update method signatures

salrashid123 · Jun 17, 2024 · 91e09ee · 91e09ee
1 parent d6e8ca2
commit 91e09ee
Show file tree

Hide file tree

Showing 18 changed files with 143 additions and 53 deletions.
diff --git a/README.md b/README.md
@@ -77,55 +77,55 @@ This repo is a generic implementation of
 
 The key types supported are:
 
-* `GetRawAesGcmKey()`
+* `ExportAesGcmKey()`
 
   Extract the raw AES-GCM key from the keyset.  You can use this key to decrypt/encrypt data using standard google AES library
 
-* `GetRawAesSivKey()`
+* `ExportAesSivKey()`
 
    Extract the raw AES-SIV key from the keyset.  You can use this key to decrypt/encrypt data using standard google AES library
 
-* `GetRawAesCtrHmacAeadKey()`
+* `ExportAesCtrHmacAeadKey()`
 
    Extract the raw AES and HMAC key from the keyset.  Using off the shelf libraries requires reversing [this](https://developers.google.com/tink/streaming-aead/aes_ctr_hmac_streaming) process.
 
-* `GetRawRsaSsaPkcs1PrivateKey()`
+* `ExportRsaSsaPkcs1PrivateKey()`
 
    Extract the RSA Private key from the keyset as DER bytes.
 
-* `GetRawRsaSsaPkcs1PublicKey()`
+* `ExportRsaSsaPkcs1PublicKey()`
 
    Extract the RSA Public key from the keyset as DER bytes.
 
-* `GetRawEcdsaPrivateKey()`
+* `ExportEcdsaPrivateKey()`
 
    Extract the ECC Private key from the keyset as DER bytes.
 
-* `GetRawEcdsaPublicKey()`
+* `ExportEcdsaPublicKey()`
 
    Extract the ECC Public key from the keyset as DER bytes.
 
-* `GetRawHMACKey()`
+* `ExportHMACKey()`
 
    Extract the HMAC the keyset.
 
 To process TINK encoded ciphertext or data
 
-* `GetRawCipherText()`
+* `ExportCipherText()`
 
   Returns the ciphertext or signature without the TINK prefix values.
 
   You can use this output with off the shelf crypto libraries to decrypt or verify.
 
 ### Key Import
 
-* `CreateSymmetricKey()`
+* `ImportSymmetricKey()`
 
   Supply the raw aes key, the keyID to use and the output prefix to apply for this keyset
 
   If an external KMS KEK is provided, the output will be an encryptedKeySet
 
-* `CreateHMACKey()`
+* `ImportHMACKey()`
 
    Unimplemented but easy to do.  see [tink_samples/external_hmac](https://github.com/salrashid123/tink_samples/tree/main/external_hmac)
 
@@ -151,7 +151,7 @@ For key extraction supply the keyset.
 	})
 
 	// print the raw key
-	rk, err := ku.GetRawAesGcmKey(keysetHandle.KeysetInfo().PrimaryKeyId)
+	rk, err := ku.ExportAesGcmKey(keysetHandle.KeysetInfo().PrimaryKeyId)
 	log.Printf("Raw key: %s", base64.StdEncoding.EncodeToString(rk))
 ```
 
@@ -174,15 +174,15 @@ For prefix redaction, supply the ciphertext provided by a prior tink operation.
 	})
 
 	// get the raw key from the keyset
-	rk, err := ku.GetRawAesGcmKey(keysetHandle.KeysetInfo().PrimaryKeyId)
+	rk, err := ku.ExportAesGcmKey(keysetHandle.KeysetInfo().PrimaryKeyId)
 	log.Printf("Raw key: %s", base64.StdEncoding.EncodeToString(rk))
 
 	// initialize aes cipher from this extracted key
 	aesCipher, err := aes.NewCipher(rk)
 	rawAES, err := cipher.NewGCM(aesCipher)
 
 	// omit the ciphertext prefix
-	ecca, err := ku.GetRawCipherText(ec, keysetHandle.KeysetInfo().PrimaryKeyId)
+	ecca, err := ku.ExportCipherText(ec, keysetHandle.KeysetInfo().PrimaryKeyId)
 
 	// decrypt the tinkencrypted data using the raw ciphertext and raw aes key
 	plaintext, err := rawAES.Open(nil, ecca[:keysetutil.AESGCMIVSize], ecca[keysetutil.AESGCMIVSize:], []byte("some additional data"))
@@ -354,7 +354,7 @@ For an encrypted keyset, supply the kek aead:
 	ek, err := keysetutil.CreateSymmetricKey(k, uint32(*keyid), tinkpb.OutputPrefixType_TINK, kmsaead)
 ```
 
-```log
+```bash
 $ go run aes_import/encryptedkeyset/main.go --master-key-uri=$MASTERKEY
 
 2024/04/25 22:24:20 Tink Keyset:

diff --git a/example/aes_ctr/insecurekeyset/main.go b/example/aes_ctr/insecurekeyset/main.go
@@ -66,7 +66,7 @@ func main() {
 
 	log.Printf("Encrypted Data: %s", base64.StdEncoding.EncodeToString(ec))
 
-	rk, hk, err := ku.GetRawAesCtrHmacAeadKey(keysetHandle.KeysetInfo().PrimaryKeyId)
+	rk, hk, err := ku.ExportAesCtrHmacAeadKey(keysetHandle.KeysetInfo().PrimaryKeyId)
 	if err != nil {
 		log.Fatal(err)
 	}
@@ -75,7 +75,7 @@ func main() {
 	log.Printf("HMAC key: %s", base64.StdEncoding.EncodeToString(hk))
 	// https://github.com/tink-crypto/tink/blob/master/go/aead/aes_ctr_hmac_aead_key_manager.go#L54
 
-	rawCipherTextWithMAC, err := ku.GetRawCipherText(ec, keysetHandle.KeysetInfo().PrimaryKeyId)
+	rawCipherTextWithMAC, err := ku.ExportCipherText(ec, keysetHandle.KeysetInfo().PrimaryKeyId)
 	if err != nil {
 		log.Fatal(err)
 	}

diff --git a/example/aes_export/encryptedkeyset/main.go b/example/aes_export/encryptedkeyset/main.go
@@ -75,7 +75,7 @@ func main() {
 
 	log.Printf("Encrypted Data: %s", base64.StdEncoding.EncodeToString(ec))
 
-	rk, err := ku.GetRawAesGcmKey(keysetHandle.KeysetInfo().PrimaryKeyId)
+	rk, err := ku.ExportAesGcmKey(keysetHandle.KeysetInfo().PrimaryKeyId)
 	if err != nil {
 		log.Fatal(err)
 	}
@@ -90,7 +90,7 @@ func main() {
 	if err != nil {
 		log.Fatal(err)
 	}
-	ecca, err := ku.GetRawCipherText(ec, keysetHandle.KeysetInfo().PrimaryKeyId)
+	ecca, err := ku.ExportCipherText(ec, keysetHandle.KeysetInfo().PrimaryKeyId)
 	if err != nil {
 		log.Fatal(err)
 	}

diff --git a/example/aes_export/insecurejsonkeyset/main.go b/example/aes_export/insecurejsonkeyset/main.go
@@ -63,7 +63,7 @@ func main() {
 
 	log.Printf("Encrypted Data: %s", base64.StdEncoding.EncodeToString(ec))
 
-	rk, err := ku.GetRawAesGcmKey(keysetHandle.KeysetInfo().PrimaryKeyId)
+	rk, err := ku.ExportAesGcmKey(keysetHandle.KeysetInfo().PrimaryKeyId)
 	if err != nil {
 		log.Fatal(err)
 	}
@@ -78,7 +78,7 @@ func main() {
 	if err != nil {
 		log.Fatal(err)
 	}
-	ecca, err := ku.GetRawCipherText(ec, keysetHandle.KeysetInfo().PrimaryKeyId)
+	ecca, err := ku.ExportCipherText(ec, keysetHandle.KeysetInfo().PrimaryKeyId)
 	if err != nil {
 		log.Fatal(err)
 	}

diff --git a/example/aes_export/insecurekeyset/main.go b/example/aes_export/insecurekeyset/main.go
@@ -63,7 +63,7 @@ func main() {
 
 	log.Printf("Encrypted Data: %s", base64.StdEncoding.EncodeToString(ec))
 
-	rk, err := ku.GetRawAesGcmKey(keysetHandle.KeysetInfo().PrimaryKeyId)
+	rk, err := ku.ExportAesGcmKey(keysetHandle.KeysetInfo().PrimaryKeyId)
 	if err != nil {
 		log.Fatal(err)
 	}
@@ -78,7 +78,7 @@ func main() {
 	if err != nil {
 		log.Fatal(err)
 	}
-	ecca, err := ku.GetRawCipherText(ec, keysetHandle.KeysetInfo().PrimaryKeyId)
+	ecca, err := ku.ExportCipherText(ec, keysetHandle.KeysetInfo().PrimaryKeyId)
 	if err != nil {
 		log.Fatal(err)
 	}

diff --git a/example/aes_import/encryptedkeyset/main.go b/example/aes_import/encryptedkeyset/main.go
@@ -45,7 +45,7 @@ func main() {
 		KeyValue: kval,
 	}
 
-	ek, err := keysetutil.CreateSymmetricKey(&k, 4112199248, tinkpb.OutputPrefixType_TINK, kmsaead)
+	ek, err := keysetutil.ImportSymmetricKey(&k, 4112199248, tinkpb.OutputPrefixType_TINK, kmsaead)
 	if err != nil {
 		log.Fatal(err)
 	}

diff --git a/example/aes_import/insecurekeyset/main.go b/example/aes_import/insecurekeyset/main.go
@@ -78,7 +78,7 @@ func main() {
 	// 	},
 	// }
 
-	ek, err := keysetutil.CreateSymmetricKey(&k, uint32(*keyid), tinkpb.OutputPrefixType_TINK, nil)
+	ek, err := keysetutil.ImportSymmetricKey(&k, uint32(*keyid), tinkpb.OutputPrefixType_TINK, nil)
 	if err != nil {
 		log.Fatal(err)
 	}

diff --git a/example/aes_siv/insecurekeyset/main.go b/example/aes_siv/insecurekeyset/main.go
@@ -65,14 +65,14 @@ func main() {
 
 	log.Printf("Encrypted Data: %s", hex.EncodeToString(ec))
 
-	rk, err := ku.GetRawAesSivKey(keysetHandle.KeysetInfo().PrimaryKeyId)
+	rk, err := ku.ExportAesSivKey(keysetHandle.KeysetInfo().PrimaryKeyId)
 	if err != nil {
 		log.Fatal(err)
 	}
 
 	log.Printf("Raw key: %s", base64.StdEncoding.EncodeToString(rk))
 
-	re, err := ku.GetRawCipherText(ec, keysetHandle.KeysetInfo().PrimaryKeyId)
+	re, err := ku.ExportCipherText(ec, keysetHandle.KeysetInfo().PrimaryKeyId)
 	if err != nil {
 		log.Fatal(err)
 	}

diff --git a/example/ecc/insecurekeyset/main.go b/example/ecc/insecurekeyset/main.go
@@ -57,7 +57,7 @@ func main() {
 	}
 
 	if ku.GetKeySetTypeURL() == keysetutil.EcdsaVerifierTypeURL {
-		pk, err := ku.GetRawEcdsaPublicKey(keysetHandle.KeysetInfo().PrimaryKeyId)
+		pk, err := ku.ExportEcdsaPublicKey(keysetHandle.KeysetInfo().PrimaryKeyId)
 		if err != nil {
 			log.Fatal(err)
 		}
@@ -74,7 +74,7 @@ func main() {
 		}
 	} else if ku.GetKeySetTypeURL() == keysetutil.EcdsaPrivateKeyTypeURL {
 
-		rk, err := ku.GetRawEcdsaPrivateKey(keysetHandle.KeysetInfo().PrimaryKeyId)
+		rk, err := ku.ExportEcdsaPrivateKey(keysetHandle.KeysetInfo().PrimaryKeyId)
 		if err != nil {
 			log.Fatal(err)
 		}
@@ -108,7 +108,7 @@ func main() {
 
 			digest := sha256.Sum256(msg)
 
-			st, err := ku.GetRawCipherText(sig, keysetHandle.KeysetInfo().PrimaryKeyId)
+			st, err := ku.ExportCipherText(sig, keysetHandle.KeysetInfo().PrimaryKeyId)
 			if err != nil {
 				log.Fatal(err)
 			}

diff --git a/example/go.mod b/example/go.mod
@@ -4,7 +4,6 @@ go 1.21
 
 require (
 	github.com/salrashid123/tink-keyset-util v0.0.0-00010101000000-000000000000
-	github.com/tink-crypto/tink-go v0.0.0-20230613075026-d6de17e3f164
 	github.com/tink-crypto/tink-go-gcpkms/v2 v2.1.0
 	github.com/tink-crypto/tink-go/v2 v2.2.0
 	google.golang.org/protobuf v1.33.0

diff --git a/example/go.sum b/example/go.sum
@@ -8,6 +8,7 @@ github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
@@ -49,6 +50,7 @@ github.com/googleapis/enterprise-certificate-proxy v0.3.1 h1:SBWmZhjUDRorQxrN0nw
 github.com/googleapis/enterprise-certificate-proxy v0.3.1/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
 github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas=
 github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@@ -57,8 +59,8 @@ github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpE
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/tink-crypto/tink-go v0.0.0-20230613075026-d6de17e3f164 h1:yhVO0Yhq84FjdcotvFFvDJRNHJ7mO743G12VdcW4Evc=
-github.com/tink-crypto/tink-go v0.0.0-20230613075026-d6de17e3f164/go.mod h1:HhtDVdE/PRZFRia834tkmcwuscnaAzda1RJUW9Pr3Rg=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/tink-crypto/tink-go-gcpkms/v2 v2.1.0 h1:A/2tIdYXqUuVZeWy0Yq/PWKsXgebzMyh5mLbpNEMVUo=
 github.com/tink-crypto/tink-go-gcpkms/v2 v2.1.0/go.mod h1:QXPc/i5yUEWWZ4lbe2WOam1kDdrXjGHRjl0Lzo7IQDU=
 github.com/tink-crypto/tink-go/v2 v2.2.0 h1:L2Da0F2Udh2agtKztdr69mV/KpnY3/lGTkMgLTVIXlA=
@@ -144,6 +146,7 @@ google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGm
 google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
diff --git a/example/hmac_export/main.go b/example/hmac_export/main.go
@@ -65,14 +65,14 @@ func main() {
 
 	log.Printf("Tink HMAC: %s", base64.StdEncoding.EncodeToString(ec))
 
-	rk, err := ku.GetRawHMACKey(keysetHandle.KeysetInfo().PrimaryKeyId)
+	rk, err := ku.ExportHMACKey(keysetHandle.KeysetInfo().PrimaryKeyId)
 	if err != nil {
 		log.Fatal(err)
 	}
 
 	log.Printf("rawKey key: %s", base64.StdEncoding.EncodeToString(rk))
 
-	ecca, err := ku.GetRawCipherText(ec, keysetHandle.KeysetInfo().PrimaryKeyId)
+	ecca, err := ku.ExportCipherText(ec, keysetHandle.KeysetInfo().PrimaryKeyId)
 	if err != nil {
 		log.Fatal(err)
 	}

diff --git a/example/hmac_import/main.go b/example/hmac_import/main.go
@@ -34,7 +34,7 @@ func main() {
 	// note, we're using output of OutputPrefixType_RAW just so we can easily confirm the key+data we used is correct.
 	//  other than that, you can ofcourse just set the prefix to OutputPrefixType_TINK but then you'd have to process
 	// the mac and account for the prefix.  See hmac_export/main.go about that
-	ek, err := keysetutil.CreateHMACKey([]byte(*key), uint32(*keyid), common_go_proto.HashType_SHA256, tinkpb.OutputPrefixType_RAW, nil)
+	ek, err := keysetutil.ImportHMACKey([]byte(*key), uint32(*keyid), common_go_proto.HashType_SHA256, tinkpb.OutputPrefixType_RAW, nil)
 	if err != nil {
 		log.Fatal(err)
 	}

diff --git a/example/rsa/insecurekeyset/main.go b/example/rsa/insecurekeyset/main.go
@@ -55,7 +55,7 @@ func main() {
 	}
 
 	if ku.GetKeySetTypeURL() == keysetutil.RsaSsaPkcs1VerifierTypeURL {
-		pk, err := ku.GetRawRsaSsaPkcs1PublicKey(keysetHandle.KeysetInfo().PrimaryKeyId)
+		pk, err := ku.ExportRsaSsaPkcs1PublicKey(keysetHandle.KeysetInfo().PrimaryKeyId)
 		if err != nil {
 			log.Fatal(err)
 		}
@@ -72,7 +72,7 @@ func main() {
 		}
 	} else if ku.GetKeySetTypeURL() == keysetutil.RsaSsaPkcs1PrivateKeyTypeURL {
 
-		rk, err := ku.GetRawRsaSsaPkcs1PrivateKey(keysetHandle.KeysetInfo().PrimaryKeyId)
+		rk, err := ku.ExportRsaSsaPkcs1PrivateKey(keysetHandle.KeysetInfo().PrimaryKeyId)
 		if err != nil {
 			log.Fatal(err)
 		}
@@ -106,7 +106,7 @@ func main() {
 
 			digest := sha256.Sum256(msg)
 
-			st, err := ku.GetRawCipherText(sig, keysetHandle.KeysetInfo().PrimaryKeyId)
+			st, err := ku.ExportCipherText(sig, keysetHandle.KeysetInfo().PrimaryKeyId)
 			if err != nil {
 				log.Fatal(err)
 			}

diff --git a/go.mod b/go.mod
@@ -4,6 +4,7 @@ go 1.21
 
 require (
 	github.com/stretchr/testify v1.9.0
+	github.com/tink-crypto/tink-go v0.0.0-20230613075026-d6de17e3f164
 	github.com/tink-crypto/tink-go/v2 v2.2.0
 	google.golang.org/protobuf v1.33.0
 )

diff --git a/go.sum b/go.sum
@@ -6,6 +6,8 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/tink-crypto/tink-go v0.0.0-20230613075026-d6de17e3f164 h1:yhVO0Yhq84FjdcotvFFvDJRNHJ7mO743G12VdcW4Evc=
+github.com/tink-crypto/tink-go v0.0.0-20230613075026-d6de17e3f164/go.mod h1:HhtDVdE/PRZFRia834tkmcwuscnaAzda1RJUW9Pr3Rg=
 github.com/tink-crypto/tink-go/v2 v2.2.0 h1:L2Da0F2Udh2agtKztdr69mV/KpnY3/lGTkMgLTVIXlA=
 github.com/tink-crypto/tink-go/v2 v2.2.0/go.mod h1:JJ6PomeNPF3cJpfWC0lgyTES6zpJILkAX0cJNwlS3xU=
 golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=