diff options
author | cinlin <cinlin@google.com> | 2023-05-26 12:51:06 -0700 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2023-05-26 12:52:15 -0700 |
commit | 5a7e398c29e12c42a9daf67517779e50b884076b (patch) | |
tree | 962b966213abe06c59a82116d6ad585423c3533f /cc/config | |
parent | 457ee1a9bb06351431ce872d80d070eb2dc2e073 (diff) | |
download | tink-5a7e398c29e12c42a9daf67517779e50b884076b.tar.gz |
Use KeysetWrapperStore, KeyTypeInfoStore in Configuration instead of RegistryImpl.
PiperOrigin-RevId: 535691511
Diffstat (limited to 'cc/config')
-rw-r--r-- | cc/config/BUILD.bazel | 1 | ||||
-rw-r--r-- | cc/config/CMakeLists.txt | 1 | ||||
-rw-r--r-- | cc/config/fips_140_2_test.cc | 70 |
3 files changed, 42 insertions, 30 deletions
diff --git a/cc/config/BUILD.bazel b/cc/config/BUILD.bazel index 8d9dd0be1..6410ccf55 100644 --- a/cc/config/BUILD.bazel +++ b/cc/config/BUILD.bazel @@ -142,7 +142,6 @@ cc_test( "//aead:aes_gcm_key_manager", "//internal:configuration_impl", "//internal:fips_utils", - "//internal:registry_impl", "//mac:aes_cmac_key_manager", "//mac:hmac_key_manager", "//prf:hmac_prf_key_manager", diff --git a/cc/config/CMakeLists.txt b/cc/config/CMakeLists.txt index 3a5f05df9..6a47520d6 100644 --- a/cc/config/CMakeLists.txt +++ b/cc/config/CMakeLists.txt @@ -127,7 +127,6 @@ tink_cc_test( tink::aead::aes_gcm_key_manager tink::internal::configuration_impl tink::internal::fips_utils - tink::internal::registry_impl tink::mac::aes_cmac_key_manager tink::mac::hmac_key_manager tink::prf::hmac_prf_key_manager diff --git a/cc/config/fips_140_2_test.cc b/cc/config/fips_140_2_test.cc index fb01f12b0..0596e0829 100644 --- a/cc/config/fips_140_2_test.cc +++ b/cc/config/fips_140_2_test.cc @@ -26,7 +26,6 @@ #include "tink/aead/aes_gcm_key_manager.h" #include "tink/internal/configuration_impl.h" #include "tink/internal/fips_utils.h" -#include "tink/internal/registry_impl.h" #include "tink/mac/aes_cmac_key_manager.h" #include "tink/mac/hmac_key_manager.h" #include "tink/prf/hmac_prf_key_manager.h" @@ -44,11 +43,12 @@ namespace { using ::crypto::tink::test::IsOk; using ::crypto::tink::test::IsOkAndHolds; +using ::crypto::tink::test::StatusIs; using ::google::crypto::tink::KeyData; using ::google::crypto::tink::Keyset; using ::google::crypto::tink::KeyStatusType; +using ::google::crypto::tink::KeyTemplate; using ::google::crypto::tink::OutputPrefixType; -using ::testing::Not; class Fips1402Test : public ::testing::Test { protected: @@ -60,26 +60,34 @@ TEST_F(Fips1402Test, ConfigFips1402) { GTEST_SKIP() << "Only test in FIPS mode"; } - const internal::RegistryImpl& registry = - internal::ConfigurationImpl::get_registry(ConfigFips140_2()); - EXPECT_THAT(registry.get_key_manager<Mac>(HmacKeyManager().get_key_type()), - IsOk()); EXPECT_THAT( - registry.get_key_manager<Aead>(AesCtrHmacAeadKeyManager().get_key_type()), + internal::ConfigurationImpl::GetKeyTypeInfoStore(ConfigFips140_2()) + .Get(HmacKeyManager().get_key_type()), + IsOk()); + EXPECT_THAT( + internal::ConfigurationImpl::GetKeyTypeInfoStore(ConfigFips140_2()) + .Get(AesCtrHmacAeadKeyManager().get_key_type()), + IsOk()); + EXPECT_THAT( + internal::ConfigurationImpl::GetKeyTypeInfoStore(ConfigFips140_2()) + .Get(AesGcmKeyManager().get_key_type()), + IsOk()); + EXPECT_THAT( + internal::ConfigurationImpl::GetKeyTypeInfoStore(ConfigFips140_2()) + .Get(HmacPrfKeyManager().get_key_type()), + IsOk()); + EXPECT_THAT( + internal::ConfigurationImpl::GetKeyTypeInfoStore(ConfigFips140_2()) + .Get(EcdsaVerifyKeyManager().get_key_type()), + IsOk()); + EXPECT_THAT( + internal::ConfigurationImpl::GetKeyTypeInfoStore(ConfigFips140_2()) + .Get(RsaSsaPssVerifyKeyManager().get_key_type()), + IsOk()); + EXPECT_THAT( + internal::ConfigurationImpl::GetKeyTypeInfoStore(ConfigFips140_2()) + .Get(RsaSsaPkcs1VerifyKeyManager().get_key_type()), IsOk()); - EXPECT_THAT(registry.get_key_manager<Aead>(AesGcmKeyManager().get_key_type()), - IsOk()); - EXPECT_THAT(registry.get_key_manager<Prf>(HmacPrfKeyManager().get_key_type()), - IsOk()); - EXPECT_THAT(registry.get_key_manager<PublicKeyVerify>( - EcdsaVerifyKeyManager().get_key_type()), - IsOk()); - EXPECT_THAT(registry.get_key_manager<PublicKeyVerify>( - RsaSsaPssVerifyKeyManager().get_key_type()), - IsOk()); - EXPECT_THAT(registry.get_key_manager<PublicKeyVerify>( - RsaSsaPkcs1VerifyKeyManager().get_key_type()), - IsOk()); } TEST_F(Fips1402Test, NonFipsKeyManagerIsNotPresent) { @@ -87,10 +95,11 @@ TEST_F(Fips1402Test, NonFipsKeyManagerIsNotPresent) { GTEST_SKIP() << "Only test in FIPS mode"; } - const internal::RegistryImpl& registry = - internal::ConfigurationImpl::get_registry(ConfigFips140_2()); - EXPECT_THAT(registry.get_key_manager<Mac>(AesCmacKeyManager().get_key_type()), - Not(IsOk())); + EXPECT_THAT( + internal::ConfigurationImpl::GetKeyTypeInfoStore(ConfigFips140_2()) + .Get(AesCmacKeyManager().get_key_type()) + .status(), + StatusIs(absl::StatusCode::kNotFound)); } TEST_F(Fips1402Test, ConfigFips1402FailsInNonFipsMode) { @@ -102,16 +111,21 @@ TEST_F(Fips1402Test, ConfigFips1402FailsInNonFipsMode) { ConfigFips140_2(), "BoringSSL not built with the BoringCrypto module."); } -TEST_F(Fips1402Test, NewKeyDataAndWrapKeysetSucceeds) { +TEST_F(Fips1402Test, NewKeyDataAndGetPrimitiveSucceeds) { if (!internal::IsFipsEnabledInSsl()) { GTEST_SKIP() << "Only test in FIPS mode"; } - const internal::RegistryImpl& registry = - internal::ConfigurationImpl::get_registry(ConfigFips140_2()); + // TODO(b/265705174): Replace with KeysetHandle::GenerateNew once that takes a + // config parameter. + KeyTemplate templ = AeadKeyTemplates::Aes128Gcm(); + util::StatusOr<internal::KeyTypeInfoStore::Info*> info = + internal::ConfigurationImpl::GetKeyTypeInfoStore(ConfigFips140_2()) + .Get(templ.type_url()); + ASSERT_THAT(info, IsOk()); util::StatusOr<std::unique_ptr<KeyData>> key_data = - registry.NewKeyData(AeadKeyTemplates::Aes128Gcm()); + (*info)->key_factory().NewKeyData(templ.value()); ASSERT_THAT(key_data, IsOk()); Keyset keyset; |