From eb6673aff24a09947450d8922702f5f43fa9aaa2 Mon Sep 17 00:00:00 2001
From: Thai Duong <thaidn@google.com>
Date: Mon, 7 May 2018 16:08:55 -0700
Subject: [PATCH] ObjC: removing unnecessary protobuf dependencies.
While I'm here, refactoring hybrid factory tests.
PiperOrigin-RevId: 195738591
GitOrigin-RevId: d5719f8a243cc65213571019ff701d1a754022ea
---
objc/BUILD.bazel | 27 +--
.../Tests/UnitTests/core/TINKAllConfigTest.mm | 119 +++++------
.../hybrid/TINKHybridDecryptFactoryTest.mm | 192 +++++++++---------
.../hybrid/TINKHybridEncryptFactoryTest.mm | 6 +-
objc/hybrid/BUILD.bazel | 46 -----
.../TINKEciesAeadHkdfPrivateKeyManager.h | 73 -------
.../TINKEciesAeadHkdfPrivateKeyManager.mm | 190 -----------------
.../TINKEciesAeadHkdfPublicKeyManager.h | 73 -------
.../TINKEciesAeadHkdfPublicKeyManager.mm | 188 -----------------
objc/hybrid/TINKHybridDecryptKeyManager.h | 28 ---
objc/hybrid/TINKHybridDecryptKeyManager.mm | 24 ---
.../TINKHybridDecryptKeyManager_Internal.h | 29 ---
objc/hybrid/TINKHybridEncryptKeyManager.h | 28 ---
objc/hybrid/TINKHybridEncryptKeyManager.mm | 24 ---
.../TINKHybridEncryptKeyManager_Internal.h | 29 ---
objc/util/TINKTestHelpers.h | 12 ++
objc/util/TINKTestHelpers.mm | 42 +++-
17 files changed, 206 insertions(+), 924 deletions(-)
delete mode 100644 objc/hybrid/TINKEciesAeadHkdfPrivateKeyManager.h
delete mode 100644 objc/hybrid/TINKEciesAeadHkdfPrivateKeyManager.mm
delete mode 100644 objc/hybrid/TINKEciesAeadHkdfPublicKeyManager.h
delete mode 100644 objc/hybrid/TINKEciesAeadHkdfPublicKeyManager.mm
delete mode 100644 objc/hybrid/TINKHybridDecryptKeyManager.h
delete mode 100644 objc/hybrid/TINKHybridDecryptKeyManager.mm
delete mode 100644 objc/hybrid/TINKHybridDecryptKeyManager_Internal.h
delete mode 100644 objc/hybrid/TINKHybridEncryptKeyManager.h
delete mode 100644 objc/hybrid/TINKHybridEncryptKeyManager.mm
delete mode 100644 objc/hybrid/TINKHybridEncryptKeyManager_Internal.h
diff --git a/objc/BUILD.bazel b/objc/BUILD.bazel
index dc8431467..800ff579b 100644
--- a/objc/BUILD.bazel
+++ b/objc/BUILD.bazel
@@ -76,6 +76,16 @@ objc_library(
# private libraries
+# C++ protocol buffers.
+# We need to convert them to cc_library so we can add them as a dependency of objc_library targets.
+
+cc_library(
+ name = "config_pb",
+ deps = [
+ "//proto:config_cc_proto",
+ ],
+)
+
objc_library(
name = "aead",
hdrs = ["TINKAead.h"],
@@ -88,7 +98,6 @@ objc_library(
"TINKAllConfig.h",
],
deps = [
- ":config_pb",
":registry_config",
":version",
"//cc/config:tink_config",
@@ -225,20 +234,6 @@ objc_library(
# C++ protocol buffers.
# We need to convert them to cc_library so we can add them as a dependency of objc_library targets.
-cc_library(
- name = "aes_gcm_pb",
- deps = [
- "//proto:aes_gcm_cc_proto",
- ],
-)
-
-cc_library(
- name = "config_pb",
- deps = [
- "//proto:config_cc_proto",
- ],
-)
-
cc_library(
name = "tink_pb",
deps = [
@@ -275,11 +270,9 @@ objc_library(
"//cc:keyset_handle",
"//cc/aead:aead_config",
"//cc/aead:aead_factory",
- "//cc/aead:aes_gcm_key_manager",
"//cc/util:status",
"//cc/util:test_util",
"//objc/aead:aead_internal",
- "//objc/hybrid:ecies_aead_hkdf_public_key_manager",
"//objc/util:test_helpers",
"//proto:all_objc_proto",
],
diff --git a/objc/Tests/UnitTests/core/TINKAllConfigTest.mm b/objc/Tests/UnitTests/core/TINKAllConfigTest.mm
index 3795402ea..8e92a7522 100644
--- a/objc/Tests/UnitTests/core/TINKAllConfigTest.mm
+++ b/objc/Tests/UnitTests/core/TINKAllConfigTest.mm
@@ -27,79 +27,72 @@
#import "objc/TINKVersion.h"
#import "objc/core/TINKRegistryConfig_Internal.h"
#import "objc/util/TINKStrings.h"
-#import "proto/Config.pbobjc.h"
@interface TINKAllConfigTest : XCTestCase
@end
@implementation TINKAllConfigTest
-- (void)testConfigContents {
- NSString *publicKeySignKeyType = @"type.googleapis.com/google.crypto.tink.EcdsaPrivateKey";
- NSString *publicKeyVerifyKeyType = @"type.googleapis.com/google.crypto.tink.EcdsaPublicKey";
- NSString *hybridEncryptKeyType = @"type.googleapis.com/google.crypto.tink.EciesAeadHkdfPublicKey";
- NSString *hybridDecryptKeyType =
- @"type.googleapis.com/google.crypto.tink.EciesAeadHkdfPrivateKey";
- NSString *aesCtrHmacAeadKeyType = @"type.googleapis.com/google.crypto.tink.AesCtrHmacAeadKey";
- NSString *aesGcmKeyType = @"type.googleapis.com/google.crypto.tink.AesGcmKey";
- NSString *hmacKeyType = @"type.googleapis.com/google.crypto.tink.HmacKey";
-
+- (void)test110Config {
NSError *error = nil;
TINKAllConfig *allConfig = [[TINKAllConfig alloc] initWithVersion:TINKVersion1_1_0 error:&error];
XCTAssertNotNil(allConfig);
XCTAssertNil(error);
-
- google::crypto::tink::RegistryConfig ccConfig = allConfig.ccConfig;
- std::string serializedConfig;
- XCTAssertTrue(ccConfig.SerializeToString(&serializedConfig));
-
- NSError *parseError = nil;
- TINKPBRegistryConfig *config =
- [TINKPBRegistryConfig parseFromData:TINKStringToNSData(serializedConfig) error:&parseError];
- XCTAssertNil(parseError);
- XCTAssertNotNil(config);
-
- XCTAssertTrue([config.entryArray[0].catalogueName isEqualToString:@"TinkMac"]);
- XCTAssertTrue([config.entryArray[0].primitiveName isEqualToString:@"Mac"]);
- XCTAssertTrue([config.entryArray[0].typeURL isEqualToString:hmacKeyType]);
- XCTAssertTrue(config.entryArray[0].newKeyAllowed);
- XCTAssertEqual(config.entryArray[0].keyManagerVersion, 0);
-
- XCTAssertTrue([config.entryArray[1].catalogueName isEqualToString:@"TinkAead"]);
- XCTAssertTrue([config.entryArray[1].primitiveName isEqualToString:@"Aead"]);
- XCTAssertTrue([config.entryArray[1].typeURL isEqualToString:aesCtrHmacAeadKeyType]);
- XCTAssertTrue(config.entryArray[1].newKeyAllowed);
- XCTAssertEqual(config.entryArray[1].keyManagerVersion, 0);
-
- XCTAssertTrue([config.entryArray[2].catalogueName isEqualToString:@"TinkAead"]);
- XCTAssertTrue([config.entryArray[2].primitiveName isEqualToString:@"Aead"]);
- XCTAssertTrue([config.entryArray[2].typeURL isEqualToString:aesGcmKeyType]);
- XCTAssertTrue(config.entryArray[2].newKeyAllowed);
- XCTAssertEqual(config.entryArray[2].keyManagerVersion, 0);
-
- XCTAssertTrue([config.entryArray[3].catalogueName isEqualToString:@"TinkHybridDecrypt"]);
- XCTAssertTrue([config.entryArray[3].primitiveName isEqualToString:@"HybridDecrypt"]);
- XCTAssertTrue([config.entryArray[3].typeURL isEqualToString:hybridDecryptKeyType]);
- XCTAssertTrue(config.entryArray[3].newKeyAllowed);
- XCTAssertEqual(config.entryArray[3].keyManagerVersion, 0);
-
- XCTAssertTrue([config.entryArray[4].catalogueName isEqualToString:@"TinkHybridEncrypt"]);
- XCTAssertTrue([config.entryArray[4].primitiveName isEqualToString:@"HybridEncrypt"]);
- XCTAssertTrue([config.entryArray[4].typeURL isEqualToString:hybridEncryptKeyType]);
- XCTAssertTrue(config.entryArray[4].newKeyAllowed);
- XCTAssertEqual(config.entryArray[4].keyManagerVersion, 0);
-
- XCTAssertTrue([config.entryArray[5].catalogueName isEqualToString:@"TinkPublicKeySign"]);
- XCTAssertTrue([config.entryArray[5].primitiveName isEqualToString:@"PublicKeySign"]);
- XCTAssertTrue([config.entryArray[5].typeURL isEqualToString:publicKeySignKeyType]);
- XCTAssertTrue(config.entryArray[5].newKeyAllowed);
- XCTAssertEqual(config.entryArray[5].keyManagerVersion, 0);
-
- XCTAssertTrue([config.entryArray[6].catalogueName isEqualToString:@"TinkPublicKeyVerify"]);
- XCTAssertTrue([config.entryArray[6].primitiveName isEqualToString:@"PublicKeyVerify"]);
- XCTAssertTrue([config.entryArray[6].typeURL isEqualToString:publicKeyVerifyKeyType]);
- XCTAssertTrue(config.entryArray[6].newKeyAllowed);
- XCTAssertEqual(config.entryArray[6].keyManagerVersion, 0);
+ google::crypto::tink::RegistryConfig config = allConfig.ccConfig;
+
+ XCTAssertTrue(config.entry_size() == 7);
+
+ std::string hmac_key_type = "type.googleapis.com/google.crypto.tink.HmacKey";
+ XCTAssertTrue("TinkMac" == config.entry(0).catalogue_name());
+ XCTAssertTrue("Mac" == config.entry(0).primitive_name());
+ XCTAssertTrue(hmac_key_type == config.entry(0).type_url());
+ XCTAssertTrue(config.entry(0).new_key_allowed());
+ XCTAssertTrue(0 == config.entry(0).key_manager_version());
+
+ std::string aes_ctr_hmac_aead_key_type =
+ "type.googleapis.com/google.crypto.tink.AesCtrHmacAeadKey";
+ XCTAssertTrue("TinkAead" == config.entry(1).catalogue_name());
+ XCTAssertTrue("Aead" == config.entry(1).primitive_name());
+ XCTAssertTrue(aes_ctr_hmac_aead_key_type == config.entry(1).type_url());
+ XCTAssertTrue(config.entry(1).new_key_allowed());
+ XCTAssertTrue(0 == config.entry(1).key_manager_version());
+
+ std::string aes_gcm_key_type = "type.googleapis.com/google.crypto.tink.AesGcmKey";
+ XCTAssertTrue("TinkAead" == config.entry(2).catalogue_name());
+ XCTAssertTrue("Aead" == config.entry(2).primitive_name());
+ XCTAssertTrue(aes_gcm_key_type == config.entry(2).type_url());
+ XCTAssertTrue(config.entry(2).new_key_allowed());
+ XCTAssertTrue(0 == config.entry(2).key_manager_version());
+
+ std::string ecies_hybrid_decrypt_key_type =
+ "type.googleapis.com/google.crypto.tink.EciesAeadHkdfPrivateKey";
+ XCTAssertTrue("TinkHybridDecrypt" == config.entry(3).catalogue_name());
+ XCTAssertTrue("HybridDecrypt" == config.entry(3).primitive_name());
+ XCTAssertTrue(ecies_hybrid_decrypt_key_type == config.entry(3).type_url());
+ XCTAssertTrue(config.entry(3).new_key_allowed());
+ XCTAssertTrue(0 == config.entry(3).key_manager_version());
+
+ std::string ecies_hybrid_encrypt_key_type =
+ "type.googleapis.com/google.crypto.tink.EciesAeadHkdfPublicKey";
+ XCTAssertTrue("TinkHybridEncrypt" == config.entry(4).catalogue_name());
+ XCTAssertTrue("HybridEncrypt" == config.entry(4).primitive_name());
+ XCTAssertTrue(ecies_hybrid_encrypt_key_type == config.entry(4).type_url());
+ XCTAssertTrue(config.entry(4).new_key_allowed());
+ XCTAssertTrue(0 == config.entry(4).key_manager_version());
+
+ std::string ecdsa_sign_key_type = "type.googleapis.com/google.crypto.tink.EcdsaPrivateKey";
+ XCTAssertTrue("TinkPublicKeySign" == config.entry(5).catalogue_name());
+ XCTAssertTrue("PublicKeySign" == config.entry(5).primitive_name());
+ XCTAssertTrue(ecdsa_sign_key_type == config.entry(5).type_url());
+ XCTAssertTrue(config.entry(5).new_key_allowed());
+ XCTAssertTrue(0 == config.entry(5).key_manager_version());
+
+ std::string ecdsa_verify_key_type = "type.googleapis.com/google.crypto.tink.EcdsaPublicKey";
+ XCTAssertTrue("TinkPublicKeyVerify" == config.entry(6).catalogue_name());
+ XCTAssertTrue("PublicKeyVerify" == config.entry(6).primitive_name());
+ XCTAssertTrue(ecdsa_verify_key_type == config.entry(6).type_url());
+ XCTAssertTrue(config.entry(6).new_key_allowed());
+ XCTAssertTrue(0 == config.entry(6).key_manager_version());
}
- (void)testConfigRegistration {
diff --git a/objc/Tests/UnitTests/hybrid/TINKHybridDecryptFactoryTest.mm b/objc/Tests/UnitTests/hybrid/TINKHybridDecryptFactoryTest.mm
index 9057ef947..1007f2512 100644
--- a/objc/Tests/UnitTests/hybrid/TINKHybridDecryptFactoryTest.mm
+++ b/objc/Tests/UnitTests/hybrid/TINKHybridDecryptFactoryTest.mm
@@ -30,9 +30,9 @@
#import "objc/TINKHybridEncrypt.h"
#import "objc/TINKKeysetHandle.h"
#import "objc/core/TINKKeysetHandle_Internal.h"
-#import "objc/hybrid/TINKEciesAeadHkdfPublicKeyManager.h"
#import "objc/hybrid/TINKHybridConfig.h"
#import "objc/hybrid/TINKHybridDecryptFactory.h"
+#import "objc/hybrid/TINKHybridEncryptFactory.h"
#import "objc/util/TINKStrings.h"
#import "objc/util/TINKTestHelpers.h"
@@ -44,63 +44,60 @@ static TINKPBEciesAeadHkdfPrivateKey *getNewEciesPrivateKey() {
TINKPBEcPointFormat_Uncompressed, TINKPBHashType_Sha256, 24);
}
-static TINKPBKeyset *createTestKeyset(TINKPBEciesAeadHkdfPrivateKey *eciesKey1,
- TINKPBEciesAeadHkdfPrivateKey *eciesKey2,
- TINKPBEciesAeadHkdfPrivateKey *eciesKey3) {
- NSString *const keyType = @"type.googleapis.com/google.crypto.tink.EciesAeadHkdfPrivateKey";
- TINKPBKeyset *keyset = [[TINKPBKeyset alloc] init];
+@implementation TINKHybridDecryptFactoryTest
- uint32_t keyID1 = 1234543;
- TINKAddTinkKey(keyType, keyID1, eciesKey1, TINKPBKeyStatusType_Enabled,
- TINKPBKeyData_KeyMaterialType_AsymmetricPrivate, keyset);
+- (void)testEncryptWith:(TINKPBKeyset *)publicKeyset andDecryptWith:(TINKPBKeyset *)privateKeyset {
+ NSError *error = nil;
+ std::string serializedKeyset = TINKPBSerializeToString(privateKeyset, &error);
+ XCTAssertNil(error);
+ google::crypto::tink::Keyset ccPrivateKeyset;
+ XCTAssertTrue(ccPrivateKeyset.ParseFromString(serializedKeyset));
+ TINKKeysetHandle *privateKeysetHandle = [[TINKKeysetHandle alloc]
+ initWithCCKeysetHandle:crypto::tink::test::GetKeysetHandle(ccPrivateKeyset)];
- uint32_t keyID2 = 726329;
- TINKAddRawKey(keyType, keyID2, eciesKey2, TINKPBKeyStatusType_Enabled,
- TINKPBKeyData_KeyMaterialType_AsymmetricPrivate, keyset);
+ error = nil;
+ serializedKeyset = TINKPBSerializeToString(publicKeyset, &error);
+ XCTAssertNil(error);
+ google::crypto::tink::Keyset ccPublicKeyset;
+ XCTAssertTrue(ccPublicKeyset.ParseFromString(serializedKeyset));
+ TINKKeysetHandle *publicKeysetHandle = [[TINKKeysetHandle alloc]
+ initWithCCKeysetHandle:crypto::tink::test::GetKeysetHandle(ccPublicKeyset)];
- uint32_t keyID3 = 7213743;
- TINKAddTinkKey(keyType, keyID3, eciesKey3, TINKPBKeyStatusType_Enabled,
- TINKPBKeyData_KeyMaterialType_AsymmetricPrivate, keyset);
+ // Get a HybridDecrypt primitive.
+ error = nil;
+ id<TINKHybridDecrypt> hybridDecrypt =
+ [TINKHybridDecryptFactory primitiveWithKeysetHandle:privateKeysetHandle error:&error];
+ XCTAssertNotNil(hybridDecrypt);
+ XCTAssertNil(error);
- keyset.primaryKeyId = keyID3;
- return keyset;
-}
+ // Get a HybridEncrypt primitive.
+ error = nil;
+ id<TINKHybridEncrypt> primitive =
+ [TINKHybridEncryptFactory primitiveWithKeysetHandle:publicKeysetHandle error:&error];
+ XCTAssertNotNil(primitive);
+ XCTAssertNil(error);
-static id<TINKHybridEncrypt> getEncryptPrimitive(TINKPBEciesAeadHkdfPrivateKey *eciesKey) {
- TINKEciesAeadHkdfPublicKeyManager *eciesKeyManager =
- [[TINKEciesAeadHkdfPublicKeyManager alloc] init];
+ NSData *const plaintext = [@"some plaintext" dataUsingEncoding:NSUTF8StringEncoding];
+ NSData *const context = [@"some context info" dataUsingEncoding:NSUTF8StringEncoding];
- id<TINKHybridEncrypt> primitive =
- [eciesKeyManager primitiveFromKey:[eciesKey publicKey] error:nil];
- return primitive;
-}
+ // Encrypt.
+ error = nil;
+ NSData *ciphertext = [primitive encrypt:plaintext withContextInfo:context error:&error];
+ XCTAssertNil(error);
+ XCTAssertNotNil(ciphertext);
-static NSData *encrypt(id<TINKHybridEncrypt> hybridEncrypt,
- TINKKeysetHandle *keysetHandle,
- uint32_t keyIndex,
- NSData *plaintext,
- NSData *context) {
- // Ciphertext is the result of concatenating outputPrefix with the encrypted data.
- NSMutableData *ciphertext = [NSMutableData data];
-
- // Get the key prefix using the C++ CryptoFormat API.
- // TODO(candrian): Update this to use the Obj-C API when it is implemented.
- std::string output_prefix =
- crypto::tink::CryptoFormat::get_output_prefix(keysetHandle.ccKeysetHandle->get_keyset().key(keyIndex))
- .ValueOrDie();
- NSData *outputPrefix = TINKStringToNSData(output_prefix);
- [ciphertext appendData:outputPrefix];
-
- NSData *result = [hybridEncrypt encrypt:plaintext withContextInfo:context error:nil];
- [ciphertext appendData:result];
- return ciphertext;
+ // Decrypt.
+ error = nil;
+ NSData *result = [hybridDecrypt decrypt:ciphertext withContextInfo:context error:&error];
+ XCTAssertNil(error);
+ XCTAssertNotNil(result);
+ XCTAssertTrue([result isEqualToData:plaintext]);
}
-@implementation TINKHybridDecryptFactoryTest
-
- (void)testPrimitiveWithEmptyKeyset {
google::crypto::tink::Keyset keyset;
- TINKKeysetHandle *keysetHandle = [[TINKKeysetHandle alloc] initWithCCKeysetHandle:crypto::tink::test::GetKeysetHandle(keyset)];
+ TINKKeysetHandle *keysetHandle =
+ [[TINKKeysetHandle alloc] initWithCCKeysetHandle:crypto::tink::test::GetKeysetHandle(keyset)];
XCTAssertNotNil(keysetHandle);
NSError *error = nil;
@@ -125,62 +122,59 @@ static NSData *encrypt(id<TINKHybridEncrypt> hybridEncrypt,
XCTAssertTrue([TINKConfig registerConfig:hybridConfig error:&error]);
XCTAssertNil(error);
- // Create a test Keyset with 3 keys.
+ uint32_t keyId1 = 1;
+ uint32_t keyId2 = 2;
+ uint32_t keyId3 = 3;
TINKPBEciesAeadHkdfPrivateKey *eciesKey1 = getNewEciesPrivateKey();
TINKPBEciesAeadHkdfPrivateKey *eciesKey2 = getNewEciesPrivateKey();
TINKPBEciesAeadHkdfPrivateKey *eciesKey3 = getNewEciesPrivateKey();
- TINKPBKeyset *keyset = createTestKeyset(eciesKey1, eciesKey2, eciesKey3);
- google::crypto::tink::Keyset ccKeyset;
- error = nil;
- std::string serializedKeyset = TINKPBSerializeToString(keyset, &error);
- XCTAssertNil(error);
- XCTAssertTrue(ccKeyset.ParseFromString(serializedKeyset));
- TINKKeysetHandle *keysetHandle = [[TINKKeysetHandle alloc] initWithCCKeysetHandle:crypto::tink::test::GetKeysetHandle(ccKeyset)];
- // Get a HybridDecrypt primitive using the test Keyset.
- error = nil;
- id<TINKHybridDecrypt> hybridDecrypt =
- [TINKHybridDecryptFactory primitiveWithKeysetHandle:keysetHandle error:&error];
- XCTAssertNotNil(hybridDecrypt);
- XCTAssertNil(error);
-
- NSData *const plaintext = [@"some plaintext" dataUsingEncoding:NSUTF8StringEncoding];
- NSData *const context = [@"some context info" dataUsingEncoding:NSUTF8StringEncoding];
-
- // Encrypt the plaintext using the two ECIES keys.
- id<TINKHybridEncrypt> hybridEncrypt1 = getEncryptPrimitive(eciesKey1);
- NSData *ciphertext1 = encrypt(hybridEncrypt1, keysetHandle, 0, plaintext, context);
-
- id<TINKHybridEncrypt> hybridEncrypt2 = getEncryptPrimitive(eciesKey2);
- NSData *ciphertext2 = encrypt(hybridEncrypt2, keysetHandle, 1, plaintext, context);
-
- // Decrypt ciphertext1.
- error = nil;
- NSData *result = [hybridDecrypt decrypt:ciphertext1 withContextInfo:context error:&error];
- XCTAssertNil(error);
- XCTAssertNotNil(result);
- XCTAssertTrue([result isEqualToData:plaintext]);
-
- // Decrypt ciphertext2.
- error = nil;
- result = [hybridDecrypt decrypt:ciphertext2 withContextInfo:context error:&error];
- XCTAssertNil(error);
- XCTAssertNotNil(result);
- XCTAssertTrue([result isEqualToData:plaintext]);
-
- // Decrypt ciphertext1 with bad context.
- error = nil;
- NSData *const badContext = [@"bad context" dataUsingEncoding:NSUTF8StringEncoding];
- result = [hybridDecrypt decrypt:ciphertext1 withContextInfo:badContext error:&error];
- XCTAssertNil(result);
- XCTAssertNotNil(error);
- XCTAssertEqual(error.code, crypto::tink::util::error::INVALID_ARGUMENT);
-
- NSDictionary *userInfo = [error userInfo];
- XCTAssertNotNil(userInfo);
-
- NSString *errorString = [userInfo objectForKey:NSLocalizedFailureReasonErrorKey];
- XCTAssertTrue([errorString containsString:@"decryption failed"]);
+ NSString *privateKeyType = @"type.googleapis.com/google.crypto.tink.EciesAeadHkdfPrivateKey";
+ TINKPBKeyset_Key *tinkPrivateKey =
+ TINKCreateKey(privateKeyType, keyId1, eciesKey1, TINKPBOutputPrefixType_Tink,
+ TINKPBKeyStatusType_Enabled, TINKPBKeyData_KeyMaterialType_AsymmetricPrivate);
+ TINKPBKeyset_Key *rawPrivateKey =
+ TINKCreateKey(privateKeyType, keyId2, eciesKey2, TINKPBOutputPrefixType_Raw,
+ TINKPBKeyStatusType_Enabled, TINKPBKeyData_KeyMaterialType_AsymmetricPrivate);
+ TINKPBKeyset_Key *legacyPrivateKey =
+ TINKCreateKey(privateKeyType, keyId3, eciesKey3, TINKPBOutputPrefixType_Legacy,
+ TINKPBKeyStatusType_Enabled, TINKPBKeyData_KeyMaterialType_AsymmetricPrivate);
+
+ NSString *publicKeyType = @"type.googleapis.com/google.crypto.tink.EciesAeadHkdfPublicKey";
+ TINKPBKeyset_Key *tinkPublicKey =
+ TINKCreateKey(publicKeyType, keyId1, eciesKey1.publicKey, TINKPBOutputPrefixType_Tink,
+ TINKPBKeyStatusType_Enabled, TINKPBKeyData_KeyMaterialType_AsymmetricPublic);
+ TINKPBKeyset_Key *rawPublicKey =
+ TINKCreateKey(publicKeyType, keyId2, eciesKey2.publicKey, TINKPBOutputPrefixType_Raw,
+ TINKPBKeyStatusType_Enabled, TINKPBKeyData_KeyMaterialType_AsymmetricPublic);
+ TINKPBKeyset_Key *legacyPublicKey =
+ TINKCreateKey(publicKeyType, keyId3, eciesKey3.publicKey, TINKPBOutputPrefixType_Legacy,
+ TINKPBKeyStatusType_Enabled, TINKPBKeyData_KeyMaterialType_AsymmetricPublic);
+
+ // Encrypt with tink and decrypt with tink.
+ TINKPBKeyset *privateKeyset = TINKCreateKeyset(tinkPrivateKey, rawPrivateKey, legacyPrivateKey);
+ TINKPBKeyset *publicKeyset = TINKCreateKeyset(tinkPublicKey, rawPublicKey, legacyPublicKey);
+ [self testEncryptWith:publicKeyset andDecryptWith:privateKeyset];
+
+ // Encrypt with raw and decrypt with raw.
+ privateKeyset = TINKCreateKeyset(rawPrivateKey, tinkPrivateKey, legacyPrivateKey);
+ publicKeyset = TINKCreateKeyset(rawPublicKey, tinkPublicKey, legacyPublicKey);
+ [self testEncryptWith:publicKeyset andDecryptWith:privateKeyset];
+
+ // Encrypt with legacy and decrypt with legacy
+ privateKeyset = TINKCreateKeyset(legacyPrivateKey, tinkPrivateKey, rawPrivateKey);
+ publicKeyset = TINKCreateKeyset(legacyPublicKey, tinkPublicKey, rawPublicKey);
+ [self testEncryptWith:publicKeyset andDecryptWith:privateKeyset];
+
+ // Encrypt with tink as primary, decrypt with raw as primary.
+ publicKeyset = TINKCreateKeyset(tinkPublicKey, legacyPublicKey, rawPublicKey);
+ privateKeyset = TINKCreateKeyset(rawPrivateKey, tinkPrivateKey, legacyPrivateKey);
+ [self testEncryptWith:publicKeyset andDecryptWith:privateKeyset];
+
+ // Encrypt with raw as primary, decrypt with tink as primary.
+ publicKeyset = TINKCreateKeyset(rawPublicKey, tinkPublicKey, legacyPublicKey);
+ privateKeyset = TINKCreateKeyset(tinkPrivateKey, rawPrivateKey, legacyPrivateKey);
+ [self testEncryptWith:publicKeyset andDecryptWith:privateKeyset];
}
@end
diff --git a/objc/Tests/UnitTests/hybrid/TINKHybridEncryptFactoryTest.mm b/objc/Tests/UnitTests/hybrid/TINKHybridEncryptFactoryTest.mm
index 69d8a28d9..44f17cdb5 100644
--- a/objc/Tests/UnitTests/hybrid/TINKHybridEncryptFactoryTest.mm
+++ b/objc/Tests/UnitTests/hybrid/TINKHybridEncryptFactoryTest.mm
@@ -49,7 +49,8 @@ static TINKPBEciesAeadHkdfPublicKey *getNewEciesPublicKey() {
- (void)testPrimitiveWithEmptyKeyset {
google::crypto::tink::Keyset keyset;
- TINKKeysetHandle *keysetHandle = [[TINKKeysetHandle alloc] initWithCCKeysetHandle:crypto::tink::test::GetKeysetHandle(keyset)];
+ TINKKeysetHandle *keysetHandle =
+ [[TINKKeysetHandle alloc] initWithCCKeysetHandle:crypto::tink::test::GetKeysetHandle(keyset)];
NSError *error = nil;
id<TINKHybridEncrypt> primitive =
@@ -100,7 +101,8 @@ static TINKPBEciesAeadHkdfPublicKey *getNewEciesPublicKey() {
XCTAssertTrue(ccKeyset.ParseFromString(serializedKeyset));
// Create a KeysetHandle and use it with the factory.
- TINKKeysetHandle *keysetHandle = [[TINKKeysetHandle alloc] initWithCCKeysetHandle:crypto::tink::test::GetKeysetHandle(ccKeyset)];
+ TINKKeysetHandle *keysetHandle = [[TINKKeysetHandle alloc]
+ initWithCCKeysetHandle:crypto::tink::test::GetKeysetHandle(ccKeyset)];
XCTAssertNotNil(keysetHandle);
// Get a HybridEncrypt primitive.
diff --git a/objc/hybrid/BUILD.bazel b/objc/hybrid/BUILD.bazel
index c907ded20..cd0e9890c 100644
--- a/objc/hybrid/BUILD.bazel
+++ b/objc/hybrid/BUILD.bazel
@@ -48,56 +48,10 @@ objc_library(
],
)
-objc_library(
- name = "hybrid_decrypt_key_manager",
- srcs = ["TINKHybridDecryptKeyManager.mm"],
- hdrs = [
- "TINKHybridDecryptKeyManager.h",
- "TINKHybridDecryptKeyManager_Internal.h",
- ],
- deps = [
- "//cc:hybrid_decrypt",
- "//cc:key_manager",
- ],
-)
-
-objc_library(
- name = "hybrid_encrypt_key_manager",
- srcs = ["TINKHybridEncryptKeyManager.mm"],
- hdrs = [
- "TINKHybridEncryptKeyManager.h",
- "TINKHybridEncryptKeyManager_Internal.h",
- ],
- deps = [
- "//cc:hybrid_encrypt",
- "//cc:key_manager",
- ],
-)
-
####################################
# Private/Internal #
####################################
-objc_library(
- name = "ecies_aead_hkdf_public_key_manager",
- srcs = ["TINKEciesAeadHkdfPublicKeyManager.mm"],
- hdrs = ["TINKEciesAeadHkdfPublicKeyManager.h"],
- deps = [
- ":hybrid_encrypt_internal",
- ":hybrid_encrypt_key_manager",
- "//cc:hybrid_encrypt",
- "//cc:key_manager",
- "//cc/hybrid:ecies_aead_hkdf_public_key_manager",
- "//cc/util:status",
- "//objc:key_manager",
- "//objc/util:errors",
- "//objc/util:strings",
- "//proto:all_objc_proto",
- "@com_google_absl//absl/strings",
- "@com_google_protobuf//:objectivec",
- ],
-)
-
objc_library(
name = "hybrid_decrypt_internal",
srcs = [
diff --git a/objc/hybrid/TINKEciesAeadHkdfPrivateKeyManager.h b/objc/hybrid/TINKEciesAeadHkdfPrivateKeyManager.h
deleted file mode 100644
index 520313962..000000000
--- a/objc/hybrid/TINKEciesAeadHkdfPrivateKeyManager.h
+++ /dev/null
@@ -1,73 +0,0 @@
-/**
- * Copyright 2017 Google Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- **************************************************************************
- */
-
-#import <Foundation/Foundation.h>
-
-#import "objc/TINKKeyManager.h"
-#import "objc/hybrid/TINKHybridDecryptKeyManager.h"
-
-@class TINKPBKeyData;
-@class TINKPBEciesAeadHkdfPrivateKey;
-@class TINKPBKeyTemplate;
-@protocol TINKHybridDecrypt;
-
-NS_ASSUME_NONNULL_BEGIN
-
-@interface TINKEciesAeadHkdfPrivateKeyManager : TINKHybridDecryptKeyManager <TINKKeyManager>
-
-/** The version of this key manager. */
-@property(nonatomic, readonly) NSUInteger version;
-
-/** The key type handled by this manager. */
-@property(nonatomic, readonly) NSString *keyType;
-
-/**
- * Constructs a ECIES-AEAD-HKDF primitive for the given @c keyData that conforms to the
- * HybridDecrypt protocol.
- *
- * @param keyData A TINKPBKeyData protocol buffer that must contain EciesAeadHkdfPrivateKey.
- * @return An instance that conforms to the HybridDecrypt protocol. In case of error, it returns nil
- * and sets the supplied @c error (if non-nil) with a descriptive error message.
- */
-- (nullable id<TINKHybridDecrypt>)primitiveFromKeyData:(TINKPBKeyData *)keyData
- error:(NSError **)error;
-
-/**
- * Constructs a ECIES-AEAD-HKDF primitive for the given @c key that conforms to the
- * HybridDecrypt protocol.
- *
- * @param key A TINKPBEciesAeadHkdfPrivateKey protocol buffer.
- * @return An instance that conforms to the HybridDecrypt protocol. In case of error, it returns nil
- * and sets the supplied @c error (if non-nil) with a descriptive error message.
- */
-- (nullable id<TINKHybridDecrypt>)primitiveFromKey:(TINKPBEciesAeadHkdfPrivateKey *)key
- error:(NSError **)error;
-
-/**
- * Generates a new random TINKPBEciesAeadHkdfPrivateKey, based on the specified @c keyTemplate which
- * must contain EciesAeadHkdfKeyFormat-proto.
- */
-- (nullable TINKPBEciesAeadHkdfPrivateKey *)newKeyFromTemplate:(TINKPBKeyTemplate *)keyTemplate
- error:(NSError **)error;
-
-/** True if the key manager supports the supplied @c keyType. */
-- (BOOL)shouldSupportKeyType:(NSString *)keyType;
-
-@end
-
-NS_ASSUME_NONNULL_END
diff --git a/objc/hybrid/TINKEciesAeadHkdfPrivateKeyManager.mm b/objc/hybrid/TINKEciesAeadHkdfPrivateKeyManager.mm
deleted file mode 100644
index c454d3166..000000000
--- a/objc/hybrid/TINKEciesAeadHkdfPrivateKeyManager.mm
+++ /dev/null
@@ -1,190 +0,0 @@
-/**
- * Copyright 2017 Google Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- **************************************************************************
- */
-
-#import "objc/hybrid/TINKEciesAeadHkdfPrivateKeyManager.h"
-
-#include "tink/hybrid/ecies_aead_hkdf_private_key_manager.h"
-#include "tink/hybrid_decrypt.h"
-#include "tink/key_manager.h"
-#include "tink/util/status.h"
-#include "proto/ecies_aead_hkdf.pb.h"
-#include "proto/tink.pb.h"
-
-#import "objc/hybrid/TINKHybridDecryptInternal.h"
-#import "objc/hybrid/TINKHybridDecryptKeyManager.h"
-#import "objc/hybrid/TINKHybridDecryptKeyManager_Internal.h"
-#import "objc/util/TINKErrors.h"
-#import "objc/util/TINKStrings.h"
-#import "proto/EciesAeadHkdf.pbobjc.h"
-#import "proto/Tink.pbobjc.h"
-
-@implementation TINKEciesAeadHkdfPrivateKeyManager
-
-- (instancetype)init {
- self = [super init];
- if (self) {
- self.ccKeyManager = new crypto::tink::EciesAeadHkdfPrivateKeyManager();
- self.isManagerOwnedByRegistry = NO;
- }
- return self;
-}
-
-- (void)dealloc {
- if (!self.isManagerOwnedByRegistry) {
- delete self.ccKeyManager;
- }
-}
-
-- (NSUInteger)version {
- return self.ccKeyManager->get_version();
-}
-
-- (NSString *)keyType {
- return TINKStringToNSString(self.ccKeyManager->get_key_type());
-}
-
-- (BOOL)shouldSupportKeyType:(NSString *)keyType {
- return [keyType isEqualToString:self.keyType];
-}
-
-- (id<TINKHybridDecrypt>)primitiveFromKeyData:(TINKPBKeyData *)keyData error:(NSError **)error {
- if (error) {
- *error = nil;
- }
-
- // Serialize the Obj-C protocol buffer.
- std::string serializedKeyData = TINKPBSerializeToString(keyData, error);
- if (serializedKeyData.empty()) {
- return nil;
- }
-
- // Deserialize it to a C++ protocol buffer.
- google::crypto::tink::KeyData ccKeyData;
- if (!ccKeyData.ParseFromString(serializedKeyData)) {
- if (error) {
- *error = TINKStatusToError(crypto::tink::util::Status(
- crypto::tink::util::error::INVALID_ARGUMENT, "Could not parse keyData."));
- }
- return nil;
- }
-
- // Use the C++ API to get a primitive from the C++ protcol buffer.
- auto st = self.ccKeyManager->GetPrimitive(ccKeyData);
- if (!st.ok()) {
- if (error) {
- *error = TINKStatusToError(st.status());
- }
- return nil;
- }
-
- // Wrap the C++ primitive into an Obj-C class and return it to the user.
- auto ccPrimitive = st.ValueOrDie().release();
- id<TINKHybridDecrypt> primitive =
- [[TINKHybridDecryptInternal alloc] initWithPrimitive:ccPrimitive];
- return primitive;
-}
-
-- (nullable id<TINKHybridDecrypt>)primitiveFromKey:(TINKPBEciesAeadHkdfPrivateKey *)key
- error:(NSError **)error {
- if (error) {
- *error = nil;
- }
-
- // Serialize the Obj-C protocol buffer.
- std::string serializedKey = TINKPBSerializeToString(key, error);
- if (serializedKey.empty()) {
- return nil;
- }
-
- // Deserialize it to a C++ protocol buffer.
- google::crypto::tink::EciesAeadHkdfPrivateKey ccKey;
- if (!ccKey.ParseFromString(serializedKey)) {
- if (error) {
- *error = TINKStatusToError(crypto::tink::util::Status(
- crypto::tink::util::error::INVALID_ARGUMENT, "Could not parse key."));
- }
- return nil;
- }
-
- // Use the C++ API to get a primitive.
- auto st = self.ccKeyManager->GetPrimitive(ccKey);
- if (!st.ok()) {
- if (error) {
- *error = TINKStatusToError(st.status());
- }
- return nil;
- }
-
- // Wrap the C++ primitive into an Obj-C class and return it to the user.
- auto ccPrimitive = st.ValueOrDie().release();
- id<TINKHybridDecrypt> primitive =
- [[TINKHybridDecryptInternal alloc] initWithPrimitive:ccPrimitive];
- return primitive;
-}
-
-- (nullable TINKPBEciesAeadHkdfPrivateKey *)newKeyFromTemplate:(TINKPBKeyTemplate *)keyTemplate
- error:(NSError **)error {
- if (error) {
- *error = nil;
- }
-
- // Serialize the Obj-C protocol buffer.
- std::string serializedKeyTemplate = TINKPBSerializeToString(keyTemplate, error);
- if (serializedKeyTemplate.empty()) {
- return nil;
- }
-
- // Deserialize it to a C++ protcol buffer.
- google::crypto::tink::KeyTemplate ccKeyTemplate;
- if (!ccKeyTemplate.ParseFromString(serializedKeyTemplate)) {
- if (error) {
- *error = TINKStatusToError(crypto::tink::util::Status(
- crypto::tink::util::error::INVALID_ARGUMENT, "Could not parse keyTemplate."));
- }
- return nil;
- }
-
- // Call the C++ API to get the key.
- auto st = self.ccKeyManager->get_key_factory().NewKey(ccKeyTemplate);
- if (!st.ok()) {
- if (error) {
- *error = TINKStatusToError(st.status());
- }
- return nil;
- }
-
- // Serialize C++ EciesAeadHkdfPrivateKey to std::string.
- auto ccEciesAeadHkdfPrivateKey = std::move(st.ValueOrDie());
- std::string serializedEciesAeadHkdfPrivateKey;
- if (!ccEciesAeadHkdfPrivateKey->SerializeToString(&serializedEciesAeadHkdfPrivateKey)) {
- if (error) {
- *error = TINKStatusToError(
- crypto::tink::util::Status(crypto::tink::util::error::INVALID_ARGUMENT,
- "Could not serialize EciesAeadHkdfPrivateKey."));
- }
- return nil;
- }
-
- // Deserialize to TINKPBEciesAeadHkdfPrivateKey and return to user.
- TINKPBEciesAeadHkdfPrivateKey *eciesAeadHkdfPrivateKey = [TINKPBEciesAeadHkdfPrivateKey
- parseFromData:TINKStringToNSData(serializedEciesAeadHkdfPrivateKey)
- error:error];
- return eciesAeadHkdfPrivateKey;
-}
-
-@end
diff --git a/objc/hybrid/TINKEciesAeadHkdfPublicKeyManager.h b/objc/hybrid/TINKEciesAeadHkdfPublicKeyManager.h
deleted file mode 100644
index b560c0d1c..000000000
--- a/objc/hybrid/TINKEciesAeadHkdfPublicKeyManager.h
+++ /dev/null
@@ -1,73 +0,0 @@
-/**
- * Copyright 2017 Google Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- **************************************************************************
- */
-
-#import <Foundation/Foundation.h>
-
-#import "objc/TINKKeyManager.h"
-#import "objc/hybrid/TINKHybridEncryptKeyManager.h"
-
-@class TINKPBKeyData;
-@class TINKPBEciesAeadHkdfPublicKey;
-@class TINKPBKeyTemplate;
-@protocol TINKHybridEncrypt;
-
-NS_ASSUME_NONNULL_BEGIN
-
-@interface TINKEciesAeadHkdfPublicKeyManager : TINKHybridEncryptKeyManager <TINKKeyManager>
-
-/** The version of this key manager. */
-@property(nonatomic, readonly) NSUInteger version;
-
-/** The key type handled by this manager. */
-@property(nonatomic, readonly) NSString *keyType;
-
-/**
- * Constructs a ECIES-AEAD-HKDF primitive for the given @c keyData that conforms to the
- * HybridEncrypt protocol.
- *
- * @param keyData A TINKPBKeyData protocol buffer that must contain EciesAeadHkdfPublicKey.
- * @return An instance that conforms to the HybridEncrypt protocol. In case of error, it returns nil
- * and sets the supplied @c error (if non-nil) with a descriptive error message.
- */
-- (nullable id<TINKHybridEncrypt>)primitiveFromKeyData:(TINKPBKeyData *)keyData
- error:(NSError **)error;
-
-/**
- * Constructs a ECIES-AEAD-HKDF primitive for the given @c key that conforms to the
- * HybridEncrypt protocol.
- *
- * @param key A TINKPBEciesAeadHkdfPublicKey protocol buffer.
- * @return An instance that conforms to the HybridEncrypt protocol. In case of error, it returns nil
- * and sets the supplied @c error (if non-nil) with a descriptive error message.
- */
-- (nullable id<TINKHybridEncrypt>)primitiveFromKey:(TINKPBEciesAeadHkdfPublicKey *)key
- error:(NSError **)error;
-
-/**
- * Generates a new random TINKPBEciesAeadHkdfPublicKey, based on the specified @c keyTemplate which
- * must contain EciesAeadHkdfKeyFormat proto.
- */
-- (nullable TINKPBEciesAeadHkdfPublicKey *)newKeyFromTemplate:(TINKPBKeyTemplate *)keyTemplate
- error:(NSError **)error;
-
-/** True if the key manager supports the supplied @c keyType. */
-- (BOOL)shouldSupportKeyType:(NSString *)keyType;
-
-@end
-
-NS_ASSUME_NONNULL_END
diff --git a/objc/hybrid/TINKEciesAeadHkdfPublicKeyManager.mm b/objc/hybrid/TINKEciesAeadHkdfPublicKeyManager.mm
deleted file mode 100644
index 07db7f797..000000000
--- a/objc/hybrid/TINKEciesAeadHkdfPublicKeyManager.mm
+++ /dev/null
@@ -1,188 +0,0 @@
-/**
- * Copyright 2017 Google Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- **************************************************************************
- */
-
-#import "objc/hybrid/TINKEciesAeadHkdfPublicKeyManager.h"
-
-#include "tink/hybrid/ecies_aead_hkdf_public_key_manager.h"
-#include "tink/hybrid_encrypt.h"
-#include "tink/key_manager.h"
-#include "tink/util/status.h"
-#include "proto/ecies_aead_hkdf.pb.h"
-#include "proto/tink.pb.h"
-
-#import "objc/hybrid/TINKHybridEncryptInternal.h"
-#import "objc/hybrid/TINKHybridEncryptKeyManager.h"
-#import "objc/hybrid/TINKHybridEncryptKeyManager_Internal.h"
-#import "objc/util/TINKErrors.h"
-#import "objc/util/TINKStrings.h"
-#import "proto/EciesAeadHkdf.pbobjc.h"
-#import "proto/Tink.pbobjc.h"
-
-@implementation TINKEciesAeadHkdfPublicKeyManager
-
-- (instancetype)init {
- self = [super init];
- if (self) {
- self.ccKeyManager = new crypto::tink::EciesAeadHkdfPublicKeyManager();
- self.isManagerOwnedByRegistry = NO;
- }
- return self;
-}
-
-- (void)dealloc {
- if (!self.isManagerOwnedByRegistry) {
- delete self.ccKeyManager;
- }
-}
-
-- (NSUInteger)version {
- return self.ccKeyManager->get_version();
-}
-
-- (NSString *)keyType {
- return TINKStringToNSString(self.ccKeyManager->get_key_type());
-}
-
-- (BOOL)shouldSupportKeyType:(NSString *)keyType {
- return [keyType isEqualToString:self.keyType];
-}
-
-- (id<TINKHybridEncrypt>)primitiveFromKeyData:(TINKPBKeyData *)keyData error:(NSError **)error {
- if (error) {
- *error = nil;
- }
-
- // Serialize the Obj-C protocol buffer.
- std::string serializedKeyData = TINKPBSerializeToString(keyData, error);
- if (serializedKeyData.empty()) {
- return nil;
- }
-
- // Deserialize it to a C++ protocol buffer.
- google::crypto::tink::KeyData ccKeyData;
- if (!ccKeyData.ParseFromString(serializedKeyData)) {
- if (error) {
- *error = TINKStatusToError(crypto::tink::util::Status(
- crypto::tink::util::error::INVALID_ARGUMENT, "Could not parse keyData."));
- }
- return nil;
- }
-
- // Use the C++ API to get a primitive from the C++ protcol buffer.
- auto st = self.ccKeyManager->GetPrimitive(ccKeyData);
- if (!st.ok()) {
- if (error) {
- *error = TINKStatusToError(st.status());
- }
- return nil;
- }
-
- // Wrap the C++ primitive into an Obj-C class and return it to the user.
- id<TINKHybridEncrypt> primitive =
- [[TINKHybridEncryptInternal alloc] initWithCCHybridEncrypt:std::move(st.ValueOrDie())];
- return primitive;
-}
-
-- (nullable id<TINKHybridEncrypt>)primitiveFromKey:(TINKPBEciesAeadHkdfPublicKey *)key
- error:(NSError **)error {
- if (error) {
- *error = nil;
- }
-
- // Serialize the Obj-C protocol buffer.
- std::string serializedKey = TINKPBSerializeToString(key, error);
- if (serializedKey.empty()) {
- return nil;
- }
-
- // Deserialize it to a C++ protocol buffer.
- google::crypto::tink::EciesAeadHkdfPublicKey ccKey;
- if (!ccKey.ParseFromString(serializedKey)) {
- if (error) {
- *error = TINKStatusToError(crypto::tink::util::Status(
- crypto::tink::util::error::INVALID_ARGUMENT, "Could not parse key."));
- }
- return nil;
- }
-
- // Use the C++ API to get a primitive.
- auto st = self.ccKeyManager->GetPrimitive(ccKey);
- if (!st.ok()) {
- if (error) {
- *error = TINKStatusToError(st.status());
- }
- return nil;
- }
-
- // Wrap the C++ primitive into an Obj-C class and return it to the user.
- id<TINKHybridEncrypt> primitive =
- [[TINKHybridEncryptInternal alloc] initWithCCHybridEncrypt:std::move(st.ValueOrDie())];
- return primitive;
-}
-
-- (nullable TINKPBEciesAeadHkdfPublicKey *)newKeyFromTemplate:(TINKPBKeyTemplate *)keyTemplate
- error:(NSError **)error {
- if (error) {
- *error = nil;
- }
-
- // Serialize the Obj-C protocol buffer.
- std::string serializedKeyTemplate = TINKPBSerializeToString(keyTemplate, error);
- if (serializedKeyTemplate.empty()) {
- return nil;
- }
-
- // Deserialize it to a C++ protcol buffer.
- google::crypto::tink::KeyTemplate ccKeyTemplate;
- if (!ccKeyTemplate.ParseFromString(serializedKeyTemplate)) {
- if (error) {
- *error = TINKStatusToError(crypto::tink::util::Status(
- crypto::tink::util::error::INVALID_ARGUMENT, "Could not parse keyTemplate."));
- }
- return nil;
- }
-
- // Call the C++ API to get the key.
- auto st = self.ccKeyManager->get_key_factory().NewKey(ccKeyTemplate);
- if (!st.ok()) {
- if (error) {
- *error = TINKStatusToError(st.status());
- }
- return nil;
- }
-
- // Serialize C++ EciesAeadHkdfPublicKey to std::string.
- auto ccEciesAeadHkdfPublicKey = std::move(st.ValueOrDie());
- std::string serializedEciesAeadHkdfPublicKey;
- if (!ccEciesAeadHkdfPublicKey->SerializeToString(&serializedEciesAeadHkdfPublicKey)) {
- if (error) {
- *error = TINKStatusToError(
- crypto::tink::util::Status(crypto::tink::util::error::INVALID_ARGUMENT,
- "Could not serialize EciesAeadHkdfPublicKey."));
- }
- return nil;
- }
-
- // Deserialize to TINKPBEciesAeadHkdfPublicKey and return to user.
- TINKPBEciesAeadHkdfPublicKey *eciesAeadHkdfPublicKey = [TINKPBEciesAeadHkdfPublicKey
- parseFromData:TINKStringToNSData(serializedEciesAeadHkdfPublicKey)
- error:error];
- return eciesAeadHkdfPublicKey;
-}
-
-@end
diff --git a/objc/hybrid/TINKHybridDecryptKeyManager.h b/objc/hybrid/TINKHybridDecryptKeyManager.h
deleted file mode 100644
index 2f5d31185..000000000
--- a/objc/hybrid/TINKHybridDecryptKeyManager.h
+++ /dev/null
@@ -1,28 +0,0 @@
-/**
- * Copyright 2017 Google Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- **************************************************************************
- */
-
-#import <Foundation/Foundation.h>
-
-/**
- * TINKHybridDecryptKeyManager is the parent class of all HybridDecrypt key managers.
- *
- * In order to implement a custom HybridDecrypt key manager you need to subclass this class.
- */
-@interface TINKHybridDecryptKeyManager : NSObject
-
-@end
diff --git a/objc/hybrid/TINKHybridDecryptKeyManager.mm b/objc/hybrid/TINKHybridDecryptKeyManager.mm
deleted file mode 100644
index 27ec5fc3c..000000000
--- a/objc/hybrid/TINKHybridDecryptKeyManager.mm
+++ /dev/null
@@ -1,24 +0,0 @@
-/**
- * Copyright 2017 Google Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- **************************************************************************
- */
-
-#import "objc/hybrid/TINKHybridDecryptKeyManager.h"
-#import "objc/hybrid/TINKHybridDecryptKeyManager_Internal.h"
-
-@implementation TINKHybridDecryptKeyManager
-
-@end
diff --git a/objc/hybrid/TINKHybridDecryptKeyManager_Internal.h b/objc/hybrid/TINKHybridDecryptKeyManager_Internal.h
deleted file mode 100644
index d546ad823..000000000
--- a/objc/hybrid/TINKHybridDecryptKeyManager_Internal.h
+++ /dev/null
@@ -1,29 +0,0 @@
-/**
- * Copyright 2017 Google Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- **************************************************************************
- */
-
-#import "objc/hybrid/TINKHybridDecryptKeyManager.h"
-
-#include "tink/hybrid_decrypt.h"
-#include "tink/key_manager.h"
-
-@interface TINKHybridDecryptKeyManager ()
-
-@property(nonatomic) BOOL isManagerOwnedByRegistry;
-@property(nonatomic) crypto::tink::KeyManager<crypto::tink::HybridDecrypt> *ccKeyManager;
-
-@end
diff --git a/objc/hybrid/TINKHybridEncryptKeyManager.h b/objc/hybrid/TINKHybridEncryptKeyManager.h
deleted file mode 100644
index cf698a4b0..000000000
--- a/objc/hybrid/TINKHybridEncryptKeyManager.h
+++ /dev/null
@@ -1,28 +0,0 @@
-/**
- * Copyright 2017 Google Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- **************************************************************************
- */
-
-#import <Foundation/Foundation.h>
-
-/**
- * TINKHybridEncryptKeyManager is the parent class of all HybridEncrypt key managers.
- *
- * In order to implement a custom HybridEncrypt key manager you need to subclass this class.
- */
-@interface TINKHybridEncryptKeyManager : NSObject
-
-@end
diff --git a/objc/hybrid/TINKHybridEncryptKeyManager.mm b/objc/hybrid/TINKHybridEncryptKeyManager.mm
deleted file mode 100644
index c3e8be1bd..000000000
--- a/objc/hybrid/TINKHybridEncryptKeyManager.mm
+++ /dev/null
@@ -1,24 +0,0 @@
-/**
- * Copyright 2017 Google Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- **************************************************************************
- */
-
-#import "objc/hybrid/TINKHybridEncryptKeyManager.h"
-#import "objc/hybrid/TINKHybridEncryptKeyManager_Internal.h"
-
-@implementation TINKHybridEncryptKeyManager
-
-@end
diff --git a/objc/hybrid/TINKHybridEncryptKeyManager_Internal.h b/objc/hybrid/TINKHybridEncryptKeyManager_Internal.h
deleted file mode 100644
index 2d0899bfd..000000000
--- a/objc/hybrid/TINKHybridEncryptKeyManager_Internal.h
+++ /dev/null
@@ -1,29 +0,0 @@
-/**
- * Copyright 2017 Google Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- **************************************************************************
- */
-
-#import "objc/hybrid/TINKHybridEncryptKeyManager.h"
-
-#include "tink/hybrid_encrypt.h"
-#include "tink/key_manager.h"
-
-@interface TINKHybridEncryptKeyManager ()
-
-@property(nonatomic) BOOL isManagerOwnedByRegistry;
-@property(nonatomic) crypto::tink::KeyManager<crypto::tink::HybridEncrypt> *ccKeyManager;
-
-@end
diff --git a/objc/util/TINKTestHelpers.h b/objc/util/TINKTestHelpers.h
index 77147b0fb..371373e15 100644
--- a/objc/util/TINKTestHelpers.h
+++ b/objc/util/TINKTestHelpers.h
@@ -21,6 +21,11 @@
#import "proto/EciesAeadHkdf.pbobjc.h"
#import "proto/Tink.pbobjc.h"
+TINKPBKeyset *TINKCreateKeyset(TINKPBKeyset_Key *primaryKey, TINKPBKeyset_Key *key1,
+ TINKPBKeyset_Key *key2);
+
+void TINKAddKey(TINKPBKeyset_Key *key, TINKPBKeyset *keyset);
+
void TINKAddKey(NSString *keyType, NSUInteger keyId, TINKPBKeyset *keyset);
void TINKAddTinkKey(NSString *keyType,
@@ -48,3 +53,10 @@ TINKPBEciesAeadHkdfPrivateKey *TINKGetEciesAesGcmHkdfTestKey(TINKPBEllipticCurve
TINKPBEcPointFormat ecPointFormat,
TINKPBHashType hashType,
uint32_t aesGcmKeySize);
+
+TINKPBKeyset_Key *TINKCreateKey(NSString *keyType, uint32_t keyID, GPBMessage *newKey,
+ TINKPBOutputPrefixType outputPrefix, TINKPBKeyStatusType keyStatus,
+ TINKPBKeyData_KeyMaterialType materialType);
+
+TINKPBKeyset *TINKCreateKeyset(TINKPBKeyset_Key *primaryKey, TINKPBKeyset_Key *key1,
+ TINKPBKeyset_Key *key2);
diff --git a/objc/util/TINKTestHelpers.mm b/objc/util/TINKTestHelpers.mm
index 5130ff8d4..e65d0d0da 100644
--- a/objc/util/TINKTestHelpers.mm
+++ b/objc/util/TINKTestHelpers.mm
@@ -30,19 +30,21 @@
#import "proto/EciesAeadHkdf.pbobjc.h"
#import "proto/Tink.pbobjc.h"
-void TINKAddKey(NSString *keyType,
- uint32_t keyID,
- GPBMessage *newKey,
- TINKPBOutputPrefixType outputPrefix,
- TINKPBKeyStatusType keyStatus,
- TINKPBKeyData_KeyMaterialType materialType,
- TINKPBKeyset *keyset) {
- if (!keyset.keyArray) {
- keyset.keyArray = [[NSMutableArray alloc] init];
- }
+TINKPBKeyset *TINKCreateKeyset(TINKPBKeyset_Key *primaryKey, TINKPBKeyset_Key *key1,
+ TINKPBKeyset_Key *key2) {
+ TINKPBKeyset *keyset = [[TINKPBKeyset alloc] init];
- NSMutableArray<TINKPBKeyset_Key *> *keyArray = [keyset keyArray];
+ TINKAddKey(primaryKey, keyset);
+ TINKAddKey(key1, keyset);
+ TINKAddKey(key2, keyset);
+ keyset.primaryKeyId = [primaryKey keyId];
+ return keyset;
+}
+
+TINKPBKeyset_Key *TINKCreateKey(NSString *keyType, uint32_t keyID, GPBMessage *newKey,
+ TINKPBOutputPrefixType outputPrefix, TINKPBKeyStatusType keyStatus,
+ TINKPBKeyData_KeyMaterialType materialType) {
TINKPBKeyset_Key *key = [[TINKPBKeyset_Key alloc] init];
key.outputPrefixType = outputPrefix;
key.keyId = keyID;
@@ -55,6 +57,24 @@ void TINKAddKey(NSString *keyType,
key.keyData.typeURL = keyType;
key.keyData.keyMaterialType = materialType;
key.keyData.value = [newKey data];
+ return key;
+}
+
+void TINKAddKey(NSString *keyType, uint32_t keyId, GPBMessage *keyMaterial,
+ TINKPBOutputPrefixType outputPrefix, TINKPBKeyStatusType keyStatus,
+ TINKPBKeyData_KeyMaterialType materialType, TINKPBKeyset *keyset) {
+ TINKPBKeyset_Key *key =
+ TINKCreateKey(keyType, keyId, keyMaterial, outputPrefix, keyStatus, materialType);
+
+ TINKAddKey(key, keyset);
+}
+
+void TINKAddKey(TINKPBKeyset_Key *key, TINKPBKeyset *keyset) {
+ if (!keyset.keyArray) {
+ keyset.keyArray = [[NSMutableArray alloc] init];
+ }
+
+ NSMutableArray<TINKPBKeyset_Key *> *keyArray = [keyset keyArray];
[keyArray addObject:key];
}
--
GitLab