From dc91bb349891e6f69a9dbfaa87e9874e91128458 Mon Sep 17 00:00:00 2001
From: Veronika Slivova <slivova@google.com>
Date: Tue, 3 Jul 2018 01:32:50 -0700
Subject: [PATCH] Registering key manager with not supported key type should
not be allowed.
PiperOrigin-RevId: 203082603
GitOrigin-RevId: 610b190732a8c98bfbed8f0625a2688d8c748a67
---
.../java/com/google/crypto/tink/Registry.java | 5 +++
.../com/google/crypto/tink/RegistryTest.java | 41 ++++++++++++++-----
2 files changed, 35 insertions(+), 11 deletions(-)
diff --git a/java/src/main/java/com/google/crypto/tink/Registry.java b/java/src/main/java/com/google/crypto/tink/Registry.java
index c40af4af0..16970ab65 100644
--- a/java/src/main/java/com/google/crypto/tink/Registry.java
+++ b/java/src/main/java/com/google/crypto/tink/Registry.java
@@ -194,6 +194,11 @@ public final class Registry {
if (manager == null) {
throw new IllegalArgumentException("key manager must be non-null.");
}
+ if (!manager.doesSupport(typeUrl)) {
+ throw new GeneralSecurityException(
+ "Manager does not support key type "
+ + typeUrl + ".");
+ }
if (keyManagerMap.containsKey(typeUrl)) {
KeyManager<P> existingManager = getKeyManager(typeUrl);
boolean existingNewKeyAllowed = newKeyAllowedMap.get(typeUrl).booleanValue();
diff --git a/java/src/test/java/com/google/crypto/tink/RegistryTest.java b/java/src/test/java/com/google/crypto/tink/RegistryTest.java
index c15b5174b..0bd3e2d7f 100644
--- a/java/src/test/java/com/google/crypto/tink/RegistryTest.java
+++ b/java/src/test/java/com/google/crypto/tink/RegistryTest.java
@@ -50,7 +50,11 @@ import org.junit.runners.JUnit4;
@RunWith(JUnit4.class)
public class RegistryTest {
private static class CustomAeadKeyManager implements KeyManager<Aead> {
- public CustomAeadKeyManager() {}
+ public CustomAeadKeyManager(String typeUrl) {
+ this.typeUrl = typeUrl;
+ }
+
+ private final String typeUrl;
@Override
public Aead getPrimitive(ByteString proto) throws GeneralSecurityException {
@@ -78,13 +82,13 @@ public class RegistryTest {
}
@Override
- public boolean doesSupport(String typeUrl) { // supports same keys as AesEaxKey
- return typeUrl.equals(AeadConfig.AES_EAX_TYPE_URL);
+ public boolean doesSupport(String typeUrl) {
+ return typeUrl.equals(this.typeUrl);
}
@Override
public String getKeyType() {
- return AeadConfig.AES_EAX_TYPE_URL;
+ return this.typeUrl;
}
@Override
@@ -147,13 +151,28 @@ public class RegistryTest {
}
}
+ @Test
+ public void testRegisterKeyManager_WithKeyTypeNotSupported_shouldThrowException()
+ throws Exception {
+ String typeUrl = "someTypeUrl";
+ String differentTypeUrl = "differentTypeUrl";
+ try {
+ Registry.registerKeyManager(differentTypeUrl, new CustomAeadKeyManager(typeUrl));
+ } catch (GeneralSecurityException e) {
+ assertExceptionContains(e,
+ "Manager does not support key type " + differentTypeUrl);
+ return;
+ }
+ fail("Should throw an exception.");
+ }
+
@Test
public void testRegisterKeyManager_MoreRestrictedNewKeyAllowed_shouldWork() throws Exception {
String typeUrl = "typeUrl";
- Registry.registerKeyManager(typeUrl, new CustomAeadKeyManager());
+ Registry.registerKeyManager(typeUrl, new CustomAeadKeyManager(typeUrl));
try {
- Registry.registerKeyManager(typeUrl, new CustomAeadKeyManager(), false);
+ Registry.registerKeyManager(typeUrl, new CustomAeadKeyManager(typeUrl), false);
} catch (GeneralSecurityException e) {
fail("repeated registrations of the same key manager should work");
}
@@ -163,10 +182,10 @@ public class RegistryTest {
public void testRegisterKeyManager_LessRestrictedNewKeyAllowed_shouldThrowException()
throws Exception {
String typeUrl = "typeUrl";
- Registry.registerKeyManager(typeUrl, new CustomAeadKeyManager(), false);
+ Registry.registerKeyManager(typeUrl, new CustomAeadKeyManager(typeUrl), false);
try {
- Registry.registerKeyManager(typeUrl, new CustomAeadKeyManager(), true);
+ Registry.registerKeyManager(typeUrl, new CustomAeadKeyManager(typeUrl), true);
fail("Expected GeneralSecurityException");
} catch (GeneralSecurityException e) {
// expected
@@ -178,8 +197,8 @@ public class RegistryTest {
throws Exception {
// This should not overwrite the existing manager.
try {
- Registry.registerKeyManager(
- AeadConfig.AES_CTR_HMAC_AEAD_TYPE_URL, new CustomAeadKeyManager());
+ Registry.registerKeyManager(AeadConfig.AES_CTR_HMAC_AEAD_TYPE_URL,
+ new CustomAeadKeyManager(AeadConfig.AES_CTR_HMAC_AEAD_TYPE_URL));
fail("Expected GeneralSecurityException.");
} catch (GeneralSecurityException e) {
assertThat(e.toString()).contains("already registered");
@@ -324,7 +343,7 @@ public class RegistryTest {
.build());
// Get a PrimitiveSet using a custom key manager for key1.
- KeyManager<Aead> customManager = new CustomAeadKeyManager();
+ KeyManager<Aead> customManager = new CustomAeadKeyManager(AeadConfig.AES_EAX_TYPE_URL);
PrimitiveSet<Aead> aeadSet = Registry.getPrimitives(keysetHandle, customManager);
List<PrimitiveSet.Entry<Aead>> aead1List =
aeadSet.getPrimitive(keysetHandle.getKeyset().getKey(0));
--
GitLab