Add HMAC proto serialization to Mac configuration.

PiperOrigin-RevId: 538416980
author: ioannanedelcu <ioannanedelcu@google.com> 2023-06-07 01:31:48 -0700
committer: Copybara-Service <copybara-worker@google.com> 2023-06-07 01:33:11 -0700
commit: bbcf4d79f1dd877f7129a5404feef7bdde53f634 (patch)
tree: 3388da9ba7f041bffdd4833d1afd98a7ed26013a /cc
parent: 715b44f8057155425d1b169fd4c8463acc09fbe9 (diff)
download: tink-bbcf4d79f1dd877f7129a5404feef7bdde53f634.tar.gz
4 files changed, 116 insertions, 0 deletions
diff --git a/cc/mac/BUILD.bazel b/cc/mac/BUILD.bazel
index d37f890d0..77f5534e6 100644
--- a/cc/mac/BUILD.bazel
+++ b/cc/mac/BUILD.bazel
@@ -34,6 +34,7 @@ cc_library(
         ":aes_cmac_key_manager",
         ":aes_cmac_proto_serialization",
         ":hmac_key_manager",
+        ":hmac_proto_serialization",
         ":mac_wrapper",
         "//:registry",
         "//config:config_util",
@@ -324,7 +325,9 @@ cc_test(
         ":aes_cmac_key",
         ":aes_cmac_key_manager",
         ":aes_cmac_parameters",
+        ":hmac_key",
         ":hmac_key_manager",
+        ":hmac_parameters",
         ":mac_config",
         ":mac_key_templates",
         "//:chunked_mac",
@@ -337,6 +340,7 @@ cc_test(
         "//internal:mutable_serialization_registry",
         "//internal:proto_key_serialization",
         "//internal:proto_parameters_serialization",
+        "//proto:common_cc_proto",
         "//proto:tink_cc_proto",
         "//util:status",
         "//util:test_matchers",
diff --git a/cc/mac/CMakeLists.txt b/cc/mac/CMakeLists.txt
index cd0cc9310..95e53354f 100644
--- a/cc/mac/CMakeLists.txt
+++ b/cc/mac/CMakeLists.txt
@@ -32,6 +32,7 @@ tink_cc_library(
     tink::mac::aes_cmac_key_manager
     tink::mac::aes_cmac_proto_serialization
     tink::mac::hmac_key_manager
+    tink::mac::hmac_proto_serialization
     tink::mac::mac_wrapper
     absl::core_headers
     absl::memory
@@ -306,7 +307,9 @@ tink_cc_test(
     tink::mac::aes_cmac_key
     tink::mac::aes_cmac_key_manager
     tink::mac::aes_cmac_parameters
+    tink::mac::hmac_key
     tink::mac::hmac_key_manager
+    tink::mac::hmac_parameters
     tink::mac::mac_config
     tink::mac::mac_key_templates
     gmock
@@ -325,6 +328,7 @@ tink_cc_test(
     tink::util::status
     tink::util::test_matchers
     tink::util::test_util
+    tink::proto::common_cc_proto
     tink::proto::tink_cc_proto
 )
 
diff --git a/cc/mac/mac_config.cc b/cc/mac/mac_config.cc
index bf7ae81a3..5f9997a54 100644
--- a/cc/mac/mac_config.cc
+++ b/cc/mac/mac_config.cc
@@ -22,6 +22,7 @@
 #include "tink/mac/aes_cmac_key_manager.h"
 #include "tink/mac/aes_cmac_proto_serialization.h"
 #include "tink/mac/hmac_key_manager.h"
+#include "tink/mac/hmac_proto_serialization.h"
 #include "tink/mac/internal/chunked_mac_wrapper.h"
 #include "tink/mac/mac_wrapper.h"
 #include "tink/registry.h"
@@ -50,6 +51,9 @@ util::Status MacConfig::Register() {
                                             true);
   if (!status.ok()) return status;
 
+  status = RegisterHmacProtoSerialization();
+  if (!status.ok()) return status;
+
   if (IsFipsModeEnabled()) {
     return util::OkStatus();
   }
diff --git a/cc/mac/mac_config_test.cc b/cc/mac/mac_config_test.cc
index 7243a9ac9..4f002f7af 100644
--- a/cc/mac/mac_config_test.cc
+++ b/cc/mac/mac_config_test.cc
@@ -34,13 +34,16 @@
 #include "tink/mac/aes_cmac_key.h"
 #include "tink/mac/aes_cmac_key_manager.h"
 #include "tink/mac/aes_cmac_parameters.h"
+#include "tink/mac/hmac_key.h"
 #include "tink/mac/hmac_key_manager.h"
+#include "tink/mac/hmac_parameters.h"
 #include "tink/mac/mac_key_templates.h"
 #include "tink/partial_key_access.h"
 #include "tink/registry.h"
 #include "tink/util/status.h"
 #include "tink/util/test_matchers.h"
 #include "tink/util/test_util.h"
+#include "proto/common.pb.h"
 #include "proto/tink.pb.h"
 
 namespace crypto {
@@ -53,6 +56,7 @@ using ::crypto::tink::test::StatusIs;
 using ::google::crypto::tink::KeyData;
 using ::google::crypto::tink::KeysetInfo;
 using ::google::crypto::tink::KeyStatusType;
+using ::google::crypto::tink::HashType;
 using ::google::crypto::tink::KeyTemplate;
 using ::google::crypto::tink::OutputPrefixType;
 using ::testing::Values;
@@ -232,6 +236,106 @@ TEST_F(MacConfigTest, AesCmacProtoKeySerializationRegistered) {
   ASSERT_THAT(serialized_key2, IsOk());
 }
 
+TEST_F(MacConfigTest, HmacProtoParamsSerializationRegistered) {
+  if (internal::IsFipsModeEnabled()) {
+    GTEST_SKIP() << "Not supported in FIPS-only mode";
+  }
+
+  util::StatusOr<internal::ProtoParametersSerialization>
+      proto_params_serialization =
+          internal::ProtoParametersSerialization::Create(
+              MacKeyTemplates::HmacSha256());
+  ASSERT_THAT(proto_params_serialization, IsOk());
+
+  util::StatusOr<std::unique_ptr<Parameters>> parsed_params =
+      internal::MutableSerializationRegistry::GlobalInstance().ParseParameters(
+          *proto_params_serialization);
+  ASSERT_THAT(parsed_params.status(), StatusIs(absl::StatusCode::kNotFound));
+
+  util::StatusOr<HmacParameters> parameters = HmacParameters::Create(
+      /*key_size_in_bytes=*/32, /*cryptographic_tag_size_in_bytes=*/32,
+      HmacParameters::HashType::kSha256, HmacParameters::Variant::kTink);
+  ASSERT_THAT(parameters, IsOk());
+
+  util::StatusOr<std::unique_ptr<Serialization>> serialized_parameters =
+      internal::MutableSerializationRegistry::GlobalInstance()
+          .SerializeParameters<internal::ProtoParametersSerialization>(
+              *parameters);
+  ASSERT_THAT(serialized_parameters.status(),
+              StatusIs(absl::StatusCode::kNotFound));
+
+  // Register parser and serializer.
+  ASSERT_THAT(MacConfig::Register(), IsOk());
+
+  util::StatusOr<std::unique_ptr<Parameters>> parsed_params2 =
+      internal::MutableSerializationRegistry::GlobalInstance().ParseParameters(
+          *proto_params_serialization);
+  ASSERT_THAT(parsed_params2, IsOk());
+
+  util::StatusOr<std::unique_ptr<Serialization>> serialized_params2 =
+      internal::MutableSerializationRegistry::GlobalInstance()
+          .SerializeParameters<internal::ProtoParametersSerialization>(
+              *parameters);
+  ASSERT_THAT(serialized_params2, IsOk());
+}
+
+TEST_F(MacConfigTest, HmacProtoKeySerializationRegistered) {
+  if (internal::IsFipsModeEnabled()) {
+    GTEST_SKIP() << "Not supported in FIPS-only mode";
+  }
+
+  google::crypto::tink::HmacKey key_proto;
+  key_proto.set_version(0);
+  key_proto.set_key_value(subtle::Random::GetRandomBytes(32));
+  key_proto.mutable_params()->set_tag_size(32);
+  key_proto.mutable_params()->set_hash(HashType::SHA256);
+
+  util::StatusOr<internal::ProtoKeySerialization> proto_key_serialization =
+      internal::ProtoKeySerialization::Create(
+          "type.googleapis.com/google.crypto.tink.HmacKey",
+          RestrictedData(key_proto.SerializeAsString(),
+                         InsecureSecretKeyAccess::Get()),
+          KeyData::SYMMETRIC, OutputPrefixType::TINK, /*id_requirement=*/123);
+  ASSERT_THAT(proto_key_serialization, IsOk());
+
+  util::StatusOr<std::unique_ptr<Key>> parsed_key =
+      internal::MutableSerializationRegistry::GlobalInstance().ParseKey(
+          *proto_key_serialization, InsecureSecretKeyAccess::Get());
+  ASSERT_THAT(parsed_key.status(), StatusIs(absl::StatusCode::kNotFound));
+
+  util::StatusOr<HmacParameters> parameters = HmacParameters::Create(
+      /*key_size_in_bytes=*/32, /*cryptographic_tag_size_in_bytes=*/32,
+      HmacParameters::HashType::kSha256, HmacParameters::Variant::kTink);
+  ASSERT_THAT(parameters, IsOk());
+
+  util::StatusOr<HmacKey> key =
+      HmacKey::Create(*parameters,
+                      RestrictedData(subtle::Random::GetRandomBytes(32),
+                                     InsecureSecretKeyAccess::Get()),
+                      /*id_requirement=*/123, GetPartialKeyAccess());
+  ASSERT_THAT(key, IsOk());
+
+  util::StatusOr<std::unique_ptr<Serialization>> serialized_key =
+      internal::MutableSerializationRegistry::GlobalInstance()
+          .SerializeKey<internal::ProtoKeySerialization>(
+              *key, InsecureSecretKeyAccess::Get());
+  ASSERT_THAT(serialized_key.status(), StatusIs(absl::StatusCode::kNotFound));
+
+  // Register parser and serializer.
+  ASSERT_THAT(MacConfig::Register(), IsOk());
+
+  util::StatusOr<std::unique_ptr<Key>> parsed_key2 =
+      internal::MutableSerializationRegistry::GlobalInstance().ParseKey(
+          *proto_key_serialization, InsecureSecretKeyAccess::Get());
+  ASSERT_THAT(parsed_key2, IsOk());
+
+  util::StatusOr<std::unique_ptr<Serialization>> serialized_key2 =
+      internal::MutableSerializationRegistry::GlobalInstance()
+          .SerializeKey<internal::ProtoKeySerialization>(
+              *key, InsecureSecretKeyAccess::Get());
+  ASSERT_THAT(serialized_key2, IsOk());
+}
+
 class ChunkedMacConfigTest : public ::testing::TestWithParam<KeyTemplate> {
  protected:
   void SetUp() override { Registry::Reset(); }
author	ioannanedelcu <ioannanedelcu@google.com>	2023-06-07 01:31:48 -0700
committer	Copybara-Service <copybara-worker@google.com>	2023-06-07 01:33:11 -0700
commit	bbcf4d79f1dd877f7129a5404feef7bdde53f634 (patch)
tree	3388da9ba7f041bffdd4833d1afd98a7ed26013a /cc
parent	715b44f8057155425d1b169fd4c8463acc09fbe9 (diff)
download	tink-bbcf4d79f1dd877f7129a5404feef7bdde53f634.tar.gz