1# Copyright 2019 Google LLC 2# 3# Licensed under the Apache License, Version 2.0 (the "License"); 4# you may not use this file except in compliance with the License. 5# You may obtain a copy of the License at 6# 7# http://www.apache.org/licenses/LICENSE-2.0 8# 9# Unless required by applicable law or agreed to in writing, software 10# distributed under the License is distributed on an "AS IS" BASIS, 11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12# See the License for the specific language governing permissions and 13# limitations under the License. 14 15"""Pre-generated KeyTemplate for HybridEncryption. 16 17One can use these templates to generate a new tink_pb2.Keyset with 18tink_pb2.KeysetHandle. To generate a new keyset that contains a single 19tink_pb2.HmacKey, one can do: 20handle = keyset_handle.KeysetHandle(mac_key_templates.HMAC_SHA256_128BITTAG). 21""" 22 23import warnings 24 25from tink.proto import common_pb2 26from tink.proto import ecies_aead_hkdf_pb2 27from tink.proto import hpke_pb2 28from tink.proto import tink_pb2 29from tink import aead 30 31 32def _create_ecies_aead_hkdf_key_template( 33 curve_type: common_pb2.EllipticCurveType, 34 ec_point_format: common_pb2.EcPointFormat, hash_type: common_pb2.HashType, 35 dem_key_template: tink_pb2.KeyTemplate) -> tink_pb2.KeyTemplate: 36 """Creates an ECIES-AEAD-HKDF KeyTemplate, and fills in its values.""" 37 key_format = ecies_aead_hkdf_pb2.EciesAeadHkdfKeyFormat() 38 key_format.params.kem_params.curve_type = curve_type 39 key_format.params.kem_params.hkdf_hash_type = hash_type 40 key_format.params.dem_params.aead_dem.CopyFrom(dem_key_template) 41 key_format.params.ec_point_format = ec_point_format 42 43 key_template = tink_pb2.KeyTemplate() 44 key_template.type_url = ( 45 'type.googleapis.com/google.crypto.tink.EciesAeadHkdfPrivateKey') 46 key_template.value = key_format.SerializeToString() 47 key_template.output_prefix_type = tink_pb2.TINK 48 return key_template 49 50 51def _create_hpke_key_template( 52 hpke_kem: hpke_pb2.HpkeKem, hpke_kdf: hpke_pb2.HpkeKdf, 53 hpke_aead: hpke_pb2.HpkeAead, 54 output_prefix_type: tink_pb2.OutputPrefixType) -> tink_pb2.KeyTemplate: 55 """Creates an HPKE KeyTemplate, and fills in its values.""" 56 key_format = hpke_pb2.HpkeKeyFormat() 57 key_format.params.kem = hpke_kem 58 key_format.params.kdf = hpke_kdf 59 key_format.params.aead = hpke_aead 60 61 key_template = tink_pb2.KeyTemplate( 62 type_url='type.googleapis.com/google.crypto.tink.HpkePrivateKey', 63 value=key_format.SerializeToString(), 64 output_prefix_type=output_prefix_type, 65 ) 66 return key_template 67 68 69ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM = _create_ecies_aead_hkdf_key_template( 70 curve_type=common_pb2.NIST_P256, 71 ec_point_format=common_pb2.UNCOMPRESSED, 72 hash_type=common_pb2.SHA256, 73 dem_key_template=aead.aead_key_templates.AES128_GCM) 74 75ECIES_P256_COMPRESSED_HKDF_HMAC_SHA256_AES128_GCM = _create_ecies_aead_hkdf_key_template( 76 curve_type=common_pb2.NIST_P256, 77 ec_point_format=common_pb2.COMPRESSED, 78 hash_type=common_pb2.SHA256, 79 dem_key_template=aead.aead_key_templates.AES128_GCM) 80 81ECIES_P256_HKDF_HMAC_SHA256_AES128_CTR_HMAC_SHA256 = ( 82 _create_ecies_aead_hkdf_key_template( 83 curve_type=common_pb2.NIST_P256, 84 ec_point_format=common_pb2.UNCOMPRESSED, 85 hash_type=common_pb2.SHA256, 86 dem_key_template=aead.aead_key_templates.AES128_CTR_HMAC_SHA256)) 87 88ECIES_P256_COMPRESSED_HKDF_HMAC_SHA256_AES128_CTR_HMAC_SHA256 = ( 89 _create_ecies_aead_hkdf_key_template( 90 curve_type=common_pb2.NIST_P256, 91 ec_point_format=common_pb2.COMPRESSED, 92 hash_type=common_pb2.SHA256, 93 dem_key_template=aead.aead_key_templates.AES128_CTR_HMAC_SHA256)) 94 95DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM = ( 96 _create_hpke_key_template( 97 hpke_kem=hpke_pb2.DHKEM_X25519_HKDF_SHA256, 98 hpke_kdf=hpke_pb2.HKDF_SHA256, 99 hpke_aead=hpke_pb2.AES_128_GCM, 100 output_prefix_type=tink_pb2.TINK)) 101 102DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM_RAW = ( 103 _create_hpke_key_template( 104 hpke_kem=hpke_pb2.DHKEM_X25519_HKDF_SHA256, 105 hpke_kdf=hpke_pb2.HKDF_SHA256, 106 hpke_aead=hpke_pb2.AES_128_GCM, 107 output_prefix_type=tink_pb2.RAW)) 108 109DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_256_GCM = ( 110 _create_hpke_key_template( 111 hpke_kem=hpke_pb2.DHKEM_X25519_HKDF_SHA256, 112 hpke_kdf=hpke_pb2.HKDF_SHA256, 113 hpke_aead=hpke_pb2.AES_256_GCM, 114 output_prefix_type=tink_pb2.TINK)) 115 116DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_256_GCM_RAW = ( 117 _create_hpke_key_template( 118 hpke_kem=hpke_pb2.DHKEM_X25519_HKDF_SHA256, 119 hpke_kdf=hpke_pb2.HKDF_SHA256, 120 hpke_aead=hpke_pb2.AES_256_GCM, 121 output_prefix_type=tink_pb2.RAW)) 122 123DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_CHACHA20_POLY1305 = ( 124 _create_hpke_key_template( 125 hpke_kem=hpke_pb2.DHKEM_X25519_HKDF_SHA256, 126 hpke_kdf=hpke_pb2.HKDF_SHA256, 127 hpke_aead=hpke_pb2.CHACHA20_POLY1305, 128 output_prefix_type=tink_pb2.TINK)) 129 130DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_CHACHA20_POLY1305_RAW = ( 131 _create_hpke_key_template( 132 hpke_kem=hpke_pb2.DHKEM_X25519_HKDF_SHA256, 133 hpke_kdf=hpke_pb2.HKDF_SHA256, 134 hpke_aead=hpke_pb2.CHACHA20_POLY1305, 135 output_prefix_type=tink_pb2.RAW)) 136 137 138# Deprecated. Use the predefined constant templates above instead. 139def create_ecies_aead_hkdf_key_template( 140 curve_type: common_pb2.EllipticCurveType, 141 ec_point_format: common_pb2.EcPointFormat, hash_type: common_pb2.HashType, 142 dem_key_template: tink_pb2.KeyTemplate) -> tink_pb2.KeyTemplate: 143 warnings.warn( 144 'The "create_ecies_aead_hkdf_key_template" function is deprecated.', 145 DeprecationWarning, 2) 146 return _create_ecies_aead_hkdf_key_template(curve_type, ec_point_format, 147 hash_type, dem_key_template) 148