diff options
author | cinlin <cinlin@google.com> | 2023-07-11 18:48:18 -0700 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2023-07-11 18:49:25 -0700 |
commit | 6cfccff086008fb68e9fd45573a3cac7a8541e78 (patch) | |
tree | 25e5baea4c5111bebe7528c0a3c9df0ec49d3c0b /cc/config | |
parent | 35b6c9ced3839fb7d485602963ee62c06798eb13 (diff) | |
download | tink-6cfccff086008fb68e9fd45573a3cac7a8541e78.tar.gz |
Define crypto::tink::KeyGenConfigV0(). #tinkApiChange
PiperOrigin-RevId: 547356441
Diffstat (limited to 'cc/config')
-rw-r--r-- | cc/config/BUILD.bazel | 71 | ||||
-rw-r--r-- | cc/config/CMakeLists.txt | 72 | ||||
-rw-r--r-- | cc/config/key_gen_v0.cc | 173 | ||||
-rw-r--r-- | cc/config/key_gen_v0.h | 32 | ||||
-rw-r--r-- | cc/config/key_gen_v0_test.cc | 85 |
5 files changed, 433 insertions, 0 deletions
diff --git a/cc/config/BUILD.bazel b/cc/config/BUILD.bazel index 924e1ec58..dbf671baa 100644 --- a/cc/config/BUILD.bazel +++ b/cc/config/BUILD.bazel @@ -154,6 +154,45 @@ cc_library( ], ) +cc_library( + name = "key_gen_v0", + srcs = ["key_gen_v0.cc"], + hdrs = ["key_gen_v0.h"], + include_prefix = "tink/config", + tags = ["requires_boringcrypto_update"], + deps = [ + "//:configuration", + "//:key_gen_configuration", + "//aead:aes_ctr_hmac_aead_key_manager", + "//aead:aes_eax_key_manager", + "//aead:aes_gcm_key_manager", + "//aead:aes_gcm_siv_key_manager", + "//aead:xchacha20_poly1305_key_manager", + "//daead:aes_siv_key_manager", + "//hybrid:ecies_aead_hkdf_private_key_manager", + "//hybrid:ecies_aead_hkdf_public_key_manager", + "//hybrid/internal:hpke_private_key_manager", + "//hybrid/internal:hpke_public_key_manager", + "//internal:key_gen_configuration_impl", + "//mac:aes_cmac_key_manager", + "//mac:hmac_key_manager", + "//prf:aes_cmac_prf_key_manager", + "//prf:hkdf_prf_key_manager", + "//prf:hmac_prf_key_manager", + "//signature:ecdsa_sign_key_manager", + "//signature:ecdsa_verify_key_manager", + "//signature:ed25519_sign_key_manager", + "//signature:ed25519_verify_key_manager", + "//signature:rsa_ssa_pkcs1_sign_key_manager", + "//signature:rsa_ssa_pkcs1_verify_key_manager", + "//signature:rsa_ssa_pss_sign_key_manager", + "//signature:rsa_ssa_pss_verify_key_manager", + "//streamingaead:aes_ctr_hmac_streaming_key_manager", + "//streamingaead:aes_gcm_hkdf_streaming_key_manager", + "@com_google_absl//absl/log:check", + ], +) + # tests cc_test( @@ -284,3 +323,35 @@ cc_test( "@com_google_googletest//:gtest_main", ], ) + +cc_test( + name = "key_gen_v0_test", + srcs = ["key_gen_v0_test.cc"], + tags = ["requires_boringcrypto_update"], + deps = [ + ":key_gen_v0", + "//:key_gen_configuration", + "//aead:aes_ctr_hmac_aead_key_manager", + "//aead:aes_eax_key_manager", + "//aead:aes_gcm_key_manager", + "//aead:aes_gcm_siv_key_manager", + "//aead:xchacha20_poly1305_key_manager", + "//daead:aes_siv_key_manager", + "//hybrid:ecies_aead_hkdf_public_key_manager", + "//hybrid/internal:hpke_public_key_manager", + "//internal:key_gen_configuration_impl", + "//mac:aes_cmac_key_manager", + "//mac:hmac_key_manager", + "//prf:aes_cmac_prf_key_manager", + "//prf:hkdf_prf_key_manager", + "//prf:hmac_prf_key_manager", + "//signature:ecdsa_verify_key_manager", + "//signature:ed25519_verify_key_manager", + "//signature:rsa_ssa_pkcs1_verify_key_manager", + "//signature:rsa_ssa_pss_verify_key_manager", + "//streamingaead:aes_ctr_hmac_streaming_key_manager", + "//streamingaead:aes_gcm_hkdf_streaming_key_manager", + "//util:test_matchers", + "@com_google_googletest//:gtest_main", + ], +) diff --git a/cc/config/CMakeLists.txt b/cc/config/CMakeLists.txt index d18b4d3aa..b8a3ba97e 100644 --- a/cc/config/CMakeLists.txt +++ b/cc/config/CMakeLists.txt @@ -140,6 +140,45 @@ tink_cc_library( exclude_if_openssl ) +tink_cc_library( + NAME key_gen_v0 + SRCS + key_gen_v0.cc + key_gen_v0.h + DEPS + absl::check + tink::core::configuration + tink::core::key_gen_configuration + tink::aead::aes_ctr_hmac_aead_key_manager + tink::aead::aes_eax_key_manager + tink::aead::aes_gcm_key_manager + tink::aead::aes_gcm_siv_key_manager + tink::aead::xchacha20_poly1305_key_manager + tink::daead::aes_siv_key_manager + tink::hybrid::ecies_aead_hkdf_private_key_manager + tink::hybrid::ecies_aead_hkdf_public_key_manager + tink::hybrid::internal::hpke_private_key_manager + tink::hybrid::internal::hpke_public_key_manager + tink::internal::key_gen_configuration_impl + tink::mac::aes_cmac_key_manager + tink::mac::hmac_key_manager + tink::prf::aes_cmac_prf_key_manager + tink::prf::hkdf_prf_key_manager + tink::prf::hmac_prf_key_manager + tink::signature::ecdsa_verify_key_manager + tink::signature::ed25519_sign_key_manager + tink::signature::ed25519_verify_key_manager + tink::signature::rsa_ssa_pkcs1_sign_key_manager + tink::signature::rsa_ssa_pkcs1_verify_key_manager + tink::signature::rsa_ssa_pss_sign_key_manager + tink::signature::rsa_ssa_pss_verify_key_manager + tink::streamingaead::aes_ctr_hmac_streaming_key_manager + tink::streamingaead::aes_gcm_hkdf_streaming_key_manager + tink::signature::ecdsa_sign_key_manager + TAGS + exclude_if_openssl +) + # tests tink_cc_test( @@ -267,3 +306,36 @@ tink_cc_test( TAGS exclude_if_openssl ) + +tink_cc_test( + NAME key_gen_v0_test + SRCS + key_gen_v0_test.cc + DEPS + tink::config::key_gen_v0 + gmock + tink::core::key_gen_configuration + tink::aead::aes_ctr_hmac_aead_key_manager + tink::aead::aes_eax_key_manager + tink::aead::aes_gcm_key_manager + tink::aead::aes_gcm_siv_key_manager + tink::aead::xchacha20_poly1305_key_manager + tink::daead::aes_siv_key_manager + tink::hybrid::ecies_aead_hkdf_public_key_manager + tink::hybrid::internal::hpke_public_key_manager + tink::internal::key_gen_configuration_impl + tink::mac::aes_cmac_key_manager + tink::mac::hmac_key_manager + tink::prf::aes_cmac_prf_key_manager + tink::prf::hkdf_prf_key_manager + tink::prf::hmac_prf_key_manager + tink::signature::ecdsa_verify_key_manager + tink::signature::ed25519_verify_key_manager + tink::signature::rsa_ssa_pkcs1_verify_key_manager + tink::signature::rsa_ssa_pss_verify_key_manager + tink::streamingaead::aes_ctr_hmac_streaming_key_manager + tink::streamingaead::aes_gcm_hkdf_streaming_key_manager + tink::util::test_matchers + TAGS + exclude_if_openssl +) diff --git a/cc/config/key_gen_v0.cc b/cc/config/key_gen_v0.cc new file mode 100644 index 000000000..f8055a8a9 --- /dev/null +++ b/cc/config/key_gen_v0.cc @@ -0,0 +1,173 @@ +// Copyright 2023 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +//////////////////////////////////////////////////////////////////////////////// + +#include "tink/config/key_gen_v0.h" + +#include "absl/log/check.h" +#include "tink/aead/aes_ctr_hmac_aead_key_manager.h" +#include "tink/aead/aes_eax_key_manager.h" +#include "tink/aead/aes_gcm_key_manager.h" +#include "tink/aead/aes_gcm_siv_key_manager.h" +#include "tink/aead/xchacha20_poly1305_key_manager.h" +#include "tink/configuration.h" +#include "tink/daead/aes_siv_key_manager.h" +#include "tink/hybrid/ecies_aead_hkdf_private_key_manager.h" +#include "tink/hybrid/ecies_aead_hkdf_public_key_manager.h" +#include "tink/hybrid/internal/hpke_private_key_manager.h" +#include "tink/hybrid/internal/hpke_public_key_manager.h" +#include "tink/internal/key_gen_configuration_impl.h" +#include "tink/mac/aes_cmac_key_manager.h" +#include "tink/mac/hmac_key_manager.h" +#include "tink/prf/aes_cmac_prf_key_manager.h" +#include "tink/prf/hkdf_prf_key_manager.h" +#include "tink/prf/hmac_prf_key_manager.h" +#include "tink/signature/ecdsa_verify_key_manager.h" +#include "tink/signature/ed25519_sign_key_manager.h" +#include "tink/signature/ed25519_verify_key_manager.h" +#include "tink/signature/rsa_ssa_pkcs1_sign_key_manager.h" +#include "tink/signature/rsa_ssa_pkcs1_verify_key_manager.h" +#include "tink/signature/rsa_ssa_pss_sign_key_manager.h" +#include "tink/signature/rsa_ssa_pss_verify_key_manager.h" +#include "tink/streamingaead/aes_ctr_hmac_streaming_key_manager.h" +#include "tink/streamingaead/aes_gcm_hkdf_streaming_key_manager.h" +#include "tink/signature/ecdsa_sign_key_manager.h" + +namespace crypto { +namespace tink { +namespace { + +util::Status AddMac(KeyGenConfiguration& config) { + util::Status status = internal::KeyGenConfigurationImpl::AddKeyTypeManager( + absl::make_unique<HmacKeyManager>(), config); + if (!status.ok()) { + return status; + } + return internal::KeyGenConfigurationImpl::AddKeyTypeManager( + absl::make_unique<AesCmacKeyManager>(), config); +} + +util::Status AddAead(KeyGenConfiguration& config) { + util::Status status = internal::KeyGenConfigurationImpl::AddKeyTypeManager( + absl::make_unique<AesCtrHmacAeadKeyManager>(), config); + if (!status.ok()) { + return status; + } + status = internal::KeyGenConfigurationImpl::AddKeyTypeManager( + absl::make_unique<AesGcmKeyManager>(), config); + if (!status.ok()) { + return status; + } + status = internal::KeyGenConfigurationImpl::AddKeyTypeManager( + absl::make_unique<AesGcmSivKeyManager>(), config); + if (!status.ok()) { + return status; + } + status = internal::KeyGenConfigurationImpl::AddKeyTypeManager( + absl::make_unique<AesEaxKeyManager>(), config); + if (!status.ok()) { + return status; + } + return internal::KeyGenConfigurationImpl::AddKeyTypeManager( + absl::make_unique<XChaCha20Poly1305KeyManager>(), config); +} + +util::Status AddDeterministicAead(KeyGenConfiguration& config) { + return internal::KeyGenConfigurationImpl::AddKeyTypeManager( + absl::make_unique<AesSivKeyManager>(), config); +} + +util::Status AddStreamingAead(KeyGenConfiguration& config) { + util::Status status = internal::KeyGenConfigurationImpl::AddKeyTypeManager( + absl::make_unique<AesGcmHkdfStreamingKeyManager>(), config); + if (!status.ok()) { + return status; + } + return internal::KeyGenConfigurationImpl::AddKeyTypeManager( + absl::make_unique<AesCtrHmacStreamingKeyManager>(), config); +} + +util::Status AddHybrid(KeyGenConfiguration& config) { + util::Status status = + internal::KeyGenConfigurationImpl::AddAsymmetricKeyManagers( + absl::make_unique<EciesAeadHkdfPrivateKeyManager>(), + absl::make_unique<EciesAeadHkdfPublicKeyManager>(), config); + if (!status.ok()) { + return status; + } + return internal::KeyGenConfigurationImpl::AddAsymmetricKeyManagers( + absl::make_unique<internal::HpkePrivateKeyManager>(), + absl::make_unique<internal::HpkePublicKeyManager>(), config); +} + +util::Status AddPrf(KeyGenConfiguration& config) { + util::Status status = internal::KeyGenConfigurationImpl::AddKeyTypeManager( + absl::make_unique<HmacPrfKeyManager>(), config); + if (!status.ok()) { + return status; + } + status = internal::KeyGenConfigurationImpl::AddKeyTypeManager( + absl::make_unique<HkdfPrfKeyManager>(), config); + if (!status.ok()) { + return status; + } + return internal::KeyGenConfigurationImpl::AddKeyTypeManager( + absl::make_unique<AesCmacPrfKeyManager>(), config); +} + +util::Status AddSignature(KeyGenConfiguration& config) { + util::Status status = + internal::KeyGenConfigurationImpl::AddAsymmetricKeyManagers( + absl::make_unique<EcdsaSignKeyManager>(), + absl::make_unique<EcdsaVerifyKeyManager>(), config); + if (!status.ok()) { + return status; + } + status = internal::KeyGenConfigurationImpl::AddAsymmetricKeyManagers( + absl::make_unique<RsaSsaPssSignKeyManager>(), + absl::make_unique<RsaSsaPssVerifyKeyManager>(), config); + if (!status.ok()) { + return status; + } + status = internal::KeyGenConfigurationImpl::AddAsymmetricKeyManagers( + absl::make_unique<RsaSsaPkcs1SignKeyManager>(), + absl::make_unique<RsaSsaPkcs1VerifyKeyManager>(), config); + if (!status.ok()) { + return status; + } + return internal::KeyGenConfigurationImpl::AddAsymmetricKeyManagers( + absl::make_unique<Ed25519SignKeyManager>(), + absl::make_unique<Ed25519VerifyKeyManager>(), config); +} + +} // namespace + +const KeyGenConfiguration& KeyGenConfigV0() { + static const KeyGenConfiguration* instance = [] { + static KeyGenConfiguration* config = new KeyGenConfiguration(); + CHECK_OK(AddMac(*config)); + CHECK_OK(AddAead(*config)); + CHECK_OK(AddDeterministicAead(*config)); + CHECK_OK(AddStreamingAead(*config)); + CHECK_OK(AddHybrid(*config)); + CHECK_OK(AddPrf(*config)); + CHECK_OK(AddSignature(*config)); + return config; + }(); + return *instance; +} + +} // namespace tink +} // namespace crypto diff --git a/cc/config/key_gen_v0.h b/cc/config/key_gen_v0.h new file mode 100644 index 000000000..55bfc9862 --- /dev/null +++ b/cc/config/key_gen_v0.h @@ -0,0 +1,32 @@ +// Copyright 2023 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +//////////////////////////////////////////////////////////////////////////////// + +#ifndef TINK_CONFIG_KEY_GEN_V0_H_ +#define TINK_CONFIG_KEY_GEN_V0_H_ + +#include "tink/key_gen_configuration.h" + +namespace crypto { +namespace tink { + +// KeyGenConfiguration used to generate keys using ISE Crypto-approved key types +// as of July 2023. +const KeyGenConfiguration& KeyGenConfigV0(); + +} // namespace tink +} // namespace crypto + +#endif // TINK_CONFIG_KEY_GEN_V0_H_ diff --git a/cc/config/key_gen_v0_test.cc b/cc/config/key_gen_v0_test.cc new file mode 100644 index 000000000..670903be7 --- /dev/null +++ b/cc/config/key_gen_v0_test.cc @@ -0,0 +1,85 @@ +// Copyright 2023 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +//////////////////////////////////////////////////////////////////////////////// + +#include "tink/config/key_gen_v0.h" + +#include "gmock/gmock.h" +#include "gtest/gtest.h" +#include "tink/aead/aes_ctr_hmac_aead_key_manager.h" +#include "tink/aead/aes_eax_key_manager.h" +#include "tink/aead/aes_gcm_key_manager.h" +#include "tink/aead/aes_gcm_siv_key_manager.h" +#include "tink/aead/xchacha20_poly1305_key_manager.h" +#include "tink/daead/aes_siv_key_manager.h" +#include "tink/hybrid/ecies_aead_hkdf_public_key_manager.h" +#include "tink/hybrid/internal/hpke_public_key_manager.h" +#include "tink/internal/key_gen_configuration_impl.h" +#include "tink/key_gen_configuration.h" +#include "tink/mac/aes_cmac_key_manager.h" +#include "tink/mac/hmac_key_manager.h" +#include "tink/prf/aes_cmac_prf_key_manager.h" +#include "tink/prf/hkdf_prf_key_manager.h" +#include "tink/prf/hmac_prf_key_manager.h" +#include "tink/signature/ecdsa_verify_key_manager.h" +#include "tink/signature/ed25519_verify_key_manager.h" +#include "tink/signature/rsa_ssa_pkcs1_verify_key_manager.h" +#include "tink/signature/rsa_ssa_pss_verify_key_manager.h" +#include "tink/streamingaead/aes_ctr_hmac_streaming_key_manager.h" +#include "tink/streamingaead/aes_gcm_hkdf_streaming_key_manager.h" +#include "tink/util/test_matchers.h" + +namespace crypto { +namespace tink { +namespace { + +using ::crypto::tink::test::IsOk; + +TEST(KeyGenV0Test, KeyGenConfigV0) { + util::StatusOr<const internal::KeyTypeInfoStore*> store = + internal::KeyGenConfigurationImpl::GetKeyTypeInfoStore(KeyGenConfigV0()); + ASSERT_THAT(store, IsOk()); + + EXPECT_THAT((*store)->Get(HmacKeyManager().get_key_type()), IsOk()); + EXPECT_THAT((*store)->Get(AesCmacKeyManager().get_key_type()), IsOk()); + EXPECT_THAT((*store)->Get(AesCtrHmacAeadKeyManager().get_key_type()), IsOk()); + EXPECT_THAT((*store)->Get(AesGcmKeyManager().get_key_type()), IsOk()); + EXPECT_THAT((*store)->Get(AesGcmSivKeyManager().get_key_type()), IsOk()); + EXPECT_THAT((*store)->Get(AesEaxKeyManager().get_key_type()), IsOk()); + EXPECT_THAT((*store)->Get(XChaCha20Poly1305KeyManager().get_key_type()), + IsOk()); + EXPECT_THAT((*store)->Get(AesSivKeyManager().get_key_type()), IsOk()); + EXPECT_THAT((*store)->Get(AesGcmHkdfStreamingKeyManager().get_key_type()), + IsOk()); + EXPECT_THAT((*store)->Get(AesCtrHmacStreamingKeyManager().get_key_type()), + IsOk()); + EXPECT_THAT((*store)->Get(EciesAeadHkdfPublicKeyManager().get_key_type()), + IsOk()); + EXPECT_THAT((*store)->Get(internal::HpkePublicKeyManager().get_key_type()), + IsOk()); + EXPECT_THAT((*store)->Get(HmacPrfKeyManager().get_key_type()), IsOk()); + EXPECT_THAT((*store)->Get(HkdfPrfKeyManager().get_key_type()), IsOk()); + EXPECT_THAT((*store)->Get(AesCmacPrfKeyManager().get_key_type()), IsOk()); + EXPECT_THAT((*store)->Get(EcdsaVerifyKeyManager().get_key_type()), IsOk()); + EXPECT_THAT((*store)->Get(RsaSsaPssVerifyKeyManager().get_key_type()), + IsOk()); + EXPECT_THAT((*store)->Get(RsaSsaPkcs1VerifyKeyManager().get_key_type()), + IsOk()); + EXPECT_THAT((*store)->Get(Ed25519VerifyKeyManager().get_key_type()), IsOk()); +} + +} // namespace +} // namespace tink +} // namespace crypto |