Add a way to create HkdfStreamingPrf from the new HkdfPrfKey. Also, use this opporunity to improve tests: rewrite them in a more concise fashion, and fix one test vector.

PiperOrigin-RevId: 563414893 Change-Id: I428f31e2dee21ebbf71177140c66afd9c1b6f177

Author: LizaTretyakova

src/main/java/com/google/crypto/tink/subtle/prf/BUILD.bazel

@@ -31,8 +31,14 @@ java_library(
  srcs = ["HkdfStreamingPrf.java"],
  deps = [
  ":streaming_prf",
+ "//src/main/java/com/google/crypto/tink:accesses_partial_key",
+ "//src/main/java/com/google/crypto/tink:insecure_secret_key_access",
+ "//src/main/java/com/google/crypto/tink/internal:enum_type_proto_converter",
+ "//src/main/java/com/google/crypto/tink/prf:hkdf_prf_key",
+ "//src/main/java/com/google/crypto/tink/prf:hkdf_prf_parameters",
  "//src/main/java/com/google/crypto/tink/subtle:enums",
  "//src/main/java/com/google/crypto/tink/subtle:subtle_util_cluster",
+ "//src/main/java/com/google/crypto/tink/util:bytes",
  "@maven//:com_google_errorprone_error_prone_annotations",
  ],
 )
@@ -42,8 +48,14 @@ android_library(
  srcs = ["HkdfStreamingPrf.java"],
  deps = [
  ":streaming_prf-android",
+ "//src/main/java/com/google/crypto/tink:accesses_partial_key-android",
+ "//src/main/java/com/google/crypto/tink:insecure_secret_key_access-android",
+ "//src/main/java/com/google/crypto/tink/internal:enum_type_proto_converter-android",
+ "//src/main/java/com/google/crypto/tink/prf:hkdf_prf_key-android",
+ "//src/main/java/com/google/crypto/tink/prf:hkdf_prf_parameters-android",
  "//src/main/java/com/google/crypto/tink/subtle:enums-android",
  "//src/main/java/com/google/crypto/tink/subtle:subtle_util_cluster-android",
+ "//src/main/java/com/google/crypto/tink/util:bytes-android",
  "@maven//:com_google_errorprone_error_prone_annotations",
  ],
 )

src/main/java/com/google/crypto/tink/subtle/prf/HkdfStreamingPrf.java

@@ -18,8 +18,15 @@
 
 import static java.lang.Math.min;
 
+import com.google.crypto.tink.AccessesPartialKey;
+import com.google.crypto.tink.InsecureSecretKeyAccess;
+import com.google.crypto.tink.internal.EnumTypeProtoConverter;
+import com.google.crypto.tink.prf.HkdfPrfKey;
+import com.google.crypto.tink.prf.HkdfPrfParameters;
 import com.google.crypto.tink.subtle.EngineFactory;
+import com.google.crypto.tink.subtle.Enums;
 import com.google.crypto.tink.subtle.Enums.HashType;
+import com.google.crypto.tink.util.Bytes;
 import com.google.errorprone.annotations.Immutable;
 import java.io.IOException;
 import java.io.InputStream;
@@ -30,7 +37,19 @@
 
 /** An implementation of the HKDF pseudorandom function, as given by RFC 5869. */
 @Immutable
+@AccessesPartialKey
 public class HkdfStreamingPrf implements StreamingPrf {
+ // This converter is not used with a proto but rather with an ordinary enum type.
+ private static final EnumTypeProtoConverter<Enums.HashType, HkdfPrfParameters.HashType>
+ HASH_TYPE_CONVERTER =
+ EnumTypeProtoConverter.<Enums.HashType, HkdfPrfParameters.HashType>builder()
+ .add(Enums.HashType.SHA1, HkdfPrfParameters.HashType.SHA1)
+ .add(Enums.HashType.SHA224, HkdfPrfParameters.HashType.SHA224)
+ .add(Enums.HashType.SHA256, HkdfPrfParameters.HashType.SHA256)
+ .add(Enums.HashType.SHA384, HkdfPrfParameters.HashType.SHA384)
+ .add(Enums.HashType.SHA512, HkdfPrfParameters.HashType.SHA512)
+ .build();
+
  private static String getJavaxHmacName(HashType hashType) throws GeneralSecurityException {
  switch (hashType) {
  case SHA1:
@@ -53,6 +72,14 @@ public HkdfStreamingPrf(final HashType hashType, final byte[] ikm, final byte[]
  this.salt = Arrays.copyOf(salt, salt.length);
  }
 
+ public static StreamingPrf create(HkdfPrfKey key) throws GeneralSecurityException {
+ Bytes saltFromKey = key.getParameters().getSalt();
+ return new HkdfStreamingPrf(
+ HASH_TYPE_CONVERTER.toProtoEnum(key.getParameters().getHashType()),
+ key.getKeyBytes().toByteArray(InsecureSecretKeyAccess.get()),
+ saltFromKey == null ? new byte[] {} : saltFromKey.toByteArray());
+ }
+
  private final HashType hashType;
 
  // Manual inspection shows that this is never mutated (and copied on construction)

src/test/java/com/google/crypto/tink/subtle/prf/BUILD.bazel

@@ -5,14 +5,21 @@ java_test(
  size = "small",
  srcs = ["HkdfStreamingPrfTest.java"],
  deps = [
+ "//src/main/java/com/google/crypto/tink:insecure_secret_key_access",
+ "//src/main/java/com/google/crypto/tink/internal:enum_type_proto_converter",
+ "//src/main/java/com/google/crypto/tink/prf:hkdf_prf_key",
+ "//src/main/java/com/google/crypto/tink/prf:hkdf_prf_parameters",
  "//src/main/java/com/google/crypto/tink/prf:prf_set",
  "//src/main/java/com/google/crypto/tink/subtle:enums",
  "//src/main/java/com/google/crypto/tink/subtle:hex",
  "//src/main/java/com/google/crypto/tink/subtle:hkdf",
  "//src/main/java/com/google/crypto/tink/subtle:random",
  "//src/main/java/com/google/crypto/tink/subtle/prf:hkdf_streaming_prf",
  "//src/main/java/com/google/crypto/tink/subtle/prf:prf_impl",
+ "//src/main/java/com/google/crypto/tink/subtle/prf:streaming_prf",
  "//src/main/java/com/google/crypto/tink/testing:test_util",
+ "//src/main/java/com/google/crypto/tink/util:bytes",
+ "//src/main/java/com/google/crypto/tink/util:secret_bytes",
  "@maven//:com_google_truth_truth",
  "@maven//:junit_junit",
  ],