Add primitive getters and serialization for HPKE to the hybrid config…

… v0. PiperOrigin-RevId: 696506838 Change-Id: I1e6b68f1682f7b637a95aa95fe84c6cef22332a2
tink-crypto · Nov 14, 2024 · 5f4e10d · 5f4e10d
1 parent f8de743
commit 5f4e10d
Show file tree

Hide file tree

Showing 4 changed files with 131 additions and 0 deletions.
diff --git a/tink/hybrid/internal/BUILD.bazel b/tink/hybrid/internal/BUILD.bazel
@@ -237,15 +237,23 @@ cc_library(
     include_prefix = "tink/hybrid/internal",
     tags = ["requires_boringcrypto_update"],
     deps = [
+        ":hpke_decrypt",
+        ":hpke_encrypt",
         ":hpke_private_key_manager",
         ":hpke_public_key_manager",
         "//tink:configuration",
+        "//tink:hybrid_decrypt",
+        "//tink:hybrid_encrypt",
         "//tink/hybrid:ecies_aead_hkdf_private_key_manager",
         "//tink/hybrid:ecies_aead_hkdf_public_key_manager",
+        "//tink/hybrid:hpke_private_key",
+        "//tink/hybrid:hpke_proto_serialization",
+        "//tink/hybrid:hpke_public_key",
         "//tink/hybrid:hybrid_decrypt_wrapper",
         "//tink/hybrid:hybrid_encrypt_wrapper",
         "//tink/internal:configuration_impl",
         "//tink/util:status",
+        "//tink/util:statusor",
         "@com_google_absl//absl/memory",
     ],
 )
@@ -473,15 +481,19 @@ cc_test(
     deps = [
         ":config_v0",
         ":hpke_private_key_manager",
+        ":hpke_test_util",
         ":key_gen_config_v0",
         "//proto:tink_cc_proto",
         "//tink:configuration",
         "//tink:hybrid_decrypt",
         "//tink:hybrid_encrypt",
         "//tink:key_gen_configuration",
+        "//tink:key_status",
         "//tink:keyset_handle",
         "//tink/hybrid:ecies_aead_hkdf_private_key_manager",
         "//tink/hybrid:hybrid_key_templates",
+        "//tink/hybrid/internal/testing:hpke_test_vectors",
+        "//tink/hybrid/internal/testing:hybrid_test_vectors",
         "//tink/internal:configuration_impl",
         "//tink/internal:key_gen_configuration_impl",
         "//tink/internal:key_type_info_store",

diff --git a/tink/hybrid/internal/CMakeLists.txt b/tink/hybrid/internal/CMakeLists.txt
@@ -238,16 +238,24 @@ tink_cc_library(
     config_v0.cc
     config_v0.h
   DEPS
+    tink::hybrid::internal::hpke_decrypt
+    tink::hybrid::internal::hpke_encrypt
     tink::hybrid::internal::hpke_private_key_manager
     tink::hybrid::internal::hpke_public_key_manager
     absl::memory
     tink::core::configuration
+    tink::core::hybrid_decrypt
+    tink::core::hybrid_encrypt
     tink::hybrid::ecies_aead_hkdf_private_key_manager
     tink::hybrid::ecies_aead_hkdf_public_key_manager
+    tink::hybrid::hpke_private_key
+    tink::hybrid::hpke_proto_serialization
+    tink::hybrid::hpke_public_key
     tink::hybrid::hybrid_decrypt_wrapper
     tink::hybrid::hybrid_encrypt_wrapper
     tink::internal::configuration_impl
     tink::util::status
+    tink::util::statusor
   TAGS
     exclude_if_openssl
 )
@@ -511,15 +519,19 @@ tink_cc_test(
   DEPS
     tink::hybrid::internal::config_v0
     tink::hybrid::internal::hpke_private_key_manager
+    tink::hybrid::internal::hpke_test_util
     tink::hybrid::internal::key_gen_config_v0
     gmock
     tink::core::configuration
     tink::core::hybrid_decrypt
     tink::core::hybrid_encrypt
     tink::core::key_gen_configuration
+    tink::core::key_status
     tink::core::keyset_handle
     tink::hybrid::ecies_aead_hkdf_private_key_manager
     tink::hybrid::hybrid_key_templates
+    tink::hybrid::internal::testing::hpke_test_vectors
+    tink::hybrid::internal::testing::hybrid_test_vectors
     tink::internal::configuration_impl
     tink::internal::key_gen_configuration_impl
     tink::internal::key_type_info_store

diff --git a/tink/hybrid/internal/config_v0.cc b/tink/hybrid/internal/config_v0.cc
@@ -15,14 +15,23 @@
 ////////////////////////////////////////////////////////////////////////////////
 
 #include "tink/hybrid/internal/config_v0.h"
+#include <memory>
 
 #include "absl/memory/memory.h"
 #include "tink/configuration.h"
 #include "tink/hybrid/ecies_aead_hkdf_private_key_manager.h"
 #include "tink/hybrid/ecies_aead_hkdf_public_key_manager.h"
 #include "tink/hybrid/hybrid_decrypt_wrapper.h"
 #include "tink/hybrid/hybrid_encrypt_wrapper.h"
+#include "tink/hybrid_decrypt.h"
+#include "tink/hybrid_encrypt.h"
+#include "tink/util/statusor.h"
 #ifdef OPENSSL_IS_BORINGSSL
+#include "tink/hybrid/hpke_private_key.h"
+#include "tink/hybrid/hpke_proto_serialization.h"
+#include "tink/hybrid/hpke_public_key.h"
+#include "tink/hybrid/internal/hpke_decrypt.h"
+#include "tink/hybrid/internal/hpke_encrypt.h"
 #include "tink/hybrid/internal/hpke_private_key_manager.h"
 #include "tink/hybrid/internal/hpke_public_key_manager.h"
 #endif
@@ -33,6 +42,22 @@ namespace crypto {
 namespace tink {
 namespace internal {
 
+namespace {
+
+#ifdef OPENSSL_IS_BORINGSSL
+util::StatusOr<std::unique_ptr<HybridDecrypt>>
+NewHpkeDecrypt(const HpkePrivateKey& key) {
+  return crypto::tink::internal::HpkeDecrypt::New(key);
+}
+
+util::StatusOr<std::unique_ptr<HybridEncrypt>>
+NewHpkeEncrypt(const HpkePublicKey& key) {
+  return crypto::tink::internal::HpkeEncrypt::New(key);
+}
+#endif
+
+}  // namespace
+
 util::Status AddHybridV0(Configuration& config) {
   util::Status status = ConfigurationImpl::AddPrimitiveWrapper(
       absl::make_unique<HybridEncryptWrapper>(), config);
@@ -52,6 +77,20 @@ util::Status AddHybridV0(Configuration& config) {
   if (!status.ok()) {
     return status;
   }
+  status = RegisterHpkeProtoSerialization();
+  if (!status.ok()) {
+    return status;
+  }
+  status = ConfigurationImpl::AddPrimitiveGetter<HybridDecrypt, HpkePrivateKey>(
+      NewHpkeDecrypt, config);
+  if (!status.ok()) {
+    return status;
+  }
+  status = ConfigurationImpl::AddPrimitiveGetter<HybridEncrypt, HpkePublicKey>(
+      NewHpkeEncrypt, config);
+  if (!status.ok()) {
+    return status;
+  }
 #endif
   return ConfigurationImpl::AddAsymmetricKeyManagers(
       absl::make_unique<EciesAeadHkdfPrivateKeyManager>(),

diff --git a/tink/hybrid/internal/config_v0_test.cc b/tink/hybrid/internal/config_v0_test.cc
@@ -24,6 +24,10 @@
 #include "tink/configuration.h"
 #include "tink/hybrid/ecies_aead_hkdf_private_key_manager.h"
 #include "tink/hybrid/hybrid_key_templates.h"
+#include "tink/hybrid/internal/hpke_test_util.h"
+#include "tink/hybrid/internal/testing/hpke_test_vectors.h"
+#include "tink/hybrid/internal/testing/hybrid_test_vectors.h"
+#include "tink/key_status.h"
 #ifdef OPENSSL_IS_BORINGSSL
 #include "tink/hybrid/internal/hpke_private_key_manager.h"
 #endif
@@ -50,6 +54,7 @@ using ::crypto::tink::test::IsOkAndHolds;
 using ::google::crypto::tink::KeyTemplate;
 using ::testing::TestWithParam;
 using ::testing::Values;
+using ::testing::Eq;
 
 TEST(HybridV0Test, PrimitiveWrappers) {
   Configuration config;
@@ -124,6 +129,69 @@ TEST_P(HybridV0KeyTypesTest, GetPrimitive) {
   EXPECT_THAT((*decrypt)->Decrypt(*ciphertext, "ad"), IsOkAndHolds(plaintext));
 }
 
+#ifdef OPENSSL_IS_BORINGSSL
+
+using HybridTestVectorTest =
+    testing::TestWithParam<internal::HybridTestVector>;
+
+TEST_P(HybridTestVectorTest, DecryptWorks) {
+  const HybridTestVector& param = GetParam();
+  Configuration config;
+  ASSERT_THAT(AddHybridV0(config), IsOk());
+  KeyGenConfiguration key_gen_config;
+  ASSERT_THAT(AddHybridKeyGenV0(key_gen_config), IsOk());
+
+  util::StatusOr<KeysetHandle> handle =
+      KeysetHandleBuilder()
+          .AddEntry(KeysetHandleBuilder::Entry::CreateFromKey(
+              param.hybrid_private_key, KeyStatus::kEnabled,
+              /*is_primary=*/true))
+          .Build();
+  ASSERT_THAT(handle, IsOk());
+
+  util::StatusOr<std::unique_ptr<HybridDecrypt>> decrypter =
+      handle->GetPrimitive<HybridDecrypt>(config);
+  ASSERT_THAT(decrypter, IsOk());
+  EXPECT_THAT((*decrypter)->Decrypt(param.ciphertext, param.context_info),
+              IsOkAndHolds(Eq(param.plaintext)));
+}
+
+TEST_P(HybridTestVectorTest, EncryptWorks) {
+  const HybridTestVector& param = GetParam();
+  Configuration config;
+  ASSERT_THAT(AddHybridV0(config), IsOk());
+  KeyGenConfiguration key_gen_config;
+  ASSERT_THAT(AddHybridKeyGenV0(key_gen_config), IsOk());
+
+  util::StatusOr<KeysetHandle> handle =
+      KeysetHandleBuilder()
+          .AddEntry(KeysetHandleBuilder::Entry::CreateFromKey(
+              param.hybrid_private_key, KeyStatus::kEnabled,
+              /*is_primary=*/true))
+          .Build();
+  ASSERT_THAT(handle, IsOk());
+  util::StatusOr<std::unique_ptr<KeysetHandle>> public_handle =
+      handle->GetPublicKeysetHandle(key_gen_config);
+  ASSERT_THAT(public_handle, IsOk());
+
+  util::StatusOr<std::unique_ptr<HybridDecrypt>> decrypter =
+      handle->GetPrimitive<HybridDecrypt>(config);
+  ASSERT_THAT(decrypter, IsOk());
+  util::StatusOr<std::unique_ptr<HybridEncrypt>> encrypter =
+      (*public_handle)->GetPrimitive<HybridEncrypt>(config);
+
+  util::StatusOr<std::string> ciphertext =
+      (*encrypter)->Encrypt(param.plaintext, param.context_info);
+  ASSERT_THAT(ciphertext, IsOk());
+  EXPECT_THAT((*decrypter)->Decrypt(*ciphertext, param.context_info),
+              IsOkAndHolds(Eq(param.plaintext)));
+}
+
+INSTANTIATE_TEST_SUITE_P(
+    HpkeTestVectorTest, HybridTestVectorTest,
+    testing::ValuesIn(internal::CreateHpkeTestVectors()));
+#endif
+
 }  // namespace
 }  // namespace internal
 }  // namespace tink