Migrate the AesGcmHkdfStreamingManager to a KeyTypeManager.

PiperOrigin-RevId: 261895895
zhenleisun · Aug 6, 2019 · 6932e91 · 6932e91
1 parent 7c012dd
commit 6932e91
Show file tree

Hide file tree

Showing 7 changed files with 286 additions and 387 deletions.
diff --git a/cc/streamingaead/BUILD.bazel b/cc/streamingaead/BUILD.bazel
@@ -63,19 +63,19 @@ cc_library(
     include_prefix = "tink",
     strip_include_prefix = "/cc",
     deps = [
+        "//cc:core/key_type_manager",
         "//cc:key_manager",
-        "//cc:key_manager_base",
         "//cc:streaming_aead",
         "//cc/subtle:aes_gcm_hkdf_streaming",
         "//cc/subtle:random",
+        "//cc/util:constants",
         "//cc/util:enums",
         "//cc/util:errors",
         "//cc/util:protobuf_helper",
         "//cc/util:status",
         "//cc/util:statusor",
         "//cc/util:validation",
         "//proto:aes_gcm_hkdf_streaming_cc_proto",
-        "//proto:common_cc_proto",
         "//proto:tink_cc_proto",
         "@com_google_absl//absl/strings",
     ],
@@ -199,12 +199,16 @@ cc_test(
     deps = [
         ":aes_gcm_hkdf_streaming_key_manager",
         "//cc:streaming_aead",
+        "//cc/subtle:aes_gcm_hkdf_streaming",
+        "//cc/subtle:common_enums",
         "//cc/subtle:random",
+        "//cc/subtle:streaming_aead_test_util",
         "//cc/subtle:test_util",
         "//cc/util:istream_input_stream",
         "//cc/util:ostream_output_stream",
         "//cc/util:status",
         "//cc/util:statusor",
+        "//cc/util:test_matchers",
         "//proto:aes_eax_cc_proto",
         "//proto:aes_gcm_hkdf_streaming_cc_proto",
         "//proto:common_cc_proto",
@@ -221,6 +225,7 @@ cc_test(
     deps = [
         ":aes_gcm_hkdf_streaming_key_manager",
         ":streaming_aead_key_templates",
+        "//cc/util:test_matchers",
         "//proto:aes_gcm_hkdf_streaming_cc_proto",
         "//proto:common_cc_proto",
         "//proto:tink_cc_proto",

diff --git a/cc/streamingaead/CMakeLists.txt b/cc/streamingaead/CMakeLists.txt
@@ -57,13 +57,13 @@ tink_cc_library(
   DEPS
     absl::strings
     tink::core::key_manager
-    tink::core::key_manager_base
+    tink::core::key_type_manager
     tink::core::streaming_aead
     tink::proto::aes_gcm_hkdf_streaming_cc_proto
-    tink::proto::common_cc_proto
     tink::proto::tink_cc_proto
     tink::subtle::aes_gcm_hkdf_streaming
     tink::subtle::random
+    tink::util::constants
     tink::util::enums
     tink::util::errors
     tink::util::protobuf_helper
@@ -178,12 +178,16 @@ tink_cc_test(
     tink::proto::common_cc_proto
     tink::proto::tink_cc_proto
     tink::streamingaead::aes_gcm_hkdf_streaming_key_manager
+    tink::subtle::aes_gcm_hkdf_streaming
+    tink::subtle::common_enums
     tink::subtle::random
+    tink::subtle::streaming_aead_test_util
     tink::subtle::test_util
     tink::util::istream_input_stream
     tink::util::ostream_output_stream
     tink::util::status
     tink::util::statusor
+    tink::util::test_matchers
 )
 
 tink_cc_test(
@@ -195,6 +199,7 @@ tink_cc_test(
     tink::proto::tink_cc_proto
     tink::streamingaead::aes_gcm_hkdf_streaming_key_manager
     tink::streamingaead::streaming_aead_key_templates
+    tink::util::test_matchers
 )
 
 tink_cc_test(

diff --git a/cc/streamingaead/aes_gcm_hkdf_streaming_key_manager.cc b/cc/streamingaead/aes_gcm_hkdf_streaming_key_manager.cc
@@ -16,20 +16,8 @@
 
 #include "tink/streamingaead/aes_gcm_hkdf_streaming_key_manager.h"
 
-#include "absl/strings/string_view.h"
-#include "tink/key_manager.h"
-#include "tink/streaming_aead.h"
-#include "tink/subtle/aes_gcm_hkdf_streaming.h"
 #include "tink/subtle/random.h"
-#include "tink/util/enums.h"
-#include "tink/util/errors.h"
-#include "tink/util/protobuf_helper.h"
-#include "tink/util/status.h"
-#include "tink/util/statusor.h"
 #include "tink/util/validation.h"
-#include "proto/aes_gcm_hkdf_streaming.pb.h"
-#include "proto/common.pb.h"
-#include "proto/tink.pb.h"
 
 namespace crypto {
 namespace tink {
@@ -48,8 +36,7 @@ Status ValidateParams(const AesGcmHkdfStreamingParams& params) {
   if (!(params.hkdf_hash_type() == HashType::SHA1 ||
         params.hkdf_hash_type() == HashType::SHA256 ||
         params.hkdf_hash_type() == HashType::SHA512)) {
-    return Status(util::error::INVALID_ARGUMENT,
-                  "unsupported hkdf_hash_type");
+    return Status(util::error::INVALID_ARGUMENT, "unsupported hkdf_hash_type");
   }
   if (params.ciphertext_segment_size() <
       (params.derived_key_size() + 8) + 16) {  // header_size + tag_size
@@ -61,60 +48,21 @@ Status ValidateParams(const AesGcmHkdfStreamingParams& params) {
 
 }  // namespace
 
-class AesGcmHkdfStreamingKeyFactory : public KeyFactoryBase<
-    AesGcmHkdfStreamingKey, AesGcmHkdfStreamingKeyFormat> {
- public:
-  AesGcmHkdfStreamingKeyFactory() {}
-
-  KeyData::KeyMaterialType key_material_type() const override {
-    return KeyData::SYMMETRIC;
-  }
-
- protected:
-  StatusOr<std::unique_ptr<AesGcmHkdfStreamingKey>> NewKeyFromFormat(
-      const AesGcmHkdfStreamingKeyFormat& key_format) const override {
-    Status status = AesGcmHkdfStreamingKeyManager::Validate(key_format);
-    if (!status.ok()) return status;
-    auto key = absl::make_unique<AesGcmHkdfStreamingKey>();
-    key->set_version(AesGcmHkdfStreamingKeyManager::kVersion);
-    key->set_key_value(subtle::Random::GetRandomBytes(key_format.key_size()));
-    *key->mutable_params() = key_format.params();
-    return {std::move(key)};
-  }
+crypto::tink::util::StatusOr<google::crypto::tink::AesGcmHkdfStreamingKey>
+AesGcmHkdfStreamingKeyManager::CreateKey(
+    const google::crypto::tink::AesGcmHkdfStreamingKeyFormat& key_format)
+    const {
+  AesGcmHkdfStreamingKey key;
+  key.set_version(get_version());
+  key.set_key_value(subtle::Random::GetRandomBytes(key_format.key_size()));
+  *key.mutable_params() = key_format.params();
+  return key;
 };
 
-constexpr uint32_t AesGcmHkdfStreamingKeyManager::kVersion;
-
-AesGcmHkdfStreamingKeyManager::AesGcmHkdfStreamingKeyManager()
-    : key_factory_(absl::make_unique<AesGcmHkdfStreamingKeyFactory>()) {}
 
-uint32_t AesGcmHkdfStreamingKeyManager::get_version() const {
-  return kVersion;
-}
-
-const KeyFactory& AesGcmHkdfStreamingKeyManager::get_key_factory() const {
-  return *key_factory_;
-}
-
-StatusOr<std::unique_ptr<StreamingAead>>
-AesGcmHkdfStreamingKeyManager::GetPrimitiveFromKey(
+Status AesGcmHkdfStreamingKeyManager::ValidateKey(
     const AesGcmHkdfStreamingKey& key) const {
-  Status status = Validate(key);
-  if (!status.ok()) return status;
-  auto streaming_result = subtle::AesGcmHkdfStreaming::New(
-      key.key_value(),
-      util::Enums::ProtoToSubtle(key.params().hkdf_hash_type()),
-      key.params().derived_key_size(),
-      key.params().ciphertext_segment_size(),
-      /* ciphertext_offset = */ 0);
-  if (!streaming_result.ok()) return streaming_result.status();
-  return {std::move(streaming_result.ValueOrDie())};
-}
-
-// static
-Status AesGcmHkdfStreamingKeyManager::Validate(
-    const AesGcmHkdfStreamingKey& key) {
-  Status status = ValidateVersion(key.version(), kVersion);
+  Status status = ValidateVersion(key.version(), get_version());
   if (!status.ok()) return status;
   if (key.key_value().size() < key.params().derived_key_size()) {
     return Status(util::error::INVALID_ARGUMENT,
@@ -123,11 +71,9 @@ Status AesGcmHkdfStreamingKeyManager::Validate(
   return ValidateParams(key.params());
 }
 
-// static
-Status AesGcmHkdfStreamingKeyManager::Validate(
-    const AesGcmHkdfStreamingKeyFormat& key_format) {
-  if (key_format.key_size() <
-      key_format.params().derived_key_size()) {
+Status AesGcmHkdfStreamingKeyManager::ValidateKeyFormat(
+    const AesGcmHkdfStreamingKeyFormat& key_format) const {
+  if (key_format.key_size() < key_format.params().derived_key_size()) {
     return Status(util::error::INVALID_ARGUMENT,
                   "key_size must not be smaller than derived_key_size");
   }

diff --git a/cc/streamingaead/aes_gcm_hkdf_streaming_key_manager.h b/cc/streamingaead/aes_gcm_hkdf_streaming_key_manager.h
@@ -20,9 +20,12 @@
 #include <vector>
 
 #include "absl/strings/string_view.h"
-#include "tink/core/key_manager_base.h"
+#include "tink/core/key_type_manager.h"
 #include "tink/key_manager.h"
 #include "tink/streaming_aead.h"
+#include "tink/subtle/aes_gcm_hkdf_streaming.h"
+#include "tink/util/constants.h"
+#include "tink/util/enums.h"
 #include "tink/util/errors.h"
 #include "tink/util/protobuf_helper.h"
 #include "tink/util/status.h"
@@ -33,34 +36,61 @@
 namespace crypto {
 namespace tink {
 
-class AesGcmHkdfStreamingKeyManager : public KeyManagerBase<
-    StreamingAead, google::crypto::tink::AesGcmHkdfStreamingKey> {
+class AesGcmHkdfStreamingKeyManager
+    : public KeyTypeManager<google::crypto::tink::AesGcmHkdfStreamingKey,
+                            google::crypto::tink::AesGcmHkdfStreamingKeyFormat,
+                            List<StreamingAead>> {
  public:
-  static constexpr uint32_t kVersion = 0;
+  class AesGcmHkdfStreamingKeyManagerFactory
+      : public PrimitiveFactory<StreamingAead> {
+    crypto::tink::util::StatusOr<std::unique_ptr<StreamingAead>> Create(
+        const google::crypto::tink::AesGcmHkdfStreamingKey& key)
+        const override {
+      auto streaming_result = crypto::tink::subtle::AesGcmHkdfStreaming::New(
+          key.key_value(),
+          crypto::tink::util::Enums::ProtoToSubtle(
+              key.params().hkdf_hash_type()),
+          key.params().derived_key_size(),
+          key.params().ciphertext_segment_size(),
+          /* ciphertext_offset = */ 0);
+      if (!streaming_result.ok()) return streaming_result.status();
+      return {std::move(streaming_result.ValueOrDie())};
+    }
+  };
 
-  AesGcmHkdfStreamingKeyManager();
+  AesGcmHkdfStreamingKeyManager()
+      : KeyTypeManager(
+            absl::make_unique<AesGcmHkdfStreamingKeyManager::
+                                  AesGcmHkdfStreamingKeyManagerFactory>()) {}
 
   // Returns the version of this key manager.
-  uint32_t get_version() const override;
+  uint32_t get_version() const override { return 0; }
 
-  // Returns a factory that generates keys of the key type
-  // handled by this manager.
-  const KeyFactory& get_key_factory() const override;
+  google::crypto::tink::KeyData::KeyMaterialType key_material_type()
+      const override {
+    return google::crypto::tink::KeyData::SYMMETRIC;
+  }
 
-  ~AesGcmHkdfStreamingKeyManager() override {}
+  const std::string& get_key_type() const override { return key_type_; }
 
- protected:
-  crypto::tink::util::StatusOr<std::unique_ptr<StreamingAead>>
-  GetPrimitiveFromKey(
+  crypto::tink::util::Status ValidateKey(
       const google::crypto::tink::AesGcmHkdfStreamingKey& key) const override;
 
- private:
-  friend class AesGcmHkdfStreamingKeyFactory;
+  crypto::tink::util::Status ValidateKeyFormat(
+      const google::crypto::tink::AesGcmHkdfStreamingKeyFormat& key_format)
+      const override;
 
-  std::unique_ptr<KeyFactory> key_factory_;
+  crypto::tink::util::StatusOr<google::crypto::tink::AesGcmHkdfStreamingKey>
+  CreateKey(const google::crypto::tink::AesGcmHkdfStreamingKeyFormat&
+                key_format) const override;
+
+  ~AesGcmHkdfStreamingKeyManager() override {}
+
+ private:
+  const std::string key_type_ = absl::StrCat(
+      kTypeGoogleapisCom,
+      google::crypto::tink::AesGcmHkdfStreamingKey().GetTypeName());
 
-  static crypto::tink::util::Status Validate(
-      const google::crypto::tink::AesGcmHkdfStreamingKey& key);
   static crypto::tink::util::Status Validate(
       const google::crypto::tink::AesGcmHkdfStreamingKeyFormat& key_format);
 };