1 // Copyright 2019 Google Inc.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ///////////////////////////////////////////////////////////////////////////////
16
17 #include "tink/streamingaead/streaming_aead_key_templates.h"
18
19 #include "proto/aes_ctr_hmac_streaming.pb.h"
20 #include "proto/aes_gcm_hkdf_streaming.pb.h"
21 #include "proto/common.pb.h"
22 #include "proto/hmac.pb.h"
23 #include "proto/tink.pb.h"
24
25 using google::crypto::tink::AesCtrHmacStreamingKeyFormat;
26 using google::crypto::tink::AesGcmHkdfStreamingKeyFormat;
27 using google::crypto::tink::HashType;
28 using google::crypto::tink::KeyTemplate;
29 using google::crypto::tink::OutputPrefixType;
30
31 namespace crypto {
32 namespace tink {
33
34 namespace {
35
NewAesGcmHkdfStreamingKeyTemplate(int ikm_size_in_bytes,int segment_size_in_bytes)36 KeyTemplate* NewAesGcmHkdfStreamingKeyTemplate(int ikm_size_in_bytes,
37 int segment_size_in_bytes) {
38 KeyTemplate* key_template = new KeyTemplate;
39 key_template->set_type_url(
40 "type.googleapis.com/google.crypto.tink.AesGcmHkdfStreamingKey");
41 key_template->set_output_prefix_type(OutputPrefixType::RAW);
42 AesGcmHkdfStreamingKeyFormat key_format;
43 key_format.set_key_size(ikm_size_in_bytes);
44 auto params = key_format.mutable_params();
45 params->set_ciphertext_segment_size(segment_size_in_bytes);
46 params->set_derived_key_size(ikm_size_in_bytes);
47 params->set_hkdf_hash_type(HashType::SHA256);
48 key_format.SerializeToString(key_template->mutable_value());
49 return key_template;
50 }
51
NewAesCtrHmacStreamingKeyTemplate(int ikm_size_in_bytes,int segment_size_in_bytes)52 KeyTemplate* NewAesCtrHmacStreamingKeyTemplate(int ikm_size_in_bytes,
53 int segment_size_in_bytes) {
54 KeyTemplate* key_template = new KeyTemplate;
55 key_template->set_type_url(
56 "type.googleapis.com/google.crypto.tink.AesCtrHmacStreamingKey");
57 key_template->set_output_prefix_type(OutputPrefixType::RAW);
58 AesCtrHmacStreamingKeyFormat key_format;
59 key_format.set_key_size(ikm_size_in_bytes);
60 auto params = key_format.mutable_params();
61 params->set_ciphertext_segment_size(segment_size_in_bytes);
62 params->set_derived_key_size(ikm_size_in_bytes);
63 params->set_hkdf_hash_type(HashType::SHA256);
64 auto hmac_params = params->mutable_hmac_params();
65 hmac_params->set_hash(HashType::SHA256);
66 hmac_params->set_tag_size(32);
67 key_format.SerializeToString(key_template->mutable_value());
68 return key_template;
69 }
70
71 } // anonymous namespace
72
73 // static
Aes128GcmHkdf4KB()74 const KeyTemplate& StreamingAeadKeyTemplates::Aes128GcmHkdf4KB() {
75 static const KeyTemplate* key_template = NewAesGcmHkdfStreamingKeyTemplate(
76 /* ikm_size_in_bytes= */ 16, /* segment_size_in_bytes= */ 4096);
77 return *key_template;
78 }
79
80 // static
Aes256GcmHkdf4KB()81 const KeyTemplate& StreamingAeadKeyTemplates::Aes256GcmHkdf4KB() {
82 static const KeyTemplate* key_template = NewAesGcmHkdfStreamingKeyTemplate(
83 /* ikm_size_in_bytes= */ 32, /* segment_size_in_bytes= */ 4096);
84 return *key_template;
85 }
86
87 // static
Aes256GcmHkdf1MB()88 const KeyTemplate& StreamingAeadKeyTemplates::Aes256GcmHkdf1MB() {
89 static const KeyTemplate* key_template = NewAesGcmHkdfStreamingKeyTemplate(
90 /* ikm_size_in_bytes= */ 32, /* segment_size_in_bytes= */ 1048576);
91 return *key_template;
92 }
93
94 // static
Aes128CtrHmacSha256Segment4KB()95 const KeyTemplate& StreamingAeadKeyTemplates::Aes128CtrHmacSha256Segment4KB() {
96 static const KeyTemplate* key_template = NewAesCtrHmacStreamingKeyTemplate(
97 /* ikm_size_in_bytes= */ 16, /* segment_size_in_bytes= */ 4096);
98 return *key_template;
99 }
100
101 // static
Aes128CtrHmacSha256Segment1MB()102 const KeyTemplate& StreamingAeadKeyTemplates::Aes128CtrHmacSha256Segment1MB() {
103 static const KeyTemplate* key_template = NewAesCtrHmacStreamingKeyTemplate(
104 /* ikm_size_in_bytes= */ 16, /* segment_size_in_bytes= */ 1048576);
105 return *key_template;
106 }
107
108 // static
Aes256CtrHmacSha256Segment4KB()109 const KeyTemplate& StreamingAeadKeyTemplates::Aes256CtrHmacSha256Segment4KB() {
110 static const KeyTemplate* key_template = NewAesCtrHmacStreamingKeyTemplate(
111 /* ikm_size_in_bytes= */ 32, /* segment_size_in_bytes= */ 4096);
112 return *key_template;
113 }
114
115 // static
Aes256CtrHmacSha256Segment1MB()116 const KeyTemplate& StreamingAeadKeyTemplates::Aes256CtrHmacSha256Segment1MB() {
117 static const KeyTemplate* key_template = NewAesCtrHmacStreamingKeyTemplate(
118 /* ikm_size_in_bytes= */ 32, /* segment_size_in_bytes= */ 1048576);
119 return *key_template;
120 }
121
122 } // namespace tink
123 } // namespace crypto
124