1 // Copyright 2020 Google LLC 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 // 15 //////////////////////////////////////////////////////////////////////////////// 16 17 package com.google.crypto.tink.keyderivation; 18 19 import com.google.crypto.tink.config.TinkFips; 20 import com.google.crypto.tink.keyderivation.internal.PrfBasedDeriverKeyManager; 21 import com.google.crypto.tink.prf.HkdfPrfKeyManager; 22 import java.security.GeneralSecurityException; 23 24 /** 25 * Static methods and constants for registering with the {@link com.google.crypto.tink.Registry} all 26 * instances of {@link KeysetDeriver} key types supported in a particular release of Tink. 27 * 28 * <p>To register all {@link KeysetDeriver} key types provided in the latest Tink version one can 29 * do: 30 * 31 * <pre>{@code 32 * KeyDerivationConfig.register(); 33 * }</pre> 34 * 35 * <p>For more information on how to obtain and use instances of {@link KeysetDeriver}, see {@link 36 * com.google.crypto.tink.KeysetHandle#getPrimitive}. 37 */ 38 public final class KeyDerivationConfig { 39 /** 40 * Tries to register with the {@link com.google.crypto.tink.Registry} all instances of {@link 41 * com.google.crypto.tink.KeyManager} needed to handle KeysetDeriver key types supported in Tink. 42 */ register()43 public static void register() throws GeneralSecurityException { 44 // Register primitive wrappers. 45 com.google.crypto.tink.keyderivation.internal.KeysetDeriverWrapper.register(); 46 47 if (TinkFips.useOnlyFips()) { 48 // If Tink is built in FIPS-mode do not register algorithms which are not compatible. 49 // Currently there are no FIPS-compliant key derivation primitives available, therefore no 50 // key manager will be registered. 51 return; 52 } 53 54 // Register required key manager for PrfBasedDeriverKeyManager. 55 HkdfPrfKeyManager.register(/* newKeyAllowed= */ true); 56 57 // Register key managers. 58 PrfBasedDeriverKeyManager.register(/* newKeyAllowed= */ true); 59 } 60 KeyDerivationConfig()61 private KeyDerivationConfig() {} 62 } 63