feat: Add main crypto interfaces and proto buffs for a new ECDH-ES kw…

…+AEAD Tink primtive type This is a first change for Anoncrypt crypto primitives mainly called Composite primitives. Following changes will build on top of this change, namely the crypto primitives, Tink templates and helpers to complete full ECDH-ES key wrapping + AEAD content encryption logic needed for building and parsing JWE messages. part of #1469 Signed-off-by: Baha Shaaban <[email protected]>
hyperledger-archives · Apr 17, 2020 · 509d21a · 509d21a
1 parent 9decd33
commit 509d21a
Show file tree

Hide file tree

Showing 10 changed files with 682 additions and 6 deletions.
diff --git a/.codecov.yaml b/.codecov.yaml
@@ -14,3 +14,5 @@ coverage:
 
 ignore:
   - "test/bdd"  # ignore bdd tests
+  - "protos"
+  - "pkg/crypto/tinkcrypto/primitive/proto"
diff --git a/go.sum b/go.sum
@@ -225,6 +225,7 @@ golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3
 golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190425150028-36563e24a262 h1:qsl9y/CJx34tuA7QCPNp86JNJe4spst6Ff8MjvPUdPg=
 golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c h1:97SnQk1GYRXJgvwZ8fadnxDOWfKvkNQHH3CtZntPSrM=
 golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

diff --git a/pkg/crypto/tinkcrypto/primitive/composite/api/composite_decrypt.go b/pkg/crypto/tinkcrypto/primitive/composite/api/composite_decrypt.go
@@ -0,0 +1,19 @@
+/*
+Copyright SecureKey Technologies Inc. All Rights Reserved.
+
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package api
+
+// CompositeDecrypt will decrypt a `ciphertext` representing a composite encryption with a protected cek for the
+// recipient caller of this interface. In order to get the plaintext embedded, this type is configured with the
+// recipient key type that will decrypt the embedded cek first. This type is used mainly for repudiation requests where
+// the sender identity remains unknown using ECDH-ES key wrapping with an ephemeral sender key.
+type CompositeDecrypt interface {
+	// Decrypt operation: decrypts ciphertext representing a serialized EncryptedData (mainly extracted from a
+	// JWE message) for a given recipient. It extracts the underlying secure material then executes key unwrapping of
+	// the cek and the AEAD decrypt primitive.
+	// returns resulting plaintext extracted from the serialized object.
+	Decrypt(cipherText, additionalData []byte) ([]byte, error)
+}
diff --git a/pkg/crypto/tinkcrypto/primitive/composite/api/composite_encrypt.go b/pkg/crypto/tinkcrypto/primitive/composite/api/composite_encrypt.go
@@ -0,0 +1,16 @@
+/*
+Copyright SecureKey Technologies Inc. All Rights Reserved.
+
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package api
+
+// CompositeEncrypt will encrypt a `plaintext` using AEAD primitive and ECDH-ES key wrapping by recipient
+// It returns the resulting serialized JWE []byte. This type is used mainly for repudiation requests where the sender
+// identity remains unknown to the recipient in a serialized EncryptedData envelope (used mainly to build JWE messages).
+type CompositeEncrypt interface {
+	// Encrypt operation: encrypts plaintext with aad represented as the list of recipient's corresponding public keys
+	// Returns resulting EncryptedData wrapping ciphertext and the recipients protected keys or error if failed.
+	Encrypt(plainText, aad []byte) ([]byte, error)
+}