<div>Hi, Nils:</div>
<div>I wrote a short informal test program. It looks that our results are agreed. Thank you !</div>
<div>My test program is as follows:</div>
<div> </div>
<div>#!/usr/bin/env python<br>from binascii import a2b_hex, b2a_hex<br>from pycryptopp.hash import sha256, hkdf<br>from hashlib import sha1</div>
<div> </div>
<div>ikm1 = "0b"*22<br>salt1 = "000102030405060708090a0b0c"<br>info1 = "f0f1f2f3f4f5f6f7f8f9"<br>okm1 = "3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865" <br>
hk1 = hkdf.new(a2b_hex(ikm1), 42, a2b_hex(salt1), a2b_hex(info1), sha256.SHA256)<br>hk1.extract()<br>if ( b2a_hex(hk1.expand()) != okm1 ):<br> print "the 1st case is wrong\n"</div>
<div> </div>
<div>ikm2 = "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f"<br>salt2 = "606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf"<br>
info2 = "b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff"<br>okm2 = "b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87"<br>
hk2 = hkdf.new(a2b_hex(ikm2), 82, a2b_hex(salt2), a2b_hex(info2), sha256.SHA256)<br>hk2.extract()<br>if ( b2a_hex(hk2.expand()) != okm2 ):<br> print "the 2st case is wrong\n"</div>
<div> </div>
<div>ikm3 = "0b"*22;<br>okm3 = "8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8"<br>hk3 = hkdf.new(a2b_hex(ikm3), 42)<br>hk3.extract()<br>if ( b2a_hex(hk3.expand()) != okm3 ):<br>
print "the 3rd case is wrong\n"</div>
<div> </div>
<div>ikm4 = "0b"*11<br>salt4 = "000102030405060708090a0b0c"<br>info4 = "f0f1f2f3f4f5f6f7f8f9"<br>okm4 = "085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896"<br>
hk4 = hkdf.new(a2b_hex(ikm4), 42, a2b_hex(salt4), a2b_hex(info4), sha1)<br>hk4.extract()<br>if ( b2a_hex(hk4.expand()) != okm4 ):<br> print "d1:",d1,'\n'<br> print "the 4th case is wrong\n"</div>
<div> </div>
<div>ikm5 = "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f"<br>salt5 = "606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf"<br>
info5 = "b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff"<br>okm5 = "0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4"<br>
hk5 = hkdf.new(a2b_hex(ikm5), 82, a2b_hex(salt5), a2b_hex(info5), sha1)<br>hk5.extract()<br>if ( b2a_hex(hk5.expand()) != okm5 ):<br> print "the 5th case is wrong\n"</div>
<div> </div>
<div>ikm6 = "0b"*22<br>okm6 = "0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918"<br>hk6 = hkdf.new(a2b_hex(ikm6), 42, None, "", sha1)<br>hk6.extract()<br>
if ( b2a_hex(hk6.expand()) != okm6):<br> print "the 6th case is wrong\n"<br> <br>Regards</div>
<div> Yu Xue<br></div>
<div class="gmail_quote">2010/8/10 Nils Durner <span dir="ltr"><<a href="mailto:ndurner@googlemail.com">ndurner@googlemail.com</a>></span><br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">Hi Yu Xue,<br><br>Zooko told me that you've created an independent implementation of HKDF<br>in Python. I have done the same thing in C:<br>
Source: <a href="https://gnunet.org/svn/gnunet/src/util/crypto_hkdf.c" target="_blank">https://gnunet.org/svn/gnunet/src/util/crypto_hkdf.c</a><br> Unit test: <a href="https://gnunet.org/svn/gnunet/src/util/test_crypto_hkdf.c" target="_blank">https://gnunet.org/svn/gnunet/src/util/test_crypto_hkdf.c</a><br>
<br>We should compare results of our implementations to verify correctness<br>beyond the test vectors given in the RFC, maybe by utilizing the concept<br>proposed by Niels Ferguson for testing AES:<br><a href="http://blogs.msdn.com/b/si_team/archive/2006/05/19/aes-test-vectors.aspx" target="_blank">http://blogs.msdn.com/b/si_team/archive/2006/05/19/aes-test-vectors.aspx</a><br>
<br>Either way, you're welcome to use (and dual relicense) my source in<br>Tahoe LAFS as you like.<br><br><br>Regards,<br><font color="#888888"><br>Nils<br></font></blockquote></div><br><br clear="all"><br>-- <br> 此致<br>
敬礼!<br> 薛宇<br> <br> 身前身后<br> 是时间的深渊<br>