1// Copyright 2022 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14// 15//////////////////////////////////////////////////////////////////////////////// 16 17package streamingprf 18 19import ( 20 "errors" 21 22 "google.golang.org/protobuf/proto" 23 "github.com/google/tink/go/core/registry" 24 "github.com/google/tink/go/keyset" 25 commonpb "github.com/google/tink/go/proto/common_go_proto" 26 hkdfpb "github.com/google/tink/go/proto/hkdf_prf_go_proto" 27 tinkpb "github.com/google/tink/go/proto/tink_go_proto" 28) 29 30// TODO(b/260619626): HKDF PRF and HKDF Streaming PRF currently share the same 31// type URL. This is fine as HKDFStreamingPRFKeyManager is not in the global 32// registry. HKDF PRF and HKDF Streaming PRF will eventually share the same key 33// manager, rendering this one obsolete. 34 35const ( 36 hkdfStreamingPRFKeyVersion = 0 37 hkdfPRFTypeURL = "type.googleapis.com/google.crypto.tink.HkdfPrfKey" 38) 39 40var ( 41 errInvalidHKDFStreamingPRFKey = errors.New("hkdf_streaming_prf_key_manager: invalid key") 42 errInvalidHKDFStreamingPRFKeyFormat = errors.New("hkdf_streaming_prf_key_manager: invalid key format") 43 errHKDFStreamingPRFNotImplemented = errors.New("hkdf_streaming_prf_key_manager: not implemented") 44) 45 46// HKDFStreamingPRFKeyManager is a KeyManager for HKDF Streaming PRF keys. It is 47// exported for use in keyderivation.prfBasedDeriver. This is not part of the 48// public API as this is in internal/. 49type HKDFStreamingPRFKeyManager struct{} 50 51var _ registry.KeyManager = (*HKDFStreamingPRFKeyManager)(nil) 52 53// Primitive constructs a primitive instance for the key given in serializedKey. 54func (km *HKDFStreamingPRFKeyManager) Primitive(serializedKey []byte) (interface{}, error) { 55 if len(serializedKey) == 0 { 56 return nil, errInvalidHKDFStreamingPRFKey 57 } 58 key := &hkdfpb.HkdfPrfKey{} 59 if err := proto.Unmarshal(serializedKey, key); err != nil { 60 return nil, errInvalidHKDFStreamingPRFKey 61 } 62 if keyset.ValidateKeyVersion(key.GetVersion(), hkdfStreamingPRFKeyVersion) != nil { 63 return nil, errInvalidHKDFStreamingPRFKey 64 } 65 hashName := commonpb.HashType_name[int32(key.GetParams().GetHash())] 66 return newHKDFStreamingPRF(hashName, key.GetKeyValue(), key.GetParams().GetSalt()) 67} 68 69// NewKey generates a new key according to specification in serializedKeyFormat. 70// It is not implemented for this KeyManager to prevent the generation of keys 71// of this key type. 72func (km *HKDFStreamingPRFKeyManager) NewKey(serializedKeyFormat []byte) (proto.Message, error) { 73 return nil, errHKDFStreamingPRFNotImplemented 74} 75 76// NewKeyData generates a new KeyData according to specification in 77// serializedkeyFormat. This should be used solely by the key management API. 78// It is not implemented for this KeyManager to prevent the generation of keys 79// of this key type. 80func (km *HKDFStreamingPRFKeyManager) NewKeyData(serializedKeyFormat []byte) (*tinkpb.KeyData, error) { 81 return nil, errHKDFStreamingPRFNotImplemented 82} 83 84// DoesSupport returns true iff this KeyManager supports key type identified by 85// typeURL. 86func (km *HKDFStreamingPRFKeyManager) DoesSupport(typeURL string) bool { 87 return typeURL == hkdfPRFTypeURL 88} 89 90// TypeURL returns the type URL that identifes the key type of keys managed by 91// this KeyManager. 92func (km *HKDFStreamingPRFKeyManager) TypeURL() string { 93 return hkdfPRFTypeURL 94} 95