140 lines
3.7 KiB
Go
140 lines
3.7 KiB
Go
/*
|
|
Copyright IBM Corp. All Rights Reserved.
|
|
|
|
SPDX-License-Identifier: Apache-2.0
|
|
*/
|
|
|
|
package sw
|
|
|
|
import (
|
|
"crypto/ecdsa"
|
|
"crypto/rsa"
|
|
"crypto/x509"
|
|
"errors"
|
|
"fmt"
|
|
"reflect"
|
|
|
|
"github.com/hyperledger/fabric/bccsp"
|
|
)
|
|
|
|
type aes256ImportKeyOptsKeyImporter struct{}
|
|
|
|
func (*aes256ImportKeyOptsKeyImporter) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (bccsp.Key, error) {
|
|
aesRaw, ok := raw.([]byte)
|
|
if !ok {
|
|
return nil, errors.New("Invalid raw material. Expected byte array.")
|
|
}
|
|
|
|
if aesRaw == nil {
|
|
return nil, errors.New("Invalid raw material. It must not be nil.")
|
|
}
|
|
|
|
if len(aesRaw) != 32 {
|
|
return nil, fmt.Errorf("Invalid Key Length [%d]. Must be 32 bytes", len(aesRaw))
|
|
}
|
|
|
|
return &aesPrivateKey{aesRaw, false}, nil
|
|
}
|
|
|
|
type hmacImportKeyOptsKeyImporter struct{}
|
|
|
|
func (*hmacImportKeyOptsKeyImporter) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (bccsp.Key, error) {
|
|
aesRaw, ok := raw.([]byte)
|
|
if !ok {
|
|
return nil, errors.New("Invalid raw material. Expected byte array.")
|
|
}
|
|
|
|
if len(aesRaw) == 0 {
|
|
return nil, errors.New("Invalid raw material. It must not be nil.")
|
|
}
|
|
|
|
return &aesPrivateKey{aesRaw, false}, nil
|
|
}
|
|
|
|
type ecdsaPKIXPublicKeyImportOptsKeyImporter struct{}
|
|
|
|
func (*ecdsaPKIXPublicKeyImportOptsKeyImporter) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (bccsp.Key, error) {
|
|
der, ok := raw.([]byte)
|
|
if !ok {
|
|
return nil, errors.New("Invalid raw material. Expected byte array.")
|
|
}
|
|
|
|
if len(der) == 0 {
|
|
return nil, errors.New("Invalid raw. It must not be nil.")
|
|
}
|
|
|
|
lowLevelKey, err := derToPublicKey(der)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("Failed converting PKIX to ECDSA public key [%s]", err)
|
|
}
|
|
|
|
ecdsaPK, ok := lowLevelKey.(*ecdsa.PublicKey)
|
|
if !ok {
|
|
return nil, errors.New("Failed casting to ECDSA public key. Invalid raw material.")
|
|
}
|
|
|
|
return &ecdsaPublicKey{ecdsaPK}, nil
|
|
}
|
|
|
|
type ecdsaPrivateKeyImportOptsKeyImporter struct{}
|
|
|
|
func (*ecdsaPrivateKeyImportOptsKeyImporter) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (bccsp.Key, error) {
|
|
der, ok := raw.([]byte)
|
|
if !ok {
|
|
return nil, errors.New("[ECDSADERPrivateKeyImportOpts] Invalid raw material. Expected byte array.")
|
|
}
|
|
|
|
if len(der) == 0 {
|
|
return nil, errors.New("[ECDSADERPrivateKeyImportOpts] Invalid raw. It must not be nil.")
|
|
}
|
|
|
|
lowLevelKey, err := derToPrivateKey(der)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("Failed converting PKIX to ECDSA public key [%s]", err)
|
|
}
|
|
|
|
ecdsaSK, ok := lowLevelKey.(*ecdsa.PrivateKey)
|
|
if !ok {
|
|
return nil, errors.New("Failed casting to ECDSA private key. Invalid raw material.")
|
|
}
|
|
|
|
return &ecdsaPrivateKey{ecdsaSK}, nil
|
|
}
|
|
|
|
type ecdsaGoPublicKeyImportOptsKeyImporter struct{}
|
|
|
|
func (*ecdsaGoPublicKeyImportOptsKeyImporter) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (bccsp.Key, error) {
|
|
lowLevelKey, ok := raw.(*ecdsa.PublicKey)
|
|
if !ok {
|
|
return nil, errors.New("Invalid raw material. Expected *ecdsa.PublicKey.")
|
|
}
|
|
|
|
return &ecdsaPublicKey{lowLevelKey}, nil
|
|
}
|
|
|
|
type x509PublicKeyImportOptsKeyImporter struct {
|
|
bccsp *CSP
|
|
}
|
|
|
|
func (ki *x509PublicKeyImportOptsKeyImporter) KeyImport(raw interface{}, opts bccsp.KeyImportOpts) (bccsp.Key, error) {
|
|
x509Cert, ok := raw.(*x509.Certificate)
|
|
if !ok {
|
|
return nil, errors.New("Invalid raw material. Expected *x509.Certificate.")
|
|
}
|
|
|
|
pk := x509Cert.PublicKey
|
|
|
|
switch pk := pk.(type) {
|
|
case *ecdsa.PublicKey:
|
|
return ki.bccsp.KeyImporters[reflect.TypeOf(&bccsp.ECDSAGoPublicKeyImportOpts{})].KeyImport(
|
|
pk,
|
|
&bccsp.ECDSAGoPublicKeyImportOpts{Temporary: opts.Ephemeral()})
|
|
case *rsa.PublicKey:
|
|
// This path only exists to support environments that use RSA certificate
|
|
// authorities to issue ECDSA certificates.
|
|
return &rsaPublicKey{pubKey: pk}, nil
|
|
default:
|
|
return nil, errors.New("Certificate's public key type not recognized. Supported keys: [ECDSA, RSA]")
|
|
}
|
|
}
|