Introduce internal secret sharing implementation

PiperOrigin-RevId: 689905835
Change-Id: I18790f905316fc3845f3ccacb0aefa547492fcb2

client/BUILD

@@ -13,8 +13,6 @@
 # limitations under the License.
 
 load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
-load("//tools/build_defs/go:go_library.bzl", "go_library")
-load("//tools/build_defs/go:go_test.bzl", "go_test")
 
 package(
     default_applicable_licenses = ["//:license"],

client/cloudkms/BUILD

@@ -13,8 +13,6 @@
 # limitations under the License.
 
 load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
-load("//tools/build_defs/go:go_library.bzl", "go_library")
-load("//tools/build_defs/go:go_test.bzl", "go_test")
 
 package(
     default_visibility = ["//:__subpackages__"],

client/confidentialspace/BUILD

@@ -13,8 +13,6 @@
 # limitations under the License.
 
 load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
-load("//tools/build_defs/go:go_library.bzl", "go_library")
-load("//tools/build_defs/go:go_test.bzl", "go_test")
 
 package(
     default_visibility = ["//:__subpackages__"],

client/ekmclient/BUILD

@@ -13,8 +13,6 @@
 # limitations under the License.
 
 load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
-load("//tools/build_defs/go:go_library.bzl", "go_library")
-load("//tools/build_defs/go:go_test.bzl", "go_test")
 
 package(
     default_visibility = ["//:__subpackages__"],

client/internal/secret_sharing/OWNERS

@@ -0,0 +1 @@
+mdb-group:ise-crypto

client/internal/secret_sharing/finitefield/BUILD

@@ -0,0 +1,33 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
+
+package(
+    default_visibility = [
+        "//client/internal/secret_sharing:__subpackages__",
+    ],
+)
+
+go_library(
+    name = "finitefield",
+    srcs = ["finitefield.go"],
+    importpath = "github.com/GoogleCloudPlatform/stet/client/internal/secret_sharing/finitefield",
+)
+
+go_test(
+    name = "finitefield_test",
+    srcs = ["finitefield_test.go"],
+    deps = [":finitefield"],
+)

client/internal/secret_sharing/finitefield/finitefield.go

@@ -0,0 +1,39 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package finitefield represents the finite fields supported by the secret sharing library.
+package finitefield
+
+import "fmt"
+
+// ID represents a finite field supported by the secret sharing library.
+type ID int
+
+const (
+	// GF32 is a Galois Field with characteristic 2^5.
+	GF32 ID = 1 + iota
+	// GF8 is a Galois Field with characteristic 2^8.
+	GF8
+)
+
+func (id ID) String() string {
+	switch id {
+	case GF8:
+		return "GF8"
+	case GF32:
+		return "GF32"
+	default:
+		return fmt.Sprintf("unknown finite field ID: %d", id)
+	}
+}

client/internal/secret_sharing/finitefield/finitefield_test.go

@@ -0,0 +1,32 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package finitefield_test
+
+import (
+	"testing"
+
+	"github.com/GoogleCloudPlatform/stet/client/internal/secret_sharing/finitefield"
+)
+
+func TestFieldIDString(t *testing.T) {
+	want := "GF32"
+	if got := finitefield.GF32.String(); got != want {
+		t.Errorf("finitefield.GF32.String() = %q, want %q", got, want)
+	}
+	want = "GF8"
+	if got := finitefield.GF8.String(); got != want {
+		t.Errorf("finitefield.GF8.String() = %q, want %q", got, want)
+	}
+}

client/internal/secret_sharing/internal/field/BUILD

@@ -0,0 +1,30 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+
+package(
+    default_visibility = [
+        "//client/internal/secret_sharing:__subpackages__",
+    ],
+)
+
+licenses(["notice"])
+
+go_library(
+    name = "field",
+    srcs = ["field.go"],
+    importpath = "github.com/GoogleCloudPlatform/stet/client/internal/secret_sharing/internal/field",
+    deps = ["//client/internal/secret_sharing/finitefield"],
+)

client/internal/secret_sharing/internal/field/field.go

@@ -0,0 +1,61 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package field defines a generic definition of a finite field.
+package field
+
+import "github.com/GoogleCloudPlatform/stet/client/internal/secret_sharing/finitefield"
+
+// Element is an element in a Finite Field
+type Element interface {
+	// Add element `a` and returns a new element.
+	Add(a Element) Element
+	// Subtract element `a` and returns a new element.
+	Subtract(a Element) Element
+	// Multiply by element `a` and returns a new element.
+	Multiply(a Element) Element
+	// Inverse returns an element that's the multiplicative inverse.
+	// If element has no inverse, an error is returned.
+	Inverse() (Element, error)
+	// GT returns true if the element `b` is greater than.
+	GT(b Element) bool
+	// Bytes returns the element in a big endian encoded byte representation.
+	Bytes() []byte
+	// Flip flips an element by multiplying the element by the group order,
+	// Flip is only required if the order of elements in substraction affects the result, hence some
+	// fields might return the same element.
+	Flip() Element
+}
+
+// GaloisField represents a Finite Field.
+type GaloisField interface {
+	// CreateElement creates a new field element from i. The value of i should be within the range
+	// of unsigned integers that can be stored in a byte array of length ElementSize().
+	CreateElement(i int) (Element, error)
+	// NewRandomNonZero generates a random element inside the field.
+	// The random element is assumed to be good enough for cryptographic purposes.
+	NewRandomNonZero() (Element, error)
+	// ReadElement reads an element from a big endian encoded byte slice b at an offset i.
+	ReadElement(b []byte, i int) (Element, error)
+	// EncodeElements encodes a set of field elements into a byte slice of size secLen.
+	// The output of this function can be passed to DecodeElements() to recreate the elements.
+	EncodeElements(parts []Element, secLen int) ([]byte, error)
+	// DecodeElements creates a set of field elements from a byte slice.
+	// Expects the output of EncodeElements().
+	DecodeElements([]byte) []Element
+	// ElementSize returns the size of each element in bytes.
+	ElementSize() int
+	// FieldID returns a unique identifier for the field.
+	FieldID() finitefield.ID
+}

client/internal/secret_sharing/internal/field/gf32/BUILD

@@ -0,0 +1,43 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
+
+package(
+    default_visibility = [
+        "//client/internal/secret_sharing:__subpackages__",
+    ],
+)
+
+licenses(["notice"])
+
+go_library(
+    name = "gf32",
+    srcs = ["gf32.go"],
+    importpath = "github.com/GoogleCloudPlatform/stet/client/internal/secret_sharing/internal/field/gf32",
+    deps = [
+        "//client/internal/secret_sharing/finitefield",
+        "//client/internal/secret_sharing/internal/field",
+    ],
+)
+
+go_test(
+    name = "gf32_test",
+    size = "small",
+    srcs = ["gf32_test.go"],
+    deps = [
+        "//client/internal/secret_sharing/internal/field/gf32",
+        "@com_github_google_go_cmp//cmp:go_default_library",
+    ],
+)