Add LegacyKmsEnvelopeAeadKey.

PiperOrigin-RevId: 562704207
Change-Id: I90d07b6ac48fe0b84282aacc833ae583039ecc69

BUILD.bazel

@@ -99,6 +99,7 @@ gen_maven_jar_rules(
         "//src/main/java/com/google/crypto/tink/aead:kms_envelope_aead_key_manager",
         "//src/main/java/com/google/crypto/tink/aead:legacy_kms_aead_key",
         "//src/main/java/com/google/crypto/tink/aead:legacy_kms_aead_parameters",
+        "//src/main/java/com/google/crypto/tink/aead:legacy_kms_envelope_aead_key",
         "//src/main/java/com/google/crypto/tink/aead:legacy_kms_envelope_aead_parameters",
         "//src/main/java/com/google/crypto/tink/aead:predefined_aead_parameters",
         "//src/main/java/com/google/crypto/tink/aead:x_cha_cha20_poly1305_key",
@@ -537,6 +538,7 @@ gen_maven_jar_rules(
         "//src/main/java/com/google/crypto/tink/aead:kms_envelope_aead_key_manager-android",
         "//src/main/java/com/google/crypto/tink/aead:legacy_kms_aead_key-android",
         "//src/main/java/com/google/crypto/tink/aead:legacy_kms_aead_parameters-android",
+        "//src/main/java/com/google/crypto/tink/aead:legacy_kms_envelope_aead_key-android",
         "//src/main/java/com/google/crypto/tink/aead:legacy_kms_envelope_aead_parameters-android",
         "//src/main/java/com/google/crypto/tink/aead:predefined_aead_parameters-android",
         "//src/main/java/com/google/crypto/tink/aead:x_cha_cha20_poly1305_key-android",

src/main/java/com/google/crypto/tink/aead/BUILD.bazel

@@ -1307,3 +1307,25 @@ java_library(
         "@maven//:com_google_errorprone_error_prone_annotations",
     ],
 )
+
+android_library(
+    name = "legacy_kms_envelope_aead_key-android",
+    srcs = ["LegacyKmsEnvelopeAeadKey.java"],
+    deps = [
+        ":aead_key-android",
+        ":legacy_kms_envelope_aead_parameters-android",
+        "//src/main/java/com/google/crypto/tink:key-android",
+        "//src/main/java/com/google/crypto/tink/util:bytes-android",
+    ],
+)
+
+java_library(
+    name = "legacy_kms_envelope_aead_key",
+    srcs = ["LegacyKmsEnvelopeAeadKey.java"],
+    deps = [
+        ":aead_key",
+        ":legacy_kms_envelope_aead_parameters",
+        "//src/main/java/com/google/crypto/tink:key",
+        "//src/main/java/com/google/crypto/tink/util:bytes",
+    ],
+)

src/main/java/com/google/crypto/tink/aead/LegacyKmsEnvelopeAeadKey.java

@@ -0,0 +1,73 @@
+// Copyright 2023 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+package com.google.crypto.tink.aead;
+
+import com.google.crypto.tink.Key;
+import com.google.crypto.tink.util.Bytes;
+import java.security.GeneralSecurityException;
+
+/**
+ * Describes an EnvelopeAead backed by a KMS.
+ *
+ * <p>Usage of this key type is not recommended. Instead, we recommend to implement the idea of this
+ * class manually:
+ *
+ * <ol>
+ *   <li>Create an remote {@link com.google.crypto.tink.Aead} object for your KMS with an
+ *       appropriate Tink extension (typically using a subclass of {@link
+ *       com.google.crypto.tink.KmsClient}).
+ *   <li>Create an envelope AEAD with {@link com.google.crypto.tink.aead.KmsEnvelopeAead#create}.
+ * </ol>
+ *
+ * See {@link LegacyKmsEnvelopeParameters} for known issues.
+ */
+public class LegacyKmsEnvelopeAeadKey extends AeadKey {
+  private final LegacyKmsEnvelopeAeadParameters parameters;
+
+  private LegacyKmsEnvelopeAeadKey(LegacyKmsEnvelopeAeadParameters parameters) {
+    this.parameters = parameters;
+  }
+
+  public static LegacyKmsEnvelopeAeadKey create(LegacyKmsEnvelopeAeadParameters parameters)
+      throws GeneralSecurityException {
+    return new LegacyKmsEnvelopeAeadKey(parameters);
+  }
+
+  @Override
+  public Bytes getOutputPrefix() {
+    return Bytes.copyFrom(new byte[] {});
+  }
+
+  @Override
+  public LegacyKmsEnvelopeAeadParameters getParameters() {
+    return parameters;
+  }
+
+  @Override
+  public Integer getIdRequirementOrNull() {
+    return null;
+  }
+
+  @Override
+  public boolean equalsKey(Key o) {
+    if (!(o instanceof LegacyKmsEnvelopeAeadKey)) {
+      return false;
+    }
+    LegacyKmsEnvelopeAeadKey that = (LegacyKmsEnvelopeAeadKey) o;
+    return that.parameters.equals(parameters);
+  }
+}

src/test/java/com/google/crypto/tink/aead/BUILD.bazel

@@ -723,3 +723,19 @@ java_test(
         "@maven//:junit_junit",
     ],
 )
+
+java_test(
+    name = "LegacyKmsEnvelopeAeadKeyTest",
+    size = "small",
+    srcs = ["LegacyKmsEnvelopeAeadKeyTest.java"],
+    deps = [
+        "//src/main/java/com/google/crypto/tink/aead:aead_parameters",
+        "//src/main/java/com/google/crypto/tink/aead:cha_cha20_poly1305_parameters",
+        "//src/main/java/com/google/crypto/tink/aead:legacy_kms_envelope_aead_key",
+        "//src/main/java/com/google/crypto/tink/aead:legacy_kms_envelope_aead_parameters",
+        "//src/main/java/com/google/crypto/tink/aead:x_cha_cha20_poly1305_key",
+        "//src/main/java/com/google/crypto/tink/util:secret_bytes",
+        "@maven//:com_google_truth_truth",
+        "@maven//:junit_junit",
+    ],
+)

src/test/java/com/google/crypto/tink/aead/LegacyKmsEnvelopeAeadKeyTest.java

@@ -0,0 +1,98 @@
+// Copyright 2023 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+package com.google.crypto.tink.aead;
+
+import static com.google.common.truth.Truth.assertThat;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+import com.google.crypto.tink.util.SecretBytes;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+@RunWith(JUnit4.class)
+public final class LegacyKmsEnvelopeAeadKeyTest {
+  private static final AeadParameters CHACHA20POLY1305_PARAMETERS =
+      ChaCha20Poly1305Parameters.create(ChaCha20Poly1305Parameters.Variant.NO_PREFIX);
+
+  @Test
+  public void createKeyAndGetProperties() throws Exception {
+    LegacyKmsEnvelopeAeadParameters parameters =
+        LegacyKmsEnvelopeAeadParameters.builder()
+            .setKekUri("SomeKekUri")
+            .setDekParsingStrategy(
+                LegacyKmsEnvelopeAeadParameters.DekParsingStrategy.ASSUME_CHACHA20POLY1305)
+            .setDekParametersForNewKeys(CHACHA20POLY1305_PARAMETERS)
+            .build();
+
+    LegacyKmsEnvelopeAeadKey key = LegacyKmsEnvelopeAeadKey.create(parameters);
+
+    assertThat(key.getOutputPrefix().size()).isEqualTo(0);
+    assertThat(key.getParameters()).isEqualTo(parameters);
+    assertThat(key.getIdRequirementOrNull()).isNull();
+  }
+
+  @Test
+  public void testEqualKey() throws Exception {
+    LegacyKmsEnvelopeAeadParameters parameters1 =
+        LegacyKmsEnvelopeAeadParameters.builder()
+            .setKekUri("SomeKekUri")
+            .setDekParsingStrategy(
+                LegacyKmsEnvelopeAeadParameters.DekParsingStrategy.ASSUME_CHACHA20POLY1305)
+            .setDekParametersForNewKeys(CHACHA20POLY1305_PARAMETERS)
+            .build();
+    LegacyKmsEnvelopeAeadParameters parameters1Copy =
+        LegacyKmsEnvelopeAeadParameters.builder()
+            .setKekUri("SomeKekUri")
+            .setDekParsingStrategy(
+                LegacyKmsEnvelopeAeadParameters.DekParsingStrategy.ASSUME_CHACHA20POLY1305)
+            .setDekParametersForNewKeys(CHACHA20POLY1305_PARAMETERS)
+            .build();
+    LegacyKmsEnvelopeAeadParameters parameters2 =
+        LegacyKmsEnvelopeAeadParameters.builder()
+            .setKekUri("someOtherKekUri")
+            .setDekParsingStrategy(
+                LegacyKmsEnvelopeAeadParameters.DekParsingStrategy.ASSUME_CHACHA20POLY1305)
+            .setDekParametersForNewKeys(CHACHA20POLY1305_PARAMETERS)
+            .build();
+
+    LegacyKmsEnvelopeAeadKey key1 = LegacyKmsEnvelopeAeadKey.create(parameters1);
+    LegacyKmsEnvelopeAeadKey key1Copy = LegacyKmsEnvelopeAeadKey.create(parameters1Copy);
+    LegacyKmsEnvelopeAeadKey key2 = LegacyKmsEnvelopeAeadKey.create(parameters2);
+
+    assertTrue(key1.equalsKey(key1Copy));
+    assertFalse(key1.equalsKey(key2));
+  }
+
+  @Test
+  public void testDifferentKeyTypesEquality_fails() throws Exception {
+    LegacyKmsEnvelopeAeadParameters parameters =
+        LegacyKmsEnvelopeAeadParameters.builder()
+            .setKekUri("SomeKekUri")
+            .setDekParsingStrategy(
+                LegacyKmsEnvelopeAeadParameters.DekParsingStrategy.ASSUME_CHACHA20POLY1305)
+            .setDekParametersForNewKeys(CHACHA20POLY1305_PARAMETERS)
+            .build();
+    LegacyKmsEnvelopeAeadKey key = LegacyKmsEnvelopeAeadKey.create(parameters);
+
+    XChaCha20Poly1305Key xChaCha20Poly1305Key =
+        XChaCha20Poly1305Key.create(SecretBytes.randomBytes(32));
+
+    assertThat(key.equalsKey(xChaCha20Poly1305Key)).isFalse();
+  }
+}