Google Git
Sign in
fuchsia / third_party / tink / 7a59397ba3c086dc03649b95176fbca1dde61934 / . / java / src / main / java / com / google / crypto / tink / hybrid / EciesAeadHkdfPrivateKeyManager.java
blob: fc3c636fdf6f33267eb6727d59d0b10d056bb665 [file] [log] [blame]
// Copyright 2017 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////
package com.google.crypto.tink.hybrid;
import com.google.crypto.tink.HybridDecrypt;
import com.google.crypto.tink.KeyManagerBase;
import com.google.crypto.tink.PrivateKeyManager;
import com.google.crypto.tink.proto.EciesAeadHkdfKeyFormat;
import com.google.crypto.tink.proto.EciesAeadHkdfParams;
import com.google.crypto.tink.proto.EciesAeadHkdfPrivateKey;
import com.google.crypto.tink.proto.EciesAeadHkdfPublicKey;
import com.google.crypto.tink.proto.EciesHkdfKemParams;
import com.google.crypto.tink.proto.KeyData;
import com.google.crypto.tink.proto.KeyData.KeyMaterialType;
import com.google.crypto.tink.subtle.EciesAeadHkdfDemHelper;
import com.google.crypto.tink.subtle.EciesAeadHkdfHybridDecrypt;
import com.google.crypto.tink.subtle.EllipticCurves;
import com.google.crypto.tink.subtle.Validators;
import com.google.protobuf.ByteString;
import com.google.protobuf.InvalidProtocolBufferException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECPoint;
/**
* This key manager generates new {@code EciesAeadHkdfPrivateKey} keys and produces new instances of
* {@code EciesAeadHkdfHybridDecrypt}.
*/
class EciesAeadHkdfPrivateKeyManager
extends KeyManagerBase<HybridDecrypt, EciesAeadHkdfPrivateKey, EciesAeadHkdfKeyFormat>
implements PrivateKeyManager<HybridDecrypt> {
public EciesAeadHkdfPrivateKeyManager() {
super(
HybridDecrypt.class, EciesAeadHkdfPrivateKey.class, EciesAeadHkdfKeyFormat.class, TYPE_URL);
}
private static final int VERSION = 0;
public static final String TYPE_URL =
"type.googleapis.com/google.crypto.tink.EciesAeadHkdfPrivateKey";
@Override
public HybridDecrypt getPrimitiveFromKey(EciesAeadHkdfPrivateKey recipientKeyProto)
throws GeneralSecurityException {
EciesAeadHkdfParams eciesParams = recipientKeyProto.getPublicKey().getParams();
EciesHkdfKemParams kemParams = eciesParams.getKemParams();
ECPrivateKey recipientPrivateKey =
EllipticCurves.getEcPrivateKey(
HybridUtil.toCurveType(kemParams.getCurveType()),
recipientKeyProto.getKeyValue().toByteArray());
EciesAeadHkdfDemHelper demHelper =
new RegistryEciesAeadHkdfDemHelper(eciesParams.getDemParams().getAeadDem());
return new EciesAeadHkdfHybridDecrypt(
recipientPrivateKey,
kemParams.getHkdfSalt().toByteArray(),
HybridUtil.toHmacAlgo(kemParams.getHkdfHashType()),
HybridUtil.toPointFormatType(eciesParams.getEcPointFormat()),
demHelper);
}
@Override
public EciesAeadHkdfPrivateKey newKeyFromFormat(EciesAeadHkdfKeyFormat eciesKeyFormat)
throws GeneralSecurityException {
EciesHkdfKemParams kemParams = eciesKeyFormat.getParams().getKemParams();
KeyPair keyPair =
EllipticCurves.generateKeyPair(HybridUtil.toCurveType(kemParams.getCurveType()));
ECPublicKey pubKey = (ECPublicKey) keyPair.getPublic();
ECPrivateKey privKey = (ECPrivateKey) keyPair.getPrivate();
ECPoint w = pubKey.getW();
// Creates EciesAeadHkdfPublicKey.
EciesAeadHkdfPublicKey eciesPublicKey =
EciesAeadHkdfPublicKey.newBuilder()
.setVersion(VERSION)
.setParams(eciesKeyFormat.getParams())
.setX(ByteString.copyFrom(w.getAffineX().toByteArray()))
.setY(ByteString.copyFrom(w.getAffineY().toByteArray()))
.build();
// Creates EciesAeadHkdfPrivateKey.
return EciesAeadHkdfPrivateKey.newBuilder()
.setVersion(VERSION)
.setPublicKey(eciesPublicKey)
.setKeyValue(ByteString.copyFrom(privKey.getS().toByteArray()))
.build();
}
@Override
public KeyData getPublicKeyData(ByteString serializedKey) throws GeneralSecurityException {
try {
EciesAeadHkdfPrivateKey privKeyProto = EciesAeadHkdfPrivateKey.parseFrom(serializedKey);
return KeyData.newBuilder()
.setTypeUrl(EciesAeadHkdfPublicKeyManager.TYPE_URL)
.setValue(privKeyProto.getPublicKey().toByteString())
.setKeyMaterialType(KeyData.KeyMaterialType.ASYMMETRIC_PUBLIC)
.build();
} catch (InvalidProtocolBufferException e) {
throw new GeneralSecurityException("expected serialized EciesAeadHkdfPrivateKey proto", e);
}
}
@Override
protected KeyMaterialType keyMaterialType() {
return KeyMaterialType.ASYMMETRIC_PRIVATE;
}
@Override
protected EciesAeadHkdfPrivateKey parseKeyProto(ByteString byteString)
throws InvalidProtocolBufferException {
return EciesAeadHkdfPrivateKey.parseFrom(byteString);
}
@Override
protected EciesAeadHkdfKeyFormat parseKeyFormatProto(ByteString byteString)
throws InvalidProtocolBufferException {
return EciesAeadHkdfKeyFormat.parseFrom(byteString);
}
@Override
public int getVersion() {
return VERSION;
}
@Override
protected void validateKey(EciesAeadHkdfPrivateKey keyProto) throws GeneralSecurityException {
// TODO(b/74249437): add more checks.
Validators.validateVersion(keyProto.getVersion(), VERSION);
HybridUtil.validate(keyProto.getPublicKey().getParams());
}
@Override
protected void validateKeyFormat(EciesAeadHkdfKeyFormat eciesKeyFormat)
throws GeneralSecurityException {
HybridUtil.validate(eciesKeyFormat.getParams());
}
}