HKDF SHA-512 test vectors

As part of our internal software development, we needed HKDF test vectors using SHA-512 as a hash function.

These tests have been generated by using a python implementation of HKDF, which has been tested against the original RFC 5869 test vectors. (Check branch “generate-tests-sha512”, file “generate-tests-sha512.py” for test data generation.) The vectors have been successfully tested against a completely independent C++ implementation.

Test A

"hash"  : sha512
"IKM"   : "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"
"salt"  : "000102030405060708090a0b0c"
"info"  : "f0f1f2f3f4f5f6f7f8f9"
"L"     : 42
"PRK"   : "665799823737ded04a88e47e54a5890bb2c3d247c7a4254a8e61350723590a26c36238127d8661b88cf80ef802d57e2f7cebcf1e00e083848be19929c61b4237"
"OKM"   : "832390086cda71fb47625bb5ceb168e4c8e26a1a16ed34d9fc7fe92c1481579338da362cb8d9f925d7cb"

Test B

"hash"  : sha512
"IKM"   : "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f"
"salt"  : "606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf"
"info"  : "b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff"
"L"     : 82
"PRK"   : "35672542907d4e142c00e84499e74e1de08be86535f924e022804ad775dde27ec86cd1e5b7d178c74489bdbeb30712beb82d4f97416c5a94ea81ebdf3e629e4a"
"OKM"   : "ce6c97192805b346e6161e821ed165673b84f400a2b514b2fe23d84cd189ddf1b695b48cbd1c8388441137b3ce28f16aa64ba33ba466b24df6cfcb021ecff235f6a2056ce3af1de44d572097a8505d9e7a93"

Test C

"hash"  : sha512
"IKM"   : "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"
"salt"  : ""
"info"  : ""
"L"     : 42
"PRK"   : "fd200c4987ac491313bd4a2a13287121247239e11c9ef82802044b66ef357e5b194498d0682611382348572a7b1611de54764094286320578a863f36562b0df6"
"OKM"   : "f5fa02b18298a72a8c23898a8703472c6eb179dc204c03425c970e3b164bf90fff22d04836d0e2343bac"

Test D

"hash"  : sha512
"IKM"   : "0b0b0b0b0b0b0b0b0b0b0b"
"salt"  : "000102030405060708090a0b0c"
"info"  : "f0f1f2f3f4f5f6f7f8f9"
"L"     : 42
"PRK"   : "67409c9cac28b52ee9fad91c2fda999f7ca22e3434f0ae772863836568ad6a7f10cf113bfddd560129a594a8f52385c2d661d785d29ce93a11400c920683181d"
"OKM"   : "7413e8997e020610fbf6823f2ce14bff01875db1ca55f68cfcf3954dc8aff53559bd5e3028b080f7c068"

Test E

"hash"  : sha512
"IKM"   : "0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c"
"salt"  : None
"info"  : ""
"L"     : 42
"PRK"   : "5346b376bf3aa9f84f8f6ed5b1c4f489172e244dac303d12f68ecc766ea600aa88495e7fb605803122fa136924a840b1f0719d2d5f68e29b242299d758ed680c"
"OKM"   : "1407d46013d98bc6decefcfee55f0f90b0c7f63d68eb1a80eaf07e953cfc0a3a5240a155d6e4daa965bb"

The tests have been derived from the original RFC 5869 test vectors, where “Test A” ~ A.1.; “Test B” ~ A.2./A.5.; “Test C” ~ A.3./A.6.; “Test D” ~ A.4.;  “Test E” ~ A.7.

Don’t hesitate to leave a comment or send us a mail to hi@kullo.net if you think there might be anything wrong or unclear.

2 thoughts on “HKDF SHA-512 test vectors

  1. Hello,
    it looks to us that those vectors are not sufficient to fully exercise rfc 5869 HKDF when using sha512 as hashing function. sha512 has a block size of 128 bytes and in this set of vectors L (key output length) is always below such block size. The L you are considering are OK when using a hashing function of block size 64 (eg sha256…) which is what the test vectors published in rfc 5869 are covering.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.