github.com/trustbloc/kms-go@v1.1.2/crypto/tinkcrypto/primitive/bbs/bbs_verifier_key_manager.go (about)

     1  /*
     2  Copyright SecureKey Technologies Inc. All Rights Reserved.
     3  
     4  SPDX-License-Identifier: Apache-2.0
     5  */
     6  
     7  package bbs
     8  
     9  import (
    10  	"errors"
    11  	"fmt"
    12  
    13  	"github.com/google/tink/go/keyset"
    14  	tinkpb "github.com/google/tink/go/proto/tink_go_proto"
    15  	"google.golang.org/protobuf/proto"
    16  
    17  	"github.com/trustbloc/kms-go/crypto/tinkcrypto/primitive/bbs/subtle"
    18  	bbspb "github.com/trustbloc/kms-go/crypto/tinkcrypto/primitive/proto/bbs_go_proto"
    19  )
    20  
    21  const (
    22  	bbsVerifierKeyVersion = 0
    23  	bbsVerifierKeyTypeURL = "type.hyperledger.org/hyperledger.aries.crypto.tink.BBSPublicKey"
    24  )
    25  
    26  // common errors.
    27  var errInvalidBBSVerifierKey = errors.New("bbs_verifier_key_manager: invalid key")
    28  
    29  // bbsVerifierKeyManager is an implementation of KeyManager interface for BBS signature/proof verification.
    30  // It doesn't support key generation.
    31  type bbsVerifierKeyManager struct{}
    32  
    33  // newBBSVerifierKeyManager creates a new bbsVerifierKeyManager.
    34  func newBBSVerifierKeyManager() *bbsVerifierKeyManager {
    35  	return new(bbsVerifierKeyManager)
    36  }
    37  
    38  // Primitive creates an BBS Verifier subtle for the given serialized BBSPublicKey proto.
    39  func (km *bbsVerifierKeyManager) Primitive(serializedKey []byte) (interface{}, error) {
    40  	if len(serializedKey) == 0 {
    41  		return nil, errInvalidBBSVerifierKey
    42  	}
    43  
    44  	bbsPubKey := new(bbspb.BBSPublicKey)
    45  
    46  	err := proto.Unmarshal(serializedKey, bbsPubKey)
    47  	if err != nil {
    48  		return nil, errInvalidBBSVerifierKey
    49  	}
    50  
    51  	err = km.validateKey(bbsPubKey)
    52  	if err != nil {
    53  		return nil, errInvalidBBSVerifierKey
    54  	}
    55  
    56  	return subtle.NewBLS12381G2Verifier(bbsPubKey.KeyValue), nil
    57  }
    58  
    59  // DoesSupport indicates if this key manager supports the given key type.
    60  func (km *bbsVerifierKeyManager) DoesSupport(typeURL string) bool {
    61  	return typeURL == bbsVerifierKeyTypeURL
    62  }
    63  
    64  // TypeURL returns the key type of keys managed by this key manager.
    65  func (km *bbsVerifierKeyManager) TypeURL() string {
    66  	return bbsVerifierKeyTypeURL
    67  }
    68  
    69  // NewKey is not implemented for public key manager.
    70  func (km *bbsVerifierKeyManager) NewKey(serializedKeyFormat []byte) (proto.Message, error) {
    71  	return nil, errors.New("bbs_verifier_key_manager: NewKey not implemented")
    72  }
    73  
    74  // NewKeyData is not implemented for public key manager.
    75  func (km *bbsVerifierKeyManager) NewKeyData(serializedKeyFormat []byte) (*tinkpb.KeyData, error) {
    76  	return nil, errors.New("bbs_verifier_key_manager: NewKeyData not implemented")
    77  }
    78  
    79  // validateKey validates the given EcdhAeadPublicKey.
    80  func (km *bbsVerifierKeyManager) validateKey(key *bbspb.BBSPublicKey) error {
    81  	err := keyset.ValidateKeyVersion(key.Version, bbsVerifierKeyVersion)
    82  	if err != nil {
    83  		return fmt.Errorf("bbs_verifier_key_manager: invalid key: %w", err)
    84  	}
    85  
    86  	return validateKeyParams(key.Params)
    87  }