diff options
author | cinlin <cinlin@google.com> | 2023-07-12 12:07:08 -0700 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2023-07-12 12:08:46 -0700 |
commit | dec6e09a0954c6304d8399611aaeba422525cf7b (patch) | |
tree | 85383d6ed2b563c6c104123f3c9330f6e995286e /cc | |
parent | 0e9389502f056465bf5b2a7bc19f481c2043d064 (diff) | |
download | tink-dec6e09a0954c6304d8399611aaeba422525cf7b.tar.gz |
Use KeysetHandle::GenerateNew in FIPS 140.2 config tests.
PiperOrigin-RevId: 547564102
Diffstat (limited to 'cc')
-rw-r--r-- | cc/config/BUILD.bazel | 7 | ||||
-rw-r--r-- | cc/config/CMakeLists.txt | 7 | ||||
-rw-r--r-- | cc/config/fips_140_2_test.cc | 43 | ||||
-rw-r--r-- | cc/config/key_gen_fips_140_2_test.cc | 25 |
4 files changed, 21 insertions, 61 deletions
diff --git a/cc/config/BUILD.bazel b/cc/config/BUILD.bazel index dbf671baa..549b1c6c7 100644 --- a/cc/config/BUILD.bazel +++ b/cc/config/BUILD.bazel @@ -250,6 +250,8 @@ cc_test( srcs = ["fips_140_2_test.cc"], deps = [ ":fips_140_2", + ":key_gen_fips_140_2", + "//:keyset_handle", "//aead:aead_key_templates", "//aead:aes_ctr_hmac_aead_key_manager", "//aead:aes_gcm_key_manager", @@ -259,13 +261,10 @@ cc_test( "//mac:aes_cmac_key_manager", "//mac:hmac_key_manager", "//prf:hmac_prf_key_manager", - "//proto:tink_cc_proto", "//signature:ecdsa_verify_key_manager", "//signature:rsa_ssa_pkcs1_verify_key_manager", "//signature:rsa_ssa_pss_verify_key_manager", - "//util:test_keyset_handle", "//util:test_matchers", - "//util:test_util", "@com_google_googletest//:gtest_main", ], ) @@ -275,6 +274,7 @@ cc_test( srcs = ["key_gen_fips_140_2_test.cc"], deps = [ ":key_gen_fips_140_2", + "//:keyset_handle", "//aead:aead_key_templates", "//aead:aes_ctr_hmac_aead_key_manager", "//aead:aes_gcm_key_manager", @@ -283,7 +283,6 @@ cc_test( "//mac:aes_cmac_key_manager", "//mac:hmac_key_manager", "//prf:hmac_prf_key_manager", - "//proto:tink_cc_proto", "//signature:ecdsa_verify_key_manager", "//signature:rsa_ssa_pkcs1_verify_key_manager", "//signature:rsa_ssa_pss_verify_key_manager", diff --git a/cc/config/CMakeLists.txt b/cc/config/CMakeLists.txt index b8a3ba97e..80f34c4b9 100644 --- a/cc/config/CMakeLists.txt +++ b/cc/config/CMakeLists.txt @@ -233,7 +233,9 @@ tink_cc_test( fips_140_2_test.cc DEPS tink::config::fips_140_2 + tink::config::key_gen_fips_140_2 gmock + tink::core::keyset_handle tink::aead::aead_key_templates tink::aead::aes_ctr_hmac_aead_key_manager tink::aead::aes_gcm_key_manager @@ -246,10 +248,7 @@ tink_cc_test( tink::signature::ecdsa_verify_key_manager tink::signature::rsa_ssa_pkcs1_verify_key_manager tink::signature::rsa_ssa_pss_verify_key_manager - tink::util::test_keyset_handle tink::util::test_matchers - tink::util::test_util - tink::proto::tink_cc_proto ) tink_cc_test( @@ -259,6 +258,7 @@ tink_cc_test( DEPS tink::config::key_gen_fips_140_2 gmock + tink::core::keyset_handle tink::aead::aead_key_templates tink::aead::aes_ctr_hmac_aead_key_manager tink::aead::aes_gcm_key_manager @@ -271,7 +271,6 @@ tink_cc_test( tink::signature::rsa_ssa_pkcs1_verify_key_manager tink::signature::rsa_ssa_pss_verify_key_manager tink::util::test_matchers - tink::proto::tink_cc_proto ) tink_cc_test( diff --git a/cc/config/fips_140_2_test.cc b/cc/config/fips_140_2_test.cc index 7f134c977..c897b38a2 100644 --- a/cc/config/fips_140_2_test.cc +++ b/cc/config/fips_140_2_test.cc @@ -24,19 +24,18 @@ #include "tink/aead/aead_key_templates.h" #include "tink/aead/aes_ctr_hmac_aead_key_manager.h" #include "tink/aead/aes_gcm_key_manager.h" +#include "tink/config/key_gen_fips_140_2.h" #include "tink/internal/configuration_impl.h" #include "tink/internal/fips_utils.h" #include "tink/internal/key_type_info_store.h" +#include "tink/keyset_handle.h" #include "tink/mac/aes_cmac_key_manager.h" #include "tink/mac/hmac_key_manager.h" #include "tink/prf/hmac_prf_key_manager.h" #include "tink/signature/ecdsa_verify_key_manager.h" #include "tink/signature/rsa_ssa_pkcs1_verify_key_manager.h" #include "tink/signature/rsa_ssa_pss_verify_key_manager.h" -#include "tink/util/test_keyset_handle.h" #include "tink/util/test_matchers.h" -#include "tink/util/test_util.h" -#include "proto/tink.pb.h" namespace crypto { namespace tink { @@ -45,11 +44,6 @@ namespace { using ::crypto::tink::test::IsOk; using ::crypto::tink::test::IsOkAndHolds; using ::crypto::tink::test::StatusIs; -using ::google::crypto::tink::KeyData; -using ::google::crypto::tink::Keyset; -using ::google::crypto::tink::KeyStatusType; -using ::google::crypto::tink::KeyTemplate; -using ::google::crypto::tink::OutputPrefixType; class Fips1402Test : public ::testing::Test { protected: @@ -97,36 +91,19 @@ TEST_F(Fips1402Test, NonFipsTypeNotPresent) { StatusIs(absl::StatusCode::kNotFound)); } -TEST_F(Fips1402Test, NewKeyDataAndGetPrimitive) { +TEST_F(Fips1402Test, GenerateNewKeysetHandleAndGetPrimitive) { if (!internal::IsFipsEnabledInSsl()) { GTEST_SKIP() << "Only test in FIPS mode"; } - // TODO(b/265705174): Replace with KeysetHandle::GenerateNew once that takes a - // config parameter. - util::StatusOr<const internal::KeyTypeInfoStore*> store = - internal::ConfigurationImpl::GetKeyTypeInfoStore(ConfigFips140_2()); - ASSERT_THAT(store, IsOk()); - KeyTemplate templ = AeadKeyTemplates::Aes128Gcm(); - util::StatusOr<internal::KeyTypeInfoStore::Info*> info = - (*store)->Get(templ.type_url()); - ASSERT_THAT(info, IsOk()); - - util::StatusOr<std::unique_ptr<KeyData>> key_data = - (*info)->key_factory().NewKeyData(templ.value()); - ASSERT_THAT(key_data, IsOk()); - - Keyset keyset; - uint32_t key_id = 0; - test::AddKeyData(**key_data, key_id, OutputPrefixType::TINK, - KeyStatusType::ENABLED, &keyset); - keyset.set_primary_key_id(key_id); - - std::unique_ptr<KeysetHandle> handle = - TestKeysetHandle::GetKeysetHandle(keyset); + util::StatusOr<std::unique_ptr<KeysetHandle>> handle = + KeysetHandle::GenerateNew(AeadKeyTemplates::Aes128Gcm(), + KeyGenConfigFips140_2()); + ASSERT_THAT(handle, IsOk()); + util::StatusOr<std::unique_ptr<Aead>> aead = - handle->GetPrimitive<Aead>(ConfigFips140_2()); - EXPECT_THAT(aead, IsOk()); + (*handle)->GetPrimitive<Aead>(ConfigFips140_2()); + ASSERT_THAT(aead, IsOk()); std::string plaintext = "plaintext"; std::string ad = "ad"; diff --git a/cc/config/key_gen_fips_140_2_test.cc b/cc/config/key_gen_fips_140_2_test.cc index 3b9994cb6..1afb144c4 100644 --- a/cc/config/key_gen_fips_140_2_test.cc +++ b/cc/config/key_gen_fips_140_2_test.cc @@ -16,8 +16,6 @@ #include "tink/config/key_gen_fips_140_2.h" -#include <memory> - #include "gmock/gmock.h" #include "gtest/gtest.h" #include "tink/aead/aead_key_templates.h" @@ -25,6 +23,7 @@ #include "tink/aead/aes_gcm_key_manager.h" #include "tink/internal/fips_utils.h" #include "tink/internal/key_gen_configuration_impl.h" +#include "tink/keyset_handle.h" #include "tink/mac/aes_cmac_key_manager.h" #include "tink/mac/hmac_key_manager.h" #include "tink/prf/hmac_prf_key_manager.h" @@ -32,7 +31,6 @@ #include "tink/signature/rsa_ssa_pkcs1_verify_key_manager.h" #include "tink/signature/rsa_ssa_pss_verify_key_manager.h" #include "tink/util/test_matchers.h" -#include "proto/tink.pb.h" namespace crypto { namespace tink { @@ -40,8 +38,6 @@ namespace { using ::crypto::tink::test::IsOk; using ::crypto::tink::test::StatusIs; -using ::google::crypto::tink::KeyData; -using ::google::crypto::tink::KeyTemplate; class KeyGenFips1402Test : public testing::Test { protected: @@ -92,25 +88,14 @@ TEST_F(KeyGenFips1402Test, NonFipsTypeNotPresent) { StatusIs(absl::StatusCode::kNotFound)); } -TEST_F(KeyGenFips1402Test, NewKeyData) { +TEST_F(KeyGenFips1402Test, GenerateNewKeysetHandle) { if (!internal::IsFipsEnabledInSsl()) { GTEST_SKIP() << "Only test in FIPS mode"; } - // TODO(b/265705174): Replace with KeysetHandle::GenerateNew once that takes a - // config parameter. - util::StatusOr<const internal::KeyTypeInfoStore*> store = - internal::KeyGenConfigurationImpl::GetKeyTypeInfoStore( - KeyGenConfigFips140_2()); - ASSERT_THAT(store, IsOk()); - KeyTemplate templ = AeadKeyTemplates::Aes128Gcm(); - util::StatusOr<internal::KeyTypeInfoStore::Info*> info = - (*store)->Get(templ.type_url()); - ASSERT_THAT(info, IsOk()); - - util::StatusOr<std::unique_ptr<KeyData>> key_data = - (*info)->key_factory().NewKeyData(templ.value()); - EXPECT_THAT(key_data, IsOk()); + EXPECT_THAT(KeysetHandle::GenerateNew(AeadKeyTemplates::Aes128Gcm(), + KeyGenConfigFips140_2()), + IsOk()); } } // namespace |