test-sha1: Add test vectors from RFC 6070

The test with very large iterations count is commented out since it
takes quite long to derive (it does pass, though). In addition, the
last test vector is commented out since pbkdf2_sha1() does not support
arbitrary binary passphrases (\0 inside the string).

diff --git a/tests/test-sha1.c b/tests/test-sha1.c
index 792eca01338a20f8f5c3fffcbbf7352679bc951c..6c48f2b44cd5ecee8942f8514eb54ddec5fa7915 100644 (file)
--- a/tests/test-sha1.c
+++ b/tests/test-sha1.c
@@ -291,6 +291,92 @@ static struct passphrase_test passphrase_tests[] =
 (sizeof(passphrase_tests) / sizeof(passphrase_tests[0]))
 
 
+struct rfc6070_test {
+       char *p;
+       char *s;
+       int c;
+       char dk[32];
+       size_t dk_len;
+};
+
+static struct rfc6070_test rfc6070_tests[] =
+{
+       {
+               "password",
+               "salt",
+               1,
+               {
+                       0x0c, 0x60, 0xc8, 0x0f, 0x96, 0x1f, 0x0e, 0x71,
+                       0xf3, 0xa9, 0xb5, 0x24, 0xaf, 0x60, 0x12, 0x06,
+                       0x2f, 0xe0, 0x37, 0xa6
+               },
+               20
+       },
+       {
+               "password",
+               "salt",
+               2,
+               {
+                       0xea, 0x6c, 0x01, 0x4d, 0xc7, 0x2d, 0x6f, 0x8c,
+                       0xcd, 0x1e, 0xd9, 0x2a, 0xce, 0x1d, 0x41, 0xf0,
+                       0xd8, 0xde, 0x89, 0x57
+               },
+               20
+       },
+       {
+               "password",
+               "salt",
+               4096,
+               {
+                       0x4b, 0x00, 0x79, 0x01, 0xb7, 0x65, 0x48, 0x9a,
+                       0xbe, 0xad, 0x49, 0xd9, 0x26, 0xf7, 0x21, 0xd0,
+                       0x65, 0xa4, 0x29, 0xc1
+               },
+               20
+       },
+#if 0 /* This takes quite long to derive.. */
+       {
+               "password",
+               "salt",
+               16777216,
+               {
+                       0xee, 0xfe, 0x3d, 0x61, 0xcd, 0x4d, 0xa4, 0xe4,
+                       0xe9, 0x94, 0x5b, 0x3d, 0x6b, 0xa2, 0x15, 0x8c,
+                       0x26, 0x34, 0xe9, 0x84
+               },
+               20
+       },
+#endif
+       {
+               "passwordPASSWORDpassword",
+               "saltSALTsaltSALTsaltSALTsaltSALTsalt",
+               4096,
+               {
+                       0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b,
+                       0x80, 0xc8, 0xd8, 0x36, 0x62, 0xc0, 0xe4, 0x4a,
+                       0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70,
+                       0x38
+               },
+               25
+       },
+#if 0 /* \0 not currently supported in passphrase parameters.. */
+       {
+               "pass\0word",
+               "sa\0lt",
+               4096,
+               {
+                       0x56, 0xfa, 0x6a, 0xa7, 0x55, 0x48, 0x09, 0x9d,
+                       0xcc, 0x37, 0xd7, 0xf0, 0x34, 0x25, 0xe0, 0xc3
+               },
+               16
+       },
+#endif
+};
+
+#define NUM_RFC6070_TESTS \
+(sizeof(rfc6070_tests) / sizeof(rfc6070_tests[0]))
+
+
 int main(int argc, char *argv[])
 {
        u8 res[512];
@@ -343,5 +429,19 @@ int main(int argc, char *argv[])
                }
        }
 
+       printf("PBKDF2-SHA1 test cases (RFC 6070):\n");
+       for (i = 0; i < NUM_RFC6070_TESTS; i++) {
+               u8 dk[25];
+               struct rfc6070_test *test = &rfc6070_tests[i];
+               pbkdf2_sha1(test->p, test->s, strlen(test->s), test->c,
+                           dk, test->dk_len);
+               if (memcmp(dk, test->dk, test->dk_len) == 0)
+                       printf("Test case %d - OK\n", i);
+               else {
+                       printf("Test case %d - FAILED!\n", i);
+                       ret++;
+               }
+       }
+
        return ret;
 }