xref: /aosp_15_r20/external/tink/cc/examples/mac/mac_cli.cc (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1 // Copyright 2022 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ///////////////////////////////////////////////////////////////////////////////
16 // [START mac-example]
17 // A command-line utility for showcasing using the Tink MAC primitive.
18 
19 #include <fstream>
20 #include <iostream>
21 #include <memory>
22 #include <ostream>
23 #include <sstream>
24 #include <string>
25 #include <utility>
26 
27 #include "absl/flags/flag.h"
28 #include "absl/flags/parse.h"
29 #include "absl/log/check.h"
30 #include "absl/strings/string_view.h"
31 #include "util/util.h"
32 #include "tink/keyset_handle.h"
33 #include "tink/mac.h"
34 #include "tink/mac/mac_config.h"
35 #include "tink/util/status.h"
36 
37 ABSL_FLAG(std::string, keyset_filename, "", "Keyset file in JSON format");
38 ABSL_FLAG(std::string, mode, "", "Mode of operation {compute|verify}");
39 ABSL_FLAG(std::string, data_filename, "", "Data file name");
40 ABSL_FLAG(std::string, tag_filename, "", "Authentication tag file name");
41 
42 namespace {
43 
44 using ::crypto::tink::KeysetHandle;
45 using ::crypto::tink::Mac;
46 using ::crypto::tink::MacConfig;
47 using ::crypto::tink::util::Status;
48 using ::crypto::tink::util::StatusOr;
49 
50 constexpr absl::string_view kCompute = "compute";
51 constexpr absl::string_view kVerify = "verify";
52 
ValidateParams()53 void ValidateParams() {
54   // [START_EXCLUDE]
55   CHECK(absl::GetFlag(FLAGS_mode) == kCompute ||
56         absl::GetFlag(FLAGS_mode) == kVerify)
57       << "Invalid mode; must be `" << kCompute << "` or `" << kVerify << "`";
58   CHECK(!absl::GetFlag(FLAGS_keyset_filename).empty())
59       << "Keyset file must be specified";
60   CHECK(!absl::GetFlag(FLAGS_data_filename).empty())
61       << "Data file must be specified";
62   CHECK(!absl::GetFlag(FLAGS_tag_filename).empty())
63       << "Tag file must be specified";
64   // [END_EXCLUDE]
65 }
66 
67 }  // namespace
68 
69 namespace tink_cc_examples {
70 
71 // MAC example CLI implementation.
MacCli(absl::string_view mode,const std::string keyset_filename,const std::string & data_filename,const std::string & tag_filename)72 Status MacCli(absl::string_view mode, const std::string keyset_filename,
73               const std::string& data_filename,
74               const std::string& tag_filename) {
75   Status result = MacConfig::Register();
76   if (!result.ok()) return result;
77 
78   // Read the keyset from file.
79   StatusOr<std::unique_ptr<KeysetHandle>> keyset_handle =
80       ReadJsonCleartextKeyset(keyset_filename);
81   if (!keyset_handle.ok()) return keyset_handle.status();
82 
83   // Get the primitive.
84   StatusOr<std::unique_ptr<Mac>> mac_primitive =
85       (*keyset_handle)->GetPrimitive<Mac>();
86   if (!mac_primitive.ok()) return mac_primitive.status();
87 
88   // Read the input.
89   StatusOr<std::string> data_file_content = ReadFile(data_filename);
90   if (!data_file_content.ok()) return data_file_content.status();
91 
92   std::string output;
93   if (mode == kCompute) {
94     // Compute authentication tag.
95     StatusOr<std::string> compute_result =
96         (*mac_primitive)->ComputeMac(*data_file_content);
97     if (!compute_result.ok()) return compute_result.status();
98     // Write out the authentication tag to tag file.
99     return WriteToFile(*compute_result, tag_filename);
100   } else {  // operation == kVerify.
101     // Read the authentication tag from tag file.
102     StatusOr<std::string> tag_result = ReadFile(tag_filename);
103     if (!tag_result.ok()) {
104       std::cerr << tag_result.status().message() << std::endl;
105       exit(1);
106     }
107     // Verify authentication tag.
108     Status verify_result =
109         (*mac_primitive)->VerifyMac(*tag_result, *data_file_content);
110     if (verify_result.ok()) std::clog << "Verification succeeded!" << std::endl;
111     return verify_result;
112   }
113 }
114 
115 }  // namespace tink_cc_examples
116 
main(int argc,char ** argv)117 int main(int argc, char** argv) {
118   absl::ParseCommandLine(argc, argv);
119 
120   ValidateParams();
121 
122   std::string mode = absl::GetFlag(FLAGS_mode);
123   std::string keyset_filename = absl::GetFlag(FLAGS_keyset_filename);
124   std::string data_filename = absl::GetFlag(FLAGS_data_filename);
125   std::string tag_filename = absl::GetFlag(FLAGS_tag_filename);
126 
127   std::clog << "Using keyset from file '" << keyset_filename << "' to " << mode
128             << " authentication tag from file '" << tag_filename
129             << "' for data file '" << data_filename << "'." << std::endl;
130   std::clog << "The tag will be "
131             << ((mode == kCompute) ? "written to" : "read from") << " file '"
132             << tag_filename << "'." << std::endl;
133 
134   CHECK_OK(tink_cc_examples::MacCli(mode, keyset_filename, data_filename,
135                                     tag_filename));
136   return 0;
137 }
138 // [END mac-example]
139