Make X-AES-GCM Predefined Parameter naming consistent with the [C2SP](h…

…ttps://github.com/C2SP/C2SP/blob/main/XAES-256-GCM.md) Spec PiperOrigin-RevId: 700114924 Change-Id: I8b95c61f62e2dfec0696e7311452254c1e7aa7d7
tink-crypto · Nov 25, 2024 · 09514dc · 09514dc
1 parent 5aba71e
commit 09514dc
Show file tree

Hide file tree

Showing 6 changed files with 80 additions and 13 deletions.
diff --git a/src/main/java/com/google/crypto/tink/aead/PredefinedAeadParameters.java b/src/main/java/com/google/crypto/tink/aead/PredefinedAeadParameters.java
@@ -18,6 +18,7 @@
 
 import static com.google.crypto.tink.internal.TinkBugException.exceptionIsBug;
 
+
 /**
  * Pre-generated {@link com.google.crypto.tink.Parameters} objects for creating new instances of
  * {@link AeadKey}.
@@ -169,25 +170,65 @@ public final class PredefinedAeadParameters {
   public static final XChaCha20Poly1305Parameters XCHACHA20_POLY1305 =
       XChaCha20Poly1305Parameters.create(XChaCha20Poly1305Parameters.Variant.TINK);
 
+  /**
+   * A {@link com.google.crypto.tink.Parameters} object for generating new instances of {@link
+   * XAesGcmKey}. This follows the algorithm defined in the <a
+   * href="https://github.com/C2SP/C2SP/blob/main/XAES-256-GCM.md">XAES-256-GCM specification</a>
+   *
+   * <ul>
+   *   <li>Key size: 32 bytes
+   *   <li>Nonce size: 24 bytes (12 bytes of salt, 12 bytes of AES-GCM IV)
+   *   <li>Salt size: 12 bytes
+   *   <li>Tag size: 16 bytes
+   *   <li>Output prefix: TINK
+   * </ul>
+   */
+  public static final XAesGcmParameters XAES_256_GCM_192_BIT_NONCE =
+      exceptionIsBug(
+          () -> XAesGcmParameters.create(XAesGcmParameters.Variant.TINK, /* saltSizeBytes= */ 12));
+
+  /**
+   * A {@link com.google.crypto.tink.Parameters} object for generating new instances of {@link
+   * XAesGcmKey}. This follows the algorithm defined in the <a
+   * href="https://github.com/C2SP/C2SP/blob/main/XAES-256-GCM.md">XAES-256-GCM specification</a>
+   *
+   * <ul>
+   *   <li>Key size: 32 bytes
+   *   <li>Nonce size: 24 bytes (12 bytes of salt, 12 bytes of AES-GCM IV)
+   *   <li>Salt size: 12 bytes
+   *   <li>Tag size: 16 bytes
+   *   <li>Output prefix: NO_PREFIX
+   * </ul>
+   */
+  public static final XAesGcmParameters XAES_256_GCM_192_BIT_NONCE_NO_PREFIX =
+      exceptionIsBug(
+          () ->
+              XAesGcmParameters.create(
+                  XAesGcmParameters.Variant.NO_PREFIX, /* saltSizeBytes= */ 12));
+
   /**
    * A {@link com.google.crypto.tink.Parameters} object for generating new instances of {@link
    * XAesGcmKey}. This follows the algorithm defined in the <a
    * href="https://github.com/C2SP/C2SP/blob/main/XAES-256-GCM.md">XAES-256-GCM specification</a>,
-   * except that the salt is 8 bytes instead of 12 bytes.
+   * except that the nonce size is 160 bits instead of 192 bits. The remaining 4 bytes are padded
+   * with zeros.
    *
    * <ul>
    *   <li>Key size: 32 bytes
-   *   <li>IV size: 20 bytes (8 bytes of salt, 12 bytes of AES-GCM IV)
+   *   <li>Nonce size: 20 bytes (8 bytes of salt, 12 bytes of AES-GCM IV)
    *   <li>Salt size: 8 bytes
    *   <li>Tag size: 16 bytes
-   *   <li>Output prefix: None
+   *   <li>Output prefix: NO_PREFIX
    * </ul>
    */
-  public static final XAesGcmParameters X_AES_GCM_8_BYTE_SALT_NO_PREFIX =
+  public static final XAesGcmParameters XAES_256_GCM_160_BIT_NONCE_NO_PREFIX =
       exceptionIsBug(
           () ->
               XAesGcmParameters.create(
                   XAesGcmParameters.Variant.NO_PREFIX, /* saltSizeBytes= */ 8));
 
+  public static final XAesGcmParameters X_AES_GCM_8_BYTE_SALT_NO_PREFIX =
+      XAES_256_GCM_160_BIT_NONCE_NO_PREFIX;
+
   private PredefinedAeadParameters() {}
 }
diff --git a/src/main/java/com/google/crypto/tink/aead/XAesGcmKeyManager.java b/src/main/java/com/google/crypto/tink/aead/XAesGcmKeyManager.java
@@ -44,6 +44,13 @@ public final class XAesGcmKeyManager {
 
   private static Map<String, Parameters> namedParameters() {
     Map<String, Parameters> result = new HashMap<>();
+    result.put("XAES_256_GCM_192_BIT_NONCE", PredefinedAeadParameters.XAES_256_GCM_192_BIT_NONCE);
+    result.put(
+        "XAES_256_GCM_192_BIT_NONCE_NO_PREFIX",
+        PredefinedAeadParameters.XAES_256_GCM_192_BIT_NONCE_NO_PREFIX);
+    result.put(
+        "XAES_256_GCM_160_BIT_NONCE_NO_PREFIX",
+        PredefinedAeadParameters.XAES_256_GCM_160_BIT_NONCE_NO_PREFIX);
     result.put(
         "X_AES_GCM_8_BYTE_SALT_NO_PREFIX",
         PredefinedAeadParameters.X_AES_GCM_8_BYTE_SALT_NO_PREFIX);

diff --git a/src/test/java/com/google/crypto/tink/KeyTemplatesAsParametersTest.java b/src/test/java/com/google/crypto/tink/KeyTemplatesAsParametersTest.java
@@ -170,10 +170,21 @@ private static final List<Pair> createTemplates() throws GeneralSecurityExceptio
         new Pair(
             "XCHACHA20_POLY1305_RAW",
             XChaCha20Poly1305Parameters.create(XChaCha20Poly1305Parameters.Variant.NO_PREFIX)));
+    result.add(
+        new Pair(
+            "XAES_256_GCM_192_BIT_NONCE", PredefinedAeadParameters.XAES_256_GCM_192_BIT_NONCE));
+    result.add(
+        new Pair(
+            "XAES_256_GCM_192_BIT_NONCE_NO_PREFIX",
+            PredefinedAeadParameters.XAES_256_GCM_192_BIT_NONCE_NO_PREFIX));
+    result.add(
+        new Pair(
+            "XAES_256_GCM_160_BIT_NONCE_NO_PREFIX",
+            PredefinedAeadParameters.XAES_256_GCM_160_BIT_NONCE_NO_PREFIX));
     result.add(
         new Pair(
             "X_AES_GCM_8_BYTE_SALT_NO_PREFIX",
-            PredefinedAeadParameters.X_AES_GCM_8_BYTE_SALT_NO_PREFIX));
+            PredefinedAeadParameters.XAES_256_GCM_160_BIT_NONCE_NO_PREFIX));
     // Mac
     result.add(new Pair("HMAC_SHA256_128BITTAG", PredefinedMacParameters.HMAC_SHA256_128BITTAG));
     result.add(

diff --git a/src/test/java/com/google/crypto/tink/aead/AeadConfigTest.java b/src/test/java/com/google/crypto/tink/aead/AeadConfigTest.java
@@ -49,8 +49,9 @@ public void withoutFips_allAeadKeyTypesAreRegistered() throws Exception {
     assertNotNull(KeysetHandle.generateNew(PredefinedAeadParameters.AES128_EAX));
     assertNotNull(KeysetHandle.generateNew(PredefinedAeadParameters.CHACHA20_POLY1305));
     assertNotNull(KeysetHandle.generateNew(PredefinedAeadParameters.XCHACHA20_POLY1305));
+    assertNotNull(KeysetHandle.generateNew(PredefinedAeadParameters.XAES_256_GCM_192_BIT_NONCE));
     assertNotNull(
-        KeysetHandle.generateNew(PredefinedAeadParameters.X_AES_GCM_8_BYTE_SALT_NO_PREFIX));
+        KeysetHandle.generateNew(PredefinedAeadParameters.XAES_256_GCM_160_BIT_NONCE_NO_PREFIX));
   }
 
   @Test
@@ -83,6 +84,9 @@ public void withFips_nonFipsKeyTypesAreNotRegistered() throws Exception {
     assertThrows(
         GeneralSecurityException.class,
         () -> KeysetHandle.generateNew(PredefinedAeadParameters.XCHACHA20_POLY1305));
+    assertThrows(
+        GeneralSecurityException.class,
+        () -> KeysetHandle.generateNew(PredefinedAeadParameters.XAES_256_GCM_192_BIT_NONCE));
     assertThrows(
         GeneralSecurityException.class,
         () -> KeysetHandle.generateNew(PredefinedAeadParameters.X_AES_GCM_8_BYTE_SALT_NO_PREFIX));

diff --git a/src/test/java/com/google/crypto/tink/aead/PredefinedAeadParametersTest.java b/src/test/java/com/google/crypto/tink/aead/PredefinedAeadParametersTest.java
@@ -45,7 +45,8 @@ public static void setUp() throws Exception {
         PredefinedAeadParameters.AES128_CTR_HMAC_SHA256,
         PredefinedAeadParameters.AES256_CTR_HMAC_SHA256,
         PredefinedAeadParameters.CHACHA20_POLY1305,
-        PredefinedAeadParameters.XCHACHA20_POLY1305
+        PredefinedAeadParameters.XCHACHA20_POLY1305,
+        PredefinedAeadParameters.XAES_256_GCM_192_BIT_NONCE,
       };
 
   @Theory
@@ -65,6 +66,9 @@ public void testNotNull() {
     assertThat(PredefinedAeadParameters.AES256_CTR_HMAC_SHA256).isNotNull();
     assertThat(PredefinedAeadParameters.CHACHA20_POLY1305).isNotNull();
     assertThat(PredefinedAeadParameters.XCHACHA20_POLY1305).isNotNull();
+    assertThat(PredefinedAeadParameters.XAES_256_GCM_192_BIT_NONCE).isNotNull();
+    assertThat(PredefinedAeadParameters.XAES_256_GCM_192_BIT_NONCE_NO_PREFIX).isNotNull();
+    assertThat(PredefinedAeadParameters.XAES_256_GCM_160_BIT_NONCE_NO_PREFIX).isNotNull();
     assertThat(PredefinedAeadParameters.X_AES_GCM_8_BYTE_SALT_NO_PREFIX).isNotNull();
   }
 }
diff --git a/src/test/java/com/google/crypto/tink/aead/XAesGcmKeyManagerTest.java b/src/test/java/com/google/crypto/tink/aead/XAesGcmKeyManagerTest.java
@@ -45,19 +45,19 @@ public static void setUp() throws Exception {
   @Test
   public void xAesGcmKeyTypeIsRegistered() throws Exception {
     assertNotNull(
-        KeysetHandle.generateNew(PredefinedAeadParameters.X_AES_GCM_8_BYTE_SALT_NO_PREFIX));
+        KeysetHandle.generateNew(PredefinedAeadParameters.XAES_256_GCM_160_BIT_NONCE_NO_PREFIX));
   }
 
   @Test
   public void xAesGcmKeyCreator_generatesNewKey() throws Exception {
     XAesGcmKey key1 =
         (XAesGcmKey)
-            KeysetHandle.generateNew(PredefinedAeadParameters.X_AES_GCM_8_BYTE_SALT_NO_PREFIX)
+            KeysetHandle.generateNew(PredefinedAeadParameters.XAES_256_GCM_160_BIT_NONCE_NO_PREFIX)
                 .getPrimary()
                 .getKey();
     XAesGcmKey key2 =
         (XAesGcmKey)
-            KeysetHandle.generateNew(PredefinedAeadParameters.X_AES_GCM_8_BYTE_SALT_NO_PREFIX)
+            KeysetHandle.generateNew(PredefinedAeadParameters.XAES_256_GCM_160_BIT_NONCE_NO_PREFIX)
                 .getPrimary()
                 .getKey();
 
@@ -69,7 +69,7 @@ public void xAesGcmKeyNamesTemplates_areRegistered() throws Exception {
     assertNotNull(
         KeysetHandle.newBuilder()
             .addEntry(
-                KeysetHandle.generateEntryFromParametersName("X_AES_GCM_8_BYTE_SALT_NO_PREFIX")
+                KeysetHandle.generateEntryFromParametersName("XAES_256_GCM_160_BIT_NONCE_NO_PREFIX")
                     .withRandomId()
                     .makePrimary())
             .build());
@@ -78,7 +78,7 @@ public void xAesGcmKeyNamesTemplates_areRegistered() throws Exception {
   @Test
   public void xAesGcmKeySerialization_isRegistered() throws Exception {
     KeysetHandle handle =
-        KeysetHandle.generateNew(PredefinedAeadParameters.X_AES_GCM_8_BYTE_SALT_NO_PREFIX);
+        KeysetHandle.generateNew(PredefinedAeadParameters.XAES_256_GCM_160_BIT_NONCE_NO_PREFIX);
     ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
     KeysetWriter keysetWriter = BinaryKeysetWriter.withOutputStream(outputStream);
     LegacyKeysetSerialization.serializeKeyset(handle, keysetWriter, InsecureSecretKeyAccess.get());
@@ -88,7 +88,7 @@ public void xAesGcmKeySerialization_isRegistered() throws Exception {
   public void xAesGcmPrimitiveCreation() throws Exception {
     AeadConfig.register();
     KeysetHandle handle =
-        KeysetHandle.generateNew(PredefinedAeadParameters.X_AES_GCM_8_BYTE_SALT_NO_PREFIX);
+        KeysetHandle.generateNew(PredefinedAeadParameters.XAES_256_GCM_160_BIT_NONCE_NO_PREFIX);
     Aead xAesGcm = handle.getPrimitive(RegistryConfiguration.get(), Aead.class);
     String plaintext = "plaintext";
     String associatedData = "associatedData";