diff options
| author | kste <kste@google.com> | 2020-07-09 05:57:35 -0700 |
|---|---|---|
| committer | Copybara-Service <copybara-worker@google.com> | 2020-07-09 05:58:07 -0700 |
| commit | ce4388b632143ee65ae0196611ef38aba45f8b87 (patch) | |
| tree | 216e4053b8250a02b2d01895459b08b81f1b2d3b /cc/mac/mac_config.cc | |
| parent | 7774f24559d1aff5ede208e347d02af8471bbacb (diff) | |
| download | tink-ce4388b632143ee65ae0196611ef38aba45f8b87.tar.gz | |
Restrict Mac registry when using FIPS only mode.
When using FIPS only mode, this restricts Mac registry to only register the FIPS validated HMAC implementations.
PiperOrigin-RevId: 320381070
Diffstat (limited to 'cc/mac/mac_config.cc')
| -rw-r--r-- | cc/mac/mac_config.cc | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/cc/mac/mac_config.cc b/cc/mac/mac_config.cc index b891285f0..99d911005 100644 --- a/cc/mac/mac_config.cc +++ b/cc/mac/mac_config.cc @@ -18,6 +18,7 @@ #include "absl/memory/memory.h" #include "tink/config/config_util.h" +#include "tink/config/tink_fips.h" #include "tink/mac/aes_cmac_key_manager.h" #include "tink/mac/hmac_key_manager.h" #include "tink/mac/mac_wrapper.h" @@ -38,16 +39,27 @@ const RegistryConfig& MacConfig::Latest() { // static util::Status MacConfig::Register() { - // Register key managers. - auto status = Registry::RegisterKeyTypeManager( - absl::make_unique<HmacKeyManager>(), true); + // Register primitive wrapper. + auto status = + Registry::RegisterPrimitiveWrapper(absl::make_unique<MacWrapper>()); + if (!status.ok()) return status; + + // Register key managers which utilize the FIPS validated BoringCrypto + // implementations. + status = Registry::RegisterKeyTypeManager(absl::make_unique<HmacKeyManager>(), + true); if (!status.ok()) return status; + + if (kUseOnlyFips) { + return util::OkStatus(); + } + + // CMac in BoringSSL is not FIPS validated. status = Registry::RegisterKeyTypeManager( absl::make_unique<AesCmacKeyManager>(), true); if (!status.ok()) return status; - // Register primitive wrapper. - return Registry::RegisterPrimitiveWrapper(absl::make_unique<MacWrapper>()); + return util::OkStatus(); } } // namespace tink |