java_src/src/main/java/com/google/crypto/tink/aead/AesCtrHmacAeadKeyManager.java - third_party/tink - Git at Google

 // Copyright 2017 Google Inc.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //
 ////////////////////////////////////////////////////////////////////////////////

 package com.google.crypto.tink.aead;

 import com.google.crypto.tink.Aead;
 import com.google.crypto.tink.KeyTemplate;
 import com.google.crypto.tink.Mac;
 import com.google.crypto.tink.Registry;
 import com.google.crypto.tink.config.internal.TinkFipsUtil;
 import com.google.crypto.tink.internal.KeyTypeManager;
 import com.google.crypto.tink.internal.PrimitiveFactory;
 import com.google.crypto.tink.mac.HmacKeyManager;
 import com.google.crypto.tink.proto.AesCtrHmacAeadKey;
 import com.google.crypto.tink.proto.AesCtrHmacAeadKeyFormat;
 import com.google.crypto.tink.proto.AesCtrKey;
 import com.google.crypto.tink.proto.AesCtrKeyFormat;
 import com.google.crypto.tink.proto.AesCtrParams;
 import com.google.crypto.tink.proto.HashType;
 import com.google.crypto.tink.proto.HmacKey;
 import com.google.crypto.tink.proto.HmacKeyFormat;
 import com.google.crypto.tink.proto.HmacParams;
 import com.google.crypto.tink.proto.KeyData.KeyMaterialType;
 import com.google.crypto.tink.subtle.EncryptThenAuthenticate;
 import com.google.crypto.tink.subtle.IndCpaCipher;
 import com.google.crypto.tink.subtle.Validators;
 import com.google.protobuf.ByteString;
 import com.google.protobuf.ExtensionRegistryLite;
 import com.google.protobuf.InvalidProtocolBufferException;
 import java.security.GeneralSecurityException;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;

 /**
  * This key manager generates new {@link AesCtrHmacAeadKey} keys and produces new instances of
  * {@link EncryptThenAuthenticate}.
  */
 public final class AesCtrHmacAeadKeyManager extends KeyTypeManager<AesCtrHmacAeadKey> {
   AesCtrHmacAeadKeyManager() {
     super(
         AesCtrHmacAeadKey.class,
         new PrimitiveFactory<Aead, AesCtrHmacAeadKey>(Aead.class) {
           @Override
           public Aead getPrimitive(AesCtrHmacAeadKey key) throws GeneralSecurityException {
             return new EncryptThenAuthenticate(
                 new AesCtrKeyManager().getPrimitive(key.getAesCtrKey(), IndCpaCipher.class),
                 new HmacKeyManager().getPrimitive(key.getHmacKey(), Mac.class),
                 key.getHmacKey().getParams().getTagSize());
           }
         });
   }

   // Static so we don't have to construct the object and handle the exception when we need the
   // key type.
   @Override
   public String getKeyType() {
     return "type.googleapis.com/google.crypto.tink.AesCtrHmacAeadKey";
   }

   @Override
   public int getVersion() {
     return 0;
   }

   @Override
   public KeyMaterialType keyMaterialType() {
     return KeyMaterialType.SYMMETRIC;
   }

   @Override
   public void validateKey(AesCtrHmacAeadKey key) throws GeneralSecurityException {
     Validators.validateVersion(key.getVersion(), getVersion());
     new AesCtrKeyManager().validateKey(key.getAesCtrKey());
     new HmacKeyManager().validateKey(key.getHmacKey());
   }

   @Override
   public AesCtrHmacAeadKey parseKey(ByteString byteString) throws InvalidProtocolBufferException {
     return AesCtrHmacAeadKey.parseFrom(byteString, ExtensionRegistryLite.getEmptyRegistry());
   }

   @Override
   public KeyFactory<AesCtrHmacAeadKeyFormat, AesCtrHmacAeadKey> keyFactory() {
     return new KeyFactory<AesCtrHmacAeadKeyFormat, AesCtrHmacAeadKey>(
         AesCtrHmacAeadKeyFormat.class) {
       @Override
       public void validateKeyFormat(AesCtrHmacAeadKeyFormat format)
           throws GeneralSecurityException {
         new AesCtrKeyManager().keyFactory().validateKeyFormat(format.getAesCtrKeyFormat());
         new HmacKeyManager().keyFactory().validateKeyFormat(format.getHmacKeyFormat());
         Validators.validateAesKeySize(format.getAesCtrKeyFormat().getKeySize());
       }

       @Override
       public AesCtrHmacAeadKeyFormat parseKeyFormat(ByteString byteString)
           throws InvalidProtocolBufferException {
         return AesCtrHmacAeadKeyFormat.parseFrom(
             byteString, ExtensionRegistryLite.getEmptyRegistry());
       }

       @Override
       public AesCtrHmacAeadKey createKey(AesCtrHmacAeadKeyFormat format)
           throws GeneralSecurityException {
         AesCtrKey aesCtrKey =
             new AesCtrKeyManager().keyFactory().createKey(format.getAesCtrKeyFormat());
         HmacKey hmacKey = new HmacKeyManager().keyFactory().createKey(format.getHmacKeyFormat());
         return AesCtrHmacAeadKey.newBuilder()
             .setAesCtrKey(aesCtrKey)
             .setHmacKey(hmacKey)
             .setVersion(getVersion())
             .build();
       }

       @Override
       public Map<String, KeyFactory.KeyFormat<AesCtrHmacAeadKeyFormat>> keyFormats()
           throws GeneralSecurityException {
         Map<String, KeyFactory.KeyFormat<AesCtrHmacAeadKeyFormat>> result = new HashMap<>();

         result.put(
             "AES128_CTR_HMAC_SHA256",
             createKeyFormat(16, 16, 32, 16, HashType.SHA256, KeyTemplate.OutputPrefixType.TINK));
         result.put(
             "AES128_CTR_HMAC_SHA256_RAW",
             createKeyFormat(16, 16, 32, 16, HashType.SHA256, KeyTemplate.OutputPrefixType.RAW));

         result.put(
             "AES256_CTR_HMAC_SHA256",
             createKeyFormat(32, 16, 32, 32, HashType.SHA256, KeyTemplate.OutputPrefixType.TINK));
         result.put(
             "AES256_CTR_HMAC_SHA256_RAW",
             createKeyFormat(32, 16, 32, 32, HashType.SHA256, KeyTemplate.OutputPrefixType.RAW));

         return Collections.unmodifiableMap(result);
       }
     };
   }

   public static void register(boolean newKeyAllowed) throws GeneralSecurityException {
     Registry.registerKeyManager(new AesCtrHmacAeadKeyManager(), newKeyAllowed);
   }

   /**
    * @return a {@link KeyTemplate} that generates new instances of AES-CTR-HMAC-AEAD keys with the
    *     following parameters:
    *     <ul>
    *       <li>AES key size: 16 bytes
    *       <li>AES CTR IV size: 16 byte
    *       <li>HMAC key size: 32 bytes
    *       <li>HMAC tag size: 16 bytes
    *       <li>HMAC hash function: SHA256
    *     </ul>
    *
    * @deprecated use {@code KeyTemplates.get("AES128_CTR_HMAC_SHA256")}
    */
   @Deprecated
   public static final KeyTemplate aes128CtrHmacSha256Template() {
     return createKeyTemplate(16, 16, 32, 16, HashType.SHA256);
   }

   /**
    * @return a {@link KeyTemplate} that generates new instances of AES-CTR-HMAC-AEAD keys with the
    *     following parameters:
    *     <ul>
    *       <li>AES key size: 32 bytes
    *       <li>AES CTR IV size: 16 byte
    *       <li>HMAC key size: 32 bytes
    *       <li>HMAC tag size: 32 bytes
    *       <li>HMAC hash function: SHA256
    *     </ul>
    *
    * @deprecated use {@code KeyTemplates.get("AES256_CTR_HMAC_SHA256")}
    */
   @Deprecated
   public static final KeyTemplate aes256CtrHmacSha256Template() {
     return createKeyTemplate(32, 16, 32, 32, HashType.SHA256);
   }

   /**
    * @return a {@link KeyTemplate} containing a {@link AesCtrHmacAeadKeyFormat} with some specific
    *     parameters.
    */
   private static KeyTemplate createKeyTemplate(
       int aesKeySize, int ivSize, int hmacKeySize, int tagSize, HashType hashType) {
     AesCtrHmacAeadKeyFormat format =
         createKeyFormat(aesKeySize, ivSize, hmacKeySize, tagSize, hashType);
     return KeyTemplate.create(
         new AesCtrHmacAeadKeyManager().getKeyType(),
         format.toByteArray(),
         KeyTemplate.OutputPrefixType.TINK);
   }

   private static KeyFactory.KeyFormat<AesCtrHmacAeadKeyFormat> createKeyFormat(
       int aesKeySize,
       int ivSize,
       int hmacKeySize,
       int tagSize,
       HashType hashType,
       KeyTemplate.OutputPrefixType prefixType) {
     return new KeyFactory.KeyFormat<>(
         createKeyFormat(aesKeySize, ivSize, hmacKeySize, tagSize, hashType), prefixType);
   }

   private static AesCtrHmacAeadKeyFormat createKeyFormat(
       int aesKeySize, int ivSize, int hmacKeySize, int tagSize, HashType hashType) {
     AesCtrKeyFormat aesCtrKeyFormat =
         AesCtrKeyFormat.newBuilder()
             .setParams(AesCtrParams.newBuilder().setIvSize(ivSize).build())
             .setKeySize(aesKeySize)
             .build();
     HmacKeyFormat hmacKeyFormat =
         HmacKeyFormat.newBuilder()
             .setParams(HmacParams.newBuilder().setHash(hashType).setTagSize(tagSize).build())
             .setKeySize(hmacKeySize)
             .build();
     return AesCtrHmacAeadKeyFormat.newBuilder()
         .setAesCtrKeyFormat(aesCtrKeyFormat)
         .setHmacKeyFormat(hmacKeyFormat)
         .build();
   }

   @Override
   public TinkFipsUtil.AlgorithmFipsCompatibility fipsStatus() {
     return TinkFipsUtil.AlgorithmFipsCompatibility.ALGORITHM_REQUIRES_BORINGCRYPTO;
   };
 }
	// Copyright 2017 Google Inc.
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.
	//
	////////////////////////////////////////////////////////////////////////////////

	package com.google.crypto.tink.aead;

	import com.google.crypto.tink.Aead;
	import com.google.crypto.tink.KeyTemplate;
	import com.google.crypto.tink.Mac;
	import com.google.crypto.tink.Registry;
	import com.google.crypto.tink.config.internal.TinkFipsUtil;
	import com.google.crypto.tink.internal.KeyTypeManager;
	import com.google.crypto.tink.internal.PrimitiveFactory;
	import com.google.crypto.tink.mac.HmacKeyManager;
	import com.google.crypto.tink.proto.AesCtrHmacAeadKey;
	import com.google.crypto.tink.proto.AesCtrHmacAeadKeyFormat;
	import com.google.crypto.tink.proto.AesCtrKey;
	import com.google.crypto.tink.proto.AesCtrKeyFormat;
	import com.google.crypto.tink.proto.AesCtrParams;
	import com.google.crypto.tink.proto.HashType;
	import com.google.crypto.tink.proto.HmacKey;
	import com.google.crypto.tink.proto.HmacKeyFormat;
	import com.google.crypto.tink.proto.HmacParams;
	import com.google.crypto.tink.proto.KeyData.KeyMaterialType;
	import com.google.crypto.tink.subtle.EncryptThenAuthenticate;
	import com.google.crypto.tink.subtle.IndCpaCipher;
	import com.google.crypto.tink.subtle.Validators;
	import com.google.protobuf.ByteString;
	import com.google.protobuf.ExtensionRegistryLite;
	import com.google.protobuf.InvalidProtocolBufferException;
	import java.security.GeneralSecurityException;
	import java.util.Collections;
	import java.util.HashMap;
	import java.util.Map;

	/**
	* This key manager generates new {@link AesCtrHmacAeadKey} keys and produces new instances of
	* {@link EncryptThenAuthenticate}.
	*/
	public final class AesCtrHmacAeadKeyManager extends KeyTypeManager<AesCtrHmacAeadKey> {
	AesCtrHmacAeadKeyManager() {
	super(
	AesCtrHmacAeadKey.class,
	new PrimitiveFactory<Aead, AesCtrHmacAeadKey>(Aead.class) {
	@Override
	public Aead getPrimitive(AesCtrHmacAeadKey key) throws GeneralSecurityException {
	return new EncryptThenAuthenticate(
	new AesCtrKeyManager().getPrimitive(key.getAesCtrKey(), IndCpaCipher.class),
	new HmacKeyManager().getPrimitive(key.getHmacKey(), Mac.class),
	key.getHmacKey().getParams().getTagSize());
	}
	});
	}

	// Static so we don't have to construct the object and handle the exception when we need the
	// key type.
	@Override
	public String getKeyType() {
	return "type.googleapis.com/google.crypto.tink.AesCtrHmacAeadKey";
	}

	@Override
	public int getVersion() {
	return 0;
	}

	@Override
	public KeyMaterialType keyMaterialType() {
	return KeyMaterialType.SYMMETRIC;
	}

	@Override
	public void validateKey(AesCtrHmacAeadKey key) throws GeneralSecurityException {
	Validators.validateVersion(key.getVersion(), getVersion());
	new AesCtrKeyManager().validateKey(key.getAesCtrKey());
	new HmacKeyManager().validateKey(key.getHmacKey());
	}

	@Override
	public AesCtrHmacAeadKey parseKey(ByteString byteString) throws InvalidProtocolBufferException {
	return AesCtrHmacAeadKey.parseFrom(byteString, ExtensionRegistryLite.getEmptyRegistry());
	}

	@Override
	public KeyFactory<AesCtrHmacAeadKeyFormat, AesCtrHmacAeadKey> keyFactory() {
	return new KeyFactory<AesCtrHmacAeadKeyFormat, AesCtrHmacAeadKey>(
	AesCtrHmacAeadKeyFormat.class) {
	@Override
	public void validateKeyFormat(AesCtrHmacAeadKeyFormat format)
	throws GeneralSecurityException {
	new AesCtrKeyManager().keyFactory().validateKeyFormat(format.getAesCtrKeyFormat());
	new HmacKeyManager().keyFactory().validateKeyFormat(format.getHmacKeyFormat());
	Validators.validateAesKeySize(format.getAesCtrKeyFormat().getKeySize());
	}

	@Override
	public AesCtrHmacAeadKeyFormat parseKeyFormat(ByteString byteString)
	throws InvalidProtocolBufferException {
	return AesCtrHmacAeadKeyFormat.parseFrom(
	byteString, ExtensionRegistryLite.getEmptyRegistry());
	}

	@Override
	public AesCtrHmacAeadKey createKey(AesCtrHmacAeadKeyFormat format)
	throws GeneralSecurityException {
	AesCtrKey aesCtrKey =
	new AesCtrKeyManager().keyFactory().createKey(format.getAesCtrKeyFormat());
	HmacKey hmacKey = new HmacKeyManager().keyFactory().createKey(format.getHmacKeyFormat());
	return AesCtrHmacAeadKey.newBuilder()
	.setAesCtrKey(aesCtrKey)
	.setHmacKey(hmacKey)
	.setVersion(getVersion())
	.build();
	}

	@Override
	public Map<String, KeyFactory.KeyFormat<AesCtrHmacAeadKeyFormat>> keyFormats()
	throws GeneralSecurityException {
	Map<String, KeyFactory.KeyFormat<AesCtrHmacAeadKeyFormat>> result = new HashMap<>();

	result.put(
	"AES128_CTR_HMAC_SHA256",
	createKeyFormat(16, 16, 32, 16, HashType.SHA256, KeyTemplate.OutputPrefixType.TINK));
	result.put(
	"AES128_CTR_HMAC_SHA256_RAW",
	createKeyFormat(16, 16, 32, 16, HashType.SHA256, KeyTemplate.OutputPrefixType.RAW));

	result.put(
	"AES256_CTR_HMAC_SHA256",
	createKeyFormat(32, 16, 32, 32, HashType.SHA256, KeyTemplate.OutputPrefixType.TINK));
	result.put(
	"AES256_CTR_HMAC_SHA256_RAW",
	createKeyFormat(32, 16, 32, 32, HashType.SHA256, KeyTemplate.OutputPrefixType.RAW));

	return Collections.unmodifiableMap(result);
	}
	};
	}

	public static void register(boolean newKeyAllowed) throws GeneralSecurityException {
	Registry.registerKeyManager(new AesCtrHmacAeadKeyManager(), newKeyAllowed);
	}

	/**
	* @return a {@link KeyTemplate} that generates new instances of AES-CTR-HMAC-AEAD keys with the
	* following parameters:
	* <ul>
	* <li>AES key size: 16 bytes
	* <li>AES CTR IV size: 16 byte
	* <li>HMAC key size: 32 bytes
	* <li>HMAC tag size: 16 bytes
	* <li>HMAC hash function: SHA256
	* </ul>
	*
	* @deprecated use {@code KeyTemplates.get("AES128_CTR_HMAC_SHA256")}
	*/
	@Deprecated
	public static final KeyTemplate aes128CtrHmacSha256Template() {
	return createKeyTemplate(16, 16, 32, 16, HashType.SHA256);
	}

	/**
	* @return a {@link KeyTemplate} that generates new instances of AES-CTR-HMAC-AEAD keys with the
	* following parameters:
	* <ul>
	* <li>AES key size: 32 bytes
	* <li>AES CTR IV size: 16 byte
	* <li>HMAC key size: 32 bytes
	* <li>HMAC tag size: 32 bytes
	* <li>HMAC hash function: SHA256
	* </ul>
	*
	* @deprecated use {@code KeyTemplates.get("AES256_CTR_HMAC_SHA256")}
	*/
	@Deprecated
	public static final KeyTemplate aes256CtrHmacSha256Template() {
	return createKeyTemplate(32, 16, 32, 32, HashType.SHA256);
	}

	/**
	* @return a {@link KeyTemplate} containing a {@link AesCtrHmacAeadKeyFormat} with some specific
	* parameters.
	*/
	private static KeyTemplate createKeyTemplate(
	int aesKeySize, int ivSize, int hmacKeySize, int tagSize, HashType hashType) {
	AesCtrHmacAeadKeyFormat format =
	createKeyFormat(aesKeySize, ivSize, hmacKeySize, tagSize, hashType);
	return KeyTemplate.create(
	new AesCtrHmacAeadKeyManager().getKeyType(),
	format.toByteArray(),
	KeyTemplate.OutputPrefixType.TINK);
	}

	private static KeyFactory.KeyFormat<AesCtrHmacAeadKeyFormat> createKeyFormat(
	int aesKeySize,
	int ivSize,
	int hmacKeySize,
	int tagSize,
	HashType hashType,
	KeyTemplate.OutputPrefixType prefixType) {
	return new KeyFactory.KeyFormat<>(
	createKeyFormat(aesKeySize, ivSize, hmacKeySize, tagSize, hashType), prefixType);
	}

	private static AesCtrHmacAeadKeyFormat createKeyFormat(
	int aesKeySize, int ivSize, int hmacKeySize, int tagSize, HashType hashType) {
	AesCtrKeyFormat aesCtrKeyFormat =
	AesCtrKeyFormat.newBuilder()
	.setParams(AesCtrParams.newBuilder().setIvSize(ivSize).build())
	.setKeySize(aesKeySize)
	.build();
	HmacKeyFormat hmacKeyFormat =
	HmacKeyFormat.newBuilder()
	.setParams(HmacParams.newBuilder().setHash(hashType).setTagSize(tagSize).build())
	.setKeySize(hmacKeySize)
	.build();
	return AesCtrHmacAeadKeyFormat.newBuilder()
	.setAesCtrKeyFormat(aesCtrKeyFormat)
	.setHmacKeyFormat(hmacKeyFormat)
	.build();
	}

	@Override
	public TinkFipsUtil.AlgorithmFipsCompatibility fipsStatus() {
	return TinkFipsUtil.AlgorithmFipsCompatibility.ALGORITHM_REQUIRES_BORINGCRYPTO;
	};
	}