xref: /aosp_15_r20/external/tink/cc/examples/mac/mac_cli.cc (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1*e7b1675dSTing-Kang Chang // Copyright 2022 Google LLC
2*e7b1675dSTing-Kang Chang //
3*e7b1675dSTing-Kang Chang // Licensed under the Apache License, Version 2.0 (the "License");
4*e7b1675dSTing-Kang Chang // you may not use this file except in compliance with the License.
5*e7b1675dSTing-Kang Chang // You may obtain a copy of the License at
6*e7b1675dSTing-Kang Chang //
7*e7b1675dSTing-Kang Chang //     http://www.apache.org/licenses/LICENSE-2.0
8*e7b1675dSTing-Kang Chang //
9*e7b1675dSTing-Kang Chang // Unless required by applicable law or agreed to in writing, software
10*e7b1675dSTing-Kang Chang // distributed under the License is distributed on an "AS IS" BASIS,
11*e7b1675dSTing-Kang Chang // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12*e7b1675dSTing-Kang Chang // See the License for the specific language governing permissions and
13*e7b1675dSTing-Kang Chang // limitations under the License.
14*e7b1675dSTing-Kang Chang //
15*e7b1675dSTing-Kang Chang ///////////////////////////////////////////////////////////////////////////////
16*e7b1675dSTing-Kang Chang // [START mac-example]
17*e7b1675dSTing-Kang Chang // A command-line utility for showcasing using the Tink MAC primitive.
18*e7b1675dSTing-Kang Chang 
19*e7b1675dSTing-Kang Chang #include <fstream>
20*e7b1675dSTing-Kang Chang #include <iostream>
21*e7b1675dSTing-Kang Chang #include <memory>
22*e7b1675dSTing-Kang Chang #include <ostream>
23*e7b1675dSTing-Kang Chang #include <sstream>
24*e7b1675dSTing-Kang Chang #include <string>
25*e7b1675dSTing-Kang Chang #include <utility>
26*e7b1675dSTing-Kang Chang 
27*e7b1675dSTing-Kang Chang #include "absl/flags/flag.h"
28*e7b1675dSTing-Kang Chang #include "absl/flags/parse.h"
29*e7b1675dSTing-Kang Chang #include "absl/log/check.h"
30*e7b1675dSTing-Kang Chang #include "absl/strings/string_view.h"
31*e7b1675dSTing-Kang Chang #include "util/util.h"
32*e7b1675dSTing-Kang Chang #include "tink/keyset_handle.h"
33*e7b1675dSTing-Kang Chang #include "tink/mac.h"
34*e7b1675dSTing-Kang Chang #include "tink/mac/mac_config.h"
35*e7b1675dSTing-Kang Chang #include "tink/util/status.h"
36*e7b1675dSTing-Kang Chang 
37*e7b1675dSTing-Kang Chang ABSL_FLAG(std::string, keyset_filename, "", "Keyset file in JSON format");
38*e7b1675dSTing-Kang Chang ABSL_FLAG(std::string, mode, "", "Mode of operation {compute|verify}");
39*e7b1675dSTing-Kang Chang ABSL_FLAG(std::string, data_filename, "", "Data file name");
40*e7b1675dSTing-Kang Chang ABSL_FLAG(std::string, tag_filename, "", "Authentication tag file name");
41*e7b1675dSTing-Kang Chang 
42*e7b1675dSTing-Kang Chang namespace {
43*e7b1675dSTing-Kang Chang 
44*e7b1675dSTing-Kang Chang using ::crypto::tink::KeysetHandle;
45*e7b1675dSTing-Kang Chang using ::crypto::tink::Mac;
46*e7b1675dSTing-Kang Chang using ::crypto::tink::MacConfig;
47*e7b1675dSTing-Kang Chang using ::crypto::tink::util::Status;
48*e7b1675dSTing-Kang Chang using ::crypto::tink::util::StatusOr;
49*e7b1675dSTing-Kang Chang 
50*e7b1675dSTing-Kang Chang constexpr absl::string_view kCompute = "compute";
51*e7b1675dSTing-Kang Chang constexpr absl::string_view kVerify = "verify";
52*e7b1675dSTing-Kang Chang 
ValidateParams()53*e7b1675dSTing-Kang Chang void ValidateParams() {
54*e7b1675dSTing-Kang Chang   // [START_EXCLUDE]
55*e7b1675dSTing-Kang Chang   CHECK(absl::GetFlag(FLAGS_mode) == kCompute ||
56*e7b1675dSTing-Kang Chang         absl::GetFlag(FLAGS_mode) == kVerify)
57*e7b1675dSTing-Kang Chang       << "Invalid mode; must be `" << kCompute << "` or `" << kVerify << "`";
58*e7b1675dSTing-Kang Chang   CHECK(!absl::GetFlag(FLAGS_keyset_filename).empty())
59*e7b1675dSTing-Kang Chang       << "Keyset file must be specified";
60*e7b1675dSTing-Kang Chang   CHECK(!absl::GetFlag(FLAGS_data_filename).empty())
61*e7b1675dSTing-Kang Chang       << "Data file must be specified";
62*e7b1675dSTing-Kang Chang   CHECK(!absl::GetFlag(FLAGS_tag_filename).empty())
63*e7b1675dSTing-Kang Chang       << "Tag file must be specified";
64*e7b1675dSTing-Kang Chang   // [END_EXCLUDE]
65*e7b1675dSTing-Kang Chang }
66*e7b1675dSTing-Kang Chang 
67*e7b1675dSTing-Kang Chang }  // namespace
68*e7b1675dSTing-Kang Chang 
69*e7b1675dSTing-Kang Chang namespace tink_cc_examples {
70*e7b1675dSTing-Kang Chang 
71*e7b1675dSTing-Kang Chang // MAC example CLI implementation.
MacCli(absl::string_view mode,const std::string keyset_filename,const std::string & data_filename,const std::string & tag_filename)72*e7b1675dSTing-Kang Chang Status MacCli(absl::string_view mode, const std::string keyset_filename,
73*e7b1675dSTing-Kang Chang               const std::string& data_filename,
74*e7b1675dSTing-Kang Chang               const std::string& tag_filename) {
75*e7b1675dSTing-Kang Chang   Status result = MacConfig::Register();
76*e7b1675dSTing-Kang Chang   if (!result.ok()) return result;
77*e7b1675dSTing-Kang Chang 
78*e7b1675dSTing-Kang Chang   // Read the keyset from file.
79*e7b1675dSTing-Kang Chang   StatusOr<std::unique_ptr<KeysetHandle>> keyset_handle =
80*e7b1675dSTing-Kang Chang       ReadJsonCleartextKeyset(keyset_filename);
81*e7b1675dSTing-Kang Chang   if (!keyset_handle.ok()) return keyset_handle.status();
82*e7b1675dSTing-Kang Chang 
83*e7b1675dSTing-Kang Chang   // Get the primitive.
84*e7b1675dSTing-Kang Chang   StatusOr<std::unique_ptr<Mac>> mac_primitive =
85*e7b1675dSTing-Kang Chang       (*keyset_handle)->GetPrimitive<Mac>();
86*e7b1675dSTing-Kang Chang   if (!mac_primitive.ok()) return mac_primitive.status();
87*e7b1675dSTing-Kang Chang 
88*e7b1675dSTing-Kang Chang   // Read the input.
89*e7b1675dSTing-Kang Chang   StatusOr<std::string> data_file_content = ReadFile(data_filename);
90*e7b1675dSTing-Kang Chang   if (!data_file_content.ok()) return data_file_content.status();
91*e7b1675dSTing-Kang Chang 
92*e7b1675dSTing-Kang Chang   std::string output;
93*e7b1675dSTing-Kang Chang   if (mode == kCompute) {
94*e7b1675dSTing-Kang Chang     // Compute authentication tag.
95*e7b1675dSTing-Kang Chang     StatusOr<std::string> compute_result =
96*e7b1675dSTing-Kang Chang         (*mac_primitive)->ComputeMac(*data_file_content);
97*e7b1675dSTing-Kang Chang     if (!compute_result.ok()) return compute_result.status();
98*e7b1675dSTing-Kang Chang     // Write out the authentication tag to tag file.
99*e7b1675dSTing-Kang Chang     return WriteToFile(*compute_result, tag_filename);
100*e7b1675dSTing-Kang Chang   } else {  // operation == kVerify.
101*e7b1675dSTing-Kang Chang     // Read the authentication tag from tag file.
102*e7b1675dSTing-Kang Chang     StatusOr<std::string> tag_result = ReadFile(tag_filename);
103*e7b1675dSTing-Kang Chang     if (!tag_result.ok()) {
104*e7b1675dSTing-Kang Chang       std::cerr << tag_result.status().message() << std::endl;
105*e7b1675dSTing-Kang Chang       exit(1);
106*e7b1675dSTing-Kang Chang     }
107*e7b1675dSTing-Kang Chang     // Verify authentication tag.
108*e7b1675dSTing-Kang Chang     Status verify_result =
109*e7b1675dSTing-Kang Chang         (*mac_primitive)->VerifyMac(*tag_result, *data_file_content);
110*e7b1675dSTing-Kang Chang     if (verify_result.ok()) std::clog << "Verification succeeded!" << std::endl;
111*e7b1675dSTing-Kang Chang     return verify_result;
112*e7b1675dSTing-Kang Chang   }
113*e7b1675dSTing-Kang Chang }
114*e7b1675dSTing-Kang Chang 
115*e7b1675dSTing-Kang Chang }  // namespace tink_cc_examples
116*e7b1675dSTing-Kang Chang 
main(int argc,char ** argv)117*e7b1675dSTing-Kang Chang int main(int argc, char** argv) {
118*e7b1675dSTing-Kang Chang   absl::ParseCommandLine(argc, argv);
119*e7b1675dSTing-Kang Chang 
120*e7b1675dSTing-Kang Chang   ValidateParams();
121*e7b1675dSTing-Kang Chang 
122*e7b1675dSTing-Kang Chang   std::string mode = absl::GetFlag(FLAGS_mode);
123*e7b1675dSTing-Kang Chang   std::string keyset_filename = absl::GetFlag(FLAGS_keyset_filename);
124*e7b1675dSTing-Kang Chang   std::string data_filename = absl::GetFlag(FLAGS_data_filename);
125*e7b1675dSTing-Kang Chang   std::string tag_filename = absl::GetFlag(FLAGS_tag_filename);
126*e7b1675dSTing-Kang Chang 
127*e7b1675dSTing-Kang Chang   std::clog << "Using keyset from file '" << keyset_filename << "' to " << mode
128*e7b1675dSTing-Kang Chang             << " authentication tag from file '" << tag_filename
129*e7b1675dSTing-Kang Chang             << "' for data file '" << data_filename << "'." << std::endl;
130*e7b1675dSTing-Kang Chang   std::clog << "The tag will be "
131*e7b1675dSTing-Kang Chang             << ((mode == kCompute) ? "written to" : "read from") << " file '"
132*e7b1675dSTing-Kang Chang             << tag_filename << "'." << std::endl;
133*e7b1675dSTing-Kang Chang 
134*e7b1675dSTing-Kang Chang   CHECK_OK(tink_cc_examples::MacCli(mode, keyset_filename, data_filename,
135*e7b1675dSTing-Kang Chang                                     tag_filename));
136*e7b1675dSTing-Kang Chang   return 0;
137*e7b1675dSTing-Kang Chang }
138*e7b1675dSTing-Kang Chang // [END mac-example]
139