idnits 2.17.1 draft-cheng-hmac-test-cases-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Cannot find the required boilerplate sections (Copyright, IPR, etc.) in this document. Expected boilerplate is as follows today (2024-04-19) according to https://trustee.ietf.org/license-info : IETF Trust Legal Provisions of 28-dec-2009, Section 6.a: This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 2: Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. IETF Trust Legal Provisions of 28-dec-2009, Section 6.b(i), paragraph 3: This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about Internet-Drafts being working documents. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a Security Considerations section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 5 instances of too long lines in the document, the longest one being 5 characters in excess of 72. ** The abstract seems to contain references ([HMAC], [OG,CG], [SHA], [MD5]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The "Author's Address" (or "Authors' Addresses") section title is misspelled. == Line 268 has weird spacing: '... char ish...' == Line 269 has weird spacing: '... char key...' == Line 270 has weird spacing: '... char buf...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (March 1997) is 9897 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Informational ---------------------------------------------------------------------------- No issues found here. Summary: 11 errors (**), 0 flaws (~~), 4 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group P. Cheng 3 Internet-Draft R. Glenn 4 Category: Informational 5 Expire in six months March 1997 7 Test Cases for HMAC-MD5 and HMAC-SHA-1 8 10 Status of This Memo 12 Distribution of this memo is unlimited. 14 This document is an Internet-Draft. Internet-Drafts are working 15 documents of the Internet Engineering Task Force (IETF), its areas, 16 and its working groups. Note that other groups may also distribute 17 working documents as Internet-Drafts. 19 Internet-Drafts are draft documents valid for a maximum of six months 20 and may be updated, replaced, or obsoleted by other documents at any 21 time. It is inappropriate to use Internet- Drafts as reference 22 material or to cite them other than as ``work in progress.'' 24 To learn the current status of any Internet-Draft, please check the 25 ``1id-abstracts.txt'' listing contained in the Internet- Drafts 26 Shadow Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe), 27 munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or 28 ftp.isi.edu (US West Coast). 30 This memo provides information for the Internet community. This memo 31 does not specify an Internet standard. Distribution of this memo is 32 unlimited. 34 Abstract 36 This document provides two sets of test cases for HMAC-MD5 and HMAC- 37 SHA-1, respectively. HMAC-MD5 and HMAC-SHA-1 are two constructs of 38 the HMAC [HMAC] message authentication function using the MD5 [MD5] 39 hash function and the SHA-1 [SHA] hash function. Both constructs are 40 used by IPSEC [OG,CG] and other protocols to authenticate messages. 41 The test cases and results provided in this document are meant to be 42 used as a conformance test for HMAC-MD5 and HMAC-SHA-1 43 implementations. 45 1. Introduction 47 The general method for constructing a HMAC message authentication 48 function using a particular hash function is described in section 2 49 of [HMAC]. We will not repeat the description here. Section 5 of 50 [HMAC] also discusses truncating the output of HMAC; the rule is that 51 we should keep the more significant bits (the bits in the left, 52 assuming a network byte order (big-endian)). 54 In sections 2 and 3 we provide test cases for HMAC-MD5 and HMAC-SHA- 55 1, respectively. Each case includes the key, the data, and the 56 result. The values of keys and data are either hexadecimal numbers 57 (prefixed by "0x") or ASCII character strings in double quotes. If a 58 value is an ASCII character string, then the HMAC computation for the 59 corresponding test case DOES NOT include the trailing null character 60 ('\0') in the string. 62 The C source code of the functions used to generate HMAC-SHA-1 63 results is listed in the Appendix. Note that these functions are 64 meant to be simple and easy to understand; they are not optimized in 65 any way. The C source code for computing HMAC-MD5 can be found in 66 [MD5]; or you can do a simple modification to HMAC-SHA-1 code to get 67 HMAC-MD5 code, as explained in the Appendix. 69 2. Test Cases for HMAC-MD5 71 test_case = 1 72 key = 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b 73 key_len = 16 74 data = "Hi There" 75 data_len = 8 76 digest = 0x9294727a3638bb1c13f48ef8158bfc9d 78 test_case = 2 79 key = "Jefe" 80 key_len = 4 81 data = "what do ya want for nothing?" 82 data_len = 28 83 digest = 0x750c783e6ab0b503eaa86e310a5db738 85 test_case = 3 86 key = 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 87 key_len 16 88 data = 0xdd repeated 50 times 89 data_len = 50 90 digest = 0x56be34521d144c88dbb8c733f0e8b3f6 91 test_case = 4 92 key = 0x0102030405060708090a0b0c0d0e0f10111213141516171819 93 key_len 25 94 data = 0xcd repeated 50 times 95 data_len = 50 96 digest = 0x697eaf0aca3a3aea3a75164746ffaa79 98 test_case = 5 99 key = 0x0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c 100 key_len = 16 101 data = "Test With Truncation" 102 data_len = 20 103 digest = 0x56461ef2342edc00f9bab995690efd4c 104 digest-96 = 0x56461ef2342edc00f9bab995 106 test_case = 6 107 key = 0xaa repeated 80 times 108 key_len = 80 109 data = "Test Using Larger Than Block-Size Key - Hash Key First" 110 data_len = 54 111 digest = 0x6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd 113 test_case = 7 114 key = 0xaa repeated 80 times 115 key_len = 80 116 data = 117 "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data" 118 data_len = 73 119 digest = 0x6f630fad67cda0ee1fb1f562db3aa53e 121 3. Test Cases for HMAC-SHA-1 123 test_case = 1 124 key = 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b 125 key_len = 20 126 data = "Hi There" 127 data_len = 8 128 digest = 0xb617318655057264e28bc0b6fb378c8ef146be00 130 test_case = 2 131 key = "Jefe" 132 key_len = 4 133 data = "what do ya want for nothing?" 134 data_len = 28 135 digest = 0xeffcdf6ae5eb2fa2d27416d5f184df9c259a7c79 136 test_case = 3 137 key = 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 138 key_len = 20 139 data = 0xdd repeated 50 times 140 data_len = 50 141 digest = 0x125d7342b9ac11cd91a39af48aa17b4f63f175d3 143 test_case = 4 144 key = 0x0102030405060708090a0b0c0d0e0f10111213141516171819 145 key_len = 25 146 data = 0xcd repeated 50 times 147 data_len = 50 148 digest = 0x4c9007f4026250c6bc8414f9bf50c86c2d7235da 150 test_case = 5 151 key = 0x0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c 152 key_len = 20 153 data = "Test With Truncation" 154 data_len = 20 155 digest = 0x4c1a03424b55e07fe7f27be1d58bb9324a9a5a04 156 digest-96 = 0x4c1a03424b55e07fe7f27be1 158 test_case = 6 159 key = 0xaa repeated 80 times 160 key_len = 80 161 data = "Test Using Larger Than Block-Size Key - Hash Key First" 162 data_len = 54 163 digest = 0xaa4ae5e15272d00e95705637ce8a3b55ed402112 165 test_case = 7 166 key = 0xaa repeated 80 times 167 key_len = 80 168 data = 169 "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data" 170 data_len = 73 171 digest = 0xe8e99d0f45237d786d6bbaa7965c7808bbff1a91 172 References 174 [HMAC] Krawczyk, H., Bellare, M., and R. Canetti, 175 "HMAC: Keyed-Hashing for Message Authentication", 176 RFC 2104, February 1997. 178 [MD5] Rivest, R., "The MD5 Message-Digest Algorithm", 179 RFC 1321, April 1992. 181 [SHA] NIST, FIPS PUB 180-1: Secure Hash Standard, April 1995. 183 [OG] Oehler, M. and Glenn, R. 184 "HMAC-MD5 IP Authentication with Replay Prevention", 185 RFC 2085, February 1997 187 [CG] Chang, S. and Glenn, R. 188 "HMAC-SHA IP Authentication with Replay Prevention", 189 IETF draft , 190 November 20, 1996 192 Authors Address 194 Pau-Chen Cheng 195 IBM T.J. Watson Research Center 196 P.O.Box 704 197 Yorktown Heights, NY 10598 199 pau@watson.ibm.com 201 Robert Glenn 202 NIST 203 Building 820, Room 455 204 Gaithersburg, MD 20899 206 rob.glenn@nist.gov 208 Appendix 210 This appendix contains the C reference code which implements HMAC- 211 SHA-1 using an existing SHA-1 library. It assumes that the SHA-1 212 library has similar API's as those of the MD5 code described in RFC 213 1321. The code for HMAC-MD5 is similar, just replace the strings 214 "SHA" and "sha" with "MD5" and "md5". HMAC-MD5 code is also listed in 215 RFC 2104. 217 #ifndef SHA_DIGESTSIZE 218 #define SHA_DIGESTSIZE 20 219 #endif 221 #ifndef SHA_BLOCKSIZE 222 #define SHA_BLOCKSIZE 64 223 #endif 225 #ifndef MD5_DIGESTSIZE 226 #define MD5_DIGESTSIZE 16 227 #endif 229 #ifndef MD5_BLOCKSIZE 230 #define MD5_BLOCKSIZE 64 231 #endif 233 /* Function to print the digest */ 234 void 235 pr_sha(FILE* fp, char* s, int t) 236 { 237 int i ; 239 fprintf(fp, "0x") ; 240 for (i = 0 ; i < t ; i++) 241 fprintf(fp, "%02x", s[i]) ; 242 fprintf(fp, "0) ; 243 } 245 void truncate 246 ( 247 char* d1, /* data to be truncated */ 248 char* d2, /* truncated data */ 249 int len /* length in bytes to keep */ 250 ) 251 { 252 int i ; 253 for (i = 0 ; i < len ; i++) d2[i] = d1[i]; 254 } 255 /* Function to compute the digest */ 256 void 257 hmac_sha 258 ( 259 char* k, /* secret key */ 260 int lk, /* length of the key in bytes */ 261 char* d, /* data */ 262 int ld, /* length of data in bytes */ 263 char* out, /* output buffer, at least "t" bytes */ 264 int t 265 ) 266 { 267 SHA_CTX ictx, octx ; 268 char isha[SHA_DIGESTSIZE], osha[SHA_DIGESTSIZE] ; 269 char key[SHA_DIGESTSIZE] ; 270 char buf[SHA_BLOCKSIZE] ; 271 int i ; 273 if (lk > SHA_BLOCKSIZE) { 275 SHA_CTX tctx ; 277 SHAInit(&tctx) ; 278 SHAUpdate(&tctx, k, lk) ; 279 SHAFinal(key, &tctx) ; 281 k = key ; 282 lk = SHA_DIGESTSIZE ; 283 } 285 /**** Inner Digest ****/ 287 SHAInit(&ictx) ; 289 /* Pad the key for inner digest */ 290 for (i = 0 ; i < lk ; ++i) buf[i] = k[i] ^ 0x36 ; 291 for (i = lk ; i < SHA_BLOCKSIZE ; ++i) buf[i] = 0x36 ; 293 SHAUpdate(&ictx, buf, SHA_BLOCKSIZE) ; 294 SHAUpdate(&ictx, d, ld) ; 296 SHAFinal(isha, &ictx) ; 298 /**** Outter Digest ****/ 300 SHAInit(&octx) ; 302 /* Pad the key for outter digest */ 303 for (i = 0 ; i < lk ; ++i) buf[i] = k[i] ^ 0x5C ; 304 for (i = lk ; i < SHA_BLOCKSIZE ; ++i) buf[i] = 0x5C ; 306 SHAUpdate(&octx, buf, SHA_BLOCKSIZE) ; 307 SHAUpdate(&octx, isha, SHA_DIGESTSIZE) ; 309 SHAFinal(osha, &octx) ; 311 /* truncate and print the results */ 312 t = t > SHA_DIGESTSIZE ? SHA_DIGESTSIZE : t ; 313 truncate(osha, out, t) ; 314 pr_sha(stdout, out, t) ; 316 }