1 // Copyright 2022 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ///////////////////////////////////////////////////////////////////////////////
16 // [START hybrid-example]
17 // A command-line utility for testing Tink Hybrid Encryption.
18 #include <iostream>
19 #include <memory>
20 #include <ostream>
21 #include <string>
22
23 #include "absl/flags/flag.h"
24 #include "absl/flags/parse.h"
25 #include "absl/log/check.h"
26 #include "absl/strings/string_view.h"
27 #include "util/util.h"
28 #ifndef TINK_EXAMPLES_EXCLUDE_HPKE
29 #include "tink/hybrid/hpke_config.h"
30 #endif
31 #include "tink/hybrid/hybrid_config.h"
32 #include "tink/hybrid_decrypt.h"
33 #include "tink/hybrid_encrypt.h"
34 #include "tink/keyset_handle.h"
35 #include "tink/util/status.h"
36
37 ABSL_FLAG(std::string, keyset_filename, "", "Keyset file in JSON format");
38 ABSL_FLAG(std::string, mode, "", "Mode of operation {encrypt|decrypt}");
39 ABSL_FLAG(std::string, input_filename, "", "Input file name");
40 ABSL_FLAG(std::string, output_filename, "", "Output file name");
41 ABSL_FLAG(std::string, context_info, "",
42 "Context info for Hybrid Encryption/Decryption");
43
44 namespace {
45
46 using ::crypto::tink::HybridDecrypt;
47 using ::crypto::tink::HybridEncrypt;
48 using ::crypto::tink::KeysetHandle;
49 using ::crypto::tink::util::Status;
50 using ::crypto::tink::util::StatusOr;
51
52 constexpr absl::string_view kEncrypt = "encrypt";
53 constexpr absl::string_view kDecrypt = "decrypt";
54
ValidateParams()55 void ValidateParams() {
56 // [START_EXCLUDE]
57 CHECK(absl::GetFlag(FLAGS_mode) == kEncrypt ||
58 absl::GetFlag(FLAGS_mode) == kDecrypt)
59 << "Invalid mode; must be `encrypt` or `decrypt`";
60 CHECK(!absl::GetFlag(FLAGS_keyset_filename).empty())
61 << "Keyset file must be specified";
62 CHECK(!absl::GetFlag(FLAGS_input_filename).empty())
63 << "Input file must be specified";
64 CHECK(!absl::GetFlag(FLAGS_output_filename).empty())
65 << "Output file must be specified";
66 // [END_EXCLUDE]
67 }
68
69 } // namespace
70
71 namespace tink_cc_examples {
72
HybridCli(absl::string_view mode,const std::string & keyset_filename,const std::string & input_filename,const std::string & output_filename,absl::string_view context_info)73 Status HybridCli(absl::string_view mode, const std::string& keyset_filename,
74 const std::string& input_filename,
75 const std::string& output_filename,
76 absl::string_view context_info) {
77 Status result = crypto::tink::HybridConfig::Register();
78 if (!result.ok()) return result;
79 #ifndef TINK_EXAMPLES_EXCLUDE_HPKE
80 // HPKE isn't supported when using OpenSSL as a backend.
81 result = crypto::tink::RegisterHpke();
82 if (!result.ok()) return result;
83 #endif
84
85 // Read the keyset from file.
86 StatusOr<std::unique_ptr<KeysetHandle>> keyset_handle =
87 ReadJsonCleartextKeyset(keyset_filename);
88 if (!keyset_handle.ok()) return keyset_handle.status();
89
90 // Read the input.
91 StatusOr<std::string> input_file_content = ReadFile(input_filename);
92 if (!input_file_content.ok()) return input_file_content.status();
93
94 // Compute the output.
95 std::string output;
96 if (mode == kEncrypt) {
97 // Get the hybrid encryption primitive.
98 StatusOr<std::unique_ptr<HybridEncrypt>> hybrid_encrypt_primitive =
99 (*keyset_handle)->GetPrimitive<HybridEncrypt>();
100 if (!hybrid_encrypt_primitive.ok()) {
101 return hybrid_encrypt_primitive.status();
102 }
103 // Generate the ciphertext.
104 StatusOr<std::string> encrypt_result =
105 (*hybrid_encrypt_primitive)->Encrypt(*input_file_content, context_info);
106 if (!encrypt_result.ok()) return encrypt_result.status();
107 output = encrypt_result.value();
108 } else { // operation == kDecrypt.
109 // Get the hybrid decryption primitive.
110 StatusOr<std::unique_ptr<HybridDecrypt>> hybrid_decrypt_primitive =
111 (*keyset_handle)->GetPrimitive<HybridDecrypt>();
112 if (!hybrid_decrypt_primitive.ok()) {
113 return hybrid_decrypt_primitive.status();
114 }
115 // Recover the plaintext.
116 StatusOr<std::string> decrypt_result =
117 (*hybrid_decrypt_primitive)->Decrypt(*input_file_content, context_info);
118 if (!decrypt_result.ok()) return decrypt_result.status();
119 output = decrypt_result.value();
120 }
121
122 // Write the output to the output file.
123 return WriteToFile(output, output_filename);
124 }
125
126 } // namespace tink_cc_examples
127
main(int argc,char ** argv)128 int main(int argc, char** argv) {
129 absl::ParseCommandLine(argc, argv);
130
131 ValidateParams();
132
133 std::string mode = absl::GetFlag(FLAGS_mode);
134 std::string keyset_filename = absl::GetFlag(FLAGS_keyset_filename);
135 std::string input_filename = absl::GetFlag(FLAGS_input_filename);
136 std::string output_filename = absl::GetFlag(FLAGS_output_filename);
137 std::string context_info = absl::GetFlag(FLAGS_context_info);
138
139 std::clog << "Using keyset from file " << keyset_filename << " to hybrid "
140 << mode << " file " << input_filename << " with context info '"
141 << context_info << "'." << std::endl;
142 std::clog << "The resulting output will be written to " << output_filename
143 << std::endl;
144
145 CHECK_OK(tink_cc_examples::HybridCli(mode, keyset_filename, input_filename,
146 output_filename, context_info));
147 return 0;
148 }
149 // [END hybrid-example]
150