github.com/trustbloc/kms-go@v1.1.2/crypto/tinkcrypto/primitive/composite/ecdh/ecdh_nistpkw_public_key_manager.go (about) 1 /* 2 Copyright SecureKey Technologies Inc. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package ecdh 8 9 import ( 10 "crypto/elliptic" 11 "errors" 12 "fmt" 13 14 "github.com/google/tink/go/core/registry" 15 "github.com/google/tink/go/keyset" 16 tinkpb "github.com/google/tink/go/proto/tink_go_proto" 17 "google.golang.org/protobuf/proto" 18 19 "github.com/trustbloc/kms-go/crypto/tinkcrypto/primitive/composite" 20 "github.com/trustbloc/kms-go/crypto/tinkcrypto/primitive/composite/ecdh/subtle" 21 ecdhpb "github.com/trustbloc/kms-go/crypto/tinkcrypto/primitive/proto/ecdh_aead_go_proto" 22 ) 23 24 const ( 25 nistpECDHKWPublicKeyVersion = 0 26 nistpECDHKWPublicKeyTypeURL = "type.hyperledger.org/hyperledger.aries.crypto.tink.NistPEcdhKwPublicKey" 27 ) 28 29 // common errors. 30 var errInvalidNISTPECDHKWPublicKey = errors.New("nistpkw_ecdh_public_key_manager: invalid key") 31 32 // nistPECDHKWPublicKeyManager is an implementation of KeyManager interface for NIST P curved key wrapping. 33 // It generates new ECDHPublicKey (AES) keys and produces new instances of ECDHAEADCompositeEncrypt subtle. 34 type nistPECDHKWPublicKeyManager struct{} 35 36 // Assert that nistPECDHKWPublicKeyManager implements the KeyManager interface. 37 var _ registry.KeyManager = (*nistPECDHKWPublicKeyManager)(nil) 38 39 // newECDHNISTPAESPublicKeyManager creates a new nistPECDHKWPublicKeyManager. 40 func newECDHNISTPAESPublicKeyManager() *nistPECDHKWPublicKeyManager { 41 return new(nistPECDHKWPublicKeyManager) 42 } 43 44 // Primitive creates an ECDHESPublicKey subtle for the given serialized ECDHESPublicKey proto. 45 func (km *nistPECDHKWPublicKeyManager) Primitive(serializedKey []byte) (interface{}, error) { 46 if len(serializedKey) == 0 { 47 return nil, errInvalidNISTPECDHKWPublicKey 48 } 49 50 ecdhPubKey := new(ecdhpb.EcdhAeadPublicKey) 51 52 err := proto.Unmarshal(serializedKey, ecdhPubKey) 53 if err != nil { 54 return nil, errInvalidNISTPECDHKWPublicKey 55 } 56 57 _, err = km.validateKey(ecdhPubKey) 58 if err != nil { 59 return nil, errInvalidNISTPECDHKWPublicKey 60 } 61 62 rEnc, err := composite.NewRegisterCompositeAEADEncHelper(ecdhPubKey.Params.EncParams.AeadEnc) 63 if err != nil { 64 return nil, fmt.Errorf("nistpkw_ecdh_public_key_manager: NewRegisterCompositeAEADEncHelper "+ 65 "failed: %w", err) 66 } 67 68 return subtle.NewECDHAEADCompositeEncrypt(rEnc, ecdhPubKey.Params.EncParams.CEK), nil 69 } 70 71 // DoesSupport indicates if this key manager supports the given key type. 72 func (km *nistPECDHKWPublicKeyManager) DoesSupport(typeURL string) bool { 73 return typeURL == nistpECDHKWPublicKeyTypeURL 74 } 75 76 // TypeURL returns the key type of keys managed by this key manager. 77 func (km *nistPECDHKWPublicKeyManager) TypeURL() string { 78 return nistpECDHKWPublicKeyTypeURL 79 } 80 81 // NewKey is not implemented for public key manager. 82 func (km *nistPECDHKWPublicKeyManager) NewKey(serializedKeyFormat []byte) (proto.Message, error) { 83 return nil, errors.New("nistpkw_ecdh_public_key_manager: NewKey not implemented") 84 } 85 86 // NewKeyData is not implemented for public key manager. 87 func (km *nistPECDHKWPublicKeyManager) NewKeyData(serializedKeyFormat []byte) (*tinkpb.KeyData, error) { 88 return nil, errors.New("nistpkw_ecdh_public_key_manager: NewKeyData not implemented") 89 } 90 91 // validateKey validates the given EcdhAeadPublicKey. 92 func (km *nistPECDHKWPublicKeyManager) validateKey(key *ecdhpb.EcdhAeadPublicKey) (elliptic.Curve, error) { 93 err := keyset.ValidateKeyVersion(key.Version, nistpECDHKWPublicKeyVersion) 94 if err != nil { 95 return nil, fmt.Errorf("nistpkw_ecdh_public_key_manager: invalid key: %w", err) 96 } 97 98 return validateKeyFormat(key.Params) 99 }