RegistryConfiguration in Tink Go.

PiperOrigin-RevId: 586352919 Change-Id: Ibf757da7acee02061fec038dfc75a542fd50fb91
tink-crypto · Nov 29, 2023 · a28e197 · a28e197
1 parent cbd9167
commit a28e197
Show file tree

Hide file tree

Showing 3 changed files with 179 additions and 0 deletions.
diff --git a/internal/registryconfig/BUILD.bazel b/internal/registryconfig/BUILD.bazel
@@ -0,0 +1,34 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
+
+go_library(
+    name = "registryconfig",
+    srcs = ["registry_config.go"],
+    importpath = "github.com/tink-crypto/tink-go/v2/internal/registryconfig",
+    visibility = ["//keyset:__subpackages__"],
+    deps = [
+        "//core/registry",
+        "//internal/internalapitoken",
+        "//proto/tink_go_proto",
+    ],
+)
+
+alias(
+    name = "go_default_library",
+    actual = ":registryconfig",
+    visibility = ["//keyset:__subpackages__"],
+)
+
+go_test(
+    name = "registryconfig_test",
+    srcs = ["registry_config_test.go"],
+    deps = [
+        ":registryconfig",
+        "//core/registry",
+        "//internal/internalapitoken",
+        "//mac/subtle",
+        "//proto/common_go_proto",
+        "//proto/tink_go_proto",
+        "//testutil",
+        "@org_golang_google_protobuf//proto",
+    ],
+)
diff --git a/internal/registryconfig/registry_config.go b/internal/registryconfig/registry_config.go
@@ -0,0 +1,42 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// /////////////////////////////////////////////////////////////////////////////
+
+// Package registryconfig is a transitioning stepping stone used by the
+// keyset handle in cases where a configuration is not provided by the user,
+// so it needs to resort to using the old global registry methods.
+package registryconfig
+
+import (
+	"github.com/tink-crypto/tink-go/v2/core/registry"
+	"github.com/tink-crypto/tink-go/v2/internal/internalapitoken"
+	tinkpb "github.com/tink-crypto/tink-go/v2/proto/tink_go_proto"
+)
+
+// RegistryConfig is an internal way for the keyset handle to access the
+// old global Regsitry through the new Configuration interface.
+type RegistryConfig struct{}
+
+// PrimitiveFromKeyData creates a primitive from KeyData by forwarding the
+// KeyData straight to the Registry.
+func (c *RegistryConfig) PrimitiveFromKeyData(keyData *tinkpb.KeyData, _ internalapitoken.InternalAPIToken) (any, error) {
+	return registry.PrimitiveFromKeyData(keyData)
+}
+
+// RegisterKeyManager registers a provided KeyManager by forwarding it directly
+// to the Registry.
+func (c *RegistryConfig) RegisterKeyManager(km registry.KeyManager, _ internalapitoken.InternalAPIToken) error {
+	return registry.RegisterKeyManager(km)
+}
diff --git a/internal/registryconfig/registry_config_test.go b/internal/registryconfig/registry_config_test.go
@@ -0,0 +1,103 @@
+// Copyright 2023 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// /////////////////////////////////////////////////////////////////////////////
+
+package registryconfig_test
+
+import (
+	"testing"
+
+	"google.golang.org/protobuf/proto"
+	"github.com/tink-crypto/tink-go/v2/core/registry"
+	"github.com/tink-crypto/tink-go/v2/internal/internalapitoken"
+	"github.com/tink-crypto/tink-go/v2/internal/registryconfig"
+	"github.com/tink-crypto/tink-go/v2/mac/subtle"
+	"github.com/tink-crypto/tink-go/v2/testutil"
+	commonpb "github.com/tink-crypto/tink-go/v2/proto/common_go_proto"
+	tinkpb "github.com/tink-crypto/tink-go/v2/proto/tink_go_proto"
+)
+
+func TestPrimitiveFromKeyDataMatchesRegistryOnSuccess(t *testing.T) {
+	keyData := testutil.NewHMACKeyData(commonpb.HashType_SHA256, 16)
+	registryConfig := &registryconfig.RegistryConfig{}
+	p, err := registryConfig.PrimitiveFromKeyData(keyData, internalapitoken.InternalAPIToken{})
+	if err != nil {
+		t.Errorf("unexpected error: %v", err)
+	}
+	if _, ok := p.(*subtle.HMAC); !ok {
+		t.Errorf("unexpected error: %v", err)
+	}
+}
+
+func TestPrimitiveFromKeyDataMatchesRegistryOnFailure(t *testing.T) {
+	keyDataUnregisteredURL := testutil.NewHMACKeyData(commonpb.HashType_SHA256, 16)
+	keyDataUnregisteredURL.TypeUrl = "some url"
+	keyDataUnmatchedURL := testutil.NewHMACKeyData(commonpb.HashType_SHA256, 16)
+	keyDataUnmatchedURL.TypeUrl = testutil.AESGCMTypeURL
+	registryConfig := &registryconfig.RegistryConfig{}
+	testCases := []struct {
+		kd   *tinkpb.KeyData
+		name string
+	}{{keyDataUnregisteredURL, "unregistered url"}, {keyDataUnmatchedURL, "mismatching url"}, {nil, "nil KeyData"}}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			if _, err := registryConfig.PrimitiveFromKeyData(testCase.kd, internalapitoken.InternalAPIToken{}); err == nil {
+				t.Errorf("expected an error when requesting primitive with %s", testCase.name)
+			}
+		})
+	}
+}
+
+type testKeyManager struct{}
+type testPrimitive struct{}
+
+func (km *testKeyManager) Primitive(_ []byte) (any, error) {
+	return testPrimitive{}, nil
+}
+
+func (km *testKeyManager) NewKey(_ []byte) (proto.Message, error) {
+	return nil, nil
+}
+
+func (km *testKeyManager) DoesSupport(typeURL string) bool {
+	return typeURL == "testKeyManager"
+}
+
+func (km *testKeyManager) TypeURL() string {
+	return "testKeyManager"
+}
+
+func (km *testKeyManager) NewKeyData(_ []byte) (*tinkpb.KeyData, error) {
+	return nil, nil
+}
+
+func TestRegisterKeyManagerWorks(t *testing.T) {
+	registryConfig := &registryconfig.RegistryConfig{}
+	err := registryConfig.RegisterKeyManager(new(testKeyManager), internalapitoken.InternalAPIToken{})
+	if err != nil {
+		t.Fatal("could not register key manager")
+	}
+	if _, err := registry.GetKeyManager("testKeyManager"); err != nil {
+		t.Fatal("expect testKeyManager to exist")
+	}
+	primitive, err := registry.Primitive(new(testKeyManager).TypeURL(), []byte{0, 1, 2, 3})
+	if err != nil {
+		t.Fatalf("could not create primitive: %v", err)
+	}
+	if _, ok := primitive.(testPrimitive); !ok {
+		t.Errorf("primitive creation returned incorrect type object: %v", err)
+	}
+}