Add Key Templates and registration function for Falcon Digital Signature Schemes .

PiperOrigin-RevId: 397743466
author: Tink Team <tink-dev@google.com> 2021-09-20 07:18:00 -0700
committer: Copybara-Service <copybara-worker@google.com> 2021-09-20 07:18:51 -0700
commit: ce1a234b35ec9963278baa403e46216fb814e08b (patch)
tree: f175394f30259094efe28e6c9a78ee6776e37538 /cc/experimental
parent: 22b33120df78760e97ef670c470fe7e65a8bf0a8 (diff)
download: tink-ce1a234b35ec9963278baa403e46216fb814e08b.tar.gz
5 files changed, 230 insertions, 0 deletions
diff --git a/cc/experimental/pqcrypto/signature/falcon_key_template.cc b/cc/experimental/pqcrypto/signature/falcon_key_template.cc
new file mode 100644
index 000000000..8d5cea3f9
--- /dev/null
+++ b/cc/experimental/pqcrypto/signature/falcon_key_template.cc
@@ -0,0 +1,63 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+#include "tink/experimental/pqcrypto/signature/falcon_key_template.h"
+
+#include "tink/experimental/pqcrypto/signature/subtle/falcon_subtle_utils.h"
+#include "tink/util/constants.h"
+#include "proto/experimental/pqcrypto/falcon.pb.h"
+#include "proto/experimental/pqcrypto/falcon.proto.h"
+#include "proto/tink.pb.h"
+#include "proto/tink.proto.h"
+
+namespace crypto {
+namespace tink {
+namespace {
+
+using google::crypto::tink::FalconKeyFormat;
+using google::crypto::tink::FalconPrivateKey;
+using google::crypto::tink::KeyTemplate;
+using google::crypto::tink::OutputPrefixType;
+
+std::unique_ptr<KeyTemplate> NewFalconKeyTemplate(int32_t key_size) {
+  auto key_template = absl::make_unique<KeyTemplate>();
+  key_template->set_type_url(
+      absl::StrCat(kTypeGoogleapisCom, FalconPrivateKey().GetTypeName()));
+  key_template->set_output_prefix_type(OutputPrefixType::TINK);
+
+  FalconKeyFormat key_format;
+  key_format.set_key_size(key_size);
+  key_format.SerializeToString(key_template->mutable_value());
+
+  return key_template;
+}
+
+}  // anonymous namespace
+
+const google::crypto::tink::KeyTemplate& Falcon512KeyTemplate() {
+  static const KeyTemplate* key_template =
+      NewFalconKeyTemplate(subtle::kFalcon512PrivateKeySize).release();
+  return *key_template;
+}
+
+const google::crypto::tink::KeyTemplate& Falcon1024KeyTemplate() {
+  static const KeyTemplate* key_template =
+      NewFalconKeyTemplate(subtle::kFalcon1024PrivateKeySize).release();
+  return *key_template;
+}
+
+}  // namespace tink
+}  // namespace crypto
diff --git a/cc/experimental/pqcrypto/signature/falcon_key_template.h b/cc/experimental/pqcrypto/signature/falcon_key_template.h
new file mode 100644
index 000000000..8040998d5
--- /dev/null
+++ b/cc/experimental/pqcrypto/signature/falcon_key_template.h
@@ -0,0 +1,36 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+#ifndef TINK_EXPERIMENTAL_PQCRYPTO_SIGNATURE_FALCON_KEY_TEMPLATE_H_
+#define TINK_EXPERIMENTAL_PQCRYPTO_SIGNATURE_FALCON_KEY_TEMPLATE_H_
+
+#include "proto/tink.pb.h"
+
+namespace crypto {
+namespace tink {
+
+// Returns a KeyTemplate that generates new instances of
+// FalconPrivateKey with a 1281 private key size.
+const google::crypto::tink::KeyTemplate& Falcon512KeyTemplate();
+
+// Returns a KeyTemplate that generates new instances of
+// FalconPrivateKey with a 2305 private key size.
+const google::crypto::tink::KeyTemplate& Falcon1024KeyTemplate();
+
+}  // namespace tink
+}  // namespace crypto
+
+#endif  // TINK_EXPERIMENTAL_PQCRYPTO_SIGNATURE_FALCON_KEY_TEMPLATE_H_
diff --git a/cc/experimental/pqcrypto/signature/falcon_key_template_test.cc b/cc/experimental/pqcrypto/signature/falcon_key_template_test.cc
new file mode 100644
index 000000000..a842707c6
--- /dev/null
+++ b/cc/experimental/pqcrypto/signature/falcon_key_template_test.cc
@@ -0,0 +1,98 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+#include "tink/experimental/pqcrypto/signature/falcon_key_template.h"
+
+#include "gmock/gmock.h"
+#include "gtest/gtest.h"
+#include "tink/core/key_manager_impl.h"
+#include "tink/core/private_key_manager_impl.h"
+#include "tink/experimental/pqcrypto/signature/falcon_sign_key_manager.h"
+#include "tink/experimental/pqcrypto/signature/falcon_verify_key_manager.h"
+#include "tink/experimental/pqcrypto/signature/subtle/falcon_subtle_utils.h"
+#include "tink/util/test_matchers.h"
+#include "proto/tink.pb.h"
+#include "proto/tink.proto.h"
+
+namespace crypto {
+namespace tink {
+namespace {
+
+using ::crypto::tink::test::IsOk;
+using ::google::crypto::tink::FalconKeyFormat;
+using ::google::crypto::tink::FalconPrivateKey;
+using google::crypto::tink::KeyTemplate;
+using google::crypto::tink::OutputPrefixType;
+
+struct FalconTestCase {
+  std::string test_name;
+  int32_t private_key_size;
+  KeyTemplate key_template;
+};
+
+using FalconKeyTemplateTest = testing::TestWithParam<FalconTestCase>;
+
+TEST_P(FalconKeyTemplateTest, CheckKeyTemplateValid) {
+  std::string type_url =
+      "type.googleapis.com/google.crypto.tink.FalconPrivateKey";
+
+  const FalconTestCase& test_case = GetParam();
+  EXPECT_EQ(type_url, test_case.key_template.type_url());
+  EXPECT_EQ(OutputPrefixType::TINK,
+            test_case.key_template.output_prefix_type());
+
+  FalconKeyFormat key_format;
+  EXPECT_TRUE(key_format.ParseFromString(test_case.key_template.value()));
+  EXPECT_EQ(test_case.private_key_size, key_format.key_size());
+}
+
+TEST_P(FalconKeyTemplateTest, SameReference) {
+  const KeyTemplate& key_template = GetParam().key_template;
+  const KeyTemplate& key_template_2 = GetParam().key_template;
+
+  EXPECT_EQ(&key_template, &key_template_2);
+}
+
+TEST_P(FalconKeyTemplateTest, KeyManagerCompatibility) {
+  FalconSignKeyManager sign_key_manager;
+  FalconVerifyKeyManager verify_key_manager;
+  std::unique_ptr<KeyManager<PublicKeySign>> key_manager =
+      internal::MakePrivateKeyManager<PublicKeySign>(&sign_key_manager,
+                                                     &verify_key_manager);
+  FalconKeyFormat key_format;
+  const FalconTestCase& test_case = GetParam();
+  key_format.set_key_size(test_case.private_key_size);
+
+  util::StatusOr<std::unique_ptr<portable_proto::MessageLite>> new_key_result =
+      key_manager->get_key_factory().NewKey(key_format);
+  EXPECT_THAT(new_key_result.status(), IsOk());
+}
+
+INSTANTIATE_TEST_SUITE_P(
+    FalconKeyTemplateTests, FalconKeyTemplateTest,
+    testing::ValuesIn<FalconTestCase>(
+        {{"Falcon512", subtle::kFalcon512PrivateKeySize,
+          Falcon512KeyTemplate()},
+         {"Falcon1024", subtle::kFalcon1024PrivateKeySize,
+          Falcon1024KeyTemplate()}}),
+    [](const testing::TestParamInfo<FalconKeyTemplateTest::ParamType>& info) {
+      return info.param.test_name;
+    });
+
+}  // namespace
+
+}  // namespace tink
+}  // namespace crypto
diff --git a/cc/experimental/pqcrypto/signature/signature_config.cc b/cc/experimental/pqcrypto/signature/signature_config.cc
index 80b9f2c96..780a1b4ba 100644
--- a/cc/experimental/pqcrypto/signature/signature_config.cc
+++ b/cc/experimental/pqcrypto/signature/signature_config.cc
@@ -21,6 +21,8 @@
 #include "tink/config/tink_fips.h"
 #include "tink/experimental/pqcrypto/signature/dilithium_sign_key_manager.h"
 #include "tink/experimental/pqcrypto/signature/dilithium_verify_key_manager.h"
+#include "tink/experimental/pqcrypto/signature/falcon_sign_key_manager.h"
+#include "tink/experimental/pqcrypto/signature/falcon_verify_key_manager.h"
 #include "tink/experimental/pqcrypto/signature/sphincs_sign_key_manager.h"
 #include "tink/experimental/pqcrypto/signature/sphincs_verify_key_manager.h"
 #include "tink/registry.h"
@@ -54,6 +56,11 @@ util::Status PqSignatureConfigRegister() {
   status = Registry::RegisterAsymmetricKeyManagers(
       absl::make_unique<SphincsSignKeyManager>(),
       absl::make_unique<SphincsVerifyKeyManager>(), true);
+
+  // Falcon
+  status = Registry::RegisterAsymmetricKeyManagers(
+      absl::make_unique<FalconSignKeyManager>(),
+      absl::make_unique<FalconVerifyKeyManager>(), true);
   return status;
 }
 
diff --git a/cc/experimental/pqcrypto/signature/signature_config_test.cc b/cc/experimental/pqcrypto/signature/signature_config_test.cc
index 9fe8edb37..b35888ad3 100644
--- a/cc/experimental/pqcrypto/signature/signature_config_test.cc
+++ b/cc/experimental/pqcrypto/signature/signature_config_test.cc
@@ -23,6 +23,8 @@
 #include "tink/experimental/pqcrypto/signature/dilithium_verify_key_manager.h"
 #include "tink/experimental/pqcrypto/signature/sphincs_sign_key_manager.h"
 #include "tink/experimental/pqcrypto/signature/sphincs_verify_key_manager.h"
+#include "tink/experimental/pqcrypto/signature/falcon_sign_key_manager.h"
+#include "tink/experimental/pqcrypto/signature/falcon_verify_key_manager.h"
 #include "tink/public_key_sign.h"
 #include "tink/public_key_verify.h"
 #include "tink/registry.h"
@@ -89,6 +91,30 @@ TEST_F(PcqSignatureConfigTest, CheckSphincs) {
               IsOk());
 }
 
+TEST_F(PcqSignatureConfigTest, CheckFalcon) {
+  if (IsFipsModeEnabled() && !FIPS_mode()) {
+    GTEST_SKIP() << "Not supported if FIPS-mode is used";
+  }
+
+  EXPECT_THAT(Registry::get_key_manager<PublicKeySign>(
+                  FalconSignKeyManager().get_key_type())
+                  .status(),
+              StatusIs(util::error::NOT_FOUND));
+  EXPECT_THAT(Registry::get_key_manager<PublicKeyVerify>(
+                  FalconVerifyKeyManager().get_key_type())
+                  .status(),
+              StatusIs(util::error::NOT_FOUND));
+  EXPECT_THAT(PqSignatureConfigRegister(), IsOk());
+  EXPECT_THAT(Registry::get_key_manager<PublicKeySign>(
+                  FalconSignKeyManager().get_key_type())
+                  .status(),
+              IsOk());
+  EXPECT_THAT(Registry::get_key_manager<PublicKeyVerify>(
+                  FalconVerifyKeyManager().get_key_type())
+                  .status(),
+              IsOk());
+}
+
 }  // namespace
 }  // namespace tink
 }  // namespace crypto
author	Tink Team <tink-dev@google.com>	2021-09-20 07:18:00 -0700
committer	Copybara-Service <copybara-worker@google.com>	2021-09-20 07:18:51 -0700
commit	ce1a234b35ec9963278baa403e46216fb814e08b (patch)
tree	f175394f30259094efe28e6c9a78ee6776e37538 /cc/experimental
parent	22b33120df78760e97ef670c470fe7e65a8bf0a8 (diff)
download	tink-ce1a234b35ec9963278baa403e46216fb814e08b.tar.gz