Refactoring some KDF related functions

+ The refactored methods are common between HKDF, concatenation KDF, and
  CTR KDF.

csrc/hkdf.cpp

@@ -8,23 +8,6 @@
 
 using namespace AmazonCorrettoCryptoProvider;
 
-// The possible values of digestCode are defined in HkdfSecretKeyFactorySpi.java
-static EVP_MD const* digest_code_to_EVP_MD(int digestCode)
-{
-    switch (digestCode) {
-    case com_amazon_corretto_crypto_provider_HkdfSecretKeyFactorySpi_SHA1_CODE:
-        return EVP_sha1();
-    case com_amazon_corretto_crypto_provider_HkdfSecretKeyFactorySpi_SHA256_CODE:
-        return EVP_sha256();
-    case com_amazon_corretto_crypto_provider_HkdfSecretKeyFactorySpi_SHA384_CODE:
-        return EVP_sha384();
-    case com_amazon_corretto_crypto_provider_HkdfSecretKeyFactorySpi_SHA512_CODE:
-        return EVP_sha512();
-    default:
-        throw java_ex(EX_ERROR, "THIS SHOULD NOT BE REACHABLE.");
-    }
-}
-
 extern "C" JNIEXPORT void JNICALL Java_com_amazon_corretto_crypto_provider_HkdfSecretKeyFactorySpi_hkdf(JNIEnv* env,
     jclass,
     jbyteArray jOutput,

csrc/util.cpp

@@ -48,4 +48,20 @@ extern "C" JNIEXPORT void JNICALL Java_com_amazon_corretto_crypto_provider_Utils
     EVP_CIPHER_CTX_free(reinterpret_cast<EVP_CIPHER_CTX*>(ctxPtr));
 }
 
+EVP_MD const* digest_code_to_EVP_MD(int digestCode)
+{
+    switch (digestCode) {
+    case com_amazon_corretto_crypto_provider_Utils_SHA1_CODE:
+        return EVP_sha1();
+    case com_amazon_corretto_crypto_provider_Utils_SHA256_CODE:
+        return EVP_sha256();
+    case com_amazon_corretto_crypto_provider_Utils_SHA384_CODE:
+        return EVP_sha384();
+    case com_amazon_corretto_crypto_provider_Utils_SHA512_CODE:
+        return EVP_sha512();
+    default:
+        throw java_ex(EX_ERROR, "THIS SHOULD NOT BE REACHABLE.");
+    }
+}
+
 } // namespace

csrc/util.h

@@ -117,6 +117,10 @@ static inline bool check_bounds(size_t length, size_t offset, size_t range_len)
     return remaining >= range_len;
 }
 
+// Given the code of a digest, returns its correspodning EVP_MD* object. The possible values of digestCode are defined
+// in Utils.java. This method is used by different KDFs that can work with different digest algorithms.
+EVP_MD const* digest_code_to_EVP_MD(int digestCode);
+
 } // namespace AmazonCorrettoCryptoProvider
 
 #endif

src/com/amazon/corretto/crypto/provider/HkdfSecretKeyFactorySpi.java

@@ -13,10 +13,9 @@
 import java.util.HashMap;
 import java.util.Map;
 import javax.crypto.SecretKey;
-import javax.crypto.SecretKeyFactorySpi;
 import javax.crypto.spec.SecretKeySpec;
 
-class HkdfSecretKeyFactorySpi extends SecretKeyFactorySpi {
+class HkdfSecretKeyFactorySpi extends KdfSpi {
   private final int digestCode;
   private final int digestLength;
 
@@ -121,16 +120,6 @@ private static native void hkdfExpand(
       byte[] jInfo,
       int infoLen);
 
-  @Override
-  protected KeySpec engineGetKeySpec(final SecretKey key, final Class<?> keySpec) {
-    throw new UnsupportedOperationException();
-  }
-
-  @Override
-  protected SecretKey engineTranslateKey(final SecretKey key) {
-    throw new UnsupportedOperationException();
-  }
-
   static final Map<String, HkdfSecretKeyFactorySpi> INSTANCES = getInstances();
 
   private static final String HKDF = "Hkdf";
@@ -140,25 +129,20 @@ protected SecretKey engineTranslateKey(final SecretKey key) {
   static final String HKDF_WITH_SHA384 = HKDF + WITH + "HmacSHA384";
   static final String HKDF_WITH_SHA512 = HKDF + WITH + "HmacSHA512";
 
-  private static final int SHA1_CODE = 1;
-  private static final int SHA256_CODE = 2;
-  private static final int SHA384_CODE = 3;
-  private static final int SHA512_CODE = 4;
-
   private static Map<String, HkdfSecretKeyFactorySpi> getInstances() {
     final Map<String, HkdfSecretKeyFactorySpi> result = new HashMap<>();
     result.put(
         getSpiFactoryForAlgName(HKDF_WITH_SHA1),
-        new HkdfSecretKeyFactorySpi(SHA1_CODE, getDigestLength("sha1")));
+        new HkdfSecretKeyFactorySpi(Utils.SHA1_CODE, getDigestLength("sha1")));
     result.put(
         getSpiFactoryForAlgName(HKDF_WITH_SHA256),
-        new HkdfSecretKeyFactorySpi(SHA256_CODE, getDigestLength("sha256")));
+        new HkdfSecretKeyFactorySpi(Utils.SHA256_CODE, getDigestLength("sha256")));
     result.put(
         getSpiFactoryForAlgName(HKDF_WITH_SHA384),
-        new HkdfSecretKeyFactorySpi(SHA384_CODE, getDigestLength("sha384")));
+        new HkdfSecretKeyFactorySpi(Utils.SHA384_CODE, getDigestLength("sha384")));
     result.put(
         getSpiFactoryForAlgName(HKDF_WITH_SHA512),
-        new HkdfSecretKeyFactorySpi(SHA512_CODE, getDigestLength("sha512")));
+        new HkdfSecretKeyFactorySpi(Utils.SHA512_CODE, getDigestLength("sha512")));
     return Collections.unmodifiableMap(result);
   }
 

src/com/amazon/corretto/crypto/provider/KdfSpi.java

@@ -0,0 +1,20 @@
+// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+package com.amazon.corretto.crypto.provider;
+
+import java.security.spec.KeySpec;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactorySpi;
+
+abstract class KdfSpi extends SecretKeyFactorySpi {
+
+  @Override
+  protected KeySpec engineGetKeySpec(final SecretKey key, final Class<?> keySpec) {
+    throw new UnsupportedOperationException();
+  }
+
+  @Override
+  protected SecretKey engineTranslateKey(final SecretKey key) {
+    throw new UnsupportedOperationException();
+  }
+}

src/com/amazon/corretto/crypto/provider/Utils.java

@@ -28,6 +28,10 @@
 
 /** Miscellaneous utility methods. */
 final class Utils {
+  static final int SHA1_CODE = 1;
+  static final int SHA256_CODE = 2;
+  static final int SHA384_CODE = 3;
+  static final int SHA512_CODE = 4;
   private static final String PROPERTY_NATIVE_CONTEXT_RELEASE_STRATEGY =
       "nativeContextReleaseStrategy";