xref: /aosp_15_r20/external/tink/cc/streamingaead/streaming_aead_key_templates.h (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1 // Copyright 2019 Google Inc.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ///////////////////////////////////////////////////////////////////////////////
16 
17 #ifndef TINK_STREAMINGAEAD_STREAMING_AEAD_KEY_TEMPLATES_H_
18 #define TINK_STREAMINGAEAD_STREAMING_AEAD_KEY_TEMPLATES_H_
19 
20 #include "proto/tink.pb.h"
21 
22 namespace crypto {
23 namespace tink {
24 
25 ///////////////////////////////////////////////////////////////////////////////
26 // Pre-generated KeyTemplate for StreamingAead key types. One can use these
27 // templates to generate new KeysetHandle object with fresh keys.
28 // To generate a new keyset that contains a single AesGcmKey, one can do:
29 //
30 //   auto status = StreamingAeadConfig::Register();
31 //   if (!status.ok()) { /* fail with error */ }
32 //   auto handle_result = KeysetHandle::GenerateNew(
33 //       StreamingAeadKeyTemplates::Aes128GcmHkdf4KB());
34 //   if (!handle_result.ok()) { /* fail with error */ }
35 //   auto keyset_handle = std::move(handle_result.value());
36 class StreamingAeadKeyTemplates {
37  public:
38   // Returns a KeyTemplate that generates new instances of
39   // AesGcmHkdfStreamingKey with the following parameters:
40   //   - main key (ikm) size: 16 bytes
41   //   - HKDF algorithm: HMAC-SHA256
42   //   - size of derived AES-GCM keys: 16 bytes
43   //   - ciphertext segment size: 4096 bytes
44   //   - OutputPrefixType: RAW
45   static const google::crypto::tink::KeyTemplate& Aes128GcmHkdf4KB();
46 
47   // Returns a KeyTemplate that generates new instances of
48   // AesGcmHkdfStreamingKey with the following parameters:
49   //   - main key (ikm) size: 32 bytes
50   //   - HKDF algorithm: HMAC-SHA256
51   //   - size of derived AES-GCM keys: 32 bytes
52   //   - ciphertext segment size: 4096 bytes
53   //   - OutputPrefixType: RAW
54   static const google::crypto::tink::KeyTemplate& Aes256GcmHkdf4KB();
55 
56   // Returns a KeyTemplate that generates new instances of
57   // AesGcmHkdfStreamingKey with the following parameters:
58   //   - main key (ikm) size: 32 bytes
59   //   - HKDF algorithm: HMAC-SHA256
60   //   - size of derived AES-GCM keys: 32 bytes
61   //   - ciphertext segment size: 1048576 bytes (1 MB)
62   //   - OutputPrefixType: RAW
63   static const google::crypto::tink::KeyTemplate& Aes256GcmHkdf1MB();
64 
65   // Returns a KeyTemplate that generates new instances of
66   // AesCtrHmacStreamingKey with the following parameters:
67   //   - main key (ikm) size: 16 bytes
68   //   - HKDF algorithm: HMAC-SHA256
69   //   - size of derived AES-CTR keys: 16 bytes
70   //   - tag algorithm: HMAC-SHA256
71   //   - tag size: 32 bytes
72   //   - ciphertext segment size: 4096 bytes
73   //   - OutputPrefixType: RAW
74   static const google::crypto::tink::KeyTemplate&
75   Aes128CtrHmacSha256Segment4KB();
76 
77   // Returns a KeyTemplate that generates new instances of
78   // AesCtrHmacStreamingKey with the following parameters:
79   //   - main key (ikm) size: 16 bytes
80   //   - HKDF algorithm: HMAC-SHA256
81   //   - size of derived AES-CTR keys: 16 bytes
82   //   - tag algorithm: HMAC-SHA256
83   //   - tag size: 32 bytes
84   //   - ciphertext segment size: 1048576 bytes (1 MB)
85   //   - OutputPrefixType: RAW
86   static const google::crypto::tink::KeyTemplate&
87   Aes128CtrHmacSha256Segment1MB();
88 
89   // Returns a KeyTemplate that generates new instances of
90   // AesCtrHmacStreamingKey with the following parameters:
91   //   - main key (ikm) size: 32 bytes
92   //   - HKDF algorithm: HMAC-SHA256
93   //   - size of derived AES-CTR keys: 32 bytes
94   //   - tag algorithm: HMAC-SHA256
95   //   - tag size: 32 bytes
96   //   - ciphertext segment size: 4096 bytes
97   //   - OutputPrefixType: RAW
98   static const google::crypto::tink::KeyTemplate&
99   Aes256CtrHmacSha256Segment4KB();
100 
101   // Returns a KeyTemplate that generates new instances of
102   // AesCtrHmacStreamingKey with the following parameters:
103   //   - main key (ikm) size: 32 bytes
104   //   - HKDF algorithm: HMAC-SHA256
105   //   - size of derived AES-CTR keys: 32 bytes
106   //   - tag algorithm: HMAC-SHA256
107   //   - tag size: 32 bytes
108   //   - ciphertext segment size: 1048576 bytes (1 MB)
109   //   - OutputPrefixType: RAW
110   static const google::crypto::tink::KeyTemplate&
111   Aes256CtrHmacSha256Segment1MB();
112 };
113 
114 }  // namespace tink
115 }  // namespace crypto
116 
117 #endif  // TINK_STREAMINGAEAD_STREAMING_AEAD_KEY_TEMPLATES_H_
118