Skip to content

Commit 1928035

Browse files
adecaroadecaro
committed
Fabric Crypto Service Provider
This change-set introduces the Blockchain Crypto Service Provider (BCCSP, for short). The BCCSP will provides the implementation of cryptographic standards and algorithms, and it will be pluggable. This change-set represents the first step in the context of: https://jira.hyperledger.org/browse/FAB-354 Subsequents change-sets will provides the following: 1. An implementation of the BCCSP based on the crypto/primitives package. 2. A crypto.Signer BCCSP-based implementation to be used to sign x509 certs. 3. A factory framework to allow multiple BCCSP implementations Change-Id: Id369f68e12da256be1e6bdec7004265b9dcf9c2b Signed-off-by: Angelo De Caro <[email protected]>
1 parent 3b52a9f commit 1928035

File tree

2 files changed

+326
-0
lines changed

2 files changed

+326
-0
lines changed

core/crypto/bccsp/bccsp.go

+139
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,139 @@
1+
/*
2+
Copyright IBM Corp. 2016 All Rights Reserved.
3+
4+
Licensed under the Apache License, Version 2.0 (the "License");
5+
you may not use this file except in compliance with the License.
6+
You may obtain a copy of the License at
7+
8+
http://www.apache.org/licenses/LICENSE-2.0
9+
10+
Unless required by applicable law or agreed to in writing, software
11+
distributed under the License is distributed on an "AS IS" BASIS,
12+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13+
See the License for the specific language governing permissions and
14+
limitations under the License.
15+
*/
16+
17+
package bccsp
18+
19+
import "crypto"
20+
21+
// Key represents a cryptographic key
22+
type Key interface {
23+
24+
// Bytes converts this key to its byte representation,
25+
// if this operation is allowed.
26+
Bytes() ([]byte, error)
27+
28+
// SKI returns the subject key identifier of this key.
29+
SKI() []byte
30+
31+
// Symmetric returns true if this key is a symmetric key,
32+
// false is this key is asymmetric
33+
Symmetric() bool
34+
35+
// Private returns true if this key is an asymmetric private key,
36+
// false otherwise.
37+
Private() bool
38+
39+
// PublicKey returns the corresponding public key if this key
40+
// is an asymmetric private key. If this key is already public,
41+
// PublicKey returns this key itself.
42+
PublicKey() (Key, error)
43+
}
44+
45+
// KeyGenOpts contains options for key-generation with a CSP.
46+
type KeyGenOpts interface {
47+
48+
// Algorithm returns an identifier for the algorithm to be used
49+
// to generate a key.
50+
Algorithm() string
51+
52+
// Ephemeral returns true if the key to generate has to be ephemeral,
53+
// false otherwise.
54+
Ephemeral() bool
55+
}
56+
57+
// KeyDerivOpts contains options for key-derivation with a CSP.
58+
type KeyDerivOpts interface {
59+
60+
// Algorithm returns an identifier for the algorithm to be used
61+
// to derive a key.
62+
Algorithm() string
63+
64+
// Ephemeral returns true if the key to derived has to be ephemeral,
65+
// false otherwise.
66+
Ephemeral() bool
67+
}
68+
69+
// KeyImportOpts contains options for importing the raw material of a key with a CSP.
70+
type KeyImportOpts interface {
71+
// Algorithm returns an identifier for the algorithm to be used
72+
// to import the raw material of a key.
73+
Algorithm() string
74+
75+
// Ephemeral returns true if the key generated has to be ephemeral,
76+
// false otherwise.
77+
Ephemeral() bool
78+
}
79+
80+
// HashOpts contains options for hashing with a CSP.
81+
type HashOpts interface {
82+
// Algorithm returns an identifier for the algorithm to be used
83+
// to hash.
84+
Algorithm() string
85+
}
86+
87+
// SignerOpts contains options for signing with a CSP.
88+
type SignerOpts interface {
89+
crypto.SignerOpts
90+
}
91+
92+
// EncrypterOpts contains options for encrypting with a CSP.
93+
type EncrypterOpts interface{}
94+
95+
// DecrypterOpts contains options for decrypting with a CSP.
96+
type DecrypterOpts interface{}
97+
98+
// BCCSP is the blockchain cryptographic service provider that offers
99+
// the implementation of cryptographic standards and algorithms.
100+
type BCCSP interface {
101+
102+
// KeyGen generates a key using opts.
103+
KeyGen(opts KeyGenOpts) (k Key, err error)
104+
105+
// KeyDeriv derives a key from k using opts.
106+
// The opts argument should be appropriate for the primitive used.
107+
KeyDeriv(k Key, opts KeyDerivOpts) (dk Key, err error)
108+
109+
// KeyImport imports a key from its raw representation using opts.
110+
// The opts argument should be appropriate for the primitive used.
111+
KeyImport(raw []byte, opts KeyImportOpts) (k Key, err error)
112+
113+
// GetKey returns the key this CSP associates to
114+
// the Subject Key Identifier ski.
115+
GetKey(ski []byte) (k Key, err error)
116+
117+
// Hash hashes messages msg using options opts.
118+
Hash(msg []byte, opts HashOpts) (hash []byte, err error)
119+
120+
// Sign signs digest using key k.
121+
// The opts argument should be appropriate for the algorithm used.
122+
//
123+
// Note that when a signature of a hash of a larger message is needed,
124+
// the caller is responsible for hashing the larger message and passing
125+
// the hash (as digest).
126+
Sign(k Key, digest []byte, opts SignerOpts) (signature []byte, err error)
127+
128+
// Verify verifies signature against key k and digest
129+
// The opts argument should be appropriate for the algorithm used.
130+
Verify(k Key, signature, digest []byte) (valid bool, err error)
131+
132+
// Encrypt encrypts plaintext using key k.
133+
// The opts argument should be appropriate for the algorithm used.
134+
Encrypt(k Key, plaintext []byte, opts EncrypterOpts) (ciphertext []byte, err error)
135+
136+
// Decrypt decrypts ciphertext using key k.
137+
// The opts argument should be appropriate for the algorithm used.
138+
Decrypt(k Key, ciphertext []byte, opts DecrypterOpts) (plaintext []byte, err error)
139+
}

core/crypto/bccsp/bccsp_opts.go

+187
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,187 @@
1+
/*
2+
Copyright IBM Corp. 2016 All Rights Reserved.
3+
4+
Licensed under the Apache License, Version 2.0 (the "License");
5+
you may not use this file except in compliance with the License.
6+
You may obtain a copy of the License at
7+
8+
http://www.apache.org/licenses/LICENSE-2.0
9+
10+
Unless required by applicable law or agreed to in writing, software
11+
distributed under the License is distributed on an "AS IS" BASIS,
12+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13+
See the License for the specific language governing permissions and
14+
limitations under the License.
15+
*/
16+
17+
package bccsp
18+
19+
const (
20+
// ECDSA Elliptic Curve Digital Signature Algorithm (key gen, import, sign, veirfy).
21+
ECDSA = "ECDSA"
22+
// ECDSAReRand ECDSA key re-randomization
23+
ECDSAReRand = "ECDSA_RERAND"
24+
25+
// AES Advanced Encryption Standard
26+
AES = "AES"
27+
28+
// HMAC keyed-hash message authentication code
29+
HMAC = "HMAC"
30+
// HMACTruncated256 HMAC truncated at 256 bits.
31+
HMACTruncated256 = "HMAC_TRUNCATED_256"
32+
33+
// SHA Secure Hash Algorithm
34+
SHA = "SHA"
35+
)
36+
37+
// ECDSAKeyGenOpts contains options for ECDSA key generation.
38+
type ECDSAKeyGenOpts struct {
39+
Temporary bool
40+
}
41+
42+
// Algorithm returns an identifier for the algorithm to be used
43+
// to generate a key.
44+
func (opts *ECDSAKeyGenOpts) Algorithm() string {
45+
return ECDSA
46+
}
47+
48+
// Ephemeral returns true if the key to generate has to be ephemeral,
49+
// false otherwise.
50+
func (opts *ECDSAKeyGenOpts) Ephemeral() bool {
51+
return opts.Temporary
52+
}
53+
54+
// ECDSAReRandKeyOpts contains options for ECDSA key re-randomization.
55+
type ECDSAReRandKeyOpts struct {
56+
Temporary bool
57+
Expansion []byte
58+
}
59+
60+
// Algorithm returns an identifier for the algorithm to be used
61+
// to generate a key.
62+
func (opts *ECDSAReRandKeyOpts) Algorithm() string {
63+
return ECDSAReRand
64+
}
65+
66+
// Ephemeral returns true if the key to generate has to be ephemeral,
67+
// false otherwise.
68+
func (opts *ECDSAReRandKeyOpts) Ephemeral() bool {
69+
return opts.Temporary
70+
}
71+
72+
// ExpansionValue returns the re-randomization factor
73+
func (opts *ECDSAReRandKeyOpts) ExpansionValue() []byte {
74+
return opts.Expansion
75+
}
76+
77+
// AES256KeyGenOpts contains options for AES256 key generation.
78+
type AESKeyGenOpts struct {
79+
Temporary bool
80+
}
81+
82+
// Algorithm returns an identifier for the algorithm to be used
83+
// to generate a key.
84+
func (opts *AESKeyGenOpts) Algorithm() string {
85+
return AES
86+
}
87+
88+
// Ephemeral returns true if the key to generate has to be ephemeral,
89+
// false otherwise.
90+
func (opts *AESKeyGenOpts) Ephemeral() bool {
91+
return opts.Temporary
92+
}
93+
94+
// AESCBCPKCS7ModeOpts contains options for AES encryption in CBC mode
95+
// with PKCS7 padding.
96+
type AESCBCPKCS7ModeOpts struct{}
97+
98+
// HMACTruncated256AESDeriveKeyOpts contains options for HMAC truncated
99+
// at 256 bits key derivation.
100+
type HMACTruncated256AESDeriveKeyOpts struct {
101+
Temporary bool
102+
Arg []byte
103+
}
104+
105+
// Algorithm returns an identifier for the algorithm to be used
106+
// to generate a key.
107+
func (opts *HMACTruncated256AESDeriveKeyOpts) Algorithm() string {
108+
return HMACTruncated256
109+
}
110+
111+
// Ephemeral returns true if the key to generate has to be ephemeral,
112+
// false otherwise.
113+
func (opts *HMACTruncated256AESDeriveKeyOpts) Ephemeral() bool {
114+
return opts.Temporary
115+
}
116+
117+
// Argument returns the argument to be passed to the HMAC
118+
func (opts *HMACTruncated256AESDeriveKeyOpts) Argument() []byte {
119+
return opts.Arg
120+
}
121+
122+
// HMACDeriveKeyOpts contains options for HMAC key derivation.
123+
type HMACDeriveKeyOpts struct {
124+
Temporary bool
125+
Arg []byte
126+
}
127+
128+
// Algorithm returns an identifier for the algorithm to be used
129+
// to generate a key.
130+
func (opts *HMACDeriveKeyOpts) Algorithm() string {
131+
return HMAC
132+
}
133+
134+
// Ephemeral returns true if the key to generate has to be ephemeral,
135+
// false otherwise.
136+
func (opts *HMACDeriveKeyOpts) Ephemeral() bool {
137+
return opts.Temporary
138+
}
139+
140+
// Argument returns the argument to be passed to the HMAC
141+
func (opts *HMACDeriveKeyOpts) Argument() []byte {
142+
return opts.Arg
143+
}
144+
145+
// AES256ImportKeyOpts contains options for importing AES 256 keys.
146+
type AES256ImportKeyOpts struct {
147+
Temporary bool
148+
}
149+
150+
// Algorithm returns an identifier for the algorithm to be used
151+
// to import the raw material of a key.
152+
func (opts *AES256ImportKeyOpts) Algorithm() string {
153+
return AES
154+
}
155+
156+
// Ephemeral returns true if the key generated has to be ephemeral,
157+
// false otherwise.
158+
func (opts *AES256ImportKeyOpts) Ephemeral() bool {
159+
return opts.Temporary
160+
}
161+
162+
// HMACImportKeyOpts contains options for importing HMAC keys.
163+
type HMACImportKeyOpts struct {
164+
Temporary bool
165+
}
166+
167+
// Algorithm returns an identifier for the algorithm to be used
168+
// to import the raw material of a key.
169+
func (opts *HMACImportKeyOpts) Algorithm() string {
170+
return HMAC
171+
}
172+
173+
// Ephemeral returns true if the key generated has to be ephemeral,
174+
// false otherwise.
175+
func (opts *HMACImportKeyOpts) Ephemeral() bool {
176+
return opts.Temporary
177+
}
178+
179+
// SHAOpts contains options for computing SHA.
180+
type SHAOpts struct {
181+
}
182+
183+
// Algorithm returns an identifier for the algorithm to be used
184+
// to hash.
185+
func (opts *SHAOpts) Algorithm() string {
186+
return SHA
187+
}

0 commit comments

Comments
 (0)