diff options
author | juerg <juerg@google.com> | 2022-04-07 09:04:50 -0700 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2022-04-07 09:05:38 -0700 |
commit | e3251c869ad81ba62d3b4967f69d1843e3d22be3 (patch) | |
tree | 43c44b526242bb4a9e04b5250df9188ada20db89 | |
parent | 2d01efbcea5597438a2e80472370d7372e126de3 (diff) | |
download | tink-e3251c869ad81ba62d3b4967f69d1843e3d22be3.tar.gz |
Write unsigned key IDs in KeyInfo.
Currently, the primary key is written as unsigned int, but the key info key id is written assigned int, which is inconsistent. Also, this causes an error when the keyset is read in C++.
This fix shouldn't cause anything to fail because the KeyInfo is anyways ignored by KeysetHandle.read.
PiperOrigin-RevId: 440120826
3 files changed, 18 insertions, 3 deletions
diff --git a/java_src/src/main/java/com/google/crypto/tink/JsonKeysetWriter.java b/java_src/src/main/java/com/google/crypto/tink/JsonKeysetWriter.java index e9f653ec2..812362c08 100644 --- a/java_src/src/main/java/com/google/crypto/tink/JsonKeysetWriter.java +++ b/java_src/src/main/java/com/google/crypto/tink/JsonKeysetWriter.java @@ -148,7 +148,7 @@ public final class JsonKeysetWriter implements KeysetWriter { JsonObject json = new JsonObject(); json.addProperty("typeUrl", keyInfo.getTypeUrl()); json.addProperty("status", keyInfo.getStatus().name()); - json.addProperty("keyId", keyInfo.getKeyId()); + json.addProperty("keyId", toUnsignedLong(keyInfo.getKeyId())); json.addProperty("outputPrefixType", keyInfo.getOutputPrefixType().name()); return json; } diff --git a/java_src/src/test/java/com/google/crypto/tink/BUILD.bazel b/java_src/src/test/java/com/google/crypto/tink/BUILD.bazel index acec3973f..04603c789 100644 --- a/java_src/src/test/java/com/google/crypto/tink/BUILD.bazel +++ b/java_src/src/test/java/com/google/crypto/tink/BUILD.bazel @@ -141,6 +141,7 @@ java_test( "//src/main/java/com/google/crypto/tink:config", "//src/main/java/com/google/crypto/tink:json_keyset_reader", "//src/main/java/com/google/crypto/tink:json_keyset_writer", + "//src/main/java/com/google/crypto/tink:key_templates", "//src/main/java/com/google/crypto/tink:mac", "//src/main/java/com/google/crypto/tink:registry", "//src/main/java/com/google/crypto/tink:registry_cluster", diff --git a/java_src/src/test/java/com/google/crypto/tink/JsonKeysetWriterTest.java b/java_src/src/test/java/com/google/crypto/tink/JsonKeysetWriterTest.java index 942127ec4..ec6bbdd1b 100644 --- a/java_src/src/test/java/com/google/crypto/tink/JsonKeysetWriterTest.java +++ b/java_src/src/test/java/com/google/crypto/tink/JsonKeysetWriterTest.java @@ -17,6 +17,7 @@ package com.google.crypto.tink; import static com.google.common.truth.Truth.assertThat; +import static java.nio.charset.StandardCharsets.UTF_8; import com.google.crypto.tink.aead.AeadKeyTemplates; import com.google.crypto.tink.config.TinkConfig; @@ -129,10 +130,23 @@ public class JsonKeysetWriterTest { .build(); KeysetHandle modifiedHandle = CleartextKeysetHandle.parseFrom(modified.toByteArray()); + // Write cleartext keyset ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); CleartextKeysetHandle.write(modifiedHandle, JsonKeysetWriter.withOutputStream(outputStream)); - assertThat(outputStream.toString()).contains("\"primaryKeyId\":4275736384"); - assertThat(outputStream.toString()).contains("\"keyId\":4275736384"); + String cleartextKeysetInJson = new String(outputStream.toByteArray(), UTF_8); + + assertThat(cleartextKeysetInJson).contains("\"primaryKeyId\":4275736384"); + assertThat(cleartextKeysetInJson).contains("\"keyId\":4275736384"); + + // Write encrypted keyset + Aead keysetEncryptionAead = + KeysetHandle.generateNew(KeyTemplates.get("AES128_EAX")).getPrimitive(Aead.class); + ByteArrayOutputStream outputStream2 = new ByteArrayOutputStream(); + modifiedHandle.write(JsonKeysetWriter.withOutputStream(outputStream2), keysetEncryptionAead); + String encryptedKeysetInJson = new String(outputStream2.toByteArray(), UTF_8); + + assertThat(encryptedKeysetInJson).contains("\"primaryKeyId\":4275736384"); + assertThat(encryptedKeysetInJson).contains("\"keyId\":4275736384"); } } |