Switch dev keys to use HPKE_X25519_HKDF_SHA256_ChaCha20Poly1305
Bug: b/297902188
Change-Id: I246f27108d469def80bad544e925ab3b32eac6a0
Reviewed-on: https://fuchsia-review.googlesource.com/c/cobalt/+/909240
Commit-Queue: Anivia Li <aniviali@google.com>
Reviewed-by: Cameron Dale <camrdale@google.com>
diff --git a/keys/analyzer_public.cobalt_key b/keys/analyzer_public.cobalt_key
index 9ed3a5e..5cb03c1 100644
--- a/keys/analyzer_public.cobalt_key
+++ b/keys/analyzer_public.cobalt_key
@@ -1,8 +1,5 @@
-����
-Á��ûõ
-�¸�
-«�
-=type.googleapis.com/google.crypto.tink.EciesAeadHkdfPublicKey�h�D
-������:�8
-0type.googleapis.com/google.crypto.tink.AesGcmKey��������� NZ
}ä·ø�,Ý Ý³û°ãóå+Í%X>ØtX]ù÷������ûõ
- �
\ No newline at end of file
+
+x�Á«��p
+d
+4type.googleapis.com/google.crypto.tink.HpkePublicKey�*��������� û¯{ ðµzóo{¿ù²}kéExÅ(��\�Æ~})�����Á«� ��
+��
\ No newline at end of file
diff --git a/keys/keys_tests.cc b/keys/keys_tests.cc
index 12247bb..54871dc 100644
--- a/keys/keys_tests.cc
+++ b/keys/keys_tests.cc
@@ -50,7 +50,7 @@
cobalt::EncryptedMessage encrypted_message;
EncryptSomething(*std::move(maker_result.value()).Unwrap(), &encrypted_message);
- EXPECT_EQ(encrypted_message.key_index(), 5u);
+ EXPECT_EQ(encrypted_message.key_index(), 9u);
}
TEST(KeysTests, TestAnalyzerCobaltEncryptionDevKey) {
@@ -64,7 +64,7 @@
cobalt::EncryptedMessage encrypted_message;
EncryptSomething(*std::move(maker_result.value()).Unwrap(), &encrypted_message);
- EXPECT_EQ(encrypted_message.key_index(), 6u);
+ EXPECT_EQ(encrypted_message.key_index(), 10u);
}
TEST(KeysTests, TestShufflerCobaltEncryptionProdKey) {
std::string key_bytes;
diff --git a/keys/shuffler_public.cobalt_key b/keys/shuffler_public.cobalt_key
index 7456bab..51b932f 100644
--- a/keys/shuffler_public.cobalt_key
+++ b/keys/shuffler_public.cobalt_key
@@ -1,6 +1,4 @@
-����
-Á��ª¬ò��¸�
-«�
-=type.googleapis.com/google.crypto.tink.EciesAeadHkdfPublicKey�h�D
-������:�8
-0type.googleapis.com/google.crypto.tink.AesGcmKey��������� µÆg�²JèÄ5F¦x"¿û´[�P@!»�h������ª¬ò� �
\ No newline at end of file
+
+x�õá¹î��p
+d
+4type.googleapis.com/google.crypto.tink.HpkePublicKey�*��������� ¦· Âw¸0ØùÆ#¨ü-!� 0*+Y!Õ¯ÀovLM �����õá¹î� �� ��
\ No newline at end of file
diff --git a/src/lib/util/BUILD.gn b/src/lib/util/BUILD.gn
index 7dca0e8..48979b8 100644
--- a/src/lib/util/BUILD.gn
+++ b/src/lib/util/BUILD.gn
@@ -69,6 +69,7 @@
"$cobalt_root/src/pb",
"//third_party/tink/cc:hybrid_encrypt",
"//third_party/tink/cc:keyset_handle",
+ "//third_party/tink/cc/hybrid:hpke_config",
"//third_party/tink/cc/hybrid:hybrid_config",
"//third_party/tink/cc/util:status",
]
diff --git a/src/lib/util/hybrid_tink_encrypted_message_maker.cc b/src/lib/util/hybrid_tink_encrypted_message_maker.cc
index 85e55eb..d13c88e 100644
--- a/src/lib/util/hybrid_tink_encrypted_message_maker.cc
+++ b/src/lib/util/hybrid_tink_encrypted_message_maker.cc
@@ -3,6 +3,7 @@
#include "src/logging.h"
#include "src/tracing.h"
+#include "third_party/tink/cc/hybrid/hpke_config.h"
#include "third_party/tink/cc/hybrid/hybrid_config.h"
#include "third_party/tink/cc/hybrid_encrypt.h"
#include "third_party/tink/cc/keyset_handle.h"
@@ -28,6 +29,11 @@
return StatusFromTinkStatus(status);
}
+ status = ::crypto::tink::RegisterHpke();
+ if (!status.ok()) {
+ return StatusFromTinkStatus(status);
+ }
+
auto read_result = ::crypto::tink::KeysetHandle::ReadNoSecret(public_keyset_bytes);
if (!read_result.ok()) {
return StatusFromTinkStatus(read_result.status());
