1 // Copyright 2023 Google Inc. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 // 15 //////////////////////////////////////////////////////////////////////////////// 16 17 package com.google.crypto.tink.aead; 18 19 import com.google.crypto.tink.Key; 20 import com.google.crypto.tink.util.Bytes; 21 import java.nio.ByteBuffer; 22 import java.security.GeneralSecurityException; 23 import java.util.Objects; 24 import javax.annotation.Nullable; 25 26 /** 27 * Describes an Aead backed by a KMS. 28 * 29 * <p>The KMS is specified by {@code getParameters().getKeyUri()}. When creating an Aead from this 30 * object, Tink looks an {@link com.google.crypto.tink.KmsClient} in the global table of {@link 31 * com.google.crypto.tink.KmsClients}. This means that the key is inappropriate in cases where there 32 * are multiple KMS backends or multiple credentials in a binary. Because of this, we recommend to 33 * create the {@link Aead} directly from the KmsClient you need. 34 */ 35 public class LegacyKmsAeadKey extends AeadKey { 36 private final LegacyKmsAeadParameters parameters; 37 private final Bytes outputPrefix; 38 @Nullable private final Integer idRequirement; 39 LegacyKmsAeadKey( LegacyKmsAeadParameters parameters, Bytes outputPrefix, @Nullable Integer idRequirement)40 private LegacyKmsAeadKey( 41 LegacyKmsAeadParameters parameters, Bytes outputPrefix, @Nullable Integer idRequirement) { 42 this.parameters = parameters; 43 this.outputPrefix = outputPrefix; 44 this.idRequirement = idRequirement; 45 } 46 create( LegacyKmsAeadParameters parameters, @Nullable Integer idRequirement)47 public static LegacyKmsAeadKey create( 48 LegacyKmsAeadParameters parameters, @Nullable Integer idRequirement) 49 throws GeneralSecurityException { 50 Bytes outputPrefix; 51 if (parameters.variant() == LegacyKmsAeadParameters.Variant.TINK) { 52 if (idRequirement == null) { 53 throw new GeneralSecurityException( 54 "For given Variant TINK the value of idRequirement must be non-null"); 55 } 56 outputPrefix = 57 Bytes.copyFrom(ByteBuffer.allocate(5).put((byte) 1).putInt(idRequirement).array()); 58 } else if (parameters.variant() == LegacyKmsAeadParameters.Variant.NO_PREFIX) { 59 if (idRequirement != null) { 60 throw new GeneralSecurityException( 61 "For given Variant NO_PREFIX the value of idRequirement must be null"); 62 } 63 outputPrefix = Bytes.copyFrom(new byte[] {}); 64 } else { 65 throw new GeneralSecurityException("Unknown Variant: " + parameters.variant()); 66 } 67 return new LegacyKmsAeadKey(parameters, outputPrefix, idRequirement); 68 } 69 create(LegacyKmsAeadParameters parameters)70 public static LegacyKmsAeadKey create(LegacyKmsAeadParameters parameters) 71 throws GeneralSecurityException { 72 return create(parameters, null); 73 } 74 75 @Override getOutputPrefix()76 public Bytes getOutputPrefix() { 77 return outputPrefix; 78 } 79 80 @Override getParameters()81 public LegacyKmsAeadParameters getParameters() { 82 return parameters; 83 } 84 85 @Override getIdRequirementOrNull()86 public Integer getIdRequirementOrNull() { 87 return idRequirement; 88 } 89 90 @Override equalsKey(Key o)91 public boolean equalsKey(Key o) { 92 if (!(o instanceof LegacyKmsAeadKey)) { 93 return false; 94 } 95 LegacyKmsAeadKey that = (LegacyKmsAeadKey) o; 96 return that.parameters.equals(parameters) && Objects.equals(that.idRequirement, idRequirement); 97 } 98 } 99