diff --git a/lib/bcoin/utils.js b/lib/bcoin/utils.js index 0f2f3f7b..f1bc7df3 100644 --- a/lib/bcoin/utils.js +++ b/lib/bcoin/utils.js @@ -516,7 +516,7 @@ utils.decipher = function decipher(data, key, iv) { */ utils._pbkdf2 = function pbkdf2(key, salt, iter, len, alg) { - var size = utils.hash(alg, '').length; + var size = utils.hash(alg, new Buffer(0)).length; var blocks = Math.ceil(len / size); var out = new Buffer(blocks * size); var buf = new Buffer(salt.length + 4); @@ -542,6 +542,58 @@ utils._pbkdf2 = function pbkdf2(key, salt, iter, len, alg) { return out.slice(0, len); }; +/** + * Perform hkdf extraction. + * @param {Buffer} ikm + * @param {Buffer} salt + * @param {String} alg + * @returns {Buffer} + */ + +utils.hkdfExtract = function hkdfExtract(ikm, salt, alg) { + return utils.hmac(alg, ikm, salt); +}; + +/** + * Perform hkdf expansion. + * @param {Buffer} prk + * @param {Buffer} info + * @param {Number} len + * @param {String} alg + * @returns {Buffer} + */ + +utils.hkdfExpand = function hkdfExpand(prk, info, len, alg) { + var size = utils.hash(alg, new Buffer(0)).length; + var blocks = Math.ceil(len / size); + var i, okm, buf, out; + + if (blocks > 255) + throw new Error('Too many blocks.'); + + okm = new Buffer(0); + + if (blocks === 0) + return okm; + + buf = new Buffer(size + info.length + 1); + + // First round: + info.copy(buf, size); + buf[buf.length - 1] = 1; + out = utils.hmac(alg, buf.slice(size), prk); + okm = out; + + for (i = 1; i < blocks; i++) { + out.copy(buf, 0); + buf[buf.length - 1]++; + out = utils.hmac(alg, buf, prk); + okm = Buffer.concat([okm, out]); + } + + return okm.slice(0, len); +}; + /** * Test whether a string is hex. Note that this * _could_ yield a false positive on base58 diff --git a/test/utils-test.js b/test/utils-test.js index 542e4a48..41164c6a 100644 --- a/test/utils-test.js +++ b/test/utils-test.js @@ -208,4 +208,68 @@ describe('Utils', function() { } }); }); + + it('should do proper hkdf', function() { + // https://tools.ietf.org/html/rfc5869 + var hash = 'sha256'; + var ikm = '0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b'; + var salt = '000102030405060708090a0b0c'; + var info = 'f0f1f2f3f4f5f6f7f8f9'; + var len = 42; + + var prkE = '077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5'; + var okmE = '3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865'; + + ikm = new Buffer(ikm, 'hex'); + salt = new Buffer(salt, 'hex'); + info = new Buffer(info, 'hex'); + + var prk = utils.hkdfExtract(ikm, salt, 'sha256'); + var okm = utils.hkdfExpand(prk, info, len, 'sha256'); + + assert.equal(prk.toString('hex'), prkE); + assert.equal(okm.toString('hex'), okmE); + + var hash = 'sha256'; + + var ikm = '000102030405060708090a0b0c0d0e0f' + + '101112131415161718191a1b1c1d1e1f' + + '202122232425262728292a2b2c2d2e2f' + + '303132333435363738393a3b3c3d3e3f' + + '404142434445464748494a4b4c4d4e4f'; + + var salt = '606162636465666768696a6b6c6d6e6f' + + '707172737475767778797a7b7c7d7e7f' + + '808182838485868788898a8b8c8d8e8f' + + '909192939495969798999a9b9c9d9e9f' + + 'a0a1a2a3a4a5a6a7a8a9aaabacadaeaf'; + + var info = 'b0b1b2b3b4b5b6b7b8b9babbbcbdbebf' + + 'c0c1c2c3c4c5c6c7c8c9cacbcccdcecf' + + 'd0d1d2d3d4d5d6d7d8d9dadbdcdddedf' + + 'e0e1e2e3e4e5e6e7e8e9eaebecedeeef' + + 'f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff'; + + var len = 82; + + var prkE = '06a6b88c5853361a06104c9ceb35b45c' + + 'ef760014904671014a193f40c15fc244'; + + var okmE = 'b11e398dc80327a1c8e7f78c596a4934' + + '4f012eda2d4efad8a050cc4c19afa97c' + + '59045a99cac7827271cb41c65e590e09' + + 'da3275600c2f09b8367793a9aca3db71' + + 'cc30c58179ec3e87c14c01d5c1f3434f' + + '1d87'; + + ikm = new Buffer(ikm, 'hex'); + salt = new Buffer(salt, 'hex'); + info = new Buffer(info, 'hex'); + + var prk = utils.hkdfExtract(ikm, salt, 'sha256'); + var okm = utils.hkdfExpand(prk, info, len, 'sha256'); + + assert.equal(prk.toString('hex'), prkE); + assert.equal(okm.toString('hex'), okmE); + }); });