Whoops.... I did not perform the `git add`, so the main file was omitted...
Its attached and below.
// hkdf.h - written by Jeffrey Walton. Copyright assigned to Crypto++
project
#ifndef CRYPTOPP_HASH_KEY_DERIVATION_FUNCTION_H
#define CRYPTOPP_HASH_KEY_DERIVATION_FUNCTION_H
#include "cryptlib.h"
#include "hmac.h"
#include "hrtimer.h"
#include <cstring>
NAMESPACE_BEGIN(CryptoPP)
//! abstract base class for key derivation function
class KeyDerivationFunction
{
public:
virtual size_t MaxDerivedKeyLength() const =0;
virtual bool UsesContext() const =0;
//! derive key from secret
virtual unsigned int DeriveKey(byte *derived, size_t derivedLen, const
byte *secret, size_t secretLen, const byte *salt, size_t saltLen, const
byte* context=NULL, size_t contextLen=0) const =0;
// If salt is missing, then use the NULL vector. The length depends on
the Hash function.
static const byte s_NullVector[64];
};
const byte KeyDerivationFunction::s_NullVector[64] =
{0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
//! HKDF from RFC 5869, T should be a HashTransformation class
template <class T>
class CRYPTOPP_DLL HKDF : public KeyDerivationFunction
{
public:
size_t MaxDerivedKeyLength() const {return
static_cast<size_t>(T::DIGESTSIZE) * 255;}
bool UsesContext() const {return true;}
unsigned int DeriveKey(byte *derived, size_t derivedLen, const byte
*secret, size_t secretLen, const byte *salt, size_t saltLen, const byte*
context, size_t contextLen) const;
};
template <class T>
unsigned int HKDF<T>::DeriveKey(byte *derived, size_t derivedLen, const
byte *secret, size_t secretLen, const byte *salt, size_t saltLen, const
byte* context, size_t contextLen) const
{
static const size_t DIGEST_SIZE = static_cast<size_t>(T::DIGESTSIZE);
CRYPTOPP_COMPILE_ASSERT(DIGEST_SIZE <= COUNTOF(s_NullVector));
assert(derived && derivedLen);
assert(secret && secretLen);
assert(derivedLen <= MaxDerivedKeyLength());
if(derivedLen > MaxDerivedKeyLength())
throw InvalidArgument("HKDF: derivedLen must be less than or equal
to MaxDerivedKeyLength");
HMAC<T> hmac;
SecByteBlock prk(DIGEST_SIZE), buffer(DIGEST_SIZE);
// Extract
const byte* key = (salt ? salt : s_NullVector);
const size_t klen = (salt ? saltLen : DIGEST_SIZE);
hmac.SetKey(key, klen);
hmac.CalculateDigest(prk, secret, secretLen);
// Expand
hmac.SetKey(prk.data(), prk.size());
byte block = 0;
while (derivedLen > 0)
{
if(block++) {hmac.Update(buffer, buffer.size());}
if(context) {hmac.Update(context, contextLen);}
hmac.CalculateDigest(buffer, &block, 1);
size_t segmentLen = STDMIN(derivedLen, DIGEST_SIZE);
std::memcpy(derived, buffer, segmentLen);
derived += segmentLen;
derivedLen -= segmentLen;
}
return 1;
}
NAMESPACE_END
#endif // CRYPTOPP_HASH_KEY_DERIVATION_FUNCTION_H
On Friday, July 3, 2015 at 5:17:15 AM UTC-4, Jeffrey Walton wrote:
>
> I'd like to add the following to the library. It provides Krawczyk and
> Eronen's HKDF.
>
> The patch has a few more changes, like the addition of COUNTOF to
> validat3.cpp, but don't focus on them.
>
> Any comments or objections?
>
> **********
> diff --git a/config.h b/config.h
> index d853b33..1667598 100644
> --- a/config.h
> +++ b/config.h
> @@ -96,6 +96,12 @@ typedef unsigned char byte; // put in global
> namespace to avoid ambiguity with
>
> #define CRYPTOPP_UNUSED(x) ((void)x) // cast to void. Portable way
> to suppress unused variable
>
> +#if defined(_MSC_VER) && (_MSC_VER >= 1400) // VS2005 added
> _countof macro
> +# defined COUNTOF(x) _countof(x)
> +#else
> +# define COUNTOF(x) (sizeof(x)/sizeof(x[0]))
> +#endif
> +
> NAMESPACE_BEGIN(CryptoPP)
>
> typedef unsigned short word16;
> diff --git a/validat1.cpp b/validat1.cpp
> index 7c4ca2f..4287a9f 100644
> --- a/validat1.cpp
> +++ b/validat1.cpp
> @@ -67,6 +67,7 @@ bool ValidateAll(bool thorough)
> pass=ValidateTTMAC() && pass;
>
> pass=ValidatePBKDF() && pass;
> + pass=ValidateHKDF() && pass;
>
> pass=ValidateDES() && pass;
> pass=ValidateCipherModes() && pass;
> diff --git a/validat3.cpp b/validat3.cpp
> index 07b6334..ff49f51 100644
> --- a/validat3.cpp
> +++ b/validat3.cpp
> @@ -16,6 +16,7 @@
>
> #include "hmac.h"
> #include "ttmac.h"
> +#include "hkdf.h"
>
> #include "integer.h"
> #include "pwdbased.h"
> @@ -568,25 +568,102 @@ bool ValidatePBKDF()
> {3, 1000, "007100750065006500670000", "263216FCC2FAB31C",
> "5EC4C7A80DF652294C3925B6489A7AB857C83476"}
> };
>
> - PKCS12_PBKDF<SHA1> pbkdf;
> + PKCS12_PBKDF<SHA1> pbkdf1;
>
> cout << "\nPKCS #12 PBKDF validation suite running...\n\n";
> - pass = TestPBKDF(pbkdf, testSet, sizeof(testSet)/sizeof(testSet[0]))
> && pass;
> - }
> + pass = TestPBKDF(pbkdf1, testSet1, COUNTOF(testSet1)) && pass;
>
> - {
> // from draft-ietf-smime-password-03.txt, at
> http://www.imc.org/draft-ietf-smime-password
> - PBKDF_TestTuple testSet[] =
> + static const PBKDF_TestTuple testSet2[] =
> {
> {0, 5, "70617373776f7264", "1234567878563412",
> "D1DAA78615F287E6"},
> {0, 500,
> "416C6C206E2D656E746974696573206D75737420636F6D6D756E69636174652077697468206F74686572206E2d656E74697469657320766961206E2D3120656E746974656568656568656573",
>
> "1234567878563412","6A8970BF68C92CAEA84A8DF28510858607126380CC47AB2D"}
> };
>
> - PKCS5_PBKDF2_HMAC<SHA1> pbkdf;
> + PKCS5_PBKDF2_HMAC<SHA1> pbkdf2;
>
> cout << "\nPKCS #5 PBKDF2 validation suite running...\n\n";
> - pass = TestPBKDF(pbkdf, testSet, sizeof(testSet)/sizeof(testSet[0]))
> && pass;
> + pass = TestPBKDF(pbkdf2, testSet2, COUNTOF(testSet2)) && pass;
> +
> + return pass;
> +}
> +
> +struct HKDF_TestTuple
> +{
> + const char *hexSecret, *hexSalt, *hexContext, *hexDerivedKey;
> + size_t len;
> +};
> +
> +bool TestHKDF(KeyDerivationFunction &kdf, const HKDF_TestTuple *testSet,
> unsigned int testSetSize)
> +{
> + bool pass = true;
> + static const string EMPTY = "";
> +
> + for (unsigned int i=0; i<testSetSize; i++)
> + {
> + const HKDF_TestTuple &tuple = testSet[i];
> +
> + string secret, context, salt, derivedKey;
> + StringSource(tuple.hexSecret, true, new HexDecoder(new
> StringSink(secret)));
> + StringSource(tuple.hexSalt ? tuple.hexSalt : EMPTY, true, new
> HexDecoder(new StringSink(salt)));
> + StringSource(tuple.hexContext ? tuple.hexContext : EMPTY, true,
> new HexDecoder(new StringSink(context)));
> + StringSource(tuple.hexDerivedKey, true, new HexDecoder(new
> StringSink(derivedKey)));
> +
> + SecByteBlock derived(derivedKey.size());
> + assert(derived.size() == tuple.len);
> +
> + kdf.DeriveKey(derived, derived.size(), (byte *)secret.data(),
> secret.size(), (byte *)salt.data(), salt.size(), (byte*)context.data(),
> context.size());
> + bool fail = !VerifyBufsEqual(derived, reinterpret_cast<const
> unsigned char*>(derivedKey.data()), derived.size());
> + pass = pass && !fail;
> +
> + HexEncoder enc(new FileSink(cout));
> + cout << (fail ? "FAILED " : "passed ");
> + cout << " " << tuple.hexSecret << " " << (tuple.hexSalt ?
> tuple.hexSalt : "<NO SALT>");
> + cout << " " << (tuple.hexContext ? tuple.hexContext : "<NO CTX>")
> << " ";
> + enc.Put(derived, derived.size());
> + cout << endl;
> }
>
> return pass;
> }
> +
> +bool ValidateHKDF()
> +{
> + bool pass = true;
> +
> + // SHA-1 from RFC 5869, Appendix A,
> https://tools.ietf.org/html/rfc5869
> + static const HKDF_TestTuple testSet1[] =
> + {
> + // Test Case #4
> + {"0b0b0b0b0b0b0b0b0b0b0b", "000102030405060708090a0b0c",
> "f0f1f2f3f4f5f6f7f8f9", "085a01ea1b10f36933068b56efa5ad81
> a4f14b822f5b091568a9cdd4f155fda2 c22e422478d305f3f896", 42},
> + // Test Case #5
> + {"000102030405060708090a0b0c0d0e0f
> 101112131415161718191a1b1c1d1e1f 202122232425262728292a2b2c2d2e2f
> 303132333435363738393a3b3c3d3e3f 404142434445464748494a4b4c4d4e4f",
> "606162636465666768696a6b6c6d6e6f 707172737475767778797a7b7c7d7e7f
> 808182838485868788898a8b8c8d8e8f 909192939495969798999a9b9c9d9e9f
> a0a1a2a3a4a5a6a7a8a9aaabacadaeaf", "b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
> c0c1c2c3c4c5c6c7c8c9cacbcccdcecf d0d1d2d3d4d5d6d7d8d9dadbdcdddedf
> e0e1e2e3e4e5e6e7e8e9eaebecedeeef f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
> "0bd770a74d1160f7c9f12cd5912a06eb ff6adcae899d92191fe4305673ba2ffe
> 8fa3f1a4e5ad79f3f334b3b202b2173c 486ea37ce3d397ed034c7f9dfeb15c5e
> 927336d0441f4c4300e2cff0d0900b52 d3b4", 82},
> + // Test Case #6
> + {"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", NULL, NULL,
> "0ac1af7002b3d761d1e55298da9d0506 b9ae52057220a306e07b6b87e8df21d0
> ea00033de03984d34918", 42}
> + };
> +
> + HKDF<SHA1> kdf1;
> +
> + cout << "\nRFC 5869 HKDF(SHA-1) validation suite running...\n\n";
> + pass = TestHKDF(kdf1, testSet1, COUNTOF(testSet1)) && pass;
> +
> +
> + // SHA-256 from RFC 5869, Appendix A,
> https://tools.ietf.org/html/rfc5869
> + static const HKDF_TestTuple testSet2[] =
> + {
> + // Test Case #1
> + {"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
> "000102030405060708090a0b0c", "f0f1f2f3f4f5f6f7f8f9",
> "3cb25f25faacd57a90434f64d0362f2a 2d2d0a90cf1a5a4c5db02d56ecc4c5bf
> 34007208d5b887185865", 42},
> + // Test Case #2
> + {"000102030405060708090a0b0c0d0e0f
> 101112131415161718191a1b1c1d1e1f 202122232425262728292a2b2c2d2e2f
> 303132333435363738393a3b3c3d3e3f 404142434445464748494a4b4c4d4e4f",
> "606162636465666768696a6b6c6d6e6f 707172737475767778797a7b7c7d7e7f
> 808182838485868788898a8b8c8d8e8f 909192939495969798999a9b9c9d9e9f
> a0a1a2a3a4a5a6a7a8a9aaabacadaeaf", "b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
> c0c1c2c3c4c5c6c7c8c9cacbcccdcecf d0d1d2d3d4d5d6d7d8d9dadbdcdddedf
> e0e1e2e3e4e5e6e7e8e9eaebecedeeef f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff",
> "b11e398dc80327a1c8e7f78c596a4934 4f012eda2d4efad8a050cc4c19afa97c
> 59045a99cac7827271cb41c65e590e09 da3275600c2f09b8367793a9aca3db71
> cc30c58179ec3e87c14c01d5c1f3434f 1d87", 82},
> + // Test Case #3
> + {"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", NULL, NULL,
> "8da4e775a563c18f715f802a063c5a31 b8a11f5c5ee1879ec3454e5f3c738d2d
> 9d201395faa4b61a96c8",42}
> + };
> +
> + HKDF<SHA256> kdf2;
> +
> + cout << "\nRFC 5869 HKDF(SHA-256) validation suite running...\n\n";
> + pass = TestHKDF(kdf2, testSet2, COUNTOF(testSet2)) && pass;
> +
> + return pass;
> +}
> +
> diff --git a/validate.h b/validate.h
> index 0ab23cb..620f88a 100644
> --- a/validate.h
> +++ b/validate.h
> @@ -25,6 +25,7 @@ bool ValidateTTMAC();
>
> bool ValidateCipherModes();
> bool ValidatePBKDF();
> +bool ValidateHKDF();
>
> bool ValidateDES();
> bool ValidateIDEA();
>
>
--
--
You received this message because you are subscribed to the "Crypto++ Users"
Google Group.
To unsubscribe, send an email to [email protected].
More information about Crypto++ and this group is available at
http://www.cryptopp.com.
---
You received this message because you are subscribed to the Google Groups
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
// hkdf.h - written by Jeffrey Walton. Copyright assigned to Crypto++ project
#ifndef CRYPTOPP_HASH_KEY_DERIVATION_FUNCTION_H
#define CRYPTOPP_HASH_KEY_DERIVATION_FUNCTION_H
#include "cryptlib.h"
#include "hmac.h"
#include "hrtimer.h"
#include <cstring>
NAMESPACE_BEGIN(CryptoPP)
//! abstract base class for key derivation function
class KeyDerivationFunction
{
public:
virtual size_t MaxDerivedKeyLength() const =0;
virtual bool UsesContext() const =0;
//! derive key from secret
virtual unsigned int DeriveKey(byte *derived, size_t derivedLen, const byte *secret, size_t secretLen, const byte *salt, size_t saltLen, const byte* context=NULL, size_t contextLen=0) const =0;
// If salt is missing, then use the NULL vector. The length depends on the Hash function.
static const byte s_NullVector[64];
};
const byte KeyDerivationFunction::s_NullVector[64] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
//! HKDF from RFC 5869, T should be a HashTransformation class
template <class T>
class CRYPTOPP_DLL HKDF : public KeyDerivationFunction
{
public:
size_t MaxDerivedKeyLength() const {return static_cast<size_t>(T::DIGESTSIZE) * 255;}
bool UsesContext() const {return true;}
unsigned int DeriveKey(byte *derived, size_t derivedLen, const byte *secret, size_t secretLen, const byte *salt, size_t saltLen, const byte* context, size_t contextLen) const;
};
template <class T>
unsigned int HKDF<T>::DeriveKey(byte *derived, size_t derivedLen, const byte *secret, size_t secretLen, const byte *salt, size_t saltLen, const byte* context, size_t contextLen) const
{
static const size_t DIGEST_SIZE = static_cast<size_t>(T::DIGESTSIZE);
CRYPTOPP_COMPILE_ASSERT(DIGEST_SIZE <= COUNTOF(s_NullVector));
assert(derived && derivedLen);
assert(secret && secretLen);
assert(derivedLen <= MaxDerivedKeyLength());
if(derivedLen > MaxDerivedKeyLength())
throw InvalidArgument("HKDF: derivedLen must be less than or equal to MaxDerivedKeyLength");
HMAC<T> hmac;
SecByteBlock prk(DIGEST_SIZE), buffer(DIGEST_SIZE);
// Extract
const byte* key = (salt ? salt : s_NullVector);
const size_t klen = (salt ? saltLen : DIGEST_SIZE);
hmac.SetKey(key, klen);
hmac.CalculateDigest(prk, secret, secretLen);
// Expand
hmac.SetKey(prk.data(), prk.size());
byte block = 0;
while (derivedLen > 0)
{
if(block++) {hmac.Update(buffer, buffer.size());}
if(context) {hmac.Update(context, contextLen);}
hmac.CalculateDigest(buffer, &block, 1);
size_t segmentLen = STDMIN(derivedLen, DIGEST_SIZE);
std::memcpy(derived, buffer, segmentLen);
derived += segmentLen;
derivedLen -= segmentLen;
}
return 1;
}
NAMESPACE_END
#endif // CRYPTOPP_HASH_KEY_DERIVATION_FUNCTION_H
