/** * Tries to register with the {@link Registry} all instances of {@link * com.google.crypto.tink.Catalogue} needed to handle PublicKeySign and PublicKeyVerify key types * supported in Tink. * * @since 1.2.0 */ public static void register() throws GeneralSecurityException { Registry.addCatalogue(PUBLIC_KEY_SIGN_CATALOGUE_NAME, new PublicKeySignCatalogue()); Registry.addCatalogue(PUBLIC_KEY_VERIFY_CATALOGUE_NAME, new PublicKeyVerifyCatalogue()); Config.register(LATEST); } }
/** * Convenience method for creating a new primitive for the key given in {@code proto}. * * <p>It looks up a {@link KeyManager} identified by {@code type_url}, and calls {@link * KeyManager#getPrimitive} with {@code serialized} as the parameter. * * @return a new primitive */ @SuppressWarnings("TypeParameterUnusedInFormals") public static <P> P getPrimitive(String typeUrl, ByteString serialized) throws GeneralSecurityException { KeyManager<P> manager = getKeyManager(typeUrl); return manager.getPrimitive(serialized); }
private static void validate(KeyData keyData) throws GeneralSecurityException { // This will throw GeneralSecurityException if the keyData is invalid. Registry.getPrimitive(keyData); }
/** * Creates a set of primitives corresponding to the keys with status=ENABLED in the keyset given * in {@code keysetHandle}, assuming all the corresponding key managers are present (keys with * status!=ENABLED are skipped). * * <p>The returned set is usually later "wrapped" into a class that implements the corresponding * Primitive-interface. * * @return a PrimitiveSet with all instantiated primitives */ public static <P> PrimitiveSet<P> getPrimitives(KeysetHandle keysetHandle) throws GeneralSecurityException { return getPrimitives(keysetHandle, /* customManager= */ null); }
@Override public byte[] encrypt(final byte[] plaintext, final byte[] associatedData) throws GeneralSecurityException { // Generate a new DEK. byte[] dek = Registry.newKey(dekTemplate).toByteArray(); // Wrap it with remote. byte[] encryptedDek = remote.encrypt(dek, EMPTY_AAD); // Use DEK to encrypt plaintext. Aead aead = Registry.getPrimitive(dekTemplate.getTypeUrl(), dek); byte[] payload = aead.encrypt(plaintext, associatedData); // Build ciphertext protobuf and return result. return buildCiphertext(encryptedDek, payload); }
/** * Tries to register a key manager according to the specification in {@code entry}. * * @throws GeneralSecurityException if cannot register this config with the {@link Registry}. This * usually happens when {@code entry} is already registered or the Registry cannot find any * {@link com.google.crypto.tink.KeyManager} or {@link com.google.crypto.tink.Catalogue} that * can handle the entry. In both cases the error message should show how to resolve it. */ @SuppressWarnings({"rawtypes", "unchecked"}) public static void registerKeyType(KeyTypeEntry entry) throws GeneralSecurityException { validate(entry); Catalogue catalogue = Registry.getCatalogue(entry.getCatalogueName()); KeyManager keyManager = catalogue.getKeyManager( entry.getTypeUrl(), entry.getPrimitiveName(), entry.getKeyManagerVersion()); Registry.registerKeyManager(keyManager, entry.getNewKeyAllowed()); }
/** * Tries to register {@code manager} for {@code manager.getKeyType()}. Users can generate new keys * with this manager using the {@link Registry#newKey} methods. * * <p>If there is an existing key manager, throws an exception if {@code manager} and the existing * key manager aren't instances of the same class, or the existing key manager could not create * new keys. Otherwise registration succeeds. * * @throws GeneralSecurityException if there's an existing key manager is not an instance * of the class of {@code manager}, or the registration tries to re-enable the generation * of new keys. */ public static synchronized <P> void registerKeyManager(final KeyManager<P> manager) throws GeneralSecurityException { registerKeyManager(manager, /* newKeyAllowed= */ true); }
@GuardedBy("this") private synchronized Keyset.Key newKey(KeyTemplate keyTemplate) throws GeneralSecurityException { KeyData keyData = Registry.newKeyData(keyTemplate); int keyId = newKeyId(); OutputPrefixType outputPrefixType = keyTemplate.getOutputPrefixType(); if (outputPrefixType == OutputPrefixType.UNKNOWN_PREFIX) { outputPrefixType = OutputPrefixType.TINK; } return Keyset.Key.newBuilder() .setKeyData(keyData) .setKeyId(keyId) .setStatus(KeyStatusType.ENABLED) .setOutputPrefixType(outputPrefixType) .build(); }
RegistryEciesAeadHkdfDemHelper(KeyTemplate demTemplate) throws GeneralSecurityException { demKeyTypeUrl = demTemplate.getTypeUrl(); if (demKeyTypeUrl.equals(AeadConfig.AES_GCM_TYPE_URL)) { try { AesGcmKeyFormat gcmKeyFormat = AesGcmKeyFormat.parseFrom(demTemplate.getValue()); this.aesGcmKey = (AesGcmKey) Registry.newKey(demTemplate); this.symmetricKeySize = gcmKeyFormat.getKeySize(); } catch (InvalidProtocolBufferException e) { throw new GeneralSecurityException( "invalid KeyFormat protobuf, expected AesGcmKeyFormat", e); } } else if (demKeyTypeUrl.equals(AeadConfig.AES_CTR_HMAC_AEAD_TYPE_URL)) { try { AesCtrHmacAeadKeyFormat aesCtrHmacAeadKeyFormat = AesCtrHmacAeadKeyFormat.parseFrom(demTemplate.getValue()); this.aesCtrHmacAeadKey = (AesCtrHmacAeadKey) Registry.newKey(demTemplate); this.aesCtrKeySize = aesCtrHmacAeadKeyFormat.getAesCtrKeyFormat().getKeySize(); int hmacKeySize = aesCtrHmacAeadKeyFormat.getHmacKeyFormat().getKeySize(); this.symmetricKeySize = aesCtrKeySize + hmacKeySize; } catch (InvalidProtocolBufferException e) { throw new GeneralSecurityException( "invalid KeyFormat protobuf, expected AesCtrHmacAeadKeyFormat", e); } } else { throw new GeneralSecurityException("unsupported AEAD DEM key type: " + demKeyTypeUrl); } }
private static KeyData createPublicKeyData(KeyData privateKeyData) throws GeneralSecurityException { if (privateKeyData.getKeyMaterialType() != KeyData.KeyMaterialType.ASYMMETRIC_PRIVATE) { throw new GeneralSecurityException("The keyset contains a non-private key"); } KeyData publicKeyData = Registry.getPublicKeyData(privateKeyData.getTypeUrl(), privateKeyData.getValue()); validate(publicKeyData); return publicKeyData; }
/** * @return a PublicKeySign primitive from a {@code keysetHandle} and a custom {@code keyManager}. * @throws GeneralSecurityException */ public static PublicKeySign getPrimitive( KeysetHandle keysetHandle, final KeyManager<PublicKeySign> keyManager) throws GeneralSecurityException { final PrimitiveSet<PublicKeySign> primitives = Registry.getPrimitives(keysetHandle, keyManager); validate(primitives); return new PublicKeySign() { @Override public byte[] sign(final byte[] data) throws GeneralSecurityException { if (primitives.getPrimary().getOutputPrefixType().equals(OutputPrefixType.LEGACY)) { byte[] formatVersion = new byte[] {CryptoFormat.LEGACY_START_BYTE}; return Bytes.concat( primitives.getPrimary().getIdentifier(), primitives.getPrimary().getPrimitive().sign(Bytes.concat(data, formatVersion))); } return Bytes.concat( primitives.getPrimary().getIdentifier(), primitives.getPrimary().getPrimitive().sign(data)); } }; }
/** * Tries to register {@code manager} for the given {@code typeUrl}. Users can generate new keys * with this manager using the {@link Registry#newKey} methods. * * <p>If there is an existing key manager, throw exception if {@code manager} and the existing * key manager aren't instances of the same class, and do nothing if they are. * * @throws GeneralSecurityException if there's an existing key manager is not an instance of the * class of {@code manager} * @deprecated use {@link #registerKeyManager(KeyManager<P>)} */ @Deprecated public static synchronized <P> void registerKeyManager( String typeUrl, final KeyManager<P> manager) throws GeneralSecurityException { registerKeyManager(typeUrl, manager, /* newKeyAllowed= */ true); }
/** * Validates EciesAeadHkdf params. * * @param params the EciesAeadHkdfParams protocol buffer. * @throws GeneralSecurityException iff it's invalid. */ public static void validate(EciesAeadHkdfParams params) throws GeneralSecurityException { EllipticCurves.getCurveSpec(HybridUtil.toCurveType(params.getKemParams().getCurveType())); HybridUtil.toHmacAlgo(params.getKemParams().getHkdfHashType()); if (params.getEcPointFormat() == EcPointFormat.UNKNOWN_FORMAT) { throw new GeneralSecurityException("unknown EC point format"); } // Check that we can generate new keys from the DEM AEAD key format. Registry.newKeyData(params.getDemParams().getAeadDem()); }
/** * @param keyFormat {@code AesCtrHmacAeadKeyFormat} proto * @return new {@code AesCtrHmacAeadKey} proto */ @Override public MessageLite newKey(MessageLite keyFormat) throws GeneralSecurityException { if (!(keyFormat instanceof AesCtrHmacAeadKeyFormat)) { throw new GeneralSecurityException("expected AesCtrHmacAeadKeyFormat proto"); } AesCtrHmacAeadKeyFormat format = (AesCtrHmacAeadKeyFormat) keyFormat; AesCtrKey aesCtrKey = (AesCtrKey) Registry.newKey( AesCtrKeyManager.TYPE_URL, format.getAesCtrKeyFormat()); HmacKey hmacKey = (HmacKey) Registry.newKey( MacConfig.HMAC_TYPE_URL, format.getHmacKeyFormat()); return AesCtrHmacAeadKey.newBuilder() .setAesCtrKey(aesCtrKey) .setHmacKey(hmacKey) .setVersion(VERSION) .build(); }
/** * @return a HybridEncrypt primitive from a {@code keysetHandle} and a custom {@code keyManager}. * @throws GeneralSecurityException */ public static HybridEncrypt getPrimitive( KeysetHandle keysetHandle, final KeyManager<HybridEncrypt> keyManager) throws GeneralSecurityException { final PrimitiveSet<HybridEncrypt> primitives = Registry.getPrimitives(keysetHandle, keyManager); validate(primitives); return new HybridEncrypt() { @Override public byte[] encrypt(final byte[] plaintext, final byte[] contextInfo) throws GeneralSecurityException { return Bytes.concat( primitives.getPrimary().getIdentifier(), primitives.getPrimary().getPrimitive().encrypt(plaintext, contextInfo)); } }; }
/** * Convenience method for creating a new primitive for the key given in {@code proto}. * * <p>It looks up a {@link KeyManager} identified by {@code type_url}, and calls {@link * KeyManager#getPrimitive} with {@code serialized} as the parameter. * * @return a new primitive */ @SuppressWarnings("TypeParameterUnusedInFormals") public static <P> P getPrimitive(String typeUrl, byte[] serialized) throws GeneralSecurityException { return getPrimitive(typeUrl, ByteString.copyFrom(serialized)); }
/** * Convenience method for creating a new primitive for the key given in {@code proto}. * * <p>It looks up a {@link KeyManager} identified by {@code type_url}, and calls {@link * KeyManager#getPrimitive} with {@code key} as the parameter. * * @return a new primitive */ @SuppressWarnings("TypeParameterUnusedInFormals") public static <P> P getPrimitive(String typeUrl, MessageLite key) throws GeneralSecurityException { KeyManager<P> manager = getKeyManager(typeUrl); return manager.getPrimitive(key); }
/** * Tries to register with the {@link Registry} all instances of {@link * com.google.crypto.tink.Catalogue} needed to handle StreamingAead key types supported in Tink. * * @since 1.2.0 */ public static void register() throws GeneralSecurityException { Registry.addCatalogue(CATALOGUE_NAME, new StreamingAeadCatalogue()); Config.register(LATEST); } }
AesCtrHmacAeadKeyManager() throws GeneralSecurityException { Registry.registerKeyManager(new AesCtrKeyManager()); }
/** * @return a StreamingAead primitive from a {@code keysetHandle} and a custom {@code keyManager}. * @throws GeneralSecurityException */ public static StreamingAead getPrimitive( KeysetHandle keysetHandle, final KeyManager<StreamingAead> keyManager) throws GeneralSecurityException { final PrimitiveSet<StreamingAead> primitives = Registry.getPrimitives(keysetHandle, keyManager); validate(primitives); return new StreamingAeadHelper(primitives); }