go/prf/subtle/hkdf_test.go - third_party/tink - Git at Google

 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //
 ////////////////////////////////////////////////////////////////////////////////

 package subtle

 import (
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
 	"os"
 	"strings"
 	"testing"
 )

 type rfc5869test struct {
 	hash        string
 	key         string
 	salt        string
 	info        string
 	ouputLength uint32
 	okm         string
 }

 func TestVectorsRFC5869(t *testing.T) {
 	// Test vectors from RFC 5869.
 	testvectors := []*rfc5869test{
 		&rfc5869test{
 			hash:        "SHA256",
 			key:         "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
 			salt:        "000102030405060708090a0b0c",
 			info:        "f0f1f2f3f4f5f6f7f8f9",
 			ouputLength: 42,
 			okm:         "3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865",
 		},
 		&rfc5869test{
 			hash:        "SHA256",
 			key:         "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f",
 			salt:        "606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf",
 			info:        "b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
 			ouputLength: 82,
 			okm:         "b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87",
 		},
 		&rfc5869test{
 			hash:        "SHA256",
 			key:         "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
 			salt:        "",
 			info:        "",
 			ouputLength: 42,
 			okm:         "8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8",
 		},
 		&rfc5869test{
 			hash:        "SHA1",
 			key:         "0b0b0b0b0b0b0b0b0b0b0b",
 			salt:        "000102030405060708090a0b0c",
 			info:        "f0f1f2f3f4f5f6f7f8f9",
 			ouputLength: 42,
 			okm:         "085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896",
 		},
 		&rfc5869test{
 			hash:        "SHA1",
 			key:         "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f",
 			salt:        "606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf",
 			info:        "b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
 			ouputLength: 82,
 			okm:         "0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4",
 		},
 		&rfc5869test{
 			hash:        "SHA1",
 			key:         "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
 			salt:        "",
 			info:        "",
 			ouputLength: 42,
 			okm:         "0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918",
 		},
 		&rfc5869test{
 			hash:        "SHA1",
 			key:         "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
 			salt:        "",
 			info:        "",
 			ouputLength: 42,
 			okm:         "2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48",
 		},
 	}
 	for _, v := range testvectors {
 		key, err := hex.DecodeString(v.key)
 		if err != nil {
 			t.Errorf("Could not decode key: %v", err)
 		}
 		salt, err := hex.DecodeString(v.salt)
 		if err != nil {
 			t.Errorf("Could not decode salt: %v", err)
 		}
 		info, err := hex.DecodeString(v.info)
 		if err != nil {
 			t.Errorf("Could not decode info: %v", err)
 		}
 		p, err := NewHKDFPRF(v.hash, key, salt)
 		if err != nil {
 			t.Errorf("Could not create HKDF object: %v", err)
 		}
 		output, err := p.ComputePRF(info, v.ouputLength)
 		if err != nil {
 			t.Errorf("Error computing HKDF: %v", err)
 		}
 		if hex.EncodeToString(output) != v.okm {
 			t.Errorf("Computation and test vector differ. Computation: %q, Test Vector %q", hex.EncodeToString(output), v.okm)
 		}
 	}
 }

 type hkdftestdata struct {
 	Algorithm        string
 	GeneratorVersion string
 	NumberOfTests    uint32
 	TestGroups       []*hkdftestgroup
 }

 type hkdftestgroup struct {
 	KeySize uint32
 	Type    string
 	Tests   []*hkdftestcase
 }

 type hkdftestcase struct {
 	TcID    uint32
 	Comment string
 	IKM     string
 	Salt    string
 	Info    string
 	Size    uint32
 	OKM     string
 	Result  string
 }

 func TestVectorsHKDFWycheproof(t *testing.T) {
 	for _, hash := range []string{"SHA1", "SHA256", "SHA512"} {
 		f, err := os.Open(fmt.Sprintf(os.Getenv("TEST_SRCDIR") + "/wycheproof/testvectors/hkdf_%s_test.json", strings.ToLower(hash)))
 		if err != nil {
 			t.Fatalf("cannot open file: %s, make sure that github.com/google/wycheproof is in your gopath", err)
 		}
 		parser := json.NewDecoder(f)
 		data := new(hkdftestdata)
 		if err := parser.Decode(data); err != nil {
 			t.Fatalf("cannot decode test data: %s", err)
 		}

 		for _, g := range data.TestGroups {
 			for _, tc := range g.Tests {
 				ikm, err := hex.DecodeString(tc.IKM)
 				if err != nil || uint32(len(ikm))*8 != g.KeySize {
 					t.Errorf("Could not decode key for test case %d (%s): %v", tc.TcID, tc.Comment, err)
 					continue
 				}
 				salt, err := hex.DecodeString(tc.Salt)
 				if err != nil {
 					t.Errorf("Could not decode salt for test case %d (%s): %v", tc.TcID, tc.Comment, err)
 					continue
 				}
 				info, err := hex.DecodeString(tc.Info)
 				if err != nil {
 					t.Errorf("Could not decode salt for test case %d (%s): %v", tc.TcID, tc.Comment, err)
 					continue
 				}
 				hkdfPRF, err := NewHKDFPRF(hash, ikm, salt)
 				valid := tc.Result == "valid"
 				if valid && err != nil {
 					t.Errorf("Could not create HKDF %s PRF for test case %d (%s): %v", hash, tc.TcID, tc.Comment, err)
 					continue
 				}
 				if !valid && err != nil {
 					continue
 				}
 				res, err := hkdfPRF.ComputePRF(info, tc.Size)
 				if valid && err != nil {
 					t.Errorf("Could not compute HKDF %s PRF for test case %d (%s): %v", hash, tc.TcID, tc.Comment, err)
 					continue
 				}
 				if !valid && err != nil {
 					continue
 				}
 				if valid && hex.EncodeToString(res) != tc.OKM {
 					t.Errorf("Compute HKDF %s PRF and expected for test case %d (%s) do not match:\nComputed: %q\nExpected: %q", hash, tc.TcID, tc.Comment, hex.EncodeToString(res), tc.OKM)
 				}
 				if !valid && hex.EncodeToString(res) == tc.OKM {
 					t.Errorf("Compute HKDF %s PRF and invalid expected for test case %d (%s) match:\nComputed: %q\nExpected: %q", hash, tc.TcID, tc.Comment, hex.EncodeToString(res), tc.OKM)
 				}
 			}
 		}
 	}
 }

 func TestHKDFPRFHash(t *testing.T) {
 	if _, err := NewHKDFPRF("SHA256", []byte{
 		0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
 		0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10}, []byte{}); err != nil {
 		t.Errorf("Expected NewHKDFPRF to work with SHA256: %v", err)
 	}
 	if _, err := NewHKDFPRF("SHA512", []byte{
 		0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
 		0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10}, []byte{}); err != nil {
 		t.Errorf("Expected NewHKDFPRF to work with SHA512: %v", err)
 	}
 	if _, err := NewHKDFPRF("SHA1", []byte{
 		0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
 		0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10}, []byte{}); err != nil {
 		t.Errorf("Expected NewHKDFPRF to work with SHA1: %v", err)
 	}
 	if _, err := NewHKDFPRF("md5", []byte{
 		0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
 		0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10}, []byte{}); err == nil {
 		t.Errorf("Expected NewHKDFPRF to fail with md5")
 	}
 }

 func TestHKDFPRFSalt(t *testing.T) {
 	if _, err := NewHKDFPRF("SHA256", []byte{
 		0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
 		0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10}, nil); err != nil {
 		t.Errorf("Expected NewHKDFPRF to work nil salt: %v", err)
 	}
 	if _, err := NewHKDFPRF("SHA256", []byte{
 		0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
 		0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10}, []byte{}); err != nil {
 		t.Errorf("Expected NewHKDFPRF to work empty salt: %v", err)
 	}
 	if _, err := NewHKDFPRF("SHA256", []byte{
 		0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
 		0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10}, []byte{0xaf, 0xfe, 0xc0, 0xff, 0xee}); err != nil {
 		t.Errorf("Expected NewHKDFPRF to work with salt: %v", err)
 	}
 }

 func TestHKDFPRFOutputLength(t *testing.T) {
 	for hash, length := range map[string]int{"SHA1": 20, "SHA256": 32, "SHA512": 64} {
 		prf, err := NewHKDFPRF(hash, []byte{
 			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
 			0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
 			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
 			0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10}, []byte{})
 		if err != nil {
 			t.Errorf("Expected NewHKDFPRF to work on 32 byte key with hash %s", hash)
 		}
 		for i := 0; i <= length*255; i++ {
 			output, err := prf.ComputePRF([]byte{0x01, 0x02}, uint32(i))
 			if err != nil {
 				t.Errorf("Expected to be able to compute HKDF %s PRF with %d output length", hash, i)
 			}
 			if len(output) != i {
 				t.Errorf("Expected HKDF %s PRF to compute %d bytes, got %d", hash, i, len(output))
 			}
 		}
 		for i := length*255 + 1; i < length*255+100; i++ {
 			_, err := prf.ComputePRF([]byte{0x01, 0x02}, uint32(i))
 			if err == nil {
 				t.Errorf("Expected to not be able to compute HKDF %s PRF with %d output length", hash, i)
 			}
 		}
 	}
 }

 func TestValidateHKDFPRFParams(t *testing.T) {
 	if err := ValidateHKDFPRFParams("SHA256", 32, []byte{}); err != nil {
 		t.Errorf("Unexpected error for valid HKDF PRF params: %v", err)
 	}
 	if err := ValidateHKDFPRFParams("SHA256", 32, nil); err != nil {
 		t.Errorf("Unexpected error for valid HKDF PRF params: %v", err)
 	}
 	if err := ValidateHKDFPRFParams("SHA256", 32, []byte{0xaf, 0xfe, 0xc0, 0xff, 0xee}); err != nil {
 		t.Errorf("Unexpected error for salted valid HKDF PRF params: %v", err)
 	}
 	if err := ValidateHKDFPRFParams("SHA256", 4, []byte{}); err == nil {
 		t.Errorf("Short key size not detected for HKDF PRF params")
 	}
 	if err := ValidateHKDFPRFParams("md5", 32, []byte{}); err == nil {
 		t.Errorf("Weak hash function not detected for HKDF PRF params")
 	}
 	if err := ValidateHKDFPRFParams("SHA1", 32, []byte{}); err == nil {
 		t.Errorf("Weak hash function not detected for HKDF PRF params")
 	}
 }
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.
	//
	////////////////////////////////////////////////////////////////////////////////

	package subtle

	import (
	"encoding/hex"
	"encoding/json"
	"fmt"
	"os"
	"strings"
	"testing"
	)

	type rfc5869test struct {
	hash string
	key string
	salt string
	info string
	ouputLength uint32
	okm string
	}

	func TestVectorsRFC5869(t *testing.T) {
	// Test vectors from RFC 5869.
	testvectors := []*rfc5869test{
	&rfc5869test{
	hash: "SHA256",
	key: "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
	salt: "000102030405060708090a0b0c",
	info: "f0f1f2f3f4f5f6f7f8f9",
	ouputLength: 42,
	okm: "3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865",
	},
	&rfc5869test{
	hash: "SHA256",
	key: "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f",
	salt: "606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf",
	info: "b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
	ouputLength: 82,
	okm: "b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87",
	},
	&rfc5869test{
	hash: "SHA256",
	key: "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
	salt: "",
	info: "",
	ouputLength: 42,
	okm: "8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8",
	},
	&rfc5869test{
	hash: "SHA1",
	key: "0b0b0b0b0b0b0b0b0b0b0b",
	salt: "000102030405060708090a0b0c",
	info: "f0f1f2f3f4f5f6f7f8f9",
	ouputLength: 42,
	okm: "085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896",
	},
	&rfc5869test{
	hash: "SHA1",
	key: "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f",
	salt: "606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf",
	info: "b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
	ouputLength: 82,
	okm: "0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4",
	},
	&rfc5869test{
	hash: "SHA1",
	key: "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
	salt: "",
	info: "",
	ouputLength: 42,
	okm: "0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918",
	},
	&rfc5869test{
	hash: "SHA1",
	key: "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c",
	salt: "",
	info: "",
	ouputLength: 42,
	okm: "2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48",
	},
	}
	for _, v := range testvectors {
	key, err := hex.DecodeString(v.key)
	if err != nil {
	t.Errorf("Could not decode key: %v", err)
	}
	salt, err := hex.DecodeString(v.salt)
	if err != nil {
	t.Errorf("Could not decode salt: %v", err)
	}
	info, err := hex.DecodeString(v.info)
	if err != nil {
	t.Errorf("Could not decode info: %v", err)
	}
	p, err := NewHKDFPRF(v.hash, key, salt)
	if err != nil {
	t.Errorf("Could not create HKDF object: %v", err)
	}
	output, err := p.ComputePRF(info, v.ouputLength)
	if err != nil {
	t.Errorf("Error computing HKDF: %v", err)
	}
	if hex.EncodeToString(output) != v.okm {
	t.Errorf("Computation and test vector differ. Computation: %q, Test Vector %q", hex.EncodeToString(output), v.okm)
	}
	}
	}

	type hkdftestdata struct {
	Algorithm string
	GeneratorVersion string
	NumberOfTests uint32
	TestGroups []*hkdftestgroup
	}

	type hkdftestgroup struct {
	KeySize uint32
	Type string
	Tests []*hkdftestcase
	}

	type hkdftestcase struct {
	TcID uint32
	Comment string
	IKM string
	Salt string
	Info string
	Size uint32
	OKM string
	Result string
	}

	func TestVectorsHKDFWycheproof(t *testing.T) {
	for _, hash := range []string{"SHA1", "SHA256", "SHA512"} {
	f, err := os.Open(fmt.Sprintf(os.Getenv("TEST_SRCDIR") + "/wycheproof/testvectors/hkdf_%s_test.json", strings.ToLower(hash)))
	if err != nil {
	t.Fatalf("cannot open file: %s, make sure that github.com/google/wycheproof is in your gopath", err)
	}
	parser := json.NewDecoder(f)
	data := new(hkdftestdata)
	if err := parser.Decode(data); err != nil {
	t.Fatalf("cannot decode test data: %s", err)
	}

	for _, g := range data.TestGroups {
	for _, tc := range g.Tests {
	ikm, err := hex.DecodeString(tc.IKM)
	if err != nil \|\| uint32(len(ikm))*8 != g.KeySize {
	t.Errorf("Could not decode key for test case %d (%s): %v", tc.TcID, tc.Comment, err)
	continue
	}
	salt, err := hex.DecodeString(tc.Salt)
	if err != nil {
	t.Errorf("Could not decode salt for test case %d (%s): %v", tc.TcID, tc.Comment, err)
	continue
	}
	info, err := hex.DecodeString(tc.Info)
	if err != nil {
	t.Errorf("Could not decode salt for test case %d (%s): %v", tc.TcID, tc.Comment, err)
	continue
	}
	hkdfPRF, err := NewHKDFPRF(hash, ikm, salt)
	valid := tc.Result == "valid"
	if valid && err != nil {
	t.Errorf("Could not create HKDF %s PRF for test case %d (%s): %v", hash, tc.TcID, tc.Comment, err)
	continue
	}
	if !valid && err != nil {
	continue
	}
	res, err := hkdfPRF.ComputePRF(info, tc.Size)
	if valid && err != nil {
	t.Errorf("Could not compute HKDF %s PRF for test case %d (%s): %v", hash, tc.TcID, tc.Comment, err)
	continue
	}
	if !valid && err != nil {
	continue
	}
	if valid && hex.EncodeToString(res) != tc.OKM {
	t.Errorf("Compute HKDF %s PRF and expected for test case %d (%s) do not match:\nComputed: %q\nExpected: %q", hash, tc.TcID, tc.Comment, hex.EncodeToString(res), tc.OKM)
	}
	if !valid && hex.EncodeToString(res) == tc.OKM {
	t.Errorf("Compute HKDF %s PRF and invalid expected for test case %d (%s) match:\nComputed: %q\nExpected: %q", hash, tc.TcID, tc.Comment, hex.EncodeToString(res), tc.OKM)
	}
	}
	}
	}
	}

	func TestHKDFPRFHash(t *testing.T) {
	if _, err := NewHKDFPRF("SHA256", []byte{
	0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
	0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10}, []byte{}); err != nil {
	t.Errorf("Expected NewHKDFPRF to work with SHA256: %v", err)
	}
	if _, err := NewHKDFPRF("SHA512", []byte{
	0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
	0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10}, []byte{}); err != nil {
	t.Errorf("Expected NewHKDFPRF to work with SHA512: %v", err)
	}
	if _, err := NewHKDFPRF("SHA1", []byte{
	0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
	0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10}, []byte{}); err != nil {
	t.Errorf("Expected NewHKDFPRF to work with SHA1: %v", err)
	}
	if _, err := NewHKDFPRF("md5", []byte{
	0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
	0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10}, []byte{}); err == nil {
	t.Errorf("Expected NewHKDFPRF to fail with md5")
	}
	}

	func TestHKDFPRFSalt(t *testing.T) {
	if _, err := NewHKDFPRF("SHA256", []byte{
	0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
	0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10}, nil); err != nil {
	t.Errorf("Expected NewHKDFPRF to work nil salt: %v", err)
	}
	if _, err := NewHKDFPRF("SHA256", []byte{
	0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
	0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10}, []byte{}); err != nil {
	t.Errorf("Expected NewHKDFPRF to work empty salt: %v", err)
	}
	if _, err := NewHKDFPRF("SHA256", []byte{
	0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
	0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10}, []byte{0xaf, 0xfe, 0xc0, 0xff, 0xee}); err != nil {
	t.Errorf("Expected NewHKDFPRF to work with salt: %v", err)
	}
	}

	func TestHKDFPRFOutputLength(t *testing.T) {
	for hash, length := range map[string]int{"SHA1": 20, "SHA256": 32, "SHA512": 64} {
	prf, err := NewHKDFPRF(hash, []byte{
	0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
	0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
	0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
	0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10}, []byte{})
	if err != nil {
	t.Errorf("Expected NewHKDFPRF to work on 32 byte key with hash %s", hash)
	}
	for i := 0; i <= length*255; i++ {
	output, err := prf.ComputePRF([]byte{0x01, 0x02}, uint32(i))
	if err != nil {
	t.Errorf("Expected to be able to compute HKDF %s PRF with %d output length", hash, i)
	}
	if len(output) != i {
	t.Errorf("Expected HKDF %s PRF to compute %d bytes, got %d", hash, i, len(output))
	}
	}
	for i := length255 + 1; i < length255+100; i++ {
	_, err := prf.ComputePRF([]byte{0x01, 0x02}, uint32(i))
	if err == nil {
	t.Errorf("Expected to not be able to compute HKDF %s PRF with %d output length", hash, i)
	}
	}
	}
	}

	func TestValidateHKDFPRFParams(t *testing.T) {
	if err := ValidateHKDFPRFParams("SHA256", 32, []byte{}); err != nil {
	t.Errorf("Unexpected error for valid HKDF PRF params: %v", err)
	}
	if err := ValidateHKDFPRFParams("SHA256", 32, nil); err != nil {
	t.Errorf("Unexpected error for valid HKDF PRF params: %v", err)
	}
	if err := ValidateHKDFPRFParams("SHA256", 32, []byte{0xaf, 0xfe, 0xc0, 0xff, 0xee}); err != nil {
	t.Errorf("Unexpected error for salted valid HKDF PRF params: %v", err)
	}
	if err := ValidateHKDFPRFParams("SHA256", 4, []byte{}); err == nil {
	t.Errorf("Short key size not detected for HKDF PRF params")
	}
	if err := ValidateHKDFPRFParams("md5", 32, []byte{}); err == nil {
	t.Errorf("Weak hash function not detected for HKDF PRF params")
	}
	if err := ValidateHKDFPRFParams("SHA1", 32, []byte{}); err == nil {
	t.Errorf("Weak hash function not detected for HKDF PRF params")
	}
	}