• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2017 Google Inc.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //      http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ////////////////////////////////////////////////////////////////////////////////
16 
17 package com.google.crypto.tink.streamingaead;
18 
19 import com.google.crypto.tink.config.TinkFips;
20 import com.google.crypto.tink.proto.RegistryConfig;
21 import com.google.errorprone.annotations.CanIgnoreReturnValue;
22 import java.security.GeneralSecurityException;
23 
24 /**
25  * Static methods and constants for registering with the {@link com.google.crypto.tink.Registry} all
26  * instances of {@link com.google.crypto.tink.StreamingAead} key types supported in a particular
27  * release of Tink.
28  *
29  * <p>To register all StreamingAead key types provided in the latest Tink version one can do:
30  *
31  * <pre>{@code
32  * StreamingAeadConfig.init();
33  * }</pre>
34  *
35  * <p>For more information on how to obtain and use instances of StreamingAead, see {@link
36  * StreamingAeadFactory}.
37  *
38  * @since 1.1.0
39  */
40 public final class StreamingAeadConfig {
41   public static final String AES_CTR_HMAC_STREAMINGAEAD_TYPE_URL =
42       initializeClassReturnInput("type.googleapis.com/google.crypto.tink.AesCtrHmacStreamingKey");
43   public static final String AES_GCM_HKDF_STREAMINGAEAD_TYPE_URL =
44       initializeClassReturnInput("type.googleapis.com/google.crypto.tink.AesGcmHkdfStreamingKey");
45 
46   /**
47    * @deprecated
48    */
49   @Deprecated
50   public static final RegistryConfig TINK_1_1_0 = RegistryConfig.getDefaultInstance();
51 
52   /** @since 1.2.0 */
53   public static final RegistryConfig LATEST = RegistryConfig.getDefaultInstance();
54 
55   static {
56     try {
init()57       init();
58     } catch (GeneralSecurityException e) {
59       throw new ExceptionInInitializerError(e);
60     }
61   }
62 
63   /**
64    * Returns the input, but crucially also calls the static initializer just above.
65    *
66    * <p>Before some refactorings, the string constants in this class were defined as: <code>
67    * private final static string AES_CTR_HMAC_AEAD_TYPE_URL = new SomeKeyMananger().get();
68    * </code>. After the refactorings, it would be tempting to define them as <code>
69    * AES_CTR_HMAC_AEAD_TYPE_URL = "...";</code> However, this would change the behavior. By the JLS
70    * §12.4.1, the static initializer of the class is called if "A static field declared by T is used
71    * and the field is not a constant variable". The §4.12.4 explains that a constant variable is a
72    * "final variable of type String which is initialized with a constant expression". Hence, after
73    * the above refactoring the initializer wouldn't be called anymore.
74    *
75    * <p>Because of this, we always call this function here to enforce calling the static
76    * initializer, i.e. to enforce that when a user accesses any of the variables here, the class is
77    * initialized.
78    */
79   @CanIgnoreReturnValue
initializeClassReturnInput(String s)80   private static String initializeClassReturnInput(String s) {
81     return s;
82   }
83 
84   /**
85    * Tries to register with the {@link com.google.crypto.tink.Registry} all instances of {@link
86    * com.google.crypto.tink.Catalogue} needed to handle StreamingAead key types supported in Tink.
87    *
88    * @deprecated use {@link #register}
89    */
90   @Deprecated
init()91   public static void init() throws GeneralSecurityException {
92     register();
93   }
94 
95   /**
96    * Tries to register with the {@link com.google.crypto.tink.Registry} all instances of {@link
97    * com.google.crypto.tink.Catalogue} needed to handle StreamingAead key types supported in Tink.
98    *
99    * @since 1.2.0
100    */
register()101   public static void register() throws GeneralSecurityException {
102     StreamingAeadWrapper.register();
103 
104     if (TinkFips.useOnlyFips()) {
105       // If Tink is built in FIPS-mode do not register algorithms which are not compatible.
106       // Currently there are no FIPS compliant Streaming AEADs available, therefore no
107       // key manager will be registered.
108       return;
109     }
110 
111     AesCtrHmacStreamingKeyManager.register(/* newKeyAllowed = */ true);
112     AesGcmHkdfStreamingKeyManager.register(/* newKeyAllowed = */ true);
113   }
114 
StreamingAeadConfig()115   private StreamingAeadConfig() {}
116 }
117