Skip to content
Snippets Groups Projects
Commit b4142f9a authored by Tink Team's avatar Tink Team Committed by Copybara-Service
Browse files

Add AES-256-GCM key template with RAW output prefix.

PiperOrigin-RevId: 270099454
parent 5e64d1cd
No related branches found
No related tags found
No related merge requests found
......@@ -30,14 +30,23 @@ import (
// AES128GCMKeyTemplate is a KeyTemplate that generates an AES-GCM key with the following parameters:
// - Key size: 16 bytes
// - Output prefix type: TINK
func AES128GCMKeyTemplate() *tinkpb.KeyTemplate {
return createAESGCMKeyTemplate(16)
return createAESGCMKeyTemplate(16, tinkpb.OutputPrefixType_TINK)
}
// AES256GCMKeyTemplate is a KeyTemplate that generates an AES-GCM key with the following parameters:
// - Key size: 32 bytes
// - Output prefix type: TINK
func AES256GCMKeyTemplate() *tinkpb.KeyTemplate {
return createAESGCMKeyTemplate(32)
return createAESGCMKeyTemplate(32, tinkpb.OutputPrefixType_TINK)
}
// AES256GCMNoPrefixKeyTemplate is a KeyTemplate that generates an AES-GCM key with the following parameters:
// - Key size: 32 bytes
// - Output prefix type: RAW
func AES256GCMNoPrefixKeyTemplate() *tinkpb.KeyTemplate {
return createAESGCMKeyTemplate(32, tinkpb.OutputPrefixType_RAW)
}
// AES128CTRHMACSHA256KeyTemplate is a KeyTemplate that generates an AES-CTR-HMAC-AEAD key with the following parameters:
......@@ -94,14 +103,15 @@ func KMSEnvelopeAEADKeyTemplate(uri string, dekT *tinkpb.KeyTemplate) *tinkpb.Ke
// createAESGCMKeyTemplate creates a new AES-GCM key template with the given key
// size in bytes.
func createAESGCMKeyTemplate(keySize uint32) *tinkpb.KeyTemplate {
func createAESGCMKeyTemplate(keySize uint32, outputPrefixType tinkpb.OutputPrefixType) *tinkpb.KeyTemplate {
format := &gcmpb.AesGcmKeyFormat{
KeySize: keySize,
}
serializedFormat, _ := proto.Marshal(format)
return &tinkpb.KeyTemplate{
TypeUrl: aesGCMTypeURL,
Value: serializedFormat,
TypeUrl: aesGCMTypeURL,
Value: serializedFormat,
OutputPrefixType: outputPrefixType,
}
}
......
......@@ -34,7 +34,7 @@ import (
func TestAESGCMKeyTemplates(t *testing.T) {
// AES-GCM 128 bit
template := aead.AES128GCMKeyTemplate()
if err := checkAESGCMKeyTemplate(template, uint32(16)); err != nil {
if err := checkAESGCMKeyTemplate(template, uint32(16), tinkpb.OutputPrefixType_TINK); err != nil {
t.Errorf("invalid AES-128 GCM key template: %s", err)
}
if err := testEncryptDecrypt(template, testutil.AESGCMTypeURL); err != nil {
......@@ -43,18 +43,30 @@ func TestAESGCMKeyTemplates(t *testing.T) {
// AES-GCM 256 bit
template = aead.AES256GCMKeyTemplate()
if err := checkAESGCMKeyTemplate(template, uint32(32)); err != nil {
if err := checkAESGCMKeyTemplate(template, uint32(32), tinkpb.OutputPrefixType_TINK); err != nil {
t.Errorf("invalid AES-256 GCM key template: %s", err)
}
if err := testEncryptDecrypt(template, testutil.AESGCMTypeURL); err != nil {
t.Errorf("%v", err)
}
// AES-GCM 256 bit No Prefix
template = aead.AES256GCMNoPrefixKeyTemplate()
if err := checkAESGCMKeyTemplate(template, uint32(32), tinkpb.OutputPrefixType_RAW); err != nil {
t.Errorf("invalid AES-256 GCM No Prefix key template: %s", err)
}
if err := testEncryptDecrypt(template, testutil.AESGCMTypeURL); err != nil {
t.Errorf("%v", err)
}
}
func checkAESGCMKeyTemplate(template *tinkpb.KeyTemplate, keySize uint32) error {
func checkAESGCMKeyTemplate(template *tinkpb.KeyTemplate, keySize uint32, outputPrefixType tinkpb.OutputPrefixType) error {
if template.TypeUrl != testutil.AESGCMTypeURL {
return fmt.Errorf("incorrect type url")
}
if template.OutputPrefixType != outputPrefixType {
return fmt.Errorf("incorrect output prefix type")
}
keyFormat := new(gcmpb.AesGcmKeyFormat)
err := proto.Unmarshal(template.Value, keyFormat)
if err != nil {
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment