add more tests

th4s · th4s · commit eeaa7e544a6a · 2025-03-27T13:25:13.000+01:00
diff --git a/crates/components/hmac-sha256/Cargo.toml b/crates/components/hmac-sha256/Cargo.toml
@@ -33,6 +33,7 @@ criterion = { workspace = true, features = ["async_tokio"] }
 tokio = { workspace = true, features = ["macros", "rt", "rt-multi-thread"] }
 rand = { workspace = true }
 hex = { workspace = true }
+ring = { workspace = true }
 
 [[bench]]
 name = "prf"
diff --git a/crates/components/hmac-sha256/src/lib.rs b/crates/components/hmac-sha256/src/lib.rs
@@ -62,16 +62,18 @@ mod tests {
         memory::{binary::U8, Array, MemoryExt, ViewExt},
         Execute,
     };
+    use rand::{rngs::StdRng, Rng, SeedableRng};
 
     #[tokio::test]
     async fn test_prf() {
+        let mut rng = StdRng::seed_from_u64(1);
         // Test input
-        let pms = [42_u8; 32];
-        let client_random = [69_u8; 32];
-        let server_random: [u8; 32] = [96_u8; 32];
+        let pms: [u8; 32] = rng.random();
+        let client_random: [u8; 32] = rng.random();
+        let server_random: [u8; 32] = rng.random();
 
-        let cf_hs_hash = [1_u8; 32];
-        let sf_hs_hash = [2_u8; 32];
+        let cf_hs_hash: [u8; 32] = rng.random();
+        let sf_hs_hash: [u8; 32] = rng.random();
 
         // Expected output
         let ms_expected = prf_ms(pms, client_random, server_random);
@@ -238,4 +240,7 @@ mod tests {
         assert_eq!(sf_vd_leader, sf_vd_follower);
         assert_eq!(sf_vd_leader, sf_vd_expected);
     }
+
+    #[test]
+    fn test_reference_prf() {}
 }
diff --git a/crates/components/hmac-sha256/src/test_utils.rs b/crates/components/hmac-sha256/src/test_utils.rs
@@ -2,7 +2,7 @@ use crate::{convert_to_bytes, sha256::sha256};
 use mpz_garble::protocol::semihonest::{Evaluator, Garbler};
 use mpz_ot::ideal::cot::{ideal_cot, IdealCOTReceiver, IdealCOTSender};
 use mpz_vm_core::memory::correlated::Delta;
-use rand::{rngs::StdRng, SeedableRng};
+use rand::{rngs::StdRng, Rng, SeedableRng};
 
 pub(crate) const SHA256_IV: [u32; 8] = [
     0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19,
@@ -139,3 +139,123 @@ pub(crate) fn compress_256(mut state: [u32; 8], msg: &[u8]) -> [u32; 8] {
     buffer.digest_blocks(msg, |b| compress256(&mut state, b));
     state
 }
+
+// Borrowed from Rustls for testing
+// https://github.com/rustls/rustls/blob/main/rustls/src/tls12/prf.rs
+mod ring_prf {
+    use ring::{hmac, hmac::HMAC_SHA256};
+
+    fn concat_sign(key: &hmac::Key, a: &[u8], b: &[u8]) -> hmac::Tag {
+        let mut ctx = hmac::Context::with_key(key);
+        ctx.update(a);
+        ctx.update(b);
+        ctx.sign()
+    }
+
+    fn p(out: &mut [u8], secret: &[u8], seed: &[u8]) {
+        let hmac_key = hmac::Key::new(HMAC_SHA256, secret);
+
+        // A(1)
+        let mut current_a = hmac::sign(&hmac_key, seed);
+        let chunk_size = HMAC_SHA256.digest_algorithm().output_len();
+        for chunk in out.chunks_mut(chunk_size) {
+            // P_hash[i] = HMAC_hash(secret, A(i) + seed)
+            let p_term = concat_sign(&hmac_key, current_a.as_ref(), seed);
+            chunk.copy_from_slice(&p_term.as_ref()[..chunk.len()]);
+
+            // A(i+1) = HMAC_hash(secret, A(i))
+            current_a = hmac::sign(&hmac_key, current_a.as_ref());
+        }
+    }
+
+    fn concat(a: &[u8], b: &[u8]) -> Vec<u8> {
+        let mut ret = Vec::new();
+        ret.extend_from_slice(a);
+        ret.extend_from_slice(b);
+        ret
+    }
+
+    pub(crate) fn prf(out: &mut [u8], secret: &[u8], label: &[u8], seed: &[u8]) {
+        let joined_seed = concat(label, seed);
+        p(out, secret, &joined_seed);
+    }
+}
+
+#[test]
+fn test_prf_reference_ms() {
+    use ring_prf::prf as prf_ref;
+
+    let mut rng = StdRng::from_seed([1; 32]);
+
+    let pms: [u8; 32] = rng.random();
+    let label: &[u8] = b"master secret";
+    let client_random: [u8; 32] = rng.random();
+    let server_random: [u8; 32] = rng.random();
+    let mut seed = Vec::from(client_random);
+    seed.extend_from_slice(&server_random);
+
+    let ms = prf_ms(pms, client_random, server_random);
+
+    let mut expected_ms: [u8; 48] = [0; 48];
+    prf_ref(&mut expected_ms, &pms, label, &seed);
+
+    assert_eq!(ms, expected_ms);
+}
+
+#[test]
+fn test_prf_reference_ke() {
+    use ring_prf::prf as prf_ref;
+
+    let mut rng = StdRng::from_seed([2; 32]);
+
+    let ms: [u8; 48] = rng.random();
+    let label: &[u8] = b"key expansion";
+    let client_random: [u8; 32] = rng.random();
+    let server_random: [u8; 32] = rng.random();
+    let mut seed = Vec::from(server_random);
+    seed.extend_from_slice(&client_random);
+
+    let keys = prf_keys(ms, client_random, server_random);
+    let keys: Vec<u8> = keys.into_iter().flatten().collect();
+
+    let mut expected_keys: [u8; 40] = [0; 40];
+    prf_ref(&mut expected_keys, &ms, label, &seed);
+
+    assert_eq!(keys, expected_keys);
+}
+
+#[test]
+fn test_prf_reference_cf() {
+    use ring_prf::prf as prf_ref;
+
+    let mut rng = StdRng::from_seed([3; 32]);
+
+    let ms: [u8; 48] = rng.random();
+    let label: &[u8] = b"client finished";
+    let handshake_hash: [u8; 32] = rng.random();
+
+    let cf_vd = prf_cf_vd(ms, handshake_hash);
+
+    let mut expected_cf_vd: [u8; 12] = [0; 12];
+    prf_ref(&mut expected_cf_vd, &ms, label, &handshake_hash);
+
+    assert_eq!(cf_vd, expected_cf_vd);
+}
+
+#[test]
+fn test_prf_reference_sf() {
+    use ring_prf::prf as prf_ref;
+
+    let mut rng = StdRng::from_seed([4; 32]);
+
+    let ms: [u8; 48] = rng.random();
+    let label: &[u8] = b"server finished";
+    let handshake_hash: [u8; 32] = rng.random();
+
+    let sf_vd = prf_sf_vd(ms, handshake_hash);
+
+    let mut expected_sf_vd: [u8; 12] = [0; 12];
+    prf_ref(&mut expected_sf_vd, &ms, label, &handshake_hash);
+
+    assert_eq!(sf_vd, expected_sf_vd);
+}
