Add interfaces for hybrid parameters and key types.

PiperOrigin-RevId: 550883369

5 files changed, 225 insertions, 23 deletions

diff --git a/cc/hybrid/BUILD.bazel b/cc/hybrid/BUILD.bazel
index 23f8f51f7..df0871b92 100644
--- a/cc/hybrid/BUILD.bazel
+++ b/cc/hybrid/BUILD.bazel
@@ -269,6 +269,49 @@ cc_library(
     ],
 )
 
+cc_library(
+    name = "failing_hybrid",
+    srcs = ["failing_hybrid.cc"],
+    hdrs = ["failing_hybrid.h"],
+    include_prefix = "tink/hybrid",
+    deps = [
+        "//:hybrid_decrypt",
+        "//:hybrid_encrypt",
+        "@com_google_absl//absl/strings",
+    ],
+)
+
+cc_library(
+    name = "hybrid_parameters",
+    hdrs = ["hybrid_parameters.h"],
+    include_prefix = "tink/hybrid",
+    deps = ["//:parameters"],
+)
+
+cc_library(
+    name = "hybrid_public_key",
+    hdrs = ["hybrid_public_key.h"],
+    include_prefix = "tink/hybrid",
+    deps = [
+        ":hybrid_parameters",
+        "//:key",
+        "@com_google_absl//absl/strings",
+    ],
+)
+
+cc_library(
+    name = "hybrid_private_key",
+    hdrs = ["hybrid_private_key.h"],
+    include_prefix = "tink/hybrid",
+    deps = [
+        ":hybrid_parameters",
+        ":hybrid_public_key",
+        "//:key",
+        "//:private_key",
+        "@com_google_absl//absl/strings",
+    ],
+)
+
 # tests
 
 cc_test(
@@ -535,18 +578,6 @@ cc_test(
     ],
 )
 
-cc_library(
-    name = "failing_hybrid",
-    srcs = ["failing_hybrid.cc"],
-    hdrs = ["failing_hybrid.h"],
-    include_prefix = "tink/hybrid",
-    deps = [
-        "//:hybrid_decrypt",
-        "//:hybrid_encrypt",
-        "@com_google_absl//absl/strings",
-    ],
-)
-
 cc_test(
     name = "failing_hybrid_test",
     srcs = ["failing_hybrid_test.cc"],
diff --git a/cc/hybrid/CMakeLists.txt b/cc/hybrid/CMakeLists.txt
index cd213c8d7..a1a641173 100644
--- a/cc/hybrid/CMakeLists.txt
+++ b/cc/hybrid/CMakeLists.txt
@@ -250,6 +250,47 @@ tink_cc_library(
     tink::proto::tink_cc_proto
 )
 
+tink_cc_library(
+  NAME failing_hybrid
+  SRCS
+    failing_hybrid.cc
+    failing_hybrid.h
+  DEPS
+    absl::strings
+    tink::core::hybrid_decrypt
+    tink::core::hybrid_encrypt
+)
+
+tink_cc_library(
+  NAME hybrid_parameters
+  SRCS
+    hybrid_parameters.h
+  DEPS
+    tink::core::parameters
+)
+
+tink_cc_library(
+  NAME hybrid_public_key
+  SRCS
+    hybrid_public_key.h
+  DEPS
+    tink::hybrid::hybrid_parameters
+    absl::strings
+    tink::core::key
+)
+
+tink_cc_library(
+  NAME hybrid_private_key
+  SRCS
+    hybrid_private_key.h
+  DEPS
+    tink::hybrid::hybrid_parameters
+    tink::hybrid::hybrid_public_key
+    absl::strings
+    tink::core::key
+    tink::core::private_key
+)
+
 # tests
 
 tink_cc_test(
@@ -506,17 +547,6 @@ tink_cc_test(
     tink::proto::tink_cc_proto
 )
 
-tink_cc_library(
-  NAME failing_hybrid
-  SRCS
-    failing_hybrid.cc
-    failing_hybrid.h
-  DEPS
-    absl::strings
-    tink::core::hybrid_decrypt
-    tink::core::hybrid_encrypt
-)
-
 tink_cc_test(
   NAME failing_hybrid_test
   SRCS
diff --git a/cc/hybrid/hybrid_parameters.h b/cc/hybrid/hybrid_parameters.h
new file mode 100644
index 000000000..add1e8ffb
--- /dev/null
+++ b/cc/hybrid/hybrid_parameters.h
@@ -0,0 +1,32 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+#ifndef TINK_HYBRID_HYBRID_PARAMETERS_H_
+#define TINK_HYBRID_HYBRID_PARAMETERS_H_
+
+#include "tink/parameters.h"
+
+namespace crypto {
+namespace tink {
+
+// Describes a hybrid encryption key pair (e.g., key attributes), excluding the
+// randomly chosen key material.
+class HybridParameters : public Parameters {};
+
+}  // namespace tink
+}  // namespace crypto
+
+#endif  // TINK_HYBRID_HYBRID_PARAMETERS_H_
diff --git a/cc/hybrid/hybrid_private_key.h b/cc/hybrid/hybrid_private_key.h
new file mode 100644
index 000000000..caade1157
--- /dev/null
+++ b/cc/hybrid/hybrid_private_key.h
@@ -0,0 +1,61 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+#ifndef TINK_HYBRID_HYBRID_PRIVATE_KEY_H_
+#define TINK_HYBRID_HYBRID_PRIVATE_KEY_H_
+
+#include "absl/strings/string_view.h"
+#include "tink/hybrid/hybrid_parameters.h"
+#include "tink/hybrid/hybrid_public_key.h"
+#include "tink/key.h"
+#include "tink/private_key.h"
+
+namespace crypto {
+namespace tink {
+
+// Represents the decryption function for a hybrid encryption primitive.
+class HybridPrivateKey : public PrivateKey {
+ public:
+  const HybridPublicKey& GetPublicKey() const override = 0;
+
+  // Returns the bytes prefixed to every ciphertext generated by the
+  // corresponding public key.
+  //
+  // In order to make key rotation more efficient, Tink allows every hybrid
+  // private key to have an associated ciphertext output prefix. When decrypting
+  // a ciphertext, only keys with a matching prefix have to be tried.
+  //
+  // See https://developers.google.com/tink/wire-format#tink_output_prefix for
+  // more background information on Tink output prefixes.
+  absl::string_view GetOutputPrefix() const {
+    return GetPublicKey().GetOutputPrefix();
+  }
+
+  absl::optional<int> GetIdRequirement() const override {
+    return GetPublicKey().GetIdRequirement();
+  }
+
+  const HybridParameters& GetParameters() const override {
+    return GetPublicKey().GetParameters();
+  }
+
+  bool operator==(const Key& other) const override = 0;
+};
+
+}  // namespace tink
+}  // namespace crypto
+
+#endif  // TINK_HYBRID_HYBRID_PRIVATE_KEY_H_
diff --git a/cc/hybrid/hybrid_public_key.h b/cc/hybrid/hybrid_public_key.h
new file mode 100644
index 000000000..b5542c533
--- /dev/null
+++ b/cc/hybrid/hybrid_public_key.h
@@ -0,0 +1,48 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+#ifndef TINK_HYBRID_HYBRID_PUBLIC_KEY_H_
+#define TINK_HYBRID_HYBRID_PUBLIC_KEY_H_
+
+#include "absl/strings/string_view.h"
+#include "tink/hybrid/hybrid_parameters.h"
+#include "tink/key.h"
+
+namespace crypto {
+namespace tink {
+
+// Represents the encryption function for a hybrid encryption primitive.
+class HybridPublicKey : public Key {
+ public:
+  // Returns the bytes prefixed to every ciphertext generated by this key.
+  //
+  // In order to make key rotation more efficient, Tink allows every hybrid
+  // public key to have an associated ciphertext output prefix. When decrypting
+  // a ciphertext, only keys with a matching prefix have to be tried.
+  //
+  // See https://developers.google.com/tink/wire-format#tink_output_prefix for
+  // more background information on Tink output prefixes.
+  virtual absl::string_view GetOutputPrefix() const = 0;
+
+  const HybridParameters& GetParameters() const override = 0;
+
+  bool operator==(const Key& other) const override = 0;
+};
+
+}  // namespace tink
+}  // namespace crypto
+
+#endif  // TINK_HYBRID_HYBRID_PUBLIC_KEY_H_