github.com/trustbloc/kms-go@v1.1.2/crypto/tinkcrypto/primitive/secp256k1/secp256k1_verifier_key_manager.go (about) 1 /* 2 Copyright SecureKey Technologies Inc. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package secp256k1 8 9 import ( 10 "fmt" 11 12 "github.com/google/tink/go/keyset" 13 tinkpb "github.com/google/tink/go/proto/tink_go_proto" 14 "google.golang.org/protobuf/proto" 15 16 secp256k1pb "github.com/trustbloc/kms-go/crypto/tinkcrypto/primitive/proto/secp256k1_go_proto" 17 "github.com/trustbloc/kms-go/crypto/tinkcrypto/primitive/secp256k1/subtle" 18 ) 19 20 const ( 21 secp256k1VerifierKeyVersion = 0 22 secp256k1VerifierTypeURL = "type.googleapis.com/google.crypto.tink.secp256k1PublicKey" 23 ) 24 25 // common errors. 26 var ( 27 errInvalidsecp256k1VerifierKey = fmt.Errorf("secp256k1_verifier_key_manager: invalid key") 28 errsecp256k1VerifierNotImplemented = fmt.Errorf("secp256k1_verifier_key_manager: not implemented") 29 ) 30 31 // secp256k1VerifierKeyManager is an implementation of KeyManager interface. 32 // It doesn't support key generation. 33 type secp256k1VerifierKeyManager struct{} 34 35 // newSecp256K1VerifierKeyManager creates a new secp256k1VerifierKeyManager. 36 func newSecp256K1VerifierKeyManager() *secp256k1VerifierKeyManager { 37 return new(secp256k1VerifierKeyManager) 38 } 39 40 // Primitive creates an secp256k1Verifier subtle for the given serialized secp256k1PublicKey proto. 41 func (km *secp256k1VerifierKeyManager) Primitive(serializedKey []byte) (interface{}, error) { 42 if len(serializedKey) == 0 { 43 return nil, errInvalidsecp256k1VerifierKey 44 } 45 46 key := new(secp256k1pb.Secp256K1PublicKey) 47 if err := proto.Unmarshal(serializedKey, key); err != nil { 48 return nil, errInvalidsecp256k1VerifierKey 49 } 50 51 if err := km.validateKey(key); err != nil { 52 return nil, fmt.Errorf("secp256k1_verifier_key_manager: %w", err) 53 } 54 55 hash, curve, encoding := getSecp256K1ParamNames(key.Params) 56 57 ret, err := subtle.NewSecp256K1Verifier(hash, curve, encoding, key.X, key.Y) 58 if err != nil { 59 return nil, fmt.Errorf("secp256k1_verifier_key_manager: invalid key: %w", err) 60 } 61 62 return ret, nil 63 } 64 65 // NewKey is not implemented. 66 func (km *secp256k1VerifierKeyManager) NewKey(serializedKeyFormat []byte) (proto.Message, error) { 67 return nil, errsecp256k1VerifierNotImplemented 68 } 69 70 // NewKeyData creates a new KeyData according to specification in the given 71 // serialized secp256k1KeyFormat. It should be used solely by the key management API. 72 func (km *secp256k1VerifierKeyManager) NewKeyData(serializedKeyFormat []byte) (*tinkpb.KeyData, error) { 73 return nil, errsecp256k1VerifierNotImplemented 74 } 75 76 // DoesSupport indicates if this key manager supports the given key type. 77 func (km *secp256k1VerifierKeyManager) DoesSupport(typeURL string) bool { 78 return typeURL == secp256k1VerifierTypeURL 79 } 80 81 // TypeURL returns the key type of keys managed by this key manager. 82 func (km *secp256k1VerifierKeyManager) TypeURL() string { 83 return secp256k1VerifierTypeURL 84 } 85 86 // validateKey validates the given secp256k1PublicKey. 87 func (km *secp256k1VerifierKeyManager) validateKey(key *secp256k1pb.Secp256K1PublicKey) error { 88 if err := keyset.ValidateKeyVersion(key.Version, secp256k1VerifierKeyVersion); err != nil { 89 return fmt.Errorf("secp256k1_verifier_key_manager: %w", err) 90 } 91 92 hash, curve, encoding := getSecp256K1ParamNames(key.Params) 93 94 return ValidateSecp256K1Params(hash, curve, encoding) 95 }