pkg/identity/identity.go - incubator-milagro-dta - Git at Google

 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.

 /*
 Package identity - manage Identity document and keys
 */
 package identity

 import (
 	"bytes"
 	"time"

 	"github.com/apache/incubator-milagro-dta/libs/cryptowallet"
 	"github.com/apache/incubator-milagro-dta/libs/documents"
 	"github.com/apache/incubator-milagro-dta/libs/ipfs"
 	"github.com/apache/incubator-milagro-dta/libs/keystore"
 	"github.com/pkg/errors"
 )

 // CreateIdentity creates a new identity
 // returns Identity document and secret
 func CreateIdentity(name string) (idDocument *documents.IDDoc, rawIDDoc, seed []byte, err error) {
 	//generate crypto random seed
 	seed, err = cryptowallet.RandomBytes(48)
 	if err != nil {
 		err = errors.Wrap(err, "Failed to generate random seed")
 		return
 	}

 	sikePublicKey, _, err := GenerateSIKEKeys(seed)
 	if err != nil {
 		return
 	}

 	blsPublicKey, blsSecretKey, err := GenerateBLSKeys(seed)
 	if err != nil {
 		return
 	}

 	ecPublicKey, err := GenerateECPublicKey(seed)
 	if err != nil {
 		return
 	}

 	// build ID Doc
 	idDocument = documents.NewIDDoc()
 	idDocument.AuthenticationReference = name
 	idDocument.BeneficiaryECPublicKey = ecPublicKey
 	idDocument.SikePublicKey = sikePublicKey
 	idDocument.BLSPublicKey = blsPublicKey
 	idDocument.Timestamp = time.Now().Unix()

 	// encode ID Doc
 	rawIDDoc, err = documents.EncodeIDDocument(idDocument, blsSecretKey)
 	if err != nil {
 		err = errors.Wrap(err, "Failed to encode IDDocument")
 		return
 	}

 	return
 }

 // StoreIdentity writes IDDocument to IPFS and secret to keystore
 func StoreIdentity(rawIDDoc, secret []byte, ipfsConn ipfs.Connector, store keystore.Store) (idDocumentCID string, err error) {
 	// add ID Doc to IPFS
 	idDocumentCID, err = ipfsConn.Add(rawIDDoc)
 	if err != nil {
 		return
 	}
 	// store the seed
 	err = store.Set("seed", secret)
 	return
 }

 // CheckIdentity verifies the IDDocument
 func CheckIdentity(id, name string, ipfsConn ipfs.Connector, store keystore.Store) error {

 	rawIDDoc, err := ipfsConn.Get(id)
 	if err != nil {
 		return errors.Wrap(err, "ID Document not found")
 	}

 	idDoc := &documents.IDDoc{}
 	if err := documents.DecodeIDDocument(rawIDDoc, id, idDoc); err != nil {
 		return errors.Wrap(err, "Decode ID document")
 	}

 	if idDoc.AuthenticationReference != name {
 		return errors.New("Name doesn't match the authentication reference")
 	}

 	seed, err := store.Get("seed")
 	if err != nil {
 		return errors.Wrap(err, "Seed not found")
 	}

 	sikePublic, _, err := GenerateSIKEKeys(seed)
 	if !bytes.Equal(idDoc.SikePublicKey, sikePublic) {
 		return errors.New("SIKE keys are different")
 	}
 	blsPublic, _, err := GenerateBLSKeys(seed)
 	if !bytes.Equal(idDoc.BLSPublicKey, blsPublic) {
 		return errors.New("BLS keys are different")
 	}

 	return nil
 }
	// Licensed to the Apache Software Foundation (ASF) under one
	// or more contributor license agreements. See the NOTICE file
	// distributed with this work for additional information
	// regarding copyright ownership. The ASF licenses this file
	// to you under the Apache License, Version 2.0 (the
	// "License"); you may not use this file except in compliance
	// with the License. You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing,
	// software distributed under the License is distributed on an
	// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	// KIND, either express or implied. See the License for the
	// specific language governing permissions and limitations
	// under the License.

	/*
	Package identity - manage Identity document and keys
	*/
	package identity

	import (
	"bytes"
	"time"

	"github.com/apache/incubator-milagro-dta/libs/cryptowallet"
	"github.com/apache/incubator-milagro-dta/libs/documents"
	"github.com/apache/incubator-milagro-dta/libs/ipfs"
	"github.com/apache/incubator-milagro-dta/libs/keystore"
	"github.com/pkg/errors"
	)

	// CreateIdentity creates a new identity
	// returns Identity document and secret
	func CreateIdentity(name string) (idDocument *documents.IDDoc, rawIDDoc, seed []byte, err error) {
	//generate crypto random seed
	seed, err = cryptowallet.RandomBytes(48)
	if err != nil {
	err = errors.Wrap(err, "Failed to generate random seed")
	return
	}

	sikePublicKey, _, err := GenerateSIKEKeys(seed)
	if err != nil {
	return
	}

	blsPublicKey, blsSecretKey, err := GenerateBLSKeys(seed)
	if err != nil {
	return
	}

	ecPublicKey, err := GenerateECPublicKey(seed)
	if err != nil {
	return
	}

	// build ID Doc
	idDocument = documents.NewIDDoc()
	idDocument.AuthenticationReference = name
	idDocument.BeneficiaryECPublicKey = ecPublicKey
	idDocument.SikePublicKey = sikePublicKey
	idDocument.BLSPublicKey = blsPublicKey
	idDocument.Timestamp = time.Now().Unix()

	// encode ID Doc
	rawIDDoc, err = documents.EncodeIDDocument(idDocument, blsSecretKey)
	if err != nil {
	err = errors.Wrap(err, "Failed to encode IDDocument")
	return
	}

	return
	}

	// StoreIdentity writes IDDocument to IPFS and secret to keystore
	func StoreIdentity(rawIDDoc, secret []byte, ipfsConn ipfs.Connector, store keystore.Store) (idDocumentCID string, err error) {
	// add ID Doc to IPFS
	idDocumentCID, err = ipfsConn.Add(rawIDDoc)
	if err != nil {
	return
	}
	// store the seed
	err = store.Set("seed", secret)
	return
	}

	// CheckIdentity verifies the IDDocument
	func CheckIdentity(id, name string, ipfsConn ipfs.Connector, store keystore.Store) error {

	rawIDDoc, err := ipfsConn.Get(id)
	if err != nil {
	return errors.Wrap(err, "ID Document not found")
	}

	idDoc := &documents.IDDoc{}
	if err := documents.DecodeIDDocument(rawIDDoc, id, idDoc); err != nil {
	return errors.Wrap(err, "Decode ID document")
	}

	if idDoc.AuthenticationReference != name {
	return errors.New("Name doesn't match the authentication reference")
	}

	seed, err := store.Get("seed")
	if err != nil {
	return errors.Wrap(err, "Seed not found")
	}

	sikePublic, _, err := GenerateSIKEKeys(seed)
	if !bytes.Equal(idDoc.SikePublicKey, sikePublic) {
	return errors.New("SIKE keys are different")
	}
	blsPublic, _, err := GenerateBLSKeys(seed)
	if !bytes.Equal(idDoc.BLSPublicKey, blsPublic) {
	return errors.New("BLS keys are different")
	}

	return nil
	}