1*e7b1675dSTing-Kang Chang// Copyright 2018 Google LLC 2*e7b1675dSTing-Kang Chang// 3*e7b1675dSTing-Kang Chang// Licensed under the Apache License, Version 2.0 (the "License"); 4*e7b1675dSTing-Kang Chang// you may not use this file except in compliance with the License. 5*e7b1675dSTing-Kang Chang// You may obtain a copy of the License at 6*e7b1675dSTing-Kang Chang// 7*e7b1675dSTing-Kang Chang// http://www.apache.org/licenses/LICENSE-2.0 8*e7b1675dSTing-Kang Chang// 9*e7b1675dSTing-Kang Chang// Unless required by applicable law or agreed to in writing, software 10*e7b1675dSTing-Kang Chang// distributed under the License is distributed on an "AS IS" BASIS, 11*e7b1675dSTing-Kang Chang// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*e7b1675dSTing-Kang Chang// See the License for the specific language governing permissions and 13*e7b1675dSTing-Kang Chang// limitations under the License. 14*e7b1675dSTing-Kang Chang// 15*e7b1675dSTing-Kang Chang//////////////////////////////////////////////////////////////////////////////// 16*e7b1675dSTing-Kang Chang 17*e7b1675dSTing-Kang Changpackage aead 18*e7b1675dSTing-Kang Chang 19*e7b1675dSTing-Kang Changimport ( 20*e7b1675dSTing-Kang Chang "fmt" 21*e7b1675dSTing-Kang Chang 22*e7b1675dSTing-Kang Chang "golang.org/x/crypto/chacha20poly1305" 23*e7b1675dSTing-Kang Chang "google.golang.org/protobuf/proto" 24*e7b1675dSTing-Kang Chang "github.com/google/tink/go/aead/subtle" 25*e7b1675dSTing-Kang Chang "github.com/google/tink/go/keyset" 26*e7b1675dSTing-Kang Chang "github.com/google/tink/go/subtle/random" 27*e7b1675dSTing-Kang Chang 28*e7b1675dSTing-Kang Chang cppb "github.com/google/tink/go/proto/chacha20_poly1305_go_proto" 29*e7b1675dSTing-Kang Chang tinkpb "github.com/google/tink/go/proto/tink_go_proto" 30*e7b1675dSTing-Kang Chang) 31*e7b1675dSTing-Kang Chang 32*e7b1675dSTing-Kang Changconst ( 33*e7b1675dSTing-Kang Chang chaCha20Poly1305KeyVersion = 0 34*e7b1675dSTing-Kang Chang chaCha20Poly1305TypeURL = "type.googleapis.com/google.crypto.tink.ChaCha20Poly1305Key" 35*e7b1675dSTing-Kang Chang) 36*e7b1675dSTing-Kang Chang 37*e7b1675dSTing-Kang Chang// Common errors. 38*e7b1675dSTing-Kang Changvar errInvalidChaCha20Poly1305Key = fmt.Errorf("chacha20poly1305_key_manager: invalid key") 39*e7b1675dSTing-Kang Changvar errInvalidChaCha20Poly1305KeyFormat = fmt.Errorf("chacha20poly1305_key_manager: invalid key format") 40*e7b1675dSTing-Kang Chang 41*e7b1675dSTing-Kang Chang// chaCha20Poly1305KeyManager is an implementation of KeyManager interface. 42*e7b1675dSTing-Kang Chang// It generates new ChaCha20Poly1305Key keys and produces new instances of ChaCha20Poly1305 subtle. 43*e7b1675dSTing-Kang Changtype chaCha20Poly1305KeyManager struct{} 44*e7b1675dSTing-Kang Chang 45*e7b1675dSTing-Kang Chang// Primitive creates an ChaCha20Poly1305 subtle for the given serialized ChaCha20Poly1305Key proto. 46*e7b1675dSTing-Kang Changfunc (km *chaCha20Poly1305KeyManager) Primitive(serializedKey []byte) (interface{}, error) { 47*e7b1675dSTing-Kang Chang if len(serializedKey) == 0 { 48*e7b1675dSTing-Kang Chang return nil, errInvalidChaCha20Poly1305Key 49*e7b1675dSTing-Kang Chang } 50*e7b1675dSTing-Kang Chang key := new(cppb.ChaCha20Poly1305Key) 51*e7b1675dSTing-Kang Chang if err := proto.Unmarshal(serializedKey, key); err != nil { 52*e7b1675dSTing-Kang Chang return nil, errInvalidChaCha20Poly1305Key 53*e7b1675dSTing-Kang Chang } 54*e7b1675dSTing-Kang Chang if err := km.validateKey(key); err != nil { 55*e7b1675dSTing-Kang Chang return nil, err 56*e7b1675dSTing-Kang Chang } 57*e7b1675dSTing-Kang Chang ret, err := subtle.NewChaCha20Poly1305(key.KeyValue) 58*e7b1675dSTing-Kang Chang if err != nil { 59*e7b1675dSTing-Kang Chang return nil, fmt.Errorf("chacha20poly1305_key_manager: cannot create new primitive: %s", err) 60*e7b1675dSTing-Kang Chang } 61*e7b1675dSTing-Kang Chang return ret, nil 62*e7b1675dSTing-Kang Chang} 63*e7b1675dSTing-Kang Chang 64*e7b1675dSTing-Kang Chang// NewKey creates a new key, ignoring the specification in the given serialized key format 65*e7b1675dSTing-Kang Chang// because the key size and other params are fixed. 66*e7b1675dSTing-Kang Changfunc (km *chaCha20Poly1305KeyManager) NewKey(serializedKeyFormat []byte) (proto.Message, error) { 67*e7b1675dSTing-Kang Chang return km.newChaCha20Poly1305Key(), nil 68*e7b1675dSTing-Kang Chang} 69*e7b1675dSTing-Kang Chang 70*e7b1675dSTing-Kang Chang// NewKeyData creates a new KeyData ignoring the specification in the given serialized key format 71*e7b1675dSTing-Kang Chang// because the key size and other params are fixed. 72*e7b1675dSTing-Kang Chang// It should be used solely by the key management API. 73*e7b1675dSTing-Kang Changfunc (km *chaCha20Poly1305KeyManager) NewKeyData(serializedKeyFormat []byte) (*tinkpb.KeyData, error) { 74*e7b1675dSTing-Kang Chang key := km.newChaCha20Poly1305Key() 75*e7b1675dSTing-Kang Chang serializedKey, err := proto.Marshal(key) 76*e7b1675dSTing-Kang Chang if err != nil { 77*e7b1675dSTing-Kang Chang return nil, err 78*e7b1675dSTing-Kang Chang } 79*e7b1675dSTing-Kang Chang return &tinkpb.KeyData{ 80*e7b1675dSTing-Kang Chang TypeUrl: chaCha20Poly1305TypeURL, 81*e7b1675dSTing-Kang Chang Value: serializedKey, 82*e7b1675dSTing-Kang Chang KeyMaterialType: tinkpb.KeyData_SYMMETRIC, 83*e7b1675dSTing-Kang Chang }, nil 84*e7b1675dSTing-Kang Chang} 85*e7b1675dSTing-Kang Chang 86*e7b1675dSTing-Kang Chang// DoesSupport indicates if this key manager supports the given key type. 87*e7b1675dSTing-Kang Changfunc (km *chaCha20Poly1305KeyManager) DoesSupport(typeURL string) bool { 88*e7b1675dSTing-Kang Chang return typeURL == chaCha20Poly1305TypeURL 89*e7b1675dSTing-Kang Chang} 90*e7b1675dSTing-Kang Chang 91*e7b1675dSTing-Kang Chang// TypeURL returns the key type of keys managed by this key manager. 92*e7b1675dSTing-Kang Changfunc (km *chaCha20Poly1305KeyManager) TypeURL() string { 93*e7b1675dSTing-Kang Chang return chaCha20Poly1305TypeURL 94*e7b1675dSTing-Kang Chang} 95*e7b1675dSTing-Kang Chang 96*e7b1675dSTing-Kang Changfunc (km *chaCha20Poly1305KeyManager) newChaCha20Poly1305Key() *cppb.ChaCha20Poly1305Key { 97*e7b1675dSTing-Kang Chang keyValue := random.GetRandomBytes(chacha20poly1305.KeySize) 98*e7b1675dSTing-Kang Chang return &cppb.ChaCha20Poly1305Key{ 99*e7b1675dSTing-Kang Chang Version: chaCha20Poly1305KeyVersion, 100*e7b1675dSTing-Kang Chang KeyValue: keyValue, 101*e7b1675dSTing-Kang Chang } 102*e7b1675dSTing-Kang Chang} 103*e7b1675dSTing-Kang Chang 104*e7b1675dSTing-Kang Chang// validateKey validates the given ChaCha20Poly1305Key. 105*e7b1675dSTing-Kang Changfunc (km *chaCha20Poly1305KeyManager) validateKey(key *cppb.ChaCha20Poly1305Key) error { 106*e7b1675dSTing-Kang Chang err := keyset.ValidateKeyVersion(key.Version, chaCha20Poly1305KeyVersion) 107*e7b1675dSTing-Kang Chang if err != nil { 108*e7b1675dSTing-Kang Chang return fmt.Errorf("chacha20poly1305_key_manager: %s", err) 109*e7b1675dSTing-Kang Chang } 110*e7b1675dSTing-Kang Chang keySize := uint32(len(key.KeyValue)) 111*e7b1675dSTing-Kang Chang if keySize != chacha20poly1305.KeySize { 112*e7b1675dSTing-Kang Chang return fmt.Errorf("chacha20poly1305_key_manager: keySize != %d", chacha20poly1305.KeySize) 113*e7b1675dSTing-Kang Chang } 114*e7b1675dSTing-Kang Chang return nil 115*e7b1675dSTing-Kang Chang} 116