diff options
author | Nils Durner <durner@gnunet.org> | 2010-06-29 15:58:34 +0000 |
---|---|---|
committer | Nils Durner <durner@gnunet.org> | 2010-06-29 15:58:34 +0000 |
commit | 0bd8cc55c82bedce06f65f52ea446f82427d2c0d (patch) | |
tree | 0b077ae3d52819ad5be412b94f678b71a4e5dcb9 | |
parent | 4b6526cb3b6b9f323b3f9f4020db2f493d286939 (diff) | |
download | gnunet-0bd8cc55c82bedce06f65f52ea446f82427d2c0d.tar.gz gnunet-0bd8cc55c82bedce06f65f52ea446f82427d2c0d.zip |
HKDF (does not work yet)
-rw-r--r-- | src/include/gnunet_crypto_lib.h | 21 | ||||
-rw-r--r-- | src/util/Makefile.am | 7 | ||||
-rw-r--r-- | src/util/crypto_hkdf.c | 192 | ||||
-rw-r--r-- | src/util/test_crypto_hkdf.c | 203 |
4 files changed, 423 insertions, 0 deletions
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index d31dfcfa6..479e0e42d 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h | |||
@@ -512,6 +512,27 @@ int GNUNET_CRYPTO_hash_xorcmp (const GNUNET_HashCode * h1, | |||
512 | 512 | ||
513 | 513 | ||
514 | /** | 514 | /** |
515 | * @brief Derive key | ||
516 | * @param xtr_algo hash algorithm for the extraction phase, GCRY_MD_... | ||
517 | * @param prf_algo hash algorithm for the expansion phase, GCRY_MD_... | ||
518 | * @param xts salt | ||
519 | * @param xts_len length of xts | ||
520 | * @param skm source key material | ||
521 | * @param skm_len length of skm | ||
522 | * @param ctx context info | ||
523 | * @param ctx_len length of ctx | ||
524 | * @param out_len desired length of the derived key | ||
525 | * @param result buffer for the derived key, allocated by caller | ||
526 | * @return GNUNET_YES on success | ||
527 | */ | ||
528 | int | ||
529 | GNUNET_CRYPTO_hkdf (int xtr_algo, int prf_algo, const void *xts, | ||
530 | const size_t xts_len, const void *skm, const size_t skm_len, | ||
531 | const void *ctx, const size_t ctx_len, const unsigned long long out_len, | ||
532 | void *result); | ||
533 | |||
534 | |||
535 | /** | ||
515 | * Create a new private key. Caller must free return value. | 536 | * Create a new private key. Caller must free return value. |
516 | * | 537 | * |
517 | * @return fresh private key | 538 | * @return fresh private key |
diff --git a/src/util/Makefile.am b/src/util/Makefile.am index 9cc402fc5..0b878c673 100644 --- a/src/util/Makefile.am +++ b/src/util/Makefile.am | |||
@@ -40,6 +40,7 @@ libgnunetutil_la_SOURCES = \ | |||
40 | crypto_aes.c \ | 40 | crypto_aes.c \ |
41 | crypto_crc.c \ | 41 | crypto_crc.c \ |
42 | crypto_hash.c \ | 42 | crypto_hash.c \ |
43 | crypto_hkdf.c \ | ||
43 | crypto_ksk.c \ | 44 | crypto_ksk.c \ |
44 | crypto_random.c \ | 45 | crypto_random.c \ |
45 | crypto_rsa.c \ | 46 | crypto_rsa.c \ |
@@ -112,6 +113,7 @@ check_PROGRAMS = \ | |||
112 | test_crypto_aes_weak \ | 113 | test_crypto_aes_weak \ |
113 | test_crypto_crc \ | 114 | test_crypto_crc \ |
114 | test_crypto_hash \ | 115 | test_crypto_hash \ |
116 | # test_crypto_hkdf \ | ||
115 | test_crypto_ksk \ | 117 | test_crypto_ksk \ |
116 | test_crypto_random \ | 118 | test_crypto_random \ |
117 | test_crypto_rsa \ | 119 | test_crypto_rsa \ |
@@ -227,6 +229,11 @@ test_crypto_hash_SOURCES = \ | |||
227 | test_crypto_hash_LDADD = \ | 229 | test_crypto_hash_LDADD = \ |
228 | $(top_builddir)/src/util/libgnunetutil.la | 230 | $(top_builddir)/src/util/libgnunetutil.la |
229 | 231 | ||
232 | test_crypto_hkdf_SOURCES = \ | ||
233 | test_crypto_hkdf.c | ||
234 | test_crypto_hkdf_LDADD = \ | ||
235 | $(top_builddir)/src/util/libgnunetutil.la | ||
236 | |||
230 | test_crypto_ksk_SOURCES = \ | 237 | test_crypto_ksk_SOURCES = \ |
231 | test_crypto_ksk.c | 238 | test_crypto_ksk.c |
232 | test_crypto_ksk_LDADD = \ | 239 | test_crypto_ksk_LDADD = \ |
diff --git a/src/util/crypto_hkdf.c b/src/util/crypto_hkdf.c new file mode 100644 index 000000000..efde3b868 --- /dev/null +++ b/src/util/crypto_hkdf.c | |||
@@ -0,0 +1,192 @@ | |||
1 | /* | ||
2 | Copyright (c) 2010 Nils Durner | ||
3 | |||
4 | Permission is hereby granted, free of charge, to any person obtaining a copy | ||
5 | of this software and associated documentation files (the "Software"), to deal | ||
6 | in the Software without restriction, including without limitation the rights | ||
7 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
8 | copies of the Software, and to permit persons to whom the Software is | ||
9 | furnished to do so, subject to the following conditions: | ||
10 | |||
11 | The above copyright notice and this permission notice shall be included in | ||
12 | all copies or substantial portions of the Software. | ||
13 | |||
14 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
15 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||
16 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||
17 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||
18 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||
19 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN | ||
20 | THE SOFTWARE. | ||
21 | */ | ||
22 | |||
23 | /** | ||
24 | * @file src/util/crypto_hkdf.c | ||
25 | * @brief Hash-based KDF as defined in draft-krawczyk-hkdf-01 | ||
26 | * @see http://tools.ietf.org/html/draft-krawczyk-hkdf-01 | ||
27 | * @author Nils Durner | ||
28 | */ | ||
29 | |||
30 | #include "platform.h" | ||
31 | #include "gnunet_crypto_lib.h" | ||
32 | |||
33 | /** | ||
34 | * @brief Compute the HMAC | ||
35 | * @param mac gcrypt MAC handle | ||
36 | * @param key HMAC key | ||
37 | * @param key_len length of key | ||
38 | * @param buf message to be processed | ||
39 | * @param buf_len length of buf | ||
40 | * @return HMAC, freed by caller via gcry_md_close/_reset | ||
41 | */ | ||
42 | static void * | ||
43 | doHMAC (gcry_md_hd_t mac, const void *key, const size_t key_len, | ||
44 | const void *buf, const size_t buf_len) | ||
45 | { | ||
46 | gcry_md_setkey (mac, key, key_len); | ||
47 | gcry_md_write (mac, buf, buf_len); | ||
48 | |||
49 | return (void *) gcry_md_read (mac, 0); | ||
50 | } | ||
51 | |||
52 | /** | ||
53 | * @brief Generate pseudo-random key | ||
54 | * @param mac gcrypt HMAC handle | ||
55 | * @param xts salt | ||
56 | * @param xts_len length of the salt | ||
57 | * @param skm source key material | ||
58 | * @param skm_len length of skm | ||
59 | * @param prk result buffer (allocated by caller; at least gcry_md_dlen() bytes) | ||
60 | * @return GNUNET_YES on success | ||
61 | */ | ||
62 | static int | ||
63 | getPRK (gcry_md_hd_t mac, const void *xts, const unsigned long long xts_len, | ||
64 | const void *skm, const unsigned long long skm_len, void *prk) | ||
65 | { | ||
66 | void *ret; | ||
67 | |||
68 | ret = doHMAC (mac, xts, xts_len, skm, skm_len); | ||
69 | if (ret == NULL) | ||
70 | return GNUNET_SYSERR; | ||
71 | memcpy (prk, ret, gcry_md_get_algo_dlen (gcry_md_get_algo (mac))); | ||
72 | |||
73 | return GNUNET_YES; | ||
74 | } | ||
75 | |||
76 | static void dump(void *p, unsigned int l) | ||
77 | { | ||
78 | unsigned int i; | ||
79 | |||
80 | printf("\n"); | ||
81 | for (i = 0; i < l; i++) | ||
82 | { | ||
83 | printf("%2x", ((char *) p)[i]); | ||
84 | } | ||
85 | printf("\n"); | ||
86 | } | ||
87 | |||
88 | /** | ||
89 | * @brief Derive key | ||
90 | * @param xtr_algo hash algorithm for the extraction phase, GCRY_MD_... | ||
91 | * @param prf_algo hash algorithm for the expansion phase, GCRY_MD_... | ||
92 | * @param xts salt | ||
93 | * @param xts_len length of xts | ||
94 | * @param skm source key material | ||
95 | * @param skm_len length of skm | ||
96 | * @param ctx context info | ||
97 | * @param ctx_len length of ctx | ||
98 | * @param out_len desired length of the derived key | ||
99 | * @param result buffer for the derived key, allocated by caller | ||
100 | * @return GNUNET_YES on success | ||
101 | */ | ||
102 | int | ||
103 | GNUNET_CRYPTO_hkdf (int xtr_algo, int prf_algo, const void *xts, | ||
104 | const size_t xts_len, const void *skm, const size_t skm_len, | ||
105 | const void *ctx, const size_t ctx_len, const unsigned long long out_len, | ||
106 | void *result) | ||
107 | { | ||
108 | void *prk, *hc, *plain; | ||
109 | unsigned long long plain_len; | ||
110 | unsigned long i, t, d; | ||
111 | unsigned int k, xtr_len; | ||
112 | int ret; | ||
113 | gcry_md_hd_t xtr, prf; | ||
114 | |||
115 | prk = plain = NULL; | ||
116 | xtr_len = gcry_md_get_algo_dlen (xtr_algo); | ||
117 | k = gcry_md_get_algo_dlen (prf_algo); | ||
118 | gcry_md_open(&xtr, xtr_algo, GCRY_MD_FLAG_HMAC); | ||
119 | gcry_md_open(&prf, prf_algo, GCRY_MD_FLAG_HMAC); | ||
120 | |||
121 | if (out_len > (2 ^ 32 * k) || !xtr_algo || !prf_algo) | ||
122 | return GNUNET_SYSERR; | ||
123 | |||
124 | prk = GNUNET_malloc (xtr_len); | ||
125 | |||
126 | memset (result, 0, out_len); | ||
127 | gcry_md_reset (xtr); | ||
128 | if (getPRK (xtr, xts, xts_len, skm, skm_len, prk) | ||
129 | != GNUNET_YES) | ||
130 | goto hkdf_error; | ||
131 | dump(prk, xtr_len); | ||
132 | |||
133 | /* K(1) */ | ||
134 | plain_len = k + ctx_len + 4; | ||
135 | plain = GNUNET_malloc (plain_len); | ||
136 | memset (plain, 0, k); | ||
137 | memcpy (plain + k, ctx, ctx_len); | ||
138 | t = out_len / k; | ||
139 | if (t > 0) | ||
140 | { | ||
141 | memset (plain + k + ctx_len, 0, 4); | ||
142 | gcry_md_reset (prf); | ||
143 | hc = doHMAC (prf, prk, k, plain, plain_len); | ||
144 | if (hc == NULL) | ||
145 | goto hkdf_error; | ||
146 | memcpy (result, hc, k); | ||
147 | result += k; | ||
148 | } | ||
149 | |||
150 | /* K(i+1) */ | ||
151 | for (i = 1; i < t; i++) | ||
152 | { | ||
153 | memcpy (plain, result - k, k); | ||
154 | memcpy (plain + k + ctx_len, &i, 4); | ||
155 | gcry_md_reset (prf); | ||
156 | hc = doHMAC (prf, prk, k, plain, plain_len); | ||
157 | if (hc == NULL) | ||
158 | goto hkdf_error; | ||
159 | memcpy (result, hc, k); | ||
160 | result += k; | ||
161 | } | ||
162 | |||
163 | /* K(t):d */ | ||
164 | d = out_len % k; | ||
165 | if (d > 0) | ||
166 | { | ||
167 | if (t > 0) | ||
168 | memcpy (plain, result - k, k); | ||
169 | memcpy (plain + k + ctx_len, &i, 4); | ||
170 | gcry_md_reset (prf); | ||
171 | hc = doHMAC (prf, prk, k, plain, plain_len); | ||
172 | if (hc == NULL) | ||
173 | goto hkdf_error; | ||
174 | memcpy (result, hc, d); | ||
175 | } | ||
176 | |||
177 | ret = GNUNET_YES; | ||
178 | goto hkdf_ok; | ||
179 | |||
180 | hkdf_error: | ||
181 | ret = GNUNET_SYSERR; | ||
182 | hkdf_ok: | ||
183 | GNUNET_free (prk); | ||
184 | GNUNET_free_non_null (plain); | ||
185 | gcry_md_close (prf); | ||
186 | gcry_md_close (xtr); | ||
187 | |||
188 | return ret; | ||
189 | } | ||
190 | |||
191 | |||
192 | /* end of crypto_hkdf.c */ | ||
diff --git a/src/util/test_crypto_hkdf.c b/src/util/test_crypto_hkdf.c new file mode 100644 index 000000000..d0078202d --- /dev/null +++ b/src/util/test_crypto_hkdf.c | |||
@@ -0,0 +1,203 @@ | |||
1 | /* | ||
2 | Copyright (c) 2010 Nils Durner | ||
3 | |||
4 | Permission is hereby granted, free of charge, to any person obtaining a copy | ||
5 | of this software and associated documentation files (the "Software"), to deal | ||
6 | in the Software without restriction, including without limitation the rights | ||
7 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
8 | copies of the Software, and to permit persons to whom the Software is | ||
9 | furnished to do so, subject to the following conditions: | ||
10 | |||
11 | The above copyright notice and this permission notice shall be included in | ||
12 | all copies or substantial portions of the Software. | ||
13 | |||
14 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
15 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||
16 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||
17 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||
18 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||
19 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN | ||
20 | THE SOFTWARE. | ||
21 | */ | ||
22 | |||
23 | /** | ||
24 | * @file src/util/test_crypt_hkdf.c | ||
25 | * @brief Testcases for HKDF | ||
26 | * @author Nils Durner | ||
27 | */ | ||
28 | |||
29 | #include "platform.h" | ||
30 | #include "gnunet_crypto_lib.h" | ||
31 | |||
32 | void | ||
33 | tc1 () | ||
34 | { | ||
35 | char ikm[22] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, | ||
36 | 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; | ||
37 | char salt[13] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, | ||
38 | 0x0a, 0x0b, 0x0c }; | ||
39 | char | ||
40 | info[10] = { 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9 }; | ||
41 | char okm[42] = { 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, 0x90, 0x43, | ||
42 | 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a, 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, | ||
43 | 0x5a, 0x4c, 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf, 0x34, 0x00, | ||
44 | 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, 0x58, 0x65 }; | ||
45 | char result[44]; | ||
46 | int l = 42; | ||
47 | |||
48 | GNUNET_assert (GNUNET_CRYPTO_hkdf(GCRY_MD_SHA256, GCRY_MD_SHA256, salt, sizeof(salt), ikm, sizeof(ikm), info, sizeof(info), | ||
49 | l, result) == GNUNET_YES); | ||
50 | GNUNET_assert (memcmp(result, okm, l) == 0); | ||
51 | GNUNET_assert (memcmp(result + l, "\0", 2) == 0); | ||
52 | } | ||
53 | |||
54 | void | ||
55 | tc2 () | ||
56 | { | ||
57 | char ikm[80] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, | ||
58 | 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, | ||
59 | 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, | ||
60 | 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, | ||
61 | 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, | ||
62 | 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, | ||
63 | 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f }; | ||
64 | char salt[80] = { 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, | ||
65 | 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, | ||
66 | 0x76, 0x77, 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, | ||
67 | 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, | ||
68 | 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, | ||
69 | 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, | ||
70 | 0xa6, 0xa7, 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf }; | ||
71 | char info[80] = { 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, | ||
72 | 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, | ||
73 | 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, | ||
74 | 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, | ||
75 | 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, | ||
76 | 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, | ||
77 | 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff }; | ||
78 | char okm[82] = { 0xb1, 0x1e, 0x39, 0x8d, 0xc8, 0x03, 0x27, 0xa1, 0xc8, 0xe7, | ||
79 | 0xf7, 0x8c, 0x59, 0x6a, 0x49, 0x34, 0x4f, 0x01, 0x2e, 0xda, 0x2d, 0x4e, | ||
80 | 0xfa, 0xd8, 0xa0, 0x50, 0xcc, 0x4c, 0x19, 0xaf, 0xa9, 0x7c, 0x59, 0x04, | ||
81 | 0x5a, 0x99, 0xca, 0xc7, 0x82, 0x72, 0x71, 0xcb, 0x41, 0xc6, 0x5e, 0x59, | ||
82 | 0x0e, 0x09, 0xda, 0x32, 0x75, 0x60, 0x0c, 0x2f, 0x09, 0xb8, 0x36, 0x77, | ||
83 | 0x93, 0xa9, 0xac, 0xa3, 0xdb, 0x71, 0xcc, 0x30, 0xc5, 0x81, 0x79, 0xec, | ||
84 | 0x3e, 0x87, 0xc1, 0x4c, 0x01, 0xd5, 0xc1, 0xf3, 0x43, 0x4f, 0x1d, 0x87 }; | ||
85 | char result[84]; | ||
86 | int l = 82; | ||
87 | |||
88 | GNUNET_assert (GNUNET_CRYPTO_hkdf(GCRY_MD_SHA256, GCRY_MD_SHA256, salt, sizeof(salt), ikm, sizeof(ikm), info, sizeof(info), | ||
89 | l, result) == GNUNET_YES); | ||
90 | GNUNET_assert (memcmp(result, okm, l) == 0); | ||
91 | GNUNET_assert (memcmp(result + l, "\0", 2) == 0); | ||
92 | } | ||
93 | |||
94 | void | ||
95 | tc3 () | ||
96 | { | ||
97 | char ikm[80] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, | ||
98 | 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; | ||
99 | char okm[42] = { 0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f, 0x71, 0x5f, | ||
100 | 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31, 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, | ||
101 | 0x87, 0x9e, 0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d, 0x9d, 0x20, | ||
102 | 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a, 0x96, 0xc8 }; | ||
103 | char result[44]; | ||
104 | int l = 42; | ||
105 | |||
106 | GNUNET_assert (GNUNET_CRYPTO_hkdf(GCRY_MD_SHA256, GCRY_MD_SHA256, NULL, 0, ikm, sizeof(ikm), NULL, 0, | ||
107 | l, result) == GNUNET_YES); | ||
108 | GNUNET_assert (memcmp(result, okm, l) == 0); | ||
109 | GNUNET_assert (memcmp(result + l, "\0", 2) == 0); | ||
110 | } | ||
111 | |||
112 | void | ||
113 | tc4 () | ||
114 | { | ||
115 | char ikm[11] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, | ||
116 | 0x0b }; | ||
117 | char salt[13] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, | ||
118 | 0x0a, 0x0b, 0x0c }; | ||
119 | char | ||
120 | info[10] = { 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9 }; | ||
121 | char okm[42] = { 0x08, 0x5a, 0x01, 0xea, 0x1b, 0x10, 0xf3, 0x69, 0x33, 0x06, | ||
122 | 0x8b, 0x56, 0xef, 0xa5, 0xad, 0x81, 0xa4, 0xf1, 0x4b, 0x82, 0x2f, 0x5b, | ||
123 | 0x09, 0x15, 0x68, 0xa9, 0xcd, 0xd4, 0xf1, 0x55, 0xfd, 0xa2, 0xc2, 0x2e, | ||
124 | 0x42, 0x24, 0x78, 0xd3, 0x05, 0xf3, 0xf8, 0x96 }; | ||
125 | char result[84]; | ||
126 | int l = 42; | ||
127 | |||
128 | GNUNET_assert (GNUNET_CRYPTO_hkdf(GCRY_MD_SHA1, GCRY_MD_SHA1, salt, sizeof(salt), ikm, sizeof(ikm), info, sizeof(info), | ||
129 | l, result) == GNUNET_YES); | ||
130 | GNUNET_assert (memcmp(result, okm, l) == 0); | ||
131 | GNUNET_assert (memcmp(result + l, "\0", 2) == 0); | ||
132 | } | ||
133 | |||
134 | void | ||
135 | tc5 () | ||
136 | { | ||
137 | char ikm[80] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, | ||
138 | 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, | ||
139 | 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, | ||
140 | 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, | ||
141 | 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, | ||
142 | 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, | ||
143 | 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f }; | ||
144 | char salt[80] = { 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, | ||
145 | 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, | ||
146 | 0x76, 0x77, 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, | ||
147 | 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, | ||
148 | 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, | ||
149 | 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, | ||
150 | 0xa6, 0xa7, 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf }; | ||
151 | char info[80] = { 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, | ||
152 | 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, | ||
153 | 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, | ||
154 | 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, | ||
155 | 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, | ||
156 | 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, | ||
157 | 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff }; | ||
158 | char okm[82] = { 0x0b, 0xd7, 0x70, 0xa7, 0x4d, 0x11, 0x60, 0xf7, 0xc9, 0xf1, | ||
159 | 0x2c, 0xd5, 0x91, 0x2a, 0x06, 0xeb, 0xff, 0x6a, 0xdc, 0xae, 0x89, 0x9d, | ||
160 | 0x92, 0x19, 0x1f, 0xe4, 0x30, 0x56, 0x73, 0xba, 0x2f, 0xfe, 0x8f, 0xa3, | ||
161 | 0xf1, 0xa4, 0xe5, 0xad, 0x79, 0xf3, 0xf3, 0x34, 0xb3, 0xb2, 0x02, 0xb2, | ||
162 | 0x17, 0x3c, 0x48, 0x6e, 0xa3, 0x7c, 0xe3, 0xd3, 0x97, 0xed, 0x03, 0x4c, | ||
163 | 0x7f, 0x9d, 0xfe, 0xb1, 0x5c, 0x5e, 0x92, 0x73, 0x36, 0xd0, 0x44, 0x1f, | ||
164 | 0x4c, 0x43, 0x00, 0xe2, 0xcf, 0xf0, 0xd0, 0x90, 0x0b, 0x52, 0xd3, 0xb4 }; | ||
165 | char result[84]; | ||
166 | int l = 82; | ||
167 | |||
168 | GNUNET_assert (GNUNET_CRYPTO_hkdf(GCRY_MD_SHA1, GCRY_MD_SHA1, salt, sizeof(salt), ikm, sizeof(ikm), info, sizeof(info), | ||
169 | l, result) == GNUNET_YES); | ||
170 | GNUNET_assert (memcmp(result, okm, l) == 0); | ||
171 | GNUNET_assert (memcmp(result + l, "\0", 2) == 0); | ||
172 | } | ||
173 | |||
174 | void | ||
175 | tc6 () | ||
176 | { | ||
177 | char ikm[22] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, | ||
178 | 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; | ||
179 | char okm[82] = { 0x0a, 0xc1, 0xaf, 0x70, 0x02, 0xb3, 0xd7, 0x61, 0xd1, 0xe5, | ||
180 | 0x52, 0x98, 0xda, 0x9d, 0x05, 0x06, 0xb9, 0xae, 0x52, 0x05, 0x72, 0x20, | ||
181 | 0xa3, 0x06, 0xe0, 0x7b, 0x6b, 0x87, 0xe8, 0xdf, 0x21, 0xd0, 0xea, 0x00, | ||
182 | 0x03, 0x3d, 0xe0, 0x39, 0x84, 0xd3, 0x49, 0x18 }; | ||
183 | char result[84]; | ||
184 | int l = 82; | ||
185 | |||
186 | GNUNET_assert (GNUNET_CRYPTO_hkdf(GCRY_MD_SHA1, GCRY_MD_SHA1, NULL, 0, ikm, sizeof(ikm), NULL, 0, | ||
187 | l, result) == GNUNET_YES); | ||
188 | GNUNET_assert (memcmp(result, okm, l) == 0); | ||
189 | GNUNET_assert (memcmp(result + l, "\0", 2) == 0); | ||
190 | } | ||
191 | |||
192 | int | ||
193 | main () | ||
194 | { | ||
195 | GNUNET_log_setup ("test-crypto-hkdf", "WARNING", NULL); | ||
196 | tc1(); | ||
197 | tc2(); | ||
198 | tc3(); | ||
199 | tc4(); | ||
200 | tc5(); | ||
201 | tc6(); | ||
202 | return 0; | ||
203 | } | ||