From 5e66e06d448aadb3d39ce1cd5180947a6a2ec609 Mon Sep 17 00:00:00 2001
From: tholenst <tholenst@google.com>
Date: Wed, 21 Aug 2019 02:41:52 -0700
Subject: [PATCH] Migrate the AesCtrHmacAeadKeyManager to a KeyTypeManager.
The tests will be migrated in a follow up cl.
*NOTE* that I change how some of the things are done. In particular, previously:
* The underlying HMac was generated by calling the registry.
* The underlying HMac key was manually created, without going through the registry. The version was set wrongly (to the version of the AesCtrHmacAeadKeyManager instead of the HMacKeyManager).
* The underlying HMac key was now validated in this key manager.
* The underlying HMac format was not validated.
After this cl, I use the HMac KeyTypeManager to validate things; and I do that directly without going through the registry.
I think the proper way would be to have some kind of registry access, where this KeyManager can obtain the new HMacKey *Type* manager, and then do the proper things. But this is complicated :/ I think this here is the second best solution.
PiperOrigin-RevId: 264568255
---
cc/aead/BUILD.bazel | 6 +-
cc/aead/CMakeLists.txt | 6 +-
cc/aead/aead_config.cc | 2 +-
cc/aead/aead_key_templates_test.cc | 14 ++-
cc/aead/aes_ctr_hmac_aead_key_manager.cc | 112 +++++++-----------
cc/aead/aes_ctr_hmac_aead_key_manager.h | 56 ++++-----
cc/aead/aes_ctr_hmac_aead_key_manager_test.cc | 44 ++++---
7 files changed, 110 insertions(+), 130 deletions(-)
diff --git a/cc/aead/BUILD.bazel b/cc/aead/BUILD.bazel
index be4181ac0..41a32053d 100644
--- a/cc/aead/BUILD.bazel
+++ b/cc/aead/BUILD.bazel
@@ -160,14 +160,15 @@ cc_library(
strip_include_prefix = "/cc",
deps = [
"//cc:aead",
- "//cc:key_manager",
- "//cc:key_manager_base",
+ "//cc:core/key_type_manager",
"//cc:mac",
"//cc:registry",
+ "//cc/mac:hmac_key_manager",
"//cc/subtle:aes_ctr_boringssl",
"//cc/subtle:encrypt_then_authenticate",
"//cc/subtle:hmac_boringssl",
"//cc/subtle:random",
+ "//cc/util:constants",
"//cc/util:enums",
"//cc/util:errors",
"//cc/util:protobuf_helper",
@@ -343,6 +344,7 @@ cc_test(
":aes_gcm_key_manager",
":aes_gcm_siv_key_manager",
":xchacha20_poly1305_key_manager",
+ "//cc:core/key_manager_impl",
"//cc/util:test_matchers",
"//proto:aes_ctr_hmac_aead_cc_proto",
"//proto:aes_eax_cc_proto",
diff --git a/cc/aead/CMakeLists.txt b/cc/aead/CMakeLists.txt
index c0008f444..24d01d10c 100644
--- a/cc/aead/CMakeLists.txt
+++ b/cc/aead/CMakeLists.txt
@@ -142,14 +142,15 @@ tink_cc_library(
aes_ctr_hmac_aead_key_manager.h
DEPS
tink::core::aead
- tink::core::key_manager
- tink::core::key_manager_base
+ tink::core::key_type_manager
tink::core::mac
tink::core::registry
+ tink::mac::hmac_key_manager
tink::subtle::aes_ctr_boringssl
tink::subtle::encrypt_then_authenticate
tink::subtle::hmac_boringssl
tink::subtle::random
+ tink::util::constants
tink::util::enums
tink::util::errors
tink::util::protobuf_helper
@@ -302,6 +303,7 @@ tink_cc_test(
tink::aead::aes_gcm_key_manager
tink::aead::aes_gcm_siv_key_manager
tink::aead::xchacha20_poly1305_key_manager
+ tink::core::key_manager_impl
tink::util::test_matchers
tink::proto::aes_ctr_hmac_aead_cc_proto
tink::proto::aes_eax_cc_proto
diff --git a/cc/aead/aead_config.cc b/cc/aead/aead_config.cc
index d936723c0..fe40350aa 100644
--- a/cc/aead/aead_config.cc
+++ b/cc/aead/aead_config.cc
@@ -48,7 +48,7 @@ util::Status AeadConfig::Register() {
if (!status.ok()) return status;
// Register key managers.
- status = Registry::RegisterKeyManager(
+ status = Registry::RegisterKeyTypeManager(
absl::make_unique<AesCtrHmacAeadKeyManager>(), true);
if (!status.ok()) return status;
status = Registry::RegisterKeyTypeManager(
diff --git a/cc/aead/aead_key_templates_test.cc b/cc/aead/aead_key_templates_test.cc
index 7eb327498..312622c89 100644
--- a/cc/aead/aead_key_templates_test.cc
+++ b/cc/aead/aead_key_templates_test.cc
@@ -230,10 +230,11 @@ TEST(AeadKeyTemplatesTest, testAesCtrHmacAeadKeyTemplates) {
EXPECT_EQ(&key_template, &key_template_2);
// Check that the template works with the key manager.
- AesCtrHmacAeadKeyManager key_manager;
- EXPECT_EQ(key_manager.get_key_type(), key_template.type_url());
+ AesCtrHmacAeadKeyManager key_type_manager;
+ auto key_manager = internal::MakeKeyManager<Aead>(&key_type_manager);
+ EXPECT_EQ(key_manager->get_key_type(), key_template.type_url());
auto new_key_result =
- key_manager.get_key_factory().NewKey(key_template.value());
+ key_manager->get_key_factory().NewKey(key_template.value());
EXPECT_TRUE(new_key_result.ok()) << new_key_result.status();
}
@@ -255,10 +256,11 @@ TEST(AeadKeyTemplatesTest, testAesCtrHmacAeadKeyTemplates) {
EXPECT_EQ(&key_template, &key_template_2);
// Check that the template works with the key manager.
- AesCtrHmacAeadKeyManager key_manager;
- EXPECT_EQ(key_manager.get_key_type(), key_template.type_url());
+ AesCtrHmacAeadKeyManager key_type_manager;
+ auto key_manager = internal::MakeKeyManager<Aead>(&key_type_manager);
+ EXPECT_EQ(key_manager->get_key_type(), key_template.type_url());
auto new_key_result =
- key_manager.get_key_factory().NewKey(key_template.value());
+ key_manager->get_key_factory().NewKey(key_template.value());
EXPECT_TRUE(new_key_result.ok()) << new_key_result.status();
}
}
diff --git a/cc/aead/aes_ctr_hmac_aead_key_manager.cc b/cc/aead/aes_ctr_hmac_aead_key_manager.cc
index 3fdef97e3..285eb2fc6 100644
--- a/cc/aead/aes_ctr_hmac_aead_key_manager.cc
+++ b/cc/aead/aes_ctr_hmac_aead_key_manager.cc
@@ -22,6 +22,7 @@
#include "tink/aead.h"
#include "tink/key_manager.h"
#include "tink/mac.h"
+#include "tink/mac/hmac_key_manager.h"
#include "tink/registry.h"
#include "tink/subtle/aes_ctr_boringssl.h"
#include "tink/subtle/encrypt_then_authenticate.h"
@@ -39,97 +40,65 @@
namespace crypto {
namespace tink {
+namespace {
+constexpr int kMinKeySizeInBytes = 16;
+constexpr int kMinIvSizeInBytes = 12;
+constexpr int kMinTagSizeInBytes = 10;
+}
+
using crypto::tink::util::Enums;
using crypto::tink::util::Status;
using crypto::tink::util::StatusOr;
using google::crypto::tink::AesCtrHmacAeadKey;
using google::crypto::tink::AesCtrHmacAeadKeyFormat;
using google::crypto::tink::HashType;
-using google::crypto::tink::KeyData;
-
-class AesCtrHmacAeadKeyFactory
- : public KeyFactoryBase<AesCtrHmacAeadKey, AesCtrHmacAeadKeyFormat> {
- public:
- AesCtrHmacAeadKeyFactory() = default;
-
- KeyData::KeyMaterialType key_material_type() const override {
- return KeyData::SYMMETRIC;
- }
- protected:
- StatusOr<std::unique_ptr<AesCtrHmacAeadKey>> NewKeyFromFormat(
- const AesCtrHmacAeadKeyFormat& aes_ctr_hmac_aead_key_format)
- const override {
- Status status =
- AesCtrHmacAeadKeyManager::Validate(aes_ctr_hmac_aead_key_format);
- if (!status.ok()) return status;
-
- auto aes_ctr_hmac_aead_key = absl::make_unique<AesCtrHmacAeadKey>();
- aes_ctr_hmac_aead_key->set_version(AesCtrHmacAeadKeyManager::kVersion);
-
- // Generate AesCtrKey.
- auto aes_ctr_key = aes_ctr_hmac_aead_key->mutable_aes_ctr_key();
- aes_ctr_key->set_version(AesCtrHmacAeadKeyManager::kVersion);
- *(aes_ctr_key->mutable_params()) =
- aes_ctr_hmac_aead_key_format.aes_ctr_key_format().params();
- aes_ctr_key->set_key_value(subtle::Random::GetRandomBytes(
- aes_ctr_hmac_aead_key_format.aes_ctr_key_format().key_size()));
-
- // Generate HmacKey.
- auto hmac_key = aes_ctr_hmac_aead_key->mutable_hmac_key();
- hmac_key->set_version(AesCtrHmacAeadKeyManager::kVersion);
- *(hmac_key->mutable_params()) =
- aes_ctr_hmac_aead_key_format.hmac_key_format().params();
- hmac_key->set_key_value(subtle::Random::GetRandomBytes(
- aes_ctr_hmac_aead_key_format.hmac_key_format().key_size()));
-
- return absl::implicit_cast<StatusOr<std::unique_ptr<AesCtrHmacAeadKey>>>(
- std::move(aes_ctr_hmac_aead_key));
+StatusOr<AesCtrHmacAeadKey> AesCtrHmacAeadKeyManager::CreateKey(
+ const AesCtrHmacAeadKeyFormat& aes_ctr_hmac_aead_key_format) const {
+ AesCtrHmacAeadKey aes_ctr_hmac_aead_key;
+ aes_ctr_hmac_aead_key.set_version(get_version());
+
+ // Generate AesCtrKey.
+ auto aes_ctr_key = aes_ctr_hmac_aead_key.mutable_aes_ctr_key();
+ aes_ctr_key->set_version(get_version());
+ *(aes_ctr_key->mutable_params()) =
+ aes_ctr_hmac_aead_key_format.aes_ctr_key_format().params();
+ aes_ctr_key->set_key_value(subtle::Random::GetRandomBytes(
+ aes_ctr_hmac_aead_key_format.aes_ctr_key_format().key_size()));
+
+ // Generate HmacKey.
+ auto hmac_key_or = HmacKeyManager().CreateKey(
+ aes_ctr_hmac_aead_key_format.hmac_key_format());
+ if (!hmac_key_or.status().ok()) {
+ return hmac_key_or.status();
}
-};
+ *aes_ctr_hmac_aead_key.mutable_hmac_key() = hmac_key_or.ValueOrDie();
-constexpr char AesCtrHmacAeadKeyManager::kHmacKeyType[];
-constexpr uint32_t AesCtrHmacAeadKeyManager::kVersion;
-
-const int kMinKeySizeInBytes = 16;
-const int kMinIvSizeInBytes = 12;
-const int kMinTagSizeInBytes = 10;
-
-AesCtrHmacAeadKeyManager::AesCtrHmacAeadKeyManager()
- : key_factory_(absl::make_unique<AesCtrHmacAeadKeyFactory>()) {}
-
-const KeyFactory& AesCtrHmacAeadKeyManager::get_key_factory() const {
- return *key_factory_;
+ return aes_ctr_hmac_aead_key;
}
-uint32_t AesCtrHmacAeadKeyManager::get_version() const { return kVersion; }
-
-StatusOr<std::unique_ptr<Aead>> AesCtrHmacAeadKeyManager::GetPrimitiveFromKey(
- const AesCtrHmacAeadKey& aes_ctr_hmac_aead_key) const {
- Status status = Validate(aes_ctr_hmac_aead_key);
- if (!status.ok()) return status;
+StatusOr<std::unique_ptr<Aead>> AesCtrHmacAeadKeyManager::AeadFactory::Create(
+ const AesCtrHmacAeadKey& key) const {
auto aes_ctr_result = subtle::AesCtrBoringSsl::New(
- aes_ctr_hmac_aead_key.aes_ctr_key().key_value(),
- aes_ctr_hmac_aead_key.aes_ctr_key().params().iv_size());
+ key.aes_ctr_key().key_value(),
+ key.aes_ctr_key().params().iv_size());
if (!aes_ctr_result.ok()) return aes_ctr_result.status();
- auto hmac_result = Registry::GetPrimitive<Mac>(
- kHmacKeyType, aes_ctr_hmac_aead_key.hmac_key());
+ auto hmac_result = HmacKeyManager().GetPrimitive<Mac>(key.hmac_key());
if (!hmac_result.ok()) return hmac_result.status();
auto cipher_res = subtle::EncryptThenAuthenticate::New(
std::move(aes_ctr_result.ValueOrDie()),
- std::move(hmac_result.ValueOrDie()),
- aes_ctr_hmac_aead_key.hmac_key().params().tag_size());
+ std::move(hmac_result.ValueOrDie()), key.hmac_key().params().tag_size());
if (!cipher_res.ok()) {
return cipher_res.status();
}
return std::move(cipher_res.ValueOrDie());
}
-// static
-Status AesCtrHmacAeadKeyManager::Validate(const AesCtrHmacAeadKey& key) {
- Status status = ValidateVersion(key.version(), kVersion);
+Status AesCtrHmacAeadKeyManager::ValidateKey(
+ const AesCtrHmacAeadKey& key) const {
+ Status status = ValidateVersion(key.version(), get_version());
if (!status.ok()) return status;
// Validate AesCtrKey.
@@ -144,12 +113,11 @@ Status AesCtrHmacAeadKeyManager::Validate(const AesCtrHmacAeadKey& key) {
return ToStatusF(util::error::INVALID_ARGUMENT,
"Invalid AesCtrHmacAeadKey: IV size out of range.");
}
- return Status::OK;
+ return HmacKeyManager().ValidateKey(key.hmac_key());
}
-// static
-Status AesCtrHmacAeadKeyManager::Validate(
- const AesCtrHmacAeadKeyFormat& key_format) {
+Status AesCtrHmacAeadKeyManager::ValidateKeyFormat(
+ const AesCtrHmacAeadKeyFormat& key_format) const {
// Validate AesCtrKeyFormat.
auto aes_ctr_key_format = key_format.aes_ctr_key_format();
auto status = ValidateAesKeySize(aes_ctr_key_format.key_size());
@@ -190,7 +158,7 @@ Status AesCtrHmacAeadKeyManager::Validate(
}
}
- return Status::OK;
+ return HmacKeyManager().ValidateKeyFormat(key_format.hmac_key_format());
}
} // namespace tink
diff --git a/cc/aead/aes_ctr_hmac_aead_key_manager.h b/cc/aead/aes_ctr_hmac_aead_key_manager.h
index b5bf726af..7e141ae63 100644
--- a/cc/aead/aes_ctr_hmac_aead_key_manager.h
+++ b/cc/aead/aes_ctr_hmac_aead_key_manager.h
@@ -1,4 +1,4 @@
-// Copyright 2017 Google Inc.
+// Copyright 2017 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -21,8 +21,9 @@
#include "absl/strings/string_view.h"
#include "tink/aead.h"
-#include "tink/core/key_manager_base.h"
+#include "tink/core/key_type_manager.h"
#include "tink/key_manager.h"
+#include "tink/util/constants.h"
#include "tink/util/errors.h"
#include "tink/util/protobuf_helper.h"
#include "tink/util/status.h"
@@ -34,41 +35,40 @@ namespace crypto {
namespace tink {
class AesCtrHmacAeadKeyManager
- : public KeyManagerBase<Aead, google::crypto::tink::AesCtrHmacAeadKey> {
+ : public KeyTypeManager<google::crypto::tink::AesCtrHmacAeadKey,
+ google::crypto::tink::AesCtrHmacAeadKeyFormat,
+ List<Aead>> {
public:
- static constexpr char kHmacKeyType[] =
- "type.googleapis.com/google.crypto.tink.HmacKey";
- static constexpr uint32_t kVersion = 0;
+ class AeadFactory : public PrimitiveFactory<Aead> {
+ crypto::tink::util::StatusOr<std::unique_ptr<Aead>> Create(
+ const google::crypto::tink::AesCtrHmacAeadKey& key) const override;
+ };
- AesCtrHmacAeadKeyManager();
+ AesCtrHmacAeadKeyManager()
+ : KeyTypeManager(absl::make_unique<AeadFactory>()) {}
- // Returns the version of this key manager.
- uint32_t get_version() const override;
+ uint32_t get_version() const override { return 0; }
- // Returns a factory that generates keys of the key type
- // handled by this manager.
- const KeyFactory& get_key_factory() const override;
+ google::crypto::tink::KeyData::KeyMaterialType key_material_type()
+ const override {
+ return google::crypto::tink::KeyData::SYMMETRIC;
+ }
- virtual ~AesCtrHmacAeadKeyManager() {}
+ const std::string& get_key_type() const override { return key_type_; }
- protected:
- crypto::tink::util::StatusOr<std::unique_ptr<Aead>> GetPrimitiveFromKey(
- const google::crypto::tink::AesCtrHmacAeadKey& aes_ctr_hmac_aead_key)
+ crypto::tink::util::Status ValidateKey(
+ const google::crypto::tink::AesCtrHmacAeadKey& key) const override;
+ crypto::tink::util::Status ValidateKeyFormat(
+ const google::crypto::tink::AesCtrHmacAeadKeyFormat& key) const override;
+
+ crypto::tink::util::StatusOr<google::crypto::tink::AesCtrHmacAeadKey>
+ CreateKey(const google::crypto::tink::AesCtrHmacAeadKeyFormat& key_format)
const override;
private:
- friend class AesCtrHmacAeadKeyFactory;
-
- std::unique_ptr<KeyFactory> key_factory_;
-
- // Constructs an instance of AES-CTR-HMAC-AEAD Aead for the given 'key'.
- crypto::tink::util::StatusOr<std::unique_ptr<Aead>> GetPrimitiveImpl(
- const google::crypto::tink::AesCtrHmacAeadKey& key) const;
-
- static crypto::tink::util::Status Validate(
- const google::crypto::tink::AesCtrHmacAeadKey& key);
- static crypto::tink::util::Status Validate(
- const google::crypto::tink::AesCtrHmacAeadKeyFormat& key_format);
+ const std::string key_type_ =
+ absl::StrCat(kTypeGoogleapisCom,
+ google::crypto::tink::AesCtrHmacAeadKey().GetTypeName());
};
} // namespace tink
diff --git a/cc/aead/aes_ctr_hmac_aead_key_manager_test.cc b/cc/aead/aes_ctr_hmac_aead_key_manager_test.cc
index 1fe6ef3ae..5104a0dc0 100644
--- a/cc/aead/aes_ctr_hmac_aead_key_manager_test.cc
+++ b/cc/aead/aes_ctr_hmac_aead_key_manager_test.cc
@@ -55,23 +55,25 @@ class AesCtrHmacAeadKeyManagerTest : public ::testing::Test {
};
TEST_F(AesCtrHmacAeadKeyManagerTest, testBasic) {
- AesCtrHmacAeadKeyManager key_manager;
+ AesCtrHmacAeadKeyManager key_type_manager;
+ auto key_manager = internal::MakeKeyManager<Aead>(&key_type_manager);
- EXPECT_EQ(0, key_manager.get_version());
+ EXPECT_EQ(0, key_manager->get_version());
EXPECT_EQ("type.googleapis.com/google.crypto.tink.AesCtrHmacAeadKey",
- key_manager.get_key_type());
- EXPECT_TRUE(key_manager.DoesSupport(key_manager.get_key_type()));
+ key_manager->get_key_type());
+ EXPECT_TRUE(key_manager->DoesSupport(key_manager->get_key_type()));
}
TEST_F(AesCtrHmacAeadKeyManagerTest, testKeyDataErrors) {
- AesCtrHmacAeadKeyManager key_manager;
+ AesCtrHmacAeadKeyManager key_type_manager;
+ auto key_manager = internal::MakeKeyManager<Aead>(&key_type_manager);
{ // Bad key type.
KeyData key_data;
std::string bad_key_type =
"type.googleapis.com/google.crypto.tink.SomeOtherKey";
key_data.set_type_url(bad_key_type);
- auto result = key_manager.GetPrimitive(key_data);
+ auto result = key_manager->GetPrimitive(key_data);
EXPECT_FALSE(result.ok());
EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
EXPECT_PRED_FORMAT2(testing::IsSubstring, "not supported",
@@ -84,7 +86,7 @@ TEST_F(AesCtrHmacAeadKeyManagerTest, testKeyDataErrors) {
KeyData key_data;
key_data.set_type_url(aes_ctr_hmac_aead_key_type);
key_data.set_value("some bad serialized proto");
- auto result = key_manager.GetPrimitive(key_data);
+ auto result = key_manager->GetPrimitive(key_data);
EXPECT_FALSE(result.ok());
EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
EXPECT_PRED_FORMAT2(testing::IsSubstring, "not parse",
@@ -97,7 +99,7 @@ TEST_F(AesCtrHmacAeadKeyManagerTest, testKeyDataErrors) {
key.set_version(1);
key_data.set_type_url(aes_ctr_hmac_aead_key_type);
key_data.set_value(key.SerializeAsString());
- auto result = key_manager.GetPrimitive(key_data);
+ auto result = key_manager->GetPrimitive(key_data);
EXPECT_FALSE(result.ok());
EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
EXPECT_PRED_FORMAT2(testing::IsSubstring, "version",
@@ -118,7 +120,7 @@ TEST_F(AesCtrHmacAeadKeyManagerTest, testKeyDataErrors) {
KeyData key_data;
key_data.set_type_url(aes_ctr_hmac_aead_key_type);
key_data.set_value(key.SerializeAsString());
- auto result = key_manager.GetPrimitive(key_data);
+ auto result = key_manager->GetPrimitive(key_data);
if (len == 16 || len == 32) {
EXPECT_TRUE(result.ok()) << result.status();
} else {
@@ -136,11 +138,12 @@ TEST_F(AesCtrHmacAeadKeyManagerTest, testKeyDataErrors) {
}
TEST_F(AesCtrHmacAeadKeyManagerTest, testKeyMessageErrors) {
- AesCtrHmacAeadKeyManager key_manager;
+ AesCtrHmacAeadKeyManager key_type_manager;
+ auto key_manager = internal::MakeKeyManager<Aead>(&key_type_manager);
{ // Bad protobuffer.
AesGcmKey key;
- auto result = key_manager.GetPrimitive(key);
+ auto result = key_manager->GetPrimitive(key);
EXPECT_FALSE(result.ok());
EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
EXPECT_PRED_FORMAT2(testing::IsSubstring, "AesGcmKey",
@@ -160,7 +163,7 @@ TEST_F(AesCtrHmacAeadKeyManagerTest, testKeyMessageErrors) {
hmac_key->set_key_value(std::string(len, 'b'));
hmac_key->mutable_params()->set_hash(HashType::SHA1);
hmac_key->mutable_params()->set_tag_size(10);
- auto result = key_manager.GetPrimitive(key);
+ auto result = key_manager->GetPrimitive(key);
if (len == 16 || len == 32) {
EXPECT_TRUE(result.ok()) << result.status();
} else {
@@ -179,7 +182,8 @@ TEST_F(AesCtrHmacAeadKeyManagerTest, testKeyMessageErrors) {
TEST_F(AesCtrHmacAeadKeyManagerTest, testPrimitives) {
std::string plaintext = "some plaintext";
std::string aad = "some aad";
- AesCtrHmacAeadKeyManager key_manager;
+ AesCtrHmacAeadKeyManager key_type_manager;
+ auto key_manager = internal::MakeKeyManager<Aead>(&key_type_manager);
AesCtrHmacAeadKey key;
key.set_version(0);
@@ -192,7 +196,7 @@ TEST_F(AesCtrHmacAeadKeyManagerTest, testPrimitives) {
hmac_key->mutable_params()->set_tag_size(10);
{ // Using key message only.
- auto result = key_manager.GetPrimitive(key);
+ auto result = key_manager->GetPrimitive(key);
EXPECT_TRUE(result.ok()) << result.status();
auto cipher = std::move(result.ValueOrDie());
auto encrypt_result = cipher->Encrypt(plaintext, aad);
@@ -206,7 +210,7 @@ TEST_F(AesCtrHmacAeadKeyManagerTest, testPrimitives) {
KeyData key_data;
key_data.set_type_url(aes_ctr_hmac_aead_key_type);
key_data.set_value(key.SerializeAsString());
- auto result = key_manager.GetPrimitive(key_data);
+ auto result = key_manager->GetPrimitive(key_data);
EXPECT_TRUE(result.ok()) << result.status();
auto cipher = std::move(result.ValueOrDie());
auto encrypt_result = cipher->Encrypt(plaintext, aad);
@@ -218,8 +222,9 @@ TEST_F(AesCtrHmacAeadKeyManagerTest, testPrimitives) {
}
TEST_F(AesCtrHmacAeadKeyManagerTest, testNewKeyErrors) {
- AesCtrHmacAeadKeyManager key_manager;
- const KeyFactory& key_factory = key_manager.get_key_factory();
+ AesCtrHmacAeadKeyManager key_type_manager;
+ auto key_manager = internal::MakeKeyManager<Aead>(&key_type_manager);
+ const KeyFactory& key_factory = key_manager->get_key_factory();
{ // Bad key format.
AesGcmKeyFormat key_format;
@@ -269,8 +274,9 @@ TEST_F(AesCtrHmacAeadKeyManagerTest, testNewKeyErrors) {
}
TEST_F(AesCtrHmacAeadKeyManagerTest, testNewKeyBasic) {
- AesCtrHmacAeadKeyManager key_manager;
- const KeyFactory& key_factory = key_manager.get_key_factory();
+ AesCtrHmacAeadKeyManager key_type_manager;
+ auto key_manager = internal::MakeKeyManager<Aead>(&key_type_manager);
+ const KeyFactory& key_factory = key_manager->get_key_factory();
AesCtrHmacAeadKeyFormat key_format;
auto aes_ctr_key_format = key_format.mutable_aes_ctr_key_format();
aes_ctr_key_format->set_key_size(16);
--
GitLab