mjc-gh/hkdf.rb

## hkdf.rb
require 'openssl'

def hkdf(digest_klass, length, ikm, salt, info)
  prk    = OpenSSL::HMAC.digest(digest_klass.new, salt, ikm)
  okm, t = '', ''

  (length.to_f / digest_klass.new.length).ceil.times do |index|
    t = OpenSSL::HMAC.digest(digest_klass.new, prk, "#{t}#{info}#{(index + 1).chr}")
    okm << t
  end

  okm[0,length]
end

## test_benchmarks.rb
require_relative 'hkdf'
require 'benchmark/ips'

def call_hkdf(digest, length, *args)
  hkdf(digest, length, *args.map { |arg| [arg].pack 'H*' })
end

Benchmark.ips do |x|
  x.report 'SHA1' do
    call_hkdf(
      OpenSSL::Digest::SHA1,
      42,
      '0b0b0b0b0b0b0b0b0b0b0b',
      '000102030405060708090a0b0c',
      'f0f1f2f3f4f5f6f7f8f9')
  end

  x.report 'SHA256' do
    call_hkdf(
      OpenSSL::Digest::SHA256,
      42,
      '0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b',
      '000102030405060708090a0b0c',
      'f0f1f2f3f4f5f6f7f8f9')
  end

  x.report 'SHA512' do
    call_hkdf(
      OpenSSL::Digest::SHA512,
      140,
      '0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b',
      '000102030405060708090a0b0c000102030405060708090a0b0c',
      'f0f1f2f3f4f5f6f7f8f9f0f1f2f3f4f5f6f7f8f9')
  end
end

## test_cases.rb
require_relative 'hkdf'

##
# Test Cases from RFC5869
##

def test_case(msg, digest_klass, length, *raw_args)
  ikm, salt, info, exp_okm = raw_args.map { |arg| [arg].pack 'H*' }

  act_okm = hkdf(digest_klass, length, ikm, salt, info)

  puts msg
  puts "Expected:\t#{exp_okm.inspect}"
  puts "Actual:  \t#{act_okm.inspect}"
  puts "Equal:   \t#{exp_okm == act_okm}"
end

test_case(
  'Test Case #1 - Basic test case with SHA-256',
  OpenSSL::Digest::SHA256,
  42,
  '0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b',
  '000102030405060708090a0b0c',
  'f0f1f2f3f4f5f6f7f8f9',
  '3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865')

puts "\n---\n\n"

test_case(
  'Test Case #2 - Test with SHA-256 and longer inputs/outputs',
  OpenSSL::Digest::SHA256,
  82,
  '000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f',
  '606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf',
  'b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff',
  'b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87')
	require 'openssl'

	def hkdf(digest_klass, length, ikm, salt, info)
	prk = OpenSSL::HMAC.digest(digest_klass.new, salt, ikm)
	okm, t = '', ''

	(length.to_f / digest_klass.new.length).ceil.times do \|index\|
	t = OpenSSL::HMAC.digest(digest_klass.new, prk, "#{t}#{info}#{(index + 1).chr}")
	okm << t
	end

	okm[0,length]
	end
	require_relative 'hkdf'
	require 'benchmark/ips'

	def call_hkdf(digest, length, *args)
	hkdf(digest, length, args.map { \|arg\| [arg].pack 'H' })
	end

	Benchmark.ips do \|x\|
	x.report 'SHA1' do
	call_hkdf(
	OpenSSL::Digest::SHA1,
	42,
	'0b0b0b0b0b0b0b0b0b0b0b',
	'000102030405060708090a0b0c',
	'f0f1f2f3f4f5f6f7f8f9')
	end

	x.report 'SHA256' do
	call_hkdf(
	OpenSSL::Digest::SHA256,
	42,
	'0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b',
	'000102030405060708090a0b0c',
	'f0f1f2f3f4f5f6f7f8f9')
	end

	x.report 'SHA512' do
	call_hkdf(
	OpenSSL::Digest::SHA512,
	140,
	'0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b',
	'000102030405060708090a0b0c000102030405060708090a0b0c',
	'f0f1f2f3f4f5f6f7f8f9f0f1f2f3f4f5f6f7f8f9')
	end
	end
	require_relative 'hkdf'

	##
	# Test Cases from RFC5869
	##

	def test_case(msg, digest_klass, length, *raw_args)
	ikm, salt, info, exp_okm = raw_args.map { \|arg\| [arg].pack 'H*' }

	act_okm = hkdf(digest_klass, length, ikm, salt, info)

	puts msg
	puts "Expected:\t#{exp_okm.inspect}"
	puts "Actual: \t#{act_okm.inspect}"
	puts "Equal: \t#{exp_okm == act_okm}"
	end

	test_case(
	'Test Case #1 - Basic test case with SHA-256',
	OpenSSL::Digest::SHA256,
	42,
	'0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b',
	'000102030405060708090a0b0c',
	'f0f1f2f3f4f5f6f7f8f9',
	'3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865')

	puts "\n---\n\n"

	test_case(
	'Test Case #2 - Test with SHA-256 and longer inputs/outputs',
	OpenSSL::Digest::SHA256,
	82,
	'000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f',
	'606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf',
	'b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff',
	'b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87')