xref: /aosp_15_r20/external/tink/cc/config/fips_140_2.cc (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1 // Copyright 2023 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ///////////////////////////////////////////////////////////////////////////////
16 
17 #include "tink/config/fips_140_2.h"
18 
19 #include "absl/log/check.h"
20 #include "tink/aead/aead_wrapper.h"
21 #include "tink/aead/aes_ctr_hmac_aead_key_manager.h"
22 #include "tink/aead/aes_gcm_key_manager.h"
23 #include "tink/configuration.h"
24 #include "tink/internal/configuration_impl.h"
25 #include "tink/internal/fips_utils.h"
26 #include "tink/mac/hmac_key_manager.h"
27 #include "tink/mac/internal/chunked_mac_wrapper.h"
28 #include "tink/mac/mac_wrapper.h"
29 #include "tink/prf/hmac_prf_key_manager.h"
30 #include "tink/prf/prf_set_wrapper.h"
31 #include "tink/signature/ecdsa_verify_key_manager.h"
32 #include "tink/signature/public_key_sign_wrapper.h"
33 #include "tink/signature/public_key_verify_wrapper.h"
34 #include "tink/signature/rsa_ssa_pkcs1_sign_key_manager.h"
35 #include "tink/signature/rsa_ssa_pkcs1_verify_key_manager.h"
36 #include "tink/signature/rsa_ssa_pss_sign_key_manager.h"
37 #include "tink/signature/rsa_ssa_pss_verify_key_manager.h"
38 #include "tink/signature/ecdsa_sign_key_manager.h"
39 
40 namespace crypto {
41 namespace tink {
42 namespace {
43 
AddMac(Configuration & config)44 util::Status AddMac(Configuration& config) {
45   util::Status status = internal::ConfigurationImpl::AddPrimitiveWrapper(
46       absl::make_unique<MacWrapper>(), config);
47   if (!status.ok()) {
48     return status;
49   }
50   status = internal::ConfigurationImpl::AddPrimitiveWrapper(
51       absl::make_unique<internal::ChunkedMacWrapper>(), config);
52   if (!status.ok()) {
53     return status;
54   }
55 
56   return internal::ConfigurationImpl::AddKeyTypeManager(
57       absl::make_unique<HmacKeyManager>(), config);
58 }
59 
AddAead(Configuration & config)60 util::Status AddAead(Configuration& config) {
61   util::Status status = internal::ConfigurationImpl::AddPrimitiveWrapper(
62       absl::make_unique<AeadWrapper>(), config);
63   if (!status.ok()) {
64     return status;
65   }
66 
67   status = internal::ConfigurationImpl::AddKeyTypeManager(
68       absl::make_unique<AesCtrHmacAeadKeyManager>(), config);
69   if (!status.ok()) {
70     return status;
71   }
72   return internal::ConfigurationImpl::AddKeyTypeManager(
73       absl::make_unique<AesGcmKeyManager>(), config);
74 }
75 
AddPrf(Configuration & config)76 util::Status AddPrf(Configuration& config) {
77   util::Status status = internal::ConfigurationImpl::AddPrimitiveWrapper(
78       absl::make_unique<PrfSetWrapper>(), config);
79   if (!status.ok()) {
80     return status;
81   }
82 
83   return internal::ConfigurationImpl::AddKeyTypeManager(
84       absl::make_unique<HmacPrfKeyManager>(), config);
85 }
86 
AddSignature(Configuration & config)87 util::Status AddSignature(Configuration& config) {
88   util::Status status = internal::ConfigurationImpl::AddPrimitiveWrapper(
89       absl::make_unique<PublicKeySignWrapper>(), config);
90   if (!status.ok()) {
91     return status;
92   }
93   status = internal::ConfigurationImpl::AddPrimitiveWrapper(
94       absl::make_unique<PublicKeyVerifyWrapper>(), config);
95   if (!status.ok()) {
96     return status;
97   }
98 
99   status = internal::ConfigurationImpl::AddAsymmetricKeyManagers(
100       absl::make_unique<EcdsaSignKeyManager>(),
101       absl::make_unique<EcdsaVerifyKeyManager>(), config);
102   if (!status.ok()) {
103     return status;
104   }
105   status = internal::ConfigurationImpl::AddAsymmetricKeyManagers(
106       absl::make_unique<RsaSsaPssSignKeyManager>(),
107       absl::make_unique<RsaSsaPssVerifyKeyManager>(), config);
108   if (!status.ok()) {
109     return status;
110   }
111   return internal::ConfigurationImpl::AddAsymmetricKeyManagers(
112       absl::make_unique<RsaSsaPkcs1SignKeyManager>(),
113       absl::make_unique<RsaSsaPkcs1VerifyKeyManager>(), config);
114 }
115 
116 }  // namespace
117 
ConfigFips140_2()118 const Configuration& ConfigFips140_2() {
119   static const Configuration* instance = [] {
120     internal::SetFipsRestricted();
121 
122     static Configuration* config = new Configuration();
123     CHECK_OK(AddMac(*config));
124     CHECK_OK(AddAead(*config));
125     CHECK_OK(AddPrf(*config));
126     CHECK_OK(AddSignature(*config));
127 
128     return config;
129   }();
130   return *instance;
131 }
132 
133 }  // namespace tink
134 }  // namespace crypto
135