Section2.3.3 crypto

SecurityUtils

SecurityUtils is used to access the sign/verify methods from the crypto package.

type SecurityUtils interface {
    Sign(msg []byte) ([]byte, error)
    Verify(peerID *pb.PeerID, signature []byte, message []byte) error
}

SecurityUtils同时也是consensus.go中定义的唯一跟消息加密有关的接口.

Usage

和NetworkStack类似, 其也只有作为Stack一部分被使用, 没有结构体单独实现这个接口.

Implement

注释中提到, Stack除了helper.Helper还有一处实现, 是helper.ConsensusHandler. 但分析发现ConsensusHandler其实并没有实现Stack, 也没有被作为Stack来使用. 所以此处以及下文的Stack分析, 单指helper.Helper处的实现.

ConsensusHandler handles consensus messages. It also implements the Stack.

在Helper中, 可以看到, Helper其实也是通过调用成员变量secHelper的函数来实现的.

// Sign a message with this validator's signing key
func (h *Helper) Sign(msg []byte) ([]byte, error) {
    if h.secOn {
        return h.secHelper.Sign(msg)
    }
    logger.Debug("Security is disabled")
    return msg, nil
}

secHelper的类型为crypto.Peer, 定义在core/crypto内. 可以看到内部是通过调用ECDSA加密算法, 以key和msg作为参数, 进行加密. 验证过程类似. 两个过程是用的都是EnrollmentKey.

func (node *nodeImpl) sign(signKey interface{}, msg []byte) ([]byte, error) {
    return primitives.ECDSASign(signKey, msg)
}

func (node *nodeImpl) signWithEnrollmentKey(msg []byte) ([]byte, error) {
    return primitives.ECDSASign(node.enrollPrivKey, msg)
}

func (node *nodeImpl) ecdsaSignWithEnrollmentKey(msg []byte) (*big.Int, *big.Int, error) {
    return primitives.ECDSASignDirect(node.enrollPrivKey, msg)
}

func (node *nodeImpl) verify(verKey interface{}, msg, signature []byte) (bool, error) {
    return primitives.ECDSAVerify(verKey, msg, signature)
}

func (node *nodeImpl) verifyWithEnrollmentCert(msg, signature []byte) (bool, error) {
    return primitives.ECDSAVerify(node.enrollCert.PublicKey, msg, signature)
}

Summary

SecurityUtils接口仅作为Stack的一部分使用, Stack是由Helper实现的, 对于SecurityUtils部分, Helper通过调用secHelper来实现, secHelper类型为crypto.Peer, 内部采用ECDSA算法.