github.com/trustbloc/kms-go@v1.1.2/wrapper/websuite/kmscrypto.go

github.com/trustbloc/kms-go@v1.1.2/wrapper/websuite/kmscrypto.go (about)

     1  /*
     2  Copyright Gen Digital Inc. All Rights Reserved.
     3  SPDX-License-Identifier: Apache-2.0
     4  */
     5  
     6  package websuite
     7  
     8  import (
     9  	webcrypto "github.com/trustbloc/kms-go/crypto/webkms"
    10  	"github.com/trustbloc/kms-go/doc/jose/jwk"
    11  	"github.com/trustbloc/kms-go/doc/jose/jwk/jwksupport"
    12  	"github.com/trustbloc/kms-go/kms/webkms"
    13  	"github.com/trustbloc/kms-go/spi/kms"
    14  	wrapperapi "github.com/trustbloc/kms-go/wrapper/api"
    15  )
    16  
    17  type kmsCrypto struct {
    18  	km *webkms.RemoteKMS
    19  	cr *webcrypto.RemoteCrypto
    20  }
    21  
    22  func (k *kmsCrypto) Create(keyType kms.KeyType) (*jwk.JWK, error) {
    23  	kid, pkBytes, err := k.km.CreateAndExportPubKeyBytes(keyType)
    24  	if err != nil {
    25  		return nil, err
    26  	}
    27  
    28  	pk, err := jwksupport.PubKeyBytesToJWK(pkBytes, keyType)
    29  	if err != nil {
    30  		return nil, err
    31  	}
    32  
    33  	pk.KeyID = kid
    34  
    35  	return pk, nil
    36  }
    37  
    38  func (k *kmsCrypto) CreateRaw(keyType kms.KeyType) (string, interface{}, error) {
    39  	kid, pkBytes, err := k.km.CreateAndExportPubKeyBytes(keyType)
    40  	if err != nil {
    41  		return "", nil, err
    42  	}
    43  
    44  	raw, err := jwksupport.PubKeyBytesToKey(pkBytes, keyType)
    45  	if err != nil {
    46  		return "", nil, err
    47  	}
    48  
    49  	return kid, raw, nil
    50  }
    51  
    52  func (k *kmsCrypto) Sign(msg []byte, pub *jwk.JWK) ([]byte, error) {
    53  	kh, err := k.km.Get(pub.KeyID)
    54  	if err != nil {
    55  		return nil, err
    56  	}
    57  
    58  	return k.cr.Sign(msg, kh)
    59  }
    60  
    61  func (k *kmsCrypto) SignMulti(msgs [][]byte, pub *jwk.JWK) ([]byte, error) {
    62  	kh, err := k.km.Get(pub.KeyID)
    63  	if err != nil {
    64  		return nil, err
    65  	}
    66  
    67  	return k.cr.SignMulti(msgs, kh)
    68  }
    69  
    70  func (k *kmsCrypto) Verify(sig, msg []byte, pub *jwk.JWK) error {
    71  	kh, err := k.km.Get(pub.KeyID)
    72  	if err != nil {
    73  		return err
    74  	}
    75  
    76  	return k.cr.Verify(sig, msg, kh)
    77  }
    78  
    79  func (k *kmsCrypto) Encrypt(msg, aad []byte, kid string) (cipher, nonce []byte, err error) {
    80  	kh, err := k.km.Get(kid)
    81  	if err != nil {
    82  		return nil, nil, err
    83  	}
    84  
    85  	return k.cr.Encrypt(msg, aad, kh)
    86  }
    87  
    88  func (k *kmsCrypto) Decrypt(cipher, aad, nonce []byte, kid string) (msg []byte, err error) {
    89  	kh, err := k.km.Get(kid)
    90  	if err != nil {
    91  		return nil, err
    92  	}
    93  
    94  	return k.cr.Decrypt(cipher, aad, nonce, kh)
    95  }
    96  
    97  func (k *kmsCrypto) FixedKeyCrypto(pub *jwk.JWK) (wrapperapi.FixedKeyCrypto, error) {
    98  	return makeFixedKey(pub.KeyID, k.km, k.cr)
    99  }
   100  
   101  func (k *kmsCrypto) FixedKeySigner(pub *jwk.JWK) (wrapperapi.FixedKeySigner, error) {
   102  	return makeFixedKey(pub.KeyID, k.km, k.cr)
   103  }
   104  
   105  func (k *kmsCrypto) FixedKeyMultiSigner(pub *jwk.JWK) (wrapperapi.FixedKeyMultiSigner, error) {
   106  	return makeFixedKey(pub.KeyID, k.km, k.cr)
   107  }
   108  
   109  func (k *kmsCrypto) FixedMultiSignerGivenKID(kid string) (wrapperapi.FixedKeyMultiSigner, error) {
   110  	return makeFixedKey(kid, k.km, k.cr)
   111  }