1# Copyright 2020 Google LLC 2# 3# Licensed under the Apache License, Version 2.0 (the "License"); 4# you may not use this file except in compliance with the License. 5# You may obtain a copy of the License at 6# 7# http://www.apache.org/licenses/LICENSE-2.0 8# 9# Unless required by applicable law or agreed to in writing, software 10# distributed under the License is distributed on an "AS IS" BASIS, 11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12# See the License for the specific language governing permissions and 13# limitations under the License. 14"""Pre-generated KeyTemplate for Mac. 15 16One can use these templates to generate a new tink_pb2.Keyset with 17tink_pb2.KeysetHandle. To generate a new keyset that contains a single 18hmac_pb2.HmacKey, one can do: 19handle = keyset_handle.KeysetHandle(mac_key_templates.HMAC_SHA256_128BITTAG). 20""" 21 22import warnings 23 24from tink.proto import aes_cmac_pb2 25from tink.proto import common_pb2 26from tink.proto import hmac_pb2 27from tink.proto import tink_pb2 28 29 30def _create_hmac_key_template( 31 key_size: int, tag_size: int, 32 hash_type: common_pb2.HashType) -> tink_pb2.KeyTemplate: 33 """Creates a HMAC KeyTemplate, and fills in its values.""" 34 key_format = hmac_pb2.HmacKeyFormat() 35 key_format.params.hash = hash_type 36 key_format.params.tag_size = tag_size 37 key_format.key_size = key_size 38 key_template = tink_pb2.KeyTemplate( 39 value=key_format.SerializeToString(), 40 type_url='type.googleapis.com/google.crypto.tink.HmacKey', 41 output_prefix_type=tink_pb2.TINK, 42 ) 43 return key_template 44 45 46def _create_aes_cmac_key_template(key_size: int, 47 tag_size: int) -> tink_pb2.KeyTemplate: 48 """"Creates an AES-CMAC KeyTemplate, and fills in its values.""" 49 key_format = aes_cmac_pb2.AesCmacKeyFormat() 50 key_format.key_size = key_size 51 key_format.params.tag_size = tag_size 52 key_template = tink_pb2.KeyTemplate() 53 key_template.value = key_format.SerializeToString() 54 key_template.type_url = 'type.googleapis.com/google.crypto.tink.AesCmacKey' 55 key_template.output_prefix_type = tink_pb2.TINK 56 return key_template 57 58 59AES_CMAC = _create_aes_cmac_key_template(key_size=32, tag_size=16) 60HMAC_SHA256_128BITTAG = _create_hmac_key_template( 61 key_size=32, tag_size=16, hash_type=common_pb2.SHA256) 62HMAC_SHA256_256BITTAG = _create_hmac_key_template( 63 key_size=32, tag_size=32, hash_type=common_pb2.SHA256) 64HMAC_SHA512_256BITTAG = _create_hmac_key_template( 65 key_size=64, tag_size=32, hash_type=common_pb2.SHA512) 66HMAC_SHA512_512BITTAG = _create_hmac_key_template( 67 key_size=64, tag_size=64, hash_type=common_pb2.SHA512) 68 69 70# Deprecated. Use the predefined constant templates above instead. 71def create_hmac_key_template( 72 key_size: int, tag_size: int, 73 hash_type: common_pb2.HashType) -> tink_pb2.KeyTemplate: 74 warnings.warn('The "create_hmac_key_template" function is deprecated.', 75 DeprecationWarning, 2) 76 return _create_hmac_key_template(key_size, tag_size, hash_type) 77 78 79# Deprecated. Use the predefined constant templates above instead. 80def create_aes_cmac_key_template(key_size: int, 81 tag_size: int) -> tink_pb2.KeyTemplate: 82 warnings.warn('The "create_hmac_key_template" function is deprecated.', 83 DeprecationWarning, 2) 84 return _create_aes_cmac_key_template(key_size, tag_size) 85