diff --git a/cc/hybrid/ecies_aead_hkdf_hybrid_decrypt_test.cc b/cc/hybrid/ecies_aead_hkdf_hybrid_decrypt_test.cc
index cc33dae696b17c744edb1aea6e0703194ee1a365..792fde68a38d5417cadeb3788d0372af9e413b7f 100644
--- a/cc/hybrid/ecies_aead_hkdf_hybrid_decrypt_test.cc
+++ b/cc/hybrid/ecies_aead_hkdf_hybrid_decrypt_test.cc
@@ -131,13 +131,11 @@ TEST_F(EciesAeadHkdfHybridDecryptTest, testBasic) {
// Generate and test many keys with various parameters.
std::string context_info = "some context info";
- for (auto curve :
- {EllipticCurveType::NIST_P224, EllipticCurveType::NIST_P256,
- EllipticCurveType::NIST_P384, EllipticCurveType::NIST_P521}) {
+ for (auto curve : {EllipticCurveType::NIST_P256, EllipticCurveType::NIST_P384,
+ EllipticCurveType::NIST_P521}) {
for (auto ec_point_format :
{EcPointFormat::UNCOMPRESSED, EcPointFormat::COMPRESSED}) {
- for (auto hash_type :
- {HashType::SHA224, HashType::SHA256, HashType::SHA512}) {
+ for (auto hash_type : {HashType::SHA256, HashType::SHA512}) {
for (uint32_t aes_gcm_key_size : {16, 24, 32}) {
for (uint32_t plaintext_size : {1, 10, 100, 1000}) {
ecies_key = test::GetEciesAesGcmHkdfTestKey(
diff --git a/cc/hybrid/ecies_aead_hkdf_hybrid_encrypt_test.cc b/cc/hybrid/ecies_aead_hkdf_hybrid_encrypt_test.cc
index 6e227fa6167567b367d80646fc22f81ae61f5d6f..a5107055ae3379f783d206d2abef39f930d9bfb6 100644
--- a/cc/hybrid/ecies_aead_hkdf_hybrid_encrypt_test.cc
+++ b/cc/hybrid/ecies_aead_hkdf_hybrid_encrypt_test.cc
@@ -126,13 +126,11 @@ TEST_F(EciesAeadHkdfHybridEncryptTest, testBasic) {
// Generate and test many keys with various parameters.
std::string plaintext = "some plaintext";
std::string context_info = "some context info";
- for (auto curve :
- {EllipticCurveType::NIST_P224, EllipticCurveType::NIST_P256,
- EllipticCurveType::NIST_P384, EllipticCurveType::NIST_P521}) {
+ for (auto curve : {EllipticCurveType::NIST_P256, EllipticCurveType::NIST_P384,
+ EllipticCurveType::NIST_P521}) {
for (auto ec_point_format :
{EcPointFormat::UNCOMPRESSED, EcPointFormat::COMPRESSED}) {
- for (auto hash_type :
- {HashType::SHA224, HashType::SHA256, HashType::SHA512}) {
+ for (auto hash_type : {HashType::SHA256, HashType::SHA512}) {
for (uint32_t aes_gcm_key_size : {16, 24, 32}) {
ecies_key = test::GetEciesAesGcmHkdfTestKey(
curve, ec_point_format, hash_type, aes_gcm_key_size);
diff --git a/cc/signature/ecdsa_sign_key_manager_test.cc b/cc/signature/ecdsa_sign_key_manager_test.cc
index d8c1fccf79bf654baf19d85ab177c589c3c4c512..87663a822a5a4f1d6df83ff95cd172784065757c 100644
--- a/cc/signature/ecdsa_sign_key_manager_test.cc
+++ b/cc/signature/ecdsa_sign_key_manager_test.cc
@@ -127,7 +127,7 @@ TEST_F(EcdsaSignKeyManagerTest, testKeyMessageErrors) {
EcdsaPrivateKey key;
auto public_key = key.mutable_public_key();
public_key->mutable_params()->set_encoding(EcdsaSignatureEncoding::DER);
- public_key->mutable_params()->set_curve(EllipticCurveType::NIST_P224);
+ public_key->mutable_params()->set_curve(EllipticCurveType::UNKNOWN_CURVE);
auto result = key_manager.GetPrimitive(key);
EXPECT_FALSE(result.ok());
EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
diff --git a/cc/signature/ecdsa_verify_key_manager_test.cc b/cc/signature/ecdsa_verify_key_manager_test.cc
index d2d31b6e970b97c00eede01d67efca910808bf5d..7c408fcf6ccbce631ea7e0c00bc4ff94b6603fdb 100644
--- a/cc/signature/ecdsa_verify_key_manager_test.cc
+++ b/cc/signature/ecdsa_verify_key_manager_test.cc
@@ -127,7 +127,7 @@ TEST_F(EcdsaVerifyKeyManagerTest, testKeyMessageErrors) {
{ // Bad elliptic curve.
EcdsaPublicKey key;
key.mutable_params()->set_encoding(EcdsaSignatureEncoding::DER);
- key.mutable_params()->set_curve(EllipticCurveType::NIST_P224);
+ key.mutable_params()->set_curve(EllipticCurveType::UNKNOWN_CURVE);
auto result = key_manager.GetPrimitive(key);
EXPECT_FALSE(result.ok());
EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
diff --git a/cc/subtle/common_enums.cc b/cc/subtle/common_enums.cc
index aa0fb8b94cd4a3d76e35231abdba50f2a1662071..d8bccd8f950c59d609f14064dd7fcfaba83d4f6e 100644
--- a/cc/subtle/common_enums.cc
+++ b/cc/subtle/common_enums.cc
@@ -24,8 +24,6 @@ namespace subtle {
std::string EnumToString(EllipticCurveType type) {
switch (type) {
- case EllipticCurveType::NIST_P224:
- return "NIST_P224";
case EllipticCurveType::NIST_P256:
return "NIST_P256";
case EllipticCurveType::NIST_P384:
@@ -56,8 +54,6 @@ std::string EnumToString(HashType type) {
switch (type) {
case HashType::SHA1:
return "SHA1";
- case HashType::SHA224:
- return "SHA224";
case HashType::SHA256:
return "SHA256";
case HashType::SHA512:
diff --git a/cc/subtle/common_enums.h b/cc/subtle/common_enums.h
index 1adf9d5d6a7237b4fc4d2fce370eb8913121186e..cce4b9d04a178bd4f17cfe2f43ca5d686f86d33e 100644
--- a/cc/subtle/common_enums.h
+++ b/cc/subtle/common_enums.h
@@ -26,7 +26,6 @@ namespace subtle {
// Common enums used by classes in subtle.
enum EllipticCurveType {
UNKNOWN_CURVE = 0,
- NIST_P224 = 1,
NIST_P256 = 2,
NIST_P384 = 3,
NIST_P521 = 4,
@@ -41,7 +40,6 @@ enum EcPointFormat {
enum HashType {
UNKNOWN_HASH = 0,
SHA1 = 1, // SHA1 for digital signature is deprecated but HMAC-SHA1 is fine.
- SHA224 = 2,
SHA256 = 3,
SHA512 = 4,
};
diff --git a/cc/subtle/common_enums_test.cc b/cc/subtle/common_enums_test.cc
index 7578f76225f8fe297f466a251304307dc7cc5f5e..9c5c580588c41587f33ca9574fe104a48b64441a 100644
--- a/cc/subtle/common_enums_test.cc
+++ b/cc/subtle/common_enums_test.cc
@@ -25,7 +25,6 @@ namespace {
class CommonEnumsTest : public ::testing::Test {};
TEST_F(CommonEnumsTest, testEllipticCurveTypeToString) {
- EXPECT_EQ("NIST_P224", EnumToString(EllipticCurveType::NIST_P224));
EXPECT_EQ("NIST_P256", EnumToString(EllipticCurveType::NIST_P256));
EXPECT_EQ("NIST_P384", EnumToString(EllipticCurveType::NIST_P384));
EXPECT_EQ("NIST_P521", EnumToString(EllipticCurveType::NIST_P521));
@@ -35,7 +34,6 @@ TEST_F(CommonEnumsTest, testEllipticCurveTypeToString) {
TEST_F(CommonEnumsTest, testHashTypeToString) {
EXPECT_EQ("SHA1", EnumToString(HashType::SHA1));
- EXPECT_EQ("SHA224", EnumToString(HashType::SHA224));
EXPECT_EQ("SHA256", EnumToString(HashType::SHA256));
EXPECT_EQ("SHA512", EnumToString(HashType::SHA512));
EXPECT_EQ("UNKNOWN_HASH", EnumToString(HashType::UNKNOWN_HASH));
diff --git a/cc/subtle/ec_util_test.cc b/cc/subtle/ec_util_test.cc
index f8232b8fd50441de5454159196397ac9bf29c0c5..eeb04908a27a0f3174d370bcd17f2add35bc27d3 100644
--- a/cc/subtle/ec_util_test.cc
+++ b/cc/subtle/ec_util_test.cc
@@ -39,12 +39,7 @@ struct TestVector {
};
static const std::vector<TestVector> test_vector(
- {{"af33cd0629bc7e996320a3f40368f74de8704fa37b8fab69abaae280",
- "882092ccbba7930f419a8a4f9bb16978bbc3838729992559a6f2e2d7",
- "8346a60fc6f293ca5a0d2af68ba71d1dd389e5e40837942df3e43cbd",
- "7d96f9a3bd3c05cf5cc37feb8b9d5209d5c2597464dec3e9983743e8",
- EllipticCurveType::NIST_P224},
- {"700c48f77f56584c5cc632ca65640db91b6bacce3a4df6b42ce7cc838833d287",
+ {{"700c48f77f56584c5cc632ca65640db91b6bacce3a4df6b42ce7cc838833d287",
"db71e509e3fd9b060ddb20ba5c51dcc5948d46fbf640dfe0441782cab85fa4ac",
"7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534",
"46fc62106420ff012e54a434fbdd2d25ccc5852060561e68040dd7778997bd7b",
diff --git a/cc/subtle/subtle_util_boringssl.cc b/cc/subtle/subtle_util_boringssl.cc
index 3515316df29cf4fd96ee707b948ce76c983a61f6..7dddfa1f5945db87e47aa49199462025f327dd95 100644
--- a/cc/subtle/subtle_util_boringssl.cc
+++ b/cc/subtle/subtle_util_boringssl.cc
@@ -50,8 +50,6 @@ size_t FieldElementSizeInBytes(const EC_GROUP* group) {
util::StatusOr<EC_GROUP *> SubtleUtilBoringSSL::GetEcGroup(
EllipticCurveType curve_type) {
switch (curve_type) {
- case EllipticCurveType::NIST_P224:
- return EC_GROUP_new_by_curve_name(NID_secp224r1);
case EllipticCurveType::NIST_P256:
return EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
case EllipticCurveType::NIST_P384:
@@ -136,8 +134,6 @@ util::StatusOr<const EVP_MD *> SubtleUtilBoringSSL::EvpHash(
switch (hash_type) {
case HashType::SHA1:
return EVP_sha1();
- case HashType::SHA224:
- return EVP_sha224();
case HashType::SHA256:
return EVP_sha256();
case HashType::SHA512:
diff --git a/cc/subtle/wycheproof_util.cc b/cc/subtle/wycheproof_util.cc
index e001f1ff8b1bc99a3d8c28c78ab5e12b7d591421..e15034b4491036cc603f3bdf303f850e5d4434a8 100644
--- a/cc/subtle/wycheproof_util.cc
+++ b/cc/subtle/wycheproof_util.cc
@@ -47,8 +47,6 @@ HashType WycheproofUtil::GetHashType(const Json::Value &val) {
std::string md = val.asString();
if (md == "SHA-1") {
return HashType::SHA1;
- } else if (md == "SHA-224") {
- return HashType::SHA224;
} else if (md == "SHA-256") {
return HashType::SHA256;
} else if (md == "SHA-384") {
@@ -63,9 +61,7 @@ HashType WycheproofUtil::GetHashType(const Json::Value &val) {
EllipticCurveType
WycheproofUtil::GetEllipticCurveType(const Json::Value &val) {
std::string curve = val.asString();
- if (curve == "secp224r1") {
- return EllipticCurveType::NIST_P224;
- } else if (curve == "secp256r1") {
+ if (curve == "secp256r1") {
return EllipticCurveType::NIST_P256;
} else if (curve == "secp384r1") {
return EllipticCurveType::NIST_P384;
diff --git a/cc/util/enums.cc b/cc/util/enums.cc
index a12a18cd27e0561dec7a6a1c19a6cfdf765de484..25ab9cda31ccff51835c4fddc85c700c4f57945f 100644
--- a/cc/util/enums.cc
+++ b/cc/util/enums.cc
@@ -26,8 +26,6 @@ namespace util {
// static
pb::EllipticCurveType Enums::SubtleToProto(subtle::EllipticCurveType type) {
switch (type) {
- case subtle::EllipticCurveType::NIST_P224:
- return pb::EllipticCurveType::NIST_P224;
case subtle::EllipticCurveType::NIST_P256:
return pb::EllipticCurveType::NIST_P256;
case subtle::EllipticCurveType::NIST_P384:
@@ -42,8 +40,6 @@ pb::EllipticCurveType Enums::SubtleToProto(subtle::EllipticCurveType type) {
// static
subtle::EllipticCurveType Enums::ProtoToSubtle(pb::EllipticCurveType type) {
switch (type) {
- case pb::EllipticCurveType::NIST_P224:
- return subtle::EllipticCurveType::NIST_P224;
case pb::EllipticCurveType::NIST_P256:
return subtle::EllipticCurveType::NIST_P256;
case pb::EllipticCurveType::NIST_P384:
@@ -84,8 +80,6 @@ pb::HashType Enums::SubtleToProto(subtle::HashType type) {
switch (type) {
case subtle::HashType::SHA1:
return pb::HashType::SHA1;
- case subtle::HashType::SHA224:
- return pb::HashType::SHA224;
case subtle::HashType::SHA256:
return pb::HashType::SHA256;
case subtle::HashType::SHA512:
@@ -100,8 +94,6 @@ subtle::HashType Enums::ProtoToSubtle(pb::HashType type) {
switch (type) {
case pb::HashType::SHA1:
return subtle::HashType::SHA1;
- case pb::HashType::SHA224:
- return subtle::HashType::SHA224;
case pb::HashType::SHA256:
return subtle::HashType::SHA256;
case pb::HashType::SHA512:
diff --git a/cc/util/enums_test.cc b/cc/util/enums_test.cc
index fadc4b4fdd7bc3d7e6127d53bc4e6750fbc36cb7..a5455079ce883d7323de6c27a1ca2e26dc6bd998 100644
--- a/cc/util/enums_test.cc
+++ b/cc/util/enums_test.cc
@@ -32,8 +32,6 @@ class EnumsTest : public ::testing::Test {
};
TEST_F(EnumsTest, testEllipticCurveType) {
- EXPECT_EQ(pb::EllipticCurveType::NIST_P224,
- Enums::SubtleToProto(subtle::EllipticCurveType::NIST_P224));
EXPECT_EQ(pb::EllipticCurveType::NIST_P256,
Enums::SubtleToProto(subtle::EllipticCurveType::NIST_P256));
EXPECT_EQ(pb::EllipticCurveType::NIST_P384,
@@ -45,8 +43,6 @@ TEST_F(EnumsTest, testEllipticCurveType) {
EXPECT_EQ(pb::EllipticCurveType::UNKNOWN_CURVE,
Enums::SubtleToProto((subtle::EllipticCurveType)42));
- EXPECT_EQ(subtle::EllipticCurveType::NIST_P224,
- Enums::ProtoToSubtle(pb::EllipticCurveType::NIST_P224));
EXPECT_EQ(subtle::EllipticCurveType::NIST_P256,
Enums::ProtoToSubtle(pb::EllipticCurveType::NIST_P256));
EXPECT_EQ(subtle::EllipticCurveType::NIST_P384,
@@ -70,14 +66,12 @@ TEST_F(EnumsTest, testEllipticCurveType) {
count++;
}
}
- EXPECT_EQ(5, count);
+ EXPECT_EQ(4, count);
}
TEST_F(EnumsTest, testHashType) {
EXPECT_EQ(pb::HashType::SHA1,
Enums::SubtleToProto(subtle::HashType::SHA1));
- EXPECT_EQ(pb::HashType::SHA224,
- Enums::SubtleToProto(subtle::HashType::SHA224));
EXPECT_EQ(pb::HashType::SHA256,
Enums::SubtleToProto(subtle::HashType::SHA256));
EXPECT_EQ(pb::HashType::SHA512,
@@ -89,8 +83,6 @@ TEST_F(EnumsTest, testHashType) {
EXPECT_EQ(subtle::HashType::SHA1,
Enums::ProtoToSubtle(pb::HashType::SHA1));
- EXPECT_EQ(subtle::HashType::SHA224,
- Enums::ProtoToSubtle(pb::HashType::SHA224));
EXPECT_EQ(subtle::HashType::SHA256,
Enums::ProtoToSubtle(pb::HashType::SHA256));
EXPECT_EQ(subtle::HashType::SHA512,
@@ -112,7 +104,7 @@ TEST_F(EnumsTest, testHashType) {
count++;
}
}
- EXPECT_EQ(5, count);
+ EXPECT_EQ(4, count);
}
TEST_F(EnumsTest, testEcPointFormat) {
diff --git a/go/subtle/util.go b/go/subtle/util.go
index 88fa7f95368599683b3f2d7cb9290a2011adf3c3..34e7e1afbae3f547ddabc62f38cc15c9c8d4c558 100644
--- a/go/subtle/util.go
+++ b/go/subtle/util.go
@@ -73,8 +73,6 @@ func GetHashFunc(hash string) func() hash.Hash {
// It returns null if the curve type is not supported.
func GetCurve(curve string) elliptic.Curve {
switch curve {
- case "NIST_P224":
- return elliptic.P224()
case "NIST_P256":
return elliptic.P256()
case "NIST_P384":
diff --git a/go/subtle/util_test.go b/go/subtle/util_test.go
index 111c6f7f79c5ab434416ae5db21d7c033a040bdf..8b75ea1f4d3fc8475b6b778137fe3413ed6f1e16 100644
--- a/go/subtle/util_test.go
+++ b/go/subtle/util_test.go
@@ -67,9 +67,6 @@ func TestComputeHash(t *testing.T) {
}
func TestGetCurve(t *testing.T) {
- if subtle.GetCurve("NIST_P224").Params().Name != "P-224" {
- t.Errorf("incorrect result for NIST_P224")
- }
if subtle.GetCurve("NIST_P256").Params().Name != "P-256" {
t.Errorf("incorrect result for NIST_P256")
}
diff --git a/java/src/test/java/com/google/crypto/tink/aead/AeadKeyTemplatesTest.java b/java/src/test/java/com/google/crypto/tink/aead/AeadKeyTemplatesTest.java
index 57eca5b3f79b1abe8dbadcbd3fece274de012aa8..025d3145dd28b7b9e000e1dfdcd7fcb8ea8bc5a6 100644
--- a/java/src/test/java/com/google/crypto/tink/aead/AeadKeyTemplatesTest.java
+++ b/java/src/test/java/com/google/crypto/tink/aead/AeadKeyTemplatesTest.java
@@ -149,7 +149,7 @@ public class AeadKeyTemplatesTest {
int ivSize = 72;
int hmacKeySize = 24;
int tagSize = 27;
- HashType hashType = HashType.SHA224;
+ HashType hashType = HashType.UNKNOWN_HASH;
KeyTemplate template = AeadKeyTemplates.createAesCtrHmacAeadKeyTemplate(
aesKeySize, ivSize, hmacKeySize, tagSize, hashType);
assertEquals(AesCtrHmacAeadKeyManager.TYPE_URL, template.getTypeUrl());
diff --git a/java/src/test/java/com/google/crypto/tink/signature/SignatureKeyTemplatesTest.java b/java/src/test/java/com/google/crypto/tink/signature/SignatureKeyTemplatesTest.java
index b08c45c2218c59a244a705566166cc0792a36a39..fac7a15794f2f7ca8aa683ff3032345852198be2 100644
--- a/java/src/test/java/com/google/crypto/tink/signature/SignatureKeyTemplatesTest.java
+++ b/java/src/test/java/com/google/crypto/tink/signature/SignatureKeyTemplatesTest.java
@@ -76,7 +76,7 @@ public class SignatureKeyTemplatesTest {
// Intentionally using "weird" or invalid values for parameters,
// to test that the function correctly puts them in the resulting template.
HashType hashType = HashType.SHA512;
- EllipticCurveType curve = EllipticCurveType.NIST_P224;
+ EllipticCurveType curve = EllipticCurveType.UNKNOWN_CURVE;
EcdsaSignatureEncoding encoding = EcdsaSignatureEncoding.IEEE_P1363;
KeyTemplate template = SignatureKeyTemplates.createEcdsaKeyTemplate(hashType, curve, encoding);
assertEquals(EcdsaSignKeyManager.TYPE_URL, template.getTypeUrl());
diff --git a/java/src/test/java/com/google/crypto/tink/streamingaead/StreamingAeadKeyTemplatesTest.java b/java/src/test/java/com/google/crypto/tink/streamingaead/StreamingAeadKeyTemplatesTest.java
index e013a66548ca25dfb2c03e55cb0427439722fab0..08344ee090350b659d9662ebf6a553f7fe2153db 100644
--- a/java/src/test/java/com/google/crypto/tink/streamingaead/StreamingAeadKeyTemplatesTest.java
+++ b/java/src/test/java/com/google/crypto/tink/streamingaead/StreamingAeadKeyTemplatesTest.java
@@ -99,7 +99,7 @@ public class StreamingAeadKeyTemplatesTest {
int tagSize = 45;
int ciphertextSegmentSize = 12345;
HashType hkdfHashType = HashType.SHA512;
- HashType macHashType = HashType.SHA224;
+ HashType macHashType = HashType.UNKNOWN_HASH;
KeyTemplate template = StreamingAeadKeyTemplates.createAesCtrHmacStreamingKeyTemplate(
mainKeySize, hkdfHashType, derivedKeySize,
macHashType, tagSize, ciphertextSegmentSize);
diff --git a/proto/common.proto b/proto/common.proto
index c4ba0be388b65a4ef82c2fb26669e3a552da9632..4623c7b7079325c130559e5db5c60051af760847 100644
--- a/proto/common.proto
+++ b/proto/common.proto
@@ -26,7 +26,6 @@ option go_package = "github.com/google/tink/proto/common_go_proto";
enum EllipticCurveType {
UNKNOWN_CURVE = 0;
- NIST_P224 = 1;
NIST_P256 = 2;
NIST_P384 = 3;
NIST_P521 = 4;
@@ -41,7 +40,6 @@ enum EcPointFormat {
enum HashType {
UNKNOWN_HASH = 0;
SHA1 = 1; // Using SHA1 for digital signature is deprecated but HMAC-SHA1 is fine.
- SHA224 = 2;
SHA256 = 3;
SHA512 = 4;
};