1 // Copyright 2024 Google LLC 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 // 15 //////////////////////////////////////////////////////////////////////////////// 16 17 package com.google.crypto.tink.hybrid; 18 19 import com.google.crypto.tink.Configuration; 20 import com.google.crypto.tink.HybridDecrypt; 21 import com.google.crypto.tink.HybridEncrypt; 22 import com.google.crypto.tink.config.internal.TinkFipsUtil; 23 import com.google.crypto.tink.hybrid.internal.HpkeDecrypt; 24 import com.google.crypto.tink.hybrid.internal.HpkeEncrypt; 25 import com.google.crypto.tink.internal.InternalConfiguration; 26 import com.google.crypto.tink.internal.PrimitiveConstructor; 27 import com.google.crypto.tink.internal.PrimitiveRegistry; 28 import com.google.crypto.tink.subtle.EciesAeadHkdfHybridDecrypt; 29 import com.google.crypto.tink.subtle.EciesAeadHkdfHybridEncrypt; 30 import java.security.GeneralSecurityException; 31 32 /** 33 * HybridConfigurationV0 contains the following algorithms for HybridEncrypt/HybridDecrypt: 34 * 35 * <ul> 36 * <li>EciesAeadHkdf 37 * <li>Hpke 38 * </ul> 39 */ 40 /* Placeholder for internally public; DO NOT CHANGE. */ class HybridConfigurationV0 { HybridConfigurationV0()41 private HybridConfigurationV0() {} 42 43 private static final InternalConfiguration INTERNAL_CONFIGURATION = create(); 44 create()45 private static InternalConfiguration create() { 46 try { 47 PrimitiveRegistry.Builder builder = PrimitiveRegistry.builder(); 48 49 // Register HybridEncrypt wrapper and concrete primitives. 50 HybridEncryptWrapper.registerToInternalPrimitiveRegistry(builder); 51 builder.registerPrimitiveConstructor( 52 PrimitiveConstructor.create( 53 EciesAeadHkdfHybridEncrypt::create, EciesPublicKey.class, HybridEncrypt.class)); 54 builder.registerPrimitiveConstructor( 55 PrimitiveConstructor.create( 56 HpkeEncrypt::create, HpkePublicKey.class, HybridEncrypt.class)); 57 58 // Register HybridDecrypt wrapper and concrete primitives. 59 HybridDecryptWrapper.registerToInternalPrimitiveRegistry(builder); 60 builder.registerPrimitiveConstructor( 61 PrimitiveConstructor.create( 62 EciesAeadHkdfHybridDecrypt::create, EciesPrivateKey.class, HybridDecrypt.class)); 63 builder.registerPrimitiveConstructor( 64 PrimitiveConstructor.create( 65 HpkeDecrypt::create, HpkePrivateKey.class, HybridDecrypt.class)); 66 67 return InternalConfiguration.createFromPrimitiveRegistry(builder.build()); 68 } catch (GeneralSecurityException e) { 69 throw new IllegalStateException(e); 70 } 71 } 72 73 /** 74 * Returns an instance of the {@code HybridConfigurationV0}. 75 */ get()76 public static Configuration get() throws GeneralSecurityException { 77 if (TinkFipsUtil.useOnlyFips()) { 78 throw new GeneralSecurityException( 79 "Cannot use non-FIPS-compliant HybridConfigurationV0 in FIPS mode"); 80 } 81 return INTERNAL_CONFIGURATION; 82 } 83 } 84