diff options
author | ioannanedelcu <ioannanedelcu@google.com> | 2023-06-07 01:31:48 -0700 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2023-06-07 01:33:11 -0700 |
commit | bbcf4d79f1dd877f7129a5404feef7bdde53f634 (patch) | |
tree | 3388da9ba7f041bffdd4833d1afd98a7ed26013a /cc | |
parent | 715b44f8057155425d1b169fd4c8463acc09fbe9 (diff) | |
download | tink-bbcf4d79f1dd877f7129a5404feef7bdde53f634.tar.gz |
Add HMAC proto serialization to Mac configuration.
PiperOrigin-RevId: 538416980
Diffstat (limited to 'cc')
-rw-r--r-- | cc/mac/BUILD.bazel | 4 | ||||
-rw-r--r-- | cc/mac/CMakeLists.txt | 4 | ||||
-rw-r--r-- | cc/mac/mac_config.cc | 4 | ||||
-rw-r--r-- | cc/mac/mac_config_test.cc | 104 |
4 files changed, 116 insertions, 0 deletions
diff --git a/cc/mac/BUILD.bazel b/cc/mac/BUILD.bazel index d37f890d0..77f5534e6 100644 --- a/cc/mac/BUILD.bazel +++ b/cc/mac/BUILD.bazel @@ -34,6 +34,7 @@ cc_library( ":aes_cmac_key_manager", ":aes_cmac_proto_serialization", ":hmac_key_manager", + ":hmac_proto_serialization", ":mac_wrapper", "//:registry", "//config:config_util", @@ -324,7 +325,9 @@ cc_test( ":aes_cmac_key", ":aes_cmac_key_manager", ":aes_cmac_parameters", + ":hmac_key", ":hmac_key_manager", + ":hmac_parameters", ":mac_config", ":mac_key_templates", "//:chunked_mac", @@ -337,6 +340,7 @@ cc_test( "//internal:mutable_serialization_registry", "//internal:proto_key_serialization", "//internal:proto_parameters_serialization", + "//proto:common_cc_proto", "//proto:tink_cc_proto", "//util:status", "//util:test_matchers", diff --git a/cc/mac/CMakeLists.txt b/cc/mac/CMakeLists.txt index cd0cc9310..95e53354f 100644 --- a/cc/mac/CMakeLists.txt +++ b/cc/mac/CMakeLists.txt @@ -32,6 +32,7 @@ tink_cc_library( tink::mac::aes_cmac_key_manager tink::mac::aes_cmac_proto_serialization tink::mac::hmac_key_manager + tink::mac::hmac_proto_serialization tink::mac::mac_wrapper absl::core_headers absl::memory @@ -306,7 +307,9 @@ tink_cc_test( tink::mac::aes_cmac_key tink::mac::aes_cmac_key_manager tink::mac::aes_cmac_parameters + tink::mac::hmac_key tink::mac::hmac_key_manager + tink::mac::hmac_parameters tink::mac::mac_config tink::mac::mac_key_templates gmock @@ -325,6 +328,7 @@ tink_cc_test( tink::util::status tink::util::test_matchers tink::util::test_util + tink::proto::common_cc_proto tink::proto::tink_cc_proto ) diff --git a/cc/mac/mac_config.cc b/cc/mac/mac_config.cc index bf7ae81a3..5f9997a54 100644 --- a/cc/mac/mac_config.cc +++ b/cc/mac/mac_config.cc @@ -22,6 +22,7 @@ #include "tink/mac/aes_cmac_key_manager.h" #include "tink/mac/aes_cmac_proto_serialization.h" #include "tink/mac/hmac_key_manager.h" +#include "tink/mac/hmac_proto_serialization.h" #include "tink/mac/internal/chunked_mac_wrapper.h" #include "tink/mac/mac_wrapper.h" #include "tink/registry.h" @@ -50,6 +51,9 @@ util::Status MacConfig::Register() { true); if (!status.ok()) return status; + status = RegisterHmacProtoSerialization(); + if (!status.ok()) return status; + if (IsFipsModeEnabled()) { return util::OkStatus(); } diff --git a/cc/mac/mac_config_test.cc b/cc/mac/mac_config_test.cc index 7243a9ac9..4f002f7af 100644 --- a/cc/mac/mac_config_test.cc +++ b/cc/mac/mac_config_test.cc @@ -34,13 +34,16 @@ #include "tink/mac/aes_cmac_key.h" #include "tink/mac/aes_cmac_key_manager.h" #include "tink/mac/aes_cmac_parameters.h" +#include "tink/mac/hmac_key.h" #include "tink/mac/hmac_key_manager.h" +#include "tink/mac/hmac_parameters.h" #include "tink/mac/mac_key_templates.h" #include "tink/partial_key_access.h" #include "tink/registry.h" #include "tink/util/status.h" #include "tink/util/test_matchers.h" #include "tink/util/test_util.h" +#include "proto/common.pb.h" #include "proto/tink.pb.h" namespace crypto { @@ -53,6 +56,7 @@ using ::crypto::tink::test::StatusIs; using ::google::crypto::tink::KeyData; using ::google::crypto::tink::KeysetInfo; using ::google::crypto::tink::KeyStatusType; +using ::google::crypto::tink::HashType; using ::google::crypto::tink::KeyTemplate; using ::google::crypto::tink::OutputPrefixType; using ::testing::Values; @@ -232,6 +236,106 @@ TEST_F(MacConfigTest, AesCmacProtoKeySerializationRegistered) { ASSERT_THAT(serialized_key2, IsOk()); } +TEST_F(MacConfigTest, HmacProtoParamsSerializationRegistered) { + if (internal::IsFipsModeEnabled()) { + GTEST_SKIP() << "Not supported in FIPS-only mode"; + } + + util::StatusOr<internal::ProtoParametersSerialization> + proto_params_serialization = + internal::ProtoParametersSerialization::Create( + MacKeyTemplates::HmacSha256()); + ASSERT_THAT(proto_params_serialization, IsOk()); + + util::StatusOr<std::unique_ptr<Parameters>> parsed_params = + internal::MutableSerializationRegistry::GlobalInstance().ParseParameters( + *proto_params_serialization); + ASSERT_THAT(parsed_params.status(), StatusIs(absl::StatusCode::kNotFound)); + + util::StatusOr<HmacParameters> parameters = HmacParameters::Create( + /*key_size_in_bytes=*/32, /*cryptographic_tag_size_in_bytes=*/32, + HmacParameters::HashType::kSha256, HmacParameters::Variant::kTink); + ASSERT_THAT(parameters, IsOk()); + + util::StatusOr<std::unique_ptr<Serialization>> serialized_parameters = + internal::MutableSerializationRegistry::GlobalInstance() + .SerializeParameters<internal::ProtoParametersSerialization>( + *parameters); + ASSERT_THAT(serialized_parameters.status(), + StatusIs(absl::StatusCode::kNotFound)); + + // Register parser and serializer. + ASSERT_THAT(MacConfig::Register(), IsOk()); + + util::StatusOr<std::unique_ptr<Parameters>> parsed_params2 = + internal::MutableSerializationRegistry::GlobalInstance().ParseParameters( + *proto_params_serialization); + ASSERT_THAT(parsed_params2, IsOk()); + + util::StatusOr<std::unique_ptr<Serialization>> serialized_params2 = + internal::MutableSerializationRegistry::GlobalInstance() + .SerializeParameters<internal::ProtoParametersSerialization>( + *parameters); + ASSERT_THAT(serialized_params2, IsOk()); +} + +TEST_F(MacConfigTest, HmacProtoKeySerializationRegistered) { + if (internal::IsFipsModeEnabled()) { + GTEST_SKIP() << "Not supported in FIPS-only mode"; + } + + google::crypto::tink::HmacKey key_proto; + key_proto.set_version(0); + key_proto.set_key_value(subtle::Random::GetRandomBytes(32)); + key_proto.mutable_params()->set_tag_size(32); + key_proto.mutable_params()->set_hash(HashType::SHA256); + + util::StatusOr<internal::ProtoKeySerialization> proto_key_serialization = + internal::ProtoKeySerialization::Create( + "type.googleapis.com/google.crypto.tink.HmacKey", + RestrictedData(key_proto.SerializeAsString(), + InsecureSecretKeyAccess::Get()), + KeyData::SYMMETRIC, OutputPrefixType::TINK, /*id_requirement=*/123); + ASSERT_THAT(proto_key_serialization, IsOk()); + + util::StatusOr<std::unique_ptr<Key>> parsed_key = + internal::MutableSerializationRegistry::GlobalInstance().ParseKey( + *proto_key_serialization, InsecureSecretKeyAccess::Get()); + ASSERT_THAT(parsed_key.status(), StatusIs(absl::StatusCode::kNotFound)); + + util::StatusOr<HmacParameters> parameters = HmacParameters::Create( + /*key_size_in_bytes=*/32, /*cryptographic_tag_size_in_bytes=*/32, + HmacParameters::HashType::kSha256, HmacParameters::Variant::kTink); + ASSERT_THAT(parameters, IsOk()); + + util::StatusOr<HmacKey> key = + HmacKey::Create(*parameters, + RestrictedData(subtle::Random::GetRandomBytes(32), + InsecureSecretKeyAccess::Get()), + /*id_requirement=*/123, GetPartialKeyAccess()); + ASSERT_THAT(key, IsOk()); + + util::StatusOr<std::unique_ptr<Serialization>> serialized_key = + internal::MutableSerializationRegistry::GlobalInstance() + .SerializeKey<internal::ProtoKeySerialization>( + *key, InsecureSecretKeyAccess::Get()); + ASSERT_THAT(serialized_key.status(), StatusIs(absl::StatusCode::kNotFound)); + + // Register parser and serializer. + ASSERT_THAT(MacConfig::Register(), IsOk()); + + util::StatusOr<std::unique_ptr<Key>> parsed_key2 = + internal::MutableSerializationRegistry::GlobalInstance().ParseKey( + *proto_key_serialization, InsecureSecretKeyAccess::Get()); + ASSERT_THAT(parsed_key2, IsOk()); + + util::StatusOr<std::unique_ptr<Serialization>> serialized_key2 = + internal::MutableSerializationRegistry::GlobalInstance() + .SerializeKey<internal::ProtoKeySerialization>( + *key, InsecureSecretKeyAccess::Get()); + ASSERT_THAT(serialized_key2, IsOk()); +} + class ChunkedMacConfigTest : public ::testing::TestWithParam<KeyTemplate> { protected: void SetUp() override { Registry::Reset(); } |