Add AES-256-GCM key template with RAW output prefix.
PiperOrigin-RevId: 270099454
diff --git a/go/aead/aead_key_templates.go b/go/aead/aead_key_templates.go
index 3e26e98..dddd395 100644
--- a/go/aead/aead_key_templates.go
+++ b/go/aead/aead_key_templates.go
@@ -30,14 +30,23 @@
// AES128GCMKeyTemplate is a KeyTemplate that generates an AES-GCM key with the following parameters:
// - Key size: 16 bytes
+// - Output prefix type: TINK
func AES128GCMKeyTemplate() *tinkpb.KeyTemplate {
- return createAESGCMKeyTemplate(16)
+ return createAESGCMKeyTemplate(16, tinkpb.OutputPrefixType_TINK)
}
// AES256GCMKeyTemplate is a KeyTemplate that generates an AES-GCM key with the following parameters:
// - Key size: 32 bytes
+// - Output prefix type: TINK
func AES256GCMKeyTemplate() *tinkpb.KeyTemplate {
- return createAESGCMKeyTemplate(32)
+ return createAESGCMKeyTemplate(32, tinkpb.OutputPrefixType_TINK)
+}
+
+// AES256GCMNoPrefixKeyTemplate is a KeyTemplate that generates an AES-GCM key with the following parameters:
+// - Key size: 32 bytes
+// - Output prefix type: RAW
+func AES256GCMNoPrefixKeyTemplate() *tinkpb.KeyTemplate {
+ return createAESGCMKeyTemplate(32, tinkpb.OutputPrefixType_RAW)
}
// AES128CTRHMACSHA256KeyTemplate is a KeyTemplate that generates an AES-CTR-HMAC-AEAD key with the following parameters:
@@ -94,14 +103,15 @@
// createAESGCMKeyTemplate creates a new AES-GCM key template with the given key
// size in bytes.
-func createAESGCMKeyTemplate(keySize uint32) *tinkpb.KeyTemplate {
+func createAESGCMKeyTemplate(keySize uint32, outputPrefixType tinkpb.OutputPrefixType) *tinkpb.KeyTemplate {
format := &gcmpb.AesGcmKeyFormat{
KeySize: keySize,
}
serializedFormat, _ := proto.Marshal(format)
return &tinkpb.KeyTemplate{
- TypeUrl: aesGCMTypeURL,
- Value: serializedFormat,
+ TypeUrl: aesGCMTypeURL,
+ Value: serializedFormat,
+ OutputPrefixType: outputPrefixType,
}
}
diff --git a/go/aead/aead_key_templates_test.go b/go/aead/aead_key_templates_test.go
index d4d155e..51598d1 100644
--- a/go/aead/aead_key_templates_test.go
+++ b/go/aead/aead_key_templates_test.go
@@ -34,7 +34,7 @@
func TestAESGCMKeyTemplates(t *testing.T) {
// AES-GCM 128 bit
template := aead.AES128GCMKeyTemplate()
- if err := checkAESGCMKeyTemplate(template, uint32(16)); err != nil {
+ if err := checkAESGCMKeyTemplate(template, uint32(16), tinkpb.OutputPrefixType_TINK); err != nil {
t.Errorf("invalid AES-128 GCM key template: %s", err)
}
if err := testEncryptDecrypt(template, testutil.AESGCMTypeURL); err != nil {
@@ -43,18 +43,30 @@
// AES-GCM 256 bit
template = aead.AES256GCMKeyTemplate()
- if err := checkAESGCMKeyTemplate(template, uint32(32)); err != nil {
+ if err := checkAESGCMKeyTemplate(template, uint32(32), tinkpb.OutputPrefixType_TINK); err != nil {
t.Errorf("invalid AES-256 GCM key template: %s", err)
}
if err := testEncryptDecrypt(template, testutil.AESGCMTypeURL); err != nil {
t.Errorf("%v", err)
}
+
+ // AES-GCM 256 bit No Prefix
+ template = aead.AES256GCMNoPrefixKeyTemplate()
+ if err := checkAESGCMKeyTemplate(template, uint32(32), tinkpb.OutputPrefixType_RAW); err != nil {
+ t.Errorf("invalid AES-256 GCM No Prefix key template: %s", err)
+ }
+ if err := testEncryptDecrypt(template, testutil.AESGCMTypeURL); err != nil {
+ t.Errorf("%v", err)
+ }
}
-func checkAESGCMKeyTemplate(template *tinkpb.KeyTemplate, keySize uint32) error {
+func checkAESGCMKeyTemplate(template *tinkpb.KeyTemplate, keySize uint32, outputPrefixType tinkpb.OutputPrefixType) error {
if template.TypeUrl != testutil.AESGCMTypeURL {
return fmt.Errorf("incorrect type url")
}
+ if template.OutputPrefixType != outputPrefixType {
+ return fmt.Errorf("incorrect output prefix type")
+ }
keyFormat := new(gcmpb.AesGcmKeyFormat)
err := proto.Unmarshal(template.Value, keyFormat)
if err != nil {
