signer / crypto abstractions (#39)

enveloper verifier

.github/workflows/golangci-lint.yml

@@ -20,7 +20,7 @@ jobs:
         uses: golangci/golangci-lint-action@v3
         with:
           # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version.
-          version: v1.52
+          version: v1.59.1
 
           # Optional: working directory, useful for monorepos
           # working-directory: somedir
@@ -29,7 +29,7 @@ jobs:
           args: --exclude SA1019
 
           # Optional: show only new issues if it's a pull request. The default value is `false`.
-          # only-new-issues: true
+          only-new-issues: true
 
           # Optional: if set to true then the action will use pre-installed Go
           # skip-go-installation: true

extensions/envelope/crypto/crypto.go

@@ -0,0 +1,25 @@
+package crypto
+
+type (
+	Crypto interface {
+		Signer
+		Hasher
+		Verifier
+
+		GenerateKey() (publicKey, privateKey []byte, err error)
+		PublicKey(privateKey []byte) ([]byte, error)
+	}
+
+	Signer interface {
+		Sign(privateKey, hash []byte) ([]byte, error)
+	}
+
+	Hasher interface {
+		Hash([]byte) []byte
+	}
+
+	Verifier interface {
+		Verify(publicKey, hash, signature []byte) error
+		Hasher
+	}
+)

extensions/envelope/crypto/crypto_test.go

@@ -0,0 +1,40 @@
+package crypto_test
+
+import (
+	"testing"
+
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+
+	"github.com/hyperledger-labs/cckit/extensions/envelope/crypto"
+)
+
+const (
+	Ed25519PublicKeyLen  = 32
+	Ed25519PrivateKeyLen = 64
+	Ed25519SignatureLen  = 64
+)
+
+func TestCrypto(t *testing.T) {
+	RegisterFailHandler(Fail)
+	RunSpecs(t, "Crypto suite")
+}
+
+var _ = Describe(`Ed25519 crypto`, func() {
+
+	ed25519 := crypto.NewEd25519()
+
+	It("Allow to create keys", func() {
+		publicKey, privateKey, err := ed25519.GenerateKey()
+		Expect(err).NotTo(HaveOccurred())
+		Expect(len(publicKey)).To(Equal(Ed25519PublicKeyLen))
+		Expect(len(privateKey)).To(Equal(Ed25519PrivateKeyLen))
+	})
+
+	It("Allow to create signature", func() {
+		_, privateKey, _ := ed25519.GenerateKey()
+		sig, err := ed25519.Sign(privateKey, []byte(`anything`))
+		Expect(err).NotTo(HaveOccurred())
+		Expect(len(sig)).To(Equal(Ed25519SignatureLen))
+	})
+})

extensions/envelope/crypto/ed25519.go

@@ -0,0 +1,48 @@
+package crypto
+
+import (
+	"crypto/ed25519"
+	"crypto/rand"
+	"crypto/sha256"
+	"errors"
+	"fmt"
+)
+
+func NewEd25519() *Ed25519 {
+	return &Ed25519{}
+}
+
+type Ed25519 struct{}
+
+func (ed *Ed25519) GenerateKey() (publicKey, privateKey []byte, err error) {
+	publicKey, privateKey, err = ed25519.GenerateKey(rand.Reader)
+	if err != nil {
+		return nil, nil, err
+	}
+	return publicKey, privateKey, nil
+}
+
+func (ed *Ed25519) Sign(privateKey, hash []byte) (signature []byte, err error) {
+	defer func() {
+		if r := recover(); r != nil {
+			err = fmt.Errorf("sign: %v", r)
+		}
+	}()
+	return ed25519.Sign(privateKey, hash), nil
+}
+
+func (ed *Ed25519) Hash(msg []byte) []byte {
+	h := sha256.Sum256(msg)
+	return h[:]
+}
+
+func (ed *Ed25519) Verify(publicKey, hash, signature []byte) error {
+	if !ed25519.Verify(publicKey, hash, signature) {
+		return errors.New(`invalid signature`)
+	}
+	return nil
+}
+
+func (ed *Ed25519) PublicKey(privateKey []byte) ([]byte, error) {
+	return ed25519.PrivateKey(privateKey).Public().(ed25519.PublicKey), nil
+}

extensions/envelope/envelope.proto

@@ -18,4 +18,5 @@ message Envelope {
   string channel = 7;
   string chaincode = 8;
   string method = 9;
+  string signature_alg = 10;
 }

extensions/envelope/testdata/cc_envelope.go → extensions/envelope/envelope_cc_test.go

@@ -1,17 +1,29 @@
-package testdata
+package envelope_test
 
 import (
 	"github.com/hyperledger-labs/cckit/extensions/envelope"
 	"github.com/hyperledger-labs/cckit/router"
 	"github.com/hyperledger-labs/cckit/router/param"
 	"github.com/hyperledger-labs/cckit/serialize"
+	testcc "github.com/hyperledger-labs/cckit/testing"
 )
 
 type EnvelopCC struct {
 }
 
-func NewEnvelopCC(chaincodeName string) *router.Chaincode {
-	r := router.New(chaincodeName, router.WithSerializer(serialize.PreferJSONSerializer)).Use(envelope.Verify())
+const (
+	chaincode    = "envelope-chaincode"
+	channel      = "envelope-channel"
+	methodInvoke = "invokeWithEnvelope"
+	methodQuery  = "queryWithoutEnvelope"
+)
+
+func NewNewEnvelopCCMock(verifier envelope.Verifier) *testcc.MockStub {
+	return testcc.NewMockStub(chaincode, NewEnvelopCC(verifier, chaincode)).WithChannel(channel)
+}
+
+func NewEnvelopCC(verifier envelope.Verifier, chaincodeName string) *router.Chaincode {
+	r := router.New(chaincodeName, router.WithSerializer(serialize.PreferJSONSerializer)).Use(envelope.Verify(verifier))
 
 	r.Invoke("invokeWithEnvelope", func(c router.Context) (interface{}, error) {
 		return nil, nil