github.com/lzy4123/fabric@v2.1.1+incompatible/bccsp/idemix/bridge/revocation.go

github.com/lzy4123/fabric@v2.1.1+incompatible/bccsp/idemix/bridge/revocation.go (about)

     1  /*
     2  Copyright IBM Corp. All Rights Reserved.
     3  
     4  SPDX-License-Identifier: Apache-2.0
     5  */
     6  package bridge
     7  
     8  import (
     9  	"crypto/ecdsa"
    10  
    11  	"github.com/golang/protobuf/proto"
    12  	"github.com/hyperledger/fabric-amcl/amcl/FP256BN"
    13  	"github.com/hyperledger/fabric/bccsp"
    14  	cryptolib "github.com/hyperledger/fabric/idemix"
    15  	"github.com/pkg/errors"
    16  )
    17  
    18  // Revocation encapsulates the idemix algorithms for revocation
    19  type Revocation struct {
    20  }
    21  
    22  // NewKey generate a new revocation key-pair.
    23  func (*Revocation) NewKey() (*ecdsa.PrivateKey, error) {
    24  	return cryptolib.GenerateLongTermRevocationKey()
    25  }
    26  
    27  // Sign generates a new CRI with the respect to the passed unrevoked handles, epoch, and revocation algorithm.
    28  func (*Revocation) Sign(key *ecdsa.PrivateKey, unrevokedHandles [][]byte, epoch int, alg bccsp.RevocationAlgorithm) (res []byte, err error) {
    29  	defer func() {
    30  		if r := recover(); r != nil {
    31  			res = nil
    32  			err = errors.Errorf("failure [%s]", r)
    33  		}
    34  	}()
    35  
    36  	handles := make([]*FP256BN.BIG, len(unrevokedHandles))
    37  	for i := 0; i < len(unrevokedHandles); i++ {
    38  		handles[i] = FP256BN.FromBytes(unrevokedHandles[i])
    39  	}
    40  	cri, err := cryptolib.CreateCRI(key, handles, epoch, cryptolib.RevocationAlgorithm(alg), NewRandOrPanic())
    41  	if err != nil {
    42  		return nil, errors.WithMessage(err, "failed creating CRI")
    43  	}
    44  
    45  	return proto.Marshal(cri)
    46  }
    47  
    48  // Verify checks that the passed serialised CRI (criRaw) is valid with the respect to the passed revocation public key,
    49  // epoch, and revocation algorithm.
    50  func (*Revocation) Verify(pk *ecdsa.PublicKey, criRaw []byte, epoch int, alg bccsp.RevocationAlgorithm) (err error) {
    51  	defer func() {
    52  		if r := recover(); r != nil {
    53  			err = errors.Errorf("failure [%s]", r)
    54  		}
    55  	}()
    56  
    57  	cri := &cryptolib.CredentialRevocationInformation{}
    58  	err = proto.Unmarshal(criRaw, cri)
    59  	if err != nil {
    60  		return err
    61  	}
    62  
    63  	return cryptolib.VerifyEpochPK(
    64  		pk,
    65  		cri.EpochPk,
    66  		cri.EpochPkSig,
    67  		int(cri.Epoch),
    68  		cryptolib.RevocationAlgorithm(cri.RevocationAlg),
    69  	)
    70  }