From 8a1f50e66364389b8a867801ead8327a663b0c03 Mon Sep 17 00:00:00 2001 From: Milan Broz Date: Thu, 18 Aug 2022 16:18:41 +0200 Subject: kdf: Restructure KDF test vectors * tests/t-kdf.c: Restructure KDF test vectors to allow easy addition new vectors. Also remove some ugly C code like goto again. -- Signed-off-by: Milan Broz [jk: fixed commit changelog cipher/kdf.c -> tests/t-kdf.c] Signed-off-by: Jussi Kivilinna --- tests/t-kdf.c | 766 +++++++++++++++++++++++++++------------------------------- 1 file changed, 351 insertions(+), 415 deletions(-) (limited to 'tests') diff --git a/tests/t-kdf.c b/tests/t-kdf.c index d9d57778..17402762 100644 --- a/tests/t-kdf.c +++ b/tests/t-kdf.c @@ -1341,10 +1341,10 @@ static gcry_error_t my_kdf_derive (int parallel, int algo, int subalgo, const unsigned long *params, unsigned int paramslen, - const unsigned char *pass, size_t passlen, - const unsigned char *salt, size_t saltlen, - const unsigned char *key, size_t keylen, - const unsigned char *ad, size_t adlen, + const char *pass, size_t passlen, + const char *salt, size_t saltlen, + const char *key, size_t keylen, + const char *ad, size_t adlen, size_t outlen, unsigned char *out) { gcry_error_t err; @@ -1405,98 +1405,127 @@ my_kdf_derive (int parallel, return err; } - static void check_argon2 (void) { gcry_error_t err; - const unsigned long param[4] = { 32, 3, 32, 4 }; - const unsigned char pass[32] = { - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 - }; - const unsigned char salt[16] = { - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + static struct { + int subalgo; + unsigned long param[4]; + size_t passlen; + const char *pass; + size_t saltlen; + const char *salt; + size_t keylen; + const char *key; + size_t adlen; + const char *ad; + size_t dklen; + const char *dk; + } tv[] = { + { + GCRY_KDF_ARGON2D, + { 32, 3, 32, 4 }, + 32, + "\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01" + "\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01", + 16, + "\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02", + 8, + "\x03\x03\x03\x03\x03\x03\x03\x03", + 12, + "\x04\x04\x04\x04\x04\x04\x04\x04\x04\x04\x04\x04", + 32, + "\x51\x2b\x39\x1b\x6f\x11\x62\x97\x53\x71\xd3\x09\x19\x73\x42\x94" + "\xf8\x68\xe3\xbe\x39\x84\xf3\xc1\xa1\x3a\x4d\xb9\xfa\xbe\x4a\xcb" + }, + { + GCRY_KDF_ARGON2I, + { 32, 3, 32, 4 }, + 32, + "\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01" + "\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01", + 16, + "\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02", + 8, + "\x03\x03\x03\x03\x03\x03\x03\x03", + 12, + "\x04\x04\x04\x04\x04\x04\x04\x04\x04\x04\x04\x04", + 32, + "\xc8\x14\xd9\xd1\xdc\x7f\x37\xaa\x13\xf0\xd7\x7f\x24\x94\xbd\xa1" + "\xc8\xde\x6b\x01\x6d\xd3\x88\xd2\x99\x52\xa4\xc4\x67\x2b\x6c\xe8" + }, + { + GCRY_KDF_ARGON2ID, + { 32, 3, 32, 4 }, + 32, + "\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01" + "\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01", + 16, + "\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02", + 8, + "\x03\x03\x03\x03\x03\x03\x03\x03", + 12, + "\x04\x04\x04\x04\x04\x04\x04\x04\x04\x04\x04\x04", + 32, + "\x0d\x64\x0d\xf5\x8d\x78\x76\x6c\x08\xc0\x37\xa3\x4a\x8b\x53\xc9" + "\xd0\x1e\xf0\x45\x2d\x75\xb6\x5e\xb5\x25\x20\xe9\x6b\x01\xe6\x59" + }, }; - const unsigned char key[8] = { 3, 3, 3, 3, 3, 3, 3, 3 }; - const unsigned char ad[12] = { 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4 }; unsigned char out[32]; - unsigned char expected[3][32] = { - { /* GCRY_KDF_ARGON2D */ - 0x51, 0x2b, 0x39, 0x1b, 0x6f, 0x11, 0x62, 0x97, - 0x53, 0x71, 0xd3, 0x09, 0x19, 0x73, 0x42, 0x94, - 0xf8, 0x68, 0xe3, 0xbe, 0x39, 0x84, 0xf3, 0xc1, - 0xa1, 0x3a, 0x4d, 0xb9, 0xfa, 0xbe, 0x4a, 0xcb - }, - { /* GCRY_KDF_ARGON2I */ - 0xc8, 0x14, 0xd9, 0xd1, 0xdc, 0x7f, 0x37, 0xaa, - 0x13, 0xf0, 0xd7, 0x7f, 0x24, 0x94, 0xbd, 0xa1, - 0xc8, 0xde, 0x6b, 0x01, 0x6d, 0xd3, 0x88, 0xd2, - 0x99, 0x52, 0xa4, 0xc4, 0x67, 0x2b, 0x6c, 0xe8 - }, - { /* GCRY_KDF_ARGON2ID */ - 0x0d, 0x64, 0x0d, 0xf5, 0x8d, 0x78, 0x76, 0x6c, - 0x08, 0xc0, 0x37, 0xa3, 0x4a, 0x8b, 0x53, 0xc9, - 0xd0, 0x1e, 0xf0, 0x45, 0x2d, 0x75, 0xb6, 0x5e, - 0xb5, 0x25, 0x20, 0xe9, 0x6b, 0x01, 0xe6, 0x59 - } - }; int i; - int subalgo = GCRY_KDF_ARGON2D; - int count = 0; - - again: + int count; - if (verbose) - fprintf (stderr, "checking ARGON2 test vector %d\n", count); - - err = my_kdf_derive (0, - GCRY_KDF_ARGON2, subalgo, param, 4, - pass, 32, salt, 16, key, 8, ad, 12, - 32, out); - if (err) - fail ("argon2 test %d failed: %s\n", count*2+0, gpg_strerror (err)); - else if (memcmp (out, expected[count], 32)) - { - fail ("argon2 test %d failed: mismatch\n", count*2+0); - fputs ("got:", stderr); - for (i=0; i < 32; i++) - fprintf (stderr, " %02x", out[i]); - putc ('\n', stderr); - } + for (count = 0; count < DIM(tv); count++) + { + if (verbose) + fprintf (stderr, "checking ARGON2 test vector %d\n", count); + + err = my_kdf_derive (0, GCRY_KDF_ARGON2, + tv[count].subalgo, tv[count].param, 4, + tv[count].pass, tv[count].passlen, + tv[count].salt, tv[count].saltlen, + tv[count].key, tv[count].keylen, + tv[count].ad, tv[count].adlen, + tv[count].dklen, out); + if (err) + fail ("argon2 test %d failed: %s\n", count*2+0, gpg_strerror (err)); + else if (memcmp (out, tv[count].dk, tv[count].dklen)) + { + fail ("argon2 test %d failed: mismatch\n", count*2+0); + fputs ("got:", stderr); + for (i=0; i < tv[count].dklen; i++) + fprintf (stderr, " %02x", out[i]); + putc ('\n', stderr); + } #ifdef HAVE_PTHREAD - err = my_kdf_derive (1, - GCRY_KDF_ARGON2, subalgo, param, 4, - pass, 32, salt, 16, key, 8, ad, 12, - 32, out); - if (err) - fail ("argon2 test %d failed: %s\n", count*2+1, gpg_strerror (err)); - else if (memcmp (out, expected[count], 32)) - { - fail ("argon2 test %d failed: mismatch\n", count*2+1); - fputs ("got:", stderr); - for (i=0; i < 32; i++) - fprintf (stderr, " %02x", out[i]); - putc ('\n', stderr); - } + err = my_kdf_derive (1, GCRY_KDF_ARGON2, + tv[count].subalgo, tv[count].param, 4, + tv[count].pass, tv[count].passlen, + tv[count].salt, tv[count].saltlen, + tv[count].key, tv[count].keylen, + tv[count].ad, tv[count].adlen, + tv[count].dklen, out); + if (err) + fail ("argon2 test %d failed: %s\n", count*2+1, gpg_strerror (err)); + else if (memcmp (out, tv[count].dk, tv[count].dklen)) + { + fail ("argon2 test %d failed: mismatch\n", count*2+1); + fputs ("got:", stderr); + for (i=0; i < tv[count].dklen; i++) + fprintf (stderr, " %02x", out[i]); + putc ('\n', stderr); + } #endif - - /* Next algo */ - if (subalgo == GCRY_KDF_ARGON2D) - subalgo = GCRY_KDF_ARGON2I; - else if (subalgo == GCRY_KDF_ARGON2I) - subalgo = GCRY_KDF_ARGON2ID; - - count++; - if (count < 3) - goto again; + } } static void check_balloon (void) { + gcry_error_t err; /* Two test vectors generated by the research prototype implementation. $ balloon abcdefghijklmno t_cost = 1 @@ -1519,91 +1548,84 @@ check_balloon (void) $8Yor74EqTwBrrdaeYeSVx0VXVAgDrsILAnJWdVUy93s= $FaNb9ofeWEggzhW9BUSODgZH5/awzNz5Adoub48+BgQ= */ - gcry_error_t err; - const unsigned long param[2][4] = { - { 1024, 1, 1 }, - { 4096, 12, 4 } - }; - const unsigned char *pass[2] = { - (const unsigned char *)"abcdefghijklmno", - (const unsigned char *)"Long_sentence_used_as_passphrase" - }; - const unsigned char salt[2][32] = { - { - 0x15, 0x1c, 0xea, 0x3a, 0x22, 0x2e, 0x3e, 0xfb, - 0xa8, 0xcb, 0x9e, 0x6f, 0x19, 0xf2, 0xb3, 0xca, - 0xc7, 0xbe, 0xd9, 0xfd, 0xbc, 0x17, 0xb9, 0xbd, - 0x88, 0x51, 0xc2, 0x72, 0xd9, 0xc4, 0x07, 0x08 - }, - { - 0xf1, 0x8a, 0x2b, 0xef, 0x81, 0x2a, 0x4f, 0x00, - 0x6b, 0xad, 0xd6, 0x9e, 0x61, 0xe4, 0x95, 0xc7, - 0x45, 0x57, 0x54, 0x08, 0x03, 0xae, 0xc2, 0x0b, - 0x02, 0x72, 0x56, 0x75, 0x55, 0x32, 0xf7, 0x7b - } - }; - const unsigned char expected[2][32] = { + static struct { + int subalgo; + unsigned long param[3]; + size_t passlen; + const char *pass; + size_t saltlen; + const char *salt; + size_t dklen; + const char *dk; + } tv[] = { { - 0x37, 0x13, 0x86, 0x34, 0xfc, 0x93, 0x3d, 0x9c, - 0xca, 0x88, 0x98, 0xe0, 0x8f, 0xb1, 0xfa, 0xa4, - 0x90, 0xcb, 0x22, 0x04, 0x74, 0xe4, 0x72, 0x3b, - 0x55, 0xac, 0x49, 0xa7, 0x11, 0x1a, 0xa3, 0x94 + GCRY_MD_SHA256, + { 1024, 1, 1 }, + 15, + "abcdefghijklmno", + 32, + "\x15\x1c\xea\x3a\x22\x2e\x3e\xfb\xa8\xcb\x9e\x6f\x19\xf2\xb3\xca" + "\xc7\xbe\xd9\xfd\xbc\x17\xb9\xbd\x88\x51\xc2\x72\xd9\xc4\x07\x08", + 32, + "\x37\x13\x86\x34\xfc\x93\x3d\x9c\xca\x88\x98\xe0\x8f\xb1\xfa\xa4" + "\x90\xcb\x22\x04\x74\xe4\x72\x3b\x55\xac\x49\xa7\x11\x1a\xa3\x94" }, { - 0x15, 0xa3, 0x5b, 0xf6, 0x87, 0xde, 0x58, 0x48, - 0x20, 0xce, 0x15, 0xbd, 0x05, 0x44, 0x8e, 0x0e, - 0x06, 0x47, 0xe7, 0xf6, 0xb0, 0xcc, 0xdc, 0xf9, - 0x01, 0xda, 0x2e, 0x6f, 0x8f, 0x3e, 0x06, 0x04 + GCRY_MD_SHA256, + { 4096, 12, 4 }, + 32, + "Long_sentence_used_as_passphrase", + 32, + "\xf1\x8a\x2b\xef\x81\x2a\x4f\x00\x6b\xad\xd6\x9e\x61\xe4\x95\xc7" + "\x45\x57\x54\x08\x03\xae\xc2\x0b\x02\x72\x56\x75\x55\x32\xf7\x7b", + 32, + "\x15\xa3\x5b\xf6\x87\xde\x58\x48\x20\xce\x15\xbd\x05\x44\x8e\x0e" + "\x06\x47\xe7\xf6\xb0\xcc\xdc\xf9\x01\xda\x2e\x6f\x8f\x3e\x06\x04" } }; unsigned char out[32]; int i; - int subalgo = GCRY_MD_SHA256; - int count = 0; - - again: + int count; - if (verbose) - fprintf (stderr, "checking Balloon test vector %d\n", count); + for (count = 0; count < DIM(tv); count++) + { + if (verbose) + fprintf (stderr, "checking Balloon test vector %d\n", count); - err = my_kdf_derive (0, - GCRY_KDF_BALLOON, subalgo, param[count], 3, - pass[count], strlen ((char *)pass[count]), - salt[count], 32, NULL, 0, NULL, 0, - 32, out); - if (err) - fail ("balloon test %d failed: %s\n", count*2+0, gpg_strerror (err)); - else if (memcmp (out, expected[count], 32)) - { - fail ("balloon test %d failed: mismatch\n", count*2+0); - fputs ("got:", stderr); - for (i=0; i < 32; i++) - fprintf (stderr, " %02x", out[i]); - putc ('\n', stderr); - } + err = my_kdf_derive (0, GCRY_KDF_BALLOON, + tv[count].subalgo, tv[count].param, 3, + tv[count].pass, tv[count].passlen, + tv[count].salt, tv[count].saltlen, + NULL, 0, NULL, 0, tv[count].dklen, out); + if (err) + fail ("balloon test %d failed: %s\n", count*2+0, gpg_strerror (err)); + else if (memcmp (out, tv[count].dk, tv[count].dklen)) + { + fail ("balloon test %d failed: mismatch\n", count*2+0); + fputs ("got:", stderr); + for (i=0; i < tv[count].dklen; i++) + fprintf (stderr, " %02x", out[i]); + putc ('\n', stderr); + } #ifdef HAVE_PTHREAD - err = my_kdf_derive (1, - GCRY_KDF_BALLOON, subalgo, param[count], 3, - pass[count], strlen ((char *)pass[count]), - salt[count], 32, NULL, 0, NULL, 0, - 32, out); - if (err) - fail ("balloon test %d failed: %s\n", count*2+1, gpg_strerror (err)); - else if (memcmp (out, expected[count], 32)) - { - fail ("balloon test %d failed: mismatch\n", count*2+1); - fputs ("got:", stderr); - for (i=0; i < 32; i++) - fprintf (stderr, " %02x", out[i]); - putc ('\n', stderr); - } + err = my_kdf_derive (1, GCRY_KDF_BALLOON, + tv[count].subalgo, tv[count].param, 3, + tv[count].pass, tv[count].passlen, + tv[count].salt, tv[count].saltlen, + NULL, 0, NULL, 0, tv[count].dklen, out); + if (err) + fail ("balloon test %d failed: %s\n", count*2+1, gpg_strerror (err)); + else if (memcmp (out, tv[count].dk, tv[count].dklen)) + { + fail ("balloon test %d failed: mismatch\n", count*2+1); + fputs ("got:", stderr); + for (i=0; i < tv[count].dklen; i++) + fprintf (stderr, " %02x", out[i]); + putc ('\n', stderr); + } #endif - - /* Next test vector */ - count++; - if (count < 2) - goto again; + } } @@ -1611,128 +1633,103 @@ static void check_onestep_kdf (void) { gcry_error_t err; - const unsigned long param[4] = { 38, 68, 44, 56 }; - unsigned char out[68]; - const unsigned char input[4][16] = { - { - 0x3f, 0x89, 0x2b, 0xd8, 0xb8, 0x4d, 0xae, 0x64, - 0xa7, 0x82, 0xa3, 0x5f, 0x6e, 0xaa, 0x8f, 0x00 - }, - { - 0xe6, 0x5b, 0x19, 0x05, 0x87, 0x8b, 0x95, 0xf6, - 0x8b, 0x55, 0x35, 0xbd, 0x3b, 0x2b, 0x10, 0x13 - }, - { - 0x02, 0xb4, 0x0d, 0x33, 0xe3, 0xf6, 0x85, 0xae, - 0xae, 0x67, 0x7a, 0xc3, 0x44, 0xee, 0xaf, 0x77 - }, - { - 0x8e, 0x5c, 0xd5, 0xf6, 0xae, 0x55, 0x8f, 0xfa, - 0x04, 0xcd, 0xa2, 0xfa, 0xd9, 0x4d, 0xd6, 0x16 - } - }; - const unsigned char other[4][12] = { - { - 0xec, 0x3f, 0x1c, 0xd8, 0x73, 0xd2, 0x88, 0x58, - 0xa5, 0x8c, 0xc3, 0x9e - }, + static struct { + int algo; + int subalgo; + unsigned long param[1]; + size_t inputlen; + const char *input; + size_t otherlen; + const char *other; + size_t keylen; + const char *key; + size_t dklen; + const char *dk; + } tv[] = { { - 0x83, 0x02, 0x21, 0xb1, 0x73, 0x0d, 0x91, 0x76, - 0xf8, 0x07, 0xd4, 0x07 + GCRY_KDF_ONESTEP_KDF, GCRY_MD_SHA256, + { 38 }, + 16, + "\x3f\x89\x2b\xd8\xb8\x4d\xae\x64\xa7\x82\xa3\x5f\x6e\xaa\x8f\x00", + 12, + "\xec\x3f\x1c\xd8\x73\xd2\x88\x58\xa5\x8c\xc3\x9e", + 0, NULL, + 38, + "\xa7\xc0\x66\x52\x98\x25\x25\x31\xe0\xdb\x37\x73\x7a\x37\x46\x51" + "\xb3\x68\x27\x5f\x20\x48\x28\x4d\x16\xa1\x66\xc6\xd8\xa9\x0a\x91" + "\xa4\x91\xc1\x6f\x49\x64" + }, + { + GCRY_KDF_ONESTEP_KDF, GCRY_MD_SHA512, + { 68 }, + 16, + "\xe6\x5b\x19\x05\x87\x8b\x95\xf6\x8b\x55\x35\xbd\x3b\x2b\x10\x13", + 12, + "\x83\x02\x21\xb1\x73\x0d\x91\x76\xf8\x07\xd4\x07", + 0, NULL, + 68, + "\xb8\xc4\x4b\xdf\x0b\x85\xa6\x4b\x6a\x51\xc1\x2a\x06\x71\x0e\x37" + "\x3d\x82\x9b\xb1\xfd\xa5\xb4\xe1\xa2\x07\x95\xc6\x19\x95\x94\xf6" + "\xfa\x65\x19\x8a\x72\x12\x57\xf7\xd5\x8c\xb2\xf6\xf6\xdb\x9b\xb5" + "\x69\x9f\x73\x86\x30\x45\x90\x90\x54\xb2\x38\x9e\x06\xec\x00\xfe" + "\x31\x8c\xab\xd9" + }, + { + GCRY_KDF_ONESTEP_KDF_MAC, GCRY_MAC_HMAC_SHA256, + { 44 }, + 16, + "\x02\xb4\x0d\x33\xe3\xf6\x85\xae\xae\x67\x7a\xc3\x44\xee\xaf\x77", + 12, + "\xc6\x7c\x38\x95\x80\x12\x8f\x18\xf6\xcf\x85\x92", + 16, + "\x0a\xd5\x2c\x93\x57\xc8\x5e\x47\x81\x29\x6a\x36\xca\x72\x03\x9c", + 44, + "\xbe\x32\xe7\xd3\x06\xd8\x91\x02\x8b\xe0\x88\xf2\x13\xf9\xf9\x47" + "\xc5\x04\x20\xd9\xb5\xa1\x2c\xa6\x98\x18\xdd\x99\x95\xde\xdd\x8e" + "\x61\x37\xc7\x10\x4d\x67\xf2\xca\x90\x91\x5d\xda" }, { - 0xc6, 0x7c, 0x38, 0x95, 0x80, 0x12, 0x8f, 0x18, - 0xf6, 0xcf, 0x85, 0x92 + GCRY_KDF_ONESTEP_KDF_MAC, GCRY_MAC_HMAC_SHA512, + { 56 }, + 16, + "\x8e\x5c\xd5\xf6\xae\x55\x8f\xfa\x04\xcd\xa2\xfa\xd9\x4d\xd6\x16", + 12, + "\x4a\x43\x30\x18\xe5\x1c\x09\xbb\xd6\x13\x26\xbb", + 16, + "\x6e\xd9\x3b\x6f\xe5\xb3\x50\x2b\xb4\x2b\x4c\x0f\xcb\x13\x36\x62", + 56, + "\x29\x5d\xfb\xeb\x54\xec\x0f\xe2\x4e\xce\x32\xf5\xb8\x7c\x85\x3e" + "\x69\x9a\x62\xe3\x9d\x9c\x9e\xe6\xee\x78\xf8\xb9\xa0\xee\x50\xa3" + "\x6a\x82\xe6\x06\x2c\x95\xed\x53\xbc\x36\x67\x00\xe2\xd0\xe0\x93" + "\xbf\x75\x2e\xea\x42\x99\x47\x2e" }, - { - 0x4a, 0x43, 0x30, 0x18, 0xe5, 0x1c, 0x09, 0xbb, - 0xd6, 0x13, 0x26, 0xbb - } - }; - const unsigned char key0[16] = { - 0x0a, 0xd5, 0x2c, 0x93, 0x57, 0xc8, 0x5e, 0x47, - 0x81, 0x29, 0x6a, 0x36, 0xca, 0x72, 0x03, 0x9c - }; - const unsigned char key1[16] = { - 0x6e, 0xd9, 0x3b, 0x6f, 0xe5, 0xb3, 0x50, 0x2b, - 0xb4, 0x2b, 0x4c, 0x0f, 0xcb, 0x13, 0x36, 0x62 - }; - const unsigned char *key[4] = { - NULL, NULL, key0, key1 - }; - const unsigned char expected[4][68] = { - { - 0xa7, 0xc0, 0x66, 0x52, 0x98, 0x25, 0x25, 0x31, - 0xe0, 0xdb, 0x37, 0x73, 0x7a, 0x37, 0x46, 0x51, - 0xb3, 0x68, 0x27, 0x5f, 0x20, 0x48, 0x28, 0x4d, - 0x16, 0xa1, 0x66, 0xc6, 0xd8, 0xa9, 0x0a, 0x91, - 0xa4, 0x91, 0xc1, 0x6f, 0x49, 0x64 - }, - { - 0xb8, 0xc4, 0x4b, 0xdf, 0x0b, 0x85, 0xa6, 0x4b, - 0x6a, 0x51, 0xc1, 0x2a, 0x06, 0x71, 0x0e, 0x37, - 0x3d, 0x82, 0x9b, 0xb1, 0xfd, 0xa5, 0xb4, 0xe1, - 0xa2, 0x07, 0x95, 0xc6, 0x19, 0x95, 0x94, 0xf6, - 0xfa, 0x65, 0x19, 0x8a, 0x72, 0x12, 0x57, 0xf7, - 0xd5, 0x8c, 0xb2, 0xf6, 0xf6, 0xdb, 0x9b, 0xb5, - 0x69, 0x9f, 0x73, 0x86, 0x30, 0x45, 0x90, 0x90, - 0x54, 0xb2, 0x38, 0x9e, 0x06, 0xec, 0x00, 0xfe, - 0x31, 0x8c, 0xab, 0xd9 - }, - { - 0xbe, 0x32, 0xe7, 0xd3, 0x06, 0xd8, 0x91, 0x02, - 0x8b, 0xe0, 0x88, 0xf2, 0x13, 0xf9, 0xf9, 0x47, - 0xc5, 0x04, 0x20, 0xd9, 0xb5, 0xa1, 0x2c, 0xa6, - 0x98, 0x18, 0xdd, 0x99, 0x95, 0xde, 0xdd, 0x8e, - 0x61, 0x37, 0xc7, 0x10, 0x4d, 0x67, 0xf2, 0xca, - 0x90, 0x91, 0x5d, 0xda - }, - { - 0x29, 0x5d, 0xfb, 0xeb, 0x54, 0xec, 0x0f, 0xe2, - 0x4e, 0xce, 0x32, 0xf5, 0xb8, 0x7c, 0x85, 0x3e, - 0x69, 0x9a, 0x62, 0xe3, 0x9d, 0x9c, 0x9e, 0xe6, - 0xee, 0x78, 0xf8, 0xb9, 0xa0, 0xee, 0x50, 0xa3, - 0x6a, 0x82, 0xe6, 0x06, 0x2c, 0x95, 0xed, 0x53, - 0xbc, 0x36, 0x67, 0x00, 0xe2, 0xd0, 0xe0, 0x93, - 0xbf, 0x75, 0x2e, 0xea, 0x42, 0x99, 0x47, 0x2e - } }; + unsigned char out[68]; int i; - int algo[4] = { - GCRY_MD_SHA256, GCRY_MD_SHA512, - GCRY_MAC_HMAC_SHA256, GCRY_MAC_HMAC_SHA512, - }; - int count = 0; - - again: + int count; - if (verbose) - fprintf (stderr, "checking OneStepKDF test vector %d\n", count); - - err = my_kdf_derive (0, - count < 2 ? GCRY_KDF_ONESTEP_KDF - : GCRY_KDF_ONESTEP_KDF_MAC, - algo[count], ¶m[count], 1, - input[count], 16, NULL, 0, - key[count], - key[count] == NULL? 0 : 16, - other[count], 12, - param[count], out); - if (err) - fail ("OneStepKDF test %d failed: %s\n", count, gpg_strerror (err)); - else if (memcmp (out, expected[count], param[count])) - { - fail ("OneStepKDF test %d failed: mismatch\n", count); - fputs ("got:", stderr); - for (i=0; i < param[count]; i++) - fprintf (stderr, " %02x", out[i]); - putc ('\n', stderr); + for (count = 0; count < DIM(tv); count++) + { + if (verbose) + fprintf (stderr, "checking OneStepKDF test vector %d\n", count); + + err = my_kdf_derive (0, tv[count].algo, tv[count].subalgo, + tv[count].param, 1, + tv[count].input, tv[count].inputlen, NULL, 0, + tv[count].key, tv[count].keylen, + tv[count].other, tv[count].otherlen, + tv[count].dklen, out); + if (err) + fail ("OneStepKDF test %d failed: %s\n", count, gpg_strerror (err)); + else if (memcmp (out, tv[count].dk, tv[count].dklen)) + { + fail ("OneStepKDF test %d failed: mismatch\n", count); + fputs ("got:", stderr); + for (i=0; i < tv[count].dklen; i++) + fprintf (stderr, " %02x", out[i]); + putc ('\n', stderr); + } } - - /* Next test vector */ - count++; - if (count < 4) - goto again; } @@ -1740,159 +1737,98 @@ static void check_hkdf (void) { gcry_error_t err; - unsigned long param[1]; - unsigned char out[82]; - const unsigned char input0[] = { - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b - }; - const unsigned char input1[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, - 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, - 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, - 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f - }; - const unsigned char salt0[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c - }; - const unsigned char salt1[] = { - 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, - 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, - 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, - 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, - 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, - 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, - 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, - 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, - 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, - 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf - }; - const unsigned char info0[] = { - 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, - 0xf8, 0xf9 - }; - const unsigned char info1[] = { - 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, - 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, - 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, - 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, - 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, - 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, - 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, - 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, - 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, - 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff - }; - const unsigned char expected0[] = { - 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, - 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a, - 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c, - 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf, - 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, - 0x58, 0x65 - }; - const unsigned char expected1[] = { - 0xb1, 0x1e, 0x39, 0x8d, 0xc8, 0x03, 0x27, 0xa1, - 0xc8, 0xe7, 0xf7, 0x8c, 0x59, 0x6a, 0x49, 0x34, - 0x4f, 0x01, 0x2e, 0xda, 0x2d, 0x4e, 0xfa, 0xd8, - 0xa0, 0x50, 0xcc, 0x4c, 0x19, 0xaf, 0xa9, 0x7c, - 0x59, 0x04, 0x5a, 0x99, 0xca, 0xc7, 0x82, 0x72, - 0x71, 0xcb, 0x41, 0xc6, 0x5e, 0x59, 0x0e, 0x09, - 0xda, 0x32, 0x75, 0x60, 0x0c, 0x2f, 0x09, 0xb8, - 0x36, 0x77, 0x93, 0xa9, 0xac, 0xa3, 0xdb, 0x71, - 0xcc, 0x30, 0xc5, 0x81, 0x79, 0xec, 0x3e, 0x87, - 0xc1, 0x4c, 0x01, 0xd5, 0xc1, 0xf3, 0x43, 0x4f, - 0x1d, 0x87 - }; - const unsigned char expected2[] = { - 0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f, - 0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31, - 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e, - 0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d, - 0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a, - 0x96, 0xc8 + static struct { + unsigned long param[1]; + size_t inputlen; + const char *input; + size_t saltlen; + const char *salt; + size_t infolen; + const char *info; + size_t dklen; + const char *dk; + } tv[] = { + { + { 42 }, + 22, + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" + "\x0b\x0b\x0b\x0b\x0b\x0b", + 13, + "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c", + 10, + "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9", + 42, + "\x3c\xb2\x5f\x25\xfa\xac\xd5\x7a\x90\x43\x4f\x64\xd0\x36\x2f\x2a" + "\x2d\x2d\x0a\x90\xcf\x1a\x5a\x4c\x5d\xb0\x2d\x56\xec\xc4\xc5\xbf" + "\x34\x00\x72\x08\xd5\xb8\x87\x18\x58\x65" + }, + { + { 82 }, + 80, + "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" + "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" + "\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f" + "\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f" + "\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f", + 80, + "\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f" + "\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f" + "\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" + "\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f" + "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf", + 80, + "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" + "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" + "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf" + "\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef" + "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", + 82, + "\xb1\x1e\x39\x8d\xc8\x03\x27\xa1\xc8\xe7\xf7\x8c\x59\x6a\x49\x34" + "\x4f\x01\x2e\xda\x2d\x4e\xfa\xd8\xa0\x50\xcc\x4c\x19\xaf\xa9\x7c" + "\x59\x04\x5a\x99\xca\xc7\x82\x72\x71\xcb\x41\xc6\x5e\x59\x0e\x09" + "\xda\x32\x75\x60\x0c\x2f\x09\xb8\x36\x77\x93\xa9\xac\xa3\xdb\x71" + "\xcc\x30\xc5\x81\x79\xec\x3e\x87\xc1\x4c\x01\xd5\xc1\xf3\x43\x4f" + "\x1d\x87" + }, + { + { 42 }, + 22, + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" + "\x0b\x0b\x0b\x0b\x0b\x0b", + 0, NULL, + 0, NULL, + 42, + "\x8d\xa4\xe7\x75\xa5\x63\xc1\x8f\x71\x5f\x80\x2a\x06\x3c\x5a\x31" + "\xb8\xa1\x1f\x5c\x5e\xe1\x87\x9e\xc3\x45\x4e\x5f\x3c\x73\x8d\x2d" + "\x9d\x20\x13\x95\xfa\xa4\xb6\x1a\x96\xc8" + }, }; - + unsigned char out[82]; int i; - int count = 0; - const unsigned char *input; - const unsigned char *salt; - const unsigned char *info; - const unsigned char *expected; - size_t inputlen; - size_t saltlen; - size_t infolen; - size_t expectedlen; - - again: - - if (verbose) - fprintf (stderr, "checking HKDF test vector %d\n", count); - - switch (count) - { - case 0: - input = input0; - inputlen = sizeof (input0); - salt = salt0; - saltlen = sizeof (salt0); - info = info0; - infolen = sizeof (info0); - expected = expected0; - expectedlen = sizeof (expected0); - break; - case 1: - input = input1; - inputlen = sizeof (input1); - salt = salt1; - saltlen = sizeof (salt1); - info = info1; - infolen = sizeof (info1); - expected = expected1; - expectedlen = sizeof (expected1); - break; - case 2: - input = input0; - inputlen = sizeof (input0); - salt = NULL; - saltlen = 0; - info = NULL; - infolen = 0; - expected = expected2; - expectedlen = sizeof (expected2); - break; - } + int count; - param[0] = expectedlen; - err = my_kdf_derive (0, GCRY_KDF_HKDF, GCRY_MAC_HMAC_SHA256, - param, 1, - input, inputlen, NULL, 0, - salt, saltlen, - info, infolen, - expectedlen, out); - if (err) - fail ("HKDF test %d failed: %s\n", count, gpg_strerror (err)); - else if (memcmp (out, expected, expectedlen)) - { - fail ("HKDF test %d failed: mismatch\n", count); - fputs ("got:", stderr); - for (i=0; i < expectedlen; i++) - fprintf (stderr, " %02x", out[i]); - putc ('\n', stderr); + for (count = 0; count < DIM(tv); count++) + { + if (verbose) + fprintf (stderr, "checking HKDF test vector %d\n", count); + + err = my_kdf_derive (0, GCRY_KDF_HKDF, GCRY_MAC_HMAC_SHA256, + tv[count].param, 1, + tv[count].input, tv[count].inputlen, NULL, 0, + tv[count].salt, tv[count].saltlen, + tv[count].info, tv[count].infolen, + tv[count].dklen, out); + if (err) + fail ("HKDF test %d failed: %s\n", count, gpg_strerror (err)); + else if (memcmp (out, tv[count].dk, tv[count].dklen)) + { + fail ("HKDF test %d failed: mismatch\n", count); + fputs ("got:", stderr); + for (i=0; i < tv[count].dklen; i++) + fprintf (stderr, " %02x", out[i]); + putc ('\n', stderr); + } } - - /* Next test vector */ - count++; - if (count < 3) - goto again; } static void -- cgit v1.2.1