Skip to content
Snippets Groups Projects
Commit b4142f9a authored by Tink Team's avatar Tink Team Committed by Copybara-Service
Browse files

Add AES-256-GCM key template with RAW output prefix.

PiperOrigin-RevId: 270099454
parent 5e64d1cd
No related branches found
No related tags found
No related merge requests found
...@@ -30,14 +30,23 @@ import ( ...@@ -30,14 +30,23 @@ import (
// AES128GCMKeyTemplate is a KeyTemplate that generates an AES-GCM key with the following parameters: // AES128GCMKeyTemplate is a KeyTemplate that generates an AES-GCM key with the following parameters:
// - Key size: 16 bytes // - Key size: 16 bytes
// - Output prefix type: TINK
func AES128GCMKeyTemplate() *tinkpb.KeyTemplate { func AES128GCMKeyTemplate() *tinkpb.KeyTemplate {
return createAESGCMKeyTemplate(16) return createAESGCMKeyTemplate(16, tinkpb.OutputPrefixType_TINK)
} }
// AES256GCMKeyTemplate is a KeyTemplate that generates an AES-GCM key with the following parameters: // AES256GCMKeyTemplate is a KeyTemplate that generates an AES-GCM key with the following parameters:
// - Key size: 32 bytes // - Key size: 32 bytes
// - Output prefix type: TINK
func AES256GCMKeyTemplate() *tinkpb.KeyTemplate { func AES256GCMKeyTemplate() *tinkpb.KeyTemplate {
return createAESGCMKeyTemplate(32) return createAESGCMKeyTemplate(32, tinkpb.OutputPrefixType_TINK)
}
// AES256GCMNoPrefixKeyTemplate is a KeyTemplate that generates an AES-GCM key with the following parameters:
// - Key size: 32 bytes
// - Output prefix type: RAW
func AES256GCMNoPrefixKeyTemplate() *tinkpb.KeyTemplate {
return createAESGCMKeyTemplate(32, tinkpb.OutputPrefixType_RAW)
} }
// AES128CTRHMACSHA256KeyTemplate is a KeyTemplate that generates an AES-CTR-HMAC-AEAD key with the following parameters: // AES128CTRHMACSHA256KeyTemplate is a KeyTemplate that generates an AES-CTR-HMAC-AEAD key with the following parameters:
...@@ -94,14 +103,15 @@ func KMSEnvelopeAEADKeyTemplate(uri string, dekT *tinkpb.KeyTemplate) *tinkpb.Ke ...@@ -94,14 +103,15 @@ func KMSEnvelopeAEADKeyTemplate(uri string, dekT *tinkpb.KeyTemplate) *tinkpb.Ke
// createAESGCMKeyTemplate creates a new AES-GCM key template with the given key // createAESGCMKeyTemplate creates a new AES-GCM key template with the given key
// size in bytes. // size in bytes.
func createAESGCMKeyTemplate(keySize uint32) *tinkpb.KeyTemplate { func createAESGCMKeyTemplate(keySize uint32, outputPrefixType tinkpb.OutputPrefixType) *tinkpb.KeyTemplate {
format := &gcmpb.AesGcmKeyFormat{ format := &gcmpb.AesGcmKeyFormat{
KeySize: keySize, KeySize: keySize,
} }
serializedFormat, _ := proto.Marshal(format) serializedFormat, _ := proto.Marshal(format)
return &tinkpb.KeyTemplate{ return &tinkpb.KeyTemplate{
TypeUrl: aesGCMTypeURL, TypeUrl: aesGCMTypeURL,
Value: serializedFormat, Value: serializedFormat,
OutputPrefixType: outputPrefixType,
} }
} }
......
...@@ -34,7 +34,7 @@ import ( ...@@ -34,7 +34,7 @@ import (
func TestAESGCMKeyTemplates(t *testing.T) { func TestAESGCMKeyTemplates(t *testing.T) {
// AES-GCM 128 bit // AES-GCM 128 bit
template := aead.AES128GCMKeyTemplate() template := aead.AES128GCMKeyTemplate()
if err := checkAESGCMKeyTemplate(template, uint32(16)); err != nil { if err := checkAESGCMKeyTemplate(template, uint32(16), tinkpb.OutputPrefixType_TINK); err != nil {
t.Errorf("invalid AES-128 GCM key template: %s", err) t.Errorf("invalid AES-128 GCM key template: %s", err)
} }
if err := testEncryptDecrypt(template, testutil.AESGCMTypeURL); err != nil { if err := testEncryptDecrypt(template, testutil.AESGCMTypeURL); err != nil {
...@@ -43,18 +43,30 @@ func TestAESGCMKeyTemplates(t *testing.T) { ...@@ -43,18 +43,30 @@ func TestAESGCMKeyTemplates(t *testing.T) {
// AES-GCM 256 bit // AES-GCM 256 bit
template = aead.AES256GCMKeyTemplate() template = aead.AES256GCMKeyTemplate()
if err := checkAESGCMKeyTemplate(template, uint32(32)); err != nil { if err := checkAESGCMKeyTemplate(template, uint32(32), tinkpb.OutputPrefixType_TINK); err != nil {
t.Errorf("invalid AES-256 GCM key template: %s", err) t.Errorf("invalid AES-256 GCM key template: %s", err)
} }
if err := testEncryptDecrypt(template, testutil.AESGCMTypeURL); err != nil { if err := testEncryptDecrypt(template, testutil.AESGCMTypeURL); err != nil {
t.Errorf("%v", err) t.Errorf("%v", err)
} }
// AES-GCM 256 bit No Prefix
template = aead.AES256GCMNoPrefixKeyTemplate()
if err := checkAESGCMKeyTemplate(template, uint32(32), tinkpb.OutputPrefixType_RAW); err != nil {
t.Errorf("invalid AES-256 GCM No Prefix key template: %s", err)
}
if err := testEncryptDecrypt(template, testutil.AESGCMTypeURL); err != nil {
t.Errorf("%v", err)
}
} }
func checkAESGCMKeyTemplate(template *tinkpb.KeyTemplate, keySize uint32) error { func checkAESGCMKeyTemplate(template *tinkpb.KeyTemplate, keySize uint32, outputPrefixType tinkpb.OutputPrefixType) error {
if template.TypeUrl != testutil.AESGCMTypeURL { if template.TypeUrl != testutil.AESGCMTypeURL {
return fmt.Errorf("incorrect type url") return fmt.Errorf("incorrect type url")
} }
if template.OutputPrefixType != outputPrefixType {
return fmt.Errorf("incorrect output prefix type")
}
keyFormat := new(gcmpb.AesGcmKeyFormat) keyFormat := new(gcmpb.AesGcmKeyFormat)
err := proto.Unmarshal(template.Value, keyFormat) err := proto.Unmarshal(template.Value, keyFormat)
if err != nil { if err != nil {
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment