1*e7b1675dSTing-Kang Chang// Copyright 2019 Google LLC 2*e7b1675dSTing-Kang Chang// 3*e7b1675dSTing-Kang Chang// Licensed under the Apache License, Version 2.0 (the "License"); 4*e7b1675dSTing-Kang Chang// you may not use this file except in compliance with the License. 5*e7b1675dSTing-Kang Chang// You may obtain a copy of the License at 6*e7b1675dSTing-Kang Chang// 7*e7b1675dSTing-Kang Chang// http://www.apache.org/licenses/LICENSE-2.0 8*e7b1675dSTing-Kang Chang// 9*e7b1675dSTing-Kang Chang// Unless required by applicable law or agreed to in writing, software 10*e7b1675dSTing-Kang Chang// distributed under the License is distributed on an "AS IS" BASIS, 11*e7b1675dSTing-Kang Chang// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*e7b1675dSTing-Kang Chang// See the License for the specific language governing permissions and 13*e7b1675dSTing-Kang Chang// limitations under the License. 14*e7b1675dSTing-Kang Chang// 15*e7b1675dSTing-Kang Chang//////////////////////////////////////////////////////////////////////////////// 16*e7b1675dSTing-Kang Chang 17*e7b1675dSTing-Kang Chang// Package insecurecleartextkeyset provides methods to read or write cleartext 18*e7b1675dSTing-Kang Chang// keyset material. 19*e7b1675dSTing-Kang Chang// 20*e7b1675dSTing-Kang Chang// This package contains dangerous functions, and is separate from the rest of 21*e7b1675dSTing-Kang Chang// Tink so that its usage can be restricted and audited. 22*e7b1675dSTing-Kang Changpackage insecurecleartextkeyset 23*e7b1675dSTing-Kang Chang 24*e7b1675dSTing-Kang Changimport ( 25*e7b1675dSTing-Kang Chang "errors" 26*e7b1675dSTing-Kang Chang 27*e7b1675dSTing-Kang Chang "github.com/google/tink/go/internal" 28*e7b1675dSTing-Kang Chang "github.com/google/tink/go/keyset" 29*e7b1675dSTing-Kang Chang tinkpb "github.com/google/tink/go/proto/tink_go_proto" 30*e7b1675dSTing-Kang Chang) 31*e7b1675dSTing-Kang Chang 32*e7b1675dSTing-Kang Changvar ( 33*e7b1675dSTing-Kang Chang keysetHandle = internal.KeysetHandle.(func(*tinkpb.Keyset, ...keyset.Option) (*keyset.Handle, error)) 34*e7b1675dSTing-Kang Chang keysetMaterial = internal.KeysetMaterial.(func(*keyset.Handle) *tinkpb.Keyset) 35*e7b1675dSTing-Kang Chang 36*e7b1675dSTing-Kang Chang errInvalidKeyset = errors.New("insecurecleartextkeyset: invalid keyset") 37*e7b1675dSTing-Kang Chang errInvalidHandle = errors.New("insecurecleartextkeyset: invalid handle") 38*e7b1675dSTing-Kang Chang errInvalidReader = errors.New("insecurecleartextkeyset: invalid reader") 39*e7b1675dSTing-Kang Chang errInvalidWriter = errors.New("insecurecleartextkeyset: invalid writer") 40*e7b1675dSTing-Kang Chang) 41*e7b1675dSTing-Kang Chang 42*e7b1675dSTing-Kang Chang// Read creates a keyset.Handle from a cleartext keyset obtained via r. 43*e7b1675dSTing-Kang Changfunc Read(r keyset.Reader, opts ...keyset.Option) (*keyset.Handle, error) { 44*e7b1675dSTing-Kang Chang if r == nil { 45*e7b1675dSTing-Kang Chang return nil, errInvalidReader 46*e7b1675dSTing-Kang Chang } 47*e7b1675dSTing-Kang Chang ks, err := r.Read() 48*e7b1675dSTing-Kang Chang if err != nil || ks == nil || len(ks.Key) == 0 { 49*e7b1675dSTing-Kang Chang return nil, errInvalidKeyset 50*e7b1675dSTing-Kang Chang } 51*e7b1675dSTing-Kang Chang return keysetHandle(ks, opts...) 52*e7b1675dSTing-Kang Chang} 53*e7b1675dSTing-Kang Chang 54*e7b1675dSTing-Kang Chang// Write exports the keyset from handle to the given writer w without encrypting it. 55*e7b1675dSTing-Kang Chang// 56*e7b1675dSTing-Kang Chang// Storing secret key material in an unencrypted fashion is dangerous. If 57*e7b1675dSTing-Kang Chang// feasible, you should use [keyset.Handle.Write] instead. 58*e7b1675dSTing-Kang Changfunc Write(handle *keyset.Handle, w keyset.Writer) error { 59*e7b1675dSTing-Kang Chang if handle == nil { 60*e7b1675dSTing-Kang Chang return errInvalidHandle 61*e7b1675dSTing-Kang Chang } 62*e7b1675dSTing-Kang Chang if w == nil { 63*e7b1675dSTing-Kang Chang return errInvalidWriter 64*e7b1675dSTing-Kang Chang } 65*e7b1675dSTing-Kang Chang return w.Write(KeysetMaterial(handle)) 66*e7b1675dSTing-Kang Chang} 67*e7b1675dSTing-Kang Chang 68*e7b1675dSTing-Kang Chang// KeysetMaterial returns the key material contained in a keyset.Handle. 69*e7b1675dSTing-Kang Changfunc KeysetMaterial(handle *keyset.Handle) *tinkpb.Keyset { 70*e7b1675dSTing-Kang Chang return keysetMaterial(handle) 71*e7b1675dSTing-Kang Chang} 72*e7b1675dSTing-Kang Chang 73*e7b1675dSTing-Kang Chang// KeysetHandle creates a keyset.Handle from cleartext key material. 74*e7b1675dSTing-Kang Chang// 75*e7b1675dSTing-Kang Chang// Callers should verify that the returned *keyset.Handle isn't nil. 76*e7b1675dSTing-Kang Chang// 77*e7b1675dSTing-Kang Chang// Deprecated: Use [Read] instead with a serialized keyset. 78*e7b1675dSTing-Kang Chang// 79*e7b1675dSTing-Kang Chang// sks, err := proto.Marshal(ks) 80*e7b1675dSTing-Kang Chang// if err != nil { 81*e7b1675dSTing-Kang Chang// return err 82*e7b1675dSTing-Kang Chang// } 83*e7b1675dSTing-Kang Chang// h, err := insecurecleartextkeyset.Read(keyset.NewBinaryReader(bytes.NewBuffer(sks))) 84*e7b1675dSTing-Kang Chang// if err != nil { 85*e7b1675dSTing-Kang Chang// return err 86*e7b1675dSTing-Kang Chang// } 87*e7b1675dSTing-Kang Changfunc KeysetHandle(ks *tinkpb.Keyset) *keyset.Handle { 88*e7b1675dSTing-Kang Chang kh, err := keysetHandle(ks) 89*e7b1675dSTing-Kang Chang if err != nil { 90*e7b1675dSTing-Kang Chang // this *keyset.Handle can only return errors when *keyset.Option arguments 91*e7b1675dSTing-Kang Chang // are provided. To maintain backwards compatibility and avoid panic, it returns 92*e7b1675dSTing-Kang Chang // a nil value if an error happens. 93*e7b1675dSTing-Kang Chang return nil 94*e7b1675dSTing-Kang Chang } 95*e7b1675dSTing-Kang Chang return kh 96*e7b1675dSTing-Kang Chang} 97