登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
1 Star 1 Fork 0

Hyperledger Fabric 国密 / fabric

代码 Issues 1 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
entities.go 10.50 KB
一键复制 编辑 原始数据 按行查看 历史
Jtyoui 提交于 2021-07-22 15:59 . 国密
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400
/*

Copyright IBM Corp. All Rights Reserved.



SPDX-License-Identifier: Apache-2.0

*/



package entities



import (

	"encoding/pem"

	"reflect"



	"gitee.com/hyperledger-fabric-gm/fabric/bccsp"

	"github.com/pkg/errors"

)



/**********************/

/* Struct definitions */

/**********************/



// BCCSPEntity is an implementation of the Entity interface

// holding a BCCSP instance

type BCCSPEntity struct {

	IDstr string

	BCCSP bccsp.BCCSP

}



// BCCSPSignerEntity is an implementation of the SignerEntity interface

type BCCSPSignerEntity struct {

	BCCSPEntity

	SKey  bccsp.Key

	SOpts bccsp.SignerOpts

	HOpts bccsp.HashOpts

}



// BCCSPEncrypterEntity is an implementation of the EncrypterEntity interface

type BCCSPEncrypterEntity struct {

	BCCSPEntity

	EKey  bccsp.Key

	EOpts bccsp.EncrypterOpts

	DOpts bccsp.DecrypterOpts

}



// BCCSPEncrypterSignerEntity is an implementation of the EncrypterSignerEntity interface

type BCCSPEncrypterSignerEntity struct {

	BCCSPEncrypterEntity

	BCCSPSignerEntity

}



/****************/

/* Constructors */

/****************/



// NewAES256EncrypterEntity returns an encrypter entity that is

// capable of performing AES 256 bit encryption using PKCS#7 padding.

// Optionally, the IV can be provided in which case it is used during

// the encryption; othjerwise, a random one is generated.

func NewAES256EncrypterEntity(ID string, b bccsp.BCCSP, key, IV []byte) (*BCCSPEncrypterEntity, error) {

	if b == nil {

		return nil, errors.New("nil BCCSP")

	}



	k, err := b.KeyImport(key, &bccsp.AES256ImportKeyOpts{Temporary: true})

	if err != nil {

		return nil, errors.WithMessage(err, "bccspInst.KeyImport failed")

	}



	return NewEncrypterEntity(ID, b, k, &bccsp.AESCBCPKCS7ModeOpts{IV: IV}, &bccsp.AESCBCPKCS7ModeOpts{})

}



// NewEncrypterEntity returns an EncrypterEntity that is capable

// of performing encryption using i) the supplied BCCSP instance;

// ii) the supplied encryption key and iii) the supplied encryption

// and decryption options. The identifier of the entity is supplied

// as an argument as well - it's the caller's responsibility to

// choose it in a way that it is meaningful

func NewEncrypterEntity(ID string, bccsp bccsp.BCCSP, eKey bccsp.Key, eOpts bccsp.EncrypterOpts, dOpts bccsp.DecrypterOpts) (*BCCSPEncrypterEntity, error) {

	if ID == "" {

		return nil, errors.New("NewEntity error: empty ID")

	}



	if bccsp == nil {

		return nil, errors.New("NewEntity error: nil bccsp")

	}



	if eKey == nil {

		return nil, errors.New("NewEntity error: nil keys")

	}



	return &BCCSPEncrypterEntity{

		BCCSPEntity: BCCSPEntity{

			IDstr: ID,

			BCCSP: bccsp,

		},

		EKey:  eKey,

		EOpts: eOpts,

		DOpts: dOpts,

	}, nil

}



// NewECDSASignerEntity returns a signer entity that is capable of signing using ECDSA

func NewECDSASignerEntity(ID string, b bccsp.BCCSP, signKeyBytes []byte) (*BCCSPSignerEntity, error) {

	if b == nil {

		return nil, errors.New("nil BCCSP")

	}



	bl, _ := pem.Decode(signKeyBytes)

	if bl == nil {

		return nil, errors.New("pem.Decode returns nil")

	}



	signKey, err := b.KeyImport(bl.Bytes, &bccsp.ECDSAPrivateKeyImportOpts{Temporary: true})

	if err != nil {

		return nil, errors.WithMessage(err, "bccspInst.KeyImport failed")

	}



	return NewSignerEntity(ID, b, signKey, nil, &bccsp.SHA256Opts{})

}



// NewECDSAVerifierEntity returns a verifier entity that is capable of verifying using ECDSA

func NewECDSAVerifierEntity(ID string, b bccsp.BCCSP, signKeyBytes []byte) (*BCCSPSignerEntity, error) {

	if b == nil {

		return nil, errors.New("nil BCCSP")

	}



	bl, _ := pem.Decode(signKeyBytes)

	if bl == nil {

		return nil, errors.New("pem.Decode returns nil")

	}



	signKey, err := b.KeyImport(bl.Bytes, &bccsp.ECDSAPKIXPublicKeyImportOpts{Temporary: true})

	if err != nil {

		return nil, errors.WithMessage(err, "bccspInst.KeyImport failed")

	}



	return NewSignerEntity(ID, b, signKey, nil, &bccsp.SHA256Opts{})

}



// NewSignerEntity returns a SignerEntity

func NewSignerEntity(ID string, bccsp bccsp.BCCSP, sKey bccsp.Key, sOpts bccsp.SignerOpts, hOpts bccsp.HashOpts) (*BCCSPSignerEntity, error) {

	if ID == "" {

		return nil, errors.New("NewSignerEntity error: empty ID")

	}



	if bccsp == nil {

		return nil, errors.New("NewSignerEntity error: nil bccsp")

	}



	if sKey == nil {

		return nil, errors.New("NewSignerEntity error: nil key")

	}



	return &BCCSPSignerEntity{

		BCCSPEntity: BCCSPEntity{

			IDstr: ID,

			BCCSP: bccsp,

		},

		SKey:  sKey,

		SOpts: sOpts,

		HOpts: hOpts,

	}, nil

}



// NewAES256EncrypterECDSASignerEntity returns an encrypter entity that is

// capable of performing AES 256 bit encryption using PKCS#7 padding and

// signing using ECDSA

func NewAES256EncrypterECDSASignerEntity(ID string, b bccsp.BCCSP, encKeyBytes, signKeyBytes []byte) (*BCCSPEncrypterSignerEntity, error) {

	if b == nil {

		return nil, errors.New("nil BCCSP")

	}



	encKey, err := b.KeyImport(encKeyBytes, &bccsp.AES256ImportKeyOpts{Temporary: true})

	if err != nil {

		return nil, errors.WithMessage(err, "bccspInst.KeyImport failed")

	}



	bl, _ := pem.Decode(signKeyBytes)

	if bl == nil {

		return nil, errors.New("pem.Decode returns nil")

	}



	signKey, err := b.KeyImport(bl.Bytes, &bccsp.ECDSAPrivateKeyImportOpts{Temporary: true})

	if err != nil {

		return nil, errors.WithMessage(err, "bccspInst.KeyImport failed")

	}



	return NewEncrypterSignerEntity(ID, b, encKey, signKey, &bccsp.AESCBCPKCS7ModeOpts{}, &bccsp.AESCBCPKCS7ModeOpts{}, nil, &bccsp.SHA256Opts{})

}



// NewEncrypterSignerEntity returns an EncrypterSignerEntity

// (which is also an EncrypterEntity) that is capable of

// performing encryption AND of generating signatures using

// i) the supplied BCCSP instance; ii) the supplied encryption

// and signing keys and iii) the supplied encryption, decryption,

// signing and hashing options. The identifier of the entity is

// supplied as an argument as well - it's the caller's responsibility

// to choose it in a way that it is meaningful

func NewEncrypterSignerEntity(ID string, bccsp bccsp.BCCSP, eKey, sKey bccsp.Key, eOpts bccsp.EncrypterOpts, dOpts bccsp.DecrypterOpts, sOpts bccsp.SignerOpts, hOpts bccsp.HashOpts) (*BCCSPEncrypterSignerEntity, error) {

	if ID == "" {

		return nil, errors.New("NewEntity error: empty ID")

	}



	if bccsp == nil {

		return nil, errors.New("NewEntity error: nil bccsp")

	}



	if eKey == nil || sKey == nil {

		return nil, errors.New("NewEntity error: nil keys")

	}



	return &BCCSPEncrypterSignerEntity{

		BCCSPEncrypterEntity: BCCSPEncrypterEntity{

			BCCSPEntity: BCCSPEntity{

				IDstr: ID,

				BCCSP: bccsp,

			},

			EKey:  eKey,

			EOpts: eOpts,

			DOpts: dOpts,

		},

		BCCSPSignerEntity: BCCSPSignerEntity{

			BCCSPEntity: BCCSPEntity{

				IDstr: ID,

				BCCSP: bccsp,

			},

			SKey:  sKey,

			SOpts: sOpts,

			HOpts: hOpts,

		},

	}, nil

}



/***********/

/* Methods */

/***********/



func (e *BCCSPEntity) ID() string {

	return e.IDstr

}



func (e *BCCSPEncrypterEntity) Encrypt(plaintext []byte) ([]byte, error) {

	return e.BCCSP.Encrypt(e.EKey, plaintext, e.EOpts)

}



func (e *BCCSPEncrypterEntity) Decrypt(ciphertext []byte) ([]byte, error) {

	return e.BCCSP.Decrypt(e.EKey, ciphertext, e.DOpts)

}



func (this *BCCSPEncrypterEntity) Equals(e Entity) bool {

	if that, rightType := e.(*BCCSPEncrypterEntity); rightType {

		return compare(this.EKey, that.EKey)

	}



	return false

}



func (pe *BCCSPEncrypterEntity) Public() (Entity, error) {

	var err error

	eKeyPub := pe.EKey



	if !pe.EKey.Symmetric() {

		if eKeyPub, err = pe.EKey.PublicKey(); err != nil {

			return nil, errors.WithMessage(err, "public error, eKey.PublicKey returned")

		}

	}



	return &BCCSPEncrypterEntity{

		BCCSPEntity: BCCSPEntity{

			IDstr: pe.IDstr,

			BCCSP: pe.BCCSP,

		},

		DOpts: pe.DOpts,

		EOpts: pe.EOpts,

		EKey:  eKeyPub,

	}, nil

}



func (this *BCCSPSignerEntity) Equals(e Entity) bool {

	if that, rightType := e.(*BCCSPSignerEntity); rightType {

		return compare(this.SKey, that.SKey)

	}



	return false

}



func (e *BCCSPSignerEntity) Public() (Entity, error) {

	var err error

	sKeyPub := e.SKey



	if !e.SKey.Symmetric() {

		if sKeyPub, err = e.SKey.PublicKey(); err != nil {

			return nil, errors.WithMessage(err, "public error, sKey.PublicKey returned")

		}

	}



	return &BCCSPSignerEntity{

		BCCSPEntity: BCCSPEntity{

			IDstr: e.IDstr,

			BCCSP: e.BCCSP,

		},

		HOpts: e.HOpts,

		SOpts: e.SOpts,

		SKey:  sKeyPub,

	}, nil

}



func (e *BCCSPSignerEntity) Sign(msg []byte) ([]byte, error) {

	h, err := e.BCCSP.Hash(msg, e.HOpts)

	if err != nil {

		return nil, errors.WithMessage(err, "sign error: bccsp.Hash returned")

	}



	return e.BCCSP.Sign(e.SKey, h, e.SOpts)

}



func (e *BCCSPSignerEntity) Verify(signature, msg []byte) (bool, error) {

	h, err := e.BCCSP.Hash(msg, e.HOpts)

	if err != nil {

		return false, errors.WithMessage(err, "sign error: bccsp.Hash returned")

	}



	return e.BCCSP.Verify(e.SKey, signature, h, e.SOpts)

}



func (pe *BCCSPEncrypterSignerEntity) Public() (Entity, error) {

	var err error

	eKeyPub := pe.EKey



	if !pe.EKey.Symmetric() {

		if eKeyPub, err = pe.EKey.PublicKey(); err != nil {

			return nil, errors.WithMessage(err, "public error, eKey.PublicKey returned")

		}

	}



	sKeyPub, err := pe.SKey.PublicKey()

	if err != nil {

		return nil, errors.WithMessage(err, "public error, sKey.PublicKey returned")

	}



	return &BCCSPEncrypterSignerEntity{

		BCCSPEncrypterEntity: BCCSPEncrypterEntity{

			BCCSPEntity: BCCSPEntity{

				IDstr: pe.BCCSPEncrypterEntity.IDstr,

				BCCSP: pe.BCCSPEncrypterEntity.BCCSP,

			},

			EKey:  eKeyPub,

			EOpts: pe.EOpts,

			DOpts: pe.DOpts,

		},

		BCCSPSignerEntity: BCCSPSignerEntity{

			BCCSPEntity: BCCSPEntity{

				IDstr: pe.BCCSPEncrypterEntity.IDstr,

				BCCSP: pe.BCCSPEncrypterEntity.BCCSP,

			},

			SKey:  sKeyPub,

			HOpts: pe.HOpts,

			SOpts: pe.SOpts,

		},

	}, nil

}



func (this *BCCSPEncrypterSignerEntity) Equals(e Entity) bool {

	if that, rightType := e.(*BCCSPEncrypterSignerEntity); rightType {

		return compare(this.SKey, that.SKey) && compare(this.EKey, that.EKey)

	} else {

		return false

	}

}



func (e *BCCSPEncrypterSignerEntity) ID() string {

	return e.BCCSPEncrypterEntity.ID()

}



/********************/

/* Helper functions */

/********************/



// compare returns true if the two supplied keys are equivalent.

// If the supplied keys are symmetric keys, we compare their

// public versions. This is required because when we compare

// two entities, we might compare the public and the private

// version of the same entity and expect to be told that the

// entities are equivalent

func compare(this, that bccsp.Key) bool {

	var err error

	if this.Private() {

		this, err = this.PublicKey()

		if err != nil {

			return false

		}

	}

	if that.Private() {

		that, err = that.PublicKey()

		if err != nil {

			return false

		}

	}



	return reflect.DeepEqual(this, that)

}
Go
1
https://gitee.com/hyperledger-fabric-gm/fabric.git
git@gitee.com:hyperledger-fabric-gm/fabric.git
hyperledger-fabric-gm
fabric
fabric
v1.4.9
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部