diff options
author | tholenst <tholenst@google.com> | 2023-04-27 02:46:04 -0700 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2023-04-27 02:47:06 -0700 |
commit | 273933a9404721cf2edf4c830093014312bbe3b5 (patch) | |
tree | 3b560495129f85a564cc60fef6c5e390573e8456 /java_src/tools | |
parent | 39ecc214ccb8276fc1f770a9e9a90ad3a35aede7 (diff) | |
download | tink-273933a9404721cf2edf4c830093014312bbe3b5.tar.gz |
Add refaster templates for DeterministicAead and StreamingAead key templates.
PiperOrigin-RevId: 527521178
Diffstat (limited to 'java_src/tools')
4 files changed, 156 insertions, 4 deletions
diff --git a/java_src/tools/refaster/README.md b/java_src/tools/refaster/README.md index b89f3668f..b2ffb91e3 100644 --- a/java_src/tools/refaster/README.md +++ b/java_src/tools/refaster/README.md @@ -20,7 +20,6 @@ integration tests. ```bash -tink_version="1.9.0" errorprone_version="2.18.0" ## STEP 0: Switch to a directory so the remainder of the script can be run @@ -35,15 +34,18 @@ mkdir jars pushd jars maven_base="repo1.maven.org/maven2/com/google" -tink_jar="tink-${tink_version}.jar" -tink_sha256="8faf92d116a0ba138ee4e99a7418e985897818c2f6a9d4c01b8fe6b07db60eb7" +# We download Tink from Head because Tink 1.9 does not have all key templates +# This URL is found by going to https://oss.sonatype.org/ and browsing. +tink_jar="tink-HEAD-20230426.095746-3687.jar" +tink_url="https://oss.sonatype.org/service/local/repositories/snapshots/content/com/google/crypto/tink/tink/HEAD-SNAPSHOT/tink-HEAD-20230426.095746-3687.jar" +tink_sha256="d88bbb07f02d3c55f9edc2a3450a1d6c8ff59c2cbe00d2d8b5628bdc67c0638f" refaster_jar="error_prone_refaster-${errorprone_version}.jar" refaster_sha256="0cde0a3db5c2f748fae4633ccd8c66a9ba9c5a0f7a380c9104b99372fd0c4959" errorprone_jar="error_prone_core-${errorprone_version}-with-dependencies.jar" errorprone_sha256="2b3f2d21e7754bece946cf8f7b0e2b2f805c46f58b4839eb302c3d2498a3a55e" -wget "https://${maven_base}/crypto/tink/tink/${tink_version}/${tink_jar}" +wget "${tink_url}" echo "${tink_sha256} ${tink_jar}" | sha256sum -c wget "https://${maven_base}/errorprone/error_prone_refaster/${errorprone_version}/${refaster_jar}" diff --git a/java_src/tools/refaster/java/com/google/tink1_templates/AllChanges.java b/java_src/tools/refaster/java/com/google/tink1_templates/AllChanges.java index b4dd61d82..0e23cc9b4 100644 --- a/java_src/tools/refaster/java/com/google/tink1_templates/AllChanges.java +++ b/java_src/tools/refaster/java/com/google/tink1_templates/AllChanges.java @@ -22,8 +22,12 @@ import com.google.crypto.tink.KeysetReader; import com.google.crypto.tink.TinkProtoKeysetFormat; import com.google.crypto.tink.aead.AeadKeyTemplates; import com.google.crypto.tink.aead.PredefinedAeadParameters; +import com.google.crypto.tink.daead.DeterministicAeadKeyTemplates; +import com.google.crypto.tink.daead.PredefinedDeterministicAeadParameters; import com.google.crypto.tink.mac.MacKeyTemplates; import com.google.crypto.tink.mac.PredefinedMacParameters; +import com.google.crypto.tink.streamingaead.PredefinedStreamingAeadParameters; +import com.google.crypto.tink.streamingaead.StreamingAeadKeyTemplates; import com.google.errorprone.refaster.annotation.AfterTemplate; import com.google.errorprone.refaster.annotation.BeforeTemplate; import java.io.IOException; @@ -52,6 +56,7 @@ final class AllChanges { public KeysetHandle beforeTemplate(byte[] bytes) throws GeneralSecurityException, IOException { return KeysetHandle.readNoSecret(BinaryKeysetReader.withBytes(bytes)); } + @AfterTemplate public KeysetHandle afterTemplate(byte[] bytes) throws GeneralSecurityException, IOException { return TinkProtoKeysetFormat.parseKeysetWithoutSecret(bytes); @@ -64,6 +69,7 @@ final class AllChanges { throws GeneralSecurityException, IOException { return KeysetHandle.readNoSecret(reader); } + @AfterTemplate public KeysetHandle afterTemplate(KeysetReader reader) throws GeneralSecurityException, IOException { @@ -226,4 +232,112 @@ final class AllChanges { return KeysetHandle.generateNew(PredefinedAeadParameters.XCHACHA20_POLY1305); } } + + class AES256_SIV { + @BeforeTemplate + public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException { + return KeysetHandle.generateNew(DeterministicAeadKeyTemplates.AES256_SIV); + } + + @AfterTemplate + public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException { + return KeysetHandle.generateNew(PredefinedDeterministicAeadParameters.AES256_SIV); + } + } + + class AES128_CTR_HMAC_SHA256_4KB { + @BeforeTemplate + public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException { + return KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES128_CTR_HMAC_SHA256_4KB); + } + + @AfterTemplate + public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException { + return KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES128_CTR_HMAC_SHA256_4KB); + } + } + + class AES128_CTR_HMAC_SHA256_1MB { + @BeforeTemplate + public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException { + return KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES128_CTR_HMAC_SHA256_1MB); + } + + @AfterTemplate + public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException { + return KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES128_CTR_HMAC_SHA256_1MB); + } + } + + class AES256_CTR_HMAC_SHA256_4KB { + @BeforeTemplate + public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException { + return KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES256_CTR_HMAC_SHA256_4KB); + } + + @AfterTemplate + public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException { + return KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES256_CTR_HMAC_SHA256_4KB); + } + } + + class AES256_CTR_HMAC_SHA256_1MB { + @BeforeTemplate + public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException { + return KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES256_CTR_HMAC_SHA256_1MB); + } + + @AfterTemplate + public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException { + return KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES256_CTR_HMAC_SHA256_1MB); + } + } + + class AES128_GCM_HKDF_4KB { + @BeforeTemplate + public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException { + return KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES128_GCM_HKDF_4KB); + } + + @AfterTemplate + public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException { + return KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES128_GCM_HKDF_4KB); + } + } + + class AES128_GCM_HKDF_1MB { + @BeforeTemplate + public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException { + return KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES128_GCM_HKDF_1MB); + } + + @AfterTemplate + public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException { + return KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES128_GCM_HKDF_1MB); + } + } + + class AES256_GCM_HKDF_4KB { + @BeforeTemplate + public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException { + return KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES256_GCM_HKDF_4KB); + } + + @AfterTemplate + public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException { + return KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES256_GCM_HKDF_4KB); + } + } + + class AES256_GCM_HKDF_1MB { + @BeforeTemplate + public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException { + return KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES256_GCM_HKDF_1MB); + } + + @AfterTemplate + public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException { + return KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES256_GCM_HKDF_1MB); + } + } } diff --git a/java_src/tools/refaster/java/com/google/tinkuser/TinkUser.java b/java_src/tools/refaster/java/com/google/tinkuser/TinkUser.java index b94f550f1..67b207826 100644 --- a/java_src/tools/refaster/java/com/google/tinkuser/TinkUser.java +++ b/java_src/tools/refaster/java/com/google/tinkuser/TinkUser.java @@ -21,7 +21,9 @@ import com.google.crypto.tink.BinaryKeysetReader; import com.google.crypto.tink.KeysetHandle; import com.google.crypto.tink.KeysetReader; import com.google.crypto.tink.aead.AeadKeyTemplates; +import com.google.crypto.tink.daead.DeterministicAeadKeyTemplates; import com.google.crypto.tink.mac.MacKeyTemplates; +import com.google.crypto.tink.streamingaead.StreamingAeadKeyTemplates; import java.io.IOException; import java.security.GeneralSecurityException; @@ -55,4 +57,19 @@ public final class TinkUser { Object g = KeysetHandle.generateNew(AeadKeyTemplates.CHACHA20_POLY1305); Object h = KeysetHandle.generateNew(AeadKeyTemplates.XCHACHA20_POLY1305); } + + public void deterministicAeadKeyTemplateUser() throws Exception { + Object a = KeysetHandle.generateNew(DeterministicAeadKeyTemplates.AES256_SIV); + } + + public void streamingAeadKeyTemplateUser() throws Exception { + Object a = KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES128_CTR_HMAC_SHA256_4KB); + Object b = KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES128_CTR_HMAC_SHA256_1MB); + Object c = KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES256_CTR_HMAC_SHA256_4KB); + Object d = KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES256_CTR_HMAC_SHA256_1MB); + Object e = KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES128_GCM_HKDF_4KB); + Object f = KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES128_GCM_HKDF_1MB); + Object g = KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES256_GCM_HKDF_4KB); + Object h = KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES256_GCM_HKDF_1MB); + } } diff --git a/java_src/tools/refaster/java/com/google/tinkuser/TinkUser.java_expected b/java_src/tools/refaster/java/com/google/tinkuser/TinkUser.java_expected index c4aaa137e..df1829683 100644 --- a/java_src/tools/refaster/java/com/google/tinkuser/TinkUser.java_expected +++ b/java_src/tools/refaster/java/com/google/tinkuser/TinkUser.java_expected @@ -23,8 +23,12 @@ import com.google.crypto.tink.KeysetReader; import com.google.crypto.tink.TinkProtoKeysetFormat; import com.google.crypto.tink.aead.AeadKeyTemplates; import com.google.crypto.tink.aead.PredefinedAeadParameters; +import com.google.crypto.tink.daead.DeterministicAeadKeyTemplates; +import com.google.crypto.tink.daead.PredefinedDeterministicAeadParameters; import com.google.crypto.tink.mac.MacKeyTemplates; import com.google.crypto.tink.mac.PredefinedMacParameters; +import com.google.crypto.tink.streamingaead.PredefinedStreamingAeadParameters; +import com.google.crypto.tink.streamingaead.StreamingAeadKeyTemplates; import java.io.IOException; import java.security.GeneralSecurityException; @@ -58,4 +62,19 @@ public final class TinkUser { Object g = KeysetHandle.generateNew(PredefinedAeadParameters.CHACHA20_POLY1305); Object h = KeysetHandle.generateNew(PredefinedAeadParameters.XCHACHA20_POLY1305); } + + public void deterministicAeadKeyTemplateUser() throws Exception { + Object a = KeysetHandle.generateNew(PredefinedDeterministicAeadParameters.AES256_SIV); + } + + public void streamingAeadKeyTemplateUser() throws Exception { + Object a = KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES128_CTR_HMAC_SHA256_4KB); + Object b = KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES128_CTR_HMAC_SHA256_1MB); + Object c = KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES256_CTR_HMAC_SHA256_4KB); + Object d = KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES256_CTR_HMAC_SHA256_1MB); + Object e = KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES128_GCM_HKDF_4KB); + Object f = KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES128_GCM_HKDF_1MB); + Object g = KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES256_GCM_HKDF_4KB); + Object h = KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES256_GCM_HKDF_1MB); + } } |