/* Copyright IBM Corp. All Rights Reserved. SPDX-License-Identifier: Apache-2.0 */ package sw import ( "crypto/ecdsa" "crypto/rsa" "crypto/x509" "errors" "fmt" "reflect" "github.com/hyperledger/fabric/bccsp" ) type aes256ImportKeyOptsKeyImporter struct{} func (*aes256ImportKeyOptsKeyImporter) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (bccsp.Key, error) { aesRaw, ok := raw.([]byte) if !ok { return nil, errors.New("Invalid raw material. Expected byte array.") } if aesRaw == nil { return nil, errors.New("Invalid raw material. It must not be nil.") } if len(aesRaw) != 32 { return nil, fmt.Errorf("Invalid Key Length [%d]. Must be 32 bytes", len(aesRaw)) } return &aesPrivateKey{aesRaw, false}, nil } type hmacImportKeyOptsKeyImporter struct{} func (*hmacImportKeyOptsKeyImporter) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (bccsp.Key, error) { aesRaw, ok := raw.([]byte) if !ok { return nil, errors.New("Invalid raw material. Expected byte array.") } if len(aesRaw) == 0 { return nil, errors.New("Invalid raw material. It must not be nil.") } return &aesPrivateKey{aesRaw, false}, nil } type ecdsaPKIXPublicKeyImportOptsKeyImporter struct{} func (*ecdsaPKIXPublicKeyImportOptsKeyImporter) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (bccsp.Key, error) { der, ok := raw.([]byte) if !ok { return nil, errors.New("Invalid raw material. Expected byte array.") } if len(der) == 0 { return nil, errors.New("Invalid raw. It must not be nil.") } lowLevelKey, err := derToPublicKey(der) if err != nil { return nil, fmt.Errorf("Failed converting PKIX to ECDSA public key [%s]", err) } ecdsaPK, ok := lowLevelKey.(*ecdsa.PublicKey) if !ok { return nil, errors.New("Failed casting to ECDSA public key. Invalid raw material.") } return &ecdsaPublicKey{ecdsaPK}, nil } type ecdsaPrivateKeyImportOptsKeyImporter struct{} func (*ecdsaPrivateKeyImportOptsKeyImporter) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (bccsp.Key, error) { der, ok := raw.([]byte) if !ok { return nil, errors.New("[ECDSADERPrivateKeyImportOpts] Invalid raw material. Expected byte array.") } if len(der) == 0 { return nil, errors.New("[ECDSADERPrivateKeyImportOpts] Invalid raw. It must not be nil.") } lowLevelKey, err := derToPrivateKey(der) if err != nil { return nil, fmt.Errorf("Failed converting PKIX to ECDSA public key [%s]", err) } ecdsaSK, ok := lowLevelKey.(*ecdsa.PrivateKey) if !ok { return nil, errors.New("Failed casting to ECDSA private key. Invalid raw material.") } return &ecdsaPrivateKey{ecdsaSK}, nil } type ecdsaGoPublicKeyImportOptsKeyImporter struct{} func (*ecdsaGoPublicKeyImportOptsKeyImporter) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (bccsp.Key, error) { lowLevelKey, ok := raw.(*ecdsa.PublicKey) if !ok { return nil, errors.New("Invalid raw material. Expected *ecdsa.PublicKey.") } return &ecdsaPublicKey{lowLevelKey}, nil } type x509PublicKeyImportOptsKeyImporter struct { bccsp *CSP } func (ki *x509PublicKeyImportOptsKeyImporter) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (bccsp.Key, error) { x509Cert, ok := raw.(*x509.Certificate) if !ok { return nil, errors.New("Invalid raw material. Expected *x509.Certificate.") } pk := x509Cert.PublicKey switch pk := pk.(type) { case *ecdsa.PublicKey: return ki.bccsp.KeyImporters[reflect.TypeOf(&bccsp.ECDSAGoPublicKeyImportOpts{})].KeyImport( pk, &bccsp.ECDSAGoPublicKeyImportOpts{Temporary: opts.Ephemeral()}) case *rsa.PublicKey: // This path only exists to support environments that use RSA certificate // authorities to issue ECDSA certificates. return &rsaPublicKey{pubKey: pk}, nil default: return nil, errors.New("Certificate's public key type not recognized. Supported keys: [ECDSA, RSA]") } }