Skip to content

Commit

Permalink
objc: Adding support for RSA PSS and PKCS1 signatures.
Browse files Browse the repository at this point in the history 
PiperOrigin-RevId: 215791994
GitOrigin-RevId: 6751690bc4de6ece44862af10c9c99defc761fa6
  • Loading branch information
@tl0gic
tl0gic authored and Tink Team committed Oct 9, 2018
1 parent 9b1116f commit ced9050
Show file tree
Hide file tree
Showing 4 changed files with 172 additions and 0 deletions.
40 changes: 40 additions & 0 deletions objc/TINKSignatureKeyTemplate.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,46 @@ typedef NS_ENUM(NSInteger, TINKSignatureKeyTemplates) {
* - OutputPrefixType: TINK
*/
TINKEcdsaP521Ieee = 6,

/**
* RsaSsaPkcs1PrivateKey with the following parameters:
* - Modulus size in bits: 3072.
* - Hash function: SHA256.
* - Public Exponent: 65537 (aka F4).
* - OutputPrefixType: TINK
*/
TINKRsaSsaPkcs13072Sha256F4 = 7,

/**
* RsaSsaPkcs1PrivateKey with the following parameters:
* - Modulus size in bits: 4096.
* - Hash function: SHA512.
* - Public Exponent: 65537 (aka F4).
* - OutputPrefixType: TINK
*/
TINKRsaSsaPkcs14096Sha512F4 = 8,

/**
* RsaSsaPssPrivateKey with the following parameters:
* - Modulus size in bits: 3072.
* - Signature hash: SHA256.
* - MGF1 hash: SHA256.
* - Salt length: 32 (i.e., SHA256's output length).
* - Public Exponent: 65537 (aka F4).
* - OutputPrefixType: TINK
*/
TINKRsaSsaPss3072Sha256Sha256F4 = 9,

/**
* RsaSsaPssPrivateKey with the following parameters:
* - Modulus size in bits: 4096.
* - Signature hash: SHA512.
* - MGF1 hash: SHA512.
* - Salt length: 64 (i.e., SHA512's output length).
* - Public Exponent: 65537 (aka F4).
* - OutputPrefixType: TINK
*/
TINKRsaSsaPss4096Sha512Sha512F4 = 10,
};

NS_ASSUME_NONNULL_BEGIN
Expand Down
114 changes: 114 additions & 0 deletions objc/Tests/UnitTests/signature/TINKSignatureKeyTemplateTest.mm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@
#import "objc/util/TINKProtoHelpers.h"
#import "proto/Common.pbobjc.h"
#import "proto/Ecdsa.pbobjc.h"
#import "proto/RsaSsaPkcs1.pbobjc.h"
#import "proto/RsaSsaPss.pbobjc.h"
#import "proto/Tink.pbobjc.h"

#include "tink/util/status.h"
Expand All @@ -33,6 +35,10 @@ @interface TINKSignatureKeyTemplatesTest : XCTestCase
@end

static NSString *const kTypeURL = @"type.googleapis.com/google.crypto.tink.EcdsaPrivateKey";
static NSString *const kTypeURLRsaPss =
@"type.googleapis.com/google.crypto.tink.RsaSsaPssPrivateKey";
static NSString *const kTypeURLRsaPkcs1 =
@"type.googleapis.com/google.crypto.tink.RsaSsaPkcs1PrivateKey";

@implementation TINKSignatureKeyTemplatesTest

Expand Down Expand Up @@ -203,4 +209,112 @@ - (void)testInvalidKeyTemplate {
XCTAssertTrue([error.localizedFailureReason containsString:@"Invalid TINKSignatureKeyTemplate"]);
}

- (void)testKRsaSsaPkcs13072Sha256F4KeyTemplate {
NSError *error = nil;
TINKSignatureKeyTemplate *tpl =
[[TINKSignatureKeyTemplate alloc] initWithKeyTemplate:TINKRsaSsaPkcs13072Sha256F4
error:&error];
XCTAssertNil(error);
XCTAssertNotNil(tpl);

error = nil;
TINKPBKeyTemplate *keyTemplate = TINKKeyTemplateToObjc(tpl.ccKeyTemplate, &error);
XCTAssertNil(error);
XCTAssertNotNil(keyTemplate);

XCTAssertTrue([kTypeURLRsaPkcs1 isEqualToString:keyTemplate.typeURL]);
XCTAssertTrue(keyTemplate.outputPrefixType == TINKPBOutputPrefixType_Tink);

error = nil;
TINKPBRsaSsaPkcs1KeyFormat *keyFormat =
[TINKPBRsaSsaPkcs1KeyFormat parseFromData:keyTemplate.value error:&error];
XCTAssertNil(error);
XCTAssertNotNil(keyFormat);

XCTAssertEqual(keyFormat.params.hashType, TINKPBHashType_Sha256);
XCTAssertEqual(keyFormat.modulusSizeInBits, 3072);
}

- (void)testKRsaSsaPkcs14096Sha512F4KeyTemplate {
NSError *error = nil;
TINKSignatureKeyTemplate *tpl =
[[TINKSignatureKeyTemplate alloc] initWithKeyTemplate:TINKRsaSsaPkcs14096Sha512F4
error:&error];
XCTAssertNil(error);
XCTAssertNotNil(tpl);

error = nil;
TINKPBKeyTemplate *keyTemplate = TINKKeyTemplateToObjc(tpl.ccKeyTemplate, &error);
XCTAssertNil(error);
XCTAssertNotNil(keyTemplate);

XCTAssertTrue([kTypeURLRsaPkcs1 isEqualToString:keyTemplate.typeURL]);
XCTAssertTrue(keyTemplate.outputPrefixType == TINKPBOutputPrefixType_Tink);

error = nil;
TINKPBRsaSsaPkcs1KeyFormat *keyFormat =
[TINKPBRsaSsaPkcs1KeyFormat parseFromData:keyTemplate.value error:&error];
XCTAssertNil(error);
XCTAssertNotNil(keyFormat);

XCTAssertEqual(keyFormat.params.hashType, TINKPBHashType_Sha512);
XCTAssertEqual(keyFormat.modulusSizeInBits, 4096);
}

- (void)testKRsaSsaPss3072Sha256F4KeyTemplate {
NSError *error = nil;
TINKSignatureKeyTemplate *tpl =
[[TINKSignatureKeyTemplate alloc] initWithKeyTemplate:TINKRsaSsaPss3072Sha256Sha256F4
error:&error];
XCTAssertNil(error);
XCTAssertNotNil(tpl);

error = nil;
TINKPBKeyTemplate *keyTemplate = TINKKeyTemplateToObjc(tpl.ccKeyTemplate, &error);
XCTAssertNil(error);
XCTAssertNotNil(keyTemplate);

XCTAssertTrue([kTypeURLRsaPss isEqualToString:keyTemplate.typeURL]);
XCTAssertTrue(keyTemplate.outputPrefixType == TINKPBOutputPrefixType_Tink);

error = nil;
TINKPBRsaSsaPssKeyFormat *keyFormat = [TINKPBRsaSsaPssKeyFormat parseFromData:keyTemplate.value
error:&error];
XCTAssertNil(error);
XCTAssertNotNil(keyFormat);

XCTAssertEqual(keyFormat.params.sigHash, TINKPBHashType_Sha256);
XCTAssertEqual(keyFormat.params.mgf1Hash, TINKPBHashType_Sha256);
XCTAssertEqual(keyFormat.params.saltLength, 32);
XCTAssertEqual(keyFormat.modulusSizeInBits, 3072);
}

- (void)testKRsaSsaPss4096Sha512F4KeyTemplate {
NSError *error = nil;
TINKSignatureKeyTemplate *tpl =
[[TINKSignatureKeyTemplate alloc] initWithKeyTemplate:TINKRsaSsaPss4096Sha512Sha512F4
error:&error];
XCTAssertNil(error);
XCTAssertNotNil(tpl);

error = nil;
TINKPBKeyTemplate *keyTemplate = TINKKeyTemplateToObjc(tpl.ccKeyTemplate, &error);
XCTAssertNil(error);
XCTAssertNotNil(keyTemplate);

XCTAssertTrue([kTypeURLRsaPss isEqualToString:keyTemplate.typeURL]);
XCTAssertTrue(keyTemplate.outputPrefixType == TINKPBOutputPrefixType_Tink);

error = nil;
TINKPBRsaSsaPssKeyFormat *keyFormat = [TINKPBRsaSsaPssKeyFormat parseFromData:keyTemplate.value
error:&error];
XCTAssertNil(error);
XCTAssertNotNil(keyFormat);

XCTAssertEqual(keyFormat.params.sigHash, TINKPBHashType_Sha512);
XCTAssertEqual(keyFormat.params.mgf1Hash, TINKPBHashType_Sha512);
XCTAssertEqual(keyFormat.params.saltLength, 64);
XCTAssertEqual(keyFormat.modulusSizeInBits, 4096);
}

@end
16 changes: 16 additions & 0 deletions objc/signature/TINKSignatureKeyTemplate.mm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,22 @@ - (nullable instancetype)initWithKeyTemplate:(TINKSignatureKeyTemplates)keyTempl
ccKeyTemplate = const_cast<google::crypto::tink::KeyTemplate *>(
&crypto::tink::SignatureKeyTemplates::EcdsaP521Ieee());
break;
case TINKRsaSsaPkcs13072Sha256F4:
ccKeyTemplate = const_cast<google::crypto::tink::KeyTemplate *>(
&crypto::tink::SignatureKeyTemplates::RsaSsaPkcs13072Sha256F4());
break;
case TINKRsaSsaPkcs14096Sha512F4:
ccKeyTemplate = const_cast<google::crypto::tink::KeyTemplate *>(
&crypto::tink::SignatureKeyTemplates::RsaSsaPkcs14096Sha512F4());
break;
case TINKRsaSsaPss3072Sha256Sha256F4:
ccKeyTemplate = const_cast<google::crypto::tink::KeyTemplate *>(
&crypto::tink::SignatureKeyTemplates::RsaSsaPss3072Sha256Sha256F4());
break;
case TINKRsaSsaPss4096Sha512Sha512F4:
ccKeyTemplate = const_cast<google::crypto::tink::KeyTemplate *>(
&crypto::tink::SignatureKeyTemplates::RsaSsaPss4096Sha512Sha512F4());
break;
default:
if (error) {
*error = TINKStatusToError(crypto::tink::util::Status(
Expand Down
2 changes: 2 additions & 0 deletions proto/BUILD.bazel
View file
Original file line number Diff line number Diff line change
Expand Up @@ -879,6 +879,8 @@ tink_objc_proto_library(
":hmac_objc_pb",
":kms_aead_objc_pb",
":kms_envelope_objc_pb",
":rsa_ssa_pkcs1_objc_pb",
":rsa_ssa_pss_objc_pb",
":tink_objc_pb",
":xchacha20_poly1305_objc_pb",
],
Expand Down

0 comments on commit ced9050

Please sign in to comment.