Add global immutable serialization registry.

More key types will be registered in the future as we add support for registering those key types with immutable serialization registries. PiperOrigin-RevId: 697619164 Change-Id: Ibab04b04e398abe48b0f47e42a01db588593da4a
tink-crypto · Nov 18, 2024 · 8bb2995 · 8bb2995
1 parent e1c0ab1
commit 8bb2995
Show file tree

Hide file tree

Showing 5 changed files with 383 additions and 0 deletions.
diff --git a/tink/internal/BUILD.bazel b/tink/internal/BUILD.bazel
@@ -1842,3 +1842,54 @@ cc_library(
         "//tink:secret_key_access_token",
     ],
 )
+
+cc_library(
+    name = "global_serialization_registry",
+    srcs = ["global_serialization_registry.cc"],
+    hdrs = ["global_serialization_registry.h"],
+    include_prefix = "tink/internal",
+    deps = [
+        ":serialization_registry",
+        "//tink/aead/internal:chacha20_poly1305_proto_serialization_impl",
+        "//tink/aead/internal:legacy_kms_aead_proto_serialization_impl",
+        "//tink/aead/internal:x_aes_gcm_proto_serialization_impl",
+        "//tink/aead/internal:xchacha20_poly1305_proto_serialization_impl",
+        "//tink/prf/internal:aes_cmac_prf_proto_serialization_impl",
+        "//tink/prf/internal:hkdf_prf_proto_serialization_impl",
+        "//tink/prf/internal:hmac_prf_proto_serialization_impl",
+        "@com_google_absl//absl/log:check",
+    ],
+)
+
+cc_test(
+    name = "global_serialization_registry_test",
+    srcs = ["global_serialization_registry_test.cc"],
+    deps = [
+        ":global_serialization_registry",
+        ":internal_insecure_secret_key_access",
+        ":proto_key_serialization",
+        ":serialization",
+        "//tink:key",
+        "//tink:partial_key_access",
+        "//tink:restricted_data",
+        "//tink/aead:chacha20_poly1305_key",
+        "//tink/aead:chacha20_poly1305_parameters",
+        "//tink/aead:legacy_kms_aead_key",
+        "//tink/aead:legacy_kms_aead_parameters",
+        "//tink/aead:x_aes_gcm_key",
+        "//tink/aead:x_aes_gcm_parameters",
+        "//tink/aead:xchacha20_poly1305_key",
+        "//tink/aead:xchacha20_poly1305_parameters",
+        "//tink/prf:aes_cmac_prf_key",
+        "//tink/prf:hkdf_prf_key",
+        "//tink/prf:hkdf_prf_parameters",
+        "//tink/prf:hmac_prf_key",
+        "//tink/prf:hmac_prf_parameters",
+        "//tink/util:statusor",
+        "//tink/util:test_matchers",
+        "@com_google_absl//absl/log:check",
+        "@com_google_absl//absl/memory",
+        "@com_google_absl//absl/types:optional",
+        "@com_google_googletest//:gtest_main",
+    ],
+)
diff --git a/tink/internal/CMakeLists.txt b/tink/internal/CMakeLists.txt
@@ -1772,3 +1772,53 @@ tink_cc_library(
     tink::core::insecure_secret_key_access
     tink::core::secret_key_access_token
 )
+
+tink_cc_library(
+  NAME global_serialization_registry
+  SRCS
+    global_serialization_registry.cc
+    global_serialization_registry.h
+  DEPS
+    tink::internal::serialization_registry
+    absl::check
+    tink::aead::internal::chacha20_poly1305_proto_serialization_impl
+    tink::aead::internal::legacy_kms_aead_proto_serialization_impl
+    tink::aead::internal::x_aes_gcm_proto_serialization_impl
+    tink::aead::internal::xchacha20_poly1305_proto_serialization_impl
+    tink::prf::internal::aes_cmac_prf_proto_serialization_impl
+    tink::prf::internal::hkdf_prf_proto_serialization_impl
+    tink::prf::internal::hmac_prf_proto_serialization_impl
+)
+
+tink_cc_test(
+  NAME global_serialization_registry_test
+  SRCS
+    global_serialization_registry_test.cc
+  DEPS
+    tink::internal::global_serialization_registry
+    tink::internal::internal_insecure_secret_key_access
+    tink::internal::proto_key_serialization
+    tink::internal::serialization
+    gmock
+    absl::check
+    absl::memory
+    absl::optional
+    tink::core::key
+    tink::core::partial_key_access
+    tink::core::restricted_data
+    tink::aead::chacha20_poly1305_key
+    tink::aead::chacha20_poly1305_parameters
+    tink::aead::legacy_kms_aead_key
+    tink::aead::legacy_kms_aead_parameters
+    tink::aead::x_aes_gcm_key
+    tink::aead::x_aes_gcm_parameters
+    tink::aead::xchacha20_poly1305_key
+    tink::aead::xchacha20_poly1305_parameters
+    tink::prf::aes_cmac_prf_key
+    tink::prf::hkdf_prf_key
+    tink::prf::hkdf_prf_parameters
+    tink::prf::hmac_prf_key
+    tink::prf::hmac_prf_parameters
+    tink::util::statusor
+    tink::util::test_matchers
+)
diff --git a/tink/internal/global_serialization_registry.cc b/tink/internal/global_serialization_registry.cc
@@ -0,0 +1,76 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+#include "tink/internal/global_serialization_registry.h"
+
+#include <utility>
+
+#include "absl/log/check.h"
+#include "tink/aead/internal/chacha20_poly1305_proto_serialization_impl.h"
+#include "tink/aead/internal/legacy_kms_aead_proto_serialization_impl.h"
+#include "tink/aead/internal/x_aes_gcm_proto_serialization_impl.h"
+#include "tink/aead/internal/xchacha20_poly1305_proto_serialization_impl.h"
+#include "tink/internal/serialization_registry.h"
+#include "tink/prf/internal/aes_cmac_prf_proto_serialization_impl.h"
+#include "tink/prf/internal/hkdf_prf_proto_serialization_impl.h"
+#include "tink/prf/internal/hmac_prf_proto_serialization_impl.h"
+
+namespace crypto {
+namespace tink {
+namespace internal {
+
+const SerializationRegistry& GlobalSerializationRegistry() {
+  static const SerializationRegistry* instance = [] {
+    SerializationRegistry::Builder builder;
+
+    // AEAD
+    CHECK_OK(
+        RegisterChaCha20Poly1305ProtoSerializationWithRegistryBuilder(builder));
+    CHECK_OK(
+        RegisterLegacyKmsAeadProtoSerializationWithRegistryBuilder(builder));
+    CHECK_OK(RegisterXAesGcmProtoSerializationWithRegistryBuilder(builder));
+    CHECK_OK(RegisterXChaCha20Poly1305ProtoSerializationWithRegistryBuilder(
+        builder));
+
+    // Deterministic AEAD
+
+    // Hybrid
+
+    // JWT
+
+    // Key derivation
+
+    // MAC
+
+    // PRF
+    CHECK_OK(RegisterAesCmacPrfProtoSerializationWithRegistryBuilder(builder));
+    CHECK_OK(RegisterHkdfPrfProtoSerializationWithRegistryBuilder(builder));
+    CHECK_OK(RegisterHmacPrfProtoSerializationWithRegistryBuilder(builder));
+
+    // Signature
+
+    // Streaming AEAD
+
+    static SerializationRegistry* registry =
+        new SerializationRegistry(std::move(builder).Build());
+    return registry;
+  }();
+  return *instance;
+}
+
+}  // namespace internal
+}  // namespace tink
+}  // namespace crypto
diff --git a/tink/internal/global_serialization_registry.h b/tink/internal/global_serialization_registry.h
@@ -0,0 +1,33 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+#ifndef TINK_INTERNAL_GLOBAL_SERIALIZATION_REGISTRY_H_
+#define TINK_INTERNAL_GLOBAL_SERIALIZATION_REGISTRY_H_
+
+#include "tink/internal/serialization_registry.h"
+
+namespace crypto {
+namespace tink {
+namespace internal {
+
+// Returns the global immutable serialization registry.
+const SerializationRegistry& GlobalSerializationRegistry();
+
+}  // namespace internal
+}  // namespace tink
+}  // namespace crypto
+
+#endif  // TINK_INTERNAL_GLOBAL_SERIALIZATION_REGISTRY_H_
diff --git a/tink/internal/global_serialization_registry_test.cc b/tink/internal/global_serialization_registry_test.cc
@@ -0,0 +1,173 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+#include "tink/internal/global_serialization_registry.h"
+
+#include <memory>
+
+#include "gmock/gmock.h"
+#include "gtest/gtest.h"
+#include "absl/log/check.h"
+#include "absl/memory/memory.h"
+#include "absl/types/optional.h"
+#include "tink/aead/chacha20_poly1305_key.h"
+#include "tink/aead/chacha20_poly1305_parameters.h"
+#include "tink/aead/legacy_kms_aead_key.h"
+#include "tink/aead/legacy_kms_aead_parameters.h"
+#include "tink/aead/x_aes_gcm_key.h"
+#include "tink/aead/x_aes_gcm_parameters.h"
+#include "tink/aead/xchacha20_poly1305_key.h"
+#include "tink/aead/xchacha20_poly1305_parameters.h"
+#include "tink/internal/internal_insecure_secret_key_access.h"
+#include "tink/internal/proto_key_serialization.h"
+#include "tink/internal/serialization.h"
+#include "tink/key.h"
+#include "tink/partial_key_access.h"
+#include "tink/prf/aes_cmac_prf_key.h"
+#include "tink/prf/hkdf_prf_key.h"
+#include "tink/prf/hkdf_prf_parameters.h"
+#include "tink/prf/hmac_prf_key.h"
+#include "tink/prf/hmac_prf_parameters.h"
+#include "tink/restricted_data.h"
+#include "tink/util/statusor.h"
+#include "tink/util/test_matchers.h"
+
+namespace crypto {
+namespace tink {
+namespace internal {
+namespace {
+
+using ::crypto::tink::test::IsOk;
+using ::testing::TestWithParam;
+using ::testing::Values;
+
+struct KeyTestVector {
+  std::shared_ptr<const Key> key;
+};
+
+std::unique_ptr<const AesCmacPrfKey> CreateAesCmacPrfKey() {
+  util::StatusOr<AesCmacPrfKey> key = AesCmacPrfKey::Create(
+      RestrictedData(/*num_random_bytes=*/32), GetPartialKeyAccess());
+  CHECK_OK(key);
+
+  return absl::make_unique<const AesCmacPrfKey>(*key);
+}
+
+std::unique_ptr<const ChaCha20Poly1305Key> CreateChaCha20Poly1305Key() {
+  util::StatusOr<ChaCha20Poly1305Key> key = ChaCha20Poly1305Key::Create(
+      ChaCha20Poly1305Parameters::Variant::kTink,
+      RestrictedData(/*num_random_bytes=*/32), /*id_requirement=*/123,
+      GetPartialKeyAccess());
+  CHECK_OK(key);
+
+  return absl::make_unique<const ChaCha20Poly1305Key>(*key);
+}
+
+std::unique_ptr<const HkdfPrfKey> CreateHkdfPrfKey() {
+  util::StatusOr<HkdfPrfParameters> parameters = HkdfPrfParameters::Create(
+      /*key_size_in_bytes=*/16, HkdfPrfParameters::HashType::kSha256,
+      /*salt=*/absl::nullopt);
+  CHECK_OK(parameters);
+
+  util::StatusOr<HkdfPrfKey> key =
+      HkdfPrfKey::Create(*parameters, RestrictedData(/*num_random_bytes=*/16),
+                         GetPartialKeyAccess());
+  CHECK_OK(key);
+
+  return absl::make_unique<const HkdfPrfKey>(*key);
+}
+
+std::unique_ptr<const HmacPrfKey> CreateHmacPrfKey() {
+  util::StatusOr<HmacPrfParameters> parameters = HmacPrfParameters::Create(
+      /*key_size_in_bytes=*/16, HmacPrfParameters::HashType::kSha256);
+  CHECK_OK(parameters);
+
+  util::StatusOr<HmacPrfKey> key =
+      HmacPrfKey::Create(*parameters, RestrictedData(/*num_random_bytes=*/16),
+                         GetPartialKeyAccess());
+  CHECK_OK(key);
+
+  return absl::make_unique<const HmacPrfKey>(*key);
+}
+
+std::unique_ptr<const LegacyKmsAeadKey> CreateLegacyKmsAeadKey() {
+  util::StatusOr<LegacyKmsAeadParameters> parameters =
+      LegacyKmsAeadParameters::Create("key_uri",
+                                      LegacyKmsAeadParameters::Variant::kTink);
+  CHECK_OK(parameters);
+
+  util::StatusOr<LegacyKmsAeadKey> key =
+      LegacyKmsAeadKey::Create(*parameters, /*id_requirement=*/123);
+  CHECK_OK(key);
+
+  return absl::make_unique<const LegacyKmsAeadKey>(*key);
+}
+
+std::unique_ptr<const XAesGcmKey> CreateXAesGcmKey() {
+  util::StatusOr<XAesGcmParameters> parameters = XAesGcmParameters::Create(
+      XAesGcmParameters::Variant::kTink, /*salt_size_bytes=*/12);
+  CHECK_OK(parameters);
+
+  util::StatusOr<XAesGcmKey> key =
+      XAesGcmKey::Create(*parameters, RestrictedData(/*num_random_bytes=*/32),
+                         /*id_requirement=*/123, GetPartialKeyAccess());
+  CHECK_OK(key);
+
+  return absl::make_unique<const XAesGcmKey>(*key);
+}
+
+std::unique_ptr<const XChaCha20Poly1305Key> CreateXChaCha20Poly1305Key() {
+  util::StatusOr<XChaCha20Poly1305Key> key = XChaCha20Poly1305Key::Create(
+      XChaCha20Poly1305Parameters::Variant::kTink,
+      RestrictedData(/*num_random_bytes=*/32), /*id_requirement=*/123,
+      GetPartialKeyAccess());
+  CHECK_OK(key);
+
+  return absl::make_unique<const XChaCha20Poly1305Key>(*key);
+}
+
+using GlobalSerializationRegistryTest = TestWithParam<KeyTestVector>;
+
+INSTANTIATE_TEST_SUITE_P(GlobalSerializationRegistryTests,
+                         GlobalSerializationRegistryTest,
+                         Values(KeyTestVector{CreateAesCmacPrfKey()},
+                                KeyTestVector{CreateChaCha20Poly1305Key()},
+                                KeyTestVector{CreateHkdfPrfKey()},
+                                KeyTestVector{CreateHmacPrfKey()},
+                                KeyTestVector{CreateLegacyKmsAeadKey()},
+                                KeyTestVector{CreateXAesGcmKey()},
+                                KeyTestVector{CreateXChaCha20Poly1305Key()}));
+
+TEST_P(GlobalSerializationRegistryTest, SerializeAndParse) {
+  const KeyTestVector& test_case = GetParam();
+
+  util::StatusOr<std::unique_ptr<Serialization>> serialization =
+      GlobalSerializationRegistry().SerializeKey<ProtoKeySerialization>(
+          *test_case.key, GetInsecureSecretKeyAccessInternal());
+  ASSERT_THAT(serialization, IsOk());
+
+  util::StatusOr<std::unique_ptr<Key>> parsed_key =
+      GlobalSerializationRegistry().ParseKey(
+          **serialization, GetInsecureSecretKeyAccessInternal());
+  ASSERT_THAT(parsed_key, IsOk());
+
+  EXPECT_TRUE(**parsed_key == *test_case.key);
+}
+
+}  // namespace
+}  // namespace internal
+}  // namespace tink
+}  // namespace crypto