1 // Copyright 2023 Google LLC 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 // 15 //////////////////////////////////////////////////////////////////////////////// 16 17 package com.google.crypto.tink.signature; 18 19 import static com.google.crypto.tink.internal.TinkBugException.exceptionIsBug; 20 21 /** 22 * Pre-generated {@link Parameter} objects for {@link com.google.crypto.tink.PublicKeySign} and 23 * {@link com.google.crypto.tink.PublicKeyVerify}. keys. 24 * 25 * <p>Note: if you want to keep dependencies small, consider inlining the constants here. 26 */ 27 public final class PredefinedSignatureParameters { 28 /** 29 * A {@link Parameters} object that generates new instances of {@link EcdsaPrivateKey} objects 30 * with the following parameters: 31 * 32 * <ul> 33 * <li>Hash function: SHA256 34 * <li>Curve: NIST P-256 35 * <li>Signature encoding: DER (this is the encoding that Java uses). 36 * <li>Prefix type: {@link OutputPrefixType.TINK} 37 * </ul> 38 */ 39 public static final EcdsaParameters ECDSA_P256 = 40 exceptionIsBug( 41 () -> 42 EcdsaParameters.builder() 43 .setHashType(EcdsaParameters.HashType.SHA256) 44 .setCurveType(EcdsaParameters.CurveType.NIST_P256) 45 .setSignatureEncoding(EcdsaParameters.SignatureEncoding.DER) 46 .setVariant(EcdsaParameters.Variant.TINK) 47 .build()); 48 49 /** 50 * A {@link Parameters} that generates new instances of {@link EcdsaPrivateKey} objects with the 51 * following parameters: 52 * 53 * <ul> 54 * <li>Hash function: SHA512 55 * <li>Curve: NIST P-384 56 * <li>Signature encoding: DER (this is the encoding that Java uses). 57 * <li>Prefix type: {@link OutputPrefixType.TINK} 58 * </ul> 59 */ 60 public static final EcdsaParameters ECDSA_P384 = 61 exceptionIsBug( 62 () -> 63 EcdsaParameters.builder() 64 .setHashType(EcdsaParameters.HashType.SHA512) 65 .setCurveType(EcdsaParameters.CurveType.NIST_P384) 66 .setSignatureEncoding(EcdsaParameters.SignatureEncoding.DER) 67 .setVariant(EcdsaParameters.Variant.TINK) 68 .build()); 69 70 /** 71 * A {@link Parameters} that generates new instances of {@link EcdsaPrivateKey} objects with the 72 * following parameters: 73 * 74 * <ul> 75 * <li>Hash function: SHA512 76 * <li>Curve: NIST P-521 77 * <li>Signature encoding: DER (this is the encoding that Java uses). 78 * <li>Prefix type: {@link OutputPrefixType.TINK} 79 * </ul> 80 */ 81 public static final EcdsaParameters ECDSA_P521 = 82 exceptionIsBug( 83 () -> 84 EcdsaParameters.builder() 85 .setHashType(EcdsaParameters.HashType.SHA512) 86 .setCurveType(EcdsaParameters.CurveType.NIST_P521) 87 .setSignatureEncoding(EcdsaParameters.SignatureEncoding.DER) 88 .setVariant(EcdsaParameters.Variant.TINK) 89 .build()); 90 91 /** 92 * A {@link Parameters} that generates new instances of {@link EcdsaPrivateKey} objects with the 93 * following parameters: 94 * 95 * <ul> 96 * <li>Hash function: SHA256 97 * <li>Curve: NIST P-256 98 * <li>Signature encoding: IEEE_P1363 (this is the encoding that JWS and WebCrypto use). 99 * <li>Prefix type: {@link OutputPrefixType.TINK} 100 * </ul> 101 */ 102 public static final EcdsaParameters ECDSA_P256_IEEE_P1363 = 103 exceptionIsBug( 104 () -> 105 EcdsaParameters.builder() 106 .setSignatureEncoding(EcdsaParameters.SignatureEncoding.IEEE_P1363) 107 .setCurveType(EcdsaParameters.CurveType.NIST_P256) 108 .setHashType(EcdsaParameters.HashType.SHA256) 109 .setVariant(EcdsaParameters.Variant.TINK) 110 .build()); 111 112 /** 113 * A {@link Parameters} that generates new instances of {@link EcdsaPrivateKey} objects with the 114 * following parameters: 115 * 116 * <ul> 117 * <li>Hash function: SHA512 118 * <li>Curve: NIST P-384 119 * <li>Signature encoding: IEEE_P1363 (this is the encoding that JWS and WebCrypto use). 120 * <li>Prefix type: {@link OutputPrefixType.TINK} 121 * </ul> 122 */ 123 public static final EcdsaParameters ECDSA_P384_IEEE_P1363 = 124 exceptionIsBug( 125 () -> 126 EcdsaParameters.builder() 127 .setSignatureEncoding(EcdsaParameters.SignatureEncoding.IEEE_P1363) 128 .setCurveType(EcdsaParameters.CurveType.NIST_P384) 129 .setHashType(EcdsaParameters.HashType.SHA512) 130 .setVariant(EcdsaParameters.Variant.TINK) 131 .build()); 132 133 /** 134 * A {@link Parameters} that generates new instances of {@link EcdsaPrivateKey} objects with the 135 * following parameters: 136 * 137 * <ul> 138 * <li>Hash function: SHA256 139 * <li>Curve: NIST P-256 140 * <li>Signature encoding: DER (this is the encoding that Java uses). 141 * <li>Prefix type: None 142 * </ul> 143 * 144 * The digital signature generated by this key would be 64 bytes exactly. 145 */ 146 public static final EcdsaParameters ECDSA_P256_IEEE_P1363_WITHOUT_PREFIX = 147 exceptionIsBug( 148 () -> 149 EcdsaParameters.builder() 150 .setSignatureEncoding(EcdsaParameters.SignatureEncoding.IEEE_P1363) 151 .setCurveType(EcdsaParameters.CurveType.NIST_P256) 152 .setHashType(EcdsaParameters.HashType.SHA256) 153 .setVariant(EcdsaParameters.Variant.NO_PREFIX) 154 .build()); 155 156 /** 157 * A {@link Parameters} that generates new instances of {@link EcdsaPrivateKey} objects with the 158 * following parameters: 159 * 160 * <ul> 161 * <li>Hash function: SHA512 162 * <li>Curve: NIST P-521 163 * <li>Signature encoding: IEEE_P1363 (this is the encoding that JWS and WebCrypto use). 164 * <li>Prefix type: {@link OutputPrefixType.TINK} 165 * </ul> 166 */ 167 public static final EcdsaParameters ECDSA_P521_IEEE_P1363 = 168 exceptionIsBug( 169 () -> 170 EcdsaParameters.builder() 171 .setHashType(EcdsaParameters.HashType.SHA512) 172 .setCurveType(EcdsaParameters.CurveType.NIST_P521) 173 .setSignatureEncoding(EcdsaParameters.SignatureEncoding.IEEE_P1363) 174 .setVariant(EcdsaParameters.Variant.TINK) 175 .build()); 176 177 /** 178 * A {@link Parameters} that generates new instances of {@link Ed25519PrivateKey} objects. 179 * 180 * @since 1.1.0 181 */ 182 public static final Ed25519Parameters ED25519 = 183 exceptionIsBug(() -> Ed25519Parameters.create(Ed25519Parameters.Variant.TINK)); 184 185 /** 186 * A {@link Parameters} that generates new instances of {@link ED25519PrivateKey}. 187 * 188 * <p>The difference between {@link ED25519WithRawOutput} and {@link ED25519} is the format of 189 * signatures generated. {@link ED25519WithRawOutput} generates signatures of {@link 190 * OutputPrefixType.RAW} format, which is 64 bytes long. 191 * 192 * @since 1.3.0 193 */ 194 public static final Ed25519Parameters ED25519WithRawOutput = 195 exceptionIsBug(() -> Ed25519Parameters.create(Ed25519Parameters.Variant.NO_PREFIX)); 196 197 /** 198 * A {@link Parameters} that generates new instances of {@link RsaSsaPkcs1PrivateKey} objects with 199 * the following parameters: 200 * 201 * <ul> 202 * <li>Hash function: SHA256. 203 * <li>Modulus size: 3072 bit. 204 * <li>Public exponent: 65537 (aka F4). 205 * <li>Prefix type: {@link OutputPrefixType.TINK} 206 * </ul> 207 */ 208 public static final RsaSsaPkcs1Parameters RSA_SSA_PKCS1_3072_SHA256_F4 = 209 exceptionIsBug( 210 () -> 211 RsaSsaPkcs1Parameters.builder() 212 .setHashType(RsaSsaPkcs1Parameters.HashType.SHA256) 213 .setModulusSizeBits(3072) 214 .setPublicExponent(RsaSsaPkcs1Parameters.F4) 215 .setVariant(RsaSsaPkcs1Parameters.Variant.TINK) 216 .build()); 217 218 /** 219 * A {@link Parameters} that generates new instances of {@link RsaSsaPkcs1PrivateKey} objects with 220 * the following parameters: 221 * 222 * <ul> 223 * <li>Hash function: SHA256. 224 * <li>Modulus size: 3072 bit. 225 * <li>Public exponent: 65537 (aka F4). 226 * <li>Prefix type: None 227 * </ul> 228 */ 229 public static final RsaSsaPkcs1Parameters RSA_SSA_PKCS1_3072_SHA256_F4_WITHOUT_PREFIX = 230 exceptionIsBug( 231 () -> 232 RsaSsaPkcs1Parameters.builder() 233 .setHashType(RsaSsaPkcs1Parameters.HashType.SHA256) 234 .setModulusSizeBits(3072) 235 .setPublicExponent(RsaSsaPkcs1Parameters.F4) 236 .setVariant(RsaSsaPkcs1Parameters.Variant.NO_PREFIX) 237 .build()); 238 239 /** 240 * A {@link Parameters} that generates new instances of {@link RsaSsaPkcs1PrivateKey} objects with 241 * the following parameters: 242 * 243 * <ul> 244 * <li>Hash function: SHA512. 245 * <li>Modulus size: 4096 bit. 246 * <li>Public exponent: 65537 (aka F4). 247 * <li>Prefix type: {@link OutputPrefixType.TINK} 248 * </ul> 249 */ 250 public static final RsaSsaPkcs1Parameters RSA_SSA_PKCS1_4096_SHA512_F4 = 251 exceptionIsBug( 252 () -> 253 RsaSsaPkcs1Parameters.builder() 254 .setHashType(RsaSsaPkcs1Parameters.HashType.SHA512) 255 .setModulusSizeBits(4096) 256 .setPublicExponent(RsaSsaPkcs1Parameters.F4) 257 .setVariant(RsaSsaPkcs1Parameters.Variant.TINK) 258 .build()); 259 260 /** 261 * A {@link Parameters} that generates new instances of {@link RsaSsaPssPrivateKey} objects with 262 * the following parameters: 263 * 264 * <ul> 265 * <li>Signature hash: SHA256. 266 * <li>MGF1 hash: SHA256. 267 * <li>Salt length: 32 (i.e., SHA256's output length). 268 * <li>Modulus size: 3072 bit. 269 * <li>Public exponent: 65537 (aka F4). 270 * </ul> 271 */ 272 public static final RsaSsaPssParameters RSA_SSA_PSS_3072_SHA256_SHA256_32_F4 = 273 exceptionIsBug( 274 () -> 275 RsaSsaPssParameters.builder() 276 .setSigHashType(RsaSsaPssParameters.HashType.SHA256) 277 .setMgf1HashType(RsaSsaPssParameters.HashType.SHA256) 278 .setSaltLengthBytes(32) 279 .setModulusSizeBits(3072) 280 .setPublicExponent(RsaSsaPssParameters.F4) 281 .setVariant(RsaSsaPssParameters.Variant.TINK) 282 .build()); 283 284 /** 285 * A {@link Parameters} that generates new instances of {@link RsaSsaPssPrivateKey} objects with 286 * the following parameters: 287 * 288 * <ul> 289 * <li>Signature hash: SHA512. 290 * <li>MGF1 hash: SHA512. 291 * <li>Salt length: 64 (i.e., SHA512's output length). 292 * <li>Modulus size: 4096 bit. 293 * <li>Public exponent: 65537 (aka F4). 294 * </ul> 295 */ 296 public static final RsaSsaPssParameters RSA_SSA_PSS_4096_SHA512_SHA512_64_F4 = 297 exceptionIsBug( 298 () -> 299 RsaSsaPssParameters.builder() 300 .setSigHashType(RsaSsaPssParameters.HashType.SHA512) 301 .setMgf1HashType(RsaSsaPssParameters.HashType.SHA512) 302 .setSaltLengthBytes(64) 303 .setModulusSizeBits(4096) 304 .setPublicExponent(RsaSsaPssParameters.F4) 305 .setVariant(RsaSsaPssParameters.Variant.TINK) 306 .build()); 307 PredefinedSignatureParameters()308 private PredefinedSignatureParameters() {} 309 } 310