1 // Copyright 2022 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ///////////////////////////////////////////////////////////////////////////////
16
17 #include "walkthrough/obtain_and_use_a_primitive.h"
18
19 // [START tink_walkthrough_obtain_and_use_a_primitive]
20 #include <iostream>
21 #include <memory>
22 #include <string>
23 #include <utility>
24
25 #include "absl/strings/string_view.h"
26 #include "tink/aead.h"
27 #include "tink/keyset_handle.h"
28 #include "tink/util/statusor.h"
29
30 namespace tink_walkthrough {
31
32 using ::crypto::tink::Aead;
33 using ::crypto::tink::KeysetHandle;
34 using ::crypto::tink::util::StatusOr;
35
36 // AEAD encrypts `plaintext` with `associated_data` and the primary key in
37 // `keyset_handle`.
38 //
39 // Prerequisites for this example:
40 // - Register AEAD implementations of Tink.
41 // - Create a keyset and get a handle to it.
AeadEncrypt(const KeysetHandle & keyset_handle,absl::string_view palintext,absl::string_view associated_data)42 StatusOr<std::string> AeadEncrypt(const KeysetHandle& keyset_handle,
43 absl::string_view palintext,
44 absl::string_view associated_data) {
45 // To facilitate key rotation, GetPrimitive returns an Aead primitive that
46 // "wraps" multiple Aead primitives in the keyset. When encrypting it uses the
47 // primary key.
48 StatusOr<std::unique_ptr<Aead>> aead = keyset_handle.GetPrimitive<Aead>();
49 if (!aead.ok()) return aead.status();
50 return (*aead)->Encrypt(palintext, associated_data);
51 }
52
53 // AEAD decrypts `ciphertext` with `associated_data` and the correct key in
54 // `keyset_handle`.
55 //
56 // Prerequisites for this example:
57 // - Register AEAD implementations of Tink.
58 // - Create a keyset and get a handle to it.
AeadDecrypt(const KeysetHandle & keyset_handle,absl::string_view ciphertext,absl::string_view associated_data)59 StatusOr<std::string> AeadDecrypt(const KeysetHandle& keyset_handle,
60 absl::string_view ciphertext,
61 absl::string_view associated_data) {
62 // To facilitate key rotation, GetPrimitive returns an Aead primitive that
63 // "wraps" multiple Aead primitives in the keyset. When decrypting it uses the
64 // key that was used to encrypt using the key ID contained in the ciphertext.
65 StatusOr<std::unique_ptr<Aead>> aead = keyset_handle.GetPrimitive<Aead>();
66 if (!aead.ok()) return aead.status();
67 return (*aead)->Decrypt(ciphertext, associated_data);
68 }
69
70 } // namespace tink_walkthrough
71 // [END tink_walkthrough_obtain_and_use_a_primitive]
72