From 0fe6466868b6897065e69d16631753449efb6fc5 Mon Sep 17 00:00:00 2001 From: thaidn Date: Tue, 13 Apr 2021 00:47:53 -0700 Subject: [PATCH] Add new Registry-based key template APIs. PiperOrigin-RevId: 368164487 --- .../java/com/google/crypto/tink/BUILD.bazel | 2 + .../google/crypto/tink/KeyTypeManager.java | 28 +- .../java/com/google/crypto/tink/Registry.java | 146 ++++++- .../crypto/tink/aead/AesGcmKeyManager.java | 19 + .../com/google/crypto/tink/RegistryTest.java | 412 ++++++++++++++---- .../tink/aead/AesGcmKeyManagerTest.java | 9 + .../com/google/crypto/tink/aead/BUILD.bazel | 1 + 7 files changed, 501 insertions(+), 116 deletions(-) diff --git a/java_src/src/main/java/com/google/crypto/tink/BUILD.bazel b/java_src/src/main/java/com/google/crypto/tink/BUILD.bazel index 0eebbdf4ef..9dec9ef944 100644 --- a/java_src/src/main/java/com/google/crypto/tink/BUILD.bazel +++ b/java_src/src/main/java/com/google/crypto/tink/BUILD.bazel @@ -247,6 +247,7 @@ java_library( name = "key_type_manager", srcs = ["KeyTypeManager.java"], deps = [ + ":key_template", "//proto:tink_java_proto", "//src/main/java/com/google/crypto/tink/annotations:alpha", "@com_google_protobuf//:protobuf_javalite", @@ -257,6 +258,7 @@ android_library( name = "key_type_manager-android", srcs = ["KeyTypeManager.java"], deps = [ + ":key_template-android", "//proto:tink_java_proto_lite", "//src/main/java/com/google/crypto/tink/annotations:alpha", "@com_google_protobuf//:protobuf_javalite", diff --git a/java_src/src/main/java/com/google/crypto/tink/KeyTypeManager.java b/java_src/src/main/java/com/google/crypto/tink/KeyTypeManager.java index 972b6b0f7b..f125a9dc31 100644 --- a/java_src/src/main/java/com/google/crypto/tink/KeyTypeManager.java +++ b/java_src/src/main/java/com/google/crypto/tink/KeyTypeManager.java @@ -180,6 +180,20 @@ public KeyFactory(Class clazz) { this.clazz = clazz; } + /** + * A container that contains key format and other information that form key templates supported + * by this factory. + */ + public static final class KeyFormat { + public KeyFormatProtoT keyFormat; + public KeyTemplate.OutputPrefixType outputPrefixType; + + public KeyFormat(KeyFormatProtoT keyFormat, KeyTemplate.OutputPrefixType outputPrefixType) { + this.keyFormat = keyFormat; + this.outputPrefixType = outputPrefixType; + } + } + /** * Returns the class corresponding to the key format protobuffer. */ @@ -208,14 +222,14 @@ public abstract KeyFormatProtoT parseKeyFormat(ByteString byteString) public abstract KeyT createKey(KeyFormatProtoT keyFormat) throws GeneralSecurityException; /** - * Derives a new key from a given format, using the given {@param pseudoRandomness}. + * Derives a new key from a given format, using the given {@code pseudoRandomness}. * - *

Implementations need to note that the given paramter {@param pseudoRandomness} may only + *

Implementations need to note that the given paramter {@code pseudoRandomness} may only * produce a finite amount of randomness. Hence, proper implementations will first obtain all * the pseudorandom bytes needed; and only after produce the key. * *

While {@link validateKeyFormat} is called before this method will be called, - * implementations must check the version of the given {@param keyFormat}, as {@link + * implementations must check the version of the given {@code keyFormat}, as {@link * validateKeyFormat} is also called from {@link createKey}. * *

Not every KeyTypeManager needs to implement this; if not implemented a {@link @@ -223,8 +237,12 @@ public abstract KeyFormatProtoT parseKeyFormat(ByteString byteString) */ public KeyT deriveKey(KeyFormatProtoT keyFormat, InputStream pseudoRandomness) throws GeneralSecurityException { - throw new GeneralSecurityException( - "deriveKey not implemented for key of type " + clazz.toString()); + throw new GeneralSecurityException("deriveKey not implemented for key of type " + clazz); + } + + /** Returns supported key formats and their names. */ + public Map> keyFormats() { + return Collections.emptyMap(); } } diff --git a/java_src/src/main/java/com/google/crypto/tink/Registry.java b/java_src/src/main/java/com/google/crypto/tink/Registry.java index 93f253409e..d4b9f32875 100644 --- a/java_src/src/main/java/com/google/crypto/tink/Registry.java +++ b/java_src/src/main/java/com/google/crypto/tink/Registry.java @@ -17,7 +17,6 @@ package com.google.crypto.tink; import com.google.crypto.tink.proto.KeyData; -import com.google.crypto.tink.proto.KeyTemplate; import com.google.protobuf.ByteString; import com.google.protobuf.InvalidProtocolBufferException; import com.google.protobuf.MessageLite; @@ -25,6 +24,7 @@ import java.security.GeneralSecurityException; import java.util.Collections; import java.util.Locale; +import java.util.Map; import java.util.Set; import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentMap; @@ -88,6 +88,9 @@ public final class Registry { private static final ConcurrentMap, PrimitiveWrapper> primitiveWrapperMap = new ConcurrentHashMap<>(); + private static final ConcurrentMap keyTemplateMap = + new ConcurrentHashMap<>(); // name -> KeyTemplate mapping + /** * A container which either is constructed from a {@link KeyTypeManager} or from a {@link * KeyManager}. @@ -328,6 +331,7 @@ static synchronized void reset() { newKeyAllowedMap.clear(); catalogueMap.clear(); primitiveWrapperMap.clear(); + keyTemplateMap.clear(); } /** @@ -428,28 +432,66 @@ public static synchronized

void registerKeyManager(final KeyManager

manag } /** - * Throws a general security exception iff there is already a key manager registered for typeURL, - * and at least one of the following is true: - * * The class implementing the existing key manager differs from the given one. - * * The value of newKeyAllowed currently registered is false, but the input parameter is true. + * Throws a general security exception if one of these conditions holds: + * + *

    + *
  • There is already a key manager registered for {@code typeURL}, and at least one of the + * following is true: + *
      + *
    • The class implementing the existing key manager differs from the given one. + *
    • The value of {@code newKeyAllowed} currently registered is false, but the input + * parameter is true. + *
    + *
  • The {@code newKeyAllowed} flag is true, and at least one of the following is true: + *
      + *
    • The key manager was already registered, but it contains new key templates. + *
    • The key manager is new, but it contains existing key templates. */ - private static synchronized void ensureKeyManagerInsertable( - String typeUrl, Class implementingClass, boolean newKeyAllowed) - throws GeneralSecurityException { - if (!keyManagerMap.containsKey(typeUrl)) { - return; - } + private static synchronized + void ensureKeyManagerInsertable( + String typeUrl, + Class implementingClass, + Map> keyFormats, + boolean newKeyAllowed) + throws GeneralSecurityException { KeyManagerContainer container = keyManagerMap.get(typeUrl); - if (!container.getImplementingClass().equals(implementingClass)) { - logger.warning("Attempted overwrite of a registered key manager for key type " + typeUrl); + if (container != null && !container.getImplementingClass().equals(implementingClass)) { + logger.warning("Attempted overwrite of a registered key manager for key type " + typeUrl); throw new GeneralSecurityException( String.format( "typeUrl (%s) is already registered with %s, cannot be re-registered with %s", typeUrl, container.getImplementingClass().getName(), implementingClass.getName())); } - if (newKeyAllowed && !newKeyAllowedMap.get(typeUrl)) { + if (newKeyAllowed && newKeyAllowedMap.containsKey(typeUrl) && !newKeyAllowedMap.get(typeUrl)) { throw new GeneralSecurityException("New keys are already disallowed for key type " + typeUrl); } + + if (newKeyAllowed) { + if (keyManagerMap.containsKey(typeUrl)) { + // When re-inserting an already present KeyTypeManager, no new key templates should be + // present. + for (Map.Entry> entry : + keyFormats.entrySet()) { + if (!keyTemplateMap.containsKey(entry.getKey())) { + throw new GeneralSecurityException( + "Attempted to register a new key template " + + entry.getKey() + + " from an existing key manager of type " + + typeUrl); + } + } + } else { + // Check that new key managers can't overwrite existing key templates. + for (Map.Entry> entry : + keyFormats.entrySet()) { + + if (keyTemplateMap.containsKey(entry.getKey())) { + throw new GeneralSecurityException( + "Attempted overwrite of a registered key template " + entry.getKey()); + } + } + } + } } /** @@ -470,11 +512,28 @@ public static synchronized

      void registerKeyManager( throw new IllegalArgumentException("key manager must be non-null."); } String typeUrl = manager.getKeyType(); - ensureKeyManagerInsertable(typeUrl, manager.getClass(), newKeyAllowed); + // Use an empty key format because old-style key managers don't export their key formats + ensureKeyManagerInsertable(typeUrl, manager.getClass(), Collections.emptyMap(), newKeyAllowed); keyManagerMap.putIfAbsent(typeUrl, createContainerFor(manager)); newKeyAllowedMap.put(typeUrl, Boolean.valueOf(newKeyAllowed)); } + /** + * Tries to register {@code manager} for {@code manager.getKeyType()}. If {@code newKeyAllowed} is + * true, users can generate new keys with this manager using the {@link Registry#newKey} methods. + * + *

      If there is an existing key manager, throws an exception if {@code manager} and the existing + * key manager aren't instances of the same class, or if {@code newKeyAllowed} is true while the + * existing key manager could not create new keys. Otherwise registration succeeds. + * + *

      If {@code newKeyAllowed} is true, also tries to register the key templates supported by + * {@code manager}. + * + * @throws GeneralSecurityException if there's an existing key manager is not an instance of the + * class of {@code manager}, or the registration tries to re-enable the generation of new + * keys. + * @throws GeneralSecurityException if there's an existing key template. + */ public static synchronized void registerKeyManager( final KeyTypeManager manager, boolean newKeyAllowed) throws GeneralSecurityException { @@ -482,10 +541,18 @@ public static synchronized void registerKeyManag throw new IllegalArgumentException("key manager must be non-null."); } String typeUrl = manager.getKeyType(); - ensureKeyManagerInsertable(typeUrl, manager.getClass(), newKeyAllowed); + ensureKeyManagerInsertable( + typeUrl, + manager.getClass(), + newKeyAllowed ? manager.keyFactory().keyFormats() : Collections.emptyMap(), + newKeyAllowed); + if (!keyManagerMap.containsKey(typeUrl)) { keyManagerMap.put(typeUrl, createContainerFor(manager)); keyDeriverMap.put(typeUrl, createDeriverFor(manager)); + if (newKeyAllowed) { + registerKeyTemplates(typeUrl, manager.keyFactory().keyFormats()); + } } newKeyAllowedMap.put(typeUrl, Boolean.valueOf(newKeyAllowed)); } @@ -494,6 +561,9 @@ public static synchronized void registerKeyManag * Tries to register {@code manager} for {@code manager.getKeyType()}. If {@code newKeyAllowed} is * true, users can generate new keys with this manager using the {@link Registry#newKey} methods. * + *

      If {@code newKeyAllowed} is true, also tries to register the key templates supported by + * {@code manager}. + * *

      If there is an existing key manager, throws an exception if {@code manager} and the existing * key manager aren't instances of the same class, or if {@code newKeyAllowed} is true while the * existing key manager could not create new keys. Otherwise registration succeeds. @@ -501,6 +571,7 @@ public static synchronized void registerKeyManag * @throws GeneralSecurityException if there's an existing key manager is not an instance of the * class of {@code manager}, or the registration tries to re-enable the generation of new * keys. + * @throws GeneralSecurityException if there's an existing key template. */ public static synchronized void registerAsymmetricKeyManagers( @@ -513,8 +584,14 @@ void registerAsymmetricKeyManagers( } String privateTypeUrl = privateKeyTypeManager.getKeyType(); String publicTypeUrl = publicKeyTypeManager.getKeyType(); - ensureKeyManagerInsertable(privateTypeUrl, privateKeyTypeManager.getClass(), newKeyAllowed); - ensureKeyManagerInsertable(publicTypeUrl, publicKeyTypeManager.getClass(), false); + ensureKeyManagerInsertable( + privateTypeUrl, + privateKeyTypeManager.getClass(), + newKeyAllowed ? privateKeyTypeManager.keyFactory().keyFormats() : Collections.emptyMap(), + newKeyAllowed); + // No key format because a public key manager cannot create new keys + ensureKeyManagerInsertable( + publicTypeUrl, publicKeyTypeManager.getClass(), Collections.emptyMap(), false); if (privateTypeUrl.equals(publicTypeUrl)) { throw new GeneralSecurityException("Private and public key type must be different."); } @@ -548,6 +625,10 @@ void registerAsymmetricKeyManagers( privateTypeUrl, createPrivateKeyContainerFor(privateKeyTypeManager, publicKeyTypeManager)); keyDeriverMap.put(privateTypeUrl, createDeriverFor(privateKeyTypeManager)); + if (newKeyAllowed) { + registerKeyTemplates( + privateKeyTypeManager.getKeyType(), privateKeyTypeManager.keyFactory().keyFormats()); + } } newKeyAllowedMap.put(privateTypeUrl, newKeyAllowed); if (!keyManagerMap.containsKey(publicTypeUrl)) { @@ -558,6 +639,20 @@ void registerAsymmetricKeyManagers( newKeyAllowedMap.put(publicTypeUrl, false); } + private static void registerKeyTemplates( + String typeUrl, + Map> keyFormats) { + for (Map.Entry> entry : + keyFormats.entrySet()) { + keyTemplateMap.put( + entry.getKey(), + KeyTemplate.create( + typeUrl, + entry.getValue().keyFormat.toByteArray(), + entry.getValue().outputPrefixType)); + } + } + /** * Tries to register {@code manager} for the given {@code typeUrl}. Users can generate new keys * with this manager using the {@link Registry#newKey} methods. @@ -739,8 +834,8 @@ public static synchronized KeyData newKeyData(com.google.crypto.tink.KeyTemplate * * @return a new key */ - public static synchronized MessageLite newKey(KeyTemplate keyTemplate) - throws GeneralSecurityException { + public static synchronized MessageLite newKey( + com.google.crypto.tink.proto.KeyTemplate keyTemplate) throws GeneralSecurityException { KeyManager manager = getUntypedKeyManager(keyTemplate.getTypeUrl()); if (newKeyAllowedMap.get(keyTemplate.getTypeUrl()).booleanValue()) { return manager.newKey(keyTemplate.getValue()); @@ -778,7 +873,8 @@ public static synchronized MessageLite newKey(String typeUrl, MessageLite format * *

      This functions ignores {@code keyTemplate.getOutputPrefix()}. */ - static synchronized KeyData deriveKey(KeyTemplate keyTemplate, InputStream randomStream) + static synchronized KeyData deriveKey( + com.google.crypto.tink.proto.KeyTemplate keyTemplate, InputStream randomStream) throws GeneralSecurityException { String typeUrl = keyTemplate.getTypeUrl(); if (!keyDeriverMap.containsKey(typeUrl)) { @@ -965,6 +1061,14 @@ public static

      P wrap(PrimitiveSet

      primitiveSet) return wrap(primitiveSet, primitiveSet.getPrimitiveClass()); } + /** + * Returns an immutable map of key templates and their names supported by registered key managers + * that are allowed to generate new keys. + */ + public static synchronized Map keyTemplates() { + return Collections.unmodifiableMap(keyTemplateMap); + } + /** * Returns the input primitive required when creating a {@code wrappedPrimitive}. * diff --git a/java_src/src/main/java/com/google/crypto/tink/aead/AesGcmKeyManager.java b/java_src/src/main/java/com/google/crypto/tink/aead/AesGcmKeyManager.java index dbcc1f6742..20e3fdad25 100644 --- a/java_src/src/main/java/com/google/crypto/tink/aead/AesGcmKeyManager.java +++ b/java_src/src/main/java/com/google/crypto/tink/aead/AesGcmKeyManager.java @@ -32,6 +32,9 @@ import java.io.IOException; import java.io.InputStream; import java.security.GeneralSecurityException; +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; /** * This key manager generates new {@code AesGcmKey} keys and produces new instances of {@code @@ -116,6 +119,16 @@ public AesGcmKey deriveKey(AesGcmKeyFormat format, InputStream inputStream) throw new GeneralSecurityException("Reading pseudorandomness failed", e); } } + + @Override + public Map> keyFormats() { + Map> result = new HashMap<>(); + result.put("AES128_GCM", createKeyFormat(16, KeyTemplate.OutputPrefixType.TINK)); + result.put("AES128_GCM_RAW", createKeyFormat(16, KeyTemplate.OutputPrefixType.RAW)); + result.put("AES256_GCM", createKeyFormat(32, KeyTemplate.OutputPrefixType.TINK)); + result.put("AES256_GCM_RAW", createKeyFormat(32, KeyTemplate.OutputPrefixType.RAW)); + return Collections.unmodifiableMap(result); + } }; } @@ -197,4 +210,10 @@ private static KeyTemplate createKeyTemplate( return KeyTemplate.create( new AesGcmKeyManager().getKeyType(), format.toByteArray(), prefixType); } + + private static KeyFactory.KeyFormat createKeyFormat( + int keySize, KeyTemplate.OutputPrefixType prefixType) { + AesGcmKeyFormat format = AesGcmKeyFormat.newBuilder().setKeySize(keySize).build(); + return new KeyFactory.KeyFormat<>(format, prefixType); + } } diff --git a/java_src/src/test/java/com/google/crypto/tink/RegistryTest.java b/java_src/src/test/java/com/google/crypto/tink/RegistryTest.java index 98e43c1f96..2624f4ff61 100644 --- a/java_src/src/test/java/com/google/crypto/tink/RegistryTest.java +++ b/java_src/src/test/java/com/google/crypto/tink/RegistryTest.java @@ -38,7 +38,6 @@ import com.google.crypto.tink.proto.KeyData; import com.google.crypto.tink.proto.KeyData.KeyMaterialType; import com.google.crypto.tink.proto.KeyStatusType; -import com.google.crypto.tink.proto.KeyTemplate; import com.google.crypto.tink.proto.Keyset; import com.google.crypto.tink.proto.OutputPrefixType; import com.google.crypto.tink.signature.SignatureKeyTemplates; @@ -56,6 +55,9 @@ import java.io.IOException; import java.io.InputStream; import java.security.GeneralSecurityException; +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; @@ -181,8 +183,7 @@ public void testGetKeyManager_shouldWorkHmac() throws Exception { @Test public void testGetKeyManager_legacy_wrongType_shouldThrowException() throws Exception { KeyManager wrongType = Registry.getKeyManager(MacConfig.HMAC_TYPE_URL); - KeyTemplate template = MacKeyTemplates.HMAC_SHA256_128BITTAG; - HmacKey hmacKey = (HmacKey) Registry.newKey(template); + HmacKey hmacKey = (HmacKey) Registry.newKey(MacKeyTemplates.HMAC_SHA256_128BITTAG); ClassCastException e = assertThrows( @@ -398,7 +399,7 @@ public void testGetPrimitive_AesGcm_shouldWork() throws Exception { @Test public void testGetPrimitive_legacy_Hmac_shouldWork() throws Exception { - KeyTemplate template = MacKeyTemplates.HMAC_SHA256_128BITTAG; + com.google.crypto.tink.proto.KeyTemplate template = MacKeyTemplates.HMAC_SHA256_128BITTAG; HmacKey hmacKey = (HmacKey) Registry.newKey(template); KeyData hmacKeyData = Registry.newKeyData(template); Mac mac = Registry.getPrimitive(hmacKeyData); @@ -413,7 +414,7 @@ public void testGetPrimitive_legacy_Hmac_shouldWork() throws Exception { @Test public void testGetPrimitive_Hmac_shouldWork() throws Exception { - KeyTemplate template = MacKeyTemplates.HMAC_SHA256_128BITTAG; + com.google.crypto.tink.proto.KeyTemplate template = MacKeyTemplates.HMAC_SHA256_128BITTAG; HmacKey hmacKey = (HmacKey) Registry.newKey(template); KeyData hmacKeyData = Registry.newKeyData(template); Mac mac = Registry.getPrimitive(hmacKeyData, Mac.class); @@ -520,8 +521,26 @@ public void testNewKeyData_keyTemplateClass_unregisteredTypeUrl_throwsException( assertThrows(GeneralSecurityException.class, () -> Registry.newKeyData(template)); } + private static Map> + createTestAesGcmKeyFormats() { + Map> formats = new HashMap<>(); + formats.put( + "TINK", + new KeyTypeManager.KeyFactory.KeyFormat<>( + AesGcmKeyFormat.newBuilder().setKeySize(16).build(), + KeyTemplate.OutputPrefixType.TINK)); + formats.put( + "RAW", + new KeyTypeManager.KeyFactory.KeyFormat<>( + AesGcmKeyFormat.newBuilder().setKeySize(32).build(), KeyTemplate.OutputPrefixType.RAW)); + return Collections.unmodifiableMap(formats); + } + /** Implementation of a KeyTypeManager for testing. */ private static class TestKeyTypeManager extends KeyTypeManager { + private Map> keyFormats = + createTestAesGcmKeyFormats(); + public TestKeyTypeManager() { super( AesGcmKey.class, @@ -539,6 +558,24 @@ public FakeAead getPrimitive(AesGcmKey key) { }); } + public TestKeyTypeManager(Map> keyFormats) { + super( + AesGcmKey.class, + new PrimitiveFactory(Aead.class) { + @Override + public Aead getPrimitive(AesGcmKey key) throws GeneralSecurityException { + return new AesGcmJce(key.getKeyValue().toByteArray()); + } + }, + new PrimitiveFactory(FakeAead.class) { + @Override + public FakeAead getPrimitive(AesGcmKey key) { + return new FakeAead(); + } + }); + this.keyFormats = keyFormats; + } + @Override public String getKeyType() { return "type.googleapis.com/google.crypto.tink.AesGcmKey"; @@ -606,6 +643,11 @@ public AesGcmKey deriveKey(AesGcmKeyFormat format, InputStream stream) .setVersion(getVersion()) .build(); } + + @Override + public Map> keyFormats() { + return keyFormats; + } }; } } @@ -616,6 +658,77 @@ public void testRegisterKeyTypeManager() throws Exception { Registry.registerKeyManager(new TestKeyTypeManager(), true); } + @Test + public void testRegisterKeyTypeManager_keyTemplates_works() throws Exception { + Registry.reset(); + assertThat(Registry.keyTemplates()).isEmpty(); + + Registry.registerKeyManager(new TestKeyTypeManager(), true); + + assertThat(Registry.keyTemplates()).hasSize(2); + + assertThat(Registry.keyTemplates()).containsKey("TINK"); + assertThat(Registry.keyTemplates().get("TINK").getTypeUrl()) + .isEqualTo(new TestKeyTypeManager().getKeyType()); + assertThat(Registry.keyTemplates().get("TINK").getOutputPrefixType()) + .isEqualTo(KeyTemplate.OutputPrefixType.TINK); + + assertThat(Registry.keyTemplates()).containsKey("RAW"); + assertThat(Registry.keyTemplates().get("RAW").getTypeUrl()) + .isEqualTo(new TestKeyTypeManager().getKeyType()); + assertThat(Registry.keyTemplates().get("RAW").getOutputPrefixType()) + .isEqualTo(KeyTemplate.OutputPrefixType.RAW); + } + + @Test + public void testRegisterKeyTypeManager_disallowedNewKey_keyTemplates_works() throws Exception { + Registry.reset(); + Registry.registerKeyManager(new TestKeyTypeManager(), false); + assertThat(Registry.keyTemplates()).isEmpty(); + } + + @Test + public void testRegisterKeyTypeManager_existingKeyManager_noNewKeyTemplate_works() + throws Exception { + Registry.reset(); + Registry.registerKeyManager(new TestKeyTypeManager(), true); + Registry.registerKeyManager(new TestKeyTypeManager(), true); + } + + @Test + public void testRegisterKeyTypeManager_existingKeyManager_newKeyTemplate_fails() + throws Exception { + Registry.reset(); + Registry.registerKeyManager(new TestKeyTypeManager(), true); + + Map> formats = new HashMap<>(); + formats.put( + "NEW_KEY_TEMPLATE_NAME", + new KeyTypeManager.KeyFactory.KeyFormat<>( + AesGcmKeyFormat.newBuilder().setKeySize(16).build(), + KeyTemplate.OutputPrefixType.TINK)); + + assertThrows( + GeneralSecurityException.class, + () -> Registry.registerKeyManager(new TestKeyTypeManager(formats), true)); + } + + @Test + public void testRegisterKeyTypeManager_newKeyManager_existingKeyTemplate_fails() + throws Exception { + Registry.reset(); + Registry.registerKeyManager(new TestKeyTypeManager(), true); + + TestKeyTypeManager manager = + new TestKeyTypeManager() { + @Override + public String getKeyType() { + return "blah"; + } + }; + assertThrows(GeneralSecurityException.class, () -> Registry.registerKeyManager(manager, true)); + } + @Test public void testRegisterKeyTypeManager_getKeyManagerAead_works() throws Exception { Registry.reset(); @@ -735,11 +848,12 @@ public void testDeriveKey_succeeds() throws Exception { Registry.reset(); Registry.registerKeyManager(new TestKeyTypeManager(), true); AesGcmKeyFormat format = AesGcmKeyFormat.newBuilder().setKeySize(16).build(); - KeyTemplate template = KeyTemplate.newBuilder() - .setValue(format.toByteString()) - .setTypeUrl(new TestKeyTypeManager().getKeyType()) - .setOutputPrefixType(OutputPrefixType.TINK) - .build(); + com.google.crypto.tink.proto.KeyTemplate template = + com.google.crypto.tink.proto.KeyTemplate.newBuilder() + .setValue(format.toByteString()) + .setTypeUrl(new TestKeyTypeManager().getKeyType()) + .setOutputPrefixType(OutputPrefixType.TINK) + .build(); byte[] keyMaterial = Random.randBytes(100); KeyData keyData = Registry.deriveKey(template, new ByteArrayInputStream(keyMaterial)); @@ -758,11 +872,12 @@ public void testDeriveKey_wrongKeySize_validateThrows() throws Exception { Registry.reset(); Registry.registerKeyManager(new TestKeyTypeManager(), true); AesGcmKeyFormat format = AesGcmKeyFormat.newBuilder().setKeySize(32).build(); - KeyTemplate template = KeyTemplate.newBuilder() - .setValue(format.toByteString()) - .setTypeUrl(new TestKeyTypeManager().getKeyType()) - .setOutputPrefixType(OutputPrefixType.TINK) - .build(); + com.google.crypto.tink.proto.KeyTemplate template = + com.google.crypto.tink.proto.KeyTemplate.newBuilder() + .setValue(format.toByteString()) + .setTypeUrl(new TestKeyTypeManager().getKeyType()) + .setOutputPrefixType(OutputPrefixType.TINK) + .build(); ByteArrayInputStream emptyInput = new ByteArrayInputStream(new byte[0]); GeneralSecurityException e = assertThrows( @@ -773,8 +888,8 @@ public void testDeriveKey_wrongKeySize_validateThrows() throws Exception { @Test public void testDeriveKey_inexistantKeyMananger_throws() throws Exception { Registry.reset(); - KeyTemplate template = - KeyTemplate.newBuilder() + com.google.crypto.tink.proto.KeyTemplate template = + com.google.crypto.tink.proto.KeyTemplate.newBuilder() .setValue(AesGcmKeyFormat.getDefaultInstance().toByteString()) .setTypeUrl(new TestKeyTypeManager().getKeyType()) .setOutputPrefixType(OutputPrefixType.TINK) @@ -841,6 +956,20 @@ private static class PrivatePrimitiveA {} private static class PrivatePrimitiveB {} + private static Map> + createTestEd25519KeyFormats() { + Map> formats = new HashMap<>(); + formats.put( + "TINK", + new KeyTypeManager.KeyFactory.KeyFormat<>( + Ed25519KeyFormat.getDefaultInstance(), KeyTemplate.OutputPrefixType.TINK)); + formats.put( + "RAW", + new KeyTypeManager.KeyFactory.KeyFormat<>( + Ed25519KeyFormat.getDefaultInstance(), KeyTemplate.OutputPrefixType.RAW)); + return Collections.unmodifiableMap(formats); + } + private static class TestPrivateKeyTypeManager extends PrivateKeyTypeManager { public TestPrivateKeyTypeManager() { @@ -895,11 +1024,134 @@ public Ed25519PublicKey getPublicKey(Ed25519PrivateKey privateKey) { } } + private static class TestPrivateKeyTypeManagerWithKeyFactory extends TestPrivateKeyTypeManager { + private Map> keyFormats = + createTestEd25519KeyFormats(); + + public TestPrivateKeyTypeManagerWithKeyFactory() { + super(); + } + + public TestPrivateKeyTypeManagerWithKeyFactory( + Map> keyFormats) { + super(); + this.keyFormats = keyFormats; + } + + @Override + public KeyFactory keyFactory() { + return new KeyFactory(Ed25519KeyFormat.class) { + @Override + public void validateKeyFormat(Ed25519KeyFormat format) throws GeneralSecurityException {} + + @Override + public Ed25519KeyFormat parseKeyFormat(ByteString byteString) + throws InvalidProtocolBufferException { + return Ed25519KeyFormat.parseFrom(byteString, ExtensionRegistryLite.getEmptyRegistry()); + } + + @Override + public Ed25519PrivateKey createKey(Ed25519KeyFormat format) + throws GeneralSecurityException { + return Ed25519PrivateKey.newBuilder() + .setKeyValue(ByteString.copyFrom("created", UTF_8)) + .build(); + } + + @Override + public Ed25519PrivateKey deriveKey(Ed25519KeyFormat format, InputStream inputStream) + throws GeneralSecurityException { + return Ed25519PrivateKey.newBuilder() + .setKeyValue(ByteString.copyFrom("derived", UTF_8)) + .build(); + } + + @Override + public Map> keyFormats() { + return keyFormats; + } + }; + } + } + @Test public void testRegisterAssymmetricKeyManagers() throws Exception { Registry.reset(); Registry.registerAsymmetricKeyManagers( - new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true); + new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false); + } + + @Test + public void testRegisterAssymmetricKeyManagers_keyTemplates_works() throws Exception { + Registry.reset(); + assertThat(Registry.keyTemplates()).isEmpty(); + + Registry.registerKeyManager(new TestPrivateKeyTypeManagerWithKeyFactory(), true); + + assertThat(Registry.keyTemplates()).hasSize(2); + + assertThat(Registry.keyTemplates()).containsKey("TINK"); + assertThat(Registry.keyTemplates().get("TINK").getTypeUrl()) + .isEqualTo(new TestPrivateKeyTypeManagerWithKeyFactory().getKeyType()); + assertThat(Registry.keyTemplates().get("TINK").getOutputPrefixType()) + .isEqualTo(KeyTemplate.OutputPrefixType.TINK); + + assertThat(Registry.keyTemplates()).containsKey("RAW"); + assertThat(Registry.keyTemplates().get("RAW").getTypeUrl()) + .isEqualTo(new TestPrivateKeyTypeManagerWithKeyFactory().getKeyType()); + assertThat(Registry.keyTemplates().get("RAW").getOutputPrefixType()) + .isEqualTo(KeyTemplate.OutputPrefixType.RAW); + } + + @Test + public void testRegisterAssymmetricKeyManagers_disallowedNewKey_keyTemplates_works() + throws Exception { + Registry.reset(); + Registry.registerKeyManager(new TestPrivateKeyTypeManagerWithKeyFactory(), false); + assertThat(Registry.keyTemplates()).isEmpty(); + } + + @Test + public void testRegisterAssymmetricKeyManagers_existingKeyManager_noNewKeyTemplate_works() + throws Exception { + Registry.reset(); + Registry.registerKeyManager(new TestPrivateKeyTypeManagerWithKeyFactory(), true); + Registry.registerKeyManager(new TestPrivateKeyTypeManagerWithKeyFactory(), true); + } + + @Test + public void testRegisterAssymmetricKeyManagers_existingKeyManager_newKeyTemplate_fails() + throws Exception { + Registry.reset(); + Registry.registerKeyManager(new TestPrivateKeyTypeManagerWithKeyFactory(), true); + + Map> formats = new HashMap<>(); + formats.put( + "NEW_KEY_TEMPLATE_NAME", + new KeyTypeManager.KeyFactory.KeyFormat<>( + Ed25519KeyFormat.getDefaultInstance(), KeyTemplate.OutputPrefixType.TINK)); + + assertThrows( + GeneralSecurityException.class, + () -> + Registry.registerKeyManager( + new TestPrivateKeyTypeManagerWithKeyFactory(formats), true)); + } + + @Test + public void testRegisterAssymmetricKeyManagers_newKeyManager_existingKeyTemplate_fails() + throws Exception { + Registry.reset(); + Registry.registerKeyManager(new TestPrivateKeyTypeManagerWithKeyFactory(), true); + + TestPrivateKeyTypeManagerWithKeyFactory manager = + new TestPrivateKeyTypeManagerWithKeyFactory() { + @Override + public String getKeyType() { + return "blah"; + } + }; + assertThrows(GeneralSecurityException.class, () -> Registry.registerKeyManager(manager, true)); } @Test @@ -907,7 +1159,7 @@ public void testRegisterAssymmetricKeyManagers_getPrivateKeyManagerPrimitiveA_wo throws Exception { Registry.reset(); Registry.registerAsymmetricKeyManagers( - new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true); + new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false); KeyManager km = Registry.getKeyManager( new TestPrivateKeyTypeManager().getKeyType(), PrivatePrimitiveA.class); @@ -919,7 +1171,7 @@ public void testRegisterAssymmetricKeyManagers_getPrivateKeyManagerPrimitiveB_wo throws Exception { Registry.reset(); Registry.registerAsymmetricKeyManagers( - new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true); + new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false); KeyManager km = Registry.getKeyManager( new TestPrivateKeyTypeManager().getKeyType(), PrivatePrimitiveB.class); @@ -931,7 +1183,7 @@ public void testRegisterAssymmetricKeyManagers_getPrivateKeyManagerPublicA_works throws Exception { Registry.reset(); Registry.registerAsymmetricKeyManagers( - new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true); + new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false); KeyManager km = Registry.getKeyManager(new TestPublicKeyTypeManager().getKeyType(), PublicPrimitiveA.class); assertThat(km.getKeyType()).isEqualTo(new TestPublicKeyTypeManager().getKeyType()); @@ -942,7 +1194,7 @@ public void testRegisterAssymmetricKeyManagers_getPrivateKeyManagerPublicB_works throws Exception { Registry.reset(); Registry.registerAsymmetricKeyManagers( - new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true); + new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false); KeyManager km = Registry.getKeyManager(new TestPublicKeyTypeManager().getKeyType(), PublicPrimitiveB.class); assertThat(km.getKeyType()).isEqualTo(new TestPublicKeyTypeManager().getKeyType()); @@ -953,7 +1205,7 @@ public void testRegisterAssymmetricKeyManagers_getPrivateKeyManagerWrongPrimitiv throws Exception { Registry.reset(); Registry.registerAsymmetricKeyManagers( - new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true); + new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false); GeneralSecurityException e = assertThrows( GeneralSecurityException.class, @@ -968,7 +1220,7 @@ public void testRegisterAssymmetricKeyManagers_getPublicKeyManagerWrongPrimitive throws Exception { Registry.reset(); Registry.registerAsymmetricKeyManagers( - new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true); + new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false); GeneralSecurityException e = assertThrows( GeneralSecurityException.class, @@ -985,7 +1237,7 @@ public void testRegisterAssymmetricKeyManagers_getUntypedPrivateKeyManager_retur throws Exception { Registry.reset(); Registry.registerAsymmetricKeyManagers( - new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true); + new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false); KeyManager km = Registry.getUntypedKeyManager(new TestPrivateKeyTypeManager().getKeyType()); assertThat(km.getPrimitiveClass()).isEqualTo(PrivatePrimitiveA.class); } @@ -997,32 +1249,44 @@ public void testRegisterAssymmetricKeyManagers_getUntypedPublicKeyManager_return throws Exception { Registry.reset(); Registry.registerAsymmetricKeyManagers( - new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true); + new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false); KeyManager km = Registry.getUntypedKeyManager(new TestPublicKeyTypeManager().getKeyType()); assertThat(km.getPrimitiveClass()).isEqualTo(PublicPrimitiveA.class); } + @Test + public void testRegisterAssymmetricKeyManagers_newKeyAllowed_withoutKeyFactory_fails() + throws Exception { + Registry.reset(); + assertThrows( + UnsupportedOperationException.class, + () -> + Registry.registerAsymmetricKeyManagers( + new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true)); + } + @Test public void testRegisterAssymmetricKeyManagers_MoreRestrictedNewKeyAllowed_shouldWork() throws Exception { Registry.reset(); + Registry.registerAsymmetricKeyManagers( - new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true); + new TestPrivateKeyTypeManagerWithKeyFactory(), new TestPublicKeyTypeManager(), true); Registry.registerAsymmetricKeyManagers( - new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false); + new TestPrivateKeyTypeManagerWithKeyFactory(), new TestPublicKeyTypeManager(), false); } @Test public void testRegisterAssymmetricKeyManagers_SameNewKeyAllowed_shouldWork() throws Exception { Registry.reset(); Registry.registerAsymmetricKeyManagers( - new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true); + new TestPrivateKeyTypeManagerWithKeyFactory(), new TestPublicKeyTypeManager(), true); Registry.registerAsymmetricKeyManagers( - new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true); + new TestPrivateKeyTypeManagerWithKeyFactory(), new TestPublicKeyTypeManager(), true); Registry.registerAsymmetricKeyManagers( - new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false); + new TestPrivateKeyTypeManagerWithKeyFactory(), new TestPublicKeyTypeManager(), false); Registry.registerAsymmetricKeyManagers( - new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false); + new TestPrivateKeyTypeManagerWithKeyFactory(), new TestPublicKeyTypeManager(), false); } @Test @@ -1030,12 +1294,14 @@ public void testRegisterAssymmetricKeyManagers_LessRestrictedNewKeyAllowed_throw throws Exception { Registry.reset(); Registry.registerAsymmetricKeyManagers( - new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false); + new TestPrivateKeyTypeManagerWithKeyFactory(), new TestPublicKeyTypeManager(), false); assertThrows( GeneralSecurityException.class, () -> Registry.registerAsymmetricKeyManagers( - new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true)); + new TestPrivateKeyTypeManagerWithKeyFactory(), + new TestPublicKeyTypeManager(), + true)); } @Test @@ -1044,7 +1310,7 @@ public void testRegisterAssymmetricKeyManagers_PublicKeyManagerCanBeRegisteredAl Registry.reset(); Registry.registerKeyManager(new TestPublicKeyTypeManager(), false); Registry.registerAsymmetricKeyManagers( - new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true); + new TestPrivateKeyTypeManagerWithKeyFactory(), new TestPublicKeyTypeManager(), true); Registry.registerKeyManager(new TestPublicKeyTypeManager(), false); } @@ -1054,7 +1320,7 @@ public void testRegisterAssymmetricKeyManagers_PublicKeyManagerReRegister_getPub Registry.reset(); Registry.registerKeyManager(new TestPublicKeyTypeManager(), false); Registry.registerAsymmetricKeyManagers( - new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true); + new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false); Registry.registerKeyManager(new TestPublicKeyTypeManager(), false); // Check that getPublicKeyData works now. @@ -1080,12 +1346,12 @@ public void testRegisterAssymmetricKeyManagers_DifferentClassPrivateKey_throws() throws Exception { Registry.reset(); Registry.registerAsymmetricKeyManagers( - new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true); + new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false); assertThrows( GeneralSecurityException.class, () -> Registry.registerAsymmetricKeyManagers( - new TestPrivateKeyTypeManager() {}, new TestPublicKeyTypeManager(), true)); + new TestPrivateKeyTypeManager() {}, new TestPublicKeyTypeManager(), false)); } @Test @@ -1093,13 +1359,13 @@ public void testRegisterAssymmetricKeyManagers_DifferentClassPublicKey_throws() throws Exception { Registry.reset(); Registry.registerAsymmetricKeyManagers( - new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true); + new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false); assertThrows( GeneralSecurityException.class, () -> Registry.registerAsymmetricKeyManagers( // Note: due to the {} this is a subclass of TestPublicKeyTypeManager. - new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager() {}, true)); + new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager() {}, false)); } @Test @@ -1107,11 +1373,11 @@ public void testRegisterAssymmetricKeyManagers_thenNormalRegister_throws() throws Exception { Registry.reset(); Registry.registerAsymmetricKeyManagers( - new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true); + new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false); assertThrows( GeneralSecurityException.class, // Note: due to the {} this is a subclass of TestPublicKeyTypeManager. - () -> Registry.registerKeyManager(new TestPrivateKeyTypeManager() {}, true)); + () -> Registry.registerKeyManager(new TestPrivateKeyTypeManager() {}, false)); } @Test @@ -1119,11 +1385,11 @@ public void testRegisterAssymmetricKeyManagers_thenNormalRegisterForPublic_throw throws Exception { Registry.reset(); Registry.registerAsymmetricKeyManagers( - new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true); + new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false); assertThrows( GeneralSecurityException.class, // Note: due to the {} this is a subclass of TestPublicKeyTypeManager. - () -> Registry.registerKeyManager(new TestPublicKeyTypeManager() {}, true)); + () -> Registry.registerKeyManager(new TestPublicKeyTypeManager() {}, false)); } @Test @@ -1131,7 +1397,7 @@ public void testRegisterAssymmetricKeyManagers_ThrowsWithDifferentPublicKeyManag throws Exception { Registry.reset(); Registry.registerAsymmetricKeyManagers( - new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true); + new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false); GeneralSecurityException e = assertThrows( GeneralSecurityException.class, @@ -1144,7 +1410,7 @@ public String getKeyType() { return "bla"; } }, - true)); + false)); assertExceptionContains(e, "public key manager corresponding to"); } @@ -1152,9 +1418,9 @@ public String getKeyType() { public void testAsymmetricKeyManagers_deriveKey_withoutKeyFactory() throws Exception { Registry.reset(); Registry.registerAsymmetricKeyManagers( - new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), true); - KeyTemplate template = - KeyTemplate.newBuilder() + new TestPrivateKeyTypeManager(), new TestPublicKeyTypeManager(), false); + com.google.crypto.tink.proto.KeyTemplate template = + com.google.crypto.tink.proto.KeyTemplate.newBuilder() .setValue(Ed25519KeyFormat.getDefaultInstance().toByteString()) .setTypeUrl(new TestPrivateKeyTypeManager().getKeyType()) .setOutputPrefixType(OutputPrefixType.TINK) @@ -1167,49 +1433,15 @@ public void testAsymmetricKeyManagers_deriveKey_withoutKeyFactory() throws Excep @Test public void testAsymmetricKeyManagers_deriveKey() throws Exception { - TestPrivateKeyTypeManager testPrivateKeyTypeManagerWithDeriveKey = - new TestPrivateKeyTypeManager() { - @Override - public KeyFactory keyFactory() { - return new KeyFactory(Ed25519KeyFormat.class) { - @Override - public void validateKeyFormat(Ed25519KeyFormat format) - throws GeneralSecurityException {} - - @Override - public Ed25519KeyFormat parseKeyFormat(ByteString byteString) - throws InvalidProtocolBufferException { - return Ed25519KeyFormat.parseFrom( - byteString, ExtensionRegistryLite.getEmptyRegistry()); - } - - @Override - public Ed25519PrivateKey createKey(Ed25519KeyFormat format) - throws GeneralSecurityException { - return Ed25519PrivateKey.newBuilder() - .setKeyValue(ByteString.copyFrom("created", UTF_8)) - .build(); - } - - @Override - public Ed25519PrivateKey deriveKey(Ed25519KeyFormat format, InputStream inputStream) - throws GeneralSecurityException { - return Ed25519PrivateKey.newBuilder() - .setKeyValue(ByteString.copyFrom("derived", UTF_8)) - .build(); - } - }; - } - }; - Registry.reset(); Registry.registerAsymmetricKeyManagers( - testPrivateKeyTypeManagerWithDeriveKey, new TestPublicKeyTypeManager(), true); - KeyTemplate template = KeyTemplate.newBuilder() - .setValue(Ed25519KeyFormat.getDefaultInstance().toByteString()) - .setTypeUrl(testPrivateKeyTypeManagerWithDeriveKey.getKeyType()) - .setOutputPrefixType(OutputPrefixType.TINK) - .build(); + new TestPrivateKeyTypeManagerWithKeyFactory(), new TestPublicKeyTypeManager(), true); + com.google.crypto.tink.proto.KeyTemplate template = + com.google.crypto.tink.proto.KeyTemplate.newBuilder() + .setValue(Ed25519KeyFormat.getDefaultInstance().toByteString()) + .setTypeUrl(new TestPrivateKeyTypeManagerWithKeyFactory().getKeyType()) + .setOutputPrefixType(OutputPrefixType.TINK) + .build(); KeyData keyData = Registry.deriveKey(template, new ByteArrayInputStream(new byte[0])); Ed25519PrivateKey key = diff --git a/java_src/src/test/java/com/google/crypto/tink/aead/AesGcmKeyManagerTest.java b/java_src/src/test/java/com/google/crypto/tink/aead/AesGcmKeyManagerTest.java index e7fe7bab36..9e1ed5580a 100644 --- a/java_src/src/test/java/com/google/crypto/tink/aead/AesGcmKeyManagerTest.java +++ b/java_src/src/test/java/com/google/crypto/tink/aead/AesGcmKeyManagerTest.java @@ -465,4 +465,13 @@ public void testKeyTemplateAndManagerCompatibility() throws Exception { testKeyTemplateCompatible(manager, AesGcmKeyManager.aes256GcmTemplate()); testKeyTemplateCompatible(manager, AesGcmKeyManager.rawAes256GcmTemplate()); } + + @Test + public void testKeyFormats() throws Exception { + factory.validateKeyFormat(factory.keyFormats().get("AES128_GCM").keyFormat); + factory.validateKeyFormat(factory.keyFormats().get("AES128_GCM_RAW").keyFormat); + + factory.validateKeyFormat(factory.keyFormats().get("AES256_GCM").keyFormat); + factory.validateKeyFormat(factory.keyFormats().get("AES256_GCM_RAW").keyFormat); + } } diff --git a/java_src/src/test/java/com/google/crypto/tink/aead/BUILD.bazel b/java_src/src/test/java/com/google/crypto/tink/aead/BUILD.bazel index 30545b865f..a17d1e68bb 100644 --- a/java_src/src/test/java/com/google/crypto/tink/aead/BUILD.bazel +++ b/java_src/src/test/java/com/google/crypto/tink/aead/BUILD.bazel @@ -117,6 +117,7 @@ java_test( "@com_google_protobuf//:protobuf_javalite", "@maven//:com_google_truth_truth", "@maven//:junit_junit", + "@maven//:pl_pragmatists_JUnitParams", ], )