tests: Refactor HMAC test runner

orion-rs · Jan 25, 2020 · 287c8fb · 287c8fb
1 parent 4dba7d6
commit 287c8fb
Show file tree

Hide file tree

Showing 5 changed files with 44 additions and 71 deletions.
diff --git a/tests/kdf/mod.rs b/tests/kdf/mod.rs
@@ -28,4 +28,4 @@ pub fn hkdf_test_runner(
 	} else {
 		assert!(verify(expected_okm, salt, ikm, Some(&info), &mut okm_out).is_err());
 	}
-}
+}
diff --git a/tests/mac/mod.rs b/tests/mac/mod.rs
@@ -7,58 +7,41 @@ pub mod wycheproof_hmac_sha512;
 extern crate orion;
 
 use self::{
+	orion::hazardous::hash::sha512::SHA512_OUTSIZE,
 	orion::hazardous::mac::{hmac, poly1305},
 	poly1305::{OneTimeKey, Tag},
 };
 
-fn hmac_test_runner(secret_key: &[u8], data: &[u8], expected: &[u8], trunc: Option<usize>) {
-	let key = hmac::SecretKey::from_slice(secret_key).unwrap();
-	let mut mac = hmac::Hmac::new(&key);
-	mac.update(data).unwrap();
-
-	let res = mac.finalize().unwrap();
-	let len = match trunc {
-		Some(length) => length,
-		None => 64,
-	};
-
-	let one_shot = hmac::Hmac::hmac(&key, data).unwrap();
-
-	assert_eq!(
-		res.unprotected_as_bytes()[..len].as_ref(),
-		expected[..len].as_ref()
-	);
-	assert_eq!(
-		one_shot.unprotected_as_bytes()[..len].as_ref(),
-		expected[..len].as_ref()
-	);
-}
-
-fn wycheproof_hmac_test_runner(
+fn hmac_test_runner(
+	expected: &[u8],
 	secret_key: &[u8],
 	data: &[u8],
-	expected: &[u8],
-	len_bits: usize,
-	result: bool,
+	len_bytes: Option<usize>,
+	valid_result: bool,
 ) {
-	let key = hmac::SecretKey::from_slice(secret_key).unwrap();
-	let mut ctx = hmac::Hmac::new(&key);
-	ctx.update(data).unwrap();
-	let actual = ctx.finalize().unwrap();
+	let len = match len_bytes {
+		Some(length) => length,
+		None => SHA512_OUTSIZE,
+	};
 
-	let len = len_bits / 8;
+	let key = hmac::SecretKey::from_slice(secret_key).unwrap();
 
-	if result {
-		if len == 64 {
-			let expected_tag = hmac::Tag::from_slice(expected).unwrap();
-			assert!(hmac::Hmac::verify(&expected_tag, &key, data).is_ok());
+	// Only use verify() on SHA512_OUTSIZE length tags since this is
+	// the amount that Tag requires.
+	if len == SHA512_OUTSIZE {
+		let expected_tag = hmac::Tag::from_slice(expected).unwrap();
+		let res = hmac::Hmac::verify(&expected_tag, &key, data);
+		if valid_result {
+			assert!(res.is_ok());
 		} else {
-			assert_eq!(expected, actual.unprotected_as_bytes()[..len].as_ref());
+			assert!(res.is_err());
 		}
 	} else {
-		if len == 64 {
-			let expected_tag = hmac::Tag::from_slice(expected).unwrap();
-			assert!(hmac::Hmac::verify(&expected_tag, &key, data).is_err());
+		let mut ctx = hmac::Hmac::new(&key);
+		ctx.update(data).unwrap();
+		let actual = ctx.finalize().unwrap();
+		if valid_result {
+			assert_eq!(expected, actual.unprotected_as_bytes()[..len].as_ref());
 		} else {
 			assert_ne!(expected, actual.unprotected_as_bytes()[..len].as_ref());
 		}

diff --git a/tests/mac/nist_cavp_hmac.rs b/tests/mac/nist_cavp_hmac.rs
@@ -760,10 +760,11 @@ fn test_nist_cavp() {
 ];
 	for test_case in test_vectors.iter() {
 		hmac_test_runner(
+			&decode(test_case[2]).unwrap(),
 			&decode(test_case[0]).unwrap(),
 			&decode(test_case[1]).unwrap(),
-			&decode(test_case[2]).unwrap(),
 			Some(test_case[3].parse::<usize>().unwrap()),
+			true,
 		);
 	}
 }
diff --git a/tests/mac/rfc_hmac.rs b/tests/mac/rfc_hmac.rs
@@ -11,27 +11,26 @@ mod rfc4231 {
 	fn test_case_1() {
 		let secret_key = decode("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b").unwrap();
 		let data = "Hi There".as_bytes().to_vec();
-		let expected_hmac_512 = decode(
+		let expected = decode(
 			"87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cde\
 			 daa833b7d6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a126854",
 		)
 		.unwrap();
 
-		hmac_test_runner(&secret_key, &data, &expected_hmac_512, None);
+		hmac_test_runner(&expected, &secret_key, &data, None, true);
 	}
 
 	#[test]
 	fn test_case_2() {
 		let secret_key = "Jefe".as_bytes().to_vec();
 		let data = "what do ya want for nothing?".as_bytes().to_vec();
-
-		let expected_hmac_512 = decode(
+		let expected = decode(
 			"164b7a7bfcf819e2e395fbe73b56e0a387bd64222e831fd610270cd7ea250554\
 			 9758bf75c05a994a6d034f65f8f0e6fdcaeab1a34d4a6b4b636e070a38bce737",
 		)
 		.unwrap();
 
-		hmac_test_runner(&secret_key, &data, &expected_hmac_512, None);
+		hmac_test_runner(&expected, &secret_key, &data, None, true);
 	}
 
 	#[test]
@@ -42,14 +41,13 @@ mod rfc4231 {
 			 dddddddddddddddddddddddddddddddddddd",
 		)
 		.unwrap();
-
-		let expected_hmac_512 = decode(
+		let expected = decode(
 			"fa73b0089d56a284efb0f0756c890be9b1b5dbdd8ee81a3655f83e33b2279d39\
 			 bf3e848279a722c806b485a47e67c807b946a337bee8942674278859e13292fb",
 		)
 		.unwrap();
 
-		hmac_test_runner(&secret_key, &data, &expected_hmac_512, None);
+		hmac_test_runner(&expected, &secret_key, &data, None, true);
 	}
 
 	#[test]
@@ -60,29 +58,22 @@ mod rfc4231 {
 			 cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd",
 		)
 		.unwrap();
-
-		let expected_hmac_512 = decode(
+		let expected = decode(
 			"b0ba465637458c6990e5a8c5f61d4af7e576d97ff94b872de76f8050361ee3db\
 			 a91ca5c11aa25eb4d679275cc5788063a5f19741120c4f2de2adebeb10a298dd",
 		)
 		.unwrap();
 
-		hmac_test_runner(&secret_key, &data, &expected_hmac_512, None);
+		hmac_test_runner(&expected, &secret_key, &data, None, true);
 	}
 
 	#[test]
 	fn test_case_5() {
 		let secret_key = decode("0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c").unwrap();
 		let data = decode("546573742057697468205472756e636174696f6e").unwrap();
+		let expected = decode("415fad6271580a531d4179bc891d87a6").unwrap();
 
-		let expected_hmac_512 = decode("415fad6271580a531d4179bc891d87a6").unwrap();
-
-		hmac_test_runner(
-			&secret_key,
-			&data,
-			&expected_hmac_512,
-			Some(expected_hmac_512.len()),
-		);
+		hmac_test_runner(&expected, &secret_key, &data, Some(expected.len()), true);
 	}
 
 	#[test]
@@ -100,14 +91,13 @@ mod rfc4231 {
 			 65204b6579202d2048617368204b6579204669727374",
 		)
 		.unwrap();
-
-		let expected_hmac_512 = decode(
+		let expected = decode(
 			"80b24263c7c1a3ebb71493c1dd7be8b49b46d1f41b4aeec1121b013783f8f352\
 			 6b56d037e05f2598bd0fd2215d6a1e5295e64f73f63f0aec8b915a985d786598",
 		)
 		.unwrap();
 
-		hmac_test_runner(&secret_key, &data, &expected_hmac_512, None);
+		hmac_test_runner(&expected, &secret_key, &data, None, true);
 	}
 
 	#[test]
@@ -128,13 +118,12 @@ mod rfc4231 {
 			 642062792074686520484d414320616c676f726974686d2e",
 		)
 		.unwrap();
-
-		let expected_hmac_512 = decode(
+		let expected = decode(
 			"e37b6a775dc87dbaa4dfa9f96e5e3ffddebd71f8867289865df5a32d20cdc944\
 			 b6022cac3c4982b10d5eeb55c3e4de15134676fb6de0446065c97440fa8c6a58",
 		)
 		.unwrap();
 
-		hmac_test_runner(&secret_key, &data, &expected_hmac_512, None);
+		hmac_test_runner(&expected, &secret_key, &data, None, true);
 	}
 }
diff --git a/tests/mac/wycheproof_hmac_sha512.rs b/tests/mac/wycheproof_hmac_sha512.rs
@@ -6,7 +6,7 @@ extern crate serde_json;
 use self::hex::decode;
 
 use self::serde_json::{Deserializer, Value};
-use crate::mac::wycheproof_hmac_test_runner;
+use crate::mac::hmac_test_runner;
 use std::{fs::File, io::BufReader};
 
 fn wycheproof_runner(path: &str) {
@@ -36,11 +36,11 @@ fn wycheproof_runner(path: &str) {
 							let tcid = test_case.get("tcId").unwrap().as_u64().unwrap();
 							println!("tcId: {}, len: {}", tcid, tag_len);
 
-							wycheproof_hmac_test_runner(
+							hmac_test_runner(
+								&tag[..],
 								&key[..],
 								&msg[..],
-								&tag[..],
-								tag_len as usize,
+								Some(tag_len as usize / 8), // Wychproof sets tag length in bits, we need bytes
 								result,
 							);
 						}
-Original file line number
+Diff line change
@@ Expand Up / @@ -28,4 +28,4 @@ pub fn hkdf_test_runner( @@
     	} else {
     		assert!(verify(expected_okm, salt, ikm, Some(&info), &mut okm_out).is_err());
     	}
-    }
+    }