blob: dc324502052c1b91a674bec53cd8068cf003bf41 [file] [log] [blame]
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// See the License for the specific language governing permissions and
// limitations under the License.
const Bytes = goog.require('google3.third_party.tink.javascript.subtle.bytes');
const EcdsaPublicKeyManager = goog.require('tink.signature.EcdsaPublicKeyManager');
const ecdsaSign = goog.require('google3.third_party.tink.javascript.subtle.ecdsa_sign');
const EcdsaUtil = goog.require('tink.signature.EcdsaUtil');
const EllipticCurves = goog.require('google3.third_party.tink.javascript.subtle.elliptic_curves');
const KeyManager = goog.require('google3.third_party.tink.javascript.internal.key_manager');
const {PublicKeySign} = goog.require('google3.third_party.tink.javascript.signature.internal.public_key_sign');
const {SecurityException} = goog.require('google3.third_party.tink.javascript.exception.security_exception');
const Util = goog.require('google3.third_party.tink.javascript.internal.util');
const {PbEcdsaKeyFormat, PbEcdsaParams, PbEcdsaPrivateKey, PbEcdsaPublicKey, PbKeyData, PbMessage} = goog.require('google3.third_party.tink.javascript.internal.proto');
* @implements {KeyManager.PrivateKeyFactory}
* @final
class EcdsaPrivateKeyFactory {
* @override
* @return {!Promise<!PbEcdsaPrivateKey>}
async newKey(keyFormat) {
if (!keyFormat) {
throw new SecurityException('Key format has to be non-null.');
const keyFormatProto = EcdsaPrivateKeyFactory.getKeyFormatProto_(keyFormat);
return await EcdsaPrivateKeyFactory.newKeyImpl_(keyFormatProto);
* @override
* @return {!Promise<!PbKeyData>}
async newKeyData(serializedKeyFormat) {
const key = await this.newKey(serializedKeyFormat);
const keyData =
new PbKeyData()
return keyData;
/** @override */
getPublicKeyData(serializedPrivateKey) {
const privateKey =
const publicKeyData =
new PbKeyData()
return publicKeyData;
* Generates key corresponding to the given key format.
* WARNING: This function assumes that the keyFormat has been validated.
* @private
* @param {!PbEcdsaKeyFormat} keyFormat
* @return {!Promise<!PbEcdsaPrivateKey>}
static async newKeyImpl_(keyFormat) {
const params =
/** @type {!PbEcdsaParams} */ (keyFormat.getParams());
const curveTypeProto = params.getCurve();
const curveTypeSubtle = Util.curveTypeProtoToSubtle(curveTypeProto);
const curveName = EllipticCurves.curveToString(curveTypeSubtle);
const keyPair = await EllipticCurves.generateKeyPair('ECDSA', curveName);
const jsonPublicKey =
await EllipticCurves.exportCryptoKey(/** @type {?} */ (keyPair).publicKey);
const jsonPrivateKey =
await EllipticCurves.exportCryptoKey(/** @type {?} */ (keyPair).privateKey);
return EcdsaPrivateKeyFactory.jsonToProtoKey_(
jsonPrivateKey, jsonPublicKey, params);
* Creates a private key proto corresponding to given JSON key pair and with
* the given params.
* @private
* @param {!webCrypto.JsonWebKey} jsonPrivateKey
* @param {!webCrypto.JsonWebKey} jsonPublicKey
* @param {!PbEcdsaParams} params
* @return {!PbEcdsaPrivateKey}
static jsonToProtoKey_(jsonPrivateKey, jsonPublicKey, params) {
const publicKeyProto =
new PbEcdsaPublicKey()
.setX(Bytes.fromBase64(jsonPublicKey['x'], true))
.setY(Bytes.fromBase64(jsonPublicKey['y'], true));
const privateKeyProto =
new PbEcdsaPrivateKey()
.setKeyValue(Bytes.fromBase64(jsonPrivateKey['d'], true));
return privateKeyProto;
* The input keyFormat is either deserialized (in case that the input is
* Uint8Array) or checked to be an EcdsaKeyFormat-proto (otherwise).
* @private
* @param {!PbMessage|!Uint8Array} keyFormat
* @return {!PbEcdsaKeyFormat}
static getKeyFormatProto_(keyFormat) {
if (keyFormat instanceof Uint8Array) {
return EcdsaPrivateKeyFactory.deserializeKeyFormat_(keyFormat);
} else {
if (keyFormat instanceof PbEcdsaKeyFormat) {
return keyFormat;
} else {
throw new SecurityException(
'Expected ' + EcdsaPrivateKeyManager.KEY_TYPE +
' key format proto.');
* @private
* @param {!Uint8Array} keyFormat
* @return {!PbEcdsaKeyFormat}
static deserializeKeyFormat_(keyFormat) {
let /** !PbEcdsaKeyFormat */ keyFormatProto;
try {
keyFormatProto = PbEcdsaKeyFormat.deserializeBinary(keyFormat);
} catch (e) {
throw new SecurityException(
'Input cannot be parsed as ' + EcdsaPrivateKeyManager.KEY_TYPE +
' key format proto.');
if (!keyFormatProto.getParams()) {
throw new SecurityException(
'Input cannot be parsed as ' + EcdsaPrivateKeyManager.KEY_TYPE +
' key format proto.');
return keyFormatProto;
* @implements {KeyManager.KeyManager<PublicKeySign>}
* @final
class EcdsaPrivateKeyManager {
constructor() {
this.keyFactory = new EcdsaPrivateKeyFactory();
/** @override */
async getPrimitive(primitiveType, key) {
if (primitiveType !== this.getPrimitiveType()) {
throw new SecurityException(
'Requested primitive type which is not ' +
'supported by this key manager.');
const keyProto = EcdsaPrivateKeyManager.getKeyProto_(key);
keyProto, EcdsaPrivateKeyManager.VERSION_,
const recipientPrivateKey = EcdsaUtil.getJsonWebKeyFromProto(keyProto);
const params =
/** @type {!PbEcdsaParams} */ (keyProto.getPublicKey().getParams());
const hash = Util.hashTypeProtoToString(params.getHashType());
const encoding = EcdsaUtil.encodingTypeProtoToEnum(params.getEncoding());
return await ecdsaSign.fromJsonWebKey(recipientPrivateKey, hash, encoding);
/** @override */
doesSupport(keyType) {
return keyType === this.getKeyType();
/** @override */
getKeyType() {
return EcdsaPrivateKeyManager.KEY_TYPE;
/** @override */
getPrimitiveType() {
return EcdsaPrivateKeyManager.SUPPORTED_PRIMITIVE_;
/** @override */
getVersion() {
return EcdsaPrivateKeyManager.VERSION_;
/** @override */
getKeyFactory() {
return this.keyFactory;
* @private
* @param {!PbKeyData|!PbMessage} keyMaterial
* @return {!PbEcdsaPrivateKey}
static getKeyProto_(keyMaterial) {
if (keyMaterial instanceof PbKeyData) {
return EcdsaPrivateKeyManager.getKeyProtoFromKeyData_(keyMaterial);
if (keyMaterial instanceof PbEcdsaPrivateKey) {
return keyMaterial;
throw new SecurityException(
'Key type is not supported. This key ' +
'manager supports ' + EcdsaPrivateKeyManager.KEY_TYPE + '.');
* @private
* @param {!PbKeyData} keyData
* @return {!PbEcdsaPrivateKey}
static getKeyProtoFromKeyData_(keyData) {
if (keyData.getTypeUrl() !== EcdsaPrivateKeyManager.KEY_TYPE) {
throw new SecurityException(
'Key type ' + keyData.getTypeUrl() +
' is not supported. This key manager supports ' +
EcdsaPrivateKeyManager.KEY_TYPE + '.');
return EcdsaPrivateKeyManager.deserializePrivateKey_(
* @private
* @param {!Uint8Array} serializedPrivateKey
* @return {!PbEcdsaPrivateKey}
static deserializePrivateKey_(serializedPrivateKey) {
let /** !PbEcdsaPrivateKey */ key;
try {
key = PbEcdsaPrivateKey.deserializeBinary(serializedPrivateKey);
} catch (e) {
throw new SecurityException(
'Input cannot be parsed as ' + EcdsaPrivateKeyManager.KEY_TYPE +
' key-proto.');
if (!key.getPublicKey() || !key.getKeyValue()) {
throw new SecurityException(
'Input cannot be parsed as ' + EcdsaPrivateKeyManager.KEY_TYPE +
' key-proto.');
return key;
/** @const @private {!Object} */
EcdsaPrivateKeyManager.SUPPORTED_PRIMITIVE_ = PublicKeySign;
/** @const @public {string} */
EcdsaPrivateKeyManager.KEY_TYPE =
/** @const @private {number} */
EcdsaPrivateKeyManager.VERSION_ = 0;
exports = EcdsaPrivateKeyManager;