1*e7b1675dSTing-Kang Chang // Copyright 2018 Google Inc.
2*e7b1675dSTing-Kang Chang //
3*e7b1675dSTing-Kang Chang // Licensed under the Apache License, Version 2.0 (the "License");
4*e7b1675dSTing-Kang Chang // you may not use this file except in compliance with the License.
5*e7b1675dSTing-Kang Chang // You may obtain a copy of the License at
6*e7b1675dSTing-Kang Chang //
7*e7b1675dSTing-Kang Chang // http://www.apache.org/licenses/LICENSE-2.0
8*e7b1675dSTing-Kang Chang //
9*e7b1675dSTing-Kang Chang // Unless required by applicable law or agreed to in writing, software
10*e7b1675dSTing-Kang Chang // distributed under the License is distributed on an "AS IS" BASIS,
11*e7b1675dSTing-Kang Chang // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12*e7b1675dSTing-Kang Chang // See the License for the specific language governing permissions and
13*e7b1675dSTing-Kang Chang // limitations under the License.
14*e7b1675dSTing-Kang Chang //
15*e7b1675dSTing-Kang Chang ///////////////////////////////////////////////////////////////////////////////
16*e7b1675dSTing-Kang Chang
17*e7b1675dSTing-Kang Chang #include "tink/hybrid/hybrid_key_templates.h"
18*e7b1675dSTing-Kang Chang
19*e7b1675dSTing-Kang Chang #include <string>
20*e7b1675dSTing-Kang Chang
21*e7b1675dSTing-Kang Chang #include "absl/strings/string_view.h"
22*e7b1675dSTing-Kang Chang #include "tink/aead/aead_key_templates.h"
23*e7b1675dSTing-Kang Chang #include "tink/daead/deterministic_aead_key_templates.h"
24*e7b1675dSTing-Kang Chang #include "proto/common.pb.h"
25*e7b1675dSTing-Kang Chang #include "proto/ecies_aead_hkdf.pb.h"
26*e7b1675dSTing-Kang Chang #include "proto/hpke.pb.h"
27*e7b1675dSTing-Kang Chang #include "proto/tink.pb.h"
28*e7b1675dSTing-Kang Chang
29*e7b1675dSTing-Kang Chang namespace crypto {
30*e7b1675dSTing-Kang Chang namespace tink {
31*e7b1675dSTing-Kang Chang namespace {
32*e7b1675dSTing-Kang Chang
33*e7b1675dSTing-Kang Chang using google::crypto::tink::EciesAeadHkdfKeyFormat;
34*e7b1675dSTing-Kang Chang using google::crypto::tink::EcPointFormat;
35*e7b1675dSTing-Kang Chang using google::crypto::tink::EllipticCurveType;
36*e7b1675dSTing-Kang Chang using google::crypto::tink::HashType;
37*e7b1675dSTing-Kang Chang using google::crypto::tink::HpkeAead;
38*e7b1675dSTing-Kang Chang using google::crypto::tink::HpkeKdf;
39*e7b1675dSTing-Kang Chang using google::crypto::tink::HpkeKem;
40*e7b1675dSTing-Kang Chang using google::crypto::tink::HpkeKeyFormat;
41*e7b1675dSTing-Kang Chang using google::crypto::tink::HpkeParams;
42*e7b1675dSTing-Kang Chang using google::crypto::tink::KeyTemplate;
43*e7b1675dSTing-Kang Chang using google::crypto::tink::OutputPrefixType;
44*e7b1675dSTing-Kang Chang
NewEciesAeadHkdfKeyTemplate(EllipticCurveType curve_type,HashType hkdf_hash_type,EcPointFormat ec_point_format,const KeyTemplate & dem_key_template,OutputPrefixType prefix_type,absl::string_view hkdf_salt)45*e7b1675dSTing-Kang Chang KeyTemplate* NewEciesAeadHkdfKeyTemplate(
46*e7b1675dSTing-Kang Chang EllipticCurveType curve_type,
47*e7b1675dSTing-Kang Chang HashType hkdf_hash_type,
48*e7b1675dSTing-Kang Chang EcPointFormat ec_point_format,
49*e7b1675dSTing-Kang Chang const KeyTemplate& dem_key_template,
50*e7b1675dSTing-Kang Chang OutputPrefixType prefix_type,
51*e7b1675dSTing-Kang Chang absl::string_view hkdf_salt) {
52*e7b1675dSTing-Kang Chang KeyTemplate* key_template = new KeyTemplate;
53*e7b1675dSTing-Kang Chang key_template->set_type_url(
54*e7b1675dSTing-Kang Chang "type.googleapis.com/google.crypto.tink.EciesAeadHkdfPrivateKey");
55*e7b1675dSTing-Kang Chang key_template->set_output_prefix_type(prefix_type);
56*e7b1675dSTing-Kang Chang EciesAeadHkdfKeyFormat key_format;
57*e7b1675dSTing-Kang Chang key_format.mutable_params()->set_ec_point_format(ec_point_format);
58*e7b1675dSTing-Kang Chang auto dem_params = key_format.mutable_params()->mutable_dem_params();
59*e7b1675dSTing-Kang Chang *(dem_params->mutable_aead_dem()) = dem_key_template;
60*e7b1675dSTing-Kang Chang auto kem_params = key_format.mutable_params()->mutable_kem_params();
61*e7b1675dSTing-Kang Chang kem_params->set_curve_type(curve_type);
62*e7b1675dSTing-Kang Chang kem_params->set_hkdf_hash_type(hkdf_hash_type);
63*e7b1675dSTing-Kang Chang kem_params->set_hkdf_salt(std::string(hkdf_salt));
64*e7b1675dSTing-Kang Chang key_format.SerializeToString(key_template->mutable_value());
65*e7b1675dSTing-Kang Chang return key_template;
66*e7b1675dSTing-Kang Chang }
67*e7b1675dSTing-Kang Chang
NewHpkeKeyTemplate(HpkeKem kem,HpkeKdf kdf,HpkeAead aead,OutputPrefixType prefix_type)68*e7b1675dSTing-Kang Chang KeyTemplate* NewHpkeKeyTemplate(HpkeKem kem, HpkeKdf kdf, HpkeAead aead,
69*e7b1675dSTing-Kang Chang OutputPrefixType prefix_type) {
70*e7b1675dSTing-Kang Chang KeyTemplate* key_template = new KeyTemplate;
71*e7b1675dSTing-Kang Chang key_template->set_type_url(
72*e7b1675dSTing-Kang Chang "type.googleapis.com/google.crypto.tink.HpkePrivateKey");
73*e7b1675dSTing-Kang Chang key_template->set_output_prefix_type(prefix_type);
74*e7b1675dSTing-Kang Chang HpkeKeyFormat key_format;
75*e7b1675dSTing-Kang Chang HpkeParams* params = key_format.mutable_params();
76*e7b1675dSTing-Kang Chang params->set_kem(kem);
77*e7b1675dSTing-Kang Chang params->set_kdf(kdf);
78*e7b1675dSTing-Kang Chang params->set_aead(aead);
79*e7b1675dSTing-Kang Chang key_format.SerializeToString(key_template->mutable_value());
80*e7b1675dSTing-Kang Chang return key_template;
81*e7b1675dSTing-Kang Chang }
82*e7b1675dSTing-Kang Chang
83*e7b1675dSTing-Kang Chang } // anonymous namespace
84*e7b1675dSTing-Kang Chang
85*e7b1675dSTing-Kang Chang // static
EciesP256HkdfHmacSha256Aes128Gcm()86*e7b1675dSTing-Kang Chang const KeyTemplate& HybridKeyTemplates::EciesP256HkdfHmacSha256Aes128Gcm() {
87*e7b1675dSTing-Kang Chang static const KeyTemplate* key_template =
88*e7b1675dSTing-Kang Chang NewEciesAeadHkdfKeyTemplate(EllipticCurveType::NIST_P256,
89*e7b1675dSTing-Kang Chang HashType::SHA256,
90*e7b1675dSTing-Kang Chang EcPointFormat::UNCOMPRESSED,
91*e7b1675dSTing-Kang Chang AeadKeyTemplates::Aes128Gcm(),
92*e7b1675dSTing-Kang Chang OutputPrefixType::TINK,
93*e7b1675dSTing-Kang Chang /* hkdf_salt= */ "");
94*e7b1675dSTing-Kang Chang return *key_template;
95*e7b1675dSTing-Kang Chang }
96*e7b1675dSTing-Kang Chang
97*e7b1675dSTing-Kang Chang // static
EciesP256HkdfHmacSha512Aes128Gcm()98*e7b1675dSTing-Kang Chang const KeyTemplate& HybridKeyTemplates::EciesP256HkdfHmacSha512Aes128Gcm() {
99*e7b1675dSTing-Kang Chang static const KeyTemplate* key_template = NewEciesAeadHkdfKeyTemplate(
100*e7b1675dSTing-Kang Chang EllipticCurveType::NIST_P256, HashType::SHA512,
101*e7b1675dSTing-Kang Chang EcPointFormat::UNCOMPRESSED, AeadKeyTemplates::Aes128Gcm(),
102*e7b1675dSTing-Kang Chang OutputPrefixType::TINK,
103*e7b1675dSTing-Kang Chang /* hkdf_salt= */ "");
104*e7b1675dSTing-Kang Chang return *key_template;
105*e7b1675dSTing-Kang Chang }
106*e7b1675dSTing-Kang Chang
107*e7b1675dSTing-Kang Chang // static
108*e7b1675dSTing-Kang Chang const KeyTemplate&
EciesP256HkdfHmacSha256Aes128GcmCompressedWithoutPrefix()109*e7b1675dSTing-Kang Chang HybridKeyTemplates::EciesP256HkdfHmacSha256Aes128GcmCompressedWithoutPrefix() {
110*e7b1675dSTing-Kang Chang static const KeyTemplate* key_template =
111*e7b1675dSTing-Kang Chang NewEciesAeadHkdfKeyTemplate(EllipticCurveType::NIST_P256,
112*e7b1675dSTing-Kang Chang HashType::SHA256,
113*e7b1675dSTing-Kang Chang EcPointFormat::COMPRESSED,
114*e7b1675dSTing-Kang Chang AeadKeyTemplates::Aes128Gcm(),
115*e7b1675dSTing-Kang Chang OutputPrefixType::RAW,
116*e7b1675dSTing-Kang Chang /* hkdf_salt= */ "");
117*e7b1675dSTing-Kang Chang return *key_template;
118*e7b1675dSTing-Kang Chang }
119*e7b1675dSTing-Kang Chang
120*e7b1675dSTing-Kang Chang // static
121*e7b1675dSTing-Kang Chang const KeyTemplate&
EciesP256HkdfHmacSha256Aes128CtrHmacSha256()122*e7b1675dSTing-Kang Chang HybridKeyTemplates::EciesP256HkdfHmacSha256Aes128CtrHmacSha256() {
123*e7b1675dSTing-Kang Chang static const KeyTemplate* key_template =
124*e7b1675dSTing-Kang Chang NewEciesAeadHkdfKeyTemplate(EllipticCurveType::NIST_P256,
125*e7b1675dSTing-Kang Chang HashType::SHA256,
126*e7b1675dSTing-Kang Chang EcPointFormat::UNCOMPRESSED,
127*e7b1675dSTing-Kang Chang AeadKeyTemplates::Aes128CtrHmacSha256(),
128*e7b1675dSTing-Kang Chang OutputPrefixType::TINK,
129*e7b1675dSTing-Kang Chang /* hkdf_salt= */ "");
130*e7b1675dSTing-Kang Chang return *key_template;
131*e7b1675dSTing-Kang Chang }
132*e7b1675dSTing-Kang Chang
133*e7b1675dSTing-Kang Chang // static
134*e7b1675dSTing-Kang Chang const KeyTemplate&
EciesP256HkdfHmacSha512Aes128CtrHmacSha256()135*e7b1675dSTing-Kang Chang HybridKeyTemplates::EciesP256HkdfHmacSha512Aes128CtrHmacSha256() {
136*e7b1675dSTing-Kang Chang static const KeyTemplate* key_template = NewEciesAeadHkdfKeyTemplate(
137*e7b1675dSTing-Kang Chang EllipticCurveType::NIST_P256, HashType::SHA512,
138*e7b1675dSTing-Kang Chang EcPointFormat::UNCOMPRESSED, AeadKeyTemplates::Aes128CtrHmacSha256(),
139*e7b1675dSTing-Kang Chang OutputPrefixType::TINK,
140*e7b1675dSTing-Kang Chang /* hkdf_salt= */ "");
141*e7b1675dSTing-Kang Chang return *key_template;
142*e7b1675dSTing-Kang Chang }
143*e7b1675dSTing-Kang Chang
144*e7b1675dSTing-Kang Chang // static
145*e7b1675dSTing-Kang Chang const KeyTemplate&
EciesP256CompressedHkdfHmacSha256Aes128Gcm()146*e7b1675dSTing-Kang Chang HybridKeyTemplates::EciesP256CompressedHkdfHmacSha256Aes128Gcm() {
147*e7b1675dSTing-Kang Chang static const KeyTemplate* key_template = NewEciesAeadHkdfKeyTemplate(
148*e7b1675dSTing-Kang Chang EllipticCurveType::NIST_P256, HashType::SHA256, EcPointFormat::COMPRESSED,
149*e7b1675dSTing-Kang Chang AeadKeyTemplates::Aes128Gcm(),
150*e7b1675dSTing-Kang Chang OutputPrefixType::TINK,
151*e7b1675dSTing-Kang Chang /* hkdf_salt= */ "");
152*e7b1675dSTing-Kang Chang return *key_template;
153*e7b1675dSTing-Kang Chang }
154*e7b1675dSTing-Kang Chang
155*e7b1675dSTing-Kang Chang // static
156*e7b1675dSTing-Kang Chang const KeyTemplate&
EciesP256CompressedHkdfHmacSha256Aes128CtrHmacSha256()157*e7b1675dSTing-Kang Chang HybridKeyTemplates::EciesP256CompressedHkdfHmacSha256Aes128CtrHmacSha256() {
158*e7b1675dSTing-Kang Chang static const KeyTemplate* key_template = NewEciesAeadHkdfKeyTemplate(
159*e7b1675dSTing-Kang Chang EllipticCurveType::NIST_P256, HashType::SHA256, EcPointFormat::COMPRESSED,
160*e7b1675dSTing-Kang Chang AeadKeyTemplates::Aes128CtrHmacSha256(),
161*e7b1675dSTing-Kang Chang OutputPrefixType::TINK,
162*e7b1675dSTing-Kang Chang /* hkdf_salt= */ "");
163*e7b1675dSTing-Kang Chang return *key_template;
164*e7b1675dSTing-Kang Chang }
165*e7b1675dSTing-Kang Chang
166*e7b1675dSTing-Kang Chang // static
EciesX25519HkdfHmacSha256Aes128Gcm()167*e7b1675dSTing-Kang Chang const KeyTemplate& HybridKeyTemplates::EciesX25519HkdfHmacSha256Aes128Gcm() {
168*e7b1675dSTing-Kang Chang static const KeyTemplate* key_template = NewEciesAeadHkdfKeyTemplate(
169*e7b1675dSTing-Kang Chang EllipticCurveType::CURVE25519, HashType::SHA256,
170*e7b1675dSTing-Kang Chang EcPointFormat::COMPRESSED, AeadKeyTemplates::Aes128Gcm(),
171*e7b1675dSTing-Kang Chang OutputPrefixType::TINK,
172*e7b1675dSTing-Kang Chang /* hkdf_salt= */ "");
173*e7b1675dSTing-Kang Chang return *key_template;
174*e7b1675dSTing-Kang Chang }
175*e7b1675dSTing-Kang Chang
176*e7b1675dSTing-Kang Chang // static
EciesX25519HkdfHmacSha256Aes256Gcm()177*e7b1675dSTing-Kang Chang const KeyTemplate& HybridKeyTemplates::EciesX25519HkdfHmacSha256Aes256Gcm() {
178*e7b1675dSTing-Kang Chang static const KeyTemplate* key_template = NewEciesAeadHkdfKeyTemplate(
179*e7b1675dSTing-Kang Chang EllipticCurveType::CURVE25519, HashType::SHA256,
180*e7b1675dSTing-Kang Chang EcPointFormat::COMPRESSED, AeadKeyTemplates::Aes256Gcm(),
181*e7b1675dSTing-Kang Chang OutputPrefixType::TINK,
182*e7b1675dSTing-Kang Chang /* hkdf_salt= */ "");
183*e7b1675dSTing-Kang Chang return *key_template;
184*e7b1675dSTing-Kang Chang }
185*e7b1675dSTing-Kang Chang
186*e7b1675dSTing-Kang Chang // static
187*e7b1675dSTing-Kang Chang const KeyTemplate&
EciesX25519HkdfHmacSha256Aes128CtrHmacSha256()188*e7b1675dSTing-Kang Chang HybridKeyTemplates::EciesX25519HkdfHmacSha256Aes128CtrHmacSha256() {
189*e7b1675dSTing-Kang Chang static const KeyTemplate* key_template = NewEciesAeadHkdfKeyTemplate(
190*e7b1675dSTing-Kang Chang EllipticCurveType::CURVE25519, HashType::SHA256,
191*e7b1675dSTing-Kang Chang EcPointFormat::COMPRESSED, AeadKeyTemplates::Aes128CtrHmacSha256(),
192*e7b1675dSTing-Kang Chang OutputPrefixType::TINK,
193*e7b1675dSTing-Kang Chang /* hkdf_salt= */ "");
194*e7b1675dSTing-Kang Chang return *key_template;
195*e7b1675dSTing-Kang Chang }
196*e7b1675dSTing-Kang Chang
197*e7b1675dSTing-Kang Chang // static
198*e7b1675dSTing-Kang Chang const KeyTemplate&
EciesX25519HkdfHmacSha256XChaCha20Poly1305()199*e7b1675dSTing-Kang Chang HybridKeyTemplates::EciesX25519HkdfHmacSha256XChaCha20Poly1305() {
200*e7b1675dSTing-Kang Chang static const KeyTemplate* key_template = NewEciesAeadHkdfKeyTemplate(
201*e7b1675dSTing-Kang Chang EllipticCurveType::CURVE25519, HashType::SHA256,
202*e7b1675dSTing-Kang Chang EcPointFormat::COMPRESSED, AeadKeyTemplates::XChaCha20Poly1305(),
203*e7b1675dSTing-Kang Chang OutputPrefixType::TINK,
204*e7b1675dSTing-Kang Chang /* hkdf_salt= */ "");
205*e7b1675dSTing-Kang Chang return *key_template;
206*e7b1675dSTing-Kang Chang }
207*e7b1675dSTing-Kang Chang
208*e7b1675dSTing-Kang Chang // static
209*e7b1675dSTing-Kang Chang const KeyTemplate&
EciesX25519HkdfHmacSha256DeterministicAesSiv()210*e7b1675dSTing-Kang Chang HybridKeyTemplates::EciesX25519HkdfHmacSha256DeterministicAesSiv() {
211*e7b1675dSTing-Kang Chang static const KeyTemplate* key_template = NewEciesAeadHkdfKeyTemplate(
212*e7b1675dSTing-Kang Chang EllipticCurveType::CURVE25519, HashType::SHA256,
213*e7b1675dSTing-Kang Chang EcPointFormat::COMPRESSED, DeterministicAeadKeyTemplates::Aes256Siv(),
214*e7b1675dSTing-Kang Chang OutputPrefixType::TINK,
215*e7b1675dSTing-Kang Chang /* hkdf_salt= */ "");
216*e7b1675dSTing-Kang Chang return *key_template;
217*e7b1675dSTing-Kang Chang }
218*e7b1675dSTing-Kang Chang
219*e7b1675dSTing-Kang Chang // static
HpkeX25519HkdfSha256Aes128Gcm()220*e7b1675dSTing-Kang Chang const KeyTemplate& HybridKeyTemplates::HpkeX25519HkdfSha256Aes128Gcm() {
221*e7b1675dSTing-Kang Chang static const KeyTemplate* key_template = NewHpkeKeyTemplate(
222*e7b1675dSTing-Kang Chang HpkeKem::DHKEM_X25519_HKDF_SHA256, HpkeKdf::HKDF_SHA256,
223*e7b1675dSTing-Kang Chang HpkeAead::AES_128_GCM, OutputPrefixType::TINK);
224*e7b1675dSTing-Kang Chang return *key_template;
225*e7b1675dSTing-Kang Chang }
226*e7b1675dSTing-Kang Chang
227*e7b1675dSTing-Kang Chang // static
HpkeX25519HkdfSha256Aes128GcmRaw()228*e7b1675dSTing-Kang Chang const KeyTemplate& HybridKeyTemplates::HpkeX25519HkdfSha256Aes128GcmRaw() {
229*e7b1675dSTing-Kang Chang static const KeyTemplate* key_template = NewHpkeKeyTemplate(
230*e7b1675dSTing-Kang Chang HpkeKem::DHKEM_X25519_HKDF_SHA256, HpkeKdf::HKDF_SHA256,
231*e7b1675dSTing-Kang Chang HpkeAead::AES_128_GCM, OutputPrefixType::RAW);
232*e7b1675dSTing-Kang Chang return *key_template;
233*e7b1675dSTing-Kang Chang }
234*e7b1675dSTing-Kang Chang
235*e7b1675dSTing-Kang Chang // static
HpkeX25519HkdfSha256Aes256Gcm()236*e7b1675dSTing-Kang Chang const KeyTemplate& HybridKeyTemplates::HpkeX25519HkdfSha256Aes256Gcm() {
237*e7b1675dSTing-Kang Chang static const KeyTemplate* key_template = NewHpkeKeyTemplate(
238*e7b1675dSTing-Kang Chang HpkeKem::DHKEM_X25519_HKDF_SHA256, HpkeKdf::HKDF_SHA256,
239*e7b1675dSTing-Kang Chang HpkeAead::AES_256_GCM, OutputPrefixType::TINK);
240*e7b1675dSTing-Kang Chang return *key_template;
241*e7b1675dSTing-Kang Chang }
242*e7b1675dSTing-Kang Chang
243*e7b1675dSTing-Kang Chang // static
HpkeX25519HkdfSha256Aes256GcmRaw()244*e7b1675dSTing-Kang Chang const KeyTemplate& HybridKeyTemplates::HpkeX25519HkdfSha256Aes256GcmRaw() {
245*e7b1675dSTing-Kang Chang static const KeyTemplate* key_template = NewHpkeKeyTemplate(
246*e7b1675dSTing-Kang Chang HpkeKem::DHKEM_X25519_HKDF_SHA256, HpkeKdf::HKDF_SHA256,
247*e7b1675dSTing-Kang Chang HpkeAead::AES_256_GCM, OutputPrefixType::RAW);
248*e7b1675dSTing-Kang Chang return *key_template;
249*e7b1675dSTing-Kang Chang }
250*e7b1675dSTing-Kang Chang
251*e7b1675dSTing-Kang Chang // static
252*e7b1675dSTing-Kang Chang const KeyTemplate&
HpkeX25519HkdfSha256ChaCha20Poly1305()253*e7b1675dSTing-Kang Chang HybridKeyTemplates::HpkeX25519HkdfSha256ChaCha20Poly1305() {
254*e7b1675dSTing-Kang Chang static const KeyTemplate* key_template = NewHpkeKeyTemplate(
255*e7b1675dSTing-Kang Chang HpkeKem::DHKEM_X25519_HKDF_SHA256, HpkeKdf::HKDF_SHA256,
256*e7b1675dSTing-Kang Chang HpkeAead::CHACHA20_POLY1305, OutputPrefixType::TINK);
257*e7b1675dSTing-Kang Chang return *key_template;
258*e7b1675dSTing-Kang Chang }
259*e7b1675dSTing-Kang Chang
260*e7b1675dSTing-Kang Chang // static
261*e7b1675dSTing-Kang Chang const KeyTemplate&
HpkeX25519HkdfSha256ChaCha20Poly1305Raw()262*e7b1675dSTing-Kang Chang HybridKeyTemplates::HpkeX25519HkdfSha256ChaCha20Poly1305Raw() {
263*e7b1675dSTing-Kang Chang static const KeyTemplate* key_template = NewHpkeKeyTemplate(
264*e7b1675dSTing-Kang Chang HpkeKem::DHKEM_X25519_HKDF_SHA256, HpkeKdf::HKDF_SHA256,
265*e7b1675dSTing-Kang Chang HpkeAead::CHACHA20_POLY1305, OutputPrefixType::RAW);
266*e7b1675dSTing-Kang Chang return *key_template;
267*e7b1675dSTing-Kang Chang }
268*e7b1675dSTing-Kang Chang
269*e7b1675dSTing-Kang Chang } // namespace tink
270*e7b1675dSTing-Kang Chang } // namespace crypto
271