3 files changed, 103 insertions, 27 deletions
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 8a8e71a96..126c599b9 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -527,6 +527,8 @@ int GNUNET_CRYPTO_hash_xorcmp (const GNUNET_HashCode * h1,
 /**
 * @brief Derive key
+ * @param result buffer for the derived key, allocated by caller
+ * @param out_len desired length of the derived key
 * @param xtr_algo hash algorithm for the extraction phase, GCRY_MD_...
 * @param prf_algo hash algorithm for the expansion phase, GCRY_MD_...
 * @param xts salt
@@ -535,15 +537,12 @@ int GNUNET_CRYPTO_hash_xorcmp (const GNUNET_HashCode * h1,
 * @param skm_len length of skm
 * @param ctx context info
 * @param ctx_len length of ctx
- * @param out_len desired length of the derived key
- * @param result buffer for the derived key, allocated by caller
 * @return GNUNET_YES on success
 */
 int
-GNUNET_CRYPTO_hkdf (int xtr_algo, int prf_algo, const void *xts,
+GNUNET_CRYPTO_hkdf (void *result, const unsigned long long out_len,
-    const size_t xts_len, const void *skm, const size_t skm_len,
+    int xtr_algo, int prf_algo, const void *xts, const size_t xts_len,
-    const void *ctx, const size_t ctx_len, const unsigned long long out_len,
+    const void *skm, const size_t skm_len, ...);
-    void *result);
 /**
diff --git a/src/util/crypto_hkdf.c b/src/util/crypto_hkdf.c
index e442aef1c..4415b7551 100644
--- a/src/util/crypto_hkdf.c
+++ b/src/util/crypto_hkdf.c
@@ -93,6 +93,8 @@ static void dump(char *src, void *p, unsigned int l)
 /**
 * @brief Derive key
+ * @param result buffer for the derived key, allocated by caller
+ * @param out_len desired length of the derived key
 * @param xtr_algo hash algorithm for the extraction phase, GCRY_MD_...
 * @param prf_algo hash algorithm for the expansion phase, GCRY_MD_...
 * @param xts salt
@@ -101,15 +103,12 @@ static void dump(char *src, void *p, unsigned int l)
 * @param skm_len length of skm
 * @param ctx context info
 * @param ctx_len length of ctx
- * @param out_len desired length of the derived key
- * @param result buffer for the derived key, allocated by caller
 * @return GNUNET_YES on success
 */
 int
-GNUNET_CRYPTO_hkdf (int xtr_algo, int prf_algo, const void *xts,
+GNUNET_CRYPTO_hkdf (void *result, const unsigned long long out_len,
-    const size_t xts_len, const void *skm, const size_t skm_len,
+    int xtr_algo, int prf_algo, const void *xts, const size_t xts_len,
-    const void *ctx, const size_t ctx_len, const unsigned long long out_len,
+    const void *skm, const size_t skm_len, ...)
-    void *result)
 {
  void *prk, *hc, *plain;
  unsigned long long plain_len;
@@ -117,6 +116,8 @@ GNUNET_CRYPTO_hkdf (int xtr_algo, int prf_algo, const void *xts,
  unsigned int k, xtr_len;
  int ret;
  gcry_md_hd_t xtr, prf;
+  size_t ctx_len;
+  va_list argp;
  prk = plain = NULL;
  xtr_len = gcry_md_get_algo_dlen (xtr_algo);
@@ -127,6 +128,11 @@ GNUNET_CRYPTO_hkdf (int xtr_algo, int prf_algo, const void *xts,
  if (out_len > (2 ^ 32 * k) || !xtr_algo || !prf_algo)
    return GNUNET_SYSERR;
+  va_start(argp, skm_len);
+  for (ctx_len = 0; va_arg (argp, void *);)
+    ctx_len += va_arg (argp, size_t);
+  va_end(argp);
  prk = GNUNET_malloc (xtr_len);
  memset (result, 0, out_len);
@@ -146,8 +152,21 @@ GNUNET_CRYPTO_hkdf (int xtr_algo, int prf_algo, const void *xts,
  plain = GNUNET_malloc (plain_len);
  if (t > 0)
    {
-      memcpy (plain, ctx, ctx_len);
+      void *ctx, *dst;
-      memset (plain + ctx_len, 1, 1);
+      dst = plain;
+      va_start (argp, skm_len);
+      while ((ctx = va_arg (argp, void *)))
+        {
+          size_t len;
+          len = va_arg (argp, size_t);
+          memcpy (dst, ctx, len);
+          dst += len;
+        }
+      va_end (argp);
+      memset (dst, 1, 1);
      gcry_md_reset (prf);
 #if DEBUG_HKDF
      dump("K(1)", plain, plain_len);
@@ -160,7 +179,15 @@ GNUNET_CRYPTO_hkdf (int xtr_algo, int prf_algo, const void *xts,
    }
  if (t > 1 || d > 0)
-    memcpy (plain + k, ctx, ctx_len);
+    {
+      void *ctx, *dst;
+      dst = plain + k;
+      va_start(argp, skm_len);
+      while ((ctx = va_arg (argp, void *)))
+        memcpy (dst, ctx, va_arg (argp, size_t));
+      va_end (argp);
+    }
  /* K(i+1) */
  for (i = 1; i < t; i++)
diff --git a/src/util/test_crypto_hkdf.c b/src/util/test_crypto_hkdf.c
index ec215fd34..1b4d368aa 100644
--- a/src/util/test_crypto_hkdf.c
+++ b/src/util/test_crypto_hkdf.c
@@ -48,8 +48,8 @@ tc1 ()
  int l = 42;
  memset (result, 0, sizeof(result));
-  GNUNET_assert (GNUNET_CRYPTO_hkdf(GCRY_MD_SHA256, GCRY_MD_SHA256, salt, sizeof(salt), ikm, sizeof(ikm), info, sizeof(info),
+  GNUNET_assert (GNUNET_CRYPTO_hkdf(result, l, GCRY_MD_SHA256, GCRY_MD_SHA256, salt, sizeof(salt), ikm, sizeof(ikm), info, sizeof(info),
-          l, result) == GNUNET_YES);
+          NULL) == GNUNET_YES);
  GNUNET_assert (memcmp(result, okm, l) == 0);
  GNUNET_assert (memcmp(result + l, "\0", 2) == 0);
 }
@@ -89,8 +89,8 @@ tc2 ()
  int l = 82;
  memset (result, 0, sizeof(result));
-  GNUNET_assert (GNUNET_CRYPTO_hkdf(GCRY_MD_SHA256, GCRY_MD_SHA256, salt, sizeof(salt), ikm, sizeof(ikm), info, sizeof(info),
+  GNUNET_assert (GNUNET_CRYPTO_hkdf(result, l, GCRY_MD_SHA256, GCRY_MD_SHA256, salt, sizeof(salt), ikm, sizeof(ikm), info, sizeof(info),
-          l, result) == GNUNET_YES);
+          NULL) == GNUNET_YES);
  GNUNET_assert (memcmp(result, okm, l) == 0);
  GNUNET_assert (memcmp(result + l, "\0", 2) == 0);
 }
@@ -108,8 +108,8 @@ tc3 ()
  int l = 42;
  memset (result, 0, sizeof(result));
-  GNUNET_assert (GNUNET_CRYPTO_hkdf(GCRY_MD_SHA256, GCRY_MD_SHA256, NULL, 0, ikm, sizeof(ikm), NULL, 0,
+  GNUNET_assert (GNUNET_CRYPTO_hkdf(result, l, GCRY_MD_SHA256, GCRY_MD_SHA256, NULL, 0, ikm, sizeof(ikm), NULL, 0,
-          l, result) == GNUNET_YES);
+          NULL) == GNUNET_YES);
  GNUNET_assert (memcmp(result, okm, l) == 0);
  GNUNET_assert (memcmp(result + l, "\0", 2) == 0);
 }
@@ -131,8 +131,8 @@ tc4 ()
  int l = 42;
  memset (result, 0, sizeof(result));
-  GNUNET_assert (GNUNET_CRYPTO_hkdf(GCRY_MD_SHA1, GCRY_MD_SHA1, salt, sizeof(salt), ikm, sizeof(ikm), info, sizeof(info),
+  GNUNET_assert (GNUNET_CRYPTO_hkdf(result, l, GCRY_MD_SHA1, GCRY_MD_SHA1, salt, sizeof(salt), ikm, sizeof(ikm), info, sizeof(info),
-          l, result) == GNUNET_YES);
+          NULL) == GNUNET_YES);
  GNUNET_assert (memcmp(result, okm, l) == 0);
  GNUNET_assert (memcmp(result + l, "\0", 2) == 0);
 }
@@ -172,8 +172,8 @@ tc5 ()
  int l = 82;
  memset (result, 0, sizeof(result));
-  GNUNET_assert (GNUNET_CRYPTO_hkdf(GCRY_MD_SHA1, GCRY_MD_SHA1, salt, sizeof(salt), ikm, sizeof(ikm), info, sizeof(info),
+  GNUNET_assert (GNUNET_CRYPTO_hkdf(result, l, GCRY_MD_SHA1, GCRY_MD_SHA1, salt, sizeof(salt), ikm, sizeof(ikm), info, sizeof(info),
-          l, result) == GNUNET_YES);
+          NULL) == GNUNET_YES);
  GNUNET_assert (memcmp(result, okm, l) == 0);
  GNUNET_assert (memcmp(result + l, "\0", 2) == 0);
 }
@@ -191,8 +191,52 @@ tc6 ()
  int l = 42;
  memset (result, 0, sizeof(result));
-  GNUNET_assert (GNUNET_CRYPTO_hkdf(GCRY_MD_SHA1, GCRY_MD_SHA1, NULL, 0, ikm, sizeof(ikm), NULL, 0,
+  GNUNET_assert (GNUNET_CRYPTO_hkdf(result, l, GCRY_MD_SHA1, GCRY_MD_SHA1, NULL, 0, ikm, sizeof(ikm), NULL, 0,
-          l, result) == GNUNET_YES);
+          NULL) == GNUNET_YES);
+  GNUNET_assert (memcmp(result, okm, l) == 0);
+  GNUNET_assert (memcmp(result + l, "\0", 2) == 0);
+}
+void
+tc7 ()
+{
+  unsigned char ikm[80] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+      0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
+      0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21,
+      0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d,
+      0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39,
+      0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45,
+      0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f };
+  unsigned char salt[80] = { 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69,
+      0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75,
+      0x76, 0x77, 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81,
+      0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d,
+      0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99,
+      0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5,
+      0xa6, 0xa7, 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf };
+  unsigned char info1[80] = { 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
+      0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, 0xc0, 0xc1, 0xc2, 0xc3,
+      0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
+      0xd0, 0xd1 };
+  unsigned char info2[80] = { 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, 0xd8, 0xd9,
+      0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5,
+      0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 0xf0, 0xf1,
+      0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd,
+      0xfe, 0xff };
+  unsigned char okm[82] = { 0x0b, 0xd7, 0x70, 0xa7, 0x4d, 0x11, 0x60, 0xf7, 0xc9, 0xf1,
+      0x2c, 0xd5, 0x91, 0x2a, 0x06, 0xeb, 0xff, 0x6a, 0xdc, 0xae, 0x89, 0x9d,
+      0x92, 0x19, 0x1f, 0xe4, 0x30, 0x56, 0x73, 0xba, 0x2f, 0xfe, 0x8f, 0xa3,
+      0xf1, 0xa4, 0xe5, 0xad, 0x79, 0xf3, 0xf3, 0x34, 0xb3, 0xb2, 0x02, 0xb2,
+      0x17, 0x3c, 0x48, 0x6e, 0xa3, 0x7c, 0xe3, 0xd3, 0x97, 0xed, 0x03, 0x4c,
+      0x7f, 0x9d, 0xfe, 0xb1, 0x5c, 0x5e, 0x92, 0x73, 0x36, 0xd0, 0x44, 0x1f,
+      0x4c, 0x43, 0x00, 0xe2, 0xcf, 0xf0, 0xd0, 0x90, 0x0b, 0x52, 0xd3, 0xb4 };
+  char result[84];
+  int l = 82;
+  memset (result, 0, sizeof(result));
+  GNUNET_assert (GNUNET_CRYPTO_hkdf(result, l, GCRY_MD_SHA1, GCRY_MD_SHA1, salt,
+      sizeof(salt), ikm, sizeof(ikm), info1, sizeof(info1), info2, sizeof(info2),
+      NULL) == GNUNET_YES);
  GNUNET_assert (memcmp(result, okm, l) == 0);
  GNUNET_assert (memcmp(result + l, "\0", 2) == 0);
 }
@@ -201,11 +245,17 @@ int
 main ()
 {
  GNUNET_log_setup ("test-crypto-hkdf", "WARNING", NULL);
+  /* Official test vectors */
  tc1();
  tc2();
  tc3();
  tc4();
  tc5();
  tc6();
+  /* Additional tests */
+  tc7();
  return 0;
 }

diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 8a8e71a96..126c599b9 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h
@@ -527,6 +527,8 @@ int GNUNET_CRYPTO_hash_xorcmp (const GNUNET_HashCode * h1,
527		527
528	/**	528	/**
529	* @brief Derive key	529	* @brief Derive key
		530	* @param result buffer for the derived key, allocated by caller
		531	* @param out_len desired length of the derived key
530	* @param xtr_algo hash algorithm for the extraction phase, GCRY_MD_...	532	* @param xtr_algo hash algorithm for the extraction phase, GCRY_MD_...
531	* @param prf_algo hash algorithm for the expansion phase, GCRY_MD_...	533	* @param prf_algo hash algorithm for the expansion phase, GCRY_MD_...
532	* @param xts salt	534	* @param xts salt
@@ -535,15 +537,12 @@ int GNUNET_CRYPTO_hash_xorcmp (const GNUNET_HashCode * h1,
535	* @param skm_len length of skm	537	* @param skm_len length of skm
536	* @param ctx context info	538	* @param ctx context info
537	* @param ctx_len length of ctx	539	* @param ctx_len length of ctx
538	* @param out_len desired length of the derived key
539	* @param result buffer for the derived key, allocated by caller
540	* @return GNUNET_YES on success	540	* @return GNUNET_YES on success
541	*/	541	*/
542	int	542	int
543	GNUNET_CRYPTO_hkdf (int xtr_algo, int prf_algo, const void *xts,	543	GNUNET_CRYPTO_hkdf (void *result, const unsigned long long out_len,
544	const size_t xts_len, const void *skm, const size_t skm_len,	544	int xtr_algo, int prf_algo, const void *xts, const size_t xts_len,
545	const void *ctx, const size_t ctx_len, const unsigned long long out_len,	545	const void *skm, const size_t skm_len, ...);
546	void *result);
547		546
548		547
549	/**	548	/**


diff --git a/src/util/crypto_hkdf.c b/src/util/crypto_hkdf.c index e442aef1c..4415b7551 100644 --- a/src/util/crypto_hkdf.c +++ b/src/util/crypto_hkdf.c
@@ -93,6 +93,8 @@ static void dump(char src, void p, unsigned int l)
93		93
94	/**	94	/**
95	* @brief Derive key	95	* @brief Derive key
		96	* @param result buffer for the derived key, allocated by caller
		97	* @param out_len desired length of the derived key
96	* @param xtr_algo hash algorithm for the extraction phase, GCRY_MD_...	98	* @param xtr_algo hash algorithm for the extraction phase, GCRY_MD_...
97	* @param prf_algo hash algorithm for the expansion phase, GCRY_MD_...	99	* @param prf_algo hash algorithm for the expansion phase, GCRY_MD_...
98	* @param xts salt	100	* @param xts salt
@@ -101,15 +103,12 @@ static void dump(char src, void p, unsigned int l)
101	* @param skm_len length of skm	103	* @param skm_len length of skm
102	* @param ctx context info	104	* @param ctx context info
103	* @param ctx_len length of ctx	105	* @param ctx_len length of ctx
104	* @param out_len desired length of the derived key
105	* @param result buffer for the derived key, allocated by caller
106	* @return GNUNET_YES on success	106	* @return GNUNET_YES on success
107	*/	107	*/
108	int	108	int
109	GNUNET_CRYPTO_hkdf (int xtr_algo, int prf_algo, const void *xts,	109	GNUNET_CRYPTO_hkdf (void *result, const unsigned long long out_len,
110	const size_t xts_len, const void *skm, const size_t skm_len,	110	int xtr_algo, int prf_algo, const void *xts, const size_t xts_len,
111	const void *ctx, const size_t ctx_len, const unsigned long long out_len,	111	const void *skm, const size_t skm_len, ...)
112	void *result)
113	{	112	{
114	void prk, hc, *plain;	113	void prk, hc, *plain;
115	unsigned long long plain_len;	114	unsigned long long plain_len;
@@ -117,6 +116,8 @@ GNUNET_CRYPTO_hkdf (int xtr_algo, int prf_algo, const void *xts,
117	unsigned int k, xtr_len;	116	unsigned int k, xtr_len;
118	int ret;	117	int ret;
119	gcry_md_hd_t xtr, prf;	118	gcry_md_hd_t xtr, prf;
		119	size_t ctx_len;
		120	va_list argp;
120		121
121	prk = plain = NULL;	122	prk = plain = NULL;
122	xtr_len = gcry_md_get_algo_dlen (xtr_algo);	123	xtr_len = gcry_md_get_algo_dlen (xtr_algo);
@@ -127,6 +128,11 @@ GNUNET_CRYPTO_hkdf (int xtr_algo, int prf_algo, const void *xts,
127	if (out_len > (2 ^ 32 * k) \|\| !xtr_algo \|\| !prf_algo)	128	if (out_len > (2 ^ 32 * k) \|\| !xtr_algo \|\| !prf_algo)
128	return GNUNET_SYSERR;	129	return GNUNET_SYSERR;
129		130
		131	va_start(argp, skm_len);
		132	for (ctx_len = 0; va_arg (argp, void *);)
		133	ctx_len += va_arg (argp, size_t);
		134	va_end(argp);
		135
130	prk = GNUNET_malloc (xtr_len);	136	prk = GNUNET_malloc (xtr_len);
131		137
132	memset (result, 0, out_len);	138	memset (result, 0, out_len);
@@ -146,8 +152,21 @@ GNUNET_CRYPTO_hkdf (int xtr_algo, int prf_algo, const void *xts,
146	plain = GNUNET_malloc (plain_len);	152	plain = GNUNET_malloc (plain_len);
147	if (t > 0)	153	if (t > 0)
148	{	154	{
149	memcpy (plain, ctx, ctx_len);	155	void ctx, dst;
150	memset (plain + ctx_len, 1, 1);	156
		157	dst = plain;
		158	va_start (argp, skm_len);
		159	while ((ctx = va_arg (argp, void *)))
		160	{
		161	size_t len;
		162
		163	len = va_arg (argp, size_t);
		164	memcpy (dst, ctx, len);
		165	dst += len;
		166	}
		167	va_end (argp);
		168
		169	memset (dst, 1, 1);
151	gcry_md_reset (prf);	170	gcry_md_reset (prf);
152	#if DEBUG_HKDF	171	#if DEBUG_HKDF
153	dump("K(1)", plain, plain_len);	172	dump("K(1)", plain, plain_len);
@@ -160,7 +179,15 @@ GNUNET_CRYPTO_hkdf (int xtr_algo, int prf_algo, const void *xts,
160	}	179	}
161		180
162	if (t > 1 \|\| d > 0)	181	if (t > 1 \|\| d > 0)
163	memcpy (plain + k, ctx, ctx_len);	182	{
		183	void ctx, dst;
		184
		185	dst = plain + k;
		186	va_start(argp, skm_len);
		187	while ((ctx = va_arg (argp, void *)))
		188	memcpy (dst, ctx, va_arg (argp, size_t));
		189	va_end (argp);
		190	}
164		191
165	/* K(i+1) */	192	/* K(i+1) */
166	for (i = 1; i < t; i++)	193	for (i = 1; i < t; i++)


diff --git a/src/util/test_crypto_hkdf.c b/src/util/test_crypto_hkdf.c index ec215fd34..1b4d368aa 100644 --- a/src/util/test_crypto_hkdf.c +++ b/src/util/test_crypto_hkdf.c
@@ -48,8 +48,8 @@ tc1 ()
48	int l = 42;	48	int l = 42;
49		49
50	memset (result, 0, sizeof(result));	50	memset (result, 0, sizeof(result));
51	GNUNET_assert (GNUNET_CRYPTO_hkdf(GCRY_MD_SHA256, GCRY_MD_SHA256, salt, sizeof(salt), ikm, sizeof(ikm), info, sizeof(info),	51	GNUNET_assert (GNUNET_CRYPTO_hkdf(result, l, GCRY_MD_SHA256, GCRY_MD_SHA256, salt, sizeof(salt), ikm, sizeof(ikm), info, sizeof(info),
52	l, result) == GNUNET_YES);	52	NULL) == GNUNET_YES);
53	GNUNET_assert (memcmp(result, okm, l) == 0);	53	GNUNET_assert (memcmp(result, okm, l) == 0);
54	GNUNET_assert (memcmp(result + l, "\0", 2) == 0);	54	GNUNET_assert (memcmp(result + l, "\0", 2) == 0);
55	}	55	}
@@ -89,8 +89,8 @@ tc2 ()
89	int l = 82;	89	int l = 82;
90		90
91	memset (result, 0, sizeof(result));	91	memset (result, 0, sizeof(result));
92	GNUNET_assert (GNUNET_CRYPTO_hkdf(GCRY_MD_SHA256, GCRY_MD_SHA256, salt, sizeof(salt), ikm, sizeof(ikm), info, sizeof(info),	92	GNUNET_assert (GNUNET_CRYPTO_hkdf(result, l, GCRY_MD_SHA256, GCRY_MD_SHA256, salt, sizeof(salt), ikm, sizeof(ikm), info, sizeof(info),
93	l, result) == GNUNET_YES);	93	NULL) == GNUNET_YES);
94	GNUNET_assert (memcmp(result, okm, l) == 0);	94	GNUNET_assert (memcmp(result, okm, l) == 0);
95	GNUNET_assert (memcmp(result + l, "\0", 2) == 0);	95	GNUNET_assert (memcmp(result + l, "\0", 2) == 0);
96	}	96	}
@@ -108,8 +108,8 @@ tc3 ()
108	int l = 42;	108	int l = 42;
109		109
110	memset (result, 0, sizeof(result));	110	memset (result, 0, sizeof(result));
111	GNUNET_assert (GNUNET_CRYPTO_hkdf(GCRY_MD_SHA256, GCRY_MD_SHA256, NULL, 0, ikm, sizeof(ikm), NULL, 0,	111	GNUNET_assert (GNUNET_CRYPTO_hkdf(result, l, GCRY_MD_SHA256, GCRY_MD_SHA256, NULL, 0, ikm, sizeof(ikm), NULL, 0,
112	l, result) == GNUNET_YES);	112	NULL) == GNUNET_YES);
113	GNUNET_assert (memcmp(result, okm, l) == 0);	113	GNUNET_assert (memcmp(result, okm, l) == 0);
114	GNUNET_assert (memcmp(result + l, "\0", 2) == 0);	114	GNUNET_assert (memcmp(result + l, "\0", 2) == 0);
115	}	115	}
@@ -131,8 +131,8 @@ tc4 ()
131	int l = 42;	131	int l = 42;
132		132
133	memset (result, 0, sizeof(result));	133	memset (result, 0, sizeof(result));
134	GNUNET_assert (GNUNET_CRYPTO_hkdf(GCRY_MD_SHA1, GCRY_MD_SHA1, salt, sizeof(salt), ikm, sizeof(ikm), info, sizeof(info),	134	GNUNET_assert (GNUNET_CRYPTO_hkdf(result, l, GCRY_MD_SHA1, GCRY_MD_SHA1, salt, sizeof(salt), ikm, sizeof(ikm), info, sizeof(info),
135	l, result) == GNUNET_YES);	135	NULL) == GNUNET_YES);
136	GNUNET_assert (memcmp(result, okm, l) == 0);	136	GNUNET_assert (memcmp(result, okm, l) == 0);
137	GNUNET_assert (memcmp(result + l, "\0", 2) == 0);	137	GNUNET_assert (memcmp(result + l, "\0", 2) == 0);
138	}	138	}
@@ -172,8 +172,8 @@ tc5 ()
172	int l = 82;	172	int l = 82;
173		173
174	memset (result, 0, sizeof(result));	174	memset (result, 0, sizeof(result));
175	GNUNET_assert (GNUNET_CRYPTO_hkdf(GCRY_MD_SHA1, GCRY_MD_SHA1, salt, sizeof(salt), ikm, sizeof(ikm), info, sizeof(info),	175	GNUNET_assert (GNUNET_CRYPTO_hkdf(result, l, GCRY_MD_SHA1, GCRY_MD_SHA1, salt, sizeof(salt), ikm, sizeof(ikm), info, sizeof(info),
176	l, result) == GNUNET_YES);	176	NULL) == GNUNET_YES);
177	GNUNET_assert (memcmp(result, okm, l) == 0);	177	GNUNET_assert (memcmp(result, okm, l) == 0);
178	GNUNET_assert (memcmp(result + l, "\0", 2) == 0);	178	GNUNET_assert (memcmp(result + l, "\0", 2) == 0);
179	}	179	}
@@ -191,8 +191,52 @@ tc6 ()
191	int l = 42;	191	int l = 42;
192		192
193	memset (result, 0, sizeof(result));	193	memset (result, 0, sizeof(result));
194	GNUNET_assert (GNUNET_CRYPTO_hkdf(GCRY_MD_SHA1, GCRY_MD_SHA1, NULL, 0, ikm, sizeof(ikm), NULL, 0,	194	GNUNET_assert (GNUNET_CRYPTO_hkdf(result, l, GCRY_MD_SHA1, GCRY_MD_SHA1, NULL, 0, ikm, sizeof(ikm), NULL, 0,
195	l, result) == GNUNET_YES);	195	NULL) == GNUNET_YES);
		196	GNUNET_assert (memcmp(result, okm, l) == 0);
		197	GNUNET_assert (memcmp(result + l, "\0", 2) == 0);
		198	}
		199
		200	void
		201	tc7 ()
		202	{
		203	unsigned char ikm[80] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
		204	0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
		205	0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21,
		206	0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d,
		207	0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39,
		208	0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45,
		209	0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f };
		210	unsigned char salt[80] = { 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69,
		211	0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75,
		212	0x76, 0x77, 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81,
		213	0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d,
		214	0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99,
		215	0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5,
		216	0xa6, 0xa7, 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf };
		217	unsigned char info1[80] = { 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
		218	0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, 0xc0, 0xc1, 0xc2, 0xc3,
		219	0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
		220	0xd0, 0xd1 };
		221	unsigned char info2[80] = { 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, 0xd8, 0xd9,
		222	0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5,
		223	0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 0xf0, 0xf1,
		224	0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd,
		225	0xfe, 0xff };
		226	unsigned char okm[82] = { 0x0b, 0xd7, 0x70, 0xa7, 0x4d, 0x11, 0x60, 0xf7, 0xc9, 0xf1,
		227	0x2c, 0xd5, 0x91, 0x2a, 0x06, 0xeb, 0xff, 0x6a, 0xdc, 0xae, 0x89, 0x9d,
		228	0x92, 0x19, 0x1f, 0xe4, 0x30, 0x56, 0x73, 0xba, 0x2f, 0xfe, 0x8f, 0xa3,
		229	0xf1, 0xa4, 0xe5, 0xad, 0x79, 0xf3, 0xf3, 0x34, 0xb3, 0xb2, 0x02, 0xb2,
		230	0x17, 0x3c, 0x48, 0x6e, 0xa3, 0x7c, 0xe3, 0xd3, 0x97, 0xed, 0x03, 0x4c,
		231	0x7f, 0x9d, 0xfe, 0xb1, 0x5c, 0x5e, 0x92, 0x73, 0x36, 0xd0, 0x44, 0x1f,
		232	0x4c, 0x43, 0x00, 0xe2, 0xcf, 0xf0, 0xd0, 0x90, 0x0b, 0x52, 0xd3, 0xb4 };
		233	char result[84];
		234	int l = 82;
		235
		236	memset (result, 0, sizeof(result));
		237	GNUNET_assert (GNUNET_CRYPTO_hkdf(result, l, GCRY_MD_SHA1, GCRY_MD_SHA1, salt,
		238	sizeof(salt), ikm, sizeof(ikm), info1, sizeof(info1), info2, sizeof(info2),
		239	NULL) == GNUNET_YES);
196	GNUNET_assert (memcmp(result, okm, l) == 0);	240	GNUNET_assert (memcmp(result, okm, l) == 0);
197	GNUNET_assert (memcmp(result + l, "\0", 2) == 0);	241	GNUNET_assert (memcmp(result + l, "\0", 2) == 0);
198	}	242	}
@@ -201,11 +245,17 @@ int
201	main ()	245	main ()
202	{	246	{
203	GNUNET_log_setup ("test-crypto-hkdf", "WARNING", NULL);	247	GNUNET_log_setup ("test-crypto-hkdf", "WARNING", NULL);
		248
		249	/* Official test vectors */
204	tc1();	250	tc1();
205	tc2();	251	tc2();
206	tc3();	252	tc3();
207	tc4();	253	tc4();
208	tc5();	254	tc5();
209	tc6();	255	tc6();
		256
		257	/* Additional tests */
		258	tc7();
		259
210	return 0;	260	return 0;
211	}	261	}