Gitly


1 module hkdf
2 
3 import crypto.sha1
4 import crypto.sha256
5 import encoding.hex
6 import hash
7 
8 struct HkdfTest {
9     new_hash fn () hash.Hash @[required]
10     master   string
11     salt     string
12     prk      string
13     info     string
14     out      string
15 }
16 
17 fn sha1_hash() hash.Hash {
18     return sha1.new()
19 }
20 
21 fn sha256_hash() hash.Hash {
22     return sha256.new()
23 }
24 
25 fn decode(s string) []u8 {
26     return hex.decode(s) or { panic(err) }
27 }
28 
29 fn hkdf_tests() []HkdfTest {
30     // Tests from RFC 5869
31     return [
32         HkdfTest{
33             new_hash: sha256_hash
34             master:   '0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b'
35             salt:     '000102030405060708090a0b0c'
36             prk:      '077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5'
37             info:     'f0f1f2f3f4f5f6f7f8f9'
38             out:      '3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865'
39         },
40         HkdfTest{
41             new_hash: sha256_hash
42             master:   '000102030405060708090a0b0c0d0e0f' + '101112131415161718191a1b1c1d1e1f' +
43                 '202122232425262728292a2b2c2d2e2f' + '303132333435363738393a3b3c3d3e3f' +
44                 '404142434445464748494a4b4c4d4e4f'
45             salt:     '606162636465666768696a6b6c6d6e6f' + '707172737475767778797a7b7c7d7e7f' +
46                 '808182838485868788898a8b8c8d8e8f' + '909192939495969798999a9b9c9d9e9f' +
47                 'a0a1a2a3a4a5a6a7a8a9aaabacadaeaf'
48             prk:      '06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244'
49             info:     'b0b1b2b3b4b5b6b7b8b9babbbcbdbebf' + 'c0c1c2c3c4c5c6c7c8c9cacbcccdcecf' +
50                 'd0d1d2d3d4d5d6d7d8d9dadbdcdddedf' + 'e0e1e2e3e4e5e6e7e8e9eaebecedeeef' +
51                 'f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff'
52             out:      'b11e398dc80327a1c8e7f78c596a4934' + '4f012eda2d4efad8a050cc4c19afa97c' +
53                 '59045a99cac7827271cb41c65e590e09' + 'da3275600c2f09b8367793a9aca3db71' +
54                 'cc30c58179ec3e87c14c01d5c1f3434f1d87'
55         },
56         HkdfTest{
57             new_hash: sha256_hash
58             master:   '0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b'
59             salt:     ''
60             prk:      '19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04'
61             info:     ''
62             out:      '8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8'
63         },
64         HkdfTest{
65             new_hash: sha256_hash
66             master:   '0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b'
67             salt:     ''
68             prk:      '19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04'
69             info:     ''
70             out:      '8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8'
71         },
72         HkdfTest{
73             new_hash: sha1_hash
74             master:   '0b0b0b0b0b0b0b0b0b0b0b'
75             salt:     '000102030405060708090a0b0c'
76             prk:      '9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243'
77             info:     'f0f1f2f3f4f5f6f7f8f9'
78             out:      '085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896'
79         },
80         HkdfTest{
81             new_hash: sha1_hash
82             master:   '000102030405060708090a0b0c0d0e0f' + '101112131415161718191a1b1c1d1e1f' +
83                 '202122232425262728292a2b2c2d2e2f' + '303132333435363738393a3b3c3d3e3f' +
84                 '404142434445464748494a4b4c4d4e4f'
85             salt:     '606162636465666768696a6b6c6d6e6f' + '707172737475767778797a7b7c7d7e7f' +
86                 '808182838485868788898a8b8c8d8e8f' + '909192939495969798999a9b9c9d9e9f' +
87                 'a0a1a2a3a4a5a6a7a8a9aaabacadaeaf'
88             prk:      '8adae09a2a307059478d309b26c4115a224cfaf6'
89             info:     'b0b1b2b3b4b5b6b7b8b9babbbcbdbebf' + 'c0c1c2c3c4c5c6c7c8c9cacbcccdcecf' +
90                 'd0d1d2d3d4d5d6d7d8d9dadbdcdddedf' + 'e0e1e2e3e4e5e6e7e8e9eaebecedeeef' +
91                 'f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff'
92             out:      '0bd770a74d1160f7c9f12cd5912a06eb' + 'ff6adcae899d92191fe4305673ba2ffe' +
93                 '8fa3f1a4e5ad79f3f334b3b202b2173c' + '486ea37ce3d397ed034c7f9dfeb15c5e' +
94                 '927336d0441f4c4300e2cff0d0900b52d3b4'
95         },
96         HkdfTest{
97             new_hash: sha1_hash
98             master:   '0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b'
99             salt:     ''
100             prk:      'da8c8a73c7fa77288ec6f5e7c297786aa0d32d01'
101             info:     ''
102             out:      '0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918'
103         },
104         HkdfTest{
105             new_hash: sha1_hash
106             master:   '0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c'
107             salt:     ''
108             prk:      '2adccada18779e7c2077ad2eb19d3f3e731385dd'
109             info:     ''
110             out:      '2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48'
111         },
112     ]
113 }
114 
115 fn test_hkdf() {
116     for i, tt in hkdf_tests() {
117         master := decode(tt.master)
118         salt := decode(tt.salt)
119         prk_expected := decode(tt.prk)
120         info := decode(tt.info)
121         out_expected := decode(tt.out)
122 
123         prk := extract(tt.new_hash, master, salt)!
124         assert prk == prk_expected, 'test ${i}: incorrect PRK: have ${prk}, need ${prk_expected}'
125 
126         derived_key := key(tt.new_hash, master, salt, info.bytestr(), out_expected.len)!
127         assert derived_key == out_expected, 'test ${i}: incorrect output: have ${derived_key}, need ${out_expected}'
128 
129         expanded := expand(tt.new_hash, prk, info.bytestr(), out_expected.len)!
130         assert expanded == out_expected, 'test ${i}: incorrect output from expand: have ${expanded}, need ${out_expected}'
131     }
132 }
133 
134 fn test_hkdf_limit() {
135     master := []u8{len: 4, init: u8(index)}
136     info := ''
137     limit := sha1.new().size() * 255
138 
139     // The maximum output bytes should be extractable
140     out := key(sha1_hash, master, []u8{}, info, limit)!
141     assert out.len == limit
142 
143     // Reading one more should return an error
144     if _ := key(sha1_hash, master, []u8{}, info, limit + 1) {
145         assert false, 'expected key derivation to fail, but it succeeded'
146     } else {
147         assert err.msg() == 'hkdf: requested key length too large'
148     }
149 }
150 
151 fn test_direct_hash_constructor() {
152     out := key(sha256.new, [u8(0), 1, 2, 3], []u8{}, 'context', sha256.size)!
153     assert out.len == sha256.size
154     assert out != []u8{len: sha256.size}
155 }
156

1	module hkdf
2
3	import crypto.sha1
4	import crypto.sha256
5	import encoding.hex
6	import hash
7
8	struct HkdfTest {
9	new_hash fn () hash.Hash @[required]
10	master string
11	salt string
12	prk string
13	info string
14	out string
15	}
16
17	fn sha1_hash() hash.Hash {
18	return sha1.new()
19	}
20
21	fn sha256_hash() hash.Hash {
22	return sha256.new()
23	}
24
25	fn decode(s string) []u8 {
26	return hex.decode(s) or { panic(err) }
27	}
28
29	fn hkdf_tests() []HkdfTest {
30	// Tests from RFC 5869
31	return [
32	HkdfTest{
33	new_hash: sha256_hash
34	master: '0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b'
35	salt: '000102030405060708090a0b0c'
36	prk: '077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5'
37	info: 'f0f1f2f3f4f5f6f7f8f9'
38	out: '3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865'
39	},
40	HkdfTest{
41	new_hash: sha256_hash
42	master: '000102030405060708090a0b0c0d0e0f' + '101112131415161718191a1b1c1d1e1f' +
43	'202122232425262728292a2b2c2d2e2f' + '303132333435363738393a3b3c3d3e3f' +
44	'404142434445464748494a4b4c4d4e4f'
45	salt: '606162636465666768696a6b6c6d6e6f' + '707172737475767778797a7b7c7d7e7f' +
46	'808182838485868788898a8b8c8d8e8f' + '909192939495969798999a9b9c9d9e9f' +
47	'a0a1a2a3a4a5a6a7a8a9aaabacadaeaf'
48	prk: '06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244'
49	info: 'b0b1b2b3b4b5b6b7b8b9babbbcbdbebf' + 'c0c1c2c3c4c5c6c7c8c9cacbcccdcecf' +
50	'd0d1d2d3d4d5d6d7d8d9dadbdcdddedf' + 'e0e1e2e3e4e5e6e7e8e9eaebecedeeef' +
51	'f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff'
52	out: 'b11e398dc80327a1c8e7f78c596a4934' + '4f012eda2d4efad8a050cc4c19afa97c' +
53	'59045a99cac7827271cb41c65e590e09' + 'da3275600c2f09b8367793a9aca3db71' +
54	'cc30c58179ec3e87c14c01d5c1f3434f1d87'
55	},
56	HkdfTest{
57	new_hash: sha256_hash
58	master: '0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b'
59	salt: ''
60	prk: '19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04'
61	info: ''
62	out: '8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8'
63	},
64	HkdfTest{
65	new_hash: sha256_hash
66	master: '0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b'
67	salt: ''
68	prk: '19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04'
69	info: ''
70	out: '8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8'
71	},
72	HkdfTest{
73	new_hash: sha1_hash
74	master: '0b0b0b0b0b0b0b0b0b0b0b'
75	salt: '000102030405060708090a0b0c'
76	prk: '9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243'
77	info: 'f0f1f2f3f4f5f6f7f8f9'
78	out: '085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896'
79	},
80	HkdfTest{
81	new_hash: sha1_hash
82	master: '000102030405060708090a0b0c0d0e0f' + '101112131415161718191a1b1c1d1e1f' +
83	'202122232425262728292a2b2c2d2e2f' + '303132333435363738393a3b3c3d3e3f' +
84	'404142434445464748494a4b4c4d4e4f'
85	salt: '606162636465666768696a6b6c6d6e6f' + '707172737475767778797a7b7c7d7e7f' +
86	'808182838485868788898a8b8c8d8e8f' + '909192939495969798999a9b9c9d9e9f' +
87	'a0a1a2a3a4a5a6a7a8a9aaabacadaeaf'
88	prk: '8adae09a2a307059478d309b26c4115a224cfaf6'
89	info: 'b0b1b2b3b4b5b6b7b8b9babbbcbdbebf' + 'c0c1c2c3c4c5c6c7c8c9cacbcccdcecf' +
90	'd0d1d2d3d4d5d6d7d8d9dadbdcdddedf' + 'e0e1e2e3e4e5e6e7e8e9eaebecedeeef' +
91	'f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff'
92	out: '0bd770a74d1160f7c9f12cd5912a06eb' + 'ff6adcae899d92191fe4305673ba2ffe' +
93	'8fa3f1a4e5ad79f3f334b3b202b2173c' + '486ea37ce3d397ed034c7f9dfeb15c5e' +
94	'927336d0441f4c4300e2cff0d0900b52d3b4'
95	},
96	HkdfTest{
97	new_hash: sha1_hash
98	master: '0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b'
99	salt: ''
100	prk: 'da8c8a73c7fa77288ec6f5e7c297786aa0d32d01'
101	info: ''
102	out: '0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918'
103	},
104	HkdfTest{
105	new_hash: sha1_hash
106	master: '0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c'
107	salt: ''
108	prk: '2adccada18779e7c2077ad2eb19d3f3e731385dd'
109	info: ''
110	out: '2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48'
111	},
112	]
113	}
114
115	fn test_hkdf() {
116	for i, tt in hkdf_tests() {
117	master := decode(tt.master)
118	salt := decode(tt.salt)
119	prk_expected := decode(tt.prk)
120	info := decode(tt.info)
121	out_expected := decode(tt.out)
122
123	prk := extract(tt.new_hash, master, salt)!
124	assert prk == prk_expected, 'test ${i}: incorrect PRK: have ${prk}, need ${prk_expected}'
125
126	derived_key := key(tt.new_hash, master, salt, info.bytestr(), out_expected.len)!
127	assert derived_key == out_expected, 'test ${i}: incorrect output: have ${derived_key}, need ${out_expected}'
128
129	expanded := expand(tt.new_hash, prk, info.bytestr(), out_expected.len)!
130	assert expanded == out_expected, 'test ${i}: incorrect output from expand: have ${expanded}, need ${out_expected}'
131	}
132	}
133
134	fn test_hkdf_limit() {
135	master := []u8{len: 4, init: u8(index)}
136	info := ''
137	limit := sha1.new().size() * 255
138
139	// The maximum output bytes should be extractable
140	out := key(sha1_hash, master, []u8{}, info, limit)!
141	assert out.len == limit
142
143	// Reading one more should return an error
144	if _ := key(sha1_hash, master, []u8{}, info, limit + 1) {
145	assert false, 'expected key derivation to fail, but it succeeded'
146	} else {
147	assert err.msg() == 'hkdf: requested key length too large'
148	}
149	}
150
151	fn test_direct_hash_constructor() {
152	out := key(sha256.new, [u8(0), 1, 2, 3], []u8{}, 'context', sha256.size)!
153	assert out.len == sha256.size
154	assert out != []u8{len: sha256.size}
155	}
156