• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2017 Google Inc.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //      http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ////////////////////////////////////////////////////////////////////////////////
16 
17 package com.google.crypto.tink.daead;
18 
19 import com.google.crypto.tink.config.TinkFips;
20 import com.google.crypto.tink.proto.RegistryConfig;
21 import com.google.errorprone.annotations.CanIgnoreReturnValue;
22 import com.google.errorprone.annotations.InlineMe;
23 import java.security.GeneralSecurityException;
24 
25 /**
26  * Static methods and constants for registering with the {@link com.google.crypto.tink.Registry} all
27  * instances of {@link com.google.crypto.tink.DeterministicAead} key types supported in a particular
28  * release of Tink.
29  *
30  * <p>To register all DeterministicAead key types provided in the latest Tink version one can do:
31  *
32  * <pre>{@code
33  * DeterministicAeadConfig.register();
34  * }</pre>
35  *
36  * <p>For more information on how to obtain and use instances of DeterministicAead, see {@link
37  * com.google.crypto.tink.KeysetHandle#getPrimitive}.
38  *
39  * @since 1.1.0
40  */
41 public final class DeterministicAeadConfig {
42   public static final String AES_SIV_TYPE_URL =
43       initializeClassReturnInput("type.googleapis.com/google.crypto.tink.AesSivKey");
44 
45   /**
46    * @deprecated use {@link #register}
47    */
48   @Deprecated
49   public static final RegistryConfig TINK_1_1_0 = RegistryConfig.getDefaultInstance();
50 
51   /**
52    * @deprecated use {@link #register}
53    * @since 1.2.0
54    */
55   @Deprecated
56   public static final RegistryConfig LATEST = RegistryConfig.getDefaultInstance();
57 
58   static {
59     try {
register()60       register();
61     } catch (GeneralSecurityException e) {
62       throw new ExceptionInInitializerError(e);
63     }
64   }
65 
66   /**
67    * Returns the input, but crucially also calls the static initializer just above.
68    *
69    * <p>Before some refactorings, the string constants in this class were defined as: <code>
70    * private final static string AES_CTR_HMAC_AEAD_TYPE_URL = new SomeKeyMananger().get();
71    * </code>. After the refactorings, it would be tempting to define them as <code>
72    * AES_CTR_HMAC_AEAD_TYPE_URL = "...";</code> However, this would change the behavior. By the JLS
73    * §12.4.1, the static initializer of the class is called if "A static field declared by T is used
74    * and the field is not a constant variable". The §4.12.4 explains that a constant variable is a
75    * "final variable of type String which is initialized with a constant expression". Hence, after
76    * the above refactoring the initializer wouldn't be called anymore.
77    *
78    * <p>Because of this, we always call this function here to enforce calling the static
79    * initializer, i.e. to enforce that when a user accesses any of the variables here, the class is
80    * initialized.
81    */
82   @CanIgnoreReturnValue
initializeClassReturnInput(String s)83   private static String initializeClassReturnInput(String s) {
84     return s;
85   }
86 
87   /**
88    * Tries to register with the {@link com.google.crypto.tink.Registry} all instances of {@link
89    * com.google.crypto.tink.Catalogue} needed to handle DeterministicAead key types supported in
90    * Tink.
91    *
92    * <p>Because DeterministicAead key types depend on {@link com.google.crypto.tink.Mac} key types,
93    * this method also registers all Mac catalogues.
94    *
95    * @deprecated use {@link #register}
96    */
97   @InlineMe(
98       replacement = "DeterministicAeadConfig.register()",
99       imports = "com.google.crypto.tink.daead.DeterministicAeadConfig")
100   @Deprecated
init()101   public static void init() throws GeneralSecurityException {
102     register();
103   }
104 
105   /**
106    * Tries to register with the {@link com.google.crypto.tink.Registry} all instances of {@link
107    * com.google.crypto.tink.Catalogue} needed to handle DeterministicAead key types supported in
108    * Tink.
109    *
110    * @since 1.2.0
111    */
register()112   public static void register() throws GeneralSecurityException {
113     DeterministicAeadWrapper.register();
114 
115     if (TinkFips.useOnlyFips()) {
116       // If Tink is built in FIPS-mode do not register algorithms which are not compatible.
117       // Currently there are no determinstic AEADs which are compatible and therefore none will
118       // be registered.
119       return;
120     }
121     AesSivKeyManager.register(/* newKeyAllowed = */ true);
122   }
123 
DeterministicAeadConfig()124   private DeterministicAeadConfig() {}
125 }
126