xref: /aosp_15_r20/external/tink/go/streamingaead/streamingaead_key_templates.go (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1// Copyright 2020 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//      http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14//
15////////////////////////////////////////////////////////////////////////////////
16
17package streamingaead
18
19import (
20	"fmt"
21
22	"google.golang.org/protobuf/proto"
23	"github.com/google/tink/go/internal/tinkerror"
24	ctrhmacpb "github.com/google/tink/go/proto/aes_ctr_hmac_streaming_go_proto"
25	gcmhkdfpb "github.com/google/tink/go/proto/aes_gcm_hkdf_streaming_go_proto"
26	commonpb "github.com/google/tink/go/proto/common_go_proto"
27	hmacpb "github.com/google/tink/go/proto/hmac_go_proto"
28	tinkpb "github.com/google/tink/go/proto/tink_go_proto"
29)
30
31// This file contains pre-generated KeyTemplates for streaming AEAD keys. One can use these templates
32// to generate new Keysets.
33
34// AES128GCMHKDF4KBKeyTemplate is a KeyTemplate that generates an AES-GCM key with the following parameters:
35//   - Main key size: 16 bytes
36//   - HKDF algo: HMAC-SHA256
37//   - Size of AES-GCM derived keys: 16 bytes
38//   - Ciphertext segment size: 4096 bytes
39func AES128GCMHKDF4KBKeyTemplate() *tinkpb.KeyTemplate {
40	return newAESGCMHKDFKeyTemplate(16, commonpb.HashType_SHA256, 16, 4096)
41}
42
43// AES128GCMHKDF1MBKeyTemplate is a KeyTemplate that generates an AES-GCM key with the following parameters:
44//   - Main key size: 16 bytes
45//   - HKDF algo: HMAC-SHA256
46//   - Size of AES-GCM derived keys: 16 bytes
47//   - Ciphertext segment size: 1048576 bytes (1 MB)
48func AES128GCMHKDF1MBKeyTemplate() *tinkpb.KeyTemplate {
49	return newAESGCMHKDFKeyTemplate(16, commonpb.HashType_SHA256, 16, 1048576)
50}
51
52// AES256GCMHKDF4KBKeyTemplate is a KeyTemplate that generates an AES-GCM key with the following parameters:
53//   - Main key size: 32 bytes
54//   - HKDF algo: HMAC-SHA256
55//   - Size of AES-GCM derived keys: 32 bytes
56//   - Ciphertext segment size: 4096 bytes
57func AES256GCMHKDF4KBKeyTemplate() *tinkpb.KeyTemplate {
58	return newAESGCMHKDFKeyTemplate(32, commonpb.HashType_SHA256, 32, 4096)
59}
60
61// AES256GCMHKDF1MBKeyTemplate is a KeyTemplate that generates an AES-GCM key with the following parameters:
62//   - Main key size: 32 bytes
63//   - HKDF algo: HMAC-SHA256
64//   - Size of AES-GCM derived keys: 32 bytes
65//   - Ciphertext segment size: 1048576 bytes (1 MB)
66func AES256GCMHKDF1MBKeyTemplate() *tinkpb.KeyTemplate {
67	return newAESGCMHKDFKeyTemplate(32, commonpb.HashType_SHA256, 32, 1048576)
68}
69
70// AES128CTRHMACSHA256Segment4KBKeyTemplate is a KeyTemplate that generates an
71// AES-CTR-HMAC key with the following parameters:
72//   - Main key size: 16 bytes
73//   - HKDF algorthim: HMAC-SHA256
74//   - AES-CTR derived key size: 16 bytes
75//   - Tag algorithm: HMAC-SHA256
76//   - Tag size: 32 bytes
77//   - Ciphertext segment size: 4096 bytes (4 KB)
78func AES128CTRHMACSHA256Segment4KBKeyTemplate() *tinkpb.KeyTemplate {
79	return newAESCTRHMACKeyTemplate(16, commonpb.HashType_SHA256, 16, commonpb.HashType_SHA256, 32, 4096)
80}
81
82// AES128CTRHMACSHA256Segment1MBKeyTemplate is a KeyTemplate that generates an
83// AES-CTR-HMAC key with the following parameters:
84//   - Main key size: 16 bytes
85//   - HKDF algorthim: HMAC-SHA256
86//   - AES-CTR derived key size: 16 bytes
87//   - Tag algorithm: HMAC-SHA256
88//   - Tag size: 32 bytes
89//   - Ciphertext segment size: 1048576 bytes (1 MB)
90func AES128CTRHMACSHA256Segment1MBKeyTemplate() *tinkpb.KeyTemplate {
91	return newAESCTRHMACKeyTemplate(16, commonpb.HashType_SHA256, 16, commonpb.HashType_SHA256, 32, 1048576)
92}
93
94// AES256CTRHMACSHA256Segment4KBKeyTemplate is a KeyTemplate that generates an
95// AES-CTR-HMAC key with the following parameters:
96//   - Main key size: 32 bytes
97//   - HKDF algorthim: HMAC-SHA256
98//   - AES-CTR derived key size: 32 bytes
99//   - Tag algorithm: HMAC-SHA256
100//   - Tag size: 32 bytes
101//   - Ciphertext segment size: 4096 bytes (4 KB)
102func AES256CTRHMACSHA256Segment4KBKeyTemplate() *tinkpb.KeyTemplate {
103	return newAESCTRHMACKeyTemplate(32, commonpb.HashType_SHA256, 32, commonpb.HashType_SHA256, 32, 4096)
104}
105
106// AES256CTRHMACSHA256Segment1MBKeyTemplate is a KeyTemplate that generates an
107// AES-CTR-HMAC key with the following parameters:
108//   - Main key size: 32 bytes
109//   - HKDF algorthim: HMAC-SHA256
110//   - AES-CTR derived key size: 32 bytes
111//   - Tag algorithm: HMAC-SHA256
112//   - Tag size: 32 bytes
113//   - Ciphertext segment size: 1048576 bytes (1 MB)
114func AES256CTRHMACSHA256Segment1MBKeyTemplate() *tinkpb.KeyTemplate {
115	return newAESCTRHMACKeyTemplate(32, commonpb.HashType_SHA256, 32, commonpb.HashType_SHA256, 32, 1048576)
116}
117
118// newAESGCMHKDFKeyTemplate creates a KeyTemplate containing a AesGcmHkdfStreamingKeyFormat with
119// specified parameters.
120func newAESGCMHKDFKeyTemplate(mainKeySize uint32, hkdfHashType commonpb.HashType, derivedKeySize, ciphertextSegmentSize uint32) *tinkpb.KeyTemplate {
121	serializedFormat, err := proto.Marshal(&gcmhkdfpb.AesGcmHkdfStreamingKeyFormat{
122		KeySize: mainKeySize,
123		Params: &gcmhkdfpb.AesGcmHkdfStreamingParams{
124			CiphertextSegmentSize: ciphertextSegmentSize,
125			DerivedKeySize:        derivedKeySize,
126			HkdfHashType:          hkdfHashType,
127		},
128	})
129	if err != nil {
130		tinkerror.Fail(fmt.Sprintf("failed to marshal key: %s", err))
131	}
132	return &tinkpb.KeyTemplate{
133		TypeUrl:          aesGCMHKDFTypeURL,
134		Value:            serializedFormat,
135		OutputPrefixType: tinkpb.OutputPrefixType_RAW,
136	}
137}
138
139// newAESCTRHMACKeyTemplate creates a KeyTemplate containing a
140// AesCtrHmacStreamingKeyFormat with the specified parameters.
141func newAESCTRHMACKeyTemplate(mainKeySize uint32, hkdfHashType commonpb.HashType, derivedKeySize uint32, tagAlg commonpb.HashType, tagSize, ciphertextSegmentSize uint32) *tinkpb.KeyTemplate {
142	serializedFormat, err := proto.Marshal(&ctrhmacpb.AesCtrHmacStreamingKeyFormat{
143		KeySize: mainKeySize,
144		Params: &ctrhmacpb.AesCtrHmacStreamingParams{
145			CiphertextSegmentSize: ciphertextSegmentSize,
146			DerivedKeySize:        derivedKeySize,
147			HkdfHashType:          hkdfHashType,
148			HmacParams: &hmacpb.HmacParams{
149				Hash:    tagAlg,
150				TagSize: tagSize,
151			},
152		},
153	})
154	if err != nil {
155		tinkerror.Fail(fmt.Sprintf("failed to marshal key: %s", err))
156	}
157	return &tinkpb.KeyTemplate{
158		TypeUrl:          aesCTRHMACTypeURL,
159		Value:            serializedFormat,
160		OutputPrefixType: tinkpb.OutputPrefixType_RAW,
161	}
162}
163