go/mac/subtle/hmac_test.go - platform/external/tink - Git at Google

 // Copyright 2020 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //
 ////////////////////////////////////////////////////////////////////////////////

 package subtle_test

 import (
 	"encoding/hex"
 	"strings"
 	"testing"

 	"github.com/google/tink/go/mac/subtle"
 	"github.com/google/tink/go/subtle/random"
 )

 var key, _ = hex.DecodeString("000102030405060708090a0b0c0d0e0f")
 var data = []byte("Hello")
 var hmacTests = []struct {
 	hashAlg     string
 	tagSize     uint32
 	key         []byte
 	data        []byte
 	expectedMac string
 }{
 	{
 		hashAlg:     "SHA256",
 		tagSize:     32,
 		data:        data,
 		key:         key,
 		expectedMac: "e0ff02553d9a619661026c7aa1ddf59b7b44eac06a9908ff9e19961d481935d4",
 	},
 	{
 		hashAlg: "SHA512",
 		tagSize: 64,
 		data:    data,
 		key:     key,
 		expectedMac: "481e10d823ba64c15b94537a3de3f253c16642451ac45124dd4dde120bf1e5c15" +
 			"e55487d55ba72b43039f235226e7954cd5854b30abc4b5b53171a4177047c9b",
 	},
 	// empty data
 	{
 		hashAlg:     "SHA256",
 		tagSize:     32,
 		data:        []byte{},
 		key:         key,
 		expectedMac: "07eff8b326b7798c9ccfcbdbe579489ac785a7995a04618b1a2813c26744777d",
 	},
 }

 func TestHMACBasic(t *testing.T) {
 	for i, test := range hmacTests {
 		cipher, err := subtle.NewHMAC(test.hashAlg, test.key, test.tagSize)
 		if err != nil {
 			t.Errorf("cannot create new mac in test case %d: %s", i, err)
 		}
 		mac, err := cipher.ComputeMAC(test.data)
 		if err != nil {
 			t.Errorf("mac computation failed in test case %d: %s", i, err)
 		}
 		if hex.EncodeToString(mac) != test.expectedMac[:(test.tagSize*2)] {
 			t.Errorf("incorrect mac in test case %d: expect %s, got %s",
 				i, test.expectedMac[:(test.tagSize*2)], hex.EncodeToString(mac))
 		}
 		if err := cipher.VerifyMAC(mac, test.data); err != nil {
 			t.Errorf("mac verification failed in test case %d: %s", i, err)
 		}
 	}
 }

 func TestNewHMACWithInvalidInput(t *testing.T) {
 	// invalid hash algorithm
 	_, err := subtle.NewHMAC("MD5", random.GetRandomBytes(16), 32)
 	if err == nil || !strings.Contains(err.Error(), "invalid hash algorithm") {
 		t.Errorf("expect an error when hash algorithm is invalid")
 	}
 	// key too short
 	_, err = subtle.NewHMAC("SHA256", random.GetRandomBytes(1), 32)
 	if err == nil || !strings.Contains(err.Error(), "key too short") {
 		t.Errorf("expect an error when key is too short")
 	}
 	// tag too short
 	_, err = subtle.NewHMAC("SHA256", random.GetRandomBytes(16), 9)
 	if err == nil || !strings.Contains(err.Error(), "tag size too small") {
 		t.Errorf("expect an error when tag size is too small")
 	}
 	// tag too big
 	_, err = subtle.NewHMAC("SHA1", random.GetRandomBytes(16), 21)
 	if err == nil || !strings.Contains(err.Error(), "tag size too big") {
 		t.Errorf("expect an error when tag size is too big")
 	}
 	_, err = subtle.NewHMAC("SHA256", random.GetRandomBytes(16), 33)
 	if err == nil || !strings.Contains(err.Error(), "tag size too big") {
 		t.Errorf("expect an error when tag size is too big")
 	}
 	_, err = subtle.NewHMAC("SHA512", random.GetRandomBytes(16), 65)
 	if err == nil || !strings.Contains(err.Error(), "tag size too big") {
 		t.Errorf("expect an error when tag size is too big")
 	}
 }

 func TestHMAComputeVerifyWithNilInput(t *testing.T) {
 	cipher, err := subtle.NewHMAC("SHA256", random.GetRandomBytes(16), 32)
 	if err != nil {
 		t.Errorf("unexpected error when creating new HMAC")
 	}
 	tag, err := cipher.ComputeMAC(nil)
 	if err != nil {
 		t.Errorf("cipher.ComputeMAC(nil) failed: %v", err)
 	}
 	if err := cipher.VerifyMAC(tag, nil); err != nil {
 		t.Errorf("cipher.VerifyMAC(tag, nil) failed: %v", err)
 	}
 }

 func TestVerifyMACWithInvalidInput(t *testing.T) {
 	cipher, err := subtle.NewHMAC("SHA256", random.GetRandomBytes(16), 32)
 	if err != nil {
 		t.Errorf("unexpected error when creating new HMAC")
 	}
 	if err := cipher.VerifyMAC(nil, []byte{1}); err == nil {
 		t.Errorf("expect an error when mac is nil")
 	}
 	if err := cipher.VerifyMAC([]byte{1}, nil); err == nil {
 		t.Errorf("expect an error when data is nil")
 	}
 	if err := cipher.VerifyMAC(nil, nil); err == nil {
 		t.Errorf("cipher.VerifyMAC(nil, nil) succeeded unexpectedly")
 	}
 }

 func TestHMACModification(t *testing.T) {
 	for i, test := range hmacTests {
 		cipher, err := subtle.NewHMAC(test.hashAlg, test.key, test.tagSize)
 		if err != nil {
 			t.Errorf("cannot create new mac in test case %d: %s", i, err)
 		}
 		mac, _ := cipher.ComputeMAC(test.data)
 		for i := 0; i < len(mac); i++ {
 			tmp := mac[i]
 			for j := 0; j < 8; j++ {
 				mac[i] ^= 1 << uint8(j)
 				err := cipher.VerifyMAC(mac, test.data)
 				if err == nil {
 					t.Errorf("test case %d: modified MAC should be invalid", i)
 				}
 				mac[i] = tmp
 			}
 		}
 	}
 }

 func TestHMACTruncation(t *testing.T) {
 	for i, test := range hmacTests {
 		cipher, err := subtle.NewHMAC(test.hashAlg, test.key, test.tagSize)
 		if err != nil {
 			t.Errorf("cannot create new mac in test case %d: %s", i, err)
 		}
 		mac, _ := cipher.ComputeMAC(test.data)
 		for i := 1; i < len(mac); i++ {
 			tmp := mac[:i]
 			err := cipher.VerifyMAC(tmp, test.data)
 			if err == nil {
 				t.Errorf("test case %d: truncated MAC should be invalid", i)
 			}
 		}
 	}
 }
	// Copyright 2020 Google LLC
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.
	//
	////////////////////////////////////////////////////////////////////////////////

	package subtle_test

	import (
	"encoding/hex"
	"strings"
	"testing"

	"github.com/google/tink/go/mac/subtle"
	"github.com/google/tink/go/subtle/random"
	)

	var key, _ = hex.DecodeString("000102030405060708090a0b0c0d0e0f")
	var data = []byte("Hello")
	var hmacTests = []struct {
	hashAlg string
	tagSize uint32
	key []byte
	data []byte
	expectedMac string
	}{
	{
	hashAlg: "SHA256",
	tagSize: 32,
	data: data,
	key: key,
	expectedMac: "e0ff02553d9a619661026c7aa1ddf59b7b44eac06a9908ff9e19961d481935d4",
	},
	{
	hashAlg: "SHA512",
	tagSize: 64,
	data: data,
	key: key,
	expectedMac: "481e10d823ba64c15b94537a3de3f253c16642451ac45124dd4dde120bf1e5c15" +
	"e55487d55ba72b43039f235226e7954cd5854b30abc4b5b53171a4177047c9b",
	},
	// empty data
	{
	hashAlg: "SHA256",
	tagSize: 32,
	data: []byte{},
	key: key,
	expectedMac: "07eff8b326b7798c9ccfcbdbe579489ac785a7995a04618b1a2813c26744777d",
	},
	}

	func TestHMACBasic(t *testing.T) {
	for i, test := range hmacTests {
	cipher, err := subtle.NewHMAC(test.hashAlg, test.key, test.tagSize)
	if err != nil {
	t.Errorf("cannot create new mac in test case %d: %s", i, err)
	}
	mac, err := cipher.ComputeMAC(test.data)
	if err != nil {
	t.Errorf("mac computation failed in test case %d: %s", i, err)
	}
	if hex.EncodeToString(mac) != test.expectedMac[:(test.tagSize*2)] {
	t.Errorf("incorrect mac in test case %d: expect %s, got %s",
	i, test.expectedMac[:(test.tagSize*2)], hex.EncodeToString(mac))
	}
	if err := cipher.VerifyMAC(mac, test.data); err != nil {
	t.Errorf("mac verification failed in test case %d: %s", i, err)
	}
	}
	}

	func TestNewHMACWithInvalidInput(t *testing.T) {
	// invalid hash algorithm
	_, err := subtle.NewHMAC("MD5", random.GetRandomBytes(16), 32)
	if err == nil \|\| !strings.Contains(err.Error(), "invalid hash algorithm") {
	t.Errorf("expect an error when hash algorithm is invalid")
	}
	// key too short
	_, err = subtle.NewHMAC("SHA256", random.GetRandomBytes(1), 32)
	if err == nil \|\| !strings.Contains(err.Error(), "key too short") {
	t.Errorf("expect an error when key is too short")
	}
	// tag too short
	_, err = subtle.NewHMAC("SHA256", random.GetRandomBytes(16), 9)
	if err == nil \|\| !strings.Contains(err.Error(), "tag size too small") {
	t.Errorf("expect an error when tag size is too small")
	}
	// tag too big
	_, err = subtle.NewHMAC("SHA1", random.GetRandomBytes(16), 21)
	if err == nil \|\| !strings.Contains(err.Error(), "tag size too big") {
	t.Errorf("expect an error when tag size is too big")
	}
	_, err = subtle.NewHMAC("SHA256", random.GetRandomBytes(16), 33)
	if err == nil \|\| !strings.Contains(err.Error(), "tag size too big") {
	t.Errorf("expect an error when tag size is too big")
	}
	_, err = subtle.NewHMAC("SHA512", random.GetRandomBytes(16), 65)
	if err == nil \|\| !strings.Contains(err.Error(), "tag size too big") {
	t.Errorf("expect an error when tag size is too big")
	}
	}

	func TestHMAComputeVerifyWithNilInput(t *testing.T) {
	cipher, err := subtle.NewHMAC("SHA256", random.GetRandomBytes(16), 32)
	if err != nil {
	t.Errorf("unexpected error when creating new HMAC")
	}
	tag, err := cipher.ComputeMAC(nil)
	if err != nil {
	t.Errorf("cipher.ComputeMAC(nil) failed: %v", err)
	}
	if err := cipher.VerifyMAC(tag, nil); err != nil {
	t.Errorf("cipher.VerifyMAC(tag, nil) failed: %v", err)
	}
	}

	func TestVerifyMACWithInvalidInput(t *testing.T) {
	cipher, err := subtle.NewHMAC("SHA256", random.GetRandomBytes(16), 32)
	if err != nil {
	t.Errorf("unexpected error when creating new HMAC")
	}
	if err := cipher.VerifyMAC(nil, []byte{1}); err == nil {
	t.Errorf("expect an error when mac is nil")
	}
	if err := cipher.VerifyMAC([]byte{1}, nil); err == nil {
	t.Errorf("expect an error when data is nil")
	}
	if err := cipher.VerifyMAC(nil, nil); err == nil {
	t.Errorf("cipher.VerifyMAC(nil, nil) succeeded unexpectedly")
	}
	}

	func TestHMACModification(t *testing.T) {
	for i, test := range hmacTests {
	cipher, err := subtle.NewHMAC(test.hashAlg, test.key, test.tagSize)
	if err != nil {
	t.Errorf("cannot create new mac in test case %d: %s", i, err)
	}
	mac, _ := cipher.ComputeMAC(test.data)
	for i := 0; i < len(mac); i++ {
	tmp := mac[i]
	for j := 0; j < 8; j++ {
	mac[i] ^= 1 << uint8(j)
	err := cipher.VerifyMAC(mac, test.data)
	if err == nil {
	t.Errorf("test case %d: modified MAC should be invalid", i)
	}
	mac[i] = tmp
	}
	}
	}
	}

	func TestHMACTruncation(t *testing.T) {
	for i, test := range hmacTests {
	cipher, err := subtle.NewHMAC(test.hashAlg, test.key, test.tagSize)
	if err != nil {
	t.Errorf("cannot create new mac in test case %d: %s", i, err)
	}
	mac, _ := cipher.ComputeMAC(test.data)
	for i := 1; i < len(mac); i++ {
	tmp := mac[:i]
	err := cipher.VerifyMAC(tmp, test.data)
	if err == nil {
	t.Errorf("test case %d: truncated MAC should be invalid", i)
	}
	}
	}
	}