com.google.crypto.tink.aead.AesEaxParameters Maven / Gradle / Ivy
// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////
package com.google.crypto.tink.aead;
import com.google.errorprone.annotations.CanIgnoreReturnValue;
import com.google.errorprone.annotations.Immutable;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.util.Objects;
import javax.annotation.Nullable;
/** Describes the parameters of an {@link AesEaxKey}. */
public final class AesEaxParameters extends AeadParameters {
/**
* Describes how the prefix is computed. For AEAD there are three main possibilities: NO_PREFIX
* (empty prefix), TINK (prefix the ciphertext with 0x01 followed by a 4-byte key id in big endian
* format) or CRUNCHY (prefix the ciphertext with 0x00 followed by a 4-byte key id in big endian
* format)
*/
@Immutable
public static final class Variant {
public static final Variant TINK = new Variant("TINK");
public static final Variant CRUNCHY = new Variant("CRUNCHY");
public static final Variant NO_PREFIX = new Variant("NO_PREFIX");
private final String name;
private Variant(String name) {
this.name = name;
}
@Override
public String toString() {
return name;
}
}
/** Builds a new AesEaxParameters instance. */
public static final class Builder {
@Nullable private Integer keySizeBytes = null;
@Nullable private Integer ivSizeBytes = null;
@Nullable private Integer tagSizeBytes = null;
private Variant variant = Variant.NO_PREFIX;
private Builder() {}
/**
* Accepts key sizes of 16, 24 or 32 bytes. However, some implementation may not support the
* full set of parameters at the moment and may restrict the key size to 16 or 32-byte values.
*/
@CanIgnoreReturnValue
public Builder setKeySizeBytes(int keySizeBytes) throws GeneralSecurityException {
if (keySizeBytes != 16 && keySizeBytes != 24 && keySizeBytes != 32) {
throw new InvalidAlgorithmParameterException(
String.format(
"Invalid key size %d; only 16-byte, 24-byte and 32-byte AES keys are supported",
keySizeBytes));
}
this.keySizeBytes = keySizeBytes;
return this;
}
/** IV size must be 12 or 16 bytes. */
@CanIgnoreReturnValue
public Builder setIvSizeBytes(int ivSizeBytes) throws GeneralSecurityException {
if (ivSizeBytes != 12 && ivSizeBytes != 16) {
throw new GeneralSecurityException(
String.format(
"Invalid IV size in bytes %d; acceptable values have 12 or 16 bytes", ivSizeBytes));
}
this.ivSizeBytes = ivSizeBytes;
return this;
}
/**
* The tag size accepts values between 0 and 16 bytes. However, some implementation may not
* support the full set of parameters at the moment and may restrict the tag size to a fixed
* value (i.e. 16 bytes).
*/
@CanIgnoreReturnValue
public Builder setTagSizeBytes(int tagSizeBytes) throws GeneralSecurityException {
if (tagSizeBytes < 0 || tagSizeBytes > 16) {
throw new GeneralSecurityException(
String.format(
"Invalid tag size in bytes %d; value must be at most 16 bytes", tagSizeBytes));
}
this.tagSizeBytes = tagSizeBytes;
return this;
}
@CanIgnoreReturnValue
public Builder setVariant(Variant variant) {
this.variant = variant;
return this;
}
public AesEaxParameters build() throws GeneralSecurityException {
if (keySizeBytes == null) {
throw new GeneralSecurityException("Key size is not set");
}
if (ivSizeBytes == null) {
throw new GeneralSecurityException("IV size is not set");
}
if (variant == null) {
throw new GeneralSecurityException("Variant is not set");
}
if (tagSizeBytes == null) {
throw new GeneralSecurityException("Tag size is not set");
}
return new AesEaxParameters(keySizeBytes, ivSizeBytes, tagSizeBytes, variant);
}
}
private final int keySizeBytes;
private final int ivSizeBytes;
private final int tagSizeBytes;
private final Variant variant;
private AesEaxParameters(int keySizeBytes, int ivSizeBytes, int tagSizeBytes, Variant variant) {
this.keySizeBytes = keySizeBytes;
this.ivSizeBytes = ivSizeBytes;
this.tagSizeBytes = tagSizeBytes;
this.variant = variant;
}
public static Builder builder() {
return new Builder();
}
public int getKeySizeBytes() {
return keySizeBytes;
}
public int getIvSizeBytes() {
return ivSizeBytes;
}
public int getTagSizeBytes() {
return tagSizeBytes;
}
/** Returns a variant object. */
public Variant getVariant() {
return variant;
}
@Override
public boolean equals(Object o) {
if (!(o instanceof AesEaxParameters)) {
return false;
}
AesEaxParameters that = (AesEaxParameters) o;
return that.getKeySizeBytes() == getKeySizeBytes()
&& that.getIvSizeBytes() == getIvSizeBytes()
&& that.getTagSizeBytes() == getTagSizeBytes()
&& that.getVariant() == getVariant();
}
@Override
public int hashCode() {
return Objects.hash(AesEaxParameters.class, keySizeBytes, ivSizeBytes, tagSizeBytes, variant);
}
@Override
public boolean hasIdRequirement() {
return variant != Variant.NO_PREFIX;
}
@Override
public String toString() {
return "AesEax Parameters (variant: "
+ variant
+ ", "
+ ivSizeBytes
+ "-byte IV, "
+ tagSizeBytes
+ "-byte tag, and "
+ keySizeBytes
+ "-byte key)";
}
}