github.com/trustbloc/kms-go@v1.1.2/wrapper/api/api.go (about) 1 /* 2 Copyright Gen Digital Inc. All Rights Reserved. 3 SPDX-License-Identifier: Apache-2.0 4 */ 5 6 package api 7 8 import ( 9 "errors" 10 11 "github.com/trustbloc/kms-go/doc/jose/jwk" 12 kmsapi "github.com/trustbloc/kms-go/spi/kms" 13 ) 14 15 // Suite provides a suite of kms+crypto functions. 16 // 17 // Each suite method returns an implementation of a particular kms+crypto API, 18 // or ErrNotSupported if the given Suite does not support the requested API. 19 type Suite interface { 20 KeyCreator() (KeyCreator, error) 21 RawKeyCreator() (RawKeyCreator, error) 22 KMSCrypto() (KMSCrypto, error) 23 KMSCryptoSigner() (KMSCryptoSigner, error) 24 KMSCryptoMultiSigner() (KMSCryptoMultiSigner, error) 25 KMSCryptoVerifier() (KMSCryptoVerifier, error) 26 EncrypterDecrypter() (EncrypterDecrypter, error) 27 FixedKeyCrypto(pub *jwk.JWK) (FixedKeyCrypto, error) 28 FixedKeySigner(kid string) (FixedKeySigner, error) 29 FixedKeyMultiSigner(kid string) (FixedKeyMultiSigner, error) 30 } 31 32 // ErrNotSupported is returned by a Suite method when said Suite does not 33 // support the requested behaviour. 34 var ErrNotSupported = errors.New("suite does not support requested behaviour") // nolint: gochecknoglobals 35 36 // KMSCryptoVerifier provides a signature verification interface. 37 type KMSCryptoVerifier interface { 38 Verify(sig, msg []byte, pub *jwk.JWK) error 39 } 40 41 // KeyCreator creates keypairs in the wrapped KMS, returning public keys in JWK format. 42 type KeyCreator interface { 43 Create(keyType kmsapi.KeyType) (*jwk.JWK, error) 44 } 45 46 // KMSCrypto provides wrapped kms and crypto operations. 47 type KMSCrypto interface { 48 KeyCreator 49 50 Sign(msg []byte, pub *jwk.JWK) ([]byte, error) 51 52 KMSCryptoVerifier 53 54 FixedKeyCrypto(pub *jwk.JWK) (FixedKeyCrypto, error) 55 FixedKeySigner(pub *jwk.JWK) (FixedKeySigner, error) 56 } 57 58 // FixedKeyCrypto provides crypto operations using a fixed key. 59 type FixedKeyCrypto interface { 60 Sign(msg []byte) ([]byte, error) 61 Verify(sig, msg []byte) error 62 } 63 64 // RawKeyCreator creates keypairs in the wrapped KMS, returning public keys as either JWK or the raw crypto key. 65 type RawKeyCreator interface { 66 KeyCreator 67 CreateRaw(keyType kmsapi.KeyType) (string, interface{}, error) 68 } 69 70 // KMSCryptoSigner provides signing operations. 71 type KMSCryptoSigner interface { 72 Sign(msg []byte, pub *jwk.JWK) ([]byte, error) 73 FixedKeySigner(pub *jwk.JWK) (FixedKeySigner, error) 74 } 75 76 // FixedKeySigner provides the common signer interface, using a fixed key for each signer instance. 77 type FixedKeySigner interface { 78 Sign(msg []byte) ([]byte, error) 79 } 80 81 // KMSCryptoMultiSigner provides signing operations, including multi-signatures. 82 type KMSCryptoMultiSigner interface { 83 Sign(msg []byte, pub *jwk.JWK) ([]byte, error) 84 SignMulti(msgs [][]byte, pub *jwk.JWK) ([]byte, error) 85 FixedKeyMultiSigner(pub *jwk.JWK) (FixedKeyMultiSigner, error) 86 FixedMultiSignerGivenKID(kid string) (FixedKeyMultiSigner, error) 87 } 88 89 // FixedKeyMultiSigner provides a signing interface for regular and 90 // multi-signatures using a fixed key for each signer instance. 91 type FixedKeyMultiSigner interface { 92 SignMulti(msgs [][]byte) ([]byte, error) 93 FixedKeySigner 94 } 95 96 // EncrypterDecrypter provides encryption and decryption services. 97 type EncrypterDecrypter interface { 98 Encrypt(msg, aad []byte, kid string) (cipher, nonce []byte, err error) 99 Decrypt(cipher, aad, nonce []byte, kid string) (msg []byte, err error) 100 }