From b192aa97e637b6c7206a267321a7a400595c4a20 Mon Sep 17 00:00:00 2001
From: tholenst <tholenst@google.com>
Date: Thu, 15 Aug 2019 03:13:47 -0700
Subject: [PATCH] Migrate the AesSivKeyManager to a KeyTypeManager.
We will migrate the test in an upcoming cl.
PiperOrigin-RevId: 263530089
---
cc/daead/BUILD.bazel | 14 +--
cc/daead/CMakeLists.txt | 12 +-
cc/daead/aes_siv_key_manager.cc | 112 ------------------
cc/daead/aes_siv_key_manager.h | 77 ++++++++----
cc/daead/aes_siv_key_manager_test.cc | 53 +++++----
cc/daead/deterministic_aead_config.cc | 2 +-
cc/daead/deterministic_aead_factory_test.cc | 12 +-
.../deterministic_aead_key_templates_test.cc | 9 +-
.../daead/TINKDeterministicAeadFactoryTest.mm | 23 ++--
.../deterministic_aead_key_manager_test.py | 2 +-
10 files changed, 126 insertions(+), 190 deletions(-)
delete mode 100644 cc/daead/aes_siv_key_manager.cc
diff --git a/cc/daead/BUILD.bazel b/cc/daead/BUILD.bazel
index b748f258a..df9018aa5 100644
--- a/cc/daead/BUILD.bazel
+++ b/cc/daead/BUILD.bazel
@@ -4,25 +4,22 @@ licenses(["notice"])
cc_library(
name = "aes_siv_key_manager",
- srcs = ["aes_siv_key_manager.cc"],
hdrs = ["aes_siv_key_manager.h"],
include_prefix = "tink",
strip_include_prefix = "/cc",
deps = [
- "//cc:aead",
- "//cc:key_manager",
- "//cc:key_manager_base",
+ "//cc:core/key_type_manager",
+ "//cc:deterministic_aead",
"//cc/subtle:aes_siv_boringssl",
"//cc/subtle:random",
+ "//cc/util:constants",
"//cc/util:errors",
"//cc/util:protobuf_helper",
"//cc/util:status",
"//cc/util:statusor",
"//cc/util:validation",
"//proto:aes_siv_cc_proto",
- "//proto:common_cc_proto",
- "//proto:tink_cc_proto",
- "@com_google_absl//absl/base",
+ "@com_google_absl//absl/strings",
],
)
@@ -75,7 +72,6 @@ cc_library(
"//cc:deterministic_aead",
"//cc:key_manager",
"//cc:keyset_handle",
- "//cc:primitive_set",
"//cc:registry",
"//cc/util:status",
"//cc/util:statusor",
@@ -107,6 +103,7 @@ cc_test(
deps = [
":aes_siv_key_manager",
"//cc:aead",
+ "//cc:core/key_manager_impl",
"//cc/util:status",
"//cc/util:statusor",
"//proto:aes_eax_cc_proto",
@@ -185,6 +182,7 @@ cc_test(
deps = [
":aes_siv_key_manager",
":deterministic_aead_key_templates",
+ "//cc:core/key_manager_impl",
"//proto:aes_siv_cc_proto",
"//proto:common_cc_proto",
"//proto:tink_cc_proto",
diff --git a/cc/daead/CMakeLists.txt b/cc/daead/CMakeLists.txt
index f5cf7201b..b9e9178c9 100644
--- a/cc/daead/CMakeLists.txt
+++ b/cc/daead/CMakeLists.txt
@@ -3,14 +3,13 @@ tink_module(daead)
tink_cc_library(
NAME aes_siv_key_manager
SRCS
- aes_siv_key_manager.cc
aes_siv_key_manager.h
DEPS
tink::core::aead
- tink::core::key_manager
- tink::core::key_manager_base
+ tink::core::key_type_manager
tink::subtle::aes_siv_boringssl
tink::subtle::random
+ tink::util::constants
tink::util::errors
tink::util::protobuf_helper
tink::util::status
@@ -19,7 +18,7 @@ tink_cc_library(
tink::proto::aes_siv_cc_proto
tink::proto::common_cc_proto
tink::proto::tink_cc_proto
- absl::base
+ absl::strings
)
tink_cc_library(
@@ -90,7 +89,8 @@ tink_cc_test(
SRCS aes_siv_key_manager_test.cc
DEPS
tink::daead::aes_siv_key_manager
- tink::core::aead
+ tink::core::deterministic_aead
+ tink::core::key_manager_impl
tink::util::status
tink::util::statusor
tink::proto::aes_eax_cc_proto
@@ -134,6 +134,7 @@ tink_cc_test(
NAME deterministic_aead_factory_test
SRCS deterministic_aead_factory_test.cc
DEPS
+ tink::core::key_manager_impl
tink::daead::aes_siv_key_manager
tink::daead::deterministic_aead_config
tink::daead::deterministic_aead_factory
@@ -151,6 +152,7 @@ tink_cc_test(
NAME deterministic_aead_key_templates_test
SRCS deterministic_aead_key_templates_test.cc
DEPS
+ tink::core::key_manager_impl
tink::daead::aes_siv_key_manager
tink::daead::deterministic_aead_key_templates
tink::proto::aes_siv_cc_proto
diff --git a/cc/daead/aes_siv_key_manager.cc b/cc/daead/aes_siv_key_manager.cc
deleted file mode 100644
index dd8c6141f..000000000
--- a/cc/daead/aes_siv_key_manager.cc
+++ /dev/null
@@ -1,112 +0,0 @@
-// Copyright 2018 Google Inc.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-//
-///////////////////////////////////////////////////////////////////////////////
-
-#include "tink/daead/aes_siv_key_manager.h"
-
-#include "absl/base/casts.h"
-#include "absl/strings/string_view.h"
-#include "tink/deterministic_aead.h"
-#include "tink/key_manager.h"
-#include "tink/subtle/aes_siv_boringssl.h"
-#include "tink/subtle/random.h"
-#include "tink/util/errors.h"
-#include "tink/util/protobuf_helper.h"
-#include "tink/util/status.h"
-#include "tink/util/statusor.h"
-#include "tink/util/validation.h"
-#include "proto/aes_siv.pb.h"
-#include "proto/tink.pb.h"
-
-namespace crypto {
-namespace tink {
-
-using ::crypto::tink::util::Status;
-using ::crypto::tink::util::StatusOr;
-using ::google::crypto::tink::AesSivKey;
-using ::google::crypto::tink::AesSivKeyFormat;
-using ::google::crypto::tink::KeyData;
-
-class AesSivKeyFactory : public KeyFactoryBase<AesSivKey, AesSivKeyFormat> {
- public:
- AesSivKeyFactory() {}
-
- KeyData::KeyMaterialType key_material_type() const override {
- return KeyData::SYMMETRIC;
- }
-
- protected:
- StatusOr<std::unique_ptr<AesSivKey>> NewKeyFromFormat(
- const AesSivKeyFormat& aes_siv_key_format) const override {
- Status status = AesSivKeyManager::Validate(aes_siv_key_format);
- if (!status.ok()) return status;
-
- auto aes_siv_key = absl::make_unique<AesSivKey>();
- aes_siv_key->set_version(AesSivKeyManager::kVersion);
- aes_siv_key->set_key_value(
- subtle::Random::GetRandomBytes(aes_siv_key_format.key_size()));
- return absl::implicit_cast<StatusOr<std::unique_ptr<AesSivKey>>>(
- std::move(aes_siv_key));
- }
-};
-
-constexpr uint32_t AesSivKeyManager::kVersion;
-
-AesSivKeyManager::AesSivKeyManager()
- : key_factory_(absl::make_unique<AesSivKeyFactory>()) {}
-
-uint32_t AesSivKeyManager::get_version() const { return kVersion; }
-
-const KeyFactory& AesSivKeyManager::get_key_factory() const {
- return *key_factory_;
-}
-
-StatusOr<std::unique_ptr<DeterministicAead>>
-AesSivKeyManager::GetPrimitiveFromKey(const AesSivKey& aes_siv_key) const {
- Status status = Validate(aes_siv_key);
- if (!status.ok()) return status;
- auto aes_siv_result = subtle::AesSivBoringSsl::New(aes_siv_key.key_value());
- if (!aes_siv_result.ok()) return aes_siv_result.status();
- return std::move(aes_siv_result.ValueOrDie());
-}
-
-// static
-Status AesSivKeyManager::Validate(const AesSivKey& key) {
- Status status = ValidateVersion(key.version(), kVersion);
- if (!status.ok()) return status;
- uint32_t key_size = key.key_value().size();
- if (key_size != 64) {
- return ToStatusF(util::error::INVALID_ARGUMENT,
- "Invalid AesSivKey: key_value has %d bytes; "
- "supported size: 64 bytes.",
- key_size);
- }
- return Status::OK;
-}
-
-// static
-Status AesSivKeyManager::Validate(const AesSivKeyFormat& key_format) {
- uint32_t key_size = key_format.key_size();
- if (key_size != 64) {
- return ToStatusF(util::error::INVALID_ARGUMENT,
- "Invalid AesSivKeyFormat: key_size is %d bytes; "
- "supported size: 64 bytes.",
- key_size);
- }
- return Status::OK;
-}
-
-} // namespace tink
-} // namespace crypto
diff --git a/cc/daead/aes_siv_key_manager.h b/cc/daead/aes_siv_key_manager.h
index 219f5e20d..3b6f44e64 100644
--- a/cc/daead/aes_siv_key_manager.h
+++ b/cc/daead/aes_siv_key_manager.h
@@ -20,50 +20,79 @@
#include <vector>
#include "absl/strings/string_view.h"
+#include "tink/core/key_type_manager.h"
#include "tink/deterministic_aead.h"
-#include "tink/core/key_manager_base.h"
-#include "tink/key_manager.h"
+#include "tink/subtle/aes_siv_boringssl.h"
+#include "tink/subtle/random.h"
+#include "tink/util/constants.h"
#include "tink/util/errors.h"
#include "tink/util/protobuf_helper.h"
#include "tink/util/status.h"
#include "tink/util/statusor.h"
+#include "tink/util/validation.h"
#include "proto/aes_siv.pb.h"
-#include "proto/tink.pb.h"
namespace crypto {
namespace tink {
class AesSivKeyManager
- : public KeyManagerBase<DeterministicAead,
- google::crypto::tink::AesSivKey> {
+ : public KeyTypeManager<google::crypto::tink::AesSivKey,
+ google::crypto::tink::AesSivKeyFormat,
+ List<DeterministicAead>> {
public:
- static constexpr uint32_t kVersion = 0;
+ class DeterministicAeadFactory : public PrimitiveFactory<DeterministicAead> {
+ crypto::tink::util::StatusOr<std::unique_ptr<DeterministicAead>> Create(
+ const google::crypto::tink::AesSivKey& key) const override {
+ return subtle::AesSivBoringSsl::New(key.key_value());
+ }
+ };
- AesSivKeyManager();
+ AesSivKeyManager()
+ : KeyTypeManager(absl::make_unique<DeterministicAeadFactory>()) {}
- // Returns the version of this key manager.
- uint32_t get_version() const override;
+ uint32_t get_version() const override { return 0; }
- // Returns a factory that generates keys of the key type
- // handled by this manager.
- const KeyFactory& get_key_factory() const override;
+ google::crypto::tink::KeyData::KeyMaterialType key_material_type()
+ const override {
+ return google::crypto::tink::KeyData::SYMMETRIC;
+ }
- virtual ~AesSivKeyManager() {}
+ const std::string& get_key_type() const override { return key_type_; }
- protected:
- crypto::tink::util::StatusOr<std::unique_ptr<DeterministicAead>>
- GetPrimitiveFromKey(
- const google::crypto::tink::AesSivKey& aes_siv_key) const override;
+ crypto::tink::util::Status ValidateKey(
+ const google::crypto::tink::AesSivKey& key) const override {
+ crypto::tink::util::Status status =
+ ValidateVersion(key.version(), get_version());
+ if (!status.ok()) return status;
+ return ValidateKeySize(key.key_value().size());
+ }
- private:
- friend class AesSivKeyFactory;
+ crypto::tink::util::Status ValidateKeyFormat(
+ const google::crypto::tink::AesSivKeyFormat& key_format) const override {
+ return ValidateKeySize(key_format.key_size());
+ }
+
+ crypto::tink::util::StatusOr<google::crypto::tink::AesSivKey> CreateKey(
+ const google::crypto::tink::AesSivKeyFormat& key_format) const override {
+ google::crypto::tink::AesSivKey key;
+ key.set_version(get_version());
+ key.set_key_value(subtle::Random::GetRandomBytes(key_format.key_size()));
+ return key;
+ }
- std::unique_ptr<KeyFactory> key_factory_;
+ private:
+ crypto::tink::util::Status ValidateKeySize(uint32_t key_size) const {
+ if (key_size != 64) {
+ return crypto::tink::util::Status(
+ crypto::tink::util::error::INVALID_ARGUMENT,
+ absl::StrCat("Invalid key size: key size is ", key_size,
+ " bytes; supported size: 64 bytes."));
+ }
+ return crypto::tink::util::OkStatus();
+ }
- static crypto::tink::util::Status Validate(
- const google::crypto::tink::AesSivKey& key);
- static crypto::tink::util::Status Validate(
- const google::crypto::tink::AesSivKeyFormat& key_format);
+ const std::string key_type_ = absl::StrCat(
+ kTypeGoogleapisCom, google::crypto::tink::AesSivKey().GetTypeName());
};
} // namespace tink
diff --git a/cc/daead/aes_siv_key_manager_test.cc b/cc/daead/aes_siv_key_manager_test.cc
index 2ddf75956..e9e1c1399 100644
--- a/cc/daead/aes_siv_key_manager_test.cc
+++ b/cc/daead/aes_siv_key_manager_test.cc
@@ -16,6 +16,7 @@
#include "tink/daead/aes_siv_key_manager.h"
+#include "tink/core/key_manager_impl.h"
#include "tink/deterministic_aead.h"
#include "tink/util/status.h"
#include "tink/util/statusor.h"
@@ -44,23 +45,27 @@ class AesSivKeyManagerTest : public ::testing::Test {
};
TEST_F(AesSivKeyManagerTest, testBasic) {
- AesSivKeyManager key_manager;
+ AesSivKeyManager key_type_manager;
+ auto key_manager =
+ internal::MakeKeyManager<DeterministicAead>(&key_type_manager);
- EXPECT_EQ(0, key_manager.get_version());
+ EXPECT_EQ(0, key_manager->get_version());
EXPECT_EQ("type.googleapis.com/google.crypto.tink.AesSivKey",
- key_manager.get_key_type());
- EXPECT_TRUE(key_manager.DoesSupport(key_manager.get_key_type()));
+ key_manager->get_key_type());
+ EXPECT_TRUE(key_manager->DoesSupport(key_manager->get_key_type()));
}
TEST_F(AesSivKeyManagerTest, testKeyDataErrors) {
- AesSivKeyManager key_manager;
+ AesSivKeyManager key_type_manager;
+ auto key_manager =
+ internal::MakeKeyManager<DeterministicAead>(&key_type_manager);
{ // Bad key type.
KeyData key_data;
std::string bad_key_type =
"type.googleapis.com/google.crypto.tink.SomeOtherKey";
key_data.set_type_url(bad_key_type);
- auto result = key_manager.GetPrimitive(key_data);
+ auto result = key_manager->GetPrimitive(key_data);
EXPECT_FALSE(result.ok());
EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
EXPECT_PRED_FORMAT2(testing::IsSubstring, "not supported",
@@ -73,7 +78,7 @@ TEST_F(AesSivKeyManagerTest, testKeyDataErrors) {
KeyData key_data;
key_data.set_type_url(aes_siv_key_type_);
key_data.set_value("some bad serialized proto");
- auto result = key_manager.GetPrimitive(key_data);
+ auto result = key_manager->GetPrimitive(key_data);
EXPECT_FALSE(result.ok());
EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
EXPECT_PRED_FORMAT2(testing::IsSubstring, "not parse",
@@ -86,7 +91,7 @@ TEST_F(AesSivKeyManagerTest, testKeyDataErrors) {
key.set_version(1);
key_data.set_type_url(aes_siv_key_type_);
key_data.set_value(key.SerializeAsString());
- auto result = key_manager.GetPrimitive(key_data);
+ auto result = key_manager->GetPrimitive(key_data);
EXPECT_FALSE(result.ok());
EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
EXPECT_PRED_FORMAT2(testing::IsSubstring, "version",
@@ -101,7 +106,7 @@ TEST_F(AesSivKeyManagerTest, testKeyDataErrors) {
KeyData key_data;
key_data.set_type_url(aes_siv_key_type_);
key_data.set_value(key.SerializeAsString());
- auto result = key_manager.GetPrimitive(key_data);
+ auto result = key_manager->GetPrimitive(key_data);
if (len == 64) {
EXPECT_TRUE(result.ok()) << result.status();
} else {
@@ -119,11 +124,13 @@ TEST_F(AesSivKeyManagerTest, testKeyDataErrors) {
}
TEST_F(AesSivKeyManagerTest, testKeyMessageErrors) {
- AesSivKeyManager key_manager;
+ AesSivKeyManager key_type_manager;
+ auto key_manager =
+ internal::MakeKeyManager<DeterministicAead>(&key_type_manager);
{ // Bad protobuffer.
AesEaxKey key;
- auto result = key_manager.GetPrimitive(key);
+ auto result = key_manager->GetPrimitive(key);
EXPECT_FALSE(result.ok());
EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
EXPECT_PRED_FORMAT2(testing::IsSubstring, "AesEaxKey",
@@ -137,7 +144,7 @@ TEST_F(AesSivKeyManagerTest, testKeyMessageErrors) {
AesSivKey key;
key.set_version(0);
key.set_key_value(std::string(len, 'a'));
- auto result = key_manager.GetPrimitive(key);
+ auto result = key_manager->GetPrimitive(key);
if (len == 64) {
EXPECT_TRUE(result.ok()) << result.status();
} else {
@@ -157,7 +164,9 @@ TEST_F(AesSivKeyManagerTest, testKeyMessageErrors) {
TEST_F(AesSivKeyManagerTest, testPrimitives) {
std::string plaintext = "some plaintext";
std::string aad = "some aad";
- AesSivKeyManager key_manager;
+ AesSivKeyManager key_type_manager;
+ auto key_manager =
+ internal::MakeKeyManager<DeterministicAead>(&key_type_manager);
AesSivKey key;
key.set_version(0);
@@ -165,7 +174,7 @@ TEST_F(AesSivKeyManagerTest, testPrimitives) {
"64 bytes of key 0123456789abcdef0123456789abcdef0123456789abcdef");
{ // Using key message only.
- auto result = key_manager.GetPrimitive(key);
+ auto result = key_manager->GetPrimitive(key);
EXPECT_TRUE(result.ok()) << result.status();
auto aes_siv = std::move(result.ValueOrDie());
auto encrypt_result = aes_siv->EncryptDeterministically(plaintext, aad);
@@ -180,7 +189,7 @@ TEST_F(AesSivKeyManagerTest, testPrimitives) {
KeyData key_data;
key_data.set_type_url(aes_siv_key_type_);
key_data.set_value(key.SerializeAsString());
- auto result = key_manager.GetPrimitive(key_data);
+ auto result = key_manager->GetPrimitive(key_data);
EXPECT_TRUE(result.ok()) << result.status();
auto aes_siv = std::move(result.ValueOrDie());
auto encrypt_result = aes_siv->EncryptDeterministically(plaintext, aad);
@@ -193,8 +202,10 @@ TEST_F(AesSivKeyManagerTest, testPrimitives) {
}
TEST_F(AesSivKeyManagerTest, testNewKeyErrors) {
- AesSivKeyManager key_manager;
- const KeyFactory& key_factory = key_manager.get_key_factory();
+ AesSivKeyManager key_type_manager;
+ auto key_manager =
+ internal::MakeKeyManager<DeterministicAead>(&key_type_manager);
+ const KeyFactory& key_factory = key_manager->get_key_factory();
{ // Bad key format.
AesEaxKeyFormat key_format;
@@ -221,14 +232,16 @@ TEST_F(AesSivKeyManagerTest, testNewKeyErrors) {
auto result = key_factory.NewKey(key_format);
EXPECT_FALSE(result.ok());
EXPECT_EQ(util::error::INVALID_ARGUMENT, result.status().error_code());
- EXPECT_PRED_FORMAT2(testing::IsSubstring, "key_size",
+ EXPECT_PRED_FORMAT2(testing::IsSubstring, "key size",
result.status().error_message());
}
}
TEST_F(AesSivKeyManagerTest, testNewKeyBasic) {
- AesSivKeyManager key_manager;
- const KeyFactory& key_factory = key_manager.get_key_factory();
+ AesSivKeyManager key_type_manager;
+ auto key_manager =
+ internal::MakeKeyManager<DeterministicAead>(&key_type_manager);
+ const KeyFactory& key_factory = key_manager->get_key_factory();
AesSivKeyFormat key_format;
key_format.set_key_size(64);
diff --git a/cc/daead/deterministic_aead_config.cc b/cc/daead/deterministic_aead_config.cc
index 05f1ff67e..4a4232b3e 100644
--- a/cc/daead/deterministic_aead_config.cc
+++ b/cc/daead/deterministic_aead_config.cc
@@ -38,7 +38,7 @@ const RegistryConfig& DeterministicAeadConfig::Latest() {
// static
util::Status DeterministicAeadConfig::Register() {
// Register key manager.
- auto status = Registry::RegisterKeyManager(
+ auto status = Registry::RegisterKeyTypeManager(
absl::make_unique<AesSivKeyManager>(), true);
if (!status.ok()) return status;
diff --git a/cc/daead/deterministic_aead_factory_test.cc b/cc/daead/deterministic_aead_factory_test.cc
index 56213a405..90363c47b 100644
--- a/cc/daead/deterministic_aead_factory_test.cc
+++ b/cc/daead/deterministic_aead_factory_test.cc
@@ -16,6 +16,7 @@
#include "tink/daead/deterministic_aead_factory.h"
#include "gtest/gtest.h"
+#include "tink/core/key_manager_impl.h"
#include "tink/crypto_format.h"
#include "tink/daead/aes_siv_key_manager.h"
#include "tink/daead/deterministic_aead_config.h"
@@ -25,7 +26,6 @@
#include "tink/util/status.h"
#include "tink/util/test_util.h"
#include "proto/aes_siv.pb.h"
-#include "proto/tink.pb.h"
using crypto::tink::TestKeysetHandle;
using crypto::tink::test::AddRawKey;
@@ -54,9 +54,11 @@ TEST_F(DeterministicAeadFactoryTest, testBasic) {
TEST_F(DeterministicAeadFactoryTest, testPrimitive) {
// Prepare a template for generating keys for a Keyset.
- AesSivKeyManager key_manager;
- const KeyFactory& key_factory = key_manager.get_key_factory();
- std::string key_type = key_manager.get_key_type();
+ AesSivKeyManager key_type_manager;
+ auto key_manager =
+ internal::MakeKeyManager<DeterministicAead>(&key_type_manager);
+ const KeyFactory& key_factory = key_manager->get_key_factory();
+ std::string key_type = key_manager->get_key_type();
AesSivKeyFormat key_format;
key_format.set_key_size(64);
@@ -114,7 +116,7 @@ TEST_F(DeterministicAeadFactoryTest, testPrimitive) {
// Create raw ciphertext with 2nd key, and decrypt
// with DeterministicAead-instance.
auto raw_daead = std::move(
- key_manager.GetPrimitive(keyset.key(1).key_data()).ValueOrDie());
+ key_manager->GetPrimitive(keyset.key(1).key_data()).ValueOrDie());
std::string raw_ciphertext =
raw_daead->EncryptDeterministically(plaintext, aad).ValueOrDie();
decrypt_result = daead->DecryptDeterministically(ciphertext, aad);
diff --git a/cc/daead/deterministic_aead_key_templates_test.cc b/cc/daead/deterministic_aead_key_templates_test.cc
index 6de09816e..3d87baf69 100644
--- a/cc/daead/deterministic_aead_key_templates_test.cc
+++ b/cc/daead/deterministic_aead_key_templates_test.cc
@@ -17,6 +17,7 @@
#include "tink/daead/deterministic_aead_key_templates.h"
#include "gtest/gtest.h"
+#include "tink/core/key_manager_impl.h"
#include "tink/daead/aes_siv_key_manager.h"
#include "proto/aes_siv.pb.h"
#include "proto/common.pb.h"
@@ -49,10 +50,12 @@ TEST(DeterministicAeadKeyTemplatesTest, testAesSivKeyTemplates) {
EXPECT_EQ(&key_template, &key_template_2);
// Check that the template works with the key manager.
- AesSivKeyManager key_manager;
- EXPECT_EQ(key_manager.get_key_type(), key_template.type_url());
+ AesSivKeyManager key_type_manager;
+ auto key_manager =
+ internal::MakeKeyManager<DeterministicAead>(&key_type_manager);
+ EXPECT_EQ(key_manager->get_key_type(), key_template.type_url());
auto new_key_result =
- key_manager.get_key_factory().NewKey(key_template.value());
+ key_manager->get_key_factory().NewKey(key_template.value());
EXPECT_TRUE(new_key_result.ok()) << new_key_result.status();
}
}
diff --git a/objc/Tests/UnitTests/daead/TINKDeterministicAeadFactoryTest.mm b/objc/Tests/UnitTests/daead/TINKDeterministicAeadFactoryTest.mm
index 377f36e6d..3c9b21b85 100644
--- a/objc/Tests/UnitTests/daead/TINKDeterministicAeadFactoryTest.mm
+++ b/objc/Tests/UnitTests/daead/TINKDeterministicAeadFactoryTest.mm
@@ -43,6 +43,7 @@ using crypto::tink::KeyFactory;
using crypto::tink::TestKeysetHandle;
using crypto::tink::test::AddRawKey;
using crypto::tink::test::AddTinkKey;
+using google::crypto::tink::AesSivKey;
using google::crypto::tink::AesSivKeyFormat;
using google::crypto::tink::KeyData;
using google::crypto::tink::Keyset;
@@ -69,10 +70,7 @@ using google::crypto::tink::KeyStatusType;
}
- (void)testPrimitive {
- // Prepare a template for generating keys for a Keyset.
- AesSivKeyManager key_manager;
- const KeyFactory &key_factory = key_manager.get_key_factory();
- std::string key_type = key_manager.get_key_type();
+ std::string key_type = AesSivKeyManager().get_key_type();
AesSivKeyFormat key_format;
key_format.set_key_size(64);
@@ -80,16 +78,16 @@ using google::crypto::tink::KeyStatusType;
// Prepare a Keyset.
Keyset keyset;
uint32_t key_id_1 = 1234543;
- auto new_key = std::move(key_factory.NewKey(key_format).ValueOrDie());
- AddTinkKey(key_type, key_id_1, *new_key, KeyStatusType::ENABLED, KeyData::SYMMETRIC, &keyset);
+ auto new_key = AesSivKeyManager().CreateKey(key_format).ValueOrDie();
+ AddTinkKey(key_type, key_id_1, new_key, KeyStatusType::ENABLED, KeyData::SYMMETRIC, &keyset);
uint32_t key_id_2 = 726329;
- new_key = std::move(key_factory.NewKey(key_format).ValueOrDie());
- AddRawKey(key_type, key_id_2, *new_key, KeyStatusType::ENABLED, KeyData::SYMMETRIC, &keyset);
+ new_key = AesSivKeyManager().CreateKey(key_format).ValueOrDie();
+ AddRawKey(key_type, key_id_2, new_key, KeyStatusType::ENABLED, KeyData::SYMMETRIC, &keyset);
uint32_t key_id_3 = 7213743;
- new_key = std::move(key_factory.NewKey(key_format).ValueOrDie());
- AddTinkKey(key_type, key_id_3, *new_key, KeyStatusType::ENABLED, KeyData::SYMMETRIC, &keyset);
+ new_key = AesSivKeyManager().CreateKey(key_format).ValueOrDie();
+ AddTinkKey(key_type, key_id_3, new_key, KeyStatusType::ENABLED, KeyData::SYMMETRIC, &keyset);
keyset.set_primary_key_id(key_id_3);
@@ -124,7 +122,10 @@ using google::crypto::tink::KeyStatusType;
XCTAssertTrue([plaintext isEqual:decrypted]);
// Create raw ciphertext with 2nd key, and decrypt with Aead-instance.
- auto raw_aead = std::move(key_manager.GetPrimitive(keyset.key(1).key_data()).ValueOrDie());
+ AesSivKey raw_key;
+ XCTAssertTrue(raw_key.ParseFromString(keyset.key(1).key_data().value()));
+ auto raw_aead = std::move(AesSivKeyManager()
+ .GetPrimitive<crypto::tink::DeterministicAead>(raw_key).ValueOrDie());
std::string raw_ciphertext = raw_aead
->EncryptDeterministically(absl::string_view("some_plaintext"),
absl::string_view("some_aad"))
diff --git a/python/daead/deterministic_aead_key_manager_test.py b/python/daead/deterministic_aead_key_manager_test.py
index 94bf467ce..bf5a336e8 100644
--- a/python/daead/deterministic_aead_key_manager_test.py
+++ b/python/daead/deterministic_aead_key_manager_test.py
@@ -61,7 +61,7 @@ class DeterministicAeadKeyManagerTest(absltest.TestCase):
key_template = deterministic_aead_key_templates.create_aes_siv_key_template(
63)
with self.assertRaisesRegex(tink_error.TinkError,
- 'Invalid AesSivKeyFormat'):
+ 'Invalid key size'):
self.key_manager.new_key_data(key_template)
def test_encrypt_decrypt(self):
--
GitLab