v1.14.6/sdk/helper/kdf/kdf_test.go - hashicorp/vault - Git at Google

 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: MPL-2.0

 package kdf

 import (
 	"bytes"
 	"testing"
 )

 func TestCounterMode(t *testing.T) {
 	key := []byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16}
 	context := []byte("the quick brown fox")
 	prf := HMACSHA256PRF
 	prfLen := HMACSHA256PRFLen

 	// Expect256 was generated in python with
 	// import hashlib, hmac
 	// hash = hashlib.sha256
 	// context = "the quick brown fox"
 	// key = "".join([chr(x) for x in range(1, 17)])
 	// inp = "\x00\x00\x00\x00"+context+"\x00\x00\x01\x00"
 	// digest = hmac.HMAC(key, inp, hash).digest()
 	// print [ord(x) for x in digest]
 	expect256 := []byte{
 		219, 25, 238, 6, 185, 236, 180, 64, 248, 152, 251,
 		153, 79, 5, 141, 222, 66, 200, 66, 143, 40, 3, 101, 221, 206, 163, 102,
 		80, 88, 234, 87, 157,
 	}

 	for _, l := range []uint32{128, 256, 384, 1024} {
 		out, err := CounterMode(prf, prfLen, key, context, l)
 		if err != nil {
 			t.Fatalf("err: %v", err)
 		}

 		if uint32(len(out)*8) != l {
 			t.Fatalf("bad length: %#v", out)
 		}

 		if bytes.Contains(out, key) {
 			t.Fatalf("output contains key")
 		}

 		if l == 256 && !bytes.Equal(out, expect256) {
 			t.Fatalf("mis-match")
 		}
 	}
 }

 func TestHMACSHA256PRF(t *testing.T) {
 	key := []byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16}
 	data := []byte("foobarbaz")
 	out, err := HMACSHA256PRF(key, data)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}

 	if uint32(len(out)*8) != HMACSHA256PRFLen {
 		t.Fatalf("Bad len")
 	}

 	// Expect was generated in python with:
 	// import hashlib, hmac
 	// hash = hashlib.sha256
 	// msg = "foobarbaz"
 	// key = "".join([chr(x) for x in range(1, 17)])
 	// hm = hmac.HMAC(key, msg, hash)
 	// print [ord(x) for x in hm.digest()]
 	expect := []byte{
 		9, 50, 146, 8, 188, 130, 150, 107, 205, 147, 82, 170,
 		253, 183, 26, 38, 167, 194, 220, 111, 56, 118, 219, 209, 31, 52, 137,
 		90, 246, 133, 191, 124,
 	}
 	if !bytes.Equal(expect, out) {
 		t.Fatalf("mis-matched output")
 	}
 }
	// Copyright (c) HashiCorp, Inc.
	// SPDX-License-Identifier: MPL-2.0

	package kdf

	import (
	"bytes"
	"testing"
	)

	func TestCounterMode(t *testing.T) {
	key := []byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16}
	context := []byte("the quick brown fox")
	prf := HMACSHA256PRF
	prfLen := HMACSHA256PRFLen

	// Expect256 was generated in python with
	// import hashlib, hmac
	// hash = hashlib.sha256
	// context = "the quick brown fox"
	// key = "".join([chr(x) for x in range(1, 17)])
	// inp = "\x00\x00\x00\x00"+context+"\x00\x00\x01\x00"
	// digest = hmac.HMAC(key, inp, hash).digest()
	// print [ord(x) for x in digest]
	expect256 := []byte{
	219, 25, 238, 6, 185, 236, 180, 64, 248, 152, 251,
	153, 79, 5, 141, 222, 66, 200, 66, 143, 40, 3, 101, 221, 206, 163, 102,
	80, 88, 234, 87, 157,
	}

	for _, l := range []uint32{128, 256, 384, 1024} {
	out, err := CounterMode(prf, prfLen, key, context, l)
	if err != nil {
	t.Fatalf("err: %v", err)
	}

	if uint32(len(out)*8) != l {
	t.Fatalf("bad length: %#v", out)
	}

	if bytes.Contains(out, key) {
	t.Fatalf("output contains key")
	}

	if l == 256 && !bytes.Equal(out, expect256) {
	t.Fatalf("mis-match")
	}
	}
	}

	func TestHMACSHA256PRF(t *testing.T) {
	key := []byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16}
	data := []byte("foobarbaz")
	out, err := HMACSHA256PRF(key, data)
	if err != nil {
	t.Fatalf("err: %v", err)
	}

	if uint32(len(out)*8) != HMACSHA256PRFLen {
	t.Fatalf("Bad len")
	}

	// Expect was generated in python with:
	// import hashlib, hmac
	// hash = hashlib.sha256
	// msg = "foobarbaz"
	// key = "".join([chr(x) for x in range(1, 17)])
	// hm = hmac.HMAC(key, msg, hash)
	// print [ord(x) for x in hm.digest()]
	expect := []byte{
	9, 50, 146, 8, 188, 130, 150, 107, 205, 147, 82, 170,
	253, 183, 26, 38, 167, 194, 220, 111, 56, 118, 219, 209, 31, 52, 137,
	90, 246, 133, 191, 124,
	}
	if !bytes.Equal(expect, out) {
	t.Fatalf("mis-matched output")
	}
	}