Adding KeyTypeManager for HMAC as PRF, for PrfSet.

PiperOrigin-RevId: 304268055
author: sschmieg <sschmieg@google.com> 2020-04-01 14:54:03 -0700
committer: Copybara-Service <copybara-worker@google.com> 2020-04-01 14:54:44 -0700
commit: 8785fbc794e8b75370cdeb0f31af3c9756daae47 (patch)
tree: 3bd1996cdce164e29654a883b705e5adc2ac863d /cc/prf
parent: 24fb495a44e8517141806ac744158fd919704993 (diff)
download: tink-8785fbc794e8b75370cdeb0f31af3c9756daae47.tar.gz
7 files changed, 507 insertions, 3 deletions
diff --git a/cc/prf/BUILD.bazel b/cc/prf/BUILD.bazel
index f70f060aa..47e931153 100644
--- a/cc/prf/BUILD.bazel
+++ b/cc/prf/BUILD.bazel
@@ -49,6 +49,7 @@ cc_library(
     visibility = ["//visibility:public"],
     deps = [
         ":aes_cmac_prf_key_manager",
+        ":hmac_prf_key_manager",
         "//proto:aes_cmac_prf_cc_proto",
         "//proto:hkdf_prf_cc_proto",
         "//proto:hmac_prf_cc_proto",
@@ -95,6 +96,34 @@ cc_library(
     ],
 )
 
+cc_library(
+    name = "hmac_prf_key_manager",
+    srcs = ["hmac_prf_key_manager.cc"],
+    hdrs = ["hmac_prf_key_manager.h"],
+    include_prefix = "tink/prf",
+    deps = [
+        "//:core/key_type_manager",
+        "//:key_manager",
+        "//proto:hmac_prf_cc_proto",
+        "//proto:tink_cc_proto",
+        "//subtle:common_enums",
+        "//subtle:random",
+        "//subtle:stateful_hmac_boringssl",
+        "//subtle/prf:prf_set_util",
+        "//util:constants",
+        "//util:enums",
+        "//util:errors",
+        "//util:input_stream_util",
+        "//util:protobuf_helper",
+        "//util:secret_data",
+        "//util:status",
+        "//util:statusor",
+        "//util:validation",
+        "@com_google_absl//absl/memory",
+        "@com_google_absl//absl/strings",
+    ],
+)
+
 cc_test(
     name = "hkdf_prf_key_manager_test",
     srcs = ["hkdf_prf_key_manager_test.cc"],
@@ -116,8 +145,10 @@ cc_test(
     deps = [
         ":aes_cmac_prf_key_manager",
         ":hkdf_prf_key_manager",
+        ":hmac_prf_key_manager",
         ":prf_key_templates",
         "//proto:aes_cmac_prf_cc_proto",
+        "//proto:hmac_prf_cc_proto",
         "//util:test_matchers",
         "@com_google_absl//absl/memory",
         "@com_google_googletest//:gtest_main",
@@ -150,3 +181,21 @@ cc_test(
         "@com_google_googletest//:gtest_main",
     ],
 )
+
+cc_test(
+    name = "hmac_prf_key_manager_test",
+    srcs = ["hmac_prf_key_manager_test.cc"],
+    deps = [
+        ":hmac_prf_key_manager",
+        ":prf_set",
+        "//:core/key_manager_impl",
+        "//proto:hmac_prf_cc_proto",
+        "//subtle:hmac_boringssl",
+        "//util:istream_input_stream",
+        "//util:secret_data",
+        "//util:status",
+        "//util:statusor",
+        "//util:test_matchers",
+        "@com_google_googletest//:gtest_main",
+    ],
+)
diff --git a/cc/prf/CMakeLists.txt b/cc/prf/CMakeLists.txt
index 1ece39131..1c186a9ca 100644
--- a/cc/prf/CMakeLists.txt
+++ b/cc/prf/CMakeLists.txt
@@ -42,6 +42,7 @@ tink_cc_library(
     prf_key_templates.cc
   DEPS
     tink::prf::aes_cmac_prf_key_manager
+    tink::prf::hmac_prf_key_manager
     tink::proto::aes_cmac_prf_cc_proto
     tink::proto::hkdf_prf_cc_proto
     tink::proto::hmac_prf_cc_proto
@@ -83,6 +84,33 @@ tink_cc_library(
     absl::strings
 )
 
+tink_cc_library(
+  NAME hmac_prf_key_manager
+  SRCS
+    hmac_prf_key_manager.cc
+    hmac_prf_key_manager.h
+  DEPS
+    tink::core::key_type_manager
+    tink::core::key_manager
+    tink::proto::hmac_prf_cc_proto
+    tink::proto::tink_cc_proto
+    tink::subtle::common_enums
+    tink::subtle::random
+    tink::subtle::stateful_hmac_boringssl
+    tink::subtle::prf::prf_set_util
+    tink::util::constants
+    tink::util::errors
+    tink::util::enums
+    tink::util::input_stream_util
+    tink::util::protobuf_helper
+    tink::util::secret_data
+    tink::util::status
+    tink::util::statusor
+    tink::util::validation
+    absl::memory
+    absl::strings
+)
+
 tink_cc_test(
   NAME hkdf_prf_key_manager_test
   SRCS hkdf_prf_key_manager_test.cc
@@ -104,9 +132,11 @@ tink_cc_test(
   SRCS prf_key_templates_test.cc
   DEPS
     tink::prf::aes_cmac_prf_key_manager
+    tink::prf::hmac_prf_key_manager
     tink::prf::hkdf_prf_key_manager
     tink::prf::prf_key_templates
     tink::proto::aes_cmac_prf_cc_proto
+    tink::proto::hmac_prf_cc_proto
     tink::util::test_matchers
     absl::memory
     gmock
@@ -136,3 +166,20 @@ tink_cc_test(
     tink::util::test_matchers
     gmock
 )
+
+tink_cc_test(
+  NAME hmac_prf_key_manager_test
+  SRCS hmac_prf_key_manager_test.cc
+  DEPS
+    tink::prf::hmac_prf_key_manager
+    tink::prf::prf_set
+    tink::core::key_manager_impl
+    tink::proto::hmac_prf_cc_proto
+    tink::subtle::hmac_boringssl
+    tink::util::istream_input_stream
+    tink::util::secret_data
+    tink::util::status
+    tink::util::statusor
+    tink::util::test_matchers
+    gmock
+)
diff --git a/cc/prf/hmac_prf_key_manager.cc b/cc/prf/hmac_prf_key_manager.cc
new file mode 100644
index 000000000..f3620bcf2
--- /dev/null
+++ b/cc/prf/hmac_prf_key_manager.cc
@@ -0,0 +1,102 @@
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+///////////////////////////////////////////////////////////////////////////////
+#include "tink/prf/hmac_prf_key_manager.h"
+
+#include <set>
+
+#include "tink/subtle/common_enums.h"
+#include "tink/util/enums.h"
+#include "tink/util/input_stream_util.h"
+#include "tink/util/status.h"
+#include "tink/util/statusor.h"
+#include "proto/hmac_prf.pb.h"
+
+namespace crypto {
+namespace tink {
+namespace {
+constexpr int kMinKeySizeInBytes = 16;
+}
+
+using google::crypto::tink::HmacPrfKey;
+using google::crypto::tink::HmacPrfKeyFormat;
+using google::crypto::tink::HmacPrfParams;
+using subtle::HashType;
+using util::Enums;
+using util::Status;
+using util::StatusOr;
+
+util::Status HmacPrfKeyManager::ValidateKey(const HmacPrfKey& key) const {
+  util::Status status = ValidateVersion(key.version(), get_version());
+  if (!status.ok()) return status;
+  if (key.key_value().size() < kMinKeySizeInBytes) {
+    return util::Status(util::error::INVALID_ARGUMENT,
+                        "Invalid HmacPrfKey: key_value wrong length.");
+  }
+  return ValidateParams(key.params());
+}
+
+util::Status HmacPrfKeyManager::ValidateKeyFormat(
+    const HmacPrfKeyFormat& key_format) const {
+  util::Status status = ValidateVersion(key_format.version(), get_version());
+  if (!status.ok()) return status;
+  if (key_format.key_size() < kMinKeySizeInBytes) {
+    return util::Status(util::error::INVALID_ARGUMENT,
+                        "Invalid HmacPrfKeyFormat: invalid key_size.");
+  }
+  return ValidateParams(key_format.params());
+}
+
+crypto::tink::util::StatusOr<HmacPrfKey> HmacPrfKeyManager::CreateKey(
+    const HmacPrfKeyFormat& key_format) const {
+  HmacPrfKey key;
+  key.set_version(get_version());
+  key.set_key_value(subtle::Random::GetRandomBytes(key_format.key_size()));
+  *(key.mutable_params()) = key_format.params();
+  return key;
+}
+
+StatusOr<HmacPrfKey> HmacPrfKeyManager::DeriveKey(
+    const HmacPrfKeyFormat& hmac_prf_key_format,
+    InputStream* input_stream) const {
+  crypto::tink::util::Status status = ValidateKeyFormat(hmac_prf_key_format);
+  if (!status.ok()) return status;
+
+  crypto::tink::util::StatusOr<std::string> randomness =
+      ReadBytesFromStream(hmac_prf_key_format.key_size(), input_stream);
+  if (!randomness.status().ok()) {
+    return randomness.status();
+  }
+
+  HmacPrfKey key;
+  key.set_version(get_version());
+  *(key.mutable_params()) = hmac_prf_key_format.params();
+  key.set_key_value(randomness.ValueOrDie());
+  return key;
+}
+
+Status HmacPrfKeyManager::ValidateParams(const HmacPrfParams& params) const {
+  static const std::set<HashType>* supported_hash_types =
+      new std::set<HashType>(
+          {HashType::SHA1, HashType::SHA256, HashType::SHA512});
+  if (supported_hash_types->find(Enums::ProtoToSubtle(params.hash())) ==
+      supported_hash_types->end()) {
+    return ToStatusF(util::error::INVALID_ARGUMENT,
+                     "Invalid HmacParams: HashType '%s' not supported.",
+                     Enums::HashName(params.hash()));
+  }
+  return Status::OK;
+}
+
+}  // namespace tink
+}  // namespace crypto
diff --git a/cc/prf/hmac_prf_key_manager.h b/cc/prf/hmac_prf_key_manager.h
new file mode 100644
index 000000000..3c640bc47
--- /dev/null
+++ b/cc/prf/hmac_prf_key_manager.h
@@ -0,0 +1,110 @@
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+///////////////////////////////////////////////////////////////////////////////
+#ifndef TINK_PRF_HMAC_PRF_KEY_MANAGER_H_
+#define TINK_PRF_HMAC_PRF_KEY_MANAGER_H_
+
+#include <algorithm>
+#include <memory>
+#include <vector>
+
+#include "absl/memory/memory.h"
+#include "absl/strings/string_view.h"
+#include "tink/core/key_type_manager.h"
+#include "tink/key_manager.h"
+#include "tink/subtle/common_enums.h"
+#include "tink/subtle/prf/prf_set_util.h"
+#include "tink/subtle/random.h"
+#include "tink/subtle/stateful_hmac_boringssl.h"
+#include "tink/util/constants.h"
+#include "tink/util/enums.h"
+#include "tink/util/errors.h"
+#include "tink/util/protobuf_helper.h"
+#include "tink/util/secret_data.h"
+#include "tink/util/status.h"
+#include "tink/util/statusor.h"
+#include "tink/util/validation.h"
+#include "proto/hmac_prf.pb.h"
+#include "proto/tink.pb.h"
+
+namespace crypto {
+namespace tink {
+
+class HmacPrfKeyManager
+    : public KeyTypeManager<google::crypto::tink::HmacPrfKey,
+                            google::crypto::tink::HmacPrfKeyFormat,
+                            List<PrfSet>> {
+ public:
+  class PrfSetFactory : public PrimitiveFactory<PrfSet> {
+    crypto::tink::util::StatusOr<std::unique_ptr<PrfSet>> Create(
+        const google::crypto::tink::HmacPrfKey& key) const override {
+      return subtle::CreatePrfSetFromPrf(
+          subtle::CreatePrfFromStatefulMacFactory(
+              absl::make_unique<subtle::StatefulHmacBoringSslFactory>(
+                  util::Enums::ProtoToSubtle(key.params().hash()),
+                  MaxOutputLength(
+                      util::Enums::ProtoToSubtle(key.params().hash())),
+                  util::SecretDataFromStringView(key.key_value()))));
+    }
+  };
+
+  HmacPrfKeyManager()
+      : KeyTypeManager(absl::make_unique<HmacPrfKeyManager::PrfSetFactory>()) {}
+
+  uint32_t get_version() const override { return 0; }
+
+  google::crypto::tink::KeyData::KeyMaterialType key_material_type()
+      const override {
+    return google::crypto::tink::KeyData::SYMMETRIC;
+  }
+
+  static uint64_t MaxOutputLength(subtle::HashType hash_type) {
+    static std::map<subtle::HashType, uint64_t>* max_output_length =
+        new std::map<subtle::HashType, uint64_t>(
+            {{subtle::HashType::SHA1, 20},
+             {subtle::HashType::SHA256, 32},
+             {subtle::HashType::SHA512, 64}});
+    auto length_it = max_output_length->find(hash_type);
+    if (length_it == max_output_length->end()) {
+      return 0;
+    }
+    return length_it->second;
+  }
+
+  const std::string& get_key_type() const override { return key_type_; }
+
+  crypto::tink::util::Status ValidateKey(
+      const google::crypto::tink::HmacPrfKey& key) const override;
+
+  crypto::tink::util::Status ValidateKeyFormat(
+      const google::crypto::tink::HmacPrfKeyFormat& key_format) const override;
+
+  crypto::tink::util::StatusOr<google::crypto::tink::HmacPrfKey> CreateKey(
+      const google::crypto::tink::HmacPrfKeyFormat& key_format) const override;
+
+  util::StatusOr<google::crypto::tink::HmacPrfKey> DeriveKey(
+      const google::crypto::tink::HmacPrfKeyFormat& hmac_prf_key_format,
+      InputStream* input_stream) const override;
+
+ private:
+  util::Status ValidateParams(
+      const google::crypto::tink::HmacPrfParams& params) const;
+
+  const std::string key_type_ = absl::StrCat(
+      kTypeGoogleapisCom, google::crypto::tink::HmacPrfKey().GetTypeName());
+};
+
+}  // namespace tink
+}  // namespace crypto
+
+#endif  // TINK_PRF_HMAC_PRF_KEY_MANAGER_H_
diff --git a/cc/prf/hmac_prf_key_manager_test.cc b/cc/prf/hmac_prf_key_manager_test.cc
new file mode 100644
index 000000000..e1ed0079e
--- /dev/null
+++ b/cc/prf/hmac_prf_key_manager_test.cc
@@ -0,0 +1,185 @@
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+#include "tink/prf/hmac_prf_key_manager.h"
+
+#include "gmock/gmock.h"
+#include "gtest/gtest.h"
+#include "tink/core/key_manager_impl.h"
+#include "tink/prf/prf_set.h"
+#include "tink/subtle/hmac_boringssl.h"
+#include "tink/util/istream_input_stream.h"
+#include "tink/util/secret_data.h"
+#include "tink/util/status.h"
+#include "tink/util/statusor.h"
+#include "tink/util/test_matchers.h"
+#include "proto/hmac_prf.pb.h"
+
+namespace crypto {
+namespace tink {
+
+using ::crypto::tink::test::IsOk;
+using ::crypto::tink::test::StatusIs;
+using ::crypto::tink::util::IstreamInputStream;
+using ::crypto::tink::util::StatusOr;
+using ::google::crypto::tink::HashType;
+using ::google::crypto::tink::HmacPrfKey;
+using ::google::crypto::tink::HmacPrfKeyFormat;
+using ::google::crypto::tink::KeyData;
+using ::testing::Eq;
+using ::testing::HasSubstr;
+using ::testing::Not;
+using ::testing::SizeIs;
+using ::testing::StartsWith;
+
+namespace {
+
+TEST(HmacPrfKeyManagerTest, Basics) {
+  EXPECT_THAT(HmacPrfKeyManager().get_version(), Eq(0));
+  EXPECT_THAT(HmacPrfKeyManager().get_key_type(),
+              Eq("type.googleapis.com/google.crypto.tink.HmacPrfKey"));
+  EXPECT_THAT(HmacPrfKeyManager().key_material_type(),
+              Eq(google::crypto::tink::KeyData::SYMMETRIC));
+}
+
+TEST(HmacPrfKeyManagerTest, ValidateEmptyKey) {
+  EXPECT_THAT(HmacPrfKeyManager().ValidateKey(HmacPrfKey()), Not(IsOk()));
+}
+
+TEST(HmacPrfKeyManagerTest, ValidateEmptyKeyFormat) {
+  EXPECT_THAT(HmacPrfKeyManager().ValidateKeyFormat(HmacPrfKeyFormat()),
+              Not(IsOk()));
+}
+
+TEST(HmacPrfKeyManagerTest, ValidKeyFormat) {
+  HmacPrfKeyFormat key_format;
+  key_format.mutable_params()->set_hash(HashType::SHA256);
+  key_format.set_key_size(16);
+  EXPECT_THAT(HmacPrfKeyManager().ValidateKeyFormat(key_format), IsOk());
+}
+
+TEST(HmacPrfKeyManagerTest, ValidateKeyFormatKeySizes) {
+  HmacPrfKeyFormat key_format;
+  key_format.mutable_params()->set_hash(HashType::SHA512);
+
+  key_format.set_key_size(15);
+  EXPECT_THAT(HmacPrfKeyManager().ValidateKeyFormat(key_format), Not(IsOk()));
+
+  key_format.set_key_size(16);
+  EXPECT_THAT(HmacPrfKeyManager().ValidateKeyFormat(key_format), IsOk());
+}
+
+TEST(HmacPrfKeyManagerTest, CreateKey) {
+  HmacPrfKeyFormat key_format;
+  key_format.set_key_size(16);
+  key_format.mutable_params()->set_hash(HashType::SHA512);
+  auto hmac_key_or = HmacPrfKeyManager().CreateKey(key_format);
+  ASSERT_THAT(hmac_key_or.status(), IsOk());
+  EXPECT_THAT(hmac_key_or.ValueOrDie().version(), Eq(0));
+  EXPECT_THAT(hmac_key_or.ValueOrDie().params().hash(),
+              Eq(key_format.params().hash()));
+  EXPECT_THAT(hmac_key_or.ValueOrDie().key_value(),
+              SizeIs(key_format.key_size()));
+
+  EXPECT_THAT(HmacPrfKeyManager().ValidateKey(hmac_key_or.ValueOrDie()),
+              IsOk());
+}
+
+TEST(HmacPrfKeyManagerTest, ValidKey) {
+  HmacPrfKey key;
+  key.set_version(0);
+
+  key.mutable_params()->set_hash(HashType::SHA256);
+  key.set_key_value("0123456789abcdef");
+
+  EXPECT_THAT(HmacPrfKeyManager().ValidateKey(key), IsOk());
+}
+
+TEST(HmacPrfKeyManagerTest, ValidateKeyShortKey) {
+  HmacPrfKey key;
+  key.set_version(0);
+
+  key.mutable_params()->set_hash(HashType::SHA256);
+  key.set_key_value("0123456789abcde");
+
+  EXPECT_THAT(HmacPrfKeyManager().ValidateKey(key), Not(IsOk()));
+}
+
+TEST(HmacPrfKeyManagerTest, DeriveKey) {
+  HmacPrfKeyFormat format;
+  format.set_key_size(23);
+  format.set_version(0);
+  format.mutable_params()->set_hash(HashType::SHA256);
+
+  IstreamInputStream input_stream{
+      absl::make_unique<std::stringstream>("0123456789abcdefghijklmnop")};
+
+  StatusOr<HmacPrfKey> key_or =
+      HmacPrfKeyManager().DeriveKey(format, &input_stream);
+  ASSERT_THAT(key_or.status(), IsOk());
+  EXPECT_THAT(key_or.ValueOrDie().key_value(), Eq("0123456789abcdefghijklm"));
+  EXPECT_THAT(key_or.ValueOrDie().params().hash(), Eq(format.params().hash()));
+}
+
+TEST(HmacPrfKeyManagerTest, DeriveKeyNotEnoughRandomness) {
+  HmacPrfKeyFormat format;
+  format.set_key_size(17);
+  format.set_version(0);
+  format.mutable_params()->set_hash(HashType::SHA256);
+
+  IstreamInputStream input_stream{
+      absl::make_unique<std::stringstream>("0123456789abcdef")};
+
+  ASSERT_THAT(HmacPrfKeyManager().DeriveKey(format, &input_stream).status(),
+              Not(IsOk()));
+}
+
+TEST(HmacPrfKeyManagerTest, DeriveKeyWrongVersion) {
+  HmacPrfKeyFormat format;
+  format.set_key_size(16);
+  format.set_version(1);
+  format.mutable_params()->set_hash(HashType::SHA256);
+
+  IstreamInputStream input_stream{
+      absl::make_unique<std::stringstream>("0123456789abcdef")};
+
+  ASSERT_THAT(HmacPrfKeyManager().DeriveKey(format, &input_stream).status(),
+              StatusIs(util::error::INVALID_ARGUMENT, HasSubstr("version")));
+}
+
+TEST(HmacPrfKeyManagerTest, GetPrimitive) {
+  HmacPrfKeyFormat key_format;
+  key_format.mutable_params()->set_hash(HashType::SHA256);
+  key_format.set_key_size(16);
+  HmacPrfKey key = HmacPrfKeyManager().CreateKey(key_format).ValueOrDie();
+  auto manager_mac_or = HmacPrfKeyManager().GetPrimitive<PrfSet>(key);
+  ASSERT_THAT(manager_mac_or.status(), IsOk());
+  auto prf_value_or =
+      manager_mac_or.ValueOrDie()->ComputePrimary("some plaintext", 16);
+  ASSERT_THAT(prf_value_or.status(), IsOk());
+
+  auto direct_prf_or = subtle::HmacBoringSsl::New(
+      util::Enums::ProtoToSubtle(key.params().hash()), 16,
+      util::SecretDataFromStringView(key.key_value()));
+  ASSERT_THAT(direct_prf_or.status(), IsOk());
+  auto direct_prf_value_or =
+      direct_prf_or.ValueOrDie()->ComputeMac("some plaintext");
+  ASSERT_THAT(direct_prf_value_or.status(), IsOk());
+  EXPECT_THAT(direct_prf_value_or.ValueOrDie(),
+              StartsWith(prf_value_or.ValueOrDie()));
+}
+
+}  // namespace
+}  // namespace tink
+}  // namespace crypto
diff --git a/cc/prf/prf_key_templates.cc b/cc/prf/prf_key_templates.cc
index 7cba04f91..38e094695 100644
--- a/cc/prf/prf_key_templates.cc
+++ b/cc/prf/prf_key_templates.cc
@@ -15,6 +15,7 @@
 
 #include "absl/memory/memory.h"
 #include "tink/prf/aes_cmac_prf_key_manager.h"
+#include "tink/prf/hmac_prf_key_manager.h"
 #include "proto/aes_cmac_prf.pb.h"
 #include "proto/hkdf_prf.pb.h"
 #include "proto/hmac_prf.pb.h"
@@ -44,12 +45,13 @@ std::unique_ptr<google::crypto::tink::KeyTemplate> NewHkdfSha256Template() {
 std::unique_ptr<google::crypto::tink::KeyTemplate> NewHmacTemplate(
     google::crypto::tink::HashType hash_type, uint32_t key_size) {
   auto key_template = absl::make_unique<google::crypto::tink::KeyTemplate>();
-  key_template->set_type_url(
-      "type.googleapis.com/google.crypto.tink.HmacPrfKey");
+  auto hmac_prf_key_manager = absl::make_unique<HmacPrfKeyManager>();
+  key_template->set_type_url(hmac_prf_key_manager->get_key_type());
   key_template->set_output_prefix_type(
       google::crypto::tink::OutputPrefixType::RAW);
   HmacPrfKeyFormat key_format;
   key_format.set_key_size(key_size);
+  key_format.set_version(hmac_prf_key_manager->get_version());
   key_format.mutable_params()->set_hash(hash_type);
   key_format.SerializeToString(key_template->mutable_value());
   return key_template;
diff --git a/cc/prf/prf_key_templates_test.cc b/cc/prf/prf_key_templates_test.cc
index 7795b06bb..10955ab79 100644
--- a/cc/prf/prf_key_templates_test.cc
+++ b/cc/prf/prf_key_templates_test.cc
@@ -19,8 +19,10 @@
 #include "absl/memory/memory.h"
 #include "tink/prf/aes_cmac_prf_key_manager.h"
 #include "tink/prf/hkdf_prf_key_manager.h"
+#include "tink/prf/hmac_prf_key_manager.h"
 #include "tink/util/test_matchers.h"
 #include "proto/aes_cmac_prf.pb.h"
+#include "proto/hmac_prf.pb.h"
 
 namespace crypto {
 namespace tink {
@@ -62,7 +64,14 @@ TEST(HmacPrfTest, Basics) {
               Eq("type.googleapis.com/google.crypto.tink.HmacPrfKey"));
   EXPECT_THAT(PrfKeyTemplates::HmacSha512().type_url(),
               Eq("type.googleapis.com/google.crypto.tink.HmacPrfKey"));
-  // TODO(sschmieg): Add key type manager test
+  auto manager = absl::make_unique<HmacPrfKeyManager>();
+  EXPECT_THAT(PrfKeyTemplates::HmacSha256().type_url(),
+              Eq(manager->get_key_type()));
+  google::crypto::tink::HmacPrfKeyFormat format;
+  ASSERT_TRUE(format.ParseFromString(PrfKeyTemplates::HmacSha256().value()));
+  EXPECT_THAT(manager->ValidateKeyFormat(format), IsOk());
+  ASSERT_TRUE(format.ParseFromString(PrfKeyTemplates::HmacSha512().value()));
+  EXPECT_THAT(manager->ValidateKeyFormat(format), IsOk());
 }
 
 TEST(HmacPrfTest, OutputPrefixType) {
author	sschmieg <sschmieg@google.com>	2020-04-01 14:54:03 -0700
committer	Copybara-Service <copybara-worker@google.com>	2020-04-01 14:54:44 -0700
commit	8785fbc794e8b75370cdeb0f31af3c9756daae47 (patch)
tree	3bd1996cdce164e29654a883b705e5adc2ac863d /cc/prf
parent	24fb495a44e8517141806ac744158fd919704993 (diff)
download	tink-8785fbc794e8b75370cdeb0f31af3c9756daae47.tar.gz