Switch dev keys to use HPKE_X25519_HKDF_SHA256_ChaCha20Poly1305
Bug: b/297902188
Change-Id: I246f27108d469def80bad544e925ab3b32eac6a0
Reviewed-on: https://fuchsia-review.googlesource.com/c/cobalt/+/909240
Commit-Queue: Anivia Li <aniviali@google.com>
Reviewed-by: Cameron Dale <camrdale@google.com>
diff --git a/keys/analyzer_public.cobalt_key b/keys/analyzer_public.cobalt_key
index 9ed3a5e..5cb03c1 100644
--- a/keys/analyzer_public.cobalt_key
+++ b/keys/analyzer_public.cobalt_key
@@ -1,8 +1,5 @@
-
-Áûõ
-¸
-«
-=type.googleapis.com/google.crypto.tink.EciesAeadHkdfPublicKeyhD
-:8
-0type.googleapis.com/google.crypto.tink.AesGcmKey NZ
}ä·ø,Ý Ý³û°ãóå+Í%X>ØtX]ù÷ûõ
-
\ No newline at end of file
+
+xÁ«p
+d
+4type.googleapis.com/google.crypto.tink.HpkePublicKey* û¯{ ðµzóo{¿ù²}kéExÅ(\Æ~})Á«
+
\ No newline at end of file
diff --git a/keys/keys_tests.cc b/keys/keys_tests.cc
index 12247bb..54871dc 100644
--- a/keys/keys_tests.cc
+++ b/keys/keys_tests.cc
@@ -50,7 +50,7 @@
cobalt::EncryptedMessage encrypted_message;
EncryptSomething(*std::move(maker_result.value()).Unwrap(), &encrypted_message);
- EXPECT_EQ(encrypted_message.key_index(), 5u);
+ EXPECT_EQ(encrypted_message.key_index(), 9u);
}
TEST(KeysTests, TestAnalyzerCobaltEncryptionDevKey) {
@@ -64,7 +64,7 @@
cobalt::EncryptedMessage encrypted_message;
EncryptSomething(*std::move(maker_result.value()).Unwrap(), &encrypted_message);
- EXPECT_EQ(encrypted_message.key_index(), 6u);
+ EXPECT_EQ(encrypted_message.key_index(), 10u);
}
TEST(KeysTests, TestShufflerCobaltEncryptionProdKey) {
std::string key_bytes;
diff --git a/keys/shuffler_public.cobalt_key b/keys/shuffler_public.cobalt_key
index 7456bab..51b932f 100644
--- a/keys/shuffler_public.cobalt_key
+++ b/keys/shuffler_public.cobalt_key
@@ -1,6 +1,4 @@
-
-Áª¬ò¸
-«
-=type.googleapis.com/google.crypto.tink.EciesAeadHkdfPublicKeyhD
-:8
-0type.googleapis.com/google.crypto.tink.AesGcmKey µÆg²JèÄ5F¦x"¿û´[P@!»hª¬ò
\ No newline at end of file
+
+xõá¹îp
+d
+4type.googleapis.com/google.crypto.tink.HpkePublicKey* ¦· Âw¸0ØùÆ#¨ü-! 0*+Y!Õ¯ÀovLM õá¹î
\ No newline at end of file
diff --git a/src/lib/util/BUILD.gn b/src/lib/util/BUILD.gn
index 7dca0e8..48979b8 100644
--- a/src/lib/util/BUILD.gn
+++ b/src/lib/util/BUILD.gn
@@ -69,6 +69,7 @@
"$cobalt_root/src/pb",
"//third_party/tink/cc:hybrid_encrypt",
"//third_party/tink/cc:keyset_handle",
+ "//third_party/tink/cc/hybrid:hpke_config",
"//third_party/tink/cc/hybrid:hybrid_config",
"//third_party/tink/cc/util:status",
]
diff --git a/src/lib/util/hybrid_tink_encrypted_message_maker.cc b/src/lib/util/hybrid_tink_encrypted_message_maker.cc
index 85e55eb..d13c88e 100644
--- a/src/lib/util/hybrid_tink_encrypted_message_maker.cc
+++ b/src/lib/util/hybrid_tink_encrypted_message_maker.cc
@@ -3,6 +3,7 @@
#include "src/logging.h"
#include "src/tracing.h"
+#include "third_party/tink/cc/hybrid/hpke_config.h"
#include "third_party/tink/cc/hybrid/hybrid_config.h"
#include "third_party/tink/cc/hybrid_encrypt.h"
#include "third_party/tink/cc/keyset_handle.h"
@@ -28,6 +29,11 @@
return StatusFromTinkStatus(status);
}
+ status = ::crypto::tink::RegisterHpke();
+ if (!status.ok()) {
+ return StatusFromTinkStatus(status);
+ }
+
auto read_result = ::crypto::tink::KeysetHandle::ReadNoSecret(public_keyset_bytes);
if (!read_result.ok()) {
return StatusFromTinkStatus(read_result.status());