1// Copyright 2020 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14// 15//////////////////////////////////////////////////////////////////////////////// 16 17package subtle 18 19import ( 20 "crypto/ecdsa" 21 "crypto/rand" 22 "errors" 23 "fmt" 24 "hash" 25 "math/big" 26 27 "github.com/google/tink/go/subtle" 28) 29 30// ECDSASigner is an implementation of Signer for ECDSA. 31// At the moment, the implementation only accepts DER encoding. 32type ECDSASigner struct { 33 privateKey *ecdsa.PrivateKey 34 hashFunc func() hash.Hash 35 encoding string 36} 37 38// NewECDSASigner creates a new instance of ECDSASigner. 39func NewECDSASigner(hashAlg, curve, encoding string, keyValue []byte) (*ECDSASigner, error) { 40 privKey := new(ecdsa.PrivateKey) 41 c := subtle.GetCurve(curve) 42 if c == nil { 43 return nil, errors.New("ecdsa_signer: invalid curve") 44 } 45 privKey.PublicKey.Curve = c 46 privKey.D = new(big.Int).SetBytes(keyValue) 47 privKey.PublicKey.X, privKey.PublicKey.Y = c.ScalarBaseMult(keyValue) 48 return NewECDSASignerFromPrivateKey(hashAlg, encoding, privKey) 49} 50 51// NewECDSASignerFromPrivateKey creates a new instance of ECDSASigner 52func NewECDSASignerFromPrivateKey(hashAlg, encoding string, privateKey *ecdsa.PrivateKey) (*ECDSASigner, error) { 53 if privateKey.Curve == nil { 54 return nil, errors.New("ecdsa_signer: privateKey.Curve can't be nil") 55 } 56 curve := subtle.ConvertCurveName(privateKey.Curve.Params().Name) 57 if err := ValidateECDSAParams(hashAlg, curve, encoding); err != nil { 58 return nil, fmt.Errorf("ecdsa_signer: %s", err) 59 } 60 hashFunc := subtle.GetHashFunc(hashAlg) 61 return &ECDSASigner{ 62 privateKey: privateKey, 63 hashFunc: hashFunc, 64 encoding: encoding, 65 }, nil 66} 67 68// Sign computes a signature for the given data. 69func (e *ECDSASigner) Sign(data []byte) ([]byte, error) { 70 hashed, err := subtle.ComputeHash(e.hashFunc, data) 71 if err != nil { 72 return nil, err 73 } 74 r, s, err := ecdsa.Sign(rand.Reader, e.privateKey, hashed) 75 if err != nil { 76 return nil, fmt.Errorf("ecdsa_signer: signing failed: %s", err) 77 } 78 // format the signature 79 sig := NewECDSASignature(r, s) 80 ret, err := sig.EncodeECDSASignature(e.encoding, e.privateKey.PublicKey.Curve.Params().Name) 81 if err != nil { 82 return nil, fmt.Errorf("ecdsa_signer: signing failed: %s", err) 83 } 84 return ret, nil 85} 86