Disallow SHA224 and SHA384 for HKDF in AesCtrHmacStreamingKey objects.

I think it's better to disallow these than to expand the implementation in C++. This is not a standard type, so we get to define it.

PiperOrigin-RevId: 510067278
Change-Id: Id50c0bc4fe462d0c91ee9ebd24ccffa92b941df5

src/main/java/com/google/crypto/tink/streamingaead/AesCtrHmacStreamingKeyManager.java

@@ -163,8 +163,11 @@ public Map<String, KeyFactory.KeyFormat<AesCtrHmacStreamingKeyFormat>> keyFormat
   private static void validateParams(AesCtrHmacStreamingParams params)
       throws GeneralSecurityException {
     Validators.validateAesKeySize(params.getDerivedKeySize());
-    if (params.getHkdfHashType() == HashType.UNKNOWN_HASH) {
-      throw new GeneralSecurityException("unknown HKDF hash type");
+    if (params.getHkdfHashType() != HashType.SHA1
+        && params.getHkdfHashType() != HashType.SHA256
+        && params.getHkdfHashType() != HashType.SHA512) {
+      throw new GeneralSecurityException(
+          "Invalid HKDF hash type: " + params.getHkdfHashType().getNumber());
     }
     if (params.getHmacParams().getHash() == HashType.UNKNOWN_HASH) {
       throw new GeneralSecurityException("unknown HMAC hash type");

src/test/java/com/google/crypto/tink/streamingaead/AesCtrHmacStreamingKeyManagerTest.java

@@ -22,6 +22,7 @@
 import com.google.crypto.tink.KeyTemplate;
 import com.google.crypto.tink.StreamingAead;
 import com.google.crypto.tink.internal.KeyTypeManager;
+import com.google.crypto.tink.internal.Util;
 import com.google.crypto.tink.proto.AesCtrHmacStreamingKey;
 import com.google.crypto.tink.proto.AesCtrHmacStreamingKeyFormat;
 import com.google.crypto.tink.proto.AesCtrHmacStreamingParams;
@@ -30,6 +31,7 @@
 import com.google.crypto.tink.proto.KeyData.KeyMaterialType;
 import com.google.crypto.tink.testing.StreamingTestUtil;
 import com.google.crypto.tink.testing.TestUtil;
+import com.google.protobuf.ByteString;
 import com.google.protobuf.ExtensionRegistryLite;
 import java.security.GeneralSecurityException;
 import java.util.Set;
@@ -64,6 +66,14 @@ private static AesCtrHmacStreamingKeyFormat.Builder createKeyFormat() {
     return AesCtrHmacStreamingKeyFormat.newBuilder().setKeySize(32).setParams(createParams());
   }
 
+  // Returns a valid AesCtrHmacStreamingKey.Builder
+  private static AesCtrHmacStreamingKey.Builder createKey() {
+    return AesCtrHmacStreamingKey.newBuilder()
+        .setParams(createParams())
+        .setVersion(0)
+        .setKeyValue(ByteString.copyFrom("This is a 32 byte random key.   ", Util.UTF_8));
+  }
+
   @Test
   public void basics() throws Exception {
     assertThat(manager.getKeyType())
@@ -179,6 +189,21 @@ public void validateKeyFormat_ciphertextSegmentSizeOverflow_throws() throws Exce
     assertThrows(GeneralSecurityException.class, () -> factory.validateKeyFormat(format));
   }
 
+  @Test
+  public void validateKey_validKey_works() throws Exception {
+    AesCtrHmacStreamingKey key = createKey().build();
+
+    manager.validateKey(key);
+  }
+
+  @Test
+  public void validateKey_badHkdfHashType_throws() throws Exception {
+    AesCtrHmacStreamingKey key =
+        createKey().setParams(createParams().setHkdfHashType(HashType.SHA224)).build();
+
+    assertThrows(GeneralSecurityException.class, () -> manager.validateKey(key));
+  }
+
   @Test
   public void createKey_values() throws Exception {
     AesCtrHmacStreamingKeyFormat format = createKeyFormat().build();

src/test/java/com/google/crypto/tink/streamingaead/BUILD.bazel

@@ -110,6 +110,7 @@ java_test(
         "//src/main/java/com/google/crypto/tink:key_template",
         "//src/main/java/com/google/crypto/tink:streaming_aead",
         "//src/main/java/com/google/crypto/tink/internal:key_type_manager",
+        "//src/main/java/com/google/crypto/tink/internal:util",
         "//src/main/java/com/google/crypto/tink/streamingaead:aes_ctr_hmac_streaming_key_manager",
         "//src/main/java/com/google/crypto/tink/testing:streaming_test_util",
         "//src/main/java/com/google/crypto/tink/testing:test_util",