objc/TINKSignatureKeyTemplate.h - third_party/tink - Git at Google

 /**
  * Copyright 2018 Google Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  *
  **************************************************************************
  */

 #import <Foundation/Foundation.h>

 #import "TINKKeyTemplate.h"

 typedef NS_ENUM(NSInteger, TINKSignatureKeyTemplates) {
   /**
    * EcdsaPrivateKey with the following parameters:
    *   - EC curve: NIST P-256
    *   - hash function: SHA256
    *   - signature: DER
    *   - OutputPrefixType: TINK
    */
   TINKEcdsaP256 = 1,

   /**
    * EcdsaPrivateKey with the following parameters:
    *   - EC curve: NIST P-384
    *   - hash function: SHA512
    *   - signature: DER
    *   - OutputPrefixType: TINK
    */
   TINKEcdsaP384 = 2,

   /**
    * EcdsaPrivateKey with the following parameters:
    *   - EC curve: NIST P-521
    *   - hash function: SHA512
    *   - signature: DER
    *   - OutputPrefixType: TINK
    */
   TINKEcdsaP521 = 3,

   /**
    * EcdsaPrivateKey with the following parameters:
    *   - EC curve: NIST P-256
    *   - hash function: SHA256
    *   - signature: IEEE P1363
    *   - OutputPrefixType: TINK
    */
   TINKEcdsaP256Ieee = 4,

   /**
    * EcdsaPrivateKey with the following parameters:
    *   - EC curve: NIST P-384
    *   - hash function: SHA512
    *   - signature: IEEE P1363
    *   - OutputPrefixType: TINK
    */
   TINKEcdsaP384Ieee = 5,

   /**
    * EcdsaPrivateKey with the following parameters:
    *   - EC curve: NIST P-521
    *   - hash function: SHA512
    *   - signature: IEEE P1363
    *   - OutputPrefixType: TINK
    */
   TINKEcdsaP521Ieee = 6,

   /**
    * RsaSsaPkcs1PrivateKey with the following parameters:
    *   - Modulus size in bits: 3072.
    *   - Hash function: SHA256.
    *   - Public Exponent: 65537 (aka F4).
    *   - OutputPrefixType: TINK
    */
   TINKRsaSsaPkcs13072Sha256F4 = 7,

   /**
    * RsaSsaPkcs1PrivateKey with the following parameters:
    *   - Modulus size in bits: 4096.
    *   - Hash function: SHA512.
    *   - Public Exponent: 65537 (aka F4).
    *   - OutputPrefixType: TINK
    */
   TINKRsaSsaPkcs14096Sha512F4 = 8,

   /**
    * RsaSsaPssPrivateKey with the following parameters:
    *   - Modulus size in bits: 3072.
    *   - Signature hash: SHA256.
    *   - MGF1 hash: SHA256.
    *   - Salt length: 32 (i.e., SHA256's output length).
    *   - Public Exponent: 65537 (aka F4).
    *   - OutputPrefixType: TINK
    */
   TINKRsaSsaPss3072Sha256Sha256F4 = 9,

   /**
    * RsaSsaPssPrivateKey with the following parameters:
    *   - Modulus size in bits: 4096.
    *   - Signature hash: SHA512.
    *   - MGF1 hash: SHA512.
    *   - Salt length: 64 (i.e., SHA512's output length).
    *   - Public Exponent: 65537 (aka F4).
    *   - OutputPrefixType: TINK
    */
   TINKRsaSsaPss4096Sha512Sha512F4 = 10,

   /**
    * Ed25519PrivateKey.
    */
   TINKEd25519 = 11,
 };

 NS_ASSUME_NONNULL_BEGIN

 /**
  * Pre-generated key templates for signature key types.
  * One can use these templates to generate new TINKKeysetHandle object with fresh keys.
  *
  * Example:
  *
  * NSError *error = nil;
  * TINKSignatureConfig *config = [[TINKSignatureConfig alloc] initWithError:&error];
  * if (!config || error) {
  *   // handle error.
  * }
  *
  * if (![TINKConfig registerConfig:config error:&error]) {
  *   // handle error.
  * }
  *
  * TINKSignatureKeyTemplate *tpl = [TINSignatureKeyTemplate initWithKeyTemplate:TINKEcdsaP521
  *                                                                        error:&error];
  * if (!tpl || error) {
  *   // handle error.
  * }
  *
  * TINKKeysetHandle *handle = [[TINKKeysetHandle alloc] initWithKeyTemplate:tpl error:&error];
  * if (!handle || error) {
  *   // handle error.
  * }
  *
  */
 @interface TINKSignatureKeyTemplate : TINKKeyTemplate

 - (nullable instancetype)init
     __attribute__((unavailable("Use -initWithKeyTemplate:error: instead.")));

 /**
  * Creates a TINKSignatureKeyTemplate that can be used to generate signature keysets.
  *
  * @param keyTemplate The signature key template.
  * @param error       If non-nil it will be populated with a descriptive error when the operation
  *                    fails.
  * @return            A TINKSignatureKeyTemplate or nil in case of error.
  */
 - (nullable instancetype)initWithKeyTemplate:(TINKSignatureKeyTemplates)keyTemplate
                                        error:(NSError **)error NS_DESIGNATED_INITIALIZER;

 @end

 NS_ASSUME_NONNULL_END
	/**
	* Copyright 2018 Google Inc.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*
	**************************************************************************
	*/

	#import <Foundation/Foundation.h>

	#import "TINKKeyTemplate.h"

	typedef NS_ENUM(NSInteger, TINKSignatureKeyTemplates) {
	/**
	* EcdsaPrivateKey with the following parameters:
	* - EC curve: NIST P-256
	* - hash function: SHA256
	* - signature: DER
	* - OutputPrefixType: TINK
	*/
	TINKEcdsaP256 = 1,

	/**
	* EcdsaPrivateKey with the following parameters:
	* - EC curve: NIST P-384
	* - hash function: SHA512
	* - signature: DER
	* - OutputPrefixType: TINK
	*/
	TINKEcdsaP384 = 2,

	/**
	* EcdsaPrivateKey with the following parameters:
	* - EC curve: NIST P-521
	* - hash function: SHA512
	* - signature: DER
	* - OutputPrefixType: TINK
	*/
	TINKEcdsaP521 = 3,

	/**
	* EcdsaPrivateKey with the following parameters:
	* - EC curve: NIST P-256
	* - hash function: SHA256
	* - signature: IEEE P1363
	* - OutputPrefixType: TINK
	*/
	TINKEcdsaP256Ieee = 4,

	/**
	* EcdsaPrivateKey with the following parameters:
	* - EC curve: NIST P-384
	* - hash function: SHA512
	* - signature: IEEE P1363
	* - OutputPrefixType: TINK
	*/
	TINKEcdsaP384Ieee = 5,

	/**
	* EcdsaPrivateKey with the following parameters:
	* - EC curve: NIST P-521
	* - hash function: SHA512
	* - signature: IEEE P1363
	* - OutputPrefixType: TINK
	*/
	TINKEcdsaP521Ieee = 6,

	/**
	* RsaSsaPkcs1PrivateKey with the following parameters:
	* - Modulus size in bits: 3072.
	* - Hash function: SHA256.
	* - Public Exponent: 65537 (aka F4).
	* - OutputPrefixType: TINK
	*/
	TINKRsaSsaPkcs13072Sha256F4 = 7,

	/**
	* RsaSsaPkcs1PrivateKey with the following parameters:
	* - Modulus size in bits: 4096.
	* - Hash function: SHA512.
	* - Public Exponent: 65537 (aka F4).
	* - OutputPrefixType: TINK
	*/
	TINKRsaSsaPkcs14096Sha512F4 = 8,

	/**
	* RsaSsaPssPrivateKey with the following parameters:
	* - Modulus size in bits: 3072.
	* - Signature hash: SHA256.
	* - MGF1 hash: SHA256.
	* - Salt length: 32 (i.e., SHA256's output length).
	* - Public Exponent: 65537 (aka F4).
	* - OutputPrefixType: TINK
	*/
	TINKRsaSsaPss3072Sha256Sha256F4 = 9,

	/**
	* RsaSsaPssPrivateKey with the following parameters:
	* - Modulus size in bits: 4096.
	* - Signature hash: SHA512.
	* - MGF1 hash: SHA512.
	* - Salt length: 64 (i.e., SHA512's output length).
	* - Public Exponent: 65537 (aka F4).
	* - OutputPrefixType: TINK
	*/
	TINKRsaSsaPss4096Sha512Sha512F4 = 10,

	/**
	* Ed25519PrivateKey.
	*/
	TINKEd25519 = 11,
	};

	NS_ASSUME_NONNULL_BEGIN

	/**
	* Pre-generated key templates for signature key types.
	* One can use these templates to generate new TINKKeysetHandle object with fresh keys.
	*
	* Example:
	*
	* NSError *error = nil;
	* TINKSignatureConfig *config = [[TINKSignatureConfig alloc] initWithError:&error];
	* if (!config \|\| error) {
	* // handle error.
	* }
	*
	* if (![TINKConfig registerConfig:config error:&error]) {
	* // handle error.
	* }
	*
	* TINKSignatureKeyTemplate *tpl = [TINSignatureKeyTemplate initWithKeyTemplate:TINKEcdsaP521
	* error:&error];
	* if (!tpl \|\| error) {
	* // handle error.
	* }
	*
	* TINKKeysetHandle *handle = [[TINKKeysetHandle alloc] initWithKeyTemplate:tpl error:&error];
	* if (!handle \|\| error) {
	* // handle error.
	* }
	*
	*/
	@interface TINKSignatureKeyTemplate : TINKKeyTemplate

	- (nullable instancetype)init
	__attribute__((unavailable("Use -initWithKeyTemplate:error: instead.")));

	/**
	* Creates a TINKSignatureKeyTemplate that can be used to generate signature keysets.
	*
	* @param keyTemplate The signature key template.
	* @param error If non-nil it will be populated with a descriptive error when the operation
	* fails.
	* @return A TINKSignatureKeyTemplate or nil in case of error.
	*/
	- (nullable instancetype)initWithKeyTemplate:(TINKSignatureKeyTemplates)keyTemplate
	error:(NSError **)error NS_DESIGNATED_INITIALIZER;

	@end

	NS_ASSUME_NONNULL_END