[Block chain] Hyperledger Fabric Source code (based on v1.0 beta version) reading music Buckle Teacher Interpretation series (v) BSSCP Package SW Encryption Pack

Third, the core package of the BSSCP (Blockchain encryption service provider) package of SW Encryption Package

Package Content Description: The entire WS package according to the file type, basically contains a few pieces: AES encryption module go file, RSA encryption module go file, Elliptic curve encryption module go file, dummy signature file module go file, based on the existing file address of the signature file module go file, Hash module go file, Signature module go file, validate module go file and some configuration module go file, implement module file and so on. core file 1 impl.go:

It is mainly about the implementation of SW (pluggable common software Implementation encryption algorithm) code. The file includes the new method, key generator method keygen, key using Keyderiv method, key Import method Keyimport, method of acquiring key getkey, hash algorithm hash, get hash algorithm Gethash, Signature method Sign, authentication method verify, encryption method encrypt and decryption method decrypt. The method call for the entire procedure is similar to the previous one, so it focuses only on the core method or the larger difference method.

Method: New (securitylevel int, hashfamily string, KeyStore bccsp. KeyStore) (BCCSP. BCCSP, error)
⭕️ the method first initializes the configuration, sets Seclevel and hashfamily, and then initiates various initialization operations, including initializing the config file, detecting the presence of the KeyStore (KeyStore), setting the cryptographic module encryptors, Set the decryption module Decryptors, set the signature caller signers, set the Signature verifier verifiers, set the hash parameter hashers, set the key generator generators, set the key key for the call behavior (source code where the comment is wrong should be/ /Set the key Keyderivers) as well as the last set of keys to import the part.

Method: (CSP *impl) Hash (msg []byte, opts BCCSP. hashopts) (Digest []byte, err Error)
⭕️ This method compares the PKCS11 package, here is the Independent method, the whole method of the main process is to call the CSP hashers, through reflection to obtain the optional parameter type opts, and then call its hash method, to obtain digest byte stream information.

Method: (CSP *impl) Hash (msg []byte, opts BCCSP. hashopts) (Digest []byte, err Error)
⭕️ This method compares the PKCS11 package, here is the Independent method, the whole method of the main process is to call the CSP hashers, through reflection to obtain the optional parameter type opts, and then call its hash method, to obtain digest byte stream information.

Method: (CSP *impl) Encrypt (k BCCSP. Key, plaintext []byte, opts BCCSP. encrypteropts) (ciphertext []byte, err Error)
⭕️ the method encrypts the plaintext using the key K encryption. You can use the encryptors of the CSP to reflect the encrypted person that gets the key. Encryption is then used to encrypt the keys, plaintext, and optional parameters to get ciphertext.

Method: (CSP *impl) Decrypt (k BCCSP. Key, ciphertext []byte, opts BCCSP. decrypteropts) (plaintext []byte, err Error)
⭕️ The method uses the key k to decrypt the text. Gets the decryption of the key by using the decryptors of the CSP. The decryption method is then used to decrypt the plaintext by means of key keys, ciphertext ciphertext and optional parameters.
———————————————————————————— core file 2 aes.go:

is mainly about the SW (pluggable common software Implementation encryption algorithm) code of the AES algorithm implementation. AES is not required in the PKCS11, it uses only the elliptic curve algorithm, so AES can understand how it is implemented by go. Overall, this file mainly contains the following core methods: a given length parameter to obtain the random byte stream method Getrandombytes, PKCS-based 256-bit standard fill mode method Pkcs7padding, The 256-bit standard anti-fill mode method based on PKCS Pkcs7unpadding, CBC mode encryption method Aescbcencrypt, CBC mode decryption method Aescbcdecrypt, This paper combines the encryption method of PKCS7 and CBC mode Aescbcpkcs7encrypt, Combined with the decryption method of PKCS7 and CBC mode Aescbcpkcs7decrypt and eventually this AES incorporates the PKCS7 and CBC mode of the Ingress method encrypt and decrypt.

are ready-made third-party providers, which are relatively simple to call, and are no longer analyzed individually.
———————————————————————————— core file 3 rsa.go:

This file is primarily used to implement the RSA public key cryptography algorithm. It consists of signature method sign and public key signature verification and private key signature verification verify.

are ready-made third-party providers, which are relatively simple to call, and are no longer analyzed individually.
———————————————————————————— core file 4 ecdsa.go:

The paper is mainly about the implementation of the elliptic curve-related calculations and the previous talk about the same content, so there is no longer to do

are ready-made third-party providers, which are relatively simple to call, and are no longer analyzed individually.
———————————————————————————— Core file 5 keyderiv.go: core file 6 keyderiv.go: Core File 7 keyimport.go:

Three files are similar to the previous one, but the structure is divided here, after all, consider the pluggable characteristics, here independent. The way of implementation is not much different from the previous one. More still, the elliptic Curve Cryptographic Signature Algorithm (ECDSA) is used, so it is not analyzed in detail here.
———————————————————————————— Core file 8 dummyks.go:

Newdummykeystore is an instantiated virtual keystore. The library implements several methods, including: it cannot load (load) or store key containers, read-only containers, and can read and write containers.
———————————————————————————— Core file 9 fileks.go:

Newfilebasedkeystore is an instantiated virtual key repository. The library differs from the above in that it is possible to read an existing KeyStore address to load.

Structure: Filebasedkeystore struct
⭕️ The structure Filebasedkeystore is a folder-based KeyStore. Each key is stored in a scattered file, and the name of the file contains the key of the ski. Flags whose flags identify the key type. All keys are stored in the folder where the path is provided at initialization time. The KeyStore can be initialized with a password, and this password can also be used to encrypt and decrypt the files that store the keys.
KeyStore in order to avoid key overrides can be set to read-only. It contains the parameter address path, the read-only setting readonly, whether the open isopen, the key byte pwd, and the sync setting m.

Method: Newfilebasedkeystore (pwd []byte, path string, readOnly bool) (BCCSP. KeyStore, error)
⭕️ The method Newfilebasedkeystore instantiates a file-based key storage container at a given location. If its contents are not empty, the KeyStore can be encrypted.
You can also set it to read-only, in which case any storage operations will be disabled.

Method: (KS *filebasedkeystore) Init (pwd []byte, path string, readOnly bool) error
⭕️ The main content of this method is as follows: Init initialization requires a password and address to generate a folder operation, which is used to store the key, while setting the read-only token. Each key is stored in a scattered file, and the name of the file contains the key of the ski. And a flag that identifies the key type.
The KeyStore can be initialized with a password, and this password can also be used to encrypt and decrypt the files that store the keys. If the KeyStore does not require encryption, the PWD parameter can be empty. If the KeyStore is not initialized with a password, retrieving the key from the KeyStore fails. KeyStore in order to avoid key overrides can be set to read-only.

Method: (KS *filebasedkeystore) GetKey (ski []byte) (K BCCSP. Key, err Error)
⭕️ This method is mainly through the ski to obtain the corresponding key, there are three parameters can be selected ' key ', ' SK ', ' PK ', respectively, to read a key string, read a private key and read a public key.

Method: (KS *filebasedkeystore) Storekey (k BCCSP. Key) (Err Error)
⭕️ the Storekey of the method stores the key k in this keystore. If the KeyStore is read-only then the store fails. The stored types are divided into elliptic curve signatures to store the private key Ecdsaprivatekey, the Elliptic curve signature to store the public key Ecdsapublickey, the RSA storage private key Rsaprivatekey, RSA stores public key Rsapublickey and AES series AES storage private key Aesprivatekey, AES storage public key Aespublickey.

Method: (KS *filebasedkeystore) Searchkeystoreforski (ski []byte) (K BCCSP. Key, err Error)
⭕️ This method mainly describes the retrieval of the key through the ski, mainly by means of the tool Ioutil Readdir method to read the file address (Ks.path), and then read the file ReadFile, and then read the corresponding private key information Pemtoprivatekey. The private key is typed into the type ECDSA or RSA and eventually returns its key K.

Method: (KS *filebasedkeystore) Createkeystore () error
⭕️ This method creates the KeyStore in the absence of the root directory, mainly using the Mkdirall method of the OS.

Method: (KS *filebasedkeystore) createkeystoreifnotexists () error
⭕️ the difference between the method and the above is to determine whether the default directory is empty (the Dirmissingorempty method of the Utils package), and then use the Createkeystore of KS to create the KeyStore.

Method: (KS *filebasedkeystore) Createkeystore () error
⭕️ This method creates the KeyStore in the absence of the root directory, mainly using the Mkdirall method of the OS.

Method: (KS *filebasedkeystore) Openkeystore () error
⭕️ the method mainly uses KS's IsOpen method to determine the open state of the key store.

Other methods are relatively simple and conventional, and no analysis is done here.
————————————————————————————
SW Encryption Packet Summary

The main content of the entire cryptographic package revolves around the encryption industry mainstream technology such as RSA, AES, ECDSA and other mature algorithms for the Go language implementation. At the same time in the package is fully reflected in the pluggable, the modularity of the split. Although the general function is more similar to the previous one, the merit of this package is the clear module partitioning. Of course, its characteristics and PKCS11 are different, the two kinds of key libraries are implemented in detail.