cc/experimental/pqcrypto/kem/subtle/cecpq2_aead_hkdf_hybrid_decrypt.cc - third_party/tink - Git at Google

 // Copyright 2021 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //
 ///////////////////////////////////////////////////////////////////////////////

 #include "tink/experimental/pqcrypto/kem/subtle/cecpq2_aead_hkdf_hybrid_decrypt.h"

 #include <string>
 #include <utility>

 #include "absl/memory/memory.h"
 #include "absl/status/status.h"
 #include "openssl/hrss.h"
 #include "openssl/nid.h"
 #include "tink/experimental/pqcrypto/kem/cecpq2_aead_hkdf_dem_helper.h"
 #include "tink/experimental/pqcrypto/kem/subtle/cecpq2_hkdf_recipient_kem_boringssl.h"
 #include "tink/hybrid_decrypt.h"
 #include "tink/internal/ec_util.h"
 #include "tink/util/enums.h"
 #include "tink/util/secret_data.h"
 #include "tink/util/status.h"

 namespace crypto {
 namespace tink {

 namespace {
 util::Status Validate(
     const google::crypto::tink::Cecpq2AeadHkdfPrivateKey& key) {
   if (key.hrss_private_key_seed().empty() || key.x25519_private_key().empty() ||
       key.public_key().hrss_public_key_marshalled().empty() ||
       key.public_key().x25519_public_key_x().empty()) {
     return util::Status(absl::StatusCode::kInvalidArgument,
                         "Invalid Cecpq2AeadHkdfPrivateKeyInternal: missing KEM "
                         "required fields.");
   }

   if (key.public_key().params().kem_params().curve_type() ==
       google::crypto::tink::EllipticCurveType::CURVE25519) {
     if (!key.public_key().x25519_public_key_y().empty()) {
       return util::Status(absl::StatusCode::kInvalidArgument,
                           "Invalid Cecpq2AeadHkdfPrivateKeyInternal: has KEM "
                           "unexpected field.");
     }

     if (key.public_key().params().kem_params().ec_point_format() !=
         google::crypto::tink::EcPointFormat::COMPRESSED) {
       return util::Status(
           absl::StatusCode::kInvalidArgument,
           "X25519 only supports compressed elliptic curve points.");
     }
   }

   return util::OkStatus();
 }
 }  // namespace

 // static
 util::StatusOr<std::unique_ptr<HybridDecrypt>> Cecpq2AeadHkdfHybridDecrypt::New(
     const google::crypto::tink::Cecpq2AeadHkdfPrivateKey& private_key) {
   util::Status status = Validate(private_key);
   if (!status.ok()) return status;

   util::StatusOr<std::unique_ptr<subtle::Cecpq2HkdfRecipientKemBoringSsl>>
       kem_result = subtle::Cecpq2HkdfRecipientKemBoringSsl::New(
           util::Enums::ProtoToSubtle(
               private_key.public_key().params().kem_params().curve_type()),
           util::SecretDataFromStringView(private_key.x25519_private_key()),
           util::SecretDataFromStringView(private_key.hrss_private_key_seed()));
   if (!kem_result.ok()) return kem_result.status();

   util::StatusOr<std::unique_ptr<const Cecpq2AeadHkdfDemHelper>> dem_result =
       Cecpq2AeadHkdfDemHelper::New(
           private_key.public_key().params().dem_params().aead_dem());
   if (!dem_result.ok()) return dem_result.status();

   return {absl::WrapUnique(new Cecpq2AeadHkdfHybridDecrypt(
       private_key.public_key().params(), std::move(kem_result).value(),
       std::move(dem_result).value()))};
 }

 util::StatusOr<std::string> Cecpq2AeadHkdfHybridDecrypt::Decrypt(
     absl::string_view ciphertext, absl::string_view context_info) const {
   util::StatusOr<int32_t> cecpq2_header_point_encoding_size =
       internal::EcPointEncodingSizeInBytes(
           util::Enums::ProtoToSubtle(
               recipient_key_params_.kem_params().curve_type()),
           util::Enums::ProtoToSubtle(
               recipient_key_params_.kem_params().ec_point_format()));
   if (!cecpq2_header_point_encoding_size.ok()) {
     return cecpq2_header_point_encoding_size.status();
   }
   int32_t cecpq2_header_size =
       *cecpq2_header_point_encoding_size + HRSS_CIPHERTEXT_BYTES;
   if (ciphertext.size() < cecpq2_header_size) {
     return util::Status(absl::StatusCode::kInvalidArgument,
                         "ciphertext too short");
   }

   // Get the key material size based on the DEM type_url.
   util::StatusOr<uint32_t> key_material_size_or =
       dem_helper_->GetKeyMaterialSize();
   if (!key_material_size_or.ok()) return key_material_size_or.status();
   uint32_t key_material_size = key_material_size_or.value();

   // Use KEM to get a symmetric key.
   util::StatusOr<util::SecretData> symmetric_key_result =
       recipient_kem_->GenerateKey(
           absl::string_view(ciphertext).substr(0, cecpq2_header_size),
           util::Enums::ProtoToSubtle(
               recipient_key_params_.kem_params().hkdf_hash_type()),
           recipient_key_params_.kem_params().hkdf_salt(), context_info,
           key_material_size,
           util::Enums::ProtoToSubtle(
               recipient_key_params_.kem_params().ec_point_format()));
   if (!symmetric_key_result.ok()) return symmetric_key_result.status();
   util::SecretData symmetric_key = std::move(symmetric_key_result.value());

   // Use the symmetric key to get an AEAD-primitive.
   util::StatusOr<std::unique_ptr<crypto::tink::subtle::AeadOrDaead>>
       aead_or_daead_result = dem_helper_->GetAeadOrDaead(symmetric_key);
   if (!aead_or_daead_result.ok()) return aead_or_daead_result.status();
   std::unique_ptr<crypto::tink::subtle::AeadOrDaead> aead_or_daead =
       std::move(aead_or_daead_result.value());

   // Do the actual decryption using the AEAD-primitive.
   util::StatusOr<std::string> decrypt_result = aead_or_daead->Decrypt(
       ciphertext.substr(cecpq2_header_size), "");  // empty aad
   if (!decrypt_result.ok()) return decrypt_result.status();

   return decrypt_result.value();
 }

 }  // namespace tink
 }  // namespace crypto
	// Copyright 2021 Google LLC
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.
	//
	///////////////////////////////////////////////////////////////////////////////

	#include "tink/experimental/pqcrypto/kem/subtle/cecpq2_aead_hkdf_hybrid_decrypt.h"

	#include <string>
	#include <utility>

	#include "absl/memory/memory.h"
	#include "absl/status/status.h"
	#include "openssl/hrss.h"
	#include "openssl/nid.h"
	#include "tink/experimental/pqcrypto/kem/cecpq2_aead_hkdf_dem_helper.h"
	#include "tink/experimental/pqcrypto/kem/subtle/cecpq2_hkdf_recipient_kem_boringssl.h"
	#include "tink/hybrid_decrypt.h"
	#include "tink/internal/ec_util.h"
	#include "tink/util/enums.h"
	#include "tink/util/secret_data.h"
	#include "tink/util/status.h"

	namespace crypto {
	namespace tink {

	namespace {
	util::Status Validate(
	const google::crypto::tink::Cecpq2AeadHkdfPrivateKey& key) {
	if (key.hrss_private_key_seed().empty() \|\| key.x25519_private_key().empty() \|\|
	key.public_key().hrss_public_key_marshalled().empty() \|\|
	key.public_key().x25519_public_key_x().empty()) {
	return util::Status(absl::StatusCode::kInvalidArgument,
	"Invalid Cecpq2AeadHkdfPrivateKeyInternal: missing KEM "
	"required fields.");
	}

	if (key.public_key().params().kem_params().curve_type() ==
	google::crypto::tink::EllipticCurveType::CURVE25519) {
	if (!key.public_key().x25519_public_key_y().empty()) {
	return util::Status(absl::StatusCode::kInvalidArgument,
	"Invalid Cecpq2AeadHkdfPrivateKeyInternal: has KEM "
	"unexpected field.");
	}

	if (key.public_key().params().kem_params().ec_point_format() !=
	google::crypto::tink::EcPointFormat::COMPRESSED) {
	return util::Status(
	absl::StatusCode::kInvalidArgument,
	"X25519 only supports compressed elliptic curve points.");
	}
	}

	return util::OkStatus();
	}
	} // namespace

	// static
	util::StatusOr<std::unique_ptr<HybridDecrypt>> Cecpq2AeadHkdfHybridDecrypt::New(
	const google::crypto::tink::Cecpq2AeadHkdfPrivateKey& private_key) {
	util::Status status = Validate(private_key);
	if (!status.ok()) return status;

	util::StatusOr<std::unique_ptr<subtle::Cecpq2HkdfRecipientKemBoringSsl>>
	kem_result = subtle::Cecpq2HkdfRecipientKemBoringSsl::New(
	util::Enums::ProtoToSubtle(
	private_key.public_key().params().kem_params().curve_type()),
	util::SecretDataFromStringView(private_key.x25519_private_key()),
	util::SecretDataFromStringView(private_key.hrss_private_key_seed()));
	if (!kem_result.ok()) return kem_result.status();

	util::StatusOr<std::unique_ptr<const Cecpq2AeadHkdfDemHelper>> dem_result =
	Cecpq2AeadHkdfDemHelper::New(
	private_key.public_key().params().dem_params().aead_dem());
	if (!dem_result.ok()) return dem_result.status();

	return {absl::WrapUnique(new Cecpq2AeadHkdfHybridDecrypt(
	private_key.public_key().params(), std::move(kem_result).value(),
	std::move(dem_result).value()))};
	}

	util::StatusOr<std::string> Cecpq2AeadHkdfHybridDecrypt::Decrypt(
	absl::string_view ciphertext, absl::string_view context_info) const {
	util::StatusOr<int32_t> cecpq2_header_point_encoding_size =
	internal::EcPointEncodingSizeInBytes(
	util::Enums::ProtoToSubtle(
	recipient_key_params_.kem_params().curve_type()),
	util::Enums::ProtoToSubtle(
	recipient_key_params_.kem_params().ec_point_format()));
	if (!cecpq2_header_point_encoding_size.ok()) {
	return cecpq2_header_point_encoding_size.status();
	}
	int32_t cecpq2_header_size =
	*cecpq2_header_point_encoding_size + HRSS_CIPHERTEXT_BYTES;
	if (ciphertext.size() < cecpq2_header_size) {
	return util::Status(absl::StatusCode::kInvalidArgument,
	"ciphertext too short");
	}

	// Get the key material size based on the DEM type_url.
	util::StatusOr<uint32_t> key_material_size_or =
	dem_helper_->GetKeyMaterialSize();
	if (!key_material_size_or.ok()) return key_material_size_or.status();
	uint32_t key_material_size = key_material_size_or.value();

	// Use KEM to get a symmetric key.
	util::StatusOr<util::SecretData> symmetric_key_result =
	recipient_kem_->GenerateKey(
	absl::string_view(ciphertext).substr(0, cecpq2_header_size),
	util::Enums::ProtoToSubtle(
	recipient_key_params_.kem_params().hkdf_hash_type()),
	recipient_key_params_.kem_params().hkdf_salt(), context_info,
	key_material_size,
	util::Enums::ProtoToSubtle(
	recipient_key_params_.kem_params().ec_point_format()));
	if (!symmetric_key_result.ok()) return symmetric_key_result.status();
	util::SecretData symmetric_key = std::move(symmetric_key_result.value());

	// Use the symmetric key to get an AEAD-primitive.
	util::StatusOr<std::unique_ptr<crypto::tink::subtle::AeadOrDaead>>
	aead_or_daead_result = dem_helper_->GetAeadOrDaead(symmetric_key);
	if (!aead_or_daead_result.ok()) return aead_or_daead_result.status();
	std::unique_ptr<crypto::tink::subtle::AeadOrDaead> aead_or_daead =
	std::move(aead_or_daead_result.value());

	// Do the actual decryption using the AEAD-primitive.
	util::StatusOr<std::string> decrypt_result = aead_or_daead->Decrypt(
	ciphertext.substr(cecpq2_header_size), ""); // empty aad
	if (!decrypt_result.ok()) return decrypt_result.status();

	return decrypt_result.value();
	}

	} // namespace tink
	} // namespace crypto