Exemple #1
0
func generateKey() primitives.PrivateKey {
	kg, _ := newKeyGenerator()
	kgparams, _ := newKeyGeneratorParameter(rand.Reader, primitives.GetDefaultCurve())
	kg.Init(kgparams)
	privKey, _ := kg.GenerateKey()
	return privKey
}
Exemple #2
0
func newKeyGeneratorFromCurve(r io.Reader, curve elliptic.Curve) (primitives.KeyGenerator, error) {
	if r == nil {
		r = rand.Reader
	}
	if curve == nil {
		curve = primitives.GetDefaultCurve()
	}

	kg, err := newKeyGenerator()
	if err != nil {
		return nil, err
	}

	kgp, err := newKeyGeneratorParameter(r, curve)
	if err != nil {
		return nil, err
	}

	err = kg.Init(kgp)
	if err != nil {
		return nil, err
	}

	return kg, nil
}
Exemple #3
0
func (ca *CA) createCAKeyPair(name string) *ecdsa.PrivateKey {
	caLogger.Debug("Creating CA key pair.")

	curve := primitives.GetDefaultCurve()

	priv, err := ecdsa.GenerateKey(curve, rand.Reader)
	if err == nil {
		raw, _ := x509.MarshalECPrivateKey(priv)
		cooked := pem.EncodeToMemory(
			&pem.Block{
				Type:  "ECDSA PRIVATE KEY",
				Bytes: raw,
			})
		err = ioutil.WriteFile(ca.path+"/"+name+".priv", cooked, 0644)
		if err != nil {
			caLogger.Panic(err)
		}

		raw, _ = x509.MarshalPKIXPublicKey(&priv.PublicKey)
		cooked = pem.EncodeToMemory(
			&pem.Block{
				Type:  "ECDSA PUBLIC KEY",
				Bytes: raw,
			})
		err = ioutil.WriteFile(ca.path+"/"+name+".pub", cooked, 0644)
		if err != nil {
			caLogger.Panic(err)
		}
	}
	if err != nil {
		caLogger.Panic(err)
	}

	return priv
}
Exemple #4
0
func newPrivateKey(r io.Reader, curve elliptic.Curve) (primitives.PrivateKey, error) {
	if r == nil {
		r = rand.Reader
	}
	if curve == nil {
		curve = primitives.GetDefaultCurve()
	}
	kg, err := newKeyGeneratorFromCurve(r, curve)
	if err != nil {
		return nil, err
	}
	return kg.GenerateKey()
}
Exemple #5
0
func TestMain(m *testing.M) {
	setupTestConfig()
	curve := primitives.GetDefaultCurve()
	fmt.Printf("Default Curve %v \n", curve)
	// Init PKI
	initPKI()
	go startPKI()
	defer cleanup()
	time.Sleep(time.Second * 10)
	fmt.Println("Running tests....")
	ret := m.Run()
	fmt.Println("End running tests....")
	cleanupFiles()
	os.Exit(ret)

}
Exemple #6
0
func TestKG(t *testing.T) {
	kg, err := newKeyGenerator()
	if err != nil {
		t.Fatal(err)
	}

	kgparams, err := newKeyGeneratorParameter(rand.Reader, primitives.GetDefaultCurve())
	if err != nil {
		t.Fatal(err)
	}
	err = kg.Init(kgparams)
	if err != nil {
		t.Fatal(err)
	}
	privKey, err := kg.GenerateKey()
	if err != nil {
		t.Fatal(err)
	}
	if privKey == nil {
		t.Fatal("Private Key is nil")
	}
}
Exemple #7
0
func (spi *spiImpl) NewDefaultPrivateKey(r io.Reader) (primitives.PrivateKey, error) {
	return spi.NewPrivateKey(r, primitives.GetDefaultCurve())
}
func (client *clientImpl) encryptTxVersion1_2(tx *obc.Transaction) error {
	// Create (PK_C,SK_C) pair
	ccPrivateKey, err := client.eciesSPI.NewPrivateKey(rand.Reader, primitives.GetDefaultCurve())
	if err != nil {
		client.Errorf("Failed generate chaincode keypair: [%s]", err)

		return err
	}

	// Prepare message to the validators
	var (
		stateKey  []byte
		privBytes []byte
	)

	switch tx.Type {
	case obc.Transaction_CHAINCODE_DEPLOY:
		// Prepare chaincode stateKey and privateKey
		stateKey, err = primitives.GenAESKey()
		if err != nil {
			client.Errorf("Failed creating state key: [%s]", err)

			return err
		}

		privBytes, err = client.eciesSPI.SerializePrivateKey(ccPrivateKey)
		if err != nil {
			client.Errorf("Failed serializing chaincode key: [%s]", err)

			return err
		}

		break
	case obc.Transaction_CHAINCODE_QUERY:
		// Prepare chaincode stateKey and privateKey
		stateKey = primitives.HMACAESTruncated(client.queryStateKey, append([]byte{6}, tx.Nonce...))

		privBytes, err = client.eciesSPI.SerializePrivateKey(ccPrivateKey)
		if err != nil {
			client.Errorf("Failed serializing chaincode key: [%s]", err)

			return err
		}

		break
	case obc.Transaction_CHAINCODE_INVOKE:
		// Prepare chaincode stateKey and privateKey
		stateKey = make([]byte, 0)

		privBytes, err = client.eciesSPI.SerializePrivateKey(ccPrivateKey)
		if err != nil {
			client.Errorf("Failed serializing chaincode key: [%s]", err)

			return err
		}
		break
	}

	// Encrypt message to the validators
	cipher, err := client.eciesSPI.NewAsymmetricCipherFromPublicKey(client.chainPublicKey)
	if err != nil {
		client.Errorf("Failed creating new encryption scheme: [%s]", err)

		return err
	}

	msgToValidators, err := asn1.Marshal(chainCodeValidatorMessage1_2{privBytes, stateKey})
	if err != nil {
		client.Errorf("Failed preparing message to the validators: [%s]", err)

		return err
	}

	encMsgToValidators, err := cipher.Process(msgToValidators)
	if err != nil {
		client.Errorf("Failed encrypting message to the validators: [%s]", err)

		return err
	}
	tx.ToValidators = encMsgToValidators

	// Encrypt the rest of the fields

	// Init with chainccode pk
	cipher, err = client.eciesSPI.NewAsymmetricCipherFromPublicKey(ccPrivateKey.GetPublicKey())
	if err != nil {
		client.Errorf("Failed initiliazing encryption scheme: [%s]", err)

		return err
	}

	// Encrypt chaincodeID using pkC
	encryptedChaincodeID, err := cipher.Process(tx.ChaincodeID)
	if err != nil {
		client.Errorf("Failed encrypting chaincodeID: [%s]", err)

		return err
	}
	tx.ChaincodeID = encryptedChaincodeID

	// Encrypt payload using pkC
	encryptedPayload, err := cipher.Process(tx.Payload)
	if err != nil {
		client.Errorf("Failed encrypting payload: [%s]", err)

		return err
	}
	tx.Payload = encryptedPayload

	// Encrypt metadata using pkC
	if len(tx.Metadata) != 0 {
		encryptedMetadata, err := cipher.Process(tx.Metadata)
		if err != nil {
			client.Errorf("Failed encrypting metadata: [%s]", err)

			return err
		}
		tx.Metadata = encryptedMetadata
	}

	return nil
}
Exemple #9
0
// NewECA sets up a new ECA.
//
func NewECA() *ECA {
	eca := &ECA{NewCA("eca", initializeECATables), nil, nil, nil}

	{
		// read or create global symmetric encryption key
		var cooked string

		raw, err := ioutil.ReadFile(eca.path + "/obc.aes")
		if err != nil {
			rand := rand.Reader
			key := make([]byte, 32) // AES-256
			rand.Read(key)
			cooked = base64.StdEncoding.EncodeToString(key)

			err = ioutil.WriteFile(eca.path+"/obc.aes", []byte(cooked), 0644)
			if err != nil {
				Panic.Panicln(err)
			}
		} else {
			cooked = string(raw)
		}

		eca.obcKey, err = base64.StdEncoding.DecodeString(cooked)
		if err != nil {
			Panic.Panicln(err)
		}
	}

	{
		// read or create global ECDSA key pair for ECIES
		var priv *ecdsa.PrivateKey
		cooked, err := ioutil.ReadFile(eca.path + "/obc.ecies")
		if err == nil {
			block, _ := pem.Decode(cooked)
			priv, err = x509.ParseECPrivateKey(block.Bytes)
			if err != nil {
				Panic.Panicln(err)
			}
		} else {
			priv, err = ecdsa.GenerateKey(primitives.GetDefaultCurve(), rand.Reader)
			if err != nil {
				Panic.Panicln(err)
			}

			raw, _ := x509.MarshalECPrivateKey(priv)
			cooked = pem.EncodeToMemory(
				&pem.Block{
					Type:  "ECDSA PRIVATE KEY",
					Bytes: raw,
				})
			err := ioutil.WriteFile(eca.path+"/obc.ecies", cooked, 0644)
			if err != nil {
				Panic.Panicln(err)
			}
		}

		eca.obcPriv = cooked
		raw, _ := x509.MarshalPKIXPublicKey(&priv.PublicKey)
		eca.obcPub = pem.EncodeToMemory(
			&pem.Block{
				Type:  "ECDSA PUBLIC KEY",
				Bytes: raw,
			})
	}

	eca.populateAffiliationGroupsTable()
	eca.populateUsersTable()
	return eca
}
Exemple #10
0
func TestSPI(t *testing.T) {

	spi := NewSPI()

	ecdsaKey, err := ecdsa.GenerateKey(primitives.GetDefaultCurve(), rand.Reader)

	var a interface{}
	a = ecdsaKey

	switch t := a.(type) {
	case *ecdsa.PrivateKey:
		fmt.Printf("a2 [%s]\n", t)
		break
	case elliptic.Curve:
		fmt.Printf("a1 [%s]\n", t)
		break
	default:
		fmt.Printf("a3 [%s]\n", t)

	}

	fmt.Printf("[%s]\n", ecdsaKey)
	if err != nil {
		t.Fatal(err)
	}
	_, err = x509.MarshalECPrivateKey(ecdsaKey)
	if err != nil {
		t.Fatal(err)
	}
	fmt.Printf("[%s]\n", ecdsaKey)

	privateKey, err := spi.NewPrivateKey(nil, ecdsaKey)
	if err != nil {
		t.Fatal(err)
	}

	fmt.Printf("[%s]\n", privateKey.(*secretKeyImpl).priv)
	_, err = x509.MarshalECPrivateKey(privateKey.(*secretKeyImpl).priv)
	if err != nil {
		t.Fatal(err)
	}

	rawKey, err := spi.SerializePrivateKey(privateKey)
	if err != nil {
		t.Fatal(err)
	}

	privateKey, err = spi.DeserializePrivateKey(rawKey)
	if err != nil {
		t.Fatal(err)
	}

	// Encrypt
	cipher, err := spi.NewAsymmetricCipherFromPublicKey(privateKey.GetPublicKey())
	if err != nil {
		t.Fatal(err)
	}

	msg := []byte("Hello World!!!")
	ct, err := cipher.Process(msg)
	if err != nil {
		t.Fatal(err)
	}

	// Decrypt
	cipher, err = spi.NewAsymmetricCipherFromPrivateKey(privateKey)
	if err != nil {
		t.Fatal(err)
	}

	plain, err := cipher.Process(ct)
	if err != nil {
		t.Fatal(err)
	}

	if !reflect.DeepEqual(msg, plain) {
		t.Fatal("Decrypted different message")
	}

}
Exemple #11
0
// NewECDSAKey generates a new ECDSA Key
func NewECDSAKey() (*ecdsa.PrivateKey, error) {
	return ecdsa.GenerateKey(primitives.GetDefaultCurve(), rand.Reader)
}