-
Notifications
You must be signed in to change notification settings - Fork 17
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
related to fabric pull request #3343, regarding adding ed25519 support. Since the bccsp folder was moved to fabric-lib-go, I am moving the related changes here. Signed-off-by: Johann Westphall <johannwestphall@gmail.com>
- Loading branch information
Showing
14 changed files
with
710 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
/* | ||
Copyright IBM Corp. All Rights Reserved. | ||
SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
package sw | ||
|
||
import ( | ||
"crypto/ed25519" | ||
|
||
"github.com/hyperledger/fabric-lib-go/bccsp" | ||
) | ||
|
||
func signED25519(k *ed25519.PrivateKey, msg []byte, opts bccsp.SignerOpts) ([]byte, error) { | ||
signature := ed25519.Sign(*k, msg) | ||
return signature, nil | ||
} | ||
|
||
func verifyED25519(k *ed25519.PublicKey, signature, msg []byte, opts bccsp.SignerOpts) (bool, error) { | ||
return ed25519.Verify(*k, msg, signature), nil | ||
} | ||
|
||
type ed25519Signer struct{} | ||
|
||
func (s *ed25519Signer) Sign(k bccsp.Key, msg []byte, opts bccsp.SignerOpts) ([]byte, error) { | ||
return signED25519(k.(*ed25519PrivateKey).privKey, msg, opts) | ||
} | ||
|
||
type ed25519PrivateKeyVerifier struct{} | ||
|
||
func (v *ed25519PrivateKeyVerifier) Verify(k bccsp.Key, signature, msg []byte, opts bccsp.SignerOpts) (bool, error) { | ||
castedKey, _ := (k.(*ed25519PrivateKey).privKey.Public()).(ed25519.PublicKey) | ||
return verifyED25519(&castedKey, signature, msg, opts) | ||
} | ||
|
||
type ed25519PublicKeyKeyVerifier struct{} | ||
|
||
func (v *ed25519PublicKeyKeyVerifier) Verify(k bccsp.Key, signature, msg []byte, opts bccsp.SignerOpts) (bool, error) { | ||
return verifyED25519(k.(*ed25519PublicKey).pubKey, signature, msg, opts) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,138 @@ | ||
/* | ||
Copyright IBM Corp. All Rights Reserved. | ||
SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
|
||
package sw | ||
|
||
import ( | ||
"crypto/ed25519" | ||
"crypto/rand" | ||
"crypto/sha256" | ||
"crypto/x509" | ||
"testing" | ||
|
||
"github.com/stretchr/testify/require" | ||
) | ||
|
||
func TestVerifyED25519(t *testing.T) { | ||
t.Parallel() | ||
|
||
// Generate a key | ||
_, lowLevelKey, err := ed25519.GenerateKey(rand.Reader) | ||
require.NoError(t, err) | ||
|
||
msg := []byte("hello world") | ||
sigma, err := signED25519(&lowLevelKey, msg, nil) | ||
require.NoError(t, err) | ||
|
||
castedKey, _ := lowLevelKey.Public().(ed25519.PublicKey) | ||
valid, err := verifyED25519(&castedKey, sigma, msg, nil) | ||
require.NoError(t, err) | ||
require.True(t, valid) | ||
} | ||
|
||
func TestEd25519SignerSign(t *testing.T) { | ||
t.Parallel() | ||
|
||
signer := &ed25519Signer{} | ||
verifierPrivateKey := &ed25519PrivateKeyVerifier{} | ||
verifierPublicKey := &ed25519PublicKeyKeyVerifier{} | ||
|
||
// Generate a key | ||
_, lowLevelKey, err := ed25519.GenerateKey(rand.Reader) | ||
require.NoError(t, err) | ||
k := &ed25519PrivateKey{&lowLevelKey} | ||
pk, err := k.PublicKey() | ||
require.NoError(t, err) | ||
|
||
// Sign | ||
msg := []byte("Hello World") | ||
sigma, err := signer.Sign(k, msg, nil) | ||
require.NoError(t, err) | ||
require.NotNil(t, sigma) | ||
|
||
// Verify | ||
castedKey, _ := lowLevelKey.Public().(ed25519.PublicKey) | ||
valid, err := verifyED25519(&castedKey, sigma, msg, nil) | ||
require.NoError(t, err) | ||
require.True(t, valid) | ||
|
||
valid, err = verifierPrivateKey.Verify(k, sigma, msg, nil) | ||
require.NoError(t, err) | ||
require.True(t, valid) | ||
|
||
valid, err = verifierPublicKey.Verify(pk, sigma, msg, nil) | ||
require.NoError(t, err) | ||
require.True(t, valid) | ||
} | ||
|
||
func TestEd25519PrivateKey(t *testing.T) { | ||
t.Parallel() | ||
|
||
_, lowLevelKey, err := ed25519.GenerateKey(rand.Reader) | ||
require.NoError(t, err) | ||
k := &ed25519PrivateKey{&lowLevelKey} | ||
|
||
require.False(t, k.Symmetric()) | ||
require.True(t, k.Private()) | ||
|
||
_, err = k.Bytes() | ||
require.Error(t, err) | ||
require.Contains(t, err.Error(), "Not supported.") | ||
|
||
k.privKey = nil | ||
ski := k.SKI() | ||
require.Nil(t, ski) | ||
|
||
k.privKey = &lowLevelKey | ||
ski = k.SKI() | ||
raw := k.privKey.Public().(ed25519.PublicKey) | ||
hash := sha256.New() | ||
hash.Write(raw) | ||
ski2 := hash.Sum(nil) | ||
require.Equal(t, ski2, ski, "SKI is not computed in the right way.") | ||
|
||
pk, err := k.PublicKey() | ||
require.NoError(t, err) | ||
require.NotNil(t, pk) | ||
ed25519PK, ok := pk.(*ed25519PublicKey) | ||
require.True(t, ok) | ||
castedKey, _ := lowLevelKey.Public().(ed25519.PublicKey) | ||
require.Equal(t, &castedKey, ed25519PK.pubKey) | ||
} | ||
|
||
func TestEd25519PublicKey(t *testing.T) { | ||
t.Parallel() | ||
|
||
_, lowLevelKey, err := ed25519.GenerateKey(rand.Reader) | ||
require.NoError(t, err) | ||
castedKey, _ := lowLevelKey.Public().(ed25519.PublicKey) | ||
k := &ed25519PublicKey{&castedKey} | ||
|
||
require.False(t, k.Symmetric()) | ||
require.False(t, k.Private()) | ||
|
||
k.pubKey = nil | ||
ski := k.SKI() | ||
require.Nil(t, ski) | ||
|
||
k.pubKey = &castedKey | ||
ski = k.SKI() | ||
raw := *(k.pubKey) | ||
hash := sha256.New() | ||
hash.Write(raw) | ||
ski2 := hash.Sum(nil) | ||
require.Equal(t, ski, ski2, "SKI is not computed in the right way.") | ||
|
||
pk, err := k.PublicKey() | ||
require.NoError(t, err) | ||
require.Equal(t, k, pk) | ||
|
||
bytes, err := k.Bytes() | ||
require.NoError(t, err) | ||
bytes2, err := x509.MarshalPKIXPublicKey(*k.pubKey) | ||
require.NoError(t, err) | ||
require.Equal(t, bytes2, bytes, "bytes are not computed in the right way.") | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,109 @@ | ||
/* | ||
Copyright IBM Corp. All Rights Reserved. | ||
SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
package sw | ||
|
||
import ( | ||
"crypto/ed25519" | ||
"crypto/sha256" | ||
"crypto/x509" | ||
"errors" | ||
"fmt" | ||
|
||
"github.com/hyperledger/fabric-lib-go/bccsp" | ||
) | ||
|
||
type ed25519PrivateKey struct { | ||
privKey *ed25519.PrivateKey | ||
} | ||
|
||
// Bytes converts this key to its byte representation, | ||
// if this operation is allowed. | ||
func (k *ed25519PrivateKey) Bytes() ([]byte, error) { | ||
return nil, errors.New("Not supported.") | ||
} | ||
|
||
// SKI returns the subject key identifier of this key. | ||
func (k *ed25519PrivateKey) SKI() []byte { | ||
if k.privKey == nil { | ||
return nil | ||
} | ||
|
||
// Marshall the public key | ||
raw := k.privKey.Public().(ed25519.PublicKey) | ||
|
||
// Hash it | ||
hash := sha256.New() | ||
hash.Write(raw) | ||
return hash.Sum(nil) | ||
} | ||
|
||
// Symmetric returns true if this key is a symmetric key, | ||
// false if this key is asymmetric | ||
func (k *ed25519PrivateKey) Symmetric() bool { | ||
return false | ||
} | ||
|
||
// Private returns true if this key is a private key, | ||
// false otherwise. | ||
func (k *ed25519PrivateKey) Private() bool { | ||
return true | ||
} | ||
|
||
// PublicKey returns the corresponding public key part of an asymmetric public/private key pair. | ||
// This method returns an error in symmetric key schemes. | ||
func (k *ed25519PrivateKey) PublicKey() (bccsp.Key, error) { | ||
castedKey, ok := k.privKey.Public().(ed25519.PublicKey) | ||
if !ok { | ||
return nil, errors.New("Error casting ed25519 public key") | ||
} | ||
return &ed25519PublicKey{&castedKey}, nil | ||
} | ||
|
||
type ed25519PublicKey struct { | ||
pubKey *ed25519.PublicKey | ||
} | ||
|
||
// Bytes converts this key to its byte representation, | ||
// if this operation is allowed. | ||
func (k *ed25519PublicKey) Bytes() (raw []byte, err error) { | ||
raw, err = x509.MarshalPKIXPublicKey(*k.pubKey) | ||
if err != nil { | ||
return nil, fmt.Errorf("Failed marshalling key [%s]", err) | ||
} | ||
return | ||
} | ||
|
||
// SKI returns the subject key identifier of this key. | ||
func (k *ed25519PublicKey) SKI() []byte { | ||
if k.pubKey == nil { | ||
return nil | ||
} | ||
|
||
raw := *(k.pubKey) | ||
|
||
// Hash it | ||
hash := sha256.New() | ||
hash.Write(raw) | ||
return hash.Sum(nil) | ||
} | ||
|
||
// Symmetric returns true if this key is a symmetric key, | ||
// false if this key is asymmetric | ||
func (k *ed25519PublicKey) Symmetric() bool { | ||
return false | ||
} | ||
|
||
// Private returns true if this key is a private key, | ||
// false otherwise. | ||
func (k *ed25519PublicKey) Private() bool { | ||
return false | ||
} | ||
|
||
// PublicKey returns the corresponding public key part of an asymmetric public/private key pair. | ||
// This method returns an error in symmetric key schemes. | ||
func (k *ed25519PublicKey) PublicKey() (bccsp.Key, error) { | ||
return k, nil | ||
} |
Oops, something went wrong.