1 // Copyright 2022 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ////////////////////////////////////////////////////////////////////////////////
16
17 #include "tink/internal/legacy_proto_key.h"
18
19 #include <string>
20
21 #include "absl/status/status.h"
22 #include "absl/types/optional.h"
23 #include "tink/internal/proto_key_serialization.h"
24 #include "tink/key.h"
25 #include "tink/parameters.h"
26 #include "tink/secret_key_access_token.h"
27 #include "tink/util/status.h"
28 #include "tink/util/statusor.h"
29 #include "proto/tink.pb.h"
30
31 namespace crypto {
32 namespace tink {
33 namespace internal {
34 namespace {
35
36 using ::google::crypto::tink::KeyData;
37
CheckKeyAccess(KeyData::KeyMaterialType key_material_type,absl::optional<SecretKeyAccessToken> token)38 util::Status CheckKeyAccess(KeyData::KeyMaterialType key_material_type,
39 absl::optional<SecretKeyAccessToken> token) {
40 if (key_material_type == KeyData::SYMMETRIC ||
41 key_material_type == KeyData::ASYMMETRIC_PRIVATE) {
42 if (!token.has_value()) {
43 return util::Status(
44 absl::StatusCode::kPermissionDenied,
45 "Missing secret key access token for legacy proto key.");
46 }
47 }
48 return util::OkStatus();
49 }
50
51 } // namespace
52
operator ==(const Parameters & other) const53 bool UnusableLegacyProtoParameters::operator==(const Parameters& other) const {
54 const UnusableLegacyProtoParameters* that =
55 dynamic_cast<const UnusableLegacyProtoParameters*>(&other);
56 if (that == nullptr) {
57 return false;
58 }
59 return type_url_ == that->type_url_ &&
60 output_prefix_type_ == that->output_prefix_type_;
61 }
62
Create(ProtoKeySerialization serialization,absl::optional<SecretKeyAccessToken> token)63 util::StatusOr<LegacyProtoKey> LegacyProtoKey::Create(
64 ProtoKeySerialization serialization,
65 absl::optional<SecretKeyAccessToken> token) {
66 util::Status access_check_status =
67 CheckKeyAccess(serialization.KeyMaterialType(), token);
68 if (!access_check_status.ok()) {
69 return access_check_status;
70 }
71 return LegacyProtoKey(serialization);
72 }
73
operator ==(const Key & other) const74 bool LegacyProtoKey::operator==(const Key& other) const {
75 const LegacyProtoKey* that = dynamic_cast<const LegacyProtoKey*>(&other);
76 if (that == nullptr) {
77 return false;
78 }
79 return serialization_.EqualsWithPotentialFalseNegatives(that->serialization_);
80 }
81
Serialization(absl::optional<SecretKeyAccessToken> token) const82 util::StatusOr<const ProtoKeySerialization*> LegacyProtoKey::Serialization(
83 absl::optional<SecretKeyAccessToken> token) const {
84 util::Status access_check_status =
85 CheckKeyAccess(serialization_.KeyMaterialType(), token);
86 if (!access_check_status.ok()) {
87 return access_check_status;
88 }
89 return &serialization_;
90 }
91
92 } // namespace internal
93 } // namespace tink
94 } // namespace crypto
95