aboutsummaryrefslogtreecommitdiffstats
path: root/docs/development/custom-vectors
diff options
context:
space:
mode:
authorPaul Kehrer <paul.l.kehrer@gmail.com>2018-01-06 15:00:28 -0600
committerAlex Gaynor <alex.gaynor@gmail.com>2018-01-06 16:00:28 -0500
commit323f2ad66befb13ec3b31b5ab99c9448b9a6b067 (patch)
treeebf189232140ab50ae11d04229f45b03a5e7fa09 /docs/development/custom-vectors
parentf8327a977f31ef1d66c11555d65deb1c3f263bc5 (diff)
downloadcryptography-323f2ad66befb13ec3b31b5ab99c9448b9a6b067.tar.gz
cryptography-323f2ad66befb13ec3b31b5ab99c9448b9a6b067.tar.bz2
cryptography-323f2ad66befb13ec3b31b5ab99c9448b9a6b067.zip
add 1200 byte HKDF test vector and a generator/verifier for it (#4074)
* add 1200 byte HKDF test vector and a generator/verifier for it * exit non-zero when failing * ugh
Diffstat (limited to 'docs/development/custom-vectors')
-rw-r--r--docs/development/custom-vectors/hkdf.rst28
-rw-r--r--docs/development/custom-vectors/hkdf/generate_hkdf.py39
-rw-r--r--docs/development/custom-vectors/hkdf/verify_hkdf.go69
3 files changed, 136 insertions, 0 deletions
diff --git a/docs/development/custom-vectors/hkdf.rst b/docs/development/custom-vectors/hkdf.rst
new file mode 100644
index 00000000..0e1a729a
--- /dev/null
+++ b/docs/development/custom-vectors/hkdf.rst
@@ -0,0 +1,28 @@
+HKDF vector creation
+====================
+
+This page documents the code that was used to generate a longer
+HKDF test vector (1200 bytes) than is available in RFC 5869. All
+the vectors were generated using OpenSSL and verified with Go.
+
+Creation
+--------
+
+The following Python script was run to generate the vector files.
+
+.. literalinclude:: /development/custom-vectors/hkdf/generate_hkdf.py
+
+Download link: :download:`generate_hkdf.py
+</development/custom-vectors/hkdf/generate_hkdf.py>`
+
+
+Verification
+------------
+
+The following Go code was used to verify the vectors.
+
+.. literalinclude:: /development/custom-vectors/hkdf/verify_hkdf.go
+ :language: go
+
+Download link: :download:`verify_hkdf.go
+</development/custom-vectors/hkdf/verify_hkdf.go>`
diff --git a/docs/development/custom-vectors/hkdf/generate_hkdf.py b/docs/development/custom-vectors/hkdf/generate_hkdf.py
new file mode 100644
index 00000000..767aedd8
--- /dev/null
+++ b/docs/development/custom-vectors/hkdf/generate_hkdf.py
@@ -0,0 +1,39 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+import binascii
+
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.primitives.kdf.hkdf import HKDF
+
+IKM = binascii.unhexlify(b"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b")
+L = 1200
+OKM = HKDF(
+ algorithm=hashes.SHA256(), length=L, salt=None, info=None,
+ backend=default_backend()
+).derive(IKM)
+
+
+def _build_vectors():
+ output = []
+ output.append("COUNT = 0")
+ output.append("Hash = SHA-256")
+ output.append("IKM = " + binascii.hexlify(IKM).decode("ascii"))
+ output.append("salt = ")
+ output.append("info = ")
+ output.append("L = {}".format(L))
+ output.append("OKM = " + binascii.hexlify(OKM).decode("ascii"))
+ return "\n".join(output)
+
+
+def _write_file(data, filename):
+ with open(filename, 'w') as f:
+ f.write(data)
+
+
+if __name__ == '__main__':
+ _write_file(_build_vectors(), 'hkdf.txt')
diff --git a/docs/development/custom-vectors/hkdf/verify_hkdf.go b/docs/development/custom-vectors/hkdf/verify_hkdf.go
new file mode 100644
index 00000000..ddeb3d8e
--- /dev/null
+++ b/docs/development/custom-vectors/hkdf/verify_hkdf.go
@@ -0,0 +1,69 @@
+package main
+
+import (
+ "bufio"
+ "bytes"
+ "crypto/sha256"
+ "encoding/hex"
+ "fmt"
+ "golang.org/x/crypto/hkdf"
+ "io"
+ "os"
+ "strconv"
+ "strings"
+)
+
+func unhexlify(s string) []byte {
+ bytes, err := hex.DecodeString(s)
+ if err != nil {
+ panic(err)
+ }
+ return bytes
+}
+
+func verifier(l uint64, ikm, okm []byte) bool {
+ hash := sha256.New
+ hkdf := hkdf.New(hash, ikm, nil, nil)
+ okmComputed := make([]byte, l)
+ io.ReadFull(hkdf, okmComputed)
+ return bytes.Equal(okmComputed, okm)
+}
+
+func validateVectors(filename string) bool {
+ vectors, err := os.Open(filename)
+ if err != nil {
+ panic(err)
+ }
+ defer vectors.Close()
+
+ var segments []string
+ var l uint64
+ var ikm, okm string
+
+ scanner := bufio.NewScanner(vectors)
+ for scanner.Scan() {
+ segments = strings.Split(scanner.Text(), " = ")
+
+ switch {
+ case strings.ToUpper(segments[0]) == "L":
+ l, err = strconv.ParseUint(segments[1], 10, 64)
+ if err != nil {
+ panic(err)
+ }
+ case strings.ToUpper(segments[0]) == "IKM":
+ ikm = segments[1]
+ case strings.ToUpper(segments[0]) == "OKM":
+ okm = segments[1]
+ }
+ }
+ return verifier(l, unhexlify(ikm), unhexlify(okm))
+}
+
+func main() {
+ if validateVectors("vectors/cryptography_vectors/KDF/hkdf-generated.txt") {
+ fmt.Println("HKDF OK.")
+ } else {
+ fmt.Println("HKDF failed.")
+ os.Exit(1)
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-01 06:35:02 +0000