1*e7b1675dSTing-Kang Chang// Copyright 2019 Google LLC 2*e7b1675dSTing-Kang Chang// 3*e7b1675dSTing-Kang Chang// Licensed under the Apache License, Version 2.0 (the "License"); 4*e7b1675dSTing-Kang Chang// you may not use this file except in compliance with the License. 5*e7b1675dSTing-Kang Chang// You may obtain a copy of the License at 6*e7b1675dSTing-Kang Chang// 7*e7b1675dSTing-Kang Chang// http://www.apache.org/licenses/LICENSE-2.0 8*e7b1675dSTing-Kang Chang// 9*e7b1675dSTing-Kang Chang// Unless required by applicable law or agreed to in writing, software 10*e7b1675dSTing-Kang Chang// distributed under the License is distributed on an "AS IS" BASIS, 11*e7b1675dSTing-Kang Chang// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*e7b1675dSTing-Kang Chang// See the License for the specific language governing permissions and 13*e7b1675dSTing-Kang Chang// limitations under the License. 14*e7b1675dSTing-Kang Chang// 15*e7b1675dSTing-Kang Chang//////////////////////////////////////////////////////////////////////////////// 16*e7b1675dSTing-Kang Chang 17*e7b1675dSTing-Kang Changpackage hybrid 18*e7b1675dSTing-Kang Chang 19*e7b1675dSTing-Kang Changimport ( 20*e7b1675dSTing-Kang Chang "fmt" 21*e7b1675dSTing-Kang Chang 22*e7b1675dSTing-Kang Chang "google.golang.org/protobuf/proto" 23*e7b1675dSTing-Kang Chang "github.com/google/tink/go/aead" 24*e7b1675dSTing-Kang Chang "github.com/google/tink/go/internal/tinkerror" 25*e7b1675dSTing-Kang Chang commonpb "github.com/google/tink/go/proto/common_go_proto" 26*e7b1675dSTing-Kang Chang eciespb "github.com/google/tink/go/proto/ecies_aead_hkdf_go_proto" 27*e7b1675dSTing-Kang Chang hpkepb "github.com/google/tink/go/proto/hpke_go_proto" 28*e7b1675dSTing-Kang Chang tinkpb "github.com/google/tink/go/proto/tink_go_proto" 29*e7b1675dSTing-Kang Chang) 30*e7b1675dSTing-Kang Chang 31*e7b1675dSTing-Kang Chang// This file contains pre-generated KeyTemplates for HybridEncrypt keys. One 32*e7b1675dSTing-Kang Chang// can use these templates to generate new Keysets. 33*e7b1675dSTing-Kang Chang 34*e7b1675dSTing-Kang Chang// DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM_Key_Template creates a HPKE 35*e7b1675dSTing-Kang Chang// key template with: 36*e7b1675dSTing-Kang Chang// - KEM: DHKEM_X25519_HKDF_SHA256, 37*e7b1675dSTing-Kang Chang// - KDF: HKDF_SHA256, and 38*e7b1675dSTing-Kang Chang// - AEAD: AES_128_GCM. 39*e7b1675dSTing-Kang Chang// 40*e7b1675dSTing-Kang Chang// It adds the 5-byte Tink prefix to ciphertexts. 41*e7b1675dSTing-Kang Changfunc DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM_Key_Template() *tinkpb.KeyTemplate { 42*e7b1675dSTing-Kang Chang return createHPKEKeyTemplate( 43*e7b1675dSTing-Kang Chang hpkepb.HpkeKem_DHKEM_X25519_HKDF_SHA256, 44*e7b1675dSTing-Kang Chang hpkepb.HpkeKdf_HKDF_SHA256, 45*e7b1675dSTing-Kang Chang hpkepb.HpkeAead_AES_128_GCM, 46*e7b1675dSTing-Kang Chang tinkpb.OutputPrefixType_TINK, 47*e7b1675dSTing-Kang Chang ) 48*e7b1675dSTing-Kang Chang} 49*e7b1675dSTing-Kang Chang 50*e7b1675dSTing-Kang Chang// DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM_Raw_Key_Template creates a 51*e7b1675dSTing-Kang Chang// HPKE key template with: 52*e7b1675dSTing-Kang Chang// - KEM: DHKEM_X25519_HKDF_SHA256, 53*e7b1675dSTing-Kang Chang// - KDF: HKDF_SHA256, and 54*e7b1675dSTing-Kang Chang// - AEAD: AES_128_GCM. 55*e7b1675dSTing-Kang Chang// 56*e7b1675dSTing-Kang Chang// It does not add a prefix to ciphertexts. 57*e7b1675dSTing-Kang Changfunc DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM_Raw_Key_Template() *tinkpb.KeyTemplate { 58*e7b1675dSTing-Kang Chang return createHPKEKeyTemplate( 59*e7b1675dSTing-Kang Chang hpkepb.HpkeKem_DHKEM_X25519_HKDF_SHA256, 60*e7b1675dSTing-Kang Chang hpkepb.HpkeKdf_HKDF_SHA256, 61*e7b1675dSTing-Kang Chang hpkepb.HpkeAead_AES_128_GCM, 62*e7b1675dSTing-Kang Chang tinkpb.OutputPrefixType_RAW, 63*e7b1675dSTing-Kang Chang ) 64*e7b1675dSTing-Kang Chang} 65*e7b1675dSTing-Kang Chang 66*e7b1675dSTing-Kang Chang// DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_256_GCM_Key_Template creates a HPKE 67*e7b1675dSTing-Kang Chang// key template with: 68*e7b1675dSTing-Kang Chang// - KEM: DHKEM_X25519_HKDF_SHA256, 69*e7b1675dSTing-Kang Chang// - KDF: HKDF_SHA256, and 70*e7b1675dSTing-Kang Chang// - AEAD: AES_256_GCM. 71*e7b1675dSTing-Kang Chang// 72*e7b1675dSTing-Kang Chang// It adds the 5-byte Tink prefix to ciphertexts. 73*e7b1675dSTing-Kang Changfunc DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_256_GCM_Key_Template() *tinkpb.KeyTemplate { 74*e7b1675dSTing-Kang Chang return createHPKEKeyTemplate( 75*e7b1675dSTing-Kang Chang hpkepb.HpkeKem_DHKEM_X25519_HKDF_SHA256, 76*e7b1675dSTing-Kang Chang hpkepb.HpkeKdf_HKDF_SHA256, 77*e7b1675dSTing-Kang Chang hpkepb.HpkeAead_AES_256_GCM, 78*e7b1675dSTing-Kang Chang tinkpb.OutputPrefixType_TINK, 79*e7b1675dSTing-Kang Chang ) 80*e7b1675dSTing-Kang Chang} 81*e7b1675dSTing-Kang Chang 82*e7b1675dSTing-Kang Chang// DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_256_GCM_Raw_Key_Template creates a 83*e7b1675dSTing-Kang Chang// HPKE key template with: 84*e7b1675dSTing-Kang Chang// - KEM: DHKEM_X25519_HKDF_SHA256, 85*e7b1675dSTing-Kang Chang// - KDF: HKDF_SHA256, and 86*e7b1675dSTing-Kang Chang// - AEAD: AES_256_GCM. 87*e7b1675dSTing-Kang Chang// 88*e7b1675dSTing-Kang Chang// It does not add a prefix to ciphertexts. 89*e7b1675dSTing-Kang Changfunc DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_256_GCM_Raw_Key_Template() *tinkpb.KeyTemplate { 90*e7b1675dSTing-Kang Chang return createHPKEKeyTemplate( 91*e7b1675dSTing-Kang Chang hpkepb.HpkeKem_DHKEM_X25519_HKDF_SHA256, 92*e7b1675dSTing-Kang Chang hpkepb.HpkeKdf_HKDF_SHA256, 93*e7b1675dSTing-Kang Chang hpkepb.HpkeAead_AES_256_GCM, 94*e7b1675dSTing-Kang Chang tinkpb.OutputPrefixType_RAW, 95*e7b1675dSTing-Kang Chang ) 96*e7b1675dSTing-Kang Chang} 97*e7b1675dSTing-Kang Chang 98*e7b1675dSTing-Kang Chang// DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_CHACHA20_POLY1305_Key_Template creates 99*e7b1675dSTing-Kang Chang// a HPKE key template with: 100*e7b1675dSTing-Kang Chang// - KEM: DHKEM_X25519_HKDF_SHA256, 101*e7b1675dSTing-Kang Chang// - KDF: HKDF_SHA256, and 102*e7b1675dSTing-Kang Chang// - AEAD: CHACHA20_POLY1305. 103*e7b1675dSTing-Kang Chang// 104*e7b1675dSTing-Kang Chang// It adds the 5-byte Tink prefix to ciphertexts. 105*e7b1675dSTing-Kang Changfunc DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_CHACHA20_POLY1305_Key_Template() *tinkpb.KeyTemplate { 106*e7b1675dSTing-Kang Chang return createHPKEKeyTemplate( 107*e7b1675dSTing-Kang Chang hpkepb.HpkeKem_DHKEM_X25519_HKDF_SHA256, 108*e7b1675dSTing-Kang Chang hpkepb.HpkeKdf_HKDF_SHA256, 109*e7b1675dSTing-Kang Chang hpkepb.HpkeAead_CHACHA20_POLY1305, 110*e7b1675dSTing-Kang Chang tinkpb.OutputPrefixType_TINK, 111*e7b1675dSTing-Kang Chang ) 112*e7b1675dSTing-Kang Chang} 113*e7b1675dSTing-Kang Chang 114*e7b1675dSTing-Kang Chang// DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_CHACHA20_POLY1305_Raw_Key_Template creates 115*e7b1675dSTing-Kang Chang// a HPKE key template with: 116*e7b1675dSTing-Kang Chang// - KEM: DHKEM_X25519_HKDF_SHA256, 117*e7b1675dSTing-Kang Chang// - KDF: HKDF_SHA256, and 118*e7b1675dSTing-Kang Chang// - AEAD: CHACHA20_POLY1305. 119*e7b1675dSTing-Kang Chang// 120*e7b1675dSTing-Kang Chang// It does not add a prefix to ciphertexts. 121*e7b1675dSTing-Kang Changfunc DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_CHACHA20_POLY1305_Raw_Key_Template() *tinkpb.KeyTemplate { 122*e7b1675dSTing-Kang Chang return createHPKEKeyTemplate( 123*e7b1675dSTing-Kang Chang hpkepb.HpkeKem_DHKEM_X25519_HKDF_SHA256, 124*e7b1675dSTing-Kang Chang hpkepb.HpkeKdf_HKDF_SHA256, 125*e7b1675dSTing-Kang Chang hpkepb.HpkeAead_CHACHA20_POLY1305, 126*e7b1675dSTing-Kang Chang tinkpb.OutputPrefixType_RAW, 127*e7b1675dSTing-Kang Chang ) 128*e7b1675dSTing-Kang Chang} 129*e7b1675dSTing-Kang Chang 130*e7b1675dSTing-Kang Chang// createHPKEKeyTemplate creates a new HPKE key template with the given 131*e7b1675dSTing-Kang Chang// parameters. 132*e7b1675dSTing-Kang Changfunc createHPKEKeyTemplate(kem hpkepb.HpkeKem, kdf hpkepb.HpkeKdf, aead hpkepb.HpkeAead, outputPrefixType tinkpb.OutputPrefixType) *tinkpb.KeyTemplate { 133*e7b1675dSTing-Kang Chang format := &hpkepb.HpkeKeyFormat{ 134*e7b1675dSTing-Kang Chang Params: &hpkepb.HpkeParams{ 135*e7b1675dSTing-Kang Chang Kem: kem, 136*e7b1675dSTing-Kang Chang Kdf: kdf, 137*e7b1675dSTing-Kang Chang Aead: aead, 138*e7b1675dSTing-Kang Chang }, 139*e7b1675dSTing-Kang Chang } 140*e7b1675dSTing-Kang Chang serializedFormat, err := proto.Marshal(format) 141*e7b1675dSTing-Kang Chang if err != nil { 142*e7b1675dSTing-Kang Chang tinkerror.Fail(fmt.Sprintf("failed to marshal key format: %s", err)) 143*e7b1675dSTing-Kang Chang } 144*e7b1675dSTing-Kang Chang return &tinkpb.KeyTemplate{ 145*e7b1675dSTing-Kang Chang TypeUrl: hpkePrivateKeyTypeURL, 146*e7b1675dSTing-Kang Chang Value: serializedFormat, 147*e7b1675dSTing-Kang Chang OutputPrefixType: outputPrefixType, 148*e7b1675dSTing-Kang Chang } 149*e7b1675dSTing-Kang Chang} 150*e7b1675dSTing-Kang Chang 151*e7b1675dSTing-Kang Chang// ECIESHKDFAES128GCMKeyTemplate creates an ECIES-AEAD-HKDF key template with: 152*e7b1675dSTing-Kang Chang// - KEM: ECDH over NIST P-256 153*e7b1675dSTing-Kang Chang// - DEM: AES128-GCM 154*e7b1675dSTing-Kang Chang// - KDF: HKDF-HMAC-SHA256 with an empty salt 155*e7b1675dSTing-Kang Changfunc ECIESHKDFAES128GCMKeyTemplate() *tinkpb.KeyTemplate { 156*e7b1675dSTing-Kang Chang salt := []byte{} 157*e7b1675dSTing-Kang Chang return createECIESAEADHKDFKeyTemplate(commonpb.EllipticCurveType_NIST_P256, commonpb.HashType_SHA256, commonpb.EcPointFormat_UNCOMPRESSED, aead.AES128GCMKeyTemplate(), salt) 158*e7b1675dSTing-Kang Chang} 159*e7b1675dSTing-Kang Chang 160*e7b1675dSTing-Kang Chang// ECIESHKDFAES128CTRHMACSHA256KeyTemplate creates an ECIES-AEAD-HKDF key 161*e7b1675dSTing-Kang Chang// template with: 162*e7b1675dSTing-Kang Chang// - KEM: ECDH over NIST P-256 163*e7b1675dSTing-Kang Chang// - DEM: AES128-CTR-HMAC-SHA256 164*e7b1675dSTing-Kang Chang// - KDF: HKDF-HMAC-SHA256 with an empty salt 165*e7b1675dSTing-Kang Chang// 166*e7b1675dSTing-Kang Chang// The DEM parameters are: 167*e7b1675dSTing-Kang Chang// - AES key size: 16 bytes 168*e7b1675dSTing-Kang Chang// - AES CTR IV size: 16 bytes 169*e7b1675dSTing-Kang Chang// - HMAC key size: 32 bytes 170*e7b1675dSTing-Kang Chang// - HMAC tag size: 16 bytes 171*e7b1675dSTing-Kang Changfunc ECIESHKDFAES128CTRHMACSHA256KeyTemplate() *tinkpb.KeyTemplate { 172*e7b1675dSTing-Kang Chang salt := []byte{} 173*e7b1675dSTing-Kang Chang return createECIESAEADHKDFKeyTemplate(commonpb.EllipticCurveType_NIST_P256, commonpb.HashType_SHA256, commonpb.EcPointFormat_UNCOMPRESSED, aead.AES128CTRHMACSHA256KeyTemplate(), salt) 174*e7b1675dSTing-Kang Chang} 175*e7b1675dSTing-Kang Chang 176*e7b1675dSTing-Kang Chang// createEciesAEADHKDFKeyTemplate creates a new ECIES-AEAD-HKDF key template 177*e7b1675dSTing-Kang Chang// with the given parameters. 178*e7b1675dSTing-Kang Changfunc createECIESAEADHKDFKeyTemplate(c commonpb.EllipticCurveType, ht commonpb.HashType, ptfmt commonpb.EcPointFormat, dekT *tinkpb.KeyTemplate, salt []byte) *tinkpb.KeyTemplate { 179*e7b1675dSTing-Kang Chang format := &eciespb.EciesAeadHkdfKeyFormat{ 180*e7b1675dSTing-Kang Chang Params: &eciespb.EciesAeadHkdfParams{ 181*e7b1675dSTing-Kang Chang KemParams: &eciespb.EciesHkdfKemParams{ 182*e7b1675dSTing-Kang Chang CurveType: c, 183*e7b1675dSTing-Kang Chang HkdfHashType: ht, 184*e7b1675dSTing-Kang Chang HkdfSalt: salt, 185*e7b1675dSTing-Kang Chang }, 186*e7b1675dSTing-Kang Chang DemParams: &eciespb.EciesAeadDemParams{ 187*e7b1675dSTing-Kang Chang AeadDem: dekT, 188*e7b1675dSTing-Kang Chang }, 189*e7b1675dSTing-Kang Chang EcPointFormat: ptfmt, 190*e7b1675dSTing-Kang Chang }, 191*e7b1675dSTing-Kang Chang } 192*e7b1675dSTing-Kang Chang serializedFormat, err := proto.Marshal(format) 193*e7b1675dSTing-Kang Chang if err != nil { 194*e7b1675dSTing-Kang Chang tinkerror.Fail(fmt.Sprintf("failed to marshal key format: %s", err)) 195*e7b1675dSTing-Kang Chang } 196*e7b1675dSTing-Kang Chang return &tinkpb.KeyTemplate{ 197*e7b1675dSTing-Kang Chang TypeUrl: eciesAEADHKDFPrivateKeyTypeURL, 198*e7b1675dSTing-Kang Chang Value: serializedFormat, 199*e7b1675dSTing-Kang Chang OutputPrefixType: tinkpb.OutputPrefixType_TINK, 200*e7b1675dSTing-Kang Chang } 201*e7b1675dSTing-Kang Chang} 202