Use KeysetHandle::GenerateNew in FIPS 140.2 config tests.

PiperOrigin-RevId: 547564102
author: cinlin <cinlin@google.com> 2023-07-12 12:07:08 -0700
committer: Copybara-Service <copybara-worker@google.com> 2023-07-12 12:08:46 -0700
commit: dec6e09a0954c6304d8399611aaeba422525cf7b (patch)
tree: 85383d6ed2b563c6c104123f3c9330f6e995286e /cc
parent: 0e9389502f056465bf5b2a7bc19f481c2043d064 (diff)
download: tink-dec6e09a0954c6304d8399611aaeba422525cf7b.tar.gz
4 files changed, 21 insertions, 61 deletions
diff --git a/cc/config/BUILD.bazel b/cc/config/BUILD.bazel
index dbf671baa..549b1c6c7 100644
--- a/cc/config/BUILD.bazel
+++ b/cc/config/BUILD.bazel
@@ -250,6 +250,8 @@ cc_test(
     srcs = ["fips_140_2_test.cc"],
     deps = [
         ":fips_140_2",
+        ":key_gen_fips_140_2",
+        "//:keyset_handle",
         "//aead:aead_key_templates",
         "//aead:aes_ctr_hmac_aead_key_manager",
         "//aead:aes_gcm_key_manager",
@@ -259,13 +261,10 @@ cc_test(
         "//mac:aes_cmac_key_manager",
         "//mac:hmac_key_manager",
         "//prf:hmac_prf_key_manager",
-        "//proto:tink_cc_proto",
         "//signature:ecdsa_verify_key_manager",
         "//signature:rsa_ssa_pkcs1_verify_key_manager",
         "//signature:rsa_ssa_pss_verify_key_manager",
-        "//util:test_keyset_handle",
         "//util:test_matchers",
-        "//util:test_util",
         "@com_google_googletest//:gtest_main",
     ],
 )
@@ -275,6 +274,7 @@ cc_test(
     srcs = ["key_gen_fips_140_2_test.cc"],
     deps = [
         ":key_gen_fips_140_2",
+        "//:keyset_handle",
         "//aead:aead_key_templates",
         "//aead:aes_ctr_hmac_aead_key_manager",
         "//aead:aes_gcm_key_manager",
@@ -283,7 +283,6 @@ cc_test(
         "//mac:aes_cmac_key_manager",
         "//mac:hmac_key_manager",
         "//prf:hmac_prf_key_manager",
-        "//proto:tink_cc_proto",
         "//signature:ecdsa_verify_key_manager",
         "//signature:rsa_ssa_pkcs1_verify_key_manager",
         "//signature:rsa_ssa_pss_verify_key_manager",
diff --git a/cc/config/CMakeLists.txt b/cc/config/CMakeLists.txt
index b8a3ba97e..80f34c4b9 100644
--- a/cc/config/CMakeLists.txt
+++ b/cc/config/CMakeLists.txt
@@ -233,7 +233,9 @@ tink_cc_test(
     fips_140_2_test.cc
   DEPS
     tink::config::fips_140_2
+    tink::config::key_gen_fips_140_2
     gmock
+    tink::core::keyset_handle
     tink::aead::aead_key_templates
     tink::aead::aes_ctr_hmac_aead_key_manager
     tink::aead::aes_gcm_key_manager
@@ -246,10 +248,7 @@ tink_cc_test(
     tink::signature::ecdsa_verify_key_manager
     tink::signature::rsa_ssa_pkcs1_verify_key_manager
     tink::signature::rsa_ssa_pss_verify_key_manager
-    tink::util::test_keyset_handle
     tink::util::test_matchers
-    tink::util::test_util
-    tink::proto::tink_cc_proto
 )
 
 tink_cc_test(
@@ -259,6 +258,7 @@ tink_cc_test(
   DEPS
     tink::config::key_gen_fips_140_2
     gmock
+    tink::core::keyset_handle
     tink::aead::aead_key_templates
     tink::aead::aes_ctr_hmac_aead_key_manager
     tink::aead::aes_gcm_key_manager
@@ -271,7 +271,6 @@ tink_cc_test(
     tink::signature::rsa_ssa_pkcs1_verify_key_manager
     tink::signature::rsa_ssa_pss_verify_key_manager
     tink::util::test_matchers
-    tink::proto::tink_cc_proto
 )
 
 tink_cc_test(
diff --git a/cc/config/fips_140_2_test.cc b/cc/config/fips_140_2_test.cc
index 7f134c977..c897b38a2 100644
--- a/cc/config/fips_140_2_test.cc
+++ b/cc/config/fips_140_2_test.cc
@@ -24,19 +24,18 @@
 #include "tink/aead/aead_key_templates.h"
 #include "tink/aead/aes_ctr_hmac_aead_key_manager.h"
 #include "tink/aead/aes_gcm_key_manager.h"
+#include "tink/config/key_gen_fips_140_2.h"
 #include "tink/internal/configuration_impl.h"
 #include "tink/internal/fips_utils.h"
 #include "tink/internal/key_type_info_store.h"
+#include "tink/keyset_handle.h"
 #include "tink/mac/aes_cmac_key_manager.h"
 #include "tink/mac/hmac_key_manager.h"
 #include "tink/prf/hmac_prf_key_manager.h"
 #include "tink/signature/ecdsa_verify_key_manager.h"
 #include "tink/signature/rsa_ssa_pkcs1_verify_key_manager.h"
 #include "tink/signature/rsa_ssa_pss_verify_key_manager.h"
-#include "tink/util/test_keyset_handle.h"
 #include "tink/util/test_matchers.h"
-#include "tink/util/test_util.h"
-#include "proto/tink.pb.h"
 
 namespace crypto {
 namespace tink {
@@ -45,11 +44,6 @@ namespace {
 using ::crypto::tink::test::IsOk;
 using ::crypto::tink::test::IsOkAndHolds;
 using ::crypto::tink::test::StatusIs;
-using ::google::crypto::tink::KeyData;
-using ::google::crypto::tink::Keyset;
-using ::google::crypto::tink::KeyStatusType;
-using ::google::crypto::tink::KeyTemplate;
-using ::google::crypto::tink::OutputPrefixType;
 
 class Fips1402Test : public ::testing::Test {
  protected:
@@ -97,36 +91,19 @@ TEST_F(Fips1402Test, NonFipsTypeNotPresent) {
               StatusIs(absl::StatusCode::kNotFound));
 }
 
-TEST_F(Fips1402Test, NewKeyDataAndGetPrimitive) {
+TEST_F(Fips1402Test, GenerateNewKeysetHandleAndGetPrimitive) {
   if (!internal::IsFipsEnabledInSsl()) {
     GTEST_SKIP() << "Only test in FIPS mode";
   }
 
-  // TODO(b/265705174): Replace with KeysetHandle::GenerateNew once that takes a
-  // config parameter.
-  util::StatusOr<const internal::KeyTypeInfoStore*> store =
-      internal::ConfigurationImpl::GetKeyTypeInfoStore(ConfigFips140_2());
-  ASSERT_THAT(store, IsOk());
-  KeyTemplate templ = AeadKeyTemplates::Aes128Gcm();
-  util::StatusOr<internal::KeyTypeInfoStore::Info*> info =
-      (*store)->Get(templ.type_url());
-  ASSERT_THAT(info, IsOk());
-
-  util::StatusOr<std::unique_ptr<KeyData>> key_data =
-      (*info)->key_factory().NewKeyData(templ.value());
-  ASSERT_THAT(key_data, IsOk());
-
-  Keyset keyset;
-  uint32_t key_id = 0;
-  test::AddKeyData(**key_data, key_id, OutputPrefixType::TINK,
-                   KeyStatusType::ENABLED, &keyset);
-  keyset.set_primary_key_id(key_id);
-
-  std::unique_ptr<KeysetHandle> handle =
-      TestKeysetHandle::GetKeysetHandle(keyset);
+  util::StatusOr<std::unique_ptr<KeysetHandle>> handle =
+      KeysetHandle::GenerateNew(AeadKeyTemplates::Aes128Gcm(),
+                                KeyGenConfigFips140_2());
+  ASSERT_THAT(handle, IsOk());
+
   util::StatusOr<std::unique_ptr<Aead>> aead =
-      handle->GetPrimitive<Aead>(ConfigFips140_2());
-  EXPECT_THAT(aead, IsOk());
+      (*handle)->GetPrimitive<Aead>(ConfigFips140_2());
+  ASSERT_THAT(aead, IsOk());
 
   std::string plaintext = "plaintext";
   std::string ad = "ad";
diff --git a/cc/config/key_gen_fips_140_2_test.cc b/cc/config/key_gen_fips_140_2_test.cc
index 3b9994cb6..1afb144c4 100644
--- a/cc/config/key_gen_fips_140_2_test.cc
+++ b/cc/config/key_gen_fips_140_2_test.cc
@@ -16,8 +16,6 @@
 
 #include "tink/config/key_gen_fips_140_2.h"
 
-#include <memory>
-
 #include "gmock/gmock.h"
 #include "gtest/gtest.h"
 #include "tink/aead/aead_key_templates.h"
@@ -25,6 +23,7 @@
 #include "tink/aead/aes_gcm_key_manager.h"
 #include "tink/internal/fips_utils.h"
 #include "tink/internal/key_gen_configuration_impl.h"
+#include "tink/keyset_handle.h"
 #include "tink/mac/aes_cmac_key_manager.h"
 #include "tink/mac/hmac_key_manager.h"
 #include "tink/prf/hmac_prf_key_manager.h"
@@ -32,7 +31,6 @@
 #include "tink/signature/rsa_ssa_pkcs1_verify_key_manager.h"
 #include "tink/signature/rsa_ssa_pss_verify_key_manager.h"
 #include "tink/util/test_matchers.h"
-#include "proto/tink.pb.h"
 
 namespace crypto {
 namespace tink {
@@ -40,8 +38,6 @@ namespace {
 
 using ::crypto::tink::test::IsOk;
 using ::crypto::tink::test::StatusIs;
-using ::google::crypto::tink::KeyData;
-using ::google::crypto::tink::KeyTemplate;
 
 class KeyGenFips1402Test : public testing::Test {
  protected:
@@ -92,25 +88,14 @@ TEST_F(KeyGenFips1402Test, NonFipsTypeNotPresent) {
               StatusIs(absl::StatusCode::kNotFound));
 }
 
-TEST_F(KeyGenFips1402Test, NewKeyData) {
+TEST_F(KeyGenFips1402Test, GenerateNewKeysetHandle) {
   if (!internal::IsFipsEnabledInSsl()) {
     GTEST_SKIP() << "Only test in FIPS mode";
   }
 
-  // TODO(b/265705174): Replace with KeysetHandle::GenerateNew once that takes a
-  // config parameter.
-  util::StatusOr<const internal::KeyTypeInfoStore*> store =
-      internal::KeyGenConfigurationImpl::GetKeyTypeInfoStore(
-          KeyGenConfigFips140_2());
-  ASSERT_THAT(store, IsOk());
-  KeyTemplate templ = AeadKeyTemplates::Aes128Gcm();
-  util::StatusOr<internal::KeyTypeInfoStore::Info*> info =
-      (*store)->Get(templ.type_url());
-  ASSERT_THAT(info, IsOk());
-
-  util::StatusOr<std::unique_ptr<KeyData>> key_data =
-      (*info)->key_factory().NewKeyData(templ.value());
-  EXPECT_THAT(key_data, IsOk());
+  EXPECT_THAT(KeysetHandle::GenerateNew(AeadKeyTemplates::Aes128Gcm(),
+                                        KeyGenConfigFips140_2()),
+              IsOk());
 }
 
 }  // namespace
author	cinlin <cinlin@google.com>	2023-07-12 12:07:08 -0700
committer	Copybara-Service <copybara-worker@google.com>	2023-07-12 12:08:46 -0700
commit	dec6e09a0954c6304d8399611aaeba422525cf7b (patch)
tree	85383d6ed2b563c6c104123f3c9330f6e995286e /cc
parent	0e9389502f056465bf5b2a7bc19f481c2043d064 (diff)
download	tink-dec6e09a0954c6304d8399611aaeba422525cf7b.tar.gz