func (validator *validatorImpl) deepCloneAndDecryptTx1_1(tx *obc.Transaction) (*obc.Transaction, error) { if tx.Nonce == nil || len(tx.Nonce) == 0 { return nil, errors.New("Failed decrypting payload. Invalid nonce.") } // clone tx clone, err := validator.deepCloneTransaction(tx) if err != nil { validator.Errorf("Failed deep cloning [%s].", err.Error()) return nil, err } // Derive root key // client.enrollChainKey is an AES key represented as byte array enrollChainKey := validator.enrollChainKey.([]byte) key := primitives.HMAC(enrollChainKey, clone.Nonce) // validator.log.Infof("Deriving from ", utils.EncodeBase64(validator.peer.node.enrollChainKey)) // validator.log.Infof("Nonce ", utils.EncodeBase64(tx.Nonce)) // validator.log.Infof("Derived key ", utils.EncodeBase64(key)) // validator.log.Infof("Encrypted Payload ", utils.EncodeBase64(tx.EncryptedPayload)) // validator.log.Infof("Encrypted ChaincodeID ", utils.EncodeBase64(tx.EncryptedChaincodeID)) // Decrypt Payload payloadKey := primitives.HMACAESTruncated(key, []byte{1}) payload, err := primitives.CBCPKCS7Decrypt(payloadKey, utils.Clone(clone.Payload)) if err != nil { validator.Errorf("Failed decrypting payload [%s].", err.Error()) return nil, err } clone.Payload = payload // Decrypt ChaincodeID chaincodeIDKey := primitives.HMACAESTruncated(key, []byte{2}) chaincodeID, err := primitives.CBCPKCS7Decrypt(chaincodeIDKey, utils.Clone(clone.ChaincodeID)) if err != nil { validator.Errorf("Failed decrypting chaincode [%s].", err.Error()) return nil, err } clone.ChaincodeID = chaincodeID // Decrypt metadata if len(clone.Metadata) != 0 { metadataKey := primitives.HMACAESTruncated(key, []byte{3}) metadata, err := primitives.CBCPKCS7Decrypt(metadataKey, utils.Clone(clone.Metadata)) if err != nil { validator.Errorf("Failed decrypting metadata [%s].", err.Error()) return nil, err } clone.Metadata = metadata } return clone, nil }
func (spi *aes256GCMStreamCipherSPIImpl) GenerateKeyAndSerialize() (primitives.SecretKey, []byte, error) { key, err := primitives.GetRandomBytes(32) if err != nil { return nil, nil, err } return &aesSecretKeyImpl{key, rand.Reader}, utils.Clone(key), nil }
// SerializePrivateKey serializes a private key func (spi *aes256GCMStreamCipherSPIImpl) SerializeSecretKey(secret primitives.SecretKey) ([]byte, error) { if secret == nil { return nil, nil } switch sk := secret.(type) { case *aesSecretKeyImpl: return utils.Clone(sk.key), nil default: return nil, primitives.ErrInvalidSecretKeyType } }
func (ks *keyStore) init(node *nodeImpl, pwd []byte) error { ks.m.Lock() defer ks.m.Unlock() if ks.isOpen { return utils.ErrKeyStoreAlreadyInitialized } ks.node = node ks.pwd = utils.Clone(pwd) err := ks.createKeyStoreIfNotExists() if err != nil { return err } err = ks.openKeyStore() if err != nil { return err } return nil }
// GetID returns this peer's identifier func (peer *peerImpl) GetID() []byte { return utils.Clone(peer.id) }
// GetBinding returns an Binding to the underlying transaction layer func (handler *eCertTransactionHandlerImpl) GetBinding() ([]byte, error) { return utils.Clone(handler.binding), nil }
// GetCertificate returns the TCert DER func (handler *eCertHandlerImpl) GetCertificate() []byte { return utils.Clone(handler.client.enrollCert.Raw) }
// GetCertificate returns the TCert DER func (handler *tCertHandlerImpl) GetCertificate() []byte { return utils.Clone(handler.tCert.GetCertificate().Raw) }