Skip to content

Commit

Permalink
Document what an AesGcmKey represents.
Browse files Browse the repository at this point in the history 
As usual in Tink, Tink Keys represent fixed cryptographic functions. They should be documented in the proto; unfortunately we currently don't do this. I hope in the future we can add all these.

PiperOrigin-RevId: 429498845
  • Loading branch information
@tholenst @copybara-github
tholenst authored and copybara-github committed Feb 18, 2022
1 parent 01788f7 commit 2e86330
Show file tree
Hide file tree
Showing 2 changed files with 64 additions and 4 deletions.
34 changes: 32 additions & 2 deletions proto/aes_gcm.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,14 +23,44 @@ option java_multiple_files = true;
option go_package = "github.com/google/tink/proto/aes_gcm_go_proto";
option objc_class_prefix = "TINKPB";

// only allowing IV size in bytes = 12 and tag size in bytes = 16
// Thus, accept no params.
message AesGcmKeyFormat {
uint32 key_size = 2;
uint32 version = 3;
}

// key_type: type.googleapis.com/google.crypto.tink.AesGcmKey
//
// A AesGcmKey is an AEAD key. Mathematically, it represents the functions
// Encrypt and Decrypt which we define in the following.
//
// First, Tink computes a "output prefix" OP by considering the
// "OutputPrefixType" message in Keyset.Key and the ID of the key using the
// Tink function "AEAD-OutputPrefix": (AesGcmKeys must always be stored in a
// keyset).
//
// AEAD-OutputPrefix(output_prefix_type, id):
// if output_prefix_type == RAW:
// return "";
// if output_prefix_type == TINK:
// return 0x01 + BigEndian(id)
// if output_prefix_type == CRUNCHY:
// return 0x00 + BigEndian(id)
//
// Then, the function defined by this is defined as:
// [GCM], Section 5.2.1:
// * "Encrypt" maps a plaintext P and associated data A to a ciphertext given
// by the concatenation OP || IV || C || T. In addition to [GCM], Tink
// has the following restriction: IV is a uniformly random initialization
// vector of length 12 bytes and T is restricted to 16 bytes.
//
// * If OP matches the result of AEAD-OutputPrefix, then "Decrypt" maps the
// input OP || IV || C || T and A to the the output P in the manner as
// described in [GCM], Section 5.2.2. If OP does not match, then "Decrypt"
// returns an error.
// [GCM]: NIST Special Publication 800-38D: Recommendation for Block Cipher
// Modes of Operation: Galois/Counter Mode (GCM) and GMAC.
// http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf.

message AesGcmKey {
uint32 version = 1;
bytes key_value = 3;
Expand Down
34 changes: 32 additions & 2 deletions python/tink/proto/aes_gcm.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,14 +23,44 @@ option java_multiple_files = true;
option go_package = "github.com/google/tink/proto/aes_gcm_go_proto";
option objc_class_prefix = "TINKPB";

// only allowing IV size in bytes = 12 and tag size in bytes = 16
// Thus, accept no params.
message AesGcmKeyFormat {
uint32 key_size = 2;
uint32 version = 3;
}

// key_type: type.googleapis.com/google.crypto.tink.AesGcmKey
//
// A AesGcmKey is an AEAD key. Mathematically, it represents the functions
// Encrypt and Decrypt which we define in the following.
//
// First, Tink computes a "output prefix" OP by considering the
// "OutputPrefixType" message in Keyset.Key and the ID of the key using the
// Tink function "AEAD-OutputPrefix": (AesGcmKeys must always be stored in a
// keyset).
//
// AEAD-OutputPrefix(output_prefix_type, id):
// if output_prefix_type == RAW:
// return "";
// if output_prefix_type == TINK:
// return 0x01 + BigEndian(id)
// if output_prefix_type == CRUNCHY:
// return 0x00 + BigEndian(id)
//
// Then, the function defined by this is defined as:
// [GCM], Section 5.2.1:
// * "Encrypt" maps a plaintext P and associated data A to a ciphertext given
// by the concatenation OP || IV || C || T. In addition to [GCM], Tink
// has the following restriction: IV is a uniformly random initialization
// vector of length 12 bytes and T is restricted to 16 bytes.
//
// * If OP matches the result of AEAD-OutputPrefix, then "Decrypt" maps the
// input OP || IV || C || T and A to the the output P in the manner as
// described in [GCM], Section 5.2.2. If OP does not match, then "Decrypt"
// returns an error.
// [GCM]: NIST Special Publication 800-38D: Recommendation for Block Cipher
// Modes of Operation: Galois/Counter Mode (GCM) and GMAC.
// http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf.

message AesGcmKey {
uint32 version = 1;
bytes key_value = 3;
Expand Down

0 comments on commit 2e86330

Please sign in to comment.