github.com/maenmax/kairep@v0.0.0-20210218001208-55bf3df36788/src/golang.org/x/crypto/hkdf/hkdf_test.go (about)

     1  // Copyright 2014 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  package hkdf
     5  
     6  import (
     7  	"bytes"
     8  	"crypto/md5"
     9  	"crypto/sha1"
    10  	"crypto/sha256"
    11  	"crypto/sha512"
    12  	"hash"
    13  	"io"
    14  	"testing"
    15  )
    16  
    17  type hkdfTest struct {
    18  	hash   func() hash.Hash
    19  	master []byte
    20  	salt   []byte
    21  	info   []byte
    22  	out    []byte
    23  }
    24  
    25  var hkdfTests = []hkdfTest{
    26  	// Tests from RFC 5869
    27  	{
    28  		sha256.New,
    29  		[]byte{
    30  			0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
    31  			0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
    32  			0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
    33  		},
    34  		[]byte{
    35  			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
    36  			0x08, 0x09, 0x0a, 0x0b, 0x0c,
    37  		},
    38  		[]byte{
    39  			0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
    40  			0xf8, 0xf9,
    41  		},
    42  		[]byte{
    43  			0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
    44  			0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
    45  			0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
    46  			0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
    47  			0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
    48  			0x58, 0x65,
    49  		},
    50  	},
    51  	{
    52  		sha256.New,
    53  		[]byte{
    54  			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
    55  			0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
    56  			0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
    57  			0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
    58  			0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
    59  			0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
    60  			0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
    61  			0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
    62  			0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
    63  			0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
    64  		},
    65  		[]byte{
    66  			0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
    67  			0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
    68  			0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
    69  			0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
    70  			0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
    71  			0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
    72  			0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
    73  			0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
    74  			0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
    75  			0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
    76  		},
    77  		[]byte{
    78  			0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
    79  			0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
    80  			0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
    81  			0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
    82  			0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
    83  			0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
    84  			0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
    85  			0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
    86  			0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
    87  			0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff,
    88  		},
    89  		[]byte{
    90  			0xb1, 0x1e, 0x39, 0x8d, 0xc8, 0x03, 0x27, 0xa1,
    91  			0xc8, 0xe7, 0xf7, 0x8c, 0x59, 0x6a, 0x49, 0x34,
    92  			0x4f, 0x01, 0x2e, 0xda, 0x2d, 0x4e, 0xfa, 0xd8,
    93  			0xa0, 0x50, 0xcc, 0x4c, 0x19, 0xaf, 0xa9, 0x7c,
    94  			0x59, 0x04, 0x5a, 0x99, 0xca, 0xc7, 0x82, 0x72,
    95  			0x71, 0xcb, 0x41, 0xc6, 0x5e, 0x59, 0x0e, 0x09,
    96  			0xda, 0x32, 0x75, 0x60, 0x0c, 0x2f, 0x09, 0xb8,
    97  			0x36, 0x77, 0x93, 0xa9, 0xac, 0xa3, 0xdb, 0x71,
    98  			0xcc, 0x30, 0xc5, 0x81, 0x79, 0xec, 0x3e, 0x87,
    99  			0xc1, 0x4c, 0x01, 0xd5, 0xc1, 0xf3, 0x43, 0x4f,
   100  			0x1d, 0x87,
   101  		},
   102  	},
   103  	{
   104  		sha256.New,
   105  		[]byte{
   106  			0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
   107  			0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
   108  			0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
   109  		},
   110  		[]byte{},
   111  		[]byte{},
   112  		[]byte{
   113  			0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f,
   114  			0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31,
   115  			0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e,
   116  			0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d,
   117  			0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a,
   118  			0x96, 0xc8,
   119  		},
   120  	},
   121  	{
   122  		sha1.New,
   123  		[]byte{
   124  			0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
   125  			0x0b, 0x0b, 0x0b,
   126  		},
   127  		[]byte{
   128  			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
   129  			0x08, 0x09, 0x0a, 0x0b, 0x0c,
   130  		},
   131  		[]byte{
   132  			0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
   133  			0xf8, 0xf9,
   134  		},
   135  		[]byte{
   136  			0x08, 0x5a, 0x01, 0xea, 0x1b, 0x10, 0xf3, 0x69,
   137  			0x33, 0x06, 0x8b, 0x56, 0xef, 0xa5, 0xad, 0x81,
   138  			0xa4, 0xf1, 0x4b, 0x82, 0x2f, 0x5b, 0x09, 0x15,
   139  			0x68, 0xa9, 0xcd, 0xd4, 0xf1, 0x55, 0xfd, 0xa2,
   140  			0xc2, 0x2e, 0x42, 0x24, 0x78, 0xd3, 0x05, 0xf3,
   141  			0xf8, 0x96,
   142  		},
   143  	},
   144  	{
   145  		sha1.New,
   146  		[]byte{
   147  			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
   148  			0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
   149  			0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
   150  			0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
   151  			0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
   152  			0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
   153  			0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
   154  			0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
   155  			0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
   156  			0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
   157  		},
   158  		[]byte{
   159  			0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
   160  			0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
   161  			0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
   162  			0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
   163  			0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
   164  			0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
   165  			0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
   166  			0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
   167  			0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
   168  			0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
   169  		},
   170  		[]byte{
   171  			0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
   172  			0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
   173  			0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
   174  			0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
   175  			0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
   176  			0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
   177  			0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
   178  			0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
   179  			0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
   180  			0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff,
   181  		},
   182  		[]byte{
   183  			0x0b, 0xd7, 0x70, 0xa7, 0x4d, 0x11, 0x60, 0xf7,
   184  			0xc9, 0xf1, 0x2c, 0xd5, 0x91, 0x2a, 0x06, 0xeb,
   185  			0xff, 0x6a, 0xdc, 0xae, 0x89, 0x9d, 0x92, 0x19,
   186  			0x1f, 0xe4, 0x30, 0x56, 0x73, 0xba, 0x2f, 0xfe,
   187  			0x8f, 0xa3, 0xf1, 0xa4, 0xe5, 0xad, 0x79, 0xf3,
   188  			0xf3, 0x34, 0xb3, 0xb2, 0x02, 0xb2, 0x17, 0x3c,
   189  			0x48, 0x6e, 0xa3, 0x7c, 0xe3, 0xd3, 0x97, 0xed,
   190  			0x03, 0x4c, 0x7f, 0x9d, 0xfe, 0xb1, 0x5c, 0x5e,
   191  			0x92, 0x73, 0x36, 0xd0, 0x44, 0x1f, 0x4c, 0x43,
   192  			0x00, 0xe2, 0xcf, 0xf0, 0xd0, 0x90, 0x0b, 0x52,
   193  			0xd3, 0xb4,
   194  		},
   195  	},
   196  	{
   197  		sha1.New,
   198  		[]byte{
   199  			0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
   200  			0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
   201  			0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
   202  		},
   203  		[]byte{},
   204  		[]byte{},
   205  		[]byte{
   206  			0x0a, 0xc1, 0xaf, 0x70, 0x02, 0xb3, 0xd7, 0x61,
   207  			0xd1, 0xe5, 0x52, 0x98, 0xda, 0x9d, 0x05, 0x06,
   208  			0xb9, 0xae, 0x52, 0x05, 0x72, 0x20, 0xa3, 0x06,
   209  			0xe0, 0x7b, 0x6b, 0x87, 0xe8, 0xdf, 0x21, 0xd0,
   210  			0xea, 0x00, 0x03, 0x3d, 0xe0, 0x39, 0x84, 0xd3,
   211  			0x49, 0x18,
   212  		},
   213  	},
   214  	{
   215  		sha1.New,
   216  		[]byte{
   217  			0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
   218  			0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
   219  			0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
   220  		},
   221  		nil,
   222  		[]byte{},
   223  		[]byte{
   224  			0x2c, 0x91, 0x11, 0x72, 0x04, 0xd7, 0x45, 0xf3,
   225  			0x50, 0x0d, 0x63, 0x6a, 0x62, 0xf6, 0x4f, 0x0a,
   226  			0xb3, 0xba, 0xe5, 0x48, 0xaa, 0x53, 0xd4, 0x23,
   227  			0xb0, 0xd1, 0xf2, 0x7e, 0xbb, 0xa6, 0xf5, 0xe5,
   228  			0x67, 0x3a, 0x08, 0x1d, 0x70, 0xcc, 0xe7, 0xac,
   229  			0xfc, 0x48,
   230  		},
   231  	},
   232  }
   233  
   234  func TestHKDF(t *testing.T) {
   235  	for i, tt := range hkdfTests {
   236  		hkdf := New(tt.hash, tt.master, tt.salt, tt.info)
   237  		out := make([]byte, len(tt.out))
   238  
   239  		n, err := io.ReadFull(hkdf, out)
   240  		if n != len(tt.out) || err != nil {
   241  			t.Errorf("test %d: not enough output bytes: %d.", i, n)
   242  		}
   243  
   244  		if !bytes.Equal(out, tt.out) {
   245  			t.Errorf("test %d: incorrect output: have %v, need %v.", i, out, tt.out)
   246  		}
   247  	}
   248  }
   249  
   250  func TestHKDFMultiRead(t *testing.T) {
   251  	for i, tt := range hkdfTests {
   252  		hkdf := New(tt.hash, tt.master, tt.salt, tt.info)
   253  		out := make([]byte, len(tt.out))
   254  
   255  		for b := 0; b < len(tt.out); b++ {
   256  			n, err := io.ReadFull(hkdf, out[b:b+1])
   257  			if n != 1 || err != nil {
   258  				t.Errorf("test %d.%d: not enough output bytes: have %d, need %d .", i, b, n, len(tt.out))
   259  			}
   260  		}
   261  
   262  		if !bytes.Equal(out, tt.out) {
   263  			t.Errorf("test %d: incorrect output: have %v, need %v.", i, out, tt.out)
   264  		}
   265  	}
   266  }
   267  
   268  func TestHKDFLimit(t *testing.T) {
   269  	hash := sha1.New
   270  	master := []byte{0x00, 0x01, 0x02, 0x03}
   271  	info := []byte{}
   272  
   273  	hkdf := New(hash, master, nil, info)
   274  	limit := hash().Size() * 255
   275  	out := make([]byte, limit)
   276  
   277  	// The maximum output bytes should be extractable
   278  	n, err := io.ReadFull(hkdf, out)
   279  	if n != limit || err != nil {
   280  		t.Errorf("not enough output bytes: %d, %v.", n, err)
   281  	}
   282  
   283  	// Reading one more should fail
   284  	n, err = io.ReadFull(hkdf, make([]byte, 1))
   285  	if n > 0 || err == nil {
   286  		t.Errorf("key expansion overflowed: n = %d, err = %v", n, err)
   287  	}
   288  }
   289  
   290  func Benchmark16ByteMD5Single(b *testing.B) {
   291  	benchmarkHKDFSingle(md5.New, 16, b)
   292  }
   293  
   294  func Benchmark20ByteSHA1Single(b *testing.B) {
   295  	benchmarkHKDFSingle(sha1.New, 20, b)
   296  }
   297  
   298  func Benchmark32ByteSHA256Single(b *testing.B) {
   299  	benchmarkHKDFSingle(sha256.New, 32, b)
   300  }
   301  
   302  func Benchmark64ByteSHA512Single(b *testing.B) {
   303  	benchmarkHKDFSingle(sha512.New, 64, b)
   304  }
   305  
   306  func Benchmark8ByteMD5Stream(b *testing.B) {
   307  	benchmarkHKDFStream(md5.New, 8, b)
   308  }
   309  
   310  func Benchmark16ByteMD5Stream(b *testing.B) {
   311  	benchmarkHKDFStream(md5.New, 16, b)
   312  }
   313  
   314  func Benchmark8ByteSHA1Stream(b *testing.B) {
   315  	benchmarkHKDFStream(sha1.New, 8, b)
   316  }
   317  
   318  func Benchmark20ByteSHA1Stream(b *testing.B) {
   319  	benchmarkHKDFStream(sha1.New, 20, b)
   320  }
   321  
   322  func Benchmark8ByteSHA256Stream(b *testing.B) {
   323  	benchmarkHKDFStream(sha256.New, 8, b)
   324  }
   325  
   326  func Benchmark32ByteSHA256Stream(b *testing.B) {
   327  	benchmarkHKDFStream(sha256.New, 32, b)
   328  }
   329  
   330  func Benchmark8ByteSHA512Stream(b *testing.B) {
   331  	benchmarkHKDFStream(sha512.New, 8, b)
   332  }
   333  
   334  func Benchmark64ByteSHA512Stream(b *testing.B) {
   335  	benchmarkHKDFStream(sha512.New, 64, b)
   336  }
   337  
   338  func benchmarkHKDFSingle(hasher func() hash.Hash, block int, b *testing.B) {
   339  	master := []byte{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07}
   340  	salt := []byte{0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17}
   341  	info := []byte{0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27}
   342  	out := make([]byte, block)
   343  
   344  	b.SetBytes(int64(block))
   345  	b.ResetTimer()
   346  
   347  	for i := 0; i < b.N; i++ {
   348  		hkdf := New(hasher, master, salt, info)
   349  		io.ReadFull(hkdf, out)
   350  	}
   351  }
   352  
   353  func benchmarkHKDFStream(hasher func() hash.Hash, block int, b *testing.B) {
   354  	master := []byte{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07}
   355  	salt := []byte{0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17}
   356  	info := []byte{0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27}
   357  	out := make([]byte, block)
   358  
   359  	b.SetBytes(int64(block))
   360  	b.ResetTimer()
   361  
   362  	hkdf := New(hasher, master, salt, info)
   363  	for i := 0; i < b.N; i++ {
   364  		_, err := io.ReadFull(hkdf, out)
   365  		if err != nil {
   366  			hkdf = New(hasher, master, salt, info)
   367  			i--
   368  		}
   369  	}
   370  }