func (validator *validatorImpl) deepCloneAndDecryptTx1_1(tx *obc.Transaction) (*obc.Transaction, error) {
if tx.Nonce == nil || len(tx.Nonce) == 0 {
return nil, errors.New("Failed decrypting payload. Invalid nonce.")
}
// clone tx
clone, err := validator.deepCloneTransaction(tx)
if err != nil {
validator.Errorf("Failed deep cloning [%s].", err.Error())
return nil, err
}
// Derive root key
// client.enrollChainKey is an AES key represented as byte array
enrollChainKey := validator.enrollChainKey.([]byte)
key := primitives.HMAC(enrollChainKey, clone.Nonce)
// validator.log.Infof("Deriving from ", utils.EncodeBase64(validator.peer.node.enrollChainKey))
// validator.log.Infof("Nonce ", utils.EncodeBase64(tx.Nonce))
// validator.log.Infof("Derived key ", utils.EncodeBase64(key))
// validator.log.Infof("Encrypted Payload ", utils.EncodeBase64(tx.EncryptedPayload))
// validator.log.Infof("Encrypted ChaincodeID ", utils.EncodeBase64(tx.EncryptedChaincodeID))
// Decrypt Payload
payloadKey := primitives.HMACAESTruncated(key, []byte{1})
payload, err := primitives.CBCPKCS7Decrypt(payloadKey, utils.Clone(clone.Payload))
if err != nil {
validator.Errorf("Failed decrypting payload [%s].", err.Error())
return nil, err
}
clone.Payload = payload
// Decrypt ChaincodeID
chaincodeIDKey := primitives.HMACAESTruncated(key, []byte{2})
chaincodeID, err := primitives.CBCPKCS7Decrypt(chaincodeIDKey, utils.Clone(clone.ChaincodeID))
if err != nil {
validator.Errorf("Failed decrypting chaincode [%s].", err.Error())
return nil, err
}
clone.ChaincodeID = chaincodeID
// Decrypt metadata
if len(clone.Metadata) != 0 {
metadataKey := primitives.HMACAESTruncated(key, []byte{3})
metadata, err := primitives.CBCPKCS7Decrypt(metadataKey, utils.Clone(clone.Metadata))
if err != nil {
validator.Errorf("Failed decrypting metadata [%s].", err.Error())
return nil, err
}
clone.Metadata = metadata
}
return clone, nil
}
func (spi *aes256GCMStreamCipherSPIImpl) GenerateKeyAndSerialize() (primitives.SecretKey, []byte, error) {
key, err := primitives.GetRandomBytes(32)
if err != nil {
return nil, nil, err
}
return &aesSecretKeyImpl{key, rand.Reader}, utils.Clone(key), nil
}
// SerializePrivateKey serializes a private key
func (spi *aes256GCMStreamCipherSPIImpl) SerializeSecretKey(secret primitives.SecretKey) ([]byte, error) {
if secret == nil {
return nil, nil
}
switch sk := secret.(type) {
case *aesSecretKeyImpl:
return utils.Clone(sk.key), nil
default:
return nil, primitives.ErrInvalidSecretKeyType
}
}
func (ks *keyStore) init(node *nodeImpl, pwd []byte) error {
ks.m.Lock()
defer ks.m.Unlock()
if ks.isOpen {
return utils.ErrKeyStoreAlreadyInitialized
}
ks.node = node
ks.pwd = utils.Clone(pwd)
err := ks.createKeyStoreIfNotExists()
if err != nil {
return err
}
err = ks.openKeyStore()
if err != nil {
return err
}
return nil
}
// GetID returns this peer's identifier
func (peer *peerImpl) GetID() []byte {
return utils.Clone(peer.id)
}
// GetBinding returns an Binding to the underlying transaction layer
func (handler *eCertTransactionHandlerImpl) GetBinding() ([]byte, error) {
return utils.Clone(handler.binding), nil
}
// GetCertificate returns the TCert DER
func (handler *eCertHandlerImpl) GetCertificate() []byte {
return utils.Clone(handler.client.enrollCert.Raw)
}
// GetCertificate returns the TCert DER
func (handler *tCertHandlerImpl) GetCertificate() []byte {
return utils.Clone(handler.tCert.GetCertificate().Raw)
}
