1 // Copyright 2018 Google Inc. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 // 15 /////////////////////////////////////////////////////////////////////////////// 16 17 #ifndef TINK_HYBRID_HYBRID_KEY_TEMPLATES_H_ 18 #define TINK_HYBRID_HYBRID_KEY_TEMPLATES_H_ 19 20 #include "proto/tink.pb.h" 21 22 namespace crypto { 23 namespace tink { 24 25 /////////////////////////////////////////////////////////////////////////////// 26 // Pre-generated KeyTemplate for hybrid key types. One can use these templates 27 // to generate a new KeysetHandle object with fresh keys. 28 // To generate a new keyset that contains a single EciesAeadHkdfPrivateKey, 29 // one can do: 30 // 31 // auto status = HybridConfig::Register(); 32 // if (!status.ok()) { /* fail with error */ } 33 // auto handle_result = KeysetHandle::GenerateNew( 34 // HybridKeyTemplates::EciesP256HkdfHmacSha256Aes128Gcm()); 35 // if (!handle_result.ok()) { /* fail with error */ } 36 // auto keyset_handle = std::move(handle_result.value()); 37 class HybridKeyTemplates { 38 public: 39 // Returns a KeyTemplate that generates new instances of 40 // EciesAeadHkdfPrivateKey with the following parameters: 41 // - KEM: ECDH over NIST P-256 42 // - DEM: AES128-GCM 43 // - KDF: HKDF-HMAC-SHA256 with an empty salt 44 // - EC Point Format: Uncompressed 45 // - OutputPrefixType: TINK 46 static const google::crypto::tink::KeyTemplate& 47 EciesP256HkdfHmacSha256Aes128Gcm(); 48 49 // Returns a KeyTemplate that generates new instances of 50 // EciesAeadHkdfPrivateKey with the following parameters: 51 // - KEM: ECDH over NIST P-256 52 // - DEM: AES128-GCM 53 // - KDF: HKDF-HMAC-SHA512 with an empty salt 54 // - EC Point Format: Uncompressed 55 // - OutputPrefixType: TINK 56 static const google::crypto::tink::KeyTemplate& 57 EciesP256HkdfHmacSha512Aes128Gcm(); 58 59 // Returns a KeyTemplate that generates new instances of 60 // EciesAeadHkdfPrivateKey with the following parameters: 61 // - KEM: ECDH over NIST P-256 62 // - DEM: AES128-GCM 63 // - KDF: HKDF-HMAC-SHA256 with an empty salt 64 // - EC Point Format: Compressed 65 // - OutputPrefixType: RAW 66 static const google::crypto::tink::KeyTemplate& 67 EciesP256HkdfHmacSha256Aes128GcmCompressedWithoutPrefix(); 68 69 // Returns a KeyTemplate that generates new instances of 70 // EciesAeadHkdfPrivateKey with the following parameters: 71 // - KEM: ECDH over NIST P-256 72 // - DEM: AES128-CTR-HMAC-SHA256 with the following parameters: 73 // * AES key size: 16 bytes 74 // * AES CTR IV size: 16 bytes 75 // * HMAC key size: 32 bytes 76 // * HMAC tag size: 16 bytes 77 // - KDF: HKDF-HMAC-SHA256 with an empty salt 78 // - EC Point Format: Uncompressed 79 // - OutputPrefixType: TINK 80 static const google::crypto::tink::KeyTemplate& 81 EciesP256HkdfHmacSha256Aes128CtrHmacSha256(); 82 83 // Returns a KeyTemplate that generates new instances of 84 // EciesAeadHkdfPrivateKey with the following parameters: 85 // - KEM: ECDH over NIST P-256 86 // - DEM: AES128-CTR-HMAC-SHA256 with the following parameters: 87 // * AES key size: 16 bytes 88 // * AES CTR IV size: 16 bytes 89 // * HMAC key size: 32 bytes 90 // * HMAC tag size: 16 bytes 91 // - KDF: HKDF-HMAC-SHA512 with an empty salt 92 // - EC Point Format: Uncompressed 93 // - OutputPrefixType: TINK 94 static const google::crypto::tink::KeyTemplate& 95 EciesP256HkdfHmacSha512Aes128CtrHmacSha256(); 96 97 // Returns a KeyTemplate that generates new instances of 98 // EciesAeadHkdfPrivateKey with the following parameters: 99 // - KEM: ECDH over NIST P-256 100 // - DEM: AES128-GCM 101 // - KDF: HKDF-HMAC-SHA256 with an empty salt 102 // - EC Point Format: Compressed 103 // - OutputPrefixType: TINK 104 static const google::crypto::tink::KeyTemplate& 105 EciesP256CompressedHkdfHmacSha256Aes128Gcm(); 106 107 // Returns a KeyTemplate that generates new instances of 108 // EciesAeadHkdfPrivateKey with the following parameters: 109 // - KEM: ECDH over NIST P-256 110 // - DEM: AES128-CTR-HMAC-SHA256 with the following parameters: 111 // * AES key size: 16 bytes 112 // * AES CTR IV size: 16 bytes 113 // * HMAC key size: 32 bytes 114 // * HMAC tag size: 16 bytes 115 // - KDF: HKDF-HMAC-SHA256 with an empty salt 116 // - EC Point Format: Compressed 117 // - OutputPrefixType: TINK 118 static const google::crypto::tink::KeyTemplate& 119 EciesP256CompressedHkdfHmacSha256Aes128CtrHmacSha256(); 120 121 // Returns a KeyTemplate that generates new instances of 122 // EciesAeadHkdfPrivateKey with the following parameters: 123 // - KEM: ECDH over curve 25519 124 // - DEM: AES128-GCM 125 // - KDF: HKDF-HMAC-SHA256 with an empty salt 126 // - EC Point Format: Compressed 127 // - OutputPrefixType: TINK 128 static const google::crypto::tink::KeyTemplate& 129 EciesX25519HkdfHmacSha256Aes128Gcm(); 130 131 // Returns a KeyTemplate that generates new instances of 132 // EciesAeadHkdfPrivateKey with the following parameters: 133 // - KEM: ECDH over curve 25519 134 // - DEM: AES256-GCM 135 // - KDF: HKDF-HMAC-SHA256 with an empty salt 136 // - EC Point Format: Compressed 137 // - OutputPrefixType: TINK 138 static const google::crypto::tink::KeyTemplate& 139 EciesX25519HkdfHmacSha256Aes256Gcm(); 140 141 // Returns a KeyTemplate that generates new instances of 142 // EciesAeadHkdfPrivateKey with the following parameters: 143 // - KEM: ECDH over curve 25519 144 // - DEM: AES128-CTR-HMAC-SHA256 with the following parameters: 145 // * AES key size: 16 bytes 146 // * AES CTR IV size: 16 bytes 147 // * HMAC key size: 32 bytes 148 // * HMAC tag size: 16 bytes 149 // - KDF: HKDF-HMAC-SHA256 with an empty salt 150 // - EC Point Format: Compressed 151 // - OutputPrefixType: TINK 152 static const google::crypto::tink::KeyTemplate& 153 EciesX25519HkdfHmacSha256Aes128CtrHmacSha256(); 154 155 // Returns a KeyTemplate that generates new instances of 156 // EciesAeadHkdfPrivateKey with the following parameters: 157 // - KEM: ECDH over curve 25519 158 // - DEM: XChaCha20-Poly1305 with the following parameters: 159 // * XChaCha20 key size: 32 bytes 160 // * IV size: 24 bytes 161 // - KDF: HKDF-HMAC-SHA256 with an empty salt 162 // - EC Point Format: Compressed 163 // - OutputPrefixType: TINK 164 static const google::crypto::tink::KeyTemplate& 165 EciesX25519HkdfHmacSha256XChaCha20Poly1305(); 166 167 // Returns a KeyTemplate that generates new instances of 168 // EciesAeadHkdfPrivateKey with the following parameters: 169 // - KEM: ECDH over curve 25519 170 // - DEM: AES-SIV (Deterministic Aead) 171 // - KDF: HKDF-HMAC-SHA256 with an empty salt 172 // - EC Point Format: Compressed 173 // - OutputPrefixType: TINK 174 static const google::crypto::tink::KeyTemplate& 175 EciesX25519HkdfHmacSha256DeterministicAesSiv(); 176 177 // Returns a KeyTemplate that generates new instances of 178 // HpkePrivateKey with the following parameters: 179 // - KEM: ECDH over curve 25519 plus HKDF-SHA256 180 // - KDF: HKDF-SHA256 181 // - AEAD: AES-128-GCM 182 // - OutputPrefixType: TINK 183 static const google::crypto::tink::KeyTemplate& 184 HpkeX25519HkdfSha256Aes128Gcm(); 185 186 // Returns a KeyTemplate that generates new instances of 187 // HpkePrivateKey with the following parameters: 188 // - KEM: ECDH over curve 25519 plus HKDF-SHA256 189 // - KDF: HKDF-SHA256 190 // - AEAD: AES-128-GCM 191 // - OutputPrefixType: RAW 192 static const google::crypto::tink::KeyTemplate& 193 HpkeX25519HkdfSha256Aes128GcmRaw(); 194 195 // Returns a KeyTemplate that generates new instances of 196 // HpkePrivateKey with the following parameters: 197 // - KEM: ECDH over curve 25519 plus HKDF-SHA256 198 // - KDF: HKDF-SHA256 199 // - AEAD: AES-256-GCM 200 // - OutputPrefixType: TINK 201 static const google::crypto::tink::KeyTemplate& 202 HpkeX25519HkdfSha256Aes256Gcm(); 203 204 // Returns a KeyTemplate that generates new instances of 205 // HpkePrivateKey with the following parameters: 206 // - KEM: ECDH over curve 25519 plus HKDF-SHA256 207 // - KDF: HKDF-SHA256 208 // - AEAD: AES-256-GCM 209 // - OutputPrefixType: RAW 210 static const google::crypto::tink::KeyTemplate& 211 HpkeX25519HkdfSha256Aes256GcmRaw(); 212 213 // Returns a KeyTemplate that generates new instances of 214 // HpkePrivateKey with the following parameters: 215 // - KEM: ECDH over curve 25519 plus HKDF-SHA256 216 // - KDF: HKDF-SHA256 217 // - AEAD: ChaCha20-Poly1305 218 // - OutputPrefixType: TINK 219 static const google::crypto::tink::KeyTemplate& 220 HpkeX25519HkdfSha256ChaCha20Poly1305(); 221 222 // Returns a KeyTemplate that generates new instances of 223 // HpkePrivateKey with the following parameters: 224 // - KEM: ECDH over curve 25519 plus HKDF-SHA256 225 // - KDF: HKDF-SHA256 226 // - AEAD: ChaCha20-Poly1305 227 // - OutputPrefixType: RAW 228 static const google::crypto::tink::KeyTemplate& 229 HpkeX25519HkdfSha256ChaCha20Poly1305Raw(); 230 }; 231 232 } // namespace tink 233 } // namespace crypto 234 235 #endif // TINK_HYBRID_HYBRID_KEY_TEMPLATES_H_ 236