Check aesgcmpb.AesGcmKey version when parsing

PiperOrigin-RevId: 670447171 Change-Id: I213a14ec5587eb61675fefee1cf1f5fd80f332f0
tink-crypto · Sep 3, 2024 · c6b40f3 · c6b40f3
1 parent 5ad2c14
commit c6b40f3
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 1 deletion.
diff --git a/aead/aesgcm/protoserialization.go b/aead/aesgcm/protoserialization.go
@@ -25,6 +25,13 @@ import (
 	tinkpb "github.com/tink-crypto/tink-go/v2/proto/tink_go_proto"
 )
 
+const (
+	// protoVersion is the accepted [gcmpb.AesGcmKey] proto version.
+	//
+	// Currently, only version 0 is supported; other versions are rejected.
+	protoVersion = 0
+)
+
 type serializer struct{}
 
 func protoOutputPrefixTypeFromVariant(variant Variant) (tinkpb.OutputPrefixType, error) {
@@ -56,7 +63,7 @@ func (s *serializer) SerializeKey(key key.Key) (*tinkpb.Keyset_Key, error) {
 	keyBytes := actualKey.KeyBytes()
 	protoKey := &gcmpb.AesGcmKey{
 		KeyValue: keyBytes.Data(insecuresecretdataaccess.Token{}),
-		Version:  0,
+		Version:  protoVersion,
 	}
 	serializedKey, err := proto.Marshal(protoKey)
 	if err != nil {
@@ -109,6 +116,9 @@ func (s *parser) ParseKey(keysetKey *tinkpb.Keyset_Key) (key.Key, error) {
 	if err := proto.Unmarshal(keyData.GetValue(), protoKey); err != nil {
 		return nil, err
 	}
+	if protoKey.GetVersion() != protoVersion {
+		return nil, fmt.Errorf("key has unsupported version: %v", protoKey.GetVersion())
+	}
 	variant, err := variantFromProto(keysetKey.GetOutputPrefixType())
 	if err != nil {
 		return nil, err

diff --git a/aead/aesgcm/protoserialization_test.go b/aead/aesgcm/protoserialization_test.go
@@ -44,6 +44,14 @@ func TestParseKeyFails(t *testing.T) {
 	if err != nil {
 		t.Fatalf("proto.Marshal(keyWithInvalidSize) err = %v, want nil", err)
 	}
+	keyWithInvalidVersion := aesgcmpb.AesGcmKey{
+		Version:  1,
+		KeyValue: []byte("1234567890123456"),
+	}
+	serializedKeyWithInvalidVersion, err := proto.Marshal(&keyWithInvalidVersion)
+	if err != nil {
+		t.Fatalf("proto.Marshal(keyWithInvalidVersion) err = %v, want nil", err)
+	}
 	for _, tc := range []struct {
 		name      string
 		keysetKey *tinkpb.Keyset_Key
@@ -100,6 +108,19 @@ func TestParseKeyFails(t *testing.T) {
 				KeyId:            12345,
 			},
 		},
+		{
+			name: "invalid AES GCM key version",
+			keysetKey: &tinkpb.Keyset_Key{
+				KeyData: &tinkpb.KeyData{
+					TypeUrl:         typeURL,
+					Value:           serializedKeyWithInvalidVersion,
+					KeyMaterialType: tinkpb.KeyData_SYMMETRIC,
+				},
+				Status:           tinkpb.KeyStatusType_ENABLED,
+				OutputPrefixType: tinkpb.OutputPrefixType_TINK,
+				KeyId:            12345,
+			},
+		},
 		{
 			name: "invalid key material type",
 			keysetKey: &tinkpb.Keyset_Key{