1 // Copyright 2017 Google Inc. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 // 15 /////////////////////////////////////////////////////////////////////////////// 16 #ifndef TINK_MAC_HMAC_KEY_MANAGER_H_ 17 #define TINK_MAC_HMAC_KEY_MANAGER_H_ 18 19 #include <memory> 20 #include <string> 21 22 #include "absl/memory/memory.h" 23 #include "absl/strings/str_cat.h" 24 #include "tink/chunked_mac.h" 25 #include "tink/core/key_type_manager.h" 26 #include "tink/mac.h" 27 #include "tink/mac/internal/chunked_mac_impl.h" 28 #include "tink/subtle/hmac_boringssl.h" 29 #include "tink/util/constants.h" 30 #include "tink/util/enums.h" 31 #include "tink/util/errors.h" 32 #include "tink/util/protobuf_helper.h" 33 #include "tink/util/secret_data.h" 34 #include "tink/util/status.h" 35 #include "tink/util/statusor.h" 36 #include "proto/hmac.pb.h" 37 #include "proto/tink.pb.h" 38 39 namespace crypto { 40 namespace tink { 41 42 class HmacKeyManager 43 : public KeyTypeManager<google::crypto::tink::HmacKey, 44 google::crypto::tink::HmacKeyFormat, 45 List<Mac, ChunkedMac>> { 46 public: 47 class MacFactory : public PrimitiveFactory<Mac> { Create(const google::crypto::tink::HmacKey & hmac_key)48 crypto::tink::util::StatusOr<std::unique_ptr<Mac>> Create( 49 const google::crypto::tink::HmacKey& hmac_key) const override { 50 return subtle::HmacBoringSsl::New( 51 util::Enums::ProtoToSubtle(hmac_key.params().hash()), 52 hmac_key.params().tag_size(), 53 util::SecretDataFromStringView(hmac_key.key_value())); 54 } 55 }; 56 57 class ChunkedMacFactory : public PrimitiveFactory<ChunkedMac> { Create(const google::crypto::tink::HmacKey & hmac_key)58 crypto::tink::util::StatusOr<std::unique_ptr<ChunkedMac>> Create( 59 const google::crypto::tink::HmacKey& hmac_key) const override { 60 return internal::NewChunkedHmac(hmac_key); 61 } 62 }; 63 HmacKeyManager()64 HmacKeyManager() 65 : KeyTypeManager(absl::make_unique<MacFactory>(), 66 absl::make_unique<ChunkedMacFactory>()) {} 67 get_version()68 uint32_t get_version() const override { return 0; } 69 key_material_type()70 google::crypto::tink::KeyData::KeyMaterialType key_material_type() 71 const override { 72 return google::crypto::tink::KeyData::SYMMETRIC; 73 } 74 get_key_type()75 const std::string& get_key_type() const override { return key_type_; } 76 77 crypto::tink::util::Status ValidateKey( 78 const google::crypto::tink::HmacKey& key) const override; 79 80 crypto::tink::util::Status ValidateKeyFormat( 81 const google::crypto::tink::HmacKeyFormat& key_format) const override; 82 83 crypto::tink::util::StatusOr<google::crypto::tink::HmacKey> CreateKey( 84 const google::crypto::tink::HmacKeyFormat& key_format) const override; 85 86 crypto::tink::util::StatusOr<google::crypto::tink::HmacKey> DeriveKey( 87 const google::crypto::tink::HmacKeyFormat& key_format, 88 InputStream* input_stream) const override; 89 FipsStatus()90 internal::FipsCompatibility FipsStatus() const override { 91 return internal::FipsCompatibility::kRequiresBoringCrypto; 92 } 93 94 private: 95 crypto::tink::util::Status ValidateParams( 96 const google::crypto::tink::HmacParams& params) const; 97 98 const std::string key_type_ = absl::StrCat( 99 kTypeGoogleapisCom, google::crypto::tink::HmacKey().GetTypeName()); 100 }; 101 102 } // namespace tink 103 } // namespace crypto 104 105 #endif // TINK_MAC_HMAC_KEY_MANAGER_H_ 106