tests: Extract-and-Expand HKDF (RFC 5869)

Signed-off-by: Jouni Malinen <j@w1.fi>

src/crypto/crypto_module_tests.c

@@ -1912,6 +1912,135 @@ static int test_fips186_2_prf(void)
 }
 
 
+static int test_extract_expand_hkdf(void)
+{
+	u8 prk[SHA256_MAC_LEN];
+	u8 okm[82];
+
+	/* RFC 5869, A.1 */
+	u8 ikm1[22] = {
+		0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+		0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+		0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b
+	};
+	u8 salt1[13] = {
+		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+		0x08, 0x09, 0x0a, 0x0b, 0x0c
+	};
+	u8 info1[10] = {
+		0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+		0xf8, 0xf9
+	};
+	u8 prk1[32] = {
+		0x07, 0x77, 0x09, 0x36, 0x2c, 0x2e, 0x32, 0xdf,
+		0x0d, 0xdc, 0x3f, 0x0d, 0xc4, 0x7b, 0xba, 0x63,
+		0x90, 0xb6, 0xc7, 0x3b, 0xb5, 0x0f, 0x9c, 0x31,
+		0x22, 0xec, 0x84, 0x4a, 0xd7, 0xc2, 0xb3, 0xe5
+	};
+	u8 okm1[42] = {
+		0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
+		0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
+		0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
+		0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
+		0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
+		0x58, 0x65
+	};
+
+	/* RFC 5869, A.2 */
+	u8 ikm2[80] = {
+		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+		0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+		0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+		0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+		0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+		0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+		0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+		0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+		0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f
+	};
+	u8 salt2[80] = {
+		0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
+		0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+		0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
+		0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
+		0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+		0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+		0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+		0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
+		0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
+		0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf
+	};
+	u8 info2[80] = {
+		0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
+		0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
+		0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+		0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
+		0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
+		0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
+		0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
+		0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
+		0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+		0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
+	};
+	u8 prk2[32] = {
+		0x06, 0xa6, 0xb8, 0x8c, 0x58, 0x53, 0x36, 0x1a,
+		0x06, 0x10, 0x4c, 0x9c, 0xeb, 0x35, 0xb4, 0x5c,
+		0xef, 0x76, 0x00, 0x14, 0x90, 0x46, 0x71, 0x01,
+		0x4a, 0x19, 0x3f, 0x40, 0xc1, 0x5f, 0xc2, 0x44
+	};
+	u8 okm2[82] = {
+		0xb1, 0x1e, 0x39, 0x8d, 0xc8, 0x03, 0x27, 0xa1,
+		0xc8, 0xe7, 0xf7, 0x8c, 0x59, 0x6a, 0x49, 0x34,
+		0x4f, 0x01, 0x2e, 0xda, 0x2d, 0x4e, 0xfa, 0xd8,
+		0xa0, 0x50, 0xcc, 0x4c, 0x19, 0xaf, 0xa9, 0x7c,
+		0x59, 0x04, 0x5a, 0x99, 0xca, 0xc7, 0x82, 0x72,
+		0x71, 0xcb, 0x41, 0xc6, 0x5e, 0x59, 0x0e, 0x09,
+		0xda, 0x32, 0x75, 0x60, 0x0c, 0x2f, 0x09, 0xb8,
+		0x36, 0x77, 0x93, 0xa9, 0xac, 0xa3, 0xdb, 0x71,
+		0xcc, 0x30, 0xc5, 0x81, 0x79, 0xec, 0x3e, 0x87,
+		0xc1, 0x4c, 0x01, 0xd5, 0xc1, 0xf3, 0x43, 0x4f,
+		0x1d, 0x87
+	};
+
+	wpa_printf(MSG_INFO, "Testing Extract-and-Expand HKDF (RFC 5869)");
+
+	wpa_printf(MSG_INFO, "RFC 5869 - Test Case 1");
+	if (hmac_sha256(salt1, sizeof(salt1), ikm1, sizeof(ikm1), prk) < 0)
+		return -1;
+	if (os_memcmp(prk, prk1, SHA256_MAC_LEN) != 0) {
+		wpa_printf(MSG_INFO, "HKDF-Extract mismatch in PRK");
+		return -1;
+	}
+	if (hmac_sha256_kdf(prk1, sizeof(prk1), NULL, info1, sizeof(info1),
+			    okm, sizeof(okm1)) < 0)
+		return -1;
+	if (os_memcmp(okm, okm1, sizeof(okm1)) != 0) {
+		wpa_printf(MSG_INFO, "HKDF-Expand mismatch in OKM");
+		return -1;
+	}
+
+	wpa_printf(MSG_INFO, "RFC 5869 - Test Case 2");
+	if (hmac_sha256(salt2, sizeof(salt2), ikm2, sizeof(ikm2), prk) < 0)
+		return -1;
+	if (os_memcmp(prk, prk2, SHA256_MAC_LEN) != 0) {
+		wpa_printf(MSG_INFO, "HKDF-Extract mismatch in PRK");
+		return -1;
+	}
+	if (hmac_sha256_kdf(prk2, sizeof(prk2), NULL, info2, sizeof(info2),
+			    okm, sizeof(okm2)) < 0)
+		return -1;
+	if (os_memcmp(okm, okm2, sizeof(okm2)) != 0) {
+		wpa_printf(MSG_INFO, "HKDF-Expand mismatch in OKM");
+		return -1;
+	}
+
+	wpa_printf(MSG_INFO, "Extract-and-Expand HKDF test cases passed");
+
+	return 0;
+}
+
+
 static int test_ms_funcs(void)
 {
 #ifndef CONFIG_FIPS
@@ -2030,6 +2159,7 @@ int crypto_module_tests(void)
 	    test_sha256() ||
 	    test_sha384() ||
 	    test_fips186_2_prf() ||
+	    test_extract_expand_hkdf() ||
 	    test_ms_funcs())
 		ret = -1;