google · jonasfj · Oct 23, 2024 · Oct 22, 2024
diff --git a/lib/src/impl_ffi/impl_ffi.dart b/lib/src/impl_ffi/impl_ffi.dart
@@ -95,4 +95,7 @@ final class _WebCryptoImpl implements WebCryptoImpl {
 
   @override
   final rsaOaepPublicKey = const _StaticRsaOaepPublicKeyImpl();
+
+  @override
+  final hkdfSecretKey = const _StaticHkdfSecretKeyImpl();
 }
diff --git a/lib/src/impl_ffi/impl_ffi.hkdf.dart b/lib/src/impl_ffi/impl_ffi.hkdf.dart
@@ -16,13 +16,22 @@
 
 part of 'impl_ffi.dart';
 
-Future<HkdfSecretKey> hkdfSecretKey_importRawKey(List<int> keyData) async =>
-    _HkdfSecretKey(Uint8List.fromList(keyData));
+Future<HkdfSecretKeyImpl> hkdfSecretKey_importRawKey(List<int> keyData) async =>
+    _HkdfSecretKeyImpl(Uint8List.fromList(keyData));
 
-class _HkdfSecretKey implements HkdfSecretKey {
+final class _StaticHkdfSecretKeyImpl implements StaticHkdfSecretKeyImpl {
+  const _StaticHkdfSecretKeyImpl();
+
+  @override
+  Future<HkdfSecretKeyImpl> importRawKey(List<int> keyData) async {
+    return hkdfSecretKey_importRawKey(keyData);
+  }
+}
+
+final class _HkdfSecretKeyImpl implements HkdfSecretKeyImpl {
   final Uint8List _key;
 
-  _HkdfSecretKey(this._key);
+  _HkdfSecretKeyImpl(this._key);
 
   @override
   String toString() {

diff --git a/lib/src/impl_interface/impl_interface.dart b/lib/src/impl_interface/impl_interface.dart
@@ -27,6 +27,7 @@ part 'impl_interface.aesgcm.dart';
 part 'impl_interface.ecdh.dart';
 part 'impl_interface.ecdsa.dart';
 part 'impl_interface.rsaoaep.dart';
+part 'impl_interface.hkdf.dart';
 
 /// A key-pair as returned from key generation.
 class KeyPair<S, T> {
@@ -88,4 +89,5 @@ abstract interface class WebCryptoImpl {
   StaticEcdsaPublicKeyImpl get ecdsaPublicKey;
   StaticRsaOaepPrivateKeyImpl get rsaOaepPrivateKey;
   StaticRsaOaepPublicKeyImpl get rsaOaepPublicKey;
+  StaticHkdfSecretKeyImpl get hkdfSecretKey;
 }
diff --git a/lib/src/impl_interface/impl_interface.hkdf.dart b/lib/src/impl_interface/impl_interface.hkdf.dart
@@ -0,0 +1,28 @@
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+part of 'impl_interface.dart';
+
+abstract interface class StaticHkdfSecretKeyImpl {
+  Future<HkdfSecretKeyImpl> importRawKey(List<int> keyData);
+}
+
+abstract interface class HkdfSecretKeyImpl {
+  Future<Uint8List> deriveBits(
+    int length,
+    Hash hash,
+    List<int> salt,
+    List<int> info,
+  );
+}
diff --git a/lib/src/impl_js/impl_js.dart b/lib/src/impl_js/impl_js.dart
@@ -82,4 +82,7 @@ final class _WebCryptoImpl implements WebCryptoImpl {
 
   @override
   final rsaOaepPublicKey = const _StaticRsaOaepPublicKeyImpl();
+
+  @override
+  final hkdfSecretKey = const _StaticHkdfSecretKeyImpl();
 }
diff --git a/lib/src/impl_js/impl_js.hkdf.dart b/lib/src/impl_js/impl_js.hkdf.dart
@@ -18,22 +18,31 @@ part of 'impl_js.dart';
 
 const _hkdfAlgorithmName = 'HKDF';
 
-Future<HkdfSecretKey> hkdfSecretKey_importRawKey(List<int> keyData) async {
-  return _HkdfSecretKey(await _importKey(
+Future<HkdfSecretKeyImpl> hkdfSecretKey_importRawKey(List<int> keyData) async {
+  return _HkdfSecretKeyImpl(await _importKey(
     'raw',
     keyData,
     const subtle.Algorithm(name: _hkdfAlgorithmName),
     _usagesDeriveBits,
     'secret',
-    // Unlike all other key types it makes no sense to HkdfSecretKey to be
+    // Unlike all other key types it makes no sense to HkdfSecretKeyImpl to be
     // exported, and indeed webcrypto requires `extractable: false`.
     extractable: false,
   ));
 }
 
-class _HkdfSecretKey implements HkdfSecretKey {
+final class _StaticHkdfSecretKeyImpl implements StaticHkdfSecretKeyImpl {
+  const _StaticHkdfSecretKeyImpl();
+
+  @override
+  Future<HkdfSecretKeyImpl> importRawKey(List<int> keyData) async {
+    return await hkdfSecretKey_importRawKey(keyData);
+  }
+}
+
+final class _HkdfSecretKeyImpl implements HkdfSecretKeyImpl {
   final subtle.JSCryptoKey _key;
-  _HkdfSecretKey(this._key);
+  _HkdfSecretKeyImpl(this._key);
 
   @override
   String toString() {

diff --git a/lib/src/impl_stub.dart b/lib/src/impl_stub.dart
@@ -126,7 +126,4 @@ Future<RsaPssPublicKey> rsaPssPublicKey_importJsonWebKey(
 
 //---------------------- HKDF
 
-Future<HkdfSecretKey> hkdfSecretKey_importRawKey(List<int> keyData) =>
-    throw _notImplemented;
-
 //---------------------- PBKDF2
diff --git a/lib/src/impl_stub/impl_stub.dart b/lib/src/impl_stub/impl_stub.dart
@@ -26,6 +26,7 @@ part 'impl_stub.pbkdf2.dart';
 part 'impl_stub.ecdh.dart';
 part 'impl_stub.ecdsa.dart';
 part 'impl_stub.rsaoaep.dart';
+part 'impl_stub.hkdf.dart';
 
 const WebCryptoImpl webCryptImpl = _WebCryptoImpl();
 
@@ -64,4 +65,7 @@ final class _WebCryptoImpl implements WebCryptoImpl {
 
   @override
   final rsaOaepPublicKey = const _StaticRsaOaepPublicKeyImpl();
+
+  @override
+  final hkdfSecretKey = const _StaticHkdfSecretKeyImpl();
 }
diff --git a/lib/src/impl_stub/impl_stub.hkdf.dart b/lib/src/impl_stub/impl_stub.hkdf.dart
@@ -0,0 +1,23 @@
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+part of 'impl_stub.dart';
+
+final class _StaticHkdfSecretKeyImpl implements StaticHkdfSecretKeyImpl {
+  const _StaticHkdfSecretKeyImpl();
+
+  @override
+  Future<HkdfSecretKeyImpl> importRawKey(List<int> keyData) =>
+      throw UnimplementedError('Not implemented');
+}
diff --git a/lib/src/webcrypto/webcrypto.hkdf.dart b/lib/src/webcrypto/webcrypto.hkdf.dart
@@ -50,17 +50,19 @@ part of 'webcrypto.dart';
 /// [1]: https://tools.ietf.org/html/rfc5869
 // TODO: It might be wise to use a random salt, then suggest that the non-secret
 //       salt is stored or exchanged...
-@sealed
-abstract class HkdfSecretKey {
-  HkdfSecretKey._(); // keep the constructor private.
+final class HkdfSecretKey {
+  final HkdfSecretKeyImpl _impl;
+
+  HkdfSecretKey._(this._impl); // keep the constructor private.
 
   /// Import [HkdfSecretKey] from raw [keyData].
   ///
   /// Creates a [HkdfSecretKey] for key derivation using [keyData].
   ///
   /// {@macro HkdfSecretKey:example}
-  static Future<HkdfSecretKey> importRawKey(List<int> keyData) {
-    return impl.hkdfSecretKey_importRawKey(keyData);
+  static Future<HkdfSecretKey> importRawKey(List<int> keyData) async {
+    final impl = await webCryptImpl.hkdfSecretKey.importRawKey(keyData);
+    return HkdfSecretKey._(impl);
   }
 
   /// Derive key from [salt], [info] and password specified as `keyData` in
@@ -89,5 +91,6 @@ abstract class HkdfSecretKey {
     Hash hash,
     List<int> salt,
     List<int> info,
-  );
+  ) =>
+      _impl.deriveBits(length, hash, salt, info);
 }