objc: Implementation of hybrid key templates.

PiperOrigin-RevId: 196880687 GitOrigin-RevId: 2dcc7441d189d63b6ea1763fbdfdc267357af67b
todotobe1 · May 24, 2018 · fc94c85 · fc94c85
1 parent 8274c37
commit fc94c85
Show file tree

Hide file tree

Showing 17 changed files with 757 additions and 25 deletions.
diff --git a/objc/BUILD.bazel b/objc/BUILD.bazel
@@ -19,8 +19,10 @@ PUBLIC_APIS = [
     "TINKHybridDecryptFactory.h",
     "TINKHybridEncrypt.h",
     "TINKHybridEncryptFactory.h",
+    "TINKHybridKeyTemplate.h",
     "TINKJSONKeysetReader.h",
     "TINKKeyManager.h",
+    "TINKKeyTemplate.h",
     "TINKKeysetHandle.h",
     "TINKKeysetReader.h",
     "TINKMac.h",
@@ -39,6 +41,7 @@ PUBLIC_API_DEPS = [
     ":hybrid_encrypt",
     ":json_keyset_reader",
     ":key_manager",
+    ":key_template",
     ":keyset_handle",
     ":keyset_reader",
     ":mac",
@@ -50,6 +53,7 @@ PUBLIC_API_DEPS = [
     "//objc/hybrid:hybrid_config",
     "//objc/hybrid:hybrid_decrypt_factory",
     "//objc/hybrid:hybrid_encrypt_factory",
+    "//objc/hybrid:hybrid_key_template",
     "//objc/mac:mac_config",
     "//objc/mac:mac_factory",
     "//objc/util:errors",
@@ -78,16 +82,6 @@ objc_library(
 
 # private libraries
 
-# C++ protocol buffers.
-# We need to convert them to cc_library so we can add them as a dependency of objc_library targets.
-
-cc_library(
-    name = "config_pb",
-    deps = [
-        "//proto:config_cc_proto",
-    ],
-)
-
 objc_library(
     name = "aead",
     hdrs = ["TINKAead.h"],
@@ -116,7 +110,7 @@ objc_library(
     ],
     deps = [
         ":keyset_reader",
-        ":tink_pb",
+        ":tink_cc_pb",
         "//cc:binary_keyset_reader",
         "//objc/util:errors",
         "//objc/util:strings",
@@ -174,7 +168,7 @@ objc_library(
     ],
     deps = [
         ":keyset_reader",
-        ":tink_pb",
+        ":tink_cc_pb",
         "//cc:json_keyset_reader",
         "//objc/util:errors",
         "//objc/util:strings",
@@ -190,6 +184,20 @@ objc_library(
     ],
 )
 
+objc_library(
+    name = "key_template",
+    srcs = ["core/TINKKeyTemplate.mm"],
+    hdrs = [
+        "TINKKeyTemplate.h",
+        "core/TINKKeyTemplate_Internal.h",
+    ],
+    deps = [
+        ":tink_cc_pb",
+        "//cc/util:status",
+        "//objc/util:errors",
+    ],
+)
+
 objc_library(
     name = "keyset_handle",
     srcs = ["core/TINKKeysetHandle.mm"],
@@ -200,8 +208,9 @@ objc_library(
     visibility = ["//visibility:public"],
     deps = [
         ":aead",
+        ":key_template",
         ":keyset_reader",
-        ":tink_pb",
+        ":tink_cc_pb",
         "//cc:keyset_handle",
         "//cc/util:status",
         "//objc/aead:aead_internal",
@@ -238,7 +247,7 @@ objc_library(
         "core/TINKRegistryConfig_Internal.h",
     ],
     deps = [
-        ":config_pb",
+        ":config_cc_pb",
         ":version",
     ],
 )
@@ -254,7 +263,14 @@ objc_library(
 # We need to convert them to cc_library so we can add them as a dependency of objc_library targets.
 
 cc_library(
-    name = "tink_pb",
+    name = "config_cc_pb",
+    deps = [
+        "//proto:config_cc_proto",
+    ],
+)
+
+cc_library(
+    name = "tink_cc_pb",
     deps = [
         "//proto:tink_cc_proto",
     ],
@@ -284,7 +300,6 @@ objc_library(
     ]),
     deps = [
         ":testonly",
-        "@com_google_protobuf//:protobuf_lite",
         "//cc:aead",
         "//cc:crypto_format",
         "//cc:keyset_handle",
@@ -293,7 +308,9 @@ objc_library(
         "//cc/util:status",
         "//cc/util:test_util",
         "//objc/aead:aead_internal",
+        "//objc/util:proto_helpers",
         "//objc/util:test_helpers",
         "//proto:all_objc_proto",
+        "@com_google_protobuf//:protobuf_lite",
     ],
 )
diff --git a/objc/TINKHybridKeyTemplate.h b/objc/TINKHybridKeyTemplate.h
@@ -0,0 +1,19 @@
+/**
+ * Copyright 2017 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ **************************************************************************
+ */
+
+#import "objc/hybrid/TINKHybridKeyTemplate.h"
diff --git a/objc/TINKKeyTemplate.h b/objc/TINKKeyTemplate.h
@@ -0,0 +1,42 @@
+/**
+ * Copyright 2018 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ **************************************************************************
+ */
+
+#import <Foundation/Foundation.h>
+
+NS_ASSUME_NONNULL_BEGIN
+
+/**
+ * Wrapper class that holds key template options that are used to generate keysets.
+ * This is the base/parent class that is subclassed by all the TINKXYZKeyTemplate classes.
+ *
+ * To create an instance of this class you need to use one of the subclasses: TINKAeadKeyTemplate,
+ * TINKHybridKeyTemplate etc.
+ */
+@interface TINKKeyTemplate : NSObject
+
+/**
+ * This class is not meant to be instantiated directly; instead use one of the subclasses
+ * (TINKAeadKeyTemplate, TINKHybridKeyTemplate etc.) to get an instance.
+ */
+- (nullable instancetype)init NS_UNAVAILABLE;
+
+- (nullable instancetype)initWithKeyTemplate:(id)keyTemplate error:(NSError **)error;
+
+@end
+
+NS_ASSUME_NONNULL_END
diff --git a/objc/TINKKeysetHandle.h b/objc/TINKKeysetHandle.h
@@ -18,6 +18,7 @@
 
 #import <Foundation/Foundation.h>
 
+@class TINKKeyTemplate;
 @class TINKKeysetReader;
 @class TINKPBKeyTemplate;
 @protocol TINKAead;
@@ -51,14 +52,28 @@ NS_ASSUME_NONNULL_BEGIN
 
 /**
  * Returns a new TINKKeysetHandle that contains a single fresh key generated according to
- * @c keyTemplate.
+ * @c keyTemplate. @c keyTemplate can be obtained by using one of the subclasses such as
+ * TINKAeadKeyTemplate, TINKHybridKeyTemplate etc.
  *
- * @param keyTemplate A TINKPBKeyTemplate protocol buffer that describes the key to be generated.
+ * @param keyTemplate An instance of TINKKeyTemplate that describes the key to be generated.
+ *                    To get an instance of TINKKeyTemplate use one of the primitive-specific
+ *                    subclasses such as: TINKAeadKeyTemplate, TINKHybridKeyTemplate etc.
  * @param error       If non-nil it will be populated with a descriptive error message.
  * @return            A TINKKeysetHandle, or nil in case of error.
  */
-- (nullable instancetype)initWithKeyTemplate:(TINKPBKeyTemplate *)keyTemplate
-                                       error:(NSError **)error;
+- (nullable instancetype)initWithKeyTemplate:(TINKKeyTemplate *)keyTemplate error:(NSError **)error;
+
+/**
+ * Returns a new TINKKeysetHandle that contains a single fresh key generated according to
+ * the protocol buffer @c keyTemplateProto.
+ *
+ * @param keyTemplateProto A TINKPBKeyTemplate protocol buffer that describes the key to be
+ *                         generated.
+ * @param error            If non-nil it will be populated with a descriptive error message.
+ * @return                 A TINKKeysetHandle, or nil in case of error.
+ */
+- (nullable instancetype)initWithKeyTemplateProto:(TINKPBKeyTemplate *)keyTemplateProto
+                                            error:(NSError **)error;
 
 @end
 

diff --git a/objc/Tests/UnitTests/core/TINKKeyTemplateTest.mm b/objc/Tests/UnitTests/core/TINKKeyTemplateTest.mm
@@ -0,0 +1,47 @@
+/**
+ * Copyright 2018 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ **************************************************************************
+ */
+
+#import "objc/TINKKeyTemplate.h"
+#import "objc/core/TINKKeyTemplate_Internal.h"
+
+#import <XCTest/XCTest.h>
+
+#include "tink/util/status.h"
+
+@interface TINKKeyTemplateTest : XCTestCase
+@end
+
+@implementation TINKKeyTemplateTest
+
+- (void)testInitialization {
+  // Verify that the users can't initialize this class directly.
+  NSError *error = nil;
+  @try {
+    TINKKeyTemplate *tpl =
+        [[TINKKeyTemplate alloc] initWithKeyTemplate:[[NSObject alloc] init] error:&error];
+    XCTAssertNil(tpl);
+    XCTAssertNotNil(error);
+    XCTAssertEqual(error.code, crypto::tink::util::error::INTERNAL);
+    XCTAssertTrue(
+        [error.localizedFailureReason containsString:@"Only instantiate from derived classes!"]);
+  } @catch (NSException *exception) {
+    XCTAssertTrue([exception.reason isEqualToString:@"Only instantiate from derived classes!"]);
+  }
+}
+
+@end
diff --git a/objc/Tests/UnitTests/core/TINKKeysetHandleTest.mm b/objc/Tests/UnitTests/core/TINKKeysetHandleTest.mm
@@ -24,9 +24,11 @@
 #import "objc/TINKAead.h"
 #import "objc/TINKBinaryKeysetReader.h"
 #import "objc/aead/TINKAeadInternal.h"
+#import "objc/hybrid/TINKHybridKeyTemplate.h"
 #import "objc/util/TINKStrings.h"
 #import "proto/Tink.pbobjc.h"
 
+#include "tink/util/status.h"
 #include "tink/util/test_util.h"
 #include "proto/tink.pb.h"
 
@@ -147,16 +149,30 @@ - (void)testWrongCiphertext_Binary {
 
 #pragma clang diagnostic push
 #pragma clang diagnostic ignored "-Wnonnull"
-- (void)testInvalidKeyTemplate {
+- (void)testInvalidKeyTemplateProto {
   NSError *error = nil;
-  TINKKeysetHandle *handle = [[TINKKeysetHandle alloc] initWithKeyTemplate:nil error:&error];
+  TINKKeysetHandle *handle = [[TINKKeysetHandle alloc] initWithKeyTemplateProto:nil error:&error];
   XCTAssertNil(handle);
   XCTAssertEqual(error.code, crypto::tink::util::error::INVALID_ARGUMENT);
 }
 #pragma clang diagnostic pop
 
-- (void)testValidKeyTeamplte {
-  // TODO(candrian): Implement this once the C++ method is working.
+- (void)testValidKeyTemplate {
+  NSError *error = nil;
+  TINKHybridKeyTemplate *keyTemplate =
+      [[TINKHybridKeyTemplate alloc] initWithKeyTemplate:TINKEciesP256HkdfHmacSha256Aes128Gcm
+                                                   error:&error];
+  XCTAssertNotNil(keyTemplate);
+  XCTAssertNil(error);
+
+  // TODO(candrian): Update this test once C++ adds support for key templates.
+  TINKKeysetHandle *handle =
+      [[TINKKeysetHandle alloc] initWithKeyTemplate:keyTemplate error:&error];
+  XCTAssertNil(handle);
+  XCTAssertNotNil(error);
+  XCTAssertTrue(error.code == crypto::tink::util::error::UNIMPLEMENTED);
+  XCTAssertTrue([error.localizedFailureReason
+      containsString:@"Generation of new keysets from templates is not implemented yet"]);
 }
 
 @end