Migrate code which modifies SecretData objects with individual bytes …

…to SecretBuffer. SecretData will only get assignment operators, assigning complete chunks or SecretBuffer objects. PiperOrigin-RevId: 720168486 Change-Id: I5c4d8fa4bd4d3833f4042d03565db19bada11d64
tink-crypto · Jan 27, 2025 · 954e9e6 · 954e9e6
1 parent 92ef56a
commit 954e9e6
Show file tree

Hide file tree

Showing 12 changed files with 48 additions and 30 deletions.
diff --git a/tink/experimental/pqcrypto/kem/BUILD.bazel b/tink/experimental/pqcrypto/kem/BUILD.bazel
@@ -322,6 +322,7 @@ cc_test(
         "//tink:key",
         "//tink:partial_key_access",
         "//tink:restricted_data",
+        "//tink/internal:secret_buffer",
         "//tink/util:secret_data",
         "//tink/util:statusor",
         "//tink/util:test_matchers",

diff --git a/tink/experimental/pqcrypto/kem/CMakeLists.txt b/tink/experimental/pqcrypto/kem/CMakeLists.txt
@@ -309,6 +309,7 @@ tink_cc_test(
     tink::core::key
     tink::core::partial_key_access
     tink::core::restricted_data
+    tink::internal::secret_buffer
     tink::util::secret_data
     tink::util::statusor
     tink::util::test_matchers

diff --git a/tink/experimental/pqcrypto/kem/internal/BUILD.bazel b/tink/experimental/pqcrypto/kem/internal/BUILD.bazel
@@ -109,6 +109,7 @@ cc_library(
         "//tink/experimental/pqcrypto/kem:ml_kem_parameters",
         "//tink/experimental/pqcrypto/kem:ml_kem_private_key",
         "//tink/experimental/pqcrypto/kem:ml_kem_public_key",
+        "//tink/internal:secret_buffer",
         "//tink/util:secret_data",
         "//tink/util:status",
         "//tink/util:statusor",

diff --git a/tink/experimental/pqcrypto/kem/internal/CMakeLists.txt b/tink/experimental/pqcrypto/kem/internal/CMakeLists.txt
@@ -105,6 +105,7 @@ tink_cc_library(
     tink::experimental::pqcrypto::kem::ml_kem_parameters
     tink::experimental::pqcrypto::kem::ml_kem_private_key
     tink::experimental::pqcrypto::kem::ml_kem_public_key
+    tink::internal::secret_buffer
     tink::util::secret_data
     tink::util::status
     tink::util::statusor

diff --git a/tink/experimental/pqcrypto/kem/internal/ml_kem_raw_decapsulate_boringssl.cc b/tink/experimental/pqcrypto/kem/internal/ml_kem_raw_decapsulate_boringssl.cc
@@ -109,13 +109,14 @@ util::StatusOr<RestrictedData> MlKemRawDecapsulateBoringSsl::Decapsulate(
                         "Decapsulation failed: invalid output prefix");
   }
 
-  util::SecretData shared_secret(MLKEM_SHARED_SECRET_BYTES);
+  internal::SecretBuffer shared_secret(MLKEM_SHARED_SECRET_BYTES);
   MLKEM768_decap(
       shared_secret.data(),
       reinterpret_cast<const uint8_t*>(&ciphertext[output_prefix_size]),
       MLKEM768_CIPHERTEXT_BYTES, boringssl_private_key_.get());
 
-  return RestrictedData(shared_secret, InsecureSecretKeyAccess::Get());
+  return RestrictedData(util::internal::AsSecretData(shared_secret),
+                        InsecureSecretKeyAccess::Get());
 }
 
 }  // namespace

diff --git a/tink/experimental/pqcrypto/kem/internal/ml_kem_raw_encapsulate_boringssl.cc b/tink/experimental/pqcrypto/kem/internal/ml_kem_raw_encapsulate_boringssl.cc
@@ -101,13 +101,14 @@ util::StatusOr<RawKemEncapsulation> MlKemRawEncapsulateBoringSsl::Encapsulate()
   subtle::ResizeStringUninitialized(
       &ciphertext, output_prefix_size + MLKEM768_CIPHERTEXT_BYTES);
 
-  util::SecretData shared_secret(MLKEM_SHARED_SECRET_BYTES);
+  internal::SecretBuffer shared_secret(MLKEM_SHARED_SECRET_BYTES);
   MLKEM768_encap(reinterpret_cast<uint8_t*>(&ciphertext[output_prefix_size]),
                  shared_secret.data(), boringssl_public_key_.get());
 
   return RawKemEncapsulation{
       std::move(ciphertext),
-      RestrictedData(shared_secret, InsecureSecretKeyAccess::Get()),
+      RestrictedData(util::internal::AsSecretData(std::move(shared_secret)),
+                     InsecureSecretKeyAccess::Get()),
   };
 }
 

diff --git a/tink/experimental/pqcrypto/kem/internal/ml_kem_test_util.cc b/tink/experimental/pqcrypto/kem/internal/ml_kem_test_util.cc
@@ -30,6 +30,7 @@
 #include "tink/experimental/pqcrypto/kem/ml_kem_private_key.h"
 #include "tink/experimental/pqcrypto/kem/ml_kem_public_key.h"
 #include "tink/insecure_secret_key_access.h"
+#include "tink/internal/secret_buffer.h"
 #include "tink/partial_key_access.h"
 #include "tink/restricted_data.h"
 #include "tink/util/secret_data.h"
@@ -48,18 +49,20 @@ util::StatusOr<MlKemPrivateKey> GenerateMlKemPrivateKey(
   }
 
   std::string public_key_bytes(MLKEM768_PUBLIC_KEY_BYTES, '\0');
-  util::SecretData private_seed_bytes(MLKEM_SEED_BYTES);
+  internal::SecretBuffer private_seed_bytes(MLKEM_SEED_BYTES);
   auto private_key = util::MakeSecretUniquePtr<MLKEM768_private_key>();
   MLKEM768_generate_key(reinterpret_cast<uint8_t*>(&public_key_bytes[0]),
                         private_seed_bytes.data(), private_key.get());
 
   util::StatusOr<MlKemPublicKey> public_key = MlKemPublicKey::Create(
       key_parameters, public_key_bytes, id_requirement, GetPartialKeyAccess());
 
-  return MlKemPrivateKey::Create(*public_key,
-                                 RestrictedData(std::move(private_seed_bytes),
-                                                InsecureSecretKeyAccess::Get()),
-                                 GetPartialKeyAccess());
+  return MlKemPrivateKey::Create(
+      *public_key,
+      RestrictedData(
+          util::internal::AsSecretData(std::move(private_seed_bytes)),
+          InsecureSecretKeyAccess::Get()),
+      GetPartialKeyAccess());
 }
 
 }  // namespace internal

diff --git a/tink/experimental/pqcrypto/kem/ml_kem_private_key_test.cc b/tink/experimental/pqcrypto/kem/ml_kem_private_key_test.cc
@@ -30,6 +30,7 @@
 #include "tink/experimental/pqcrypto/kem/ml_kem_parameters.h"
 #include "tink/experimental/pqcrypto/kem/ml_kem_public_key.h"
 #include "tink/insecure_secret_key_access.h"
+#include "tink/internal/secret_buffer.h"
 #include "tink/key.h"
 #include "tink/partial_key_access.h"
 #include "tink/restricted_data.h"
@@ -71,16 +72,17 @@ struct KeyPair {
 util::StatusOr<KeyPair> GenerateKeyPair() {
   std::string public_key_bytes;
   public_key_bytes.resize(MLKEM768_PUBLIC_KEY_BYTES);
-  util::SecretData private_seed_bytes(MLKEM_SEED_BYTES);
+  internal::SecretBuffer private_seed_bytes(MLKEM_SEED_BYTES);
   auto bssl_private_key = util::MakeSecretUniquePtr<MLKEM768_private_key>();
 
   MLKEM768_generate_key(reinterpret_cast<uint8_t *>(&public_key_bytes[0]),
                         private_seed_bytes.data(), bssl_private_key.get());
 
   return KeyPair{
       public_key_bytes,
-      RestrictedData(std::move(private_seed_bytes),
-                     InsecureSecretKeyAccess::Get()),
+      RestrictedData(
+          util::internal::AsSecretData(std::move(private_seed_bytes)),
+          InsecureSecretKeyAccess::Get()),
   };
 }
 

diff --git a/tink/experimental/pqcrypto/kem/subtle/BUILD.bazel b/tink/experimental/pqcrypto/kem/subtle/BUILD.bazel
@@ -12,6 +12,7 @@ cc_library(
     visibility = ["//visibility:public"],
     deps = [
         "//tink/internal:fips_utils",
+        "//tink/internal:secret_buffer",
         "//tink/subtle:common_enums",
         "//tink/subtle:hkdf",
         "//tink/subtle:random",
@@ -35,6 +36,7 @@ cc_library(
     deps = [
         ":cecpq2_hkdf_sender_kem_boringssl",
         "//tink/internal:fips_utils",
+        "//tink/internal:secret_buffer",
         "//tink/subtle:common_enums",
         "//tink/subtle:hkdf",
         "//tink/util:errors",
@@ -55,6 +57,7 @@ cc_library(
     include_prefix = "tink/experimental/pqcrypto/kem/subtle",
     visibility = ["//visibility:public"],
     deps = [
+        "//tink/internal:secret_buffer",
         "//tink/subtle",
         "//tink/subtle:subtle_util",
         "//tink/util:secret_data",

diff --git a/tink/experimental/pqcrypto/kem/subtle/cecpq2_hkdf_recipient_kem_boringssl.cc b/tink/experimental/pqcrypto/kem/subtle/cecpq2_hkdf_recipient_kem_boringssl.cc
@@ -30,6 +30,7 @@
 #include "openssl/hrss.h"
 #include "tink/experimental/pqcrypto/kem/subtle/cecpq2_hkdf_sender_kem_boringssl.h"
 #include "tink/internal/fips_utils.h"
+#include "tink/internal/secret_buffer.h"
 #include "tink/subtle/common_enums.h"
 #include "tink/subtle/hkdf.h"
 #include "tink/util/errors.h"
@@ -105,7 +106,7 @@ Cecpq2HkdfX25519RecipientKemBoringSsl::GenerateKey(
   }
 
   // Recover X25519 shared secret
-  util::SecretData x25519_shared_secret(X25519_SHARED_KEY_LEN);
+  internal::SecretBuffer x25519_shared_secret(X25519_SHARED_KEY_LEN);
   X25519(x25519_shared_secret.data(), private_key_x25519_.data(),
          reinterpret_cast<const uint8_t*>(kem_bytes.data()));
 
@@ -117,17 +118,17 @@ Cecpq2HkdfX25519RecipientKemBoringSsl::GenerateKey(
                     private_key_hrss_seed_.data());
 
   // Recover HRSS shared secret from kem_bytes and private key
-  util::SecretData hrss_shared_secret(HRSS_KEY_BYTES);
+  internal::SecretBuffer hrss_shared_secret(HRSS_KEY_BYTES);
   HRSS_decap(reinterpret_cast<uint8_t*>(hrss_shared_secret.data()),
              hrss_private_key.get(),
              reinterpret_cast<const uint8_t*>(kem_bytes.data() +
                                               X25519_PUBLIC_VALUE_LEN),
              HRSS_CIPHERTEXT_BYTES);
 
   // Concatenate both shared secrets and kem_bytes
-  util::SecretData ikm = util::SecretDataFromStringView(absl::StrCat(
-      kem_bytes, util::SecretDataAsStringView(x25519_shared_secret),
-      util::SecretDataAsStringView(hrss_shared_secret)));
+  util::SecretData ikm = util::SecretDataFromStringView(
+      absl::StrCat(kem_bytes, x25519_shared_secret.AsStringView(),
+                   hrss_shared_secret.AsStringView()));
 
   // Compute symmetric key from both shared secrets, kem_bytes, hkdf_salt and
   // hkdf_info using HKDF

diff --git a/tink/experimental/pqcrypto/kem/subtle/cecpq2_hkdf_sender_kem_boringssl.cc b/tink/experimental/pqcrypto/kem/subtle/cecpq2_hkdf_sender_kem_boringssl.cc
@@ -29,6 +29,7 @@
 #include "openssl/curve25519.h"
 #include "openssl/hrss.h"
 #include "tink/internal/fips_utils.h"
+#include "tink/internal/secret_buffer.h"
 #include "tink/subtle/common_enums.h"
 #include "tink/subtle/hkdf.h"
 #include "tink/subtle/random.h"
@@ -120,21 +121,21 @@ Cecpq2HkdfX25519SenderKemBoringSsl::GenerateKey(
 
   // Generate the ephemeral X25519 key pair. Note that the
   // X25519_kem_bytes holds the X25519 public key
-  util::SecretData ephemeral_x25519_private_key(X25519_PRIVATE_KEY_LEN);
+  crypto::tink::internal::SecretBuffer ephemeral_x25519_private_key(
+      X25519_PRIVATE_KEY_LEN);
   std::string x25519_kem_bytes(X25519_PUBLIC_VALUE_LEN, '\0');
   X25519_keypair(const_cast<uint8_t *>(reinterpret_cast<const uint8_t *>(
                      x25519_kem_bytes.data())),
                  ephemeral_x25519_private_key.data());
 
   // Generate the x25519 shared secret using peer's X25519 public key and
   // locally generated ephemeral X25519 private key
-  util::SecretData x25519_shared_secret(X25519_SHARED_KEY_LEN);
+  internal::SecretBuffer x25519_shared_secret(X25519_SHARED_KEY_LEN);
   X25519(x25519_shared_secret.data(), ephemeral_x25519_private_key.data(),
          reinterpret_cast<const uint8_t *>(peer_public_key_x25519_.data()));
 
   // Declare the hrss_shared_secret and hrss_kem_bytes to be used in HRSS encaps
-  util::SecretData hrss_shared_secret;
-  hrss_shared_secret.resize(HRSS_KEY_BYTES);
+  internal::SecretBuffer hrss_shared_secret(HRSS_KEY_BYTES);
   // The hrss_kem_bytes will contain the encrypted shared secret
   std::string hrss_kem_bytes;
   subtle::ResizeStringUninitialized(&hrss_kem_bytes, HRSS_CIPHERTEXT_BYTES);
@@ -151,19 +152,18 @@ Cecpq2HkdfX25519SenderKemBoringSsl::GenerateKey(
 
   // Generate a random shared secret and encapsulate it using peer's HRSS public
   // key
-  HRSS_encap(const_cast<uint8_t *>(
-                 reinterpret_cast<const uint8_t *>(hrss_kem_bytes.data())),
-             reinterpret_cast<uint8_t *>(hrss_shared_secret.data()),
-             &peer_public_key_hrss, encaps_entropy.data());
+  HRSS_encap(reinterpret_cast<uint8_t *>(hrss_kem_bytes.data()),
+             hrss_shared_secret.data(), &peer_public_key_hrss,
+             encaps_entropy.data());
 
   // Concatenate the two kem_bytes
   std::string kem_bytes(x25519_kem_bytes);
   kem_bytes += hrss_kem_bytes;
 
   // Concatenate the two shared secrets with the two kem_bytes
-  std::string kem_bytes_and_shared_secrets = absl::StrCat(
-      kem_bytes, util::SecretDataAsStringView(x25519_shared_secret),
-      util::SecretDataAsStringView(hrss_shared_secret));
+  std::string kem_bytes_and_shared_secrets =
+      absl::StrCat(kem_bytes, x25519_shared_secret.AsStringView(),
+                   hrss_shared_secret.AsStringView());
   util::SecretData ikm =
       util::SecretDataFromStringView(kem_bytes_and_shared_secrets);
 

diff --git a/tink/experimental/pqcrypto/kem/subtle/cecpq2_subtle_boringssl_util.cc b/tink/experimental/pqcrypto/kem/subtle/cecpq2_subtle_boringssl_util.cc
@@ -21,6 +21,7 @@
 
 #include "openssl/curve25519.h"
 #include "openssl/hrss.h"
+#include "tink/internal/secret_buffer.h"
 #include "tink/subtle/common_enums.h"
 #include "tink/subtle/random.h"
 #include "tink/subtle/subtle_util.h"
@@ -60,12 +61,14 @@ GenerateCecpq2Keypair(subtle::EllipticCurveType curve_type) {
   crypto::tink::pqc::Cecpq2KeyPair cecpq2_key_pair;
 
   // Generating a X25519 key pair
-  cecpq2_key_pair.x25519_key_pair.priv.resize(X25519_PRIVATE_KEY_LEN);
+  internal::SecretBuffer priv_key_buffer(X25519_PRIVATE_KEY_LEN);
   subtle::ResizeStringUninitialized(&(cecpq2_key_pair.x25519_key_pair.pub_x),
                                     X25519_PUBLIC_VALUE_LEN);
   X25519_keypair(const_cast<uint8_t *>(reinterpret_cast<const uint8_t *>(
                      cecpq2_key_pair.x25519_key_pair.pub_x.data())),
-                 cecpq2_key_pair.x25519_key_pair.priv.data());
+                 priv_key_buffer.data());
+  cecpq2_key_pair.x25519_key_pair.priv =
+      util::internal::AsSecretData(std::move(priv_key_buffer));
 
   // Generating a HRSS key pair
   util::SecretData generate_hrss_key_entropy =