blob: b486dd3bdedbc8b2451df5da2fad3ccfb337ea23 [file] [log] [blame]
// Copyright 2017 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
///////////////////////////////////////////////////////////////////////////////
#ifndef TINK_KEY_MANAGER_H_
#define TINK_KEY_MANAGER_H_
#include <algorithm>
#include <vector>
#include "absl/strings/string_view.h"
#include "tink/util/errors.h"
#include "tink/util/protobuf_helper.h"
#include "tink/util/status.h"
#include "tink/util/statusor.h"
#include "proto/tink.pb.h"
namespace crypto {
namespace tink {
// Auxiliary containers for methods that generate or extract key material.
// These methods are grouped separately, as their functionality
// is independent of the primitive of the corresponding KeyManager.
class KeyFactory {
public:
// Helper function which creates a factory which always fails with a specified
// status.
static std::unique_ptr<KeyFactory> AlwaysFailingFactory(
const crypto::tink::util::Status& status);
// Generates a new random key, based on the specified 'key_format'.
virtual
crypto::tink::util::StatusOr<std::unique_ptr<portable_proto::MessageLite>>
NewKey(const portable_proto::MessageLite& key_format) const = 0;
// Generates a new random key, based on the specified 'serialized_key_format'.
virtual
crypto::tink::util::StatusOr<std::unique_ptr<portable_proto::MessageLite>>
NewKey(absl::string_view serialized_key_format) const = 0;
// Generates a new random key, based on the specified 'serialized_key_format',
// and wraps it in a KeyData-proto.
virtual
crypto::tink::util::StatusOr<std::unique_ptr<google::crypto::tink::KeyData>>
NewKeyData(absl::string_view serialized_key_format) const = 0;
virtual ~KeyFactory() {}
};
class PrivateKeyFactory : public virtual KeyFactory {
public:
// Returns public key data extracted from the given serialized_private_key.
virtual
crypto::tink::util::StatusOr<std::unique_ptr<google::crypto::tink::KeyData>>
GetPublicKeyData(absl::string_view serialized_private_key) const = 0;
virtual ~PrivateKeyFactory() {}
};
/**
* KeyManager "understands" keys of a specific key types: it can
* generate keys of a supported type and create primitives for
* supported keys. A key type is identified by the global name of the
* protocol buffer that holds the corresponding key material, and is
* given by type_url-field of KeyData-protocol buffer.
*
* - P: the primitive implemented by keys understood by this manager
*/
template<class P>
class KeyManager {
public:
// Constructs an instance of P for the given 'key_data'.
virtual crypto::tink::util::StatusOr<std::unique_ptr<P>>
GetPrimitive(const google::crypto::tink::KeyData& key_data) const = 0;
// Constructs an instance of P for the given 'key'.
virtual crypto::tink::util::StatusOr<std::unique_ptr<P>>
GetPrimitive(const portable_proto::MessageLite& key) const = 0;
// Returns the type_url identifying the key type handled by this manager.
virtual const std::string& get_key_type() const = 0;
// Returns the version of this key manager.
virtual uint32_t get_version() const = 0;
// Returns a factory that generates keys of the key type
// handled by this manager.
virtual const KeyFactory& get_key_factory() const = 0;
bool DoesSupport(absl::string_view key_type) const {
return (key_type == get_key_type());
}
virtual ~KeyManager<P>() {}
};
} // namespace tink
} // namespace crypto
#endif // TINK_KEY_MANAGER_H_