diff --git a/prf/hkdf_prf_key_manager.go b/prf/hkdf_prf_key_manager.go index fc149f8..c2ff225 100644 --- a/prf/hkdf_prf_key_manager.go +++ b/prf/hkdf_prf_key_manager.go @@ -57,8 +57,8 @@ func (km *hkdfprfKeyManager) Primitive(serializedKey []byte) (interface{}, error if err := km.validateKey(key); err != nil { return nil, err } - hash := commonpb.HashType_name[int32(key.Params.Hash)] - hkdf, err := subtle.NewHKDFPRF(hash, key.KeyValue, key.Params.Salt) + hash := commonpb.HashType_name[int32(key.GetParams().GetHash())] + hkdf, err := subtle.NewHKDFPRF(hash, key.GetKeyValue(), key.GetParams().GetSalt()) if err != nil { return nil, err } @@ -77,10 +77,10 @@ func (km *hkdfprfKeyManager) NewKey(serializedKeyFormat []byte) (proto.Message, if err := km.validateKeyFormat(keyFormat); err != nil { return nil, fmt.Errorf("hkdf_prf_key_manager: invalid key format: %s", err) } - keyValue := random.GetRandomBytes(keyFormat.KeySize) + keyValue := random.GetRandomBytes(keyFormat.GetKeySize()) return &hkdfpb.HkdfPrfKey{ Version: hkdfprfKeyVersion, - Params: keyFormat.Params, + Params: keyFormat.GetParams(), KeyValue: keyValue, }, nil } @@ -142,7 +142,7 @@ func (km *hkdfprfKeyManager) DeriveKey(serializedKeyFormat []byte, pseudorandomn return &hkdfpb.HkdfPrfKey{ Version: hkdfprfKeyVersion, - Params: keyFormat.Params, + Params: keyFormat.GetParams(), KeyValue: keyValue, }, nil } @@ -150,20 +150,16 @@ func (km *hkdfprfKeyManager) DeriveKey(serializedKeyFormat []byte, pseudorandomn // validateKey validates the given HKDFPRFKey. It only validates the version of the // key because other parameters will be validated in primitive construction. func (km *hkdfprfKeyManager) validateKey(key *hkdfpb.HkdfPrfKey) error { - err := keyset.ValidateKeyVersion(key.Version, hkdfprfKeyVersion) - if err != nil { + if err := keyset.ValidateKeyVersion(key.GetVersion(), hkdfprfKeyVersion); err != nil { return fmt.Errorf("hkdf_prf_key_manager: invalid version: %s", err) } - keySize := uint32(len(key.KeyValue)) - hash := commonpb.HashType_name[int32(key.Params.Hash)] - return subtle.ValidateHKDFPRFParams(hash, keySize, key.Params.Salt) + keySize := uint32(len(key.GetKeyValue())) + hash := commonpb.HashType_name[int32(key.GetParams().GetHash())] + return subtle.ValidateHKDFPRFParams(hash, keySize, key.GetParams().GetSalt()) } // validateKeyFormat validates the given HKDFKeyFormat func (km *hkdfprfKeyManager) validateKeyFormat(format *hkdfpb.HkdfPrfKeyFormat) error { - if format.Params == nil { - return fmt.Errorf("null HKDF params") - } - hash := commonpb.HashType_name[int32(format.Params.Hash)] - return subtle.ValidateHKDFPRFParams(hash, format.KeySize, format.Params.Salt) + hash := commonpb.HashType_name[int32(format.GetParams().GetHash())] + return subtle.ValidateHKDFPRFParams(hash, format.GetKeySize(), format.GetParams().GetSalt()) } diff --git a/prf/hkdf_prf_key_manager_test.go b/prf/hkdf_prf_key_manager_test.go index b2b5de0..0b668f6 100644 --- a/prf/hkdf_prf_key_manager_test.go +++ b/prf/hkdf_prf_key_manager_test.go @@ -421,6 +421,8 @@ func genInvalidHKDFKeys() []proto.Message { badVersionKey.Version++ shortKey := testutil.NewHKDFPRFKey(commonpb.HashType_SHA256, make([]byte, 0)) shortKey.KeyValue = []byte{1, 1} + nilParams := testutil.NewHKDFPRFKey(commonpb.HashType_SHA256, make([]byte, 0)) + nilParams.Params = nil return []proto.Message{ // not a HKDFPRFKey testutil.NewHKDFPRFParams(commonpb.HashType_SHA256, make([]byte, 0)), @@ -432,12 +434,16 @@ func genInvalidHKDFKeys() []proto.Message { testutil.NewHKDFPRFKey(commonpb.HashType_SHA1, make([]byte, 0)), // unknown hash type testutil.NewHKDFPRFKey(commonpb.HashType_UNKNOWN_HASH, make([]byte, 0)), + // params field is unset + nilParams, } } func genInvalidHKDFKeyFormats() []proto.Message { shortKeyFormat := testutil.NewHKDFPRFKeyFormat(commonpb.HashType_SHA256, make([]byte, 0)) shortKeyFormat.KeySize = 1 + nilParams := testutil.NewHKDFPRFKeyFormat(commonpb.HashType_SHA256, make([]byte, 0)) + nilParams.Params = nil return []proto.Message{ // not a HKDFPRFKeyFormat testutil.NewHMACParams(commonpb.HashType_SHA256, 32), @@ -447,6 +453,8 @@ func genInvalidHKDFKeyFormats() []proto.Message { testutil.NewHKDFPRFKeyFormat(commonpb.HashType_SHA1, make([]byte, 0)), // unknown hash type testutil.NewHKDFPRFKeyFormat(commonpb.HashType_UNKNOWN_HASH, make([]byte, 0)), + // params field is unset + nilParams, } } diff --git a/prf/hmac_prf_key_manager.go b/prf/hmac_prf_key_manager.go index 74e21d8..c9e6569 100644 --- a/prf/hmac_prf_key_manager.go +++ b/prf/hmac_prf_key_manager.go @@ -53,8 +53,8 @@ func (km *hmacprfKeyManager) Primitive(serializedKey []byte) (interface{}, error if err := km.validateKey(key); err != nil { return nil, err } - hash := commonpb.HashType_name[int32(key.Params.Hash)] - hmac, err := subtle.NewHMACPRF(hash, key.KeyValue) + hash := commonpb.HashType_name[int32(key.GetParams().GetHash())] + hmac, err := subtle.NewHMACPRF(hash, key.GetKeyValue()) if err != nil { return nil, err } @@ -75,8 +75,8 @@ func (km *hmacprfKeyManager) NewKey(serializedKeyFormat []byte) (proto.Message, } return &hmacpb.HmacPrfKey{ Version: hmacprfKeyVersion, - Params: keyFormat.Params, - KeyValue: random.GetRandomBytes(keyFormat.KeySize), + Params: keyFormat.GetParams(), + KeyValue: random.GetRandomBytes(keyFormat.GetKeySize()), }, nil } @@ -112,12 +112,11 @@ func (km *hmacprfKeyManager) TypeURL() string { // validateKey validates the given HMACPRFKey. It only validates the version of the // key because other parameters will be validated in primitive construction. func (km *hmacprfKeyManager) validateKey(key *hmacpb.HmacPrfKey) error { - err := keyset.ValidateKeyVersion(key.Version, hmacprfKeyVersion) - if err != nil { + if err := keyset.ValidateKeyVersion(key.GetVersion(), hmacprfKeyVersion); err != nil { return fmt.Errorf("hmac_prf_key_manager: invalid version: %s", err) } - keySize := uint32(len(key.KeyValue)) - hash := commonpb.HashType_name[int32(key.Params.Hash)] + keySize := uint32(len(key.GetKeyValue())) + hash := commonpb.HashType_name[int32(key.GetParams().GetHash())] return subtle.ValidateHMACPRFParams(hash, keySize) } @@ -155,9 +154,6 @@ func (km *hmacprfKeyManager) DeriveKey(serializedKeyFormat []byte, pseudorandomn // validateKeyFormat validates the given HMACKeyFormat func (km *hmacprfKeyManager) validateKeyFormat(format *hmacpb.HmacPrfKeyFormat) error { - if format.Params == nil { - return fmt.Errorf("null HMAC params") - } - hash := commonpb.HashType_name[int32(format.Params.Hash)] - return subtle.ValidateHMACPRFParams(hash, format.KeySize) + hash := commonpb.HashType_name[int32(format.GetParams().GetHash())] + return subtle.ValidateHMACPRFParams(hash, format.GetKeySize()) } diff --git a/prf/hmac_prf_key_manager_test.go b/prf/hmac_prf_key_manager_test.go index 7c6c505..ad16d34 100644 --- a/prf/hmac_prf_key_manager_test.go +++ b/prf/hmac_prf_key_manager_test.go @@ -400,6 +400,8 @@ func genInvalidHMACPRFKeys() []proto.Message { badVersionKey.Version++ shortKey := testutil.NewHMACPRFKey(commonpb.HashType_SHA256) shortKey.KeyValue = []byte{1, 1} + nilParams := testutil.NewHMACPRFKey(commonpb.HashType_SHA256) + nilParams.Params = nil return []proto.Message{ // not a HMACPRFKey testutil.NewHMACParams(commonpb.HashType_SHA256, 32), @@ -409,12 +411,16 @@ func genInvalidHMACPRFKeys() []proto.Message { shortKey, // unknown hash type testutil.NewHMACPRFKey(commonpb.HashType_UNKNOWN_HASH), + // params field is unset + nilParams, } } func genInvalidHMACPRFKeyFormats() []proto.Message { shortKeyFormat := testutil.NewHMACPRFKeyFormat(commonpb.HashType_SHA256) shortKeyFormat.KeySize = 1 + nilParams := testutil.NewHMACPRFKey(commonpb.HashType_SHA256) + nilParams.Params = nil return []proto.Message{ // not a HMACPRFKeyFormat testutil.NewHMACParams(commonpb.HashType_SHA256, 32), @@ -422,6 +428,8 @@ func genInvalidHMACPRFKeyFormats() []proto.Message { shortKeyFormat, // unknown hash type testutil.NewHMACPRFKeyFormat(commonpb.HashType_UNKNOWN_HASH), + // params field is unset + nilParams, } }