1 // Copyright 2023 Google LLC 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 // 15 //////////////////////////////////////////////////////////////////////////////// 16 17 package com.google.tink1to2; 18 19 import com.google.crypto.tink.BinaryKeysetReader; 20 import com.google.crypto.tink.KeysetHandle; 21 import com.google.crypto.tink.KeysetReader; 22 import com.google.crypto.tink.TinkProtoKeysetFormat; 23 import com.google.crypto.tink.aead.AeadKeyTemplates; 24 import com.google.crypto.tink.aead.PredefinedAeadParameters; 25 import com.google.crypto.tink.daead.DeterministicAeadKeyTemplates; 26 import com.google.crypto.tink.daead.PredefinedDeterministicAeadParameters; 27 import com.google.crypto.tink.mac.MacKeyTemplates; 28 import com.google.crypto.tink.mac.PredefinedMacParameters; 29 import com.google.crypto.tink.streamingaead.PredefinedStreamingAeadParameters; 30 import com.google.crypto.tink.streamingaead.StreamingAeadKeyTemplates; 31 import com.google.errorprone.refaster.annotation.AfterTemplate; 32 import com.google.errorprone.refaster.annotation.BeforeTemplate; 33 import java.io.IOException; 34 import java.security.GeneralSecurityException; 35 36 // We keep all changes in one file due to https://github.com/google/error-prone/issues/552 37 final class AllChanges { 38 class CleanupKeysetHandleReaderNoSecret { 39 @BeforeTemplate beforeTemplate(byte[] b)40 public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException { 41 return KeysetHandle.readNoSecret(b); 42 } 43 44 @AfterTemplate afterTemplate(byte[] b)45 public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException { 46 return TinkProtoKeysetFormat.parseKeysetWithoutSecret(b); 47 } 48 } 49 50 /** 51 * If users first create a binary keyset reader from a byte[], then call readNoSecret, we can 52 * simply call the new function directly without any parsing. 53 */ 54 class CleanupKeysetHandleReadNoSecretReaderWithBinaryReader { 55 @BeforeTemplate beforeTemplate(byte[] bytes)56 public KeysetHandle beforeTemplate(byte[] bytes) throws GeneralSecurityException, IOException { 57 return KeysetHandle.readNoSecret(BinaryKeysetReader.withBytes(bytes)); 58 } 59 60 @AfterTemplate afterTemplate(byte[] bytes)61 public KeysetHandle afterTemplate(byte[] bytes) throws GeneralSecurityException, IOException { 62 return TinkProtoKeysetFormat.parseKeysetWithoutSecret(bytes); 63 } 64 } 65 /** For any other reader, we can always just call read. */ 66 class CleanupKeysetHandleReadNoSecretReader { 67 @BeforeTemplate beforeTemplate(KeysetReader reader)68 public KeysetHandle beforeTemplate(KeysetReader reader) 69 throws GeneralSecurityException, IOException { 70 return KeysetHandle.readNoSecret(reader); 71 } 72 73 @AfterTemplate afterTemplate(KeysetReader reader)74 public KeysetHandle afterTemplate(KeysetReader reader) 75 throws GeneralSecurityException, IOException { 76 return TinkProtoKeysetFormat.parseKeysetWithoutSecret(reader.read().toByteArray()); 77 } 78 } 79 80 class HMAC_SHA256_128BITTAG { 81 @BeforeTemplate beforeTemplate(byte[] b)82 public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException { 83 return KeysetHandle.generateNew(MacKeyTemplates.HMAC_SHA256_128BITTAG); 84 } 85 86 @AfterTemplate afterTemplate(byte[] b)87 public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException { 88 return KeysetHandle.generateNew(PredefinedMacParameters.HMAC_SHA256_128BITTAG); 89 } 90 } 91 92 class HMAC_SHA256_256BITTAG { 93 @BeforeTemplate beforeTemplate(byte[] b)94 public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException { 95 return KeysetHandle.generateNew(MacKeyTemplates.HMAC_SHA256_256BITTAG); 96 } 97 98 @AfterTemplate afterTemplate(byte[] b)99 public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException { 100 return KeysetHandle.generateNew(PredefinedMacParameters.HMAC_SHA256_256BITTAG); 101 } 102 } 103 104 class HMAC_SHA512_256BITTAG { 105 @BeforeTemplate beforeTemplate(byte[] b)106 public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException { 107 return KeysetHandle.generateNew(MacKeyTemplates.HMAC_SHA512_256BITTAG); 108 } 109 110 @AfterTemplate afterTemplate(byte[] b)111 public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException { 112 return KeysetHandle.generateNew(PredefinedMacParameters.HMAC_SHA512_256BITTAG); 113 } 114 } 115 116 class HMAC_SHA512_512BITTAG { 117 @BeforeTemplate beforeTemplate(byte[] b)118 public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException { 119 return KeysetHandle.generateNew(MacKeyTemplates.HMAC_SHA512_512BITTAG); 120 } 121 122 @AfterTemplate afterTemplate(byte[] b)123 public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException { 124 return KeysetHandle.generateNew(PredefinedMacParameters.HMAC_SHA512_512BITTAG); 125 } 126 } 127 128 class AES_CMAC { 129 @BeforeTemplate beforeTemplate(byte[] b)130 public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException { 131 return KeysetHandle.generateNew(MacKeyTemplates.AES_CMAC); 132 } 133 134 @AfterTemplate afterTemplate(byte[] b)135 public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException { 136 return KeysetHandle.generateNew(PredefinedMacParameters.AES_CMAC); 137 } 138 } 139 140 class AES128_GCM { 141 @BeforeTemplate beforeTemplate(byte[] b)142 public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException { 143 return KeysetHandle.generateNew(AeadKeyTemplates.AES128_GCM); 144 } 145 146 @AfterTemplate afterTemplate(byte[] b)147 public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException { 148 return KeysetHandle.generateNew(PredefinedAeadParameters.AES128_GCM); 149 } 150 } 151 152 class AES256_GCM { 153 @BeforeTemplate beforeTemplate(byte[] b)154 public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException { 155 return KeysetHandle.generateNew(AeadKeyTemplates.AES256_GCM); 156 } 157 158 @AfterTemplate afterTemplate(byte[] b)159 public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException { 160 return KeysetHandle.generateNew(PredefinedAeadParameters.AES256_GCM); 161 } 162 } 163 164 class AES128_EAX { 165 @BeforeTemplate beforeTemplate(byte[] b)166 public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException { 167 return KeysetHandle.generateNew(AeadKeyTemplates.AES128_EAX); 168 } 169 170 @AfterTemplate afterTemplate(byte[] b)171 public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException { 172 return KeysetHandle.generateNew(PredefinedAeadParameters.AES128_EAX); 173 } 174 } 175 176 class AES256_EAX { 177 @BeforeTemplate beforeTemplate(byte[] b)178 public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException { 179 return KeysetHandle.generateNew(AeadKeyTemplates.AES256_EAX); 180 } 181 182 @AfterTemplate afterTemplate(byte[] b)183 public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException { 184 return KeysetHandle.generateNew(PredefinedAeadParameters.AES256_EAX); 185 } 186 } 187 188 class AES128_CTR_HMAC_SHA256 { 189 @BeforeTemplate beforeTemplate(byte[] b)190 public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException { 191 return KeysetHandle.generateNew(AeadKeyTemplates.AES128_CTR_HMAC_SHA256); 192 } 193 194 @AfterTemplate afterTemplate(byte[] b)195 public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException { 196 return KeysetHandle.generateNew(PredefinedAeadParameters.AES128_CTR_HMAC_SHA256); 197 } 198 } 199 200 class AES256_CTR_HMAC_SHA256 { 201 @BeforeTemplate beforeTemplate(byte[] b)202 public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException { 203 return KeysetHandle.generateNew(AeadKeyTemplates.AES256_CTR_HMAC_SHA256); 204 } 205 206 @AfterTemplate afterTemplate(byte[] b)207 public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException { 208 return KeysetHandle.generateNew(PredefinedAeadParameters.AES256_CTR_HMAC_SHA256); 209 } 210 } 211 212 class CHACHA20_POLY1305 { 213 @BeforeTemplate beforeTemplate(byte[] b)214 public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException { 215 return KeysetHandle.generateNew(AeadKeyTemplates.CHACHA20_POLY1305); 216 } 217 218 @AfterTemplate afterTemplate(byte[] b)219 public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException { 220 return KeysetHandle.generateNew(PredefinedAeadParameters.CHACHA20_POLY1305); 221 } 222 } 223 224 class XCHACHA20_POLY1305 { 225 @BeforeTemplate beforeTemplate(byte[] b)226 public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException { 227 return KeysetHandle.generateNew(AeadKeyTemplates.XCHACHA20_POLY1305); 228 } 229 230 @AfterTemplate afterTemplate(byte[] b)231 public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException { 232 return KeysetHandle.generateNew(PredefinedAeadParameters.XCHACHA20_POLY1305); 233 } 234 } 235 236 class AES256_SIV { 237 @BeforeTemplate beforeTemplate(byte[] b)238 public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException { 239 return KeysetHandle.generateNew(DeterministicAeadKeyTemplates.AES256_SIV); 240 } 241 242 @AfterTemplate afterTemplate(byte[] b)243 public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException { 244 return KeysetHandle.generateNew(PredefinedDeterministicAeadParameters.AES256_SIV); 245 } 246 } 247 248 class AES128_CTR_HMAC_SHA256_4KB { 249 @BeforeTemplate beforeTemplate(byte[] b)250 public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException { 251 return KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES128_CTR_HMAC_SHA256_4KB); 252 } 253 254 @AfterTemplate afterTemplate(byte[] b)255 public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException { 256 return KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES128_CTR_HMAC_SHA256_4KB); 257 } 258 } 259 260 class AES128_CTR_HMAC_SHA256_1MB { 261 @BeforeTemplate beforeTemplate(byte[] b)262 public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException { 263 return KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES128_CTR_HMAC_SHA256_1MB); 264 } 265 266 @AfterTemplate afterTemplate(byte[] b)267 public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException { 268 return KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES128_CTR_HMAC_SHA256_1MB); 269 } 270 } 271 272 class AES256_CTR_HMAC_SHA256_4KB { 273 @BeforeTemplate beforeTemplate(byte[] b)274 public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException { 275 return KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES256_CTR_HMAC_SHA256_4KB); 276 } 277 278 @AfterTemplate afterTemplate(byte[] b)279 public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException { 280 return KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES256_CTR_HMAC_SHA256_4KB); 281 } 282 } 283 284 class AES256_CTR_HMAC_SHA256_1MB { 285 @BeforeTemplate beforeTemplate(byte[] b)286 public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException { 287 return KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES256_CTR_HMAC_SHA256_1MB); 288 } 289 290 @AfterTemplate afterTemplate(byte[] b)291 public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException { 292 return KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES256_CTR_HMAC_SHA256_1MB); 293 } 294 } 295 296 class AES128_GCM_HKDF_4KB { 297 @BeforeTemplate beforeTemplate(byte[] b)298 public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException { 299 return KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES128_GCM_HKDF_4KB); 300 } 301 302 @AfterTemplate afterTemplate(byte[] b)303 public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException { 304 return KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES128_GCM_HKDF_4KB); 305 } 306 } 307 308 class AES128_GCM_HKDF_1MB { 309 @BeforeTemplate beforeTemplate(byte[] b)310 public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException { 311 return KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES128_GCM_HKDF_1MB); 312 } 313 314 @AfterTemplate afterTemplate(byte[] b)315 public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException { 316 return KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES128_GCM_HKDF_1MB); 317 } 318 } 319 320 class AES256_GCM_HKDF_4KB { 321 @BeforeTemplate beforeTemplate(byte[] b)322 public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException { 323 return KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES256_GCM_HKDF_4KB); 324 } 325 326 @AfterTemplate afterTemplate(byte[] b)327 public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException { 328 return KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES256_GCM_HKDF_4KB); 329 } 330 } 331 332 class AES256_GCM_HKDF_1MB { 333 @BeforeTemplate beforeTemplate(byte[] b)334 public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException { 335 return KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES256_GCM_HKDF_1MB); 336 } 337 338 @AfterTemplate afterTemplate(byte[] b)339 public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException { 340 return KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES256_GCM_HKDF_1MB); 341 } 342 } 343 } 344