From e8b2a57a78832d66376be8a7e278a0f7619c6d87 Mon Sep 17 00:00:00 2001
From: Thai Duong <thaidn@google.com>
Date: Fri, 20 Apr 2018 17:30:59 -0700
Subject: [PATCH] Removing references to NIST P-224 and SHA224, which we never
supported and are not used in many places.
We keep SHA1 because HMAC-SHA1 is safe and a popular MAC.
PiperOrigin-RevId: 193747110
GitOrigin-RevId: 2f657666903fc8e7c3963017a7462ac33bb7b20d
---
cc/hybrid/ecies_aead_hkdf_hybrid_decrypt_test.cc | 8 +++-----
cc/hybrid/ecies_aead_hkdf_hybrid_encrypt_test.cc | 8 +++-----
cc/signature/ecdsa_sign_key_manager_test.cc | 2 +-
cc/signature/ecdsa_verify_key_manager_test.cc | 2 +-
cc/subtle/common_enums.cc | 4 ----
cc/subtle/common_enums.h | 2 --
cc/subtle/common_enums_test.cc | 2 --
cc/subtle/ec_util_test.cc | 7 +------
cc/subtle/subtle_util_boringssl.cc | 4 ----
cc/subtle/wycheproof_util.cc | 6 +-----
cc/util/enums.cc | 8 --------
cc/util/enums_test.cc | 12 ++----------
go/subtle/util.go | 2 --
go/subtle/util_test.go | 3 ---
.../crypto/tink/aead/AeadKeyTemplatesTest.java | 2 +-
.../tink/signature/SignatureKeyTemplatesTest.java | 2 +-
.../streamingaead/StreamingAeadKeyTemplatesTest.java | 2 +-
proto/common.proto | 2 --
18 files changed, 15 insertions(+), 63 deletions(-)
diff --git a/cc/hybrid/ecies_aead_hkdf_hybrid_decrypt_test.cc b/cc/hybrid/ecies_aead_hkdf_hybrid_decrypt_test.cc
index cc33dae69..792fde68a 100644
--- a/cc/hybrid/ecies_aead_hkdf_hybrid_decrypt_test.cc
+++ b/cc/hybrid/ecies_aead_hkdf_hybrid_decrypt_test.cc
@@ -131,13 +131,11 @@ TEST_F(EciesAeadHkdfHybridDecryptTest, testBasic) {
// Generate and test many keys with various parameters.
std::string context_info = "some context info";
- for (auto curve :
- {EllipticCurveType::NIST_P224, EllipticCurveType::NIST_P256,
- EllipticCurveType::NIST_P384, EllipticCurveType::NIST_P521}) {
+ for (auto curve : {EllipticCurveType::NIST_P256, EllipticCurveType::NIST_P384,
+ EllipticCurveType::NIST_P521}) {
for (auto ec_point_format :
{EcPointFormat::UNCOMPRESSED, EcPointFormat::COMPRESSED}) {
- for (auto hash_type :
- {HashType::SHA224, HashType::SHA256, HashType::SHA512}) {
+ for (auto hash_type : {HashType::SHA256, HashType::SHA512}) {
for (uint32_t aes_gcm_key_size : {16, 24, 32}) {
for (uint32_t plaintext_size : {1, 10, 100, 1000}) {
ecies_key = test::GetEciesAesGcmHkdfTestKey(
diff --git a/cc/hybrid/ecies_aead_hkdf_hybrid_encrypt_test.cc b/cc/hybrid/ecies_aead_hkdf_hybrid_encrypt_test.cc
index 6e227fa61..a5107055a 100644
--- a/cc/hybrid/ecies_aead_hkdf_hybrid_encrypt_test.cc
+++ b/cc/hybrid/ecies_aead_hkdf_hybrid_encrypt_test.cc
@@ -126,13 +126,11 @@ TEST_F(EciesAeadHkdfHybridEncryptTest, testBasic) {
// Generate and test many keys with various parameters.
std::string plaintext = "some plaintext";
std::string context_info = "some context info";
- for (auto curve :
- {EllipticCurveType::NIST_P224, EllipticCurveType::NIST_P256,
- EllipticCurveType::NIST_P384, EllipticCurveType::NIST_P521}) {
+ for (auto curve : {EllipticCurveType::NIST_P256, EllipticCurveType::NIST_P384,
+ EllipticCurveType::NIST_P521}) {
for (auto ec_point_format :
{EcPointFormat::UNCOMPRESSED, EcPointFormat::COMPRESSED}) {
- for (auto hash_type :
- {HashType::SHA224, HashType::SHA256, HashType::SHA512}) {
+ for (auto hash_type : {HashType::SHA256, HashType::SHA512}) {
for (uint32_t aes_gcm_key_size : {16, 24, 32}) {
ecies_key = test::GetEciesAesGcmHkdfTestKey(
curve, ec_point_format, hash_type, aes_gcm_key_size);
diff --git a/cc/signature/ecdsa_sign_key_manager_test.cc b/cc/signature/ecdsa_sign_key_manager_test.cc
index d8c1fccf7..87663a822 100644
--- a/cc/signature/ecdsa_sign_key_manager_test.cc
+++ b/cc/signature/ecdsa_sign_key_manager_test.cc
@@ -127,7 +127,7 @@ TEST_F(EcdsaSignKeyManagerTest, testKeyMessageErrors) {
EcdsaPrivateKey key;
auto public_key = key.mutable_public_key();
public_key->mutable_params()->set_encoding(EcdsaSignatureEncoding::DER);
- public_key->mutable_params()->set_curve(EllipticCurveType::NIST_P224);
+ public_key->mutable_params()->set_curve(EllipticCurveType::UNKNOWN_CURVE);
auto result = key_manager.GetPrimitive(key);
EXPECT_FALSE(result.ok());
EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
diff --git a/cc/signature/ecdsa_verify_key_manager_test.cc b/cc/signature/ecdsa_verify_key_manager_test.cc
index d2d31b6e9..7c408fcf6 100644
--- a/cc/signature/ecdsa_verify_key_manager_test.cc
+++ b/cc/signature/ecdsa_verify_key_manager_test.cc
@@ -127,7 +127,7 @@ TEST_F(EcdsaVerifyKeyManagerTest, testKeyMessageErrors) {
{ // Bad elliptic curve.
EcdsaPublicKey key;
key.mutable_params()->set_encoding(EcdsaSignatureEncoding::DER);
- key.mutable_params()->set_curve(EllipticCurveType::NIST_P224);
+ key.mutable_params()->set_curve(EllipticCurveType::UNKNOWN_CURVE);
auto result = key_manager.GetPrimitive(key);
EXPECT_FALSE(result.ok());
EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
diff --git a/cc/subtle/common_enums.cc b/cc/subtle/common_enums.cc
index aa0fb8b94..d8bccd8f9 100644
--- a/cc/subtle/common_enums.cc
+++ b/cc/subtle/common_enums.cc
@@ -24,8 +24,6 @@ namespace subtle {
std::string EnumToString(EllipticCurveType type) {
switch (type) {
- case EllipticCurveType::NIST_P224:
- return "NIST_P224";
case EllipticCurveType::NIST_P256:
return "NIST_P256";
case EllipticCurveType::NIST_P384:
@@ -56,8 +54,6 @@ std::string EnumToString(HashType type) {
switch (type) {
case HashType::SHA1:
return "SHA1";
- case HashType::SHA224:
- return "SHA224";
case HashType::SHA256:
return "SHA256";
case HashType::SHA512:
diff --git a/cc/subtle/common_enums.h b/cc/subtle/common_enums.h
index 1adf9d5d6..cce4b9d04 100644
--- a/cc/subtle/common_enums.h
+++ b/cc/subtle/common_enums.h
@@ -26,7 +26,6 @@ namespace subtle {
// Common enums used by classes in subtle.
enum EllipticCurveType {
UNKNOWN_CURVE = 0,
- NIST_P224 = 1,
NIST_P256 = 2,
NIST_P384 = 3,
NIST_P521 = 4,
@@ -41,7 +40,6 @@ enum EcPointFormat {
enum HashType {
UNKNOWN_HASH = 0,
SHA1 = 1, // SHA1 for digital signature is deprecated but HMAC-SHA1 is fine.
- SHA224 = 2,
SHA256 = 3,
SHA512 = 4,
};
diff --git a/cc/subtle/common_enums_test.cc b/cc/subtle/common_enums_test.cc
index 7578f7622..9c5c58058 100644
--- a/cc/subtle/common_enums_test.cc
+++ b/cc/subtle/common_enums_test.cc
@@ -25,7 +25,6 @@ namespace {
class CommonEnumsTest : public ::testing::Test {};
TEST_F(CommonEnumsTest, testEllipticCurveTypeToString) {
- EXPECT_EQ("NIST_P224", EnumToString(EllipticCurveType::NIST_P224));
EXPECT_EQ("NIST_P256", EnumToString(EllipticCurveType::NIST_P256));
EXPECT_EQ("NIST_P384", EnumToString(EllipticCurveType::NIST_P384));
EXPECT_EQ("NIST_P521", EnumToString(EllipticCurveType::NIST_P521));
@@ -35,7 +34,6 @@ TEST_F(CommonEnumsTest, testEllipticCurveTypeToString) {
TEST_F(CommonEnumsTest, testHashTypeToString) {
EXPECT_EQ("SHA1", EnumToString(HashType::SHA1));
- EXPECT_EQ("SHA224", EnumToString(HashType::SHA224));
EXPECT_EQ("SHA256", EnumToString(HashType::SHA256));
EXPECT_EQ("SHA512", EnumToString(HashType::SHA512));
EXPECT_EQ("UNKNOWN_HASH", EnumToString(HashType::UNKNOWN_HASH));
diff --git a/cc/subtle/ec_util_test.cc b/cc/subtle/ec_util_test.cc
index f8232b8fd..eeb04908a 100644
--- a/cc/subtle/ec_util_test.cc
+++ b/cc/subtle/ec_util_test.cc
@@ -39,12 +39,7 @@ struct TestVector {
};
static const std::vector<TestVector> test_vector(
- {{"af33cd0629bc7e996320a3f40368f74de8704fa37b8fab69abaae280",
- "882092ccbba7930f419a8a4f9bb16978bbc3838729992559a6f2e2d7",
- "8346a60fc6f293ca5a0d2af68ba71d1dd389e5e40837942df3e43cbd",
- "7d96f9a3bd3c05cf5cc37feb8b9d5209d5c2597464dec3e9983743e8",
- EllipticCurveType::NIST_P224},
- {"700c48f77f56584c5cc632ca65640db91b6bacce3a4df6b42ce7cc838833d287",
+ {{"700c48f77f56584c5cc632ca65640db91b6bacce3a4df6b42ce7cc838833d287",
"db71e509e3fd9b060ddb20ba5c51dcc5948d46fbf640dfe0441782cab85fa4ac",
"7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534",
"46fc62106420ff012e54a434fbdd2d25ccc5852060561e68040dd7778997bd7b",
diff --git a/cc/subtle/subtle_util_boringssl.cc b/cc/subtle/subtle_util_boringssl.cc
index 3515316df..7dddfa1f5 100644
--- a/cc/subtle/subtle_util_boringssl.cc
+++ b/cc/subtle/subtle_util_boringssl.cc
@@ -50,8 +50,6 @@ size_t FieldElementSizeInBytes(const EC_GROUP* group) {
util::StatusOr<EC_GROUP *> SubtleUtilBoringSSL::GetEcGroup(
EllipticCurveType curve_type) {
switch (curve_type) {
- case EllipticCurveType::NIST_P224:
- return EC_GROUP_new_by_curve_name(NID_secp224r1);
case EllipticCurveType::NIST_P256:
return EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
case EllipticCurveType::NIST_P384:
@@ -136,8 +134,6 @@ util::StatusOr<const EVP_MD *> SubtleUtilBoringSSL::EvpHash(
switch (hash_type) {
case HashType::SHA1:
return EVP_sha1();
- case HashType::SHA224:
- return EVP_sha224();
case HashType::SHA256:
return EVP_sha256();
case HashType::SHA512:
diff --git a/cc/subtle/wycheproof_util.cc b/cc/subtle/wycheproof_util.cc
index e001f1ff8..e15034b44 100644
--- a/cc/subtle/wycheproof_util.cc
+++ b/cc/subtle/wycheproof_util.cc
@@ -47,8 +47,6 @@ HashType WycheproofUtil::GetHashType(const Json::Value &val) {
std::string md = val.asString();
if (md == "SHA-1") {
return HashType::SHA1;
- } else if (md == "SHA-224") {
- return HashType::SHA224;
} else if (md == "SHA-256") {
return HashType::SHA256;
} else if (md == "SHA-384") {
@@ -63,9 +61,7 @@ HashType WycheproofUtil::GetHashType(const Json::Value &val) {
EllipticCurveType
WycheproofUtil::GetEllipticCurveType(const Json::Value &val) {
std::string curve = val.asString();
- if (curve == "secp224r1") {
- return EllipticCurveType::NIST_P224;
- } else if (curve == "secp256r1") {
+ if (curve == "secp256r1") {
return EllipticCurveType::NIST_P256;
} else if (curve == "secp384r1") {
return EllipticCurveType::NIST_P384;
diff --git a/cc/util/enums.cc b/cc/util/enums.cc
index a12a18cd2..25ab9cda3 100644
--- a/cc/util/enums.cc
+++ b/cc/util/enums.cc
@@ -26,8 +26,6 @@ namespace util {
// static
pb::EllipticCurveType Enums::SubtleToProto(subtle::EllipticCurveType type) {
switch (type) {
- case subtle::EllipticCurveType::NIST_P224:
- return pb::EllipticCurveType::NIST_P224;
case subtle::EllipticCurveType::NIST_P256:
return pb::EllipticCurveType::NIST_P256;
case subtle::EllipticCurveType::NIST_P384:
@@ -42,8 +40,6 @@ pb::EllipticCurveType Enums::SubtleToProto(subtle::EllipticCurveType type) {
// static
subtle::EllipticCurveType Enums::ProtoToSubtle(pb::EllipticCurveType type) {
switch (type) {
- case pb::EllipticCurveType::NIST_P224:
- return subtle::EllipticCurveType::NIST_P224;
case pb::EllipticCurveType::NIST_P256:
return subtle::EllipticCurveType::NIST_P256;
case pb::EllipticCurveType::NIST_P384:
@@ -84,8 +80,6 @@ pb::HashType Enums::SubtleToProto(subtle::HashType type) {
switch (type) {
case subtle::HashType::SHA1:
return pb::HashType::SHA1;
- case subtle::HashType::SHA224:
- return pb::HashType::SHA224;
case subtle::HashType::SHA256:
return pb::HashType::SHA256;
case subtle::HashType::SHA512:
@@ -100,8 +94,6 @@ subtle::HashType Enums::ProtoToSubtle(pb::HashType type) {
switch (type) {
case pb::HashType::SHA1:
return subtle::HashType::SHA1;
- case pb::HashType::SHA224:
- return subtle::HashType::SHA224;
case pb::HashType::SHA256:
return subtle::HashType::SHA256;
case pb::HashType::SHA512:
diff --git a/cc/util/enums_test.cc b/cc/util/enums_test.cc
index fadc4b4fd..a5455079c 100644
--- a/cc/util/enums_test.cc
+++ b/cc/util/enums_test.cc
@@ -32,8 +32,6 @@ class EnumsTest : public ::testing::Test {
};
TEST_F(EnumsTest, testEllipticCurveType) {
- EXPECT_EQ(pb::EllipticCurveType::NIST_P224,
- Enums::SubtleToProto(subtle::EllipticCurveType::NIST_P224));
EXPECT_EQ(pb::EllipticCurveType::NIST_P256,
Enums::SubtleToProto(subtle::EllipticCurveType::NIST_P256));
EXPECT_EQ(pb::EllipticCurveType::NIST_P384,
@@ -45,8 +43,6 @@ TEST_F(EnumsTest, testEllipticCurveType) {
EXPECT_EQ(pb::EllipticCurveType::UNKNOWN_CURVE,
Enums::SubtleToProto((subtle::EllipticCurveType)42));
- EXPECT_EQ(subtle::EllipticCurveType::NIST_P224,
- Enums::ProtoToSubtle(pb::EllipticCurveType::NIST_P224));
EXPECT_EQ(subtle::EllipticCurveType::NIST_P256,
Enums::ProtoToSubtle(pb::EllipticCurveType::NIST_P256));
EXPECT_EQ(subtle::EllipticCurveType::NIST_P384,
@@ -70,14 +66,12 @@ TEST_F(EnumsTest, testEllipticCurveType) {
count++;
}
}
- EXPECT_EQ(5, count);
+ EXPECT_EQ(4, count);
}
TEST_F(EnumsTest, testHashType) {
EXPECT_EQ(pb::HashType::SHA1,
Enums::SubtleToProto(subtle::HashType::SHA1));
- EXPECT_EQ(pb::HashType::SHA224,
- Enums::SubtleToProto(subtle::HashType::SHA224));
EXPECT_EQ(pb::HashType::SHA256,
Enums::SubtleToProto(subtle::HashType::SHA256));
EXPECT_EQ(pb::HashType::SHA512,
@@ -89,8 +83,6 @@ TEST_F(EnumsTest, testHashType) {
EXPECT_EQ(subtle::HashType::SHA1,
Enums::ProtoToSubtle(pb::HashType::SHA1));
- EXPECT_EQ(subtle::HashType::SHA224,
- Enums::ProtoToSubtle(pb::HashType::SHA224));
EXPECT_EQ(subtle::HashType::SHA256,
Enums::ProtoToSubtle(pb::HashType::SHA256));
EXPECT_EQ(subtle::HashType::SHA512,
@@ -112,7 +104,7 @@ TEST_F(EnumsTest, testHashType) {
count++;
}
}
- EXPECT_EQ(5, count);
+ EXPECT_EQ(4, count);
}
TEST_F(EnumsTest, testEcPointFormat) {
diff --git a/go/subtle/util.go b/go/subtle/util.go
index 88fa7f953..34e7e1afb 100644
--- a/go/subtle/util.go
+++ b/go/subtle/util.go
@@ -73,8 +73,6 @@ func GetHashFunc(hash string) func() hash.Hash {
// It returns null if the curve type is not supported.
func GetCurve(curve string) elliptic.Curve {
switch curve {
- case "NIST_P224":
- return elliptic.P224()
case "NIST_P256":
return elliptic.P256()
case "NIST_P384":
diff --git a/go/subtle/util_test.go b/go/subtle/util_test.go
index 111c6f7f7..8b75ea1f4 100644
--- a/go/subtle/util_test.go
+++ b/go/subtle/util_test.go
@@ -67,9 +67,6 @@ func TestComputeHash(t *testing.T) {
}
func TestGetCurve(t *testing.T) {
- if subtle.GetCurve("NIST_P224").Params().Name != "P-224" {
- t.Errorf("incorrect result for NIST_P224")
- }
if subtle.GetCurve("NIST_P256").Params().Name != "P-256" {
t.Errorf("incorrect result for NIST_P256")
}
diff --git a/java/src/test/java/com/google/crypto/tink/aead/AeadKeyTemplatesTest.java b/java/src/test/java/com/google/crypto/tink/aead/AeadKeyTemplatesTest.java
index 57eca5b3f..025d3145d 100644
--- a/java/src/test/java/com/google/crypto/tink/aead/AeadKeyTemplatesTest.java
+++ b/java/src/test/java/com/google/crypto/tink/aead/AeadKeyTemplatesTest.java
@@ -149,7 +149,7 @@ public class AeadKeyTemplatesTest {
int ivSize = 72;
int hmacKeySize = 24;
int tagSize = 27;
- HashType hashType = HashType.SHA224;
+ HashType hashType = HashType.UNKNOWN_HASH;
KeyTemplate template = AeadKeyTemplates.createAesCtrHmacAeadKeyTemplate(
aesKeySize, ivSize, hmacKeySize, tagSize, hashType);
assertEquals(AesCtrHmacAeadKeyManager.TYPE_URL, template.getTypeUrl());
diff --git a/java/src/test/java/com/google/crypto/tink/signature/SignatureKeyTemplatesTest.java b/java/src/test/java/com/google/crypto/tink/signature/SignatureKeyTemplatesTest.java
index b08c45c22..fac7a1579 100644
--- a/java/src/test/java/com/google/crypto/tink/signature/SignatureKeyTemplatesTest.java
+++ b/java/src/test/java/com/google/crypto/tink/signature/SignatureKeyTemplatesTest.java
@@ -76,7 +76,7 @@ public class SignatureKeyTemplatesTest {
// Intentionally using "weird" or invalid values for parameters,
// to test that the function correctly puts them in the resulting template.
HashType hashType = HashType.SHA512;
- EllipticCurveType curve = EllipticCurveType.NIST_P224;
+ EllipticCurveType curve = EllipticCurveType.UNKNOWN_CURVE;
EcdsaSignatureEncoding encoding = EcdsaSignatureEncoding.IEEE_P1363;
KeyTemplate template = SignatureKeyTemplates.createEcdsaKeyTemplate(hashType, curve, encoding);
assertEquals(EcdsaSignKeyManager.TYPE_URL, template.getTypeUrl());
diff --git a/java/src/test/java/com/google/crypto/tink/streamingaead/StreamingAeadKeyTemplatesTest.java b/java/src/test/java/com/google/crypto/tink/streamingaead/StreamingAeadKeyTemplatesTest.java
index e013a6654..08344ee09 100644
--- a/java/src/test/java/com/google/crypto/tink/streamingaead/StreamingAeadKeyTemplatesTest.java
+++ b/java/src/test/java/com/google/crypto/tink/streamingaead/StreamingAeadKeyTemplatesTest.java
@@ -99,7 +99,7 @@ public class StreamingAeadKeyTemplatesTest {
int tagSize = 45;
int ciphertextSegmentSize = 12345;
HashType hkdfHashType = HashType.SHA512;
- HashType macHashType = HashType.SHA224;
+ HashType macHashType = HashType.UNKNOWN_HASH;
KeyTemplate template = StreamingAeadKeyTemplates.createAesCtrHmacStreamingKeyTemplate(
mainKeySize, hkdfHashType, derivedKeySize,
macHashType, tagSize, ciphertextSegmentSize);
diff --git a/proto/common.proto b/proto/common.proto
index c4ba0be38..4623c7b70 100644
--- a/proto/common.proto
+++ b/proto/common.proto
@@ -26,7 +26,6 @@ option go_package = "github.com/google/tink/proto/common_go_proto";
enum EllipticCurveType {
UNKNOWN_CURVE = 0;
- NIST_P224 = 1;
NIST_P256 = 2;
NIST_P384 = 3;
NIST_P521 = 4;
@@ -41,7 +40,6 @@ enum EcPointFormat {
enum HashType {
UNKNOWN_HASH = 0;
SHA1 = 1; // Using SHA1 for digital signature is deprecated but HMAC-SHA1 is fine.
- SHA224 = 2;
SHA256 = 3;
SHA512 = 4;
};
--
GitLab