1*e7b1675dSTing-Kang Chang// Copyright 2023 Google LLC 2*e7b1675dSTing-Kang Chang// 3*e7b1675dSTing-Kang Chang// Licensed under the Apache License, Version 2.0 (the "License"); 4*e7b1675dSTing-Kang Chang// you may not use this file except in compliance with the License. 5*e7b1675dSTing-Kang Chang// You may obtain a copy of the License at 6*e7b1675dSTing-Kang Chang// 7*e7b1675dSTing-Kang Chang// http://www.apache.org/licenses/LICENSE-2.0 8*e7b1675dSTing-Kang Chang// 9*e7b1675dSTing-Kang Chang// Unless required by applicable law or agreed to in writing, software 10*e7b1675dSTing-Kang Chang// distributed under the License is distributed on an "AS IS" BASIS, 11*e7b1675dSTing-Kang Chang// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*e7b1675dSTing-Kang Chang// See the License for the specific language governing permissions and 13*e7b1675dSTing-Kang Chang// limitations under the License. 14*e7b1675dSTing-Kang Chang// 15*e7b1675dSTing-Kang Chang//////////////////////////////////////////////////////////////////////////////// 16*e7b1675dSTing-Kang Chang 17*e7b1675dSTing-Kang Changpackage keyderivation_test 18*e7b1675dSTing-Kang Chang 19*e7b1675dSTing-Kang Changimport ( 20*e7b1675dSTing-Kang Chang "fmt" 21*e7b1675dSTing-Kang Chang "log" 22*e7b1675dSTing-Kang Chang 23*e7b1675dSTing-Kang Chang "github.com/google/tink/go/aead" 24*e7b1675dSTing-Kang Chang "github.com/google/tink/go/keyderivation" 25*e7b1675dSTing-Kang Chang "github.com/google/tink/go/keyset" 26*e7b1675dSTing-Kang Chang "github.com/google/tink/go/prf" 27*e7b1675dSTing-Kang Chang) 28*e7b1675dSTing-Kang Chang 29*e7b1675dSTing-Kang Changfunc Example() { 30*e7b1675dSTing-Kang Chang template, err := keyderivation.CreatePRFBasedKeyTemplate(prf.HKDFSHA256PRFKeyTemplate(), aead.AES128GCMKeyTemplate()) 31*e7b1675dSTing-Kang Chang if err != nil { 32*e7b1675dSTing-Kang Chang log.Fatal(err) 33*e7b1675dSTing-Kang Chang } 34*e7b1675dSTing-Kang Chang 35*e7b1675dSTing-Kang Chang handle, err := keyset.NewHandle(template) 36*e7b1675dSTing-Kang Chang if err != nil { 37*e7b1675dSTing-Kang Chang log.Fatal(err) 38*e7b1675dSTing-Kang Chang } 39*e7b1675dSTing-Kang Chang 40*e7b1675dSTing-Kang Chang deriver, err := keyderivation.New(handle) 41*e7b1675dSTing-Kang Chang if err != nil { 42*e7b1675dSTing-Kang Chang log.Fatal(err) 43*e7b1675dSTing-Kang Chang } 44*e7b1675dSTing-Kang Chang 45*e7b1675dSTing-Kang Chang derivedHandle, err := deriver.DeriveKeyset([]byte("salt")) 46*e7b1675dSTing-Kang Chang if err != nil { 47*e7b1675dSTing-Kang Chang log.Fatal(err) 48*e7b1675dSTing-Kang Chang } 49*e7b1675dSTing-Kang Chang 50*e7b1675dSTing-Kang Chang // Use the derived keyset. 51*e7b1675dSTing-Kang Chang a, err := aead.New(derivedHandle) 52*e7b1675dSTing-Kang Chang if err != nil { 53*e7b1675dSTing-Kang Chang log.Fatal(err) 54*e7b1675dSTing-Kang Chang } 55*e7b1675dSTing-Kang Chang 56*e7b1675dSTing-Kang Chang ciphertext, err := a.Encrypt([]byte("a secret message"), nil) 57*e7b1675dSTing-Kang Chang if err != nil { 58*e7b1675dSTing-Kang Chang log.Fatal(err) 59*e7b1675dSTing-Kang Chang } 60*e7b1675dSTing-Kang Chang 61*e7b1675dSTing-Kang Chang plaintext, err := a.Decrypt(ciphertext, nil) 62*e7b1675dSTing-Kang Chang if err != nil { 63*e7b1675dSTing-Kang Chang log.Fatal(err) 64*e7b1675dSTing-Kang Chang } 65*e7b1675dSTing-Kang Chang 66*e7b1675dSTing-Kang Chang fmt.Println(string(plaintext)) 67*e7b1675dSTing-Kang Chang // Output: a secret message 68*e7b1675dSTing-Kang Chang} 69