func (client *clientImpl) encryptTx(tx *obc.Transaction) error { if len(tx.Nonce) == 0 { return errors.New("Failed encrypting payload. Invalid nonce.") } // Derive key txKey := utils.HMAC(client.node.enrollChainKey, tx.Nonce) // client.node.log.Info("Deriving from :", utils.EncodeBase64(client.node.enrollChainKey)) // client.node.log.Info("Nonce ", utils.EncodeBase64(tx.Nonce)) // client.node.log.Info("Derived key ", utils.EncodeBase64(txKey)) // Encrypt Payload payloadKey := utils.HMACTruncated(txKey, []byte{1}, utils.AESKeyLength) encryptedPayload, err := utils.CBCPKCS7Encrypt(payloadKey, tx.Payload) if err != nil { return err } tx.Payload = encryptedPayload // Encrypt ChaincodeID chaincodeIDKey := utils.HMACTruncated(txKey, []byte{2}, utils.AESKeyLength) encryptedChaincodeID, err := utils.CBCPKCS7Encrypt(chaincodeIDKey, tx.ChaincodeID) if err != nil { return err } tx.ChaincodeID = encryptedChaincodeID // Encrypt Metadata if len(tx.Metadata) != 0 { metadataKey := utils.HMACTruncated(txKey, []byte{3}, utils.AESKeyLength) encryptedMetadata, err := utils.CBCPKCS7Encrypt(metadataKey, tx.Metadata) if err != nil { return err } tx.Metadata = encryptedMetadata } client.node.log.Debug("Encrypted ChaincodeID [%s].", utils.EncodeBase64(tx.ChaincodeID)) client.node.log.Debug("Encrypted Payload [%s].", utils.EncodeBase64(tx.Payload)) client.node.log.Debug("Encrypted Metadata [%s].", utils.EncodeBase64(tx.Metadata)) return nil }
func (client *clientImpl) encryptTxVersion1_1(tx *obc.Transaction) error { // client.enrollChainKey is an AES key represented as byte array enrollChainKey := client.enrollChainKey.([]byte) // Derive key txKey := utils.HMAC(enrollChainKey, tx.Nonce) // client.log.Info("Deriving from :", utils.EncodeBase64(client.node.enrollChainKey)) // client.log.Info("Nonce ", utils.EncodeBase64(tx.Nonce)) // client.log.Info("Derived key ", utils.EncodeBase64(txKey)) // Encrypt Payload payloadKey := utils.HMACTruncated(txKey, []byte{1}, utils.AESKeyLength) encryptedPayload, err := utils.CBCPKCS7Encrypt(payloadKey, tx.Payload) if err != nil { return err } tx.Payload = encryptedPayload // Encrypt ChaincodeID chaincodeIDKey := utils.HMACTruncated(txKey, []byte{2}, utils.AESKeyLength) encryptedChaincodeID, err := utils.CBCPKCS7Encrypt(chaincodeIDKey, tx.ChaincodeID) if err != nil { return err } tx.ChaincodeID = encryptedChaincodeID // Encrypt Metadata if len(tx.Metadata) != 0 { metadataKey := utils.HMACTruncated(txKey, []byte{3}, utils.AESKeyLength) encryptedMetadata, err := utils.CBCPKCS7Encrypt(metadataKey, tx.Metadata) if err != nil { return err } tx.Metadata = encryptedMetadata } return nil }
func (client *clientImpl) encryptTx(tx *obc.Transaction) error { if tx.Nonce == nil || len(tx.Nonce) == 0 { return errors.New("Failed encrypting payload. Invalid nonce.") } // Derive key txKey := utils.HMAC(client.node.enrollChainKey, tx.Nonce) // client.node.log.Info("Deriving from :", utils.EncodeBase64(client.node.enrollChainKey)) // client.node.log.Info("Nonce ", utils.EncodeBase64(tx.Nonce)) // client.node.log.Info("Derived key ", utils.EncodeBase64(txKey)) // Encrypt using the derived key payloadKey := utils.HMACTruncated(txKey, []byte{1}, utils.AESKeyLength) encryptedPayload, err := utils.CBCPKCS7Encrypt(payloadKey, tx.Payload) if err != nil { return err } tx.EncryptedPayload = encryptedPayload tx.Payload = nil chaincodeIDKey := utils.HMACTruncated(txKey, []byte{2}, utils.AESKeyLength) rawChaincodeID, err := proto.Marshal(tx.ChaincodeID) if err != nil { return err } tx.EncryptedChaincodeID, err = utils.CBCPKCS7Encrypt(chaincodeIDKey, rawChaincodeID) if err != nil { return err } tx.ChaincodeID = nil client.node.log.Debug("Encrypted Payload [%s].", utils.EncodeBase64(tx.EncryptedPayload)) client.node.log.Debug("Encrypted ChaincodeID [%s].", utils.EncodeBase64(tx.EncryptedChaincodeID)) return nil }