1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
6 * The library is free for all purposes without any express
13 LTC_HKDF support, self-test, Steffen Jaeckel
21 Internet Engineering Task Force (IETF) H. Krawczyk
22 Request for Comments: 5869 IBM Research
23 Category: Informational P. Eronen
26 Appendix A. Test Vectors
31 @return CRYPT_OK if successful, CRYPT_NOP if tests have been disabled.
38 unsigned char OKM[82];
41 static const struct hkdf_test_case {
44 unsigned char IKM[80];
46 unsigned char salt[80];
48 unsigned char info[80];
50 unsigned char PRK[32];
52 unsigned char OKM[82];
57 Basic test case with SHA-256
60 IKM = 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b (22 octets)
61 salt = 0x000102030405060708090a0b0c (13 octets)
62 info = 0xf0f1f2f3f4f5f6f7f8f9 (10 octets)
65 PRK = 0x077709362c2e32df0ddc3f0dc47bba63
66 90b6c73bb50f9c3122ec844ad7c2b3e5 (32 octets)
67 OKM = 0x3cb25f25faacd57a90434f64d0362f2a
68 2d2d0a90cf1a5a4c5db02d56ecc4c5bf
69 34007208d5b887185865 (42 octets)
72 {0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
73 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
74 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 22,
75 {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
76 0x08, 0x09, 0x0a, 0x0b, 0x0c}, 13,
77 {0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
79 {0x07, 0x77, 0x09, 0x36, 0x2c, 0x2e, 0x32, 0xdf,
80 0x0d, 0xdc, 0x3f, 0x0d, 0xc4, 0x7b, 0xba, 0x63,
81 0x90, 0xb6, 0xc7, 0x3b, 0xb5, 0x0f, 0x9c, 0x31,
82 0x22, 0xec, 0x84, 0x4a, 0xd7, 0xc2, 0xb3, 0xe5}, 32,
83 {0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
84 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
85 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
86 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
87 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
90 /* Test with SHA-256 and longer inputs/outputs */
92 {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
93 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
94 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
95 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
96 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
97 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
98 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
99 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
100 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
101 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f}, 80,
102 {0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
103 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
104 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
105 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
106 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
107 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
108 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
109 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
110 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
111 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf}, 80,
112 {0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
113 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
114 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
115 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
116 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
117 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
118 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
119 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
120 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
121 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff}, 80,
122 {0x06, 0xa6, 0xb8, 0x8c, 0x58, 0x53, 0x36, 0x1a,
123 0x06, 0x10, 0x4c, 0x9c, 0xeb, 0x35, 0xb4, 0x5c,
124 0xef, 0x76, 0x00, 0x14, 0x90, 0x46, 0x71, 0x01,
125 0x4a, 0x19, 0x3f, 0x40, 0xc1, 0x5f, 0xc2, 0x44}, 32,
126 {0xb1, 0x1e, 0x39, 0x8d, 0xc8, 0x03, 0x27, 0xa1,
127 0xc8, 0xe7, 0xf7, 0x8c, 0x59, 0x6a, 0x49, 0x34,
128 0x4f, 0x01, 0x2e, 0xda, 0x2d, 0x4e, 0xfa, 0xd8,
129 0xa0, 0x50, 0xcc, 0x4c, 0x19, 0xaf, 0xa9, 0x7c,
130 0x59, 0x04, 0x5a, 0x99, 0xca, 0xc7, 0x82, 0x72,
131 0x71, 0xcb, 0x41, 0xc6, 0x5e, 0x59, 0x0e, 0x09,
132 0xda, 0x32, 0x75, 0x60, 0x0c, 0x2f, 0x09, 0xb8,
133 0x36, 0x77, 0x93, 0xa9, 0xac, 0xa3, 0xdb, 0x71,
134 0xcc, 0x30, 0xc5, 0x81, 0x79, 0xec, 0x3e, 0x87,
135 0xc1, 0x4c, 0x01, 0xd5, 0xc1, 0xf3, 0x43, 0x4f,
137 /* Test with SHA-256 and zero length salt/info */
139 {0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
140 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
141 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 22,
144 {0x19, 0xef, 0x24, 0xa3, 0x2c, 0x71, 0x7b, 0x16,
145 0x7f, 0x33, 0xa9, 0x1d, 0x6f, 0x64, 0x8b, 0xdf,
146 0x96, 0x59, 0x67, 0x76, 0xaf, 0xdb, 0x63, 0x77,
147 0xac, 0x43, 0x4c, 0x1c, 0x29, 0x3c, 0xcb, 0x04}, 32,
148 {0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f,
149 0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31,
150 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e,
151 0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d,
152 0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a,
154 #endif /* LTC_TEST_EXT */
155 #endif /* LTC_SHA256 */
157 /* Basic test case with SHA-1 */
159 {0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
160 0x0b, 0x0b, 0x0b}, 11,
161 {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
162 0x08, 0x09, 0x0a, 0x0b, 0x0c}, 13,
163 {0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
165 {0x9b, 0x6c, 0x18, 0xc4, 0x32, 0xa7, 0xbf, 0x8f,
166 0x0e, 0x71, 0xc8, 0xeb, 0x88, 0xf4, 0xb3, 0x0b,
167 0xaa, 0x2b, 0xa2, 0x43}, 20,
168 {0x08, 0x5a, 0x01, 0xea, 0x1b, 0x10, 0xf3, 0x69,
169 0x33, 0x06, 0x8b, 0x56, 0xef, 0xa5, 0xad, 0x81,
170 0xa4, 0xf1, 0x4b, 0x82, 0x2f, 0x5b, 0x09, 0x15,
171 0x68, 0xa9, 0xcd, 0xd4, 0xf1, 0x55, 0xfd, 0xa2,
172 0xc2, 0x2e, 0x42, 0x24, 0x78, 0xd3, 0x05, 0xf3,
175 /* Test with SHA-1 and longer inputs/outputs */
177 {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
178 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
179 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
180 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
181 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
182 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
183 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
184 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
185 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
186 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f}, 80,
187 {0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
188 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
189 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
190 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
191 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
192 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
193 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
194 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
195 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
196 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf}, 80,
197 {0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
198 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
199 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
200 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
201 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
202 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
203 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
204 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
205 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
206 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff}, 80,
207 {0x8a, 0xda, 0xe0, 0x9a, 0x2a, 0x30, 0x70, 0x59,
208 0x47, 0x8d, 0x30, 0x9b, 0x26, 0xc4, 0x11, 0x5a,
209 0x22, 0x4c, 0xfa, 0xf6}, 20,
210 {0x0b, 0xd7, 0x70, 0xa7, 0x4d, 0x11, 0x60, 0xf7,
211 0xc9, 0xf1, 0x2c, 0xd5, 0x91, 0x2a, 0x06, 0xeb,
212 0xff, 0x6a, 0xdc, 0xae, 0x89, 0x9d, 0x92, 0x19,
213 0x1f, 0xe4, 0x30, 0x56, 0x73, 0xba, 0x2f, 0xfe,
214 0x8f, 0xa3, 0xf1, 0xa4, 0xe5, 0xad, 0x79, 0xf3,
215 0xf3, 0x34, 0xb3, 0xb2, 0x02, 0xb2, 0x17, 0x3c,
216 0x48, 0x6e, 0xa3, 0x7c, 0xe3, 0xd3, 0x97, 0xed,
217 0x03, 0x4c, 0x7f, 0x9d, 0xfe, 0xb1, 0x5c, 0x5e,
218 0x92, 0x73, 0x36, 0xd0, 0x44, 0x1f, 0x4c, 0x43,
219 0x00, 0xe2, 0xcf, 0xf0, 0xd0, 0x90, 0x0b, 0x52,
221 /* Test with SHA-1 and zero-length salt/info */
223 {0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
224 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
225 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}, 22,
228 {0xda, 0x8c, 0x8a, 0x73, 0xc7, 0xfa, 0x77, 0x28,
229 0x8e, 0xc6, 0xf5, 0xe7, 0xc2, 0x97, 0x78, 0x6a,
230 0xa0, 0xd3, 0x2d, 0x01}, 20,
231 {0x0a, 0xc1, 0xaf, 0x70, 0x02, 0xb3, 0xd7, 0x61,
232 0xd1, 0xe5, 0x52, 0x98, 0xda, 0x9d, 0x05, 0x06,
233 0xb9, 0xae, 0x52, 0x05, 0x72, 0x20, 0xa3, 0x06,
234 0xe0, 0x7b, 0x6b, 0x87, 0xe8, 0xdf, 0x21, 0xd0,
235 0xea, 0x00, 0x03, 0x3d, 0xe0, 0x39, 0x84, 0xd3,
237 /* Test with SHA-1, salt not provided (defaults to HashLen zero octets),
240 {0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
241 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
242 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c}, 22,
243 {0}, 0, /* pass a null pointer */
245 {0x2a, 0xdc, 0xca, 0xda, 0x18, 0x77, 0x9e, 0x7c,
246 0x20, 0x77, 0xad, 0x2e, 0xb1, 0x9d, 0x3f, 0x3e,
247 0x73, 0x13, 0x85, 0xdd}, 20,
248 {0x2c, 0x91, 0x11, 0x72, 0x04, 0xd7, 0x45, 0xf3,
249 0x50, 0x0d, 0x63, 0x6a, 0x62, 0xf6, 0x4f, 0x0a,
250 0xb3, 0xba, 0xe5, 0x48, 0xaa, 0x53, 0xd4, 0x23,
251 0xb0, 0xd1, 0xf2, 0x7e, 0xbb, 0xa6, 0xf5, 0xe5,
252 0x67, 0x3a, 0x08, 0x1d, 0x70, 0xcc, 0xe7, 0xac,
254 #endif /* LTC_TEST_EXT */
255 #endif /* LTC_SHA1 */
259 int tested=0,failed=0;
260 for(i=0; i < (int)(sizeof(cases) / sizeof(cases[0])); i++) {
261 int hash = find_hash(cases[i].Hash);
262 if (hash == -1) continue;
264 if((err = hkdf(hash, cases[i].salt, cases[i].salt_l,
265 cases[i].info, cases[i].info_l,
266 cases[i].IKM, cases[i].IKM_l,
267 OKM, cases[i].OKM_l)) != CRYPT_OK) {
268 #if defined(LTC_TEST_DBG) && (LTC_TEST_DBG > 1)
269 printf("LTC_HKDF-%s test #%d, %s\n", cases[i].Hash, i, error_to_string(err));
274 if(compare_testvector(OKM, cases[i].OKM_l, cases[i].OKM, (size_t)cases[i].OKM_l, "HKDF", cases[i].num)) {
280 return CRYPT_FAIL_TESTVECTOR;
281 } else if (tested == 0) {
292 /* ref: $Format:%D$ */
293 /* git commit: $Format:%H$ */
294 /* commit time: $Format:%ai$ */
projects / zpackage / blob