Remove Crunchy Variant for X-AES-GCM

PiperOrigin-RevId: 669094988 Change-Id: I6800f431228a4f5605d4fd2f5397cb006fb453b1
tink-crypto · Aug 29, 2024 · ed4a9ae · ed4a9ae
1 parent 63f59c3
commit ed4a9ae
Show file tree

Hide file tree

Showing 7 changed files with 29 additions and 165 deletions.
diff --git a/src/main/java/com/google/crypto/tink/aead/XAesGcmKey.java b/src/main/java/com/google/crypto/tink/aead/XAesGcmKey.java
@@ -51,9 +51,6 @@ private static Bytes getOutputPrefix(
     if (parameters.getVariant() == XAesGcmParameters.Variant.NO_PREFIX) {
       return OutputPrefixUtil.EMPTY_PREFIX;
     }
-    if (parameters.getVariant() == XAesGcmParameters.Variant.CRUNCHY) {
-      return OutputPrefixUtil.getLegacyOutputPrefix(idRequirement);
-    }
     if (parameters.getVariant() == XAesGcmParameters.Variant.TINK) {
       return OutputPrefixUtil.getTinkOutputPrefix(idRequirement);
     }

diff --git a/src/main/java/com/google/crypto/tink/aead/XAesGcmParameters.java b/src/main/java/com/google/crypto/tink/aead/XAesGcmParameters.java
@@ -23,15 +23,13 @@
 /** Describes the parameters of an {@link XAesGcmKey} */
 public final class XAesGcmParameters extends AeadParameters {
   /**
-   * Describes how the prefix is computed. For AEAD there are three main possibilities: NO_PREFIX
-   * (empty prefix), TINK (prefix the ciphertext with 0x01 followed by a 4-byte key id in big endian
-   * format) or CRUNCHY (prefix the ciphertext with 0x00 followed by a 4-byte key id in big endian
-   * format).
+   * Describes how the prefix is computed. For AEAD, there are two possibilities: either NO_PREFIX
+   * (empty prefix) or TINK (prefix the ciphertext with 0x01 followed by a 4-byte key id in big
+   * endian format).
    */
   @Immutable
   public static final class Variant {
     public static final Variant TINK = new Variant("TINK");
-    public static final Variant CRUNCHY = new Variant("CRUNCHY");
     public static final Variant NO_PREFIX = new Variant("NO_PREFIX");
 
     private final String name;

diff --git a/src/main/java/com/google/crypto/tink/aead/internal/XAesGcmProtoSerialization.java b/src/main/java/com/google/crypto/tink/aead/internal/XAesGcmProtoSerialization.java
@@ -78,9 +78,6 @@ private static OutputPrefixType toProtoOutputPrefixType(XAesGcmParameters.Varian
     if (Objects.equals(variant, XAesGcmParameters.Variant.TINK)) {
       return OutputPrefixType.TINK;
     }
-    if (Objects.equals(variant, XAesGcmParameters.Variant.CRUNCHY)) {
-      return OutputPrefixType.CRUNCHY;
-    }
     if (Objects.equals(variant, XAesGcmParameters.Variant.NO_PREFIX)) {
       return OutputPrefixType.RAW;
     }
@@ -92,10 +89,6 @@ private static XAesGcmParameters.Variant toVariant(OutputPrefixType outputPrefix
     switch (outputPrefixType) {
       case TINK:
         return XAesGcmParameters.Variant.TINK;
-      /* Parse LEGACY prefix to CRUNCHY, since they act the same for this type of key */
-      case CRUNCHY:
-      case LEGACY:
-        return XAesGcmParameters.Variant.CRUNCHY;
       case RAW:
         return XAesGcmParameters.Variant.NO_PREFIX;
       default:

diff --git a/src/test/java/com/google/crypto/tink/aead/XAesGcmKeyTest.java b/src/test/java/com/google/crypto/tink/aead/XAesGcmKeyTest.java
@@ -54,18 +54,6 @@ public void buildTinkVariantAndGetProperties() throws Exception {
     assertThat(key.getIdRequirementOrNull()).isEqualTo(0x708090a);
   }
 
-  @Test
-  public void buildCrunchyVariantAndGetProperties() throws Exception {
-    SecretBytes keyBytes = SecretBytes.randomBytes(32);
-    XAesGcmParameters parameters = XAesGcmParameters.create(XAesGcmParameters.Variant.CRUNCHY, 8);
-    XAesGcmKey key = XAesGcmKey.create(parameters, keyBytes, 0x0708090a);
-    assertThat(key.getParameters()).isEqualTo(parameters);
-    assertThat(key.getKeyBytes()).isEqualTo(keyBytes);
-    assertThat(key.getOutputPrefix())
-        .isEqualTo(Bytes.copyFrom(new byte[] {0x00, 0x07, 0x08, 0x09, 0x0a}));
-    assertThat(key.getIdRequirementOrNull()).isEqualTo(0x708090a);
-  }
-
   @Test
   public void wrongIdRequirement_throws() throws Exception {
     SecretBytes keyBytes = SecretBytes.randomBytes(32);
@@ -74,11 +62,6 @@ public void wrongIdRequirement_throws() throws Exception {
         () ->
             XAesGcmKey.create(
                 XAesGcmParameters.create(XAesGcmParameters.Variant.NO_PREFIX, 8), keyBytes, 1115));
-    assertThrows(
-        GeneralSecurityException.class,
-        () ->
-            XAesGcmKey.create(
-                XAesGcmParameters.create(XAesGcmParameters.Variant.CRUNCHY, 8), keyBytes, null));
     assertThrows(
         GeneralSecurityException.class,
         () ->
@@ -96,8 +79,6 @@ public void testEqualities() throws Exception {
     XAesGcmParameters parametersNoPrefix =
         XAesGcmParameters.create(XAesGcmParameters.Variant.NO_PREFIX, 12);
     XAesGcmParameters parametersTink = XAesGcmParameters.create(XAesGcmParameters.Variant.TINK, 12);
-    XAesGcmParameters parametersCrunchy =
-        XAesGcmParameters.create(XAesGcmParameters.Variant.CRUNCHY, 12);
     new KeyTester()
         .addEqualityGroup(
             "No prefix, keyBytes",
@@ -113,9 +94,6 @@ public void testEqualities() throws Exception {
             XAesGcmKey.create(parametersTink, keyBytesCopy, 1907))
         .addEqualityGroup(
             "Tink with key id 1908, keyBytes32", XAesGcmKey.create(parametersTink, keyBytes, 1908))
-        .addEqualityGroup(
-            "Crunchy with key id 1907, keyBytes32",
-            XAesGcmKey.create(parametersCrunchy, keyBytes, 1907))
         .doTests();
   }
 }
diff --git a/src/test/java/com/google/crypto/tink/aead/XAesGcmParametersTest.java b/src/test/java/com/google/crypto/tink/aead/XAesGcmParametersTest.java
@@ -28,7 +28,6 @@
 public final class XAesGcmParametersTest {
   private static final XAesGcmParameters.Variant NO_PREFIX = XAesGcmParameters.Variant.NO_PREFIX;
   private static final XAesGcmParameters.Variant TINK = XAesGcmParameters.Variant.TINK;
-  private static final XAesGcmParameters.Variant CRUNCHY = XAesGcmParameters.Variant.CRUNCHY;
 
   @Test
   public void buildParameters_noPrefix() throws Exception {
@@ -46,14 +45,6 @@ public void buildParameters_tink() throws Exception {
     assertThat(parameters.hasIdRequirement()).isTrue();
   }
 
-  @Test
-  public void buildParameters_crunchy() throws Exception {
-    XAesGcmParameters parameters = XAesGcmParameters.create(XAesGcmParameters.Variant.CRUNCHY, 8);
-    assertThat(parameters.getVariant()).isEqualTo(CRUNCHY);
-    assertThat(parameters.getSaltSizeBytes()).isEqualTo(8);
-    assertThat(parameters.hasIdRequirement()).isTrue();
-  }
-
   @Test
   public void buildParameters_invalidSaltSize_throws() throws Exception {
     assertThrows(
@@ -84,44 +75,20 @@ public void testEqualsAndEqualHashCode_tink() throws Exception {
     assertThat(parametersTink0.hashCode()).isEqualTo(parametersTink1.hashCode());
   }
 
-  @Test
-  public void testEqualsAndEqualHashCode_crunchy() throws Exception {
-    XAesGcmParameters parametersCrunchy0 =
-        XAesGcmParameters.create(XAesGcmParameters.Variant.CRUNCHY, 11);
-    XAesGcmParameters parametersCrunchy1 =
-        XAesGcmParameters.create(XAesGcmParameters.Variant.CRUNCHY, 11);
-    assertThat(parametersCrunchy0).isEqualTo(parametersCrunchy1);
-    assertThat(parametersCrunchy0.hashCode()).isEqualTo(parametersCrunchy1.hashCode());
-  }
-
   @Test
   public void testEqualsAndEqualHashCode_different() throws Exception {
     XAesGcmParameters parametersNoPrefix =
         XAesGcmParameters.create(XAesGcmParameters.Variant.NO_PREFIX, 8);
 
     XAesGcmParameters parametersTink = XAesGcmParameters.create(XAesGcmParameters.Variant.TINK, 8);
 
-    XAesGcmParameters parametersCrunchy =
-        XAesGcmParameters.create(XAesGcmParameters.Variant.CRUNCHY, 8);
 
     assertThat(parametersNoPrefix).isNotEqualTo(parametersTink);
     assertThat(parametersNoPrefix.hashCode()).isNotEqualTo(parametersTink.hashCode());
 
-    assertThat(parametersNoPrefix).isNotEqualTo(parametersCrunchy);
-    assertThat(parametersNoPrefix.hashCode()).isNotEqualTo(parametersCrunchy.hashCode());
-
     assertThat(parametersTink).isNotEqualTo(parametersNoPrefix);
     assertThat(parametersTink.hashCode()).isNotEqualTo(parametersNoPrefix.hashCode());
 
-    assertThat(parametersTink).isNotEqualTo(parametersCrunchy);
-    assertThat(parametersTink.hashCode()).isNotEqualTo(parametersCrunchy.hashCode());
-
-    assertThat(parametersCrunchy).isNotEqualTo(parametersNoPrefix);
-    assertThat(parametersCrunchy.hashCode()).isNotEqualTo(parametersNoPrefix.hashCode());
-
-    assertThat(parametersCrunchy).isNotEqualTo(parametersTink);
-    assertThat(parametersCrunchy.hashCode()).isNotEqualTo(parametersTink.hashCode());
-
     XAesGcmParameters parametersTinkWithDifferentSalt =
         XAesGcmParameters.create(XAesGcmParameters.Variant.TINK, 12);
     assertThat(parametersTink).isNotEqualTo(parametersTinkWithDifferentSalt);

diff --git a/src/test/java/com/google/crypto/tink/aead/internal/XAesGcmProtoSerializationTest.java b/src/test/java/com/google/crypto/tink/aead/internal/XAesGcmProtoSerializationTest.java
@@ -113,30 +113,6 @@ public void serializeParseParameters_tink() throws Exception {
     assertThat(parsed).isEqualTo(parameters);
   }
 
-  @Test
-  public void serializeParseParameters_crunchy() throws Exception {
-    XAesGcmParameters parameters = XAesGcmParameters.create(XAesGcmParameters.Variant.CRUNCHY, 8);
-
-    ProtoParametersSerialization serialization =
-        ProtoParametersSerialization.create(
-            "type.googleapis.com/google.crypto.tink.XAesGcmKey",
-            OutputPrefixType.CRUNCHY,
-            com.google.crypto.tink.proto.XAesGcmKeyFormat.newBuilder()
-                .setParams(
-                    com.google.crypto.tink.proto.XAesGcmParams.newBuilder()
-                        .setSaltSize(parameters.getSaltSizeBytes())
-                        .build())
-                .build());
-
-    ProtoParametersSerialization serialized =
-        registry.serializeParameters(parameters, ProtoParametersSerialization.class);
-    assertEqualWhenValueParsed(
-        com.google.crypto.tink.proto.XAesGcmKeyFormat.parser(), serialized, serialization);
-
-    Parameters parsed = registry.parseParameters(serialization);
-    assertThat(parsed).isEqualTo(parameters);
-  }
-
   @Test
   public void serializeParseKey_noPrefix() throws Exception {
     XAesGcmKey key =
@@ -207,41 +183,6 @@ public void serializeParseKey_tink() throws Exception {
     assertThat(parsed.equalsKey(key)).isTrue();
   }
 
-  @Test
-  public void serializeParseKey_crunchy() throws Exception {
-    XAesGcmKey key =
-        XAesGcmKey.create(
-            XAesGcmParameters.create(XAesGcmParameters.Variant.CRUNCHY, 8),
-            KEY_BYTES_32,
-            /* idRequirement= */ 123);
-
-    com.google.crypto.tink.proto.XAesGcmKey protoXAesGcmKey =
-        com.google.crypto.tink.proto.XAesGcmKey.newBuilder()
-            .setVersion(0)
-            .setKeyValue(KEY_BYTES_32_AS_BYTE_STRING)
-            .setParams(
-                com.google.crypto.tink.proto.XAesGcmParams.newBuilder()
-                    .setSaltSize(key.getParameters().getSaltSizeBytes())
-                    .build())
-            .build();
-
-    ProtoKeySerialization serialization =
-        ProtoKeySerialization.create(
-            "type.googleapis.com/google.crypto.tink.XAesGcmKey",
-            protoXAesGcmKey.toByteString(),
-            KeyMaterialType.SYMMETRIC,
-            OutputPrefixType.CRUNCHY,
-            /* idRequirement= */ 123);
-
-    ProtoKeySerialization serialized =
-        registry.serializeKey(key, ProtoKeySerialization.class, InsecureSecretKeyAccess.get());
-    assertEqualWhenValueParsed(
-        com.google.crypto.tink.proto.XAesGcmKey.parser(), serialized, serialization);
-
-    Key parsed = registry.parseKey(serialization, InsecureSecretKeyAccess.get());
-    assertThat(parsed.equalsKey(key)).isTrue();
-  }
-
   @Test
   public void testParseKeys_noAccess_throws() throws Exception {
     com.google.crypto.tink.proto.XAesGcmKey protoXAesGcmKey =
@@ -262,7 +203,7 @@ public void testParseKeys_noAccess_throws() throws Exception {
   }
 
   @Test
-  public void parseKey_legacy() throws Exception {
+  public void parseKey_legacy_fails() throws Exception {
     ProtoKeySerialization serialization =
         ProtoKeySerialization.create(
             TYPE_URL,
@@ -276,10 +217,31 @@ public void parseKey_legacy() throws Exception {
             KeyMaterialType.SYMMETRIC,
             OutputPrefixType.LEGACY,
             1479);
-    // Legacy keys are parsed to crunchy
-    Key parsed = registry.parseKey(serialization, InsecureSecretKeyAccess.get());
-    assertThat(((XAesGcmParameters) parsed.getParameters()).getVariant())
-        .isEqualTo(XAesGcmParameters.Variant.CRUNCHY);
+    // Legacy keys aren't supported
+    assertThrows(
+        GeneralSecurityException.class,
+        () -> registry.parseKey(serialization, InsecureSecretKeyAccess.get()));
+  }
+
+  @Test
+  public void parseKey_crunchy_fails() throws Exception {
+    ProtoKeySerialization serialization =
+        ProtoKeySerialization.create(
+            TYPE_URL,
+            com.google.crypto.tink.proto.XAesGcmKey.newBuilder()
+                .setVersion(0)
+                .setKeyValue(KEY_BYTES_32_AS_BYTE_STRING)
+                .setParams(
+                    com.google.crypto.tink.proto.XAesGcmParams.newBuilder().setSaltSize(8).build())
+                .build()
+                .toByteString(),
+            KeyMaterialType.SYMMETRIC,
+            OutputPrefixType.CRUNCHY,
+            1479);
+    // Crunchy keys aren't supported
+    assertThrows(
+        GeneralSecurityException.class,
+        () -> registry.parseKey(serialization, InsecureSecretKeyAccess.get()));
   }
 
   @Test

diff --git a/src/test/java/com/google/crypto/tink/aead/internal/XAesGcmTest.java b/src/test/java/com/google/crypto/tink/aead/internal/XAesGcmTest.java
@@ -118,37 +118,6 @@ public void encryptDecrypt_withTinkVariant_differentOutputPrefix_fails() throws
     assertThrows(GeneralSecurityException.class, () -> xAesGcm.decrypt(ciphertext, associatedData));
   }
 
-  @Test
-  public void encryptDecrypt_withCrunchyVariant() throws Exception {
-    byte[] outputPrefix = OutputPrefixUtil.getLegacyOutputPrefix(KEY_ID).toByteArray();
-    Aead xAesGcm =
-        XAesGcm.create(
-            XAesGcmKey.create(
-                XAesGcmParameters.create(XAesGcmParameters.Variant.CRUNCHY, SALT_SIZE_IN_BYTES),
-                SECRET_BYTES,
-                KEY_ID));
-
-    byte[] ciphertext = xAesGcm.encrypt(plaintext, associatedData);
-
-    assertThat(Arrays.copyOfRange(ciphertext, 0, outputPrefix.length)).isEqualTo(outputPrefix);
-  }
-
-  @Test
-  public void encryptDecrypt_withCrunchyVariant_differentOutputPrefix_fails() throws Exception {
-    Aead xAesGcm =
-        XAesGcm.create(
-            XAesGcmKey.create(
-                XAesGcmParameters.create(XAesGcmParameters.Variant.CRUNCHY, SALT_SIZE_IN_BYTES),
-                SECRET_BYTES,
-                KEY_ID));
-
-    byte[] ciphertext = xAesGcm.encrypt(plaintext, associatedData);
-    byte[] outputPrefix = OutputPrefixUtil.getLegacyOutputPrefix(11111).toByteArray();
-    System.arraycopy(outputPrefix, 0, ciphertext, 0, outputPrefix.length);
-
-    assertThrows(GeneralSecurityException.class, () -> xAesGcm.decrypt(ciphertext, associatedData));
-  }
-
   @Test
   public void encryptDecrypt_withoutAadFails() throws Exception {
     Aead xAesGcm =