github.com/lzy4123/fabric@v2.1.1+incompatible/bccsp/idemix/handlers/idemix.go

github.com/lzy4123/fabric@v2.1.1+incompatible/bccsp/idemix/handlers/idemix.go (about)

     1  /*
     2  Copyright IBM Corp. All Rights Reserved.
     3  
     4  SPDX-License-Identifier: Apache-2.0
     5  */
     6  package handlers
     7  
     8  import (
     9  	"crypto/ecdsa"
    10  
    11  	"github.com/hyperledger/fabric/bccsp"
    12  )
    13  
    14  // IssuerPublicKey is the issuer public key
    15  type IssuerPublicKey interface {
    16  
    17  	// Bytes returns the byte representation of this key
    18  	Bytes() ([]byte, error)
    19  
    20  	// Hash returns the hash representation of this key.
    21  	// The output is supposed to be collision-resistant
    22  	Hash() []byte
    23  }
    24  
    25  // IssuerPublicKey is the issuer secret key
    26  type IssuerSecretKey interface {
    27  
    28  	// Bytes returns the byte representation of this key
    29  	Bytes() ([]byte, error)
    30  
    31  	// Public returns the corresponding public key
    32  	Public() IssuerPublicKey
    33  }
    34  
    35  // Issuer is a local interface to decouple from the idemix implementation
    36  type Issuer interface {
    37  	// NewKey generates a new idemix issuer key w.r.t the passed attribute names.
    38  	NewKey(AttributeNames []string) (IssuerSecretKey, error)
    39  
    40  	// NewPublicKeyFromBytes converts the passed bytes to an Issuer public key
    41  	// It makes sure that the so obtained public key has the passed attributes, if specified
    42  	NewPublicKeyFromBytes(raw []byte, attributes []string) (IssuerPublicKey, error)
    43  }
    44  
    45  // Big represent a big integer
    46  type Big interface {
    47  	// Bytes returns the byte representation of this key
    48  	Bytes() ([]byte, error)
    49  }
    50  
    51  // Ecp represents an elliptic curve point
    52  type Ecp interface {
    53  	// Bytes returns the byte representation of this key
    54  	Bytes() ([]byte, error)
    55  }
    56  
    57  // User is a local interface to decouple from the idemix implementation
    58  type User interface {
    59  	// NewKey generates a new User secret key
    60  	NewKey() (Big, error)
    61  
    62  	// NewKeyFromBytes converts the passed bytes to a User secret key
    63  	NewKeyFromBytes(raw []byte) (Big, error)
    64  
    65  	// MakeNym creates a new unlinkable pseudonym
    66  	MakeNym(sk Big, key IssuerPublicKey) (Ecp, Big, error)
    67  
    68  	// NewPublicNymFromBytes converts the passed bytes to a public nym
    69  	NewPublicNymFromBytes(raw []byte) (Ecp, error)
    70  }
    71  
    72  // CredRequest is a local interface to decouple from the idemix implementation
    73  // of the issuance of credential requests.
    74  type CredRequest interface {
    75  	// Sign creates a new Credential Request, the first message of the interactive credential issuance protocol
    76  	// (from user to issuer)
    77  	Sign(sk Big, ipk IssuerPublicKey, nonce []byte) ([]byte, error)
    78  
    79  	// Verify verifies the credential request
    80  	Verify(credRequest []byte, ipk IssuerPublicKey, nonce []byte) error
    81  }
    82  
    83  // CredRequest is a local interface to decouple from the idemix implementation
    84  // of the issuance of credentials.
    85  type Credential interface {
    86  
    87  	// Sign issues a new credential, which is the last step of the interactive issuance protocol
    88  	// All attribute values are added by the issuer at this step and then signed together with a commitment to
    89  	// the user's secret key from a credential request
    90  	Sign(key IssuerSecretKey, credentialRequest []byte, attributes []bccsp.IdemixAttribute) ([]byte, error)
    91  
    92  	// Verify cryptographically verifies the credential by verifying the signature
    93  	// on the attribute values and user's secret key
    94  	Verify(sk Big, ipk IssuerPublicKey, credential []byte, attributes []bccsp.IdemixAttribute) error
    95  }
    96  
    97  // Revocation is a local interface to decouple from the idemix implementation
    98  // the revocation-related operations
    99  type Revocation interface {
   100  
   101  	// NewKey generates a long term signing key that will be used for revocation
   102  	NewKey() (*ecdsa.PrivateKey, error)
   103  
   104  	// Sign creates the Credential Revocation Information for a certain time period (epoch).
   105  	// Users can use the CRI to prove that they are not revoked.
   106  	// Note that when not using revocation (i.e., alg = ALG_NO_REVOCATION), the entered unrevokedHandles are not used,
   107  	// and the resulting CRI can be used by any signer.
   108  	Sign(key *ecdsa.PrivateKey, unrevokedHandles [][]byte, epoch int, alg bccsp.RevocationAlgorithm) ([]byte, error)
   109  
   110  	// Verify verifies that the revocation PK for a certain epoch is valid,
   111  	// by checking that it was signed with the long term revocation key.
   112  	// Note that even if we use no revocation (i.e., alg = ALG_NO_REVOCATION), we need
   113  	// to verify the signature to make sure the issuer indeed signed that no revocation
   114  	// is used in this epoch.
   115  	Verify(pk *ecdsa.PublicKey, cri []byte, epoch int, alg bccsp.RevocationAlgorithm) error
   116  }
   117  
   118  // SignatureScheme is a local interface to decouple from the idemix implementation
   119  // the sign-related operations
   120  type SignatureScheme interface {
   121  	// Sign creates a new idemix signature (Schnorr-type signature).
   122  	// The attributes slice steers which attributes are disclosed:
   123  	// If attributes[i].Type == bccsp.IdemixHiddenAttribute then attribute i remains hidden and otherwise it is disclosed.
   124  	// We require the revocation handle to remain undisclosed (i.e., attributes[rhIndex] == bccsp.IdemixHiddenAttribute).
   125  	// Parameters are to be understood as follow:
   126  	// cred: the serialized version of an idemix credential;
   127  	// sk: the user secret key;
   128  	// (Nym, RNym): Nym key-pair;
   129  	// ipk: issuer public key;
   130  	// attributes: as described above;
   131  	// msg: the message to be signed;
   132  	// rhIndex: revocation handle index relative to attributes;
   133  	// cri: the serialized version of the Credential Revocation Information (it contains the epoch this signature
   134  	// is created in reference to).
   135  	Sign(cred []byte, sk Big, Nym Ecp, RNym Big, ipk IssuerPublicKey, attributes []bccsp.IdemixAttribute,
   136  		msg []byte, rhIndex int, cri []byte) ([]byte, error)
   137  
   138  	// Verify verifies an idemix signature.
   139  	// The attribute slice steers which attributes it expects to be disclosed
   140  	// If attributes[i].Type == bccsp.IdemixHiddenAttribute then attribute i remains hidden and otherwise
   141  	// attributes[i].Value is expected to contain the disclosed attribute value.
   142  	// In other words, this function will check that if attribute i is disclosed, the i-th attribute equals attributes[i].Value.
   143  	// Parameters are to be understood as follow:
   144  	// ipk: issuer public key;
   145  	// signature: signature to verify;
   146  	// msg: message signed;
   147  	// attributes: as described above;
   148  	// rhIndex: revocation handle index relative to attributes;
   149  	// revocationPublicKey: revocation public key;
   150  	// epoch: revocation epoch.
   151  	Verify(ipk IssuerPublicKey, signature, msg []byte, attributes []bccsp.IdemixAttribute, rhIndex int, revocationPublicKey *ecdsa.PublicKey, epoch int) error
   152  }
   153  
   154  // NymSignatureScheme is a local interface to decouple from the idemix implementation
   155  // the nym sign-related operations
   156  type NymSignatureScheme interface {
   157  	// Sign creates a new idemix pseudonym signature
   158  	Sign(sk Big, Nym Ecp, RNym Big, ipk IssuerPublicKey, digest []byte) ([]byte, error)
   159  
   160  	// Verify verifies an idemix NymSignature
   161  	Verify(pk IssuerPublicKey, Nym Ecp, signature, digest []byte) error
   162  }