tink/cc/proto_keyset_format.cc

*e7b1675dSTing-Kang Chang// Copyright 2022 Google LLC
*e7b1675dSTing-Kang Chang//
*e7b1675dSTing-Kang Chang// Licensed under the Apache License, Version 2.0 (the "License");
*e7b1675dSTing-Kang Chang// you may not use this file except in compliance with the License.
*e7b1675dSTing-Kang Chang// You may obtain a copy of the License at
*e7b1675dSTing-Kang Chang//
*e7b1675dSTing-Kang Chang//     http://www.apache.org/licenses/LICENSE-2.0
*e7b1675dSTing-Kang Chang//
*e7b1675dSTing-Kang Chang// Unless required by applicable law or agreed to in writing, software
*e7b1675dSTing-Kang Chang// distributed under the License is distributed on an "AS IS" BASIS,
*e7b1675dSTing-Kang Chang// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
*e7b1675dSTing-Kang Chang// See the License for the specific language governing permissions and
*e7b1675dSTing-Kang Chang// limitations under the License.
*e7b1675dSTing-Kang Chang//
*e7b1675dSTing-Kang Chang///////////////////////////////////////////////////////////////////////////////
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang#include "tink/proto_keyset_format.h"
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang#include <ios>
*e7b1675dSTing-Kang Chang#include <iostream>
*e7b1675dSTing-Kang Chang#include <memory>
*e7b1675dSTing-Kang Chang#include <ostream>
*e7b1675dSTing-Kang Chang#include <sstream>
*e7b1675dSTing-Kang Chang#include <string>
*e7b1675dSTing-Kang Chang#include <utility>
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang#include "tink/binary_keyset_reader.h"
*e7b1675dSTing-Kang Chang#include "tink/binary_keyset_writer.h"
*e7b1675dSTing-Kang Chang#include "tink/cleartext_keyset_handle.h"
*e7b1675dSTing-Kang Chang#include "tink/util/secret_data.h"
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Changnamespace crypto {
*e7b1675dSTing-Kang Changnamespace tink {
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Changcrypto::tink::util::StatusOr<KeysetHandle> ParseKeysetFromProtoKeysetFormat(
*e7b1675dSTing-Kang Chang    absl::string_view serialized_keyset, SecretKeyAccessToken token) {
*e7b1675dSTing-Kang Chang  crypto::tink::util::StatusOr<std::unique_ptr<crypto::tink::KeysetReader>>
*e7b1675dSTing-Kang Chang      keyset_reader = BinaryKeysetReader::New(serialized_keyset);
*e7b1675dSTing-Kang Chang  if (!keyset_reader.ok()) {
*e7b1675dSTing-Kang Chang    return keyset_reader.status();
*e7b1675dSTing-Kang Chang  }
*e7b1675dSTing-Kang Chang  crypto::tink::util::StatusOr<std::unique_ptr<KeysetHandle>> result =
*e7b1675dSTing-Kang Chang    CleartextKeysetHandle::Read(std::move(*keyset_reader));
*e7b1675dSTing-Kang Chang  if (!result.ok()) {
*e7b1675dSTing-Kang Chang    return result.status();
*e7b1675dSTing-Kang Chang  }
*e7b1675dSTing-Kang Chang  return std::move(**result);
*e7b1675dSTing-Kang Chang}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Changcrypto::tink::util::StatusOr<util::SecretData>
*e7b1675dSTing-Kang ChangSerializeKeysetToProtoKeysetFormat(const KeysetHandle& keyset_handle,
*e7b1675dSTing-Kang Chang                                   SecretKeyAccessToken token) {
*e7b1675dSTing-Kang Chang  std::stringbuf string_buf(std::ios_base::out);
*e7b1675dSTing-Kang Chang  crypto::tink::util::StatusOr<std::unique_ptr<BinaryKeysetWriter>>
*e7b1675dSTing-Kang Chang      keyset_writer = BinaryKeysetWriter::New(
*e7b1675dSTing-Kang Chang          std::make_unique<std::ostream>(&string_buf));
*e7b1675dSTing-Kang Chang  if (!keyset_writer.ok()) {
*e7b1675dSTing-Kang Chang    return keyset_writer.status();
*e7b1675dSTing-Kang Chang  }
*e7b1675dSTing-Kang Chang  crypto::tink::util::Status status =
*e7b1675dSTing-Kang Chang      CleartextKeysetHandle::Write(keyset_writer->get(), keyset_handle);
*e7b1675dSTing-Kang Chang  if (!status.ok()) {
*e7b1675dSTing-Kang Chang    return status;
*e7b1675dSTing-Kang Chang  }
*e7b1675dSTing-Kang Chang  // TODO(tholenst): directly write into a secret data.
*e7b1675dSTing-Kang Chang  return util::SecretDataFromStringView(string_buf.str());
*e7b1675dSTing-Kang Chang}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Changcrypto::tink::util::StatusOr<KeysetHandle>
*e7b1675dSTing-Kang ChangParseKeysetWithoutSecretFromProtoKeysetFormat(
*e7b1675dSTing-Kang Chang    absl::string_view serialized_keyset) {
*e7b1675dSTing-Kang Chang  std::string keyset_copy = std::string(serialized_keyset);
*e7b1675dSTing-Kang Chang  crypto::tink::util::StatusOr<std::unique_ptr<KeysetHandle>> result =
*e7b1675dSTing-Kang Chang    KeysetHandle::ReadNoSecret(keyset_copy);
*e7b1675dSTing-Kang Chang  if (!result.ok()) {
*e7b1675dSTing-Kang Chang    return result.status();
*e7b1675dSTing-Kang Chang  }
*e7b1675dSTing-Kang Chang  return std::move(**result);
*e7b1675dSTing-Kang Chang}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Changcrypto::tink::util::StatusOr<std::string>
*e7b1675dSTing-Kang ChangSerializeKeysetWithoutSecretToProtoKeysetFormat(
*e7b1675dSTing-Kang Chang    const KeysetHandle& keyset_handle) {
*e7b1675dSTing-Kang Chang  std::stringbuf string_buf(std::ios_base::out);
*e7b1675dSTing-Kang Chang  crypto::tink::util::StatusOr<std::unique_ptr<BinaryKeysetWriter>>
*e7b1675dSTing-Kang Chang      keyset_writer = BinaryKeysetWriter::New(
*e7b1675dSTing-Kang Chang          std::make_unique<std::ostream>(&string_buf));
*e7b1675dSTing-Kang Chang  if (!keyset_writer.ok()) {
*e7b1675dSTing-Kang Chang    return keyset_writer.status();
*e7b1675dSTing-Kang Chang  }
*e7b1675dSTing-Kang Chang  crypto::tink::util::Status status =
*e7b1675dSTing-Kang Chang      keyset_handle.WriteNoSecret(keyset_writer->get());
*e7b1675dSTing-Kang Chang  if (!status.ok()) {
*e7b1675dSTing-Kang Chang    return status;
*e7b1675dSTing-Kang Chang  }
*e7b1675dSTing-Kang Chang  return string_buf.str();
*e7b1675dSTing-Kang Chang}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang}  // namespace tink
*e7b1675dSTing-Kang Chang}  // namespace crypto
*e7b1675dSTing-Kang Chang