1 // Copyright 2024 Google LLC 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 // 15 //////////////////////////////////////////////////////////////////////////////// 16 17 package com.google.crypto.tink.signature; 18 19 import com.google.crypto.tink.Configuration; 20 import com.google.crypto.tink.PublicKeySign; 21 import com.google.crypto.tink.PublicKeyVerify; 22 import com.google.crypto.tink.config.internal.TinkFipsUtil; 23 import com.google.crypto.tink.internal.InternalConfiguration; 24 import com.google.crypto.tink.internal.PrimitiveConstructor; 25 import com.google.crypto.tink.internal.PrimitiveRegistry; 26 import com.google.crypto.tink.subtle.EcdsaSignJce; 27 import com.google.crypto.tink.subtle.EcdsaVerifyJce; 28 import com.google.crypto.tink.subtle.Ed25519Sign; 29 import com.google.crypto.tink.subtle.Ed25519Verify; 30 import com.google.crypto.tink.subtle.RsaSsaPkcs1SignJce; 31 import com.google.crypto.tink.subtle.RsaSsaPkcs1VerifyJce; 32 import com.google.crypto.tink.subtle.RsaSsaPssSignJce; 33 import com.google.crypto.tink.subtle.RsaSsaPssVerifyJce; 34 import java.security.GeneralSecurityException; 35 36 /** 37 * SignatureConfigurationV0 contains the following algorithms for PublicKeySign/Verify: 38 * 39 * <ul> 40 * <li>Ecdsa 41 * <li>RsaSsaPss 42 * <li>RsaSsaPkcs1 43 * <li>Ed25519 44 * </ul> 45 */ 46 /* Placeholder for internally public; DO NOT CHANGE. */ class SignatureConfigurationV0 { SignatureConfigurationV0()47 private SignatureConfigurationV0() {} 48 49 private static final InternalConfiguration INTERNAL_CONFIGURATION = create(); 50 create()51 private static InternalConfiguration create() { 52 try { 53 PrimitiveRegistry.Builder builder = PrimitiveRegistry.builder(); 54 55 // Register {@code PublicKeySign/Verify} wrappers and concrete primitives. 56 PublicKeySignWrapper.registerToInternalPrimitiveRegistry(builder); 57 PublicKeyVerifyWrapper.registerToInternalPrimitiveRegistry(builder); 58 builder.registerPrimitiveConstructor( 59 PrimitiveConstructor.create( 60 EcdsaSignJce::create, EcdsaPrivateKey.class, PublicKeySign.class)); 61 builder.registerPrimitiveConstructor( 62 PrimitiveConstructor.create( 63 EcdsaVerifyJce::create, EcdsaPublicKey.class, PublicKeyVerify.class)); 64 builder.registerPrimitiveConstructor( 65 PrimitiveConstructor.create( 66 RsaSsaPssSignJce::create, RsaSsaPssPrivateKey.class, PublicKeySign.class)); 67 builder.registerPrimitiveConstructor( 68 PrimitiveConstructor.create( 69 RsaSsaPssVerifyJce::create, RsaSsaPssPublicKey.class, PublicKeyVerify.class)); 70 builder.registerPrimitiveConstructor( 71 PrimitiveConstructor.create( 72 RsaSsaPkcs1SignJce::create, RsaSsaPkcs1PrivateKey.class, PublicKeySign.class)); 73 builder.registerPrimitiveConstructor( 74 PrimitiveConstructor.create( 75 RsaSsaPkcs1VerifyJce::create, RsaSsaPkcs1PublicKey.class, PublicKeyVerify.class)); 76 builder.registerPrimitiveConstructor( 77 PrimitiveConstructor.create( 78 Ed25519Sign::create, Ed25519PrivateKey.class, PublicKeySign.class)); 79 builder.registerPrimitiveConstructor( 80 PrimitiveConstructor.create( 81 Ed25519Verify::create, Ed25519PublicKey.class, PublicKeyVerify.class)); 82 83 return InternalConfiguration.createFromPrimitiveRegistry(builder.build()); 84 } catch (GeneralSecurityException e) { 85 throw new IllegalStateException(e); 86 } 87 } 88 89 /** Returns an instance of the {@code SignatureConfigurationV0}. */ get()90 public static Configuration get() throws GeneralSecurityException { 91 if (TinkFipsUtil.useOnlyFips()) { 92 throw new GeneralSecurityException( 93 "Cannot use non-FIPS-compliant SignatureConfigurationV0 in FIPS mode"); 94 } 95 return INTERNAL_CONFIGURATION; 96 } 97 } 98