github.com/hyperledger/aries-framework-go@v0.3.2/pkg/crypto/crypto.go (about) 1 /* 2 Copyright SecureKey Technologies Inc. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 // Package crypto contains the Crypto interface to be used by the framework. 8 // It will be created via Options creation in pkg/framework/context.Provider. 9 // BBS+ signature scheme is not included in the main Crypto interface. 10 // It is defined separately under the primitive sub-package including its implementation which should not be referenced 11 // directly. It is accessible via the framework's KMS BBS+ keys and tinkcrypto's bbs package's Signer and Verifier 12 // primitives or via webkms for remote KMS BBS+ signing. 13 package crypto 14 15 import ( 16 "crypto/ecdsa" 17 18 "github.com/hyperledger/aries-framework-go/component/kmscrypto/crypto" 19 cryptoapi "github.com/hyperledger/aries-framework-go/spi/crypto" 20 ) 21 22 // Crypto interface provides all crypto operations needed in the Aries framework. 23 type Crypto = cryptoapi.Crypto 24 25 // DefKeySize is the default key size for crypto primitives. 26 const DefKeySize = crypto.DefKeySize 27 28 // RecipientWrappedKey contains recipient key material required to unwrap CEK. 29 type RecipientWrappedKey = cryptoapi.RecipientWrappedKey 30 31 // PublicKey mainly to exchange EPK in RecipientWrappedKey. 32 type PublicKey = cryptoapi.PublicKey 33 34 // PrivateKey mainly used to exchange ephemeral private key in JWE encrypter. 35 type PrivateKey = cryptoapi.PrivateKey 36 37 // ToECKey converts key to an ecdsa public key. It returns an error if the curve is invalid. 38 func ToECKey(key *PublicKey) (*ecdsa.PublicKey, error) { 39 return crypto.ToECKey(key) 40 } 41 42 // WrapKeyOpts are the crypto.Wrap key options. 43 type WrapKeyOpts = cryptoapi.WrapKeyOpts 44 45 // WithSender option is for setting a sender key with crypto wrapping (eg: AuthCrypt). For Anoncrypt, 46 // this option must not be set. 47 // Sender is a key used for ECDH-1PU key agreement for authenticating the sender. 48 // senderkey can be of the following there types: 49 // - *keyset.Handle (requires private key handle for crypto.WrapKey()) 50 // - *crypto.PublicKey (available for UnwrapKey() only) 51 // - *ecdsa.PublicKey (available for UnwrapKey() only) 52 func WithSender(senderKey interface{}) WrapKeyOpts { 53 return cryptoapi.WithSender(senderKey) 54 } 55 56 // WithXC20PKW option is a flag option for crypto wrapping. When used, key wrapping will use XChacha20Poly1305 57 // encryption as key wrapping. The absence of this option (default) uses AES256-GCM encryption as key wrapping. The KDF 58 // used in the crypto wrapping function is selected based on the type of recipient key argument of KeyWrap(), it is 59 // independent of this option. 60 func WithXC20PKW() WrapKeyOpts { 61 return cryptoapi.WithXC20PKW() 62 } 63 64 // WithTag option is to instruct the key wrapping function of the authentication tag to be used in the wrapping process. 65 // It is mainly used with CBC+HMAC content encryption to authenticate the sender of an encrypted JWE message (ie 66 // authcrypt/ECDH-1PU). The absence of this option means the sender's identity is not revealed (ie anoncrypt/ECDH-ES). 67 func WithTag(tag []byte) WrapKeyOpts { 68 return cryptoapi.WithTag(tag) 69 } 70 71 // WithEPK option is to instruct the key wrapping function of the ephemeral key to be used in the wrapping process. 72 // It is mainly used for ECDH-1PU during KDF. This option allows passing a predefined EPK instead of generating a new 73 // one when wrapping. It is useful for Wrap() call only since Unwrap() already uses a predefined EPK. The absence of 74 // this option means a new EPK will be generated internally. 75 func WithEPK(epk *PrivateKey) WrapKeyOpts { 76 return cryptoapi.WithEPK(epk) 77 }