Add AES-256-GCM key template with RAW output prefix.

PiperOrigin-RevId: 270099454

go/aead/aead_key_templates.go

@@ -30,14 +30,23 @@ import (
 
 // AES128GCMKeyTemplate is a KeyTemplate that generates an AES-GCM key with the following parameters:
 //   - Key size: 16 bytes
+//   - Output prefix type: TINK
 func AES128GCMKeyTemplate() *tinkpb.KeyTemplate {
-	return createAESGCMKeyTemplate(16)
+	return createAESGCMKeyTemplate(16, tinkpb.OutputPrefixType_TINK)
 }
 
 // AES256GCMKeyTemplate is a KeyTemplate that generates an AES-GCM key with the following parameters:
 //   - Key size: 32 bytes
+//   - Output prefix type: TINK
 func AES256GCMKeyTemplate() *tinkpb.KeyTemplate {
-	return createAESGCMKeyTemplate(32)
+	return createAESGCMKeyTemplate(32, tinkpb.OutputPrefixType_TINK)
+}
+
+// AES256GCMNoPrefixKeyTemplate is a KeyTemplate that generates an AES-GCM key with the following parameters:
+//   - Key size: 32 bytes
+//   - Output prefix type: RAW
+func AES256GCMNoPrefixKeyTemplate() *tinkpb.KeyTemplate {
+	return createAESGCMKeyTemplate(32, tinkpb.OutputPrefixType_RAW)
 }
 
 // AES128CTRHMACSHA256KeyTemplate is a KeyTemplate that generates an AES-CTR-HMAC-AEAD key with the following parameters:
@@ -94,14 +103,15 @@ func KMSEnvelopeAEADKeyTemplate(uri string, dekT *tinkpb.KeyTemplate) *tinkpb.Ke
 
 // createAESGCMKeyTemplate creates a new AES-GCM key template with the given key
 // size in bytes.
-func createAESGCMKeyTemplate(keySize uint32) *tinkpb.KeyTemplate {
+func createAESGCMKeyTemplate(keySize uint32, outputPrefixType tinkpb.OutputPrefixType) *tinkpb.KeyTemplate {
 	format := &gcmpb.AesGcmKeyFormat{
 		KeySize: keySize,
 	}
 	serializedFormat, _ := proto.Marshal(format)
 	return &tinkpb.KeyTemplate{
-		TypeUrl: aesGCMTypeURL,
-		Value:   serializedFormat,
+		TypeUrl:          aesGCMTypeURL,
+		Value:            serializedFormat,
+		OutputPrefixType: outputPrefixType,
 	}
 }
 

go/aead/aead_key_templates_test.go

@@ -34,7 +34,7 @@ import (
 func TestAESGCMKeyTemplates(t *testing.T) {
 	// AES-GCM 128 bit
 	template := aead.AES128GCMKeyTemplate()
-	if err := checkAESGCMKeyTemplate(template, uint32(16)); err != nil {
+	if err := checkAESGCMKeyTemplate(template, uint32(16), tinkpb.OutputPrefixType_TINK); err != nil {
 		t.Errorf("invalid AES-128 GCM key template: %s", err)
 	}
 	if err := testEncryptDecrypt(template, testutil.AESGCMTypeURL); err != nil {
@@ -43,18 +43,30 @@ func TestAESGCMKeyTemplates(t *testing.T) {
 
 	// AES-GCM 256 bit
 	template = aead.AES256GCMKeyTemplate()
-	if err := checkAESGCMKeyTemplate(template, uint32(32)); err != nil {
+	if err := checkAESGCMKeyTemplate(template, uint32(32), tinkpb.OutputPrefixType_TINK); err != nil {
 		t.Errorf("invalid AES-256 GCM key template: %s", err)
 	}
 	if err := testEncryptDecrypt(template, testutil.AESGCMTypeURL); err != nil {
 		t.Errorf("%v", err)
 	}
+
+	// AES-GCM 256 bit No Prefix
+	template = aead.AES256GCMNoPrefixKeyTemplate()
+	if err := checkAESGCMKeyTemplate(template, uint32(32), tinkpb.OutputPrefixType_RAW); err != nil {
+		t.Errorf("invalid AES-256 GCM No Prefix key template: %s", err)
+	}
+	if err := testEncryptDecrypt(template, testutil.AESGCMTypeURL); err != nil {
+		t.Errorf("%v", err)
+	}
 }
 
-func checkAESGCMKeyTemplate(template *tinkpb.KeyTemplate, keySize uint32) error {
+func checkAESGCMKeyTemplate(template *tinkpb.KeyTemplate, keySize uint32, outputPrefixType tinkpb.OutputPrefixType) error {
 	if template.TypeUrl != testutil.AESGCMTypeURL {
 		return fmt.Errorf("incorrect type url")
 	}
+	if template.OutputPrefixType != outputPrefixType {
+		return fmt.Errorf("incorrect output prefix type")
+	}
 	keyFormat := new(gcmpb.AesGcmKeyFormat)
 	err := proto.Unmarshal(template.Value, keyFormat)
 	if err != nil {