Pass HPKE mode in HPKE createContext.

PiperOrigin-RevId: 553067158
author: Tink Team <tink-dev@google.com> 2023-08-02 01:28:23 -0700
committer: Copybara-Service <copybara-worker@google.com> 2023-08-02 01:29:34 -0700
commit: 005fbb5e91f380602771f78a911fdae8b773d663 (patch)
tree: 26d41aa47b5f7a9fe4e6fba0d30b19297854e308
parent: db7579df4bf3e912878c52e8162f2b551c2ec711 (diff)
download: tink-005fbb5e91f380602771f78a911fdae8b773d663.tar.gz
3 files changed, 19 insertions, 5 deletions
diff --git a/java_src/src/main/java/com/google/crypto/tink/hybrid/internal/HpkeContext.java b/java_src/src/main/java/com/google/crypto/tink/hybrid/internal/HpkeContext.java
index 4d5b35a2d..c1077ac3a 100644
--- a/java_src/src/main/java/com/google/crypto/tink/hybrid/internal/HpkeContext.java
+++ b/java_src/src/main/java/com/google/crypto/tink/hybrid/internal/HpkeContext.java
@@ -58,6 +58,7 @@ final class HpkeContext {
 
   /** Helper function factored out to facilitate unit testing. */
   static HpkeContext createContext(
+      byte[] mode,
       byte[] encapsulatedKey,
       byte[] sharedSecret,
       HpkeKem kem,
@@ -68,7 +69,7 @@ final class HpkeContext {
     byte[] suiteId = HpkeUtil.hpkeSuiteId(kem.getKemId(), kdf.getKdfId(), aead.getAeadId());
     byte[] pskIdHash = kdf.labeledExtract(HpkeUtil.EMPTY_SALT, EMPTY_IKM, "psk_id_hash", suiteId);
     byte[] infoHash = kdf.labeledExtract(HpkeUtil.EMPTY_SALT, info, "info_hash", suiteId);
-    byte[] keyScheduleContext = Bytes.concat(HpkeUtil.BASE_MODE, pskIdHash, infoHash);
+    byte[] keyScheduleContext = Bytes.concat(mode, pskIdHash, infoHash);
     byte[] secret = kdf.labeledExtract(sharedSecret, EMPTY_IKM, "secret", suiteId);
 
     byte[] key = kdf.labeledExpand(secret, keyScheduleContext, "key", suiteId, aead.getKeyLength());
@@ -96,7 +97,7 @@ final class HpkeContext {
         kem.encapsulate(recipientPublicKey.getPublicKey().toByteArray());
     byte[] encapsulatedKey = encapOutput.getEncapsulatedKey();
     byte[] sharedSecret = encapOutput.getSharedSecret();
-    return createContext(encapsulatedKey, sharedSecret, kem, kdf, aead, info);
+    return createContext(HpkeUtil.BASE_MODE, encapsulatedKey, sharedSecret, kem, kdf, aead, info);
   }
 
   /**
@@ -119,7 +120,7 @@ final class HpkeContext {
       byte[] info)
       throws GeneralSecurityException {
     byte[] sharedSecret = kem.decapsulate(encapsulatedKey, recipientPrivateKey);
-    return createContext(encapsulatedKey, sharedSecret, kem, kdf, aead, info);
+    return createContext(HpkeUtil.BASE_MODE, encapsulatedKey, sharedSecret, kem, kdf, aead, info);
   }
 
   private static BigInteger maxSequenceNumber(int nonceLength) {
diff --git a/java_src/src/main/java/com/google/crypto/tink/hybrid/internal/HpkeUtil.java b/java_src/src/main/java/com/google/crypto/tink/hybrid/internal/HpkeUtil.java
index a71992409..559e445d0 100644
--- a/java_src/src/main/java/com/google/crypto/tink/hybrid/internal/HpkeUtil.java
+++ b/java_src/src/main/java/com/google/crypto/tink/hybrid/internal/HpkeUtil.java
@@ -30,6 +30,7 @@ import java.security.GeneralSecurityException;
 public final class HpkeUtil {
   // HPKE mode identifiers.
   public static final byte[] BASE_MODE = intToByteArray(1, 0x0);
+  public static final byte[] AUTH_MODE = intToByteArray(1, 0x2);
 
   // HPKE KEM algorithm identifiers.
   public static final byte[] X25519_HKDF_SHA256_KEM_ID = intToByteArray(2, 0x20);
diff --git a/java_src/src/test/java/com/google/crypto/tink/hybrid/internal/HpkeContextTest.java b/java_src/src/test/java/com/google/crypto/tink/hybrid/internal/HpkeContextTest.java
index 8e2d09e1f..38fe78c9a 100644
--- a/java_src/src/test/java/com/google/crypto/tink/hybrid/internal/HpkeContextTest.java
+++ b/java_src/src/test/java/com/google/crypto/tink/hybrid/internal/HpkeContextTest.java
@@ -104,13 +104,25 @@ public final class HpkeContextTest {
 
     HpkeContext encryptionContext =
         HpkeContext.createContext(
-            testSetup.encapsulatedKey, testSetup.sharedSecret, kem, kdf, aead, testSetup.info);
+            mode,
+            testSetup.encapsulatedKey,
+            testSetup.sharedSecret,
+            kem,
+            kdf,
+            aead,
+            testSetup.info);
     verifyContext(encryptionContext, testVector);
     verifyEncrypt(encryptionContext, testVector);
 
     HpkeContext decryptionContext =
         HpkeContext.createContext(
-            testSetup.encapsulatedKey, testSetup.sharedSecret, kem, kdf, aead, testSetup.info);
+            mode,
+            testSetup.encapsulatedKey,
+            testSetup.sharedSecret,
+            kem,
+            kdf,
+            aead,
+            testSetup.info);
     verifyContext(decryptionContext, testVector);
     verifyDecrypt(decryptionContext, testVector);
   }
author	Tink Team <tink-dev@google.com>	2023-08-02 01:28:23 -0700
committer	Copybara-Service <copybara-worker@google.com>	2023-08-02 01:29:34 -0700
commit	005fbb5e91f380602771f78a911fdae8b773d663 (patch)
tree	26d41aa47b5f7a9fe4e6fba0d30b19297854e308
parent	db7579df4bf3e912878c52e8162f2b551c2ec711 (diff)
download	tink-005fbb5e91f380602771f78a911fdae8b773d663.tar.gz