Addressing comments from PR #396

Minor code improvements addressing comments from PR #396.
corretto · Dec 9, 2024 · d596fbf · d596fbf
1 parent cf3430a
commit d596fbf
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 40 deletions.
diff --git a/csrc/hmac.cpp b/csrc/hmac.cpp
@@ -58,7 +58,6 @@ void maybe_init_ctx(raii_env& env, HMAC_CTX* ctx, jbyteArray& keyArr, jlong evpM
         }
     }
 }
-}
 
 void update_ctx(raii_env& env, HMAC_CTX* ctx, jni_borrow& input)
 {
@@ -103,6 +102,7 @@ jint get_precomputed_key_size(raii_env& env, jstring digestName)
 #endif
     return 0; // just to please the static verifier, since throw_java_ex always throws an exception
 }
+} // anonymous namespace
 
 #ifdef __cplusplus
 extern "C" {

diff --git a/src/com/amazon/corretto/crypto/provider/AmazonCorrettoCryptoProvider.java b/src/com/amazon/corretto/crypto/provider/AmazonCorrettoCryptoProvider.java
@@ -10,11 +10,7 @@
 import static com.amazon.corretto.crypto.provider.ConcatenationKdfSpi.CKDF_WITH_SHA256;
 import static com.amazon.corretto.crypto.provider.ConcatenationKdfSpi.CKDF_WITH_SHA384;
 import static com.amazon.corretto.crypto.provider.ConcatenationKdfSpi.CKDF_WITH_SHA512;
-import static com.amazon.corretto.crypto.provider.EvpHmac.HMAC_MD5_WITH_PRECOMPUTED_KEY;
-import static com.amazon.corretto.crypto.provider.EvpHmac.HMAC_SHA1_WITH_PRECOMPUTED_KEY;
-import static com.amazon.corretto.crypto.provider.EvpHmac.HMAC_SHA256_WITH_PRECOMPUTED_KEY;
-import static com.amazon.corretto.crypto.provider.EvpHmac.HMAC_SHA384_WITH_PRECOMPUTED_KEY;
-import static com.amazon.corretto.crypto.provider.EvpHmac.HMAC_SHA512_WITH_PRECOMPUTED_KEY;
+import static com.amazon.corretto.crypto.provider.EvpHmac.HMAC_PREFIX;
 import static com.amazon.corretto.crypto.provider.EvpHmac.WITH_PRECOMPUTED_KEY;
 import static com.amazon.corretto.crypto.provider.HkdfSecretKeyFactorySpi.HKDF_WITH_SHA1;
 import static com.amazon.corretto.crypto.provider.HkdfSecretKeyFactorySpi.HKDF_WITH_SHA256;
@@ -149,37 +145,19 @@ private void buildServiceMap() {
     // check and update HmacTest#assumePrecomputedKeySupport and
     // HmacTest#assumeNoPrecomputedKeySupport.
     if (!Loader.FIPS_BUILD) {
+      final String hmacWithPrecomputedKeyKeyFactorySpi = "HmacWithPrecomputedKeyKeyFactorySpi";
+
       for (String hash : new String[] {"MD5", "SHA1", "SHA256", "SHA384", "SHA512"}) {
         addService(
-            "Mac", "Hmac" + hash + WITH_PRECOMPUTED_KEY, "EvpHmac$" + hash + WITH_PRECOMPUTED_KEY);
+            "Mac",
+            HMAC_PREFIX + hash + WITH_PRECOMPUTED_KEY,
+            "EvpHmac$" + hash + WITH_PRECOMPUTED_KEY);
+        addService(
+            "SecretKeyFactory",
+            HMAC_PREFIX + hash + WITH_PRECOMPUTED_KEY,
+            hmacWithPrecomputedKeyKeyFactorySpi,
+            false);
       }
-
-      final String hmacWithPrecomputedKeyKeyFactorySpi = "HmacWithPrecomputedKeyKeyFactorySpi";
-      addService(
-          "SecretKeyFactory",
-          HMAC_MD5_WITH_PRECOMPUTED_KEY,
-          hmacWithPrecomputedKeyKeyFactorySpi,
-          false);
-      addService(
-          "SecretKeyFactory",
-          HMAC_SHA1_WITH_PRECOMPUTED_KEY,
-          hmacWithPrecomputedKeyKeyFactorySpi,
-          false);
-      addService(
-          "SecretKeyFactory",
-          HMAC_SHA256_WITH_PRECOMPUTED_KEY,
-          hmacWithPrecomputedKeyKeyFactorySpi,
-          false);
-      addService(
-          "SecretKeyFactory",
-          HMAC_SHA384_WITH_PRECOMPUTED_KEY,
-          hmacWithPrecomputedKeyKeyFactorySpi,
-          false);
-      addService(
-          "SecretKeyFactory",
-          HMAC_SHA512_WITH_PRECOMPUTED_KEY,
-          hmacWithPrecomputedKeyKeyFactorySpi,
-          false);
     }
 
     addService(

diff --git a/tst/com/amazon/corretto/crypto/provider/test/HmacTest.java b/tst/com/amazon/corretto/crypto/provider/test/HmacTest.java
@@ -102,26 +102,38 @@ private static List<String> supportedHmacs() {
     return SUPPORTED_HMACS;
   }
 
+  /**
+   * Returns the precomputed key length for a given HMAC algorithm.
+   *
+   * <p>The precomputed key length for HMAC with hash algorithm XXX is defined by the aws-lc C macro
+   * HMAC_XXX_PRECOMPUTED_KEY_SIZE (e.g., HMAC_SHA384_PRECOMPUTED_KEY_SIZE). It is twice the
+   * chaining length of the hash function, where the chaining length is the output length of the
+   * hash function before any truncation (e.g., for SHA512 and SHA384, the chaining length is 32
+   * bytes and the precomputed key length is 64 bytes).
+   *
+   * @param algorithm HMAC algorithm name, e.g., HmacSHA384 (case sensitive)
+   * @return precomputed key length
+   */
   private int getPrecomputedKeyLength(String algorithm) {
-    int precomputedKeySize;
+    int precomputedKeyLength;
     switch (algorithm) {
       case "HmacMD5":
-        precomputedKeySize = 16;
+        precomputedKeyLength = 16;
         break;
       case "HmacSHA1":
-        precomputedKeySize = 20;
+        precomputedKeyLength = 20;
         break;
       case "HmacSHA256":
-        precomputedKeySize = 32;
+        precomputedKeyLength = 32;
         break;
       case "HmacSHA384":
       case "HmacSHA512":
-        precomputedKeySize = 64;
+        precomputedKeyLength = 64;
         break;
       default:
         throw new IllegalArgumentException("Unknown algorithm: " + algorithm);
     }
-    return precomputedKeySize;
+    return precomputedKeyLength;
   }
 
   @Test