Adding C++ Ecdsa and aux classes for signatures.

Change-Id: Ib2ec892a953c491d7ea91bc123f6668d217f57ff
ORIGINAL_AUTHOR=Bartosz Przydatek <[email protected]>
GitOrigin-RevId: c06a4aff179b9fdc93bcd217bac8e3e329844740

cc/BUILD

@@ -28,20 +28,27 @@ cc_library(
         "mac_config.h",
         "mac_factory.h",
         "public_key_sign.h",
+        "public_key_sign_factory.h",
         "public_key_verify.h",
+        "public_key_verify_factory.h",
         "registry.h",
+        "signature_config.h",
         "tink_config.h",
     ],
     deps = [
         ":aead",
         ":binary_keyset_reader",
+        ":hybrid_decrypt",
+        ":hybrid_encrypt",
         ":json_keyset_reader",
         ":key_manager",
         ":keyset_handle",
         ":keyset_manager",
         ":keyset_reader",
         ":mac",
         ":primitive_set",
+        ":public_key_sign",
+        ":public_key_verify",
         ":registry",
         "//cc/aead:aead_config",
         "//cc/aead:aead_factory",
@@ -52,6 +59,9 @@ cc_library(
         "//cc/hybrid:hybrid_encrypt_factory",
         "//cc/mac:mac_config",
         "//cc/mac:mac_factory",
+        "//cc/signature:public_key_sign_factory",
+        "//cc/signature:public_key_verify_factory",
+        "//cc/signature:signature_config",
         "//cc/util:errors",
         "//cc/util:ptr_util",
         "//cc/util:status",
@@ -100,6 +110,24 @@ cc_library(
     ],
 )
 
+cc_library(
+    name = "public_key_sign",
+    hdrs = ["public_key_sign.h"],
+    deps = [
+        "//cc/util:statusor",
+        "@com_google_absl//absl/strings",
+    ],
+)
+
+cc_library(
+    name = "public_key_verify",
+    hdrs = ["public_key_verify.h"],
+    deps = [
+        "//cc/util:status",
+        "@com_google_absl//absl/strings",
+    ],
+)
+
 cc_library(
     name = "keyset_reader",
     hdrs = ["keyset_reader.h"],
@@ -157,6 +185,8 @@ cc_library(
         ":hybrid_encrypt",
         ":key_manager",
         ":mac",
+        ":public_key_sign",
+        ":public_key_verify",
         ":registry",
         "//cc/util:errors",
         "//cc/util:status",

cc/config/BUILD

@@ -11,6 +11,7 @@ cc_library(
         "//cc:key_manager",
         "//cc/hybrid:hybrid_decrypt_config",
         "//cc/hybrid:hybrid_encrypt_config",
+        "//cc/signature:signature_config",
         "//cc/util:status",
         "//proto:config_cc_proto",
     ],

cc/config/tink_config.cc

@@ -21,6 +21,7 @@
 #include "cc/registry.h"
 #include "cc/hybrid/hybrid_encrypt_config.h"
 #include "cc/hybrid/hybrid_decrypt_config.h"
+#include "cc/signature/signature_config.h"
 #include "cc/util/status.h"
 
 namespace crypto {
@@ -35,6 +36,7 @@ google::crypto::tink::RegistryConfig* GenerateRegistryConfig() {
   config->add_entry()->MergeFrom(*Config::GetTinkKeyTypeEntry(
       HybridDecryptConfig::kCatalogueName, HybridDecryptConfig::kPrimitiveName,
       "EciesAeadHkdfPrivateKey", 0, true));
+  config->MergeFrom(SignatureConfig::Tink_1_1_0());
   config->set_config_name("TINK_1_1_0");
   return config;
 }
@@ -51,7 +53,9 @@ const google::crypto::tink::RegistryConfig& TinkConfig::Tink_1_1_0() {
 util::Status TinkConfig::Init() {
   auto status = HybridEncryptConfig::Init();  // includes Mac & Aead
   if (!status.ok()) return status;
-  return HybridDecryptConfig::Init();
+  status = HybridDecryptConfig::Init();
+  if (!status.ok()) return status;
+  return SignatureConfig::Init();
 }
 
 }  // namespace tink

cc/config/tink_config_test.cc

@@ -17,11 +17,13 @@
 #include "cc/config/tink_config.h"
 
 #include "cc/aead.h"
+#include "cc/catalogue.h"
+#include "cc/config.h"
 #include "cc/hybrid_decrypt.h"
 #include "cc/hybrid_encrypt.h"
 #include "cc/mac.h"
-#include "cc/catalogue.h"
-#include "cc/config.h"
+#include "cc/public_key_sign.h"
+#include "cc/public_key_verify.h"
 #include "cc/registry.h"
 #include "cc/util/status.h"
 #include "gtest/gtest.h"
@@ -51,6 +53,10 @@ class TinkConfigTest : public ::testing::Test {
 };
 
 TEST_F(TinkConfigTest, testBasic) {
+  std::string public_key_sign_key_type =
+      "type.googleapis.com/google.crypto.tink.EcdsaPrivateKey";
+  std::string public_key_verify_key_type =
+      "type.googleapis.com/google.crypto.tink.EcdsaPublicKey";
   std::string hybrid_encrypt_key_type =
       "type.googleapis.com/google.crypto.tink.EciesAeadHkdfPublicKey";
   std::string hybrid_decrypt_key_type =
@@ -63,7 +69,7 @@ TEST_F(TinkConfigTest, testBasic) {
       "type.googleapis.com/google.crypto.tink.HmacKey";
   auto& config = TinkConfig::Tink_1_1_0();
 
-  EXPECT_EQ(5, TinkConfig::Tink_1_1_0().entry_size());
+  EXPECT_EQ(7, TinkConfig::Tink_1_1_0().entry_size());
 
   EXPECT_EQ("TinkMac", config.entry(0).catalogue_name());
   EXPECT_EQ("Mac", config.entry(0).primitive_name());
@@ -95,6 +101,18 @@ TEST_F(TinkConfigTest, testBasic) {
   EXPECT_EQ(true, config.entry(4).new_key_allowed());
   EXPECT_EQ(0, config.entry(4).key_manager_version());
 
+  EXPECT_EQ("TinkPublicKeySign", config.entry(5).catalogue_name());
+  EXPECT_EQ("PublicKeySign", config.entry(5).primitive_name());
+  EXPECT_EQ(public_key_sign_key_type, config.entry(5).type_url());
+  EXPECT_EQ(true, config.entry(5).new_key_allowed());
+  EXPECT_EQ(0, config.entry(5).key_manager_version());
+
+  EXPECT_EQ("TinkPublicKeyVerify", config.entry(6).catalogue_name());
+  EXPECT_EQ("PublicKeyVerify", config.entry(6).primitive_name());
+  EXPECT_EQ(public_key_verify_key_type, config.entry(6).type_url());
+  EXPECT_EQ(true, config.entry(6).new_key_allowed());
+  EXPECT_EQ(0, config.entry(6).key_manager_version());
+
   // No key manager before registration.
   {
     auto manager_result = Registry::get_key_manager<Aead>(aes_gcm_key_type);
@@ -118,6 +136,18 @@ TEST_F(TinkConfigTest, testBasic) {
     EXPECT_FALSE(manager_result.ok());
     EXPECT_EQ(util::error::NOT_FOUND, manager_result.status().error_code());
   }
+  {
+    auto manager_result =
+        Registry::get_key_manager<PublicKeySign>(public_key_sign_key_type);
+    EXPECT_FALSE(manager_result.ok());
+    EXPECT_EQ(util::error::NOT_FOUND, manager_result.status().error_code());
+  }
+  {
+    auto manager_result =
+        Registry::get_key_manager<PublicKeyVerify>(public_key_verify_key_type);
+    EXPECT_FALSE(manager_result.ok());
+    EXPECT_EQ(util::error::NOT_FOUND, manager_result.status().error_code());
+  }
 
   // Registration of standard key types works.
   auto status = TinkConfig::Init();
@@ -148,6 +178,20 @@ TEST_F(TinkConfigTest, testBasic) {
     EXPECT_TRUE(manager_result.ValueOrDie()->DoesSupport(
         hybrid_decrypt_key_type));
   }
+  {
+    auto manager_result =
+        Registry::get_key_manager<PublicKeySign>(public_key_sign_key_type);
+    EXPECT_TRUE(manager_result.ok()) << manager_result.status();
+    EXPECT_TRUE(manager_result.ValueOrDie()->DoesSupport(
+        public_key_sign_key_type));
+  }
+  {
+    auto manager_result =
+        Registry::get_key_manager<PublicKeyVerify>(public_key_verify_key_type);
+    EXPECT_TRUE(manager_result.ok()) << manager_result.status();
+    EXPECT_TRUE(manager_result.ValueOrDie()->DoesSupport(
+        public_key_verify_key_type));
+  }
 }
 
 TEST_F(TinkConfigTest, testInit) {

cc/core/config.cc

@@ -16,6 +16,12 @@
 
 #include "cc/config.h"
 
+#include "cc/mac.h"
+#include "cc/aead.h"
+#include "cc/hybrid_decrypt.h"
+#include "cc/hybrid_encrypt.h"
+#include "cc/public_key_sign.h"
+#include "cc/public_key_verify.h"
 #include "absl/strings/ascii.h"
 #include "cc/util/errors.h"
 #include "cc/util/status.h"
@@ -67,7 +73,6 @@ util::Status Config::Register(
   for (const auto& entry : config.entry()) {
     util::Status status;
     std::string primitive_name = absl::AsciiStrToLower(entry.primitive_name());
-    std::string mac = "mac";
 
     if (primitive_name == "mac") {
       status = Register<Mac>(entry);
@@ -77,6 +82,10 @@ util::Status Config::Register(
       status = Register<HybridDecrypt>(entry);
     } else if (primitive_name == "hybridencrypt") {
       status = Register<HybridEncrypt>(entry);
+    } else if (primitive_name == "publickeysign") {
+      status = Register<PublicKeySign>(entry);
+    } else if (primitive_name == "publickeyverify") {
+      status = Register<PublicKeyVerify>(entry);
     } else {
       status = ToStatusF(crypto::tink::util::error::INVALID_ARGUMENT,
                          "A non-standard primitive '%s' '%s', "

cc/hybrid/ecies_aead_hkdf_public_key_manager.cc

@@ -65,21 +65,21 @@ StatusOr<std::unique_ptr<Message>> EciesAeadHkdfPublicKeyFactory::NewKey(
     const google::protobuf::Message& key_format) const {
   return util::Status(util::error::UNIMPLEMENTED,
                       "Operation not supported for public keys, "
-                      "please use a corresponding PrivateKeyManager.");
+                      "please use EciesAeadHkdfPrivateKeyManager.");
 }
 
 StatusOr<std::unique_ptr<Message>> EciesAeadHkdfPublicKeyFactory::NewKey(
     absl::string_view serialized_key_format) const {
   return util::Status(util::error::UNIMPLEMENTED,
                       "Operation not supported for public keys, "
-                      "please use a corresponding PrivateKeyManager.");
+                      "please use EciesAeadHkdfPrivateKeyManager.");
 }
 
 StatusOr<std::unique_ptr<KeyData>> EciesAeadHkdfPublicKeyFactory::NewKeyData(
     absl::string_view serialized_key_format) const {
   return util::Status(util::error::UNIMPLEMENTED,
                       "Operation not supported for public keys, "
-                      "please use a corresponding PrivateKeyManager.");
+                      "please use EciesAeadHkdfPrivateKeyManager.");
 }
 
 constexpr char EciesAeadHkdfPublicKeyManager::kKeyTypePrefix[];

cc/public_key_sign_factory.h

@@ -0,0 +1,22 @@
+// Copyright 2017 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+#ifndef TINK_PUBLIC_KEY_SIGN_FACTORY_H_
+#define TINK_PUBLIC_KEY_SIGN_FACTORY_H_
+
+#include "cc/signature/public_key_sign_factory.h"  // IWYU pragma: export
+
+#endif  // TINK_PUBLIC_KEY_SIGN_FACTORY_H_

cc/public_key_verify_factory.h

@@ -0,0 +1,22 @@
+// Copyright 2017 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+#ifndef TINK_PUBLIC_KEY_VERIFY_FACTORY_H_
+#define TINK_PUBLIC_KEY_VERIFY_FACTORY_H_
+
+#include "cc/signature/public_key_verify_factory.h"  // IWYU pragma: export
+
+#endif  // TINK_PUBLIC_KEY_VERIFY_FACTORY_H_