Skip to content

Commit 2fd0511

Browse files
committed
Add some basic NIST SP 800 108 specs
1 parent 11818c2 commit 2fd0511

File tree

1 file changed

+52
-0
lines changed

1 file changed

+52
-0
lines changed
Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
require 'spec_helper'
2+
require 'rex/crypto/key_derivation/nist_sp_800_108'
3+
4+
RSpec.describe Rex::Crypto::KeyDerivation::NIST_SP_800_108 do
5+
describe '.counter' do
6+
let(:secret) { [ '000102030405060708090A0B0C0D0E0F' ].pack('H*') }
7+
let(:prf) { RSpec::Mocks::Double.new('prf') }
8+
let(:length) { 32 }
9+
let(:label) { "RSpec Test Label\0" }
10+
let(:context) { "RSpec Test Context\0" }
11+
12+
it 'builds the context block correctly for the prf' do
13+
info = [ 1 ].pack('L>') + label + "\x00".b + context + [ length * 8 ].pack('L>')
14+
expect(prf).to receive(:call).with(info).and_return(OpenSSL::HMAC.digest('SHA256', secret, info))
15+
described_class.counter(length, prf, label: label, context: context)
16+
end
17+
end
18+
19+
describe '.counter_hmac' do
20+
let(:secret) { [ '000102030405060708090A0B0C0D0E0F' ].pack('H*') }
21+
let(:length) { 32 }
22+
let(:label) { "RSpec Test Label\0" }
23+
let(:context) { "RSpec Test Context\0" }
24+
25+
context 'when the algorithm is invalid' do
26+
let(:algorithm) { 'InvalidAlgorithm' }
27+
28+
it 'raises an error' do
29+
expect { described_class.counter_hmac(secret, length, algorithm, label: label, context: context) }.to raise_error(RuntimeError, /digest algorithm/)
30+
end
31+
end
32+
33+
context 'when the algorithm is SHA256' do
34+
let(:algorithm) { 'SHA256' }
35+
before(:each) { expect(OpenSSL::HMAC).to receive(:digest).at_least(:once).with(algorithm, secret, anything).and_call_original }
36+
before(:each) { expect(described_class).to receive(:counter).with(length, anything, context: context, label: label, keys: instance_of(Integer)).and_call_original }
37+
38+
it 'uses SHA256 to calculate 1 key' do
39+
keys = described_class.counter_hmac(secret, length, algorithm, label: label, context: context)
40+
expect(keys.length).to eq 1
41+
expect(keys[0]).to eq ['5889a9fe18d9d51b5eb95272088acbe38bd2ea82517f1956b919dc549a945aa0'].pack('H*')
42+
end
43+
44+
it 'uses SHA256 to calculate 2 keys' do
45+
keys = described_class.counter_hmac(secret, length, algorithm, label: label, context: context, keys: 2)
46+
expect(keys.length).to eq 2
47+
expect(keys[0]).to eq ['2060ea190b9ac147ccfbe2c094c49be04dcac80db6d05b1c32c54529caf24d43'].pack('H*')
48+
expect(keys[1]).to eq ['f66a460fc1d03451c1ef669ee10953815460d368668be13301d6314878ed771d'].pack('H*')
49+
end
50+
end
51+
end
52+
end

0 commit comments

Comments
 (0)