xref: /aosp_15_r20/external/tink/cc/aead/xchacha20_poly1305_key_manager.h (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1 // Copyright 2018 Google Inc.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ///////////////////////////////////////////////////////////////////////////////
16 #ifndef TINK_AEAD_XCHACHA20_POLY1305_KEY_MANAGER_H_
17 #define TINK_AEAD_XCHACHA20_POLY1305_KEY_MANAGER_H_
18 
19 #include <stdint.h>
20 
21 #include <memory>
22 #include <string>
23 
24 #include "absl/memory/memory.h"
25 #include "absl/status/status.h"
26 #include "absl/strings/str_cat.h"
27 #include "tink/aead.h"
28 #include "tink/core/key_type_manager.h"
29 #include "tink/core/template_util.h"
30 #include "tink/input_stream.h"
31 #include "tink/subtle/random.h"
32 #include "tink/subtle/xchacha20_poly1305_boringssl.h"
33 #include "tink/util/constants.h"
34 #include "tink/util/input_stream_util.h"
35 #include "tink/util/secret_data.h"
36 #include "tink/util/status.h"
37 #include "tink/util/statusor.h"
38 #include "tink/util/validation.h"
39 #include "proto/tink.pb.h"
40 #include "proto/xchacha20_poly1305.pb.h"
41 
42 namespace crypto {
43 namespace tink {
44 
45 class XChaCha20Poly1305KeyManager
46     : public KeyTypeManager<google::crypto::tink::XChaCha20Poly1305Key,
47                             google::crypto::tink::XChaCha20Poly1305KeyFormat,
48                             List<Aead>> {
49  public:
50   class AeadFactory : public PrimitiveFactory<Aead> {
Create(const google::crypto::tink::XChaCha20Poly1305Key & key)51     crypto::tink::util::StatusOr<std::unique_ptr<Aead>> Create(
52         const google::crypto::tink::XChaCha20Poly1305Key& key) const override {
53       return subtle::XChacha20Poly1305BoringSsl::New(
54           util::SecretDataFromStringView(key.key_value()));
55     }
56   };
57 
XChaCha20Poly1305KeyManager()58   XChaCha20Poly1305KeyManager()
59       : KeyTypeManager(absl::make_unique<AeadFactory>()) {}
60 
get_version()61   uint32_t get_version() const override { return 0; }
62 
key_material_type()63   google::crypto::tink::KeyData::KeyMaterialType key_material_type()
64       const override {
65     return google::crypto::tink::KeyData::SYMMETRIC;
66   }
67 
get_key_type()68   const std::string& get_key_type() const override { return key_type_; }
69 
ValidateKey(const google::crypto::tink::XChaCha20Poly1305Key & key)70   crypto::tink::util::Status ValidateKey(
71       const google::crypto::tink::XChaCha20Poly1305Key& key) const override {
72     crypto::tink::util::Status status =
73         ValidateVersion(key.version(), get_version());
74     if (!status.ok()) return status;
75     uint32_t key_size = key.key_value().size();
76     if (key.key_value().size() != kKeySizeInBytes) {
77       return crypto::tink::util::Status(
78           absl::StatusCode::kInvalidArgument,
79           absl::StrCat("Invalid XChaCha20Poly1305Key: key_value has ", key_size,
80                        " bytes; supported size: ", kKeySizeInBytes, " bytes."));
81     }
82     return crypto::tink::util::OkStatus();
83   }
84 
ValidateKeyFormat(const google::crypto::tink::XChaCha20Poly1305KeyFormat & key_format)85   crypto::tink::util::Status ValidateKeyFormat(
86       const google::crypto::tink::XChaCha20Poly1305KeyFormat& key_format)
87       const override {
88     return crypto::tink::util::OkStatus();
89   }
90 
91   crypto::tink::util::StatusOr<google::crypto::tink::XChaCha20Poly1305Key>
CreateKey(const google::crypto::tink::XChaCha20Poly1305KeyFormat & key_format)92   CreateKey(const google::crypto::tink::XChaCha20Poly1305KeyFormat& key_format)
93       const override {
94     google::crypto::tink::XChaCha20Poly1305Key result;
95     result.set_version(get_version());
96     result.set_key_value(subtle::Random::GetRandomBytes(kKeySizeInBytes));
97     return result;
98   }
99 
100   crypto::tink::util::StatusOr<google::crypto::tink::XChaCha20Poly1305Key>
DeriveKey(const google::crypto::tink::XChaCha20Poly1305KeyFormat & key_format,InputStream * input_stream)101   DeriveKey(const google::crypto::tink::XChaCha20Poly1305KeyFormat& key_format,
102             InputStream* input_stream) const override {
103     crypto::tink::util::Status status =
104         ValidateVersion(key_format.version(), get_version());
105     if (!status.ok()) return status;
106 
107     crypto::tink::util::StatusOr<std::string> randomness =
108         ReadBytesFromStream(kKeySizeInBytes, input_stream);
109     if (!randomness.ok()) {
110       if (randomness.status().code() == absl::StatusCode::kOutOfRange) {
111         return crypto::tink::util::Status(
112             absl::StatusCode::kInvalidArgument,
113             "Could not get enough pseudorandomness from input stream");
114       }
115       return randomness.status();
116     }
117     google::crypto::tink::XChaCha20Poly1305Key key;
118     key.set_version(get_version());
119     key.set_key_value(randomness.value());
120     return key;
121   }
122 
123  private:
124   const std::string key_type_ =
125       absl::StrCat(kTypeGoogleapisCom,
126                    google::crypto::tink::XChaCha20Poly1305Key().GetTypeName());
127   const int kKeySizeInBytes = 32;
128 };
129 
130 }  // namespace tink
131 }  // namespace crypto
132 
133 #endif  // TINK_AEAD_XCHACHA20_POLY1305_KEY_MANAGER_H_
134