// // Decompiled by Procyon v0.6.0 // package com.google.crypto.tink.signature; import com.google.crypto.tink.proto.KeyData; import com.google.protobuf.MessageLite; import com.google.protobuf.Parser; import com.google.crypto.tink.internal.LegacyKeyManagerImpl; import com.google.crypto.tink.subtle.RsaSsaPkcs1VerifyJce; import com.google.crypto.tink.subtle.RsaSsaPkcs1SignJce; import com.google.crypto.tink.internal.TinkBugException; import com.google.crypto.tink.KeyTemplate; import com.google.crypto.tink.internal.KeyManagerRegistry; import com.google.crypto.tink.internal.MutableKeyCreationRegistry; import com.google.crypto.tink.internal.MutablePrimitiveRegistry; import com.google.crypto.tink.internal.MutableParametersRegistry; import com.google.crypto.tink.signature.internal.RsaSsaPkcs1ProtoSerialization; import java.util.HashMap; import com.google.crypto.tink.Parameters; import java.util.Map; import com.google.crypto.tink.AccessesPartialKey; import java.security.GeneralSecurityException; import java.security.KeyPair; import com.google.crypto.tink.util.SecretBigInteger; import com.google.crypto.tink.InsecureSecretKeyAccess; import java.security.interfaces.RSAPrivateCrtKey; import java.security.interfaces.RSAPublicKey; import java.security.spec.AlgorithmParameterSpec; import java.security.spec.RSAKeyGenParameterSpec; import java.math.BigInteger; import com.google.crypto.tink.subtle.EngineFactory; import java.security.KeyPairGenerator; import javax.annotation.Nullable; import com.google.crypto.tink.config.internal.TinkFipsUtil; import com.google.crypto.tink.internal.KeyCreator; import com.google.crypto.tink.KeyManager; import com.google.crypto.tink.PrivateKeyManager; import com.google.crypto.tink.PublicKeyVerify; import com.google.crypto.tink.PublicKeySign; import com.google.crypto.tink.internal.PrimitiveConstructor; public final class RsaSsaPkcs1SignKeyManager { private static final PrimitiveConstructor PUBLIC_KEY_SIGN_PRIMITIVE_CONSTRUCTOR; private static final PrimitiveConstructor PUBLIC_KEY_VERIFY_PRIMITIVE_CONSTRUCTOR; private static final PrivateKeyManager legacyPrivateKeyManager; private static final KeyManager legacyPublicKeyManager; private static final KeyCreator KEY_CREATOR; private static final TinkFipsUtil.AlgorithmFipsCompatibility FIPS; static String getKeyType() { return "type.googleapis.com/google.crypto.tink.RsaSsaPkcs1PrivateKey"; } @AccessesPartialKey private static RsaSsaPkcs1PrivateKey createKey(final RsaSsaPkcs1Parameters parameters, @Nullable final Integer idRequirement) throws GeneralSecurityException { final KeyPairGenerator keyGen = EngineFactory.KEY_PAIR_GENERATOR.getInstance("RSA"); final RSAKeyGenParameterSpec spec = new RSAKeyGenParameterSpec(parameters.getModulusSizeBits(), new BigInteger(1, parameters.getPublicExponent().toByteArray())); keyGen.initialize(spec); final KeyPair keyPair = keyGen.generateKeyPair(); final RSAPublicKey pubKey = (RSAPublicKey)keyPair.getPublic(); final RSAPrivateCrtKey privKey = (RSAPrivateCrtKey)keyPair.getPrivate(); final RsaSsaPkcs1PublicKey rsaSsaPkcs1PublicKey = RsaSsaPkcs1PublicKey.builder().setParameters(parameters).setModulus(pubKey.getModulus()).setIdRequirement(idRequirement).build(); return RsaSsaPkcs1PrivateKey.builder().setPublicKey(rsaSsaPkcs1PublicKey).setPrimes(SecretBigInteger.fromBigInteger(privKey.getPrimeP(), InsecureSecretKeyAccess.get()), SecretBigInteger.fromBigInteger(privKey.getPrimeQ(), InsecureSecretKeyAccess.get())).setPrivateExponent(SecretBigInteger.fromBigInteger(privKey.getPrivateExponent(), InsecureSecretKeyAccess.get())).setPrimeExponents(SecretBigInteger.fromBigInteger(privKey.getPrimeExponentP(), InsecureSecretKeyAccess.get()), SecretBigInteger.fromBigInteger(privKey.getPrimeExponentQ(), InsecureSecretKeyAccess.get())).setCrtCoefficient(SecretBigInteger.fromBigInteger(privKey.getCrtCoefficient(), InsecureSecretKeyAccess.get())).build(); } private static Map namedParameters() throws GeneralSecurityException { final Map result = new HashMap(); result.put("RSA_SSA_PKCS1_3072_SHA256_F4", PredefinedSignatureParameters.RSA_SSA_PKCS1_3072_SHA256_F4); result.put("RSA_SSA_PKCS1_3072_SHA256_F4_RAW", RsaSsaPkcs1Parameters.builder().setHashType(RsaSsaPkcs1Parameters.HashType.SHA256).setModulusSizeBits(3072).setPublicExponent(RsaSsaPkcs1Parameters.F4).setVariant(RsaSsaPkcs1Parameters.Variant.NO_PREFIX).build()); result.put("RSA_SSA_PKCS1_3072_SHA256_F4_WITHOUT_PREFIX", PredefinedSignatureParameters.RSA_SSA_PKCS1_3072_SHA256_F4_WITHOUT_PREFIX); result.put("RSA_SSA_PKCS1_4096_SHA512_F4", PredefinedSignatureParameters.RSA_SSA_PKCS1_4096_SHA512_F4); result.put("RSA_SSA_PKCS1_4096_SHA512_F4_RAW", RsaSsaPkcs1Parameters.builder().setHashType(RsaSsaPkcs1Parameters.HashType.SHA512).setModulusSizeBits(4096).setPublicExponent(RsaSsaPkcs1Parameters.F4).setVariant(RsaSsaPkcs1Parameters.Variant.NO_PREFIX).build()); return result; } public static void registerPair(final boolean newKeyAllowed) throws GeneralSecurityException { if (!RsaSsaPkcs1SignKeyManager.FIPS.isCompatible()) { throw new GeneralSecurityException("Can not use RSA SSA PKCS1 in FIPS-mode, as BoringCrypto module is not available."); } RsaSsaPkcs1ProtoSerialization.register(); MutableParametersRegistry.globalInstance().putAll(namedParameters()); MutablePrimitiveRegistry.globalInstance().registerPrimitiveConstructor(RsaSsaPkcs1SignKeyManager.PUBLIC_KEY_SIGN_PRIMITIVE_CONSTRUCTOR); MutablePrimitiveRegistry.globalInstance().registerPrimitiveConstructor(RsaSsaPkcs1SignKeyManager.PUBLIC_KEY_VERIFY_PRIMITIVE_CONSTRUCTOR); MutableKeyCreationRegistry.globalInstance().add(RsaSsaPkcs1SignKeyManager.KEY_CREATOR, RsaSsaPkcs1Parameters.class); KeyManagerRegistry.globalInstance().registerKeyManagerWithFipsCompatibility(RsaSsaPkcs1SignKeyManager.legacyPrivateKeyManager, RsaSsaPkcs1SignKeyManager.FIPS, newKeyAllowed); KeyManagerRegistry.globalInstance().registerKeyManagerWithFipsCompatibility(RsaSsaPkcs1SignKeyManager.legacyPublicKeyManager, RsaSsaPkcs1SignKeyManager.FIPS, false); } public static final KeyTemplate rsa3072SsaPkcs1Sha256F4Template() { return TinkBugException.exceptionIsBug(() -> KeyTemplate.createFrom(RsaSsaPkcs1Parameters.builder().setModulusSizeBits(3072).setPublicExponent(RsaSsaPkcs1Parameters.F4).setHashType(RsaSsaPkcs1Parameters.HashType.SHA256).setVariant(RsaSsaPkcs1Parameters.Variant.TINK).build())); } public static final KeyTemplate rawRsa3072SsaPkcs1Sha256F4Template() { return TinkBugException.exceptionIsBug(() -> KeyTemplate.createFrom(RsaSsaPkcs1Parameters.builder().setModulusSizeBits(3072).setPublicExponent(RsaSsaPkcs1Parameters.F4).setHashType(RsaSsaPkcs1Parameters.HashType.SHA256).setVariant(RsaSsaPkcs1Parameters.Variant.NO_PREFIX).build())); } public static final KeyTemplate rsa4096SsaPkcs1Sha512F4Template() { return TinkBugException.exceptionIsBug(() -> KeyTemplate.createFrom(RsaSsaPkcs1Parameters.builder().setModulusSizeBits(4096).setPublicExponent(RsaSsaPkcs1Parameters.F4).setHashType(RsaSsaPkcs1Parameters.HashType.SHA512).setVariant(RsaSsaPkcs1Parameters.Variant.TINK).build())); } public static final KeyTemplate rawRsa4096SsaPkcs1Sha512F4Template() { return TinkBugException.exceptionIsBug(() -> KeyTemplate.createFrom(RsaSsaPkcs1Parameters.builder().setModulusSizeBits(4096).setPublicExponent(RsaSsaPkcs1Parameters.F4).setHashType(RsaSsaPkcs1Parameters.HashType.SHA512).setVariant(RsaSsaPkcs1Parameters.Variant.NO_PREFIX).build())); } private RsaSsaPkcs1SignKeyManager() { } static { PUBLIC_KEY_SIGN_PRIMITIVE_CONSTRUCTOR = PrimitiveConstructor.create(RsaSsaPkcs1SignJce::create, RsaSsaPkcs1PrivateKey.class, PublicKeySign.class); PUBLIC_KEY_VERIFY_PRIMITIVE_CONSTRUCTOR = PrimitiveConstructor.create(RsaSsaPkcs1VerifyJce::create, RsaSsaPkcs1PublicKey.class, PublicKeyVerify.class); legacyPrivateKeyManager = LegacyKeyManagerImpl.createPrivateKeyManager(getKeyType(), PublicKeySign.class, com.google.crypto.tink.proto.RsaSsaPkcs1PrivateKey.parser()); legacyPublicKeyManager = LegacyKeyManagerImpl.create(RsaSsaPkcs1VerifyKeyManager.getKeyType(), PublicKeyVerify.class, KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC, com.google.crypto.tink.proto.RsaSsaPkcs1PublicKey.parser()); KEY_CREATOR = RsaSsaPkcs1SignKeyManager::createKey; FIPS = TinkFipsUtil.AlgorithmFipsCompatibility.ALGORITHM_REQUIRES_BORINGCRYPTO; } }