xref: /aosp_15_r20/external/tink/go/testkeyset/testkeyset.go (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1// Copyright 2019 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//      http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14//
15////////////////////////////////////////////////////////////////////////////////
16
17// Package testkeyset provides for test code methods to read or write cleartext keyset material.
18package testkeyset
19
20import (
21	"errors"
22
23	"github.com/google/tink/go/internal"
24	"github.com/google/tink/go/keyset"
25	tinkpb "github.com/google/tink/go/proto/tink_go_proto"
26)
27
28var (
29	keysetHandle   = internal.KeysetHandle.(func(*tinkpb.Keyset, ...keyset.Option) (*keyset.Handle, error))
30	keysetMaterial = internal.KeysetMaterial.(func(*keyset.Handle) *tinkpb.Keyset)
31
32	errInvalidKeyset = errors.New("cleartextkeyset: invalid keyset")
33	errInvalidHandle = errors.New("cleartextkeyset: invalid handle")
34	errInvalidReader = errors.New("cleartextkeyset: invalid reader")
35	errInvalidWriter = errors.New("cleartextkeyset: invalid writer")
36)
37
38// NewHandle creates a new instance of Handle using the given keyset.
39func NewHandle(ks *tinkpb.Keyset) (*keyset.Handle, error) {
40	if ks == nil || len(ks.Key) == 0 {
41		return nil, errInvalidKeyset
42	}
43	return keysetHandle(ks)
44}
45
46// Read creates a keyset.Handle from a cleartext keyset obtained via r.
47func Read(r keyset.Reader) (*keyset.Handle, error) {
48	if r == nil {
49		return nil, errInvalidReader
50	}
51	ks, err := r.Read()
52	if err != nil || ks == nil || len(ks.Key) == 0 {
53		return nil, errInvalidKeyset
54	}
55	return keysetHandle(ks)
56}
57
58// Write exports the keyset from h to the given writer w without encrypting it.
59// Storing secret key material in an unencrypted fashion is dangerous. If feasible, you should use
60// [keyset.Handle.Write] instead.
61func Write(h *keyset.Handle, w keyset.Writer) error {
62	if h == nil {
63		return errInvalidHandle
64	}
65	if w == nil {
66		return errInvalidWriter
67	}
68	return w.Write(KeysetMaterial(h))
69}
70
71// KeysetMaterial returns the key material contained in a keyset.Handle.
72func KeysetMaterial(h *keyset.Handle) *tinkpb.Keyset {
73	return keysetMaterial(h)
74}
75
76// KeysetHandle creates a keyset.Handle from cleartext key material.
77//
78// Callers should verify that the returned *keyset.Handle isn't nil.
79//
80// Deprecated: Use [NewHandle].
81func KeysetHandle(ks *tinkpb.Keyset) *keyset.Handle {
82	kh, err := keysetHandle(ks)
83	if err != nil {
84		// This *keyset.Handle can only return errors when *keyset.Option arguments
85		// are provided. To maintain backwards compatibility and avoid panic, it returns
86		// a nil value if an error happens.
87		return nil
88	}
89	return kh
90}
91