func (client *clientImpl) createTransactionNonce() ([]byte, error) {
nonce, err := utils.GetRandomBytes(utils.NonceSize)
if err != nil {
client.node.log.Error("Failed creating nonce [%s].", err.Error())
return nil, err
}
return nonce, err
}
func (se *queryStateEncryptor) Encrypt(msg []byte) ([]byte, error) {
nonce, err := utils.GetRandomBytes(se.nonceSize)
if err != nil {
se.log.Error("Failed getting randomness [%s].", err.Error())
return nil, err
}
// Seal will append the output to the first argument; the usage
// here appends the ciphertext to the nonce. The final parameter
// is any additional data to be authenticated.
out := se.gcmEnc.Seal(nonce, nonce, msg, nil)
return out, nil
}
func (client *clientImpl) registerCryptoEngine() (err error) {
// Store query state key
client.queryStateKey, err = utils.GetRandomBytes(utils.NonceSize)
if err != nil {
log.Error("Failed generating query state key: [%s].", err.Error())
return
}
err = client.ks.storeKey(client.conf.getQueryStateKeyFilename(), client.queryStateKey)
if err != nil {
log.Error("Failed storing query state key: [%s].", err.Error())
return
}
return
}
func (client *clientImpl) createExecuteTx(chaincodeInvocation *obc.ChaincodeInvocationSpec, uuid string, nonce []byte) (*obc.Transaction, error) {
/// Create a new transaction
tx, err := obc.NewChaincodeExecute(chaincodeInvocation, uuid, obc.Transaction_CHAINCODE_EXECUTE)
if err != nil {
client.error("Failed creating new transaction [%s].", err.Error())
return nil, err
}
// Copy metadata from ChaincodeSpec
tx.Metadata = chaincodeInvocation.ChaincodeSpec.Metadata
if nonce == nil {
tx.Nonce, err = utils.GetRandomBytes(utils.NonceSize)
if err != nil {
client.error("Failed creating nonce [%s].", err.Error())
return nil, err
}
} else {
// TODO: check that it is a well formed nonce
tx.Nonce = nonce
}
// Handle confidentiality
if chaincodeInvocation.ChaincodeSpec.ConfidentialityLevel == obc.ConfidentialityLevel_CONFIDENTIAL {
// 1. set confidentiality level and nonce
tx.ConfidentialityLevel = obc.ConfidentialityLevel_CONFIDENTIAL
// 2. set confidentiality protocol version
tx.ConfidentialityProtocolVersion = "1.2"
// 3. encrypt tx
err = client.encryptTx(tx)
if err != nil {
client.error("Failed encrypting payload [%s].", err.Error())
return nil, err
}
}
return tx, nil
}
func (client *clientImpl) createDeployTx(chaincodeDeploymentSpec *obc.ChaincodeDeploymentSpec, uuid string, nonce []byte) (*obc.Transaction, error) {
// Create a new transaction
tx, err := obc.NewChaincodeDeployTransaction(chaincodeDeploymentSpec, uuid)
if err != nil {
client.node.log.Error("Failed creating new transaction [%s].", err.Error())
return nil, err
}
// Copy metadata from ChaincodeSpec
tx.Metadata = chaincodeDeploymentSpec.ChaincodeSpec.Metadata
// Handle confidentiality
if chaincodeDeploymentSpec.ChaincodeSpec.ConfidentialityLevel == obc.ConfidentialityLevel_CONFIDENTIAL {
// 1. set confidentiality level and nonce
tx.ConfidentialityLevel = obc.ConfidentialityLevel_CONFIDENTIAL
if nonce == nil {
tx.Nonce, err = utils.GetRandomBytes(utils.NonceSize)
if err != nil {
client.node.log.Error("Failed creating nonce [%s].", err.Error())
return nil, err
}
} else {
// TODO: check that it is a well formed nonce
tx.Nonce = nonce
}
// 2. encrypt tx
err = client.encryptTx(tx)
if err != nil {
client.node.log.Error("Failed encrypting payload [%s].", err.Error())
return nil, err
}
}
return tx, nil
}
// NewChaincodeDeployTransaction is used to deploy chaincode.
func (client *clientImpl) NewChaincodeDeployTransaction(chaincodeDeploymentSpec *obc.ChaincodeDeploymentSpec, uuid string) (*obc.Transaction, error) {
// Verify that the client is initialized
if !client.isInitialized {
return nil, utils.ErrNotInitialized
}
// Create a new transaction
tx, err := obc.NewChaincodeDeployTransaction(chaincodeDeploymentSpec, uuid)
if err != nil {
client.node.log.Error("Failed creating new transaction [%s].", err.Error())
return nil, err
}
if chaincodeDeploymentSpec.ChaincodeSpec.ConfidentialityLevel == obc.ConfidentialityLevel_CONFIDENTIAL {
// 1. set confidentiality level and nonce
tx.ConfidentialityLevel = obc.ConfidentialityLevel_CONFIDENTIAL
tx.Nonce, err = utils.GetRandomBytes(utils.NonceSize)
if err != nil {
client.node.log.Error("Failed creating nonce [%s].", err.Error())
return nil, err
}
// 2. encrypt tx
err = client.encryptTx(tx)
if err != nil {
client.node.log.Error("Failed encrypting payload [%s].", err.Error())
return nil, err
}
}
// Sign the transaction
// Implement like this: getNextTCert returns only a TCert
// Then, invoke signWithTCert to sign the signature
// Get next available (not yet used) transaction certificate
// with the relative signing key.
rawTCert, err := client.getNextTCert()
if err != nil {
client.node.log.Error("Failed getting next transaction certificate [%s].", err.Error())
return nil, err
}
// Append the certificate to the transaction
client.node.log.Debug("Appending certificate [%s].", utils.EncodeBase64(rawTCert))
tx.Cert = rawTCert
// Sign the transaction and append the signature
// 1. Marshall tx to bytes
rawTx, err := proto.Marshal(tx)
if err != nil {
client.node.log.Error("Failed marshaling tx [%s].", err.Error())
return nil, err
}
// 2. Sign rawTx and check signature
client.node.log.Debug("Signing tx [%s].", utils.EncodeBase64(rawTx))
rawSignature, err := client.signWithTCert(rawTCert, rawTx)
if err != nil {
client.node.log.Error("Failed creating signature [%s].", err.Error())
return nil, err
}
// 3. Append the signature
tx.Signature = rawSignature
client.node.log.Debug("Appending signature: [%s]", utils.EncodeBase64(rawSignature))
return tx, nil
}