1*e7b1675dSTing-Kang Chang // Copyright 2018 Google Inc. 2*e7b1675dSTing-Kang Chang // 3*e7b1675dSTing-Kang Chang // Licensed under the Apache License, Version 2.0 (the "License"); 4*e7b1675dSTing-Kang Chang // you may not use this file except in compliance with the License. 5*e7b1675dSTing-Kang Chang // You may obtain a copy of the License at 6*e7b1675dSTing-Kang Chang // 7*e7b1675dSTing-Kang Chang // http://www.apache.org/licenses/LICENSE-2.0 8*e7b1675dSTing-Kang Chang // 9*e7b1675dSTing-Kang Chang // Unless required by applicable law or agreed to in writing, software 10*e7b1675dSTing-Kang Chang // distributed under the License is distributed on an "AS IS" BASIS, 11*e7b1675dSTing-Kang Chang // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*e7b1675dSTing-Kang Chang // See the License for the specific language governing permissions and 13*e7b1675dSTing-Kang Chang // limitations under the License. 14*e7b1675dSTing-Kang Chang // 15*e7b1675dSTing-Kang Chang /////////////////////////////////////////////////////////////////////////////// 16*e7b1675dSTing-Kang Chang 17*e7b1675dSTing-Kang Chang #ifndef TINK_HYBRID_HYBRID_KEY_TEMPLATES_H_ 18*e7b1675dSTing-Kang Chang #define TINK_HYBRID_HYBRID_KEY_TEMPLATES_H_ 19*e7b1675dSTing-Kang Chang 20*e7b1675dSTing-Kang Chang #include "proto/tink.pb.h" 21*e7b1675dSTing-Kang Chang 22*e7b1675dSTing-Kang Chang namespace crypto { 23*e7b1675dSTing-Kang Chang namespace tink { 24*e7b1675dSTing-Kang Chang 25*e7b1675dSTing-Kang Chang /////////////////////////////////////////////////////////////////////////////// 26*e7b1675dSTing-Kang Chang // Pre-generated KeyTemplate for hybrid key types. One can use these templates 27*e7b1675dSTing-Kang Chang // to generate a new KeysetHandle object with fresh keys. 28*e7b1675dSTing-Kang Chang // To generate a new keyset that contains a single EciesAeadHkdfPrivateKey, 29*e7b1675dSTing-Kang Chang // one can do: 30*e7b1675dSTing-Kang Chang // 31*e7b1675dSTing-Kang Chang // auto status = HybridConfig::Register(); 32*e7b1675dSTing-Kang Chang // if (!status.ok()) { /* fail with error */ } 33*e7b1675dSTing-Kang Chang // auto handle_result = KeysetHandle::GenerateNew( 34*e7b1675dSTing-Kang Chang // HybridKeyTemplates::EciesP256HkdfHmacSha256Aes128Gcm()); 35*e7b1675dSTing-Kang Chang // if (!handle_result.ok()) { /* fail with error */ } 36*e7b1675dSTing-Kang Chang // auto keyset_handle = std::move(handle_result.value()); 37*e7b1675dSTing-Kang Chang class HybridKeyTemplates { 38*e7b1675dSTing-Kang Chang public: 39*e7b1675dSTing-Kang Chang // Returns a KeyTemplate that generates new instances of 40*e7b1675dSTing-Kang Chang // EciesAeadHkdfPrivateKey with the following parameters: 41*e7b1675dSTing-Kang Chang // - KEM: ECDH over NIST P-256 42*e7b1675dSTing-Kang Chang // - DEM: AES128-GCM 43*e7b1675dSTing-Kang Chang // - KDF: HKDF-HMAC-SHA256 with an empty salt 44*e7b1675dSTing-Kang Chang // - EC Point Format: Uncompressed 45*e7b1675dSTing-Kang Chang // - OutputPrefixType: TINK 46*e7b1675dSTing-Kang Chang static const google::crypto::tink::KeyTemplate& 47*e7b1675dSTing-Kang Chang EciesP256HkdfHmacSha256Aes128Gcm(); 48*e7b1675dSTing-Kang Chang 49*e7b1675dSTing-Kang Chang // Returns a KeyTemplate that generates new instances of 50*e7b1675dSTing-Kang Chang // EciesAeadHkdfPrivateKey with the following parameters: 51*e7b1675dSTing-Kang Chang // - KEM: ECDH over NIST P-256 52*e7b1675dSTing-Kang Chang // - DEM: AES128-GCM 53*e7b1675dSTing-Kang Chang // - KDF: HKDF-HMAC-SHA512 with an empty salt 54*e7b1675dSTing-Kang Chang // - EC Point Format: Uncompressed 55*e7b1675dSTing-Kang Chang // - OutputPrefixType: TINK 56*e7b1675dSTing-Kang Chang static const google::crypto::tink::KeyTemplate& 57*e7b1675dSTing-Kang Chang EciesP256HkdfHmacSha512Aes128Gcm(); 58*e7b1675dSTing-Kang Chang 59*e7b1675dSTing-Kang Chang // Returns a KeyTemplate that generates new instances of 60*e7b1675dSTing-Kang Chang // EciesAeadHkdfPrivateKey with the following parameters: 61*e7b1675dSTing-Kang Chang // - KEM: ECDH over NIST P-256 62*e7b1675dSTing-Kang Chang // - DEM: AES128-GCM 63*e7b1675dSTing-Kang Chang // - KDF: HKDF-HMAC-SHA256 with an empty salt 64*e7b1675dSTing-Kang Chang // - EC Point Format: Compressed 65*e7b1675dSTing-Kang Chang // - OutputPrefixType: RAW 66*e7b1675dSTing-Kang Chang static const google::crypto::tink::KeyTemplate& 67*e7b1675dSTing-Kang Chang EciesP256HkdfHmacSha256Aes128GcmCompressedWithoutPrefix(); 68*e7b1675dSTing-Kang Chang 69*e7b1675dSTing-Kang Chang // Returns a KeyTemplate that generates new instances of 70*e7b1675dSTing-Kang Chang // EciesAeadHkdfPrivateKey with the following parameters: 71*e7b1675dSTing-Kang Chang // - KEM: ECDH over NIST P-256 72*e7b1675dSTing-Kang Chang // - DEM: AES128-CTR-HMAC-SHA256 with the following parameters: 73*e7b1675dSTing-Kang Chang // * AES key size: 16 bytes 74*e7b1675dSTing-Kang Chang // * AES CTR IV size: 16 bytes 75*e7b1675dSTing-Kang Chang // * HMAC key size: 32 bytes 76*e7b1675dSTing-Kang Chang // * HMAC tag size: 16 bytes 77*e7b1675dSTing-Kang Chang // - KDF: HKDF-HMAC-SHA256 with an empty salt 78*e7b1675dSTing-Kang Chang // - EC Point Format: Uncompressed 79*e7b1675dSTing-Kang Chang // - OutputPrefixType: TINK 80*e7b1675dSTing-Kang Chang static const google::crypto::tink::KeyTemplate& 81*e7b1675dSTing-Kang Chang EciesP256HkdfHmacSha256Aes128CtrHmacSha256(); 82*e7b1675dSTing-Kang Chang 83*e7b1675dSTing-Kang Chang // Returns a KeyTemplate that generates new instances of 84*e7b1675dSTing-Kang Chang // EciesAeadHkdfPrivateKey with the following parameters: 85*e7b1675dSTing-Kang Chang // - KEM: ECDH over NIST P-256 86*e7b1675dSTing-Kang Chang // - DEM: AES128-CTR-HMAC-SHA256 with the following parameters: 87*e7b1675dSTing-Kang Chang // * AES key size: 16 bytes 88*e7b1675dSTing-Kang Chang // * AES CTR IV size: 16 bytes 89*e7b1675dSTing-Kang Chang // * HMAC key size: 32 bytes 90*e7b1675dSTing-Kang Chang // * HMAC tag size: 16 bytes 91*e7b1675dSTing-Kang Chang // - KDF: HKDF-HMAC-SHA512 with an empty salt 92*e7b1675dSTing-Kang Chang // - EC Point Format: Uncompressed 93*e7b1675dSTing-Kang Chang // - OutputPrefixType: TINK 94*e7b1675dSTing-Kang Chang static const google::crypto::tink::KeyTemplate& 95*e7b1675dSTing-Kang Chang EciesP256HkdfHmacSha512Aes128CtrHmacSha256(); 96*e7b1675dSTing-Kang Chang 97*e7b1675dSTing-Kang Chang // Returns a KeyTemplate that generates new instances of 98*e7b1675dSTing-Kang Chang // EciesAeadHkdfPrivateKey with the following parameters: 99*e7b1675dSTing-Kang Chang // - KEM: ECDH over NIST P-256 100*e7b1675dSTing-Kang Chang // - DEM: AES128-GCM 101*e7b1675dSTing-Kang Chang // - KDF: HKDF-HMAC-SHA256 with an empty salt 102*e7b1675dSTing-Kang Chang // - EC Point Format: Compressed 103*e7b1675dSTing-Kang Chang // - OutputPrefixType: TINK 104*e7b1675dSTing-Kang Chang static const google::crypto::tink::KeyTemplate& 105*e7b1675dSTing-Kang Chang EciesP256CompressedHkdfHmacSha256Aes128Gcm(); 106*e7b1675dSTing-Kang Chang 107*e7b1675dSTing-Kang Chang // Returns a KeyTemplate that generates new instances of 108*e7b1675dSTing-Kang Chang // EciesAeadHkdfPrivateKey with the following parameters: 109*e7b1675dSTing-Kang Chang // - KEM: ECDH over NIST P-256 110*e7b1675dSTing-Kang Chang // - DEM: AES128-CTR-HMAC-SHA256 with the following parameters: 111*e7b1675dSTing-Kang Chang // * AES key size: 16 bytes 112*e7b1675dSTing-Kang Chang // * AES CTR IV size: 16 bytes 113*e7b1675dSTing-Kang Chang // * HMAC key size: 32 bytes 114*e7b1675dSTing-Kang Chang // * HMAC tag size: 16 bytes 115*e7b1675dSTing-Kang Chang // - KDF: HKDF-HMAC-SHA256 with an empty salt 116*e7b1675dSTing-Kang Chang // - EC Point Format: Compressed 117*e7b1675dSTing-Kang Chang // - OutputPrefixType: TINK 118*e7b1675dSTing-Kang Chang static const google::crypto::tink::KeyTemplate& 119*e7b1675dSTing-Kang Chang EciesP256CompressedHkdfHmacSha256Aes128CtrHmacSha256(); 120*e7b1675dSTing-Kang Chang 121*e7b1675dSTing-Kang Chang // Returns a KeyTemplate that generates new instances of 122*e7b1675dSTing-Kang Chang // EciesAeadHkdfPrivateKey with the following parameters: 123*e7b1675dSTing-Kang Chang // - KEM: ECDH over curve 25519 124*e7b1675dSTing-Kang Chang // - DEM: AES128-GCM 125*e7b1675dSTing-Kang Chang // - KDF: HKDF-HMAC-SHA256 with an empty salt 126*e7b1675dSTing-Kang Chang // - EC Point Format: Compressed 127*e7b1675dSTing-Kang Chang // - OutputPrefixType: TINK 128*e7b1675dSTing-Kang Chang static const google::crypto::tink::KeyTemplate& 129*e7b1675dSTing-Kang Chang EciesX25519HkdfHmacSha256Aes128Gcm(); 130*e7b1675dSTing-Kang Chang 131*e7b1675dSTing-Kang Chang // Returns a KeyTemplate that generates new instances of 132*e7b1675dSTing-Kang Chang // EciesAeadHkdfPrivateKey with the following parameters: 133*e7b1675dSTing-Kang Chang // - KEM: ECDH over curve 25519 134*e7b1675dSTing-Kang Chang // - DEM: AES256-GCM 135*e7b1675dSTing-Kang Chang // - KDF: HKDF-HMAC-SHA256 with an empty salt 136*e7b1675dSTing-Kang Chang // - EC Point Format: Compressed 137*e7b1675dSTing-Kang Chang // - OutputPrefixType: TINK 138*e7b1675dSTing-Kang Chang static const google::crypto::tink::KeyTemplate& 139*e7b1675dSTing-Kang Chang EciesX25519HkdfHmacSha256Aes256Gcm(); 140*e7b1675dSTing-Kang Chang 141*e7b1675dSTing-Kang Chang // Returns a KeyTemplate that generates new instances of 142*e7b1675dSTing-Kang Chang // EciesAeadHkdfPrivateKey with the following parameters: 143*e7b1675dSTing-Kang Chang // - KEM: ECDH over curve 25519 144*e7b1675dSTing-Kang Chang // - DEM: AES128-CTR-HMAC-SHA256 with the following parameters: 145*e7b1675dSTing-Kang Chang // * AES key size: 16 bytes 146*e7b1675dSTing-Kang Chang // * AES CTR IV size: 16 bytes 147*e7b1675dSTing-Kang Chang // * HMAC key size: 32 bytes 148*e7b1675dSTing-Kang Chang // * HMAC tag size: 16 bytes 149*e7b1675dSTing-Kang Chang // - KDF: HKDF-HMAC-SHA256 with an empty salt 150*e7b1675dSTing-Kang Chang // - EC Point Format: Compressed 151*e7b1675dSTing-Kang Chang // - OutputPrefixType: TINK 152*e7b1675dSTing-Kang Chang static const google::crypto::tink::KeyTemplate& 153*e7b1675dSTing-Kang Chang EciesX25519HkdfHmacSha256Aes128CtrHmacSha256(); 154*e7b1675dSTing-Kang Chang 155*e7b1675dSTing-Kang Chang // Returns a KeyTemplate that generates new instances of 156*e7b1675dSTing-Kang Chang // EciesAeadHkdfPrivateKey with the following parameters: 157*e7b1675dSTing-Kang Chang // - KEM: ECDH over curve 25519 158*e7b1675dSTing-Kang Chang // - DEM: XChaCha20-Poly1305 with the following parameters: 159*e7b1675dSTing-Kang Chang // * XChaCha20 key size: 32 bytes 160*e7b1675dSTing-Kang Chang // * IV size: 24 bytes 161*e7b1675dSTing-Kang Chang // - KDF: HKDF-HMAC-SHA256 with an empty salt 162*e7b1675dSTing-Kang Chang // - EC Point Format: Compressed 163*e7b1675dSTing-Kang Chang // - OutputPrefixType: TINK 164*e7b1675dSTing-Kang Chang static const google::crypto::tink::KeyTemplate& 165*e7b1675dSTing-Kang Chang EciesX25519HkdfHmacSha256XChaCha20Poly1305(); 166*e7b1675dSTing-Kang Chang 167*e7b1675dSTing-Kang Chang // Returns a KeyTemplate that generates new instances of 168*e7b1675dSTing-Kang Chang // EciesAeadHkdfPrivateKey with the following parameters: 169*e7b1675dSTing-Kang Chang // - KEM: ECDH over curve 25519 170*e7b1675dSTing-Kang Chang // - DEM: AES-SIV (Deterministic Aead) 171*e7b1675dSTing-Kang Chang // - KDF: HKDF-HMAC-SHA256 with an empty salt 172*e7b1675dSTing-Kang Chang // - EC Point Format: Compressed 173*e7b1675dSTing-Kang Chang // - OutputPrefixType: TINK 174*e7b1675dSTing-Kang Chang static const google::crypto::tink::KeyTemplate& 175*e7b1675dSTing-Kang Chang EciesX25519HkdfHmacSha256DeterministicAesSiv(); 176*e7b1675dSTing-Kang Chang 177*e7b1675dSTing-Kang Chang // Returns a KeyTemplate that generates new instances of 178*e7b1675dSTing-Kang Chang // HpkePrivateKey with the following parameters: 179*e7b1675dSTing-Kang Chang // - KEM: ECDH over curve 25519 plus HKDF-SHA256 180*e7b1675dSTing-Kang Chang // - KDF: HKDF-SHA256 181*e7b1675dSTing-Kang Chang // - AEAD: AES-128-GCM 182*e7b1675dSTing-Kang Chang // - OutputPrefixType: TINK 183*e7b1675dSTing-Kang Chang static const google::crypto::tink::KeyTemplate& 184*e7b1675dSTing-Kang Chang HpkeX25519HkdfSha256Aes128Gcm(); 185*e7b1675dSTing-Kang Chang 186*e7b1675dSTing-Kang Chang // Returns a KeyTemplate that generates new instances of 187*e7b1675dSTing-Kang Chang // HpkePrivateKey with the following parameters: 188*e7b1675dSTing-Kang Chang // - KEM: ECDH over curve 25519 plus HKDF-SHA256 189*e7b1675dSTing-Kang Chang // - KDF: HKDF-SHA256 190*e7b1675dSTing-Kang Chang // - AEAD: AES-128-GCM 191*e7b1675dSTing-Kang Chang // - OutputPrefixType: RAW 192*e7b1675dSTing-Kang Chang static const google::crypto::tink::KeyTemplate& 193*e7b1675dSTing-Kang Chang HpkeX25519HkdfSha256Aes128GcmRaw(); 194*e7b1675dSTing-Kang Chang 195*e7b1675dSTing-Kang Chang // Returns a KeyTemplate that generates new instances of 196*e7b1675dSTing-Kang Chang // HpkePrivateKey with the following parameters: 197*e7b1675dSTing-Kang Chang // - KEM: ECDH over curve 25519 plus HKDF-SHA256 198*e7b1675dSTing-Kang Chang // - KDF: HKDF-SHA256 199*e7b1675dSTing-Kang Chang // - AEAD: AES-256-GCM 200*e7b1675dSTing-Kang Chang // - OutputPrefixType: TINK 201*e7b1675dSTing-Kang Chang static const google::crypto::tink::KeyTemplate& 202*e7b1675dSTing-Kang Chang HpkeX25519HkdfSha256Aes256Gcm(); 203*e7b1675dSTing-Kang Chang 204*e7b1675dSTing-Kang Chang // Returns a KeyTemplate that generates new instances of 205*e7b1675dSTing-Kang Chang // HpkePrivateKey with the following parameters: 206*e7b1675dSTing-Kang Chang // - KEM: ECDH over curve 25519 plus HKDF-SHA256 207*e7b1675dSTing-Kang Chang // - KDF: HKDF-SHA256 208*e7b1675dSTing-Kang Chang // - AEAD: AES-256-GCM 209*e7b1675dSTing-Kang Chang // - OutputPrefixType: RAW 210*e7b1675dSTing-Kang Chang static const google::crypto::tink::KeyTemplate& 211*e7b1675dSTing-Kang Chang HpkeX25519HkdfSha256Aes256GcmRaw(); 212*e7b1675dSTing-Kang Chang 213*e7b1675dSTing-Kang Chang // Returns a KeyTemplate that generates new instances of 214*e7b1675dSTing-Kang Chang // HpkePrivateKey with the following parameters: 215*e7b1675dSTing-Kang Chang // - KEM: ECDH over curve 25519 plus HKDF-SHA256 216*e7b1675dSTing-Kang Chang // - KDF: HKDF-SHA256 217*e7b1675dSTing-Kang Chang // - AEAD: ChaCha20-Poly1305 218*e7b1675dSTing-Kang Chang // - OutputPrefixType: TINK 219*e7b1675dSTing-Kang Chang static const google::crypto::tink::KeyTemplate& 220*e7b1675dSTing-Kang Chang HpkeX25519HkdfSha256ChaCha20Poly1305(); 221*e7b1675dSTing-Kang Chang 222*e7b1675dSTing-Kang Chang // Returns a KeyTemplate that generates new instances of 223*e7b1675dSTing-Kang Chang // HpkePrivateKey with the following parameters: 224*e7b1675dSTing-Kang Chang // - KEM: ECDH over curve 25519 plus HKDF-SHA256 225*e7b1675dSTing-Kang Chang // - KDF: HKDF-SHA256 226*e7b1675dSTing-Kang Chang // - AEAD: ChaCha20-Poly1305 227*e7b1675dSTing-Kang Chang // - OutputPrefixType: RAW 228*e7b1675dSTing-Kang Chang static const google::crypto::tink::KeyTemplate& 229*e7b1675dSTing-Kang Chang HpkeX25519HkdfSha256ChaCha20Poly1305Raw(); 230*e7b1675dSTing-Kang Chang }; 231*e7b1675dSTing-Kang Chang 232*e7b1675dSTing-Kang Chang } // namespace tink 233*e7b1675dSTing-Kang Chang } // namespace crypto 234*e7b1675dSTing-Kang Chang 235*e7b1675dSTing-Kang Chang #endif // TINK_HYBRID_HYBRID_KEY_TEMPLATES_H_ 236