cc/signature/signature_pem_keyset_reader.h - platform/external/tink - Git at Google

 // Copyright 2018 Google Inc.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //
 ///////////////////////////////////////////////////////////////////////////////

 #ifndef TINK_SIGNATURE_SIGNATURE_PEM_KEYSET_READER_H_
 #define TINK_SIGNATURE_SIGNATURE_PEM_KEYSET_READER_H_

 #include <memory>
 #include <string>
 #include <utility>
 #include <vector>

 #include "tink/keyset_reader.h"
 #include "tink/util/statusor.h"
 #include "proto/common.pb.h"
 #include "proto/tink.pb.h"

 namespace crypto {
 namespace tink {

 // Type of key.
 //
 // Currently, PEM_EC only supports PublicKeyVerify.
 enum PemKeyType { PEM_RSA, PEM_EC };

 // Algorithm to use with this key.
 enum PemAlgorithm {
   RSASSA_PSS,
   RSASSA_PKCS1,
   ECDSA_IEEE,  // NIST_P256 curve with IEEE_P1363 encoding
   ECDSA_DER  // NIST_P256 curve with DER encoding
 };

 // Common set of parameters for the PEM key.
 struct PemKeyParams {
   PemKeyType key_type;
   PemAlgorithm algorithm;
   size_t key_size_in_bits;
   ::google::crypto::tink::HashType hash_type;
 };

 // A PEM key consists of its serialized data `serialized_key`, and parameters
 // `parameters`.
 struct PemKey {
   std::string serialized_key;
   PemKeyParams parameters;
 };

 // Base class for parsing PEM-encoded keys (RFC 7468) into a keyset.
 class SignaturePemKeysetReader : public KeysetReader {
  public:
   util::StatusOr<std::unique_ptr<::google::crypto::tink::EncryptedKeyset>>
   ReadEncrypted() override;

  protected:
   explicit SignaturePemKeysetReader(
       const std::vector<PemKey>& pem_serialized_keys)
       : pem_serialized_keys_(pem_serialized_keys) {}

   // PEM-serialized keys to parse.
   std::vector<PemKey> pem_serialized_keys_;
 };

 // Builder class for creating a PEM reader. Example usage:
 //
 // std::string some_public_key_pem = ...;
 // PemKeyType key_type = ...;
 // size_t key_size_in_bits = ...;
 // HashType hash_type = ...;
 // PemAlgorithm algorithm = ...;
 //
 // auto builder = SignaturePemKeysetReaderBuilder(
 //     PemKeysetReaderBuilder::PemReaderType::PUBLIC_KEY_VERIFY);
 // builder.Add(
 //     {.serialized_key = some_rsa_public_key_pem,
 //      .parameters = {
 //          .key_type = key_type,
 //          .algorithm = algorithm,
 //          .key_size_in_bits = key_size_in_bits,
 //          .hash_type = hash_type}});
 // ...
 // auto reader_statusor = builder.Build();
 // if (!reader_statusor.ok()) /* handle failure */
 //
 // auto keyset_handle_statusor =
 //     CleartextKeysetHandle::Read(*reader_statusor);
 class SignaturePemKeysetReaderBuilder {
  public:
   // Type of reader to build. The builder type depends on the primitive
   // supported by the keys to parse.
   enum PemReaderType { PUBLIC_KEY_SIGN, PUBLIC_KEY_VERIFY };

   explicit SignaturePemKeysetReaderBuilder(PemReaderType pem_reader_type)
       : pem_reader_type_(pem_reader_type) {}

   // Adds a PEM serialized key `pem_serialized_key` to the builder.
   void Add(const PemKey& pem_serialized_key);

   // Creates an instance of keyset reader based on `pem_reader_type_`, to parse
   // the PEM-encoded keys in `pem_serialized_keys_`.
   util::StatusOr<std::unique_ptr<KeysetReader>> Build();

  private:
   // List of keys as PEM serialized items.
   std::vector<PemKey> pem_serialized_keys_;
   // Reader type that this reader must support.
   PemReaderType pem_reader_type_;
 };

 // Keyset reader for PEM keys that support the PublicKeySign principal.
 class PublicKeySignPemKeysetReader : public SignaturePemKeysetReader {
  public:
   util::StatusOr<std::unique_ptr<::google::crypto::tink::Keyset>> Read()
       override;

  private:
   // Friend builder class.
   friend class SignaturePemKeysetReaderBuilder;

   explicit PublicKeySignPemKeysetReader(
       const std::vector<PemKey> pem_serialized_keys)
       : SignaturePemKeysetReader(pem_serialized_keys) {}
 };

 // Keyset reader for PEM keys that support the PublicKeyVerify principal.
 class PublicKeyVerifyPemKeysetReader : public SignaturePemKeysetReader {
  public:
   util::StatusOr<std::unique_ptr<::google::crypto::tink::Keyset>> Read()
       override;

  private:
   // Friend builder class.
   friend class SignaturePemKeysetReaderBuilder;

   explicit PublicKeyVerifyPemKeysetReader(
       const std::vector<PemKey> pem_serialized_keys)
       : SignaturePemKeysetReader(pem_serialized_keys) {}
 };

 }  // namespace tink
 }  // namespace crypto

 #endif  // TINK_SIGNATURE_SIGNATURE_PEM_KEYSET_READER_H_
	// Copyright 2018 Google Inc.
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.
	//
	///////////////////////////////////////////////////////////////////////////////

	#ifndef TINK_SIGNATURE_SIGNATURE_PEM_KEYSET_READER_H_
	#define TINK_SIGNATURE_SIGNATURE_PEM_KEYSET_READER_H_

	#include <memory>
	#include <string>
	#include <utility>
	#include <vector>

	#include "tink/keyset_reader.h"
	#include "tink/util/statusor.h"
	#include "proto/common.pb.h"
	#include "proto/tink.pb.h"

	namespace crypto {
	namespace tink {

	// Type of key.
	//
	// Currently, PEM_EC only supports PublicKeyVerify.
	enum PemKeyType { PEM_RSA, PEM_EC };

	// Algorithm to use with this key.
	enum PemAlgorithm {
	RSASSA_PSS,
	RSASSA_PKCS1,
	ECDSA_IEEE, // NIST_P256 curve with IEEE_P1363 encoding
	ECDSA_DER // NIST_P256 curve with DER encoding
	};

	// Common set of parameters for the PEM key.
	struct PemKeyParams {
	PemKeyType key_type;
	PemAlgorithm algorithm;
	size_t key_size_in_bits;
	::google::crypto::tink::HashType hash_type;
	};

	// A PEM key consists of its serialized data `serialized_key`, and parameters
	// `parameters`.
	struct PemKey {
	std::string serialized_key;
	PemKeyParams parameters;
	};

	// Base class for parsing PEM-encoded keys (RFC 7468) into a keyset.
	class SignaturePemKeysetReader : public KeysetReader {
	public:
	util::StatusOr<std::unique_ptr<::google::crypto::tink::EncryptedKeyset>>
	ReadEncrypted() override;

	protected:
	explicit SignaturePemKeysetReader(
	const std::vector<PemKey>& pem_serialized_keys)
	: pem_serialized_keys_(pem_serialized_keys) {}

	// PEM-serialized keys to parse.
	std::vector<PemKey> pem_serialized_keys_;
	};

	// Builder class for creating a PEM reader. Example usage:
	//
	// std::string some_public_key_pem = ...;
	// PemKeyType key_type = ...;
	// size_t key_size_in_bits = ...;
	// HashType hash_type = ...;
	// PemAlgorithm algorithm = ...;
	//
	// auto builder = SignaturePemKeysetReaderBuilder(
	// PemKeysetReaderBuilder::PemReaderType::PUBLIC_KEY_VERIFY);
	// builder.Add(
	// {.serialized_key = some_rsa_public_key_pem,
	// .parameters = {
	// .key_type = key_type,
	// .algorithm = algorithm,
	// .key_size_in_bits = key_size_in_bits,
	// .hash_type = hash_type}});
	// ...
	// auto reader_statusor = builder.Build();
	// if (!reader_statusor.ok()) /* handle failure */
	//
	// auto keyset_handle_statusor =
	// CleartextKeysetHandle::Read(*reader_statusor);
	class SignaturePemKeysetReaderBuilder {
	public:
	// Type of reader to build. The builder type depends on the primitive
	// supported by the keys to parse.
	enum PemReaderType { PUBLIC_KEY_SIGN, PUBLIC_KEY_VERIFY };

	explicit SignaturePemKeysetReaderBuilder(PemReaderType pem_reader_type)
	: pem_reader_type_(pem_reader_type) {}

	// Adds a PEM serialized key `pem_serialized_key` to the builder.
	void Add(const PemKey& pem_serialized_key);

	// Creates an instance of keyset reader based on `pem_reader_type_`, to parse
	// the PEM-encoded keys in `pem_serialized_keys_`.
	util::StatusOr<std::unique_ptr<KeysetReader>> Build();

	private:
	// List of keys as PEM serialized items.
	std::vector<PemKey> pem_serialized_keys_;
	// Reader type that this reader must support.
	PemReaderType pem_reader_type_;
	};

	// Keyset reader for PEM keys that support the PublicKeySign principal.
	class PublicKeySignPemKeysetReader : public SignaturePemKeysetReader {
	public:
	util::StatusOr<std::unique_ptr<::google::crypto::tink::Keyset>> Read()
	override;

	private:
	// Friend builder class.
	friend class SignaturePemKeysetReaderBuilder;

	explicit PublicKeySignPemKeysetReader(
	const std::vector<PemKey> pem_serialized_keys)
	: SignaturePemKeysetReader(pem_serialized_keys) {}
	};

	// Keyset reader for PEM keys that support the PublicKeyVerify principal.
	class PublicKeyVerifyPemKeysetReader : public SignaturePemKeysetReader {
	public:
	util::StatusOr<std::unique_ptr<::google::crypto::tink::Keyset>> Read()
	override;

	private:
	// Friend builder class.
	friend class SignaturePemKeysetReaderBuilder;

	explicit PublicKeyVerifyPemKeysetReader(
	const std::vector<PemKey> pem_serialized_keys)
	: SignaturePemKeysetReader(pem_serialized_keys) {}
	};

	} // namespace tink
	} // namespace crypto

	#endif // TINK_SIGNATURE_SIGNATURE_PEM_KEYSET_READER_H_