Move StatefulCmacBoringSsl and StatefulCmacBoringSslFactory to internal.

This was never intended to be public API. If this affects you, please file an issue in github.com/tink-crypto/tink-cc so we better understand the usage. We recommend to use ChunkedMac instead.

PiperOrigin-RevId: 692093214
Change-Id: Idcb86cb1cb712dc8ed4d9e730fd05254e8d8eba7

tink/mac/internal/BUILD.bazel

@@ -8,12 +8,12 @@ cc_library(
     hdrs = ["chunked_mac_impl.h"],
     include_prefix = "tink/mac/internal",
     deps = [
+        ":stateful_cmac_boringssl",
         ":stateful_hmac_boringssl",
         "//proto:aes_cmac_cc_proto",
         "//proto:hmac_cc_proto",
         "//tink:chunked_mac",
         "//tink/subtle:common_enums",
-        "//tink/subtle:stateful_cmac_boringssl",
         "//tink/subtle/mac:stateful_mac",
         "//tink/util:enums",
         "//tink/util:secret_data",
@@ -99,6 +99,27 @@ cc_library(
     ],
 )
 
+cc_library(
+    name = "stateful_cmac_boringssl",
+    srcs = ["stateful_cmac_boringssl.cc"],
+    hdrs = ["stateful_cmac_boringssl.h"],
+    include_prefix = "tink/mac/internal",
+    deps = [
+        "//tink/internal:aes_util",
+        "//tink/internal:ssl_unique_ptr",
+        "//tink/internal:util",
+        "//tink/subtle:common_enums",
+        "//tink/subtle/mac:stateful_mac",
+        "//tink/util:secret_data",
+        "//tink/util:status",
+        "//tink/util:statusor",
+        "@boringssl//:crypto",
+        "@com_google_absl//absl/memory",
+        "@com_google_absl//absl/status",
+        "@com_google_absl//absl/strings:string_view",
+    ],
+)
+
 # tests
 
 cc_test(
@@ -211,3 +232,26 @@ cc_test(
         "@rapidjson",
     ],
 )
+
+cc_test(
+    name = "stateful_cmac_boringssl_test",
+    srcs = ["stateful_cmac_boringssl_test.cc"],
+    data = ["//testvectors:aes_cmac"],
+    deps = [
+        ":stateful_cmac_boringssl",
+        "//tink/subtle:common_enums",
+        "//tink/subtle:wycheproof_util",
+        "//tink/subtle/mac:stateful_mac",
+        "//tink/util:secret_data",
+        "//tink/util:status",
+        "//tink/util:statusor",
+        "//tink/util:test_matchers",
+        "//tink/util:test_util",
+        "@com_google_absl//absl/memory",
+        "@com_google_absl//absl/status",
+        "@com_google_absl//absl/strings",
+        "@com_google_absl//absl/strings:string_view",
+        "@com_google_googletest//:gtest_main",
+        "@rapidjson",
+    ],
+)

tink/mac/internal/CMakeLists.txt

@@ -6,14 +6,14 @@ tink_cc_library(
     chunked_mac_impl.cc
     chunked_mac_impl.h
   DEPS
+    tink::mac::internal::stateful_cmac_boringssl
     tink::mac::internal::stateful_hmac_boringssl
     absl::memory
     absl::status
     absl::strings
     crypto
     tink::core::chunked_mac
     tink::subtle::common_enums
-    tink::subtle::stateful_cmac_boringssl
     tink::subtle::mac::stateful_mac
     tink::util::enums
     tink::util::secret_data
@@ -92,6 +92,26 @@ tink_cc_library(
     tink::util::statusor
 )
 
+tink_cc_library(
+  NAME stateful_cmac_boringssl
+  SRCS
+    stateful_cmac_boringssl.cc
+    stateful_cmac_boringssl.h
+  DEPS
+    absl::memory
+    absl::status
+    absl::string_view
+    crypto
+    tink::internal::aes_util
+    tink::internal::ssl_unique_ptr
+    tink::internal::util
+    tink::subtle::common_enums
+    tink::subtle::mac::stateful_mac
+    tink::util::secret_data
+    tink::util::status
+    tink::util::statusor
+)
+
 # tests
 
 tink_cc_test(
@@ -202,3 +222,27 @@ tink_cc_test(
     tink::util::test_matchers
     tink::util::test_util
 )
+
+tink_cc_test(
+  NAME stateful_cmac_boringssl_test
+  SRCS
+    stateful_cmac_boringssl_test.cc
+  DATA
+    wycheproof::testvectors
+  DEPS
+    tink::mac::internal::stateful_cmac_boringssl
+    gmock
+    absl::memory
+    absl::status
+    absl::strings
+    absl::string_view
+    rapidjson
+    tink::subtle::common_enums
+    tink::subtle::wycheproof_util
+    tink::subtle::mac::stateful_mac
+    tink::util::secret_data
+    tink::util::status
+    tink::util::statusor
+    tink::util::test_matchers
+    tink::util::test_util
+)

tink/mac/internal/chunked_mac_impl.cc

@@ -25,10 +25,10 @@
 #include "absl/strings/string_view.h"
 #include "openssl/crypto.h"
 #include "tink/chunked_mac.h"
+#include "tink/mac/internal/stateful_cmac_boringssl.h"
 #include "tink/mac/internal/stateful_hmac_boringssl.h"
 #include "tink/subtle/common_enums.h"
 #include "tink/subtle/mac/stateful_mac.h"
-#include "tink/subtle/stateful_cmac_boringssl.h"
 #include "tink/util/enums.h"
 #include "tink/util/secret_data.h"
 #include "tink/util/status.h"
@@ -107,9 +107,8 @@ util::StatusOr<std::unique_ptr<ChunkedMac>> NewChunkedCmac(
   }
   util::SecretData secret_key_data =
       util::SecretDataFromStringView(key.key_value());
-  auto stateful_mac_factory =
-      absl::make_unique<subtle::StatefulCmacBoringSslFactory>(
-          key.params().tag_size(), secret_key_data);
+  auto stateful_mac_factory = absl::make_unique<StatefulCmacBoringSslFactory>(
+      key.params().tag_size(), secret_key_data);
   return std::unique_ptr<ChunkedMac>(
       new ChunkedMacImpl(std::move(stateful_mac_factory)));
 }

tink/subtle/stateful_cmac_boringssl.cc → tink/mac/internal/stateful_cmac_boringssl.cc

@@ -14,7 +14,7 @@
 //
 ///////////////////////////////////////////////////////////////////////////////
 
-#include "tink/subtle/stateful_cmac_boringssl.h"
+#include "tink/mac/internal/stateful_cmac_boringssl.h"
 
 #include <cstddef>
 #include <cstdint>
@@ -36,9 +36,9 @@
 
 namespace crypto {
 namespace tink {
-namespace subtle {
+namespace internal {
 
-util::StatusOr<std::unique_ptr<StatefulMac>> StatefulCmacBoringSsl::New(
+util::StatusOr<std::unique_ptr<subtle::StatefulMac>> StatefulCmacBoringSsl::New(
     uint32_t tag_size, const util::SecretData& key_value) {
   util::StatusOr<const EVP_CIPHER*> cipher =
       internal::GetAesCbcCipherForKeySize(key_value.size());
@@ -92,11 +92,11 @@ StatefulCmacBoringSslFactory::StatefulCmacBoringSslFactory(
     uint32_t tag_size, const util::SecretData& key_value)
     : tag_size_(tag_size), key_value_(key_value) {}
 
-util::StatusOr<std::unique_ptr<StatefulMac>>
+util::StatusOr<std::unique_ptr<subtle::StatefulMac>>
 StatefulCmacBoringSslFactory::Create() const {
   return StatefulCmacBoringSsl::New(tag_size_, key_value_);
 }
 
-}  // namespace subtle
+}  // namespace internal
 }  // namespace tink
 }  // namespace crypto

tink/subtle/stateful_cmac_boringssl.h → tink/mac/internal/stateful_cmac_boringssl.h

@@ -35,7 +35,7 @@
 
 namespace crypto {
 namespace tink {
-namespace subtle {
+namespace internal {
 
 // A BoringSSL CMAC implementation of Stateful Mac interface.
 class StatefulCmacBoringSsl : public subtle::StatefulMac {
@@ -62,14 +62,14 @@ class StatefulCmacBoringSslFactory : public subtle::StatefulMacFactory {
  public:
   StatefulCmacBoringSslFactory(uint32_t tag_size,
                                const util::SecretData& key_value);
-  util::StatusOr<std::unique_ptr<StatefulMac>> Create() const override;
+  util::StatusOr<std::unique_ptr<subtle::StatefulMac>> Create() const override;
 
  private:
   const uint32_t tag_size_;
   const util::SecretData key_value_;
 };
 
-}  // namespace subtle
+}  // namespace internal
 }  // namespace tink
 }  // namespace crypto
 

tink/subtle/stateful_cmac_boringssl_test.cc → tink/mac/internal/stateful_cmac_boringssl_test.cc

@@ -14,7 +14,7 @@
 //
 ///////////////////////////////////////////////////////////////////////////////
 
-#include "tink/subtle/stateful_cmac_boringssl.h"
+#include "tink/mac/internal/stateful_cmac_boringssl.h"
 
 #include <cstddef>
 #include <memory>
@@ -39,7 +39,7 @@
 
 namespace crypto {
 namespace tink {
-namespace subtle {
+namespace internal {
 namespace {
 
 constexpr size_t kTagSize = 16;
@@ -55,6 +55,8 @@ constexpr absl::string_view kCmacOnDataRegularTagSizeHex =
     "c856e183e8dee9bb99402d54c34f3222";
 constexpr absl::string_view kCmacOnDataSmallTagSizeHex = "c856e183e8dee9bb9940";
 
+using ::crypto::tink::subtle::StatefulMac;
+using ::crypto::tink::subtle::WycheproofUtil;
 using ::crypto::tink::test::IsOk;
 using ::crypto::tink::test::IsOkAndHolds;
 using ::testing::Not;
@@ -202,6 +204,6 @@ INSTANTIATE_TEST_SUITE_P(StatefulCmacBoringSslWycheproofTest,
                          ValuesIn(GetWycheproofCmakeTestVectors()));
 
 }  // namespace
-}  // namespace subtle
+}  // namespace internal
 }  // namespace tink
 }  // namespace crypto

tink/prf/BUILD.bazel

@@ -121,8 +121,8 @@ cc_library(
         "//tink:core/template_util",
         "//tink:input_stream",
         "//tink:key_manager",
+        "//tink/mac/internal:stateful_cmac_boringssl",
         "//tink/subtle:random",
-        "//tink/subtle:stateful_cmac_boringssl",
         "//tink/subtle/prf:prf_set_util",
         "//tink/util:constants",
         "//tink/util:errors",

tink/prf/CMakeLists.txt

@@ -112,8 +112,8 @@ tink_cc_library(
     tink::core::template_util
     tink::core::input_stream
     tink::core::key_manager
+    tink::mac::internal::stateful_cmac_boringssl
     tink::subtle::random
-    tink::subtle::stateful_cmac_boringssl
     tink::subtle::prf::prf_set_util
     tink::util::constants
     tink::util::errors

tink/prf/aes_cmac_prf_key_manager.h

@@ -30,10 +30,10 @@
 #include "tink/core/template_util.h"
 #include "tink/input_stream.h"
 #include "tink/key_manager.h"
+#include "tink/mac/internal/stateful_cmac_boringssl.h"
 #include "tink/prf/prf_set.h"
 #include "tink/subtle/prf/prf_set_util.h"
 #include "tink/subtle/random.h"
-#include "tink/subtle/stateful_cmac_boringssl.h"
 #include "tink/util/constants.h"
 #include "tink/util/errors.h"
 #include "tink/util/input_stream_util.h"
@@ -57,7 +57,7 @@ class AesCmacPrfKeyManager
     crypto::tink::util::StatusOr<std::unique_ptr<Prf>> Create(
         const google::crypto::tink::AesCmacPrfKey& key) const override {
       return subtle::CreatePrfFromStatefulMacFactory(
-          absl::make_unique<subtle::StatefulCmacBoringSslFactory>(
+          absl::make_unique<internal::StatefulCmacBoringSslFactory>(
               AesCmacPrfKeyManager::MaxOutputLength(),
               util::SecretDataFromStringView(key.key_value())));
     }

tink/subtle/BUILD.bazel

@@ -926,27 +926,6 @@ cc_library(
     ],
 )
 
-cc_library(
-    name = "stateful_cmac_boringssl",
-    srcs = ["stateful_cmac_boringssl.cc"],
-    hdrs = ["stateful_cmac_boringssl.h"],
-    include_prefix = "tink/subtle",
-    deps = [
-        ":common_enums",
-        "//tink/internal:aes_util",
-        "//tink/internal:ssl_unique_ptr",
-        "//tink/internal:util",
-        "//tink/subtle/mac:stateful_mac",
-        "//tink/util:secret_data",
-        "//tink/util:status",
-        "//tink/util:statusor",
-        "@boringssl//:crypto",
-        "@com_google_absl//absl/memory",
-        "@com_google_absl//absl/status",
-        "@com_google_absl//absl/strings:string_view",
-    ],
-)
-
 cc_library(
     name = "pem_parser_boringssl",
     srcs = ["pem_parser_boringssl.cc"],
@@ -1690,29 +1669,6 @@ cc_test(
     ],
 )
 
-cc_test(
-    name = "stateful_cmac_boringssl_test",
-    size = "small",
-    srcs = ["stateful_cmac_boringssl_test.cc"],
-    data = ["//testvectors:aes_cmac"],
-    deps = [
-        ":common_enums",
-        ":stateful_cmac_boringssl",
-        ":wycheproof_util",
-        "//tink/subtle/mac:stateful_mac",
-        "//tink/util:secret_data",
-        "//tink/util:status",
-        "//tink/util:statusor",
-        "//tink/util:test_matchers",
-        "//tink/util:test_util",
-        "@com_google_absl//absl/memory",
-        "@com_google_absl//absl/status",
-        "@com_google_absl//absl/strings",
-        "@com_google_googletest//:gtest_main",
-        "@rapidjson",
-    ],
-)
-
 cc_test(
     name = "pem_parser_boringssl_test",
     srcs = ["pem_parser_boringssl_test.cc"],