xref: /aosp_15_r20/external/tink/go/hybrid/hybrid_key_templates.go (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1// Copyright 2019 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//      http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14//
15////////////////////////////////////////////////////////////////////////////////
16
17package hybrid
18
19import (
20	"fmt"
21
22	"google.golang.org/protobuf/proto"
23	"github.com/google/tink/go/aead"
24	"github.com/google/tink/go/internal/tinkerror"
25	commonpb "github.com/google/tink/go/proto/common_go_proto"
26	eciespb "github.com/google/tink/go/proto/ecies_aead_hkdf_go_proto"
27	hpkepb "github.com/google/tink/go/proto/hpke_go_proto"
28	tinkpb "github.com/google/tink/go/proto/tink_go_proto"
29)
30
31// This file contains pre-generated KeyTemplates for HybridEncrypt keys. One
32// can use these templates to generate new Keysets.
33
34// DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM_Key_Template creates a HPKE
35// key template with:
36//   - KEM: DHKEM_X25519_HKDF_SHA256,
37//   - KDF: HKDF_SHA256, and
38//   - AEAD: AES_128_GCM.
39//
40// It adds the 5-byte Tink prefix to ciphertexts.
41func DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM_Key_Template() *tinkpb.KeyTemplate {
42	return createHPKEKeyTemplate(
43		hpkepb.HpkeKem_DHKEM_X25519_HKDF_SHA256,
44		hpkepb.HpkeKdf_HKDF_SHA256,
45		hpkepb.HpkeAead_AES_128_GCM,
46		tinkpb.OutputPrefixType_TINK,
47	)
48}
49
50// DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM_Raw_Key_Template creates a
51// HPKE key template with:
52//   - KEM: DHKEM_X25519_HKDF_SHA256,
53//   - KDF: HKDF_SHA256, and
54//   - AEAD: AES_128_GCM.
55//
56// It does not add a prefix to ciphertexts.
57func DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM_Raw_Key_Template() *tinkpb.KeyTemplate {
58	return createHPKEKeyTemplate(
59		hpkepb.HpkeKem_DHKEM_X25519_HKDF_SHA256,
60		hpkepb.HpkeKdf_HKDF_SHA256,
61		hpkepb.HpkeAead_AES_128_GCM,
62		tinkpb.OutputPrefixType_RAW,
63	)
64}
65
66// DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_256_GCM_Key_Template creates a HPKE
67// key template with:
68//   - KEM: DHKEM_X25519_HKDF_SHA256,
69//   - KDF: HKDF_SHA256, and
70//   - AEAD: AES_256_GCM.
71//
72// It adds the 5-byte Tink prefix to ciphertexts.
73func DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_256_GCM_Key_Template() *tinkpb.KeyTemplate {
74	return createHPKEKeyTemplate(
75		hpkepb.HpkeKem_DHKEM_X25519_HKDF_SHA256,
76		hpkepb.HpkeKdf_HKDF_SHA256,
77		hpkepb.HpkeAead_AES_256_GCM,
78		tinkpb.OutputPrefixType_TINK,
79	)
80}
81
82// DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_256_GCM_Raw_Key_Template creates a
83// HPKE key template with:
84//   - KEM: DHKEM_X25519_HKDF_SHA256,
85//   - KDF: HKDF_SHA256, and
86//   - AEAD: AES_256_GCM.
87//
88// It does not add a prefix to ciphertexts.
89func DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_256_GCM_Raw_Key_Template() *tinkpb.KeyTemplate {
90	return createHPKEKeyTemplate(
91		hpkepb.HpkeKem_DHKEM_X25519_HKDF_SHA256,
92		hpkepb.HpkeKdf_HKDF_SHA256,
93		hpkepb.HpkeAead_AES_256_GCM,
94		tinkpb.OutputPrefixType_RAW,
95	)
96}
97
98// DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_CHACHA20_POLY1305_Key_Template creates
99// a HPKE key template with:
100//   - KEM: DHKEM_X25519_HKDF_SHA256,
101//   - KDF: HKDF_SHA256, and
102//   - AEAD: CHACHA20_POLY1305.
103//
104// It adds the 5-byte Tink prefix to ciphertexts.
105func DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_CHACHA20_POLY1305_Key_Template() *tinkpb.KeyTemplate {
106	return createHPKEKeyTemplate(
107		hpkepb.HpkeKem_DHKEM_X25519_HKDF_SHA256,
108		hpkepb.HpkeKdf_HKDF_SHA256,
109		hpkepb.HpkeAead_CHACHA20_POLY1305,
110		tinkpb.OutputPrefixType_TINK,
111	)
112}
113
114// DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_CHACHA20_POLY1305_Raw_Key_Template creates
115// a HPKE key template with:
116//   - KEM: DHKEM_X25519_HKDF_SHA256,
117//   - KDF: HKDF_SHA256, and
118//   - AEAD: CHACHA20_POLY1305.
119//
120// It does not add a prefix to ciphertexts.
121func DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_CHACHA20_POLY1305_Raw_Key_Template() *tinkpb.KeyTemplate {
122	return createHPKEKeyTemplate(
123		hpkepb.HpkeKem_DHKEM_X25519_HKDF_SHA256,
124		hpkepb.HpkeKdf_HKDF_SHA256,
125		hpkepb.HpkeAead_CHACHA20_POLY1305,
126		tinkpb.OutputPrefixType_RAW,
127	)
128}
129
130// createHPKEKeyTemplate creates a new HPKE key template with the given
131// parameters.
132func createHPKEKeyTemplate(kem hpkepb.HpkeKem, kdf hpkepb.HpkeKdf, aead hpkepb.HpkeAead, outputPrefixType tinkpb.OutputPrefixType) *tinkpb.KeyTemplate {
133	format := &hpkepb.HpkeKeyFormat{
134		Params: &hpkepb.HpkeParams{
135			Kem:  kem,
136			Kdf:  kdf,
137			Aead: aead,
138		},
139	}
140	serializedFormat, err := proto.Marshal(format)
141	if err != nil {
142		tinkerror.Fail(fmt.Sprintf("failed to marshal key format: %s", err))
143	}
144	return &tinkpb.KeyTemplate{
145		TypeUrl:          hpkePrivateKeyTypeURL,
146		Value:            serializedFormat,
147		OutputPrefixType: outputPrefixType,
148	}
149}
150
151// ECIESHKDFAES128GCMKeyTemplate creates an ECIES-AEAD-HKDF key template with:
152//   - KEM: ECDH over NIST P-256
153//   - DEM: AES128-GCM
154//   - KDF: HKDF-HMAC-SHA256 with an empty salt
155func ECIESHKDFAES128GCMKeyTemplate() *tinkpb.KeyTemplate {
156	salt := []byte{}
157	return createECIESAEADHKDFKeyTemplate(commonpb.EllipticCurveType_NIST_P256, commonpb.HashType_SHA256, commonpb.EcPointFormat_UNCOMPRESSED, aead.AES128GCMKeyTemplate(), salt)
158}
159
160// ECIESHKDFAES128CTRHMACSHA256KeyTemplate creates an ECIES-AEAD-HKDF key
161// template with:
162//   - KEM: ECDH over NIST P-256
163//   - DEM: AES128-CTR-HMAC-SHA256
164//   - KDF: HKDF-HMAC-SHA256 with an empty salt
165//
166// The DEM parameters are:
167//   - AES key size: 16 bytes
168//   - AES CTR IV size: 16 bytes
169//   - HMAC key size: 32 bytes
170//   - HMAC tag size: 16 bytes
171func ECIESHKDFAES128CTRHMACSHA256KeyTemplate() *tinkpb.KeyTemplate {
172	salt := []byte{}
173	return createECIESAEADHKDFKeyTemplate(commonpb.EllipticCurveType_NIST_P256, commonpb.HashType_SHA256, commonpb.EcPointFormat_UNCOMPRESSED, aead.AES128CTRHMACSHA256KeyTemplate(), salt)
174}
175
176// createEciesAEADHKDFKeyTemplate creates a new ECIES-AEAD-HKDF key template
177// with the given parameters.
178func createECIESAEADHKDFKeyTemplate(c commonpb.EllipticCurveType, ht commonpb.HashType, ptfmt commonpb.EcPointFormat, dekT *tinkpb.KeyTemplate, salt []byte) *tinkpb.KeyTemplate {
179	format := &eciespb.EciesAeadHkdfKeyFormat{
180		Params: &eciespb.EciesAeadHkdfParams{
181			KemParams: &eciespb.EciesHkdfKemParams{
182				CurveType:    c,
183				HkdfHashType: ht,
184				HkdfSalt:     salt,
185			},
186			DemParams: &eciespb.EciesAeadDemParams{
187				AeadDem: dekT,
188			},
189			EcPointFormat: ptfmt,
190		},
191	}
192	serializedFormat, err := proto.Marshal(format)
193	if err != nil {
194		tinkerror.Fail(fmt.Sprintf("failed to marshal key format: %s", err))
195	}
196	return &tinkpb.KeyTemplate{
197		TypeUrl:          eciesAEADHKDFPrivateKeyTypeURL,
198		Value:            serializedFormat,
199		OutputPrefixType: tinkpb.OutputPrefixType_TINK,
200	}
201}
202