diff options
author | Tink Team <tink-dev@google.com> | 2021-09-20 07:18:00 -0700 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2021-09-20 07:18:51 -0700 |
commit | ce1a234b35ec9963278baa403e46216fb814e08b (patch) | |
tree | f175394f30259094efe28e6c9a78ee6776e37538 /cc/experimental | |
parent | 22b33120df78760e97ef670c470fe7e65a8bf0a8 (diff) | |
download | tink-ce1a234b35ec9963278baa403e46216fb814e08b.tar.gz |
Add Key Templates and registration function for Falcon Digital Signature Schemes .
PiperOrigin-RevId: 397743466
Diffstat (limited to 'cc/experimental')
5 files changed, 230 insertions, 0 deletions
diff --git a/cc/experimental/pqcrypto/signature/falcon_key_template.cc b/cc/experimental/pqcrypto/signature/falcon_key_template.cc new file mode 100644 index 000000000..8d5cea3f9 --- /dev/null +++ b/cc/experimental/pqcrypto/signature/falcon_key_template.cc @@ -0,0 +1,63 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +/////////////////////////////////////////////////////////////////////////////// + +#include "tink/experimental/pqcrypto/signature/falcon_key_template.h" + +#include "tink/experimental/pqcrypto/signature/subtle/falcon_subtle_utils.h" +#include "tink/util/constants.h" +#include "proto/experimental/pqcrypto/falcon.pb.h" +#include "proto/experimental/pqcrypto/falcon.proto.h" +#include "proto/tink.pb.h" +#include "proto/tink.proto.h" + +namespace crypto { +namespace tink { +namespace { + +using google::crypto::tink::FalconKeyFormat; +using google::crypto::tink::FalconPrivateKey; +using google::crypto::tink::KeyTemplate; +using google::crypto::tink::OutputPrefixType; + +std::unique_ptr<KeyTemplate> NewFalconKeyTemplate(int32_t key_size) { + auto key_template = absl::make_unique<KeyTemplate>(); + key_template->set_type_url( + absl::StrCat(kTypeGoogleapisCom, FalconPrivateKey().GetTypeName())); + key_template->set_output_prefix_type(OutputPrefixType::TINK); + + FalconKeyFormat key_format; + key_format.set_key_size(key_size); + key_format.SerializeToString(key_template->mutable_value()); + + return key_template; +} + +} // anonymous namespace + +const google::crypto::tink::KeyTemplate& Falcon512KeyTemplate() { + static const KeyTemplate* key_template = + NewFalconKeyTemplate(subtle::kFalcon512PrivateKeySize).release(); + return *key_template; +} + +const google::crypto::tink::KeyTemplate& Falcon1024KeyTemplate() { + static const KeyTemplate* key_template = + NewFalconKeyTemplate(subtle::kFalcon1024PrivateKeySize).release(); + return *key_template; +} + +} // namespace tink +} // namespace crypto diff --git a/cc/experimental/pqcrypto/signature/falcon_key_template.h b/cc/experimental/pqcrypto/signature/falcon_key_template.h new file mode 100644 index 000000000..8040998d5 --- /dev/null +++ b/cc/experimental/pqcrypto/signature/falcon_key_template.h @@ -0,0 +1,36 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +/////////////////////////////////////////////////////////////////////////////// + +#ifndef TINK_EXPERIMENTAL_PQCRYPTO_SIGNATURE_FALCON_KEY_TEMPLATE_H_ +#define TINK_EXPERIMENTAL_PQCRYPTO_SIGNATURE_FALCON_KEY_TEMPLATE_H_ + +#include "proto/tink.pb.h" + +namespace crypto { +namespace tink { + +// Returns a KeyTemplate that generates new instances of +// FalconPrivateKey with a 1281 private key size. +const google::crypto::tink::KeyTemplate& Falcon512KeyTemplate(); + +// Returns a KeyTemplate that generates new instances of +// FalconPrivateKey with a 2305 private key size. +const google::crypto::tink::KeyTemplate& Falcon1024KeyTemplate(); + +} // namespace tink +} // namespace crypto + +#endif // TINK_EXPERIMENTAL_PQCRYPTO_SIGNATURE_FALCON_KEY_TEMPLATE_H_ diff --git a/cc/experimental/pqcrypto/signature/falcon_key_template_test.cc b/cc/experimental/pqcrypto/signature/falcon_key_template_test.cc new file mode 100644 index 000000000..a842707c6 --- /dev/null +++ b/cc/experimental/pqcrypto/signature/falcon_key_template_test.cc @@ -0,0 +1,98 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +/////////////////////////////////////////////////////////////////////////////// + +#include "tink/experimental/pqcrypto/signature/falcon_key_template.h" + +#include "gmock/gmock.h" +#include "gtest/gtest.h" +#include "tink/core/key_manager_impl.h" +#include "tink/core/private_key_manager_impl.h" +#include "tink/experimental/pqcrypto/signature/falcon_sign_key_manager.h" +#include "tink/experimental/pqcrypto/signature/falcon_verify_key_manager.h" +#include "tink/experimental/pqcrypto/signature/subtle/falcon_subtle_utils.h" +#include "tink/util/test_matchers.h" +#include "proto/tink.pb.h" +#include "proto/tink.proto.h" + +namespace crypto { +namespace tink { +namespace { + +using ::crypto::tink::test::IsOk; +using ::google::crypto::tink::FalconKeyFormat; +using ::google::crypto::tink::FalconPrivateKey; +using google::crypto::tink::KeyTemplate; +using google::crypto::tink::OutputPrefixType; + +struct FalconTestCase { + std::string test_name; + int32_t private_key_size; + KeyTemplate key_template; +}; + +using FalconKeyTemplateTest = testing::TestWithParam<FalconTestCase>; + +TEST_P(FalconKeyTemplateTest, CheckKeyTemplateValid) { + std::string type_url = + "type.googleapis.com/google.crypto.tink.FalconPrivateKey"; + + const FalconTestCase& test_case = GetParam(); + EXPECT_EQ(type_url, test_case.key_template.type_url()); + EXPECT_EQ(OutputPrefixType::TINK, + test_case.key_template.output_prefix_type()); + + FalconKeyFormat key_format; + EXPECT_TRUE(key_format.ParseFromString(test_case.key_template.value())); + EXPECT_EQ(test_case.private_key_size, key_format.key_size()); +} + +TEST_P(FalconKeyTemplateTest, SameReference) { + const KeyTemplate& key_template = GetParam().key_template; + const KeyTemplate& key_template_2 = GetParam().key_template; + + EXPECT_EQ(&key_template, &key_template_2); +} + +TEST_P(FalconKeyTemplateTest, KeyManagerCompatibility) { + FalconSignKeyManager sign_key_manager; + FalconVerifyKeyManager verify_key_manager; + std::unique_ptr<KeyManager<PublicKeySign>> key_manager = + internal::MakePrivateKeyManager<PublicKeySign>(&sign_key_manager, + &verify_key_manager); + FalconKeyFormat key_format; + const FalconTestCase& test_case = GetParam(); + key_format.set_key_size(test_case.private_key_size); + + util::StatusOr<std::unique_ptr<portable_proto::MessageLite>> new_key_result = + key_manager->get_key_factory().NewKey(key_format); + EXPECT_THAT(new_key_result.status(), IsOk()); +} + +INSTANTIATE_TEST_SUITE_P( + FalconKeyTemplateTests, FalconKeyTemplateTest, + testing::ValuesIn<FalconTestCase>( + {{"Falcon512", subtle::kFalcon512PrivateKeySize, + Falcon512KeyTemplate()}, + {"Falcon1024", subtle::kFalcon1024PrivateKeySize, + Falcon1024KeyTemplate()}}), + [](const testing::TestParamInfo<FalconKeyTemplateTest::ParamType>& info) { + return info.param.test_name; + }); + +} // namespace + +} // namespace tink +} // namespace crypto diff --git a/cc/experimental/pqcrypto/signature/signature_config.cc b/cc/experimental/pqcrypto/signature/signature_config.cc index 80b9f2c96..780a1b4ba 100644 --- a/cc/experimental/pqcrypto/signature/signature_config.cc +++ b/cc/experimental/pqcrypto/signature/signature_config.cc @@ -21,6 +21,8 @@ #include "tink/config/tink_fips.h" #include "tink/experimental/pqcrypto/signature/dilithium_sign_key_manager.h" #include "tink/experimental/pqcrypto/signature/dilithium_verify_key_manager.h" +#include "tink/experimental/pqcrypto/signature/falcon_sign_key_manager.h" +#include "tink/experimental/pqcrypto/signature/falcon_verify_key_manager.h" #include "tink/experimental/pqcrypto/signature/sphincs_sign_key_manager.h" #include "tink/experimental/pqcrypto/signature/sphincs_verify_key_manager.h" #include "tink/registry.h" @@ -54,6 +56,11 @@ util::Status PqSignatureConfigRegister() { status = Registry::RegisterAsymmetricKeyManagers( absl::make_unique<SphincsSignKeyManager>(), absl::make_unique<SphincsVerifyKeyManager>(), true); + + // Falcon + status = Registry::RegisterAsymmetricKeyManagers( + absl::make_unique<FalconSignKeyManager>(), + absl::make_unique<FalconVerifyKeyManager>(), true); return status; } diff --git a/cc/experimental/pqcrypto/signature/signature_config_test.cc b/cc/experimental/pqcrypto/signature/signature_config_test.cc index 9fe8edb37..b35888ad3 100644 --- a/cc/experimental/pqcrypto/signature/signature_config_test.cc +++ b/cc/experimental/pqcrypto/signature/signature_config_test.cc @@ -23,6 +23,8 @@ #include "tink/experimental/pqcrypto/signature/dilithium_verify_key_manager.h" #include "tink/experimental/pqcrypto/signature/sphincs_sign_key_manager.h" #include "tink/experimental/pqcrypto/signature/sphincs_verify_key_manager.h" +#include "tink/experimental/pqcrypto/signature/falcon_sign_key_manager.h" +#include "tink/experimental/pqcrypto/signature/falcon_verify_key_manager.h" #include "tink/public_key_sign.h" #include "tink/public_key_verify.h" #include "tink/registry.h" @@ -89,6 +91,30 @@ TEST_F(PcqSignatureConfigTest, CheckSphincs) { IsOk()); } +TEST_F(PcqSignatureConfigTest, CheckFalcon) { + if (IsFipsModeEnabled() && !FIPS_mode()) { + GTEST_SKIP() << "Not supported if FIPS-mode is used"; + } + + EXPECT_THAT(Registry::get_key_manager<PublicKeySign>( + FalconSignKeyManager().get_key_type()) + .status(), + StatusIs(util::error::NOT_FOUND)); + EXPECT_THAT(Registry::get_key_manager<PublicKeyVerify>( + FalconVerifyKeyManager().get_key_type()) + .status(), + StatusIs(util::error::NOT_FOUND)); + EXPECT_THAT(PqSignatureConfigRegister(), IsOk()); + EXPECT_THAT(Registry::get_key_manager<PublicKeySign>( + FalconSignKeyManager().get_key_type()) + .status(), + IsOk()); + EXPECT_THAT(Registry::get_key_manager<PublicKeyVerify>( + FalconVerifyKeyManager().get_key_type()) + .status(), + IsOk()); +} + } // namespace } // namespace tink } // namespace crypto |