Merge branch 'master' into patch-1

BUILD.bazel

@@ -9,15 +9,10 @@ licenses(["notice"])  # Apache 2.0
 
 exports_files(["LICENSE"])
 
-# All go packages use github.com/google/tink prefix
-load("@io_bazel_rules_go//go:def.bzl", "gazelle")
+load("@bazel_gazelle//:def.bzl", "gazelle")
 
-# bazel rule definition
-gazelle(
-    name = "gazelle",
-    command = "update",
-    prefix = "github.com/google/tink",
-)
+# gazelle:prefix github.com/google/go
+gazelle(name = "gazelle")
 
 filegroup(
     name = "tink_version",

README.md

@@ -119,8 +119,8 @@ Tink is maintained by (A-Z):
 -   Haris Andrianakis
 -   Daniel Bleichenbacher
 -   Thai Duong
+-   Thomas Holenstein
 -   Charles Lee
 -   Quan Nguyen
 -   Bartosz Przydatek
-
-Disclaimer: Tink is not an officially supported Google product.
+-   Veronika Slívová

WORKSPACE

@@ -579,20 +579,28 @@ http_file(
 #-----------------------------------------------------------------------------
 http_archive(
     name = "io_bazel_rules_go",
-    url = "https://github.com/bazelbuild/rules_go/releases/download/0.10.1/rules_go-0.10.1.tar.gz",
-    sha256 = "4b14d8dd31c6dbaf3ff871adcd03f28c3274e42abc855cb8fb4d01233c0154dc",
+    urls = ["https://github.com/bazelbuild/rules_go/releases/download/0.15.3/rules_go-0.15.3.tar.gz"],
+    sha256 = "97cf62bdef33519412167fd1e4b0810a318a7c234f5f8dc4f53e2da86241c492",
+)
+http_archive(
+    name = "bazel_gazelle",
+    urls = ["https://github.com/bazelbuild/bazel-gazelle/releases/download/0.14.0/bazel-gazelle-0.14.0.tar.gz"],
+    sha256 = "c0a5739d12c6d05b6c1ad56f2200cb0b57c5a70e03ebd2f7b87ce88cabf09c7b",
 )
 
-load("@io_bazel_rules_go//go:def.bzl", "go_rules_dependencies", "go_register_toolchains", "go_repository")
+load("@io_bazel_rules_go//go:def.bzl", "go_rules_dependencies", "go_register_toolchains")
 go_rules_dependencies()
 go_register_toolchains()
 
+load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies")
+gazelle_dependencies()
+
+load("@bazel_gazelle//:deps.bzl", "go_repository")
 go_repository(
     name = "org_golang_x_crypto",
     commit = "0e37d006457bf46f9e6692014ba72ef82c33022c",
     importpath = "golang.org/x/crypto",
 )
-
 go_repository(
     name = "org_golang_x_sys",
     commit = "d0be0721c37eeb5299f245a996a483160fc36940",

cc/BUILD.bazel

@@ -87,8 +87,10 @@ PUBLIC_API_DEPS = [
     "//cc/util:status",
     "//cc/util:statusor",
     "//cc/util:validation",
+    "@com_google_absl//absl/base:core_headers",
     "@com_google_absl//absl/memory",
     "@com_google_absl//absl/strings",
+    "@com_google_absl//absl/synchronization",
 ]
 
 cc_library(
@@ -342,7 +344,9 @@ cc_library(
         "//cc/util:statusor",
         "//cc/util:validation",
         "//proto:tink_cc_proto",
+        "@com_google_absl//absl/base:core_headers",
         "@com_google_absl//absl/strings",
+        "@com_google_absl//absl/synchronization",
     ],
 )
 
@@ -431,7 +435,7 @@ cc_library(
 
 cc_library(
     name = "key_manager",
-    srcs = ["key_manager.h"],
+    srcs = ["core/key_manager.cc"],
     hdrs = ["key_manager.h"],
     include_prefix = "tink",
     strip_include_prefix = "/cc",
@@ -441,6 +445,7 @@ cc_library(
         "//cc/util:status",
         "//cc/util:statusor",
         "//proto:tink_cc_proto",
+        "@com_google_absl//absl/memory",
         "@com_google_absl//absl/strings",
     ],
 )
@@ -480,6 +485,8 @@ cc_library(
         "//cc/util:statusor",
         "//proto:tink_cc_proto",
         "@com_google_absl//absl/memory",
+        "@com_google_absl//absl/base:core_headers",
+        "@com_google_absl//absl/synchronization",
     ],
 )
 
@@ -779,6 +786,20 @@ cc_test(
     ],
 )
 
+cc_test(
+    name = "key_manager_test",
+    size = "small",
+    srcs = ["core/key_manager_test.cc"],
+    copts = ["-Iexternal/gtest/include"],
+    deps = [
+        ":key_manager",
+        "@com_google_googletest//:gtest_main",
+        "//cc/util:status",
+        "//cc/util:test_matchers",
+        "//proto:empty_cc_proto",
+    ],
+)
+
 cc_test(
     name = "keyset_manager_test",
     size = "small",

cc/core/key_manager.cc

@@ -0,0 +1,52 @@
+// Copyright 2018 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+///////////////////////////////////////////////////////////////////////////////
+#include "tink/key_manager.h"
+#include "absl/memory/memory.h"
+
+namespace crypto {
+namespace tink {
+
+// A key factory which always fails.
+class AlwaysFailingKeyFactory : public KeyFactory {
+ public:
+  AlwaysFailingKeyFactory() = delete;
+  explicit AlwaysFailingKeyFactory(const crypto::tink::util::Status& status)
+      : status_(status) {}
+
+  crypto::tink::util::StatusOr<std::unique_ptr<portable_proto::MessageLite>>
+  NewKey(const portable_proto::MessageLite& key_format) const override {
+    return status_;
+  }
+
+  crypto::tink::util::StatusOr<std::unique_ptr<portable_proto::MessageLite>>
+  NewKey(absl::string_view serialized_key_format) const override {
+    return status_;
+  }
+
+  crypto::tink::util::StatusOr<std::unique_ptr<google::crypto::tink::KeyData>>
+  NewKeyData(absl::string_view serialized_key_format) const override {
+    return status_;
+  }
+
+ private:
+  crypto::tink::util::Status status_;
+};
+std::unique_ptr<KeyFactory> KeyFactory::AlwaysFailingFactory(
+    const crypto::tink::util::Status& status) {
+  return absl::make_unique<AlwaysFailingKeyFactory>(status);
+}
+}  // namespace tink
+}  // namespace crypto

cc/core/key_manager_test.cc

@@ -0,0 +1,54 @@
+// Copyright 2018 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+///////////////////////////////////////////////////////////////////////////////
+#include "tink/key_manager.h"
+#include "gmock/gmock.h"
+#include "gtest/gtest.h"
+#include "tink/util/status.h"
+#include "tink/util/test_matchers.h"
+#include "proto/empty.pb.h"
+
+namespace crypto {
+namespace tink {
+
+namespace {
+
+using ::crypto::tink::test::StatusIs;
+
+TEST(AlwaysFailingFactoryTest, NewKeyFromProtoLite) {
+  std::unique_ptr<KeyFactory> factory = KeyFactory::AlwaysFailingFactory(
+      util::Status(crypto::tink::util::error::ALREADY_EXISTS, ""));
+  google::crypto::tink::Empty empty_proto;
+  EXPECT_THAT(factory->NewKey(empty_proto).status(),
+              StatusIs(util::error::ALREADY_EXISTS));
+}
+
+TEST(AlwaysFailingFactoryTest, NewKeyFromStringView) {
+  std::unique_ptr<KeyFactory> factory = KeyFactory::AlwaysFailingFactory(
+      util::Status(crypto::tink::util::error::ALREADY_EXISTS, ""));
+  EXPECT_THAT(factory->NewKey("").status(),
+              StatusIs(util::error::ALREADY_EXISTS));
+}
+
+TEST(AlwaysFailingFactoryTest, NewKeyData) {
+  std::unique_ptr<KeyFactory> factory = KeyFactory::AlwaysFailingFactory(
+      util::Status(crypto::tink::util::error::ALREADY_EXISTS, ""));
+  EXPECT_THAT(factory->NewKeyData("").status(),
+              StatusIs(util::error::ALREADY_EXISTS));
+}
+
+}  // namespace
+}  // namespace tink
+}  // namespace crypto

cc/core/keyset_manager.cc

@@ -61,12 +61,12 @@ StatusOr<std::unique_ptr<KeysetManager>> KeysetManager::New(
 StatusOr<std::unique_ptr<KeysetManager>> KeysetManager::New(
     const KeysetHandle& keyset_handle) {
   auto manager = absl::make_unique<KeysetManager>();
+  absl::MutexLock lock(&manager->keyset_mutex_);
   manager->keyset_ = keyset_handle.get_keyset();
   return std::move(manager);
 }
 
 uint32_t KeysetManager::GenerateNewKeyId() {
-  std::lock_guard<std::recursive_mutex> lock(keyset_mutex_);
   while (true) {
     uint32_t key_id = NewKeyId();
     bool already_exists = false;
@@ -81,15 +81,20 @@ uint32_t KeysetManager::GenerateNewKeyId() {
 }
 
 std::unique_ptr<KeysetHandle> KeysetManager::GetKeysetHandle() {
-  std::lock_guard<std::recursive_mutex> lock(keyset_mutex_);
+  absl::MutexLock lock(&keyset_mutex_);
   std::unique_ptr<Keyset> keyset_copy(new Keyset(keyset_));
   std::unique_ptr<KeysetHandle> handle(
       new KeysetHandle(std::move(keyset_copy)));
   return handle;
 }
 
 StatusOr<uint32_t> KeysetManager::Add(const KeyTemplate& key_template) {
-  std::lock_guard<std::recursive_mutex> lock(keyset_mutex_);
+  return Add(key_template, false);
+}
+
+crypto::tink::util::StatusOr<uint32_t> KeysetManager::Add(
+    const google::crypto::tink::KeyTemplate& key_template, bool as_primary) {
+  absl::MutexLock lock(&keyset_mutex_);
   auto key_data_result = Registry::NewKeyData(key_template);
   if (!key_data_result.ok()) return key_data_result.status();
   auto key_data = std::move(key_data_result.ValueOrDie());
@@ -99,22 +104,19 @@ StatusOr<uint32_t> KeysetManager::Add(const KeyTemplate& key_template) {
   key->set_status(KeyStatusType::ENABLED);
   key->set_key_id(key_id);
   key->set_output_prefix_type(key_template.output_prefix_type());
+  if (as_primary) {
+    keyset_.set_primary_key_id(key_id);
+  }
   return key_id;
 }
 
 StatusOr<uint32_t> KeysetManager::Rotate(const KeyTemplate& key_template) {
-  std::lock_guard<std::recursive_mutex> lock(keyset_mutex_);
-  auto add_result = Add(key_template);
-  if (!add_result.ok()) return add_result.status();
-  auto key_id = add_result.ValueOrDie();
-  auto status = SetPrimary(key_id);
-  if (!status.ok()) return status;
-  return key_id;
+  return Add(key_template, true);
 }
 
 
 Status KeysetManager::Enable(uint32_t key_id) {
-  std::lock_guard<std::recursive_mutex> lock(keyset_mutex_);
+  absl::MutexLock lock(&keyset_mutex_);
   for (auto& key : *(keyset_.mutable_key())) {
     if (key.key_id() == key_id) {
       if (key.status() != KeyStatusType::DISABLED &&
@@ -134,7 +136,7 @@ Status KeysetManager::Enable(uint32_t key_id) {
 }
 
 Status KeysetManager::Disable(uint32_t key_id) {
-  std::lock_guard<std::recursive_mutex> lock(keyset_mutex_);
+  absl::MutexLock lock(&keyset_mutex_);
   if (keyset_.primary_key_id() == key_id) {
     return ToStatusF(util::error::INVALID_ARGUMENT,
                      "Cannot disable primary key (key_id %" PRIu32 ").",
@@ -159,7 +161,7 @@ Status KeysetManager::Disable(uint32_t key_id) {
 }
 
 Status KeysetManager::Delete(uint32_t key_id) {
-  std::lock_guard<std::recursive_mutex> lock(keyset_mutex_);
+  absl::MutexLock lock(&keyset_mutex_);
   if (keyset_.primary_key_id() == key_id) {
     return ToStatusF(util::error::INVALID_ARGUMENT,
                      "Cannot delete primary key (key_id %" PRIu32 ").",
@@ -181,7 +183,7 @@ Status KeysetManager::Delete(uint32_t key_id) {
 }
 
 Status KeysetManager::Destroy(uint32_t key_id) {
-  std::lock_guard<std::recursive_mutex> lock(keyset_mutex_);
+  absl::MutexLock lock(&keyset_mutex_);
   if (keyset_.primary_key_id() == key_id) {
     return ToStatusF(util::error::INVALID_ARGUMENT,
                      "Cannot destroy primary key (key_id %" PRIu32 ").",
@@ -208,7 +210,7 @@ Status KeysetManager::Destroy(uint32_t key_id) {
 }
 
 Status KeysetManager::SetPrimary(uint32_t key_id) {
-  std::lock_guard<std::recursive_mutex> lock(keyset_mutex_);
+  absl::MutexLock lock(&keyset_mutex_);
   for (auto& key : keyset_.key()) {
     if (key.key_id() == key_id) {
       if (key.status() != KeyStatusType::ENABLED) {
@@ -225,8 +227,9 @@ Status KeysetManager::SetPrimary(uint32_t key_id) {
                    key_id);
 }
 
+
 int KeysetManager::KeyCount() const {
-  std::lock_guard<std::recursive_mutex> lock(keyset_mutex_);
+  absl::MutexLock lock(&keyset_mutex_);
   return keyset_.key_size();
 }