Added test suites for HKDF

git-svn-id: svn://svn.code.sf.net/p/cryptopp/code/trunk/c5@575 57ff6487-cd31-0410-9ec3-f628ee90f5f0
author: noloader <noloader@57ff6487-cd31-0410-9ec3-f628ee90f5f0> 2015-07-09 05:32:58 +0000
committer: noloader <noloader@57ff6487-cd31-0410-9ec3-f628ee90f5f0> 2015-07-09 05:32:58 +0000
commit: 939c59c745b461c9f485ef27d7f567263be4d3ae (patch)
tree: 169f5b88ef1522de9c2e95f490e37c625580198a
parent: 1c346fb63e31a49f001293ed0335af4e6fd4317b (diff)
download: cryptopp-939c59c745b461c9f485ef27d7f567263be4d3ae.tar.gz
4 files changed, 194 insertions, 1 deletions
diff --git a/hkdf.h b/hkdf.h
new file mode 100644
index 0000000..711f250
--- /dev/null
+++ b/hkdf.h
@@ -0,0 +1,87 @@
+// hkdf.h - written and placed in public domain by Jeffrey Walton. Copyright assigned to Crypto++ project
+
+#ifndef CRYPTOPP_HASH_KEY_DERIVATION_FUNCTION_H
+#define CRYPTOPP_HASH_KEY_DERIVATION_FUNCTION_H
+
+#include "cryptlib.h"
+#include "hmac.h"
+#include "hrtimer.h"
+#include "secblock.h"
+
+#include <cstring>
+
+NAMESPACE_BEGIN(CryptoPP)
+
+//! abstract base class for key derivation function
+class KeyDerivationFunction
+{
+public:
+	virtual size_t MaxDerivedKeyLength() const =0;
+	virtual bool UsesContext() const =0;
+	//! derive key from secret
+	virtual unsigned int DeriveKey(byte *derived, size_t derivedLen, const byte *secret, size_t secretLen, const byte *salt, size_t saltLen, const byte* context=NULL, size_t contextLen=0) const =0;
+	
+	// If salt is missing, then use the NULL vector. The length depends on the Hash function.
+	static const byte s_NullVector[64];
+};
+
+const byte KeyDerivationFunction::s_NullVector[64] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
+
+//! General, multipurpose KDF from RFC 5869. T should be a HashTransformation class
+//! https://eprint.iacr.org/2010/264 and https://tools.ietf.org/html/rfc5869
+template <class T>
+class CRYPTOPP_DLL HKDF : public KeyDerivationFunction
+{
+public:
+	size_t MaxDerivedKeyLength() const {return static_cast<size_t>(T::DIGESTSIZE) * 255;}
+	bool UsesContext() const {return true;}
+	unsigned int DeriveKey(byte *derived, size_t derivedLen, const byte *secret, size_t secretLen, const byte *salt, size_t saltLen, const byte* context, size_t contextLen) const;
+};
+
+template <class T>
+unsigned int HKDF<T>::DeriveKey(byte *derived, size_t derivedLen, const byte *secret, size_t secretLen, const byte *salt, size_t saltLen, const byte* context, size_t contextLen) const
+{
+	static const size_t DIGEST_SIZE = static_cast<size_t>(T::DIGESTSIZE);
+	CRYPTOPP_COMPILE_ASSERT(DIGEST_SIZE <= COUNTOF(s_NullVector));
+	const unsigned int req = static_cast<unsigned int>(derivedLen);
+	
+	assert(secret && secretLen);
+	assert(derived && derivedLen);
+	assert(derivedLen <= MaxDerivedKeyLength());
+
+	if(derivedLen > MaxDerivedKeyLength())
+		throw InvalidArgument("HKDF: derivedLen must be less than or equal to MaxDerivedKeyLength");
+
+	HMAC<T> hmac;
+	FixedSizeSecBlock<byte, DIGEST_SIZE> prk, buffer;
+
+	// Extract
+	const byte* key = (salt ? salt : s_NullVector);
+	const size_t klen = (salt ? saltLen : DIGEST_SIZE);
+
+	hmac.SetKey(key, klen);
+	hmac.CalculateDigest(prk, secret, secretLen);
+
+	// Expand
+	hmac.SetKey(prk.data(), prk.size());
+	byte block = 0;
+
+	while (derivedLen > 0)
+	{
+		if(block++) {hmac.Update(buffer, buffer.size());}
+		if(context && contextLen) {hmac.Update(context, contextLen);}
+		hmac.CalculateDigest(buffer, &block, 1);
+
+		size_t segmentLen = STDMIN(derivedLen, DIGEST_SIZE);
+		std::memcpy(derived, buffer, segmentLen);
+
+		derived += segmentLen;
+		derivedLen -= segmentLen;
+	}
+
+	return req;
+}
+
+NAMESPACE_END
+
+#endif // CRYPTOPP_HASH_KEY_DERIVATION_FUNCTION_H
diff --git a/validat1.cpp b/validat1.cpp
index ee5a18b..1ccd28d 100644
--- a/validat1.cpp
+++ b/validat1.cpp
@@ -67,6 +67,7 @@ bool ValidateAll(bool thorough)
 	pass=ValidateTTMAC() && pass;
 
 	pass=ValidatePBKDF() && pass;
+	pass=ValidateHKDF() && pass;
 
 	pass=ValidateDES() && pass;
 	pass=ValidateCipherModes() && pass;
diff --git a/validat3.cpp b/validat3.cpp
index 9c6bb62..c26f225 100644
--- a/validat3.cpp
+++ b/validat3.cpp
@@ -15,6 +15,7 @@
 #include "ripemd.h"
 
 #include "hmac.h"
+#include "hkdf.h"
 #include "ttmac.h"
 
 #include "integer.h"
@@ -576,7 +577,7 @@ bool ValidatePBKDF()
 
 	{
 	// from draft-ietf-smime-password-03.txt, at http://www.imc.org/draft-ietf-smime-password
-	static const PBKDF_TestTuple testSet[] =
+	static const PBKDF_TestTuple testSet[] = 
 	{
 		{0, 5, "70617373776f7264", "1234567878563412", "D1DAA78615F287E6"},
 		{0, 500, "416C6C206E2D656E746974696573206D75737420636F6D6D756E69636174652077697468206F74686572206E2d656E74697469657320766961206E2D3120656E746974656568656568656573", "1234567878563412","6A8970BF68C92CAEA84A8DF28510858607126380CC47AB2D"}
@@ -590,3 +591,106 @@ bool ValidatePBKDF()
 
 	return pass;
 }
+
+struct HKDF_TestTuple
+{
+	const char *hexSecret, *hexSalt, *hexContext, *hexDerivedKey;
+	size_t len;
+};
+
+bool TestHKDF(KeyDerivationFunction &kdf, const HKDF_TestTuple *testSet, unsigned int testSetSize)
+{
+	bool pass = true;
+
+	for (unsigned int i=0; i<testSetSize; i++)
+	{
+		const HKDF_TestTuple &tuple = testSet[i];
+
+		string secret, context, salt, derivedKey;
+		StringSource(tuple.hexSecret, true, new HexDecoder(new StringSink(secret)));
+		StringSource(tuple.hexSalt ? tuple.hexSalt : "", true, new HexDecoder(new StringSink(salt)));
+		StringSource(tuple.hexContext ? tuple.hexContext : "", true, new HexDecoder(new StringSink(context)));
+		StringSource(tuple.hexDerivedKey, true, new HexDecoder(new StringSink(derivedKey)));
+
+		SecByteBlock derived(derivedKey.size());
+		unsigned int ret = kdf.DeriveKey(derived, derived.size(),
+                                         reinterpret_cast<const unsigned char*>(secret.data()), secret.size(),
+                                         reinterpret_cast<const unsigned char*>(salt.data()), salt.size(),
+                                         reinterpret_cast<const unsigned char*>(context.data()), context.size());
+		pass = pass && (ret == tuple.len);
+
+		bool fail = !VerifyBufsEqual(derived, reinterpret_cast<const unsigned char*>(derivedKey.data()), derived.size());
+		pass = pass && !fail;
+
+		HexEncoder enc(new FileSink(cout));
+		cout << (fail ? "FAILED   " : "passed   ");
+		cout << " " << tuple.hexSecret << " " << (tuple.hexSalt ? tuple.hexSalt : "<NO SALT>");
+		cout << " " << (tuple.hexContext ? tuple.hexContext : "<NO CTX>") << " ";
+		enc.Put(derived, derived.size());
+		cout << endl;
+	}
+
+	return pass;
+}
+
+bool ValidateHKDF()
+{
+	bool pass = true;
+
+	{
+	// SHA-1 from RFC 5869, Appendix A, https://tools.ietf.org/html/rfc5869
+	static const HKDF_TestTuple testSet[] =
+	{
+		// Test Case #4
+		{"0b0b0b0b0b0b0b0b0b0b0b", "000102030405060708090a0b0c", "f0f1f2f3f4f5f6f7f8f9", "085a01ea1b10f36933068b56efa5ad81 a4f14b822f5b091568a9cdd4f155fda2 c22e422478d305f3f896", 42},
+		// Test Case #5
+		{"000102030405060708090a0b0c0d0e0f 101112131415161718191a1b1c1d1e1f 202122232425262728292a2b2c2d2e2f 303132333435363738393a3b3c3d3e3f 404142434445464748494a4b4c4d4e4f", "606162636465666768696a6b6c6d6e6f 707172737475767778797a7b7c7d7e7f 808182838485868788898a8b8c8d8e8f 909192939495969798999a9b9c9d9e9f a0a1a2a3a4a5a6a7a8a9aaabacadaeaf", "b0b1b2b3b4b5b6b7b8b9babbbcbdbebf c0c1c2c3c4c5c6c7c8c9cacbcccdcecf d0d1d2d3d4d5d6d7d8d9dadbdcdddedf e0e1e2e3e4e5e6e7e8e9eaebecedeeef f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", "0bd770a74d1160f7c9f12cd5912a06eb ff6adcae899d92191fe4305673ba2ffe 8fa3f1a4e5ad79f3f334b3b202b2173c 486ea37ce3d397ed034c7f9dfeb15c5e 927336d0441f4c4300e2cff0d0900b52 d3b4", 82},
+		// Test Case #6
+		{"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", NULL, NULL, "0ac1af7002b3d761d1e55298da9d0506 b9ae52057220a306e07b6b87e8df21d0 ea00033de03984d34918", 42}
+	};
+
+	HKDF<SHA1> hkdf;
+
+	cout << "\nRFC 5869 HKDF(SHA-1) validation suite running...\n\n";
+	pass = TestHKDF(hkdf, testSet, COUNTOF(testSet)) && pass;
+	}
+
+	{
+	// SHA-256 from RFC 5869, Appendix A, https://tools.ietf.org/html/rfc5869
+	static const HKDF_TestTuple testSet[] =
+	{
+		// Test Case #1
+		{"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", "000102030405060708090a0b0c", "f0f1f2f3f4f5f6f7f8f9", "3cb25f25faacd57a90434f64d0362f2a 2d2d0a90cf1a5a4c5db02d56ecc4c5bf 34007208d5b887185865", 42},
+		// Test Case #2
+		{"000102030405060708090a0b0c0d0e0f 101112131415161718191a1b1c1d1e1f 202122232425262728292a2b2c2d2e2f 303132333435363738393a3b3c3d3e3f 404142434445464748494a4b4c4d4e4f", "606162636465666768696a6b6c6d6e6f 707172737475767778797a7b7c7d7e7f 808182838485868788898a8b8c8d8e8f 909192939495969798999a9b9c9d9e9f a0a1a2a3a4a5a6a7a8a9aaabacadaeaf", "b0b1b2b3b4b5b6b7b8b9babbbcbdbebf c0c1c2c3c4c5c6c7c8c9cacbcccdcecf d0d1d2d3d4d5d6d7d8d9dadbdcdddedf e0e1e2e3e4e5e6e7e8e9eaebecedeeef f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", "b11e398dc80327a1c8e7f78c596a4934 4f012eda2d4efad8a050cc4c19afa97c 59045a99cac7827271cb41c65e590e09 da3275600c2f09b8367793a9aca3db71 cc30c58179ec3e87c14c01d5c1f3434f 1d87", 82},
+		// Test Case #3
+		{"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", NULL, NULL, "8da4e775a563c18f715f802a063c5a31 b8a11f5c5ee1879ec3454e5f3c738d2d 9d201395faa4b61a96c8", 42}
+	};
+
+	HKDF<SHA256> hkdf;
+
+	cout << "\nRFC 5869 HKDF(SHA-256) validation suite running...\n\n";
+	pass = TestHKDF(hkdf, testSet, COUNTOF(testSet)) && pass;
+	}
+
+	{
+	// SHA-512 based on RFC 5869, https://tools.ietf.org/html/rfc5869
+	static const HKDF_TestTuple testSet[] =
+	{
+		// Test Case #0
+		{"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", "000102030405060708090a0b0c", "f0f1f2f3f4f5f6f7f8f9", "832390086CDA71FB47625BB5CEB168E4 C8E26A1A16ED34D9FC7FE92C14815793 38DA362CB8D9F925D7CB", 42},
+		// Test Case #0
+		{"000102030405060708090a0b0c0d0e0f 101112131415161718191a1b1c1d1e1f 202122232425262728292a2b2c2d2e2f 303132333435363738393a3b3c3d3e3f 404142434445464748494a4b4c4d4e4f", "606162636465666768696a6b6c6d6e6f 707172737475767778797a7b7c7d7e7f 808182838485868788898a8b8c8d8e8f 909192939495969798999a9b9c9d9e9f a0a1a2a3a4a5a6a7a8a9aaabacadaeaf", "b0b1b2b3b4b5b6b7b8b9babbbcbdbebf c0c1c2c3c4c5c6c7c8c9cacbcccdcecf d0d1d2d3d4d5d6d7d8d9dadbdcdddedf e0e1e2e3e4e5e6e7e8e9eaebecedeeef f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", "CE6C97192805B346E6161E821ED16567 3B84F400A2B514B2FE23D84CD189DDF1 B695B48CBD1C8388441137B3CE28F16A A64BA33BA466B24DF6CFCB021ECFF235 F6A2056CE3AF1DE44D572097A8505D9E 7A93", 82},
+		// Test Case #0
+		{"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", NULL, NULL, "F5FA02B18298A72A8C23898A8703472C 6EB179DC204C03425C970E3B164BF90F FF22D04836D0E2343BAC", 42}
+
+	};
+
+	HKDF<SHA512> hkdf;
+
+	cout << "\nRFC 5869 HKDF(SHA-512) validation suite running...\n\n";
+	pass = TestHKDF(hkdf, testSet, COUNTOF(testSet)) && pass;
+	}
+
+	return pass;
+}
diff --git a/validate.h b/validate.h
index 0ab23cb..620f88a 100644
--- a/validate.h
+++ b/validate.h
@@ -25,6 +25,7 @@ bool ValidateTTMAC();
 
 bool ValidateCipherModes();
 bool ValidatePBKDF();
+bool ValidateHKDF();
 
 bool ValidateDES();
 bool ValidateIDEA();
author	noloader <noloader@57ff6487-cd31-0410-9ec3-f628ee90f5f0>	2015-07-09 05:32:58 +0000
committer	noloader <noloader@57ff6487-cd31-0410-9ec3-f628ee90f5f0>	2015-07-09 05:32:58 +0000
commit	939c59c745b461c9f485ef27d7f567263be4d3ae (patch)
tree	169f5b88ef1522de9c2e95f490e37c625580198a
parent	1c346fb63e31a49f001293ed0335af4e6fd4317b (diff)
download	cryptopp-939c59c745b461c9f485ef27d7f567263be4d3ae.tar.gz