// // Decompiled by Procyon v0.6.0 // package com.google.crypto.tink.streamingaead; import com.google.protobuf.MessageLite; import com.google.protobuf.Parser; import com.google.crypto.tink.internal.LegacyKeyManagerImpl; import com.google.crypto.tink.proto.KeyData; import com.google.crypto.tink.subtle.AesGcmHkdfStreaming; import com.google.crypto.tink.internal.TinkBugException; import com.google.crypto.tink.KeyTemplate; import com.google.crypto.tink.internal.KeyManagerRegistry; import com.google.crypto.tink.internal.MutablePrimitiveRegistry; import com.google.crypto.tink.internal.MutableKeyCreationRegistry; import com.google.crypto.tink.internal.MutableParametersRegistry; import com.google.crypto.tink.streamingaead.internal.AesGcmHkdfStreamingProtoSerialization; import com.google.crypto.tink.config.internal.TinkFipsUtil; import java.util.Collections; import java.util.HashMap; import com.google.crypto.tink.Parameters; import java.util.Map; import com.google.crypto.tink.internal.Util; import com.google.crypto.tink.SecretKeyAccess; import java.io.InputStream; import com.google.crypto.tink.AccessesPartialKey; import java.security.GeneralSecurityException; import com.google.crypto.tink.util.SecretBytes; import javax.annotation.Nullable; import com.google.crypto.tink.internal.MutableKeyDerivationRegistry; import com.google.crypto.tink.internal.KeyCreator; import com.google.crypto.tink.KeyManager; import com.google.crypto.tink.StreamingAead; import com.google.crypto.tink.internal.PrimitiveConstructor; public final class AesGcmHkdfStreamingKeyManager { private static final PrimitiveConstructor AES_GCM_HKDF_STREAMING_AEAD_PRIMITIVE_CONSTRUCTOR; private static final KeyManager legacyKeyManager; private static final KeyCreator KEY_CREATOR; private static final MutableKeyDerivationRegistry.InsecureKeyCreator KEY_DERIVER; static String getKeyType() { return "type.googleapis.com/google.crypto.tink.AesGcmHkdfStreamingKey"; } @AccessesPartialKey private static AesGcmHkdfStreamingKey creatAesGcmHkdfStreamingKey(final AesGcmHkdfStreamingParameters parameters, @Nullable final Integer idRequirement) throws GeneralSecurityException { return AesGcmHkdfStreamingKey.create(parameters, SecretBytes.randomBytes(parameters.getKeySizeBytes())); } @AccessesPartialKey static AesGcmHkdfStreamingKey createAesGcmHkdfStreamingKeyFromRandomness(final AesGcmHkdfStreamingParameters parameters, final InputStream stream, @Nullable final Integer idRequirement, final SecretKeyAccess access) throws GeneralSecurityException { return AesGcmHkdfStreamingKey.create(parameters, Util.readIntoSecretBytes(stream, parameters.getKeySizeBytes(), access)); } private static Map namedParameters() throws GeneralSecurityException { final Map result = new HashMap(); result.put("AES128_GCM_HKDF_4KB", PredefinedStreamingAeadParameters.AES128_GCM_HKDF_4KB); result.put("AES128_GCM_HKDF_1MB", PredefinedStreamingAeadParameters.AES128_GCM_HKDF_1MB); result.put("AES256_GCM_HKDF_4KB", PredefinedStreamingAeadParameters.AES256_GCM_HKDF_4KB); result.put("AES256_GCM_HKDF_1MB", PredefinedStreamingAeadParameters.AES256_GCM_HKDF_1MB); return Collections.unmodifiableMap((Map)result); } public static void register(final boolean newKeyAllowed) throws GeneralSecurityException { if (!TinkFipsUtil.AlgorithmFipsCompatibility.ALGORITHM_NOT_FIPS.isCompatible()) { throw new GeneralSecurityException("Registering AES-GCM HKDF Streaming AEAD is not supported in FIPS mode"); } AesGcmHkdfStreamingProtoSerialization.register(); MutableParametersRegistry.globalInstance().putAll(namedParameters()); MutableKeyDerivationRegistry.globalInstance().add(AesGcmHkdfStreamingKeyManager.KEY_DERIVER, AesGcmHkdfStreamingParameters.class); MutableKeyCreationRegistry.globalInstance().add(AesGcmHkdfStreamingKeyManager.KEY_CREATOR, AesGcmHkdfStreamingParameters.class); MutablePrimitiveRegistry.globalInstance().registerPrimitiveConstructor(AesGcmHkdfStreamingKeyManager.AES_GCM_HKDF_STREAMING_AEAD_PRIMITIVE_CONSTRUCTOR); KeyManagerRegistry.globalInstance().registerKeyManager(AesGcmHkdfStreamingKeyManager.legacyKeyManager, newKeyAllowed); } public static final KeyTemplate aes128GcmHkdf4KBTemplate() { return TinkBugException.exceptionIsBug(() -> KeyTemplate.createFrom(AesGcmHkdfStreamingParameters.builder().setKeySizeBytes(16).setDerivedAesGcmKeySizeBytes(16).setCiphertextSegmentSizeBytes(4096).setHkdfHashType(AesGcmHkdfStreamingParameters.HashType.SHA256).build())); } public static final KeyTemplate aes128GcmHkdf1MBTemplate() { return TinkBugException.exceptionIsBug(() -> KeyTemplate.createFrom(AesGcmHkdfStreamingParameters.builder().setKeySizeBytes(16).setDerivedAesGcmKeySizeBytes(16).setCiphertextSegmentSizeBytes(1048576).setHkdfHashType(AesGcmHkdfStreamingParameters.HashType.SHA256).build())); } public static final KeyTemplate aes256GcmHkdf4KBTemplate() { return TinkBugException.exceptionIsBug(() -> KeyTemplate.createFrom(AesGcmHkdfStreamingParameters.builder().setKeySizeBytes(32).setDerivedAesGcmKeySizeBytes(32).setCiphertextSegmentSizeBytes(4096).setHkdfHashType(AesGcmHkdfStreamingParameters.HashType.SHA256).build())); } public static final KeyTemplate aes256GcmHkdf1MBTemplate() { return TinkBugException.exceptionIsBug(() -> KeyTemplate.createFrom(AesGcmHkdfStreamingParameters.builder().setKeySizeBytes(32).setDerivedAesGcmKeySizeBytes(32).setCiphertextSegmentSizeBytes(1048576).setHkdfHashType(AesGcmHkdfStreamingParameters.HashType.SHA256).build())); } private AesGcmHkdfStreamingKeyManager() { } static { AES_GCM_HKDF_STREAMING_AEAD_PRIMITIVE_CONSTRUCTOR = PrimitiveConstructor.create(AesGcmHkdfStreaming::create, AesGcmHkdfStreamingKey.class, StreamingAead.class); legacyKeyManager = LegacyKeyManagerImpl.create(getKeyType(), StreamingAead.class, KeyData.KeyMaterialType.SYMMETRIC, com.google.crypto.tink.proto.AesGcmHkdfStreamingKey.parser()); KEY_CREATOR = AesGcmHkdfStreamingKeyManager::creatAesGcmHkdfStreamingKey; KEY_DERIVER = AesGcmHkdfStreamingKeyManager::createAesGcmHkdfStreamingKeyFromRandomness; } }