Upgrade to 1.20 and add missing api

.github/workflows/clojure.yml

@@ -12,7 +12,16 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
+    - name: Set up JDK 11
+      uses: actions/setup-java@v4
+      with:
+        distribution: 'temurin'
+        java-version: '11'
+    - name: Install Leiningen
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y leiningen
     - name: Install dependencies
       run: lein deps
     - name: Run tests

.gitignore

@@ -18,3 +18,4 @@ pom.xml.asc
 .classpath
 .project
 .settings/
+.vscode/

project.clj

@@ -1,7 +1,7 @@
 (defproject tinklj "0.1.15-SNAPSHOT"
   :description "A Clojure API for Google Tink Crypto Library. Offering a range of cryptographic techniques that are simple and easy to use."
-  :dependencies [[org.clojure/clojure "1.10.1"]
-                 [com.google.crypto.tink/tink "1.15.0"]
+  :dependencies [[org.clojure/clojure "1.11.1"]
+                 [com.google.crypto.tink/tink "1.20.0"]
                  ;; https://mvnrepository.com/artifact/com.google.crypto.tink/tink-awskms
                  [com.google.crypto.tink/tink-awskms "1.10.1"]
                  ;; https://mvnrepository.com/artifact/com.google.crypto.tink/tink-gcpkms

src/tinklj/keys/keyset_handle.clj

@@ -1,12 +1,12 @@
-(ns tinklj.keys.keyset-handle
-  (:import (com.google.crypto.tink KeysetHandle)
-           (com.google.crypto.tink.aead AeadKeyTemplates)
-           (com.google.crypto.tink.streamingaead StreamingAeadKeyTemplates)
-           (com.google.crypto.tink.daead DeterministicAeadKeyTemplates)
-           (com.google.crypto.tink.mac MacKeyTemplates)
-           (com.google.crypto.tink.signature SignatureKeyTemplates)
-           (com.google.crypto.tink.hybrid HybridKeyTemplates)
-           (com.google.crypto.tink.proto OutputPrefixType)))
+ (ns tinklj.keys.keyset-handle
+   (:import (com.google.crypto.tink KeysetHandle KeyTemplate)
+            (com.google.crypto.tink.aead AeadKeyTemplates)
+            (com.google.crypto.tink.streamingaead StreamingAeadKeyTemplates)
+            (com.google.crypto.tink.daead DeterministicAeadKeyTemplates)
+            (com.google.crypto.tink.mac MacKeyTemplates)
+            (com.google.crypto.tink.signature SignatureKeyTemplates)
+            (com.google.crypto.tink.hybrid HybridKeyTemplates)
+            (com.google.crypto.tink.proto OutputPrefixType)))
 
 (def key-templates {:aes128-gcm AeadKeyTemplates/AES128_GCM
                     :aes256-gcm AeadKeyTemplates/AES256_GCM
@@ -99,3 +99,51 @@
    salt]
   (HybridKeyTemplates/createEciesAeadHkdfParams
    curve hash-type ec-point-format dem-key-template salt))
+
+(defn generate-entry-from-parameters-name
+  "Create a `KeysetHandle.Builder.Entry` from a registered parameters name string.
+  Example: (generate-entry-from-parameters-name 'AES128_GCM')"
+  [^String parameters-name]
+  (KeysetHandle/generateEntryFromParametersName parameters-name))
+
+(defn generate-new-from-parameters-name
+  "Generate a new `KeysetHandle` that contains a single key created from the
+  registered parameters name. This mirrors `KeysetHandle.generateNew(Parameters)`
+  but takes the named parameters (string). Returns a `KeysetHandle`."
+  [^String parameters-name]
+    (let [entry (generate-entry-from-parameters-name parameters-name)
+      entry' (-> entry (.withRandomId) (.makePrimary))
+      builder (KeysetHandle/newBuilder)]
+    (-> builder
+      (.addEntry entry')
+      (.build))))
+
+(defn generate-entry-from-parameters
+  "Create a `KeysetHandle.Builder.Entry` from a `Parameters` instance." 
+  [^Object parameters]
+  (KeysetHandle/generateEntryFromParameters parameters))
+
+(defn generate-new-from-parameters
+  "Generate a new `KeysetHandle` that contains a single key created from a
+  `Parameters` instance. Returns a `KeysetHandle`."
+  [^Object parameters]
+  (KeysetHandle/generateNew parameters))
+
+(defn keytemplate-create-from-parameters
+  "Create a `KeyTemplate` from a `Parameters` instance." 
+  [^Object parameters]
+  (KeyTemplate/createFrom parameters))
+
+(defn keytemplate-to-parameters
+  "Return a `Parameters` instance from a `KeyTemplate` that supports `toParameters()`.
+  Throws if the KeyTemplate does not support conversion."
+  [kt]
+  (try
+    (.toParameters kt)
+    (catch Throwable t
+      (throw (IllegalArgumentException. (str "KeyTemplate does not support toParameters: " t))))))
+
+(defn generate-new-from-keytemplate
+  "Generate a new `KeysetHandle` from a `KeyTemplate` instance. Returns a `KeysetHandle`."
+  [kt]
+  (KeysetHandle/generateNew kt))

test/tinklj/keysets/keyset_handle_parameters_test.clj

@@ -0,0 +1,19 @@
+(ns tinklj.keysets.keyset-handle-parameters-test
+  (:require [clojure.test :refer [deftest is testing]]
+            [tinklj.config :as config]
+            [tinklj.keys.keyset-handle :as ksh]
+            [tinklj.keys.keyset-handle :refer [generate-new]])
+  (:import (com.google.crypto.tink.aead AesGcmParameters AesGcmParameters$Variant)))
+
+(deftest generate-from-parameters-test
+  (testing "generate new using Parameters derived from existing KeyTemplate"
+    (config/register :aead)
+    ;; Build Parameters for AES-GCM directly via the Java Parameters builder
+    (let [params (-> (AesGcmParameters/builder)
+             (.setKeySizeBytes 16)
+                     (.setIvSizeBytes 12)
+                     (.setTagSizeBytes 16)
+                     (.setVariant AesGcmParameters$Variant/TINK)
+             (.build))
+        handle (ksh/generate-new-from-parameters params)]
+      (is (= 1 (.size handle))))))

test/tinklj/keysets/keyset_handle_test.clj

@@ -0,0 +1,11 @@
+(ns tinklj.keysets.keyset-handle-test
+  (:require [clojure.test :refer [deftest is testing]]
+            [tinklj.config :as config]
+            [tinklj.keys.keyset-handle :as ksh]))
+
+(deftest generate-from-parameters-name-test
+  (testing "generate entry from named parameters and build keyset"
+    ;; Ensure AEAD parameters are registered
+    (config/register :aead)
+    (let [handle (ksh/generate-new-from-parameters-name "AES128_GCM")]
+      (is (= 1 (.size handle))))))

test/tinklj/keysets/keytemplate_test.clj

@@ -0,0 +1,20 @@
+(ns tinklj.keysets.keytemplate-test
+  (:require [clojure.test :refer [deftest is testing]]
+            [tinklj.config :as config]
+            [tinklj.keys.keyset-handle :as ksh])
+  (:import (com.google.crypto.tink.aead AesGcmParameters AesGcmParameters$Variant)))
+
+(deftest keytemplate-create-and-convert-test
+  (testing "KeyTemplate.createFrom(Parameters) and toParameters roundtrip"
+    (config/register :aead)
+    (let [params (-> (AesGcmParameters/builder)
+                     (.setKeySizeBytes 16)
+                     (.setIvSizeBytes 12)
+                     (.setTagSizeBytes 16)
+                     (.setVariant AesGcmParameters$Variant/TINK)
+                     (.build))
+          kt (ksh/keytemplate-create-from-parameters params)
+          params2 (ksh/keytemplate-to-parameters kt)
+          handle (ksh/generate-new-from-keytemplate kt)]
+      (is (.equals params params2))
+      (is (= 1 (.size handle))))))