1# Copyright 2021 Google LLC 2# 3# Licensed under the Apache License, Version 2.0 (the "License"); 4# you may not use this file except in compliance with the License. 5# You may obtain a copy of the License at 6# 7# http://www.apache.org/licenses/LICENSE-2.0 8# 9# Unless required by applicable law or agreed to in writing, software 10# distributed under the License is distributed on an "AS IS" BASIS, 11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12# See the License for the specific language governing permissions and 13"""Pre-generated JWT KeyTemplate.""" 14 15from tink.proto import jwt_ecdsa_pb2 16from tink.proto import jwt_hmac_pb2 17from tink.proto import jwt_rsa_ssa_pkcs1_pb2 18from tink.proto import jwt_rsa_ssa_pss_pb2 19from tink.proto import tink_pb2 20from tink.internal import big_integer_util 21 22 23_F4 = 65537 24 25 26def _create_jwt_hmac_template( 27 algorithm: jwt_hmac_pb2.JwtHmacAlgorithm, key_size: int, 28 output_prefix_type: tink_pb2.OutputPrefixType) -> tink_pb2.KeyTemplate: 29 key_format = jwt_hmac_pb2.JwtHmacKeyFormat( 30 algorithm=algorithm, key_size=key_size) 31 return tink_pb2.KeyTemplate( 32 type_url='type.googleapis.com/google.crypto.tink.JwtHmacKey', 33 value=key_format.SerializeToString(), 34 output_prefix_type=output_prefix_type) 35 36 37def _create_jwt_ecdsa_template( 38 algorithm: jwt_ecdsa_pb2.JwtEcdsaAlgorithm, 39 output_prefix_type: tink_pb2.OutputPrefixType) -> tink_pb2.KeyTemplate: 40 key_format = jwt_ecdsa_pb2.JwtEcdsaKeyFormat( 41 algorithm=algorithm) 42 return tink_pb2.KeyTemplate( 43 type_url='type.googleapis.com/google.crypto.tink.JwtEcdsaPrivateKey', 44 value=key_format.SerializeToString(), 45 output_prefix_type=output_prefix_type) 46 47 48def _create_jwt_rsa_ssa_pkcs1_template( 49 algorithm: jwt_rsa_ssa_pkcs1_pb2.JwtRsaSsaPkcs1Algorithm, modulus_size: int, 50 output_prefix_type: tink_pb2.OutputPrefixType) -> tink_pb2.KeyTemplate: 51 key_format = jwt_rsa_ssa_pkcs1_pb2.JwtRsaSsaPkcs1KeyFormat( 52 algorithm=algorithm, 53 modulus_size_in_bits=modulus_size, 54 public_exponent=big_integer_util.num_to_bytes(_F4)) 55 return tink_pb2.KeyTemplate( 56 type_url='type.googleapis.com/google.crypto.tink.JwtRsaSsaPkcs1PrivateKey', 57 value=key_format.SerializeToString(), 58 output_prefix_type=output_prefix_type) 59 60 61def _create_jwt_rsa_ssa_pss_template( 62 algorithm: jwt_rsa_ssa_pss_pb2.JwtRsaSsaPssAlgorithm, modulus_size: int, 63 output_prefix_type: tink_pb2.OutputPrefixType) -> tink_pb2.KeyTemplate: 64 key_format = jwt_rsa_ssa_pss_pb2.JwtRsaSsaPssKeyFormat( 65 algorithm=algorithm, 66 modulus_size_in_bits=modulus_size, 67 public_exponent=big_integer_util.num_to_bytes(_F4)) 68 return tink_pb2.KeyTemplate( 69 type_url='type.googleapis.com/google.crypto.tink.JwtRsaSsaPssPrivateKey', 70 value=key_format.SerializeToString(), 71 output_prefix_type=output_prefix_type) 72 73 74# Hmac Templates 75def jwt_hs256_template() -> tink_pb2.KeyTemplate: 76 return _create_jwt_hmac_template(jwt_hmac_pb2.HS256, 32, tink_pb2.TINK) 77 78 79def raw_jwt_hs256_template() -> tink_pb2.KeyTemplate: 80 return _create_jwt_hmac_template(jwt_hmac_pb2.HS256, 32, tink_pb2.RAW) 81 82 83def jwt_hs384_template() -> tink_pb2.KeyTemplate: 84 return _create_jwt_hmac_template(jwt_hmac_pb2.HS384, 48, tink_pb2.TINK) 85 86 87def raw_jwt_hs384_template() -> tink_pb2.KeyTemplate: 88 return _create_jwt_hmac_template(jwt_hmac_pb2.HS384, 48, tink_pb2.RAW) 89 90 91def jwt_hs512_template() -> tink_pb2.KeyTemplate: 92 return _create_jwt_hmac_template(jwt_hmac_pb2.HS512, 64, tink_pb2.TINK) 93 94 95def raw_jwt_hs512_template() -> tink_pb2.KeyTemplate: 96 return _create_jwt_hmac_template(jwt_hmac_pb2.HS512, 64, tink_pb2.RAW) 97 98 99# ECDSA Templates 100def jwt_es256_template() -> tink_pb2.KeyTemplate: 101 return _create_jwt_ecdsa_template(jwt_ecdsa_pb2.ES256, tink_pb2.TINK) 102 103 104def raw_jwt_es256_template() -> tink_pb2.KeyTemplate: 105 return _create_jwt_ecdsa_template(jwt_ecdsa_pb2.ES256, tink_pb2.RAW) 106 107 108def jwt_es384_template() -> tink_pb2.KeyTemplate: 109 return _create_jwt_ecdsa_template(jwt_ecdsa_pb2.ES384, tink_pb2.TINK) 110 111 112def raw_jwt_es384_template() -> tink_pb2.KeyTemplate: 113 return _create_jwt_ecdsa_template(jwt_ecdsa_pb2.ES384, tink_pb2.RAW) 114 115 116def jwt_es512_template() -> tink_pb2.KeyTemplate: 117 return _create_jwt_ecdsa_template(jwt_ecdsa_pb2.ES512, tink_pb2.TINK) 118 119 120def raw_jwt_es512_template() -> tink_pb2.KeyTemplate: 121 return _create_jwt_ecdsa_template(jwt_ecdsa_pb2.ES512, tink_pb2.RAW) 122 123 124# RSA SSA PKCS1 Templates 125def jwt_rs256_2048_f4_template() -> tink_pb2.KeyTemplate: 126 return _create_jwt_rsa_ssa_pkcs1_template(jwt_rsa_ssa_pkcs1_pb2.RS256, 2048, 127 tink_pb2.TINK) 128 129 130def raw_jwt_rs256_2048_f4_template() -> tink_pb2.KeyTemplate: 131 return _create_jwt_rsa_ssa_pkcs1_template(jwt_rsa_ssa_pkcs1_pb2.RS256, 2048, 132 tink_pb2.RAW) 133 134 135def jwt_rs256_3072_f4_template() -> tink_pb2.KeyTemplate: 136 return _create_jwt_rsa_ssa_pkcs1_template(jwt_rsa_ssa_pkcs1_pb2.RS256, 3072, 137 tink_pb2.TINK) 138 139 140def raw_jwt_rs256_3072_f4_template() -> tink_pb2.KeyTemplate: 141 return _create_jwt_rsa_ssa_pkcs1_template(jwt_rsa_ssa_pkcs1_pb2.RS256, 3072, 142 tink_pb2.RAW) 143 144 145def jwt_rs384_3072_f4_template() -> tink_pb2.KeyTemplate: 146 return _create_jwt_rsa_ssa_pkcs1_template(jwt_rsa_ssa_pkcs1_pb2.RS384, 3072, 147 tink_pb2.TINK) 148 149 150def raw_jwt_rs384_3072_f4_template() -> tink_pb2.KeyTemplate: 151 return _create_jwt_rsa_ssa_pkcs1_template(jwt_rsa_ssa_pkcs1_pb2.RS384, 3072, 152 tink_pb2.RAW) 153 154 155def jwt_rs512_4096_f4_template() -> tink_pb2.KeyTemplate: 156 return _create_jwt_rsa_ssa_pkcs1_template(jwt_rsa_ssa_pkcs1_pb2.RS512, 4096, 157 tink_pb2.TINK) 158 159 160def raw_jwt_rs512_4096_f4_template() -> tink_pb2.KeyTemplate: 161 return _create_jwt_rsa_ssa_pkcs1_template(jwt_rsa_ssa_pkcs1_pb2.RS512, 4096, 162 tink_pb2.RAW) 163 164 165# RSA SSA PSS Templates 166def jwt_ps256_2048_f4_template() -> tink_pb2.KeyTemplate: 167 return _create_jwt_rsa_ssa_pss_template(jwt_rsa_ssa_pss_pb2.PS256, 2048, 168 tink_pb2.TINK) 169 170 171def raw_jwt_ps256_2048_f4_template() -> tink_pb2.KeyTemplate: 172 return _create_jwt_rsa_ssa_pss_template(jwt_rsa_ssa_pss_pb2.PS256, 2048, 173 tink_pb2.RAW) 174 175 176def jwt_ps256_3072_f4_template() -> tink_pb2.KeyTemplate: 177 return _create_jwt_rsa_ssa_pss_template(jwt_rsa_ssa_pss_pb2.PS256, 3072, 178 tink_pb2.TINK) 179 180 181def raw_jwt_ps256_3072_f4_template() -> tink_pb2.KeyTemplate: 182 return _create_jwt_rsa_ssa_pss_template(jwt_rsa_ssa_pss_pb2.PS256, 3072, 183 tink_pb2.RAW) 184 185 186def jwt_ps384_3072_f4_template() -> tink_pb2.KeyTemplate: 187 return _create_jwt_rsa_ssa_pss_template(jwt_rsa_ssa_pss_pb2.PS384, 3072, 188 tink_pb2.TINK) 189 190 191def raw_jwt_ps384_3072_f4_template() -> tink_pb2.KeyTemplate: 192 return _create_jwt_rsa_ssa_pss_template(jwt_rsa_ssa_pss_pb2.PS384, 3072, 193 tink_pb2.RAW) 194 195 196def jwt_ps512_4096_f4_template() -> tink_pb2.KeyTemplate: 197 return _create_jwt_rsa_ssa_pss_template(jwt_rsa_ssa_pss_pb2.PS512, 4096, 198 tink_pb2.TINK) 199 200 201def raw_jwt_ps512_4096_f4_template() -> tink_pb2.KeyTemplate: 202 return _create_jwt_rsa_ssa_pss_template(jwt_rsa_ssa_pss_pb2.PS512, 4096, 203 tink_pb2.RAW) 204