func generateKey() ecies.PrivateKey { kg, _ := newKeyGenerator() kgparams, _ := newKeyGeneratorParameter(rand.Reader, conf.GetDefaultCurve()) kg.Init(kgparams) privKey, _ := kg.GenerateKey() return privKey }
func (ca *CA) createCAKeyPair(name string) *ecdsa.PrivateKey { Trace.Println("Creating CA key pair.") curve := conf.GetDefaultCurve() priv, err := ecdsa.GenerateKey(curve, rand.Reader) if err == nil { raw, _ := x509.MarshalECPrivateKey(priv) cooked := pem.EncodeToMemory( &pem.Block{ Type: "ECDSA PRIVATE KEY", Bytes: raw, }) err := ioutil.WriteFile(ca.path+"/"+name+".priv", cooked, 0644) if err != nil { Panic.Panicln(err) } raw, _ = x509.MarshalPKIXPublicKey(&priv.PublicKey) cooked = pem.EncodeToMemory( &pem.Block{ Type: "ECDSA PUBLIC KEY", Bytes: raw, }) err = ioutil.WriteFile(ca.path+"/"+name+".pub", cooked, 0644) if err != nil { Panic.Panicln(err) } } if err != nil { Panic.Panicln(err) } return priv }
func TestKG(t *testing.T) { kg, err := newKeyGenerator() if err != nil { t.Fatal(err) } kgparams, err := newKeyGeneratorParameter(rand.Reader, conf.GetDefaultCurve()) if err != nil { t.Fatal(err) } err = kg.Init(kgparams) if err != nil { t.Fatal(err) } privKey, err := kg.GenerateKey() if err != nil { t.Fatal(err) } if privKey == nil { t.Fatal("Private Key is nil") } }
// NewECA sets up a new ECA. // func NewECA() *ECA { eca := &ECA{NewCA("eca"), nil, nil, nil} { // read or create global symmetric encryption key var cooked string raw, err := ioutil.ReadFile(eca.path + "/obc.aes") if err != nil { rand := rand.Reader key := make([]byte, 32) // AES-256 rand.Read(key) cooked = base64.StdEncoding.EncodeToString(key) err = ioutil.WriteFile(eca.path+"/obc.aes", []byte(cooked), 0644) if err != nil { Panic.Panicln(err) } } else { cooked = string(raw) } eca.obcKey, err = base64.StdEncoding.DecodeString(cooked) if err != nil { Panic.Panicln(err) } } { // read or create global ECDSA key pair for ECIES var priv *ecdsa.PrivateKey cooked, err := ioutil.ReadFile(eca.path + "/obc.ecies") if err == nil { block, _ := pem.Decode(cooked) priv, err = x509.ParseECPrivateKey(block.Bytes) if err != nil { Panic.Panicln(err) } } else { priv, err = ecdsa.GenerateKey(conf.GetDefaultCurve(), rand.Reader) if err != nil { Panic.Panicln(err) } raw, _ := x509.MarshalECPrivateKey(priv) cooked = pem.EncodeToMemory( &pem.Block{ Type: "ECDSA PRIVATE KEY", Bytes: raw, }) err := ioutil.WriteFile(eca.path+"/obc.ecies", cooked, 0644) if err != nil { Panic.Panicln(err) } } eca.obcPriv = cooked raw, _ := x509.MarshalPKIXPublicKey(&priv.PublicKey) eca.obcPub = pem.EncodeToMemory( &pem.Block{ Type: "ECDSA PUBLIC KEY", Bytes: raw, }) } // populate user table users := viper.GetStringMapString("eca.users") for id, flds := range users { vals := strings.Fields(flds) role, err := strconv.Atoi(vals[0]) if err != nil { Panic.Panicln(err) } eca.registerUser(id, role, vals[1]) } return eca }
func (client *clientImpl) encryptTxVersion1_2(tx *obc.Transaction) error { // Create (PK_C,SK_C) pair ccPrivateKey, err := client.eciesSPI.NewPrivateKey(rand.Reader, conf.GetDefaultCurve()) if err != nil { client.error("Failed generate chaincode keypair: [%s]", err) return err } // Prepare message to the validators var ( stateKey []byte privBytes []byte ) switch tx.Type { case obc.Transaction_CHAINCODE_NEW: // Prepare chaincode stateKey and privateKey stateKey, err = utils.GenAESKey() if err != nil { client.error("Failed creating state key: [%s]", err) return err } privBytes, err = client.eciesSPI.SerializePrivateKey(ccPrivateKey) if err != nil { client.error("Failed serializing chaincode key: [%s]", err) return err } break case obc.Transaction_CHAINCODE_QUERY: // Prepare chaincode stateKey and privateKey stateKey = utils.HMACTruncated(client.queryStateKey, append([]byte{6}, tx.Nonce...), utils.AESKeyLength) privBytes, err = client.eciesSPI.SerializePrivateKey(ccPrivateKey) if err != nil { client.error("Failed serializing chaincode key: [%s]", err) return err } break case obc.Transaction_CHAINCODE_EXECUTE: // Prepare chaincode stateKey and privateKey stateKey = make([]byte, 0) privBytes, err = client.eciesSPI.SerializePrivateKey(ccPrivateKey) if err != nil { client.error("Failed serializing chaincode key: [%s]", err) return err } break } // Encrypt message to the validators cipher, err := client.eciesSPI.NewAsymmetricCipherFromPublicKey(client.chainPublicKey) if err != nil { client.error("Failed creating new encryption scheme: [%s]", err) return err } msgToValidators, err := asn1.Marshal(chainCodeValidatorMessage1_2{privBytes, stateKey}) if err != nil { client.error("Failed preparing message to the validators: [%s]", err) return err } encMsgToValidators, err := cipher.Process(msgToValidators) if err != nil { client.error("Failed encrypting message to the validators: [%s]", err) return err } tx.ToValidators = encMsgToValidators // Encrypt the rest of the fields // Init with chainccode pk cipher, err = client.eciesSPI.NewAsymmetricCipherFromPublicKey(ccPrivateKey.GetPublicKey()) if err != nil { client.error("Failed initiliazing encryption scheme: [%s]", err) return err } // Encrypt chaincodeID using pkC encryptedChaincodeID, err := cipher.Process(tx.ChaincodeID) if err != nil { client.error("Failed encrypting chaincodeID: [%s]", err) return err } tx.ChaincodeID = encryptedChaincodeID // Encrypt payload using pkC encryptedPayload, err := cipher.Process(tx.Payload) if err != nil { client.error("Failed encrypting payload: [%s]", err) return err } tx.Payload = encryptedPayload // Encrypt metadata using pkC if len(tx.Metadata) != 0 { encryptedMetadata, err := cipher.Process(tx.Metadata) if err != nil { client.error("Failed encrypting metadata: [%s]", err) return err } tx.Metadata = encryptedMetadata } return nil }
func TestSPI(t *testing.T) { spi := NewSPI() ecdsaKey, err := ecdsa.GenerateKey(conf.GetDefaultCurve(), rand.Reader) var a interface{} a = ecdsaKey switch t := a.(type) { case *ecdsa.PrivateKey: fmt.Printf("a2 [%s]\n", t) break case elliptic.Curve: fmt.Printf("a1 [%s]\n", t) break default: fmt.Printf("a3 [%s]\n", t) } fmt.Printf("[%s]\n", ecdsaKey) if err != nil { t.Fatal(err) } _, err = x509.MarshalECPrivateKey(ecdsaKey) if err != nil { t.Fatal(err) } fmt.Printf("[%s]\n", ecdsaKey) privateKey, err := spi.NewPrivateKey(nil, ecdsaKey) if err != nil { t.Fatal(err) } fmt.Printf("[%s]\n", privateKey.(*secretKeyImpl).priv) _, err = x509.MarshalECPrivateKey(privateKey.(*secretKeyImpl).priv) if err != nil { t.Fatal(err) } rawKey, err := spi.SerializePrivateKey(privateKey) if err != nil { t.Fatal(err) } privateKey, err = spi.DeserializePrivateKey(rawKey) if err != nil { t.Fatal(err) } // Encrypt cipher, err := spi.NewAsymmetricCipherFromPublicKey(privateKey.GetPublicKey()) if err != nil { t.Fatal(err) } msg := []byte("Hello World!!!") ct, err := cipher.Process(msg) if err != nil { t.Fatal(err) } // Decrypt cipher, err = spi.NewAsymmetricCipherFromPrivateKey(privateKey) if err != nil { t.Fatal(err) } plain, err := cipher.Process(ct) if err != nil { t.Fatal(err) } if !reflect.DeepEqual(msg, plain) { t.Fatal("Decrypted different message") } }