-
Notifications
You must be signed in to change notification settings - Fork 0
/
keypair.go
93 lines (83 loc) · 2.85 KB
/
keypair.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
package keystores
import (
"context"
"crypto"
"crypto/ecdsa"
"crypto/sha256"
"crypto/x509"
"encoding/hex"
"errors"
"fmt"
"io"
)
var (
ErrOperationNotSupportedByKeyPair = errors.New("operation not supported by key pair")
)
type KeyPairId string
func PublicKeyFromPrivate(privKey crypto.PrivateKey) (crypto.PublicKey, error) {
type i1 interface {
Public() crypto.PublicKey
}
if o1, ok := privKey.(i1); ok {
pubKey := o1.Public()
return pubKey, nil
} else {
return nil, ErrorHandler(fmt.Errorf("%T has not Public() function", privKey))
}
}
func IdFromPublicKey(pubKey crypto.PublicKey) (KeyPairId, error) {
bytes, err := x509.MarshalPKIXPublicKey(pubKey)
if err != nil {
return "", ErrorHandler(err)
}
sum := sha256.Sum256(bytes)
return KeyPairId(hex.EncodeToString(sum[:])), nil
}
type KeyPair interface {
Id() KeyPairId
Label() string
SetLabel(label string) error
Algorithm() KeyAlgorithm
KeyUsage() map[KeyUsage]bool
KeyStore() KeyStore
Public() crypto.PublicKey
Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error)
Decrypt(rand io.Reader, ciphertext []byte, opts crypto.DecrypterOpts) (plaintext []byte, err error)
ExportPrivate() (privKey crypto.PrivateKey, err error)
Destroy() error
Verify(signature []byte, digest []byte, opts crypto.SignerOpts) (err error)
ECDH(remote *ecdsa.PublicKey) ([]byte, error)
Attestation(nonce []byte) (att Attestation, err error)
}
type AsyncKeyPair interface {
Id(ctx context.Context) <-chan KeyPairId
Label(ctx context.Context) <-chan string
SetLabel(ctx context.Context, label string) (errCh <-chan error)
Algorithm(ctx context.Context) <-chan KeyAlgorithm
KeyUsage(ctx context.Context) <-chan []KeyUsage
KeyStore(ctx context.Context) <-chan AsyncKeyStore
Public(ctx context.Context) <-chan crypto.PublicKey
Sign(ctx context.Context, rand io.Reader, digest []byte, opts crypto.SignerOpts) (signatureCh <-chan []byte, errCh <-chan error)
Decrypt(ctx context.Context, rand io.Reader, msg []byte, opts crypto.DecrypterOpts) (plaintextCh <-chan []byte, errCh <-chan error)
ExportPrivate(ctx context.Context) (privKeyCh <-chan crypto.PrivateKey, errCh <-chan error)
Destroy(ctx context.Context) <-chan error
Verify(ctx context.Context, signature []byte, digest []byte, opts crypto.SignerOpts) <-chan error
Attestation(ctx context.Context, nonce []byte) (att <-chan Attestation, errCh <-chan error)
}
// GenKeyPairOpts controls the key pair generation or import
type GenKeyPairOpts struct {
Algorithm KeyAlgorithm
Label string
KeyUsage map[KeyUsage]bool
Exportable bool
Ephemeral bool
}
func GenerateKeyPairIdFromPubKey(pubKey crypto.PublicKey) (KeyPairId, error) {
pkcs8DerBytes, err := x509.MarshalPKIXPublicKey(pubKey)
if err != nil {
return "", ErrorHandler(err)
}
sum := sha256.Sum256(pkcs8DerBytes)
id := hex.EncodeToString(sum[:])
return KeyPairId(id), nil
}