1 // Copyright 2018 Google Inc. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 // 15 /////////////////////////////////////////////////////////////////////////////// 16 17 #ifndef TINK_AEAD_AEAD_KEY_TEMPLATES_H_ 18 #define TINK_AEAD_AEAD_KEY_TEMPLATES_H_ 19 20 #include "absl/strings/string_view.h" 21 #include "proto/tink.pb.h" 22 23 namespace crypto { 24 namespace tink { 25 26 /////////////////////////////////////////////////////////////////////////////// 27 // Pre-generated KeyTemplate for Aead key types. One can use these templates 28 // to generate new KeysetHandle object with fresh keys. 29 // To generate a new keyset that contains a single AesGcmKey, one can do: 30 // 31 // auto status = AeadConfig::Register(); 32 // if (!status.ok()) { /* fail with error */ } 33 // auto handle_result = 34 // KeysetHandle::GenerateNew(AeadKeyTemplates::Aes128Gcm()); 35 // if (!handle_result.ok()) { /* fail with error */ } 36 // auto keyset_handle = std::move(handle_result.value()); 37 class AeadKeyTemplates { 38 public: 39 // Returns a KeyTemplate that generates new instances of AesEaxKey 40 // with the following parameters: 41 // - key size: 16 bytes 42 // - IV size: 16 bytes 43 // - tag size: 16 bytes 44 // - OutputPrefixType: TINK 45 static const google::crypto::tink::KeyTemplate& Aes128Eax(); 46 47 // Returns a KeyTemplate that generates new instances of AesEaxKey 48 // with the following parameters: 49 // - key size: 32 bytes 50 // - IV size: 16 bytes 51 // - tag size: 16 bytes 52 // - OutputPrefixType: TINK 53 static const google::crypto::tink::KeyTemplate& Aes256Eax(); 54 55 // Returns a KeyTemplate that generates new instances of AesGcmKey 56 // with the following parameters: 57 // - key size: 16 bytes 58 // - IV size: 12 bytes 59 // - tag size: 16 bytes 60 // - OutputPrefixType: TINK 61 static const google::crypto::tink::KeyTemplate& Aes128Gcm(); 62 63 // Returns a KeyTemplate that generates new instances of AesGcmKey 64 // with the following parameters: 65 // - key size: 16 bytes 66 // - IV size: 12 bytes 67 // - tag size: 16 bytes 68 // - OutputPrefixType: RAW 69 static const google::crypto::tink::KeyTemplate& Aes128GcmNoPrefix(); 70 71 // Returns a KeyTemplate that generates new instances of AesGcmKey 72 // with the following parameters: 73 // - key size: 32 bytes 74 // - IV size: 12 bytes 75 // - tag size: 16 bytes 76 // - OutputPrefixType: TINK 77 static const google::crypto::tink::KeyTemplate& Aes256Gcm(); 78 79 // Returns a KeyTemplate that generates new instances of AesGcmKey 80 // with the following parameters: 81 // - key size: 32 bytes 82 // - IV size: 12 bytes 83 // - tag size: 16 bytes 84 // - OutputPrefixType: RAW 85 static const google::crypto::tink::KeyTemplate& Aes256GcmNoPrefix(); 86 87 // Returns a KeyTemplate that generates new instances of AesGcmSivKey 88 // with the following parameters: 89 // - key size: 16 bytes 90 // - IV size: 12 bytes 91 // - tag size: 16 bytes 92 // - OutputPrefixType: TINK 93 static const google::crypto::tink::KeyTemplate& Aes128GcmSiv(); 94 95 // Returns a KeyTemplate that generates new instances of AesGcmSivKey 96 // with the following parameters: 97 // - key size: 32 bytes 98 // - IV size: 12 bytes 99 // - tag size: 16 bytes 100 // - OutputPrefixType: TINK 101 static const google::crypto::tink::KeyTemplate& Aes256GcmSiv(); 102 103 // Returns a KeyTemplate that generates new instances of AesCtrHmacAeadKey 104 // with the following parameters: 105 // - AES key size: 16 bytes 106 // - AES IV size: 16 bytes 107 // - HMAC key size: 32 bytes 108 // - HMAC tag size: 16 bytes 109 // - HMAC hash function: SHA256 110 // - OutputPrefixType: TINK 111 static const google::crypto::tink::KeyTemplate& Aes128CtrHmacSha256(); 112 113 // Returns a KeyTemplate that generates new instances of AesCtrHmacAeadKey 114 // with the following parameters: 115 // - AES key size: 32 bytes 116 // - AES IV size: 16 bytes 117 // - HMAC key size: 32 bytes 118 // - HMAC tag size: 32 bytes 119 // - HMAC hash function: SHA256 120 // - OutputPrefixType: TINK 121 static const google::crypto::tink::KeyTemplate& Aes256CtrHmacSha256(); 122 123 // Returns a KeyTemplate that generates new instances of XChaCha20Poly1305Key 124 // with the following parameters: 125 // - XChacha20 key size: 32 bytes 126 // - IV size: 24 bytes 127 // - OutputPrefixType: TINK 128 static const google::crypto::tink::KeyTemplate& XChaCha20Poly1305(); 129 130 // Returns a KeyTemplate that generates new instances of KmsEnvelopeAeadKey 131 // with the following parameters: 132 // - KEK is pointing to kek_uri 133 // - DEK template is dek_template 134 // - OutputPrefixType: RAW. This uses RAW output prefix to make it 135 // compatible with the remote KMS' encrypt/decrypt operations. Unlike other 136 // templates, when you generate new keys with this template, Tink does not 137 // generate new key material, but only creates a reference to the remote 138 // KEK. 139 static google::crypto::tink::KeyTemplate KmsEnvelopeAead( 140 absl::string_view kek_uri, 141 const google::crypto::tink::KeyTemplate& dek_template); 142 }; 143 144 } // namespace tink 145 } // namespace crypto 146 147 #endif // TINK_AEAD_AEAD_KEY_TEMPLATES_H_ 148