source-git / gnutls

Clone
Source Code
GIT

Blame tests/kdf-api.c

c8 c8s master
  1.   b97e568fddb0c347c225fc68303960b41a24f19f
  2.   tests
  3.   kdf-api.c
Blob History Raw
Packit Service 4684c1 
/*
Packit Service 4684c1 
 * Copyright (C) 2020 Red Hat, Inc.
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * Author: Daiki Ueno
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * This file is part of GnuTLS.
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * The GnuTLS is free software; you can redistribute it and/or
Packit Service 4684c1 
 * modify it under the terms of the GNU Lesser General Public License
Packit Service 4684c1 
 * as published by the Free Software Foundation; either version 2.1 of
Packit Service 4684c1 
 * the License, or (at your option) any later version.
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * This library is distributed in the hope that it will be useful, but
Packit Service 4684c1 
 * WITHOUT ANY WARRANTY; without even the implied warranty of
Packit Service 4684c1 
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
Packit Service 4684c1 
 * Lesser General Public License for more details.
Packit Service 4684c1 
 *
Packit Service 4684c1 
 * You should have received a copy of the GNU Lesser General Public License
Packit Service 4684c1 
 * along with this program.  If not, see <https://www.gnu.org/licenses/>
Packit Service 4684c1 
 *
Packit Service 4684c1 
 */
Packit Service 4684c1
Packit Service 4684c1 
#include "config.h"
Packit Service 4684c1
Packit Service 4684c1 
#include <gnutls/gnutls.h>
Packit Service 4684c1 
#include <gnutls/crypto.h>
Packit Service 4684c1
Packit Service 4684c1 
#include <assert.h>
Packit Service 4684c1 
#include <stdint.h>
Packit Service 4684c1
Packit Service 4684c1 
#include "utils.h"
Packit Service 4684c1
Packit Service 4684c1 
#define MAX_BUF 1024
Packit Service 4684c1
Packit Service 4684c1 
static void
Packit Service 4684c1 
test_hkdf(gnutls_mac_algorithm_t mac,
Packit Service 4684c1 
	  const char *ikm_hex,
Packit Service 4684c1 
	  const char *salt_hex,
Packit Service 4684c1 
	  const char *info_hex,
Packit Service 4684c1 
	  size_t length,
Packit Service 4684c1 
	  const char *prk_hex,
Packit Service 4684c1 
	  const char *okm_hex)
Packit Service 4684c1 
{
Packit Service 4684c1 
	gnutls_datum_t hex;
Packit Service 4684c1 
	gnutls_datum_t ikm;
Packit Service 4684c1 
	gnutls_datum_t salt;
Packit Service 4684c1 
	gnutls_datum_t info;
Packit Service 4684c1 
	gnutls_datum_t prk;
Packit Service 4684c1 
	gnutls_datum_t okm;
Packit Service 4684c1 
	uint8_t buf[MAX_BUF];
Packit Service 4684c1
Packit Service 4684c1 
	success("HKDF test with %s\n", gnutls_mac_get_name(mac));
Packit Service 4684c1
Packit Service 4684c1 
	/* Test HKDF-Extract */
Packit Service 4684c1 
	hex.data = (void *)ikm_hex;
Packit Service 4684c1 
	hex.size = strlen(ikm_hex);
Packit Service 4684c1 
	assert(gnutls_hex_decode2(&hex, &ikm) >= 0);
Packit Service 4684c1
Packit Service 4684c1 
	hex.data = (void *)salt_hex;
Packit Service 4684c1 
	hex.size = strlen(salt_hex);
Packit Service 4684c1 
	assert(gnutls_hex_decode2(&hex, &salt) >= 0);
Packit Service 4684c1
Packit Service 4684c1 
	assert(gnutls_hkdf_extract(mac, &ikm, &salt, buf) >= 0);
Packit Service 4684c1 
	gnutls_free(ikm.data);
Packit Service 4684c1 
	gnutls_free(salt.data);
Packit Service 4684c1
Packit Service 4684c1 
	prk.data = buf;
Packit Service 4684c1 
	prk.size = strlen(prk_hex) / 2;
Packit Service 4684c1 
	assert(gnutls_hex_encode2(&prk, &hex) >= 0);
Packit Service 4684c1
Packit Service 4684c1 
	if (strcmp((char *)hex.data, prk_hex))
Packit Service 4684c1 
		fail("prk doesn't match: %s != %s\n",
Packit Service 4684c1 
		     (char *)hex.data, prk_hex);
Packit Service 4684c1
Packit Service 4684c1 
	gnutls_free(hex.data);
Packit Service 4684c1
Packit Service 4684c1 
	/* Test HKDF-Expand */
Packit Service 4684c1 
	hex.data = (void *)info_hex;
Packit Service 4684c1 
	hex.size = strlen(info_hex);
Packit Service 4684c1 
	assert(gnutls_hex_decode2(&hex, &info) >= 0);
Packit Service 4684c1
Packit Service 4684c1 
	assert(gnutls_hkdf_expand(mac, &prk, &info, buf, length) >= 0);
Packit Service 4684c1 
	gnutls_free(info.data);
Packit Service 4684c1
Packit Service 4684c1 
	okm.data = buf;
Packit Service 4684c1 
	okm.size = strlen(okm_hex) / 2;
Packit Service 4684c1 
	assert(gnutls_hex_encode2(&okm, &hex) >= 0);
Packit Service 4684c1
Packit Service 4684c1 
	if (strcmp((char *)hex.data, okm_hex))
Packit Service 4684c1 
		fail("okm doesn't match: %s != %s\n",
Packit Service 4684c1 
		     (char *)hex.data, okm_hex);
Packit Service 4684c1
Packit Service 4684c1 
	gnutls_free(hex.data);
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
static void
Packit Service 4684c1 
test_pbkdf2(gnutls_mac_algorithm_t mac,
Packit Service 4684c1 
	    const char *ikm_hex,
Packit Service 4684c1 
	    const char *salt_hex,
Packit Service 4684c1 
	    unsigned iter_count,
Packit Service 4684c1 
	    size_t length,
Packit Service 4684c1 
	    const char *okm_hex)
Packit Service 4684c1 
{
Packit Service 4684c1 
	gnutls_datum_t hex;
Packit Service 4684c1 
	gnutls_datum_t ikm;
Packit Service 4684c1 
	gnutls_datum_t salt;
Packit Service 4684c1 
	gnutls_datum_t okm;
Packit Service 4684c1 
	uint8_t buf[MAX_BUF];
Packit Service 4684c1
Packit Service 4684c1 
	success("PBKDF2 test with %s\n", gnutls_mac_get_name(mac));
Packit Service 4684c1
Packit Service 4684c1 
	hex.data = (void *)ikm_hex;
Packit Service 4684c1 
	hex.size = strlen(ikm_hex);
Packit Service 4684c1 
	assert(gnutls_hex_decode2(&hex, &ikm) >= 0);
Packit Service 4684c1
Packit Service 4684c1 
	hex.data = (void *)salt_hex;
Packit Service 4684c1 
	hex.size = strlen(salt_hex);
Packit Service 4684c1 
	assert(gnutls_hex_decode2(&hex, &salt) >= 0);
Packit Service 4684c1
Packit Service 4684c1 
	assert(gnutls_pbkdf2(mac, &ikm, &salt, iter_count, buf, length) >= 0);
Packit Service 4684c1 
	gnutls_free(ikm.data);
Packit Service 4684c1 
	gnutls_free(salt.data);
Packit Service 4684c1
Packit Service 4684c1 
	okm.data = buf;
Packit Service 4684c1 
	okm.size = length;
Packit Service 4684c1 
	assert(gnutls_hex_encode2(&okm, &hex) >= 0);
Packit Service 4684c1
Packit Service 4684c1 
	if (strcmp((char *)hex.data, okm_hex))
Packit Service 4684c1 
		fail("okm doesn't match: %s != %s\n",
Packit Service 4684c1 
		     (char *)hex.data, okm_hex);
Packit Service 4684c1
Packit Service 4684c1 
	gnutls_free(hex.data);
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
void
Packit Service 4684c1 
doit(void)
Packit Service 4684c1 
{
Packit Service 4684c1 
	/* Test vector from RFC 5869.  More thorough testing is done
Packit Service 4684c1 
	 * in nettle. */
Packit Service 4684c1 
	test_hkdf(GNUTLS_MAC_SHA256,
Packit Service 4684c1 
		  "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"
Packit Service 4684c1 
		  "0b0b0b0b0b0b",
Packit Service 4684c1 
		  "000102030405060708090a0b0c",
Packit Service 4684c1 
		  "f0f1f2f3f4f5f6f7f8f9",
Packit Service 4684c1 
		  42,
Packit Service 4684c1 
		  "077709362c2e32df0ddc3f0dc47bba63"
Packit Service 4684c1 
		  "90b6c73bb50f9c3122ec844ad7c2b3e5",
Packit Service 4684c1 
		  "3cb25f25faacd57a90434f64d0362f2a"
Packit Service 4684c1 
		  "2d2d0a90cf1a5a4c5db02d56ecc4c5bf"
Packit Service 4684c1 
		  "34007208d5b887185865");
Packit Service 4684c1
Packit Service 4684c1 
	/* Test vector from RFC 6070.  More thorough testing is done
Packit Service 4684c1 
	 * in nettle. */
Packit Service 4684c1 
	test_pbkdf2(GNUTLS_MAC_SHA1,
Packit Service 4684c1 
		    "70617373776f7264", /* "password" */
Packit Service 4684c1 
		    "73616c74",		/* "salt" */
Packit Service 4684c1 
		    4096,
Packit Service 4684c1 
		    20,
Packit Service 4684c1 
		    "4b007901b765489abead49d926f721d065a429c1");
Packit Service 4684c1 
}

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation