Define crypto::tink::KeyGenConfigV0(). #tinkApiChange

PiperOrigin-RevId: 547356441

5 files changed, 433 insertions, 0 deletions

diff --git a/cc/config/BUILD.bazel b/cc/config/BUILD.bazel
index 924e1ec58..dbf671baa 100644
--- a/cc/config/BUILD.bazel
+++ b/cc/config/BUILD.bazel
@@ -154,6 +154,45 @@ cc_library(
     ],
 )
 
+cc_library(
+    name = "key_gen_v0",
+    srcs = ["key_gen_v0.cc"],
+    hdrs = ["key_gen_v0.h"],
+    include_prefix = "tink/config",
+    tags = ["requires_boringcrypto_update"],
+    deps = [
+        "//:configuration",
+        "//:key_gen_configuration",
+        "//aead:aes_ctr_hmac_aead_key_manager",
+        "//aead:aes_eax_key_manager",
+        "//aead:aes_gcm_key_manager",
+        "//aead:aes_gcm_siv_key_manager",
+        "//aead:xchacha20_poly1305_key_manager",
+        "//daead:aes_siv_key_manager",
+        "//hybrid:ecies_aead_hkdf_private_key_manager",
+        "//hybrid:ecies_aead_hkdf_public_key_manager",
+        "//hybrid/internal:hpke_private_key_manager",
+        "//hybrid/internal:hpke_public_key_manager",
+        "//internal:key_gen_configuration_impl",
+        "//mac:aes_cmac_key_manager",
+        "//mac:hmac_key_manager",
+        "//prf:aes_cmac_prf_key_manager",
+        "//prf:hkdf_prf_key_manager",
+        "//prf:hmac_prf_key_manager",
+        "//signature:ecdsa_sign_key_manager",
+        "//signature:ecdsa_verify_key_manager",
+        "//signature:ed25519_sign_key_manager",
+        "//signature:ed25519_verify_key_manager",
+        "//signature:rsa_ssa_pkcs1_sign_key_manager",
+        "//signature:rsa_ssa_pkcs1_verify_key_manager",
+        "//signature:rsa_ssa_pss_sign_key_manager",
+        "//signature:rsa_ssa_pss_verify_key_manager",
+        "//streamingaead:aes_ctr_hmac_streaming_key_manager",
+        "//streamingaead:aes_gcm_hkdf_streaming_key_manager",
+        "@com_google_absl//absl/log:check",
+    ],
+)
+
 # tests
 
 cc_test(
@@ -284,3 +323,35 @@ cc_test(
         "@com_google_googletest//:gtest_main",
     ],
 )
+
+cc_test(
+    name = "key_gen_v0_test",
+    srcs = ["key_gen_v0_test.cc"],
+    tags = ["requires_boringcrypto_update"],
+    deps = [
+        ":key_gen_v0",
+        "//:key_gen_configuration",
+        "//aead:aes_ctr_hmac_aead_key_manager",
+        "//aead:aes_eax_key_manager",
+        "//aead:aes_gcm_key_manager",
+        "//aead:aes_gcm_siv_key_manager",
+        "//aead:xchacha20_poly1305_key_manager",
+        "//daead:aes_siv_key_manager",
+        "//hybrid:ecies_aead_hkdf_public_key_manager",
+        "//hybrid/internal:hpke_public_key_manager",
+        "//internal:key_gen_configuration_impl",
+        "//mac:aes_cmac_key_manager",
+        "//mac:hmac_key_manager",
+        "//prf:aes_cmac_prf_key_manager",
+        "//prf:hkdf_prf_key_manager",
+        "//prf:hmac_prf_key_manager",
+        "//signature:ecdsa_verify_key_manager",
+        "//signature:ed25519_verify_key_manager",
+        "//signature:rsa_ssa_pkcs1_verify_key_manager",
+        "//signature:rsa_ssa_pss_verify_key_manager",
+        "//streamingaead:aes_ctr_hmac_streaming_key_manager",
+        "//streamingaead:aes_gcm_hkdf_streaming_key_manager",
+        "//util:test_matchers",
+        "@com_google_googletest//:gtest_main",
+    ],
+)
diff --git a/cc/config/CMakeLists.txt b/cc/config/CMakeLists.txt
index d18b4d3aa..b8a3ba97e 100644
--- a/cc/config/CMakeLists.txt
+++ b/cc/config/CMakeLists.txt
@@ -140,6 +140,45 @@ tink_cc_library(
     exclude_if_openssl
 )
 
+tink_cc_library(
+  NAME key_gen_v0
+  SRCS
+    key_gen_v0.cc
+    key_gen_v0.h
+  DEPS
+    absl::check
+    tink::core::configuration
+    tink::core::key_gen_configuration
+    tink::aead::aes_ctr_hmac_aead_key_manager
+    tink::aead::aes_eax_key_manager
+    tink::aead::aes_gcm_key_manager
+    tink::aead::aes_gcm_siv_key_manager
+    tink::aead::xchacha20_poly1305_key_manager
+    tink::daead::aes_siv_key_manager
+    tink::hybrid::ecies_aead_hkdf_private_key_manager
+    tink::hybrid::ecies_aead_hkdf_public_key_manager
+    tink::hybrid::internal::hpke_private_key_manager
+    tink::hybrid::internal::hpke_public_key_manager
+    tink::internal::key_gen_configuration_impl
+    tink::mac::aes_cmac_key_manager
+    tink::mac::hmac_key_manager
+    tink::prf::aes_cmac_prf_key_manager
+    tink::prf::hkdf_prf_key_manager
+    tink::prf::hmac_prf_key_manager
+    tink::signature::ecdsa_verify_key_manager
+    tink::signature::ed25519_sign_key_manager
+    tink::signature::ed25519_verify_key_manager
+    tink::signature::rsa_ssa_pkcs1_sign_key_manager
+    tink::signature::rsa_ssa_pkcs1_verify_key_manager
+    tink::signature::rsa_ssa_pss_sign_key_manager
+    tink::signature::rsa_ssa_pss_verify_key_manager
+    tink::streamingaead::aes_ctr_hmac_streaming_key_manager
+    tink::streamingaead::aes_gcm_hkdf_streaming_key_manager
+    tink::signature::ecdsa_sign_key_manager
+  TAGS
+    exclude_if_openssl
+)
+
 # tests
 
 tink_cc_test(
@@ -267,3 +306,36 @@ tink_cc_test(
   TAGS
     exclude_if_openssl
 )
+
+tink_cc_test(
+  NAME key_gen_v0_test
+  SRCS
+    key_gen_v0_test.cc
+  DEPS
+    tink::config::key_gen_v0
+    gmock
+    tink::core::key_gen_configuration
+    tink::aead::aes_ctr_hmac_aead_key_manager
+    tink::aead::aes_eax_key_manager
+    tink::aead::aes_gcm_key_manager
+    tink::aead::aes_gcm_siv_key_manager
+    tink::aead::xchacha20_poly1305_key_manager
+    tink::daead::aes_siv_key_manager
+    tink::hybrid::ecies_aead_hkdf_public_key_manager
+    tink::hybrid::internal::hpke_public_key_manager
+    tink::internal::key_gen_configuration_impl
+    tink::mac::aes_cmac_key_manager
+    tink::mac::hmac_key_manager
+    tink::prf::aes_cmac_prf_key_manager
+    tink::prf::hkdf_prf_key_manager
+    tink::prf::hmac_prf_key_manager
+    tink::signature::ecdsa_verify_key_manager
+    tink::signature::ed25519_verify_key_manager
+    tink::signature::rsa_ssa_pkcs1_verify_key_manager
+    tink::signature::rsa_ssa_pss_verify_key_manager
+    tink::streamingaead::aes_ctr_hmac_streaming_key_manager
+    tink::streamingaead::aes_gcm_hkdf_streaming_key_manager
+    tink::util::test_matchers
+  TAGS
+    exclude_if_openssl
+)
diff --git a/cc/config/key_gen_v0.cc b/cc/config/key_gen_v0.cc
new file mode 100644
index 000000000..f8055a8a9
--- /dev/null
+++ b/cc/config/key_gen_v0.cc
@@ -0,0 +1,173 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+#include "tink/config/key_gen_v0.h"
+
+#include "absl/log/check.h"
+#include "tink/aead/aes_ctr_hmac_aead_key_manager.h"
+#include "tink/aead/aes_eax_key_manager.h"
+#include "tink/aead/aes_gcm_key_manager.h"
+#include "tink/aead/aes_gcm_siv_key_manager.h"
+#include "tink/aead/xchacha20_poly1305_key_manager.h"
+#include "tink/configuration.h"
+#include "tink/daead/aes_siv_key_manager.h"
+#include "tink/hybrid/ecies_aead_hkdf_private_key_manager.h"
+#include "tink/hybrid/ecies_aead_hkdf_public_key_manager.h"
+#include "tink/hybrid/internal/hpke_private_key_manager.h"
+#include "tink/hybrid/internal/hpke_public_key_manager.h"
+#include "tink/internal/key_gen_configuration_impl.h"
+#include "tink/mac/aes_cmac_key_manager.h"
+#include "tink/mac/hmac_key_manager.h"
+#include "tink/prf/aes_cmac_prf_key_manager.h"
+#include "tink/prf/hkdf_prf_key_manager.h"
+#include "tink/prf/hmac_prf_key_manager.h"
+#include "tink/signature/ecdsa_verify_key_manager.h"
+#include "tink/signature/ed25519_sign_key_manager.h"
+#include "tink/signature/ed25519_verify_key_manager.h"
+#include "tink/signature/rsa_ssa_pkcs1_sign_key_manager.h"
+#include "tink/signature/rsa_ssa_pkcs1_verify_key_manager.h"
+#include "tink/signature/rsa_ssa_pss_sign_key_manager.h"
+#include "tink/signature/rsa_ssa_pss_verify_key_manager.h"
+#include "tink/streamingaead/aes_ctr_hmac_streaming_key_manager.h"
+#include "tink/streamingaead/aes_gcm_hkdf_streaming_key_manager.h"
+#include "tink/signature/ecdsa_sign_key_manager.h"
+
+namespace crypto {
+namespace tink {
+namespace {
+
+util::Status AddMac(KeyGenConfiguration& config) {
+  util::Status status = internal::KeyGenConfigurationImpl::AddKeyTypeManager(
+      absl::make_unique<HmacKeyManager>(), config);
+  if (!status.ok()) {
+    return status;
+  }
+  return internal::KeyGenConfigurationImpl::AddKeyTypeManager(
+      absl::make_unique<AesCmacKeyManager>(), config);
+}
+
+util::Status AddAead(KeyGenConfiguration& config) {
+  util::Status status = internal::KeyGenConfigurationImpl::AddKeyTypeManager(
+      absl::make_unique<AesCtrHmacAeadKeyManager>(), config);
+  if (!status.ok()) {
+    return status;
+  }
+  status = internal::KeyGenConfigurationImpl::AddKeyTypeManager(
+      absl::make_unique<AesGcmKeyManager>(), config);
+  if (!status.ok()) {
+    return status;
+  }
+  status = internal::KeyGenConfigurationImpl::AddKeyTypeManager(
+      absl::make_unique<AesGcmSivKeyManager>(), config);
+  if (!status.ok()) {
+    return status;
+  }
+  status = internal::KeyGenConfigurationImpl::AddKeyTypeManager(
+      absl::make_unique<AesEaxKeyManager>(), config);
+  if (!status.ok()) {
+    return status;
+  }
+  return internal::KeyGenConfigurationImpl::AddKeyTypeManager(
+      absl::make_unique<XChaCha20Poly1305KeyManager>(), config);
+}
+
+util::Status AddDeterministicAead(KeyGenConfiguration& config) {
+  return internal::KeyGenConfigurationImpl::AddKeyTypeManager(
+      absl::make_unique<AesSivKeyManager>(), config);
+}
+
+util::Status AddStreamingAead(KeyGenConfiguration& config) {
+  util::Status status = internal::KeyGenConfigurationImpl::AddKeyTypeManager(
+      absl::make_unique<AesGcmHkdfStreamingKeyManager>(), config);
+  if (!status.ok()) {
+    return status;
+  }
+  return internal::KeyGenConfigurationImpl::AddKeyTypeManager(
+      absl::make_unique<AesCtrHmacStreamingKeyManager>(), config);
+}
+
+util::Status AddHybrid(KeyGenConfiguration& config) {
+  util::Status status =
+      internal::KeyGenConfigurationImpl::AddAsymmetricKeyManagers(
+          absl::make_unique<EciesAeadHkdfPrivateKeyManager>(),
+          absl::make_unique<EciesAeadHkdfPublicKeyManager>(), config);
+  if (!status.ok()) {
+    return status;
+  }
+  return internal::KeyGenConfigurationImpl::AddAsymmetricKeyManagers(
+      absl::make_unique<internal::HpkePrivateKeyManager>(),
+      absl::make_unique<internal::HpkePublicKeyManager>(), config);
+}
+
+util::Status AddPrf(KeyGenConfiguration& config) {
+  util::Status status = internal::KeyGenConfigurationImpl::AddKeyTypeManager(
+      absl::make_unique<HmacPrfKeyManager>(), config);
+  if (!status.ok()) {
+    return status;
+  }
+  status = internal::KeyGenConfigurationImpl::AddKeyTypeManager(
+      absl::make_unique<HkdfPrfKeyManager>(), config);
+  if (!status.ok()) {
+    return status;
+  }
+  return internal::KeyGenConfigurationImpl::AddKeyTypeManager(
+      absl::make_unique<AesCmacPrfKeyManager>(), config);
+}
+
+util::Status AddSignature(KeyGenConfiguration& config) {
+  util::Status status =
+      internal::KeyGenConfigurationImpl::AddAsymmetricKeyManagers(
+          absl::make_unique<EcdsaSignKeyManager>(),
+          absl::make_unique<EcdsaVerifyKeyManager>(), config);
+  if (!status.ok()) {
+    return status;
+  }
+  status = internal::KeyGenConfigurationImpl::AddAsymmetricKeyManagers(
+      absl::make_unique<RsaSsaPssSignKeyManager>(),
+      absl::make_unique<RsaSsaPssVerifyKeyManager>(), config);
+  if (!status.ok()) {
+    return status;
+  }
+  status = internal::KeyGenConfigurationImpl::AddAsymmetricKeyManagers(
+      absl::make_unique<RsaSsaPkcs1SignKeyManager>(),
+      absl::make_unique<RsaSsaPkcs1VerifyKeyManager>(), config);
+  if (!status.ok()) {
+    return status;
+  }
+  return internal::KeyGenConfigurationImpl::AddAsymmetricKeyManagers(
+      absl::make_unique<Ed25519SignKeyManager>(),
+      absl::make_unique<Ed25519VerifyKeyManager>(), config);
+}
+
+}  // namespace
+
+const KeyGenConfiguration& KeyGenConfigV0() {
+  static const KeyGenConfiguration* instance = [] {
+    static KeyGenConfiguration* config = new KeyGenConfiguration();
+    CHECK_OK(AddMac(*config));
+    CHECK_OK(AddAead(*config));
+    CHECK_OK(AddDeterministicAead(*config));
+    CHECK_OK(AddStreamingAead(*config));
+    CHECK_OK(AddHybrid(*config));
+    CHECK_OK(AddPrf(*config));
+    CHECK_OK(AddSignature(*config));
+    return config;
+  }();
+  return *instance;
+}
+
+}  // namespace tink
+}  // namespace crypto
diff --git a/cc/config/key_gen_v0.h b/cc/config/key_gen_v0.h
new file mode 100644
index 000000000..55bfc9862
--- /dev/null
+++ b/cc/config/key_gen_v0.h
@@ -0,0 +1,32 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+#ifndef TINK_CONFIG_KEY_GEN_V0_H_
+#define TINK_CONFIG_KEY_GEN_V0_H_
+
+#include "tink/key_gen_configuration.h"
+
+namespace crypto {
+namespace tink {
+
+// KeyGenConfiguration used to generate keys using ISE Crypto-approved key types
+// as of July 2023.
+const KeyGenConfiguration& KeyGenConfigV0();
+
+}  // namespace tink
+}  // namespace crypto
+
+#endif  // TINK_CONFIG_KEY_GEN_V0_H_
diff --git a/cc/config/key_gen_v0_test.cc b/cc/config/key_gen_v0_test.cc
new file mode 100644
index 000000000..670903be7
--- /dev/null
+++ b/cc/config/key_gen_v0_test.cc
@@ -0,0 +1,85 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+#include "tink/config/key_gen_v0.h"
+
+#include "gmock/gmock.h"
+#include "gtest/gtest.h"
+#include "tink/aead/aes_ctr_hmac_aead_key_manager.h"
+#include "tink/aead/aes_eax_key_manager.h"
+#include "tink/aead/aes_gcm_key_manager.h"
+#include "tink/aead/aes_gcm_siv_key_manager.h"
+#include "tink/aead/xchacha20_poly1305_key_manager.h"
+#include "tink/daead/aes_siv_key_manager.h"
+#include "tink/hybrid/ecies_aead_hkdf_public_key_manager.h"
+#include "tink/hybrid/internal/hpke_public_key_manager.h"
+#include "tink/internal/key_gen_configuration_impl.h"
+#include "tink/key_gen_configuration.h"
+#include "tink/mac/aes_cmac_key_manager.h"
+#include "tink/mac/hmac_key_manager.h"
+#include "tink/prf/aes_cmac_prf_key_manager.h"
+#include "tink/prf/hkdf_prf_key_manager.h"
+#include "tink/prf/hmac_prf_key_manager.h"
+#include "tink/signature/ecdsa_verify_key_manager.h"
+#include "tink/signature/ed25519_verify_key_manager.h"
+#include "tink/signature/rsa_ssa_pkcs1_verify_key_manager.h"
+#include "tink/signature/rsa_ssa_pss_verify_key_manager.h"
+#include "tink/streamingaead/aes_ctr_hmac_streaming_key_manager.h"
+#include "tink/streamingaead/aes_gcm_hkdf_streaming_key_manager.h"
+#include "tink/util/test_matchers.h"
+
+namespace crypto {
+namespace tink {
+namespace {
+
+using ::crypto::tink::test::IsOk;
+
+TEST(KeyGenV0Test, KeyGenConfigV0) {
+  util::StatusOr<const internal::KeyTypeInfoStore*> store =
+      internal::KeyGenConfigurationImpl::GetKeyTypeInfoStore(KeyGenConfigV0());
+  ASSERT_THAT(store, IsOk());
+
+  EXPECT_THAT((*store)->Get(HmacKeyManager().get_key_type()), IsOk());
+  EXPECT_THAT((*store)->Get(AesCmacKeyManager().get_key_type()), IsOk());
+  EXPECT_THAT((*store)->Get(AesCtrHmacAeadKeyManager().get_key_type()), IsOk());
+  EXPECT_THAT((*store)->Get(AesGcmKeyManager().get_key_type()), IsOk());
+  EXPECT_THAT((*store)->Get(AesGcmSivKeyManager().get_key_type()), IsOk());
+  EXPECT_THAT((*store)->Get(AesEaxKeyManager().get_key_type()), IsOk());
+  EXPECT_THAT((*store)->Get(XChaCha20Poly1305KeyManager().get_key_type()),
+              IsOk());
+  EXPECT_THAT((*store)->Get(AesSivKeyManager().get_key_type()), IsOk());
+  EXPECT_THAT((*store)->Get(AesGcmHkdfStreamingKeyManager().get_key_type()),
+              IsOk());
+  EXPECT_THAT((*store)->Get(AesCtrHmacStreamingKeyManager().get_key_type()),
+              IsOk());
+  EXPECT_THAT((*store)->Get(EciesAeadHkdfPublicKeyManager().get_key_type()),
+              IsOk());
+  EXPECT_THAT((*store)->Get(internal::HpkePublicKeyManager().get_key_type()),
+              IsOk());
+  EXPECT_THAT((*store)->Get(HmacPrfKeyManager().get_key_type()), IsOk());
+  EXPECT_THAT((*store)->Get(HkdfPrfKeyManager().get_key_type()), IsOk());
+  EXPECT_THAT((*store)->Get(AesCmacPrfKeyManager().get_key_type()), IsOk());
+  EXPECT_THAT((*store)->Get(EcdsaVerifyKeyManager().get_key_type()), IsOk());
+  EXPECT_THAT((*store)->Get(RsaSsaPssVerifyKeyManager().get_key_type()),
+              IsOk());
+  EXPECT_THAT((*store)->Get(RsaSsaPkcs1VerifyKeyManager().get_key_type()),
+              IsOk());
+  EXPECT_THAT((*store)->Get(Ed25519VerifyKeyManager().get_key_type()), IsOk());
+}
+
+}  // namespace
+}  // namespace tink
+}  // namespace crypto