kdf: Add HKDF of RFC5869.

* src/gcrypt.h.in (GCRY_KDF_HKDF): New. * cipher/kdf.c (hkdf_open, hkdf_compute, hkdf_final, hkdf_close): New. (_gcry_kdf_open, _gcry_kdf_compute, _gcry_kdf_final, _gcry_kdf_close): Handle GCRY_KDF_HKDF. * tests/t-kdf.c (check_hkdf): New. Test vectors from RFC5869. (main): Call check_hkdf. -- GnuPG-bug-id: 5964 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
author: NIIBE Yutaka <gniibe@fsij.org> 2022-06-16 14:54:30 +0900
committer: NIIBE Yutaka <gniibe@fsij.org> 2022-06-16 14:54:30 +0900
commit: fbddfb964f0b1c1ec131194b2273c3f834041c84 (patch)
tree: 85941824f03a5f8a4aa153564324d4a6d0ce1cc9 /tests
parent: 2c5e5ab6843d747c4b877d2c6f47226f61e9ff14 (diff)
download: libgcrypt-fbddfb964f0b1c1ec131194b2273c3f834041c84.tar.gz
1 files changed, 162 insertions, 1 deletions
diff --git a/tests/t-kdf.c b/tests/t-kdf.c
index d10a0e34..508e4bbe 100644
--- a/tests/t-kdf.c
+++ b/tests/t-kdf.c
@@ -1718,7 +1718,7 @@ check_onestep_kdf (void)
     fail ("OneStepKDF test %d failed: %s\n", count, gpg_strerror (err));
   else if (memcmp (out, expected[count], param[count]))
     {
-      fail ("OneStepKDF test %d failed: mismatch\n", count*2+0);
+      fail ("OneStepKDF test %d failed: mismatch\n", count);
       fputs ("got:", stderr);
       for (i=0; i < param[count]; i++)
         fprintf (stderr, " %02x", out[i]);
@@ -1732,6 +1732,166 @@ check_onestep_kdf (void)
 }
 
 
+static void
+check_hkdf (void)
+{
+  gcry_error_t err;
+  unsigned long param[1];
+  unsigned char out[82];
+  const unsigned char input0[] = {
+    0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+    0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+    0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b
+  };
+  const unsigned char input1[] = {
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+    0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+    0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+    0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+    0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+    0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+    0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+    0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+    0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f
+  };
+  const unsigned char salt0[] = {
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0a, 0x0b, 0x0c
+  };
+  const unsigned char salt1[] = {
+    0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
+    0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+    0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
+    0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
+    0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+    0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+    0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+    0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
+    0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
+    0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf
+  };
+  const unsigned char info0[] = {
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+    0xf8, 0xf9
+  };
+  const unsigned char info1[] = {
+    0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
+    0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
+    0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+    0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
+    0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
+    0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
+    0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
+    0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+    0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
+  };
+  const unsigned char expected0[] = {
+    0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
+    0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
+    0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
+    0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
+    0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
+    0x58, 0x65
+  };
+  const unsigned char expected1[] = {
+    0xb1, 0x1e, 0x39, 0x8d, 0xc8, 0x03, 0x27, 0xa1,
+    0xc8, 0xe7, 0xf7, 0x8c, 0x59, 0x6a, 0x49, 0x34,
+    0x4f, 0x01, 0x2e, 0xda, 0x2d, 0x4e, 0xfa, 0xd8,
+    0xa0, 0x50, 0xcc, 0x4c, 0x19, 0xaf, 0xa9, 0x7c,
+    0x59, 0x04, 0x5a, 0x99, 0xca, 0xc7, 0x82, 0x72,
+    0x71, 0xcb, 0x41, 0xc6, 0x5e, 0x59, 0x0e, 0x09,
+    0xda, 0x32, 0x75, 0x60, 0x0c, 0x2f, 0x09, 0xb8,
+    0x36, 0x77, 0x93, 0xa9, 0xac, 0xa3, 0xdb, 0x71,
+    0xcc, 0x30, 0xc5, 0x81, 0x79, 0xec, 0x3e, 0x87,
+    0xc1, 0x4c, 0x01, 0xd5, 0xc1, 0xf3, 0x43, 0x4f,
+    0x1d, 0x87
+  };
+  const unsigned char expected2[] = {
+    0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f,
+    0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31,
+    0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e,
+    0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d,
+    0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a,
+    0x96, 0xc8
+  };
+
+  int i;
+  int count = 0;
+  const unsigned char *input;
+  const unsigned char *salt;
+  const unsigned char *info;
+  const unsigned char *expected;
+  size_t inputlen;
+  size_t saltlen;
+  size_t infolen;
+  size_t expectedlen;
+
+ again:
+
+  if (verbose)
+    fprintf (stderr, "checking HKDF test vector %d\n", count);
+
+  switch (count)
+    {
+    case 0:
+      input = input0;
+      inputlen = sizeof (input0);
+      salt = salt0;
+      saltlen = sizeof (salt0);
+      info = info0;
+      infolen = sizeof (info0);
+      expected = expected0;
+      expectedlen = sizeof (expected0);
+      break;
+    case 1:
+      input = input1;
+      inputlen = sizeof (input1);
+      salt = salt1;
+      saltlen = sizeof (salt1);
+      info = info1;
+      infolen = sizeof (info1);
+      expected = expected1;
+      expectedlen = sizeof (expected1);
+      break;
+    case 2:
+      input = input0;
+      inputlen = sizeof (input0);
+      salt = NULL;
+      saltlen = 0;
+      info = NULL;
+      infolen = 0;
+      expected = expected2;
+      expectedlen = sizeof (expected2);
+      break;
+    }
+
+  param[0] = expectedlen;
+  err = my_kdf_derive (0, GCRY_KDF_HKDF, GCRY_MAC_HMAC_SHA256,
+                       param, 1,
+                       input, inputlen, NULL, 0,
+                       salt, saltlen,
+                       info, infolen,
+                       expectedlen, out);
+  if (err)
+    fail ("HKDF test %d failed: %s\n", count, gpg_strerror (err));
+  else if (memcmp (out, expected, expectedlen))
+    {
+      fail ("HKDF test %d failed: mismatch\n", count);
+      fputs ("got:", stderr);
+      for (i=0; i < expectedlen; i++)
+        fprintf (stderr, " %02x", out[i]);
+      putc ('\n', stderr);
+    }
+
+  /* Next test vector */
+  count++;
+  if (count < 3)
+    goto again;
+}
+
+
 int
 main (int argc, char **argv)
 {
@@ -1811,6 +1971,7 @@ main (int argc, char **argv)
       check_argon2 ();
       check_balloon ();
       check_onestep_kdf ();
+      check_hkdf ();
     }
 
   return error_count ? 1 : 0;
author	NIIBE Yutaka <gniibe@fsij.org>	2022-06-16 14:54:30 +0900
committer	NIIBE Yutaka <gniibe@fsij.org>	2022-06-16 14:54:30 +0900
commit	fbddfb964f0b1c1ec131194b2273c3f834041c84 (patch)
tree	85941824f03a5f8a4aa153564324d4a6d0ce1cc9 /tests
parent	2c5e5ab6843d747c4b877d2c6f47226f61e9ff14 (diff)
download	libgcrypt-fbddfb964f0b1c1ec131194b2273c3f834041c84.tar.gz