diff options
author | tholenst <tholenst@google.com> | 2023-03-08 07:05:13 -0800 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2023-03-08 07:06:19 -0800 |
commit | 38ec4b9b85f2c7bab3c2ad184a058ac2c5690cbb (patch) | |
tree | abc9de39e1df0c4076da22eec6e2fc4e0f174d42 | |
parent | 8fc28ff50feb203008ba02b33506dffc729e5202 (diff) | |
download | tink-38ec4b9b85f2c7bab3c2ad184a058ac2c5690cbb.tar.gz |
Remove the StatusOr<> part of the method "GetOutputPrefix" in the mac key.
There is no reason this should be there: if this returns an error, the key shouldn't have been created.
PiperOrigin-RevId: 515027174
-rw-r--r-- | cc/mac/aes_cmac_key.cc | 33 | ||||
-rw-r--r-- | cc/mac/aes_cmac_key.h | 12 | ||||
-rw-r--r-- | cc/mac/aes_cmac_key_test.cc | 2 | ||||
-rw-r--r-- | cc/mac/aes_cmac_proto_serialization_test.cc | 3 | ||||
-rw-r--r-- | cc/mac/mac_key.h | 2 |
5 files changed, 39 insertions, 13 deletions
diff --git a/cc/mac/aes_cmac_key.cc b/cc/mac/aes_cmac_key.cc index 09fdb78e4..aa0a9eaa8 100644 --- a/cc/mac/aes_cmac_key.cc +++ b/cc/mac/aes_cmac_key.cc @@ -33,6 +33,7 @@ namespace crypto { namespace tink { + util::StatusOr<AesCmacKey> AesCmacKey::Create( AesCmacParameters parameters, RestrictedData aes_key_bytes, absl::optional<int> id_requirement, PartialKeyAccessToken token) { @@ -52,28 +53,48 @@ util::StatusOr<AesCmacKey> AesCmacKey::Create( "Cannot create key with ID requirement with parameters without ID " "requirement"); } - return AesCmacKey(parameters, aes_key_bytes, id_requirement); + util::StatusOr<std::string> output_prefix = + ComputeOutputPrefix(parameters, id_requirement); + if (!output_prefix.ok()) { + return output_prefix.status(); + } + return AesCmacKey(parameters, aes_key_bytes, id_requirement, + *std::move(output_prefix)); } -util::StatusOr<std::string> AesCmacKey::GetOutputPrefix() const { - switch (parameters_.GetVariant()) { +util::StatusOr<std::string> AesCmacKey::ComputeOutputPrefix( + const AesCmacParameters& parameters, absl::optional<int> id_requirement) { + switch (parameters.GetVariant()) { case AesCmacParameters::Variant::kNoPrefix: return std::string(""); // Empty prefix. case AesCmacParameters::Variant::kLegacy: ABSL_FALLTHROUGH_INTENDED; case AesCmacParameters::Variant::kCrunchy: + if (!id_requirement.has_value()) { + return util::Status( + absl::StatusCode::kInvalidArgument, + "id requirement must have value with kCrunchy or kLegacy"); + } return absl::StrCat(absl::HexStringToBytes("00"), - subtle::BigEndian32(*id_requirement_)); + subtle::BigEndian32(*id_requirement)); case AesCmacParameters::Variant::kTink: + if (!id_requirement.has_value()) { + return util::Status(absl::StatusCode::kInvalidArgument, + "id requirement must have value with kTink"); + } return absl::StrCat(absl::HexStringToBytes("01"), - subtle::BigEndian32(*id_requirement_)); + subtle::BigEndian32(*id_requirement)); default: return util::Status( absl::StatusCode::kInvalidArgument, - absl::StrCat("Invalid variant: ", parameters_.GetVariant())); + absl::StrCat("Invalid variant: ", parameters.GetVariant())); } } +std::string AesCmacKey::GetOutputPrefix() const { + return output_prefix_; +} + bool AesCmacKey::operator==(const Key& other) const { const AesCmacKey* that = dynamic_cast<const AesCmacKey*>(&other); if (that == nullptr) { diff --git a/cc/mac/aes_cmac_key.h b/cc/mac/aes_cmac_key.h index c110648ba..38ac13caa 100644 --- a/cc/mac/aes_cmac_key.h +++ b/cc/mac/aes_cmac_key.h @@ -19,6 +19,7 @@ #include <memory> #include <string> +#include <utility> #include "absl/types/optional.h" #include "tink/mac/aes_cmac_parameters.h" @@ -50,7 +51,7 @@ class AesCmacKey : public MacKey { return aes_key_bytes_; } - util::StatusOr<std::string> GetOutputPrefix() const override; + std::string GetOutputPrefix() const override; const AesCmacParameters& GetParameters() const override { return parameters_; @@ -64,14 +65,19 @@ class AesCmacKey : public MacKey { private: AesCmacKey(AesCmacParameters parameters, RestrictedData aes_key_bytes, - absl::optional<int> id_requirement) + absl::optional<int> id_requirement, std::string output_prefix) : parameters_(parameters), aes_key_bytes_(aes_key_bytes), - id_requirement_(id_requirement) {} + id_requirement_(id_requirement), + output_prefix_(std::move(output_prefix)) {} + + static util::StatusOr<std::string> ComputeOutputPrefix( + const AesCmacParameters& parameters, absl::optional<int> id_requirement); AesCmacParameters parameters_; RestrictedData aes_key_bytes_; absl::optional<int> id_requirement_; + std::string output_prefix_; }; } // namespace tink diff --git a/cc/mac/aes_cmac_key_test.cc b/cc/mac/aes_cmac_key_test.cc index 7006ca365..e7b76079f 100644 --- a/cc/mac/aes_cmac_key_test.cc +++ b/cc/mac/aes_cmac_key_test.cc @@ -80,7 +80,7 @@ TEST_P(AesCmacKeyTest, CreateSucceeds) { EXPECT_THAT(key->GetParameters(), Eq(*params)); EXPECT_THAT(key->GetIdRequirement(), Eq(test_case.id_requirement)); - EXPECT_THAT(key->GetOutputPrefix(), IsOkAndHolds(test_case.output_prefix)); + EXPECT_THAT(key->GetOutputPrefix(), Eq(test_case.output_prefix)); } TEST(AesCmacKeyTest, CreateKeyWithMismatchedKeySizeFails) { diff --git a/cc/mac/aes_cmac_proto_serialization_test.cc b/cc/mac/aes_cmac_proto_serialization_test.cc index ad8acb93e..cf8272b4d 100644 --- a/cc/mac/aes_cmac_proto_serialization_test.cc +++ b/cc/mac/aes_cmac_proto_serialization_test.cc @@ -223,8 +223,7 @@ TEST_P(AesCmacProtoSerializationTest, ParseKey) { ASSERT_THAT(parsed_key, IsOk()); EXPECT_THAT(parsed_key->GetSecret(InsecureSecretKeyAccess::Get()), Eq(raw_key_bytes)); - EXPECT_THAT(cmac_key->GetOutputPrefix(), - IsOkAndHolds(test_case.output_prefix)); + EXPECT_THAT(cmac_key->GetOutputPrefix(), Eq(test_case.output_prefix)); EXPECT_THAT(cmac_key->GetParameters().GetVariant(), Eq(test_case.variant)); EXPECT_THAT(cmac_key->GetParameters().KeySizeInBytes(), Eq(test_case.key_size)); diff --git a/cc/mac/mac_key.h b/cc/mac/mac_key.h index 5e14e5fd7..9ffc1498a 100644 --- a/cc/mac/mac_key.h +++ b/cc/mac/mac_key.h @@ -40,7 +40,7 @@ class MacKey : public Key { // may be a prefix of another). To avoid this, built-in Tink keys use the // convention that the prefix is either '0x00<big endian key id>' or // '0x01<big endian key id>'. - virtual util::StatusOr<std::string> GetOutputPrefix() const = 0; + virtual std::string GetOutputPrefix() const = 0; const MacParameters& GetParameters() const override = 0; |