sign method with norm s and signed txs (#335)

* sign method with norm s and signed txs

Signed-off-by: May.Buzaglo <[email protected]>

* create signed env method and test sign

Signed-off-by: May.Buzaglo <[email protected]>

* signer argument

Signed-off-by: May.Buzaglo <[email protected]>

---------

Signed-off-by: May.Buzaglo <[email protected]>

Author: MayRosenbaum

node/crypto/signer.go

@@ -9,13 +9,39 @@ package crypto
 import (
 	"crypto/ecdsa"
 	"crypto/rand"
-	"crypto/sha256"
+	"encoding/asn1"
+	"math/big"
+
+	"github.com/hyperledger/fabric-lib-go/bccsp/utils"
+	"github.com/hyperledger/fabric-x-common/common/util"
 )
 
 type ECDSASigner ecdsa.PrivateKey
 
 func (s ECDSASigner) Sign(message []byte) ([]byte, error) {
-	digest := sha256.Sum256(message)
+	digest := util.ComputeSHA256(message)
 	sk := (ecdsa.PrivateKey)(s)
-	return sk.Sign(rand.Reader, digest[:], nil)
+	return signECDSA(&sk, digest)
+}
+
+func signECDSA(k *ecdsa.PrivateKey, digest []byte) (signature []byte, err error) {
+	r, s, err := ecdsa.Sign(rand.Reader, k, digest)
+	if err != nil {
+		return nil, err
+	}
+
+	s, err = utils.ToLowS(&k.PublicKey, s)
+	if err != nil {
+		return nil, err
+	}
+
+	return marshalECDSASignature(r, s)
+}
+
+func marshalECDSASignature(r, s *big.Int) ([]byte, error) {
+	return asn1.Marshal(ECDSASignature{r, s})
+}
+
+type ECDSASignature struct {
+	R, S *big.Int
 }

node/crypto/signer_test.go

@@ -0,0 +1,38 @@
+/*
+Copyright IBM Corp. All Rights Reserved.
+
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package crypto_test
+
+import (
+	"crypto/ecdsa"
+	"testing"
+
+	"github.com/hyperledger/fabric-lib-go/bccsp/utils"
+	"github.com/hyperledger/fabric-x-common/common/util"
+	"github.com/hyperledger/fabric-x-orderer/internal/cryptogen/csp"
+	"github.com/hyperledger/fabric-x-orderer/node/crypto"
+	"github.com/stretchr/testify/require"
+)
+
+func TestECDSASigner(t *testing.T) {
+	// Generate a private key
+	dir := t.TempDir()
+	cryptoPrivateKey, err := csp.GeneratePrivateKey(dir, "ecdsa")
+	require.NoError(t, err)
+	ecdsaPrivateKey := cryptoPrivateKey.(*ecdsa.PrivateKey)
+	signer := crypto.ECDSASigner(*ecdsaPrivateKey)
+
+	// Sign a message
+	msg := []byte("foo")
+	sig, err := signer.Sign(msg)
+	require.NoError(t, err)
+
+	// Verify the signature over the massage
+	r, s, err := utils.UnmarshalECDSASignature(sig)
+	require.NoError(t, err)
+	verify := ecdsa.Verify(&((*ecdsa.PrivateKey)(&signer).PublicKey), util.ComputeSHA256(msg), r, s)
+	require.True(t, verify)
+}

testutil/tx/tx_utils.go

@@ -8,12 +8,17 @@ package tx
 
 import (
 	"bytes"
+	"crypto/ecdsa"
+	"crypto/x509"
 	"encoding/binary"
+	"encoding/pem"
 	"fmt"
+	"strings"
 	"time"
 
 	"github.com/hyperledger/fabric-protos-go-apiv2/common"
 	"github.com/hyperledger/fabric-x-common/protoutil"
+	"github.com/hyperledger/fabric-x-orderer/node/crypto"
 	protos "github.com/hyperledger/fabric-x-orderer/node/protos/comm"
 	"google.golang.org/protobuf/proto"
 )
@@ -64,6 +69,49 @@ func CreateStructuredEnvelope(data []byte) *common.Envelope {
 	}
 }
 
+// CreateSignedEnvelope creates a dummy data transaction signed by a private key of a client.
+func CreateSignedEnvelope(payloadData []byte, signer *crypto.ECDSASigner) (*common.Envelope, error) {
+	payload := createStructuredPayload(payloadData, common.HeaderType_MESSAGE)
+	payloadBytes := deterministicMarshall(payload)
+	signedEnvelope, err := signEnvelope(payloadBytes, signer)
+	if err != nil {
+		return nil, fmt.Errorf("failed to sign envelope")
+	}
+	return signedEnvelope, nil
+}
+
+// CreateECDSASigner reads a private key from the given path and creates a signer.
+func CreateECDSASigner(privateKeyBytes []byte) (*crypto.ECDSASigner, error) {
+	block, _ := pem.Decode(privateKeyBytes)
+	if block == nil || block.Bytes == nil {
+		return nil, fmt.Errorf("failed decoding private key PEM")
+	}
+
+	if block.Type != "PRIVATE KEY" {
+		return nil, fmt.Errorf("unexpected pem type, got a %s", strings.ToLower(block.Type))
+	}
+
+	priv, err := x509.ParsePKCS8PrivateKey(block.Bytes)
+	if err != nil {
+		return nil, fmt.Errorf("failed parsing private key DER: %v", err)
+	}
+
+	return (*crypto.ECDSASigner)(priv.(*ecdsa.PrivateKey)), nil
+}
+
+func signEnvelope(payload []byte, signer *crypto.ECDSASigner) (*common.Envelope, error) {
+	signature, err := signer.Sign(payload)
+	if err != nil {
+		return nil, err
+	}
+
+	envelope := &common.Envelope{
+		Payload:   payload,
+		Signature: signature,
+	}
+	return envelope, nil
+}
+
 func CreateStructuredConfigEnvelope(data []byte) *common.Envelope {
 	payload := createStructuredPayload(data, common.HeaderType_CONFIG_UPDATE)
 	payloadBytes := deterministicMarshall(payload)