1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis */
2 /* SPDX-License-Identifier: Unlicense */
3 #include "tomcrypt_private.h"
4
5 /**
6 @file hkdf_test.c
7 LTC_HKDF support, self-test, Steffen Jaeckel
8 */
9
10 #ifdef LTC_HKDF
11
12 /*
13 TEST CASES SOURCE:
14
15 Internet Engineering Task Force (IETF) H. Krawczyk
16 Request for Comments: 5869 IBM Research
17 Category: Informational P. Eronen
18 ISSN: 2070-1721 Nokia
19 May 2010
20 Appendix A. Test Vectors
21 */
22
23 /**
24 LTC_HKDF self-test
25 @return CRYPT_OK if successful, CRYPT_NOP if tests have been disabled.
26 */
hkdf_test(void)27 int hkdf_test(void)
28 {
29 #ifndef LTC_TEST
30 return CRYPT_NOP;
31 #else
32 unsigned char OKM[82];
33 int i;
34
35 static const struct hkdf_test_case {
36 int num;
37 const char* Hash;
38 unsigned char IKM[80];
39 unsigned long IKM_l;
40 unsigned char salt[80];
41 unsigned long salt_l;
42 unsigned char info[80];
43 unsigned long info_l;
44 unsigned char PRK[32];
45 unsigned long PRK_l;
46 unsigned char OKM[82];
47 unsigned long OKM_l;
48 } cases[] = {
49 #ifdef LTC_SHA256
50 /*
51 Basic test case with SHA-256
52
53 Hash = SHA-256
54 IKM = 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b (22 octets)
55 salt = 0x000102030405060708090a0b0c (13 octets)
56 info = 0xf0f1f2f3f4f5f6f7f8f9 (10 octets)
57 L = 42
58
59 PRK = 0x077709362c2e32df0ddc3f0dc47bba63
60 90b6c73bb50f9c3122ec844ad7c2b3e5 (32 octets)
61 OKM = 0x3cb25f25faacd57a90434f64d0362f2a
62 2d2d0a90cf1a5a4c5db02d56ecc4c5bf
63 34007208d5b887185865 (42 octets)
64 */
65 {1, "sha256",
66 {0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
67 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
68 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 22,
69 {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
70 0x08, 0x09, 0x0a, 0x0b, 0x0c}, 13,
71 {0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
72 0xf8, 0xf9}, 10,
73 {0x07, 0x77, 0x09, 0x36, 0x2c, 0x2e, 0x32, 0xdf,
74 0x0d, 0xdc, 0x3f, 0x0d, 0xc4, 0x7b, 0xba, 0x63,
75 0x90, 0xb6, 0xc7, 0x3b, 0xb5, 0x0f, 0x9c, 0x31,
76 0x22, 0xec, 0x84, 0x4a, 0xd7, 0xc2, 0xb3, 0xe5}, 32,
77 {0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
78 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
79 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
80 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
81 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
82 0x58, 0x65}, 42},
83 #ifdef LTC_TEST_EXT
84 /* Test with SHA-256 and longer inputs/outputs */
85 {2, "sha256",
86 {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
87 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
88 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
89 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
90 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
91 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
92 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
93 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
94 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
95 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f}, 80,
96 {0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
97 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
98 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
99 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
100 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
101 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
102 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
103 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
104 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
105 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf}, 80,
106 {0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
107 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
108 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
109 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
110 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
111 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
112 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
113 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
114 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
115 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff}, 80,
116 {0x06, 0xa6, 0xb8, 0x8c, 0x58, 0x53, 0x36, 0x1a,
117 0x06, 0x10, 0x4c, 0x9c, 0xeb, 0x35, 0xb4, 0x5c,
118 0xef, 0x76, 0x00, 0x14, 0x90, 0x46, 0x71, 0x01,
119 0x4a, 0x19, 0x3f, 0x40, 0xc1, 0x5f, 0xc2, 0x44}, 32,
120 {0xb1, 0x1e, 0x39, 0x8d, 0xc8, 0x03, 0x27, 0xa1,
121 0xc8, 0xe7, 0xf7, 0x8c, 0x59, 0x6a, 0x49, 0x34,
122 0x4f, 0x01, 0x2e, 0xda, 0x2d, 0x4e, 0xfa, 0xd8,
123 0xa0, 0x50, 0xcc, 0x4c, 0x19, 0xaf, 0xa9, 0x7c,
124 0x59, 0x04, 0x5a, 0x99, 0xca, 0xc7, 0x82, 0x72,
125 0x71, 0xcb, 0x41, 0xc6, 0x5e, 0x59, 0x0e, 0x09,
126 0xda, 0x32, 0x75, 0x60, 0x0c, 0x2f, 0x09, 0xb8,
127 0x36, 0x77, 0x93, 0xa9, 0xac, 0xa3, 0xdb, 0x71,
128 0xcc, 0x30, 0xc5, 0x81, 0x79, 0xec, 0x3e, 0x87,
129 0xc1, 0x4c, 0x01, 0xd5, 0xc1, 0xf3, 0x43, 0x4f,
130 0x1d, 0x87}, 82},
131 /* Test with SHA-256 and zero length salt/info */
132 {3, "sha256",
133 {0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
134 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
135 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 22,
136 {0}, 0,
137 {0}, 0,
138 {0x19, 0xef, 0x24, 0xa3, 0x2c, 0x71, 0x7b, 0x16,
139 0x7f, 0x33, 0xa9, 0x1d, 0x6f, 0x64, 0x8b, 0xdf,
140 0x96, 0x59, 0x67, 0x76, 0xaf, 0xdb, 0x63, 0x77,
141 0xac, 0x43, 0x4c, 0x1c, 0x29, 0x3c, 0xcb, 0x04}, 32,
142 {0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f,
143 0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31,
144 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e,
145 0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d,
146 0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a,
147 0x96, 0xc8}, 42},
148 #endif /* LTC_TEST_EXT */
149 #endif /* LTC_SHA256 */
150 #ifdef LTC_SHA1
151 /* Basic test case with SHA-1 */
152 {4, "sha1",
153 {0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
154 0x0b, 0x0b, 0x0b}, 11,
155 {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
156 0x08, 0x09, 0x0a, 0x0b, 0x0c}, 13,
157 {0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
158 0xf8, 0xf9}, 10,
159 {0x9b, 0x6c, 0x18, 0xc4, 0x32, 0xa7, 0xbf, 0x8f,
160 0x0e, 0x71, 0xc8, 0xeb, 0x88, 0xf4, 0xb3, 0x0b,
161 0xaa, 0x2b, 0xa2, 0x43}, 20,
162 {0x08, 0x5a, 0x01, 0xea, 0x1b, 0x10, 0xf3, 0x69,
163 0x33, 0x06, 0x8b, 0x56, 0xef, 0xa5, 0xad, 0x81,
164 0xa4, 0xf1, 0x4b, 0x82, 0x2f, 0x5b, 0x09, 0x15,
165 0x68, 0xa9, 0xcd, 0xd4, 0xf1, 0x55, 0xfd, 0xa2,
166 0xc2, 0x2e, 0x42, 0x24, 0x78, 0xd3, 0x05, 0xf3,
167 0xf8, 0x96}, 42},
168 #ifdef LTC_TEST_EXT
169 /* Test with SHA-1 and longer inputs/outputs */
170 {5, "sha1",
171 {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
172 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
173 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
174 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
175 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
176 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
177 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
178 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
179 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
180 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f}, 80,
181 {0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
182 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
183 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
184 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
185 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
186 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
187 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
188 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
189 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
190 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf}, 80,
191 {0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
192 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
193 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
194 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
195 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
196 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
197 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
198 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
199 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
200 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff}, 80,
201 {0x8a, 0xda, 0xe0, 0x9a, 0x2a, 0x30, 0x70, 0x59,
202 0x47, 0x8d, 0x30, 0x9b, 0x26, 0xc4, 0x11, 0x5a,
203 0x22, 0x4c, 0xfa, 0xf6}, 20,
204 {0x0b, 0xd7, 0x70, 0xa7, 0x4d, 0x11, 0x60, 0xf7,
205 0xc9, 0xf1, 0x2c, 0xd5, 0x91, 0x2a, 0x06, 0xeb,
206 0xff, 0x6a, 0xdc, 0xae, 0x89, 0x9d, 0x92, 0x19,
207 0x1f, 0xe4, 0x30, 0x56, 0x73, 0xba, 0x2f, 0xfe,
208 0x8f, 0xa3, 0xf1, 0xa4, 0xe5, 0xad, 0x79, 0xf3,
209 0xf3, 0x34, 0xb3, 0xb2, 0x02, 0xb2, 0x17, 0x3c,
210 0x48, 0x6e, 0xa3, 0x7c, 0xe3, 0xd3, 0x97, 0xed,
211 0x03, 0x4c, 0x7f, 0x9d, 0xfe, 0xb1, 0x5c, 0x5e,
212 0x92, 0x73, 0x36, 0xd0, 0x44, 0x1f, 0x4c, 0x43,
213 0x00, 0xe2, 0xcf, 0xf0, 0xd0, 0x90, 0x0b, 0x52,
214 0xd3, 0xb4}, 82},
215 /* Test with SHA-1 and zero-length salt/info */
216 {6, "sha1",
217 {0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
218 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
219 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 22,
220 {0}, 0,
221 {0}, 0,
222 {0xda, 0x8c, 0x8a, 0x73, 0xc7, 0xfa, 0x77, 0x28,
223 0x8e, 0xc6, 0xf5, 0xe7, 0xc2, 0x97, 0x78, 0x6a,
224 0xa0, 0xd3, 0x2d, 0x01}, 20,
225 {0x0a, 0xc1, 0xaf, 0x70, 0x02, 0xb3, 0xd7, 0x61,
226 0xd1, 0xe5, 0x52, 0x98, 0xda, 0x9d, 0x05, 0x06,
227 0xb9, 0xae, 0x52, 0x05, 0x72, 0x20, 0xa3, 0x06,
228 0xe0, 0x7b, 0x6b, 0x87, 0xe8, 0xdf, 0x21, 0xd0,
229 0xea, 0x00, 0x03, 0x3d, 0xe0, 0x39, 0x84, 0xd3,
230 0x49, 0x18}, 42},
231 /* Test with SHA-1, salt not provided (defaults to HashLen zero octets),
232 zero-length info */
233 {7, "sha1",
234 {0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
235 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
236 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c}, 22,
237 {0}, 0, /* pass a null pointer */
238 {0}, 0,
239 {0x2a, 0xdc, 0xca, 0xda, 0x18, 0x77, 0x9e, 0x7c,
240 0x20, 0x77, 0xad, 0x2e, 0xb1, 0x9d, 0x3f, 0x3e,
241 0x73, 0x13, 0x85, 0xdd}, 20,
242 {0x2c, 0x91, 0x11, 0x72, 0x04, 0xd7, 0x45, 0xf3,
243 0x50, 0x0d, 0x63, 0x6a, 0x62, 0xf6, 0x4f, 0x0a,
244 0xb3, 0xba, 0xe5, 0x48, 0xaa, 0x53, 0xd4, 0x23,
245 0xb0, 0xd1, 0xf2, 0x7e, 0xbb, 0xa6, 0xf5, 0xe5,
246 0x67, 0x3a, 0x08, 0x1d, 0x70, 0xcc, 0xe7, 0xac,
247 0xfc, 0x48}, 42},
248 #endif /* LTC_TEST_EXT */
249 #endif /* LTC_SHA1 */
250 };
251
252 int err;
253 int tested=0,failed=0;
254 for(i=0; i < (int)(sizeof(cases) / sizeof(cases[0])); i++) {
255 int hash = find_hash(cases[i].Hash);
256 if (hash == -1) continue;
257 ++tested;
258 if((err = hkdf(hash, cases[i].salt, cases[i].salt_l,
259 cases[i].info, cases[i].info_l,
260 cases[i].IKM, cases[i].IKM_l,
261 OKM, cases[i].OKM_l)) != CRYPT_OK) {
262 #if defined(LTC_TEST_DBG) && (LTC_TEST_DBG > 1)
263 printf("LTC_HKDF-%s test #%d, %s\n", cases[i].Hash, i, error_to_string(err));
264 #endif
265 return err;
266 }
267
268 if(compare_testvector(OKM, cases[i].OKM_l, cases[i].OKM, (size_t)cases[i].OKM_l, "HKDF", cases[i].num)) {
269 failed++;
270 }
271 }
272
273 if (failed != 0) {
274 return CRYPT_FAIL_TESTVECTOR;
275 }
276 if (tested == 0) {
277 return CRYPT_NOP;
278 }
279 return CRYPT_OK;
280 #endif
281 }
282
283 #endif
284
285