Google Git
Sign in
fuchsia / third_party / tink / 847e46d933afba38702956cd2c44305661817820 / . / javascript / signature / signature_key_templates.js
blob: d958d604f7089ebba13e7512a977098d8df5f084 [file] [log] [blame]
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////
goog.module('tink.signature.SignatureKeyTemplates');
const PbEcdsaKeyFormat = goog.require('proto.google.crypto.tink.EcdsaKeyFormat');
const PbEcdsaParams = goog.require('proto.google.crypto.tink.EcdsaParams');
const PbEcdsaSignatureEncoding = goog.require('proto.google.crypto.tink.EcdsaSignatureEncoding');
const PbEllipticCurveType = goog.require('proto.google.crypto.tink.EllipticCurveType');
const PbHashType = goog.require('proto.google.crypto.tink.HashType');
const PbKeyTemplate = goog.require('proto.google.crypto.tink.KeyTemplate');
const PbOutputPrefixType = goog.require('proto.google.crypto.tink.OutputPrefixType');
const SignatureConfig = goog.require('tink.signature.SignatureConfig');
/**
* Pre-generated KeyTemplates for keys for digital signatures.
*
* One can use these templates to generate new Keyset with
* KeysetHandle.generateNew method. To generate a new keyset that contains a
* single EcdsaKey, one can do:
*
* SignatureConfig.Register();
* KeysetHandle handle = KeysetHandle.generateNew(
* SignatureKeyTemplates.ecdsaP256());
*
* @final
*/
class SignatureKeyTemplates {
/**
* Returns a KeyTemplate that generates new instances of
* EcdsaPrivateKey with the following parameters:
* Hash function: SHA256
* Curve: NIST P-256
* Signature encoding: DER (this is the encoding that Java uses)
* OutputPrefixType: TINK
*
* @return {!PbKeyTemplate}
*/
static ecdsaP256() {
return createEcdsaKeyTemplate(
/* curveType = */ PbEllipticCurveType.NIST_P256,
/* hashType = */ PbHashType.SHA256,
/* encoding = */ PbEcdsaSignatureEncoding.DER,
/* outputPrefixType = */ PbOutputPrefixType.TINK);
}
/**
* Returns a KeyTemplate that generates new instances of
* EcdsaPrivateKey with the following parameters:
* Hash function: SHA512
* Curve: NIST P-384
* Signature encoding: DER (this is the encoding that Java uses)
* OutputPrefixType: TINK
*
* @return {!PbKeyTemplate}
*/
static ecdsaP384() {
return createEcdsaKeyTemplate(
/* curveType = */ PbEllipticCurveType.NIST_P384,
/* hashType = */ PbHashType.SHA512,
/* encoding = */ PbEcdsaSignatureEncoding.DER,
/* outputPrefixType = */ PbOutputPrefixType.TINK);
}
/**
* Returns a KeyTemplate that generates new instances of
* EcdsaPrivateKey with the following parameters:
* Hash function: SHA512
* Curve: NIST P-521
* Signature encoding: DER (this is the encoding that Java uses).
* OutputPrefixType: TINK
*
* @return {!PbKeyTemplate}
*/
static ecdsaP521() {
return createEcdsaKeyTemplate(
/* curveType = */ PbEllipticCurveType.NIST_P521,
/* hashType = */ PbHashType.SHA512,
/* encoding = */ PbEcdsaSignatureEncoding.DER,
/* outputPrefixType = */ PbOutputPrefixType.TINK);
}
/**
* Returns a KeyTemplate that generates new instances of
* EcdsaPrivateKey with the following parameters:
* Hash function: SHA256
* Curve: NIST P-256
* Signature encoding: IEEE_P1363 (this is the encoding that WebCrypto uses)
* OutputPrefixType: TINK
*
* @return {!PbKeyTemplate}
*/
static ecdsaP256IeeeEncoding() {
return createEcdsaKeyTemplate(
/* curveType = */ PbEllipticCurveType.NIST_P256,
/* hashType = */ PbHashType.SHA256,
/* encoding = */ PbEcdsaSignatureEncoding.IEEE_P1363,
/* outputPrefixType = */ PbOutputPrefixType.TINK);
}
/**
* Returns a KeyTemplate that generates new instances of
* EcdsaPrivateKey with the following parameters:
* Hash function: SHA512
* Curve: NIST P-384
* Signature encoding: IEEE_P1363 (this is the encoding that WebCrypto uses)
* OutputPrefixType: TINK
*
* @return {!PbKeyTemplate}
*/
static ecdsaP384IeeeEncoding() {
return createEcdsaKeyTemplate(
/* curveType = */ PbEllipticCurveType.NIST_P384,
/* hashType = */ PbHashType.SHA512,
/* encoding = */ PbEcdsaSignatureEncoding.IEEE_P1363,
/* outputPrefixType = */ PbOutputPrefixType.TINK);
}
/**
* Returns a KeyTemplate that generates new instances of
* EcdsaPrivateKey with the following parameters:
* Hash function: SHA512
* Curve: NIST P-521
* Signature encoding: IEEE_P1363 (this is the encoding that WebCrypto uses)
* OutputPrefixType: TINK
*
* @return {!PbKeyTemplate}
*/
static ecdsaP521IeeeEncoding() {
return createEcdsaKeyTemplate(
/* curveType = */ PbEllipticCurveType.NIST_P521,
/* hashType = */ PbHashType.SHA512,
/* encoding = */ PbEcdsaSignatureEncoding.IEEE_P1363,
/* outputPrefixType = */ PbOutputPrefixType.TINK);
}
}
/**
* @param {!PbEllipticCurveType} curveType
* @param {!PbHashType} hashType
* @param {!PbEcdsaSignatureEncoding} encoding
* @param {!PbOutputPrefixType} outputPrefixType
*
* @return {!PbKeyTemplate}
*/
const createEcdsaKeyTemplate = function(
curveType, hashType, encoding, outputPrefixType) {
// key format
const keyFormat = new PbEcdsaKeyFormat();
const params =
new PbEcdsaParams().setCurve(curveType).setHashType(hashType).setEncoding(
encoding);
keyFormat.setParams(params);
// key template
const keyTemplate = new PbKeyTemplate()
.setTypeUrl(SignatureConfig.ECDSA_PRIVATE_KEY_TYPE)
.setValue(keyFormat.serializeBinary())
.setOutputPrefixType(outputPrefixType);
return keyTemplate;
};
exports = SignatureKeyTemplates;