1.FabricV2.2 specific cryptographic algorithms used
Although fabricv2 2 supports many cryptographic algorithms, but in actual use, the default is to select several sub algorithms from the three encryption algorithms of symmetric encryption algorithm, asymmetric encryption algorithm and hash algorithm
First, the code in Fabric adopts the factory design pattern to produce a specific BCCSP suite
1.1. Study the Factory folder in BCCSP
Pkcs11.0 is ignored by default during Fabric compilation Go and pkcs11factory Go by the build tool because of the custom flag, so there is no need to consider pkcs11 Go and pkcs11factory Go two bags
The above has one core and two branches:
1 core refers to factory go; 2 branch refers to pkcs11factory Go and swfactory go;
no pkcs11. Go does not use PKCs 11 hardware to realize the configuration of BCCSP
opts.go indicates which configuration information can decide whether to initialize pkcs11factory or swfactory
Since our core lies in the cipher suite implemented by bccsp software, we should focus on factory go,swfactory.go,nopkcs11.go,opts.go file to investigate the types of Fabric's default encryption algorithms
fabric/bccsp/factory/factory.go
As shown in the figure, the Get method determines the actual factory type of BCCSPFactory (PKCS11Factory or SWFactory) according to the FactoryOpts parameter
The GetDefault method uses the singleton design model to obtain the defaultBCCSP
fabric/bccsp/factory/opts.go in
Question: how to initialize the defaultBCCSP instance?
As described in the above figure: if config==nil, the SHA2-256 hash algorithm used in the defaultBCCSP instance
When BCCSPFactory is specified as swfactory Go, the resolution of the Get method is as follows:
fabric/bccsp/factory/swfactory.go
// SwOpts contains options for the SWFactory type SwOpts struct { // Default algorithms when not specified (Deprecated?) SecLevel int `mapstructure:"security" json:"security" yaml:"Security"` HashFamily string `mapstructure:"hash" json:"hash" yaml:"Hash"` FileKeystore *FileKeystoreOpts `mapstructure:"filekeystore,omitempty" json:"filekeystore,omitempty" yaml:"FileKeyStore"` DummyKeystore *DummyKeystoreOpts `mapstructure:"dummykeystore,omitempty" json:"dummykeystore,omitempty"` InmemKeystore *InmemKeystoreOpts `mapstructure:"inmemkeystore,omitempty" json:"inmemkeystore,omitempty"` }
Default: SecLevel=256,HashFamily = "SHA2", FileKeystore records the key file path, and other fields do not need to be studied temporarily
//The Get function generates a specific BCCSP encryption service suite according to the FactoryOpts parameter // Get returns an instance of BCCSP using Opts. func (f *SWFactory) Get(config *FactoryOpts) (bccsp.BCCSP, error) { // Validate arguments if config == nil || config.SwOpts == nil { return nil, errors.New("Invalid config. It must not be nil.") } swOpts := config.SwOpts var ks bccsp.KeyStore switch { case swOpts.FileKeystore != nil: fks, err := sw.NewFileBasedKeyStore(nil, swOpts.FileKeystore.KeyStorePath, false) if err != nil { return nil, errors.Wrapf(err, "Failed to initialize software key store") } ks = fks case swOpts.InmemKeystore != nil: ks = sw.NewInMemoryKeyStore() default: // Default to ephemeral key store ks = sw.NewDummyKeyStore() } return sw.NewWithParams(swOpts.SecLevel, swOpts.HashFamily, ks)//Key core }
So in fact, the core method for SWFactory to instantiate BCCSP suite should be NewWithParams(), so what exactly does NewWithParams do?
The specific types of AES, ECDSA and SHA in the Fabric shown in the figure above are set by the setSecurityLevel method in the fabric/bccsp/sw/conf.go file
4.2. Conclusion:
The following are the BCCSP suite based on SW implementation
- The BCCSP suite of Fabric can be dynamically selected, but there are default configurations, SecurityLevel=256,HashFamily=SHA2
- BCCSP suite selects the specific categories of AES, SHA and ECDSA according to the two parameters of SecurityLevel and HashFamily:
- When HashFamily=SHA2
- When SecurityLevel=256, Sha = sha2-256 (implemented by crypto/sha256 standard package sha256.New), the elliptic curve of ECDSA is P256 (implemented as elliptic. P256() of crypto/elliptic standard library), and the length of AES is 32 (default configuration)
- When SecurityLevel=384, Sha = sha2-512 (implemented by crypto/sha512 standard package sha512.New384), the elliptic curve of ECDSA is p384 (implemented as elliptic. P384() of crypto/elliptic standard library), and the length of AES is 32
- When HashFamily=SHA3
- When SecurityLevel=256, Sha = sha3-256 (implemented by sha3.new256 in the third-party package golang.org/x/crypto/sha3), the elliptic curve of ECDSA is P256 (implemented by elliptic. P256() of crypto/elliptic standard library), and the length of AES is 32
- When SecurityLevel=384, Sha = sha3-384 (implemented by the third-party package sha3.new384 in golang.org/x/crypto/sha3), the elliptic curve of ECDSA is p384 (implemented as elliptic. P384() of crypto/elliptic standard library), and the length of AES is 32
- When HashFamily=SHA2