github.com/hyperledger/aries-framework-go@v0.3.2/pkg/crypto/tinkcrypto/primitive/composite/ecdh/ecdh_key_template.go (about) 1 /* 2 Copyright SecureKey Technologies Inc. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package ecdh 8 9 import ( 10 tinkpb "github.com/google/tink/go/proto/tink_go_proto" 11 12 "github.com/hyperledger/aries-framework-go/component/kmscrypto/crypto/tinkcrypto/primitive/composite/ecdh" 13 ) 14 15 // AEADAlg represents the AEAD implementation algorithm used by ECDH. 16 type AEADAlg = ecdh.AEADAlg 17 18 const ( 19 // AES256GCM AEAD. 20 AES256GCM = iota + 1 21 // XC20P AEAD. 22 XC20P 23 // AES128CBCHMACSHA256 AEAD. 24 AES128CBCHMACSHA256 25 // AES192CBCHMACSHA384 AEAD. 26 AES192CBCHMACSHA384 27 // AES256CBCHMACSHA384 AEAD. 28 AES256CBCHMACSHA384 29 // AES256CBCHMACSHA512 AEAD. 30 AES256CBCHMACSHA512 31 ) 32 33 // EncryptionAlgLabel maps AEADAlg to its label. 34 var EncryptionAlgLabel = ecdh.EncryptionAlgLabel // nolint: gochecknoglobals 35 36 // NISTP256ECDHKWKeyTemplate is a KeyTemplate that generates a key that accepts a CEK for JWE content 37 // encryption. CEK wrapping is done outside of this Tink key (in the tinkcrypto service). 38 // Keys from this template represent a valid recipient public/private key pairs and can be stored in the KMS. The 39 // recipient key represented in this key template uses the following key wrapping curve: 40 // - NIST curve P-256. 41 // 42 // Keys created with this template are mainly used for key wrapping of a cek. They are independent of the AEAD content 43 // encryption algorithm. 44 func NISTP256ECDHKWKeyTemplate() *tinkpb.KeyTemplate { 45 // aesGCM is set to pass key generation in the key manager, it's irrelevant to the key or its intended use. 46 return ecdh.NISTP256ECDHKWKeyTemplate() 47 } 48 49 // NISTP384ECDHKWKeyTemplate is a KeyTemplate that generates a key that accepts a CEK for JWE content 50 // encryption. CEK wrapping is done outside of this Tink key (in the tinkcrypto service). 51 // Keys from this template represent a valid recipient public/private key pairs and can be stored in the KMS. The 52 // recipient key represented in this key template uses the following key wrapping curve: 53 // - NIST curve P-384 54 // 55 // Keys created with this template are mainly used for key wrapping of a cek. They are independent of the AEAD content 56 // encryption algorithm. 57 func NISTP384ECDHKWKeyTemplate() *tinkpb.KeyTemplate { 58 // aesGCM is set to pass key generation in the key manager, it's irrelevant to the key or its intended use. 59 return ecdh.NISTP384ECDHKWKeyTemplate() 60 } 61 62 // NISTP521ECDHKWKeyTemplate is a KeyTemplate that generates a key that accepts a CEK for JWE content 63 // encryption. CEK wrapping is done outside of this Tink key (in the tinkcrypto service). 64 // Keys from this template represent a valid recipient public/private key pairs and can be stored in the KMS. The 65 // recipient key represented in this key template uses the following key wrapping curve: 66 // - NIST curve P-521 67 // 68 // Keys created with this template are mainly used for key wrapping of a cek. They are independent of the AEAD content 69 // encryption algorithm. 70 func NISTP521ECDHKWKeyTemplate() *tinkpb.KeyTemplate { 71 // aesGCM is set to pass key generation in the key manager, it's irrelevant to the key or its intended use. 72 return ecdh.NISTP521ECDHKWKeyTemplate() 73 } 74 75 // X25519ECDHKWKeyTemplate is a KeyTemplate that generates a key that accepts a CEK for JWE content 76 // encryption. CEK wrapping is done outside of this Tink key (in the tinkcrypto service). 77 // Keys from this template represent a valid recipient public/private key pairs and can be stored in the KMS.The 78 // recipient key represented in this key template uses the following key wrapping curve: 79 // - Curve25519 80 // 81 // Keys created with this template are mainly used for key wrapping of a cek. They are independent of the AEAD content 82 // encryption algorithm. 83 func X25519ECDHKWKeyTemplate() *tinkpb.KeyTemplate { 84 // xc20p is set to pass key generation in the key manager, it's irrelevant to the key or its intended use. 85 return ecdh.X25519ECDHKWKeyTemplate() 86 } 87 88 // KeyTemplateForECDHPrimitiveWithCEK is similar to NISTP256ECDHKWKeyTemplate but adding the cek to execute the 89 // CompositeEncrypt primitive for encrypting a message targeted to one ore more recipients. KW is not executed by this 90 // template, so it is ignored and set to NIST P Curved key by default. 91 // Keys from this template offer valid CompositeEncrypt primitive execution only and should not be stored in the KMS. 92 // The key created from this template has no recipient key info linked to it. It is exclusively used for primitive 93 // execution using content encryption. Available content encryption algorithms: 94 // - AES256GCM, XChacaha20Poly1305, AES128CBC+HMAC256, AES192CBC+HMAC384, AES256CBC+HMAC384, AES256CBC+HMAC512 95 // 96 // It works with both key wrapping modes (executed outside of the key primitive created by this template): 97 // NIST P kw or XC20P kw 98 // cek should be of size: 99 // - 32 bytes for AES256GCM, XChacaha20Poly1305, AES128CBC+HMAC256. 100 // - 48 bytes for AES192CBC+HMAC384. 101 // - 56 bytes for AES256CBC+HMAC384. 102 // - 64 bytes for AES256CBC+HMAC512. 103 func KeyTemplateForECDHPrimitiveWithCEK(cek []byte, nistpKW bool, encAlg AEADAlg) *tinkpb.KeyTemplate { 104 // the curve passed in the template below is ignored when executing the primitive, it's hardcoded to pass key 105 // key format validation only. 106 return ecdh.KeyTemplateForECDHPrimitiveWithCEK(cek, nistpKW, encAlg) 107 }