1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <string>
6
7 #include "base/hmac.h"
8 #include "testing/gtest/include/gtest/gtest.h"
9
10 static const int kDigestSize = 20;
11
TEST(HMACTest,HmacSafeBrowsingResponseTest)12 TEST(HMACTest, HmacSafeBrowsingResponseTest) {
13 const int kKeySize = 16;
14
15 // Client key.
16 const unsigned char kClientKey[kKeySize] =
17 { 0xbf, 0xf6, 0x83, 0x4b, 0x3e, 0xa3, 0x23, 0xdd,
18 0x96, 0x78, 0x70, 0x8e, 0xa1, 0x9d, 0x3b, 0x40 };
19
20 // Expected HMAC result using kMessage and kClientKey.
21 const unsigned char kReceivedHmac[kDigestSize] =
22 { 0xb9, 0x3c, 0xd6, 0xf0, 0x49, 0x47, 0xe2, 0x52,
23 0x59, 0x7a, 0xbd, 0x1f, 0x2b, 0x4c, 0x83, 0xad,
24 0x86, 0xd2, 0x48, 0x85 };
25
26 const char kMessage[] =
27 "n:1896\ni:goog-malware-shavar\nu:s.ytimg.com/safebrowsing/rd/goog-malware-shav"
28 "ar_s_445-450\nu:s.ytimg.com/safebrowsing/rd/goog-malware-shavar_s_439-444\nu:s"
29 ".ytimg.com/safebrowsing/rd/goog-malware-shavar_s_437\nu:s.ytimg.com/safebrowsi"
30 "ng/rd/goog-malware-shavar_s_436\nu:s.ytimg.com/safebrowsing/rd/goog-malware-sh"
31 "avar_s_433-435\nu:s.ytimg.com/safebrowsing/rd/goog-malware-shavar_s_431\nu:s.y"
32 "timg.com/safebrowsing/rd/goog-malware-shavar_s_430\nu:s.ytimg.com/safebrowsing"
33 "/rd/goog-malware-shavar_s_429\nu:s.ytimg.com/safebrowsing/rd/goog-malware-shav"
34 "ar_s_428\nu:s.ytimg.com/safebrowsing/rd/goog-malware-shavar_s_426\nu:s.ytimg.c"
35 "om/safebrowsing/rd/goog-malware-shavar_s_424\nu:s.ytimg.com/safebrowsing/rd/go"
36 "og-malware-shavar_s_423\nu:s.ytimg.com/safebrowsing/rd/goog-malware-shavar_s_4"
37 "22\nu:s.ytimg.com/safebrowsing/rd/goog-malware-shavar_s_420\nu:s.ytimg.com/saf"
38 "ebrowsing/rd/goog-malware-shavar_s_419\nu:s.ytimg.com/safebrowsing/rd/goog-mal"
39 "ware-shavar_s_414\nu:s.ytimg.com/safebrowsing/rd/goog-malware-shavar_s_409-411"
40 "\nu:s.ytimg.com/safebrowsing/rd/goog-malware-shavar_s_405\nu:s.ytimg.com/safeb"
41 "rowsing/rd/goog-malware-shavar_s_404\nu:s.ytimg.com/safebrowsing/rd/goog-malwa"
42 "re-shavar_s_402\nu:s.ytimg.com/safebrowsing/rd/goog-malware-shavar_s_401\nu:s."
43 "ytimg.com/safebrowsing/rd/goog-malware-shavar_a_973-978\nu:s.ytimg.com/safebro"
44 "wsing/rd/goog-malware-shavar_a_937-972\nu:s.ytimg.com/safebrowsing/rd/goog-mal"
45 "ware-shavar_a_931-936\nu:s.ytimg.com/safebrowsing/rd/goog-malware-shavar_a_925"
46 "-930\nu:s.ytimg.com/safebrowsing/rd/goog-malware-shavar_a_919-924\ni:goog-phis"
47 "h-shavar\nu:s.ytimg.com/safebrowsing/rd/goog-phish-shavar_a_2633\nu:s.ytimg.co"
48 "m/safebrowsing/rd/goog-phish-shavar_a_2632\nu:s.ytimg.com/safebrowsing/rd/goog"
49 "-phish-shavar_a_2629-2631\nu:s.ytimg.com/safebrowsing/rd/goog-phish-shavar_a_2"
50 "626-2628\nu:s.ytimg.com/safebrowsing/rd/goog-phish-shavar_a_2625\n";
51
52 std::string message_data(kMessage);
53
54 base::HMAC hmac(base::HMAC::SHA1);
55 ASSERT_TRUE(hmac.Init(kClientKey, kKeySize));
56 unsigned char calculated_hmac[kDigestSize];
57
58 EXPECT_TRUE(hmac.Sign(message_data, calculated_hmac, kDigestSize));
59 EXPECT_EQ(memcmp(kReceivedHmac, calculated_hmac, kDigestSize), 0);
60 }
61
62 // Test cases from RFC 2202 section 3
TEST(HMACTest,RFC2202TestCases)63 TEST(HMACTest, RFC2202TestCases) {
64 const struct {
65 const char *key;
66 const int key_len;
67 const char *data;
68 const int data_len;
69 const char *digest;
70 } cases[] = {
71 { "\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B\x0B"
72 "\x0B\x0B\x0B\x0B", 20,
73 "Hi There", 8,
74 "\xB6\x17\x31\x86\x55\x05\x72\x64\xE2\x8B\xC0\xB6\xFB\x37\x8C\x8E"
75 "\xF1\x46\xBE\x00" },
76 { "Jefe", 4,
77 "what do ya want for nothing?", 28,
78 "\xEF\xFC\xDF\x6A\xE5\xEB\x2F\xA2\xD2\x74\x16\xD5\xF1\x84\xDF\x9C"
79 "\x25\x9A\x7C\x79" },
80 { "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
81 "\xAA\xAA\xAA\xAA", 20,
82 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
83 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
84 "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
85 "\xDD\xDD", 50,
86 "\x12\x5D\x73\x42\xB9\xAC\x11\xCD\x91\xA3\x9A\xF4\x8A\xA1\x7B\x4F"
87 "\x63\xF1\x75\xD3" },
88 { "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10"
89 "\x11\x12\x13\x14\x15\x16\x17\x18\x19", 25,
90 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
91 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
92 "\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD\xCD"
93 "\xCD\xCD", 50,
94 "\x4C\x90\x07\xF4\x02\x62\x50\xC6\xBC\x84\x14\xF9\xBF\x50\xC8\x6C"
95 "\x2D\x72\x35\xDA" },
96 { "\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C\x0C"
97 "\x0C\x0C\x0C\x0C", 20,
98 "Test With Truncation", 20,
99 "\x4C\x1A\x03\x42\x4B\x55\xE0\x7F\xE7\xF2\x7B\xE1\xD5\x8B\xB9\x32"
100 "\x4A\x9A\x5A\x04" },
101 { "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
102 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
103 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
104 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
105 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA",
106 80,
107 "Test Using Larger Than Block-Size Key - Hash Key First", 54,
108 "\xAA\x4A\xE5\xE1\x52\x72\xD0\x0E\x95\x70\x56\x37\xCE\x8A\x3B\x55"
109 "\xED\x40\x21\x12" },
110 { "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
111 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
112 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
113 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
114 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA",
115 80,
116 "Test Using Larger Than Block-Size Key and Larger "
117 "Than One Block-Size Data", 73,
118 "\xE8\xE9\x9D\x0F\x45\x23\x7D\x78\x6D\x6B\xBA\xA7\x96\x5C\x78\x08"
119 "\xBB\xFF\x1A\x91" }
120 };
121
122 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(cases); ++i) {
123 base::HMAC hmac(base::HMAC::SHA1);
124 ASSERT_TRUE(hmac.Init(reinterpret_cast<const unsigned char*>(cases[i].key),
125 cases[i].key_len));
126 std::string data_string(cases[i].data, cases[i].data_len);
127 unsigned char digest[kDigestSize];
128 EXPECT_TRUE(hmac.Sign(data_string, digest, kDigestSize));
129 EXPECT_EQ(memcmp(cases[i].digest, digest, kDigestSize), 0);
130 }
131 }
132
TEST(HMACTest,HMACObjectReuse)133 TEST(HMACTest, HMACObjectReuse) {
134 const char *key =
135 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
136 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
137 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
138 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
139 "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA";
140 const int key_len = 80;
141
142 const struct {
143 const char *data;
144 const int data_len;
145 const char *digest;
146 } cases[] = {
147 { "Test Using Larger Than Block-Size Key - Hash Key First", 54,
148 "\xAA\x4A\xE5\xE1\x52\x72\xD0\x0E\x95\x70\x56\x37\xCE\x8A\x3B\x55"
149 "\xED\x40\x21\x12" },
150 { "Test Using Larger Than Block-Size Key and Larger "
151 "Than One Block-Size Data", 73,
152 "\xE8\xE9\x9D\x0F\x45\x23\x7D\x78\x6D\x6B\xBA\xA7\x96\x5C\x78\x08"
153 "\xBB\xFF\x1A\x91" }
154 };
155
156 base::HMAC hmac(base::HMAC::SHA1);
157 ASSERT_TRUE(hmac.Init(reinterpret_cast<const unsigned char*>(key), key_len));
158 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(cases); ++i) {
159 std::string data_string(cases[i].data, cases[i].data_len);
160 unsigned char digest[kDigestSize];
161 EXPECT_TRUE(hmac.Sign(data_string, digest, kDigestSize));
162 EXPECT_EQ(memcmp(cases[i].digest, digest, kDigestSize), 0);
163 }
164 }
165