1 // Copyright 2017 Google Inc. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 // 15 //////////////////////////////////////////////////////////////////////////////// 16 17 package com.google.crypto.tink.subtle; 18 19 import static org.junit.Assert.assertArrayEquals; 20 import static org.junit.Assert.assertEquals; 21 import static org.junit.Assert.assertThrows; 22 23 import java.security.GeneralSecurityException; 24 import org.junit.Test; 25 import org.junit.runner.RunWith; 26 import org.junit.runners.JUnit4; 27 28 /** Unit tests for {@link Hkdf}. */ 29 @RunWith(JUnit4.class) 30 public class HkdfTest { 31 32 @Test testNullSaltOrInfo()33 public void testNullSaltOrInfo() throws Exception { 34 byte[] ikm = Random.randBytes(20); 35 byte[] info = Random.randBytes(20); 36 int size = 40; 37 38 byte[] hkdfWithNullSalt = Hkdf.computeHkdf("HmacSha256", ikm, null, info, size); 39 byte[] hkdfWithEmptySalt = Hkdf.computeHkdf("HmacSha256", ikm, new byte[0], info, size); 40 assertArrayEquals(hkdfWithNullSalt, hkdfWithEmptySalt); 41 42 byte[] salt = Random.randBytes(20); 43 byte[] hkdfWithNullInfo = Hkdf.computeHkdf("HmacSha256", ikm, salt, null, size); 44 byte[] hkdfWithEmptyInfo = Hkdf.computeHkdf("HmacSha256", ikm, salt, new byte[0], size); 45 assertArrayEquals(hkdfWithNullInfo, hkdfWithEmptyInfo); 46 } 47 48 @Test testInvalidCodeSize()49 public void testInvalidCodeSize() throws Exception { 50 assertThrows( 51 GeneralSecurityException.class, 52 () -> Hkdf.computeHkdf("HmacSha256", new byte[0], new byte[0], new byte[0], 32 * 256)); 53 } 54 55 /** 56 * Tests the implementation against the test vectors from RFC 5869. 57 */ 58 @Test testVectors()59 public void testVectors() throws Exception { 60 // Test case 1 61 assertEquals( 62 "3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865", 63 computeHkdfHex("HmacSha256", 64 "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", 65 "000102030405060708090a0b0c", 66 "f0f1f2f3f4f5f6f7f8f9", 67 42)); 68 69 // Test case 2 70 assertEquals( 71 "b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c" 72 + "59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71" 73 + "cc30c58179ec3e87c14c01d5c1f3434f1d87", 74 computeHkdfHex("HmacSha256", 75 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" 76 + "202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f" 77 + "404142434445464748494a4b4c4d4e4f", 78 "606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f" 79 + "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f" 80 + "a0a1a2a3a4a5a6a7a8a9aaabacadaeaf", 81 "b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecf" 82 + "d0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeef" 83 + "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", 84 82)); 85 86 // Test case 3: salt is empty 87 assertEquals( 88 "8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d" 89 + "9d201395faa4b61a96c8", 90 computeHkdfHex("HmacSha256", "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", "", "", 42)); 91 92 // Test Case 4 93 assertEquals( 94 "085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896", 95 computeHkdfHex( 96 "HmacSha1", 97 "0b0b0b0b0b0b0b0b0b0b0b", 98 "000102030405060708090a0b0c", 99 "f0f1f2f3f4f5f6f7f8f9", 100 42)); 101 102 // Test Case 5 103 assertEquals( 104 "0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe" 105 + "8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e" 106 + "927336d0441f4c4300e2cff0d0900b52d3b4", 107 computeHkdfHex( 108 "HmacSha1", 109 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" 110 + "202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f" 111 + "404142434445464748494a4b4c4d4e4f", 112 "606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f" 113 + "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f" 114 + "a0a1a2a3a4a5a6a7a8a9aaabacadaeaf", 115 "b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecf" 116 + "d0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeef" 117 + "f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", 118 82)); 119 120 // Test Case 6: salt is empty 121 assertEquals( 122 "0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0" 123 + "ea00033de03984d34918", 124 computeHkdfHex("HmacSha1", "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", "", "", 42)); 125 126 // Test Case 7 127 assertEquals( 128 "2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5" 129 + "673a081d70cce7acfc48", 130 computeHkdfHex("HmacSha1", "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c", "", "", 42)); 131 } 132 133 134 135 /** 136 * Test version of Hkdf where all inputs and outputs are hexadecimal. 137 */ computeHkdfHex(String macAlgorithm, String ikmHex, String saltHex, String infoHex, int size)138 private String computeHkdfHex(String macAlgorithm, String ikmHex, String saltHex, String infoHex, 139 int size) throws GeneralSecurityException { 140 return Hex.encode( 141 Hkdf.computeHkdf( 142 macAlgorithm, Hex.decode(ikmHex), Hex.decode(saltHex), Hex.decode(infoHex), size)); 143 } 144 } 145