mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-26 12:39:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add test cases for output validation of pbkdf2 cmac

Browse Source 
PBKDF2_AES_CMAC_PRF_128 test vectors are generated using PyCryptodome library:
https://github.com/Legrandin/pycryptodome

Steps to generate test vectors:
1. pip install pycryptodome
2. Use the python script below to generate Derived key (see description for details):

Example usage:
pbkdf2_cmac.py <password> <salt> <number_of_iterations> <derived_key_len>
derive_ms.py 4a30314e4d45 54687265616437333563383762344f70656e54687265616444656d6f 16384 16

password         : 4a30314e4d45
salt             : 54687265616437333563383762344f70656e54687265616444656d6f
input cost       : 16384
derived key len  : 16
output           : 8b27beed7e7a4dd6c53138c879a8e33c

"""
from Crypto.Protocol.KDF import PBKDF2
from Crypto.Hash import CMAC
from Crypto.Cipher import AES
import sys

def main():
    #check args
    if len(sys.argv) != 5:
        print("Invalid number of arguments. Expected: <password> <salt> <input_cost> <derived_key_len>")
        return

    password    = bytes.fromhex(sys.argv[1])
    salt        = bytes.fromhex(sys.argv[2])
    iterations  = int(sys.argv[3])
    dklen       = int(sys.argv[4])

    # If password is not 16 bytes then we need to use CMAC to derive the password
    if len(password) != 16:
        zeros     = bytes.fromhex("00000000000000000000000000000000")
        cobj_pass = CMAC.new(zeros, msg=password, ciphermod=AES, mac_len=16)
        passwd    = bytes.fromhex(cobj_pass.hexdigest())
    else:
        passwd = password

    cmac_prf = lambda p,s: CMAC.new(p, s, ciphermod=AES, mac_len=16).digest()

    actual_output = PBKDF2(passwd, salt=salt, dkLen=dklen, count=iterations, prf=cmac_prf)

    print('password         : ' + password.hex())
    print('salt             : ' + salt.hex())
    print('input cost       : ' + str(iterations))
    print('derived key len  : ' + str(dklen))
    print('output           : ' + actual_output.hex())

if __name__ == "__main__":
    main()
"""

Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
This commit is contained in:
Kusumit Ghoderao 2023-06-22 15:47:25 +05:30
parent 1d3fca21b1
commit 9d4c74f25c
1 changed files with 37 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
tests/suites/test_suite_psa_crypto.data
View File

@ -6398,6 +6398,43 @@ PSA key derivation: PBKDF2-HMAC(SHA-1), RFC6070 #1, 20+1 (over capacity)
depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_1
derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"0c60c80f961f0e71f3a9b524af6012062fe037a6":"00":0:1:0
PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, 16+0
depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"54687265616437333563383762344f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"8b27beed7e7a4dd6c53138c879a8e33c":"":0:1:0
PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, 15+1
depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"54687265616437333563383762344f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"8b27beed7e7a4dd6c53138c879a8e3":"3c":0:1:0
PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, 0+16
depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"54687265616437333563383762344f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"":"8b27beed7e7a4dd6c53138c879a8e33c":0:1:0
#The following test vectors were generated by a python script. Details can be found in the commit message.
PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 1
depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"1b72f6419173a06e27777606a315876ec71227de":"":0:1:0
PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 2
depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"02":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"160597e28021fb3dd9cf088b007b688360fed438":"":0:1:0
PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 3
depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"1000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"38ba9795fe87e47d519eacb77e82e35daa795870":"":0:1:0
PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 4
depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"1000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c7453414c5473616c7453414c5473616c7453414c5473616c7453414c5473616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f726450415353574f524470617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":25:"25e7c43283d2e98cb6d9537a783e93153a45595a876779e00d":"":0:1:0
PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 5
depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"1000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"7361006c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"7061737300776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"3d2828c5a437d781e7733ca353c40579":"":0:1:0
PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 6
depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"706173737764":PSA_SUCCESS:0:"":PSA_SUCCESS:"":64:"28e288c6345bb5ecf7ca70274208a3ba0f1148b5868537d5e09d3ee6813b1f524d9ecbf864eb814a46cda50ad5ec4c0dc03578c6c5fb4a3f9880deb5cab537e4":"":0:1:0
PSA key derivation: ECJPAKE to PMS, no input
depends_on:PSA_WANT_ALG_SHA_256
derive_ecjpake_to_pms:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SECRET:32:PSA_SUCCESS:"":PSA_ERROR_INVALID_ARGUMENT