Register AES-GCM proto serialization.

PiperOrigin-RevId: 546845334
author: wconner <wconner@google.com> 2023-07-10 05:43:25 -0700
committer: Copybara-Service <copybara-worker@google.com> 2023-07-10 05:44:26 -0700
commit: b53d160793b07c603f0abffee363f25184a9627f (patch)
tree: 0e52e611074de28021f170a7befa12f82fe7fafe /cc/aead
parent: 2995b1ecd7725bd4534e1acf21af0b038265b87d (diff)
download: tink-b53d160793b07c603f0abffee363f25184a9627f.tar.gz
4 files changed, 135 insertions, 1 deletions
diff --git a/cc/aead/BUILD.bazel b/cc/aead/BUILD.bazel
index 803e1fc62..9360bbdbd 100644
--- a/cc/aead/BUILD.bazel
+++ b/cc/aead/BUILD.bazel
@@ -63,6 +63,7 @@ cc_library(
         ":aes_ctr_hmac_aead_key_manager",
         ":aes_eax_key_manager",
         ":aes_gcm_key_manager",
+        ":aes_gcm_proto_serialization",
         ":aes_gcm_siv_key_manager",
         ":kms_aead_key_manager",
         ":kms_envelope_aead_key_manager",
@@ -459,13 +460,20 @@ cc_test(
     deps = [
         ":aead_config",
         ":aead_key_templates",
+        ":aes_gcm_key",
         ":aes_gcm_key_manager",
+        ":aes_gcm_parameters",
         "//:aead",
+        "//:insecure_secret_key_access",
         "//:keyset_handle",
+        "//:partial_key_access",
         "//:primitive_set",
         "//:registry",
         "//config:tink_fips",
         "//internal:fips_utils",
+        "//internal:mutable_serialization_registry",
+        "//internal:proto_key_serialization",
+        "//internal:proto_parameters_serialization",
         "//proto:tink_cc_proto",
         "//util:status",
         "//util:statusor",
diff --git a/cc/aead/CMakeLists.txt b/cc/aead/CMakeLists.txt
index 5c1adf698..149eab064 100644
--- a/cc/aead/CMakeLists.txt
+++ b/cc/aead/CMakeLists.txt
@@ -58,6 +58,7 @@ tink_cc_library(
     tink::aead::aes_ctr_hmac_aead_key_manager
     tink::aead::aes_eax_key_manager
     tink::aead::aes_gcm_key_manager
+    tink::aead::aes_gcm_proto_serialization
     tink::aead::aes_gcm_siv_key_manager
     tink::aead::kms_aead_key_manager
     tink::aead::kms_envelope_aead_key_manager
@@ -430,16 +431,23 @@ tink_cc_test(
   DEPS
     tink::aead::aead_config
     tink::aead::aead_key_templates
+    tink::aead::aes_gcm_key
     tink::aead::aes_gcm_key_manager
+    tink::aead::aes_gcm_parameters
     gmock
     absl::memory
     absl::status
     tink::core::aead
+    tink::core::insecure_secret_key_access
     tink::core::keyset_handle
+    tink::core::partial_key_access
     tink::core::primitive_set
     tink::core::registry
     tink::config::tink_fips
     tink::internal::fips_utils
+    tink::internal::mutable_serialization_registry
+    tink::internal::proto_key_serialization
+    tink::internal::proto_parameters_serialization
     tink::util::status
     tink::util::statusor
     tink::util::test_matchers
diff --git a/cc/aead/aead_config.cc b/cc/aead/aead_config.cc
index b5a84cac8..b6ba99b07 100644
--- a/cc/aead/aead_config.cc
+++ b/cc/aead/aead_config.cc
@@ -22,6 +22,7 @@
 #include "tink/aead/aes_ctr_hmac_aead_key_manager.h"
 #include "tink/aead/aes_eax_key_manager.h"
 #include "tink/aead/aes_gcm_key_manager.h"
+#include "tink/aead/aes_gcm_proto_serialization.h"
 #include "tink/aead/aes_gcm_siv_key_manager.h"
 #include "tink/aead/kms_aead_key_manager.h"
 #include "tink/aead/kms_envelope_aead_key_manager.h"
@@ -52,6 +53,9 @@ util::Status AeadConfig::Register() {
       absl::make_unique<AesGcmKeyManager>(), true);
   if (!status.ok()) return status;
 
+  status = RegisterAesGcmProtoSerialization();
+  if (!status.ok()) return status;
+
   if (IsFipsModeEnabled()) {
     return util::OkStatus();
   }
diff --git a/cc/aead/aead_config_test.cc b/cc/aead/aead_config_test.cc
index 4a7945d3f..157902bc4 100644
--- a/cc/aead/aead_config_test.cc
+++ b/cc/aead/aead_config_test.cc
@@ -27,10 +27,17 @@
 #include "absl/status/status.h"
 #include "tink/aead.h"
 #include "tink/aead/aead_key_templates.h"
+#include "tink/aead/aes_gcm_key.h"
 #include "tink/aead/aes_gcm_key_manager.h"
+#include "tink/aead/aes_gcm_parameters.h"
 #include "tink/config/tink_fips.h"
+#include "tink/insecure_secret_key_access.h"
 #include "tink/internal/fips_utils.h"
+#include "tink/internal/mutable_serialization_registry.h"
+#include "tink/internal/proto_key_serialization.h"
+#include "tink/internal/proto_parameters_serialization.h"
 #include "tink/keyset_handle.h"
+#include "tink/partial_key_access.h"
 #include "tink/primitive_set.h"
 #include "tink/registry.h"
 #include "tink/util/status.h"
@@ -45,14 +52,19 @@ namespace {
 using ::crypto::tink::test::IsOk;
 using ::crypto::tink::test::StatusIs;
 using ::crypto::tink::util::StatusOr;
+using ::google::crypto::tink::KeyData;
 using ::google::crypto::tink::KeyTemplate;
+using ::google::crypto::tink::OutputPrefixType;
 using ::testing::IsNull;
 using ::testing::Not;
 using ::testing::Test;
 
 class AeadConfigTest : public Test {
  protected:
-  void SetUp() override { Registry::Reset(); }
+  void SetUp() override {
+    Registry::Reset();
+    internal::MutableSerializationRegistry::GlobalInstance().Reset();
+  }
 };
 
 TEST_F(AeadConfigTest, RegisterWorks) {
@@ -138,6 +150,108 @@ TEST_F(AeadConfigTest, RegisterFailsIfBoringCryptoNotAvailable) {
   EXPECT_THAT(AeadConfig::Register(), StatusIs(absl::StatusCode::kInternal));
 }
 
+TEST_F(AeadConfigTest, AesGcmProtoParamsSerializationRegistered) {
+  if (IsFipsModeEnabled()) {
+    GTEST_SKIP() << "Not supported in FIPS-only mode";
+  }
+
+  util::StatusOr<internal::ProtoParametersSerialization>
+      proto_params_serialization =
+          internal::ProtoParametersSerialization::Create(
+              AeadKeyTemplates::Aes256Gcm());
+  ASSERT_THAT(proto_params_serialization, IsOk());
+
+  util::StatusOr<std::unique_ptr<Parameters>> parsed_params =
+      internal::MutableSerializationRegistry::GlobalInstance().ParseParameters(
+          *proto_params_serialization);
+  ASSERT_THAT(parsed_params.status(), StatusIs(absl::StatusCode::kNotFound));
+
+  util::StatusOr<AesGcmParameters> params =
+      AesGcmParameters::Builder()
+          .SetVariant(AesGcmParameters::Variant::kTink)
+          .SetKeySizeInBytes(32)
+          .SetIvSizeInBytes(12)
+          .SetTagSizeInBytes(16)
+          .Build();
+  ASSERT_THAT(params, IsOk());
+
+  util::StatusOr<std::unique_ptr<Serialization>> serialized_params =
+      internal::MutableSerializationRegistry::GlobalInstance()
+          .SerializeParameters<internal::ProtoParametersSerialization>(*params);
+  ASSERT_THAT(serialized_params.status(),
+              StatusIs(absl::StatusCode::kNotFound));
+
+  ASSERT_THAT(AeadConfig::Register(), IsOk());
+
+  util::StatusOr<std::unique_ptr<Parameters>> parsed_params2 =
+      internal::MutableSerializationRegistry::GlobalInstance().ParseParameters(
+          *proto_params_serialization);
+  ASSERT_THAT(parsed_params2, IsOk());
+
+  util::StatusOr<std::unique_ptr<Serialization>> serialized_params2 =
+      internal::MutableSerializationRegistry::GlobalInstance()
+          .SerializeParameters<internal::ProtoParametersSerialization>(*params);
+  ASSERT_THAT(serialized_params2, IsOk());
+}
+
+TEST_F(AeadConfigTest, AesGcmProtoKeySerializationRegistered) {
+  if (IsFipsModeEnabled()) {
+    GTEST_SKIP() << "Not supported in FIPS-only mode";
+  }
+
+  google::crypto::tink::AesGcmKey key_proto;
+  key_proto.set_version(0);
+  key_proto.set_key_value(subtle::Random::GetRandomBytes(32));
+
+  util::StatusOr<internal::ProtoKeySerialization> proto_key_serialization =
+      internal::ProtoKeySerialization::Create(
+          "type.googleapis.com/google.crypto.tink.AesGcmKey",
+          RestrictedData(key_proto.SerializeAsString(),
+                         InsecureSecretKeyAccess::Get()),
+          KeyData::SYMMETRIC, OutputPrefixType::TINK, /*id_requirement=*/123);
+  ASSERT_THAT(proto_key_serialization, IsOk());
+
+  util::StatusOr<std::unique_ptr<Key>> parsed_key =
+      internal::MutableSerializationRegistry::GlobalInstance().ParseKey(
+          *proto_key_serialization, InsecureSecretKeyAccess::Get());
+  ASSERT_THAT(parsed_key.status(), StatusIs(absl::StatusCode::kNotFound));
+
+  util::StatusOr<AesGcmParameters> params =
+      AesGcmParameters::Builder()
+          .SetVariant(AesGcmParameters::Variant::kTink)
+          .SetKeySizeInBytes(32)
+          .SetIvSizeInBytes(12)
+          .SetTagSizeInBytes(16)
+          .Build();
+  ASSERT_THAT(params, IsOk());
+
+  util::StatusOr<AesGcmKey> key =
+      AesGcmKey::Create(*params,
+                        RestrictedData(subtle::Random::GetRandomBytes(32),
+                                       InsecureSecretKeyAccess::Get()),
+                        /*id_requirement=*/123, GetPartialKeyAccess());
+  ASSERT_THAT(key, IsOk());
+
+  util::StatusOr<std::unique_ptr<Serialization>> serialized_key =
+      internal::MutableSerializationRegistry::GlobalInstance()
+          .SerializeKey<internal::ProtoKeySerialization>(
+              *key, InsecureSecretKeyAccess::Get());
+  ASSERT_THAT(serialized_key.status(), StatusIs(absl::StatusCode::kNotFound));
+
+  ASSERT_THAT(AeadConfig::Register(), IsOk());
+
+  util::StatusOr<std::unique_ptr<Key>> parsed_key2 =
+      internal::MutableSerializationRegistry::GlobalInstance().ParseKey(
+          *proto_key_serialization, InsecureSecretKeyAccess::Get());
+  ASSERT_THAT(parsed_key2, IsOk());
+
+  util::StatusOr<std::unique_ptr<Serialization>> serialized_key2 =
+      internal::MutableSerializationRegistry::GlobalInstance()
+          .SerializeKey<internal::ProtoKeySerialization>(
+              *key, InsecureSecretKeyAccess::Get());
+  ASSERT_THAT(serialized_key2, IsOk());
+}
+
 }  // namespace
 }  // namespace tink
 }  // namespace crypto
author	wconner <wconner@google.com>	2023-07-10 05:43:25 -0700
committer	Copybara-Service <copybara-worker@google.com>	2023-07-10 05:44:26 -0700
commit	b53d160793b07c603f0abffee363f25184a9627f (patch)
tree	0e52e611074de28021f170a7befa12f82fe7fafe /cc/aead
parent	2995b1ecd7725bd4534e1acf21af0b038265b87d (diff)
download	tink-b53d160793b07c603f0abffee363f25184a9627f.tar.gz