Let envelope AEAD fail if encrypted DEK is empty.

This shouldn't happen if the AEAD interface is implemented correctly, but it is better to also cover this case and fail. PiperOrigin-RevId: 578765381 Change-Id: I320508efa5c181d3cf5094c4442b3e486fd950d2
tink-crypto · Nov 2, 2023 · a9c8be3 · a9c8be3
1 parent a62f251
commit a9c8be3
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 0 deletions.
diff --git a/aead/kms_envelope_aead.go b/aead/kms_envelope_aead.go
@@ -91,6 +91,9 @@ func (a *KMSEnvelopeAEAD) Encrypt(pt, aad []byte) ([]byte, error) {
 	if err != nil {
 		return nil, err
 	}
+	if len(encryptedDEK) == 0 {
+		return nil, errors.New("encrypted dek is empty")
+	}
 	p, err := registry.Primitive(a.dekTemplate.TypeUrl, dek)
 	if err != nil {
 		return nil, err

diff --git a/aead/kms_envelope_aead_test.go b/aead/kms_envelope_aead_test.go
@@ -138,3 +138,23 @@ func TestKMSEnvelopeShortCiphertext(t *testing.T) {
 		t.Error("a.Decrypt([]byte{1}, nil) err = nil, want error")
 	}
 }
+
+type invalidAEAD struct {
+}
+
+func (a *invalidAEAD) Encrypt(plaintext, associatedData []byte) ([]byte, error) {
+	return []byte{}, nil
+}
+
+func (a *invalidAEAD) Decrypt(ciphertext, associatedData []byte) ([]byte, error) {
+	return []byte{}, nil
+}
+
+func TestKMSEnvelopeEncryptWithInvalidAEADFails(t *testing.T) {
+	invalidKEKAEAD := &invalidAEAD{}
+	envAEADWithInvalidKEK := aead.NewKMSEnvelopeAEAD2(aead.AES256GCMKeyTemplate(), invalidKEKAEAD)
+
+	if _, err := envAEADWithInvalidKEK.Encrypt([]byte("plaintext"), []byte("associatedData")); err == nil {
+		t.Error("envAEADWithInvalidKEK.Encrypt(plaintext, associatedData) err = nil, want error")
+	}
+}