1# Copyright 2019 Google LLC 2# 3# Licensed under the Apache License, Version 2.0 (the "License"); 4# you may not use this file except in compliance with the License. 5# You may obtain a copy of the License at 6# 7# http://www.apache.org/licenses/LICENSE-2.0 8# 9# Unless required by applicable law or agreed to in writing, software 10# distributed under the License is distributed on an "AS IS" BASIS, 11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12# See the License for the specific language governing permissions and 13# limitations under the License. 14 15"""Pre-generated KeyTemplate for PublicKeySign and PublicKeyVerify. 16 17One can use these templates to generate a new tink_pb2.Keyset with 18tink_pb2.KeysetHandle. To generate a new keyset that contains a single 19EcdsaPrivateKey, one can do: 20 21handle = keyset_handle.KeysetHandle(signature_key_templates.ECDSA_P256); 22""" 23 24import warnings 25 26from tink.proto import common_pb2 27from tink.proto import ecdsa_pb2 28from tink.proto import rsa_ssa_pkcs1_pb2 29from tink.proto import rsa_ssa_pss_pb2 30from tink.proto import tink_pb2 31from tink.internal import big_integer_util 32 33 34_prefix = 'type.googleapis.com/google.crypto.tink.' 35_ECDSA_KEY_TYPE_URL = _prefix + 'EcdsaPrivateKey' 36_ED25519_KEY_TYPE_URL = _prefix + 'Ed25519PrivateKey' 37_RSA_PKCS1_KEY_TYPE_URL = _prefix + 'RsaSsaPkcs1PrivateKey' 38_RSA_PSS_KEY_TYPE_URL = _prefix + 'RsaSsaPssPrivateKey' 39_RSA_F4 = 65537 40 41 42def _create_ecdsa_key_template( 43 hash_type: common_pb2.HashType, 44 curve: common_pb2.EllipticCurveType, 45 encoding: ecdsa_pb2.EcdsaSignatureEncoding, 46 output_prefix_type: tink_pb2.OutputPrefixType = tink_pb2.TINK 47) -> tink_pb2.KeyTemplate: 48 """Creates a KeyTemplate containing an EcdsaKeyFormat.""" 49 params = ecdsa_pb2.EcdsaParams( 50 hash_type=hash_type, curve=curve, encoding=encoding) 51 key_format = ecdsa_pb2.EcdsaKeyFormat(params=params) 52 key_template = tink_pb2.KeyTemplate( 53 value=key_format.SerializeToString(), 54 type_url=_ECDSA_KEY_TYPE_URL, 55 output_prefix_type=output_prefix_type) 56 57 return key_template 58 59 60def _create_rsa_ssa_pkcs1_key_template( 61 hash_type: common_pb2.HashType, modulus_size: int, 62 public_exponent: int) -> tink_pb2.KeyTemplate: 63 """Creates a KeyTemplate containing an RsaSsaPkcs1KeyFormat.""" 64 params = rsa_ssa_pkcs1_pb2.RsaSsaPkcs1Params(hash_type=hash_type) 65 key_format = rsa_ssa_pkcs1_pb2.RsaSsaPkcs1KeyFormat( 66 params=params, 67 modulus_size_in_bits=modulus_size, 68 public_exponent=big_integer_util.num_to_bytes(public_exponent)) 69 key_template = tink_pb2.KeyTemplate( 70 value=key_format.SerializeToString(), 71 type_url=_RSA_PKCS1_KEY_TYPE_URL, 72 output_prefix_type=tink_pb2.TINK) 73 74 return key_template 75 76 77def _create_rsa_ssa_pss_key_template( 78 sig_hash: common_pb2.HashType, mgf1_hash: common_pb2.HashType, 79 salt_length: int, modulus_size: int, 80 public_exponent: int) -> tink_pb2.KeyTemplate: 81 """Creates a KeyTemplate containing an RsaSsaPssKeyFormat.""" 82 params = rsa_ssa_pss_pb2.RsaSsaPssParams( 83 sig_hash=sig_hash, mgf1_hash=mgf1_hash, salt_length=salt_length) 84 key_format = rsa_ssa_pss_pb2.RsaSsaPssKeyFormat( 85 params=params, 86 modulus_size_in_bits=modulus_size, 87 public_exponent=big_integer_util.num_to_bytes(public_exponent)) 88 key_template = tink_pb2.KeyTemplate( 89 value=key_format.SerializeToString(), 90 type_url=_RSA_PSS_KEY_TYPE_URL, 91 output_prefix_type=tink_pb2.TINK) 92 93 return key_template 94 95 96ECDSA_P256 = _create_ecdsa_key_template(common_pb2.SHA256, common_pb2.NIST_P256, 97 ecdsa_pb2.DER) 98ECDSA_P256_RAW = _create_ecdsa_key_template(common_pb2.SHA256, 99 common_pb2.NIST_P256, 100 ecdsa_pb2.IEEE_P1363, tink_pb2.RAW) 101# TODO(b/140101381): This template is confusing and will be removed. 102ECDSA_P384 = _create_ecdsa_key_template(common_pb2.SHA512, common_pb2.NIST_P384, 103 ecdsa_pb2.DER) 104ECDSA_P384_SHA384 = _create_ecdsa_key_template(common_pb2.SHA384, 105 common_pb2.NIST_P384, 106 ecdsa_pb2.DER) 107ECDSA_P384_SHA512 = _create_ecdsa_key_template(common_pb2.SHA512, 108 common_pb2.NIST_P384, 109 ecdsa_pb2.DER) 110ECDSA_P521 = _create_ecdsa_key_template(common_pb2.SHA512, common_pb2.NIST_P521, 111 ecdsa_pb2.DER) 112 113# Deprecated. This key template does not make sense because IEEE P1363 mandates 114# a raw signature. 115ECDSA_P256_IEEE_P1363 = _create_ecdsa_key_template(common_pb2.SHA256, 116 common_pb2.NIST_P256, 117 ecdsa_pb2.IEEE_P1363) 118# Deprecated. This key template does not make sense because IEEE P1363 mandates 119# a raw signature. 120ECDSA_P384_IEEE_P1363 = _create_ecdsa_key_template(common_pb2.SHA512, 121 common_pb2.NIST_P384, 122 ecdsa_pb2.IEEE_P1363) 123# Deprecated. This key template does not make sense because IEEE P1363 mandates 124# a raw signature. 125ECDSA_P384_SHA384_IEEE_P1363 = _create_ecdsa_key_template( 126 common_pb2.SHA384, common_pb2.NIST_P384, ecdsa_pb2.IEEE_P1363) 127# Deprecated. This key template does not make sense because IEEE P1363 mandates 128# a raw signature. 129ECDSA_P521_IEEE_P1363 = _create_ecdsa_key_template(common_pb2.SHA512, 130 common_pb2.NIST_P521, 131 ecdsa_pb2.IEEE_P1363) 132 133ED25519 = tink_pb2.KeyTemplate( 134 type_url=_ED25519_KEY_TYPE_URL, output_prefix_type=tink_pb2.TINK) 135 136RSA_SSA_PKCS1_3072_SHA256_F4 = _create_rsa_ssa_pkcs1_key_template( 137 common_pb2.SHA256, 3072, _RSA_F4) 138RSA_SSA_PKCS1_4096_SHA512_F4 = _create_rsa_ssa_pkcs1_key_template( 139 common_pb2.SHA512, 4096, _RSA_F4) 140 141RSA_SSA_PSS_3072_SHA256_SHA256_32_F4 = _create_rsa_ssa_pss_key_template( 142 common_pb2.SHA256, common_pb2.SHA256, 32, 3072, _RSA_F4) 143RSA_SSA_PSS_4096_SHA512_SHA512_64_F4 = _create_rsa_ssa_pss_key_template( 144 common_pb2.SHA512, common_pb2.SHA512, 64, 4096, _RSA_F4) 145 146 147# Deprecated. Use the predefined constant templates above instead. 148def create_ecdsa_key_template( 149 hash_type: common_pb2.HashType, 150 curve: common_pb2.EllipticCurveType, 151 encoding: ecdsa_pb2.EcdsaSignatureEncoding, 152 output_prefix_type: tink_pb2.OutputPrefixType = tink_pb2.TINK 153) -> tink_pb2.KeyTemplate: 154 warnings.warn('The "create_ecdsa_key_template" function is deprecated.', 155 DeprecationWarning, 2) 156 return _create_ecdsa_key_template(hash_type, curve, encoding, 157 output_prefix_type) 158 159 160# Deprecated. Use the predefined constant templates above instead. 161def create_rsa_ssa_pkcs1_key_template( 162 hash_type: common_pb2.HashType, modulus_size: int, 163 public_exponent: int) -> tink_pb2.KeyTemplate: 164 warnings.warn( 165 'The "create_rsa_ssa_pkcs1_key_template" function is deprecated.', 166 DeprecationWarning, 2) 167 return _create_rsa_ssa_pkcs1_key_template(hash_type, modulus_size, 168 public_exponent) 169 170 171# Deprecated. Use the predefined constant templates above instead. 172def create_rsa_ssa_pss_key_template( 173 sig_hash: common_pb2.HashType, mgf1_hash: common_pb2.HashType, 174 salt_length: int, modulus_size: int, 175 public_exponent: int) -> tink_pb2.KeyTemplate: 176 warnings.warn('The "create_rsa_ssa_pss_key_template" function is deprecated.', 177 DeprecationWarning, 2) 178 return _create_rsa_ssa_pss_key_template(sig_hash, mgf1_hash, salt_length, 179 modulus_size, public_exponent) 180