Refactor tink fips into an internal and public part.

Create a new fips_util target which captures all internal functions used for implementing the FIPS checks and puts it in the internal namespace. The tink_fips.h now only provides functions which are part of the public API. PiperOrigin-RevId: 368843791
author: kste <kste@google.com> 2021-04-16 07:33:15 -0700
committer: Copybara-Service <copybara-worker@google.com> 2021-04-16 07:33:51 -0700
commit: 47b6e1783c8dc1eaed150632efd2ceb50f3f867c (patch)
tree: e62a25949509a252b05e42065289b9e3efaeea0a /cc/daead
parent: 564daf0fd1e6a27ef469fdb0b85ffb60e3a0375e (diff)
download: tink-47b6e1783c8dc1eaed150632efd2ceb50f3f867c.tar.gz
3 files changed, 4 insertions, 8 deletions
diff --git a/cc/daead/aes_siv_key_manager.h b/cc/daead/aes_siv_key_manager.h
index f82dd46d2..ba83794bd 100644
--- a/cc/daead/aes_siv_key_manager.h
+++ b/cc/daead/aes_siv_key_manager.h
@@ -107,10 +107,6 @@ class AesSivKeyManager
     return key;
   }
 
-  FipsCompatibility FipsStatus() const override {
-    return FipsCompatibility::kNotFips;
-  }
-
  private:
   crypto::tink::util::Status ValidateKeySize(uint32_t key_size) const {
     if (key_size != kKeySizeInBytes) {
diff --git a/cc/daead/deterministic_aead_config.cc b/cc/daead/deterministic_aead_config.cc
index f745f9dd0..749f8cf4a 100644
--- a/cc/daead/deterministic_aead_config.cc
+++ b/cc/daead/deterministic_aead_config.cc
@@ -40,7 +40,7 @@ const RegistryConfig& DeterministicAeadConfig::Latest() {
 util::Status DeterministicAeadConfig::Register() {
   // Currently there are no FIPS-validated deterministic AEAD key managers
   // available, therefore none will be registered in FIPS only mode.
-  if (kUseOnlyFips) {
+  if (IsFipsModeEnabled()) {
     return util::OkStatus();
   }
 
diff --git a/cc/daead/deterministic_aead_config_test.cc b/cc/daead/deterministic_aead_config_test.cc
index 8bada4d3b..bed325b20 100644
--- a/cc/daead/deterministic_aead_config_test.cc
+++ b/cc/daead/deterministic_aead_config_test.cc
@@ -46,7 +46,7 @@ class DeterministicAeadConfigTest : public ::testing::Test {
 };
 
 TEST_F(DeterministicAeadConfigTest, Basic) {
-  if (kUseOnlyFips) {
+  if (IsFipsModeEnabled()) {
     GTEST_SKIP() << "Not supported in FIPS-only mode";
   }
 
@@ -64,7 +64,7 @@ TEST_F(DeterministicAeadConfigTest, Basic) {
 // Tests that the DeterministicAeadWrapper has been properly registered and we
 // can wrap primitives.
 TEST_F(DeterministicAeadConfigTest, WrappersRegistered) {
-  if (kUseOnlyFips) {
+  if (IsFipsModeEnabled()) {
     GTEST_SKIP() << "Not supported in FIPS-only mode";
   }
 
@@ -102,7 +102,7 @@ TEST_F(DeterministicAeadConfigTest, WrappersRegistered) {
 }
 
 TEST_F(DeterministicAeadConfigTest, RegisterFipsValidTemplates) {
-  if (!kUseOnlyFips) {
+  if (!IsFipsModeEnabled()) {
     GTEST_SKIP() << "Only supported in FIPS-only mode";
   }
author	kste <kste@google.com>	2021-04-16 07:33:15 -0700
committer	Copybara-Service <copybara-worker@google.com>	2021-04-16 07:33:51 -0700
commit	47b6e1783c8dc1eaed150632efd2ceb50f3f867c (patch)
tree	e62a25949509a252b05e42065289b9e3efaeea0a /cc/daead
parent	564daf0fd1e6a27ef469fdb0b85ffb60e3a0375e (diff)
download	tink-47b6e1783c8dc1eaed150632efd2ceb50f3f867c.tar.gz