[PATCH v4 8/8] test: lib: add test for key derivation
Philippe REYNES
philippe.reynes at softathome.com
Mon Dec 16 18:43:03 CET 2024
Hi Raymond,
Le 13/12/2024 à 18:00, Raymond Mao a écrit :
>
> *This Mail comes from Outside of SoftAtHome: *Do not answer, click
> links or open attachments unless you recognize the sender and know the
> content is safe.**
>
> Hi Philippe,
>
> On Thu, 12 Dec 2024 at 08:37, Philippe Reynes
> <philippe.reynes at softathome.com> wrote:
>
> Adds a test for the function sha256_hkdf.
>
> Signed-off-by: Philippe Reynes <philippe.reynes at softathome.com>
> ---
> test/lib/Makefile | 1 +
> test/lib/test_sha256_hkdf.c | 107
> ++++++++++++++++++++++++++++++++++++
> 2 files changed, 108 insertions(+)
> create mode 100644 test/lib/test_sha256_hkdf.c
>
> diff --git a/test/lib/Makefile b/test/lib/Makefile
> index 4c0abcba81a..24ce6ed8f00 100644
> --- a/test/lib/Makefile
> +++ b/test/lib/Makefile
> @@ -25,6 +25,7 @@ obj-$(CONFIG_UT_LIB_ASN1) += asn1.o
> obj-$(CONFIG_UT_LIB_RSA) += rsa.o
> obj-$(CONFIG_AES) += test_aes.o
> obj-$(CONFIG_SHA256) += test_sha256_hmac.o
> +obj-$(CONFIG_HKDF_MBEDTLS) += test_sha256_hkdf.o
> obj-$(CONFIG_GETOPT) += getopt.o
> obj-$(CONFIG_CRC8) += test_crc8.o
> obj-$(CONFIG_UT_LIB_CRYPT) += test_crypt.o
> diff --git a/test/lib/test_sha256_hkdf.c b/test/lib/test_sha256_hkdf.c
> new file mode 100644
> index 00000000000..00090ffbc24
> --- /dev/null
> +++ b/test/lib/test_sha256_hkdf.c
> @@ -0,0 +1,107 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + * Copyright (c) 2024 Philippe Reynes
> <philippe.reynes at softathome.com>
> + *
> + * Unit tests for sha256_hkdf functions
> + */
> +
> +#include <command.h>
> +#include <test/lib.h>
> +#include <test/test.h>
> +#include <test/ut.h>
> +#include <u-boot/sha256.h>
> +
> +struct test_sha256_hkdf_s {
> + unsigned char *salt;
> + int saltlen;
> + unsigned char *ikm;
> + int ikmlen;
> + unsigned char *info;
> + int infolen;
> + unsigned char *expected;
> + int expectedlen;
> +};
> +
> +/*
> + * data comes from:
> + * https://www.rfc-editor.org/rfc/rfc5869
> <https://www.rfc-editor.org/rfc/rfc5869>
> + */
>
>
> Shall we consider more test vectors for:
> Zero-length salt.
> Zero-length info.
> Maximum-length output.
>
I have added all tests from the RFC. So now, there is 3 tests.
The second test use longer input/output, and the third use
empty salt and info.
> +static unsigned char salt_test1[] = {
> + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
> + 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c };
> +
> +static unsigned char ikm_test1[] = {
> + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
> 0x0b, 0x0b,
> + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
> 0x0b, 0x0b };
> +
> +static unsigned char info_test1[] = {
> + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9 };
> +
> +static unsigned char expected_test1[] = {
> + 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
> + 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
> + 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
> + 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
> + 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
> + 0x58, 0x65 };
> +
> +static struct test_sha256_hkdf_s test_sha256_hkdf[] = {
> + {
> + .salt = salt_test1,
> + .saltlen = sizeof(salt_test1),
> + .ikm = ikm_test1,
> + .ikmlen = sizeof(ikm_test1),
> + .info = info_test1,
> + .infolen = sizeof(info_test1),
> + .expected = expected_test1,
> + .expectedlen = sizeof(expected_test1),
> + },
> +};
> +
> +static int _lib_test_sha256_hkdf_run(struct unit_test_state *uts,
> + unsigned char *salt, int saltlen,
> + unsigned char *ikm, int ikmlen,
> + unsigned char *info, int infolen,
> + unsigned char *expected, int
> expectedlen)
> +{
> + unsigned char output[64];
>
>
> Please use SHA512_SUM_LEN to avoid magic numbers.
For the second test, I have increased this 64 to 256, as the output must
be bigger than
the maximum output size of all tests.
I don't really know which constant I can use... so I have kept 256.
> + int ret;
> +
> + ut_assert(expectedlen <= sizeof(output));
> + ret = sha256_hkdf(salt, saltlen, ikm, ikmlen, info,
> infolen, output, expectedlen);
> + ut_assert(!ret);
> + ut_asserteq_mem(expected, output, expectedlen);
> +
> + return 0;
> +}
> +
> +static int lib_test_sha256_hkdf_run(struct unit_test_state *uts,
> + struct test_sha256_hkdf_s *test)
> +{
> + unsigned char *salt = test->salt;
> + int saltlen = test->saltlen;
> + unsigned char *ikm = test->ikm;
> + int ikmlen = test->ikmlen;
> + unsigned char *info = test->info;
> + int infolen = test->infolen;
> + unsigned char *expected = test->expected;
> + int expectedlen = test->expectedlen;
> +
> + return _lib_test_sha256_hkdf_run(uts, salt, saltlen, ikm,
> ikmlen,
> + info, infolen, expected,
> expectedlen);
> +}
> +
> +static int lib_test_sha256_hkdf(struct unit_test_state *uts)
> +{
> + int i, ret = 0;
> +
> + for (i = 0; i < ARRAY_SIZE(test_sha256_hkdf); i++) {
> + ret = lib_test_sha256_hkdf_run(uts,
> &test_sha256_hkdf[i]);
> + if (ret)
> + break;
> + }
> +
> + return ret;
> +}
> +
> +LIB_TEST(lib_test_sha256_hkdf, 0);
> --
> 2.25.1
>
>
> Regards,
> Raymond
btw, I have enabled mbedtls in the config sandbox to have at least one
config with mbedtls and hkdf.
Regards,
Philippe
More information about the U-Boot
mailing list