github.com/trustbloc/kms-go@v1.1.2/crypto/tinkcrypto/primitive/composite/ecdh/ecdh_x25519kw_public_key_manager.go (about) 1 /* 2 Copyright SecureKey Technologies Inc. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package ecdh 8 9 import ( 10 "errors" 11 "fmt" 12 13 "github.com/google/tink/go/core/registry" 14 "github.com/google/tink/go/keyset" 15 tinkpb "github.com/google/tink/go/proto/tink_go_proto" 16 "google.golang.org/protobuf/proto" 17 18 "github.com/trustbloc/kms-go/crypto/tinkcrypto/primitive/composite" 19 "github.com/trustbloc/kms-go/crypto/tinkcrypto/primitive/composite/ecdh/subtle" 20 ecdhpb "github.com/trustbloc/kms-go/crypto/tinkcrypto/primitive/proto/ecdh_aead_go_proto" 21 ) 22 23 const ( 24 x25519ECDHKWPublicKeyVersion = 0 25 x25519ECDHKWPublicKeyTypeURL = "type.hyperledger.org/hyperledger.aries.crypto.tink.X25519EcdhKwPublicKey" 26 ) 27 28 // common errors. 29 var errInvalidx25519ECDHKWPublicKey = errors.New("x25519kw_ecdh_public_key_manager: invalid key") 30 31 // x25519ECDHKWPublicKeyManager is an implementation of KeyManager interface for X25519 key wrapping. 32 // It generates new ECDHPublicKey (X25519) keys and produces new instances of ECDHAEADCompositeEncrypt subtle. 33 type x25519ECDHKWPublicKeyManager struct{} 34 35 // Assert that x25519ECDHKWPublicKeyManager implements the KeyManager interface. 36 var _ registry.KeyManager = (*x25519ECDHKWPublicKeyManager)(nil) 37 38 // newX25519ECDHKWPublicKeyManager creates a new x25519ECDHKWPublicKeyManager. 39 func newX25519ECDHKWPublicKeyManager() *x25519ECDHKWPublicKeyManager { 40 return new(x25519ECDHKWPublicKeyManager) 41 } 42 43 // Primitive creates an ECDHESXChachaPublicKey subtle for the given serialized ECDHESXChachaPublicKey proto. 44 func (km *x25519ECDHKWPublicKeyManager) Primitive(serializedKey []byte) (interface{}, error) { 45 if len(serializedKey) == 0 { 46 return nil, errInvalidx25519ECDHKWPublicKey 47 } 48 49 ecdhPubKey := new(ecdhpb.EcdhAeadPublicKey) 50 51 err := proto.Unmarshal(serializedKey, ecdhPubKey) 52 if err != nil { 53 return nil, errInvalidx25519ECDHKWPublicKey 54 } 55 56 err = km.validateKey(ecdhPubKey) 57 if err != nil { 58 return nil, errInvalidx25519ECDHKWPublicKey 59 } 60 61 rEnc, err := composite.NewRegisterCompositeAEADEncHelper(ecdhPubKey.Params.EncParams.AeadEnc) 62 if err != nil { 63 return nil, fmt.Errorf("x25519kw_ecdh_public_key_manager: NewRegisterCompositeAEADEncHelper "+ 64 "failed: %w", err) 65 } 66 67 return subtle.NewECDHAEADCompositeEncrypt(rEnc, ecdhPubKey.Params.EncParams.CEK), nil 68 } 69 70 // DoesSupport indicates if this key manager supports the given key type. 71 func (km *x25519ECDHKWPublicKeyManager) DoesSupport(typeURL string) bool { 72 return typeURL == x25519ECDHKWPublicKeyTypeURL 73 } 74 75 // TypeURL returns the key type of keys managed by this key manager. 76 func (km *x25519ECDHKWPublicKeyManager) TypeURL() string { 77 return x25519ECDHKWPublicKeyTypeURL 78 } 79 80 // NewKey is not implemented for public key manager. 81 func (km *x25519ECDHKWPublicKeyManager) NewKey(serializedKeyFormat []byte) (proto.Message, error) { 82 return nil, errors.New("x25519kw_ecdh_public_key_manager: NewKey not implemented") 83 } 84 85 // NewKeyData is not implemented for public key manager. 86 func (km *x25519ECDHKWPublicKeyManager) NewKeyData(serializedKeyFormat []byte) (*tinkpb.KeyData, error) { 87 return nil, errors.New("x25519kw_ecdh_public_key_manager: NewKeyData not implemented") 88 } 89 90 // validateKey validates the given EcdhAeadPublicKey. 91 func (km *x25519ECDHKWPublicKeyManager) validateKey(key *ecdhpb.EcdhAeadPublicKey) error { 92 err := keyset.ValidateKeyVersion(key.Version, x25519ECDHKWPublicKeyVersion) 93 if err != nil { 94 return fmt.Errorf("x25519kw_ecdh_public_key_manager: invalid key: %w", err) 95 } 96 97 return validateKeyXChachaFormat(key.Params) 98 }