source-git / gnutls

Clone
Source Code
GIT

Blame tests/kdf-api.c

c8 c8s master
  1.   c8
  2.   tests
  3.   kdf-api.c
Blob History Raw
Packit Service 991b93 
/*
Packit Service 991b93 
 * Copyright (C) 2020 Red Hat, Inc.
Packit Service 991b93 
 *
Packit Service 991b93 
 * Author: Daiki Ueno
Packit Service 991b93 
 *
Packit Service 991b93 
 * This file is part of GnuTLS.
Packit Service 991b93 
 *
Packit Service 991b93 
 * The GnuTLS is free software; you can redistribute it and/or
Packit Service 991b93 
 * modify it under the terms of the GNU Lesser General Public License
Packit Service 991b93 
 * as published by the Free Software Foundation; either version 2.1 of
Packit Service 991b93 
 * the License, or (at your option) any later version.
Packit Service 991b93 
 *
Packit Service 991b93 
 * This library is distributed in the hope that it will be useful, but
Packit Service 991b93 
 * WITHOUT ANY WARRANTY; without even the implied warranty of
Packit Service 991b93 
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
Packit Service 991b93 
 * Lesser General Public License for more details.
Packit Service 991b93 
 *
Packit Service 991b93 
 * You should have received a copy of the GNU Lesser General Public License
Packit Service 991b93 
 * along with this program.  If not, see <https://www.gnu.org/licenses/>
Packit Service 991b93 
 *
Packit Service 991b93 
 */
Packit Service 991b93
Packit Service 991b93 
#include "config.h"
Packit Service 991b93
Packit Service 991b93 
#include <gnutls/gnutls.h>
Packit Service 991b93 
#include <gnutls/crypto.h>
Packit Service 991b93
Packit Service 991b93 
#include <assert.h>
Packit Service 991b93 
#include <stdint.h>
Packit Service 991b93
Packit Service 991b93 
#include "utils.h"
Packit Service 991b93
Packit Service 991b93 
#define MAX_BUF 1024
Packit Service 991b93
Packit Service 991b93 
static void
Packit Service 991b93 
test_hkdf(gnutls_mac_algorithm_t mac,
Packit Service 991b93 
	  const char *ikm_hex,
Packit Service 991b93 
	  const char *salt_hex,
Packit Service 991b93 
	  const char *info_hex,
Packit Service 991b93 
	  size_t length,
Packit Service 991b93 
	  const char *prk_hex,
Packit Service 991b93 
	  const char *okm_hex)
Packit Service 991b93 
{
Packit Service 991b93 
	gnutls_datum_t hex;
Packit Service 991b93 
	gnutls_datum_t ikm;
Packit Service 991b93 
	gnutls_datum_t salt;
Packit Service 991b93 
	gnutls_datum_t info;
Packit Service 991b93 
	gnutls_datum_t prk;
Packit Service 991b93 
	gnutls_datum_t okm;
Packit Service 991b93 
	uint8_t buf[MAX_BUF];
Packit Service 991b93
Packit Service 991b93 
	success("HKDF test with %s\n", gnutls_mac_get_name(mac));
Packit Service 991b93
Packit Service 991b93 
	/* Test HKDF-Extract */
Packit Service 991b93 
	hex.data = (void *)ikm_hex;
Packit Service 991b93 
	hex.size = strlen(ikm_hex);
Packit Service 991b93 
	assert(gnutls_hex_decode2(&hex, &ikm) >= 0);
Packit Service 991b93
Packit Service 991b93 
	hex.data = (void *)salt_hex;
Packit Service 991b93 
	hex.size = strlen(salt_hex);
Packit Service 991b93 
	assert(gnutls_hex_decode2(&hex, &salt) >= 0);
Packit Service 991b93
Packit Service 991b93 
	assert(gnutls_hkdf_extract(mac, &ikm, &salt, buf) >= 0);
Packit Service 991b93 
	gnutls_free(ikm.data);
Packit Service 991b93 
	gnutls_free(salt.data);
Packit Service 991b93
Packit Service 991b93 
	prk.data = buf;
Packit Service 991b93 
	prk.size = strlen(prk_hex) / 2;
Packit Service 991b93 
	assert(gnutls_hex_encode2(&prk, &hex) >= 0);
Packit Service 991b93
Packit Service 991b93 
	if (strcmp((char *)hex.data, prk_hex))
Packit Service 991b93 
		fail("prk doesn't match: %s != %s\n",
Packit Service 991b93 
		     (char *)hex.data, prk_hex);
Packit Service 991b93
Packit Service 991b93 
	gnutls_free(hex.data);
Packit Service 991b93
Packit Service 991b93 
	/* Test HKDF-Expand */
Packit Service 991b93 
	hex.data = (void *)info_hex;
Packit Service 991b93 
	hex.size = strlen(info_hex);
Packit Service 991b93 
	assert(gnutls_hex_decode2(&hex, &info) >= 0);
Packit Service 991b93
Packit Service 991b93 
	assert(gnutls_hkdf_expand(mac, &prk, &info, buf, length) >= 0);
Packit Service 991b93 
	gnutls_free(info.data);
Packit Service 991b93
Packit Service 991b93 
	okm.data = buf;
Packit Service 991b93 
	okm.size = strlen(okm_hex) / 2;
Packit Service 991b93 
	assert(gnutls_hex_encode2(&okm, &hex) >= 0);
Packit Service 991b93
Packit Service 991b93 
	if (strcmp((char *)hex.data, okm_hex))
Packit Service 991b93 
		fail("okm doesn't match: %s != %s\n",
Packit Service 991b93 
		     (char *)hex.data, okm_hex);
Packit Service 991b93
Packit Service 991b93 
	gnutls_free(hex.data);
Packit Service 991b93 
}
Packit Service 991b93
Packit Service 991b93 
static void
Packit Service 991b93 
test_pbkdf2(gnutls_mac_algorithm_t mac,
Packit Service 991b93 
	    const char *ikm_hex,
Packit Service 991b93 
	    const char *salt_hex,
Packit Service 991b93 
	    unsigned iter_count,
Packit Service 991b93 
	    size_t length,
Packit Service 991b93 
	    const char *okm_hex)
Packit Service 991b93 
{
Packit Service 991b93 
	gnutls_datum_t hex;
Packit Service 991b93 
	gnutls_datum_t ikm;
Packit Service 991b93 
	gnutls_datum_t salt;
Packit Service 991b93 
	gnutls_datum_t okm;
Packit Service 991b93 
	uint8_t buf[MAX_BUF];
Packit Service 991b93
Packit Service 991b93 
	success("PBKDF2 test with %s\n", gnutls_mac_get_name(mac));
Packit Service 991b93
Packit Service 991b93 
	hex.data = (void *)ikm_hex;
Packit Service 991b93 
	hex.size = strlen(ikm_hex);
Packit Service 991b93 
	assert(gnutls_hex_decode2(&hex, &ikm) >= 0);
Packit Service 991b93
Packit Service 991b93 
	hex.data = (void *)salt_hex;
Packit Service 991b93 
	hex.size = strlen(salt_hex);
Packit Service 991b93 
	assert(gnutls_hex_decode2(&hex, &salt) >= 0);
Packit Service 991b93
Packit Service 991b93 
	assert(gnutls_pbkdf2(mac, &ikm, &salt, iter_count, buf, length) >= 0);
Packit Service 991b93 
	gnutls_free(ikm.data);
Packit Service 991b93 
	gnutls_free(salt.data);
Packit Service 991b93
Packit Service 991b93 
	okm.data = buf;
Packit Service 991b93 
	okm.size = length;
Packit Service 991b93 
	assert(gnutls_hex_encode2(&okm, &hex) >= 0);
Packit Service 991b93
Packit Service 991b93 
	if (strcmp((char *)hex.data, okm_hex))
Packit Service 991b93 
		fail("okm doesn't match: %s != %s\n",
Packit Service 991b93 
		     (char *)hex.data, okm_hex);
Packit Service 991b93
Packit Service 991b93 
	gnutls_free(hex.data);
Packit Service 991b93 
}
Packit Service 991b93
Packit Service 991b93 
void
Packit Service 991b93 
doit(void)
Packit Service 991b93 
{
Packit Service 991b93 
	/* Test vector from RFC 5869.  More thorough testing is done
Packit Service 991b93 
	 * in nettle. */
Packit Service 991b93 
	test_hkdf(GNUTLS_MAC_SHA256,
Packit Service 991b93 
		  "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"
Packit Service 991b93 
		  "0b0b0b0b0b0b",
Packit Service 991b93 
		  "000102030405060708090a0b0c",
Packit Service 991b93 
		  "f0f1f2f3f4f5f6f7f8f9",
Packit Service 991b93 
		  42,
Packit Service 991b93 
		  "077709362c2e32df0ddc3f0dc47bba63"
Packit Service 991b93 
		  "90b6c73bb50f9c3122ec844ad7c2b3e5",
Packit Service 991b93 
		  "3cb25f25faacd57a90434f64d0362f2a"
Packit Service 991b93 
		  "2d2d0a90cf1a5a4c5db02d56ecc4c5bf"
Packit Service 991b93 
		  "34007208d5b887185865");
Packit Service 991b93
Packit Service 991b93 
	/* Test vector from RFC 6070.  More thorough testing is done
Packit Service 991b93 
	 * in nettle. */
Packit Service 991b93 
	test_pbkdf2(GNUTLS_MAC_SHA1,
Packit Service 991b93 
		    "70617373776f7264", /* "password" */
Packit Service 991b93 
		    "73616c74",		/* "salt" */
Packit Service 991b93 
		    4096,
Packit Service 991b93 
		    20,
Packit Service 991b93 
		    "4b007901b765489abead49d926f721d065a429c1");
Packit Service 991b93 
}

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation