cc/signature/ecdsa_sign_key_manager.cc - third_party/tink - Git at Google

 // Copyright 2017 Google Inc.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //
 ///////////////////////////////////////////////////////////////////////////////

 #include "tink/signature/ecdsa_sign_key_manager.h"

 #include "absl/strings/string_view.h"
 #include "absl/memory/memory.h"
 #include "tink/public_key_sign.h"
 #include "tink/key_manager.h"
 #include "tink/signature/ecdsa_verify_key_manager.h"
 #include "tink/subtle/ecdsa_sign_boringssl.h"
 #include "tink/subtle/subtle_util_boringssl.h"
 #include "tink/util/enums.h"
 #include "tink/util/errors.h"
 #include "tink/util/protobuf_helper.h"
 #include "tink/util/status.h"
 #include "tink/util/statusor.h"
 #include "tink/util/validation.h"
 #include "proto/ecdsa.pb.h"
 #include "proto/tink.pb.h"

 namespace crypto {
 namespace tink {

 using google::crypto::tink::EcdsaKeyFormat;
 using google::crypto::tink::EcdsaPrivateKey;
 using google::crypto::tink::EcdsaPublicKey;
 using google::crypto::tink::KeyData;
 using portable_proto::MessageLite;
 using crypto::tink::util::Enums;
 using crypto::tink::util::Status;
 using crypto::tink::util::StatusOr;

 class EcdsaPrivateKeyFactory : public PrivateKeyFactory {
  public:
   EcdsaPrivateKeyFactory() {}

   // Generates a new random EcdsaPrivateKey, based on
   // the given 'key_format', which must contain EcdsaKeyFormat-proto.
   crypto::tink::util::StatusOr<std::unique_ptr<portable_proto::MessageLite>>
   NewKey(const portable_proto::MessageLite& key_format) const override;

   // Generates a new random EcdsaPrivateKey, based on
   // the given 'serialized_key_format', which must contain
   // EcdsaKeyFormat-proto.
   crypto::tink::util::StatusOr<std::unique_ptr<portable_proto::MessageLite>>
   NewKey(absl::string_view serialized_key_format) const override;

   // Generates a new random EcdsaPrivateKey based on
   // the given 'serialized_key_format' (which must contain
   // EcdsaKeyFormat-proto), and wraps it in a KeyData-proto.
   crypto::tink::util::StatusOr<std::unique_ptr<google::crypto::tink::KeyData>>
   NewKeyData(absl::string_view serialized_key_format) const override;

   // Returns KeyData proto that contains EcdsaPublicKey
   // extracted from the given serialized_private_key, which must contain
   // EcdsaPrivateKey-proto.
   crypto::tink::util::StatusOr<std::unique_ptr<google::crypto::tink::KeyData>>
   GetPublicKeyData(absl::string_view serialized_private_key) const override;
 };

 StatusOr<std::unique_ptr<MessageLite>> EcdsaPrivateKeyFactory::NewKey(
     const portable_proto::MessageLite& key_format) const {
   std::string key_format_url =
       std::string(EcdsaSignKeyManager::kKeyTypePrefix) +
       key_format.GetTypeName();
   if (key_format_url != EcdsaSignKeyManager::kKeyFormatUrl) {
     return ToStatusF(util::error::INVALID_ARGUMENT,
                      "Key format proto '%s' is not supported by this manager.",
                      key_format_url.c_str());
   }
   const EcdsaKeyFormat& ecdsa_key_format =
         reinterpret_cast<const EcdsaKeyFormat&>(key_format);
   Status status = EcdsaVerifyKeyManager::Validate(ecdsa_key_format);
   if (!status.ok()) return status;

   // Generate new EC key.
   auto ec_key_result = subtle::SubtleUtilBoringSSL::GetNewEcKey(
       util::Enums::ProtoToSubtle(ecdsa_key_format.params().curve()));
   if (!ec_key_result.ok()) return ec_key_result.status();
   auto ec_key = ec_key_result.ValueOrDie();

   // Build EcdsaPrivateKey.
   std::unique_ptr<EcdsaPrivateKey> ecdsa_private_key(
       new EcdsaPrivateKey());
   ecdsa_private_key->set_version(EcdsaSignKeyManager::kVersion);
   ecdsa_private_key->set_key_value(ec_key.priv);
   auto ecdsa_public_key = ecdsa_private_key->mutable_public_key();
   ecdsa_public_key->set_version(EcdsaSignKeyManager::kVersion);
   ecdsa_public_key->set_x(ec_key.pub_x);
   ecdsa_public_key->set_y(ec_key.pub_y);
   *(ecdsa_public_key->mutable_params()) = ecdsa_key_format.params();

   std::unique_ptr<MessageLite> key = std::move(ecdsa_private_key);
   return std::move(key);
 }

 StatusOr<std::unique_ptr<MessageLite>> EcdsaPrivateKeyFactory::NewKey(
     absl::string_view serialized_key_format) const {
   EcdsaKeyFormat key_format;
   if (!key_format.ParseFromString(std::string(serialized_key_format))) {
     return ToStatusF(util::error::INVALID_ARGUMENT,
                      "Could not parse the passed string as proto '%s'.",
                      EcdsaSignKeyManager::kKeyFormatUrl);
   }
   return NewKey(key_format);
 }

 StatusOr<std::unique_ptr<KeyData>> EcdsaPrivateKeyFactory::NewKeyData(
     absl::string_view serialized_key_format) const {
   auto new_key_result = NewKey(serialized_key_format);
   if (!new_key_result.ok()) return new_key_result.status();
   auto new_key = reinterpret_cast<const EcdsaPrivateKey&>(
       *(new_key_result.ValueOrDie()));
   std::unique_ptr<KeyData> key_data(new KeyData());
   key_data->set_type_url(EcdsaSignKeyManager::kKeyType);
   key_data->set_value(new_key.SerializeAsString());
   key_data->set_key_material_type(KeyData::ASYMMETRIC_PRIVATE);
   return std::move(key_data);
 }

 StatusOr<std::unique_ptr<KeyData>>
 EcdsaPrivateKeyFactory::GetPublicKeyData(
     absl::string_view serialized_private_key) const {
   EcdsaPrivateKey private_key;
   if (!private_key.ParseFromString(std::string(serialized_private_key))) {
     return ToStatusF(util::error::INVALID_ARGUMENT,
                      "Could not parse the passed string as proto '%s'.",
                      EcdsaVerifyKeyManager::kKeyType);
   }
   auto status = EcdsaSignKeyManager::Validate(private_key);
   if (!status.ok()) return status;
   auto key_data = absl::make_unique<KeyData>();
   key_data->set_type_url(EcdsaVerifyKeyManager::kKeyType);
   key_data->set_value(private_key.public_key().SerializeAsString());
   key_data->set_key_material_type(KeyData:: ASYMMETRIC_PUBLIC);
   return std::move(key_data);
 }

 constexpr char EcdsaSignKeyManager::kKeyFormatUrl[];
 constexpr char EcdsaSignKeyManager::kKeyTypePrefix[];
 constexpr char EcdsaSignKeyManager::kKeyType[];
 constexpr uint32_t EcdsaSignKeyManager::kVersion;

 EcdsaSignKeyManager::EcdsaSignKeyManager()
     : key_type_(kKeyType), key_factory_(new EcdsaPrivateKeyFactory()) {
 }

 const std::string& EcdsaSignKeyManager::get_key_type() const {
   return key_type_;
 }

 const KeyFactory& EcdsaSignKeyManager::get_key_factory() const {
   return *key_factory_;
 }

 uint32_t EcdsaSignKeyManager::get_version() const {
   return kVersion;
 }

 StatusOr<std::unique_ptr<PublicKeySign>>
 EcdsaSignKeyManager::GetPrimitive(const KeyData& key_data) const {
   if (DoesSupport(key_data.type_url())) {
     EcdsaPrivateKey ecdsa_private_key;
     if (!ecdsa_private_key.ParseFromString(key_data.value())) {
       return ToStatusF(util::error::INVALID_ARGUMENT,
                        "Could not parse key_data.value as key type '%s'.",
                        key_data.type_url().c_str());
     }
     return GetPrimitiveImpl(ecdsa_private_key);
   } else {
     return ToStatusF(util::error::INVALID_ARGUMENT,
                      "Key type '%s' is not supported by this manager.",
                      key_data.type_url().c_str());
   }
 }

 StatusOr<std::unique_ptr<PublicKeySign>>
 EcdsaSignKeyManager::GetPrimitive(const MessageLite& key) const {
   std::string key_type = std::string(kKeyTypePrefix) + key.GetTypeName();
   if (DoesSupport(key_type)) {
     const EcdsaPrivateKey& ecdsa_private_key =
         reinterpret_cast<const EcdsaPrivateKey&>(key);
     return GetPrimitiveImpl(ecdsa_private_key);
   } else {
     return ToStatusF(util::error::INVALID_ARGUMENT,
                      "Key type '%s' is not supported by this manager.",
                      key_type.c_str());
   }
 }

 StatusOr<std::unique_ptr<PublicKeySign>>
 EcdsaSignKeyManager::GetPrimitiveImpl(
     const EcdsaPrivateKey& ecdsa_private_key) const {
   Status status = Validate(ecdsa_private_key);
   if (!status.ok()) return status;
   const EcdsaPublicKey& public_key = ecdsa_private_key.public_key();
   subtle::SubtleUtilBoringSSL::EcKey ec_key;
   ec_key.curve = Enums::ProtoToSubtle(public_key.params().curve());
   ec_key.pub_x = public_key.x();
   ec_key.pub_y = public_key.y();
   ec_key.priv = ecdsa_private_key.key_value();
   auto ecdsa_result = subtle::EcdsaSignBoringSsl::New(
       ec_key, Enums::ProtoToSubtle(public_key.params().hash_type()),
       Enums::ProtoToSubtle(public_key.params().encoding()));
   if (!ecdsa_result.ok()) return ecdsa_result.status();
   std::unique_ptr<PublicKeySign> ecdsa(ecdsa_result.ValueOrDie().release());
   return std::move(ecdsa);
 }

 // static
 Status EcdsaSignKeyManager::Validate(
     const EcdsaPrivateKey& key) {
   Status status = ValidateVersion(key.version(), kVersion);
   if (!status.ok()) return status;
   return EcdsaVerifyKeyManager::Validate(key.public_key().params());
 }

 }  // namespace tink
 }  // namespace crypto
	// Copyright 2017 Google Inc.
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.
	//
	///////////////////////////////////////////////////////////////////////////////

	#include "tink/signature/ecdsa_sign_key_manager.h"

	#include "absl/strings/string_view.h"
	#include "absl/memory/memory.h"
	#include "tink/public_key_sign.h"
	#include "tink/key_manager.h"
	#include "tink/signature/ecdsa_verify_key_manager.h"
	#include "tink/subtle/ecdsa_sign_boringssl.h"
	#include "tink/subtle/subtle_util_boringssl.h"
	#include "tink/util/enums.h"
	#include "tink/util/errors.h"
	#include "tink/util/protobuf_helper.h"
	#include "tink/util/status.h"
	#include "tink/util/statusor.h"
	#include "tink/util/validation.h"
	#include "proto/ecdsa.pb.h"
	#include "proto/tink.pb.h"

	namespace crypto {
	namespace tink {

	using google::crypto::tink::EcdsaKeyFormat;
	using google::crypto::tink::EcdsaPrivateKey;
	using google::crypto::tink::EcdsaPublicKey;
	using google::crypto::tink::KeyData;
	using portable_proto::MessageLite;
	using crypto::tink::util::Enums;
	using crypto::tink::util::Status;
	using crypto::tink::util::StatusOr;

	class EcdsaPrivateKeyFactory : public PrivateKeyFactory {
	public:
	EcdsaPrivateKeyFactory() {}

	// Generates a new random EcdsaPrivateKey, based on
	// the given 'key_format', which must contain EcdsaKeyFormat-proto.
	crypto::tink::util::StatusOr<std::unique_ptr<portable_proto::MessageLite>>
	NewKey(const portable_proto::MessageLite& key_format) const override;

	// Generates a new random EcdsaPrivateKey, based on
	// the given 'serialized_key_format', which must contain
	// EcdsaKeyFormat-proto.
	crypto::tink::util::StatusOr<std::unique_ptr<portable_proto::MessageLite>>
	NewKey(absl::string_view serialized_key_format) const override;

	// Generates a new random EcdsaPrivateKey based on
	// the given 'serialized_key_format' (which must contain
	// EcdsaKeyFormat-proto), and wraps it in a KeyData-proto.
	crypto::tink::util::StatusOr<std::unique_ptr<google::crypto::tink::KeyData>>
	NewKeyData(absl::string_view serialized_key_format) const override;

	// Returns KeyData proto that contains EcdsaPublicKey
	// extracted from the given serialized_private_key, which must contain
	// EcdsaPrivateKey-proto.
	crypto::tink::util::StatusOr<std::unique_ptr<google::crypto::tink::KeyData>>
	GetPublicKeyData(absl::string_view serialized_private_key) const override;
	};

	StatusOr<std::unique_ptr<MessageLite>> EcdsaPrivateKeyFactory::NewKey(
	const portable_proto::MessageLite& key_format) const {
	std::string key_format_url =
	std::string(EcdsaSignKeyManager::kKeyTypePrefix) +
	key_format.GetTypeName();
	if (key_format_url != EcdsaSignKeyManager::kKeyFormatUrl) {
	return ToStatusF(util::error::INVALID_ARGUMENT,
	"Key format proto '%s' is not supported by this manager.",
	key_format_url.c_str());
	}
	const EcdsaKeyFormat& ecdsa_key_format =
	reinterpret_cast<const EcdsaKeyFormat&>(key_format);
	Status status = EcdsaVerifyKeyManager::Validate(ecdsa_key_format);
	if (!status.ok()) return status;

	// Generate new EC key.
	auto ec_key_result = subtle::SubtleUtilBoringSSL::GetNewEcKey(
	util::Enums::ProtoToSubtle(ecdsa_key_format.params().curve()));
	if (!ec_key_result.ok()) return ec_key_result.status();
	auto ec_key = ec_key_result.ValueOrDie();

	// Build EcdsaPrivateKey.
	std::unique_ptr<EcdsaPrivateKey> ecdsa_private_key(
	new EcdsaPrivateKey());
	ecdsa_private_key->set_version(EcdsaSignKeyManager::kVersion);
	ecdsa_private_key->set_key_value(ec_key.priv);
	auto ecdsa_public_key = ecdsa_private_key->mutable_public_key();
	ecdsa_public_key->set_version(EcdsaSignKeyManager::kVersion);
	ecdsa_public_key->set_x(ec_key.pub_x);
	ecdsa_public_key->set_y(ec_key.pub_y);
	*(ecdsa_public_key->mutable_params()) = ecdsa_key_format.params();

	std::unique_ptr<MessageLite> key = std::move(ecdsa_private_key);
	return std::move(key);
	}

	StatusOr<std::unique_ptr<MessageLite>> EcdsaPrivateKeyFactory::NewKey(
	absl::string_view serialized_key_format) const {
	EcdsaKeyFormat key_format;
	if (!key_format.ParseFromString(std::string(serialized_key_format))) {
	return ToStatusF(util::error::INVALID_ARGUMENT,
	"Could not parse the passed string as proto '%s'.",
	EcdsaSignKeyManager::kKeyFormatUrl);
	}
	return NewKey(key_format);
	}

	StatusOr<std::unique_ptr<KeyData>> EcdsaPrivateKeyFactory::NewKeyData(
	absl::string_view serialized_key_format) const {
	auto new_key_result = NewKey(serialized_key_format);
	if (!new_key_result.ok()) return new_key_result.status();
	auto new_key = reinterpret_cast<const EcdsaPrivateKey&>(
	*(new_key_result.ValueOrDie()));
	std::unique_ptr<KeyData> key_data(new KeyData());
	key_data->set_type_url(EcdsaSignKeyManager::kKeyType);
	key_data->set_value(new_key.SerializeAsString());
	key_data->set_key_material_type(KeyData::ASYMMETRIC_PRIVATE);
	return std::move(key_data);
	}

	StatusOr<std::unique_ptr<KeyData>>
	EcdsaPrivateKeyFactory::GetPublicKeyData(
	absl::string_view serialized_private_key) const {
	EcdsaPrivateKey private_key;
	if (!private_key.ParseFromString(std::string(serialized_private_key))) {
	return ToStatusF(util::error::INVALID_ARGUMENT,
	"Could not parse the passed string as proto '%s'.",
	EcdsaVerifyKeyManager::kKeyType);
	}
	auto status = EcdsaSignKeyManager::Validate(private_key);
	if (!status.ok()) return status;
	auto key_data = absl::make_unique<KeyData>();
	key_data->set_type_url(EcdsaVerifyKeyManager::kKeyType);
	key_data->set_value(private_key.public_key().SerializeAsString());
	key_data->set_key_material_type(KeyData:: ASYMMETRIC_PUBLIC);
	return std::move(key_data);
	}

	constexpr char EcdsaSignKeyManager::kKeyFormatUrl[];
	constexpr char EcdsaSignKeyManager::kKeyTypePrefix[];
	constexpr char EcdsaSignKeyManager::kKeyType[];
	constexpr uint32_t EcdsaSignKeyManager::kVersion;

	EcdsaSignKeyManager::EcdsaSignKeyManager()
	: key_type_(kKeyType), key_factory_(new EcdsaPrivateKeyFactory()) {
	}

	const std::string& EcdsaSignKeyManager::get_key_type() const {
	return key_type_;
	}

	const KeyFactory& EcdsaSignKeyManager::get_key_factory() const {
	return *key_factory_;
	}

	uint32_t EcdsaSignKeyManager::get_version() const {
	return kVersion;
	}

	StatusOr<std::unique_ptr<PublicKeySign>>
	EcdsaSignKeyManager::GetPrimitive(const KeyData& key_data) const {
	if (DoesSupport(key_data.type_url())) {
	EcdsaPrivateKey ecdsa_private_key;
	if (!ecdsa_private_key.ParseFromString(key_data.value())) {
	return ToStatusF(util::error::INVALID_ARGUMENT,
	"Could not parse key_data.value as key type '%s'.",
	key_data.type_url().c_str());
	}
	return GetPrimitiveImpl(ecdsa_private_key);
	} else {
	return ToStatusF(util::error::INVALID_ARGUMENT,
	"Key type '%s' is not supported by this manager.",
	key_data.type_url().c_str());
	}
	}

	StatusOr<std::unique_ptr<PublicKeySign>>
	EcdsaSignKeyManager::GetPrimitive(const MessageLite& key) const {
	std::string key_type = std::string(kKeyTypePrefix) + key.GetTypeName();
	if (DoesSupport(key_type)) {
	const EcdsaPrivateKey& ecdsa_private_key =
	reinterpret_cast<const EcdsaPrivateKey&>(key);
	return GetPrimitiveImpl(ecdsa_private_key);
	} else {
	return ToStatusF(util::error::INVALID_ARGUMENT,
	"Key type '%s' is not supported by this manager.",
	key_type.c_str());
	}
	}

	StatusOr<std::unique_ptr<PublicKeySign>>
	EcdsaSignKeyManager::GetPrimitiveImpl(
	const EcdsaPrivateKey& ecdsa_private_key) const {
	Status status = Validate(ecdsa_private_key);
	if (!status.ok()) return status;
	const EcdsaPublicKey& public_key = ecdsa_private_key.public_key();
	subtle::SubtleUtilBoringSSL::EcKey ec_key;
	ec_key.curve = Enums::ProtoToSubtle(public_key.params().curve());
	ec_key.pub_x = public_key.x();
	ec_key.pub_y = public_key.y();
	ec_key.priv = ecdsa_private_key.key_value();
	auto ecdsa_result = subtle::EcdsaSignBoringSsl::New(
	ec_key, Enums::ProtoToSubtle(public_key.params().hash_type()),
	Enums::ProtoToSubtle(public_key.params().encoding()));
	if (!ecdsa_result.ok()) return ecdsa_result.status();
	std::unique_ptr<PublicKeySign> ecdsa(ecdsa_result.ValueOrDie().release());
	return std::move(ecdsa);
	}

	// static
	Status EcdsaSignKeyManager::Validate(
	const EcdsaPrivateKey& key) {
	Status status = ValidateVersion(key.version(), kVersion);
	if (!status.ok()) return status;
	return EcdsaVerifyKeyManager::Validate(key.public_key().params());
	}

	} // namespace tink
	} // namespace crypto