cc: Drop support for 192-bit keys from AES-CTR.

PiperOrigin-RevId: 206805592 GitOrigin-RevId: d2f6d3fd28e53ac323650486ca74754eac9d4417
nacle830213 · Aug 1, 2018 · 316ab66 · 316ab66
1 parent cb01b22
commit 316ab66
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 9 deletions.
diff --git a/cc/aead/aes_ctr_hmac_aead_key_manager.cc b/cc/aead/aes_ctr_hmac_aead_key_manager.cc
@@ -221,10 +221,10 @@ Status AesCtrHmacAeadKeyManager::Validate(const AesCtrHmacAeadKey& key) {
     return ToStatusF(util::error::INVALID_ARGUMENT,
                      "Invalid AesCtrHmacAeadKey: AES key_value is too short.");
   }
-  if (aes_key_size != 16 && aes_key_size != 24 && aes_key_size != 32) {
+  if (aes_key_size != 16 && aes_key_size != 32) {
     return ToStatusF(util::error::INVALID_ARGUMENT,
                      "Invalid AesCtrHmacAeadKey: AES key_value has %d bytes; "
-                     "supported sizes: 16, 24, or 32 bytes.",
+                     "supported sizes: 16 or 32 bytes.",
                      aes_key_size);
   }
   if (aes_ctr_key.params().iv_size() < kMinIvSizeInBytes ||

diff --git a/cc/aead/aes_ctr_hmac_aead_key_manager_test.cc b/cc/aead/aes_ctr_hmac_aead_key_manager_test.cc
@@ -105,7 +105,7 @@ TEST_F(AesCtrHmacAeadKeyManagerTest, testKeyDataErrors) {
                         result.status().error_message());
   }
 
-  {  // Bad key_value size (supported sizes: 16, 24, 32).
+  {  // Bad key_value size (supported sizes: 16 or 32).
     for (int len = 0; len < 42; len++) {
       AesCtrHmacAeadKey key;
       key.set_version(0);
@@ -120,7 +120,7 @@ TEST_F(AesCtrHmacAeadKeyManagerTest, testKeyDataErrors) {
       key_data.set_type_url(aes_ctr_hmac_aead_key_type);
       key_data.set_value(key.SerializeAsString());
       auto result = key_manager.GetPrimitive(key_data);
-      if (len == 16 || len == 24 || len == 32) {
+      if (len == 16 || len == 32) {
         EXPECT_TRUE(result.ok()) << result.status();
       } else {
         if (len < 16) {
@@ -158,7 +158,7 @@ TEST_F(AesCtrHmacAeadKeyManagerTest, testKeyMessageErrors) {
                         result.status().error_message());
   }
 
-  {  // Bad key_value size (supported sizes: 16, 24, 32).
+  {  // Bad key_value size (supported sizes: 16 or 32).
     for (int len = 0; len < 42; len++) {
       AesCtrHmacAeadKey key;
       key.set_version(0);
@@ -170,7 +170,7 @@ TEST_F(AesCtrHmacAeadKeyManagerTest, testKeyMessageErrors) {
       hmac_key->mutable_params()->set_hash(HashType::SHA1);
       hmac_key->mutable_params()->set_tag_size(10);
       auto result = key_manager.GetPrimitive(key);
-      if (len == 16 || len == 24 || len == 32) {
+      if (len == 16 || len == 32) {
         EXPECT_TRUE(result.ok()) << result.status();
       } else {
         if (len < 16) {

diff --git a/cc/subtle/aes_ctr_boringssl.cc b/cc/subtle/aes_ctr_boringssl.cc
@@ -36,8 +36,6 @@ static const EVP_CIPHER* GetCipherForKeySize(uint32_t size_in_bytes) {
   switch (size_in_bytes) {
     case 16:
       return EVP_aes_128_ctr();
-    case 24:
-      return EVP_aes_192_ctr();
     case 32:
       return EVP_aes_256_ctr();
     default:

diff --git a/cc/subtle/aes_eax_aesni_test.cc b/cc/subtle/aes_eax_aesni_test.cc
@@ -129,7 +129,7 @@ TEST(AesEaxAesniTest, testModification) {
 TEST(AesEaxAesniTest, testInvalidKeySizes) {
   size_t nonce_size = 12;
   for (int keysize = 0; keysize < 65; keysize++) {
-    if (keysize == 16 || keysize == 24 || keysize == 32) {
+    if (keysize == 16 || keysize == 32) {
       continue;
     }
     std::string key(keysize, 'x');