Register AES-SIV proto serialization.

PiperOrigin-RevId: 543762957 Change-Id: I578dcf3e529eee7c48bb99da5dc390d35f043759
tink-crypto · Jun 27, 2023 · 071566f · 071566f
1 parent 5e7b057
commit 071566f
Show file tree

Hide file tree

Showing 4 changed files with 126 additions and 5 deletions.
diff --git a/tink/daead/BUILD.bazel b/tink/daead/BUILD.bazel
@@ -56,9 +56,9 @@ cc_library(
     visibility = ["//visibility:public"],
     deps = [
         ":aes_siv_key_manager",
+        ":aes_siv_proto_serialization",
         ":deterministic_aead_wrapper",
         "//tink:registry",
-        "//tink/config:config_util",
         "//tink/config:tink_fips",
         "//proto:config_cc_proto",
         "//tink/util:status",
@@ -228,13 +228,20 @@ cc_test(
     srcs = ["deterministic_aead_config_test.cc"],
     tags = ["fips"],
     deps = [
+        ":aes_siv_key",
         ":aes_siv_key_manager",
+        ":aes_siv_parameters",
         ":deterministic_aead_config",
         ":deterministic_aead_key_templates",
         "//tink:deterministic_aead",
+        "//tink:insecure_secret_key_access",
         "//tink:keyset_handle",
+        "//tink:partial_key_access",
         "//tink:registry",
         "//tink/config:tink_fips",
+        "//tink/internal:mutable_serialization_registry",
+        "//tink/internal:proto_key_serialization",
+        "//tink/internal:proto_parameters_serialization",
         "//tink/util:status",
         "//tink/util:test_matchers",
         "//tink/util:test_util",

diff --git a/tink/daead/CMakeLists.txt b/tink/daead/CMakeLists.txt
@@ -53,11 +53,11 @@ tink_cc_library(
     deterministic_aead_config.h
   DEPS
     tink::daead::aes_siv_key_manager
+    tink::daead::aes_siv_proto_serialization
     tink::daead::deterministic_aead_wrapper
     absl::core_headers
     absl::memory
     tink::core::registry
-    tink::config::config_util
     tink::config::tink_fips
     tink::util::status
     tink::proto::config_cc_proto
@@ -214,15 +214,22 @@ tink_cc_test(
   SRCS
     deterministic_aead_config_test.cc
   DEPS
+    tink::daead::aes_siv_key
     tink::daead::aes_siv_key_manager
+    tink::daead::aes_siv_parameters
     tink::daead::deterministic_aead_config
     tink::daead::deterministic_aead_key_templates
     gmock
     absl::status
     tink::core::deterministic_aead
+    tink::core::insecure_secret_key_access
     tink::core::keyset_handle
+    tink::core::partial_key_access
     tink::core::registry
     tink::config::tink_fips
+    tink::internal::mutable_serialization_registry
+    tink::internal::proto_key_serialization
+    tink::internal::proto_parameters_serialization
     tink::util::status
     tink::util::test_matchers
     tink::util::test_util

diff --git a/tink/daead/deterministic_aead_config.cc b/tink/daead/deterministic_aead_config.cc
@@ -17,13 +17,12 @@
 #include "tink/daead/deterministic_aead_config.h"
 
 #include "absl/memory/memory.h"
-#include "tink/config/config_util.h"
 #include "tink/config/tink_fips.h"
 #include "tink/daead/aes_siv_key_manager.h"
+#include "tink/daead/aes_siv_proto_serialization.h"
 #include "tink/daead/deterministic_aead_wrapper.h"
 #include "tink/registry.h"
 #include "tink/util/status.h"
-#include "proto/config.pb.h"
 
 namespace crypto {
 namespace tink {
@@ -41,6 +40,9 @@ util::Status DeterministicAeadConfig::Register() {
       absl::make_unique<AesSivKeyManager>(), true);
   if (!status.ok()) return status;
 
+  status = RegisterAesSivProtoSerialization();
+  if (!status.ok()) return status;
+
   // Register primitive wrapper.
   return Registry::RegisterPrimitiveWrapper(
       absl::make_unique<DeterministicAeadWrapper>());

diff --git a/tink/daead/deterministic_aead_config_test.cc b/tink/daead/deterministic_aead_config_test.cc
@@ -17,16 +17,24 @@
 #include "tink/daead/deterministic_aead_config.h"
 
 #include <list>
+#include <memory>
 #include <utility>
 
 #include "gmock/gmock.h"
 #include "gtest/gtest.h"
 #include "absl/status/status.h"
 #include "tink/config/tink_fips.h"
+#include "tink/daead/aes_siv_key.h"
 #include "tink/daead/aes_siv_key_manager.h"
+#include "tink/daead/aes_siv_parameters.h"
 #include "tink/daead/deterministic_aead_key_templates.h"
 #include "tink/deterministic_aead.h"
+#include "tink/insecure_secret_key_access.h"
+#include "tink/internal/mutable_serialization_registry.h"
+#include "tink/internal/proto_key_serialization.h"
+#include "tink/internal/proto_parameters_serialization.h"
 #include "tink/keyset_handle.h"
+#include "tink/partial_key_access.h"
 #include "tink/registry.h"
 #include "tink/util/status.h"
 #include "tink/util/test_matchers.h"
@@ -39,11 +47,16 @@ namespace {
 using ::crypto::tink::test::DummyDeterministicAead;
 using ::crypto::tink::test::IsOk;
 using ::crypto::tink::test::StatusIs;
+using ::google::crypto::tink::KeyData;
+using ::google::crypto::tink::OutputPrefixType;
 using ::testing::Eq;
 
 class DeterministicAeadConfigTest : public ::testing::Test {
  protected:
-  void SetUp() override { Registry::Reset(); }
+  void SetUp() override {
+    Registry::Reset();
+    internal::MutableSerializationRegistry::GlobalInstance().Reset();
+  }
 };
 
 TEST_F(DeterministicAeadConfigTest, Basic) {
@@ -120,6 +133,98 @@ TEST_F(DeterministicAeadConfigTest, RegisterFipsValidTemplates) {
   }
 }
 
+TEST_F(DeterministicAeadConfigTest, AesSivProtoParamsSerializationRegistered) {
+  if (IsFipsModeEnabled()) {
+    GTEST_SKIP() << "Not supported in FIPS-only mode";
+  }
+
+  util::StatusOr<internal::ProtoParametersSerialization>
+      proto_params_serialization =
+          internal::ProtoParametersSerialization::Create(
+              DeterministicAeadKeyTemplates::Aes256Siv());
+  ASSERT_THAT(proto_params_serialization, IsOk());
+
+  util::StatusOr<std::unique_ptr<Parameters>> parsed_params =
+      internal::MutableSerializationRegistry::GlobalInstance().ParseParameters(
+          *proto_params_serialization);
+  ASSERT_THAT(parsed_params.status(), StatusIs(absl::StatusCode::kNotFound));
+
+  util::StatusOr<AesSivParameters> params = AesSivParameters::Create(
+      /*key_size_in_bytes=*/64, AesSivParameters::Variant::kTink);
+  ASSERT_THAT(params, IsOk());
+
+  util::StatusOr<std::unique_ptr<Serialization>> serialized_params =
+      internal::MutableSerializationRegistry::GlobalInstance()
+          .SerializeParameters<internal::ProtoParametersSerialization>(*params);
+  ASSERT_THAT(serialized_params.status(),
+              StatusIs(absl::StatusCode::kNotFound));
+
+  ASSERT_THAT(DeterministicAeadConfig::Register(), IsOk());
+
+  util::StatusOr<std::unique_ptr<Parameters>> parsed_params2 =
+      internal::MutableSerializationRegistry::GlobalInstance().ParseParameters(
+          *proto_params_serialization);
+  ASSERT_THAT(parsed_params2, IsOk());
+
+  util::StatusOr<std::unique_ptr<Serialization>> serialized_params2 =
+      internal::MutableSerializationRegistry::GlobalInstance()
+          .SerializeParameters<internal::ProtoParametersSerialization>(*params);
+  ASSERT_THAT(serialized_params2, IsOk());
+}
+
+TEST_F(DeterministicAeadConfigTest, AesSivProtoKeySerializationRegistered) {
+  if (IsFipsModeEnabled()) {
+    GTEST_SKIP() << "Not supported in FIPS-only mode";
+  }
+
+  google::crypto::tink::AesSivKey key_proto;
+  key_proto.set_version(0);
+  key_proto.set_key_value(subtle::Random::GetRandomBytes(64));
+
+  util::StatusOr<internal::ProtoKeySerialization> proto_key_serialization =
+      internal::ProtoKeySerialization::Create(
+          "type.googleapis.com/google.crypto.tink.AesSivKey",
+          RestrictedData(key_proto.SerializeAsString(),
+                         InsecureSecretKeyAccess::Get()),
+          KeyData::SYMMETRIC, OutputPrefixType::TINK, /*id_requirement=*/123);
+  ASSERT_THAT(proto_key_serialization, IsOk());
+
+  util::StatusOr<std::unique_ptr<Key>> parsed_key =
+      internal::MutableSerializationRegistry::GlobalInstance().ParseKey(
+          *proto_key_serialization, InsecureSecretKeyAccess::Get());
+  ASSERT_THAT(parsed_key.status(), StatusIs(absl::StatusCode::kNotFound));
+
+  util::StatusOr<AesSivParameters> params = AesSivParameters::Create(
+      /*key_size_in_bytes=*/64, AesSivParameters::Variant::kTink);
+  ASSERT_THAT(params, IsOk());
+
+  util::StatusOr<AesSivKey> key =
+      AesSivKey::Create(*params,
+                        RestrictedData(subtle::Random::GetRandomBytes(64),
+                                       InsecureSecretKeyAccess::Get()),
+                        /*id_requirement=*/123, GetPartialKeyAccess());
+  ASSERT_THAT(key, IsOk());
+
+  util::StatusOr<std::unique_ptr<Serialization>> serialized_key =
+      internal::MutableSerializationRegistry::GlobalInstance()
+          .SerializeKey<internal::ProtoKeySerialization>(
+              *key, InsecureSecretKeyAccess::Get());
+  ASSERT_THAT(serialized_key.status(), StatusIs(absl::StatusCode::kNotFound));
+
+  ASSERT_THAT(DeterministicAeadConfig::Register(), IsOk());
+
+  util::StatusOr<std::unique_ptr<Key>> parsed_key2 =
+      internal::MutableSerializationRegistry::GlobalInstance().ParseKey(
+          *proto_key_serialization, InsecureSecretKeyAccess::Get());
+  ASSERT_THAT(parsed_key2, IsOk());
+
+  util::StatusOr<std::unique_ptr<Serialization>> serialized_key2 =
+      internal::MutableSerializationRegistry::GlobalInstance()
+          .SerializeKey<internal::ProtoKeySerialization>(
+              *key, InsecureSecretKeyAccess::Get());
+  ASSERT_THAT(serialized_key2, IsOk());
+}
+
 }  // namespace
 }  // namespace tink
 }  // namespace crypto