xref: /aosp_15_r20/external/tink/cc/signature/signature_key_templates.cc (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1*e7b1675dSTing-Kang Chang // Copyright 2018 Google Inc.
2*e7b1675dSTing-Kang Chang //
3*e7b1675dSTing-Kang Chang // Licensed under the Apache License, Version 2.0 (the "License");
4*e7b1675dSTing-Kang Chang // you may not use this file except in compliance with the License.
5*e7b1675dSTing-Kang Chang // You may obtain a copy of the License at
6*e7b1675dSTing-Kang Chang //
7*e7b1675dSTing-Kang Chang //     http://www.apache.org/licenses/LICENSE-2.0
8*e7b1675dSTing-Kang Chang //
9*e7b1675dSTing-Kang Chang // Unless required by applicable law or agreed to in writing, software
10*e7b1675dSTing-Kang Chang // distributed under the License is distributed on an "AS IS" BASIS,
11*e7b1675dSTing-Kang Chang // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12*e7b1675dSTing-Kang Chang // See the License for the specific language governing permissions and
13*e7b1675dSTing-Kang Chang // limitations under the License.
14*e7b1675dSTing-Kang Chang //
15*e7b1675dSTing-Kang Chang ///////////////////////////////////////////////////////////////////////////////
16*e7b1675dSTing-Kang Chang 
17*e7b1675dSTing-Kang Chang #include "tink/signature/signature_key_templates.h"
18*e7b1675dSTing-Kang Chang 
19*e7b1675dSTing-Kang Chang #include <memory>
20*e7b1675dSTing-Kang Chang 
21*e7b1675dSTing-Kang Chang #include "absl/memory/memory.h"
22*e7b1675dSTing-Kang Chang #include "absl/strings/str_cat.h"
23*e7b1675dSTing-Kang Chang #include "openssl/bn.h"
24*e7b1675dSTing-Kang Chang #include "openssl/rsa.h"
25*e7b1675dSTing-Kang Chang #include "tink/internal/bn_util.h"
26*e7b1675dSTing-Kang Chang #include "tink/internal/ssl_unique_ptr.h"
27*e7b1675dSTing-Kang Chang #include "tink/util/constants.h"
28*e7b1675dSTing-Kang Chang #include "proto/common.pb.h"
29*e7b1675dSTing-Kang Chang #include "proto/ecdsa.pb.h"
30*e7b1675dSTing-Kang Chang #include "proto/ed25519.pb.h"
31*e7b1675dSTing-Kang Chang #include "proto/rsa_ssa_pkcs1.pb.h"
32*e7b1675dSTing-Kang Chang #include "proto/rsa_ssa_pss.pb.h"
33*e7b1675dSTing-Kang Chang #include "proto/tink.pb.h"
34*e7b1675dSTing-Kang Chang 
35*e7b1675dSTing-Kang Chang namespace crypto {
36*e7b1675dSTing-Kang Chang namespace tink {
37*e7b1675dSTing-Kang Chang namespace {
38*e7b1675dSTing-Kang Chang 
39*e7b1675dSTing-Kang Chang using google::crypto::tink::EcdsaKeyFormat;
40*e7b1675dSTing-Kang Chang using google::crypto::tink::EcdsaPrivateKey;
41*e7b1675dSTing-Kang Chang using google::crypto::tink::EcdsaSignatureEncoding;
42*e7b1675dSTing-Kang Chang using google::crypto::tink::Ed25519PrivateKey;
43*e7b1675dSTing-Kang Chang using google::crypto::tink::EllipticCurveType;
44*e7b1675dSTing-Kang Chang using google::crypto::tink::HashType;
45*e7b1675dSTing-Kang Chang using google::crypto::tink::KeyTemplate;
46*e7b1675dSTing-Kang Chang using google::crypto::tink::OutputPrefixType;
47*e7b1675dSTing-Kang Chang using google::crypto::tink::RsaSsaPkcs1KeyFormat;
48*e7b1675dSTing-Kang Chang using google::crypto::tink::RsaSsaPkcs1PrivateKey;
49*e7b1675dSTing-Kang Chang using google::crypto::tink::RsaSsaPssKeyFormat;
50*e7b1675dSTing-Kang Chang using google::crypto::tink::RsaSsaPssPrivateKey;
51*e7b1675dSTing-Kang Chang 
NewEcdsaKeyTemplate(HashType hash_type,EllipticCurveType curve_type,EcdsaSignatureEncoding encoding,OutputPrefixType output_prefix_type)52*e7b1675dSTing-Kang Chang std::unique_ptr<KeyTemplate> NewEcdsaKeyTemplate(
53*e7b1675dSTing-Kang Chang     HashType hash_type, EllipticCurveType curve_type,
54*e7b1675dSTing-Kang Chang     EcdsaSignatureEncoding encoding, OutputPrefixType output_prefix_type) {
55*e7b1675dSTing-Kang Chang   auto key_template = absl::make_unique<KeyTemplate>();
56*e7b1675dSTing-Kang Chang   key_template->set_type_url(
57*e7b1675dSTing-Kang Chang       absl::StrCat(kTypeGoogleapisCom, EcdsaPrivateKey().GetTypeName()));
58*e7b1675dSTing-Kang Chang   key_template->set_output_prefix_type(output_prefix_type);
59*e7b1675dSTing-Kang Chang   EcdsaKeyFormat key_format;
60*e7b1675dSTing-Kang Chang   auto params = key_format.mutable_params();
61*e7b1675dSTing-Kang Chang   params->set_hash_type(hash_type);
62*e7b1675dSTing-Kang Chang   params->set_curve(curve_type);
63*e7b1675dSTing-Kang Chang   params->set_encoding(encoding);
64*e7b1675dSTing-Kang Chang   key_format.SerializeToString(key_template->mutable_value());
65*e7b1675dSTing-Kang Chang   return key_template;
66*e7b1675dSTing-Kang Chang }
67*e7b1675dSTing-Kang Chang 
NewEcdsaKeyTemplate(HashType hash_type,EllipticCurveType curve_type,EcdsaSignatureEncoding encoding)68*e7b1675dSTing-Kang Chang std::unique_ptr<KeyTemplate> NewEcdsaKeyTemplate(
69*e7b1675dSTing-Kang Chang     HashType hash_type, EllipticCurveType curve_type,
70*e7b1675dSTing-Kang Chang     EcdsaSignatureEncoding encoding) {
71*e7b1675dSTing-Kang Chang   return NewEcdsaKeyTemplate(hash_type, curve_type, encoding,
72*e7b1675dSTing-Kang Chang                              OutputPrefixType::TINK);
73*e7b1675dSTing-Kang Chang }
74*e7b1675dSTing-Kang Chang 
NewRsaSsaPkcs1KeyTemplate(HashType hash_type,int modulus_size_in_bits,int public_exponent)75*e7b1675dSTing-Kang Chang std::unique_ptr<KeyTemplate> NewRsaSsaPkcs1KeyTemplate(HashType hash_type,
76*e7b1675dSTing-Kang Chang                                                        int modulus_size_in_bits,
77*e7b1675dSTing-Kang Chang                                                        int public_exponent) {
78*e7b1675dSTing-Kang Chang   auto key_template = absl::make_unique<KeyTemplate>();
79*e7b1675dSTing-Kang Chang   key_template->set_type_url(
80*e7b1675dSTing-Kang Chang       absl::StrCat(kTypeGoogleapisCom, RsaSsaPkcs1PrivateKey().GetTypeName()));
81*e7b1675dSTing-Kang Chang   key_template->set_output_prefix_type(OutputPrefixType::TINK);
82*e7b1675dSTing-Kang Chang   RsaSsaPkcs1KeyFormat key_format;
83*e7b1675dSTing-Kang Chang   auto params = key_format.mutable_params();
84*e7b1675dSTing-Kang Chang   params->set_hash_type(hash_type);
85*e7b1675dSTing-Kang Chang   key_format.set_modulus_size_in_bits(modulus_size_in_bits);
86*e7b1675dSTing-Kang Chang   internal::SslUniquePtr<BIGNUM> e(BN_new());
87*e7b1675dSTing-Kang Chang   BN_set_word(e.get(), public_exponent);
88*e7b1675dSTing-Kang Chang   key_format.set_public_exponent(
89*e7b1675dSTing-Kang Chang       internal::BignumToString(e.get(), BN_num_bytes(e.get())).value());
90*e7b1675dSTing-Kang Chang   key_format.SerializeToString(key_template->mutable_value());
91*e7b1675dSTing-Kang Chang   return key_template;
92*e7b1675dSTing-Kang Chang }
93*e7b1675dSTing-Kang Chang 
NewRsaSsaPssKeyTemplate(HashType sig_hash,HashType mgf1_hash,int salt_length,int modulus_size_in_bits,int public_exponent)94*e7b1675dSTing-Kang Chang std::unique_ptr<KeyTemplate> NewRsaSsaPssKeyTemplate(HashType sig_hash,
95*e7b1675dSTing-Kang Chang                                                      HashType mgf1_hash,
96*e7b1675dSTing-Kang Chang                                                      int salt_length,
97*e7b1675dSTing-Kang Chang                                                      int modulus_size_in_bits,
98*e7b1675dSTing-Kang Chang                                                      int public_exponent) {
99*e7b1675dSTing-Kang Chang   auto key_template = absl::make_unique<KeyTemplate>();
100*e7b1675dSTing-Kang Chang   key_template->set_type_url(
101*e7b1675dSTing-Kang Chang       absl::StrCat(kTypeGoogleapisCom, RsaSsaPssPrivateKey().GetTypeName()));
102*e7b1675dSTing-Kang Chang   key_template->set_output_prefix_type(OutputPrefixType::TINK);
103*e7b1675dSTing-Kang Chang   RsaSsaPssKeyFormat key_format;
104*e7b1675dSTing-Kang Chang   auto params = key_format.mutable_params();
105*e7b1675dSTing-Kang Chang   params->set_sig_hash(sig_hash);
106*e7b1675dSTing-Kang Chang   params->set_mgf1_hash(mgf1_hash);
107*e7b1675dSTing-Kang Chang   params->set_salt_length(salt_length);
108*e7b1675dSTing-Kang Chang   key_format.set_modulus_size_in_bits(modulus_size_in_bits);
109*e7b1675dSTing-Kang Chang   internal::SslUniquePtr<BIGNUM> e(BN_new());
110*e7b1675dSTing-Kang Chang   BN_set_word(e.get(), public_exponent);
111*e7b1675dSTing-Kang Chang   key_format.set_public_exponent(
112*e7b1675dSTing-Kang Chang       internal::BignumToString(e.get(), BN_num_bytes(e.get())).value());
113*e7b1675dSTing-Kang Chang   key_format.SerializeToString(key_template->mutable_value());
114*e7b1675dSTing-Kang Chang   return key_template;
115*e7b1675dSTing-Kang Chang }
116*e7b1675dSTing-Kang Chang 
117*e7b1675dSTing-Kang Chang }  // anonymous namespace
118*e7b1675dSTing-Kang Chang 
119*e7b1675dSTing-Kang Chang // static
EcdsaP256()120*e7b1675dSTing-Kang Chang const KeyTemplate& SignatureKeyTemplates::EcdsaP256() {
121*e7b1675dSTing-Kang Chang   static const KeyTemplate* key_template =
122*e7b1675dSTing-Kang Chang       NewEcdsaKeyTemplate(HashType::SHA256, EllipticCurveType::NIST_P256,
123*e7b1675dSTing-Kang Chang                           EcdsaSignatureEncoding::DER)
124*e7b1675dSTing-Kang Chang           .release();
125*e7b1675dSTing-Kang Chang   return *key_template;
126*e7b1675dSTing-Kang Chang }
127*e7b1675dSTing-Kang Chang 
128*e7b1675dSTing-Kang Chang // Deprecated, use EcdsaP384Sha384() or EcdsaP384Sha512() instead.
129*e7b1675dSTing-Kang Chang // static
EcdsaP384()130*e7b1675dSTing-Kang Chang const KeyTemplate& SignatureKeyTemplates::EcdsaP384() {
131*e7b1675dSTing-Kang Chang   static const KeyTemplate* key_template =
132*e7b1675dSTing-Kang Chang       NewEcdsaKeyTemplate(HashType::SHA512, EllipticCurveType::NIST_P384,
133*e7b1675dSTing-Kang Chang                           EcdsaSignatureEncoding::DER)
134*e7b1675dSTing-Kang Chang           .release();
135*e7b1675dSTing-Kang Chang   return *key_template;
136*e7b1675dSTing-Kang Chang }
137*e7b1675dSTing-Kang Chang 
138*e7b1675dSTing-Kang Chang // static
EcdsaP384Sha384()139*e7b1675dSTing-Kang Chang const KeyTemplate& SignatureKeyTemplates::EcdsaP384Sha384() {
140*e7b1675dSTing-Kang Chang   static const KeyTemplate* key_template =
141*e7b1675dSTing-Kang Chang       NewEcdsaKeyTemplate(HashType::SHA384, EllipticCurveType::NIST_P384,
142*e7b1675dSTing-Kang Chang                           EcdsaSignatureEncoding::DER)
143*e7b1675dSTing-Kang Chang           .release();
144*e7b1675dSTing-Kang Chang   return *key_template;
145*e7b1675dSTing-Kang Chang }
146*e7b1675dSTing-Kang Chang 
147*e7b1675dSTing-Kang Chang // static
EcdsaP384Sha512()148*e7b1675dSTing-Kang Chang const KeyTemplate& SignatureKeyTemplates::EcdsaP384Sha512() {
149*e7b1675dSTing-Kang Chang   static const KeyTemplate* key_template =
150*e7b1675dSTing-Kang Chang       NewEcdsaKeyTemplate(HashType::SHA512, EllipticCurveType::NIST_P384,
151*e7b1675dSTing-Kang Chang                           EcdsaSignatureEncoding::DER)
152*e7b1675dSTing-Kang Chang           .release();
153*e7b1675dSTing-Kang Chang   return *key_template;
154*e7b1675dSTing-Kang Chang }
155*e7b1675dSTing-Kang Chang 
156*e7b1675dSTing-Kang Chang // static
EcdsaP521()157*e7b1675dSTing-Kang Chang const KeyTemplate& SignatureKeyTemplates::EcdsaP521() {
158*e7b1675dSTing-Kang Chang   static const KeyTemplate* key_template =
159*e7b1675dSTing-Kang Chang       NewEcdsaKeyTemplate(HashType::SHA512, EllipticCurveType::NIST_P521,
160*e7b1675dSTing-Kang Chang                           EcdsaSignatureEncoding::DER)
161*e7b1675dSTing-Kang Chang           .release();
162*e7b1675dSTing-Kang Chang   return *key_template;
163*e7b1675dSTing-Kang Chang }
164*e7b1675dSTing-Kang Chang 
165*e7b1675dSTing-Kang Chang // static
EcdsaP256Raw()166*e7b1675dSTing-Kang Chang const KeyTemplate& SignatureKeyTemplates::EcdsaP256Raw() {
167*e7b1675dSTing-Kang Chang   static const KeyTemplate* key_template =
168*e7b1675dSTing-Kang Chang       NewEcdsaKeyTemplate(HashType::SHA256, EllipticCurveType::NIST_P256,
169*e7b1675dSTing-Kang Chang                           EcdsaSignatureEncoding::IEEE_P1363,
170*e7b1675dSTing-Kang Chang                           OutputPrefixType::RAW)
171*e7b1675dSTing-Kang Chang           .release();
172*e7b1675dSTing-Kang Chang   return *key_template;
173*e7b1675dSTing-Kang Chang }
174*e7b1675dSTing-Kang Chang 
175*e7b1675dSTing-Kang Chang // static
EcdsaP256Ieee()176*e7b1675dSTing-Kang Chang const KeyTemplate& SignatureKeyTemplates::EcdsaP256Ieee() {
177*e7b1675dSTing-Kang Chang   static const KeyTemplate* key_template =
178*e7b1675dSTing-Kang Chang       NewEcdsaKeyTemplate(HashType::SHA256, EllipticCurveType::NIST_P256,
179*e7b1675dSTing-Kang Chang                           EcdsaSignatureEncoding::IEEE_P1363)
180*e7b1675dSTing-Kang Chang           .release();
181*e7b1675dSTing-Kang Chang   return *key_template;
182*e7b1675dSTing-Kang Chang }
183*e7b1675dSTing-Kang Chang 
184*e7b1675dSTing-Kang Chang // static
EcdsaP384Ieee()185*e7b1675dSTing-Kang Chang const KeyTemplate& SignatureKeyTemplates::EcdsaP384Ieee() {
186*e7b1675dSTing-Kang Chang   static const KeyTemplate* key_template =
187*e7b1675dSTing-Kang Chang       NewEcdsaKeyTemplate(HashType::SHA512, EllipticCurveType::NIST_P384,
188*e7b1675dSTing-Kang Chang                           EcdsaSignatureEncoding::IEEE_P1363)
189*e7b1675dSTing-Kang Chang           .release();
190*e7b1675dSTing-Kang Chang   return *key_template;
191*e7b1675dSTing-Kang Chang }
192*e7b1675dSTing-Kang Chang 
193*e7b1675dSTing-Kang Chang // static
EcdsaP521Ieee()194*e7b1675dSTing-Kang Chang const KeyTemplate& SignatureKeyTemplates::EcdsaP521Ieee() {
195*e7b1675dSTing-Kang Chang   static const KeyTemplate* key_template =
196*e7b1675dSTing-Kang Chang       NewEcdsaKeyTemplate(HashType::SHA512, EllipticCurveType::NIST_P521,
197*e7b1675dSTing-Kang Chang                           EcdsaSignatureEncoding::IEEE_P1363)
198*e7b1675dSTing-Kang Chang           .release();
199*e7b1675dSTing-Kang Chang   return *key_template;
200*e7b1675dSTing-Kang Chang }
201*e7b1675dSTing-Kang Chang 
202*e7b1675dSTing-Kang Chang // static
RsaSsaPkcs13072Sha256F4()203*e7b1675dSTing-Kang Chang const KeyTemplate& SignatureKeyTemplates::RsaSsaPkcs13072Sha256F4() {
204*e7b1675dSTing-Kang Chang   static const KeyTemplate* key_template =
205*e7b1675dSTing-Kang Chang       NewRsaSsaPkcs1KeyTemplate(HashType::SHA256, 3072, RSA_F4).release();
206*e7b1675dSTing-Kang Chang   return *key_template;
207*e7b1675dSTing-Kang Chang }
208*e7b1675dSTing-Kang Chang 
209*e7b1675dSTing-Kang Chang // static
RsaSsaPkcs14096Sha512F4()210*e7b1675dSTing-Kang Chang const KeyTemplate& SignatureKeyTemplates::RsaSsaPkcs14096Sha512F4() {
211*e7b1675dSTing-Kang Chang   static const KeyTemplate* key_template =
212*e7b1675dSTing-Kang Chang       NewRsaSsaPkcs1KeyTemplate(HashType::SHA512, 4096, RSA_F4).release();
213*e7b1675dSTing-Kang Chang   return *key_template;
214*e7b1675dSTing-Kang Chang }
215*e7b1675dSTing-Kang Chang 
216*e7b1675dSTing-Kang Chang // static
RsaSsaPss3072Sha256Sha256F4()217*e7b1675dSTing-Kang Chang const KeyTemplate& SignatureKeyTemplates::RsaSsaPss3072Sha256Sha256F4() {
218*e7b1675dSTing-Kang Chang   static const KeyTemplate* key_template =
219*e7b1675dSTing-Kang Chang       NewRsaSsaPssKeyTemplate(HashType::SHA256, HashType::SHA256, 32, 3072,
220*e7b1675dSTing-Kang Chang                               RSA_F4)
221*e7b1675dSTing-Kang Chang           .release();
222*e7b1675dSTing-Kang Chang   return *key_template;
223*e7b1675dSTing-Kang Chang }
224*e7b1675dSTing-Kang Chang 
225*e7b1675dSTing-Kang Chang // static
RsaSsaPss4096Sha512Sha512F4()226*e7b1675dSTing-Kang Chang const KeyTemplate& SignatureKeyTemplates::RsaSsaPss4096Sha512Sha512F4() {
227*e7b1675dSTing-Kang Chang   static const KeyTemplate* key_template =
228*e7b1675dSTing-Kang Chang       NewRsaSsaPssKeyTemplate(HashType::SHA512, HashType::SHA512, 64, 4096,
229*e7b1675dSTing-Kang Chang                               RSA_F4)
230*e7b1675dSTing-Kang Chang           .release();
231*e7b1675dSTing-Kang Chang   return *key_template;
232*e7b1675dSTing-Kang Chang }
233*e7b1675dSTing-Kang Chang 
234*e7b1675dSTing-Kang Chang // static
RsaSsaPss4096Sha384Sha384F4()235*e7b1675dSTing-Kang Chang const KeyTemplate& SignatureKeyTemplates::RsaSsaPss4096Sha384Sha384F4() {
236*e7b1675dSTing-Kang Chang   static const KeyTemplate* key_template =
237*e7b1675dSTing-Kang Chang       NewRsaSsaPssKeyTemplate(HashType::SHA384, HashType::SHA384, 48, 4096,
238*e7b1675dSTing-Kang Chang                               RSA_F4)
239*e7b1675dSTing-Kang Chang           .release();
240*e7b1675dSTing-Kang Chang   return *key_template;
241*e7b1675dSTing-Kang Chang }
242*e7b1675dSTing-Kang Chang 
243*e7b1675dSTing-Kang Chang // static
Ed25519()244*e7b1675dSTing-Kang Chang const google::crypto::tink::KeyTemplate& SignatureKeyTemplates::Ed25519() {
245*e7b1675dSTing-Kang Chang   static KeyTemplate* key_template = new KeyTemplate();
246*e7b1675dSTing-Kang Chang   key_template->set_type_url(
247*e7b1675dSTing-Kang Chang       absl::StrCat(kTypeGoogleapisCom, Ed25519PrivateKey().GetTypeName()));
248*e7b1675dSTing-Kang Chang   key_template->set_output_prefix_type(OutputPrefixType::TINK);
249*e7b1675dSTing-Kang Chang   return *key_template;
250*e7b1675dSTing-Kang Chang }
251*e7b1675dSTing-Kang Chang 
252*e7b1675dSTing-Kang Chang // static
253*e7b1675dSTing-Kang Chang const google::crypto::tink::KeyTemplate&
Ed25519WithRawOutput()254*e7b1675dSTing-Kang Chang SignatureKeyTemplates::Ed25519WithRawOutput() {
255*e7b1675dSTing-Kang Chang   static KeyTemplate* key_template = new KeyTemplate();
256*e7b1675dSTing-Kang Chang   key_template->set_type_url(
257*e7b1675dSTing-Kang Chang       absl::StrCat(kTypeGoogleapisCom, Ed25519PrivateKey().GetTypeName()));
258*e7b1675dSTing-Kang Chang   key_template->set_output_prefix_type(OutputPrefixType::RAW);
259*e7b1675dSTing-Kang Chang   return *key_template;
260*e7b1675dSTing-Kang Chang }
261*e7b1675dSTing-Kang Chang 
262*e7b1675dSTing-Kang Chang }  // namespace tink
263*e7b1675dSTing-Kang Chang }  // namespace crypto
264