diff options
author | cinlin <cinlin@google.com> | 2023-07-07 14:57:44 -0700 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2023-07-07 14:59:19 -0700 |
commit | 144ee1882b4d043d6b10f6c02d6a80cce5fdd603 (patch) | |
tree | a9314702fc71edb1a753813379d0cd70537fda1a /cc/config | |
parent | a6f2fd3f6da4f0ca91ee9fa62d0dbddef5fc5dca (diff) | |
download | tink-144ee1882b4d043d6b10f6c02d6a80cce5fdd603.tar.gz |
Define crypto::tink::ConfigV0(). #tinkApiChange
PiperOrigin-RevId: 546391917
Diffstat (limited to 'cc/config')
-rw-r--r-- | cc/config/BUILD.bazel | 80 | ||||
-rw-r--r-- | cc/config/CMakeLists.txt | 81 | ||||
-rw-r--r-- | cc/config/v0.cc | 238 | ||||
-rw-r--r-- | cc/config/v0.h | 32 | ||||
-rw-r--r-- | cc/config/v0_test.cc | 85 |
5 files changed, 516 insertions, 0 deletions
diff --git a/cc/config/BUILD.bazel b/cc/config/BUILD.bazel index 8d77a3ece..924e1ec58 100644 --- a/cc/config/BUILD.bazel +++ b/cc/config/BUILD.bazel @@ -106,6 +106,54 @@ cc_library( ], ) +cc_library( + name = "v0", + srcs = ["v0.cc"], + hdrs = ["v0.h"], + include_prefix = "tink/config", + tags = ["requires_boringcrypto_update"], + deps = [ + "//:configuration", + "//aead:aead_wrapper", + "//aead:aes_ctr_hmac_aead_key_manager", + "//aead:aes_eax_key_manager", + "//aead:aes_gcm_key_manager", + "//aead:aes_gcm_siv_key_manager", + "//aead:xchacha20_poly1305_key_manager", + "//daead:aes_siv_key_manager", + "//daead:deterministic_aead_wrapper", + "//hybrid:ecies_aead_hkdf_private_key_manager", + "//hybrid:ecies_aead_hkdf_public_key_manager", + "//hybrid:hybrid_decrypt_wrapper", + "//hybrid:hybrid_encrypt_wrapper", + "//hybrid/internal:hpke_private_key_manager", + "//hybrid/internal:hpke_public_key_manager", + "//internal:configuration_impl", + "//mac:aes_cmac_key_manager", + "//mac:hmac_key_manager", + "//mac:mac_wrapper", + "//mac/internal:chunked_mac_wrapper", + "//prf:aes_cmac_prf_key_manager", + "//prf:hkdf_prf_key_manager", + "//prf:hmac_prf_key_manager", + "//prf:prf_set_wrapper", + "//signature:ecdsa_sign_key_manager", + "//signature:ecdsa_verify_key_manager", + "//signature:ed25519_sign_key_manager", + "//signature:ed25519_verify_key_manager", + "//signature:public_key_sign_wrapper", + "//signature:public_key_verify_wrapper", + "//signature:rsa_ssa_pkcs1_sign_key_manager", + "//signature:rsa_ssa_pkcs1_verify_key_manager", + "//signature:rsa_ssa_pss_sign_key_manager", + "//signature:rsa_ssa_pss_verify_key_manager", + "//streamingaead:aes_ctr_hmac_streaming_key_manager", + "//streamingaead:aes_gcm_hkdf_streaming_key_manager", + "//streamingaead:streaming_aead_wrapper", + "@com_google_absl//absl/log:check", + ], +) + # tests cc_test( @@ -204,3 +252,35 @@ cc_test( "@com_google_googletest//:gtest_main", ], ) + +cc_test( + name = "v0_test", + srcs = ["v0_test.cc"], + tags = ["requires_boringcrypto_update"], + deps = [ + ":v0", + "//:configuration", + "//aead:aes_ctr_hmac_aead_key_manager", + "//aead:aes_eax_key_manager", + "//aead:aes_gcm_key_manager", + "//aead:aes_gcm_siv_key_manager", + "//aead:xchacha20_poly1305_key_manager", + "//daead:aes_siv_key_manager", + "//hybrid:ecies_aead_hkdf_public_key_manager", + "//hybrid/internal:hpke_public_key_manager", + "//internal:configuration_impl", + "//mac:aes_cmac_key_manager", + "//mac:hmac_key_manager", + "//prf:aes_cmac_prf_key_manager", + "//prf:hkdf_prf_key_manager", + "//prf:hmac_prf_key_manager", + "//signature:ecdsa_verify_key_manager", + "//signature:ed25519_verify_key_manager", + "//signature:rsa_ssa_pkcs1_verify_key_manager", + "//signature:rsa_ssa_pss_verify_key_manager", + "//streamingaead:aes_ctr_hmac_streaming_key_manager", + "//streamingaead:aes_gcm_hkdf_streaming_key_manager", + "//util:test_matchers", + "@com_google_googletest//:gtest_main", + ], +) diff --git a/cc/config/CMakeLists.txt b/cc/config/CMakeLists.txt index 010958cf0..d18b4d3aa 100644 --- a/cc/config/CMakeLists.txt +++ b/cc/config/CMakeLists.txt @@ -92,6 +92,54 @@ tink_cc_library( tink::signature::ecdsa_sign_key_manager ) +tink_cc_library( + NAME v0 + SRCS + v0.cc + v0.h + DEPS + absl::check + tink::core::configuration + tink::aead::aead_wrapper + tink::aead::aes_ctr_hmac_aead_key_manager + tink::aead::aes_eax_key_manager + tink::aead::aes_gcm_key_manager + tink::aead::aes_gcm_siv_key_manager + tink::aead::xchacha20_poly1305_key_manager + tink::daead::aes_siv_key_manager + tink::daead::deterministic_aead_wrapper + tink::hybrid::ecies_aead_hkdf_private_key_manager + tink::hybrid::ecies_aead_hkdf_public_key_manager + tink::hybrid::hybrid_decrypt_wrapper + tink::hybrid::hybrid_encrypt_wrapper + tink::hybrid::internal::hpke_private_key_manager + tink::hybrid::internal::hpke_public_key_manager + tink::internal::configuration_impl + tink::mac::aes_cmac_key_manager + tink::mac::hmac_key_manager + tink::mac::mac_wrapper + tink::mac::internal::chunked_mac_wrapper + tink::prf::aes_cmac_prf_key_manager + tink::prf::hkdf_prf_key_manager + tink::prf::hmac_prf_key_manager + tink::prf::prf_set_wrapper + tink::signature::ecdsa_verify_key_manager + tink::signature::ed25519_sign_key_manager + tink::signature::ed25519_verify_key_manager + tink::signature::public_key_sign_wrapper + tink::signature::public_key_verify_wrapper + tink::signature::rsa_ssa_pkcs1_sign_key_manager + tink::signature::rsa_ssa_pkcs1_verify_key_manager + tink::signature::rsa_ssa_pss_sign_key_manager + tink::signature::rsa_ssa_pss_verify_key_manager + tink::streamingaead::aes_ctr_hmac_streaming_key_manager + tink::streamingaead::aes_gcm_hkdf_streaming_key_manager + tink::streamingaead::streaming_aead_wrapper + tink::signature::ecdsa_sign_key_manager + TAGS + exclude_if_openssl +) + # tests tink_cc_test( @@ -186,3 +234,36 @@ tink_cc_test( tink::util::test_matchers tink::proto::tink_cc_proto ) + +tink_cc_test( + NAME v0_test + SRCS + v0_test.cc + DEPS + tink::config::v0 + gmock + tink::core::configuration + tink::aead::aes_ctr_hmac_aead_key_manager + tink::aead::aes_eax_key_manager + tink::aead::aes_gcm_key_manager + tink::aead::aes_gcm_siv_key_manager + tink::aead::xchacha20_poly1305_key_manager + tink::daead::aes_siv_key_manager + tink::hybrid::ecies_aead_hkdf_public_key_manager + tink::hybrid::internal::hpke_public_key_manager + tink::internal::configuration_impl + tink::mac::aes_cmac_key_manager + tink::mac::hmac_key_manager + tink::prf::aes_cmac_prf_key_manager + tink::prf::hkdf_prf_key_manager + tink::prf::hmac_prf_key_manager + tink::signature::ecdsa_verify_key_manager + tink::signature::ed25519_verify_key_manager + tink::signature::rsa_ssa_pkcs1_verify_key_manager + tink::signature::rsa_ssa_pss_verify_key_manager + tink::streamingaead::aes_ctr_hmac_streaming_key_manager + tink::streamingaead::aes_gcm_hkdf_streaming_key_manager + tink::util::test_matchers + TAGS + exclude_if_openssl +) diff --git a/cc/config/v0.cc b/cc/config/v0.cc new file mode 100644 index 000000000..091fdbc03 --- /dev/null +++ b/cc/config/v0.cc @@ -0,0 +1,238 @@ +// Copyright 2023 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +//////////////////////////////////////////////////////////////////////////////// + +#include "tink/config/v0.h" + +#include "absl/log/check.h" +#include "tink/aead/aead_wrapper.h" +#include "tink/aead/aes_ctr_hmac_aead_key_manager.h" +#include "tink/aead/aes_eax_key_manager.h" +#include "tink/aead/aes_gcm_key_manager.h" +#include "tink/aead/aes_gcm_siv_key_manager.h" +#include "tink/aead/xchacha20_poly1305_key_manager.h" +#include "tink/configuration.h" +#include "tink/daead/aes_siv_key_manager.h" +#include "tink/daead/deterministic_aead_wrapper.h" +#include "tink/hybrid/ecies_aead_hkdf_private_key_manager.h" +#include "tink/hybrid/ecies_aead_hkdf_public_key_manager.h" +#include "tink/hybrid/hybrid_decrypt_wrapper.h" +#include "tink/hybrid/hybrid_encrypt_wrapper.h" +#include "tink/hybrid/internal/hpke_private_key_manager.h" +#include "tink/hybrid/internal/hpke_public_key_manager.h" +#include "tink/internal/configuration_impl.h" +#include "tink/mac/aes_cmac_key_manager.h" +#include "tink/mac/hmac_key_manager.h" +#include "tink/mac/internal/chunked_mac_wrapper.h" +#include "tink/mac/mac_wrapper.h" +#include "tink/prf/aes_cmac_prf_key_manager.h" +#include "tink/prf/hkdf_prf_key_manager.h" +#include "tink/prf/hmac_prf_key_manager.h" +#include "tink/prf/prf_set_wrapper.h" +#include "tink/signature/ecdsa_verify_key_manager.h" +#include "tink/signature/ed25519_sign_key_manager.h" +#include "tink/signature/ed25519_verify_key_manager.h" +#include "tink/signature/public_key_sign_wrapper.h" +#include "tink/signature/public_key_verify_wrapper.h" +#include "tink/signature/rsa_ssa_pkcs1_sign_key_manager.h" +#include "tink/signature/rsa_ssa_pkcs1_verify_key_manager.h" +#include "tink/signature/rsa_ssa_pss_sign_key_manager.h" +#include "tink/signature/rsa_ssa_pss_verify_key_manager.h" +#include "tink/streamingaead/aes_ctr_hmac_streaming_key_manager.h" +#include "tink/streamingaead/aes_gcm_hkdf_streaming_key_manager.h" +#include "tink/streamingaead/streaming_aead_wrapper.h" +#include "tink/signature/ecdsa_sign_key_manager.h" + +namespace crypto { +namespace tink { +namespace { + +util::Status AddMac(Configuration& config) { + util::Status status = internal::ConfigurationImpl::AddPrimitiveWrapper( + absl::make_unique<MacWrapper>(), config); + if (!status.ok()) { + return status; + } + status = internal::ConfigurationImpl::AddPrimitiveWrapper( + absl::make_unique<internal::ChunkedMacWrapper>(), config); + if (!status.ok()) { + return status; + } + + status = internal::ConfigurationImpl::AddKeyTypeManager( + absl::make_unique<HmacKeyManager>(), config); + if (!status.ok()) { + return status; + } + return internal::ConfigurationImpl::AddKeyTypeManager( + absl::make_unique<AesCmacKeyManager>(), config); +} + +util::Status AddAead(Configuration& config) { + util::Status status = internal::ConfigurationImpl::AddPrimitiveWrapper( + absl::make_unique<AeadWrapper>(), config); + if (!status.ok()) { + return status; + } + + status = internal::ConfigurationImpl::AddKeyTypeManager( + absl::make_unique<AesCtrHmacAeadKeyManager>(), config); + if (!status.ok()) { + return status; + } + status = internal::ConfigurationImpl::AddKeyTypeManager( + absl::make_unique<AesGcmKeyManager>(), config); + if (!status.ok()) { + return status; + } + status = internal::ConfigurationImpl::AddKeyTypeManager( + absl::make_unique<AesGcmSivKeyManager>(), config); + if (!status.ok()) { + return status; + } + status = internal::ConfigurationImpl::AddKeyTypeManager( + absl::make_unique<AesEaxKeyManager>(), config); + if (!status.ok()) { + return status; + } + return internal::ConfigurationImpl::AddKeyTypeManager( + absl::make_unique<XChaCha20Poly1305KeyManager>(), config); +} + +util::Status AddDeterministicAead(Configuration& config) { + util::Status status = internal::ConfigurationImpl::AddPrimitiveWrapper( + absl::make_unique<DeterministicAeadWrapper>(), config); + if (!status.ok()) { + return status; + } + + return internal::ConfigurationImpl::AddKeyTypeManager( + absl::make_unique<AesSivKeyManager>(), config); +} + +util::Status AddStreamingAead(Configuration& config) { + util::Status status = internal::ConfigurationImpl::AddPrimitiveWrapper( + absl::make_unique<StreamingAeadWrapper>(), config); + if (!status.ok()) { + return status; + } + + status = internal::ConfigurationImpl::AddKeyTypeManager( + absl::make_unique<AesGcmHkdfStreamingKeyManager>(), config); + if (!status.ok()) { + return status; + } + return internal::ConfigurationImpl::AddKeyTypeManager( + absl::make_unique<AesCtrHmacStreamingKeyManager>(), config); +} + +util::Status AddHybrid(Configuration& config) { + util::Status status = internal::ConfigurationImpl::AddPrimitiveWrapper( + absl::make_unique<HybridEncryptWrapper>(), config); + if (!status.ok()) { + return status; + } + status = internal::ConfigurationImpl::AddPrimitiveWrapper( + absl::make_unique<HybridDecryptWrapper>(), config); + if (!status.ok()) { + return status; + } + + status = internal::ConfigurationImpl::AddAsymmetricKeyManagers( + absl::make_unique<EciesAeadHkdfPrivateKeyManager>(), + absl::make_unique<EciesAeadHkdfPublicKeyManager>(), config); + if (!status.ok()) { + return status; + } + return internal::ConfigurationImpl::AddAsymmetricKeyManagers( + absl::make_unique<internal::HpkePrivateKeyManager>(), + absl::make_unique<internal::HpkePublicKeyManager>(), config); +} + +util::Status AddPrf(Configuration& config) { + util::Status status = internal::ConfigurationImpl::AddPrimitiveWrapper( + absl::make_unique<PrfSetWrapper>(), config); + if (!status.ok()) { + return status; + } + + status = internal::ConfigurationImpl::AddKeyTypeManager( + absl::make_unique<HmacPrfKeyManager>(), config); + if (!status.ok()) { + return status; + } + status = internal::ConfigurationImpl::AddKeyTypeManager( + absl::make_unique<HkdfPrfKeyManager>(), config); + if (!status.ok()) { + return status; + } + return internal::ConfigurationImpl::AddKeyTypeManager( + absl::make_unique<AesCmacPrfKeyManager>(), config); +} + +util::Status AddSignature(Configuration& config) { + util::Status status = internal::ConfigurationImpl::AddPrimitiveWrapper( + absl::make_unique<PublicKeySignWrapper>(), config); + if (!status.ok()) { + return status; + } + status = internal::ConfigurationImpl::AddPrimitiveWrapper( + absl::make_unique<PublicKeyVerifyWrapper>(), config); + if (!status.ok()) { + return status; + } + + status = internal::ConfigurationImpl::AddAsymmetricKeyManagers( + absl::make_unique<EcdsaSignKeyManager>(), + absl::make_unique<EcdsaVerifyKeyManager>(), config); + if (!status.ok()) { + return status; + } + status = internal::ConfigurationImpl::AddAsymmetricKeyManagers( + absl::make_unique<RsaSsaPssSignKeyManager>(), + absl::make_unique<RsaSsaPssVerifyKeyManager>(), config); + if (!status.ok()) { + return status; + } + status = internal::ConfigurationImpl::AddAsymmetricKeyManagers( + absl::make_unique<RsaSsaPkcs1SignKeyManager>(), + absl::make_unique<RsaSsaPkcs1VerifyKeyManager>(), config); + if (!status.ok()) { + return status; + } + return internal::ConfigurationImpl::AddAsymmetricKeyManagers( + absl::make_unique<Ed25519SignKeyManager>(), + absl::make_unique<Ed25519VerifyKeyManager>(), config); +} + +} // namespace + +const Configuration& ConfigV0() { + static const Configuration* instance = [] { + static Configuration* config = new Configuration(); + CHECK_OK(AddMac(*config)); + CHECK_OK(AddAead(*config)); + CHECK_OK(AddDeterministicAead(*config)); + CHECK_OK(AddStreamingAead(*config)); + CHECK_OK(AddHybrid(*config)); + CHECK_OK(AddPrf(*config)); + CHECK_OK(AddSignature(*config)); + return config; + }(); + return *instance; +} + +} // namespace tink +} // namespace crypto diff --git a/cc/config/v0.h b/cc/config/v0.h new file mode 100644 index 000000000..b2cc2c00b --- /dev/null +++ b/cc/config/v0.h @@ -0,0 +1,32 @@ +// Copyright 2023 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +//////////////////////////////////////////////////////////////////////////////// + +#ifndef TINK_CONFIG_V0_H_ +#define TINK_CONFIG_V0_H_ + +#include "tink/configuration.h" + +namespace crypto { +namespace tink { + +// Configuration used to generate primitives using ISE Crypto-approved key types +// as of July 2023. +const Configuration& ConfigV0(); + +} // namespace tink +} // namespace crypto + +#endif // TINK_CONFIG_V0_H_ diff --git a/cc/config/v0_test.cc b/cc/config/v0_test.cc new file mode 100644 index 000000000..e5dc3ef59 --- /dev/null +++ b/cc/config/v0_test.cc @@ -0,0 +1,85 @@ +// Copyright 2023 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +//////////////////////////////////////////////////////////////////////////////// + +#include "tink/config/v0.h" + +#include "gmock/gmock.h" +#include "gtest/gtest.h" +#include "tink/aead/aes_ctr_hmac_aead_key_manager.h" +#include "tink/aead/aes_eax_key_manager.h" +#include "tink/aead/aes_gcm_key_manager.h" +#include "tink/aead/aes_gcm_siv_key_manager.h" +#include "tink/aead/xchacha20_poly1305_key_manager.h" +#include "tink/configuration.h" +#include "tink/daead/aes_siv_key_manager.h" +#include "tink/hybrid/ecies_aead_hkdf_public_key_manager.h" +#include "tink/hybrid/internal/hpke_public_key_manager.h" +#include "tink/internal/configuration_impl.h" +#include "tink/mac/aes_cmac_key_manager.h" +#include "tink/mac/hmac_key_manager.h" +#include "tink/prf/aes_cmac_prf_key_manager.h" +#include "tink/prf/hkdf_prf_key_manager.h" +#include "tink/prf/hmac_prf_key_manager.h" +#include "tink/signature/ecdsa_verify_key_manager.h" +#include "tink/signature/ed25519_verify_key_manager.h" +#include "tink/signature/rsa_ssa_pkcs1_verify_key_manager.h" +#include "tink/signature/rsa_ssa_pss_verify_key_manager.h" +#include "tink/streamingaead/aes_ctr_hmac_streaming_key_manager.h" +#include "tink/streamingaead/aes_gcm_hkdf_streaming_key_manager.h" +#include "tink/util/test_matchers.h" + +namespace crypto { +namespace tink { +namespace { + +using ::crypto::tink::test::IsOk; + +TEST(V0Test, ConfigV0) { + util::StatusOr<const internal::KeyTypeInfoStore*> store = + internal::ConfigurationImpl::GetKeyTypeInfoStore(ConfigV0()); + ASSERT_THAT(store, IsOk()); + + EXPECT_THAT((*store)->Get(HmacKeyManager().get_key_type()), IsOk()); + EXPECT_THAT((*store)->Get(AesCmacKeyManager().get_key_type()), IsOk()); + EXPECT_THAT((*store)->Get(AesCtrHmacAeadKeyManager().get_key_type()), IsOk()); + EXPECT_THAT((*store)->Get(AesGcmKeyManager().get_key_type()), IsOk()); + EXPECT_THAT((*store)->Get(AesGcmSivKeyManager().get_key_type()), IsOk()); + EXPECT_THAT((*store)->Get(AesEaxKeyManager().get_key_type()), IsOk()); + EXPECT_THAT((*store)->Get(XChaCha20Poly1305KeyManager().get_key_type()), + IsOk()); + EXPECT_THAT((*store)->Get(AesSivKeyManager().get_key_type()), IsOk()); + EXPECT_THAT((*store)->Get(AesGcmHkdfStreamingKeyManager().get_key_type()), + IsOk()); + EXPECT_THAT((*store)->Get(AesCtrHmacStreamingKeyManager().get_key_type()), + IsOk()); + EXPECT_THAT((*store)->Get(EciesAeadHkdfPublicKeyManager().get_key_type()), + IsOk()); + EXPECT_THAT((*store)->Get(internal::HpkePublicKeyManager().get_key_type()), + IsOk()); + EXPECT_THAT((*store)->Get(HmacPrfKeyManager().get_key_type()), IsOk()); + EXPECT_THAT((*store)->Get(HkdfPrfKeyManager().get_key_type()), IsOk()); + EXPECT_THAT((*store)->Get(AesCmacPrfKeyManager().get_key_type()), IsOk()); + EXPECT_THAT((*store)->Get(EcdsaVerifyKeyManager().get_key_type()), IsOk()); + EXPECT_THAT((*store)->Get(RsaSsaPssVerifyKeyManager().get_key_type()), + IsOk()); + EXPECT_THAT((*store)->Get(RsaSsaPkcs1VerifyKeyManager().get_key_type()), + IsOk()); + EXPECT_THAT((*store)->Get(Ed25519VerifyKeyManager().get_key_type()), IsOk()); +} + +} // namespace +} // namespace tink +} // namespace crypto |