Add ed25519 channel and msp capabilities

This commit has the changes in the channel capabilities,
introducing channel capabilities version V2_0,
which invokes a new msp version "MSPv_1_4_4". This is
the only msp version which accepts ed25519 identities.

This ensures that, during the upgrade process to support
ed25519, the blockchain will not become inconsistent.

common/capabilities/channel.go

@@ -28,6 +28,9 @@ const (
 
 	// ChannelV2_0 is the capabilities string for standard new non-backwards compatible fabric v2.0 channel capabilities.
 	ChannelV2_0 = "V2_0"
+
+	// ChannelV2_0 is the capabilities string for standard new non-backwards compatible fabric v2.0 channel capabilities.
+	ChannelV2_1 = "V2_1"
 )
 
 // ChannelProvider provides capabilities information for channel level config.
@@ -38,6 +41,7 @@ type ChannelProvider struct {
 	v142 bool
 	v143 bool
 	v20  bool
+	v21  bool
 }
 
 // NewChannelProvider creates a channel capabilities provider.
@@ -49,6 +53,7 @@ func NewChannelProvider(capabilities map[string]*cb.Capability) *ChannelProvider
 	_, cp.v142 = capabilities[ChannelV1_4_2]
 	_, cp.v143 = capabilities[ChannelV1_4_3]
 	_, cp.v20 = capabilities[ChannelV2_0]
+	_, cp.v21 = capabilities[ChannelV2_1]
 	return cp
 }
 
@@ -61,6 +66,8 @@ func (cp *ChannelProvider) Type() string {
 func (cp *ChannelProvider) HasCapability(capability string) bool {
 	switch capability {
 	// Add new capability names here
+	case ChannelV2_1:
+		return true
 	case ChannelV2_0:
 		return true
 	case ChannelV1_4_3:
@@ -79,6 +86,8 @@ func (cp *ChannelProvider) HasCapability(capability string) bool {
 // MSPVersion returns the level of MSP support required by this channel.
 func (cp *ChannelProvider) MSPVersion() msp.MSPVersion {
 	switch {
+	case cp.v21:
+		return msp.MSPv1_4_4
 	case cp.v143 || cp.v20:
 		return msp.MSPv1_4_3
 	case cp.v13 || cp.v142:
@@ -92,10 +101,10 @@ func (cp *ChannelProvider) MSPVersion() msp.MSPVersion {
 
 // ConsensusTypeMigration return true if consensus-type migration is supported and permitted in both orderer and peer.
 func (cp *ChannelProvider) ConsensusTypeMigration() bool {
-	return cp.v142 || cp.v143 || cp.v20
+	return cp.v142 || cp.v143 || cp.v20 || cp.v21
 }
 
 // OrgSpecificOrdererEndpoints allows for individual orderer orgs to specify their external addresses for their OSNs.
 func (cp *ChannelProvider) OrgSpecificOrdererEndpoints() bool {
-	return cp.v142 || cp.v143 || cp.v20
+	return cp.v142 || cp.v143 || cp.v20 || cp.v21
 }

msp/factory.go

@@ -19,6 +19,7 @@ const (
 	MSPv1_1
 	MSPv1_3
 	MSPv1_4_3
+	MSPv1_4_4
 )
 
 // NewOpts represent
@@ -59,6 +60,8 @@ func New(opts NewOpts, cryptoProvider bccsp.BCCSP) (MSP, error) {
 			return newBccspMsp(MSPv1_3, cryptoProvider)
 		case MSPv1_4_3:
 			return newBccspMsp(MSPv1_4_3, cryptoProvider)
+		case MSPv1_4_4:
+			return newBccspMsp(MSPv1_4_4, cryptoProvider)
 		default:
 			return nil, errors.Errorf("Invalid *BCCSPNewOpts. Version not recognized [%v]", opts.GetVersion())
 		}

msp/msp.go

@@ -209,7 +209,7 @@ var mspTypeStrings = map[ProviderType]string{
 }
 
 var Options = map[string]NewOpts{
-	ProviderTypeToString(FABRIC): &BCCSPNewOpts{NewBaseOpts: NewBaseOpts{Version: MSPv1_4_3}},
+	ProviderTypeToString(FABRIC): &BCCSPNewOpts{NewBaseOpts: NewBaseOpts{Version: MSPv1_4_4}},
 	ProviderTypeToString(IDEMIX): &IdemixNewOpts{NewBaseOpts: NewBaseOpts{Version: MSPv1_1}},
 }
 

msp/mspimpl.go

@@ -98,6 +98,9 @@ type bccspmsp struct {
 	// cryptoConfig contains
 	cryptoConfig *m.FabricCryptoConfig
 
+	// supportedPublicKeyAlgorithms supported by this msp
+	supportedPublicKeyAlgorithms map[x509.PublicKeyAlgorithm]bool
+
 	// NodeOUs configuration
 	ouEnforcement bool
 	// These are the OUIdentifiers of the clients, peers, admins and orderers.
@@ -136,6 +139,11 @@ func newBccspMsp(version MSPVersion, defaultBCCSP bccsp.BCCSP) (MSP, error) {
 		theMsp.internalValidateIdentityOusFunc = theMsp.validateIdentityOUsV142
 		theMsp.internalSatisfiesPrincipalInternalFunc = theMsp.satisfiesPrincipalInternalV142
 		theMsp.internalSetupAdmin = theMsp.setupAdminsV142
+	case MSPv1_4_4:
+		theMsp.internalSetupFunc = theMsp.setupV144
+		theMsp.internalValidateIdentityOusFunc = theMsp.validateIdentityOUsV142
+		theMsp.internalSatisfiesPrincipalInternalFunc = theMsp.satisfiesPrincipalInternalV142
+		theMsp.internalSetupAdmin = theMsp.setupAdminsV142
 	default:
 		return nil, errors.Errorf("Invalid MSP version [%v]", version)
 	}

msp/mspimplsetup.go

@@ -98,6 +98,9 @@ func (msp *bccspmsp) setupCrypto(conf *m.FabricMSPConfig) error {
 		mspLogger.Debugf("CryptoConfig.IdentityIdentifierHashFunction was nil. Move to defaults.")
 	}
 
+	msp.supportedPublicKeyAlgorithms = make(map[x509.PublicKeyAlgorithm]bool)
+	msp.supportedPublicKeyAlgorithms[x509.ECDSA] = true
+
 	return nil
 }
 
@@ -656,6 +659,22 @@ func (msp *bccspmsp) setupV142(conf *m.FabricMSPConfig) error {
 	return nil
 }
 
+func (msp *bccspmsp) setupV144(conf *m.FabricMSPConfig) error {
+	err := msp.preSetupV142(conf)
+	if err != nil {
+		return err
+	}
+
+	msp.supportedPublicKeyAlgorithms[x509.Ed25519] = true
+
+	err = msp.postSetupV142(conf)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
 func (msp *bccspmsp) postSetupV11(conf *m.FabricMSPConfig) error {
 	// Check for OU enforcement
 	if !msp.ouEnforcement {

msp/mspimplvalidate.go

@@ -29,6 +29,13 @@ func (msp *bccspmsp) validateIdentity(id *identity) error {
 
 	id.validated = true
 
+	if !msp.supportedPublicKeyAlgorithms[id.cert.PublicKeyAlgorithm] {
+		err := errors.Errorf("%s is not supported", id.cert.PublicKeyAlgorithm.String())
+		id.validationErr = errors.WithMessage(err, "could not validate identity public key algorithm")
+		mspLogger.Warnf("Could not validate identity: %s (certificate subject=%s issuer=%s serialnumber=%d) Unsupported public key algorithm: %s", id.validationErr, id.cert.Subject, id.cert.Issuer, id.cert.SerialNumber, id.cert.PublicKeyAlgorithm)
+		return id.validationErr
+	}
+
 	validationChain, err := msp.getCertificationChainForBCCSPIdentity(id)
 	if err != nil {
 		id.validationErr = errors.WithMessage(err, "could not obtain certification chain")