Change signature of derive function to be: Z,out,salt,other

patrickfav · Nov 20, 2018 · b75e08c · b75e08c
1 parent eac6a3d
commit b75e08c
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 18 deletions.
diff --git a/src/main/java/at/favre/lib/crypto/SingleStepKdf.java b/src/main/java/at/favre/lib/crypto/SingleStepKdf.java
@@ -124,7 +124,7 @@ public String getHFunctionDescription() {
      */
     public byte[] derive(byte[] sharedSecretZ,
                          int outLengthBytes) {
-        return derive(sharedSecretZ, null, new byte[0], outLengthBytes);
+        return derive(sharedSecretZ, outLengthBytes, null, new byte[0]);
     }
 
     /**
@@ -134,22 +134,21 @@ public byte[] derive(byte[] sharedSecretZ,
      * which use a {@link java.security.MessageDigest} as underlying H function.
      *
      * @param sharedSecretZ  called 'Z' in the spec: a byte string that represents the shared secret
+     * @param outLengthBytes called 'L' in the spec: a positive integer that indicates the length
+     *                       (in bytes) of the secret keying material to be derived (ie. how long the output
+     *                       will be in bytes)
      * @param fixedInfo      a bit string of context-specific data that is appropriate for the relying
      *                       key-establishment scheme. FixedInfo may, for example, include appropriately
      *                       formatted representations of the values of salt and/or L. The inclusion of
      *                       additional copies of the values of salt and L in FixedInfo would ensure that
      *                       each block of derived keying material is affected by all of the information
      *                       conveyed in OtherInput. See [SP 800-56A] and [SP 800-56B] for more detailed
      *                       recommendations concerning the format and content of FixedInfo.
-     * @param outLengthBytes called 'L' in the spec: a positive integer that indicates the length
-     *                       (in bytes) of the secret keying material to be derived (ie. how long the output
-     *                       will be in bytes)
      * @return derived keying material (to use as secret key)
      */
     public byte[] derive(byte[] sharedSecretZ,
-                         byte[] fixedInfo,
-                         int outLengthBytes) {
-        return derive(sharedSecretZ, null, fixedInfo, outLengthBytes);
+                         int outLengthBytes, byte[] fixedInfo) {
+        return derive(sharedSecretZ, outLengthBytes, null, fixedInfo);
     }
 
 
@@ -159,6 +158,9 @@ public byte[] derive(byte[] sharedSecretZ,
      * Derives a new key from given parameters.
      *
      * @param sharedSecretZ  called 'Z' in the spec: a byte string that represents the shared secret
+     * @param outLengthBytes called 'L' in the spec: a positive integer that indicates the length
+     *                       (in bytes) of the secret keying material to be derived (ie. how long the output
+     *                       will be in bytes)
      * @param salt           (secret or non-secret) byte string that should be provided when HMAC h
      *                       function is used, if null is passed the default_salt is used
      * @param fixedInfo      a bit string of context-specific data that is appropriate for the relying
@@ -168,15 +170,11 @@ public byte[] derive(byte[] sharedSecretZ,
      *                       each block of derived keying material is affected by all of the information
      *                       conveyed in OtherInput. See [SP 800-56A] and [SP 800-56B] for more detailed
      *                       recommendations concerning the format and content of FixedInfo.
-     * @param outLengthBytes called 'L' in the spec: a positive integer that indicates the length
-     *                       (in bytes) of the secret keying material to be derived (ie. how long the output
-     *                       will be in bytes)
      * @return derived keying material (to use as secret key)
      */
     public byte[] derive(byte[] sharedSecretZ,
-                         byte[] salt,
-                         byte[] fixedInfo,
-                         int outLengthBytes) {
+                         int outLengthBytes, byte[] salt,
+                         byte[] fixedInfo) {
 
         Objects.requireNonNull(sharedSecretZ, "sharedSecretZ");
         Objects.requireNonNull(fixedInfo, "fixedInfo");

diff --git a/src/test/java/at/favre/lib/crypto/SingleStepKdfRefenceValuesTest.java b/src/test/java/at/favre/lib/crypto/SingleStepKdfRefenceValuesTest.java
@@ -125,7 +125,7 @@ public void compareAgainstRefValueSha512() {
     }
 
     private void test(SingleStepKdf kdf, byte[] Z, byte[] salt, byte[] otherInfo, int outL, String refHex) {
-        byte[] out = kdf.derive(Z, salt, otherInfo, outL);
+        byte[] out = kdf.derive(Z, outL, salt, otherInfo);
         assertEquals(Bytes.wrap(out).encodeHex(), refHex);
     }
 }
diff --git a/src/test/java/at/favre/lib/crypto/SingleStepKdfReferenceImplTest.java b/src/test/java/at/favre/lib/crypto/SingleStepKdfReferenceImplTest.java
@@ -27,7 +27,7 @@ public void testReference1() throws NoSuchAlgorithmException {
 
     private void checkReferenceImpl1(SingleStepKdfReference1 ref1, byte[] z, byte[] otherInfo) throws NoSuchAlgorithmException {
         byte[] outARef1 = ref1.concatKDF("SHA-256", z, 32, otherInfo);
-        byte[] outARef2 = SingleStepKdf.fromSha256().derive(z, otherInfo, 32);
+        byte[] outARef2 = SingleStepKdf.fromSha256().derive(z, 32, otherInfo);
 
         assertEquals(Bytes.wrap(outARef1).encodeHex(), Bytes.wrap(outARef2).encodeHex());
     }
@@ -48,12 +48,12 @@ public void testReference2() throws NoSuchAlgorithmException {
 
     private void checkReferenceImpl2(SingleStepKdfReference2 ref2, byte[] z, byte[] otherInfo) {
         byte[] outARef1 = ref2.concatKDF(z, 32 * 8, otherInfo);
-        byte[] outARef2 = SingleStepKdf.fromSha256().derive(z, otherInfo, 32);
+        byte[] outARef2 = SingleStepKdf.fromSha256().derive(z, 32, otherInfo);
 
         assertEquals(Bytes.wrap(outARef1).encodeHex(), Bytes.wrap(outARef2).encodeHex());
 
         byte[] outBRef1 = ref2.concatKDF(z, 16 * 8, otherInfo);
-        byte[] outBRef2 = SingleStepKdf.fromSha256().derive(z, otherInfo, 16);
+        byte[] outBRef2 = SingleStepKdf.fromSha256().derive(z, 16, otherInfo);
 
         assertEquals(Bytes.wrap(outBRef1).encodeHex(), Bytes.wrap(outBRef2).encodeHex());
     }

diff --git a/src/test/java/at/favre/lib/crypto/SingleStepKdfTest.java b/src/test/java/at/favre/lib/crypto/SingleStepKdfTest.java
@@ -22,7 +22,7 @@ public void testIllegalOutLength() {
     public void testDoesNotSupportSalt() {
         SingleStepKdf kdf = SingleStepKdf.fromSha256();
         try {
-            kdf.derive(Bytes.random(16).array(), Bytes.random(16).array(), Bytes.random(16).array(), 16);
+            kdf.derive(Bytes.random(16).array(), 16, Bytes.random(16).array(), Bytes.random(16).array());
             fail();
         } catch (IllegalArgumentException ignored) {