Add test vectors for key derivation functions (#320)

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2025-05-04 23:35:11 -04:00 · 2022-08-01 09:11:13 +02:00 · 2022-08-01 09:11:13 +02:00 · 7baf98f014
commit 7baf98f014
parent 87083ca624
7 changed files with 432 additions and 89 deletions
--- a/internal/crypto/crypto_test.go
+++ b/internal/crypto/crypto_test.go
@ -3,6 +3,7 @@ package crypto
 import (
 	"testing"

+	"github.com/edgelesssys/constellation/internal/crypto/testvector"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"go.uber.org/goleak"
@ -28,6 +29,59 @@ func TestDeriveKey(t *testing.T) {
 	key3, err := DeriveKey([]byte("secret"), []byte("salt"), []byte("second"), 32)
 	require.NoError(err)
 	assert.NotEqual(key1, key3)
+
+	zeroInput := testvector.HKDFZero
+	out, err := DeriveKey(zeroInput.Secret, zeroInput.Salt, []byte(zeroInput.InfoPrefix+zeroInput.Info), zeroInput.Length)
+	require.NoError(err)
+	assert.Equal(zeroInput.Output, out)
+
+	fInput := testvector.HKDF0xFF
+	out, err = DeriveKey(fInput.Secret, fInput.Salt, []byte(fInput.InfoPrefix+fInput.Info), fInput.Length)
+	require.NoError(err)
+	assert.Equal(fInput.Output, out)
+}
+
+func TestVectorsHKDF(t *testing.T) {
+	testCases := map[string]struct {
+		secret  []byte
+		salt    []byte
+		info    []byte
+		length  uint
+		wantKey []byte
+	}{
+		"rfc Test Case 1": {
+			secret:  testvector.HKDFrfc1.Secret,
+			salt:    testvector.HKDFrfc1.Salt,
+			info:    []byte(testvector.HKDFrfc1.Info),
+			length:  testvector.HKDFrfc1.Length,
+			wantKey: testvector.HKDFrfc1.Output,
+		},
+		"rfc Test Case 2": {
+			secret:  testvector.HKDFrfc2.Secret,
+			salt:    testvector.HKDFrfc2.Salt,
+			info:    []byte(testvector.HKDFrfc2.Info),
+			length:  testvector.HKDFrfc2.Length,
+			wantKey: testvector.HKDFrfc2.Output,
+		},
+		"rfc Test Case 3": {
+			secret:  testvector.HKDFrfc3.Secret,
+			salt:    testvector.HKDFrfc3.Salt,
+			info:    []byte(testvector.HKDFrfc3.Info),
+			length:  testvector.HKDFrfc3.Length,
+			wantKey: testvector.HKDFrfc3.Output,
+		},
+	}
+
+	for name, tc := range testCases {
+		t.Run(name, func(t *testing.T) {
+			assert := assert.New(t)
+			require := require.New(t)
+
+			out, err := DeriveKey(tc.secret, tc.salt, tc.info, tc.length)
+			require.NoError(err)
+			assert.Equal(tc.wantKey, out)
+		})
+	}
 }

 func TestGenerateCertificateSerialNumber(t *testing.T) {