    73  	})
    74  	base.AddWrapper(reflect.TypeOf(&bccsp.IdemixIssuerPublicKeyImportOpts{}), &handlers.IssuerPublicKeyImporter{
    75  		Issuer: &bridge.Issuer{},
    76  	})
    77  	base.AddWrapper(reflect.TypeOf(&bccsp.IdemixNymPublicKeyImportOpts{}), &handlers.NymPublicKeyImporter{
    78  		User: &bridge.User{},
    79  	})
    80  	base.AddWrapper(reflect.TypeOf(&bccsp.IdemixRevocationPublicKeyImportOpts{}), &handlers.RevocationPublicKeyImporter{})
    81  
    82  	return csp, nil
    83  }
    84  
    85  // Sign signs digest using key k.
    86  // The opts argument should be appropriate for the primitive used.
    87  //
    88  // Note that when a signature of a hash of a larger message is needed,
    89  // the caller is responsible for hashing the larger message and passing
    90  // the hash (as digest).
    91  // Notice that this is overriding the Sign methods of the sw impl. to avoid the digest check.
    92  func (csp *csp) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) (signature []byte, err error) {
    93  	// Validate arguments
    94  	if k == nil {
    95  		return nil, errors.New("Invalid Key. It must not be nil.")
    96  	}
    97  	// Do not check for digest
    98  
    99  	keyType := reflect.TypeOf(k)
   100  	signer, found := csp.Signers[keyType]
   101  	if !found {
   102  		return nil, errors.Errorf("Unsupported 'SignKey' provided [%s]", keyType)
   103  	}
   104  
   105  	signature, err = signer.Sign(k, digest, opts)
   106  	if err != nil {
   107  		return nil, errors.Wrapf(err, "Failed signing with opts [%v]", opts)
   108  	}
   109  
   110  	return
   111  }
   112  
   113  // Verify verifies signature against key k and digest
   114  // Notice that this is overriding the Sign methods of the sw impl. to avoid the digest check.
   115  func (csp *csp) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (valid bool, err error) {
   116  	// Validate arguments
   117  	if k == nil {
   118  		return false, errors.New("Invalid Key. It must not be nil.")
   119  	}
   120  	if len(signature) == 0 {
   121  		return false, errors.New("Invalid signature. Cannot be empty.")
   122  	}
   123  	// Do not check for digest
   124  
   125  	verifier, found := csp.Verifiers[reflect.TypeOf(k)]
   126  	if !found {
   127  		return false, errors.Errorf("Unsupported 'VerifyKey' provided [%v]", k)
   128  	}
   129  
   130  	valid, err = verifier.Verify(k, signature, digest, opts)
   131  	if err != nil {
   132  		return false, errors.Wrapf(err, "Failed verifing with opts [%v]", opts)
   133  	}
   134  
   135  	return
   136  }
   137  
   138  type userSecreKeySignerMultiplexer struct {
   139  	signer                  *handlers.Signer
   140  	nymSigner               *handlers.NymSigner
   141  	credentialRequestSigner *handlers.CredentialRequestSigner
   142  }
   143  
   144  func (s *userSecreKeySignerMultiplexer) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) (signature []byte, err error) {
   145  	switch opts.(type) {
   146  	case *bccsp.IdemixSignerOpts:
   147  		return s.signer.Sign(k, digest, opts)
   148  	case *bccsp.IdemixNymSignerOpts:
   149  		return s.nymSigner.Sign(k, digest, opts)
   150  	case *bccsp.IdemixCredentialRequestSignerOpts:
   151  		return s.credentialRequestSigner.Sign(k, digest, opts)
   152  	default:
   153  		return nil, errors.New("invalid opts, expected *bccsp.IdemixSignerOpt or *bccsp.IdemixNymSignerOpts or *bccsp.IdemixCredentialRequestSignerOpts")
   154  	}
   155  }
   156  
   157  type issuerPublicKeyVerifierMultiplexer struct {
   158  	verifier                  *handlers.Verifier
   159  	credentialRequestVerifier *handlers.CredentialRequestVerifier
   160  }
   161  
   162  func (v *issuerPublicKeyVerifierMultiplexer) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (valid bool, err error) {
   163  	switch opts.(type) {
   164  	case *bccsp.IdemixSignerOpts:
   165  		return v.verifier.Verify(k, signature, digest, opts)
   166  	case *bccsp.IdemixCredentialRequestSignerOpts:
   167  		return v.credentialRequestVerifier.Verify(k, signature, digest, opts)
   168  	default:
   169  		return false, errors.New("invalid opts, expected *bccsp.IdemixSignerOpts or *bccsp.IdemixCredentialRequestSignerOpts")
   170  	}
   171  }