1 // Copyright 2024 Google LLC 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 // 15 //////////////////////////////////////////////////////////////////////////////// 16 17 package com.google.crypto.tink.daead; 18 19 import com.google.crypto.tink.Configuration; 20 import com.google.crypto.tink.DeterministicAead; 21 import com.google.crypto.tink.config.internal.TinkFipsUtil; 22 import com.google.crypto.tink.internal.InternalConfiguration; 23 import com.google.crypto.tink.internal.PrimitiveConstructor; 24 import com.google.crypto.tink.internal.PrimitiveRegistry; 25 import com.google.crypto.tink.subtle.AesSiv; 26 import java.security.GeneralSecurityException; 27 import java.security.InvalidAlgorithmParameterException; 28 29 /** 30 * DeterministicAeadConfigurationV0 contains the following algorithms for DeterministicAEAD: 31 * 32 * <ul> 33 * <li>AesSiv 34 * </ul> 35 */ 36 /* Placeholder for internally public; DO NOT CHANGE. */ class DeterministicAeadConfigurationV0 { DeterministicAeadConfigurationV0()37 private DeterministicAeadConfigurationV0() {} 38 39 private static final InternalConfiguration INTERNAL_CONFIGURATION = create(); 40 create()41 private static InternalConfiguration create() { 42 try { 43 PrimitiveRegistry.Builder builder = PrimitiveRegistry.builder(); 44 45 // Register DeterministicAead wrapper and concrete primitives. 46 DeterministicAeadWrapper.registerToInternalPrimitiveRegistry(builder); 47 builder.registerPrimitiveConstructor( 48 PrimitiveConstructor.create( 49 DeterministicAeadConfigurationV0::createDeterministicAead, 50 AesSivKey.class, 51 DeterministicAead.class)); 52 53 return InternalConfiguration.createFromPrimitiveRegistry(builder.build()); 54 } catch (GeneralSecurityException e) { 55 throw new IllegalStateException(e); 56 } 57 } 58 get()59 public static Configuration get() throws GeneralSecurityException { 60 if (TinkFipsUtil.useOnlyFips()) { 61 throw new GeneralSecurityException( 62 "Cannot use non-FIPS-compliant DeterministicAeadConfigurationV0 in FIPS mode"); 63 } 64 return INTERNAL_CONFIGURATION; 65 } 66 67 // We only allow 64-byte keys for AesSiv. 68 private static final int KEY_SIZE_IN_BYTES = 64; 69 createDeterministicAead(AesSivKey key)70 private static DeterministicAead createDeterministicAead(AesSivKey key) 71 throws GeneralSecurityException { 72 if (key.getParameters().getKeySizeBytes() != KEY_SIZE_IN_BYTES) { 73 throw new InvalidAlgorithmParameterException( 74 "invalid key size: " 75 + key.getParameters().getKeySizeBytes() 76 + ". Valid keys must have " 77 + KEY_SIZE_IN_BYTES 78 + " bytes."); 79 } 80 return AesSiv.create(key); 81 } 82 } 83