xref: /aosp_15_r20/external/tink/cc/jwt/internal/raw_jwt_hmac_key_manager.h (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1 // Copyright 2017 Google Inc.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ///////////////////////////////////////////////////////////////////////////////
16 #ifndef TINK_JWT_INTERNAL_RAW_JWT_HMAC_KEY_MANAGER_H_
17 #define TINK_JWT_INTERNAL_RAW_JWT_HMAC_KEY_MANAGER_H_
18 
19 #include <memory>
20 #include <string>
21 
22 #include "absl/memory/memory.h"
23 #include "absl/status/status.h"
24 #include "absl/strings/str_cat.h"
25 #include "tink/core/key_type_manager.h"
26 #include "tink/mac.h"
27 #include "tink/subtle/hmac_boringssl.h"
28 #include "tink/util/constants.h"
29 #include "tink/util/enums.h"
30 #include "tink/util/errors.h"
31 #include "tink/util/protobuf_helper.h"
32 #include "tink/util/secret_data.h"
33 #include "tink/util/status.h"
34 #include "tink/util/statusor.h"
35 #include "proto/jwt_hmac.pb.h"
36 #include "proto/tink.pb.h"
37 
38 namespace crypto {
39 namespace tink {
40 namespace jwt_internal {
41 
42 ///////////////////////////////////////////////////////////////////////////////
43 // This key manager creates MAC primitives from JwtHmacKeys. It is by the Tink
44 // JWT implementation in Python, and should not be used by anybody else.
45 //
46 class RawJwtHmacKeyManager
47     : public KeyTypeManager<google::crypto::tink::JwtHmacKey,
48                             google::crypto::tink::JwtHmacKeyFormat, List<Mac>> {
49  public:
50   class MacFactory : public PrimitiveFactory<Mac> {
Create(const google::crypto::tink::JwtHmacKey & jwt_hmac_key)51     crypto::tink::util::StatusOr<std::unique_ptr<Mac>> Create(
52         const google::crypto::tink::JwtHmacKey& jwt_hmac_key) const override {
53       int tag_size;
54       google::crypto::tink::HashType hash_type;
55       switch (jwt_hmac_key.algorithm()) {
56         case google::crypto::tink::JwtHmacAlgorithm::HS256:
57           hash_type = google::crypto::tink::HashType::SHA256;
58           tag_size = 32;
59           break;
60         case google::crypto::tink::JwtHmacAlgorithm::HS384:
61           hash_type = google::crypto::tink::HashType::SHA384;
62           tag_size = 48;
63           break;
64         case google::crypto::tink::JwtHmacAlgorithm::HS512:
65           hash_type = google::crypto::tink::HashType::SHA512;
66           tag_size = 64;
67           break;
68         default:
69           return util::Status(absl::StatusCode::kInvalidArgument,
70                               "Unknown algorithm.");
71       }
72       return subtle::HmacBoringSsl::New(
73           util::Enums::ProtoToSubtle(hash_type), tag_size,
74           util::SecretDataFromStringView(jwt_hmac_key.key_value()));
75     }
76   };
77 
RawJwtHmacKeyManager()78   RawJwtHmacKeyManager() : KeyTypeManager(absl::make_unique<MacFactory>()) {}
79 
get_version()80   uint32_t get_version() const override { return 0; }
81 
key_material_type()82   google::crypto::tink::KeyData::KeyMaterialType key_material_type()
83       const override {
84     return google::crypto::tink::KeyData::SYMMETRIC;
85   }
86 
get_key_type()87   const std::string& get_key_type() const override { return key_type_; }
88 
89   crypto::tink::util::Status ValidateKey(
90       const google::crypto::tink::JwtHmacKey& key) const override;
91 
92   crypto::tink::util::Status ValidateKeyFormat(
93       const google::crypto::tink::JwtHmacKeyFormat& key_format) const override;
94 
95   crypto::tink::util::StatusOr<google::crypto::tink::JwtHmacKey> CreateKey(
96       const google::crypto::tink::JwtHmacKeyFormat& key_format) const override;
97 
98   crypto::tink::util::StatusOr<google::crypto::tink::JwtHmacKey> DeriveKey(
99       const google::crypto::tink::JwtHmacKeyFormat& key_format,
100       InputStream* input_stream) const override;
101 
102  private:
103   const std::string key_type_ = absl::StrCat(
104       kTypeGoogleapisCom, google::crypto::tink::JwtHmacKey().GetTypeName());
105 };
106 
107 }  // namespace jwt_internal
108 
109 }  // namespace tink
110 }  // namespace crypto
111 
112 #endif  // TINK_JWT_INTERNAL_RAW_JWT_HMAC_KEY_MANAGER_H_
113