Implements TINKKeysetHandle

Change-Id: Ib1fc1d5c962becb9c41b9c270bd958193908402a
ORIGINAL_AUTHOR=Haris Andrianakis <[email protected]>
GitOrigin-RevId: 300d81bae8a0a7878bd60e6e5c53c28c3b350f2b

objc/BUILD

@@ -44,7 +44,11 @@ objc_library(
     ],
     visibility = ["//visibility:public"],
     deps = [
+        ":aead",
+        ":keyset_reader",
         "//cc:keyset_handle",
+        "//cc/util:status",
+        "//objc/util:errors",
         "//objc/util:strings",
         "//proto:all_objc_proto",
         "@com_google_absl//absl/strings",
@@ -85,9 +89,14 @@ objc_library(
 
 objc_library(
     name = "keyset_reader",
-    hdrs = ["TINKKeysetReader.h"],
+    srcs = ["core/TINKKeysetReader.mm"],
+    hdrs = [
+        "TINKKeysetReader.h",
+        "core/TINKKeysetReader_Internal.h",
+    ],
     visibility = ["//visibility:public"],
     deps = [
+        "//cc:keyset_reader",
         "//proto:all_objc_proto",
     ],
 )
@@ -132,7 +141,9 @@ objc_library(
         "Tests/UnitTests/**/*.h",
     ]),
     deps = [
+        ":aead",
         ":binary_keyset_reader",
+        ":keyset_handle",
         "//cc/util:test_util",
         "//objc/util:strings",
         "//proto:all_objc_proto",

objc/TINKBinaryKeysetReader.h

@@ -23,7 +23,7 @@
 
 NS_ASSUME_NONNULL_BEGIN
 
-@interface TINKBinaryKeysetReader : NSObject <TINKKeysetReader>
+@interface TINKBinaryKeysetReader : TINKKeysetReader
 
 - (nullable instancetype)init NS_UNAVAILABLE;
 

objc/TINKKeysetHandle.h

@@ -18,7 +18,9 @@
 
 #import <Foundation/Foundation.h>
 
-@class TINKPBKeyset;
+#import "objc/TINKAead.h"
+#import "objc/TINKKeysetReader.h"
+#import "proto/Tink.pbobjc.h"
 
 NS_ASSUME_NONNULL_BEGIN
 
@@ -28,18 +30,35 @@ NS_ASSUME_NONNULL_BEGIN
  */
 @interface TINKKeysetHandle : NSObject
 
-@property(nonatomic, readonly) TINKPBKeyset *keyset;
-
-/** Use initWithKeyset: to get an instance of TINKKeysetHandle. */
+/**
+ * Use -initWithKeysetReader:andKey:error: or -initWithTemplate:error: to get an instance of
+ * TINKKeysetHandle.
+ */
 - (nullable instancetype)init NS_UNAVAILABLE;
 
 /**
- * Designated initializer.
+ * Creates a TINKKeysetHandle from an encrypted keyset obtained via @c reader using @c aeadKey to
+ * decrypt the keyset.
+ *
+ * @param reader  An instance of TINKKeysetReader.
+ * @param aeadKey An instance of TINKAead that's used to decrypt the keyset.
+ * @param error   If non-nil it will be populated with a descriptive error message.
+ * @return        A TINKKeysetHandle, or nil in case of error.
+ */
+- (nullable instancetype)initWithKeysetReader:(TINKKeysetReader *)reader
+                                       andKey:(TINKAead *)aeadKey
+                                        error:(NSError **)error;
+
+/**
+ * Returns a new TINKKeysetHandle that contains a single fresh key generated according to
+ * @c keyTemplate.
  *
- * @param keyset  An instance of TINKPBKeyset protocol buffer.
- * @return        An instance of TINKKeysetHandle or nil in case of error.
+ * @param keyTemplate A TINKPBKeyTemplate protocol buffer that describes the key to be generated.
+ * @param error       If non-nil it will be populated with a descriptive error message.
+ * @return            A TINKKeysetHandle, or nil in case of error.
  */
-- (nullable instancetype)initWithKeyset:(TINKPBKeyset *)keyset NS_DESIGNATED_INITIALIZER;
+- (nullable instancetype)initWithKeyTemplate:(TINKPBKeyTemplate *)keyTemplate
+                                       error:(NSError **)error;
 
 @end
 

objc/TINKKeysetReader.h

@@ -23,9 +23,9 @@
 NS_ASSUME_NONNULL_BEGIN
 
 /**
- * The protocol for keyset readers.
+ * Parent class for keyset readers.
  */
-@protocol TINKKeysetReader <NSObject>
+@interface TINKKeysetReader : NSObject
 
 /* Reads a Keyset. Returns nil in case of error and sets error to a descriptive value. */
 - (nullable TINKPBKeyset *)readWithError:(NSError **)error;

objc/Tests/UnitTests/core/TINKKeysetHandleTest.mm

@@ -0,0 +1,154 @@
+/**
+ * Copyright 2017 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ **************************************************************************
+ */
+
+#import "objc/TINKKeysetHandle.h"
+#import "objc/core/TINKKeysetHandle_Internal.h"
+
+#import <XCTest/XCTest.h>
+
+#import "objc/TINKAead.h"
+#import "objc/TINKAead_Internal.h"
+#import "objc/TINKBinaryKeysetReader.h"
+#import "objc/util/TINKStrings.h"
+#import "proto/Tink.pbobjc.h"
+
+#include "cc/util/test_util.h"
+#include "proto/tink.pb.h"
+
+static TINKPBKeyset *gKeyset;
+
+@interface TINKKeysetHandleTest : XCTestCase
+@end
+
+@implementation TINKKeysetHandleTest
+
++ (void)setUp {
+  google::crypto::tink::Keyset ccKeyset;
+  google::crypto::tink::Keyset::Key ccKey;
+
+  crypto::tink::test::AddTinkKey("some key type", 42, ccKey,
+                                 google::crypto::tink::KeyStatusType::ENABLED,
+                                 google::crypto::tink::KeyData::SYMMETRIC, &ccKeyset);
+  crypto::tink::test::AddRawKey("some other key type", 711, ccKey,
+                                google::crypto::tink::KeyStatusType::ENABLED,
+                                google::crypto::tink::KeyData::SYMMETRIC, &ccKeyset);
+  ccKeyset.set_primary_key_id(42);
+
+  std::string serializedKeyset = ccKeyset.SerializeAsString();
+
+  NSError *error = nil;
+  gKeyset = [TINKPBKeyset
+      parseFromData:[NSData dataWithBytes:serializedKeyset.data() length:serializedKeyset.length()]
+              error:&error];
+  XCTAssertNotNil(gKeyset);
+  XCTAssertNil(error);
+}
+
+- (void)testGoodEncryptedKeyset_Binary {
+  crypto::tink::test::DummyAead *ccAead = new crypto::tink::test::DummyAead("dummy aead 42");
+  TINKAead *aead = [[TINKAead alloc] initWithPrimitive:ccAead];
+
+  NSData *keysetCiphertext = [aead encrypt:gKeyset.data withAdditionalData:[NSData data] error:nil];
+
+  XCTAssertNotNil(keysetCiphertext);
+
+  TINKPBEncryptedKeyset *encryptedKeyset = [[TINKPBEncryptedKeyset alloc] init];
+  encryptedKeyset.encryptedKeyset = keysetCiphertext;
+
+  TINKBinaryKeysetReader *reader =
+      [[TINKBinaryKeysetReader alloc] initWithSerializedKeyset:encryptedKeyset.data error:nil];
+
+  TINKKeysetHandle *handle =
+      [[TINKKeysetHandle alloc] initWithKeysetReader:reader andKey:aead error:nil];
+  XCTAssertNotNil(handle);
+  std::string output;
+  handle.ccKeysetHandle->get_keyset().SerializeToString(&output);
+
+  XCTAssertTrue(
+      [gKeyset.data isEqualToData:[NSData dataWithBytes:output.data() length:output.size()]]);
+}
+
+- (void)testWrongAead_Binary {
+  crypto::tink::test::DummyAead *ccAead = new crypto::tink::test::DummyAead("dummy aead 42");
+  TINKAead *aead = [[TINKAead alloc] initWithPrimitive:ccAead];
+
+  NSData *keysetCiphertext = [aead encrypt:gKeyset.data withAdditionalData:[NSData data] error:nil];
+
+  TINKPBEncryptedKeyset *encryptedKeyset = [[TINKPBEncryptedKeyset alloc] init];
+  encryptedKeyset.encryptedKeyset = keysetCiphertext;
+
+  TINKBinaryKeysetReader *reader =
+      [[TINKBinaryKeysetReader alloc] initWithSerializedKeyset:encryptedKeyset.data error:nil];
+
+  crypto::tink::test::DummyAead *ccWrongAead = new crypto::tink::test::DummyAead("wrong aead");
+  TINKAead *wrongAead = [[TINKAead alloc] initWithPrimitive:ccWrongAead];
+
+  NSError *error = nil;
+  TINKKeysetHandle *handle =
+      [[TINKKeysetHandle alloc] initWithKeysetReader:reader andKey:wrongAead error:&error];
+  XCTAssertNil(handle);
+  XCTAssertEqual(error.code, crypto::tink::util::error::INVALID_ARGUMENT);
+}
+
+- (void)testNoKeysetInCiphertext_Binary {
+  crypto::tink::test::DummyAead *ccAead = new crypto::tink::test::DummyAead("dummy aead 42");
+  TINKAead *aead = [[TINKAead alloc] initWithPrimitive:ccAead];
+  NSData *keysetCiphertext =
+      [aead encrypt:[@"not a serialized keyset" dataUsingEncoding:NSUTF8StringEncoding]
+          withAdditionalData:[NSData data]
+                       error:nil];
+
+  TINKBinaryKeysetReader *reader =
+      [[TINKBinaryKeysetReader alloc] initWithSerializedKeyset:keysetCiphertext error:nil];
+
+  NSError *error = nil;
+  TINKKeysetHandle *handle =
+      [[TINKKeysetHandle alloc] initWithKeysetReader:reader andKey:aead error:&error];
+  XCTAssertNil(handle);
+  XCTAssertEqual(error.code, crypto::tink::util::error::INVALID_ARGUMENT);
+}
+
+- (void)testWrongCiphertext_Binary {
+  crypto::tink::test::DummyAead *ccAead = new crypto::tink::test::DummyAead("dummy aead 42");
+  TINKAead *aead = [[TINKAead alloc] initWithPrimitive:ccAead];
+  NSString *keysetCiphertext = @"totally wrong ciphertext";
+
+  TINKPBEncryptedKeyset *encryptedKeyset = [[TINKPBEncryptedKeyset alloc] init];
+  encryptedKeyset.encryptedKeyset = [keysetCiphertext dataUsingEncoding:NSUTF8StringEncoding];
+
+  TINKBinaryKeysetReader *reader =
+      [[TINKBinaryKeysetReader alloc] initWithSerializedKeyset:encryptedKeyset.data error:nil];
+  NSError *error = nil;
+  TINKKeysetHandle *handle =
+      [[TINKKeysetHandle alloc] initWithKeysetReader:reader andKey:aead error:&error];
+  XCTAssertNil(handle);
+  XCTAssertEqual(error.code, crypto::tink::util::error::INVALID_ARGUMENT);
+}
+
+- (void)testInvalidKeyTemplate {
+  NSError *error = nil;
+  TINKKeysetHandle *handle = [[TINKKeysetHandle alloc] initWithKeyTemplate:nil error:&error];
+  XCTAssertNil(handle);
+  XCTAssertEqual(error.code, crypto::tink::util::error::INVALID_ARGUMENT);
+}
+
+- (void)testValidKeyTeamplte {
+  // TODO(candrian): Implement this once the C++ method is working.
+}
+
+@end

objc/aead/BUILD

@@ -13,6 +13,7 @@ objc_library(
         "//objc:aead",
         "//objc:keyset_handle",
         "//objc/util:errors",
+        "//proto:all_objc_proto",
         "@com_google_absl//absl/strings",
     ],
 )

objc/core/TINKBinaryKeysetReader.mm

@@ -17,6 +17,9 @@
  */
 
 #import "objc/TINKBinaryKeysetReader.h"
+
+#import "objc/TINKKeysetReader.h"
+#import "objc/core/TINKKeysetReader_Internal.h"
 #import "objc/util/TINKErrors.h"
 #import "objc/util/TINKStrings.h"
 #import "proto/Tink.pbobjc.h"
@@ -25,9 +28,7 @@
 #include "cc/binary_keyset_reader.h"
 #include "proto/tink.pb.h"
 
-@implementation TINKBinaryKeysetReader {
-  std::unique_ptr<crypto::tink::BinaryKeysetReader> _ccReader;
-}
+@implementation TINKBinaryKeysetReader
 
 - (instancetype)initWithSerializedKeyset:(NSData *)keyset error:(NSError **)error {
   if (keyset == nil) {
@@ -47,17 +48,13 @@ - (instancetype)initWithSerializedKeyset:(NSData *)keyset error:(NSError **)erro
       }
       return nil;
     }
-    _ccReader = std::move(st.ValueOrDie());
+    self.ccReader = std::move(st.ValueOrDie());
   }
   return self;
 }
 
-- (void)dealloc {
-  _ccReader.reset();
-}
-
 - (TINKPBKeyset *)readWithError:(NSError **)error {
-  auto st = _ccReader->Read();
+  auto st = self.ccReader->Read();
   if (!st.ok()) {
     if (error) {
       *error = TINKStatusToError(st.status());
@@ -89,7 +86,7 @@ - (TINKPBKeyset *)readWithError:(NSError **)error {
 }
 
 - (TINKPBEncryptedKeyset *)readEncryptedWithError:(NSError **)error {
-  auto st = _ccReader->ReadEncrypted();
+  auto st = self.ccReader->ReadEncrypted();
   if (!st.ok()) {
     if (error) {
       *error = TINKStatusToError(st.status());