[tahoe-dev] HKDF implementation in C

yu xue xueyu7452 at gmail.com
Tue Aug 10 07:00:35 UTC 2010 

Hi, Nils:
I wrote a short informal test program. It looks that our results are agreed.
Thank you !
My test program is as follows:

#!/usr/bin/env python
from binascii import a2b_hex, b2a_hex
from pycryptopp.hash import sha256, hkdf
from hashlib import sha1

ikm1 = "0b"*22
salt1 = "000102030405060708090a0b0c"
info1 = "f0f1f2f3f4f5f6f7f8f9"
okm1 =
"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865"

hk1 = hkdf.new(a2b_hex(ikm1), 42, a2b_hex(salt1), a2b_hex(info1),
sha256.SHA256)
hk1.extract()
if ( b2a_hex(hk1.expand()) != okm1 ):
    print "the 1st case is wrong\n"

ikm2 =
"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f"
salt2 =
"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf"
info2 =
"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff"
okm2 =
"b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87"
hk2 = hkdf.new(a2b_hex(ikm2), 82, a2b_hex(salt2), a2b_hex(info2),
sha256.SHA256)
hk2.extract()
if ( b2a_hex(hk2.expand()) != okm2 ):
    print "the 2st case is wrong\n"

ikm3 = "0b"*22;
okm3 =
"8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8"
hk3 = hkdf.new(a2b_hex(ikm3), 42)
hk3.extract()
if ( b2a_hex(hk3.expand()) != okm3 ):
    print "the 3rd case is wrong\n"

ikm4 = "0b"*11
salt4 = "000102030405060708090a0b0c"
info4 = "f0f1f2f3f4f5f6f7f8f9"
okm4 =
"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896"
hk4 = hkdf.new(a2b_hex(ikm4), 42, a2b_hex(salt4), a2b_hex(info4), sha1)
hk4.extract()
if ( b2a_hex(hk4.expand()) != okm4 ):
    print "d1:",d1,'\n'
    print "the 4th case is wrong\n"

ikm5 =
"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f"
salt5 =
"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf"
info5 =
"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff"
okm5 =
"0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4"
hk5 = hkdf.new(a2b_hex(ikm5), 82, a2b_hex(salt5), a2b_hex(info5), sha1)
hk5.extract()
if ( b2a_hex(hk5.expand()) != okm5 ):
    print "the 5th case is wrong\n"

ikm6 = "0b"*22
okm6 =
"0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918"
hk6 = hkdf.new(a2b_hex(ikm6), 42, None, "", sha1)
hk6.extract()
if ( b2a_hex(hk6.expand()) != okm6):
    print "the 6th case is wrong\n"

Regards
   Yu Xue
2010/8/10 Nils Durner <ndurner at googlemail.com>

> Hi Yu Xue,
>
> Zooko told me that you've created an independent implementation of HKDF
> in Python. I have done the same thing in C:
>    Source: https://gnunet.org/svn/gnunet/src/util/crypto_hkdf.c
>    Unit test: https://gnunet.org/svn/gnunet/src/util/test_crypto_hkdf.c
>
> We should compare results of our implementations to verify correctness
> beyond the test vectors given in the RFC, maybe by utilizing the concept
> proposed by Niels Ferguson for testing AES:
> http://blogs.msdn.com/b/si_team/archive/2006/05/19/aes-test-vectors.aspx
>
> Either way, you're welcome to use (and dual relicense) my source in
> Tahoe LAFS as you like.
>
>
> Regards,
>
> Nils
>



-- 
     此致
敬礼!
                       薛宇

                   身前身后
                   是时间的深渊
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20100810/35150fd7/attachment-0001.html>

More information about the tahoe-dev mailing list