xref: /aosp_15_r20/external/tink/cc/jwt/jwt_signature_config.cc (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1*e7b1675dSTing-Kang Chang // Copyright 2021 Google LLC
2*e7b1675dSTing-Kang Chang //
3*e7b1675dSTing-Kang Chang // Licensed under the Apache License, Version 2.0 (the "License");
4*e7b1675dSTing-Kang Chang // you may not use this file except in compliance with the License.
5*e7b1675dSTing-Kang Chang // You may obtain a copy of the License at
6*e7b1675dSTing-Kang Chang //
7*e7b1675dSTing-Kang Chang //     http://www.apache.org/licenses/LICENSE-2.0
8*e7b1675dSTing-Kang Chang //
9*e7b1675dSTing-Kang Chang // Unless required by applicable law or agreed to in writing, software
10*e7b1675dSTing-Kang Chang // distributed under the License is distributed on an "AS IS" BASIS,
11*e7b1675dSTing-Kang Chang // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12*e7b1675dSTing-Kang Chang // See the License for the specific language governing permissions and
13*e7b1675dSTing-Kang Chang // limitations under the License.
14*e7b1675dSTing-Kang Chang //
15*e7b1675dSTing-Kang Chang ///////////////////////////////////////////////////////////////////////////////
16*e7b1675dSTing-Kang Chang 
17*e7b1675dSTing-Kang Chang #include "tink/jwt/jwt_signature_config.h"
18*e7b1675dSTing-Kang Chang 
19*e7b1675dSTing-Kang Chang #include "absl/memory/memory.h"
20*e7b1675dSTing-Kang Chang #include "tink/config/config_util.h"
21*e7b1675dSTing-Kang Chang #include "tink/config/tink_fips.h"
22*e7b1675dSTing-Kang Chang #include "tink/jwt/internal/jwt_ecdsa_sign_key_manager.h"
23*e7b1675dSTing-Kang Chang #include "tink/jwt/internal/jwt_ecdsa_verify_key_manager.h"
24*e7b1675dSTing-Kang Chang #include "tink/jwt/internal/jwt_public_key_sign_wrapper.h"
25*e7b1675dSTing-Kang Chang #include "tink/jwt/internal/jwt_public_key_verify_wrapper.h"
26*e7b1675dSTing-Kang Chang #include "tink/jwt/internal/jwt_rsa_ssa_pkcs1_sign_key_manager.h"
27*e7b1675dSTing-Kang Chang #include "tink/jwt/internal/jwt_rsa_ssa_pkcs1_verify_key_manager.h"
28*e7b1675dSTing-Kang Chang #include "tink/jwt/internal/jwt_rsa_ssa_pss_sign_key_manager.h"
29*e7b1675dSTing-Kang Chang #include "tink/jwt/internal/jwt_rsa_ssa_pss_verify_key_manager.h"
30*e7b1675dSTing-Kang Chang #include "tink/registry.h"
31*e7b1675dSTing-Kang Chang #include "tink/util/status.h"
32*e7b1675dSTing-Kang Chang #include "proto/config.pb.h"
33*e7b1675dSTing-Kang Chang 
34*e7b1675dSTing-Kang Chang namespace crypto {
35*e7b1675dSTing-Kang Chang namespace tink {
36*e7b1675dSTing-Kang Chang 
37*e7b1675dSTing-Kang Chang // static
JwtSignatureRegister()38*e7b1675dSTing-Kang Chang util::Status JwtSignatureRegister() {
39*e7b1675dSTing-Kang Chang   // Register primitive wrappers.
40*e7b1675dSTing-Kang Chang   auto status = Registry::RegisterPrimitiveWrapper(
41*e7b1675dSTing-Kang Chang       absl::make_unique<jwt_internal::JwtPublicKeySignWrapper>());
42*e7b1675dSTing-Kang Chang   if (!status.ok()) return status;
43*e7b1675dSTing-Kang Chang   status = Registry::RegisterPrimitiveWrapper(
44*e7b1675dSTing-Kang Chang       absl::make_unique<jwt_internal::JwtPublicKeyVerifyWrapper>());
45*e7b1675dSTing-Kang Chang   if (!status.ok()) return status;
46*e7b1675dSTing-Kang Chang 
47*e7b1675dSTing-Kang Chang   // Register key managers which utilize FIPS validated BoringCrypto
48*e7b1675dSTing-Kang Chang   // implementations.
49*e7b1675dSTing-Kang Chang   // ECDSA
50*e7b1675dSTing-Kang Chang   status = Registry::RegisterAsymmetricKeyManagers(
51*e7b1675dSTing-Kang Chang       absl::make_unique<jwt_internal::JwtEcdsaSignKeyManager>(),
52*e7b1675dSTing-Kang Chang       absl::make_unique<jwt_internal::JwtEcdsaVerifyKeyManager>(), true);
53*e7b1675dSTing-Kang Chang   if (!status.ok()) return status;
54*e7b1675dSTing-Kang Chang   // RSA SSA PKCS1
55*e7b1675dSTing-Kang Chang   status = Registry::RegisterAsymmetricKeyManagers(
56*e7b1675dSTing-Kang Chang       absl::make_unique<jwt_internal::JwtRsaSsaPkcs1SignKeyManager>(),
57*e7b1675dSTing-Kang Chang       absl::make_unique<jwt_internal::JwtRsaSsaPkcs1VerifyKeyManager>(), true);
58*e7b1675dSTing-Kang Chang   if (!status.ok()) return status;
59*e7b1675dSTing-Kang Chang   // RSA SSA PSS
60*e7b1675dSTing-Kang Chang   status = Registry::RegisterAsymmetricKeyManagers(
61*e7b1675dSTing-Kang Chang       absl::make_unique<jwt_internal::JwtRsaSsaPssSignKeyManager>(),
62*e7b1675dSTing-Kang Chang       absl::make_unique<jwt_internal::JwtRsaSsaPssVerifyKeyManager>(), true);
63*e7b1675dSTing-Kang Chang   if (!status.ok()) return status;
64*e7b1675dSTing-Kang Chang 
65*e7b1675dSTing-Kang Chang   if (IsFipsModeEnabled()) {
66*e7b1675dSTing-Kang Chang     return util::OkStatus();
67*e7b1675dSTing-Kang Chang   }
68*e7b1675dSTing-Kang Chang 
69*e7b1675dSTing-Kang Chang   // There are currently no non-FIPS key managers.
70*e7b1675dSTing-Kang Chang 
71*e7b1675dSTing-Kang Chang   return util::OkStatus();
72*e7b1675dSTing-Kang Chang }
73*e7b1675dSTing-Kang Chang 
74*e7b1675dSTing-Kang Chang }  // namespace tink
75*e7b1675dSTing-Kang Chang }  // namespace crypto
76