xref: /aosp_15_r20/external/tink/go/jwt/jwt_rsa_ssa_pkcs1_verifier_key_manager.go (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1// Copyright 2022 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//      http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14//
15////////////////////////////////////////////////////////////////////////////////
16
17package jwt
18
19import (
20	"crypto/rsa"
21	"errors"
22	"fmt"
23	"math/big"
24
25	"google.golang.org/protobuf/proto"
26	"github.com/google/tink/go/core/registry"
27	"github.com/google/tink/go/internal/signature"
28	"github.com/google/tink/go/keyset"
29	jrsppb "github.com/google/tink/go/proto/jwt_rsa_ssa_pkcs1_go_proto"
30	tinkpb "github.com/google/tink/go/proto/tink_go_proto"
31)
32
33const (
34	jwtRSVerifierKeyVersion = 0
35	jwtRSVerifierTypeURL    = "type.googleapis.com/google.crypto.tink.JwtRsaSsaPkcs1PublicKey"
36)
37
38var (
39	errJWTRSVerifierNotImplemented = errors.New("not supported on verifier key manager")
40)
41
42// jwtRSVerifierKeyManager implements the KeyManager interface
43// for JWT Verifier using the 'RS256', 'RS384', and 'RS512' JSON Web Algorithms (JWA).
44type jwtRSVerifierKeyManager struct{}
45
46var _ registry.KeyManager = (*jwtRSVerifierKeyManager)(nil)
47
48// adding to this map will automatically add to the list of
49// "accepted" algorithms that will construct valid primitives.
50var validRSAlgToHash = map[jrsppb.JwtRsaSsaPkcs1Algorithm]string{
51	jrsppb.JwtRsaSsaPkcs1Algorithm_RS256: "SHA256",
52	jrsppb.JwtRsaSsaPkcs1Algorithm_RS384: "SHA384",
53	jrsppb.JwtRsaSsaPkcs1Algorithm_RS512: "SHA512",
54}
55
56func (km *jwtRSVerifierKeyManager) Primitive(serializedKey []byte) (interface{}, error) {
57	if serializedKey == nil || len(serializedKey) == 0 {
58		return nil, fmt.Errorf("invalid key")
59	}
60	pubKey := &jrsppb.JwtRsaSsaPkcs1PublicKey{}
61	if err := proto.Unmarshal(serializedKey, pubKey); err != nil {
62		return nil, err
63	}
64	if err := validateRSPublicKey(pubKey); err != nil {
65		return nil, err
66	}
67	e := new(big.Int).SetBytes(pubKey.GetE())
68	if !e.IsInt64() {
69		return nil, fmt.Errorf("public exponent can't fit in a 64 bit integer")
70	}
71	rsaPubKey := &rsa.PublicKey{
72		N: new(big.Int).SetBytes(pubKey.GetN()),
73		E: int(e.Int64()),
74	}
75	v, err := signature.New_RSA_SSA_PKCS1_Verifier(validRSAlgToHash[pubKey.GetAlgorithm()], rsaPubKey)
76	if err != nil {
77		return nil, err
78	}
79	return newVerifierWithKID(v, pubKey.GetAlgorithm().String(), rsCustomKID(pubKey))
80}
81
82func (km *jwtRSVerifierKeyManager) NewKey(serializedKeyFormat []byte) (proto.Message, error) {
83	return nil, errJWTRSVerifierNotImplemented
84}
85
86func (km *jwtRSVerifierKeyManager) NewKeyData(serializedKeyFormat []byte) (*tinkpb.KeyData, error) {
87	return nil, errJWTRSVerifierNotImplemented
88}
89
90func (km *jwtRSVerifierKeyManager) DoesSupport(typeURL string) bool {
91	return typeURL == jwtRSVerifierTypeURL
92}
93
94func (km *jwtRSVerifierKeyManager) TypeURL() string {
95	return jwtRSVerifierTypeURL
96}
97
98func validateRSPublicKey(pubKey *jrsppb.JwtRsaSsaPkcs1PublicKey) error {
99	if pubKey == nil {
100		return fmt.Errorf("nil public key")
101	}
102	if err := keyset.ValidateKeyVersion(pubKey.Version, jwtRSVerifierKeyVersion); err != nil {
103		return err
104	}
105	if _, ok := validRSAlgToHash[pubKey.GetAlgorithm()]; !ok {
106		return fmt.Errorf("invalid algorithm")
107	}
108	e := new(big.Int).SetBytes(pubKey.GetE())
109	if !e.IsInt64() {
110		return fmt.Errorf("public exponent can't fit in a 64 bit integer")
111	}
112	if err := signature.RSAValidPublicExponent(int(e.Int64())); err != nil {
113		return err
114	}
115	return signature.RSAValidModulusSizeInBits(new(big.Int).SetBytes(pubKey.GetN()).BitLen())
116}
117
118func rsCustomKID(pk *jrsppb.JwtRsaSsaPkcs1PublicKey) *string {
119	// nil is an acceptable value for a custom kid.
120	if pk.GetCustomKid() == nil {
121		return nil
122	}
123	k := pk.GetCustomKid().GetValue()
124	return &k
125}
126