fix signer structures; cleanup

Signed-off-by: sal rashid <salrashid123@gmail.com>

README.md

@@ -541,6 +541,7 @@ go test -v ./aead -run ^TestAeadPCRFail$
 go test -v ./aead -run ^TestAeadOwnerPassword$
 go test -v ./aead -run ^TestAeadOwnerPasswordFail$
 
+### rsa tests
 
 go test -v ./signature -run ^TestSignVerify$
 go test -v ./signature -run ^TestSignVerifyFail$

proto/tinktpm.proto

@@ -14,10 +14,13 @@ message TPMKey {
   enum KeyType {
     SYMMETRIC = 0;
     HMAC = 1;
+    ASYMMETRIC = 2;    
   }
   oneof Key {
     HMACTpmKey hmacTpmKey = 3;
     AesCtrHmacAeadTpmKey aesCtrHmacAEADTpmKey = 4;
+    RsaSsaPkcs1PublicTpmKey rsassaPublicKey = 5;
+    RsaSsaPkcs1PrivateTpmKey rsassaPrivateKey = 6;
   }
 }
 
@@ -77,9 +80,6 @@ message AesCtrHmacAeadTpmKey {
 }
 
 
-
-
-
 message RsaSsaPkcs1Params {
   HashType hash_type = 1;
 }
@@ -96,13 +96,6 @@ message RsaSsaPkcs1PublicTpmKey {
 message RsaSsaPkcs1PrivateTpmKey {
   uint32 version = 1;
   RsaSsaPkcs1PublicTpmKey public_key = 2;
-  //bytes d = 3;
-  //bytes p = 4;
-  //bytes q = 5;
-  //bytes dp = 6;
-  //bytes dq = 7;
-  //bytes crt = 8;
-
   bytes keyfile = 3;
   bytes policy_digest = 4;   
 }

signature/tpm_rsassapkcs1_signer_key_manager.go

@@ -3,6 +3,7 @@ package signature
 import (
 	"bytes"
 	"errors"
+	"fmt"
 	"io"
 	"math/big"
 
@@ -49,10 +50,16 @@ func (km *tpmRSASSAPKCS1SignerKeyManager) Primitive(serializedKey []byte) (any,
 	if false {
 		return nil, errInvalidRSASSAPKCS1SignKey
 	}
-	key := &tinktpmprotopb.RsaSsaPkcs1PrivateTpmKey{}
-	if err := proto.Unmarshal(serializedKey, key); err != nil {
+	tkey := &tinktpmprotopb.TPMKey{}
+	if err := proto.Unmarshal(serializedKey, tkey); err != nil {
 		return nil, err
 	}
+
+	if tkey.KeyType != tinktpmprotopb.TPMKey_ASYMMETRIC {
+		return nil, fmt.Errorf("invalid keytype: %v", tkey.KeyType)
+	}
+
+	key := tkey.GetRsassaPrivateKey()
 	if err := validateRSAPKCS1PrivateKey(key); err != nil {
 		return nil, err
 	}
@@ -222,10 +229,6 @@ func (km *tpmRSASSAPKCS1SignerKeyManager) NewKey(serializedKeyFormat []byte) (pr
 
 	// *****************
 
-	// rsaKey, err := rsa.GenerateKey(rand.Reader, int(keyFormat.GetModulusSizeInBits()))
-	// if err != nil {
-	// 	return nil, fmt.Errorf("generating RSA key: %s", err)
-	// }
 	pubKey := &tinktpmprotopb.RsaSsaPkcs1PublicTpmKey{
 		Version: rsaSSAPKCS1SignerKeyVersion,
 		Params: &tinktpmprotopb.RsaSsaPkcs1Params{
@@ -234,22 +237,19 @@ func (km *tpmRSASSAPKCS1SignerKeyManager) NewKey(serializedKeyFormat []byte) (pr
 		N: rsaPub.N.Bytes(),
 		E: big.NewInt(int64(rsaPub.E)).Bytes(),
 	}
-	return &tinktpmprotopb.RsaSsaPkcs1PrivateTpmKey{
-		Version:   rsaSSAPKCS1SignerKeyVersion,
-		PublicKey: pubKey,
-		Keyfile:   rsaKeybytes.Bytes(),
-		// D:         rsaKey.D.Bytes(),
-		// P:         rsaKey.Primes[0].Bytes(),
-		// Q:         rsaKey.Primes[1].Bytes(),
-		// Dp:        rsaKey.Precomputed.Dp.Bytes(),
-		// Dq:        rsaKey.Precomputed.Dq.Bytes(),
-		// In crypto/rsa `Qinv` is the "Chinese Remainder Theorem
-		// coefficient q^(-1) mod p". This corresponds with `Crt` in
-		// the Tink proto. This is unrelated to `CRTValues`, which
-		// contains values specifically for additional primes, which
-		// are not supported by Tink.
-		//Crt: rsaKey.Precomputed.Qinv.Bytes(),
+
+	return &tinktpmprotopb.TPMKey{
+		Version: common.TPMKeyVersion,
+		KeyType: tinktpmprotopb.TPMKey_ASYMMETRIC,
+		Key: &tinktpmprotopb.TPMKey_RsassaPrivateKey{
+			RsassaPrivateKey: &tinktpmprotopb.RsaSsaPkcs1PrivateTpmKey{
+				Version:   rsaSSAPKCS1SignerKeyVersion,
+				PublicKey: pubKey,
+				Keyfile:   rsaKeybytes.Bytes(),
+			},
+		},
 	}, nil
+
 }
 
 func (km *tpmRSASSAPKCS1SignerKeyManager) NewKeyData(serializedKeyFormat []byte) (*tinkpb.KeyData, error) {
@@ -270,10 +270,14 @@ func (km *tpmRSASSAPKCS1SignerKeyManager) NewKeyData(serializedKeyFormat []byte)
 
 // PublicKeyData extracts the public key data from the private key.
 func (km *tpmRSASSAPKCS1SignerKeyManager) PublicKeyData(serializedPrivKey []byte) (*tinkpb.KeyData, error) {
-	privKey := &tinktpmprotopb.RsaSsaPkcs1PrivateTpmKey{}
-	if err := proto.Unmarshal(serializedPrivKey, privKey); err != nil {
+
+	tkey := &tinktpmprotopb.TPMKey{}
+	if err := proto.Unmarshal(serializedPrivKey, tkey); err != nil {
 		return nil, err
 	}
+
+	privKey := tkey.GetRsassaPrivateKey()
+
 	if err := validateRSAPKCS1PrivateKey(privKey); err != nil {
 		return nil, err
 	}

signature/verifier_factory.go

@@ -44,32 +44,13 @@ func newWrappedVerifier(ps *primitiveset.PrimitiveSet) (*wrappedVerifier, error)
 			}
 		}
 	}
-	// logger, err := createVerifierLogger(ps)
-	// if err != nil {
-	// 	return nil, err
-	// }
+
 	return &wrappedVerifier{
 		ps:     ps,
 		logger: nil,
 	}, nil
 }
 
-// func createVerifierLogger(ps *primitiveset.PrimitiveSet) (monitoring.Logger, error) {
-// 	// only keysets which contain annotations are monitored.
-// 	if len(ps.Annotations) == 0 {
-// 		return &monitoringutil.DoNothingLogger{}, nil
-// 	}
-// 	keysetInfo, err := monitoringutil.KeysetInfoFromPrimitiveSet(ps)
-// 	if err != nil {
-// 		return nil, err
-// 	}
-// 	return internalregistry.GetMonitoringClient().NewLogger(&monitoring.Context{
-// 		KeysetInfo:  keysetInfo,
-// 		Primitive:   "public_key_verify",
-// 		APIFunction: "verify",
-// 	})
-// }
-
 var errInvalidSignature = errors.New("verifier_factory: invalid signature")
 
 // Verify checks whether the given signature is a valid signature of the given data.