1// Copyright 2018 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14// 15//////////////////////////////////////////////////////////////////////////////// 16 17package signature 18 19import ( 20 "fmt" 21 22 "google.golang.org/protobuf/proto" 23 "github.com/google/tink/go/keyset" 24 "github.com/google/tink/go/signature/subtle" 25 ecdsapb "github.com/google/tink/go/proto/ecdsa_go_proto" 26 tinkpb "github.com/google/tink/go/proto/tink_go_proto" 27) 28 29const ( 30 ecdsaVerifierKeyVersion = 0 31 ecdsaVerifierTypeURL = "type.googleapis.com/google.crypto.tink.EcdsaPublicKey" 32) 33 34// common errors 35var errInvalidECDSAVerifierKey = fmt.Errorf("ecdsa_verifier_key_manager: invalid key") 36var errECDSAVerifierNotImplemented = fmt.Errorf("ecdsa_verifier_key_manager: not implemented") 37 38// ecdsaVerifierKeyManager is an implementation of KeyManager interface. 39// It doesn't support key generation. 40type ecdsaVerifierKeyManager struct{} 41 42// Primitive creates an ECDSAVerifier subtle for the given serialized ECDSAPublicKey proto. 43func (km *ecdsaVerifierKeyManager) Primitive(serializedKey []byte) (interface{}, error) { 44 if len(serializedKey) == 0 { 45 return nil, errInvalidECDSAVerifierKey 46 } 47 key := new(ecdsapb.EcdsaPublicKey) 48 if err := proto.Unmarshal(serializedKey, key); err != nil { 49 return nil, errInvalidECDSAVerifierKey 50 } 51 if err := km.validateKey(key); err != nil { 52 return nil, fmt.Errorf("ecdsa_verifier_key_manager: %s", err) 53 } 54 hash, curve, encoding := getECDSAParamNames(key.Params) 55 ret, err := subtle.NewECDSAVerifier(hash, curve, encoding, key.X, key.Y) 56 if err != nil { 57 return nil, fmt.Errorf("ecdsa_verifier_key_manager: invalid key: %s", err) 58 } 59 return ret, nil 60} 61 62// NewKey is not implemented. 63func (km *ecdsaVerifierKeyManager) NewKey(serializedKeyFormat []byte) (proto.Message, error) { 64 return nil, errECDSAVerifierNotImplemented 65} 66 67// NewKeyData creates a new KeyData according to specification in the given 68// serialized ECDSAKeyFormat. It should be used solely by the key management API. 69func (km *ecdsaVerifierKeyManager) NewKeyData(serializedKeyFormat []byte) (*tinkpb.KeyData, error) { 70 return nil, errECDSAVerifierNotImplemented 71} 72 73// DoesSupport indicates if this key manager supports the given key type. 74func (km *ecdsaVerifierKeyManager) DoesSupport(typeURL string) bool { 75 return typeURL == ecdsaVerifierTypeURL 76} 77 78// TypeURL returns the key type of keys managed by this key manager. 79func (km *ecdsaVerifierKeyManager) TypeURL() string { 80 return ecdsaVerifierTypeURL 81} 82 83// validateKey validates the given ECDSAPublicKey. 84func (km *ecdsaVerifierKeyManager) validateKey(key *ecdsapb.EcdsaPublicKey) error { 85 if err := keyset.ValidateKeyVersion(key.Version, ecdsaVerifierKeyVersion); err != nil { 86 return fmt.Errorf("ecdsa_verifier_key_manager: %s", err) 87 } 88 hash, curve, encoding := getECDSAParamNames(key.Params) 89 return subtle.ValidateECDSAParams(hash, curve, encoding) 90} 91