diff options
author | noloader <noloader@57ff6487-cd31-0410-9ec3-f628ee90f5f0> | 2015-07-09 05:32:58 +0000 |
---|---|---|
committer | noloader <noloader@57ff6487-cd31-0410-9ec3-f628ee90f5f0> | 2015-07-09 05:32:58 +0000 |
commit | 939c59c745b461c9f485ef27d7f567263be4d3ae (patch) | |
tree | 169f5b88ef1522de9c2e95f490e37c625580198a | |
parent | 1c346fb63e31a49f001293ed0335af4e6fd4317b (diff) | |
download | cryptopp-939c59c745b461c9f485ef27d7f567263be4d3ae.tar.gz |
Added test suites for HKDF
git-svn-id: svn://svn.code.sf.net/p/cryptopp/code/trunk/c5@575 57ff6487-cd31-0410-9ec3-f628ee90f5f0
-rw-r--r-- | hkdf.h | 87 | ||||
-rw-r--r-- | validat1.cpp | 1 | ||||
-rw-r--r-- | validat3.cpp | 106 | ||||
-rw-r--r-- | validate.h | 1 |
4 files changed, 194 insertions, 1 deletions
@@ -0,0 +1,87 @@ +// hkdf.h - written and placed in public domain by Jeffrey Walton. Copyright assigned to Crypto++ project + +#ifndef CRYPTOPP_HASH_KEY_DERIVATION_FUNCTION_H +#define CRYPTOPP_HASH_KEY_DERIVATION_FUNCTION_H + +#include "cryptlib.h" +#include "hmac.h" +#include "hrtimer.h" +#include "secblock.h" + +#include <cstring> + +NAMESPACE_BEGIN(CryptoPP) + +//! abstract base class for key derivation function +class KeyDerivationFunction +{ +public: + virtual size_t MaxDerivedKeyLength() const =0; + virtual bool UsesContext() const =0; + //! derive key from secret + virtual unsigned int DeriveKey(byte *derived, size_t derivedLen, const byte *secret, size_t secretLen, const byte *salt, size_t saltLen, const byte* context=NULL, size_t contextLen=0) const =0; + + // If salt is missing, then use the NULL vector. The length depends on the Hash function. + static const byte s_NullVector[64]; +}; + +const byte KeyDerivationFunction::s_NullVector[64] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; + +//! General, multipurpose KDF from RFC 5869. T should be a HashTransformation class +//! https://eprint.iacr.org/2010/264 and https://tools.ietf.org/html/rfc5869 +template <class T> +class CRYPTOPP_DLL HKDF : public KeyDerivationFunction +{ +public: + size_t MaxDerivedKeyLength() const {return static_cast<size_t>(T::DIGESTSIZE) * 255;} + bool UsesContext() const {return true;} + unsigned int DeriveKey(byte *derived, size_t derivedLen, const byte *secret, size_t secretLen, const byte *salt, size_t saltLen, const byte* context, size_t contextLen) const; +}; + +template <class T> +unsigned int HKDF<T>::DeriveKey(byte *derived, size_t derivedLen, const byte *secret, size_t secretLen, const byte *salt, size_t saltLen, const byte* context, size_t contextLen) const +{ + static const size_t DIGEST_SIZE = static_cast<size_t>(T::DIGESTSIZE); + CRYPTOPP_COMPILE_ASSERT(DIGEST_SIZE <= COUNTOF(s_NullVector)); + const unsigned int req = static_cast<unsigned int>(derivedLen); + + assert(secret && secretLen); + assert(derived && derivedLen); + assert(derivedLen <= MaxDerivedKeyLength()); + + if(derivedLen > MaxDerivedKeyLength()) + throw InvalidArgument("HKDF: derivedLen must be less than or equal to MaxDerivedKeyLength"); + + HMAC<T> hmac; + FixedSizeSecBlock<byte, DIGEST_SIZE> prk, buffer; + + // Extract + const byte* key = (salt ? salt : s_NullVector); + const size_t klen = (salt ? saltLen : DIGEST_SIZE); + + hmac.SetKey(key, klen); + hmac.CalculateDigest(prk, secret, secretLen); + + // Expand + hmac.SetKey(prk.data(), prk.size()); + byte block = 0; + + while (derivedLen > 0) + { + if(block++) {hmac.Update(buffer, buffer.size());} + if(context && contextLen) {hmac.Update(context, contextLen);} + hmac.CalculateDigest(buffer, &block, 1); + + size_t segmentLen = STDMIN(derivedLen, DIGEST_SIZE); + std::memcpy(derived, buffer, segmentLen); + + derived += segmentLen; + derivedLen -= segmentLen; + } + + return req; +} + +NAMESPACE_END + +#endif // CRYPTOPP_HASH_KEY_DERIVATION_FUNCTION_H diff --git a/validat1.cpp b/validat1.cpp index ee5a18b..1ccd28d 100644 --- a/validat1.cpp +++ b/validat1.cpp @@ -67,6 +67,7 @@ bool ValidateAll(bool thorough) pass=ValidateTTMAC() && pass; pass=ValidatePBKDF() && pass; + pass=ValidateHKDF() && pass; pass=ValidateDES() && pass; pass=ValidateCipherModes() && pass; diff --git a/validat3.cpp b/validat3.cpp index 9c6bb62..c26f225 100644 --- a/validat3.cpp +++ b/validat3.cpp @@ -15,6 +15,7 @@ #include "ripemd.h" #include "hmac.h" +#include "hkdf.h" #include "ttmac.h" #include "integer.h" @@ -576,7 +577,7 @@ bool ValidatePBKDF() { // from draft-ietf-smime-password-03.txt, at http://www.imc.org/draft-ietf-smime-password - static const PBKDF_TestTuple testSet[] = + static const PBKDF_TestTuple testSet[] = { {0, 5, "70617373776f7264", "1234567878563412", "D1DAA78615F287E6"}, {0, 500, "416C6C206E2D656E746974696573206D75737420636F6D6D756E69636174652077697468206F74686572206E2d656E74697469657320766961206E2D3120656E746974656568656568656573", "1234567878563412","6A8970BF68C92CAEA84A8DF28510858607126380CC47AB2D"} @@ -590,3 +591,106 @@ bool ValidatePBKDF() return pass; } + +struct HKDF_TestTuple +{ + const char *hexSecret, *hexSalt, *hexContext, *hexDerivedKey; + size_t len; +}; + +bool TestHKDF(KeyDerivationFunction &kdf, const HKDF_TestTuple *testSet, unsigned int testSetSize) +{ + bool pass = true; + + for (unsigned int i=0; i<testSetSize; i++) + { + const HKDF_TestTuple &tuple = testSet[i]; + + string secret, context, salt, derivedKey; + StringSource(tuple.hexSecret, true, new HexDecoder(new StringSink(secret))); + StringSource(tuple.hexSalt ? tuple.hexSalt : "", true, new HexDecoder(new StringSink(salt))); + StringSource(tuple.hexContext ? tuple.hexContext : "", true, new HexDecoder(new StringSink(context))); + StringSource(tuple.hexDerivedKey, true, new HexDecoder(new StringSink(derivedKey))); + + SecByteBlock derived(derivedKey.size()); + unsigned int ret = kdf.DeriveKey(derived, derived.size(), + reinterpret_cast<const unsigned char*>(secret.data()), secret.size(), + reinterpret_cast<const unsigned char*>(salt.data()), salt.size(), + reinterpret_cast<const unsigned char*>(context.data()), context.size()); + pass = pass && (ret == tuple.len); + + bool fail = !VerifyBufsEqual(derived, reinterpret_cast<const unsigned char*>(derivedKey.data()), derived.size()); + pass = pass && !fail; + + HexEncoder enc(new FileSink(cout)); + cout << (fail ? "FAILED " : "passed "); + cout << " " << tuple.hexSecret << " " << (tuple.hexSalt ? tuple.hexSalt : "<NO SALT>"); + cout << " " << (tuple.hexContext ? tuple.hexContext : "<NO CTX>") << " "; + enc.Put(derived, derived.size()); + cout << endl; + } + + return pass; +} + +bool ValidateHKDF() +{ + bool pass = true; + + { + // SHA-1 from RFC 5869, Appendix A, https://tools.ietf.org/html/rfc5869 + static const HKDF_TestTuple testSet[] = + { + // Test Case #4 + {"0b0b0b0b0b0b0b0b0b0b0b", "000102030405060708090a0b0c", "f0f1f2f3f4f5f6f7f8f9", "085a01ea1b10f36933068b56efa5ad81 a4f14b822f5b091568a9cdd4f155fda2 c22e422478d305f3f896", 42}, + // Test Case #5 + {"000102030405060708090a0b0c0d0e0f 101112131415161718191a1b1c1d1e1f 202122232425262728292a2b2c2d2e2f 303132333435363738393a3b3c3d3e3f 404142434445464748494a4b4c4d4e4f", "606162636465666768696a6b6c6d6e6f 707172737475767778797a7b7c7d7e7f 808182838485868788898a8b8c8d8e8f 909192939495969798999a9b9c9d9e9f a0a1a2a3a4a5a6a7a8a9aaabacadaeaf", "b0b1b2b3b4b5b6b7b8b9babbbcbdbebf c0c1c2c3c4c5c6c7c8c9cacbcccdcecf d0d1d2d3d4d5d6d7d8d9dadbdcdddedf e0e1e2e3e4e5e6e7e8e9eaebecedeeef f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", "0bd770a74d1160f7c9f12cd5912a06eb ff6adcae899d92191fe4305673ba2ffe 8fa3f1a4e5ad79f3f334b3b202b2173c 486ea37ce3d397ed034c7f9dfeb15c5e 927336d0441f4c4300e2cff0d0900b52 d3b4", 82}, + // Test Case #6 + {"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", NULL, NULL, "0ac1af7002b3d761d1e55298da9d0506 b9ae52057220a306e07b6b87e8df21d0 ea00033de03984d34918", 42} + }; + + HKDF<SHA1> hkdf; + + cout << "\nRFC 5869 HKDF(SHA-1) validation suite running...\n\n"; + pass = TestHKDF(hkdf, testSet, COUNTOF(testSet)) && pass; + } + + { + // SHA-256 from RFC 5869, Appendix A, https://tools.ietf.org/html/rfc5869 + static const HKDF_TestTuple testSet[] = + { + // Test Case #1 + {"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", "000102030405060708090a0b0c", "f0f1f2f3f4f5f6f7f8f9", "3cb25f25faacd57a90434f64d0362f2a 2d2d0a90cf1a5a4c5db02d56ecc4c5bf 34007208d5b887185865", 42}, + // Test Case #2 + {"000102030405060708090a0b0c0d0e0f 101112131415161718191a1b1c1d1e1f 202122232425262728292a2b2c2d2e2f 303132333435363738393a3b3c3d3e3f 404142434445464748494a4b4c4d4e4f", "606162636465666768696a6b6c6d6e6f 707172737475767778797a7b7c7d7e7f 808182838485868788898a8b8c8d8e8f 909192939495969798999a9b9c9d9e9f a0a1a2a3a4a5a6a7a8a9aaabacadaeaf", "b0b1b2b3b4b5b6b7b8b9babbbcbdbebf c0c1c2c3c4c5c6c7c8c9cacbcccdcecf d0d1d2d3d4d5d6d7d8d9dadbdcdddedf e0e1e2e3e4e5e6e7e8e9eaebecedeeef f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", "b11e398dc80327a1c8e7f78c596a4934 4f012eda2d4efad8a050cc4c19afa97c 59045a99cac7827271cb41c65e590e09 da3275600c2f09b8367793a9aca3db71 cc30c58179ec3e87c14c01d5c1f3434f 1d87", 82}, + // Test Case #3 + {"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", NULL, NULL, "8da4e775a563c18f715f802a063c5a31 b8a11f5c5ee1879ec3454e5f3c738d2d 9d201395faa4b61a96c8", 42} + }; + + HKDF<SHA256> hkdf; + + cout << "\nRFC 5869 HKDF(SHA-256) validation suite running...\n\n"; + pass = TestHKDF(hkdf, testSet, COUNTOF(testSet)) && pass; + } + + { + // SHA-512 based on RFC 5869, https://tools.ietf.org/html/rfc5869 + static const HKDF_TestTuple testSet[] = + { + // Test Case #0 + {"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", "000102030405060708090a0b0c", "f0f1f2f3f4f5f6f7f8f9", "832390086CDA71FB47625BB5CEB168E4 C8E26A1A16ED34D9FC7FE92C14815793 38DA362CB8D9F925D7CB", 42}, + // Test Case #0 + {"000102030405060708090a0b0c0d0e0f 101112131415161718191a1b1c1d1e1f 202122232425262728292a2b2c2d2e2f 303132333435363738393a3b3c3d3e3f 404142434445464748494a4b4c4d4e4f", "606162636465666768696a6b6c6d6e6f 707172737475767778797a7b7c7d7e7f 808182838485868788898a8b8c8d8e8f 909192939495969798999a9b9c9d9e9f a0a1a2a3a4a5a6a7a8a9aaabacadaeaf", "b0b1b2b3b4b5b6b7b8b9babbbcbdbebf c0c1c2c3c4c5c6c7c8c9cacbcccdcecf d0d1d2d3d4d5d6d7d8d9dadbdcdddedf e0e1e2e3e4e5e6e7e8e9eaebecedeeef f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", "CE6C97192805B346E6161E821ED16567 3B84F400A2B514B2FE23D84CD189DDF1 B695B48CBD1C8388441137B3CE28F16A A64BA33BA466B24DF6CFCB021ECFF235 F6A2056CE3AF1DE44D572097A8505D9E 7A93", 82}, + // Test Case #0 + {"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", NULL, NULL, "F5FA02B18298A72A8C23898A8703472C 6EB179DC204C03425C970E3B164BF90F FF22D04836D0E2343BAC", 42} + + }; + + HKDF<SHA512> hkdf; + + cout << "\nRFC 5869 HKDF(SHA-512) validation suite running...\n\n"; + pass = TestHKDF(hkdf, testSet, COUNTOF(testSet)) && pass; + } + + return pass; +} @@ -25,6 +25,7 @@ bool ValidateTTMAC(); bool ValidateCipherModes(); bool ValidatePBKDF(); +bool ValidateHKDF(); bool ValidateDES(); bool ValidateIDEA(); |