Default Fabric Crypto Service Provider

This change-set introduces a default implementation of the BCCSP whose interfaces were introduced in https://gerrit.hyperledger.org/r/#/c/2027/ The implementation is based on the crypto/primitives package and provides the following capabilities: 1. ecdsa key generation, sign, verify and public key marshalling, 2. HMAC, 3. Hashing, 4. AES key generation, encryption/decryption in CBC mode with PKCS7 padding. This change-set comes in the context of: https://jira.hyperledger.org/browse/FAB-354 Change-Id: Ica504c36756209ea540d010b4f48a801290a7be2 Signed-off-by: Angelo De Caro <adc@zurich.ibm.com>
hyperledger · Nov 3, 2016 · cd43506 · cd43506
1 parent b4473da
commit cd43506
Show file tree

Hide file tree

Showing 7 changed files with 1,381 additions and 4 deletions.
diff --git a/core/crypto/bccsp/bccsp.go b/core/crypto/bccsp/bccsp.go
@@ -32,13 +32,12 @@ type Key interface {
 	// false is this key is asymmetric
 	Symmetric() bool
 
-	// Private returns true if this key is an asymmetric private key,
+	// Private returns true if this key is a private key,
 	// false otherwise.
 	Private() bool
 
-	// PublicKey returns the corresponding public key if this key
-	// is an asymmetric private key. If this key is already public,
-	// PublicKey returns this key itself.
+	// PublicKey returns the corresponding public key part of an asymmetric public/private key pair.
+	// This method returns an error in symmetric key schemes.
 	PublicKey() (Key, error)
 }
 

diff --git a/core/crypto/bccsp/sw/aeskey.go b/core/crypto/bccsp/sw/aeskey.go
@@ -0,0 +1,46 @@
+package sw
+
+import (
+	"errors"
+
+	"github.com/hyperledger/fabric/core/crypto/bccsp"
+	"github.com/hyperledger/fabric/core/crypto/primitives"
+)
+
+type aesPrivateKey struct {
+	k          []byte
+	exportable bool
+}
+
+// Bytes converts this key to its byte representation,
+// if this operation is allowed.
+func (k *aesPrivateKey) Bytes() (raw []byte, err error) {
+	if k.exportable {
+		return k.k, nil
+	}
+
+	return nil, errors.New("Not supported.")
+}
+
+// SKI returns the subject key identifier of this key.
+func (k *aesPrivateKey) SKI() (ski []byte) {
+	return primitives.Hash(k.k)
+}
+
+// Symmetric returns true if this key is a symmetric key,
+// false if this key is asymmetric
+func (k *aesPrivateKey) Symmetric() bool {
+	return true
+}
+
+// Private returns true if this key is a private key,
+// false otherwise.
+func (k *aesPrivateKey) Private() bool {
+	return true
+}
+
+// PublicKey returns the corresponding public key part of an asymmetric public/private key pair.
+// This method returns an error in symmetric key schemes.
+func (k *aesPrivateKey) PublicKey() (bccsp.Key, error) {
+	return nil, errors.New("Cannot call this method on a symmetric key.")
+}
diff --git a/core/crypto/bccsp/sw/conf.go b/core/crypto/bccsp/sw/conf.go
@@ -0,0 +1,53 @@
+package sw
+
+import (
+	"errors"
+	"path/filepath"
+
+	"os"
+
+	"github.com/spf13/viper"
+)
+
+type config struct {
+	keystorePath string
+
+	configurationPathProperty string
+}
+
+func (conf *config) init() error {
+	conf.configurationPathProperty = "security.bccsp.default.keyStorePath"
+
+	// Check mandatory fields
+	var rootPath string
+	if err := conf.checkProperty(conf.configurationPathProperty); err != nil {
+		logger.Warning("'security.bccsp.default.keyStorePath' not set. Using the default directory [%s] for temporary files", os.TempDir())
+		rootPath = os.TempDir()
+	} else {
+		rootPath = viper.GetString(conf.configurationPathProperty)
+	}
+	logger.Infof("Root Path [%s]", rootPath)
+	// Set configuration path
+	rootPath = filepath.Join(rootPath, "crypto")
+
+	// Set ks path
+	conf.keystorePath = filepath.Join(rootPath, "ks")
+
+	return nil
+}
+
+func (conf *config) checkProperty(property string) error {
+	res := viper.GetString(property)
+	if res == "" {
+		return errors.New("Property not specified in configuration file. Please check that property is set: " + property)
+	}
+	return nil
+}
+
+func (conf *config) getKeyStorePath() string {
+	return conf.keystorePath
+}
+
+func (conf *config) getPathForAlias(alias, suffix string) string {
+	return filepath.Join(conf.getKeyStorePath(), alias+"_"+suffix)
+}
diff --git a/core/crypto/bccsp/sw/ecdsakey.go b/core/crypto/bccsp/sw/ecdsakey.go
@@ -0,0 +1,86 @@
+package sw
+
+import (
+	"crypto/ecdsa"
+	"crypto/x509"
+	"fmt"
+
+	"github.com/hyperledger/fabric/core/crypto/bccsp"
+	"github.com/hyperledger/fabric/core/crypto/primitives"
+)
+
+type ecdsaPrivateKey struct {
+	k *ecdsa.PrivateKey
+}
+
+// ToByte converts this key to its byte representation,
+// if this operation is allowed.
+func (k *ecdsaPrivateKey) Bytes() (raw []byte, err error) {
+	return
+}
+
+// SKI returns the subject key identifier of this key.
+func (k *ecdsaPrivateKey) SKI() (ski []byte) {
+	raw, _ := primitives.PrivateKeyToDER(k.k)
+	// TODO: Error should not be thrown. Anyway, move the marshalling at initialization.
+
+	return primitives.Hash(raw)
+}
+
+// Symmetric returns true if this key is a symmetric key,
+// false if this key is asymmetric
+func (k *ecdsaPrivateKey) Symmetric() bool {
+	return false
+}
+
+// Private returns true if this key is a private key,
+// false otherwise.
+func (k *ecdsaPrivateKey) Private() bool {
+	return true
+}
+
+// PublicKey returns the corresponding public key part of an asymmetric public/private key pair.
+// This method returns an error in symmetric key schemes.
+func (k *ecdsaPrivateKey) PublicKey() (bccsp.Key, error) {
+	return &ecdsaPublicKey{&k.k.PublicKey}, nil
+}
+
+type ecdsaPublicKey struct {
+	k *ecdsa.PublicKey
+}
+
+// ToByte converts this key to its byte representation,
+// if this operation is allowed.
+func (k *ecdsaPublicKey) Bytes() (raw []byte, err error) {
+	raw, err = x509.MarshalPKIXPublicKey(k.k)
+	if err != nil {
+		return nil, fmt.Errorf("Failed marshalling key [%s]", err)
+	}
+	return
+}
+
+// SKI returns the subject key identifier of this key.
+func (k *ecdsaPublicKey) SKI() (ski []byte) {
+	raw, _ := primitives.PublicKeyToPEM(k.k, nil)
+	// TODO: Error should not be thrown. Anyway, move the marshalling at initialization.
+
+	return primitives.Hash(raw)
+}
+
+// Symmetric returns true if this key is a symmetric key,
+// false if this key is asymmetric
+func (k *ecdsaPublicKey) Symmetric() bool {
+	return false
+}
+
+// Private returns true if this key is a private key,
+// false otherwise.
+func (k *ecdsaPublicKey) Private() bool {
+	return false
+}
+
+// PublicKey returns the corresponding public key part of an asymmetric public/private key pair.
+// This method returns an error in symmetric key schemes.
+func (k *ecdsaPublicKey) PublicKey() (bccsp.Key, error) {
+	return k, nil
+}