xref: /aosp_15_r20/external/tink/java_src/examples/mac/MacExample.java (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1 /**
2  * Copyright 2021 Google LLC
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
5  * in compliance with the License. You may obtain a copy of the License at
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software distributed under the License
10  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
11  * or implied. See the License for the specific language governing permissions and limitations under
12  * the License.
13  */
14 // [START mac-example]
15 package mac;
16 
17 import static java.nio.charset.StandardCharsets.UTF_8;
18 
19 import com.google.crypto.tink.InsecureSecretKeyAccess;
20 import com.google.crypto.tink.KeysetHandle;
21 import com.google.crypto.tink.Mac;
22 import com.google.crypto.tink.TinkJsonProtoKeysetFormat;
23 import com.google.crypto.tink.mac.MacConfig;
24 import java.nio.file.Files;
25 import java.nio.file.Path;
26 import java.nio.file.Paths;
27 
28 /**
29  * A command-line utility for checking file integrity with a Message Authentication Code (MAC).
30  *
31  * <p>It loads cleartext keys from disk - this is not recommended!
32  *
33  * <p>It requires the following arguments:
34  *
35  * <ul>
36  *   <li>mode: either 'compute' or 'verify'.
37  *   <li>key-file: Read the key material from this file.
38  *   <li>input-file: Read the input from this file.
39  *   <li>mac-file: name of the file containing a hexadecimal MAC of the input data.
40  */
41 public final class MacExample {
main(String[] args)42   public static void main(String[] args) throws Exception {
43     if (args.length != 4) {
44       System.err.printf("Expected 4 parameters, got %d\n", args.length);
45       System.err.println("Usage: java MacExample compute/verify key-file input-file mac-file");
46       System.exit(1);
47     }
48     String mode = args[0];
49     if (!mode.equals("compute") && !mode.equals("verify")) {
50       System.err.println("Incorrect mode. Please select compute or verify.");
51       System.exit(1);
52     }
53     Path keyFile = Paths.get(args[1]);
54     byte[] msg = Files.readAllBytes(Paths.get(args[2]));
55     Path macFile = Paths.get(args[3]);
56 
57     // Register all MAC key types with the Tink runtime.
58     MacConfig.register();
59 
60     // Read the keyset into a KeysetHandle.
61     KeysetHandle handle =
62         TinkJsonProtoKeysetFormat.parseKeyset(
63             new String(Files.readAllBytes(keyFile), UTF_8), InsecureSecretKeyAccess.get());
64 
65     // Get the primitive.
66     Mac macPrimitive = handle.getPrimitive(Mac.class);
67 
68     if (mode.equals("compute")) {
69       byte[] macTag = macPrimitive.computeMac(msg);
70       Files.write(macFile, macTag);
71     } else {
72       byte[] macTag = Files.readAllBytes(macFile);
73       // This will throw a GeneralSecurityException if verification fails.
74       macPrimitive.verifyMac(macTag, msg);
75     }
76   }
77 
MacExample()78   private MacExample() {}
79 }
80 // [END mac-example]
81