public final class PrfBasedDeriverKeyManager extends Object implements KeyManager<Void>
com.google.crypto.tink.internal.KeyTypeManager for PrfBasedDeriverKey.
This is implemented directly as a KeyManager. Usually, we use LegacyKeyManagerImpl to
provide an implementation of a KeyManager based on the individual registries based on the key
objects. However, at the moment for key derivation this does not work.
The reason is that the KeysetHandle still generates new keys by going through the KeyManagers (instead of going directly to the key creation registry). I don't want to change this right now -- it would require some fallback code which is always brittle.
Unfortunately, implement the required behavior of the KeyManager based on the KeyCreation registry is not generic.
Usually, the behavior of the key manager is simply this: assume that the input to generateNewKey() is a serialization with OutputPrefixType = RAW, and build the corresponding parameter serialization. Then, parse this, and give this to the key creation registry.
For key creation, the behavior is slightly different: the serialization of key derivation parameters has been defined to always satisfy that the outer OutputPrefixType is equal to the one given in the proto PrfBasedDeriverKeyFormat, field prf_key_template. Hence we cannot assume raw -- instead, we have to parse it and use this one.
Similar things hold for the creating a primitive from a Key -- but here Tink already uses the PrimitiveCreationRegistry fully, so we don't need to worry about it here. Instead, we just throw when these functions are called.
| Modifier and Type | Method and Description |
|---|---|
boolean |
doesSupport(String typeUrl)
Returns true iff this KeyManager supports key type identified by
typeUrl. |
String |
getKeyType()
Returns the type URL that identifies the key type of keys managed by this KeyManager.
|
Void |
getPrimitive(com.google.protobuf.ByteString serializedKey)
Constructs an instance of P for the key given in
serializedKey, which must be a
serialized key protocol buffer handled by this manager. |
Void |
getPrimitive(com.google.protobuf.MessageLite key)
Constructs an instance of P for the key given in
key. |
Class<Void> |
getPrimitiveClass()
Returns the primitive class object of the P.
|
int |
getVersion()
Returns the version number of this KeyManager.
|
com.google.protobuf.MessageLite |
newKey(com.google.protobuf.ByteString serializedKeyFormat)
Generates a new key according to specification in
serializedKeyFormat, which must be a
serialized key format protocol buffer handled by this manager. |
com.google.protobuf.MessageLite |
newKey(com.google.protobuf.MessageLite keyFormat)
Generates a new key according to specification in
keyFormat. |
KeyData |
newKeyData(com.google.protobuf.ByteString serializedKeyFormat)
Generates a new
KeyData according to specification in serializedKeyFormat. |
static void |
register(boolean newKeyAllowed) |
public Void getPrimitive(com.google.protobuf.ByteString serializedKey) throws GeneralSecurityException
KeyManagerserializedKey, which must be a
serialized key protocol buffer handled by this manager.
For primitives of type Mac, Aead, PublicKeySign, PublicKeyVerify, DeterministicAead, HybridEncrypt, and HybridDecrypt
this should be a primitive which ignores the output prefix and assumes "RAW".
getPrimitive in interface KeyManager<Void>GeneralSecurityException - if the key given in serializedKey is corrupted or not
supportedpublic final Void getPrimitive(com.google.protobuf.MessageLite key) throws GeneralSecurityException
KeyManagerkey.
For primitives of type Mac, Aead, PublicKeySign, PublicKeyVerify, DeterministicAead, HybridEncrypt, and HybridDecrypt
this should be a primitive which ignores the output prefix and assumes "RAW".
This method is not used by Tink. It does not need to be implemented.
getPrimitive in interface KeyManager<Void>GeneralSecurityException - if the key given in key is corrupted or not supportedpublic final com.google.protobuf.MessageLite newKey(com.google.protobuf.ByteString serializedKeyFormat)
throws GeneralSecurityException
KeyManagerserializedKeyFormat, which must be a
serialized key format protocol buffer handled by this manager.
This method is not used by Tink anymore. It does not need to be implemented.
newKey in interface KeyManager<Void>GeneralSecurityException - if the specified format is wrong or not supportedpublic final com.google.protobuf.MessageLite newKey(com.google.protobuf.MessageLite keyFormat)
throws GeneralSecurityException
KeyManagerkeyFormat.
This method is only used by Registry.newKey which is deprecated and not used by Tink
anymore. This method does not need to be implemented.
newKey in interface KeyManager<Void>GeneralSecurityException - if the specified format is wrong or not supportedpublic final boolean doesSupport(String typeUrl)
KeyManagertypeUrl.
This method is not used by Tink anymore. It does not need to be implemented.
doesSupport in interface KeyManager<Void>public final String getKeyType()
KeyManagergetKeyType in interface KeyManager<Void>public int getVersion()
KeyManagerThis method is not used by Tink anymore. It does not need to be implemented.
getVersion in interface KeyManager<Void>public final KeyData newKeyData(com.google.protobuf.ByteString serializedKeyFormat) throws GeneralSecurityException
KeyManagerKeyData according to specification in serializedKeyFormat.newKeyData in interface KeyManager<Void>GeneralSecurityException - if the specified format is wrong or not supportedpublic final Class<Void> getPrimitiveClass()
KeyManagerreturn P.class;
when implementing a key manager for primitive {$code P}.getPrimitiveClass in interface KeyManager<Void>P.classpublic static void register(boolean newKeyAllowed)
throws GeneralSecurityException
GeneralSecurityException