Add a way to create HkdfStreamingPrf from the new HkdfPrfKey. Also, u…

…se this opporunity to improve tests: rewrite them in a more concise fashion, and fix one test vector.

PiperOrigin-RevId: 563414893
Change-Id: I428f31e2dee21ebbf71177140c66afd9c1b6f177

src/main/java/com/google/crypto/tink/subtle/prf/BUILD.bazel

@@ -31,8 +31,14 @@ java_library(
     srcs = ["HkdfStreamingPrf.java"],
     deps = [
         ":streaming_prf",
+        "//src/main/java/com/google/crypto/tink:accesses_partial_key",
+        "//src/main/java/com/google/crypto/tink:insecure_secret_key_access",
+        "//src/main/java/com/google/crypto/tink/internal:enum_type_proto_converter",
+        "//src/main/java/com/google/crypto/tink/prf:hkdf_prf_key",
+        "//src/main/java/com/google/crypto/tink/prf:hkdf_prf_parameters",
         "//src/main/java/com/google/crypto/tink/subtle:enums",
         "//src/main/java/com/google/crypto/tink/subtle:subtle_util_cluster",
+        "//src/main/java/com/google/crypto/tink/util:bytes",
         "@maven//:com_google_errorprone_error_prone_annotations",
     ],
 )
@@ -42,8 +48,14 @@ android_library(
     srcs = ["HkdfStreamingPrf.java"],
     deps = [
         ":streaming_prf-android",
+        "//src/main/java/com/google/crypto/tink:accesses_partial_key-android",
+        "//src/main/java/com/google/crypto/tink:insecure_secret_key_access-android",
+        "//src/main/java/com/google/crypto/tink/internal:enum_type_proto_converter-android",
+        "//src/main/java/com/google/crypto/tink/prf:hkdf_prf_key-android",
+        "//src/main/java/com/google/crypto/tink/prf:hkdf_prf_parameters-android",
         "//src/main/java/com/google/crypto/tink/subtle:enums-android",
         "//src/main/java/com/google/crypto/tink/subtle:subtle_util_cluster-android",
+        "//src/main/java/com/google/crypto/tink/util:bytes-android",
         "@maven//:com_google_errorprone_error_prone_annotations",
     ],
 )

src/main/java/com/google/crypto/tink/subtle/prf/HkdfStreamingPrf.java

@@ -18,8 +18,15 @@
 
 import static java.lang.Math.min;
 
+import com.google.crypto.tink.AccessesPartialKey;
+import com.google.crypto.tink.InsecureSecretKeyAccess;
+import com.google.crypto.tink.internal.EnumTypeProtoConverter;
+import com.google.crypto.tink.prf.HkdfPrfKey;
+import com.google.crypto.tink.prf.HkdfPrfParameters;
 import com.google.crypto.tink.subtle.EngineFactory;
+import com.google.crypto.tink.subtle.Enums;
 import com.google.crypto.tink.subtle.Enums.HashType;
+import com.google.crypto.tink.util.Bytes;
 import com.google.errorprone.annotations.Immutable;
 import java.io.IOException;
 import java.io.InputStream;
@@ -30,7 +37,19 @@
 
 /** An implementation of the HKDF pseudorandom function, as given by RFC 5869. */
 @Immutable
+@AccessesPartialKey
 public class HkdfStreamingPrf implements StreamingPrf {
+  // This converter is not used with a proto but rather with an ordinary enum type.
+  private static final EnumTypeProtoConverter<Enums.HashType, HkdfPrfParameters.HashType>
+      HASH_TYPE_CONVERTER =
+          EnumTypeProtoConverter.<Enums.HashType, HkdfPrfParameters.HashType>builder()
+              .add(Enums.HashType.SHA1, HkdfPrfParameters.HashType.SHA1)
+              .add(Enums.HashType.SHA224, HkdfPrfParameters.HashType.SHA224)
+              .add(Enums.HashType.SHA256, HkdfPrfParameters.HashType.SHA256)
+              .add(Enums.HashType.SHA384, HkdfPrfParameters.HashType.SHA384)
+              .add(Enums.HashType.SHA512, HkdfPrfParameters.HashType.SHA512)
+              .build();
+
   private static String getJavaxHmacName(HashType hashType) throws GeneralSecurityException {
     switch (hashType) {
       case SHA1:
@@ -53,6 +72,14 @@ public HkdfStreamingPrf(final HashType hashType, final byte[] ikm, final byte[]
     this.salt = Arrays.copyOf(salt, salt.length);
   }
 
+  public static StreamingPrf create(HkdfPrfKey key) throws GeneralSecurityException {
+    Bytes saltFromKey = key.getParameters().getSalt();
+    return new HkdfStreamingPrf(
+        HASH_TYPE_CONVERTER.toProtoEnum(key.getParameters().getHashType()),
+        key.getKeyBytes().toByteArray(InsecureSecretKeyAccess.get()),
+        saltFromKey == null ? new byte[] {} : saltFromKey.toByteArray());
+  }
+
   private final HashType hashType;
 
   // Manual inspection shows that this is never mutated (and copied on construction)

src/test/java/com/google/crypto/tink/subtle/prf/BUILD.bazel

@@ -5,14 +5,21 @@ java_test(
     size = "small",
     srcs = ["HkdfStreamingPrfTest.java"],
     deps = [
+        "//src/main/java/com/google/crypto/tink:insecure_secret_key_access",
+        "//src/main/java/com/google/crypto/tink/internal:enum_type_proto_converter",
+        "//src/main/java/com/google/crypto/tink/prf:hkdf_prf_key",
+        "//src/main/java/com/google/crypto/tink/prf:hkdf_prf_parameters",
         "//src/main/java/com/google/crypto/tink/prf:prf_set",
         "//src/main/java/com/google/crypto/tink/subtle:enums",
         "//src/main/java/com/google/crypto/tink/subtle:hex",
         "//src/main/java/com/google/crypto/tink/subtle:hkdf",
         "//src/main/java/com/google/crypto/tink/subtle:random",
         "//src/main/java/com/google/crypto/tink/subtle/prf:hkdf_streaming_prf",
         "//src/main/java/com/google/crypto/tink/subtle/prf:prf_impl",
+        "//src/main/java/com/google/crypto/tink/subtle/prf:streaming_prf",
         "//src/main/java/com/google/crypto/tink/testing:test_util",
+        "//src/main/java/com/google/crypto/tink/util:bytes",
+        "//src/main/java/com/google/crypto/tink/util:secret_bytes",
         "@maven//:com_google_truth_truth",
         "@maven//:junit_junit",
     ],