[FABN-909] Move hash classes into fabric-common

fabric-client contains a file called hash.js that exports a set of things:
- classes named hash_* that implement the Hash interface
- functions named SHA_* that take data in and return a hash
- shake_256

The hash_* classes are only used in a couple of places outside of this file,
and they would be better off using the SHA_* functions instead.

hash_sha3_256 and hash_sha3_384 are not used anywhere, and cannot be used by
external code as they are not listed in the CryptoAlgorithms constants, so
they can be removed safely. The SHA3_* functions are used and must stay.

shake_256 is not used anywhere, and again cannot be used by external code
as it is not listed in the CryptoAlgorithms constants, so remove that as well.
Also, it has a TODO on it!

TL;DR - move hash_sha2_256 and hash_sha2_384 into fabric-common, export the
SHA_* functions via a HashPrimitives object, and use that everywhere. Also
had to add an encoding flag to the SHA2_* functions to allow them to return
Buffer objects as required in several places (instead of hex strings).

Change-Id: I7fd2730d73109412cd9ddab4c9e32fec34b47321
Signed-off-by: Simon Stone <[email protected]>

build/tasks/ca.js

@@ -9,7 +9,6 @@ const gulp = require('gulp');
 const debug = require('gulp-debug');
 
 const DEPS = [
-	'fabric-client/lib/hash.js',
 	'fabric-client/lib/utils.js',
 	'fabric-client/lib/BaseClient.js',
 	'fabric-client/lib/Remote.js',

fabric-client/lib/Remote.js

@@ -20,7 +20,7 @@ const urlParser = require('url');
 
 const utils = require('./utils.js');
 const logger = utils.getLogger('Remote.js');
-const {hash_sha2_256} = require('./hash');
+const {HashPrimitives} = require('fabric-common');
 const MAX_SEND = 'grpc.max_send_message_length';
 const MAX_RECEIVE = 'grpc.max_receive_message_length';
 const MAX_SEND_V10 = 'grpc-max-send-message-length';
@@ -197,8 +197,7 @@ class Remote {
 	getClientCertHash() {
 		if (this.clientCert) {
 			const der_cert = utils.pemToDER(this.clientCert);
-			const hash = new hash_sha2_256();
-			return hash.reset().update(der_cert).finalize();
+			return HashPrimitives.SHA2_256(der_cert, null /* We need a Buffer */);
 		} else {
 			return null;
 		}

fabric-client/lib/TransactionID.js

@@ -10,8 +10,7 @@
 const utils = require('./utils.js');
 const logger = utils.getLogger('TransactionID.js');
 const User = require('./User.js');
-const hashPrimitives = require('./hash.js');
-
+const {HashPrimitives} = require('fabric-common');
 
 /**
  * The class representing the transaction identifier. Provides for
@@ -44,7 +43,7 @@ class TransactionID {
 		this._nonce = utils.getNonce(); // nonce is in bytes
 		const creator_bytes = signer.serialize();// same as signatureHeader.Creator
 		const trans_bytes = Buffer.concat([this._nonce, creator_bytes]);
-		const trans_hash = hashPrimitives.SHA2_256(trans_bytes);
+		const trans_hash = HashPrimitives.SHA2_256(trans_bytes);
 		this._transaction_id = Buffer.from(trans_hash).toString();
 		logger.debug('const - transaction_id %s', this._transaction_id);
 

fabric-client/lib/impl/CryptoSuite_ECDSA_AES.js

@@ -8,16 +8,13 @@
 'use strict';
 
 // requires
-const {CryptoAlgorithms, CryptoSuite} = require('fabric-common');
-
+const {CryptoAlgorithms, CryptoSuite, HashPrimitives} = require('fabric-common');
 const elliptic = require('elliptic');
 const EC = elliptic.ec;
 const jsrsa = require('jsrsasign');
 const {KEYUTIL} = jsrsa;
 const util = require('util');
 const Signature = require('elliptic/lib/elliptic/ec/signature.js');
-
-const hashPrimitives = require('../hash.js');
 const utils = require('../utils');
 const ECDSAKey = require('./ecdsa/key.js');
 
@@ -56,7 +53,7 @@ class CryptoSuite_ECDSA_AES extends CryptoSuite {
 		}
 		hashAlgo = hashAlgo.toUpperCase();
 		const hashPair = `${hashAlgo}_${keySize}`;
-		if (!CryptoAlgorithms[hashPair] || !hashPrimitives[hashPair]) {
+		if (!CryptoAlgorithms[hashPair] || !HashPrimitives[hashPair]) {
 			throw Error(util.format('Unsupported hash algorithm and key size pair: %s', hashPair));
 		}
 		super();
@@ -72,7 +69,7 @@ class CryptoSuite_ECDSA_AES extends CryptoSuite {
 
 		logger.debug('Hash algorithm: %s, hash output size: %s', this._hashAlgo, this._keySize);
 
-		this._hashFunction = hashPrimitives[hashPair];
+		this._hashFunction = HashPrimitives[hashPair];
 
 		this._hashOutputSize = this._keySize / 8;
 

fabric-client/lib/impl/bccsp_pkcs11.js

@@ -7,7 +7,7 @@
 
 'use strict';
 
-const {CryptoAlgorithms, CryptoSuite} = require('fabric-common');
+const {CryptoAlgorithms, CryptoSuite, HashPrimitives} = require('fabric-common');
 const utils = require('../utils');
 const aesKey = require('./aes/pkcs11_key.js');
 const ecdsaKey = require('./ecdsa/pkcs11_key.js');
@@ -25,7 +25,6 @@ const callsite = require('callsite');
 const pkcs11js = require('pkcs11js');
 const util = require('util');
 const ECDSAKey = require('./ecdsa/key.js');
-const hashPrimitives = require('../hash.js');
 
 const logger = utils.getLogger('crypto_pkcs11');
 
@@ -206,7 +205,7 @@ class CryptoSuite_PKCS11 extends CryptoSuite {
 		}
 		hashAlgo = hashAlgo.toUpperCase();
 		const hashPair = `${hashAlgo}_${keySize}`;
-		if (!CryptoAlgorithms[hashPair] || !hashPrimitives[hashPair]) {
+		if (!CryptoAlgorithms[hashPair] || !HashPrimitives[hashPair]) {
 			throw Error(util.format('Unsupported hash algorithm and key size pair: %s', hashPair));
 		}
 
@@ -219,7 +218,7 @@ class CryptoSuite_PKCS11 extends CryptoSuite {
 
 		this._hashAlgo = hashAlgo;
 
-		this._hashFunction = hashPrimitives[hashPair];
+		this._hashFunction = HashPrimitives[hashPair];
 
 		/*
 		 * Load native PKCS11 library, open PKCS11 session and login.
@@ -251,8 +250,7 @@ class CryptoSuite_PKCS11 extends CryptoSuite {
 	 * sha256 of tod as SKI.
 	 */
 	_ski() {
-		const hash = new hashPrimitives.hash_sha2_256();
-		return hash.reset().update(this._tod()).finalize();
+		return HashPrimitives.SHA2_256(this._tod(), null /* We need a Buffer */);
 	}
 
 	/*
@@ -475,7 +473,7 @@ class CryptoSuite_PKCS11 extends CryptoSuite {
 			/*
 			 * Set CKA_ID of public and private key to be SKI.
 			 */
-			const ski = Buffer.from(hashPrimitives.SHA2_256(ecpt), 'hex');
+			const ski = HashPrimitives.SHA2_256(ecpt, null /* We want a Buffer */);
 			this._pkcs11SetAttributeValue(
 				pkcs11, pkcs11Session, handles.publicKey,
 				[{type: pkcs11js.CKA_ID, value: ski}, {type: pkcs11js.CKA_LABEL, value: ski.toString('hex')}]);

fabric-client/lib/impl/ecdsa/key.js

@@ -7,14 +7,13 @@
 
 'use strict';
 
-const Hash = require('../../hash.js');
 const utils = require('../../utils.js');
 const jsrsa = require('jsrsasign');
 const asn1 = jsrsa.asn1;
 const KEYUTIL = jsrsa.KEYUTIL;
 const ECDSA = jsrsa.ECDSA;
 const jws = jsrsa.jws;
-const {Key} = require('fabric-common');
+const {HashPrimitives, Key} = require('fabric-common');
 const logger = utils.getLogger('ecdsa/key.js');
 
 /**
@@ -76,7 +75,7 @@ module.exports = class ECDSA_KEY extends Key {
 		}
 
 		// always use SHA256 regardless of the key size in effect
-		return Hash.SHA2_256(buff);
+		return HashPrimitives.SHA2_256(buff);
 	}
 
 	isSymmetric() {

fabric-client/test/Remote.js

@@ -270,31 +270,19 @@ describe('Remote', () => {
 	describe('#getClientCertHash', () => {
 		let remote;
 		let hashStub;
-		let updateStub;
-		let finalizeStub;
 		beforeEach(() => {
 			remote = new Remote('grpc://someurl');
-			updateStub = sandbox.stub();
-			finalizeStub = sandbox.stub();
-			hashStub = sandbox.stub().returns({
-				reset: () => {
-					return {
-						update: updateStub.returns({finalize: finalizeStub})
-					};
-				}
-			});
-			revert.push(Remote.__set__('hash_sha2_256', hashStub));
+			hashStub = sandbox.stub().returns('cert-hash');
+			revert.push(Remote.__set__('HashPrimitives.SHA2_256', hashStub));
 		});
 
 		it('should return the hashed client certificate', () => {
 			FakeUtils.pemToDER.returns('der-cert');
-			finalizeStub.returns('cert-hash');
 			remote.clientCert = 'clientCert';
 			const certHash = remote.getClientCertHash();
 			sinon.assert.calledWith(FakeUtils.pemToDER, remote.clientCert);
 			sinon.assert.called(hashStub);
-			sinon.assert.calledWith(updateStub, 'der-cert');
-			sinon.assert.called(finalizeStub);
+			sinon.assert.calledWith(hashStub, 'der-cert');
 			certHash.should.equal('cert-hash');
 		});