diff options
author | ioannanedelcu <ioannanedelcu@google.com> | 2023-05-31 14:52:59 -0700 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2023-05-31 14:53:58 -0700 |
commit | 8b9be40f3c6d2ff5c220a33afcb997f39ef90b91 (patch) | |
tree | 6ba9e7d9a00312556395e217954266e4943555aa | |
parent | 4b641ad520a5b6ab64913b6bb0617f85faf9eef8 (diff) | |
download | tink-8b9be40f3c6d2ff5c220a33afcb997f39ef90b91.tar.gz |
Make the SecretKeyAccessToken optional for the key parsers and serializers.
PiperOrigin-RevId: 536830719
-rw-r--r-- | cc/core/keyset_handle.cc | 3 | ||||
-rw-r--r-- | cc/internal/BUILD.bazel | 5 | ||||
-rw-r--r-- | cc/internal/CMakeLists.txt | 5 | ||||
-rw-r--r-- | cc/internal/keyset_handle_builder_entry.cc | 3 | ||||
-rw-r--r-- | cc/internal/mutable_serialization_registry.cc | 10 | ||||
-rw-r--r-- | cc/internal/mutable_serialization_registry.h | 13 | ||||
-rw-r--r-- | cc/internal/mutable_serialization_registry_test.cc | 69 | ||||
-rw-r--r-- | cc/internal/serialization_registry.cc | 7 | ||||
-rw-r--r-- | cc/internal/serialization_registry.h | 10 | ||||
-rw-r--r-- | cc/internal/serialization_registry_test.cc | 67 | ||||
-rw-r--r-- | cc/mac/BUILD.bazel | 1 | ||||
-rw-r--r-- | cc/mac/CMakeLists.txt | 1 | ||||
-rw-r--r-- | cc/mac/aes_cmac_proto_serialization_test.cc | 9 | ||||
-rw-r--r-- | cc/mac/mac_config_test.cc | 11 |
14 files changed, 155 insertions, 59 deletions
diff --git a/cc/core/keyset_handle.cc b/cc/core/keyset_handle.cc index bab5bfe99..94d67232f 100644 --- a/cc/core/keyset_handle.cc +++ b/cc/core/keyset_handle.cc @@ -218,7 +218,8 @@ util::StatusOr<KeysetHandle::Entry> KeysetHandle::CreateEntry( util::StatusOr<std::shared_ptr<const Key>> key = internal::MutableSerializationRegistry::GlobalInstance() - .ParseKeyWithLegacyFallback(*serialization); + .ParseKeyWithLegacyFallback(*serialization, + InsecureSecretKeyAccess::Get()); if (!key.ok()) { return key.status(); } diff --git a/cc/internal/BUILD.bazel b/cc/internal/BUILD.bazel index 6d2471e68..be74b932a 100644 --- a/cc/internal/BUILD.bazel +++ b/cc/internal/BUILD.bazel @@ -926,7 +926,6 @@ cc_library( ":parser_index", ":serialization", ":serializer_index", - "//:insecure_secret_key_access", "//:key", "//:parameters", "//util:status", @@ -934,6 +933,7 @@ cc_library( "@com_google_absl//absl/container:flat_hash_map", "@com_google_absl//absl/status", "@com_google_absl//absl/strings:str_format", + "@com_google_absl//absl/types:optional", ], ) @@ -948,6 +948,7 @@ cc_test( ":serialization", ":serialization_registry", ":serialization_test_util", + "//:insecure_secret_key_access", "//:key", "//:parameters", "//:secret_key_access_token", @@ -983,6 +984,7 @@ cc_library( "@com_google_absl//absl/memory", "@com_google_absl//absl/status", "@com_google_absl//absl/synchronization", + "@com_google_absl//absl/types:optional", ], ) @@ -1008,6 +1010,7 @@ cc_test( "//util:statusor", "//util:test_matchers", "@com_google_absl//absl/status", + "@com_google_absl//absl/types:optional", "@com_google_googletest//:gtest_main", ], ) diff --git a/cc/internal/CMakeLists.txt b/cc/internal/CMakeLists.txt index 62db0a976..45bad4bbf 100644 --- a/cc/internal/CMakeLists.txt +++ b/cc/internal/CMakeLists.txt @@ -884,7 +884,7 @@ tink_cc_library( absl::flat_hash_map absl::status absl::str_format - tink::core::insecure_secret_key_access + absl::optional tink::core::key tink::core::parameters tink::util::status @@ -905,6 +905,7 @@ tink_cc_test( tink::internal::serialization_test_util gmock absl::status + tink::core::insecure_secret_key_access tink::core::key tink::core::parameters tink::core::secret_key_access_token @@ -931,6 +932,7 @@ tink_cc_library( absl::memory absl::status absl::synchronization + absl::optional tink::core::insecure_secret_key_access tink::core::key tink::core::parameters @@ -954,6 +956,7 @@ tink_cc_test( tink::internal::serialization_test_util gmock absl::status + absl::optional tink::core::insecure_secret_key_access tink::core::key tink::core::parameters diff --git a/cc/internal/keyset_handle_builder_entry.cc b/cc/internal/keyset_handle_builder_entry.cc index 2fd78ffdc..d407cc992 100644 --- a/cc/internal/keyset_handle_builder_entry.cc +++ b/cc/internal/keyset_handle_builder_entry.cc @@ -95,7 +95,8 @@ util::StatusOr<ProtoParametersSerialization> SerializeLegacyParameters( util::StatusOr<ProtoKeySerialization> SerializeKey(const Key& key) { util::StatusOr<std::unique_ptr<Serialization>> serialization = MutableSerializationRegistry::GlobalInstance() - .SerializeKey<ProtoKeySerialization>(key); + .SerializeKey<ProtoKeySerialization>(key, + InsecureSecretKeyAccess::Get()); if (!serialization.ok()) return serialization.status(); const ProtoKeySerialization* serialized_proto_key = diff --git a/cc/internal/mutable_serialization_registry.cc b/cc/internal/mutable_serialization_registry.cc index 08f839cc7..250d026a7 100644 --- a/cc/internal/mutable_serialization_registry.cc +++ b/cc/internal/mutable_serialization_registry.cc @@ -94,15 +94,16 @@ MutableSerializationRegistry::ParseParameters( } util::StatusOr<std::unique_ptr<Key>> MutableSerializationRegistry::ParseKey( - const Serialization& serialization) { + const Serialization& serialization, + absl::optional<SecretKeyAccessToken> token) { absl::MutexLock lock(®istry_mutex_); - return registry_.ParseKey(serialization); + return registry_.ParseKey(serialization, token); } util::StatusOr<std::unique_ptr<Key>> MutableSerializationRegistry::ParseKeyWithLegacyFallback( - const Serialization& serialization) { - util::StatusOr<std::unique_ptr<Key>> key = ParseKey(serialization); + const Serialization& serialization, SecretKeyAccessToken token) { + util::StatusOr<std::unique_ptr<Key>> key = ParseKey(serialization, token); if (key.status().code() == absl::StatusCode::kNotFound) { const ProtoKeySerialization* proto_serialization = dynamic_cast<const ProtoKeySerialization*>(&serialization); @@ -118,4 +119,3 @@ MutableSerializationRegistry::ParseKeyWithLegacyFallback( } // namespace internal } // namespace tink } // namespace crypto - diff --git a/cc/internal/mutable_serialization_registry.h b/cc/internal/mutable_serialization_registry.h index 34610d103..a9914dda5 100644 --- a/cc/internal/mutable_serialization_registry.h +++ b/cc/internal/mutable_serialization_registry.h @@ -21,6 +21,7 @@ #include "absl/base/thread_annotations.h" #include "absl/synchronization/mutex.h" +#include "absl/types/optional.h" #include "tink/internal/key_parser.h" #include "tink/internal/key_serializer.h" #include "tink/internal/parameters_parser.h" @@ -29,6 +30,7 @@ #include "tink/internal/serialization_registry.h" #include "tink/key.h" #include "tink/parameters.h" +#include "tink/secret_key_access_token.h" #include "tink/util/status.h" #include "tink/util/statusor.h" @@ -79,19 +81,22 @@ class MutableSerializationRegistry { // Parses `serialization` into a `Key` instance. util::StatusOr<std::unique_ptr<Key>> ParseKey( - const Serialization& serialization) ABSL_LOCKS_EXCLUDED(registry_mutex_); + const Serialization& serialization, + absl::optional<SecretKeyAccessToken> token) + ABSL_LOCKS_EXCLUDED(registry_mutex_); // Similar to `ParseKey` but falls back to legacy proto key serialization if // the corresponding key parser is not found. util::StatusOr<std::unique_ptr<Key>> ParseKeyWithLegacyFallback( - const Serialization& serialization); + const Serialization& serialization, SecretKeyAccessToken token); // Serializes `parameters` into a `Serialization` instance. template <typename SerializationT> - util::StatusOr<std::unique_ptr<Serialization>> SerializeKey(const Key& key) + util::StatusOr<std::unique_ptr<Serialization>> SerializeKey( + const Key& key, absl::optional<SecretKeyAccessToken> token) ABSL_LOCKS_EXCLUDED(registry_mutex_) { absl::MutexLock lock(®istry_mutex_); - return registry_.SerializeKey<SerializationT>(key); + return registry_.SerializeKey<SerializationT>(key, token); } // Resets to a new empty registry. diff --git a/cc/internal/mutable_serialization_registry_test.cc b/cc/internal/mutable_serialization_registry_test.cc index 9f3cf53be..7bea8b8fa 100644 --- a/cc/internal/mutable_serialization_registry_test.cc +++ b/cc/internal/mutable_serialization_registry_test.cc @@ -23,6 +23,7 @@ #include "gmock/gmock.h" #include "gtest/gtest.h" #include "absl/status/status.h" +#include "absl/types/optional.h" #include "tink/insecure_secret_key_access.h" #include "tink/internal/key_parser.h" #include "tink/internal/key_serializer.h" @@ -163,19 +164,31 @@ TEST(MutableSerializationRegistryTest, ParseKey) { ASSERT_THAT(registry.RegisterKeyParser(&parser2), IsOk()); util::StatusOr<std::unique_ptr<Key>> no_id_key = - registry.ParseKey(NoIdSerialization()); + registry.ParseKey(NoIdSerialization(), InsecureSecretKeyAccess::Get()); ASSERT_THAT(no_id_key, IsOk()); EXPECT_THAT(std::type_index(typeid(**no_id_key)), std::type_index(typeid(NoIdKey))); - util::StatusOr<std::unique_ptr<Key>> id_key = - registry.ParseKey(IdKeySerialization(/*id=*/123)); + util::StatusOr<std::unique_ptr<Key>> id_key = registry.ParseKey( + IdKeySerialization(/*id=*/123), InsecureSecretKeyAccess::Get()); ASSERT_THAT(id_key, IsOk()); EXPECT_THAT(std::type_index(typeid(**id_key)), std::type_index(typeid(IdKey))); EXPECT_THAT((*id_key)->GetIdRequirement(), Eq(123)); } +TEST(MutableSerializationRegistryTest, ParseKeyNoSecretAccess) { + MutableSerializationRegistry registry; + KeyParserImpl<NoIdSerialization, NoIdKey> parser(kNoIdTypeUrl, ParseNoIdKey); + ASSERT_THAT(registry.RegisterKeyParser(&parser), IsOk()); + + util::StatusOr<std::unique_ptr<Key>> no_id_public_key = + registry.ParseKey(NoIdSerialization(), absl::nullopt); + ASSERT_THAT(no_id_public_key, IsOk()); + EXPECT_THAT(std::type_index(typeid(**no_id_public_key)), + std::type_index(typeid(NoIdKey))); +} + TEST(MutableSerializationRegistryTest, ParseKeyWithLegacyFallback) { MutableSerializationRegistry registry; KeyParserImpl<IdKeySerialization, IdKey> parser(kIdTypeUrl, ParseIdKey); @@ -183,7 +196,8 @@ TEST(MutableSerializationRegistryTest, ParseKeyWithLegacyFallback) { // Parse key with registered key parser. util::StatusOr<std::unique_ptr<Key>> id_key = - registry.ParseKeyWithLegacyFallback(IdKeySerialization(/*id=*/123)); + registry.ParseKeyWithLegacyFallback(IdKeySerialization(/*id=*/123), + InsecureSecretKeyAccess::Get()); ASSERT_THAT(id_key, IsOk()); EXPECT_THAT(std::type_index(typeid(**id_key)), std::type_index(typeid(IdKey))); @@ -199,7 +213,8 @@ TEST(MutableSerializationRegistryTest, ParseKeyWithLegacyFallback) { // Fall back to legacy proto key. util::StatusOr<std::unique_ptr<Key>> proto_key = - registry.ParseKeyWithLegacyFallback(*serialization); + registry.ParseKeyWithLegacyFallback(*serialization, + InsecureSecretKeyAccess::Get()); ASSERT_THAT(proto_key, IsOk()); EXPECT_THAT((*proto_key)->GetIdRequirement(), Eq(456)); } @@ -207,8 +222,10 @@ TEST(MutableSerializationRegistryTest, ParseKeyWithLegacyFallback) { TEST(MutableSerializationRegistryTest, ParseKeyWithoutRegistration) { MutableSerializationRegistry registry; - ASSERT_THAT(registry.ParseKey(NoIdSerialization()).status(), - StatusIs(absl::StatusCode::kNotFound)); + ASSERT_THAT( + registry.ParseKey(NoIdSerialization(), InsecureSecretKeyAccess::Get()) + .status(), + StatusIs(absl::StatusCode::kNotFound)); } TEST(MutableSerializationRegistryTest, RegisterSameKeyParser) { @@ -238,20 +255,36 @@ TEST(MutableSerializationRegistryTest, SerializeKey) { ASSERT_THAT(registry.RegisterKeySerializer(&serializer2), IsOk()); util::StatusOr<std::unique_ptr<Serialization>> serialization1 = - registry.SerializeKey<NoIdSerialization>(NoIdKey()); + registry.SerializeKey<NoIdSerialization>(NoIdKey(), + InsecureSecretKeyAccess::Get()); ASSERT_THAT(serialization1, IsOk()); EXPECT_THAT((*serialization1)->ObjectIdentifier(), Eq(kNoIdTypeUrl)); util::StatusOr<std::unique_ptr<Serialization>> serialization2 = - registry.SerializeKey<IdKeySerialization>(IdKey(123)); + registry.SerializeKey<IdKeySerialization>(IdKey(123), + InsecureSecretKeyAccess::Get()); ASSERT_THAT(serialization2, IsOk()); EXPECT_THAT((*serialization2)->ObjectIdentifier(), Eq(kIdTypeUrl)); } +TEST(MutableSerializationRegistryTest, SerializeKeyNoSecretAccess) { + MutableSerializationRegistry registry; + KeySerializerImpl<NoIdKey, NoIdSerialization> serializer(SerializeNoIdKey); + ASSERT_THAT(registry.RegisterKeySerializer(&serializer), IsOk()); + + util::StatusOr<std::unique_ptr<Serialization>> serialization = + registry.SerializeKey<NoIdSerialization>(NoIdKey(), absl::nullopt); + ASSERT_THAT(serialization, IsOk()); + EXPECT_THAT((*serialization)->ObjectIdentifier(), Eq(kNoIdTypeUrl)); +} + TEST(MutableSerializationRegistryTest, SerializeKeyWithoutRegistration) { MutableSerializationRegistry registry; - ASSERT_THAT(registry.SerializeKey<NoIdSerialization>(NoIdKey()).status(), + ASSERT_THAT(registry + .SerializeKey<NoIdSerialization>( + NoIdKey(), InsecureSecretKeyAccess::Get()) + .status(), StatusIs(absl::StatusCode::kNotFound)); } @@ -298,10 +331,11 @@ TEST(MutableSerializationRegistryTest, Reset) { registry.SerializeParameters<NoIdSerialization>(NoIdParams()); ASSERT_THAT(serialization1, IsOk()); util::StatusOr<std::unique_ptr<Key>> key = - registry.ParseKey(NoIdSerialization()); + registry.ParseKey(NoIdSerialization(), InsecureSecretKeyAccess::Get()); ASSERT_THAT(key, IsOk()); util::StatusOr<std::unique_ptr<Serialization>> serialization2 = - registry.SerializeKey<NoIdSerialization>(NoIdKey()); + registry.SerializeKey<NoIdSerialization>(NoIdKey(), + InsecureSecretKeyAccess::Get()); ASSERT_THAT(serialization2, IsOk()); registry.Reset(); @@ -311,9 +345,14 @@ TEST(MutableSerializationRegistryTest, Reset) { ASSERT_THAT( registry.SerializeParameters<NoIdSerialization>(NoIdParams()).status(), StatusIs(absl::StatusCode::kNotFound)); - ASSERT_THAT(registry.ParseKey(NoIdSerialization()).status(), - StatusIs(absl::StatusCode::kNotFound)); - ASSERT_THAT(registry.SerializeKey<NoIdSerialization>(NoIdKey()).status(), + ASSERT_THAT( + registry.ParseKey(NoIdSerialization(), InsecureSecretKeyAccess::Get()) + .status(), + StatusIs(absl::StatusCode::kNotFound)); + ASSERT_THAT(registry + .SerializeKey<NoIdSerialization>( + NoIdKey(), InsecureSecretKeyAccess::Get()) + .status(), StatusIs(absl::StatusCode::kNotFound)); } diff --git a/cc/internal/serialization_registry.cc b/cc/internal/serialization_registry.cc index 93271b5e6..4d3447380 100644 --- a/cc/internal/serialization_registry.cc +++ b/cc/internal/serialization_registry.cc @@ -23,7 +23,6 @@ #include "absl/container/flat_hash_map.h" #include "absl/status/status.h" #include "absl/strings/str_format.h" -#include "tink/insecure_secret_key_access.h" #include "tink/internal/key_parser.h" #include "tink/internal/key_serializer.h" #include "tink/internal/parameters_parser.h" @@ -122,7 +121,8 @@ SerializationRegistry::ParseParameters( } util::StatusOr<std::unique_ptr<Key>> SerializationRegistry::ParseKey( - const Serialization& serialization) const { + const Serialization& serialization, + absl::optional<SecretKeyAccessToken> token) const { ParserIndex index = ParserIndex::Create(serialization); auto it = key_parsers_.find(index); if (it == key_parsers_.end()) { @@ -132,8 +132,7 @@ util::StatusOr<std::unique_ptr<Key>> SerializationRegistry::ParseKey( typeid(serialization).name())); } - return key_parsers_.at(index)->ParseKey(serialization, - InsecureSecretKeyAccess::Get()); + return key_parsers_.at(index)->ParseKey(serialization, token); } } // namespace internal diff --git a/cc/internal/serialization_registry.h b/cc/internal/serialization_registry.h index 709775f6c..ac90e759f 100644 --- a/cc/internal/serialization_registry.h +++ b/cc/internal/serialization_registry.h @@ -26,7 +26,7 @@ #include "absl/container/flat_hash_map.h" #include "absl/status/status.h" #include "absl/strings/str_format.h" -#include "tink/insecure_secret_key_access.h" +#include "absl/types/optional.h" #include "tink/internal/key_parser.h" #include "tink/internal/key_serializer.h" #include "tink/internal/parameters_parser.h" @@ -129,12 +129,13 @@ class SerializationRegistry { // Parses `serialization` into a `Key` instance. util::StatusOr<std::unique_ptr<Key>> ParseKey( - const Serialization& serialization) const; + const Serialization& serialization, + absl::optional<SecretKeyAccessToken> token) const; // Serializes `parameters` into a `Serialization` instance. template <typename SerializationT> util::StatusOr<std::unique_ptr<Serialization>> SerializeKey( - const Key& key) const { + const Key& key, absl::optional<SecretKeyAccessToken> token) const { SerializerIndex index = SerializerIndex::Create<SerializationT>(key); auto it = key_serializers_.find(index); if (it == key_serializers_.end()) { @@ -144,8 +145,7 @@ class SerializationRegistry { typeid(key).name())); } - return key_serializers_.at(index)->SerializeKey( - key, InsecureSecretKeyAccess::Get()); + return key_serializers_.at(index)->SerializeKey(key, token); } private: diff --git a/cc/internal/serialization_registry_test.cc b/cc/internal/serialization_registry_test.cc index 4f2d14766..0e0872b4c 100644 --- a/cc/internal/serialization_registry_test.cc +++ b/cc/internal/serialization_registry_test.cc @@ -24,6 +24,7 @@ #include "gmock/gmock.h" #include "gtest/gtest.h" #include "absl/status/status.h" +#include "tink/insecure_secret_key_access.h" #include "tink/internal/key_parser.h" #include "tink/internal/key_serializer.h" #include "tink/internal/parameters_parser.h" @@ -166,25 +167,41 @@ TEST(SerializationRegistryTest, ParseKey) { SerializationRegistry registry = builder.Build(); util::StatusOr<std::unique_ptr<Key>> no_id_key = - registry.ParseKey(NoIdSerialization()); + registry.ParseKey(NoIdSerialization(), InsecureSecretKeyAccess::Get()); ASSERT_THAT(no_id_key, IsOk()); EXPECT_THAT(std::type_index(typeid(**no_id_key)), std::type_index(typeid(NoIdKey))); - util::StatusOr<std::unique_ptr<Key>> id_key = - registry.ParseKey(IdKeySerialization(/*id=*/123)); + util::StatusOr<std::unique_ptr<Key>> id_key = registry.ParseKey( + IdKeySerialization(/*id=*/123), InsecureSecretKeyAccess::Get()); ASSERT_THAT(id_key, IsOk()); EXPECT_THAT(std::type_index(typeid(**id_key)), std::type_index(typeid(IdKey))); EXPECT_THAT((*id_key)->GetIdRequirement(), Eq(123)); } +TEST(SerializationRegistryTest, ParseKeyNoSecretAccess) { + SerializationRegistry::Builder builder; + KeyParserImpl<NoIdSerialization, NoIdKey> parser(kNoIdTypeUrl, ParseNoIdKey); + ASSERT_THAT(builder.RegisterKeyParser(&parser), IsOk()); + + SerializationRegistry registry = builder.Build(); + + util::StatusOr<std::unique_ptr<Key>> no_id_public_key = + registry.ParseKey(NoIdSerialization(), absl::nullopt); + ASSERT_THAT(no_id_public_key, IsOk()); + EXPECT_THAT(std::type_index(typeid(**no_id_public_key)), + std::type_index(typeid(NoIdKey))); +} + TEST(SerializationRegistryTest, ParseKeyWithoutRegistration) { SerializationRegistry::Builder builder; SerializationRegistry registry = builder.Build(); - ASSERT_THAT(registry.ParseKey(NoIdSerialization()).status(), - StatusIs(absl::StatusCode::kNotFound)); + ASSERT_THAT( + registry.ParseKey(NoIdSerialization(), InsecureSecretKeyAccess::Get()) + .status(), + StatusIs(absl::StatusCode::kNotFound)); } TEST(SerializationRegistryTest, RegisterSameKeyParser) { @@ -215,21 +232,40 @@ TEST(SerializationRegistryTest, SerializeKey) { SerializationRegistry registry = builder.Build(); util::StatusOr<std::unique_ptr<Serialization>> serialization1 = - registry.SerializeKey<NoIdSerialization>(NoIdKey()); + registry.SerializeKey<NoIdSerialization>(NoIdKey(), + InsecureSecretKeyAccess::Get()); ASSERT_THAT(serialization1, IsOk()); EXPECT_THAT((*serialization1)->ObjectIdentifier(), Eq(kNoIdTypeUrl)); util::StatusOr<std::unique_ptr<Serialization>> serialization2 = - registry.SerializeKey<IdKeySerialization>(IdKey(123)); + registry.SerializeKey<IdKeySerialization>(IdKey(123), + InsecureSecretKeyAccess::Get()); ASSERT_THAT(serialization2, IsOk()); EXPECT_THAT((*serialization2)->ObjectIdentifier(), Eq(kIdTypeUrl)); } +TEST(SerializationRegistryTest, SerializeKeyNoSecretAccess) { + SerializationRegistry::Builder builder; + KeySerializerImpl<NoIdKey, NoIdSerialization> serializer(SerializeNoIdKey); + ASSERT_THAT(builder.RegisterKeySerializer(&serializer), IsOk()); + + SerializationRegistry registry = builder.Build(); + + util::StatusOr<std::unique_ptr<Serialization>> serialization = + registry.SerializeKey<NoIdSerialization>(NoIdKey(), + absl::nullopt); + ASSERT_THAT(serialization, IsOk()); + EXPECT_THAT((*serialization)->ObjectIdentifier(), Eq(kNoIdTypeUrl)); +} + TEST(SerializationRegistryTest, SerializeKeyWithoutRegistration) { SerializationRegistry::Builder builder; SerializationRegistry registry = builder.Build(); - ASSERT_THAT(registry.SerializeKey<NoIdSerialization>(NoIdKey()).status(), + ASSERT_THAT(registry + .SerializeKey<NoIdSerialization>( + NoIdKey(), InsecureSecretKeyAccess::Get()) + .status(), StatusIs(absl::StatusCode::kNotFound)); } @@ -283,12 +319,13 @@ TEST(SerializationRegistryTest, BuiltFromAnotherRegistry) { EXPECT_THAT((*params_serialization)->ObjectIdentifier(), Eq(kNoIdTypeUrl)); util::StatusOr<std::unique_ptr<Key>> key = - registry2.ParseKey(NoIdSerialization()); + registry2.ParseKey(NoIdSerialization(), InsecureSecretKeyAccess::Get()); ASSERT_THAT(key, IsOk()); EXPECT_THAT(std::type_index(typeid(**key)), std::type_index(typeid(NoIdKey))); util::StatusOr<std::unique_ptr<Serialization>> key_serialization = - registry2.SerializeKey<NoIdSerialization>(NoIdKey()); + registry2.SerializeKey<NoIdSerialization>(NoIdKey(), + InsecureSecretKeyAccess::Get()); ASSERT_THAT(key_serialization, IsOk()); EXPECT_THAT((*key_serialization)->ObjectIdentifier(), Eq(kNoIdTypeUrl)); } @@ -322,12 +359,13 @@ TEST(SerializationRegistryTest, RegistryCopy) { EXPECT_THAT((*params_serialization)->ObjectIdentifier(), Eq(kNoIdTypeUrl)); util::StatusOr<std::unique_ptr<Key>> key = - registry2.ParseKey(NoIdSerialization()); + registry2.ParseKey(NoIdSerialization(), InsecureSecretKeyAccess::Get()); ASSERT_THAT(key, IsOk()); EXPECT_THAT(std::type_index(typeid(**key)), std::type_index(typeid(NoIdKey))); util::StatusOr<std::unique_ptr<Serialization>> key_serialization = - registry2.SerializeKey<NoIdSerialization>(NoIdKey()); + registry2.SerializeKey<NoIdSerialization>(NoIdKey(), + InsecureSecretKeyAccess::Get()); ASSERT_THAT(key_serialization, IsOk()); EXPECT_THAT((*key_serialization)->ObjectIdentifier(), Eq(kNoIdTypeUrl)); } @@ -361,12 +399,13 @@ TEST(SerializationRegistryTest, RegistryMove) { EXPECT_THAT((*params_serialization)->ObjectIdentifier(), Eq(kNoIdTypeUrl)); util::StatusOr<std::unique_ptr<Key>> key = - registry2.ParseKey(NoIdSerialization()); + registry2.ParseKey(NoIdSerialization(), InsecureSecretKeyAccess::Get()); ASSERT_THAT(key, IsOk()); EXPECT_THAT(std::type_index(typeid(**key)), std::type_index(typeid(NoIdKey))); util::StatusOr<std::unique_ptr<Serialization>> key_serialization = - registry2.SerializeKey<NoIdSerialization>(NoIdKey()); + registry2.SerializeKey<NoIdSerialization>(NoIdKey(), + InsecureSecretKeyAccess::Get()); ASSERT_THAT(key_serialization, IsOk()); EXPECT_THAT((*key_serialization)->ObjectIdentifier(), Eq(kNoIdTypeUrl)); } diff --git a/cc/mac/BUILD.bazel b/cc/mac/BUILD.bazel index b0400ecb9..e5d344397 100644 --- a/cc/mac/BUILD.bazel +++ b/cc/mac/BUILD.bazel @@ -300,6 +300,7 @@ cc_test( ":mac_config", ":mac_key_templates", "//:chunked_mac", + "//:insecure_secret_key_access", "//:keyset_handle", "//:mac", "//:partial_key_access", diff --git a/cc/mac/CMakeLists.txt b/cc/mac/CMakeLists.txt index 82f00d067..c7dbe23ca 100644 --- a/cc/mac/CMakeLists.txt +++ b/cc/mac/CMakeLists.txt @@ -286,6 +286,7 @@ tink_cc_test( absl::status crypto tink::core::chunked_mac + tink::core::insecure_secret_key_access tink::core::keyset_handle tink::core::mac tink::core::partial_key_access diff --git a/cc/mac/aes_cmac_proto_serialization_test.cc b/cc/mac/aes_cmac_proto_serialization_test.cc index 0edd1fc76..ed80538cd 100644 --- a/cc/mac/aes_cmac_proto_serialization_test.cc +++ b/cc/mac/aes_cmac_proto_serialization_test.cc @@ -210,7 +210,7 @@ TEST_P(AesCmacProtoSerializationTest, ParseKey) { util::StatusOr<std::unique_ptr<Key>> key = internal::MutableSerializationRegistry::GlobalInstance().ParseKey( - *serialization); + *serialization, InsecureSecretKeyAccess::Get()); ASSERT_THAT(key, IsOk()); EXPECT_THAT((*key)->GetIdRequirement(), Eq(test_case.id)); EXPECT_THAT((*key)->GetParameters().HasIdRequirement(), @@ -255,7 +255,7 @@ TEST_F(AesCmacProtoSerializationTest, ParseKeyWithInvalidSerialization) { util::StatusOr<std::unique_ptr<Key>> key = internal::MutableSerializationRegistry::GlobalInstance().ParseKey( - *serialization); + *serialization, InsecureSecretKeyAccess::Get()); ASSERT_THAT(key.status(), StatusIs(absl::StatusCode::kInvalidArgument)); } @@ -279,7 +279,7 @@ TEST_F(AesCmacProtoSerializationTest, ParseKeyWithInvalidVersion) { util::StatusOr<std::unique_ptr<Key>> key = internal::MutableSerializationRegistry::GlobalInstance().ParseKey( - *serialization); + *serialization, InsecureSecretKeyAccess::Get()); ASSERT_THAT(key.status(), StatusIs(absl::StatusCode::kInvalidArgument)); } @@ -300,7 +300,8 @@ TEST_P(AesCmacProtoSerializationTest, SerializeKey) { util::StatusOr<std::unique_ptr<Serialization>> serialization = internal::MutableSerializationRegistry::GlobalInstance() - .SerializeKey<internal::ProtoKeySerialization>(*key); + .SerializeKey<internal::ProtoKeySerialization>( + *key, InsecureSecretKeyAccess::Get()); ASSERT_THAT(serialization, IsOk()); EXPECT_THAT((*serialization)->ObjectIdentifier(), Eq("type.googleapis.com/google.crypto.tink.AesCmacKey")); diff --git a/cc/mac/mac_config_test.cc b/cc/mac/mac_config_test.cc index 44009c075..7243a9ac9 100644 --- a/cc/mac/mac_config_test.cc +++ b/cc/mac/mac_config_test.cc @@ -24,6 +24,7 @@ #include "gtest/gtest.h" #include "absl/status/status.h" #include "tink/chunked_mac.h" +#include "tink/insecure_secret_key_access.h" #include "tink/internal/fips_utils.h" #include "tink/internal/mutable_serialization_registry.h" #include "tink/internal/proto_key_serialization.h" @@ -196,7 +197,7 @@ TEST_F(MacConfigTest, AesCmacProtoKeySerializationRegistered) { util::StatusOr<std::unique_ptr<Key>> parsed_key = internal::MutableSerializationRegistry::GlobalInstance().ParseKey( - *proto_key_serialization); + *proto_key_serialization, InsecureSecretKeyAccess::Get()); ASSERT_THAT(parsed_key.status(), StatusIs(absl::StatusCode::kNotFound)); util::StatusOr<AesCmacParameters> params = AesCmacParameters::Create( @@ -213,19 +214,21 @@ TEST_F(MacConfigTest, AesCmacProtoKeySerializationRegistered) { util::StatusOr<std::unique_ptr<Serialization>> serialized_key = internal::MutableSerializationRegistry::GlobalInstance() - .SerializeKey<internal::ProtoKeySerialization>(*key); + .SerializeKey<internal::ProtoKeySerialization>( + *key, InsecureSecretKeyAccess::Get()); ASSERT_THAT(serialized_key.status(), StatusIs(absl::StatusCode::kNotFound)); ASSERT_THAT(MacConfig::Register(), IsOk()); util::StatusOr<std::unique_ptr<Key>> parsed_key2 = internal::MutableSerializationRegistry::GlobalInstance().ParseKey( - *proto_key_serialization); + *proto_key_serialization, InsecureSecretKeyAccess::Get()); ASSERT_THAT(parsed_key2, IsOk()); util::StatusOr<std::unique_ptr<Serialization>> serialized_key2 = internal::MutableSerializationRegistry::GlobalInstance() - .SerializeKey<internal::ProtoKeySerialization>(*key); + .SerializeKey<internal::ProtoKeySerialization>( + *key, InsecureSecretKeyAccess::Get()); ASSERT_THAT(serialized_key2, IsOk()); } |