open-vault/sdk/helper/kdf/kdf_test.go

79 lines
1.9 KiB
Go
Raw Normal View History

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package kdf
import (
"bytes"
"testing"
)
func TestCounterMode(t *testing.T) {
key := []byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16}
context := []byte("the quick brown fox")
prf := HMACSHA256PRF
prfLen := HMACSHA256PRFLen
// Expect256 was generated in python with
// import hashlib, hmac
// hash = hashlib.sha256
// context = "the quick brown fox"
// key = "".join([chr(x) for x in range(1, 17)])
// inp = "\x00\x00\x00\x00"+context+"\x00\x00\x01\x00"
// digest = hmac.HMAC(key, inp, hash).digest()
// print [ord(x) for x in digest]
expect256 := []byte{
219, 25, 238, 6, 185, 236, 180, 64, 248, 152, 251,
153, 79, 5, 141, 222, 66, 200, 66, 143, 40, 3, 101, 221, 206, 163, 102,
80, 88, 234, 87, 157,
}
for _, l := range []uint32{128, 256, 384, 1024} {
out, err := CounterMode(prf, prfLen, key, context, l)
if err != nil {
t.Fatalf("err: %v", err)
}
if uint32(len(out)*8) != l {
t.Fatalf("bad length: %#v", out)
}
if bytes.Contains(out, key) {
t.Fatalf("output contains key")
}
if l == 256 && !bytes.Equal(out, expect256) {
t.Fatalf("mis-match")
}
}
}
func TestHMACSHA256PRF(t *testing.T) {
key := []byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16}
data := []byte("foobarbaz")
out, err := HMACSHA256PRF(key, data)
if err != nil {
t.Fatalf("err: %v", err)
}
if uint32(len(out)*8) != HMACSHA256PRFLen {
t.Fatalf("Bad len")
}
// Expect was generated in python with:
// import hashlib, hmac
// hash = hashlib.sha256
// msg = "foobarbaz"
// key = "".join([chr(x) for x in range(1, 17)])
// hm = hmac.HMAC(key, msg, hash)
// print [ord(x) for x in hm.digest()]
expect := []byte{
9, 50, 146, 8, 188, 130, 150, 107, 205, 147, 82, 170,
253, 183, 26, 38, 167, 194, 220, 111, 56, 118, 219, 209, 31, 52, 137,
90, 246, 133, 191, 124,
}
if !bytes.Equal(expect, out) {
t.Fatalf("mis-matched output")
}
}