com.google.crypto.tink.aead.AesCtrHmacAeadParameters Maven / Gradle / Ivy
// Copyright 2023 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////
package com.google.crypto.tink.aead;
import com.google.errorprone.annotations.CanIgnoreReturnValue;
import com.google.errorprone.annotations.Immutable;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.util.Objects;
import javax.annotation.Nullable;
/** Describes the parameters of an {@link AesCtrHmacAeadKey}. */
public final class AesCtrHmacAeadParameters extends AeadParameters {
private static final int PREFIX_SIZE_IN_BYTES = 5;
/**
* Describes how the prefix is computed. For AEAD there are three main possibilities: NO_PREFIX
* (empty prefix), TINK (prefix the ciphertext with 0x01 followed by a 4-byte key id in big endian
* format) or CRUNCHY (prefix the ciphertext with 0x00 followed by a 4-byte key id in big endian
* format)
*/
@Immutable
public static final class Variant {
public static final Variant TINK = new Variant("TINK");
public static final Variant CRUNCHY = new Variant("CRUNCHY");
public static final Variant NO_PREFIX = new Variant("NO_PREFIX");
private final String name;
private Variant(String name) {
this.name = name;
}
@Override
public String toString() {
return name;
}
}
/** The Hash algorithm used for the HMAC. */
@Immutable
public static final class HashType {
public static final HashType SHA1 = new HashType("SHA1");
public static final HashType SHA224 = new HashType("SHA224");
public static final HashType SHA256 = new HashType("SHA256");
public static final HashType SHA384 = new HashType("SHA384");
public static final HashType SHA512 = new HashType("SHA512");
private final String name;
private HashType(String name) {
this.name = name;
}
@Override
public String toString() {
return name;
}
}
/** Builds a new AesCtrHmacAeadParameters instance. */
public static final class Builder {
@Nullable private Integer aesKeySizeBytes = null;
@Nullable private Integer hmacKeySizeBytes = null;
@Nullable private Integer ivSizeBytes = null;
@Nullable private Integer tagSizeBytes = null;
private HashType hashType = null;
private Variant variant = Variant.NO_PREFIX;
private Builder() {}
/** Accepts key sizes of 16, 24 or 32 bytes. */
@CanIgnoreReturnValue
public Builder setAesKeySizeBytes(int aesKeySizeBytes) throws GeneralSecurityException {
if (aesKeySizeBytes != 16 && aesKeySizeBytes != 24 && aesKeySizeBytes != 32) {
throw new InvalidAlgorithmParameterException(
String.format(
"Invalid key size %d; only 16-byte, 24-byte and 32-byte AES keys are supported",
aesKeySizeBytes));
}
this.aesKeySizeBytes = aesKeySizeBytes;
return this;
}
/** Accepts key sizes of at least 16 bytes. */
@CanIgnoreReturnValue
public Builder setHmacKeySizeBytes(int hmacKeySizeBytes) throws GeneralSecurityException {
if (hmacKeySizeBytes < 16) {
throw new InvalidAlgorithmParameterException(
String.format(
"Invalid key size in bytes %d; HMAC key must be at least 16 bytes",
hmacKeySizeBytes));
}
this.hmacKeySizeBytes = hmacKeySizeBytes;
return this;
}
/** IV size must be between 12 and 16 bytes. */
@CanIgnoreReturnValue
public Builder setIvSizeBytes(int ivSizeBytes) throws GeneralSecurityException {
if (ivSizeBytes < 12 || ivSizeBytes > 16) {
throw new GeneralSecurityException(
String.format(
"Invalid IV size in bytes %d; IV size must be between 12 and 16 bytes",
ivSizeBytes));
}
this.ivSizeBytes = ivSizeBytes;
return this;
}
@CanIgnoreReturnValue
public Builder setTagSizeBytes(int tagSizeBytes) throws GeneralSecurityException {
if (tagSizeBytes < 10) {
throw new GeneralSecurityException(
String.format("Invalid tag size in bytes %d; must be at least 10 bytes", tagSizeBytes));
}
this.tagSizeBytes = tagSizeBytes;
return this;
}
@CanIgnoreReturnValue
public Builder setVariant(Variant variant) {
this.variant = variant;
return this;
}
@CanIgnoreReturnValue
public Builder setHashType(HashType hashType) {
this.hashType = hashType;
return this;
}
private static void validateTagSizeBytes(int tagSizeBytes, HashType hashType)
throws GeneralSecurityException {
if (hashType == HashType.SHA1) {
if (tagSizeBytes > 20) {
throw new GeneralSecurityException(
String.format(
"Invalid tag size in bytes %d; can be at most 20 bytes for SHA1", tagSizeBytes));
}
return;
}
if (hashType == HashType.SHA224) {
if (tagSizeBytes > 28) {
throw new GeneralSecurityException(
String.format(
"Invalid tag size in bytes %d; can be at most 28 bytes for SHA224",
tagSizeBytes));
}
return;
}
if (hashType == HashType.SHA256) {
if (tagSizeBytes > 32) {
throw new GeneralSecurityException(
String.format(
"Invalid tag size in bytes %d; can be at most 32 bytes for SHA256",
tagSizeBytes));
}
return;
}
if (hashType == HashType.SHA384) {
if (tagSizeBytes > 48) {
throw new GeneralSecurityException(
String.format(
"Invalid tag size in bytes %d; can be at most 48 bytes for SHA384",
tagSizeBytes));
}
return;
}
if (hashType == HashType.SHA512) {
if (tagSizeBytes > 64) {
throw new GeneralSecurityException(
String.format(
"Invalid tag size in bytes %d; can be at most 64 bytes for SHA512",
tagSizeBytes));
}
return;
}
throw new GeneralSecurityException(
"unknown hash type; must be SHA1, SHA224, SHA256, SHA384 or SHA512");
}
public AesCtrHmacAeadParameters build() throws GeneralSecurityException {
if (aesKeySizeBytes == null) {
throw new GeneralSecurityException("AES key size is not set");
}
if (hmacKeySizeBytes == null) {
throw new GeneralSecurityException("HMAC key size is not set");
}
if (ivSizeBytes == null) {
throw new GeneralSecurityException("iv size is not set");
}
if (tagSizeBytes == null) {
throw new GeneralSecurityException("tag size is not set");
}
if (hashType == null) {
throw new GeneralSecurityException("hash type is not set");
}
if (variant == null) {
throw new GeneralSecurityException("variant is not set");
}
validateTagSizeBytes(tagSizeBytes, hashType);
return new AesCtrHmacAeadParameters(
aesKeySizeBytes, hmacKeySizeBytes, ivSizeBytes, tagSizeBytes, variant, hashType);
}
}
private final int aesKeySizeBytes;
private final int hmacKeySizeBytes;
private final int ivSizeBytes;
private final int tagSizeBytes;
private final Variant variant;
private final HashType hashType;
private AesCtrHmacAeadParameters(
int aesKeySizeBytes,
int hmacKeySizeBytes,
int ivSizeBytes,
int tagSizeBytes,
Variant variant,
HashType hashType) {
this.aesKeySizeBytes = aesKeySizeBytes;
this.hmacKeySizeBytes = hmacKeySizeBytes;
this.ivSizeBytes = ivSizeBytes;
this.tagSizeBytes = tagSizeBytes;
this.variant = variant;
this.hashType = hashType;
}
public static Builder builder() {
return new Builder();
}
public int getAesKeySizeBytes() {
return aesKeySizeBytes;
}
public int getHmacKeySizeBytes() {
return hmacKeySizeBytes;
}
public int getTagSizeBytes() {
return tagSizeBytes;
}
public int getIvSizeBytes() {
return ivSizeBytes;
}
/**
* Returns the size of the overhead added to the actual ciphertext (i.e. the size of the IV plus
* the size of the security relevant tag plus the size of the prefix with which this key prefixes
* the ciphertext.
*/
public int getCiphertextOverheadSizeBytes() {
if (variant == Variant.NO_PREFIX) {
return getTagSizeBytes() + getIvSizeBytes();
}
if (variant == Variant.TINK || variant == Variant.CRUNCHY) {
return getTagSizeBytes() + getIvSizeBytes() + PREFIX_SIZE_IN_BYTES;
}
throw new IllegalStateException("Unknown variant");
}
/** Returns a variant object. */
public Variant getVariant() {
return variant;
}
/** Returns a hash type object. */
public HashType getHashType() {
return hashType;
}
@Override
public boolean equals(Object o) {
if (!(o instanceof AesCtrHmacAeadParameters)) {
return false;
}
AesCtrHmacAeadParameters that = (AesCtrHmacAeadParameters) o;
return that.getAesKeySizeBytes() == getAesKeySizeBytes()
&& that.getHmacKeySizeBytes() == getHmacKeySizeBytes()
&& that.getIvSizeBytes() == getIvSizeBytes()
&& that.getTagSizeBytes() == getTagSizeBytes()
&& that.getVariant() == getVariant()
&& that.getHashType() == getHashType();
}
@Override
public int hashCode() {
return Objects.hash(
AesCtrHmacAeadParameters.class,
aesKeySizeBytes,
hmacKeySizeBytes,
ivSizeBytes,
tagSizeBytes,
variant,
hashType);
}
@Override
public boolean hasIdRequirement() {
return variant != Variant.NO_PREFIX;
}
@Override
public String toString() {
return "AesCtrHmacAead Parameters (variant: "
+ variant
+ ", hashType: "
+ hashType
+ ", "
+ ivSizeBytes
+ "-byte IV, and "
+ tagSizeBytes
+ "-byte tags, and "
+ aesKeySizeBytes
+ "-byte AES key, and "
+ hmacKeySizeBytes
+ "-byte HMAC key)";
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy