forked from hyperledger/fabric
-
Notifications
You must be signed in to change notification settings - Fork 0
/
revocation_authority.go
108 lines (90 loc) · 3.08 KB
/
revocation_authority.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
/*
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
*/
package idemix
import (
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/sha256"
"encoding/asn1"
"math/big"
"github.com/golang/protobuf/proto"
"github.com/hyperledger/fabric-amcl/amcl"
"github.com/hyperledger/fabric-amcl/amcl/FP256BN"
"github.com/pkg/errors"
)
type RevocationAlgorithm int32
const (
ALG_NO_REVOCATION RevocationAlgorithm = iota
)
var ProofBytes = map[RevocationAlgorithm]int{
ALG_NO_REVOCATION: 0,
}
// GenerateLongTermRevocationKey generates a long term signing key that will be used for revocation
func GenerateLongTermRevocationKey() (*ecdsa.PrivateKey, error) {
return ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
}
// CreateCRI creates the Credential Revocation Information for a certain time period (epoch).
// Users can use the CRI to prove that they are not revoked.
// Note that when not using revocation (i.e., alg = ALG_NO_REVOCATION), the entered unrevokedHandles are not used,
// and the resulting CRI can be used by any signer.
func CreateCRI(key *ecdsa.PrivateKey, unrevokedHandles []*FP256BN.BIG, epoch int, alg RevocationAlgorithm, rng *amcl.RAND) (*CredentialRevocationInformation, error) {
if key == nil || rng == nil {
return nil, errors.Errorf("CreateCRI received nil input")
}
cri := &CredentialRevocationInformation{}
cri.RevocationAlg = int32(alg)
cri.Epoch = int64(epoch)
if alg == ALG_NO_REVOCATION {
// put a dummy PK in the proto
cri.EpochPk = Ecp2ToProto(GenG2)
} else {
// create epoch key
_, epochPk := WBBKeyGen(rng)
cri.EpochPk = Ecp2ToProto(epochPk)
}
// sign epoch + epoch key with long term key
bytesToSign, err := proto.Marshal(cri)
if err != nil {
return nil, errors.Wrap(err, "failed to marshal CRI")
}
digest := sha256.Sum256(bytesToSign)
cri.EpochPkSig, err = key.Sign(rand.Reader, digest[:], nil)
if err != nil {
return nil, err
}
if alg == ALG_NO_REVOCATION {
return cri, nil
} else {
return nil, errors.Errorf("the specified revocation algorithm is not supported.")
}
}
// VerifyEpochPK verifies that the revocation PK for a certain epoch is valid,
// by checking that it was signed with the long term revocation key.
// Note that even if we use no revocation (i.e., alg = ALG_NO_REVOCATION), we need
// to verify the signature to make sure the issuer indeed signed that no revocation
// is used in this epoch.
func VerifyEpochPK(pk *ecdsa.PublicKey, epochPK *ECP2, epochPkSig []byte, epoch int, alg RevocationAlgorithm) error {
if pk == nil || epochPK == nil {
return errors.Errorf("EpochPK invalid: received nil input")
}
cri := &CredentialRevocationInformation{}
cri.RevocationAlg = int32(alg)
cri.EpochPk = epochPK
cri.Epoch = int64(epoch)
bytesToSign, err := proto.Marshal(cri)
if err != nil {
return err
}
digest := sha256.Sum256(bytesToSign)
var sig struct{ R, S *big.Int }
if _, err := asn1.Unmarshal(epochPkSig, &sig); err != nil {
return errors.Wrap(err, "failed unmashalling signature")
}
if !ecdsa.Verify(pk, digest[:], sig.R, sig.S) {
return errors.Errorf("EpochPKSig invalid")
}
return nil
}