Add another test based on the vectors in HpkeTestUtil.

PiperOrigin-RevId: 761524443
Change-Id: Ib9e68fc9de1db13bf8505b4de0f6bbad638fd2c1

Author: tholenst

src/main/java/com/google/crypto/tink/hybrid/internal/testing/HpkeTestUtil.java

@@ -119,7 +119,7 @@ private static SecretBytes getX25519PrivateKeyAsBytes() {
         InsecureSecretKeyAccess.get());
   }
 
-  private static HybridTestVector createTestVector0() throws GeneralSecurityException {
+  public static HybridTestVector createTestVector0() throws GeneralSecurityException {
     HpkeParameters params =
         HpkeParameters.builder()
             .setVariant(HpkeParameters.Variant.NO_PREFIX)

src/test/java/com/google/crypto/tink/hybrid/internal/BUILD.bazel

@@ -362,8 +362,11 @@ java_test(
     srcs = ["HpkeHelperForAndroidKeystoreTest.java"],
     deps = [
         "//src/main/java/com/google/crypto/tink/hybrid:hpke_parameters",
+        "//src/main/java/com/google/crypto/tink/hybrid:hpke_private_key",
         "//src/main/java/com/google/crypto/tink/hybrid:hpke_public_key",
         "//src/main/java/com/google/crypto/tink/hybrid/internal:hpke_helper_for_android_keystore",
+        "//src/main/java/com/google/crypto/tink/hybrid/internal/testing:hpke_test_util",
+        "//src/main/java/com/google/crypto/tink/hybrid/internal/testing:hybrid_test_vector",
         "//src/main/java/com/google/crypto/tink/subtle:elliptic_curves",
         "//src/main/java/com/google/crypto/tink/subtle:hex",
         "//src/main/java/com/google/crypto/tink/util:bytes",

src/test/java/com/google/crypto/tink/hybrid/internal/HpkeHelperForAndroidKeystoreTest.java

@@ -20,7 +20,10 @@
 import static org.junit.Assert.assertThrows;
 
 import com.google.crypto.tink.hybrid.HpkeParameters;
+import com.google.crypto.tink.hybrid.HpkePrivateKey;
 import com.google.crypto.tink.hybrid.HpkePublicKey;
+import com.google.crypto.tink.hybrid.internal.testing.HpkeTestUtil;
+import com.google.crypto.tink.hybrid.internal.testing.HybridTestVector;
 import com.google.crypto.tink.subtle.EllipticCurves;
 import com.google.crypto.tink.subtle.EllipticCurves.CurveType;
 import com.google.crypto.tink.subtle.EllipticCurves.PointFormatType;
@@ -29,6 +32,7 @@
 import java.math.BigInteger;
 import java.security.GeneralSecurityException;
 import java.security.spec.ECPoint;
+import java.util.Arrays;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
@@ -39,6 +43,32 @@ public final class HpkeHelperForAndroidKeystoreTest {
   @Test
   public void decryptUnauthenticatedWithEncapsulatedKeyAndP256SharedSecret_success()
       throws Exception {
+    HybridTestVector vector = HpkeTestUtil.createTestVector0();
+    HpkePrivateKey privateKey = (HpkePrivateKey) vector.getPrivateKey();
+    // The shared secret is needed for decryption with
+    // decryptUnauthenticatedWithEncapsulatedKeyAndP256SharedSecret  -- we logged it to enable this
+    // code.
+    byte[] dhSharedSecret =
+        Hex.decode("c47e13b026cac2b065b83c5985cc03f683382ed027448b3432fa51d34e54f7e6");
+
+    // Variant NO_PREFIX, DHKEM_P256_HKDF_SHA256 -> the first 65 bytes are the encapsulated key.
+    byte[] encapsulatedKey = Arrays.copyOf(vector.getCiphertext(), 65);
+    HpkeHelperForAndroidKeystore helper =
+        HpkeHelperForAndroidKeystore.create(privateKey.getPublicKey());
+    assertThat(
+            helper.decryptUnauthenticatedWithEncapsulatedKeyAndP256SharedSecret(
+                encapsulatedKey,
+                dhSharedSecret,
+                vector.getCiphertext(),
+                65,
+                vector.getContextInfo()))
+        .isEqualTo(vector.getPlaintext());
+  }
+
+  /** A second test with a test vector. Here only due to history (and it doesn't seem to hurt). */
+  @Test
+  public void decryptUnauthenticatedWithEncapsulatedKeyAndP256SharedSecret_testVector2_success()
+      throws Exception {
     HpkeParameters params =
         HpkeParameters.builder()
             .setVariant(HpkeParameters.Variant.NO_PREFIX)