From d60b591644cc3f22eab61c208afaaafc5d7703f2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20I=C3=B1igo?= <daniel.inigo@datatonic.com>
Date: Thu, 21 Mar 2024 13:44:38 +0100
Subject: [PATCH] Validate AesSiv parameters in AesSivKeyManager the same way
 the AesSivParameters

This enables keys of lengths 32 and 48 bytes to be used
---
 .../crypto/tink/daead/AesSivKeyManager.java     | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/src/main/java/com/google/crypto/tink/daead/AesSivKeyManager.java b/src/main/java/com/google/crypto/tink/daead/AesSivKeyManager.java
index e0956947..af8a8bc9 100644
--- a/src/main/java/com/google/crypto/tink/daead/AesSivKeyManager.java
+++ b/src/main/java/com/google/crypto/tink/daead/AesSivKeyManager.java
@@ -61,7 +61,7 @@ private static DeterministicAead createDeterministicAead(AesSivKey key)
           PrimitiveConstructor.create(
               AesSivKeyManager::createDeterministicAead, AesSivKey.class, DeterministicAead.class);
 
-  private static final int KEY_SIZE_IN_BYTES = 64;
+  private static final int AES256_KEY_SIZE_IN_BYTES = 64;
 
   static String getKeyType() {
     return "type.googleapis.com/google.crypto.tink.AesSivKey";
@@ -76,13 +76,12 @@ static String getKeyType() {
 
   private static void validateParameters(AesSivParameters parameters)
       throws GeneralSecurityException {
-    if (parameters.getKeySizeBytes() != KEY_SIZE_IN_BYTES) {
+    int keySizeBytes = parameters.getKeySizeBytes();
+    if (keySizeBytes != 32 && keySizeBytes != 48 && keySizeBytes != 64) {
       throw new InvalidAlgorithmParameterException(
-          "invalid key size: "
-              + parameters.getKeySizeBytes()
-              + ". Valid keys must have "
-              + KEY_SIZE_IN_BYTES
-              + " bytes.");
+          String.format(
+              "Invalid key size %d; only 32-byte, 48-byte and 64-byte AES-SIV keys are supported",
+              keySizeBytes));
     }
   }
 
@@ -153,7 +152,7 @@ public static final KeyTemplate aes256SivTemplate() {
         () ->
             KeyTemplate.createFrom(
                 AesSivParameters.builder()
-                    .setKeySizeBytes(KEY_SIZE_IN_BYTES)
+                    .setKeySizeBytes(AES256_KEY_SIZE_IN_BYTES)
                     .setVariant(AesSivParameters.Variant.TINK)
                     .build()));
   }
@@ -167,7 +166,7 @@ public static final KeyTemplate rawAes256SivTemplate() {
         () ->
             KeyTemplate.createFrom(
                 AesSivParameters.builder()
-                    .setKeySizeBytes(KEY_SIZE_IN_BYTES)
+                    .setKeySizeBytes(AES256_KEY_SIZE_IN_BYTES)
                     .setVariant(AesSivParameters.Variant.NO_PREFIX)
                     .build()));
   }