hmac.test.cpp

Go to the documentation of this file.

#include "hmac.hpp"
#include <gtest/gtest.h>
 
#include "../hashers/hashers.hpp"
#include "barretenberg/ecc/curves/secp256k1/secp256k1.hpp"
#include "barretenberg/ecc/curves/secp256r1/secp256r1.hpp"
 
#include <array>
#include <cstddef>
#include <stdint.h>
#include <vector>
 
using namespace bb;
using namespace bb::crypto;
 
namespace {
 
std::array<uint8_t, 32> hex_to_bytes(const std::string& hex)
{
    std::array<uint8_t, 32> bytes;
    for (unsigned int i = 0; i < hex.length(); i += 2) {
        std::string byteString = hex.substr(i, 2);
        uint8_t byte = static_cast<uint8_t>(strtol(byteString.c_str(), nullptr, 16));
        bytes[i >> 1] = byte;
    }
    return bytes;
}
 
} // namespace
 
struct TestData {
    std::string key;
    std::string message;
    std::string expected;
};
 
TEST(hmac, ValidateHMAC)
{
    // Test vectors from RFC4231, https://tools.ietf.org/html/rfc4231#section-4
    // Formatted test vectors from https://github.com/h5p9sl/hmac_sha256/blob/master/tests/tests.cpp
    const std::vector<TestData> test_vectors = {
        // Key      Data      HMAC
        {
            "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
            "\x0b\x0b\x0b",
            "\x48\x69\x20\x54\x68\x65\x72\x65",
            "b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7",
        },
        {
            /* Test with a key shorter than the length of the HMAC output. */
            "\x4a\x65\x66\x65",
            "\x77\x68\x61\x74\x20\x64\x6f\x20\x79\x61\x20\x77\x61\x6e\x74\x20\x66"
            "\x6f\x72\x20\x6e\x6f\x74\x68\x69\x6e\x67\x3f",
            "5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843",
        },
        {
            /* Test with a combined length of key and data that is larger than 64
               bytes (= block-size of SHA-224 and SHA-256). */
            "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
            "\xaa\xaa\xaa",
            "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
            "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
            "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd",
            "773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565fe",
        },
        {
            /* Test with a combined length of key and data that is larger than 64
               bytes (= block-size of SHA-224 and SHA-256). */
            "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11"
            "\x12\x13\x14\x15\x16\x17\x18\x19",
            "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
            "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
            "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd",
            "82558a389a443c0ea4cc819899f2083a85f0faa3e578f8077a2e3ff46729665b",
        },
        {
            /* Test with a key larger than 128 bytes (= block-size of SHA-384 and
               SHA-512). */
            "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
            "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
            "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
            "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
            "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
            "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
            "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
            "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
            "\x54\x65\x73\x74\x20\x55\x73\x69\x6e\x67\x20\x4c\x61\x72\x67\x65\x72"
            "\x20\x54\x68\x61\x6e\x20\x42\x6c\x6f\x63\x6b\x2d\x53\x69\x7a\x65\x20"
            "\x4b\x65\x79\x20\x2d\x20\x48\x61\x73\x68\x20\x4b\x65\x79\x20\x46\x69"
            "\x72\x73\x74",
            "60e431591ee0b67f0d8a26aacbf5b77f8e0bc6213728c5140546040f0ee37f54",
        },
        {
            /* Test with a key and data that is larger than 128 bytes (=
               block-size of SHA-384 and SHA-512). */
            "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
            "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
            "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
            "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
            "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
            "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
            "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
            "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
            "\x54\x68\x69\x73\x20\x69\x73\x20\x61\x20\x74\x65\x73\x74\x20\x75\x73"
            "\x69\x6e\x67\x20\x61\x20\x6c\x61\x72\x67\x65\x72\x20\x74\x68\x61\x6e"
            "\x20\x62\x6c\x6f\x63\x6b\x2d\x73\x69\x7a\x65\x20\x6b\x65\x79\x20\x61"
            "\x6e\x64\x20\x61\x20\x6c\x61\x72\x67\x65\x72\x20\x74\x68\x61\x6e\x20"
            "\x62\x6c\x6f\x63\x6b\x2d\x73\x69\x7a\x65\x20\x64\x61\x74\x61\x2e\x20"
            "\x54\x68\x65\x20\x6b\x65\x79\x20\x6e\x65\x65\x64\x73\x20\x74\x6f\x20"
            "\x62\x65\x20\x68\x61\x73\x68\x65\x64\x20\x62\x65\x66\x6f\x72\x65\x20"
            "\x62\x65\x69\x6e\x67\x20\x75\x73\x65\x64\x20\x62\x79\x20\x74\x68\x65"
            "\x20\x48\x4d\x41\x43\x20\x61\x6c\x67\x6f\x72\x69\x74\x68\x6d\x2e",
            "9b09ffa71b942fcb27635fbcd5b0e944bfdc63644f0713938a7f51535c3a35e2",
        }
    };
 
    for (const auto& [key_string, message, expected] : test_vectors) {
        std::array<uint8_t, 32> result = hmac<Sha256Hasher>(message, key_string);
 
        EXPECT_EQ(result, hex_to_bytes(expected));
    }
}
 
TEST(NonceDerivation, ValidateRFC6979K1)
{
    // Test vectors from
    // https://crypto.stackexchange.com/questions/20838/request-for-data-to-test-deterministic-ecdsa-signature-algorithm-for-secp256k1?utm_source=chatgpt.com
    using Fr = bb::secp256k1::fr;
    using G1 = bb::secp256k1::g1;
    using AffineElement = G1::affine_element;
 
    {
        std::string message = "Absence makes the heart grow fonder.";
        Fr key = Fr::one();
        Fr expected_x_coordinate = Fr("0xAFFF580595971B8C1700E77069D73602AEF4C2A760DBD697881423DFFF845DE8");
 
        std::array<uint8_t, 32> key_buffer;
        Fr::serialize_to_buffer(key, &key_buffer[0]);
 
        Fr result = deterministic_nonce_rfc6979<Sha256Hasher, Fr>(message, key_buffer);
        AffineElement R = G1::one * result;
 
        EXPECT_EQ(static_cast<uint512_t>(R.x), static_cast<uint512_t>(expected_x_coordinate));
    }
 
    {
        std::string message = "Absence makes the heart grow fonder.";
        Fr key = Fr("0x4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a");
        Fr expected_x_coordinate = Fr("0x996D79FBA54B24E9394FC5FAB6BF94D173F3752645075DE6E32574FE08625F77");
 
        std::array<uint8_t, 32> key_buffer;
        Fr::serialize_to_buffer(key, &key_buffer[0]);
 
        Fr result = deterministic_nonce_rfc6979<Sha256Hasher, Fr>(message, key_buffer);
        AffineElement R = G1::one * result;
 
        EXPECT_EQ(static_cast<uint512_t>(R.x), static_cast<uint512_t>(expected_x_coordinate));
    }
}
 
TEST(NonceDerivation, ValidateRFC6979R1)
{
    // Test vectors from https://www.rfc-editor.org/rfc/rfc6979.html#appendix-A
    using Fr = bb::secp256r1::fr;
 
    {
        std::string message = "sample";
        Fr key = Fr("0xC9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721");
        Fr expected = Fr("0xA6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60");
 
        std::array<uint8_t, 32> key_buffer;
        Fr::serialize_to_buffer(key, &key_buffer[0]);
 
        Fr result = deterministic_nonce_rfc6979<Sha256Hasher, Fr>(message, key_buffer);
 
        EXPECT_EQ(result, expected);
    }
 
    {
        std::string message = "test";
        Fr key = Fr("0xC9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721");
        Fr expected = Fr("0xD16B6AE827F17175E040871A1C7EC3500192C4C92677336EC2537ACAEE0008E0");
 
        std::array<uint8_t, 32> key_buffer;
        Fr::serialize_to_buffer(key, &key_buffer[0]);
 
        Fr result = deterministic_nonce_rfc6979<Sha256Hasher, Fr>(message, key_buffer);
 
        EXPECT_EQ(result, expected);
    }
}