|
Packit Service |
991b93 |
/*
|
|
Packit Service |
991b93 |
* Copyright (C) 2020 Red Hat, Inc.
|
|
Packit Service |
991b93 |
*
|
|
Packit Service |
991b93 |
* Author: Daiki Ueno
|
|
Packit Service |
991b93 |
*
|
|
Packit Service |
991b93 |
* This file is part of GnuTLS.
|
|
Packit Service |
991b93 |
*
|
|
Packit Service |
991b93 |
* The GnuTLS is free software; you can redistribute it and/or
|
|
Packit Service |
991b93 |
* modify it under the terms of the GNU Lesser General Public License
|
|
Packit Service |
991b93 |
* as published by the Free Software Foundation; either version 2.1 of
|
|
Packit Service |
991b93 |
* the License, or (at your option) any later version.
|
|
Packit Service |
991b93 |
*
|
|
Packit Service |
991b93 |
* This library is distributed in the hope that it will be useful, but
|
|
Packit Service |
991b93 |
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit Service |
991b93 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit Service |
991b93 |
* Lesser General Public License for more details.
|
|
Packit Service |
991b93 |
*
|
|
Packit Service |
991b93 |
* You should have received a copy of the GNU Lesser General Public License
|
|
Packit Service |
991b93 |
* along with this program. If not, see <https://www.gnu.org/licenses/>
|
|
Packit Service |
991b93 |
*
|
|
Packit Service |
991b93 |
*/
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
#include "config.h"
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
#include <gnutls/gnutls.h>
|
|
Packit Service |
991b93 |
#include <gnutls/crypto.h>
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
#include <assert.h>
|
|
Packit Service |
991b93 |
#include <stdint.h>
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
#include "utils.h"
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
#define MAX_BUF 1024
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
static void
|
|
Packit Service |
991b93 |
test_hkdf(gnutls_mac_algorithm_t mac,
|
|
Packit Service |
991b93 |
const char *ikm_hex,
|
|
Packit Service |
991b93 |
const char *salt_hex,
|
|
Packit Service |
991b93 |
const char *info_hex,
|
|
Packit Service |
991b93 |
size_t length,
|
|
Packit Service |
991b93 |
const char *prk_hex,
|
|
Packit Service |
991b93 |
const char *okm_hex)
|
|
Packit Service |
991b93 |
{
|
|
Packit Service |
991b93 |
gnutls_datum_t hex;
|
|
Packit Service |
991b93 |
gnutls_datum_t ikm;
|
|
Packit Service |
991b93 |
gnutls_datum_t salt;
|
|
Packit Service |
991b93 |
gnutls_datum_t info;
|
|
Packit Service |
991b93 |
gnutls_datum_t prk;
|
|
Packit Service |
991b93 |
gnutls_datum_t okm;
|
|
Packit Service |
991b93 |
uint8_t buf[MAX_BUF];
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
success("HKDF test with %s\n", gnutls_mac_get_name(mac));
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
/* Test HKDF-Extract */
|
|
Packit Service |
991b93 |
hex.data = (void *)ikm_hex;
|
|
Packit Service |
991b93 |
hex.size = strlen(ikm_hex);
|
|
Packit Service |
991b93 |
assert(gnutls_hex_decode2(&hex, &ikm) >= 0);
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
hex.data = (void *)salt_hex;
|
|
Packit Service |
991b93 |
hex.size = strlen(salt_hex);
|
|
Packit Service |
991b93 |
assert(gnutls_hex_decode2(&hex, &salt) >= 0);
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
assert(gnutls_hkdf_extract(mac, &ikm, &salt, buf) >= 0);
|
|
Packit Service |
991b93 |
gnutls_free(ikm.data);
|
|
Packit Service |
991b93 |
gnutls_free(salt.data);
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
prk.data = buf;
|
|
Packit Service |
991b93 |
prk.size = strlen(prk_hex) / 2;
|
|
Packit Service |
991b93 |
assert(gnutls_hex_encode2(&prk, &hex) >= 0);
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
if (strcmp((char *)hex.data, prk_hex))
|
|
Packit Service |
991b93 |
fail("prk doesn't match: %s != %s\n",
|
|
Packit Service |
991b93 |
(char *)hex.data, prk_hex);
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
gnutls_free(hex.data);
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
/* Test HKDF-Expand */
|
|
Packit Service |
991b93 |
hex.data = (void *)info_hex;
|
|
Packit Service |
991b93 |
hex.size = strlen(info_hex);
|
|
Packit Service |
991b93 |
assert(gnutls_hex_decode2(&hex, &info) >= 0);
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
assert(gnutls_hkdf_expand(mac, &prk, &info, buf, length) >= 0);
|
|
Packit Service |
991b93 |
gnutls_free(info.data);
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
okm.data = buf;
|
|
Packit Service |
991b93 |
okm.size = strlen(okm_hex) / 2;
|
|
Packit Service |
991b93 |
assert(gnutls_hex_encode2(&okm, &hex) >= 0);
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
if (strcmp((char *)hex.data, okm_hex))
|
|
Packit Service |
991b93 |
fail("okm doesn't match: %s != %s\n",
|
|
Packit Service |
991b93 |
(char *)hex.data, okm_hex);
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
gnutls_free(hex.data);
|
|
Packit Service |
991b93 |
}
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
static void
|
|
Packit Service |
991b93 |
test_pbkdf2(gnutls_mac_algorithm_t mac,
|
|
Packit Service |
991b93 |
const char *ikm_hex,
|
|
Packit Service |
991b93 |
const char *salt_hex,
|
|
Packit Service |
991b93 |
unsigned iter_count,
|
|
Packit Service |
991b93 |
size_t length,
|
|
Packit Service |
991b93 |
const char *okm_hex)
|
|
Packit Service |
991b93 |
{
|
|
Packit Service |
991b93 |
gnutls_datum_t hex;
|
|
Packit Service |
991b93 |
gnutls_datum_t ikm;
|
|
Packit Service |
991b93 |
gnutls_datum_t salt;
|
|
Packit Service |
991b93 |
gnutls_datum_t okm;
|
|
Packit Service |
991b93 |
uint8_t buf[MAX_BUF];
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
success("PBKDF2 test with %s\n", gnutls_mac_get_name(mac));
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
hex.data = (void *)ikm_hex;
|
|
Packit Service |
991b93 |
hex.size = strlen(ikm_hex);
|
|
Packit Service |
991b93 |
assert(gnutls_hex_decode2(&hex, &ikm) >= 0);
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
hex.data = (void *)salt_hex;
|
|
Packit Service |
991b93 |
hex.size = strlen(salt_hex);
|
|
Packit Service |
991b93 |
assert(gnutls_hex_decode2(&hex, &salt) >= 0);
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
assert(gnutls_pbkdf2(mac, &ikm, &salt, iter_count, buf, length) >= 0);
|
|
Packit Service |
991b93 |
gnutls_free(ikm.data);
|
|
Packit Service |
991b93 |
gnutls_free(salt.data);
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
okm.data = buf;
|
|
Packit Service |
991b93 |
okm.size = length;
|
|
Packit Service |
991b93 |
assert(gnutls_hex_encode2(&okm, &hex) >= 0);
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
if (strcmp((char *)hex.data, okm_hex))
|
|
Packit Service |
991b93 |
fail("okm doesn't match: %s != %s\n",
|
|
Packit Service |
991b93 |
(char *)hex.data, okm_hex);
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
gnutls_free(hex.data);
|
|
Packit Service |
991b93 |
}
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
void
|
|
Packit Service |
991b93 |
doit(void)
|
|
Packit Service |
991b93 |
{
|
|
Packit Service |
991b93 |
/* Test vector from RFC 5869. More thorough testing is done
|
|
Packit Service |
991b93 |
* in nettle. */
|
|
Packit Service |
991b93 |
test_hkdf(GNUTLS_MAC_SHA256,
|
|
Packit Service |
991b93 |
"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"
|
|
Packit Service |
991b93 |
"0b0b0b0b0b0b",
|
|
Packit Service |
991b93 |
"000102030405060708090a0b0c",
|
|
Packit Service |
991b93 |
"f0f1f2f3f4f5f6f7f8f9",
|
|
Packit Service |
991b93 |
42,
|
|
Packit Service |
991b93 |
"077709362c2e32df0ddc3f0dc47bba63"
|
|
Packit Service |
991b93 |
"90b6c73bb50f9c3122ec844ad7c2b3e5",
|
|
Packit Service |
991b93 |
"3cb25f25faacd57a90434f64d0362f2a"
|
|
Packit Service |
991b93 |
"2d2d0a90cf1a5a4c5db02d56ecc4c5bf"
|
|
Packit Service |
991b93 |
"34007208d5b887185865");
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
/* Test vector from RFC 6070. More thorough testing is done
|
|
Packit Service |
991b93 |
* in nettle. */
|
|
Packit Service |
991b93 |
test_pbkdf2(GNUTLS_MAC_SHA1,
|
|
Packit Service |
991b93 |
"70617373776f7264", /* "password" */
|
|
Packit Service |
991b93 |
"73616c74", /* "salt" */
|
|
Packit Service |
991b93 |
4096,
|
|
Packit Service |
991b93 |
20,
|
|
Packit Service |
991b93 |
"4b007901b765489abead49d926f721d065a429c1");
|
|
Packit Service |
991b93 |
}
|