func (client *clientImpl) encryptTx(tx *obc.Transaction) error {
if len(tx.Nonce) == 0 {
return errors.New("Failed encrypting payload. Invalid nonce.")
}
// Derive key
txKey := utils.HMAC(client.node.enrollChainKey, tx.Nonce)
// client.node.log.Info("Deriving from :", utils.EncodeBase64(client.node.enrollChainKey))
// client.node.log.Info("Nonce ", utils.EncodeBase64(tx.Nonce))
// client.node.log.Info("Derived key ", utils.EncodeBase64(txKey))
// Encrypt Payload
payloadKey := utils.HMACTruncated(txKey, []byte{1}, utils.AESKeyLength)
encryptedPayload, err := utils.CBCPKCS7Encrypt(payloadKey, tx.Payload)
if err != nil {
return err
}
tx.Payload = encryptedPayload
// Encrypt ChaincodeID
chaincodeIDKey := utils.HMACTruncated(txKey, []byte{2}, utils.AESKeyLength)
encryptedChaincodeID, err := utils.CBCPKCS7Encrypt(chaincodeIDKey, tx.ChaincodeID)
if err != nil {
return err
}
tx.ChaincodeID = encryptedChaincodeID
// Encrypt Metadata
if len(tx.Metadata) != 0 {
metadataKey := utils.HMACTruncated(txKey, []byte{3}, utils.AESKeyLength)
encryptedMetadata, err := utils.CBCPKCS7Encrypt(metadataKey, tx.Metadata)
if err != nil {
return err
}
tx.Metadata = encryptedMetadata
}
client.node.log.Debug("Encrypted ChaincodeID [%s].", utils.EncodeBase64(tx.ChaincodeID))
client.node.log.Debug("Encrypted Payload [%s].", utils.EncodeBase64(tx.Payload))
client.node.log.Debug("Encrypted Metadata [%s].", utils.EncodeBase64(tx.Metadata))
return nil
}
func (client *clientImpl) encryptTxVersion1_1(tx *obc.Transaction) error {
// client.enrollChainKey is an AES key represented as byte array
enrollChainKey := client.enrollChainKey.([]byte)
// Derive key
txKey := utils.HMAC(enrollChainKey, tx.Nonce)
// client.log.Info("Deriving from :", utils.EncodeBase64(client.node.enrollChainKey))
// client.log.Info("Nonce ", utils.EncodeBase64(tx.Nonce))
// client.log.Info("Derived key ", utils.EncodeBase64(txKey))
// Encrypt Payload
payloadKey := utils.HMACTruncated(txKey, []byte{1}, utils.AESKeyLength)
encryptedPayload, err := utils.CBCPKCS7Encrypt(payloadKey, tx.Payload)
if err != nil {
return err
}
tx.Payload = encryptedPayload
// Encrypt ChaincodeID
chaincodeIDKey := utils.HMACTruncated(txKey, []byte{2}, utils.AESKeyLength)
encryptedChaincodeID, err := utils.CBCPKCS7Encrypt(chaincodeIDKey, tx.ChaincodeID)
if err != nil {
return err
}
tx.ChaincodeID = encryptedChaincodeID
// Encrypt Metadata
if len(tx.Metadata) != 0 {
metadataKey := utils.HMACTruncated(txKey, []byte{3}, utils.AESKeyLength)
encryptedMetadata, err := utils.CBCPKCS7Encrypt(metadataKey, tx.Metadata)
if err != nil {
return err
}
tx.Metadata = encryptedMetadata
}
return nil
}
func (client *clientImpl) encryptTx(tx *obc.Transaction) error {
if tx.Nonce == nil || len(tx.Nonce) == 0 {
return errors.New("Failed encrypting payload. Invalid nonce.")
}
// Derive key
txKey := utils.HMAC(client.node.enrollChainKey, tx.Nonce)
// client.node.log.Info("Deriving from :", utils.EncodeBase64(client.node.enrollChainKey))
// client.node.log.Info("Nonce ", utils.EncodeBase64(tx.Nonce))
// client.node.log.Info("Derived key ", utils.EncodeBase64(txKey))
// Encrypt using the derived key
payloadKey := utils.HMACTruncated(txKey, []byte{1}, utils.AESKeyLength)
encryptedPayload, err := utils.CBCPKCS7Encrypt(payloadKey, tx.Payload)
if err != nil {
return err
}
tx.EncryptedPayload = encryptedPayload
tx.Payload = nil
chaincodeIDKey := utils.HMACTruncated(txKey, []byte{2}, utils.AESKeyLength)
rawChaincodeID, err := proto.Marshal(tx.ChaincodeID)
if err != nil {
return err
}
tx.EncryptedChaincodeID, err = utils.CBCPKCS7Encrypt(chaincodeIDKey, rawChaincodeID)
if err != nil {
return err
}
tx.ChaincodeID = nil
client.node.log.Debug("Encrypted Payload [%s].", utils.EncodeBase64(tx.EncryptedPayload))
client.node.log.Debug("Encrypted ChaincodeID [%s].", utils.EncodeBase64(tx.EncryptedChaincodeID))
return nil
}
