func (client *clientImpl) encryptTxVersion1_1(tx *obc.Transaction) error {
// client.enrollChainKey is an AES key represented as byte array
enrollChainKey := client.enrollChainKey.([]byte)
// Derive key
txKey := primitives.HMAC(enrollChainKey, tx.Nonce)
// client.log.Info("Deriving from :", utils.EncodeBase64(client.node.enrollChainKey))
// client.log.Info("Nonce ", utils.EncodeBase64(tx.Nonce))
// client.log.Info("Derived key ", utils.EncodeBase64(txKey))
// Encrypt Payload
payloadKey := primitives.HMACAESTruncated(txKey, []byte{1})
encryptedPayload, err := primitives.CBCPKCS7Encrypt(payloadKey, tx.Payload)
if err != nil {
return err
}
tx.Payload = encryptedPayload
// Encrypt ChaincodeID
chaincodeIDKey := primitives.HMACAESTruncated(txKey, []byte{2})
encryptedChaincodeID, err := primitives.CBCPKCS7Encrypt(chaincodeIDKey, tx.ChaincodeID)
if err != nil {
return err
}
tx.ChaincodeID = encryptedChaincodeID
// Encrypt Metadata
if len(tx.Metadata) != 0 {
metadataKey := primitives.HMACAESTruncated(txKey, []byte{3})
encryptedMetadata, err := primitives.CBCPKCS7Encrypt(metadataKey, tx.Metadata)
if err != nil {
return err
}
tx.Metadata = encryptedMetadata
}
return nil
}
func (client *clientImpl) encryptTxVersion1_2(tx *obc.Transaction) error {
// Create (PK_C,SK_C) pair
ccPrivateKey, err := client.eciesSPI.NewPrivateKey(rand.Reader, primitives.GetDefaultCurve())
if err != nil {
client.Errorf("Failed generate chaincode keypair: [%s]", err)
return err
}
// Prepare message to the validators
var (
stateKey []byte
privBytes []byte
)
switch tx.Type {
case obc.Transaction_CHAINCODE_DEPLOY:
// Prepare chaincode stateKey and privateKey
stateKey, err = primitives.GenAESKey()
if err != nil {
client.Errorf("Failed creating state key: [%s]", err)
return err
}
privBytes, err = client.eciesSPI.SerializePrivateKey(ccPrivateKey)
if err != nil {
client.Errorf("Failed serializing chaincode key: [%s]", err)
return err
}
break
case obc.Transaction_CHAINCODE_QUERY:
// Prepare chaincode stateKey and privateKey
stateKey = primitives.HMACAESTruncated(client.queryStateKey, append([]byte{6}, tx.Nonce...))
privBytes, err = client.eciesSPI.SerializePrivateKey(ccPrivateKey)
if err != nil {
client.Errorf("Failed serializing chaincode key: [%s]", err)
return err
}
break
case obc.Transaction_CHAINCODE_INVOKE:
// Prepare chaincode stateKey and privateKey
stateKey = make([]byte, 0)
privBytes, err = client.eciesSPI.SerializePrivateKey(ccPrivateKey)
if err != nil {
client.Errorf("Failed serializing chaincode key: [%s]", err)
return err
}
break
}
// Encrypt message to the validators
cipher, err := client.eciesSPI.NewAsymmetricCipherFromPublicKey(client.chainPublicKey)
if err != nil {
client.Errorf("Failed creating new encryption scheme: [%s]", err)
return err
}
msgToValidators, err := asn1.Marshal(chainCodeValidatorMessage1_2{privBytes, stateKey})
if err != nil {
client.Errorf("Failed preparing message to the validators: [%s]", err)
return err
}
encMsgToValidators, err := cipher.Process(msgToValidators)
if err != nil {
client.Errorf("Failed encrypting message to the validators: [%s]", err)
return err
}
tx.ToValidators = encMsgToValidators
// Encrypt the rest of the fields
// Init with chainccode pk
cipher, err = client.eciesSPI.NewAsymmetricCipherFromPublicKey(ccPrivateKey.GetPublicKey())
if err != nil {
client.Errorf("Failed initiliazing encryption scheme: [%s]", err)
return err
}
// Encrypt chaincodeID using pkC
encryptedChaincodeID, err := cipher.Process(tx.ChaincodeID)
if err != nil {
client.Errorf("Failed encrypting chaincodeID: [%s]", err)
return err
}
tx.ChaincodeID = encryptedChaincodeID
// Encrypt payload using pkC
encryptedPayload, err := cipher.Process(tx.Payload)
if err != nil {
client.Errorf("Failed encrypting payload: [%s]", err)
return err
}
tx.Payload = encryptedPayload
// Encrypt metadata using pkC
if len(tx.Metadata) != 0 {
encryptedMetadata, err := cipher.Process(tx.Metadata)
if err != nil {
client.Errorf("Failed encrypting metadata: [%s]", err)
return err
}
tx.Metadata = encryptedMetadata
}
return nil
}