github.com/tenywen/fabric@v1.0.0-beta.0.20170620030522-a5b1ed380643/gossip/api/crypto.go

github.com/tenywen/fabric@v1.0.0-beta.0.20170620030522-a5b1ed380643/gossip/api/crypto.go (about)

     1  /*
     2  Copyright IBM Corp. 2016 All Rights Reserved.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8  		 http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package api
    18  
    19  import (
    20  	"github.com/hyperledger/fabric/gossip/common"
    21  	"google.golang.org/grpc"
    22  )
    23  
    24  // MessageCryptoService is the contract between the gossip component and the
    25  // peer's cryptographic layer and is used by the gossip component to verify,
    26  // and authenticate remote peers and data they send, as well as to verify
    27  // received blocks from the ordering service.
    28  type MessageCryptoService interface {
    29  
    30  	// GetPKIidOfCert returns the PKI-ID of a peer's identity
    31  	// If any error occurs, the method return nil
    32  	// This method does not validate peerIdentity.
    33  	// This validation is supposed to be done appropriately during the execution flow.
    34  	GetPKIidOfCert(peerIdentity PeerIdentityType) common.PKIidType
    35  
    36  	// VerifyBlock returns nil if the block is properly signed, and the claimed seqNum is the
    37  	// sequence number that the block's header contains.
    38  	// else returns error
    39  	VerifyBlock(chainID common.ChainID, seqNum uint64, signedBlock []byte) error
    40  
    41  	// Sign signs msg with this peer's signing key and outputs
    42  	// the signature if no error occurred.
    43  	Sign(msg []byte) ([]byte, error)
    44  
    45  	// Verify checks that signature is a valid signature of message under a peer's verification key.
    46  	// If the verification succeeded, Verify returns nil meaning no error occurred.
    47  	// If peerIdentity is nil, then the verification fails.
    48  	Verify(peerIdentity PeerIdentityType, signature, message []byte) error
    49  
    50  	// VerifyByChannel checks that signature is a valid signature of message
    51  	// under a peer's verification key, but also in the context of a specific channel.
    52  	// If the verification succeeded, Verify returns nil meaning no error occurred.
    53  	// If peerIdentity is nil, then the verification fails.
    54  	VerifyByChannel(chainID common.ChainID, peerIdentity PeerIdentityType, signature, message []byte) error
    55  
    56  	// ValidateIdentity validates the identity of a remote peer.
    57  	// If the identity is invalid, revoked, expired it returns an error.
    58  	// Else, returns nil
    59  	ValidateIdentity(peerIdentity PeerIdentityType) error
    60  }
    61  
    62  // PeerIdentityType is the peer's certificate
    63  type PeerIdentityType []byte
    64  
    65  // PeerSuspector returns whether a peer with a given identity is suspected
    66  // as being revoked, or its CA is revoked
    67  type PeerSuspector func(identity PeerIdentityType) bool
    68  
    69  // PeerSecureDialOpts returns the gRPC DialOptions to use for connection level
    70  // security when communicating with remote peer endpoints
    71  type PeerSecureDialOpts func() []grpc.DialOption