1 // Copyright 2020 Google LLC 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 // 15 //////////////////////////////////////////////////////////////////////////////// 16 17 package com.google.crypto.tink.prf; 18 19 import com.google.crypto.tink.proto.AesCmacPrfKeyFormat; 20 import com.google.crypto.tink.proto.HashType; 21 import com.google.crypto.tink.proto.HkdfPrfKeyFormat; 22 import com.google.crypto.tink.proto.HkdfPrfParams; 23 import com.google.crypto.tink.proto.HmacPrfKeyFormat; 24 import com.google.crypto.tink.proto.HmacPrfParams; 25 import com.google.crypto.tink.proto.KeyTemplate; 26 import com.google.crypto.tink.proto.OutputPrefixType; 27 28 /** 29 * Key templates for PRF-Keys. 30 * 31 * <p>We recommend to avoid this class in order to keep dependencies small. 32 * 33 * <ul> 34 * <li>Using this class adds a dependency on protobuf. We hope that eventually it is possible to 35 * use Tink without a dependency on protobuf. 36 * <li>Using this class adds a dependency on classes for all involved key types. 37 * </ul> 38 * 39 * These dependencies all come from static class member variables, which are initialized when the 40 * class is loaded. This implies that static analysis and code minimization tools (such as proguard) 41 * cannot remove the usages either. 42 * 43 * <p>Instead, we recommend to use {@code KeysetHandle.generateEntryFromParametersName} or {@code 44 * KeysetHandle.generateEntryFromParameters}. 45 * 46 * @deprecated Use PredefinedPrfParameters instead. 47 */ 48 @Deprecated 49 public final class PrfKeyTemplates { 50 PrfKeyTemplates()51 private PrfKeyTemplates() {} 52 createHkdfKeyTemplate()53 private static KeyTemplate createHkdfKeyTemplate() { 54 HkdfPrfKeyFormat format = 55 HkdfPrfKeyFormat.newBuilder() 56 .setKeySize(32) // the size in bytes of the HKDF key 57 .setParams(HkdfPrfParams.newBuilder().setHash(HashType.SHA256)) 58 .build(); 59 return KeyTemplate.newBuilder() 60 .setValue(format.toByteString()) 61 .setTypeUrl(HkdfPrfKeyManager.staticKeyType()) 62 .setOutputPrefixType(OutputPrefixType.RAW) 63 .build(); 64 } 65 createHmacTemplate(int keySize, HashType hashType)66 private static KeyTemplate createHmacTemplate(int keySize, HashType hashType) { 67 HmacPrfParams params = HmacPrfParams.newBuilder().setHash(hashType).build(); 68 HmacPrfKeyFormat format = 69 HmacPrfKeyFormat.newBuilder().setParams(params).setKeySize(keySize).build(); 70 return KeyTemplate.newBuilder() 71 .setTypeUrl(HmacPrfKeyManager.getKeyType()) 72 .setValue(format.toByteString()) 73 .setOutputPrefixType(OutputPrefixType.RAW) 74 .build(); 75 } 76 createAes256CmacTemplate()77 private static KeyTemplate createAes256CmacTemplate() { 78 AesCmacPrfKeyFormat format = AesCmacPrfKeyFormat.newBuilder().setKeySize(32).build(); 79 return KeyTemplate.newBuilder() 80 .setTypeUrl(AesCmacPrfKeyManager.getKeyType()) 81 .setValue(format.toByteString()) 82 .setOutputPrefixType(OutputPrefixType.RAW) 83 .build(); 84 } 85 /** 86 * Generates a {@link KeyTemplate} for a {@link com.google.crypto.tink.proto.HkdfPrfKey} key with 87 * the following parameters. 88 * 89 * <ul> 90 * <li>Hash function: SHA256 91 * <li>HMAC key size: 32 bytes 92 * <li>Salt: empty 93 * </ul> 94 */ 95 public static final KeyTemplate HKDF_SHA256 = createHkdfKeyTemplate(); 96 97 public static final KeyTemplate HMAC_SHA256_PRF = createHmacTemplate(32, HashType.SHA256); 98 public static final KeyTemplate HMAC_SHA512_PRF = createHmacTemplate(64, HashType.SHA512); 99 public static final KeyTemplate AES_CMAC_PRF = createAes256CmacTemplate(); 100 } 101