1 // Copyright 2023 Google LLC 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 // 15 //////////////////////////////////////////////////////////////////////////////// 16 17 package com.google.crypto.tink.streamingaead; 18 19 import com.google.crypto.tink.AccessesPartialKey; 20 import com.google.crypto.tink.Key; 21 import com.google.crypto.tink.util.SecretBytes; 22 import com.google.errorprone.annotations.RestrictedApi; 23 import java.security.GeneralSecurityException; 24 25 /** 26 * Represents a StreamingAead functions. 27 * 28 * <p>See https://developers.google.com/tink/streaming-aead/aes_gcm_hkdf_streaming. 29 */ 30 public final class AesGcmHkdfStreamingKey extends StreamingAeadKey { 31 private final AesGcmHkdfStreamingParameters parameters; 32 private final SecretBytes initialKeymaterial; 33 AesGcmHkdfStreamingKey( AesGcmHkdfStreamingParameters parameters, SecretBytes initialKeymaterial)34 private AesGcmHkdfStreamingKey( 35 AesGcmHkdfStreamingParameters parameters, SecretBytes initialKeymaterial) { 36 this.parameters = parameters; 37 this.initialKeymaterial = initialKeymaterial; 38 } 39 40 @RestrictedApi( 41 explanation = "Accessing parts of keys can produce unexpected incompatibilities, annotate the function with @AccessesPartialKey", 42 link = "https://developers.google.com/tink/design/access_control#accessing_partial_keys", 43 allowedOnPath = ".*Test\\.java", 44 allowlistAnnotations = {AccessesPartialKey.class}) create( AesGcmHkdfStreamingParameters parameters, SecretBytes initialKeymaterial)45 public static AesGcmHkdfStreamingKey create( 46 AesGcmHkdfStreamingParameters parameters, SecretBytes initialKeymaterial) 47 throws GeneralSecurityException { 48 49 if (parameters.getKeySizeBytes() != initialKeymaterial.size()) { 50 throw new GeneralSecurityException("Key size mismatch"); 51 } 52 return new AesGcmHkdfStreamingKey(parameters, initialKeymaterial); 53 } 54 55 @RestrictedApi( 56 explanation = "Accessing parts of keys can produce unexpected incompatibilities, annotate the function with @AccessesPartialKey", 57 link = "https://developers.google.com/tink/design/access_control#accessing_partial_keys", 58 allowedOnPath = ".*Test\\.java", 59 allowlistAnnotations = {AccessesPartialKey.class}) getInitialKeyMaterial()60 public SecretBytes getInitialKeyMaterial() { 61 return initialKeymaterial; 62 } 63 64 @Override getParameters()65 public AesGcmHkdfStreamingParameters getParameters() { 66 return parameters; 67 } 68 69 @Override equalsKey(Key o)70 public boolean equalsKey(Key o) { 71 if (!(o instanceof AesGcmHkdfStreamingKey)) { 72 return false; 73 } 74 AesGcmHkdfStreamingKey that = (AesGcmHkdfStreamingKey) o; 75 return that.parameters.equals(parameters) 76 && that.initialKeymaterial.equalsSecretBytes(initialKeymaterial); 77 } 78 } 79