public void Test_Case_2()
{
using (var hmac = new HMACSHA256())
{
byte[] ikm = Generate(@"0x000102030405060708090a0b0c0d0e0f
101112131415161718191a1b1c1d1e1f
202122232425262728292a2b2c2d2e2f
303132333435363738393a3b3c3d3e3f
404142434445464748494a4b4c4d4e4f");
byte[] salt = Generate(@"0x606162636465666768696a6b6c6d6e6f
707172737475767778797a7b7c7d7e7f
808182838485868788898a8b8c8d8e8f
909192939495969798999a9b9c9d9e9f
a0a1a2a3a4a5a6a7a8a9aaabacadaeaf");
byte[] info = Generate(@"0xb0b1b2b3b4b5b6b7b8b9babbbcbdbebf
c0c1c2c3c4c5c6c7c8c9cacbcccdcecf
d0d1d2d3d4d5d6d7d8d9dadbdcdddedf
e0e1e2e3e4e5e6e7e8e9eaebecedeeef
f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff");
int L = 82;
byte[] OKM = Generate(@"0xb11e398dc80327a1c8e7f78c596a4934
4f012eda2d4efad8a050cc4c19afa97c
59045a99cac7827271cb41c65e590e09
da3275600c2f09b8367793a9aca3db71
cc30c58179ec3e87c14c01d5c1f3434f
1d87");
var hkdf = new HKDF(hmac, ikm, salt);
var okm = hkdf.Expand(info, L);
Assert.AreEqual(L, okm.Length);
Assert.AreEqual(Convert.ToBase64String(OKM), Convert.ToBase64String(okm));
}
}
public void Rfc5869ExpandOkmMaxSizePlusOne()
{
byte[] prk = new byte[20];
AssertExtensions.Throws <ArgumentOutOfRangeException>(
"outputLength",
() => HKDF.Expand(HashAlgorithmName.SHA1, prk, 20 * 255 + 1, Array.Empty <byte>()));
}
public void Rfc5869ExpandOutputLengthLessThanZero()
{
byte[] prk = new byte[20];
AssertExtensions.Throws <ArgumentOutOfRangeException>(
"outputLength",
() => HKDF.Expand(HashAlgorithmName.SHA1, prk, -1, Array.Empty <byte>()));
}
public void Rfc5869ExpandOkmPotentiallyOverflowingValue()
{
byte[] prk = new byte[20];
AssertExtensions.Throws <ArgumentOutOfRangeException>(
"outputLength",
() => HKDF.Expand(HashAlgorithmName.SHA1, prk, 8421505, Array.Empty <byte>()));
}
public void Test_Case_5()
{
using (var hmac = new HMACSHA1())
{
byte[] ikm = Generate(@"0x000102030405060708090a0b0c0d0e0f
101112131415161718191a1b1c1d1e1f
202122232425262728292a2b2c2d2e2f
303132333435363738393a3b3c3d3e3f
404142434445464748494a4b4c4d4e4f");
byte[] salt = Generate(@"0x606162636465666768696a6b6c6d6e6f
707172737475767778797a7b7c7d7e7f
808182838485868788898a8b8c8d8e8f
909192939495969798999a9b9c9d9e9f
a0a1a2a3a4a5a6a7a8a9aaabacadaeaf");
byte[] info = Generate(@"0xb0b1b2b3b4b5b6b7b8b9babbbcbdbebf
c0c1c2c3c4c5c6c7c8c9cacbcccdcecf
d0d1d2d3d4d5d6d7d8d9dadbdcdddedf
e0e1e2e3e4e5e6e7e8e9eaebecedeeef
f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff");
int L = 82;
byte[] OKM = Generate(@"0x0bd770a74d1160f7c9f12cd5912a06eb
ff6adcae899d92191fe4305673ba2ffe
8fa3f1a4e5ad79f3f334b3b202b2173c
486ea37ce3d397ed034c7f9dfeb15c5e
927336d0441f4c4300e2cff0d0900b52
d3b4");
var hkdf = new HKDF(hmac, ikm, salt);
var okm = hkdf.Expand(info, L);
Assert.AreEqual(L, okm.Length);
Assert.AreEqual(Convert.ToBase64String(OKM), Convert.ToBase64String(okm));
}
}
public void Rfc5869OkmMaxSizePlusOne()
{
byte[] prk = new byte[20];
byte[] okm = new byte[20 * 255 + 1];
AssertExtensions.Throws <ArgumentException>(
"output",
() => HKDF.Expand(HashAlgorithmName.SHA1, prk, okm, Array.Empty <byte>()));
}
public void Rfc5869OkmMaxSizePotentiallyOverflowingValue()
{
byte[] prk = new byte[20];
byte[] okm = new byte[8421505];
AssertExtensions.Throws <ArgumentException>(
"output",
() => HKDF.Expand(HashAlgorithmName.SHA1, prk, okm, Array.Empty <byte>()));
}
public void Rfc5869ExpandOutputLengthZero()
{
byte[] prk = new byte[20];
byte[] okm = new byte[0];
AssertExtensions.Throws <ArgumentException>(
"output",
() => HKDF.Expand(HashAlgorithmName.SHA1, prk, okm, Array.Empty <byte>()));
}
public Credentials(string email, string password)
{
Email = email;
using (var hmac = new HMACSHA256())
{
Pbkdf2 pbkdf2 = new Pbkdf2(hmac, Encoding.UTF8.GetBytes(password), BinaryHelper.Kwe("quickStretch", email), 1000);
QuickStretchedPW = pbkdf2.GetBytes(32);
HKDF hkdf = new HKDF(hmac, QuickStretchedPW);
AuthPW = hkdf.Expand(BinaryHelper.Kw("authPW"), 32);
UnwrapBKey = hkdf.Expand(BinaryHelper.Kw("unwrapBkey"), 32);
}
using (SHA256 sha256 = new SHA256())
{
byte[] hash = sha256.ComputeHash(UnwrapBKey);
SyncClientState = BinaryHelper.ToHexString(hash.Take(16).ToArray());
}
}
//deriveHawkCredentials
public static byte[] DeriveHawkCredentials(string tokenHex, string context)
{
byte[] token = BinaryHelper.FromHexString(tokenHex);
byte[] info = BinaryHelper.Kw(context);
using (var hmac = new HMACSHA256())
{
HKDF hkdf = new HKDF(hmac, token);
byte[] result = hkdf.Expand(info, 3 * 32);
return(result.Skip(64).ToArray());
}
}
private (byte[], byte[]) DeriveKeyAndNonce(byte[] salt, byte[] authSecret, ECPublicKeyParameters senderPublicKey, ECPublicKeyParameters receiverPublicKey, ECPrivateKeyParameters receiverPrivateKey)
{
var(secret, context) = ExtractSecretAndContext(senderPublicKey, receiverPublicKey, receiverPrivateKey);
secret = HKDF.GetBytes(authSecret, secret, authInfoParameter, SHA_256_LENGTH);
byte[] keyInfo = ByteArray.Concat(keyInfoParameter, context);
byte[] nonceInfo = ByteArray.Concat(nonceInfoParameter, context);
byte[] prk = HKDF.Extract(salt, secret);
return(HKDF.Expand(prk, keyInfo, KEY_LENGTH), HKDF.Expand(prk, nonceInfo, NONCE_LENGTH));
}
public static SyncKeys DeriveKeys(byte[] kB)
{
byte[] info = BinaryHelper.Kw("oldsync");
HMAC hmac = new HMAC("HMACSHA256");
HKDF hkdf = new HKDF(hmac, kB);
byte[] result = hkdf.Expand(info, 2 * 32);
return(new SyncKeys()
{
EncKey = result.Take(32).ToArray(), HmacKey = result.Skip(32).ToArray()
});
}
private static BundleKeys DeriveBundleKeys(byte[] key, string keyInfo)
{
byte[] info = BinaryHelper.Kw(keyInfo);
using (var hmac = new HMACSHA256())
{
HKDF hkdf = new HKDF(hmac, key);
byte[] result = hkdf.Expand(info, 3 * 32);
byte[] hmacKey = result.Take(32).ToArray();
byte[] xorKey = result.Skip(32).ToArray();
return(new BundleKeys(hmacKey, xorKey));
}
}
public void Test_Case_6()
{
using (var hmac = new HMACSHA1())
{
byte[] ikm = Generate("0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
byte[] salt = Generate(string.Empty);
byte[] info = Generate(string.Empty);
int L = 42;
byte[] OKM = Generate(@"0x0ac1af7002b3d761d1e55298da9d0506
b9ae52057220a306e07b6b87e8df21d0
ea00033de03984d34918");
var hkdf = new HKDF(hmac, ikm, salt);
var okm = hkdf.Expand(info, L);
Assert.AreEqual(L, okm.Length);
Assert.AreEqual(Convert.ToBase64String(OKM), Convert.ToBase64String(okm));
}
}
public void Test_Case_3()
{
using (var hmac = new HMACSHA256())
{
byte[] ikm = Generate("0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
byte[] salt = Generate(string.Empty);
byte[] info = Generate(string.Empty);
int L = 42;
byte[] OKM = Generate(@"0x8da4e775a563c18f715f802a063c5a31
b8a11f5c5ee1879ec3454e5f3c738d2d
9d201395faa4b61a96c8");
var hkdf = new HKDF(hmac, ikm, salt);
var okm = hkdf.Expand(info, L);
Assert.AreEqual(L, okm.Length);
Assert.AreEqual(Convert.ToBase64String(OKM), Convert.ToBase64String(okm));
}
}
public void Test_Case_1()
{
using (var hmac = new HMACSHA256())
{
byte[] ikm = Generate("0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
byte[] salt = Generate("0x000102030405060708090a0b0c");
byte[] info = Generate("0xf0f1f2f3f4f5f6f7f8f9");
int L = 42;
byte[] OKM = Generate(@"0x3cb25f25faacd57a90434f64d0362f2a
2d2d0a90cf1a5a4c5db02d56ecc4c5bf
34007208d5b887185865");
var hkdf = new HKDF(hmac, ikm, salt);
var okm = hkdf.Expand(info, L);
Assert.AreEqual(L, okm.Length);
Assert.AreEqual(Convert.ToBase64String(OKM), Convert.ToBase64String(okm));
}
}
public void Test_Case_7()
{
using (var hmac = new HMACSHA1())
{
byte[] ikm = Generate("0x0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c");
byte[] salt = null;
byte[] info = Generate(string.Empty);
int L = 42;
byte[] OKM = Generate(@"0x2c91117204d745f3500d636a62f64f0a
b3bae548aa53d423b0d1f27ebba6f5e5
673a081d70cce7acfc48");
var hkdf = new HKDF(hmac, ikm, salt);
var okm = hkdf.Expand(info, L);
Assert.AreEqual(L, okm.Length);
Assert.AreEqual(Convert.ToBase64String(OKM), Convert.ToBase64String(okm));
}
}
public void Test_Case_4()
{
using (var hmac = new HMACSHA1())
{
byte[] ikm = Generate("0x0b0b0b0b0b0b0b0b0b0b0b");
byte[] salt = Generate("0x000102030405060708090a0b0c");
byte[] info = Generate("0xf0f1f2f3f4f5f6f7f8f9");
int L = 42;
byte[] OKM = Generate(@"0x085a01ea1b10f36933068b56efa5ad81
a4f14b822f5b091568a9cdd4f155fda2
c22e422478d305f3f896");
var hkdf = new HKDF(hmac, ikm, salt);
var okm = hkdf.Expand(info, L);
Assert.AreEqual(L, okm.Length);
Assert.AreEqual(Convert.ToBase64String(OKM), Convert.ToBase64String(okm));
}
}
public void Test_Case_1()
{
using (var hmac = new HMACSHA256())
{
byte[] ikm = Generate("0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
byte[] salt = Generate("0x000102030405060708090a0b0c");
byte[] info = Generate("0xf0f1f2f3f4f5f6f7f8f9");
int L = 42;
byte[] OKM = Generate(@"0x3cb25f25faacd57a90434f64d0362f2a
2d2d0a90cf1a5a4c5db02d56ecc4c5bf
34007208d5b887185865");
var hkdf = new HKDF(hmac, ikm, salt);
var okm = hkdf.Expand(info, L);
Assert.AreEqual(L, okm.Length);
Assert.AreEqual(Convert.ToBase64String(OKM), Convert.ToBase64String(okm));
}
}
[InlineData(10, 20)] // Both offset, output +10 over info
public void Rfc5869ExpandOverlapsOutputOverInfoShortOkm(int infoOffset, int outputOffset)
{
ReadOnlySpan <byte> info = (
"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecf" +
"d0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeef" +
"f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff").HexToByteArray();
ReadOnlySpan <byte> prk =
"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244".HexToByteArray();
byte[] expectedOkm =
"b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c".HexToByteArray();
int length = Math.Max(info.Length, expectedOkm.Length) + Math.Max(infoOffset, outputOffset);
Span <byte> buffer = new byte[length];
Span <byte> infoBuffer = buffer.Slice(infoOffset, info.Length);
Span <byte> outputBuffer = buffer.Slice(outputOffset, expectedOkm.Length);
info.CopyTo(infoBuffer);
HKDF.Expand(HashAlgorithmName.SHA256, prk, output: outputBuffer, info: infoBuffer);
Assert.Equal(expectedOkm, outputBuffer.ToArray());
}
// https://github.com/hueniverse/hawk/blob/master/lib/client.js
// https://github.com/mozilla/fxa-python-client
private AuthenticationHeaderValue GetHawkAuthenticationHeader(HttpMethod method, string requestUri, string jsonPayload, string token, string context, int size)
{
string tokenId;
string reqHMACkey;
using (var hmac = new HMACSHA256())
{
HKDF hkdf = new HKDF(hmac, BinaryHelper.FromHexString(token));
byte[] sessionToken = hkdf.Expand(BinaryHelper.Kw(context), size);
string buffer = BinaryHelper.ToHexString(sessionToken);
tokenId = buffer.Substring(0, 64);
reqHMACkey = buffer.Substring(64, 64);
}
HawkNet.HawkCredential credential =
new HawkNet.HawkCredential()
{
Algorithm = "sha256", Key = reqHMACkey, Id = tokenId
};
return(GetHawkAuthenticationHeader(method, requestUri, jsonPayload, credential));
}
[InlineData(10, 20)] // Both offset, output +10 over prk
public void Rfc5869ExpandOverlapsOutputOverPrk(int prkOffset, int outputOffset)
{
ReadOnlySpan <byte> info = (
"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecf" +
"d0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeef" +
"f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff").HexToByteArray();
ReadOnlySpan <byte> prk =
"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244".HexToByteArray();
byte[] expectedOkm = (
"b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c" +
"59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71" +
"cc30c58179ec3e87c14c01d5c1f3434f1d87").HexToByteArray();
int length = Math.Max(prk.Length, expectedOkm.Length) + Math.Max(prkOffset, outputOffset);
Span <byte> buffer = new byte[length];
Span <byte> prkBuffer = buffer.Slice(prkOffset, prk.Length);
Span <byte> outputBuffer = buffer.Slice(outputOffset, expectedOkm.Length);
prk.CopyTo(prkBuffer);
HKDF.Expand(HashAlgorithmName.SHA256, prkBuffer, output: outputBuffer, info: info);
Assert.Equal(expectedOkm, outputBuffer.ToArray());
}
public void Test_Case_5()
{
using (var hmac = new HMACSHA1())
{
byte[] ikm = Generate(@"0x000102030405060708090a0b0c0d0e0f
101112131415161718191a1b1c1d1e1f
202122232425262728292a2b2c2d2e2f
303132333435363738393a3b3c3d3e3f
404142434445464748494a4b4c4d4e4f");
byte[] salt = Generate(@"0x606162636465666768696a6b6c6d6e6f
707172737475767778797a7b7c7d7e7f
808182838485868788898a8b8c8d8e8f
909192939495969798999a9b9c9d9e9f
a0a1a2a3a4a5a6a7a8a9aaabacadaeaf");
byte[] info = Generate(@"0xb0b1b2b3b4b5b6b7b8b9babbbcbdbebf
c0c1c2c3c4c5c6c7c8c9cacbcccdcecf
d0d1d2d3d4d5d6d7d8d9dadbdcdddedf
e0e1e2e3e4e5e6e7e8e9eaebecedeeef
f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff");
int L = 82;
byte[] OKM = Generate(@"0x0bd770a74d1160f7c9f12cd5912a06eb
ff6adcae899d92191fe4305673ba2ffe
8fa3f1a4e5ad79f3f334b3b202b2173c
486ea37ce3d397ed034c7f9dfeb15c5e
927336d0441f4c4300e2cff0d0900b52
d3b4");
var hkdf = new HKDF(hmac, ikm, salt);
var okm = hkdf.Expand(info, L);
Assert.AreEqual(L, okm.Length);
Assert.AreEqual(Convert.ToBase64String(OKM), Convert.ToBase64String(okm));
}
}
protected override byte[] Expand(HashAlgorithmName hash, byte[] prk, int outputLength, byte[] info)
{
byte[] output = new byte[outputLength];
HKDF.Expand(hash, prk, output, info);
return(output);
}
public void Test_Case_6()
{
using (var hmac = new HMACSHA1())
{
byte[] ikm = Generate("0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
byte[] salt = Generate(string.Empty);
byte[] info = Generate(string.Empty);
int L = 42;
byte[] OKM = Generate(@"0x0ac1af7002b3d761d1e55298da9d0506
b9ae52057220a306e07b6b87e8df21d0
ea00033de03984d34918");
var hkdf = new HKDF(hmac, ikm, salt);
var okm = hkdf.Expand(info, L);
Assert.AreEqual(L, okm.Length);
Assert.AreEqual(Convert.ToBase64String(OKM), Convert.ToBase64String(okm));
}
}
public void Test_Case_7()
{
using (var hmac = new HMACSHA1())
{
byte[] ikm = Generate("0x0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c");
byte[] salt = null;
byte[] info = Generate(string.Empty);
int L = 42;
byte[] OKM = Generate(@"0x2c91117204d745f3500d636a62f64f0a
b3bae548aa53d423b0d1f27ebba6f5e5
673a081d70cce7acfc48");
var hkdf = new HKDF(hmac, ikm, salt);
var okm = hkdf.Expand(info, L);
Assert.AreEqual(L, okm.Length);
Assert.AreEqual(Convert.ToBase64String(OKM), Convert.ToBase64String(okm));
}
}
protected override byte[] Expand(HashAlgorithmName hash, byte[] prk, int outputLength, byte[] info)
{
return(HKDF.Expand(hash, prk, outputLength, info));
}
public void Test_Case_4()
{
using (var hmac = new HMACSHA1())
{
byte[] ikm = Generate("0x0b0b0b0b0b0b0b0b0b0b0b");
byte[] salt = Generate("0x000102030405060708090a0b0c");
byte[] info = Generate("0xf0f1f2f3f4f5f6f7f8f9");
int L = 42;
byte[] OKM = Generate(@"0x085a01ea1b10f36933068b56efa5ad81
a4f14b822f5b091568a9cdd4f155fda2
c22e422478d305f3f896");
var hkdf = new HKDF(hmac, ikm, salt);
var okm = hkdf.Expand(info, L);
Assert.AreEqual(L, okm.Length);
Assert.AreEqual(Convert.ToBase64String(OKM), Convert.ToBase64String(okm));
}
}
public void Test_Case_2()
{
using (var hmac = new HMACSHA256())
{
byte[] ikm = Generate(@"0x000102030405060708090a0b0c0d0e0f
101112131415161718191a1b1c1d1e1f
202122232425262728292a2b2c2d2e2f
303132333435363738393a3b3c3d3e3f
404142434445464748494a4b4c4d4e4f");
byte[] salt = Generate(@"0x606162636465666768696a6b6c6d6e6f
707172737475767778797a7b7c7d7e7f
808182838485868788898a8b8c8d8e8f
909192939495969798999a9b9c9d9e9f
a0a1a2a3a4a5a6a7a8a9aaabacadaeaf");
byte[] info = Generate(@"0xb0b1b2b3b4b5b6b7b8b9babbbcbdbebf
c0c1c2c3c4c5c6c7c8c9cacbcccdcecf
d0d1d2d3d4d5d6d7d8d9dadbdcdddedf
e0e1e2e3e4e5e6e7e8e9eaebecedeeef
f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff");
int L = 82;
byte[] OKM = Generate(@"0xb11e398dc80327a1c8e7f78c596a4934
4f012eda2d4efad8a050cc4c19afa97c
59045a99cac7827271cb41c65e590e09
da3275600c2f09b8367793a9aca3db71
cc30c58179ec3e87c14c01d5c1f3434f
1d87");
var hkdf = new HKDF(hmac, ikm, salt);
var okm = hkdf.Expand(info, L);
Assert.AreEqual(L, okm.Length);
Assert.AreEqual(Convert.ToBase64String(OKM), Convert.ToBase64String(okm));
}
}
public void Test_Case_3()
{
using (var hmac = new HMACSHA256())
{
byte[] ikm = Generate("0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
byte[] salt = Generate(string.Empty);
byte[] info = Generate(string.Empty);
int L = 42;
byte[] OKM = Generate(@"0x8da4e775a563c18f715f802a063c5a31
b8a11f5c5ee1879ec3454e5f3c738d2d
9d201395faa4b61a96c8");
var hkdf = new HKDF(hmac, ikm, salt);
var okm = hkdf.Expand(info, L);
Assert.AreEqual(L, okm.Length);
Assert.AreEqual(Convert.ToBase64String(OKM), Convert.ToBase64String(okm));
}
}