Add crypto format constants and methods.

Change-Id: Iac770e0aa6ecd414ef4b0a389e66be6c07c81773
ORIGINAL_AUTHOR=Thanh Bui <thanhb@google.com>
GitOrigin-RevId: e372a717bb187e5a9545633a705c1d6cdcf5e013

go/tink/BUILD

@@ -13,6 +13,11 @@ TINK_SRCS = [
     "public_key_sign.go",
     "public_key_verify.go",
     "key_manager.go",
+    "crypto_format.go",
+]
+
+TINK_TEST_SRCS = [
+    "crypto_format_test.go",
 ]
 
 TINK_DEPS = [
@@ -28,6 +33,8 @@ go_library(
 
 go_test(
     name = "tink_test",
-    srcs = TINK_SRCS,
-    deps = TINK_DEPS,
+    srcs = TINK_TEST_SRCS,
+    deps = TINK_DEPS + [
+        ":tink",
+    ],
 )

go/tink/crypto_format.go

+// Copyright 2017 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+package tink
+
+import (
+  "fmt"
+  "encoding/binary"
+  tinkpb "github.com/google/tink/proto/tink_go_proto"
+)
+
+/**
+ * Constants and convenience methods that deal with crypto format.
+ */
+const (
+  // Prefix size of Tink and Legacy key types.
+  NON_RAW_PREFIX_SIZE = 5
+
+  // Legacy or Crunchy prefix starts with \x00 and followed by a 4-byte key id.
+  LEGACY_PREFIX_SIZE = NON_RAW_PREFIX_SIZE
+  LEGACY_START_BYTE = byte(0)
+
+  // Tink prefix starts with \x01 and followed by a 4-byte key id.
+  TINK_PREFIX_SIZE = NON_RAW_PREFIX_SIZE
+  TINK_START_BYTE = byte(1)
+
+  // Raw prefix is empty.
+  RAW_PREFIX_SIZE = 0;
+  RAW_PREFIX = ""
+)
+
+/**
+ * Generates the prefix of all cryptographic outputs (ciphertexts,
+ * signatures, MACs, ...)  produced by the specified {@code key}.
+ * The prefix can be either empty (for RAW-type prefix), or consists
+ * of a 1-byte indicator of the type of the prefix, followed by 4
+ * bytes of {@code key.KeyId} in Big Endian encoding.
+ *
+ * @throws error if the prefix type of {@code key} is unknown.
+ * @return a prefix.
+ */
+func GetOutputPrefix(key *tinkpb.Keyset_Key) (string, error) {
+  switch key.OutputPrefixType {
+    case tinkpb.OutputPrefixType_LEGACY, tinkpb.OutputPrefixType_CRUNCHY:
+      return createOutputPrefix(LEGACY_PREFIX_SIZE, LEGACY_START_BYTE, key.KeyId), nil
+    case tinkpb.OutputPrefixType_TINK:
+      return createOutputPrefix(TINK_PREFIX_SIZE, TINK_START_BYTE, key.KeyId), nil
+    case tinkpb.OutputPrefixType_RAW:
+      return RAW_PREFIX, nil
+    default:
+      return "", fmt.Errorf("crypto_format: unknown output prefix type")
+  }
+}
+
+/**
+ * Creates an output prefix. It consists of a 1-byte indicator of the type
+ * of the prefix, followed by 4 bytes of {@code keyId} in Big Endian encoding.
+ */
+func createOutputPrefix(size int, startByte byte, keyId uint32) string {
+  prefix := make([]byte, size)
+  prefix[0] = startByte
+  binary.BigEndian.PutUint32(prefix[1:], keyId)
+  return string(prefix)
+}
\ No newline at end of file

go/tink/crypto_format_test.go

+// Copyright 2017 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+package tink_test
+
+import (
+  "testing"
+  "github.com/google/tink/go/tink/tink"
+  tinkpb "github.com/google/tink/proto/tink_go_proto"
+)
+
+var tests = []struct{
+  keyId uint32
+  result string // expected prefix
+}{
+  {
+    keyId: 1000000,
+    result: string([]byte{0, 15, 66, 64}),
+  },
+  {
+    keyId: 4294967295,
+    result: string([]byte{255, 255, 255, 255}),
+  },
+  {
+    keyId: 0,
+    result: string([]byte{0, 0, 0, 0}),
+  },
+}
+
+func TestGetOutputPrefix(t *testing.T) {
+  key := new(tinkpb.Keyset_Key)
+  for i, test := range tests {
+    key.KeyId = test.keyId
+    // legacy type
+    key.OutputPrefixType = tinkpb.OutputPrefixType_LEGACY
+    prefix, err := tink.GetOutputPrefix(key)
+    if err != nil || !validatePrefix(prefix, tink.LEGACY_START_BYTE, test.result){
+      t.Errorf("incorrect legacy prefix in test %d", i)
+    }
+    // crunchy type
+    key.OutputPrefixType = tinkpb.OutputPrefixType_CRUNCHY
+    prefix, err = tink.GetOutputPrefix(key)
+    if err != nil || !validatePrefix(prefix, tink.LEGACY_START_BYTE, test.result){
+      t.Errorf("incorrect legacy prefix in test %d", i)
+    }
+    // tink type
+    key.OutputPrefixType = tinkpb.OutputPrefixType_TINK
+    prefix, err = tink.GetOutputPrefix(key)
+    if err != nil || !validatePrefix(prefix, tink.TINK_START_BYTE, test.result){
+      t.Errorf("incorrect tink prefix in test %d", i)
+    }
+    // raw type
+    key.OutputPrefixType = tinkpb.OutputPrefixType_RAW
+    prefix, err = tink.GetOutputPrefix(key)
+    if err != nil || prefix != tink.RAW_PREFIX {
+      t.Errorf("incorrect raw prefix in test %d", i)
+    }
+  }
+  // unknown prefix type
+  key.OutputPrefixType = tinkpb.OutputPrefixType_UNKNOWN_PREFIX
+  if _, err := tink.GetOutputPrefix(key); err == nil {
+    t.Errorf("expect an error when prefix type is unknown")
+  }
+}
+
+func validatePrefix(prefix string, startByte byte, key string) bool {
+  if prefix[0] != startByte {
+    return false
+  }
+  return prefix[1:] == key
+}
\ No newline at end of file