func generateKey() primitives.PrivateKey {
kg, _ := newKeyGenerator()
kgparams, _ := newKeyGeneratorParameter(rand.Reader, primitives.GetDefaultCurve())
kg.Init(kgparams)
privKey, _ := kg.GenerateKey()
return privKey
}
func newKeyGeneratorFromCurve(r io.Reader, curve elliptic.Curve) (primitives.KeyGenerator, error) {
if r == nil {
r = rand.Reader
}
if curve == nil {
curve = primitives.GetDefaultCurve()
}
kg, err := newKeyGenerator()
if err != nil {
return nil, err
}
kgp, err := newKeyGeneratorParameter(r, curve)
if err != nil {
return nil, err
}
err = kg.Init(kgp)
if err != nil {
return nil, err
}
return kg, nil
}
func (ca *CA) createCAKeyPair(name string) *ecdsa.PrivateKey {
caLogger.Debug("Creating CA key pair.")
curve := primitives.GetDefaultCurve()
priv, err := ecdsa.GenerateKey(curve, rand.Reader)
if err == nil {
raw, _ := x509.MarshalECPrivateKey(priv)
cooked := pem.EncodeToMemory(
&pem.Block{
Type: "ECDSA PRIVATE KEY",
Bytes: raw,
})
err = ioutil.WriteFile(ca.path+"/"+name+".priv", cooked, 0644)
if err != nil {
caLogger.Panic(err)
}
raw, _ = x509.MarshalPKIXPublicKey(&priv.PublicKey)
cooked = pem.EncodeToMemory(
&pem.Block{
Type: "ECDSA PUBLIC KEY",
Bytes: raw,
})
err = ioutil.WriteFile(ca.path+"/"+name+".pub", cooked, 0644)
if err != nil {
caLogger.Panic(err)
}
}
if err != nil {
caLogger.Panic(err)
}
return priv
}
func newPrivateKey(r io.Reader, curve elliptic.Curve) (primitives.PrivateKey, error) {
if r == nil {
r = rand.Reader
}
if curve == nil {
curve = primitives.GetDefaultCurve()
}
kg, err := newKeyGeneratorFromCurve(r, curve)
if err != nil {
return nil, err
}
return kg.GenerateKey()
}
func TestMain(m *testing.M) {
setupTestConfig()
curve := primitives.GetDefaultCurve()
fmt.Printf("Default Curve %v \n", curve)
// Init PKI
initPKI()
go startPKI()
defer cleanup()
time.Sleep(time.Second * 10)
fmt.Println("Running tests....")
ret := m.Run()
fmt.Println("End running tests....")
cleanupFiles()
os.Exit(ret)
}
func TestKG(t *testing.T) {
kg, err := newKeyGenerator()
if err != nil {
t.Fatal(err)
}
kgparams, err := newKeyGeneratorParameter(rand.Reader, primitives.GetDefaultCurve())
if err != nil {
t.Fatal(err)
}
err = kg.Init(kgparams)
if err != nil {
t.Fatal(err)
}
privKey, err := kg.GenerateKey()
if err != nil {
t.Fatal(err)
}
if privKey == nil {
t.Fatal("Private Key is nil")
}
}
func (spi *spiImpl) NewDefaultPrivateKey(r io.Reader) (primitives.PrivateKey, error) {
return spi.NewPrivateKey(r, primitives.GetDefaultCurve())
}
func (client *clientImpl) encryptTxVersion1_2(tx *obc.Transaction) error {
// Create (PK_C,SK_C) pair
ccPrivateKey, err := client.eciesSPI.NewPrivateKey(rand.Reader, primitives.GetDefaultCurve())
if err != nil {
client.Errorf("Failed generate chaincode keypair: [%s]", err)
return err
}
// Prepare message to the validators
var (
stateKey []byte
privBytes []byte
)
switch tx.Type {
case obc.Transaction_CHAINCODE_DEPLOY:
// Prepare chaincode stateKey and privateKey
stateKey, err = primitives.GenAESKey()
if err != nil {
client.Errorf("Failed creating state key: [%s]", err)
return err
}
privBytes, err = client.eciesSPI.SerializePrivateKey(ccPrivateKey)
if err != nil {
client.Errorf("Failed serializing chaincode key: [%s]", err)
return err
}
break
case obc.Transaction_CHAINCODE_QUERY:
// Prepare chaincode stateKey and privateKey
stateKey = primitives.HMACAESTruncated(client.queryStateKey, append([]byte{6}, tx.Nonce...))
privBytes, err = client.eciesSPI.SerializePrivateKey(ccPrivateKey)
if err != nil {
client.Errorf("Failed serializing chaincode key: [%s]", err)
return err
}
break
case obc.Transaction_CHAINCODE_INVOKE:
// Prepare chaincode stateKey and privateKey
stateKey = make([]byte, 0)
privBytes, err = client.eciesSPI.SerializePrivateKey(ccPrivateKey)
if err != nil {
client.Errorf("Failed serializing chaincode key: [%s]", err)
return err
}
break
}
// Encrypt message to the validators
cipher, err := client.eciesSPI.NewAsymmetricCipherFromPublicKey(client.chainPublicKey)
if err != nil {
client.Errorf("Failed creating new encryption scheme: [%s]", err)
return err
}
msgToValidators, err := asn1.Marshal(chainCodeValidatorMessage1_2{privBytes, stateKey})
if err != nil {
client.Errorf("Failed preparing message to the validators: [%s]", err)
return err
}
encMsgToValidators, err := cipher.Process(msgToValidators)
if err != nil {
client.Errorf("Failed encrypting message to the validators: [%s]", err)
return err
}
tx.ToValidators = encMsgToValidators
// Encrypt the rest of the fields
// Init with chainccode pk
cipher, err = client.eciesSPI.NewAsymmetricCipherFromPublicKey(ccPrivateKey.GetPublicKey())
if err != nil {
client.Errorf("Failed initiliazing encryption scheme: [%s]", err)
return err
}
// Encrypt chaincodeID using pkC
encryptedChaincodeID, err := cipher.Process(tx.ChaincodeID)
if err != nil {
client.Errorf("Failed encrypting chaincodeID: [%s]", err)
return err
}
tx.ChaincodeID = encryptedChaincodeID
// Encrypt payload using pkC
encryptedPayload, err := cipher.Process(tx.Payload)
if err != nil {
client.Errorf("Failed encrypting payload: [%s]", err)
return err
}
tx.Payload = encryptedPayload
// Encrypt metadata using pkC
if len(tx.Metadata) != 0 {
encryptedMetadata, err := cipher.Process(tx.Metadata)
if err != nil {
client.Errorf("Failed encrypting metadata: [%s]", err)
return err
}
tx.Metadata = encryptedMetadata
}
return nil
}
// NewECA sets up a new ECA.
//
func NewECA() *ECA {
eca := &ECA{NewCA("eca", initializeECATables), nil, nil, nil}
{
// read or create global symmetric encryption key
var cooked string
raw, err := ioutil.ReadFile(eca.path + "/obc.aes")
if err != nil {
rand := rand.Reader
key := make([]byte, 32) // AES-256
rand.Read(key)
cooked = base64.StdEncoding.EncodeToString(key)
err = ioutil.WriteFile(eca.path+"/obc.aes", []byte(cooked), 0644)
if err != nil {
Panic.Panicln(err)
}
} else {
cooked = string(raw)
}
eca.obcKey, err = base64.StdEncoding.DecodeString(cooked)
if err != nil {
Panic.Panicln(err)
}
}
{
// read or create global ECDSA key pair for ECIES
var priv *ecdsa.PrivateKey
cooked, err := ioutil.ReadFile(eca.path + "/obc.ecies")
if err == nil {
block, _ := pem.Decode(cooked)
priv, err = x509.ParseECPrivateKey(block.Bytes)
if err != nil {
Panic.Panicln(err)
}
} else {
priv, err = ecdsa.GenerateKey(primitives.GetDefaultCurve(), rand.Reader)
if err != nil {
Panic.Panicln(err)
}
raw, _ := x509.MarshalECPrivateKey(priv)
cooked = pem.EncodeToMemory(
&pem.Block{
Type: "ECDSA PRIVATE KEY",
Bytes: raw,
})
err := ioutil.WriteFile(eca.path+"/obc.ecies", cooked, 0644)
if err != nil {
Panic.Panicln(err)
}
}
eca.obcPriv = cooked
raw, _ := x509.MarshalPKIXPublicKey(&priv.PublicKey)
eca.obcPub = pem.EncodeToMemory(
&pem.Block{
Type: "ECDSA PUBLIC KEY",
Bytes: raw,
})
}
eca.populateAffiliationGroupsTable()
eca.populateUsersTable()
return eca
}
func TestSPI(t *testing.T) {
spi := NewSPI()
ecdsaKey, err := ecdsa.GenerateKey(primitives.GetDefaultCurve(), rand.Reader)
var a interface{}
a = ecdsaKey
switch t := a.(type) {
case *ecdsa.PrivateKey:
fmt.Printf("a2 [%s]\n", t)
break
case elliptic.Curve:
fmt.Printf("a1 [%s]\n", t)
break
default:
fmt.Printf("a3 [%s]\n", t)
}
fmt.Printf("[%s]\n", ecdsaKey)
if err != nil {
t.Fatal(err)
}
_, err = x509.MarshalECPrivateKey(ecdsaKey)
if err != nil {
t.Fatal(err)
}
fmt.Printf("[%s]\n", ecdsaKey)
privateKey, err := spi.NewPrivateKey(nil, ecdsaKey)
if err != nil {
t.Fatal(err)
}
fmt.Printf("[%s]\n", privateKey.(*secretKeyImpl).priv)
_, err = x509.MarshalECPrivateKey(privateKey.(*secretKeyImpl).priv)
if err != nil {
t.Fatal(err)
}
rawKey, err := spi.SerializePrivateKey(privateKey)
if err != nil {
t.Fatal(err)
}
privateKey, err = spi.DeserializePrivateKey(rawKey)
if err != nil {
t.Fatal(err)
}
// Encrypt
cipher, err := spi.NewAsymmetricCipherFromPublicKey(privateKey.GetPublicKey())
if err != nil {
t.Fatal(err)
}
msg := []byte("Hello World!!!")
ct, err := cipher.Process(msg)
if err != nil {
t.Fatal(err)
}
// Decrypt
cipher, err = spi.NewAsymmetricCipherFromPrivateKey(privateKey)
if err != nil {
t.Fatal(err)
}
plain, err := cipher.Process(ct)
if err != nil {
t.Fatal(err)
}
if !reflect.DeepEqual(msg, plain) {
t.Fatal("Decrypted different message")
}
}
// NewECDSAKey generates a new ECDSA Key
func NewECDSAKey() (*ecdsa.PrivateKey, error) {
return ecdsa.GenerateKey(primitives.GetDefaultCurve(), rand.Reader)
}
