Remove the StatusOr<> part of the method "GetOutputPrefix" in the mac key.

There is no reason this should be there: if this returns an error, the key shouldn't have been created. PiperOrigin-RevId: 515027174
author: tholenst <tholenst@google.com> 2023-03-08 07:05:13 -0800
committer: Copybara-Service <copybara-worker@google.com> 2023-03-08 07:06:19 -0800
commit: 38ec4b9b85f2c7bab3c2ad184a058ac2c5690cbb (patch)
tree: abc9de39e1df0c4076da22eec6e2fc4e0f174d42
parent: 8fc28ff50feb203008ba02b33506dffc729e5202 (diff)
download: tink-38ec4b9b85f2c7bab3c2ad184a058ac2c5690cbb.tar.gz
5 files changed, 39 insertions, 13 deletions
diff --git a/cc/mac/aes_cmac_key.cc b/cc/mac/aes_cmac_key.cc
index 09fdb78e4..aa0a9eaa8 100644
--- a/cc/mac/aes_cmac_key.cc
+++ b/cc/mac/aes_cmac_key.cc
@@ -33,6 +33,7 @@
 namespace crypto {
 namespace tink {
 
+
 util::StatusOr<AesCmacKey> AesCmacKey::Create(
     AesCmacParameters parameters, RestrictedData aes_key_bytes,
     absl::optional<int> id_requirement, PartialKeyAccessToken token) {
@@ -52,28 +53,48 @@ util::StatusOr<AesCmacKey> AesCmacKey::Create(
         "Cannot create key with ID requirement with parameters without ID "
         "requirement");
   }
-  return AesCmacKey(parameters, aes_key_bytes, id_requirement);
+  util::StatusOr<std::string> output_prefix =
+      ComputeOutputPrefix(parameters, id_requirement);
+  if (!output_prefix.ok()) {
+    return output_prefix.status();
+  }
+  return AesCmacKey(parameters, aes_key_bytes, id_requirement,
+                    *std::move(output_prefix));
 }
 
-util::StatusOr<std::string> AesCmacKey::GetOutputPrefix() const {
-  switch (parameters_.GetVariant()) {
+util::StatusOr<std::string> AesCmacKey::ComputeOutputPrefix(
+    const AesCmacParameters& parameters, absl::optional<int> id_requirement) {
+  switch (parameters.GetVariant()) {
     case AesCmacParameters::Variant::kNoPrefix:
       return std::string("");  // Empty prefix.
     case AesCmacParameters::Variant::kLegacy:
       ABSL_FALLTHROUGH_INTENDED;
     case AesCmacParameters::Variant::kCrunchy:
+      if (!id_requirement.has_value()) {
+        return util::Status(
+            absl::StatusCode::kInvalidArgument,
+            "id requirement must have value with kCrunchy or kLegacy");
+      }
       return absl::StrCat(absl::HexStringToBytes("00"),
-                          subtle::BigEndian32(*id_requirement_));
+                          subtle::BigEndian32(*id_requirement));
     case AesCmacParameters::Variant::kTink:
+      if (!id_requirement.has_value()) {
+        return util::Status(absl::StatusCode::kInvalidArgument,
+                            "id requirement must have value with kTink");
+      }
       return absl::StrCat(absl::HexStringToBytes("01"),
-                          subtle::BigEndian32(*id_requirement_));
+                          subtle::BigEndian32(*id_requirement));
     default:
       return util::Status(
           absl::StatusCode::kInvalidArgument,
-          absl::StrCat("Invalid variant: ", parameters_.GetVariant()));
+          absl::StrCat("Invalid variant: ", parameters.GetVariant()));
   }
 }
 
+std::string AesCmacKey::GetOutputPrefix() const {
+  return output_prefix_;
+}
+
 bool AesCmacKey::operator==(const Key& other) const {
   const AesCmacKey* that = dynamic_cast<const AesCmacKey*>(&other);
   if (that == nullptr) {
diff --git a/cc/mac/aes_cmac_key.h b/cc/mac/aes_cmac_key.h
index c110648ba..38ac13caa 100644
--- a/cc/mac/aes_cmac_key.h
+++ b/cc/mac/aes_cmac_key.h
@@ -19,6 +19,7 @@
 
 #include <memory>
 #include <string>
+#include <utility>
 
 #include "absl/types/optional.h"
 #include "tink/mac/aes_cmac_parameters.h"
@@ -50,7 +51,7 @@ class AesCmacKey : public MacKey {
     return aes_key_bytes_;
   }
 
-  util::StatusOr<std::string> GetOutputPrefix() const override;
+  std::string GetOutputPrefix() const override;
 
   const AesCmacParameters& GetParameters() const override {
     return parameters_;
@@ -64,14 +65,19 @@ class AesCmacKey : public MacKey {
 
  private:
   AesCmacKey(AesCmacParameters parameters, RestrictedData aes_key_bytes,
-             absl::optional<int> id_requirement)
+             absl::optional<int> id_requirement, std::string output_prefix)
       : parameters_(parameters),
         aes_key_bytes_(aes_key_bytes),
-        id_requirement_(id_requirement) {}
+        id_requirement_(id_requirement),
+        output_prefix_(std::move(output_prefix)) {}
+
+  static util::StatusOr<std::string> ComputeOutputPrefix(
+      const AesCmacParameters& parameters, absl::optional<int> id_requirement);
 
   AesCmacParameters parameters_;
   RestrictedData aes_key_bytes_;
   absl::optional<int> id_requirement_;
+  std::string output_prefix_;
 };
 
 }  // namespace tink
diff --git a/cc/mac/aes_cmac_key_test.cc b/cc/mac/aes_cmac_key_test.cc
index 7006ca365..e7b76079f 100644
--- a/cc/mac/aes_cmac_key_test.cc
+++ b/cc/mac/aes_cmac_key_test.cc
@@ -80,7 +80,7 @@ TEST_P(AesCmacKeyTest, CreateSucceeds) {
 
   EXPECT_THAT(key->GetParameters(), Eq(*params));
   EXPECT_THAT(key->GetIdRequirement(), Eq(test_case.id_requirement));
-  EXPECT_THAT(key->GetOutputPrefix(), IsOkAndHolds(test_case.output_prefix));
+  EXPECT_THAT(key->GetOutputPrefix(), Eq(test_case.output_prefix));
 }
 
 TEST(AesCmacKeyTest, CreateKeyWithMismatchedKeySizeFails) {
diff --git a/cc/mac/aes_cmac_proto_serialization_test.cc b/cc/mac/aes_cmac_proto_serialization_test.cc
index ad8acb93e..cf8272b4d 100644
--- a/cc/mac/aes_cmac_proto_serialization_test.cc
+++ b/cc/mac/aes_cmac_proto_serialization_test.cc
@@ -223,8 +223,7 @@ TEST_P(AesCmacProtoSerializationTest, ParseKey) {
   ASSERT_THAT(parsed_key, IsOk());
   EXPECT_THAT(parsed_key->GetSecret(InsecureSecretKeyAccess::Get()),
               Eq(raw_key_bytes));
-  EXPECT_THAT(cmac_key->GetOutputPrefix(),
-              IsOkAndHolds(test_case.output_prefix));
+  EXPECT_THAT(cmac_key->GetOutputPrefix(), Eq(test_case.output_prefix));
   EXPECT_THAT(cmac_key->GetParameters().GetVariant(), Eq(test_case.variant));
   EXPECT_THAT(cmac_key->GetParameters().KeySizeInBytes(),
               Eq(test_case.key_size));
diff --git a/cc/mac/mac_key.h b/cc/mac/mac_key.h
index 5e14e5fd7..9ffc1498a 100644
--- a/cc/mac/mac_key.h
+++ b/cc/mac/mac_key.h
@@ -40,7 +40,7 @@ class MacKey : public Key {
   // may be a prefix of another). To avoid this, built-in Tink keys use the
   // convention that the prefix is either '0x00<big endian key id>' or
   // '0x01<big endian key id>'.
-  virtual util::StatusOr<std::string> GetOutputPrefix() const = 0;
+  virtual std::string GetOutputPrefix() const = 0;
 
   const MacParameters& GetParameters() const override = 0;
author	tholenst <tholenst@google.com>	2023-03-08 07:05:13 -0800
committer	Copybara-Service <copybara-worker@google.com>	2023-03-08 07:06:19 -0800
commit	38ec4b9b85f2c7bab3c2ad184a058ac2c5690cbb (patch)
tree	abc9de39e1df0c4076da22eec6e2fc4e0f174d42
parent	8fc28ff50feb203008ba02b33506dffc729e5202 (diff)
download	tink-38ec4b9b85f2c7bab3c2ad184a058ac2c5690cbb.tar.gz