[PATCH keyutils] TEST: Add KDF leading zero test

[PATCH keyutils] TEST: Add KDF leading zero test

[Mat Martineau]

Diffie-Hellman results used as input to a KDF algorithm can have leading
zero bytes, and the current kernel DH implementation truncates leading
zero bytes. This test confirms that the KDF code correctly handles DH
results with leading zeros.

Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
---

This applies to the 'next' branch, commit
6eca7565871694091d6cda21fd23e19ad2c77b7a

 tests/keyctl/dh_compute/valid/runtest.sh | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/tests/keyctl/dh_compute/valid/runtest.sh b/tests/keyctl/dh_compute/valid/runtest.sh
index 6498eef..5ad1d14 100644
--- a/tests/keyctl/dh_compute/valid/runtest.sh
+++ b/tests/keyctl/dh_compute/valid/runtest.sh
@@ -171,6 +171,16 @@ marker "COMPUTE DERIVED KEY FROM DH SHARED SECRET (SHA-256)"
 echo -e -n $otherinfo | dh_compute_kdf_oi $privateid $primeid $xaid 16 "sha256"
 expect_multiline payload "$derived"
 
+pcreate_key "-e \x01" user dh:leadingzero @s
+expect_keyid lzid
+
+read -d '' derived2 <<"EOF"
+0066207b cdab1d64 bbf489b3 d6a0dadc
+EOF
+
+marker "COMPUTE DERIVED KEY WITH LEADING ZEROS"
+echo -e -n $otherinfo | dh_compute_kdf_oi $privateid $primeid $lzid 16 "sha256"
+expect_multiline payload "$derived2"
 
 # SHA-224
 
-- 
2.13.1

Re: [PATCH keyutils] TEST: Add KDF leading zero test

[Stephan Müller]

Am Mittwoch, 7. Juni 2017, 19:31:35 CEST schrieb Mat Martineau:

Hi Mat,

> Diffie-Hellman results used as input to a KDF algorithm can have leading
> zero bytes, and the current kernel DH implementation truncates leading
> zero bytes. This test confirms that the KDF code correctly handles DH
> results with leading zeros.

Thank you for the test.

May I ask where you got the vector from?

Ciao
Stephan

Re: [PATCH keyutils] TEST: Add KDF leading zero test

[Mat Martineau]

[-- Attachment #1: Type: text/plain, Size: 1184 bytes --]


Hi Stephan,

On Wed, 7 Jun 2017, Stephan Müller wrote:

> Am Mittwoch, 7. Juni 2017, 19:31:35 CEST schrieb Mat Martineau:
>
> Hi Mat,
>
>> Diffie-Hellman results used as input to a KDF algorithm can have leading
>> zero bytes, and the current kernel DH implementation truncates leading
>> zero bytes. This test confirms that the KDF code correctly handles DH
>> results with leading zeros.
>
> Thank you for the test.
>
> May I ask where you got the vector from?

I had to derive the test vector from the sha256 kdf test vector. There's 
one CAVP test vector with four leading zero bits, but not a full byte.

I swapped in a '0x01' for the base integer, which creates a shared secret 
having only the least significant bit set (maximum number of leading 
zeros). I constructed a binary file (kdf.in) starting with 0x00 0x00 0x00 
0x01 (for the counter value), followed by 255 0x00's, then 0x01, then the 
"otherinfo" from the sha256 test case. Then I confirmed that the initial 
bytes output by `sha256sum kdf.in` matched the keyutils output from the 
kernel KDF implementation, and used that output as the reference result.

--
Mat Martineau
Intel OTC

Re: [PATCH keyutils] TEST: Add KDF leading zero test

[David Howells]

Would it be useful to add, say, a "keyctl xpadd" command that was like "keyctl
padd" but took hex input?

David