When parsing Ecies parameters with Curve25519, only accept compressed points.

PiperOrigin-RevId: 549927290
author: tholenst <tholenst@google.com> 2023-07-21 06:12:43 -0700
committer: Copybara-Service <copybara-worker@google.com> 2023-07-21 06:14:07 -0700
commit: e4b834a045e99f78b57b68473fcff51fb7e5bbbb (patch)
tree: 5cac8e9f724aa5ab0eeb36c690d63b7d8bdff55c /java_src
parent: ba1f77e3dee9a0d42468df279f2e9361ece87e8d (diff)
download: tink-e4b834a045e99f78b57b68473fcff51fb7e5bbbb.tar.gz
2 files changed, 22 insertions, 0 deletions
diff --git a/java_src/src/main/java/com/google/crypto/tink/hybrid/EciesProtoSerialization.java b/java_src/src/main/java/com/google/crypto/tink/hybrid/EciesProtoSerialization.java
index 7eb8ddf66..604ad11d9 100644
--- a/java_src/src/main/java/com/google/crypto/tink/hybrid/EciesProtoSerialization.java
+++ b/java_src/src/main/java/com/google/crypto/tink/hybrid/EciesProtoSerialization.java
@@ -164,6 +164,10 @@ final class EciesProtoSerialization {
     if (!protoParams.getKemParams().getCurveType().equals(EllipticCurveType.CURVE25519)) {
       builder.setNistCurvePointFormat(
           POINT_FORMAT_CONVERTER.fromProtoEnum(protoParams.getEcPointFormat()));
+    } else {
+      if (!protoParams.getEcPointFormat().equals(EcPointFormat.COMPRESSED)) {
+        throw new GeneralSecurityException("For CURVE25519 EcPointFormat must be compressed");
+      }
     }
     return builder.build();
   }
diff --git a/java_src/src/test/java/com/google/crypto/tink/hybrid/EciesProtoSerializationTest.java b/java_src/src/test/java/com/google/crypto/tink/hybrid/EciesProtoSerializationTest.java
index e80f2d731..c63747de5 100644
--- a/java_src/src/test/java/com/google/crypto/tink/hybrid/EciesProtoSerializationTest.java
+++ b/java_src/src/test/java/com/google/crypto/tink/hybrid/EciesProtoSerializationTest.java
@@ -283,6 +283,24 @@ public final class EciesProtoSerializationTest {
                             .setOutputPrefixType(OutputPrefixType.RAW)
                             .build()))
                 .build()),
+        // CURVE25519 with UNCOMPRESSED.
+        ProtoParametersSerialization.create(
+            PRIVATE_TYPE_URL,
+            OutputPrefixType.TINK,
+            EciesAeadHkdfKeyFormat.newBuilder()
+                .setParams(
+                    createEciesProtoParams(
+                        EllipticCurveType.CURVE25519,
+                        HashType.SHA256,
+                        EcPointFormat.UNCOMPRESSED,
+                        ByteString.copyFrom(SALT.toByteArray()),
+                        KeyTemplate.newBuilder()
+                            .setTypeUrl(
+                                "type.googleapis.com/google.crypto.tink.XChaCha20Poly1305Key")
+                            .setValue(DEM_KEY_FORMAT_PROTO.toByteString())
+                            .setOutputPrefixType(OutputPrefixType.RAW)
+                            .build()))
+                .build()),
         // Unknown HashType.
         ProtoParametersSerialization.create(
             PRIVATE_TYPE_URL,
author	tholenst <tholenst@google.com>	2023-07-21 06:12:43 -0700
committer	Copybara-Service <copybara-worker@google.com>	2023-07-21 06:14:07 -0700
commit	e4b834a045e99f78b57b68473fcff51fb7e5bbbb (patch)
tree	5cac8e9f724aa5ab0eeb36c690d63b7d8bdff55c /java_src
parent	ba1f77e3dee9a0d42468df279f2e9361ece87e8d (diff)
download	tink-e4b834a045e99f78b57b68473fcff51fb7e5bbbb.tar.gz