-
Notifications
You must be signed in to change notification settings - Fork 508
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[FAB-7576] Conditional PKCS11 support
This patch includes PKCS11 support as an option. This change enables usage of the SDK when libltdl is not installed. Change-Id: Id2cbbba5837eb8cdcac6e4f42ad64166e11d8eb4 Signed-off-by: Troy Ronda <troy@troyronda.com>
- Loading branch information
Showing
14 changed files
with
240 additions
and
82 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
internal/github.com/hyperledger/fabric/bccsp/factory/nopkcs11.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
// +build nopkcs11 | ||
// +build !pkcs11 | ||
|
||
/* | ||
Copyright IBM Corp. 2017 All Rights Reserved. | ||
|
2 changes: 1 addition & 1 deletion
2
internal/github.com/hyperledger/fabric/bccsp/factory/pkcs11.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
// +build !nopkcs11 | ||
// +build pkcs11 | ||
|
||
/* | ||
Copyright IBM Corp. 2017 All Rights Reserved. | ||
|
2 changes: 1 addition & 1 deletion
2
internal/github.com/hyperledger/fabric/bccsp/factory/pkcs11factory.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
// +build !nopkcs11 | ||
// +build pkcs11 | ||
|
||
/* | ||
Copyright IBM Corp. 2016 All Rights Reserved. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
// +build !pkcs11 | ||
|
||
/* | ||
Copyright SecureKey Technologies Inc. All Rights Reserved. | ||
SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
|
||
package bccsp | ||
|
||
import ( | ||
"fmt" | ||
|
||
"github.com/hyperledger/fabric-sdk-go/api/apiconfig" | ||
bccspFactory "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory" | ||
) | ||
|
||
//GetOptsByConfig Returns Factory opts for given SDK config | ||
func GetOptsByConfig(c apiconfig.Config) *bccspFactory.FactoryOpts { | ||
var opts *bccspFactory.FactoryOpts | ||
|
||
switch c.SecurityProvider() { | ||
case "SW": | ||
opts = &bccspFactory.FactoryOpts{ | ||
ProviderName: "SW", | ||
SwOpts: &bccspFactory.SwOpts{ | ||
HashFamily: c.SecurityAlgorithm(), | ||
SecLevel: c.SecurityLevel(), | ||
FileKeystore: &bccspFactory.FileKeystoreOpts{ | ||
KeyStorePath: c.KeyStorePath(), | ||
}, | ||
Ephemeral: c.Ephemeral(), | ||
}, | ||
} | ||
logger.Debug("Initialized SW ") | ||
bccspFactory.InitFactories(opts) | ||
return opts | ||
|
||
default: | ||
panic(fmt.Sprintf("Unsupported BCCSP Provider: %s", c.SecurityProvider())) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
// +build !pkcs11 | ||
|
||
/* | ||
Copyright SecureKey Technologies Inc. All Rights Reserved. | ||
SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
|
||
package bccsp | ||
|
||
import ( | ||
"testing" | ||
|
||
"github.com/golang/mock/gomock" | ||
"github.com/hyperledger/fabric-sdk-go/api/apiconfig/mocks" | ||
) | ||
|
||
func TestCryptoSuiteByConfigPKCS11Unsupported(t *testing.T) { | ||
defer func() { | ||
if r := recover(); r == nil { | ||
t.Errorf("was supposed to panic") | ||
} | ||
}() | ||
|
||
//Prepare Config | ||
mockCtrl := gomock.NewController(t) | ||
defer mockCtrl.Finish() | ||
//Prepare Config | ||
mockConfig := mock_apiconfig.NewMockConfig(mockCtrl) | ||
mockConfig.EXPECT().SecurityProvider().Return("PKCS11") | ||
mockConfig.EXPECT().SecurityProvider().Return("PKCS11") | ||
|
||
//Get cryptosuite using config | ||
GetSuiteByConfig(mockConfig) | ||
t.Fatalf("Getting cryptosuite with unsupported pkcs11 security provider supposed to panic") | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
// +build pkcs11 | ||
|
||
/* | ||
Copyright SecureKey Technologies Inc. All Rights Reserved. | ||
SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
|
||
package bccsp | ||
|
||
import ( | ||
"fmt" | ||
|
||
"github.com/hyperledger/fabric-sdk-go/api/apiconfig" | ||
bccspFactory "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory" | ||
"github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/pkcs11" | ||
) | ||
|
||
//GetOptsByConfig Returns Factory opts for given SDK config | ||
func GetOptsByConfig(c apiconfig.Config) *bccspFactory.FactoryOpts { | ||
var opts *bccspFactory.FactoryOpts | ||
|
||
switch c.SecurityProvider() { | ||
case "SW": | ||
opts = &bccspFactory.FactoryOpts{ | ||
ProviderName: "SW", | ||
SwOpts: &bccspFactory.SwOpts{ | ||
HashFamily: c.SecurityAlgorithm(), | ||
SecLevel: c.SecurityLevel(), | ||
FileKeystore: &bccspFactory.FileKeystoreOpts{ | ||
KeyStorePath: c.KeyStorePath(), | ||
}, | ||
Ephemeral: c.Ephemeral(), | ||
}, | ||
} | ||
logger.Debug("Initialized SW ") | ||
bccspFactory.InitFactories(opts) | ||
return opts | ||
|
||
case "PKCS11": | ||
pkks := pkcs11.FileKeystoreOpts{KeyStorePath: c.KeyStorePath()} | ||
opts = &bccspFactory.FactoryOpts{ | ||
ProviderName: "PKCS11", | ||
Pkcs11Opts: &pkcs11.PKCS11Opts{ | ||
SecLevel: c.SecurityLevel(), | ||
HashFamily: c.SecurityAlgorithm(), | ||
Ephemeral: c.Ephemeral(), | ||
FileKeystore: &pkks, | ||
Library: c.SecurityProviderLibPath(), | ||
Pin: c.SecurityProviderPin(), | ||
Label: c.SecurityProviderLabel(), | ||
SoftVerify: c.SoftVerify(), | ||
}, | ||
} | ||
logger.Debug("Initialized PKCS11 ") | ||
bccspFactory.InitFactories(opts) | ||
return opts | ||
default: | ||
panic(fmt.Sprintf("Unsupported BCCSP Provider: %s", c.SecurityProvider())) | ||
|
||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
// +build pkcs11 | ||
|
||
/* | ||
Copyright SecureKey Technologies Inc. All Rights Reserved. | ||
SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
|
||
package bccsp | ||
|
||
import ( | ||
"testing" | ||
|
||
"github.com/golang/mock/gomock" | ||
"github.com/hyperledger/fabric-sdk-go/api/apiconfig/mocks" | ||
"github.com/hyperledger/fabric-sdk-go/pkg/logging/utils" | ||
) | ||
|
||
func TestCryptoSuiteByConfigPKCS11Failure(t *testing.T) { | ||
|
||
//Prepare Config | ||
mockCtrl := gomock.NewController(t) | ||
defer mockCtrl.Finish() | ||
//Prepare Config | ||
mockConfig := mock_apiconfig.NewMockConfig(mockCtrl) | ||
mockConfig.EXPECT().SecurityProvider().Return("PKCS11") | ||
mockConfig.EXPECT().SecurityAlgorithm().Return("SHA2") | ||
mockConfig.EXPECT().SecurityLevel().Return(256) | ||
mockConfig.EXPECT().KeyStorePath().Return("/tmp/msp") | ||
mockConfig.EXPECT().Ephemeral().Return(false) | ||
mockConfig.EXPECT().SecurityProviderLibPath().Return("") | ||
mockConfig.EXPECT().SecurityProviderLabel().Return("") | ||
mockConfig.EXPECT().SecurityProviderPin().Return("") | ||
mockConfig.EXPECT().SoftVerify().Return(true) | ||
|
||
//Get cryptosuite using config | ||
samplecryptoSuite, err := GetSuiteByConfig(mockConfig) | ||
utils.VerifyNotEmpty(t, err, "Supposed to get error on GetSuiteByConfig call : %s", err) | ||
utils.VerifyEmpty(t, samplecryptoSuite, "Not supposed to get valid cryptosuite") | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.