Add refaster templates for DeterministicAead and StreamingAead key templates.

PiperOrigin-RevId: 527521178

4 files changed, 156 insertions, 4 deletions

diff --git a/java_src/tools/refaster/README.md b/java_src/tools/refaster/README.md
index b89f3668f..b2ffb91e3 100644
--- a/java_src/tools/refaster/README.md
+++ b/java_src/tools/refaster/README.md
@@ -20,7 +20,6 @@ integration tests.
 
 
 ```bash
-tink_version="1.9.0"
 errorprone_version="2.18.0"
 
 ## STEP 0: Switch to a directory so the remainder of the script can be run
@@ -35,15 +34,18 @@ mkdir jars
 pushd jars
 maven_base="repo1.maven.org/maven2/com/google"
 
-tink_jar="tink-${tink_version}.jar"
-tink_sha256="8faf92d116a0ba138ee4e99a7418e985897818c2f6a9d4c01b8fe6b07db60eb7"
+# We download Tink from Head because Tink 1.9 does not have all key templates
+# This URL is found by going to https://oss.sonatype.org/ and browsing.
+tink_jar="tink-HEAD-20230426.095746-3687.jar"
+tink_url="https://oss.sonatype.org/service/local/repositories/snapshots/content/com/google/crypto/tink/tink/HEAD-SNAPSHOT/tink-HEAD-20230426.095746-3687.jar"
+tink_sha256="d88bbb07f02d3c55f9edc2a3450a1d6c8ff59c2cbe00d2d8b5628bdc67c0638f"
 
 refaster_jar="error_prone_refaster-${errorprone_version}.jar"
 refaster_sha256="0cde0a3db5c2f748fae4633ccd8c66a9ba9c5a0f7a380c9104b99372fd0c4959"
 errorprone_jar="error_prone_core-${errorprone_version}-with-dependencies.jar"
 errorprone_sha256="2b3f2d21e7754bece946cf8f7b0e2b2f805c46f58b4839eb302c3d2498a3a55e"
 
-wget "https://${maven_base}/crypto/tink/tink/${tink_version}/${tink_jar}"
+wget "${tink_url}"
 echo "${tink_sha256} ${tink_jar}" | sha256sum -c
 
 wget "https://${maven_base}/errorprone/error_prone_refaster/${errorprone_version}/${refaster_jar}"
diff --git a/java_src/tools/refaster/java/com/google/tink1_templates/AllChanges.java b/java_src/tools/refaster/java/com/google/tink1_templates/AllChanges.java
index b4dd61d82..0e23cc9b4 100644
--- a/java_src/tools/refaster/java/com/google/tink1_templates/AllChanges.java
+++ b/java_src/tools/refaster/java/com/google/tink1_templates/AllChanges.java
@@ -22,8 +22,12 @@ import com.google.crypto.tink.KeysetReader;
 import com.google.crypto.tink.TinkProtoKeysetFormat;
 import com.google.crypto.tink.aead.AeadKeyTemplates;
 import com.google.crypto.tink.aead.PredefinedAeadParameters;
+import com.google.crypto.tink.daead.DeterministicAeadKeyTemplates;
+import com.google.crypto.tink.daead.PredefinedDeterministicAeadParameters;
 import com.google.crypto.tink.mac.MacKeyTemplates;
 import com.google.crypto.tink.mac.PredefinedMacParameters;
+import com.google.crypto.tink.streamingaead.PredefinedStreamingAeadParameters;
+import com.google.crypto.tink.streamingaead.StreamingAeadKeyTemplates;
 import com.google.errorprone.refaster.annotation.AfterTemplate;
 import com.google.errorprone.refaster.annotation.BeforeTemplate;
 import java.io.IOException;
@@ -52,6 +56,7 @@ final class AllChanges {
     public KeysetHandle beforeTemplate(byte[] bytes) throws GeneralSecurityException, IOException {
       return KeysetHandle.readNoSecret(BinaryKeysetReader.withBytes(bytes));
     }
+
     @AfterTemplate
     public KeysetHandle afterTemplate(byte[] bytes) throws GeneralSecurityException, IOException {
       return TinkProtoKeysetFormat.parseKeysetWithoutSecret(bytes);
@@ -64,6 +69,7 @@ final class AllChanges {
         throws GeneralSecurityException, IOException {
       return KeysetHandle.readNoSecret(reader);
     }
+
     @AfterTemplate
     public KeysetHandle afterTemplate(KeysetReader reader)
         throws GeneralSecurityException, IOException {
@@ -226,4 +232,112 @@ final class AllChanges {
       return KeysetHandle.generateNew(PredefinedAeadParameters.XCHACHA20_POLY1305);
     }
   }
+
+  class AES256_SIV {
+    @BeforeTemplate
+    public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException {
+      return KeysetHandle.generateNew(DeterministicAeadKeyTemplates.AES256_SIV);
+    }
+
+    @AfterTemplate
+    public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException {
+      return KeysetHandle.generateNew(PredefinedDeterministicAeadParameters.AES256_SIV);
+    }
+  }
+
+  class AES128_CTR_HMAC_SHA256_4KB {
+    @BeforeTemplate
+    public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException {
+      return KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES128_CTR_HMAC_SHA256_4KB);
+    }
+
+    @AfterTemplate
+    public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException {
+      return KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES128_CTR_HMAC_SHA256_4KB);
+    }
+  }
+
+  class AES128_CTR_HMAC_SHA256_1MB {
+    @BeforeTemplate
+    public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException {
+      return KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES128_CTR_HMAC_SHA256_1MB);
+    }
+
+    @AfterTemplate
+    public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException {
+      return KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES128_CTR_HMAC_SHA256_1MB);
+    }
+  }
+
+  class AES256_CTR_HMAC_SHA256_4KB {
+    @BeforeTemplate
+    public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException {
+      return KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES256_CTR_HMAC_SHA256_4KB);
+    }
+
+    @AfterTemplate
+    public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException {
+      return KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES256_CTR_HMAC_SHA256_4KB);
+    }
+  }
+
+  class AES256_CTR_HMAC_SHA256_1MB {
+    @BeforeTemplate
+    public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException {
+      return KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES256_CTR_HMAC_SHA256_1MB);
+    }
+
+    @AfterTemplate
+    public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException {
+      return KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES256_CTR_HMAC_SHA256_1MB);
+    }
+  }
+
+  class AES128_GCM_HKDF_4KB {
+    @BeforeTemplate
+    public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException {
+      return KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES128_GCM_HKDF_4KB);
+    }
+
+    @AfterTemplate
+    public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException {
+      return KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES128_GCM_HKDF_4KB);
+    }
+  }
+
+  class AES128_GCM_HKDF_1MB {
+    @BeforeTemplate
+    public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException {
+      return KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES128_GCM_HKDF_1MB);
+    }
+
+    @AfterTemplate
+    public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException {
+      return KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES128_GCM_HKDF_1MB);
+    }
+  }
+
+  class AES256_GCM_HKDF_4KB {
+    @BeforeTemplate
+    public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException {
+      return KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES256_GCM_HKDF_4KB);
+    }
+
+    @AfterTemplate
+    public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException {
+      return KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES256_GCM_HKDF_4KB);
+    }
+  }
+
+  class AES256_GCM_HKDF_1MB {
+    @BeforeTemplate
+    public KeysetHandle beforeTemplate(byte[] b) throws GeneralSecurityException {
+      return KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES256_GCM_HKDF_1MB);
+    }
+
+    @AfterTemplate
+    public KeysetHandle afterTemplate(byte[] b) throws GeneralSecurityException {
+      return KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES256_GCM_HKDF_1MB);
+    }
+  }
 }
diff --git a/java_src/tools/refaster/java/com/google/tinkuser/TinkUser.java b/java_src/tools/refaster/java/com/google/tinkuser/TinkUser.java
index b94f550f1..67b207826 100644
--- a/java_src/tools/refaster/java/com/google/tinkuser/TinkUser.java
+++ b/java_src/tools/refaster/java/com/google/tinkuser/TinkUser.java
@@ -21,7 +21,9 @@ import com.google.crypto.tink.BinaryKeysetReader;
 import com.google.crypto.tink.KeysetHandle;
 import com.google.crypto.tink.KeysetReader;
 import com.google.crypto.tink.aead.AeadKeyTemplates;
+import com.google.crypto.tink.daead.DeterministicAeadKeyTemplates;
 import com.google.crypto.tink.mac.MacKeyTemplates;
+import com.google.crypto.tink.streamingaead.StreamingAeadKeyTemplates;
 import java.io.IOException;
 import java.security.GeneralSecurityException;
 
@@ -55,4 +57,19 @@ public final class TinkUser {
     Object g = KeysetHandle.generateNew(AeadKeyTemplates.CHACHA20_POLY1305);
     Object h = KeysetHandle.generateNew(AeadKeyTemplates.XCHACHA20_POLY1305);
   }
+
+  public void deterministicAeadKeyTemplateUser() throws Exception {
+    Object a = KeysetHandle.generateNew(DeterministicAeadKeyTemplates.AES256_SIV);
+  }
+
+  public void streamingAeadKeyTemplateUser() throws Exception {
+    Object a = KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES128_CTR_HMAC_SHA256_4KB);
+    Object b = KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES128_CTR_HMAC_SHA256_1MB);
+    Object c = KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES256_CTR_HMAC_SHA256_4KB);
+    Object d = KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES256_CTR_HMAC_SHA256_1MB);
+    Object e = KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES128_GCM_HKDF_4KB);
+    Object f = KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES128_GCM_HKDF_1MB);
+    Object g = KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES256_GCM_HKDF_4KB);
+    Object h = KeysetHandle.generateNew(StreamingAeadKeyTemplates.AES256_GCM_HKDF_1MB);
+  }
 }
diff --git a/java_src/tools/refaster/java/com/google/tinkuser/TinkUser.java_expected b/java_src/tools/refaster/java/com/google/tinkuser/TinkUser.java_expected
index c4aaa137e..df1829683 100644
--- a/java_src/tools/refaster/java/com/google/tinkuser/TinkUser.java_expected
+++ b/java_src/tools/refaster/java/com/google/tinkuser/TinkUser.java_expected
@@ -23,8 +23,12 @@ import com.google.crypto.tink.KeysetReader;
 import com.google.crypto.tink.TinkProtoKeysetFormat;
 import com.google.crypto.tink.aead.AeadKeyTemplates;
 import com.google.crypto.tink.aead.PredefinedAeadParameters;
+import com.google.crypto.tink.daead.DeterministicAeadKeyTemplates;
+import com.google.crypto.tink.daead.PredefinedDeterministicAeadParameters;
 import com.google.crypto.tink.mac.MacKeyTemplates;
 import com.google.crypto.tink.mac.PredefinedMacParameters;
+import com.google.crypto.tink.streamingaead.PredefinedStreamingAeadParameters;
+import com.google.crypto.tink.streamingaead.StreamingAeadKeyTemplates;
 import java.io.IOException;
 import java.security.GeneralSecurityException;
 
@@ -58,4 +62,19 @@ public final class TinkUser {
     Object g = KeysetHandle.generateNew(PredefinedAeadParameters.CHACHA20_POLY1305);
     Object h = KeysetHandle.generateNew(PredefinedAeadParameters.XCHACHA20_POLY1305);
   }
+
+  public void deterministicAeadKeyTemplateUser() throws Exception {
+    Object a = KeysetHandle.generateNew(PredefinedDeterministicAeadParameters.AES256_SIV);
+  }
+
+  public void streamingAeadKeyTemplateUser() throws Exception {
+    Object a = KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES128_CTR_HMAC_SHA256_4KB);
+    Object b = KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES128_CTR_HMAC_SHA256_1MB);
+    Object c = KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES256_CTR_HMAC_SHA256_4KB);
+    Object d = KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES256_CTR_HMAC_SHA256_1MB);
+    Object e = KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES128_GCM_HKDF_4KB);
+    Object f = KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES128_GCM_HKDF_1MB);
+    Object g = KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES256_GCM_HKDF_4KB);
+    Object h = KeysetHandle.generateNew(PredefinedStreamingAeadParameters.AES256_GCM_HKDF_1MB);
+  }
 }