func generateKey() ecies.PrivateKey {
kg, _ := newKeyGenerator()
kgparams, _ := newKeyGeneratorParameter(rand.Reader, conf.GetDefaultCurve())
kg.Init(kgparams)
privKey, _ := kg.GenerateKey()
return privKey
}
func (ca *CA) createCAKeyPair(name string) *ecdsa.PrivateKey {
Trace.Println("Creating CA key pair.")
curve := conf.GetDefaultCurve()
priv, err := ecdsa.GenerateKey(curve, rand.Reader)
if err == nil {
raw, _ := x509.MarshalECPrivateKey(priv)
cooked := pem.EncodeToMemory(
&pem.Block{
Type: "ECDSA PRIVATE KEY",
Bytes: raw,
})
err := ioutil.WriteFile(ca.path+"/"+name+".priv", cooked, 0644)
if err != nil {
Panic.Panicln(err)
}
raw, _ = x509.MarshalPKIXPublicKey(&priv.PublicKey)
cooked = pem.EncodeToMemory(
&pem.Block{
Type: "ECDSA PUBLIC KEY",
Bytes: raw,
})
err = ioutil.WriteFile(ca.path+"/"+name+".pub", cooked, 0644)
if err != nil {
Panic.Panicln(err)
}
}
if err != nil {
Panic.Panicln(err)
}
return priv
}
func TestKG(t *testing.T) {
kg, err := newKeyGenerator()
if err != nil {
t.Fatal(err)
}
kgparams, err := newKeyGeneratorParameter(rand.Reader, conf.GetDefaultCurve())
if err != nil {
t.Fatal(err)
}
err = kg.Init(kgparams)
if err != nil {
t.Fatal(err)
}
privKey, err := kg.GenerateKey()
if err != nil {
t.Fatal(err)
}
if privKey == nil {
t.Fatal("Private Key is nil")
}
}
// NewECA sets up a new ECA.
//
func NewECA() *ECA {
eca := &ECA{NewCA("eca"), nil, nil, nil}
{
// read or create global symmetric encryption key
var cooked string
raw, err := ioutil.ReadFile(eca.path + "/obc.aes")
if err != nil {
rand := rand.Reader
key := make([]byte, 32) // AES-256
rand.Read(key)
cooked = base64.StdEncoding.EncodeToString(key)
err = ioutil.WriteFile(eca.path+"/obc.aes", []byte(cooked), 0644)
if err != nil {
Panic.Panicln(err)
}
} else {
cooked = string(raw)
}
eca.obcKey, err = base64.StdEncoding.DecodeString(cooked)
if err != nil {
Panic.Panicln(err)
}
}
{
// read or create global ECDSA key pair for ECIES
var priv *ecdsa.PrivateKey
cooked, err := ioutil.ReadFile(eca.path + "/obc.ecies")
if err == nil {
block, _ := pem.Decode(cooked)
priv, err = x509.ParseECPrivateKey(block.Bytes)
if err != nil {
Panic.Panicln(err)
}
} else {
priv, err = ecdsa.GenerateKey(conf.GetDefaultCurve(), rand.Reader)
if err != nil {
Panic.Panicln(err)
}
raw, _ := x509.MarshalECPrivateKey(priv)
cooked = pem.EncodeToMemory(
&pem.Block{
Type: "ECDSA PRIVATE KEY",
Bytes: raw,
})
err := ioutil.WriteFile(eca.path+"/obc.ecies", cooked, 0644)
if err != nil {
Panic.Panicln(err)
}
}
eca.obcPriv = cooked
raw, _ := x509.MarshalPKIXPublicKey(&priv.PublicKey)
eca.obcPub = pem.EncodeToMemory(
&pem.Block{
Type: "ECDSA PUBLIC KEY",
Bytes: raw,
})
}
// populate user table
users := viper.GetStringMapString("eca.users")
for id, flds := range users {
vals := strings.Fields(flds)
role, err := strconv.Atoi(vals[0])
if err != nil {
Panic.Panicln(err)
}
eca.registerUser(id, role, vals[1])
}
return eca
}
func (client *clientImpl) encryptTxVersion1_2(tx *obc.Transaction) error {
// Create (PK_C,SK_C) pair
ccPrivateKey, err := client.eciesSPI.NewPrivateKey(rand.Reader, conf.GetDefaultCurve())
if err != nil {
client.error("Failed generate chaincode keypair: [%s]", err)
return err
}
// Prepare message to the validators
var (
stateKey []byte
privBytes []byte
)
switch tx.Type {
case obc.Transaction_CHAINCODE_NEW:
// Prepare chaincode stateKey and privateKey
stateKey, err = utils.GenAESKey()
if err != nil {
client.error("Failed creating state key: [%s]", err)
return err
}
privBytes, err = client.eciesSPI.SerializePrivateKey(ccPrivateKey)
if err != nil {
client.error("Failed serializing chaincode key: [%s]", err)
return err
}
break
case obc.Transaction_CHAINCODE_QUERY:
// Prepare chaincode stateKey and privateKey
stateKey = utils.HMACTruncated(client.queryStateKey, append([]byte{6}, tx.Nonce...), utils.AESKeyLength)
privBytes, err = client.eciesSPI.SerializePrivateKey(ccPrivateKey)
if err != nil {
client.error("Failed serializing chaincode key: [%s]", err)
return err
}
break
case obc.Transaction_CHAINCODE_EXECUTE:
// Prepare chaincode stateKey and privateKey
stateKey = make([]byte, 0)
privBytes, err = client.eciesSPI.SerializePrivateKey(ccPrivateKey)
if err != nil {
client.error("Failed serializing chaincode key: [%s]", err)
return err
}
break
}
// Encrypt message to the validators
cipher, err := client.eciesSPI.NewAsymmetricCipherFromPublicKey(client.chainPublicKey)
if err != nil {
client.error("Failed creating new encryption scheme: [%s]", err)
return err
}
msgToValidators, err := asn1.Marshal(chainCodeValidatorMessage1_2{privBytes, stateKey})
if err != nil {
client.error("Failed preparing message to the validators: [%s]", err)
return err
}
encMsgToValidators, err := cipher.Process(msgToValidators)
if err != nil {
client.error("Failed encrypting message to the validators: [%s]", err)
return err
}
tx.ToValidators = encMsgToValidators
// Encrypt the rest of the fields
// Init with chainccode pk
cipher, err = client.eciesSPI.NewAsymmetricCipherFromPublicKey(ccPrivateKey.GetPublicKey())
if err != nil {
client.error("Failed initiliazing encryption scheme: [%s]", err)
return err
}
// Encrypt chaincodeID using pkC
encryptedChaincodeID, err := cipher.Process(tx.ChaincodeID)
if err != nil {
client.error("Failed encrypting chaincodeID: [%s]", err)
return err
}
tx.ChaincodeID = encryptedChaincodeID
// Encrypt payload using pkC
encryptedPayload, err := cipher.Process(tx.Payload)
if err != nil {
client.error("Failed encrypting payload: [%s]", err)
return err
}
tx.Payload = encryptedPayload
// Encrypt metadata using pkC
if len(tx.Metadata) != 0 {
encryptedMetadata, err := cipher.Process(tx.Metadata)
if err != nil {
client.error("Failed encrypting metadata: [%s]", err)
return err
}
tx.Metadata = encryptedMetadata
}
return nil
}
func TestSPI(t *testing.T) {
spi := NewSPI()
ecdsaKey, err := ecdsa.GenerateKey(conf.GetDefaultCurve(), rand.Reader)
var a interface{}
a = ecdsaKey
switch t := a.(type) {
case *ecdsa.PrivateKey:
fmt.Printf("a2 [%s]\n", t)
break
case elliptic.Curve:
fmt.Printf("a1 [%s]\n", t)
break
default:
fmt.Printf("a3 [%s]\n", t)
}
fmt.Printf("[%s]\n", ecdsaKey)
if err != nil {
t.Fatal(err)
}
_, err = x509.MarshalECPrivateKey(ecdsaKey)
if err != nil {
t.Fatal(err)
}
fmt.Printf("[%s]\n", ecdsaKey)
privateKey, err := spi.NewPrivateKey(nil, ecdsaKey)
if err != nil {
t.Fatal(err)
}
fmt.Printf("[%s]\n", privateKey.(*secretKeyImpl).priv)
_, err = x509.MarshalECPrivateKey(privateKey.(*secretKeyImpl).priv)
if err != nil {
t.Fatal(err)
}
rawKey, err := spi.SerializePrivateKey(privateKey)
if err != nil {
t.Fatal(err)
}
privateKey, err = spi.DeserializePrivateKey(rawKey)
if err != nil {
t.Fatal(err)
}
// Encrypt
cipher, err := spi.NewAsymmetricCipherFromPublicKey(privateKey.GetPublicKey())
if err != nil {
t.Fatal(err)
}
msg := []byte("Hello World!!!")
ct, err := cipher.Process(msg)
if err != nil {
t.Fatal(err)
}
// Decrypt
cipher, err = spi.NewAsymmetricCipherFromPrivateKey(privateKey)
if err != nil {
t.Fatal(err)
}
plain, err := cipher.Process(ct)
if err != nil {
t.Fatal(err)
}
if !reflect.DeepEqual(msg, plain) {
t.Fatal("Decrypted different message")
}
}