github.com/trustbloc/kms-go@v1.1.2/crypto/tinkcrypto/primitive/aead/aead_key_templates.go (about) 1 /* 2 Copyright SecureKey Technologies Inc. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package aead 8 9 import ( 10 "github.com/golang/protobuf/proto" 11 commonpb "github.com/google/tink/go/proto/common_go_proto" 12 hmacpb "github.com/google/tink/go/proto/hmac_go_proto" 13 tinkpb "github.com/google/tink/go/proto/tink_go_proto" 14 15 "github.com/trustbloc/kms-go/crypto/tinkcrypto/primitive/aead/subtle" 16 aescbcpb "github.com/trustbloc/kms-go/crypto/tinkcrypto/primitive/proto/aes_cbc_go_proto" 17 aeadpb "github.com/trustbloc/kms-go/crypto/tinkcrypto/primitive/proto/aes_cbc_hmac_aead_go_proto" 18 ) 19 20 // This file contains pre-generated KeyTemplates for AEAD keys. One can use these templates to generate new Keysets. 21 // These templates are based on the CBC-HMAC parameters defined at: 22 // https://datatracker.ietf.org/doc/html/draft-mcgrew-aead-aes-cbc-hmac-sha2-05#section-2.8. 23 24 // AES128CBCHMACSHA256KeyTemplate is a KeyTemplate that generates an AES-CBC-HMAC-AEAD key with the following 25 // parameters: 26 // - AES key size: 16 bytes 27 // - HMAC key size: 16 bytes 28 // - HMAC tag size: 16 bytes 29 // - HMAC hash function: SHA256 30 func AES128CBCHMACSHA256KeyTemplate() *tinkpb.KeyTemplate { 31 return createAESCBCHMACAEADKeyTemplate(subtle.AES128Size, subtle.AES128Size, subtle.AES128Size, 32 commonpb.HashType_SHA256) 33 } 34 35 // AES192CBCHMACSHA384KeyTemplate is a KeyTemplate that generates an AES-CBC-HMAC-AEAD key with the following 36 // parameters: 37 // - AES key size: 24 bytes 38 // - HMAC key size: 24 bytes 39 // - HMAC tag size: 24 bytes 40 // - HMAC hash function: SHA384 41 func AES192CBCHMACSHA384KeyTemplate() *tinkpb.KeyTemplate { 42 return createAESCBCHMACAEADKeyTemplate(subtle.AES192Size, subtle.AES192Size, subtle.AES192Size, 43 commonpb.HashType_SHA384) 44 } 45 46 // AES256CBCHMACSHA384KeyTemplate is a KeyTemplate that generates an AES-CBC-HMAC-AEAD key with the following 47 // parameters: 48 // - AES key size: 32 bytes 49 // - HMAC key size: 24 bytes 50 // - HMAC tag size: 24 bytes 51 // - HMAC hash function: SHA384 52 func AES256CBCHMACSHA384KeyTemplate() *tinkpb.KeyTemplate { 53 return createAESCBCHMACAEADKeyTemplate(subtle.AES256Size, subtle.AES192Size, subtle.AES192Size, 54 commonpb.HashType_SHA384) 55 } 56 57 // AES256CBCHMACSHA512KeyTemplate is a KeyTemplate that generates an AES-CBC-HMAC-AEAD key with the following 58 // parameters: 59 // - AES key size: 32 bytes 60 // - HMAC key size: 32 bytes 61 // - HMAC tag size: 32 bytes 62 // - HMAC hash function: SHA512 63 func AES256CBCHMACSHA512KeyTemplate() *tinkpb.KeyTemplate { 64 return createAESCBCHMACAEADKeyTemplate(subtle.AES256Size, subtle.AES256Size, subtle.AES256Size, 65 commonpb.HashType_SHA512) 66 } 67 68 func createAESCBCHMACAEADKeyTemplate(aesKeySize, hmacKeySize, tagSize uint32, 69 hashType commonpb.HashType) *tinkpb.KeyTemplate { 70 format := &aeadpb.AesCbcHmacAeadKeyFormat{ 71 AesCbcKeyFormat: &aescbcpb.AesCbcKeyFormat{ 72 KeySize: aesKeySize, 73 }, 74 HmacKeyFormat: &hmacpb.HmacKeyFormat{ 75 Params: &hmacpb.HmacParams{Hash: hashType, TagSize: tagSize}, 76 KeySize: hmacKeySize, 77 }, 78 } 79 80 serializedFormat, err := proto.Marshal(format) 81 if err != nil { 82 panic("failed to marshal CBC+HMAC AEAD key format proto") 83 } 84 85 return &tinkpb.KeyTemplate{ 86 Value: serializedFormat, 87 TypeUrl: aesCBCHMACAEADTypeURL, 88 OutputPrefixType: tinkpb.OutputPrefixType_RAW, 89 } 90 }