implement hkdf.

lib/bcoin/utils.js

@@ -516,7 +516,7 @@ utils.decipher = function decipher(data, key, iv) {
  */
 
 utils._pbkdf2 = function pbkdf2(key, salt, iter, len, alg) {
-  var size = utils.hash(alg, '').length;
+  var size = utils.hash(alg, new Buffer(0)).length;
   var blocks = Math.ceil(len / size);
   var out = new Buffer(blocks * size);
   var buf = new Buffer(salt.length + 4);
@@ -542,6 +542,58 @@ utils._pbkdf2 = function pbkdf2(key, salt, iter, len, alg) {
   return out.slice(0, len);
 };
 
+/**
+ * Perform hkdf extraction.
+ * @param {Buffer} ikm
+ * @param {Buffer} salt
+ * @param {String} alg
+ * @returns {Buffer}
+ */
+
+utils.hkdfExtract = function hkdfExtract(ikm, salt, alg) {
+  return utils.hmac(alg, ikm, salt);
+};
+
+/**
+ * Perform hkdf expansion.
+ * @param {Buffer} prk
+ * @param {Buffer} info
+ * @param {Number} len
+ * @param {String} alg
+ * @returns {Buffer}
+ */
+
+utils.hkdfExpand = function hkdfExpand(prk, info, len, alg) {
+  var size = utils.hash(alg, new Buffer(0)).length;
+  var blocks = Math.ceil(len / size);
+  var i, okm, buf, out;
+
+  if (blocks > 255)
+    throw new Error('Too many blocks.');
+
+  okm = new Buffer(0);
+
+  if (blocks === 0)
+    return okm;
+
+  buf = new Buffer(size + info.length + 1);
+
+  // First round:
+  info.copy(buf, size);
+  buf[buf.length - 1] = 1;
+  out = utils.hmac(alg, buf.slice(size), prk);
+  okm = out;
+
+  for (i = 1; i < blocks; i++) {
+    out.copy(buf, 0);
+    buf[buf.length - 1]++;
+    out = utils.hmac(alg, buf, prk);
+    okm = Buffer.concat([okm, out]);
+  }
+
+  return okm.slice(0, len);
+};
+
 /**
  * Test whether a string is hex. Note that this
  * _could_ yield a false positive on base58

test/utils-test.js

@@ -208,4 +208,68 @@ describe('Utils', function() {
       }
     });
   });
+
+  it('should do proper hkdf', function() {
+    // https://tools.ietf.org/html/rfc5869
+    var hash = 'sha256';
+    var ikm = '0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b';
+    var salt = '000102030405060708090a0b0c';
+    var info = 'f0f1f2f3f4f5f6f7f8f9';
+    var len = 42;
+
+    var prkE = '077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5';
+    var okmE = '3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865';
+
+    ikm = new Buffer(ikm, 'hex');
+    salt = new Buffer(salt, 'hex');
+    info = new Buffer(info, 'hex');
+
+    var prk = utils.hkdfExtract(ikm, salt, 'sha256');
+    var okm = utils.hkdfExpand(prk, info, len, 'sha256');
+
+    assert.equal(prk.toString('hex'), prkE);
+    assert.equal(okm.toString('hex'), okmE);
+
+    var hash = 'sha256';
+
+    var ikm = '000102030405060708090a0b0c0d0e0f'
+      + '101112131415161718191a1b1c1d1e1f'
+      + '202122232425262728292a2b2c2d2e2f'
+      + '303132333435363738393a3b3c3d3e3f'
+      + '404142434445464748494a4b4c4d4e4f';
+
+    var salt = '606162636465666768696a6b6c6d6e6f'
+      + '707172737475767778797a7b7c7d7e7f'
+      + '808182838485868788898a8b8c8d8e8f'
+      + '909192939495969798999a9b9c9d9e9f'
+      + 'a0a1a2a3a4a5a6a7a8a9aaabacadaeaf';
+
+    var info = 'b0b1b2b3b4b5b6b7b8b9babbbcbdbebf'
+      + 'c0c1c2c3c4c5c6c7c8c9cacbcccdcecf'
+      + 'd0d1d2d3d4d5d6d7d8d9dadbdcdddedf'
+      + 'e0e1e2e3e4e5e6e7e8e9eaebecedeeef'
+      + 'f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff';
+
+    var len = 82;
+
+    var prkE = '06a6b88c5853361a06104c9ceb35b45c'
+      + 'ef760014904671014a193f40c15fc244';
+
+    var okmE = 'b11e398dc80327a1c8e7f78c596a4934'
+      + '4f012eda2d4efad8a050cc4c19afa97c'
+      + '59045a99cac7827271cb41c65e590e09'
+      + 'da3275600c2f09b8367793a9aca3db71'
+      + 'cc30c58179ec3e87c14c01d5c1f3434f'
+      + '1d87';
+
+    ikm = new Buffer(ikm, 'hex');
+    salt = new Buffer(salt, 'hex');
+    info = new Buffer(info, 'hex');
+
+    var prk = utils.hkdfExtract(ikm, salt, 'sha256');
+    var okm = utils.hkdfExpand(prk, info, len, 'sha256');
+
+    assert.equal(prk.toString('hex'), prkE);
+    assert.equal(okm.toString('hex'), okmE);
+  });
 });