diff options
| -rw-r--r-- | src/cryptography/hazmat/primitives/kdf/hkdf.py | 2 | ||||
| -rw-r--r-- | tests/hazmat/primitives/test_hkdf.py | 11 |
2 files changed, 12 insertions, 1 deletions
diff --git a/src/cryptography/hazmat/primitives/kdf/hkdf.py b/src/cryptography/hazmat/primitives/kdf/hkdf.py index f738bbdc..82ed9b1c 100644 --- a/src/cryptography/hazmat/primitives/kdf/hkdf.py +++ b/src/cryptography/hazmat/primitives/kdf/hkdf.py @@ -91,7 +91,7 @@ class HKDFExpand(object): output = [b""] counter = 1 - while (self._algorithm.digest_size // 8) * len(output) < self._length: + while self._algorithm.digest_size * (len(output) - 1) < self._length: h = hmac.HMAC(key_material, self._algorithm, backend=self._backend) h.update(output[-1]) h.update(self._info) diff --git a/tests/hazmat/primitives/test_hkdf.py b/tests/hazmat/primitives/test_hkdf.py index e33529c9..a05fd752 100644 --- a/tests/hazmat/primitives/test_hkdf.py +++ b/tests/hazmat/primitives/test_hkdf.py @@ -142,6 +142,17 @@ class TestHKDF(object): hkdf.verify(b"foo", u"bar") + def test_derive_short_output(self, backend): + hkdf = HKDF( + hashes.SHA256(), + 4, + salt=None, + info=None, + backend=backend + ) + + assert hkdf.derive(b"\x01" * 16) == b"gJ\xfb{" + @pytest.mark.requires_backend_interface(interface=HMACBackend) class TestHKDFExpand(object): |