代码拉取完成,页面将自动刷新
/*
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
*/
package idemix
import (
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/sha256"
"encoding/asn1"
"math/big"
"github.com/golang/protobuf/proto"
"github.com/hyperledger/fabric-amcl/amcl"
"github.com/hyperledger/fabric-amcl/amcl/FP256BN"
"github.com/pkg/errors"
)
type RevocationAlgorithm int32
const (
ALG_NO_REVOCATION RevocationAlgorithm = iota
)
var ProofBytes = map[RevocationAlgorithm]int{
ALG_NO_REVOCATION: 0,
}
// GenerateLongTermRevocationKey generates a long term signing key that will be used for revocation
func GenerateLongTermRevocationKey() (*ecdsa.PrivateKey, error) {
return ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
}
// CreateCRI creates the Credential Revocation Information for a certain time period (epoch).
// Users can use the CRI to prove that they are not revoked.
// Note that when not using revocation (i.e., alg = ALG_NO_REVOCATION), the entered unrevokedHandles are not used,
// and the resulting CRI can be used by any signer.
func CreateCRI(key *ecdsa.PrivateKey, unrevokedHandles []*FP256BN.BIG, epoch int, alg RevocationAlgorithm, rng *amcl.RAND) (*CredentialRevocationInformation, error) {
if key == nil || rng == nil {
return nil, errors.Errorf("CreateCRI received nil input")
}
cri := &CredentialRevocationInformation{}
cri.RevocationAlg = int32(alg)
cri.Epoch = int64(epoch)
if alg == ALG_NO_REVOCATION {
// put a dummy PK in the proto
cri.EpochPk = Ecp2ToProto(GenG2)
} else {
// create epoch key
_, epochPk := WBBKeyGen(rng)
cri.EpochPk = Ecp2ToProto(epochPk)
}
// sign epoch + epoch key with long term key
bytesToSign, err := proto.Marshal(cri)
if err != nil {
return nil, errors.Wrap(err, "failed to marshal CRI")
}
digest := sha256.Sum256(bytesToSign)
cri.EpochPkSig, err = key.Sign(rand.Reader, digest[:], nil)
if err != nil {
return nil, err
}
if alg == ALG_NO_REVOCATION {
return cri, nil
} else {
return nil, errors.Errorf("the specified revocation algorithm is not supported.")
}
}
// VerifyEpochPK verifies that the revocation PK for a certain epoch is valid,
// by checking that it was signed with the long term revocation key.
// Note that even if we use no revocation (i.e., alg = ALG_NO_REVOCATION), we need
// to verify the signature to make sure the issuer indeed signed that no revocation
// is used in this epoch.
func VerifyEpochPK(pk *ecdsa.PublicKey, epochPK *ECP2, epochPkSig []byte, epoch int, alg RevocationAlgorithm) error {
if pk == nil || epochPK == nil {
return errors.Errorf("EpochPK invalid: received nil input")
}
cri := &CredentialRevocationInformation{}
cri.RevocationAlg = int32(alg)
cri.EpochPk = epochPK
cri.Epoch = int64(epoch)
bytesToSign, err := proto.Marshal(cri)
if err != nil {
return err
}
digest := sha256.Sum256(bytesToSign)
var sig struct{ R, S *big.Int }
if _, err := asn1.Unmarshal(epochPkSig, &sig); err != nil {
return errors.Wrap(err, "failed unmashalling signature")
}
if !ecdsa.Verify(pk, digest[:], sig.R, sig.S) {
return errors.Errorf("EpochPKSig invalid")
}
return nil
}
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手