mac/subtle/hmac_test.go

*e7b1675dSTing-Kang Chang// Copyright 2020 Google LLC
*e7b1675dSTing-Kang Chang//
*e7b1675dSTing-Kang Chang// Licensed under the Apache License, Version 2.0 (the "License");
*e7b1675dSTing-Kang Chang// you may not use this file except in compliance with the License.
*e7b1675dSTing-Kang Chang// You may obtain a copy of the License at
*e7b1675dSTing-Kang Chang//
*e7b1675dSTing-Kang Chang//      http://www.apache.org/licenses/LICENSE-2.0
*e7b1675dSTing-Kang Chang//
*e7b1675dSTing-Kang Chang// Unless required by applicable law or agreed to in writing, software
*e7b1675dSTing-Kang Chang// distributed under the License is distributed on an "AS IS" BASIS,
*e7b1675dSTing-Kang Chang// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
*e7b1675dSTing-Kang Chang// See the License for the specific language governing permissions and
*e7b1675dSTing-Kang Chang// limitations under the License.
*e7b1675dSTing-Kang Chang//
*e7b1675dSTing-Kang Chang////////////////////////////////////////////////////////////////////////////////
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Changpackage subtle_test
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Changimport (
*e7b1675dSTing-Kang Chang	"encoding/hex"
*e7b1675dSTing-Kang Chang	"strings"
*e7b1675dSTing-Kang Chang	"testing"
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang	"github.com/google/tink/go/mac/subtle"
*e7b1675dSTing-Kang Chang	"github.com/google/tink/go/subtle/random"
*e7b1675dSTing-Kang Chang)
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Changvar key, _ = hex.DecodeString("000102030405060708090a0b0c0d0e0f")
*e7b1675dSTing-Kang Changvar data = []byte("Hello")
*e7b1675dSTing-Kang Changvar hmacTests = []struct {
*e7b1675dSTing-Kang Chang	hashAlg     string
*e7b1675dSTing-Kang Chang	tagSize     uint32
*e7b1675dSTing-Kang Chang	key         []byte
*e7b1675dSTing-Kang Chang	data        []byte
*e7b1675dSTing-Kang Chang	expectedMac string
*e7b1675dSTing-Kang Chang}{
*e7b1675dSTing-Kang Chang	{
*e7b1675dSTing-Kang Chang		hashAlg:     "SHA256",
*e7b1675dSTing-Kang Chang		tagSize:     32,
*e7b1675dSTing-Kang Chang		data:        data,
*e7b1675dSTing-Kang Chang		key:         key,
*e7b1675dSTing-Kang Chang		expectedMac: "e0ff02553d9a619661026c7aa1ddf59b7b44eac06a9908ff9e19961d481935d4",
*e7b1675dSTing-Kang Chang	},
*e7b1675dSTing-Kang Chang	{
*e7b1675dSTing-Kang Chang		hashAlg: "SHA512",
*e7b1675dSTing-Kang Chang		tagSize: 64,
*e7b1675dSTing-Kang Chang		data:    data,
*e7b1675dSTing-Kang Chang		key:     key,
*e7b1675dSTing-Kang Chang		expectedMac: "481e10d823ba64c15b94537a3de3f253c16642451ac45124dd4dde120bf1e5c15" +
*e7b1675dSTing-Kang Chang			"e55487d55ba72b43039f235226e7954cd5854b30abc4b5b53171a4177047c9b",
*e7b1675dSTing-Kang Chang	},
*e7b1675dSTing-Kang Chang	// empty data
*e7b1675dSTing-Kang Chang	{
*e7b1675dSTing-Kang Chang		hashAlg:     "SHA256",
*e7b1675dSTing-Kang Chang		tagSize:     32,
*e7b1675dSTing-Kang Chang		data:        []byte{},
*e7b1675dSTing-Kang Chang		key:         key,
*e7b1675dSTing-Kang Chang		expectedMac: "07eff8b326b7798c9ccfcbdbe579489ac785a7995a04618b1a2813c26744777d",
*e7b1675dSTing-Kang Chang	},
*e7b1675dSTing-Kang Chang}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Changfunc TestHMACBasic(t *testing.T) {
*e7b1675dSTing-Kang Chang	for i, test := range hmacTests {
*e7b1675dSTing-Kang Chang		cipher, err := subtle.NewHMAC(test.hashAlg, test.key, test.tagSize)
*e7b1675dSTing-Kang Chang		if err != nil {
*e7b1675dSTing-Kang Chang			t.Errorf("cannot create new mac in test case %d: %s", i, err)
*e7b1675dSTing-Kang Chang		}
*e7b1675dSTing-Kang Chang		mac, err := cipher.ComputeMAC(test.data)
*e7b1675dSTing-Kang Chang		if err != nil {
*e7b1675dSTing-Kang Chang			t.Errorf("mac computation failed in test case %d: %s", i, err)
*e7b1675dSTing-Kang Chang		}
*e7b1675dSTing-Kang Chang		if hex.EncodeToString(mac) != test.expectedMac[:(test.tagSize*2)] {
*e7b1675dSTing-Kang Chang			t.Errorf("incorrect mac in test case %d: expect %s, got %s",
*e7b1675dSTing-Kang Chang				i, test.expectedMac[:(test.tagSize*2)], hex.EncodeToString(mac))
*e7b1675dSTing-Kang Chang		}
*e7b1675dSTing-Kang Chang		if err := cipher.VerifyMAC(mac, test.data); err != nil {
*e7b1675dSTing-Kang Chang			t.Errorf("mac verification failed in test case %d: %s", i, err)
*e7b1675dSTing-Kang Chang		}
*e7b1675dSTing-Kang Chang	}
*e7b1675dSTing-Kang Chang}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Changfunc TestNewHMACWithInvalidInput(t *testing.T) {
*e7b1675dSTing-Kang Chang	// invalid hash algorithm
*e7b1675dSTing-Kang Chang	_, err := subtle.NewHMAC("MD5", random.GetRandomBytes(16), 32)
*e7b1675dSTing-Kang Chang	if err == nil || !strings.Contains(err.Error(), "invalid hash algorithm") {
*e7b1675dSTing-Kang Chang		t.Errorf("expect an error when hash algorithm is invalid")
*e7b1675dSTing-Kang Chang	}
*e7b1675dSTing-Kang Chang	// key too short
*e7b1675dSTing-Kang Chang	_, err = subtle.NewHMAC("SHA256", random.GetRandomBytes(1), 32)
*e7b1675dSTing-Kang Chang	if err == nil || !strings.Contains(err.Error(), "key too short") {
*e7b1675dSTing-Kang Chang		t.Errorf("expect an error when key is too short")
*e7b1675dSTing-Kang Chang	}
*e7b1675dSTing-Kang Chang	// tag too short
*e7b1675dSTing-Kang Chang	_, err = subtle.NewHMAC("SHA256", random.GetRandomBytes(16), 9)
*e7b1675dSTing-Kang Chang	if err == nil || !strings.Contains(err.Error(), "tag size too small") {
*e7b1675dSTing-Kang Chang		t.Errorf("expect an error when tag size is too small")
*e7b1675dSTing-Kang Chang	}
*e7b1675dSTing-Kang Chang	// tag too big
*e7b1675dSTing-Kang Chang	_, err = subtle.NewHMAC("SHA1", random.GetRandomBytes(16), 21)
*e7b1675dSTing-Kang Chang	if err == nil || !strings.Contains(err.Error(), "tag size too big") {
*e7b1675dSTing-Kang Chang		t.Errorf("expect an error when tag size is too big")
*e7b1675dSTing-Kang Chang	}
*e7b1675dSTing-Kang Chang	_, err = subtle.NewHMAC("SHA256", random.GetRandomBytes(16), 33)
*e7b1675dSTing-Kang Chang	if err == nil || !strings.Contains(err.Error(), "tag size too big") {
*e7b1675dSTing-Kang Chang		t.Errorf("expect an error when tag size is too big")
*e7b1675dSTing-Kang Chang	}
*e7b1675dSTing-Kang Chang	_, err = subtle.NewHMAC("SHA512", random.GetRandomBytes(16), 65)
*e7b1675dSTing-Kang Chang	if err == nil || !strings.Contains(err.Error(), "tag size too big") {
*e7b1675dSTing-Kang Chang		t.Errorf("expect an error when tag size is too big")
*e7b1675dSTing-Kang Chang	}
*e7b1675dSTing-Kang Chang}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Changfunc TestHMAComputeVerifyWithNilInput(t *testing.T) {
*e7b1675dSTing-Kang Chang	cipher, err := subtle.NewHMAC("SHA256", random.GetRandomBytes(16), 32)
*e7b1675dSTing-Kang Chang	if err != nil {
*e7b1675dSTing-Kang Chang		t.Errorf("unexpected error when creating new HMAC")
*e7b1675dSTing-Kang Chang	}
*e7b1675dSTing-Kang Chang	tag, err := cipher.ComputeMAC(nil)
*e7b1675dSTing-Kang Chang	if err != nil {
*e7b1675dSTing-Kang Chang		t.Errorf("cipher.ComputeMAC(nil) failed: %v", err)
*e7b1675dSTing-Kang Chang	}
*e7b1675dSTing-Kang Chang	if err := cipher.VerifyMAC(tag, nil); err != nil {
*e7b1675dSTing-Kang Chang		t.Errorf("cipher.VerifyMAC(tag, nil) failed: %v", err)
*e7b1675dSTing-Kang Chang	}
*e7b1675dSTing-Kang Chang}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Changfunc TestVerifyMACWithInvalidInput(t *testing.T) {
*e7b1675dSTing-Kang Chang	cipher, err := subtle.NewHMAC("SHA256", random.GetRandomBytes(16), 32)
*e7b1675dSTing-Kang Chang	if err != nil {
*e7b1675dSTing-Kang Chang		t.Errorf("unexpected error when creating new HMAC")
*e7b1675dSTing-Kang Chang	}
*e7b1675dSTing-Kang Chang	if err := cipher.VerifyMAC(nil, []byte{1}); err == nil {
*e7b1675dSTing-Kang Chang		t.Errorf("expect an error when mac is nil")
*e7b1675dSTing-Kang Chang	}
*e7b1675dSTing-Kang Chang	if err := cipher.VerifyMAC([]byte{1}, nil); err == nil {
*e7b1675dSTing-Kang Chang		t.Errorf("expect an error when data is nil")
*e7b1675dSTing-Kang Chang	}
*e7b1675dSTing-Kang Chang	if err := cipher.VerifyMAC(nil, nil); err == nil {
*e7b1675dSTing-Kang Chang		t.Errorf("cipher.VerifyMAC(nil, nil) succeeded unexpectedly")
*e7b1675dSTing-Kang Chang	}
*e7b1675dSTing-Kang Chang}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Changfunc TestHMACModification(t *testing.T) {
*e7b1675dSTing-Kang Chang	for i, test := range hmacTests {
*e7b1675dSTing-Kang Chang		cipher, err := subtle.NewHMAC(test.hashAlg, test.key, test.tagSize)
*e7b1675dSTing-Kang Chang		if err != nil {
*e7b1675dSTing-Kang Chang			t.Errorf("cannot create new mac in test case %d: %s", i, err)
*e7b1675dSTing-Kang Chang		}
*e7b1675dSTing-Kang Chang		mac, _ := cipher.ComputeMAC(test.data)
*e7b1675dSTing-Kang Chang		for i := 0; i < len(mac); i++ {
*e7b1675dSTing-Kang Chang			tmp := mac[i]
*e7b1675dSTing-Kang Chang			for j := 0; j < 8; j++ {
*e7b1675dSTing-Kang Chang				mac[i] ^= 1 << uint8(j)
*e7b1675dSTing-Kang Chang				err := cipher.VerifyMAC(mac, test.data)
*e7b1675dSTing-Kang Chang				if err == nil {
*e7b1675dSTing-Kang Chang					t.Errorf("test case %d: modified MAC should be invalid", i)
*e7b1675dSTing-Kang Chang				}
*e7b1675dSTing-Kang Chang				mac[i] = tmp
*e7b1675dSTing-Kang Chang			}
*e7b1675dSTing-Kang Chang		}
*e7b1675dSTing-Kang Chang	}
*e7b1675dSTing-Kang Chang}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Changfunc TestHMACTruncation(t *testing.T) {
*e7b1675dSTing-Kang Chang	for i, test := range hmacTests {
*e7b1675dSTing-Kang Chang		cipher, err := subtle.NewHMAC(test.hashAlg, test.key, test.tagSize)
*e7b1675dSTing-Kang Chang		if err != nil {
*e7b1675dSTing-Kang Chang			t.Errorf("cannot create new mac in test case %d: %s", i, err)
*e7b1675dSTing-Kang Chang		}
*e7b1675dSTing-Kang Chang		mac, _ := cipher.ComputeMAC(test.data)
*e7b1675dSTing-Kang Chang		for i := 1; i < len(mac); i++ {
*e7b1675dSTing-Kang Chang			tmp := mac[:i]
*e7b1675dSTing-Kang Chang			err := cipher.VerifyMAC(tmp, test.data)
*e7b1675dSTing-Kang Chang			if err == nil {
*e7b1675dSTing-Kang Chang				t.Errorf("test case %d: truncated MAC should be invalid", i)
*e7b1675dSTing-Kang Chang			}
*e7b1675dSTing-Kang Chang		}
*e7b1675dSTing-Kang Chang	}
*e7b1675dSTing-Kang Chang}