1 // Copyright 2023 Google LLC 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 // 15 /////////////////////////////////////////////////////////////////////////////// 16 17 #ifndef TINK_INTERNAL_CONFIGURATION_IMPL_H_ 18 #define TINK_INTERNAL_CONFIGURATION_IMPL_H_ 19 20 #include "tink/configuration.h" 21 #include "tink/internal/key_type_info_store.h" 22 #include "tink/internal/keyset_wrapper_store.h" 23 24 namespace crypto { 25 namespace tink { 26 namespace internal { 27 28 constexpr absl::string_view kConfigurationImplErr = 29 "Use crypto::tink::Registry instead when in global registry mode."; 30 31 class ConfigurationImpl { 32 public: 33 template <class PW> AddPrimitiveWrapper(std::unique_ptr<PW> wrapper,crypto::tink::Configuration & config)34 static crypto::tink::util::Status AddPrimitiveWrapper( 35 std::unique_ptr<PW> wrapper, crypto::tink::Configuration& config) { 36 if (config.global_registry_mode_) { 37 return crypto::tink::util::Status(absl::StatusCode::kFailedPrecondition, 38 kConfigurationImplErr); 39 } 40 41 // Function `primitive_getter` must be defined here, since 42 // PW::InputPrimitive is not accessible later. 43 // TODO(b/284084337): Move primitive getter out of key manager. 44 std::function<crypto::tink::util::StatusOr< 45 std::unique_ptr<typename PW::InputPrimitive>>( 46 const google::crypto::tink::KeyData& key_data)> 47 primitive_getter = 48 [&config](const google::crypto::tink::KeyData& key_data) 49 -> crypto::tink::util::StatusOr< 50 std::unique_ptr<typename PW::InputPrimitive>> { 51 crypto::tink::util::StatusOr< 52 const crypto::tink::internal::KeyTypeInfoStore::Info*> 53 info = config.key_type_info_store_.Get(key_data.type_url()); 54 if (!info.ok()) { 55 return info.status(); 56 } 57 58 crypto::tink::util::StatusOr< 59 const crypto::tink::KeyManager<typename PW::InputPrimitive>*> 60 key_manager = (*info)->get_key_manager<typename PW::InputPrimitive>( 61 key_data.type_url()); 62 if (!key_manager.ok()) { 63 return key_manager.status(); 64 } 65 66 return (*key_manager)->GetPrimitive(key_data); 67 }; 68 69 return config.keyset_wrapper_store_ 70 .Add<typename PW::InputPrimitive, typename PW::Primitive>( 71 std::move(wrapper), primitive_getter); 72 } 73 74 template <class KM> AddKeyTypeManager(std::unique_ptr<KM> key_manager,crypto::tink::Configuration & config)75 static crypto::tink::util::Status AddKeyTypeManager( 76 std::unique_ptr<KM> key_manager, crypto::tink::Configuration& config) { 77 if (config.global_registry_mode_) { 78 return crypto::tink::util::Status(absl::StatusCode::kFailedPrecondition, 79 kConfigurationImplErr); 80 } 81 return config.key_type_info_store_.AddKeyTypeManager( 82 std::move(key_manager), /*new_key_allowed=*/true); 83 } 84 85 template <class PrivateKM, class PublicKM> AddAsymmetricKeyManagers(std::unique_ptr<PrivateKM> private_key_manager,std::unique_ptr<PublicKM> public_key_manager,crypto::tink::Configuration & config)86 static crypto::tink::util::Status AddAsymmetricKeyManagers( 87 std::unique_ptr<PrivateKM> private_key_manager, 88 std::unique_ptr<PublicKM> public_key_manager, 89 crypto::tink::Configuration& config) { 90 if (config.global_registry_mode_) { 91 return crypto::tink::util::Status(absl::StatusCode::kFailedPrecondition, 92 kConfigurationImplErr); 93 } 94 return config.key_type_info_store_.AddAsymmetricKeyTypeManagers( 95 std::move(private_key_manager), std::move(public_key_manager), 96 /*new_key_allowed=*/true); 97 } 98 99 static crypto::tink::util::StatusOr< 100 const crypto::tink::internal::KeyTypeInfoStore*> GetKeyTypeInfoStore(const crypto::tink::Configuration & config)101 GetKeyTypeInfoStore(const crypto::tink::Configuration& config) { 102 if (config.global_registry_mode_) { 103 return crypto::tink::util::Status(absl::StatusCode::kFailedPrecondition, 104 kConfigurationImplErr); 105 } 106 return &config.key_type_info_store_; 107 } 108 109 static crypto::tink::util::StatusOr< 110 const crypto::tink::internal::KeysetWrapperStore*> GetKeysetWrapperStore(const crypto::tink::Configuration & config)111 GetKeysetWrapperStore(const crypto::tink::Configuration& config) { 112 if (config.global_registry_mode_) { 113 return crypto::tink::util::Status(absl::StatusCode::kFailedPrecondition, 114 kConfigurationImplErr); 115 } 116 return &config.keyset_wrapper_store_; 117 } 118 119 // `config` can be set to global registry mode only if empty. SetGlobalRegistryMode(crypto::tink::Configuration & config)120 static crypto::tink::util::Status SetGlobalRegistryMode( 121 crypto::tink::Configuration& config) { 122 if (!config.key_type_info_store_.IsEmpty() || 123 !config.keyset_wrapper_store_.IsEmpty()) { 124 return crypto::tink::util::Status(absl::StatusCode::kFailedPrecondition, 125 "Using the global registry is only " 126 "allowed when Configuration is empty."); 127 } 128 config.global_registry_mode_ = true; 129 return crypto::tink::util::OkStatus(); 130 } 131 IsInGlobalRegistryMode(const crypto::tink::Configuration & config)132 static bool IsInGlobalRegistryMode( 133 const crypto::tink::Configuration& config) { 134 return config.global_registry_mode_; 135 } 136 }; 137 138 } // namespace internal 139 } // namespace tink 140 } // namespace crypto 141 142 #endif // TINK_INTERNAL_CONFIGURATION_IMPL_H_ 143