From f4c067cd74416295ffa2620cac065016a71ac49b Mon Sep 17 00:00:00 2001
From: Amir Vakili <amirhosv@amazon.com>
Date: Fri, 26 Jul 2024 13:51:17 +0000
Subject: [PATCH] Refactoring some KDF related functions

+ The refactored methods are common between HKDF, concatenation KDF, and
  CTR KDF.
---
 csrc/hkdf.cpp                                 | 17 ------------
 csrc/util.cpp                                 | 16 ++++++++++++
 csrc/util.h                                   |  4 +++
 .../provider/HkdfSecretKeyFactorySpi.java     | 26 ++++---------------
 .../corretto/crypto/provider/KdfSpi.java      | 20 ++++++++++++++
 .../corretto/crypto/provider/Utils.java       |  4 +++
 6 files changed, 49 insertions(+), 38 deletions(-)
 create mode 100644 src/com/amazon/corretto/crypto/provider/KdfSpi.java

diff --git a/csrc/hkdf.cpp b/csrc/hkdf.cpp
index ee51740c..4328b87b 100644
--- a/csrc/hkdf.cpp
+++ b/csrc/hkdf.cpp
@@ -8,23 +8,6 @@
 
 using namespace AmazonCorrettoCryptoProvider;
 
-// The possible values of digestCode are defined in HkdfSecretKeyFactorySpi.java
-static EVP_MD const* digest_code_to_EVP_MD(int digestCode)
-{
-    switch (digestCode) {
-    case com_amazon_corretto_crypto_provider_HkdfSecretKeyFactorySpi_SHA1_CODE:
-        return EVP_sha1();
-    case com_amazon_corretto_crypto_provider_HkdfSecretKeyFactorySpi_SHA256_CODE:
-        return EVP_sha256();
-    case com_amazon_corretto_crypto_provider_HkdfSecretKeyFactorySpi_SHA384_CODE:
-        return EVP_sha384();
-    case com_amazon_corretto_crypto_provider_HkdfSecretKeyFactorySpi_SHA512_CODE:
-        return EVP_sha512();
-    default:
-        throw java_ex(EX_ERROR, "THIS SHOULD NOT BE REACHABLE.");
-    }
-}
-
 extern "C" JNIEXPORT void JNICALL Java_com_amazon_corretto_crypto_provider_HkdfSecretKeyFactorySpi_hkdf(JNIEnv* env,
     jclass,
     jbyteArray jOutput,
diff --git a/csrc/util.cpp b/csrc/util.cpp
index 5255dce3..5e730ff0 100644
--- a/csrc/util.cpp
+++ b/csrc/util.cpp
@@ -48,4 +48,20 @@ extern "C" JNIEXPORT void JNICALL Java_com_amazon_corretto_crypto_provider_Utils
     EVP_CIPHER_CTX_free(reinterpret_cast<EVP_CIPHER_CTX*>(ctxPtr));
 }
 
+EVP_MD const* digest_code_to_EVP_MD(int digestCode)
+{
+    switch (digestCode) {
+    case com_amazon_corretto_crypto_provider_Utils_SHA1_CODE:
+        return EVP_sha1();
+    case com_amazon_corretto_crypto_provider_Utils_SHA256_CODE:
+        return EVP_sha256();
+    case com_amazon_corretto_crypto_provider_Utils_SHA384_CODE:
+        return EVP_sha384();
+    case com_amazon_corretto_crypto_provider_Utils_SHA512_CODE:
+        return EVP_sha512();
+    default:
+        throw java_ex(EX_ERROR, "THIS SHOULD NOT BE REACHABLE.");
+    }
+}
+
 } // namespace
diff --git a/csrc/util.h b/csrc/util.h
index 7f696d42..b3e8de29 100644
--- a/csrc/util.h
+++ b/csrc/util.h
@@ -117,6 +117,10 @@ static inline bool check_bounds(size_t length, size_t offset, size_t range_len)
     return remaining >= range_len;
 }
 
+// Given the code of a digest, returns its correspodning EVP_MD* object. The possible values of digestCode are defined
+// in Utils.java. This method is used by different KDFs that can work with different digest algorithms.
+EVP_MD const* digest_code_to_EVP_MD(int digestCode);
+
 } // namespace AmazonCorrettoCryptoProvider
 
 #endif
diff --git a/src/com/amazon/corretto/crypto/provider/HkdfSecretKeyFactorySpi.java b/src/com/amazon/corretto/crypto/provider/HkdfSecretKeyFactorySpi.java
index 53e9c7b2..ff3edded 100644
--- a/src/com/amazon/corretto/crypto/provider/HkdfSecretKeyFactorySpi.java
+++ b/src/com/amazon/corretto/crypto/provider/HkdfSecretKeyFactorySpi.java
@@ -13,10 +13,9 @@
 import java.util.HashMap;
 import java.util.Map;
 import javax.crypto.SecretKey;
-import javax.crypto.SecretKeyFactorySpi;
 import javax.crypto.spec.SecretKeySpec;
 
-class HkdfSecretKeyFactorySpi extends SecretKeyFactorySpi {
+class HkdfSecretKeyFactorySpi extends KdfSpi {
   private final int digestCode;
   private final int digestLength;
 
@@ -121,16 +120,6 @@ private static native void hkdfExpand(
       byte[] jInfo,
       int infoLen);
 
-  @Override
-  protected KeySpec engineGetKeySpec(final SecretKey key, final Class<?> keySpec) {
-    throw new UnsupportedOperationException();
-  }
-
-  @Override
-  protected SecretKey engineTranslateKey(final SecretKey key) {
-    throw new UnsupportedOperationException();
-  }
-
   static final Map<String, HkdfSecretKeyFactorySpi> INSTANCES = getInstances();
 
   private static final String HKDF = "Hkdf";
@@ -140,25 +129,20 @@ protected SecretKey engineTranslateKey(final SecretKey key) {
   static final String HKDF_WITH_SHA384 = HKDF + WITH + "HmacSHA384";
   static final String HKDF_WITH_SHA512 = HKDF + WITH + "HmacSHA512";
 
-  private static final int SHA1_CODE = 1;
-  private static final int SHA256_CODE = 2;
-  private static final int SHA384_CODE = 3;
-  private static final int SHA512_CODE = 4;
-
   private static Map<String, HkdfSecretKeyFactorySpi> getInstances() {
     final Map<String, HkdfSecretKeyFactorySpi> result = new HashMap<>();
     result.put(
         getSpiFactoryForAlgName(HKDF_WITH_SHA1),
-        new HkdfSecretKeyFactorySpi(SHA1_CODE, getDigestLength("sha1")));
+        new HkdfSecretKeyFactorySpi(Utils.SHA1_CODE, getDigestLength("sha1")));
     result.put(
         getSpiFactoryForAlgName(HKDF_WITH_SHA256),
-        new HkdfSecretKeyFactorySpi(SHA256_CODE, getDigestLength("sha256")));
+        new HkdfSecretKeyFactorySpi(Utils.SHA256_CODE, getDigestLength("sha256")));
     result.put(
         getSpiFactoryForAlgName(HKDF_WITH_SHA384),
-        new HkdfSecretKeyFactorySpi(SHA384_CODE, getDigestLength("sha384")));
+        new HkdfSecretKeyFactorySpi(Utils.SHA384_CODE, getDigestLength("sha384")));
     result.put(
         getSpiFactoryForAlgName(HKDF_WITH_SHA512),
-        new HkdfSecretKeyFactorySpi(SHA512_CODE, getDigestLength("sha512")));
+        new HkdfSecretKeyFactorySpi(Utils.SHA512_CODE, getDigestLength("sha512")));
     return Collections.unmodifiableMap(result);
   }
 
diff --git a/src/com/amazon/corretto/crypto/provider/KdfSpi.java b/src/com/amazon/corretto/crypto/provider/KdfSpi.java
new file mode 100644
index 00000000..30963cf1
--- /dev/null
+++ b/src/com/amazon/corretto/crypto/provider/KdfSpi.java
@@ -0,0 +1,20 @@
+// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+package com.amazon.corretto.crypto.provider;
+
+import java.security.spec.KeySpec;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactorySpi;
+
+abstract class KdfSpi extends SecretKeyFactorySpi {
+
+  @Override
+  protected KeySpec engineGetKeySpec(final SecretKey key, final Class<?> keySpec) {
+    throw new UnsupportedOperationException();
+  }
+
+  @Override
+  protected SecretKey engineTranslateKey(final SecretKey key) {
+    throw new UnsupportedOperationException();
+  }
+}
diff --git a/src/com/amazon/corretto/crypto/provider/Utils.java b/src/com/amazon/corretto/crypto/provider/Utils.java
index 337d7268..1c0e22c8 100644
--- a/src/com/amazon/corretto/crypto/provider/Utils.java
+++ b/src/com/amazon/corretto/crypto/provider/Utils.java
@@ -28,6 +28,10 @@
 
 /** Miscellaneous utility methods. */
 final class Utils {
+  static final int SHA1_CODE = 1;
+  static final int SHA256_CODE = 2;
+  static final int SHA384_CODE = 3;
+  static final int SHA512_CODE = 4;
   private static final String PROPERTY_NATIVE_CONTEXT_RELEASE_STRATEGY =
       "nativeContextReleaseStrategy";