xref: /aosp_15_r20/external/tink/cc/aead/aead_key_templates.h (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1*e7b1675dSTing-Kang Chang // Copyright 2018 Google Inc.
2*e7b1675dSTing-Kang Chang //
3*e7b1675dSTing-Kang Chang // Licensed under the Apache License, Version 2.0 (the "License");
4*e7b1675dSTing-Kang Chang // you may not use this file except in compliance with the License.
5*e7b1675dSTing-Kang Chang // You may obtain a copy of the License at
6*e7b1675dSTing-Kang Chang //
7*e7b1675dSTing-Kang Chang //     http://www.apache.org/licenses/LICENSE-2.0
8*e7b1675dSTing-Kang Chang //
9*e7b1675dSTing-Kang Chang // Unless required by applicable law or agreed to in writing, software
10*e7b1675dSTing-Kang Chang // distributed under the License is distributed on an "AS IS" BASIS,
11*e7b1675dSTing-Kang Chang // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12*e7b1675dSTing-Kang Chang // See the License for the specific language governing permissions and
13*e7b1675dSTing-Kang Chang // limitations under the License.
14*e7b1675dSTing-Kang Chang //
15*e7b1675dSTing-Kang Chang ///////////////////////////////////////////////////////////////////////////////
16*e7b1675dSTing-Kang Chang 
17*e7b1675dSTing-Kang Chang #ifndef TINK_AEAD_AEAD_KEY_TEMPLATES_H_
18*e7b1675dSTing-Kang Chang #define TINK_AEAD_AEAD_KEY_TEMPLATES_H_
19*e7b1675dSTing-Kang Chang 
20*e7b1675dSTing-Kang Chang #include "absl/strings/string_view.h"
21*e7b1675dSTing-Kang Chang #include "proto/tink.pb.h"
22*e7b1675dSTing-Kang Chang 
23*e7b1675dSTing-Kang Chang namespace crypto {
24*e7b1675dSTing-Kang Chang namespace tink {
25*e7b1675dSTing-Kang Chang 
26*e7b1675dSTing-Kang Chang ///////////////////////////////////////////////////////////////////////////////
27*e7b1675dSTing-Kang Chang // Pre-generated KeyTemplate for Aead key types. One can use these templates
28*e7b1675dSTing-Kang Chang // to generate new KeysetHandle object with fresh keys.
29*e7b1675dSTing-Kang Chang // To generate a new keyset that contains a single AesGcmKey, one can do:
30*e7b1675dSTing-Kang Chang //
31*e7b1675dSTing-Kang Chang //   auto status = AeadConfig::Register();
32*e7b1675dSTing-Kang Chang //   if (!status.ok()) { /* fail with error */ }
33*e7b1675dSTing-Kang Chang //   auto handle_result =
34*e7b1675dSTing-Kang Chang //       KeysetHandle::GenerateNew(AeadKeyTemplates::Aes128Gcm());
35*e7b1675dSTing-Kang Chang //   if (!handle_result.ok()) { /* fail with error */ }
36*e7b1675dSTing-Kang Chang //   auto keyset_handle = std::move(handle_result.value());
37*e7b1675dSTing-Kang Chang class AeadKeyTemplates {
38*e7b1675dSTing-Kang Chang  public:
39*e7b1675dSTing-Kang Chang   // Returns a KeyTemplate that generates new instances of AesEaxKey
40*e7b1675dSTing-Kang Chang   // with the following parameters:
41*e7b1675dSTing-Kang Chang   //   - key size: 16 bytes
42*e7b1675dSTing-Kang Chang   //   - IV size: 16 bytes
43*e7b1675dSTing-Kang Chang   //   - tag size: 16 bytes
44*e7b1675dSTing-Kang Chang   //   - OutputPrefixType: TINK
45*e7b1675dSTing-Kang Chang   static const google::crypto::tink::KeyTemplate& Aes128Eax();
46*e7b1675dSTing-Kang Chang 
47*e7b1675dSTing-Kang Chang   // Returns a KeyTemplate that generates new instances of AesEaxKey
48*e7b1675dSTing-Kang Chang   // with the following parameters:
49*e7b1675dSTing-Kang Chang   //   - key size: 32 bytes
50*e7b1675dSTing-Kang Chang   //   - IV size: 16 bytes
51*e7b1675dSTing-Kang Chang   //   - tag size: 16 bytes
52*e7b1675dSTing-Kang Chang   //   - OutputPrefixType: TINK
53*e7b1675dSTing-Kang Chang   static const google::crypto::tink::KeyTemplate& Aes256Eax();
54*e7b1675dSTing-Kang Chang 
55*e7b1675dSTing-Kang Chang   // Returns a KeyTemplate that generates new instances of AesGcmKey
56*e7b1675dSTing-Kang Chang   // with the following parameters:
57*e7b1675dSTing-Kang Chang   //   - key size: 16 bytes
58*e7b1675dSTing-Kang Chang   //   - IV size: 12 bytes
59*e7b1675dSTing-Kang Chang   //   - tag size: 16 bytes
60*e7b1675dSTing-Kang Chang   //   - OutputPrefixType: TINK
61*e7b1675dSTing-Kang Chang   static const google::crypto::tink::KeyTemplate& Aes128Gcm();
62*e7b1675dSTing-Kang Chang 
63*e7b1675dSTing-Kang Chang   // Returns a KeyTemplate that generates new instances of AesGcmKey
64*e7b1675dSTing-Kang Chang   // with the following parameters:
65*e7b1675dSTing-Kang Chang   //   - key size: 16 bytes
66*e7b1675dSTing-Kang Chang   //   - IV size: 12 bytes
67*e7b1675dSTing-Kang Chang   //   - tag size: 16 bytes
68*e7b1675dSTing-Kang Chang   //   - OutputPrefixType: RAW
69*e7b1675dSTing-Kang Chang   static const google::crypto::tink::KeyTemplate& Aes128GcmNoPrefix();
70*e7b1675dSTing-Kang Chang 
71*e7b1675dSTing-Kang Chang   // Returns a KeyTemplate that generates new instances of AesGcmKey
72*e7b1675dSTing-Kang Chang   // with the following parameters:
73*e7b1675dSTing-Kang Chang   //   - key size: 32 bytes
74*e7b1675dSTing-Kang Chang   //   - IV size: 12 bytes
75*e7b1675dSTing-Kang Chang   //   - tag size: 16 bytes
76*e7b1675dSTing-Kang Chang   //   - OutputPrefixType: TINK
77*e7b1675dSTing-Kang Chang   static const google::crypto::tink::KeyTemplate& Aes256Gcm();
78*e7b1675dSTing-Kang Chang 
79*e7b1675dSTing-Kang Chang   // Returns a KeyTemplate that generates new instances of AesGcmKey
80*e7b1675dSTing-Kang Chang   // with the following parameters:
81*e7b1675dSTing-Kang Chang   //   - key size: 32 bytes
82*e7b1675dSTing-Kang Chang   //   - IV size: 12 bytes
83*e7b1675dSTing-Kang Chang   //   - tag size: 16 bytes
84*e7b1675dSTing-Kang Chang   //   - OutputPrefixType: RAW
85*e7b1675dSTing-Kang Chang   static const google::crypto::tink::KeyTemplate& Aes256GcmNoPrefix();
86*e7b1675dSTing-Kang Chang 
87*e7b1675dSTing-Kang Chang   // Returns a KeyTemplate that generates new instances of AesGcmSivKey
88*e7b1675dSTing-Kang Chang   // with the following parameters:
89*e7b1675dSTing-Kang Chang   //   - key size: 16 bytes
90*e7b1675dSTing-Kang Chang   //   - IV size: 12 bytes
91*e7b1675dSTing-Kang Chang   //   - tag size: 16 bytes
92*e7b1675dSTing-Kang Chang   //   - OutputPrefixType: TINK
93*e7b1675dSTing-Kang Chang   static const google::crypto::tink::KeyTemplate& Aes128GcmSiv();
94*e7b1675dSTing-Kang Chang 
95*e7b1675dSTing-Kang Chang   // Returns a KeyTemplate that generates new instances of AesGcmSivKey
96*e7b1675dSTing-Kang Chang   // with the following parameters:
97*e7b1675dSTing-Kang Chang   //   - key size: 32 bytes
98*e7b1675dSTing-Kang Chang   //   - IV size: 12 bytes
99*e7b1675dSTing-Kang Chang   //   - tag size: 16 bytes
100*e7b1675dSTing-Kang Chang   //   - OutputPrefixType: TINK
101*e7b1675dSTing-Kang Chang   static const google::crypto::tink::KeyTemplate& Aes256GcmSiv();
102*e7b1675dSTing-Kang Chang 
103*e7b1675dSTing-Kang Chang   // Returns a KeyTemplate that generates new instances of AesCtrHmacAeadKey
104*e7b1675dSTing-Kang Chang   // with the following parameters:
105*e7b1675dSTing-Kang Chang   //   - AES key size: 16 bytes
106*e7b1675dSTing-Kang Chang   //   - AES IV size: 16 bytes
107*e7b1675dSTing-Kang Chang   //   - HMAC key size: 32 bytes
108*e7b1675dSTing-Kang Chang   //   - HMAC tag size: 16 bytes
109*e7b1675dSTing-Kang Chang   //   - HMAC hash function: SHA256
110*e7b1675dSTing-Kang Chang   //   - OutputPrefixType: TINK
111*e7b1675dSTing-Kang Chang   static const google::crypto::tink::KeyTemplate& Aes128CtrHmacSha256();
112*e7b1675dSTing-Kang Chang 
113*e7b1675dSTing-Kang Chang   // Returns a KeyTemplate that generates new instances of AesCtrHmacAeadKey
114*e7b1675dSTing-Kang Chang   // with the following parameters:
115*e7b1675dSTing-Kang Chang   //   - AES key size: 32 bytes
116*e7b1675dSTing-Kang Chang   //   - AES IV size: 16 bytes
117*e7b1675dSTing-Kang Chang   //   - HMAC key size: 32 bytes
118*e7b1675dSTing-Kang Chang   //   - HMAC tag size: 32 bytes
119*e7b1675dSTing-Kang Chang   //   - HMAC hash function: SHA256
120*e7b1675dSTing-Kang Chang   //   - OutputPrefixType: TINK
121*e7b1675dSTing-Kang Chang   static const google::crypto::tink::KeyTemplate& Aes256CtrHmacSha256();
122*e7b1675dSTing-Kang Chang 
123*e7b1675dSTing-Kang Chang   // Returns a KeyTemplate that generates new instances of XChaCha20Poly1305Key
124*e7b1675dSTing-Kang Chang   // with the following parameters:
125*e7b1675dSTing-Kang Chang   //   - XChacha20 key size: 32 bytes
126*e7b1675dSTing-Kang Chang   //   - IV size: 24 bytes
127*e7b1675dSTing-Kang Chang   //   - OutputPrefixType: TINK
128*e7b1675dSTing-Kang Chang   static const google::crypto::tink::KeyTemplate& XChaCha20Poly1305();
129*e7b1675dSTing-Kang Chang 
130*e7b1675dSTing-Kang Chang   // Returns a KeyTemplate that generates new instances of KmsEnvelopeAeadKey
131*e7b1675dSTing-Kang Chang   // with the following parameters:
132*e7b1675dSTing-Kang Chang   //   - KEK is pointing to kek_uri
133*e7b1675dSTing-Kang Chang   //   - DEK template is dek_template
134*e7b1675dSTing-Kang Chang   //   - OutputPrefixType: RAW. This uses RAW output prefix to make it
135*e7b1675dSTing-Kang Chang   //   compatible with the remote KMS' encrypt/decrypt operations. Unlike other
136*e7b1675dSTing-Kang Chang   //   templates, when you generate new keys with this template, Tink does not
137*e7b1675dSTing-Kang Chang   //   generate new key material, but only creates a reference to the remote
138*e7b1675dSTing-Kang Chang   //   KEK.
139*e7b1675dSTing-Kang Chang   static google::crypto::tink::KeyTemplate KmsEnvelopeAead(
140*e7b1675dSTing-Kang Chang       absl::string_view kek_uri,
141*e7b1675dSTing-Kang Chang       const google::crypto::tink::KeyTemplate& dek_template);
142*e7b1675dSTing-Kang Chang };
143*e7b1675dSTing-Kang Chang 
144*e7b1675dSTing-Kang Chang }  // namespace tink
145*e7b1675dSTing-Kang Chang }  // namespace crypto
146*e7b1675dSTing-Kang Chang 
147*e7b1675dSTing-Kang Chang #endif  // TINK_AEAD_AEAD_KEY_TEMPLATES_H_
148