From eb57157f695a5757780fed7b1d2c33ebd2f92983 Mon Sep 17 00:00:00 2001 From: YACOVM Date: Tue, 24 Jan 2017 22:27:52 +0200 Subject: [PATCH] [FAB-1394] gossip MessageCryptoService-Add Channel This commit adds a method VerifyByChannel that is channel-contexted and does the same thing as Verify, just that it causes the MSP layer to use a specific MSP manager. Change-Id: I6b7401935f7751b434be893769810a3ba4fad76f Signed-off-by: Yacov Manevich --- gossip/api/crypto.go | 8 +++++++- gossip/comm/comm_test.go | 6 ++++++ gossip/gossip/channel/channel_test.go | 4 ++++ gossip/gossip/gossip_test.go | 6 ++++++ gossip/identity/identity_test.go | 6 ++++++ gossip/integration/integration.go | 6 ++++++ gossip/state/state_test.go | 8 ++++++++ 7 files changed, 43 insertions(+), 1 deletion(-) diff --git a/gossip/api/crypto.go b/gossip/api/crypto.go index 1f7506034fb..8725b02f9f3 100644 --- a/gossip/api/crypto.go +++ b/gossip/api/crypto.go @@ -37,9 +37,15 @@ type MessageCryptoService interface { // Verify checks that signature is a valid signature of message under a peer's verification key. // If the verification succeeded, Verify returns nil meaning no error occurred. - // If peerCert is nil, then the signature is verified against this peer's verification key. + // If peerIdentity is nil, then the signature is verified against this peer's verification key. Verify(peerIdentity PeerIdentityType, signature, message []byte) error + // VerifyByChannel checks that signature is a valid signature of message + // under a peer's verification key, but also in the context of a specific channel. + // If the verification succeeded, Verify returns nil meaning no error occurred. + // If peerIdentity is nil, then the signature is verified against this peer's verification key. + VerifyByChannel(chainID common.ChainID, peerIdentity PeerIdentityType, signature, message []byte) error + // ValidateIdentity validates the identity of a remote peer. // If the identity is invalid, revoked, expired it returns an error. // Else, returns nil diff --git a/gossip/comm/comm_test.go b/gossip/comm/comm_test.go index cdcfd9b2d6b..1d5700c9d09 100644 --- a/gossip/comm/comm_test.go +++ b/gossip/comm/comm_test.go @@ -82,6 +82,12 @@ func (*naiveSecProvider) Verify(peerIdentity api.PeerIdentityType, signature, me return nil } +// VerifyByChannel verifies a peer's signature on a message in the context +// of a specific channel +func (*naiveSecProvider) VerifyByChannel(_ common.ChainID, _ api.PeerIdentityType, _, _ []byte) error { + return nil +} + func newCommInstance(port int, sec api.MessageCryptoService) (Comm, error) { endpoint := fmt.Sprintf("localhost:%d", port) inst, err := NewCommInstanceWithServer(port, identity.NewIdentityMapper(sec), []byte(endpoint)) diff --git a/gossip/gossip/channel/channel_test.go b/gossip/gossip/channel/channel_test.go index 2bbdb105cc1..a22c80e7769 100644 --- a/gossip/gossip/channel/channel_test.go +++ b/gossip/gossip/channel/channel_test.go @@ -94,6 +94,10 @@ func (cs *cryptoService) GetPKIidOfCert(peerIdentity api.PeerIdentityType) commo panic("Should not be called in this test") } +func (cs *cryptoService) VerifyByChannel(_ common.ChainID, _ api.PeerIdentityType, _, _ []byte) error { + panic("Should not be called in this test") +} + func (cs *cryptoService) VerifyBlock(signedBlock api.SignedBlock) error { args := cs.Called(signedBlock) if args.Get(0) == nil { diff --git a/gossip/gossip/gossip_test.go b/gossip/gossip/gossip_test.go index 959b6069073..605def70dce 100644 --- a/gossip/gossip/gossip_test.go +++ b/gossip/gossip/gossip_test.go @@ -94,6 +94,12 @@ func (*orgCryptoService) Verify(joinChanMsg api.JoinChannelMessage) error { return nil } +// VerifyByChannel verifies a peer's signature on a message in the context +// of a specific channel +func (*naiveCryptoService) VerifyByChannel(_ common.ChainID, _ api.PeerIdentityType, _, _ []byte) error { + return nil +} + func (*naiveCryptoService) ValidateIdentity(peerIdentity api.PeerIdentityType) error { return nil } diff --git a/gossip/identity/identity_test.go b/gossip/identity/identity_test.go index 276fe509308..c1232537e2b 100644 --- a/gossip/identity/identity_test.go +++ b/gossip/identity/identity_test.go @@ -46,6 +46,12 @@ func (*naiveCryptoService) VerifyBlock(signedBlock api.SignedBlock) error { return nil } +// VerifyByChannel verifies a peer's signature on a message in the context +// of a specific channel +func (*naiveCryptoService) VerifyByChannel(_ common.ChainID, _ api.PeerIdentityType, _, _ []byte) error { + return nil +} + // Sign signs msg with this peer's signing key and outputs // the signature if no error occurred. func (*naiveCryptoService) Sign(msg []byte) ([]byte, error) { diff --git a/gossip/integration/integration.go b/gossip/integration/integration.go index eee6e87d368..fea30aa078d 100644 --- a/gossip/integration/integration.go +++ b/gossip/integration/integration.go @@ -92,6 +92,12 @@ func (*naiveCryptoService) Sign(msg []byte) ([]byte, error) { return msg, nil } +// VerifyByChannel verifies a peer's signature on a message in the context +// of a specific channel +func (*naiveCryptoService) VerifyByChannel(_ common.ChainID, _ api.PeerIdentityType, _, _ []byte) error { + return nil +} + // Verify verifies a signature on a message that came from a peer with a certain vkID func (cs *naiveCryptoService) Verify(vkID api.PeerIdentityType, signature, message []byte) error { if !bytes.Equal(signature, message) { diff --git a/gossip/state/state_test.go b/gossip/state/state_test.go index 3a5b5b9df8c..d25794fdcb7 100644 --- a/gossip/state/state_test.go +++ b/gossip/state/state_test.go @@ -108,6 +108,14 @@ func (*naiveCryptoService) Verify(peerIdentity api.PeerIdentityType, signature, return nil } +// VerifyByChannel checks that signature is a valid signature of message +// under a peer's verification key, but also in the context of a specific channel. +// If the verification succeeded, Verify returns nil meaning no error occurred. +// If peerIdentity is nil, then the signature is verified against this peer's verification key. +func (*naiveCryptoService) VerifyByChannel(chainID common.ChainID, peerIdentity api.PeerIdentityType, signature, message []byte) error { + return nil +} + func (*naiveCryptoService) ValidateIdentity(peerIdentity api.PeerIdentityType) error { return nil }