xref: /aosp_15_r20/external/tink/cc/aead/aead_key_templates.cc (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1*e7b1675dSTing-Kang Chang // Copyright 2018 Google Inc.
2*e7b1675dSTing-Kang Chang //
3*e7b1675dSTing-Kang Chang // Licensed under the Apache License, Version 2.0 (the "License");
4*e7b1675dSTing-Kang Chang // you may not use this file except in compliance with the License.
5*e7b1675dSTing-Kang Chang // You may obtain a copy of the License at
6*e7b1675dSTing-Kang Chang //
7*e7b1675dSTing-Kang Chang //     http://www.apache.org/licenses/LICENSE-2.0
8*e7b1675dSTing-Kang Chang //
9*e7b1675dSTing-Kang Chang // Unless required by applicable law or agreed to in writing, software
10*e7b1675dSTing-Kang Chang // distributed under the License is distributed on an "AS IS" BASIS,
11*e7b1675dSTing-Kang Chang // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12*e7b1675dSTing-Kang Chang // See the License for the specific language governing permissions and
13*e7b1675dSTing-Kang Chang // limitations under the License.
14*e7b1675dSTing-Kang Chang //
15*e7b1675dSTing-Kang Chang ///////////////////////////////////////////////////////////////////////////////
16*e7b1675dSTing-Kang Chang 
17*e7b1675dSTing-Kang Chang #include "tink/aead/aead_key_templates.h"
18*e7b1675dSTing-Kang Chang 
19*e7b1675dSTing-Kang Chang #include <string>
20*e7b1675dSTing-Kang Chang 
21*e7b1675dSTing-Kang Chang #include "absl/strings/string_view.h"
22*e7b1675dSTing-Kang Chang #include "proto/aes_ctr.pb.h"
23*e7b1675dSTing-Kang Chang #include "proto/aes_ctr_hmac_aead.pb.h"
24*e7b1675dSTing-Kang Chang #include "proto/aes_eax.pb.h"
25*e7b1675dSTing-Kang Chang #include "proto/aes_gcm.pb.h"
26*e7b1675dSTing-Kang Chang #include "proto/aes_gcm_siv.pb.h"
27*e7b1675dSTing-Kang Chang #include "proto/common.pb.h"
28*e7b1675dSTing-Kang Chang #include "proto/hmac.pb.h"
29*e7b1675dSTing-Kang Chang #include "proto/kms_envelope.pb.h"
30*e7b1675dSTing-Kang Chang #include "proto/tink.pb.h"
31*e7b1675dSTing-Kang Chang 
32*e7b1675dSTing-Kang Chang using google::crypto::tink::AesCtrHmacAeadKeyFormat;
33*e7b1675dSTing-Kang Chang using google::crypto::tink::AesEaxKeyFormat;
34*e7b1675dSTing-Kang Chang using google::crypto::tink::AesGcmKeyFormat;
35*e7b1675dSTing-Kang Chang using google::crypto::tink::AesGcmSivKeyFormat;
36*e7b1675dSTing-Kang Chang using google::crypto::tink::HashType;
37*e7b1675dSTing-Kang Chang using google::crypto::tink::KeyTemplate;
38*e7b1675dSTing-Kang Chang using google::crypto::tink::KmsEnvelopeAeadKeyFormat;
39*e7b1675dSTing-Kang Chang using google::crypto::tink::OutputPrefixType;
40*e7b1675dSTing-Kang Chang 
41*e7b1675dSTing-Kang Chang namespace crypto {
42*e7b1675dSTing-Kang Chang namespace tink {
43*e7b1675dSTing-Kang Chang 
44*e7b1675dSTing-Kang Chang namespace {
45*e7b1675dSTing-Kang Chang 
NewAesEaxKeyTemplate(int key_size_in_bytes,int iv_size_in_bytes)46*e7b1675dSTing-Kang Chang KeyTemplate* NewAesEaxKeyTemplate(int key_size_in_bytes, int iv_size_in_bytes) {
47*e7b1675dSTing-Kang Chang   KeyTemplate* key_template = new KeyTemplate;
48*e7b1675dSTing-Kang Chang   key_template->set_type_url(
49*e7b1675dSTing-Kang Chang       "type.googleapis.com/google.crypto.tink.AesEaxKey");
50*e7b1675dSTing-Kang Chang   key_template->set_output_prefix_type(OutputPrefixType::TINK);
51*e7b1675dSTing-Kang Chang   AesEaxKeyFormat key_format;
52*e7b1675dSTing-Kang Chang   key_format.set_key_size(key_size_in_bytes);
53*e7b1675dSTing-Kang Chang   key_format.mutable_params()->set_iv_size(iv_size_in_bytes);
54*e7b1675dSTing-Kang Chang   key_format.SerializeToString(key_template->mutable_value());
55*e7b1675dSTing-Kang Chang   return key_template;
56*e7b1675dSTing-Kang Chang }
57*e7b1675dSTing-Kang Chang 
NewAesGcmKeyTemplate(int key_size_in_bytes,OutputPrefixType output_prefix_type)58*e7b1675dSTing-Kang Chang KeyTemplate* NewAesGcmKeyTemplate(int key_size_in_bytes,
59*e7b1675dSTing-Kang Chang                                   OutputPrefixType output_prefix_type) {
60*e7b1675dSTing-Kang Chang   KeyTemplate* key_template = new KeyTemplate;
61*e7b1675dSTing-Kang Chang   key_template->set_type_url(
62*e7b1675dSTing-Kang Chang       "type.googleapis.com/google.crypto.tink.AesGcmKey");
63*e7b1675dSTing-Kang Chang   key_template->set_output_prefix_type(output_prefix_type);
64*e7b1675dSTing-Kang Chang   AesGcmKeyFormat key_format;
65*e7b1675dSTing-Kang Chang   key_format.set_key_size(key_size_in_bytes);
66*e7b1675dSTing-Kang Chang   key_format.SerializeToString(key_template->mutable_value());
67*e7b1675dSTing-Kang Chang   return key_template;
68*e7b1675dSTing-Kang Chang }
69*e7b1675dSTing-Kang Chang 
NewAesGcmSivKeyTemplate(int key_size_in_bytes)70*e7b1675dSTing-Kang Chang KeyTemplate* NewAesGcmSivKeyTemplate(int key_size_in_bytes) {
71*e7b1675dSTing-Kang Chang   KeyTemplate* key_template = new KeyTemplate;
72*e7b1675dSTing-Kang Chang   key_template->set_type_url(
73*e7b1675dSTing-Kang Chang       "type.googleapis.com/google.crypto.tink.AesGcmSivKey");
74*e7b1675dSTing-Kang Chang   key_template->set_output_prefix_type(OutputPrefixType::TINK);
75*e7b1675dSTing-Kang Chang   AesGcmSivKeyFormat key_format;
76*e7b1675dSTing-Kang Chang   key_format.set_key_size(key_size_in_bytes);
77*e7b1675dSTing-Kang Chang   key_format.SerializeToString(key_template->mutable_value());
78*e7b1675dSTing-Kang Chang   return key_template;
79*e7b1675dSTing-Kang Chang }
80*e7b1675dSTing-Kang Chang 
NewAesCtrHmacAeadKeyTemplate(int aes_key_size_in_bytes,int iv_size_in_bytes,int hmac_key_size_in_bytes,int tag_size_in_bytes,HashType hash_type)81*e7b1675dSTing-Kang Chang KeyTemplate* NewAesCtrHmacAeadKeyTemplate(int aes_key_size_in_bytes,
82*e7b1675dSTing-Kang Chang                                           int iv_size_in_bytes,
83*e7b1675dSTing-Kang Chang                                           int hmac_key_size_in_bytes,
84*e7b1675dSTing-Kang Chang                                           int tag_size_in_bytes,
85*e7b1675dSTing-Kang Chang                                           HashType hash_type) {
86*e7b1675dSTing-Kang Chang   KeyTemplate* key_template = new KeyTemplate;
87*e7b1675dSTing-Kang Chang   key_template->set_type_url(
88*e7b1675dSTing-Kang Chang       "type.googleapis.com/google.crypto.tink.AesCtrHmacAeadKey");
89*e7b1675dSTing-Kang Chang   key_template->set_output_prefix_type(OutputPrefixType::TINK);
90*e7b1675dSTing-Kang Chang   AesCtrHmacAeadKeyFormat key_format;
91*e7b1675dSTing-Kang Chang   auto aes_ctr_key_format = key_format.mutable_aes_ctr_key_format();
92*e7b1675dSTing-Kang Chang   aes_ctr_key_format->set_key_size(aes_key_size_in_bytes);
93*e7b1675dSTing-Kang Chang   aes_ctr_key_format->mutable_params()->set_iv_size(iv_size_in_bytes);
94*e7b1675dSTing-Kang Chang   auto hmac_key_format = key_format.mutable_hmac_key_format();
95*e7b1675dSTing-Kang Chang   hmac_key_format->set_key_size(hmac_key_size_in_bytes);
96*e7b1675dSTing-Kang Chang   hmac_key_format->mutable_params()->set_hash(hash_type);
97*e7b1675dSTing-Kang Chang   hmac_key_format->mutable_params()->set_tag_size(tag_size_in_bytes);
98*e7b1675dSTing-Kang Chang   key_format.SerializeToString(key_template->mutable_value());
99*e7b1675dSTing-Kang Chang   return key_template;
100*e7b1675dSTing-Kang Chang }
101*e7b1675dSTing-Kang Chang 
NewXChaCha20Poly1305KeyTemplate()102*e7b1675dSTing-Kang Chang KeyTemplate* NewXChaCha20Poly1305KeyTemplate() {
103*e7b1675dSTing-Kang Chang   KeyTemplate* key_template = new KeyTemplate;
104*e7b1675dSTing-Kang Chang   key_template->set_type_url(
105*e7b1675dSTing-Kang Chang       "type.googleapis.com/google.crypto.tink.XChaCha20Poly1305Key");
106*e7b1675dSTing-Kang Chang   key_template->set_output_prefix_type(OutputPrefixType::TINK);
107*e7b1675dSTing-Kang Chang   return key_template;
108*e7b1675dSTing-Kang Chang }
109*e7b1675dSTing-Kang Chang 
110*e7b1675dSTing-Kang Chang }  // anonymous namespace
111*e7b1675dSTing-Kang Chang 
112*e7b1675dSTing-Kang Chang // static
Aes128Eax()113*e7b1675dSTing-Kang Chang const KeyTemplate& AeadKeyTemplates::Aes128Eax() {
114*e7b1675dSTing-Kang Chang   static const KeyTemplate* key_template =
115*e7b1675dSTing-Kang Chang       NewAesEaxKeyTemplate(/* key_size_in_bytes= */ 16,
116*e7b1675dSTing-Kang Chang                            /* iv_size_in_bytes= */ 16);
117*e7b1675dSTing-Kang Chang   return *key_template;
118*e7b1675dSTing-Kang Chang }
119*e7b1675dSTing-Kang Chang 
120*e7b1675dSTing-Kang Chang // static
Aes256Eax()121*e7b1675dSTing-Kang Chang const KeyTemplate& AeadKeyTemplates::Aes256Eax() {
122*e7b1675dSTing-Kang Chang   static const KeyTemplate* key_template =
123*e7b1675dSTing-Kang Chang       NewAesEaxKeyTemplate(/* key_size_in_bytes= */ 32,
124*e7b1675dSTing-Kang Chang                            /* iv_size_in_bytes= */ 16);
125*e7b1675dSTing-Kang Chang   return *key_template;
126*e7b1675dSTing-Kang Chang }
127*e7b1675dSTing-Kang Chang 
128*e7b1675dSTing-Kang Chang // static
Aes128Gcm()129*e7b1675dSTing-Kang Chang const KeyTemplate& AeadKeyTemplates::Aes128Gcm() {
130*e7b1675dSTing-Kang Chang   static const KeyTemplate* key_template =
131*e7b1675dSTing-Kang Chang       NewAesGcmKeyTemplate(/* key_size_in_bytes= */ 16, OutputPrefixType::TINK);
132*e7b1675dSTing-Kang Chang   return *key_template;
133*e7b1675dSTing-Kang Chang }
134*e7b1675dSTing-Kang Chang 
135*e7b1675dSTing-Kang Chang // static
Aes128GcmNoPrefix()136*e7b1675dSTing-Kang Chang const KeyTemplate& AeadKeyTemplates::Aes128GcmNoPrefix() {
137*e7b1675dSTing-Kang Chang   static const KeyTemplate* key_template =
138*e7b1675dSTing-Kang Chang       NewAesGcmKeyTemplate(/* key_size_in_bytes= */ 16, OutputPrefixType::RAW);
139*e7b1675dSTing-Kang Chang   return *key_template;
140*e7b1675dSTing-Kang Chang }
141*e7b1675dSTing-Kang Chang 
142*e7b1675dSTing-Kang Chang // static
Aes256Gcm()143*e7b1675dSTing-Kang Chang const KeyTemplate& AeadKeyTemplates::Aes256Gcm() {
144*e7b1675dSTing-Kang Chang   static const KeyTemplate* key_template =
145*e7b1675dSTing-Kang Chang       NewAesGcmKeyTemplate(/* key_size_in_bytes= */ 32, OutputPrefixType::TINK);
146*e7b1675dSTing-Kang Chang   return *key_template;
147*e7b1675dSTing-Kang Chang }
148*e7b1675dSTing-Kang Chang 
149*e7b1675dSTing-Kang Chang // static
Aes256GcmNoPrefix()150*e7b1675dSTing-Kang Chang const KeyTemplate& AeadKeyTemplates::Aes256GcmNoPrefix() {
151*e7b1675dSTing-Kang Chang   static const KeyTemplate* key_template =
152*e7b1675dSTing-Kang Chang       NewAesGcmKeyTemplate(/* key_size_in_bytes= */ 32, OutputPrefixType::RAW);
153*e7b1675dSTing-Kang Chang   return *key_template;
154*e7b1675dSTing-Kang Chang }
155*e7b1675dSTing-Kang Chang 
156*e7b1675dSTing-Kang Chang // static
Aes128GcmSiv()157*e7b1675dSTing-Kang Chang const KeyTemplate& AeadKeyTemplates::Aes128GcmSiv() {
158*e7b1675dSTing-Kang Chang   static const KeyTemplate* key_template =
159*e7b1675dSTing-Kang Chang       NewAesGcmSivKeyTemplate(/* key_size_in_bytes= */ 16);
160*e7b1675dSTing-Kang Chang   return *key_template;
161*e7b1675dSTing-Kang Chang }
162*e7b1675dSTing-Kang Chang 
163*e7b1675dSTing-Kang Chang // static
Aes256GcmSiv()164*e7b1675dSTing-Kang Chang const KeyTemplate& AeadKeyTemplates::Aes256GcmSiv() {
165*e7b1675dSTing-Kang Chang   static const KeyTemplate* key_template =
166*e7b1675dSTing-Kang Chang       NewAesGcmSivKeyTemplate(/* key_size_in_bytes= */ 32);
167*e7b1675dSTing-Kang Chang   return *key_template;
168*e7b1675dSTing-Kang Chang }
169*e7b1675dSTing-Kang Chang 
170*e7b1675dSTing-Kang Chang // static
Aes128CtrHmacSha256()171*e7b1675dSTing-Kang Chang const KeyTemplate& AeadKeyTemplates::Aes128CtrHmacSha256() {
172*e7b1675dSTing-Kang Chang   static const KeyTemplate* key_template = NewAesCtrHmacAeadKeyTemplate(
173*e7b1675dSTing-Kang Chang       /* aes_key_size_in_bytes= */ 16,
174*e7b1675dSTing-Kang Chang       /* iv_size_in_bytes= */ 16,
175*e7b1675dSTing-Kang Chang       /* hmac_key_size_in_bytes= */ 32,
176*e7b1675dSTing-Kang Chang       /* tag_size_in_bytes= */ 16, HashType::SHA256);
177*e7b1675dSTing-Kang Chang   return *key_template;
178*e7b1675dSTing-Kang Chang }
179*e7b1675dSTing-Kang Chang 
180*e7b1675dSTing-Kang Chang // static
Aes256CtrHmacSha256()181*e7b1675dSTing-Kang Chang const KeyTemplate& AeadKeyTemplates::Aes256CtrHmacSha256() {
182*e7b1675dSTing-Kang Chang   static const KeyTemplate* key_template = NewAesCtrHmacAeadKeyTemplate(
183*e7b1675dSTing-Kang Chang       /* aes_key_size_in_bytes= */ 32,
184*e7b1675dSTing-Kang Chang       /* iv_size_in_bytes= */ 16,
185*e7b1675dSTing-Kang Chang       /* hmac_key_size_in_bytes= */ 32,
186*e7b1675dSTing-Kang Chang       /* tag_size_in_bytes= */ 32, HashType::SHA256);
187*e7b1675dSTing-Kang Chang   return *key_template;
188*e7b1675dSTing-Kang Chang }
189*e7b1675dSTing-Kang Chang 
190*e7b1675dSTing-Kang Chang // static
XChaCha20Poly1305()191*e7b1675dSTing-Kang Chang const KeyTemplate& AeadKeyTemplates::XChaCha20Poly1305() {
192*e7b1675dSTing-Kang Chang   static const KeyTemplate* key_template = NewXChaCha20Poly1305KeyTemplate();
193*e7b1675dSTing-Kang Chang   return *key_template;
194*e7b1675dSTing-Kang Chang }
195*e7b1675dSTing-Kang Chang 
196*e7b1675dSTing-Kang Chang // static
KmsEnvelopeAead(absl::string_view kek_uri,const KeyTemplate & dek_template)197*e7b1675dSTing-Kang Chang KeyTemplate AeadKeyTemplates::KmsEnvelopeAead(absl::string_view kek_uri,
198*e7b1675dSTing-Kang Chang                                               const KeyTemplate& dek_template) {
199*e7b1675dSTing-Kang Chang   KeyTemplate key_template;
200*e7b1675dSTing-Kang Chang   key_template.set_type_url(
201*e7b1675dSTing-Kang Chang       "type.googleapis.com/google.crypto.tink.KmsEnvelopeAeadKey");
202*e7b1675dSTing-Kang Chang   key_template.set_output_prefix_type(OutputPrefixType::RAW);
203*e7b1675dSTing-Kang Chang   KmsEnvelopeAeadKeyFormat key_format;
204*e7b1675dSTing-Kang Chang   key_format.set_kek_uri(std::string(kek_uri));
205*e7b1675dSTing-Kang Chang   key_format.mutable_dek_template()->MergeFrom(dek_template);
206*e7b1675dSTing-Kang Chang   key_format.SerializeToString(key_template.mutable_value());
207*e7b1675dSTing-Kang Chang   return key_template;
208*e7b1675dSTing-Kang Chang }
209*e7b1675dSTing-Kang Chang 
210*e7b1675dSTing-Kang Chang }  // namespace tink
211*e7b1675dSTing-Kang Chang }  // namespace crypto
212