// StoreKey stores the key k in this KeyStore.
// If this KeyStore is read only then the method will fail.
func (ks *FileBasedKeyStore) StoreKey(k bccsp.Key) (err error) {
if ks.readOnly {
return errors.New("Read only KeyStore.")
}
if k == nil {
return errors.New("Invalid key. It must be different from nil.")
}
switch k.(type) {
case *ecdsaPrivateKey:
kk := k.(*ecdsaPrivateKey)
err = ks.storePrivateKey(hex.EncodeToString(k.SKI()), kk.privKey)
if err != nil {
return fmt.Errorf("Failed storing ECDSA private key [%s]", err)
}
case *ecdsaPublicKey:
kk := k.(*ecdsaPublicKey)
err = ks.storePublicKey(hex.EncodeToString(k.SKI()), kk.pubKey)
if err != nil {
return fmt.Errorf("Failed storing ECDSA public key [%s]", err)
}
case *rsaPrivateKey:
kk := k.(*rsaPrivateKey)
err = ks.storePrivateKey(hex.EncodeToString(k.SKI()), kk.privKey)
if err != nil {
return fmt.Errorf("Failed storing RSA private key [%s]", err)
}
case *rsaPublicKey:
kk := k.(*rsaPublicKey)
err = ks.storePublicKey(hex.EncodeToString(k.SKI()), kk.pubKey)
if err != nil {
return fmt.Errorf("Failed storing RSA public key [%s]", err)
}
case *aesPrivateKey:
kk := k.(*aesPrivateKey)
err = ks.storeKey(hex.EncodeToString(k.SKI()), kk.privKey)
if err != nil {
return fmt.Errorf("Failed storing AES key [%s]", err)
}
default:
return fmt.Errorf("Key type not reconigned [%s]", k)
}
return
}
// Init initializes this CryptoSigner.
func (s *CryptoSigner) Init(csp bccsp.BCCSP, key bccsp.Key) error {
// Validate arguments
if csp == nil {
return errors.New("Invalid BCCSP. Nil.")
}
if key == nil {
return errors.New("Invalid Key. Nil.")
}
if key.Symmetric() {
return errors.New("Invalid Key. Symmetric.")
}
// Marshall the bccsp public key as a crypto.PublicKey
pub, err := key.PublicKey()
if err != nil {
return fmt.Errorf("Failed getting public key [%s]", err)
}
raw, err := pub.Bytes()
if err != nil {
return fmt.Errorf("Failed marshalling public key [%s]", err)
}
pk, err := utils.DERToPublicKey(raw)
if err != nil {
return fmt.Errorf("Failed marshalling public key [%s]", err)
}
// Init fields
s.csp = csp
s.key = key
s.pk = pk
return nil
}
// KeyDeriv derives a key from k using opts.
// The opts argument should be appropriate for the primitive used.
func (csp *impl) KeyDeriv(k bccsp.Key, opts bccsp.KeyDerivOpts) (dk bccsp.Key, err error) {
// Validate arguments
if k == nil {
return nil, errors.New("Invalid Key. It must not be nil.")
}
// Derive key
switch k.(type) {
case *ecdsaPrivateKey:
// Validate opts
if opts == nil {
return nil, errors.New("Invalid Opts parameter. It must not be nil.")
}
ecdsaK := k.(*ecdsaPrivateKey)
switch opts.(type) {
// Re-randomized an ECDSA private key
case *bccsp.ECDSAReRandKeyOpts:
reRandOpts := opts.(*bccsp.ECDSAReRandKeyOpts)
tempSK := &ecdsa.PrivateKey{
PublicKey: ecdsa.PublicKey{
Curve: ecdsaK.privKey.Curve,
X: new(big.Int),
Y: new(big.Int),
},
D: new(big.Int),
}
var k = new(big.Int).SetBytes(reRandOpts.ExpansionValue())
var one = new(big.Int).SetInt64(1)
n := new(big.Int).Sub(ecdsaK.privKey.Params().N, one)
k.Mod(k, n)
k.Add(k, one)
tempSK.D.Add(ecdsaK.privKey.D, k)
tempSK.D.Mod(tempSK.D, ecdsaK.privKey.PublicKey.Params().N)
// Compute temporary public key
tempX, tempY := ecdsaK.privKey.PublicKey.ScalarBaseMult(k.Bytes())
tempSK.PublicKey.X, tempSK.PublicKey.Y =
tempSK.PublicKey.Add(
ecdsaK.privKey.PublicKey.X, ecdsaK.privKey.PublicKey.Y,
tempX, tempY,
)
// Verify temporary public key is a valid point on the reference curve
isOn := tempSK.Curve.IsOnCurve(tempSK.PublicKey.X, tempSK.PublicKey.Y)
if !isOn {
return nil, errors.New("Failed temporary public key IsOnCurve check. This is an foreign key.")
}
reRandomizedKey := &ecdsaPrivateKey{tempSK}
// If the key is not Ephemeral, store it.
if !opts.Ephemeral() {
// Store the key
err = csp.ks.StoreKey(reRandomizedKey)
if err != nil {
return nil, fmt.Errorf("Failed storing ECDSA key [%s]", err)
}
}
return reRandomizedKey, nil
default:
return nil, fmt.Errorf("Unrecognized KeyDerivOpts provided [%s]", opts.Algorithm())
}
case *aesPrivateKey:
// Validate opts
if opts == nil {
return nil, errors.New("Invalid Opts parameter. It must not be nil.")
}
aesK := k.(*aesPrivateKey)
switch opts.(type) {
case *bccsp.HMACTruncated256AESDeriveKeyOpts:
hmacOpts := opts.(*bccsp.HMACTruncated256AESDeriveKeyOpts)
mac := hmac.New(csp.conf.hashFunction, aesK.privKey)
mac.Write(hmacOpts.Argument())
hmacedKey := &aesPrivateKey{mac.Sum(nil)[:csp.conf.aesBitLength], false}
// If the key is not Ephemeral, store it.
if !opts.Ephemeral() {
// Store the key
err = csp.ks.StoreKey(hmacedKey)
if err != nil {
return nil, fmt.Errorf("Failed storing ECDSA key [%s]", err)
}
}
return hmacedKey, nil
case *bccsp.HMACDeriveKeyOpts:
hmacOpts := opts.(*bccsp.HMACDeriveKeyOpts)
mac := hmac.New(csp.conf.hashFunction, aesK.privKey)
mac.Write(hmacOpts.Argument())
hmacedKey := &aesPrivateKey{mac.Sum(nil), true}
// If the key is not Ephemeral, store it.
if !opts.Ephemeral() {
// Store the key
err = csp.ks.StoreKey(hmacedKey)
if err != nil {
return nil, fmt.Errorf("Failed storing ECDSA key [%s]", err)
}
}
return hmacedKey, nil
default:
return nil, fmt.Errorf("Unrecognized KeyDerivOpts provided [%s]", opts.Algorithm())
}
default:
return nil, fmt.Errorf("Key type not recognized [%s]", k)
}
}
