github.com/lzy4123/fabric@v2.1.1+incompatible/bccsp/idemix/handlers/cred.go (about) 1 /* 2 Copyright IBM Corp. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 package handlers 7 8 import ( 9 "github.com/hyperledger/fabric/bccsp" 10 "github.com/pkg/errors" 11 ) 12 13 // CredentialRequestSigner produces credential requests 14 type CredentialRequestSigner struct { 15 // CredRequest implements the underlying cryptographic algorithms 16 CredRequest CredRequest 17 } 18 19 func (c *CredentialRequestSigner) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) ([]byte, error) { 20 userSecretKey, ok := k.(*userSecretKey) 21 if !ok { 22 return nil, errors.New("invalid key, expected *userSecretKey") 23 } 24 credentialRequestSignerOpts, ok := opts.(*bccsp.IdemixCredentialRequestSignerOpts) 25 if !ok { 26 return nil, errors.New("invalid options, expected *IdemixCredentialRequestSignerOpts") 27 } 28 if credentialRequestSignerOpts.IssuerPK == nil { 29 return nil, errors.New("invalid options, missing issuer public key") 30 } 31 issuerPK, ok := credentialRequestSignerOpts.IssuerPK.(*issuerPublicKey) 32 if !ok { 33 return nil, errors.New("invalid options, expected IssuerPK as *issuerPublicKey") 34 } 35 36 return c.CredRequest.Sign(userSecretKey.sk, issuerPK.pk, credentialRequestSignerOpts.IssuerNonce) 37 } 38 39 // CredentialRequestVerifier verifies credential requests 40 type CredentialRequestVerifier struct { 41 // CredRequest implements the underlying cryptographic algorithms 42 CredRequest CredRequest 43 } 44 45 func (c *CredentialRequestVerifier) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (bool, error) { 46 issuerPublicKey, ok := k.(*issuerPublicKey) 47 if !ok { 48 return false, errors.New("invalid key, expected *issuerPublicKey") 49 } 50 credentialRequestSignerOpts, ok := opts.(*bccsp.IdemixCredentialRequestSignerOpts) 51 if !ok { 52 return false, errors.New("invalid options, expected *IdemixCredentialRequestSignerOpts") 53 } 54 55 err := c.CredRequest.Verify(signature, issuerPublicKey.pk, credentialRequestSignerOpts.IssuerNonce) 56 if err != nil { 57 return false, err 58 } 59 60 return true, nil 61 } 62 63 type CredentialSigner struct { 64 Credential Credential 65 } 66 67 func (s *CredentialSigner) Sign(k bccsp.Key, digest []byte, opts bccsp.SignerOpts) (signature []byte, err error) { 68 issuerSecretKey, ok := k.(*issuerSecretKey) 69 if !ok { 70 return nil, errors.New("invalid key, expected *issuerSecretKey") 71 } 72 credOpts, ok := opts.(*bccsp.IdemixCredentialSignerOpts) 73 if !ok { 74 return nil, errors.New("invalid options, expected *IdemixCredentialSignerOpts") 75 } 76 77 signature, err = s.Credential.Sign(issuerSecretKey.sk, digest, credOpts.Attributes) 78 if err != nil { 79 return nil, err 80 } 81 82 return 83 } 84 85 type CredentialVerifier struct { 86 Credential Credential 87 } 88 89 func (v *CredentialVerifier) Verify(k bccsp.Key, signature, digest []byte, opts bccsp.SignerOpts) (valid bool, err error) { 90 userSecretKey, ok := k.(*userSecretKey) 91 if !ok { 92 return false, errors.New("invalid key, expected *userSecretKey") 93 } 94 credOpts, ok := opts.(*bccsp.IdemixCredentialSignerOpts) 95 if !ok { 96 return false, errors.New("invalid options, expected *IdemixCredentialSignerOpts") 97 } 98 if credOpts.IssuerPK == nil { 99 return false, errors.New("invalid options, missing issuer public key") 100 } 101 ipk, ok := credOpts.IssuerPK.(*issuerPublicKey) 102 if !ok { 103 return false, errors.New("invalid issuer public key, expected *issuerPublicKey") 104 } 105 if len(signature) == 0 { 106 return false, errors.New("invalid signature, it must not be empty") 107 } 108 109 err = v.Credential.Verify(userSecretKey.sk, ipk.pk, signature, credOpts.Attributes) 110 if err != nil { 111 return false, err 112 } 113 114 return true, nil 115 }