]>
Commit | Line | Data |
---|---|---|
5a285add | 1 | /* |
fbd2ece1 | 2 | * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. |
4757a347 | 3 | * Copyright (c) 2018-2020, Oracle and/or its affiliates. All rights reserved. |
5a285add DM |
4 | * |
5 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
6 | * this file except in compliance with the License. You can obtain a copy | |
7 | * in the file LICENSE in the source distribution or at | |
8 | * https://www.openssl.org/source/license.html | |
9 | */ | |
10 | ||
11 | /* Tests of the EVP_KDF_CTX APIs */ | |
12 | ||
13 | #include <stdio.h> | |
14 | #include <string.h> | |
15 | ||
16 | #include <openssl/evp.h> | |
17 | #include <openssl/kdf.h> | |
81ff9eeb | 18 | #include <openssl/core_names.h> |
5a285add DM |
19 | #include "testutil.h" |
20 | ||
bf5739a0 P |
21 | static EVP_KDF_CTX *get_kdfbyname(const char *name) |
22 | { | |
23 | EVP_KDF *kdf = EVP_KDF_fetch(NULL, name, NULL); | |
660c5344 | 24 | EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); |
bf5739a0 P |
25 | |
26 | EVP_KDF_free(kdf); | |
27 | return kctx; | |
28 | } | |
29 | ||
1cae59d1 JS |
30 | static OSSL_PARAM *construct_tls1_prf_params(const char *digest, const char *secret, |
31 | const char *seed) | |
32 | { | |
33 | OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 4); | |
34 | OSSL_PARAM *p = params; | |
35 | ||
36 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, | |
37 | (char *)digest, 0); | |
38 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET, | |
39 | (unsigned char *)secret, | |
40 | strlen(secret)); | |
41 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, | |
42 | (unsigned char *)seed, | |
43 | strlen(seed)); | |
44 | *p = OSSL_PARAM_construct_end(); | |
45 | ||
46 | return params; | |
47 | } | |
48 | ||
5a285add DM |
49 | static int test_kdf_tls1_prf(void) |
50 | { | |
a3c62426 | 51 | int ret; |
d2ba8123 | 52 | EVP_KDF_CTX *kctx = NULL; |
5a285add | 53 | unsigned char out[16]; |
1cae59d1 | 54 | OSSL_PARAM *params; |
8bbeaaa4 | 55 | static const unsigned char expected[sizeof(out)] = { |
a3c62426 SL |
56 | 0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0, |
57 | 0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc | |
58 | }; | |
5a285add | 59 | |
1cae59d1 | 60 | params = construct_tls1_prf_params("sha256", "secret", "seed"); |
bf5739a0 | 61 | |
d2ba8123 | 62 | ret = |
27e27cd7 | 63 | TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF)) |
660c5344 | 64 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) |
d2ba8123 SL |
65 | && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) |
66 | && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); | |
5a285add | 67 | |
660c5344 | 68 | EVP_KDF_CTX_free(kctx); |
1cae59d1 | 69 | OPENSSL_free(params); |
5a285add DM |
70 | return ret; |
71 | } | |
72 | ||
1cae59d1 JS |
73 | static int test_kdf_tls1_prf_invalid_digest(void) |
74 | { | |
75 | int ret; | |
76 | EVP_KDF_CTX *kctx = NULL; | |
77 | OSSL_PARAM *params; | |
78 | ||
79 | params = construct_tls1_prf_params("blah", "secret", "seed"); | |
80 | ||
81 | ret = | |
82 | TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF)) | |
83 | && TEST_false(EVP_KDF_CTX_set_params(kctx, params)); | |
84 | ||
85 | EVP_KDF_CTX_free(kctx); | |
86 | OPENSSL_free(params); | |
87 | return ret; | |
88 | } | |
89 | ||
90 | static int test_kdf_tls1_prf_zero_output_size(void) | |
91 | { | |
92 | int ret; | |
93 | EVP_KDF_CTX *kctx = NULL; | |
94 | unsigned char out[16]; | |
95 | OSSL_PARAM *params; | |
96 | ||
97 | params = construct_tls1_prf_params("sha256", "secret", "seed"); | |
98 | ||
99 | /* Negative test - derive should fail */ | |
100 | ret = | |
101 | TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF)) | |
102 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) | |
103 | && TEST_int_eq(EVP_KDF_derive(kctx, out, 0), 0); | |
104 | ||
105 | EVP_KDF_CTX_free(kctx); | |
106 | OPENSSL_free(params); | |
107 | return ret; | |
108 | } | |
109 | ||
110 | static int test_kdf_tls1_prf_empty_secret(void) | |
111 | { | |
112 | int ret; | |
113 | EVP_KDF_CTX *kctx = NULL; | |
114 | unsigned char out[16]; | |
115 | OSSL_PARAM *params; | |
116 | ||
117 | params = construct_tls1_prf_params("sha256", "", "seed"); | |
118 | ||
119 | ret = | |
120 | TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF)) | |
121 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) | |
122 | && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0); | |
123 | ||
124 | EVP_KDF_CTX_free(kctx); | |
125 | OPENSSL_free(params); | |
126 | return ret; | |
127 | } | |
128 | ||
129 | static int test_kdf_tls1_prf_1byte_secret(void) | |
130 | { | |
131 | int ret; | |
132 | EVP_KDF_CTX *kctx = NULL; | |
133 | unsigned char out[16]; | |
134 | OSSL_PARAM *params; | |
135 | ||
136 | params = construct_tls1_prf_params("sha256", "1", "seed"); | |
137 | ||
138 | ret = | |
139 | TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF)) | |
140 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) | |
141 | && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0); | |
142 | ||
143 | EVP_KDF_CTX_free(kctx); | |
144 | OPENSSL_free(params); | |
145 | return ret; | |
146 | } | |
147 | ||
148 | static int test_kdf_tls1_prf_empty_seed(void) | |
149 | { | |
150 | int ret; | |
151 | EVP_KDF_CTX *kctx = NULL; | |
152 | unsigned char out[16]; | |
153 | OSSL_PARAM *params; | |
154 | ||
155 | params = construct_tls1_prf_params("sha256", "secret", ""); | |
156 | ||
157 | /* Negative test - derive should fail */ | |
158 | ret = | |
159 | TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF)) | |
160 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) | |
161 | && TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out)), 0); | |
162 | ||
163 | EVP_KDF_CTX_free(kctx); | |
164 | OPENSSL_free(params); | |
165 | return ret; | |
166 | } | |
167 | ||
168 | static int test_kdf_tls1_prf_1byte_seed(void) | |
169 | { | |
170 | int ret; | |
171 | EVP_KDF_CTX *kctx = NULL; | |
172 | unsigned char out[16]; | |
173 | OSSL_PARAM *params; | |
174 | ||
175 | params = construct_tls1_prf_params("sha256", "secret", "1"); | |
176 | ||
177 | ret = | |
178 | TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF)) | |
179 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) | |
180 | && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0); | |
181 | ||
182 | EVP_KDF_CTX_free(kctx); | |
183 | OPENSSL_free(params); | |
184 | return ret; | |
185 | } | |
186 | ||
187 | static OSSL_PARAM *construct_hkdf_params(char *digest, char *key, | |
188 | size_t keylen, char *salt, char *info) | |
189 | { | |
190 | OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 5); | |
191 | OSSL_PARAM *p = params; | |
192 | ||
193 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, | |
194 | digest, 0); | |
195 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, | |
196 | salt, strlen(salt)); | |
197 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, | |
198 | (unsigned char *)key, keylen); | |
199 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, | |
200 | info, strlen(info)); | |
201 | *p = OSSL_PARAM_construct_end(); | |
202 | ||
203 | return params; | |
204 | } | |
205 | ||
5a285add DM |
206 | static int test_kdf_hkdf(void) |
207 | { | |
a3c62426 | 208 | int ret; |
5a285add DM |
209 | EVP_KDF_CTX *kctx; |
210 | unsigned char out[10]; | |
1cae59d1 | 211 | OSSL_PARAM *params; |
8bbeaaa4 | 212 | static const unsigned char expected[sizeof(out)] = { |
a3c62426 SL |
213 | 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13 |
214 | }; | |
5a285add | 215 | |
1cae59d1 | 216 | params = construct_hkdf_params("sha256", "secret", 6, "salt", "label"); |
bf5739a0 | 217 | |
d2ba8123 | 218 | ret = |
27e27cd7 | 219 | TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)) |
660c5344 | 220 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) |
d2ba8123 SL |
221 | && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) |
222 | && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); | |
5a285add | 223 | |
660c5344 | 224 | EVP_KDF_CTX_free(kctx); |
1cae59d1 JS |
225 | OPENSSL_free(params); |
226 | return ret; | |
227 | } | |
228 | ||
229 | static int test_kdf_hkdf_invalid_digest(void) | |
230 | { | |
231 | int ret; | |
232 | EVP_KDF_CTX *kctx; | |
233 | OSSL_PARAM *params; | |
234 | ||
235 | params = construct_hkdf_params("blah", "secret", 6, "salt", "label"); | |
236 | ||
237 | ret = | |
238 | TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)) | |
239 | && TEST_false(EVP_KDF_CTX_set_params(kctx, params)); | |
240 | ||
241 | EVP_KDF_CTX_free(kctx); | |
242 | OPENSSL_free(params); | |
243 | return ret; | |
244 | } | |
245 | ||
246 | static int test_kdf_hkdf_zero_output_size(void) | |
247 | { | |
248 | int ret; | |
249 | EVP_KDF_CTX *kctx; | |
250 | unsigned char out[10]; | |
251 | OSSL_PARAM *params; | |
252 | ||
253 | params = construct_hkdf_params("sha256", "secret", 6, "salt", "label"); | |
254 | ||
255 | /* Negative test - derive should fail */ | |
256 | ret = | |
257 | TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)) | |
258 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) | |
259 | && TEST_int_eq(EVP_KDF_derive(kctx, out, 0), 0); | |
260 | ||
261 | EVP_KDF_CTX_free(kctx); | |
262 | OPENSSL_free(params); | |
263 | return ret; | |
264 | } | |
265 | ||
266 | static int test_kdf_hkdf_empty_key(void) | |
267 | { | |
268 | int ret; | |
269 | EVP_KDF_CTX *kctx; | |
270 | unsigned char out[10]; | |
271 | OSSL_PARAM *params; | |
272 | ||
273 | params = construct_hkdf_params("sha256", "", 0, "salt", "label"); | |
274 | ||
275 | ret = | |
276 | TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)) | |
277 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) | |
278 | && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0); | |
279 | ||
280 | EVP_KDF_CTX_free(kctx); | |
281 | OPENSSL_free(params); | |
282 | return ret; | |
283 | } | |
284 | ||
285 | static int test_kdf_hkdf_1byte_key(void) | |
286 | { | |
287 | int ret; | |
288 | EVP_KDF_CTX *kctx; | |
289 | unsigned char out[10]; | |
290 | OSSL_PARAM *params; | |
291 | ||
292 | params = construct_hkdf_params("sha256", "1", 1, "salt", "label"); | |
293 | ||
294 | ret = | |
295 | TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)) | |
296 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) | |
297 | && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0); | |
298 | ||
299 | EVP_KDF_CTX_free(kctx); | |
300 | OPENSSL_free(params); | |
301 | return ret; | |
302 | } | |
303 | ||
304 | static int test_kdf_hkdf_empty_salt(void) | |
305 | { | |
306 | int ret; | |
307 | EVP_KDF_CTX *kctx; | |
308 | unsigned char out[10]; | |
309 | OSSL_PARAM *params; | |
310 | ||
311 | params = construct_hkdf_params("sha256", "secret", 6, "", "label"); | |
312 | ||
313 | ret = | |
314 | TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)) | |
315 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) | |
316 | && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0); | |
317 | ||
318 | EVP_KDF_CTX_free(kctx); | |
319 | OPENSSL_free(params); | |
5a285add DM |
320 | return ret; |
321 | } | |
322 | ||
1cae59d1 JS |
323 | static OSSL_PARAM *construct_pbkdf2_params(char *pass, char *digest, char *salt, |
324 | unsigned int *iter, int *mode) | |
325 | { | |
326 | OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 6); | |
327 | OSSL_PARAM *p = params; | |
328 | ||
329 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, | |
330 | (unsigned char *)pass, strlen(pass)); | |
331 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, | |
332 | (unsigned char *)salt, strlen(salt)); | |
333 | *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_ITER, iter); | |
334 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, | |
335 | digest, 0); | |
336 | *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, mode); | |
337 | *p = OSSL_PARAM_construct_end(); | |
338 | ||
339 | return params; | |
340 | } | |
341 | ||
5a285add DM |
342 | static int test_kdf_pbkdf2(void) |
343 | { | |
bf5739a0 | 344 | int ret = 0; |
5a285add | 345 | EVP_KDF_CTX *kctx; |
f0efeea2 | 346 | unsigned char out[25]; |
bf5739a0 P |
347 | unsigned int iterations = 4096; |
348 | int mode = 0; | |
1cae59d1 | 349 | OSSL_PARAM *params; |
f0efeea2 SL |
350 | const unsigned char expected[sizeof(out)] = { |
351 | 0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f, | |
352 | 0x32, 0xd8, 0x14, 0xb8, 0x11, 0x6e, 0x84, 0xcf, | |
353 | 0x2b, 0x17, 0x34, 0x7e, 0xbc, 0x18, 0x00, 0x18, | |
354 | 0x1c | |
a3c62426 | 355 | }; |
5a285add | 356 | |
1cae59d1 JS |
357 | params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256", |
358 | "saltSALTsaltSALTsaltSALTsaltSALTsalt", | |
359 | &iterations, &mode); | |
bf5739a0 | 360 | |
27e27cd7 | 361 | if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2)) |
660c5344 | 362 | || !TEST_true(EVP_KDF_CTX_set_params(kctx, params)) |
bf5739a0 | 363 | || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) |
1cae59d1 JS |
364 | || !TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) |
365 | goto err; | |
366 | ||
367 | ret = 1; | |
368 | err: | |
369 | EVP_KDF_CTX_free(kctx); | |
370 | OPENSSL_free(params); | |
371 | return ret; | |
372 | } | |
373 | ||
374 | static int test_kdf_pbkdf2_small_output(void) | |
375 | { | |
376 | int ret = 0; | |
377 | EVP_KDF_CTX *kctx; | |
378 | unsigned char out[25]; | |
379 | unsigned int iterations = 4096; | |
380 | int mode = 0; | |
381 | OSSL_PARAM *params; | |
382 | ||
383 | params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256", | |
384 | "saltSALTsaltSALTsaltSALTsaltSALTsalt", | |
385 | &iterations, &mode); | |
386 | ||
387 | if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2)) | |
660c5344 | 388 | || !TEST_true(EVP_KDF_CTX_set_params(kctx, params)) |
bf5739a0 | 389 | /* A key length that is too small should fail */ |
1cae59d1 JS |
390 | || !TEST_int_eq(EVP_KDF_derive(kctx, out, 112 / 8 - 1), 0)) |
391 | goto err; | |
392 | ||
393 | ret = 1; | |
394 | err: | |
395 | EVP_KDF_CTX_free(kctx); | |
396 | OPENSSL_free(params); | |
397 | return ret; | |
398 | } | |
399 | ||
400 | static int test_kdf_pbkdf2_large_output(void) | |
401 | { | |
402 | int ret = 0; | |
403 | EVP_KDF_CTX *kctx; | |
404 | unsigned char out[25]; | |
405 | size_t len = 0; | |
406 | unsigned int iterations = 4096; | |
407 | int mode = 0; | |
408 | OSSL_PARAM *params; | |
409 | ||
410 | if (sizeof(len) > 32) | |
411 | len = SIZE_MAX; | |
412 | ||
413 | params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256", | |
414 | "saltSALTsaltSALTsaltSALTsaltSALTsalt", | |
415 | &iterations, &mode); | |
416 | ||
417 | if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2)) | |
418 | || !TEST_true(EVP_KDF_CTX_set_params(kctx, params)) | |
bf5739a0 P |
419 | /* A key length that is too large should fail */ |
420 | || (len != 0 && !TEST_int_eq(EVP_KDF_derive(kctx, out, len), 0))) | |
421 | goto err; | |
1cae59d1 | 422 | |
bf5739a0 P |
423 | ret = 1; |
424 | err: | |
660c5344 | 425 | EVP_KDF_CTX_free(kctx); |
1cae59d1 JS |
426 | OPENSSL_free(params); |
427 | return ret; | |
428 | } | |
429 | ||
430 | static int test_kdf_pbkdf2_small_salt(void) | |
431 | { | |
432 | int ret = 0; | |
433 | EVP_KDF_CTX *kctx; | |
434 | unsigned int iterations = 4096; | |
435 | int mode = 0; | |
436 | OSSL_PARAM *params; | |
437 | ||
438 | params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256", | |
439 | "saltSALT", | |
440 | &iterations, &mode); | |
441 | ||
442 | if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2)) | |
443 | /* A salt that is too small should fail */ | |
444 | || !TEST_false(EVP_KDF_CTX_set_params(kctx, params))) | |
445 | goto err; | |
446 | ||
447 | ret = 1; | |
448 | err: | |
449 | EVP_KDF_CTX_free(kctx); | |
450 | OPENSSL_free(params); | |
451 | return ret; | |
452 | } | |
453 | ||
454 | static int test_kdf_pbkdf2_small_iterations(void) | |
455 | { | |
456 | int ret = 0; | |
457 | EVP_KDF_CTX *kctx; | |
458 | unsigned int iterations = 1; | |
459 | int mode = 0; | |
460 | OSSL_PARAM *params; | |
461 | ||
462 | params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256", | |
463 | "saltSALTsaltSALTsaltSALTsaltSALTsalt", | |
464 | &iterations, &mode); | |
465 | ||
466 | if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2)) | |
467 | /* An iteration count that is too small should fail */ | |
468 | || !TEST_false(EVP_KDF_CTX_set_params(kctx, params))) | |
469 | goto err; | |
470 | ||
471 | ret = 1; | |
472 | err: | |
473 | EVP_KDF_CTX_free(kctx); | |
474 | OPENSSL_free(params); | |
475 | return ret; | |
476 | } | |
477 | ||
478 | static int test_kdf_pbkdf2_small_salt_pkcs5(void) | |
479 | { | |
480 | int ret = 0; | |
481 | EVP_KDF_CTX *kctx; | |
482 | unsigned char out[25]; | |
483 | unsigned int iterations = 4096; | |
484 | int mode = 1; | |
485 | OSSL_PARAM *params; | |
486 | OSSL_PARAM mode_params[2]; | |
487 | ||
488 | params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256", | |
489 | "saltSALT", | |
490 | &iterations, &mode); | |
491 | ||
492 | if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2)) | |
493 | /* A salt that is too small should pass in pkcs5 mode */ | |
494 | || !TEST_true(EVP_KDF_CTX_set_params(kctx, params)) | |
495 | || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)) | |
496 | goto err; | |
497 | ||
498 | mode = 0; | |
499 | mode_params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &mode); | |
500 | mode_params[1] = OSSL_PARAM_construct_end(); | |
501 | ||
502 | /* If the "pkcs5" mode is disabled then the derive will now fail */ | |
503 | if (!TEST_true(EVP_KDF_CTX_set_params(kctx, mode_params)) | |
504 | || !TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out)), 0)) | |
505 | goto err; | |
506 | ||
507 | ret = 1; | |
508 | err: | |
509 | EVP_KDF_CTX_free(kctx); | |
510 | OPENSSL_free(params); | |
511 | return ret; | |
512 | } | |
513 | ||
514 | static int test_kdf_pbkdf2_small_iterations_pkcs5(void) | |
515 | { | |
516 | int ret = 0; | |
517 | EVP_KDF_CTX *kctx; | |
518 | unsigned char out[25]; | |
519 | unsigned int iterations = 1; | |
520 | int mode = 1; | |
521 | OSSL_PARAM *params; | |
522 | OSSL_PARAM mode_params[2]; | |
523 | ||
524 | params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256", | |
525 | "saltSALTsaltSALTsaltSALTsaltSALTsalt", | |
526 | &iterations, &mode); | |
527 | ||
528 | if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2)) | |
529 | /* An iteration count that is too small will pass in pkcs5 mode */ | |
530 | || !TEST_true(EVP_KDF_CTX_set_params(kctx, params)) | |
531 | || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)) | |
532 | goto err; | |
533 | ||
534 | mode = 0; | |
535 | mode_params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &mode); | |
536 | mode_params[1] = OSSL_PARAM_construct_end(); | |
537 | ||
538 | /* If the "pkcs5" mode is disabled then the derive will now fail */ | |
539 | if (!TEST_true(EVP_KDF_CTX_set_params(kctx, mode_params)) | |
540 | || !TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out)), 0)) | |
541 | goto err; | |
542 | ||
543 | ret = 1; | |
544 | err: | |
545 | EVP_KDF_CTX_free(kctx); | |
546 | OPENSSL_free(params); | |
547 | return ret; | |
548 | } | |
549 | ||
550 | static int test_kdf_pbkdf2_invalid_digest(void) | |
551 | { | |
552 | int ret = 0; | |
553 | EVP_KDF_CTX *kctx; | |
554 | unsigned int iterations = 4096; | |
555 | int mode = 0; | |
556 | OSSL_PARAM *params; | |
557 | ||
558 | params = construct_pbkdf2_params("passwordPASSWORDpassword", "blah", | |
559 | "saltSALTsaltSALTsaltSALTsaltSALTsalt", | |
560 | &iterations, &mode); | |
561 | ||
562 | if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2)) | |
563 | /* Unknown digest should fail */ | |
564 | || !TEST_false(EVP_KDF_CTX_set_params(kctx, params))) | |
565 | goto err; | |
566 | ||
567 | ret = 1; | |
568 | err: | |
569 | EVP_KDF_CTX_free(kctx); | |
570 | OPENSSL_free(params); | |
5a285add DM |
571 | return ret; |
572 | } | |
573 | ||
574 | #ifndef OPENSSL_NO_SCRYPT | |
575 | static int test_kdf_scrypt(void) | |
576 | { | |
a3c62426 | 577 | int ret; |
5a285add | 578 | EVP_KDF_CTX *kctx; |
bf5739a0 | 579 | OSSL_PARAM params[7], *p = params; |
5a285add | 580 | unsigned char out[64]; |
bf5739a0 | 581 | unsigned int nu = 1024, ru = 8, pu = 16, maxmem = 16; |
8bbeaaa4 | 582 | static const unsigned char expected[sizeof(out)] = { |
a3c62426 SL |
583 | 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00, |
584 | 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe, | |
585 | 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30, | |
586 | 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62, | |
587 | 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88, | |
588 | 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda, | |
589 | 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d, | |
590 | 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40 | |
591 | }; | |
5a285add | 592 | |
bf5739a0 P |
593 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, |
594 | (char *)"password", 8); | |
595 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, | |
596 | (char *)"NaCl", 4); | |
597 | *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_N, &nu); | |
598 | *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_R, &ru); | |
599 | *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_P, &pu); | |
600 | *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_MAXMEM, &maxmem); | |
601 | *p = OSSL_PARAM_construct_end(); | |
602 | ||
d2ba8123 | 603 | ret = |
27e27cd7 | 604 | TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SCRYPT)) |
660c5344 | 605 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) |
bf5739a0 P |
606 | /* failure test *//* |
607 | && TEST_int_le(EVP_KDF_derive(kctx, out, sizeof(out)), 0)*/ | |
608 | && TEST_true(OSSL_PARAM_set_uint(p - 1, 10 * 1024 * 1024)) | |
660c5344 | 609 | && TEST_true(EVP_KDF_CTX_set_params(kctx, p - 1)) |
d2ba8123 SL |
610 | && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) |
611 | && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); | |
5a285add | 612 | |
660c5344 | 613 | EVP_KDF_CTX_free(kctx); |
5a285add DM |
614 | return ret; |
615 | } | |
a3c62426 | 616 | #endif /* OPENSSL_NO_SCRYPT */ |
5a285add | 617 | |
9537fe57 SL |
618 | static int test_kdf_ss_hash(void) |
619 | { | |
a3c62426 | 620 | int ret; |
bf5739a0 P |
621 | EVP_KDF_CTX *kctx; |
622 | OSSL_PARAM params[4], *p = params; | |
8bbeaaa4 | 623 | unsigned char out[14]; |
bf5739a0 | 624 | static unsigned char z[] = { |
9537fe57 SL |
625 | 0x6d,0xbd,0xc2,0x3f,0x04,0x54,0x88,0xe4,0x06,0x27,0x57,0xb0,0x6b,0x9e, |
626 | 0xba,0xe1,0x83,0xfc,0x5a,0x59,0x46,0xd8,0x0d,0xb9,0x3f,0xec,0x6f,0x62, | |
627 | 0xec,0x07,0xe3,0x72,0x7f,0x01,0x26,0xae,0xd1,0x2c,0xe4,0xb2,0x62,0xf4, | |
628 | 0x7d,0x48,0xd5,0x42,0x87,0xf8,0x1d,0x47,0x4c,0x7c,0x3b,0x18,0x50,0xe9 | |
629 | }; | |
bf5739a0 | 630 | static unsigned char other[] = { |
9537fe57 SL |
631 | 0xa1,0xb2,0xc3,0xd4,0xe5,0x43,0x41,0x56,0x53,0x69,0x64,0x3c,0x83,0x2e, |
632 | 0x98,0x49,0xdc,0xdb,0xa7,0x1e,0x9a,0x31,0x39,0xe6,0x06,0xe0,0x95,0xde, | |
633 | 0x3c,0x26,0x4a,0x66,0xe9,0x8a,0x16,0x58,0x54,0xcd,0x07,0x98,0x9b,0x1e, | |
634 | 0xe0,0xec,0x3f,0x8d,0xbe | |
635 | }; | |
8bbeaaa4 | 636 | static const unsigned char expected[sizeof(out)] = { |
9537fe57 SL |
637 | 0xa4,0x62,0xde,0x16,0xa8,0x9d,0xe8,0x46,0x6e,0xf5,0x46,0x0b,0x47,0xb8 |
638 | }; | |
9537fe57 | 639 | |
bf5739a0 P |
640 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, |
641 | (char *)"sha224", sizeof("sha224")); | |
642 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z)); | |
643 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other, | |
644 | sizeof(other)); | |
645 | *p = OSSL_PARAM_construct_end(); | |
646 | ||
d2ba8123 | 647 | ret = |
27e27cd7 | 648 | TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF)) |
660c5344 | 649 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) |
d2ba8123 SL |
650 | && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) |
651 | && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); | |
9537fe57 | 652 | |
660c5344 | 653 | EVP_KDF_CTX_free(kctx); |
a3c62426 | 654 | return ret; |
9537fe57 SL |
655 | } |
656 | ||
8bbeaaa4 SL |
657 | static int test_kdf_x963(void) |
658 | { | |
659 | int ret; | |
bf5739a0 P |
660 | EVP_KDF_CTX *kctx; |
661 | OSSL_PARAM params[4], *p = params; | |
8bbeaaa4 SL |
662 | unsigned char out[1024 / 8]; |
663 | /* | |
664 | * Test data from https://csrc.nist.gov/CSRC/media/Projects/ | |
665 | * Cryptographic-Algorithm-Validation-Program/documents/components/ | |
666 | * 800-135testvectors/ansx963_2001.zip | |
667 | */ | |
bf5739a0 | 668 | static unsigned char z[] = { |
8bbeaaa4 SL |
669 | 0x00, 0xaa, 0x5b, 0xb7, 0x9b, 0x33, 0xe3, 0x89, 0xfa, 0x58, 0xce, 0xad, |
670 | 0xc0, 0x47, 0x19, 0x7f, 0x14, 0xe7, 0x37, 0x12, 0xf4, 0x52, 0xca, 0xa9, | |
671 | 0xfc, 0x4c, 0x9a, 0xdb, 0x36, 0x93, 0x48, 0xb8, 0x15, 0x07, 0x39, 0x2f, | |
672 | 0x1a, 0x86, 0xdd, 0xfd, 0xb7, 0xc4, 0xff, 0x82, 0x31, 0xc4, 0xbd, 0x0f, | |
673 | 0x44, 0xe4, 0x4a, 0x1b, 0x55, 0xb1, 0x40, 0x47, 0x47, 0xa9, 0xe2, 0xe7, | |
674 | 0x53, 0xf5, 0x5e, 0xf0, 0x5a, 0x2d | |
675 | }; | |
bf5739a0 | 676 | static unsigned char shared[] = { |
8bbeaaa4 SL |
677 | 0xe3, 0xb5, 0xb4, 0xc1, 0xb0, 0xd5, 0xcf, 0x1d, 0x2b, 0x3a, 0x2f, 0x99, |
678 | 0x37, 0x89, 0x5d, 0x31 | |
679 | }; | |
680 | static const unsigned char expected[sizeof(out)] = { | |
681 | 0x44, 0x63, 0xf8, 0x69, 0xf3, 0xcc, 0x18, 0x76, 0x9b, 0x52, 0x26, 0x4b, | |
682 | 0x01, 0x12, 0xb5, 0x85, 0x8f, 0x7a, 0xd3, 0x2a, 0x5a, 0x2d, 0x96, 0xd8, | |
683 | 0xcf, 0xfa, 0xbf, 0x7f, 0xa7, 0x33, 0x63, 0x3d, 0x6e, 0x4d, 0xd2, 0xa5, | |
684 | 0x99, 0xac, 0xce, 0xb3, 0xea, 0x54, 0xa6, 0x21, 0x7c, 0xe0, 0xb5, 0x0e, | |
685 | 0xef, 0x4f, 0x6b, 0x40, 0xa5, 0xc3, 0x02, 0x50, 0xa5, 0xa8, 0xee, 0xee, | |
686 | 0x20, 0x80, 0x02, 0x26, 0x70, 0x89, 0xdb, 0xf3, 0x51, 0xf3, 0xf5, 0x02, | |
687 | 0x2a, 0xa9, 0x63, 0x8b, 0xf1, 0xee, 0x41, 0x9d, 0xea, 0x9c, 0x4f, 0xf7, | |
688 | 0x45, 0xa2, 0x5a, 0xc2, 0x7b, 0xda, 0x33, 0xca, 0x08, 0xbd, 0x56, 0xdd, | |
689 | 0x1a, 0x59, 0xb4, 0x10, 0x6c, 0xf2, 0xdb, 0xbc, 0x0a, 0xb2, 0xaa, 0x8e, | |
690 | 0x2e, 0xfa, 0x7b, 0x17, 0x90, 0x2d, 0x34, 0x27, 0x69, 0x51, 0xce, 0xcc, | |
691 | 0xab, 0x87, 0xf9, 0x66, 0x1c, 0x3e, 0x88, 0x16 | |
692 | }; | |
693 | ||
bf5739a0 P |
694 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, |
695 | (char *)"sha512", sizeof("sha512")); | |
696 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z)); | |
697 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, shared, | |
698 | sizeof(shared)); | |
699 | *p = OSSL_PARAM_construct_end(); | |
700 | ||
8bbeaaa4 | 701 | ret = |
27e27cd7 | 702 | TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X963KDF)) |
660c5344 | 703 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) |
8bbeaaa4 SL |
704 | && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) |
705 | && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); | |
706 | ||
660c5344 | 707 | EVP_KDF_CTX_free(kctx); |
8bbeaaa4 SL |
708 | return ret; |
709 | } | |
710 | ||
726ad13c | 711 | #if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_CAMELLIA) |
f6dead1b RH |
712 | /* |
713 | * KBKDF test vectors from RFC 6803 (Camellia Encryption for Kerberos 5) | |
714 | * section 10. | |
715 | */ | |
716 | static int test_kdf_kbkdf_6803_128(void) | |
717 | { | |
718 | int ret = 0, i, p; | |
719 | EVP_KDF_CTX *kctx; | |
720 | OSSL_PARAM params[7]; | |
721 | static unsigned char input_key[] = { | |
722 | 0x57, 0xD0, 0x29, 0x72, 0x98, 0xFF, 0xD9, 0xD3, | |
723 | 0x5D, 0xE5, 0xA4, 0x7F, 0xB4, 0xBD, 0xE2, 0x4B, | |
724 | }; | |
725 | static unsigned char constants[][5] = { | |
726 | { 0x00, 0x00, 0x00, 0x02, 0x99 }, | |
727 | { 0x00, 0x00, 0x00, 0x02, 0xaa }, | |
728 | { 0x00, 0x00, 0x00, 0x02, 0x55 }, | |
729 | }; | |
730 | static unsigned char outputs[][16] = { | |
731 | {0xD1, 0x55, 0x77, 0x5A, 0x20, 0x9D, 0x05, 0xF0, | |
732 | 0x2B, 0x38, 0xD4, 0x2A, 0x38, 0x9E, 0x5A, 0x56}, | |
733 | {0x64, 0xDF, 0x83, 0xF8, 0x5A, 0x53, 0x2F, 0x17, | |
734 | 0x57, 0x7D, 0x8C, 0x37, 0x03, 0x57, 0x96, 0xAB}, | |
735 | {0x3E, 0x4F, 0xBD, 0xF3, 0x0F, 0xB8, 0x25, 0x9C, | |
736 | 0x42, 0x5C, 0xB6, 0xC9, 0x6F, 0x1F, 0x46, 0x35} | |
737 | }; | |
738 | static unsigned char iv[16] = { 0 }; | |
739 | unsigned char result[16] = { 0 }; | |
740 | ||
741 | for (i = 0; i < 3; i++) { | |
742 | p = 0; | |
743 | params[p++] = OSSL_PARAM_construct_utf8_string( | |
744 | OSSL_KDF_PARAM_CIPHER, "CAMELLIA-128-CBC", 0); | |
745 | params[p++] = OSSL_PARAM_construct_utf8_string( | |
746 | OSSL_KDF_PARAM_MAC, "CMAC", 0); | |
747 | params[p++] = OSSL_PARAM_construct_utf8_string( | |
748 | OSSL_KDF_PARAM_MODE, "FEEDBACK", 0); | |
749 | params[p++] = OSSL_PARAM_construct_octet_string( | |
750 | OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key)); | |
751 | params[p++] = OSSL_PARAM_construct_octet_string( | |
752 | OSSL_KDF_PARAM_SALT, constants[i], sizeof(constants[i])); | |
753 | params[p++] = OSSL_PARAM_construct_octet_string( | |
754 | OSSL_KDF_PARAM_SEED, iv, sizeof(iv)); | |
755 | params[p] = OSSL_PARAM_construct_end(); | |
756 | ||
757 | kctx = get_kdfbyname("KBKDF"); | |
758 | ret = TEST_ptr(kctx) | |
660c5344 | 759 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) |
f6dead1b RH |
760 | && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0) |
761 | && TEST_mem_eq(result, sizeof(result), outputs[i], | |
762 | sizeof(outputs[i])); | |
660c5344 | 763 | EVP_KDF_CTX_free(kctx); |
f6dead1b RH |
764 | if (ret != 1) |
765 | return ret; | |
766 | } | |
767 | ||
768 | return ret; | |
769 | } | |
770 | ||
771 | static int test_kdf_kbkdf_6803_256(void) | |
772 | { | |
773 | int ret = 0, i, p; | |
774 | EVP_KDF_CTX *kctx; | |
775 | OSSL_PARAM params[7]; | |
776 | static unsigned char input_key[] = { | |
777 | 0xB9, 0xD6, 0x82, 0x8B, 0x20, 0x56, 0xB7, 0xBE, | |
778 | 0x65, 0x6D, 0x88, 0xA1, 0x23, 0xB1, 0xFA, 0xC6, | |
779 | 0x82, 0x14, 0xAC, 0x2B, 0x72, 0x7E, 0xCF, 0x5F, | |
780 | 0x69, 0xAF, 0xE0, 0xC4, 0xDF, 0x2A, 0x6D, 0x2C, | |
781 | }; | |
782 | static unsigned char constants[][5] = { | |
783 | { 0x00, 0x00, 0x00, 0x02, 0x99 }, | |
784 | { 0x00, 0x00, 0x00, 0x02, 0xaa }, | |
785 | { 0x00, 0x00, 0x00, 0x02, 0x55 }, | |
786 | }; | |
787 | static unsigned char outputs[][32] = { | |
788 | {0xE4, 0x67, 0xF9, 0xA9, 0x55, 0x2B, 0xC7, 0xD3, | |
789 | 0x15, 0x5A, 0x62, 0x20, 0xAF, 0x9C, 0x19, 0x22, | |
790 | 0x0E, 0xEE, 0xD4, 0xFF, 0x78, 0xB0, 0xD1, 0xE6, | |
791 | 0xA1, 0x54, 0x49, 0x91, 0x46, 0x1A, 0x9E, 0x50, | |
792 | }, | |
793 | {0x41, 0x2A, 0xEF, 0xC3, 0x62, 0xA7, 0x28, 0x5F, | |
794 | 0xC3, 0x96, 0x6C, 0x6A, 0x51, 0x81, 0xE7, 0x60, | |
795 | 0x5A, 0xE6, 0x75, 0x23, 0x5B, 0x6D, 0x54, 0x9F, | |
796 | 0xBF, 0xC9, 0xAB, 0x66, 0x30, 0xA4, 0xC6, 0x04, | |
797 | }, | |
798 | {0xFA, 0x62, 0x4F, 0xA0, 0xE5, 0x23, 0x99, 0x3F, | |
799 | 0xA3, 0x88, 0xAE, 0xFD, 0xC6, 0x7E, 0x67, 0xEB, | |
800 | 0xCD, 0x8C, 0x08, 0xE8, 0xA0, 0x24, 0x6B, 0x1D, | |
801 | 0x73, 0xB0, 0xD1, 0xDD, 0x9F, 0xC5, 0x82, 0xB0, | |
802 | }, | |
803 | }; | |
804 | static unsigned char iv[16] = { 0 }; | |
805 | unsigned char result[32] = { 0 }; | |
806 | ||
807 | for (i = 0; i < 3; i++) { | |
808 | p = 0; | |
809 | params[p++] = OSSL_PARAM_construct_utf8_string( | |
810 | OSSL_KDF_PARAM_CIPHER, "CAMELLIA-256-CBC", 0); | |
811 | params[p++] = OSSL_PARAM_construct_utf8_string( | |
812 | OSSL_KDF_PARAM_MAC, "CMAC", 0); | |
813 | params[p++] = OSSL_PARAM_construct_utf8_string( | |
814 | OSSL_KDF_PARAM_MODE, "FEEDBACK", 0); | |
815 | params[p++] = OSSL_PARAM_construct_octet_string( | |
816 | OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key)); | |
817 | params[p++] = OSSL_PARAM_construct_octet_string( | |
818 | OSSL_KDF_PARAM_SALT, constants[i], sizeof(constants[i])); | |
819 | params[p++] = OSSL_PARAM_construct_octet_string( | |
820 | OSSL_KDF_PARAM_SEED, iv, sizeof(iv)); | |
821 | params[p] = OSSL_PARAM_construct_end(); | |
822 | ||
823 | kctx = get_kdfbyname("KBKDF"); | |
824 | ret = TEST_ptr(kctx) | |
660c5344 | 825 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) |
f6dead1b RH |
826 | && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0) |
827 | && TEST_mem_eq(result, sizeof(result), outputs[i], | |
828 | sizeof(outputs[i])); | |
660c5344 | 829 | EVP_KDF_CTX_free(kctx); |
f6dead1b RH |
830 | if (ret != 1) |
831 | return ret; | |
832 | } | |
833 | ||
834 | return ret; | |
835 | } | |
726ad13c | 836 | #endif |
f6dead1b | 837 | |
1cae59d1 JS |
838 | static OSSL_PARAM *construct_kbkdf_params(char *digest, char *mac, unsigned char *key, |
839 | size_t keylen, char *salt, char *info) | |
840 | { | |
841 | OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 7); | |
842 | OSSL_PARAM *p = params; | |
843 | ||
844 | *p++ = OSSL_PARAM_construct_utf8_string( | |
845 | OSSL_KDF_PARAM_DIGEST, digest, 0); | |
846 | *p++ = OSSL_PARAM_construct_utf8_string( | |
847 | OSSL_KDF_PARAM_MAC, mac, 0); | |
848 | *p++ = OSSL_PARAM_construct_utf8_string( | |
849 | OSSL_KDF_PARAM_MODE, "COUNTER", 0); | |
850 | *p++ = OSSL_PARAM_construct_octet_string( | |
851 | OSSL_KDF_PARAM_KEY, key, keylen); | |
852 | *p++ = OSSL_PARAM_construct_octet_string( | |
853 | OSSL_KDF_PARAM_SALT, salt, strlen(salt)); | |
854 | *p++ = OSSL_PARAM_construct_octet_string( | |
855 | OSSL_KDF_PARAM_INFO, info, strlen(info)); | |
856 | *p = OSSL_PARAM_construct_end(); | |
857 | ||
858 | return params; | |
859 | } | |
860 | ||
861 | static int test_kdf_kbkdf_invalid_digest(void) | |
862 | { | |
863 | int ret; | |
864 | EVP_KDF_CTX *kctx; | |
865 | OSSL_PARAM *params; | |
866 | ||
867 | static unsigned char key[] = {0x01}; | |
868 | ||
869 | params = construct_kbkdf_params("blah", "HMAC", key, 1, "prf", "test"); | |
870 | ||
871 | /* Negative test case - set_params should fail */ | |
872 | kctx = get_kdfbyname("KBKDF"); | |
873 | ret = TEST_ptr(kctx) | |
874 | && TEST_false(EVP_KDF_CTX_set_params(kctx, params)); | |
875 | ||
876 | EVP_KDF_CTX_free(kctx); | |
877 | OPENSSL_free(params); | |
878 | return ret; | |
879 | } | |
880 | ||
881 | static int test_kdf_kbkdf_invalid_mac(void) | |
882 | { | |
883 | int ret; | |
884 | EVP_KDF_CTX *kctx; | |
885 | OSSL_PARAM *params; | |
886 | ||
887 | static unsigned char key[] = {0x01}; | |
888 | ||
889 | params = construct_kbkdf_params("sha256", "blah", key, 1, "prf", "test"); | |
890 | ||
891 | /* Negative test case - set_params should fail */ | |
892 | kctx = get_kdfbyname("KBKDF"); | |
893 | ret = TEST_ptr(kctx) | |
894 | && TEST_false(EVP_KDF_CTX_set_params(kctx, params)); | |
895 | ||
896 | EVP_KDF_CTX_free(kctx); | |
897 | OPENSSL_free(params); | |
898 | return ret; | |
899 | } | |
900 | ||
901 | static int test_kdf_kbkdf_empty_key(void) | |
902 | { | |
903 | int ret; | |
904 | EVP_KDF_CTX *kctx; | |
905 | OSSL_PARAM *params; | |
906 | ||
907 | static unsigned char key[] = {0x01}; | |
908 | unsigned char result[32] = { 0 }; | |
909 | ||
910 | params = construct_kbkdf_params("sha256", "HMAC", key, 0, "prf", "test"); | |
911 | ||
912 | /* Negative test case - derive should fail */ | |
913 | kctx = get_kdfbyname("KBKDF"); | |
914 | ret = TEST_ptr(kctx) | |
915 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) | |
916 | && TEST_int_eq(EVP_KDF_derive(kctx, result, sizeof(result)), 0); | |
917 | ||
918 | EVP_KDF_CTX_free(kctx); | |
919 | OPENSSL_free(params); | |
920 | return ret; | |
921 | } | |
922 | ||
923 | static int test_kdf_kbkdf_1byte_key(void) | |
924 | { | |
925 | int ret; | |
926 | EVP_KDF_CTX *kctx; | |
927 | OSSL_PARAM *params; | |
928 | ||
929 | static unsigned char key[] = {0x01}; | |
930 | unsigned char result[32] = { 0 }; | |
931 | ||
932 | params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test"); | |
933 | ||
934 | kctx = get_kdfbyname("KBKDF"); | |
935 | ret = TEST_ptr(kctx) | |
936 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) | |
937 | && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0); | |
938 | ||
939 | EVP_KDF_CTX_free(kctx); | |
940 | OPENSSL_free(params); | |
941 | return ret; | |
942 | } | |
943 | ||
944 | static int test_kdf_kbkdf_zero_output_size(void) | |
945 | { | |
946 | int ret; | |
947 | EVP_KDF_CTX *kctx; | |
948 | OSSL_PARAM *params; | |
949 | ||
950 | static unsigned char key[] = {0x01}; | |
951 | unsigned char result[32] = { 0 }; | |
952 | ||
953 | params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test"); | |
954 | ||
955 | /* Negative test case - derive should fail */ | |
956 | kctx = get_kdfbyname("KBKDF"); | |
957 | ret = TEST_ptr(kctx) | |
958 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) | |
959 | && TEST_int_eq(EVP_KDF_derive(kctx, result, 0), 0); | |
960 | ||
961 | EVP_KDF_CTX_free(kctx); | |
962 | OPENSSL_free(params); | |
963 | return ret; | |
964 | } | |
965 | ||
a39bc440 RH |
966 | /* Two test vectors from RFC 8009 (AES Encryption with HMAC-SHA2 for Kerberos |
967 | * 5) appendix A. */ | |
968 | static int test_kdf_kbkdf_8009_prf1(void) | |
969 | { | |
970 | int ret, i = 0; | |
971 | EVP_KDF_CTX *kctx; | |
972 | OSSL_PARAM params[6]; | |
973 | char *label = "prf", *digest = "sha256", *prf_input = "test", | |
974 | *mac = "HMAC"; | |
975 | static unsigned char input_key[] = { | |
976 | 0x37, 0x05, 0xD9, 0x60, 0x80, 0xC1, 0x77, 0x28, | |
977 | 0xA0, 0xE8, 0x00, 0xEA, 0xB6, 0xE0, 0xD2, 0x3C, | |
978 | }; | |
979 | static unsigned char output[] = { | |
980 | 0x9D, 0x18, 0x86, 0x16, 0xF6, 0x38, 0x52, 0xFE, | |
981 | 0x86, 0x91, 0x5B, 0xB8, 0x40, 0xB4, 0xA8, 0x86, | |
982 | 0xFF, 0x3E, 0x6B, 0xB0, 0xF8, 0x19, 0xB4, 0x9B, | |
983 | 0x89, 0x33, 0x93, 0xD3, 0x93, 0x85, 0x42, 0x95, | |
984 | }; | |
985 | unsigned char result[sizeof(output)] = { 0 }; | |
986 | ||
987 | params[i++] = OSSL_PARAM_construct_utf8_string( | |
1cae59d1 | 988 | OSSL_KDF_PARAM_DIGEST, digest, 0); |
a39bc440 | 989 | params[i++] = OSSL_PARAM_construct_utf8_string( |
1cae59d1 | 990 | OSSL_KDF_PARAM_MAC, mac, 0); |
a39bc440 RH |
991 | params[i++] = OSSL_PARAM_construct_octet_string( |
992 | OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key)); | |
993 | params[i++] = OSSL_PARAM_construct_octet_string( | |
994 | OSSL_KDF_PARAM_SALT, label, strlen(label)); | |
995 | params[i++] = OSSL_PARAM_construct_octet_string( | |
996 | OSSL_KDF_PARAM_INFO, prf_input, strlen(prf_input)); | |
997 | params[i] = OSSL_PARAM_construct_end(); | |
998 | ||
999 | kctx = get_kdfbyname("KBKDF"); | |
1000 | ret = TEST_ptr(kctx) | |
660c5344 | 1001 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) |
a39bc440 RH |
1002 | && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0) |
1003 | && TEST_mem_eq(result, sizeof(result), output, sizeof(output)); | |
1004 | ||
660c5344 | 1005 | EVP_KDF_CTX_free(kctx); |
a39bc440 RH |
1006 | return ret; |
1007 | } | |
1008 | ||
1009 | static int test_kdf_kbkdf_8009_prf2(void) | |
1010 | { | |
1011 | int ret, i = 0; | |
1012 | EVP_KDF_CTX *kctx; | |
1013 | OSSL_PARAM params[6]; | |
1014 | char *label = "prf", *digest = "sha384", *prf_input = "test", | |
1015 | *mac = "HMAC"; | |
1016 | static unsigned char input_key[] = { | |
1017 | 0x6D, 0x40, 0x4D, 0x37, 0xFA, 0xF7, 0x9F, 0x9D, | |
1018 | 0xF0, 0xD3, 0x35, 0x68, 0xD3, 0x20, 0x66, 0x98, | |
1019 | 0x00, 0xEB, 0x48, 0x36, 0x47, 0x2E, 0xA8, 0xA0, | |
1020 | 0x26, 0xD1, 0x6B, 0x71, 0x82, 0x46, 0x0C, 0x52, | |
1021 | }; | |
1022 | static unsigned char output[] = { | |
1023 | 0x98, 0x01, 0xF6, 0x9A, 0x36, 0x8C, 0x2B, 0xF6, | |
1024 | 0x75, 0xE5, 0x95, 0x21, 0xE1, 0x77, 0xD9, 0xA0, | |
1025 | 0x7F, 0x67, 0xEF, 0xE1, 0xCF, 0xDE, 0x8D, 0x3C, | |
1026 | 0x8D, 0x6F, 0x6A, 0x02, 0x56, 0xE3, 0xB1, 0x7D, | |
1027 | 0xB3, 0xC1, 0xB6, 0x2A, 0xD1, 0xB8, 0x55, 0x33, | |
1028 | 0x60, 0xD1, 0x73, 0x67, 0xEB, 0x15, 0x14, 0xD2, | |
1029 | }; | |
1030 | unsigned char result[sizeof(output)] = { 0 }; | |
1031 | ||
1032 | params[i++] = OSSL_PARAM_construct_utf8_string( | |
1cae59d1 | 1033 | OSSL_KDF_PARAM_DIGEST, digest, 0); |
a39bc440 | 1034 | params[i++] = OSSL_PARAM_construct_utf8_string( |
1cae59d1 | 1035 | OSSL_KDF_PARAM_MAC, mac, 0); |
a39bc440 RH |
1036 | params[i++] = OSSL_PARAM_construct_octet_string( |
1037 | OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key)); | |
1038 | params[i++] = OSSL_PARAM_construct_octet_string( | |
1039 | OSSL_KDF_PARAM_SALT, label, strlen(label)); | |
1040 | params[i++] = OSSL_PARAM_construct_octet_string( | |
1041 | OSSL_KDF_PARAM_INFO, prf_input, strlen(prf_input)); | |
1042 | params[i] = OSSL_PARAM_construct_end(); | |
1043 | ||
1044 | kctx = get_kdfbyname("KBKDF"); | |
1045 | ret = TEST_ptr(kctx) | |
660c5344 | 1046 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) |
a39bc440 RH |
1047 | && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0) |
1048 | && TEST_mem_eq(result, sizeof(result), output, sizeof(output)); | |
1049 | ||
660c5344 | 1050 | EVP_KDF_CTX_free(kctx); |
a39bc440 RH |
1051 | return ret; |
1052 | } | |
1053 | ||
4757a347 SL |
1054 | #if !defined(OPENSSL_NO_CMAC) |
1055 | /* | |
1056 | * Test vector taken from | |
1057 | * https://csrc.nist.gov/CSRC/media/Projects/ | |
1058 | * Cryptographic-Algorithm-Validation-Program/documents/KBKDF800-108/CounterMode.zip | |
1059 | * Note: Only 32 bit counter is supported ([RLEN=32_BITS]) | |
1060 | */ | |
1061 | static int test_kdf_kbkdf_fixedinfo(void) | |
1062 | { | |
1063 | int ret; | |
1064 | EVP_KDF_CTX *kctx; | |
1065 | OSSL_PARAM params[8], *p = params; | |
1066 | static char *cipher = "AES128"; | |
1067 | static char *mac = "CMAC"; | |
1068 | static char *mode = "COUNTER"; | |
1069 | int use_l = 0; | |
1070 | int use_separator = 0; | |
1071 | ||
1072 | static unsigned char input_key[] = { | |
1073 | 0xc1, 0x0b, 0x15, 0x2e, 0x8c, 0x97, 0xb7, 0x7e, | |
1074 | 0x18, 0x70, 0x4e, 0x0f, 0x0b, 0xd3, 0x83, 0x05, | |
1075 | }; | |
1076 | static unsigned char fixed_input[] = { | |
1077 | 0x98, 0xcd, 0x4c, 0xbb, 0xbe, 0xbe, 0x15, 0xd1, | |
1078 | 0x7d, 0xc8, 0x6e, 0x6d, 0xba, 0xd8, 0x00, 0xa2, | |
1079 | 0xdc, 0xbd, 0x64, 0xf7, 0xc7, 0xad, 0x0e, 0x78, | |
1080 | 0xe9, 0xcf, 0x94, 0xff, 0xdb, 0xa8, 0x9d, 0x03, | |
1081 | 0xe9, 0x7e, 0xad, 0xf6, 0xc4, 0xf7, 0xb8, 0x06, | |
1082 | 0xca, 0xf5, 0x2a, 0xa3, 0x8f, 0x09, 0xd0, 0xeb, | |
1083 | 0x71, 0xd7, 0x1f, 0x49, 0x7b, 0xcc, 0x69, 0x06, | |
1084 | 0xb4, 0x8d, 0x36, 0xc4, | |
1085 | ||
1086 | }; | |
1087 | static unsigned char output[] = { | |
1088 | 0x26, 0xfa, 0xf6, 0x19, 0x08, 0xad, 0x9e, 0xe8, | |
1089 | 0x81, 0xb8, 0x30, 0x5c, 0x22, 0x1d, 0xb5, 0x3f, | |
1090 | }; | |
1091 | unsigned char result[sizeof(output)] = { 0 }; | |
1092 | ||
1093 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER, cipher, 0); | |
1094 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, mac, 0); | |
1095 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE, mode, 0); | |
1096 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, input_key, | |
1097 | sizeof(input_key)); | |
1098 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, | |
1099 | fixed_input, sizeof(fixed_input)); | |
1100 | *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_USE_L, &use_l); | |
1101 | *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR, | |
1102 | &use_separator); | |
1103 | *p = OSSL_PARAM_construct_end(); | |
1104 | ||
1105 | kctx = get_kdfbyname("KBKDF"); | |
1106 | ret = TEST_ptr(kctx) | |
1107 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) | |
1108 | && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0) | |
1109 | && TEST_mem_eq(result, sizeof(result), output, sizeof(output)); | |
1110 | ||
1111 | EVP_KDF_CTX_free(kctx); | |
1112 | return ret; | |
1113 | } | |
1114 | #endif /* OPENSSL_NO_CMAC */ | |
1115 | ||
9537fe57 SL |
1116 | static int test_kdf_ss_hmac(void) |
1117 | { | |
a3c62426 | 1118 | int ret; |
9537fe57 | 1119 | EVP_KDF_CTX *kctx; |
bf5739a0 | 1120 | OSSL_PARAM params[6], *p = params; |
8bbeaaa4 | 1121 | unsigned char out[16]; |
bf5739a0 | 1122 | static unsigned char z[] = { |
9537fe57 SL |
1123 | 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4 |
1124 | }; | |
bf5739a0 | 1125 | static unsigned char other[] = { |
9537fe57 SL |
1126 | 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc |
1127 | }; | |
bf5739a0 | 1128 | static unsigned char salt[] = { |
9537fe57 SL |
1129 | 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef, |
1130 | 0x3f,0x89 | |
1131 | }; | |
8bbeaaa4 | 1132 | static const unsigned char expected[sizeof(out)] = { |
9537fe57 SL |
1133 | 0x44,0xf6,0x76,0xe8,0x5c,0x1b,0x1a,0x8b,0xbc,0x3d,0x31,0x92,0x18,0x63, |
1134 | 0x1c,0xa3 | |
1135 | }; | |
9537fe57 | 1136 | |
bf5739a0 P |
1137 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, |
1138 | (char *)OSSL_MAC_NAME_HMAC, | |
1139 | sizeof(OSSL_MAC_NAME_HMAC)); | |
1140 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, | |
1141 | (char *)"sha256", sizeof("sha256")); | |
1142 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z)); | |
1143 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other, | |
1144 | sizeof(other)); | |
1145 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt, | |
1146 | sizeof(salt)); | |
1147 | *p = OSSL_PARAM_construct_end(); | |
1148 | ||
d2ba8123 | 1149 | ret = |
27e27cd7 | 1150 | TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF)) |
660c5344 | 1151 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) |
d2ba8123 SL |
1152 | && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) |
1153 | && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); | |
9537fe57 | 1154 | |
660c5344 | 1155 | EVP_KDF_CTX_free(kctx); |
a3c62426 | 1156 | return ret; |
9537fe57 SL |
1157 | } |
1158 | ||
1159 | static int test_kdf_ss_kmac(void) | |
1160 | { | |
a3c62426 | 1161 | int ret; |
9537fe57 | 1162 | EVP_KDF_CTX *kctx; |
bf5739a0 | 1163 | OSSL_PARAM params[6], *p = params; |
9537fe57 | 1164 | unsigned char out[64]; |
bf5739a0 P |
1165 | size_t mac_size = 20; |
1166 | static unsigned char z[] = { | |
9537fe57 SL |
1167 | 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4 |
1168 | }; | |
bf5739a0 | 1169 | static unsigned char other[] = { |
9537fe57 SL |
1170 | 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc |
1171 | }; | |
bf5739a0 | 1172 | static unsigned char salt[] = { |
9537fe57 SL |
1173 | 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef, |
1174 | 0x3f,0x89 | |
1175 | }; | |
8bbeaaa4 | 1176 | static const unsigned char expected[sizeof(out)] = { |
9537fe57 SL |
1177 | 0xe9,0xc1,0x84,0x53,0xa0,0x62,0xb5,0x3b,0xdb,0xfc,0xbb,0x5a,0x34,0xbd, |
1178 | 0xb8,0xe5,0xe7,0x07,0xee,0xbb,0x5d,0xd1,0x34,0x42,0x43,0xd8,0xcf,0xc2, | |
1179 | 0xc2,0xe6,0x33,0x2f,0x91,0xbd,0xa5,0x86,0xf3,0x7d,0xe4,0x8a,0x65,0xd4, | |
1180 | 0xc5,0x14,0xfd,0xef,0xaa,0x1e,0x67,0x54,0xf3,0x73,0xd2,0x38,0xe1,0x95, | |
1181 | 0xae,0x15,0x7e,0x1d,0xe8,0x14,0x98,0x03 | |
1182 | }; | |
1183 | ||
bf5739a0 P |
1184 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, |
1185 | (char *)OSSL_MAC_NAME_KMAC128, | |
1186 | sizeof(OSSL_MAC_NAME_KMAC128)); | |
1187 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z)); | |
1188 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other, | |
1189 | sizeof(other)); | |
1190 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt, | |
1191 | sizeof(salt)); | |
1192 | *p++ = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_MAC_SIZE, &mac_size); | |
1193 | *p = OSSL_PARAM_construct_end(); | |
1194 | ||
d2ba8123 | 1195 | ret = |
27e27cd7 | 1196 | TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF)) |
660c5344 | 1197 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) |
d2ba8123 SL |
1198 | && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) |
1199 | && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); | |
9537fe57 | 1200 | |
660c5344 | 1201 | EVP_KDF_CTX_free(kctx); |
a3c62426 | 1202 | return ret; |
9537fe57 SL |
1203 | } |
1204 | ||
87d9955e SS |
1205 | static int test_kdf_sshkdf(void) |
1206 | { | |
1207 | int ret; | |
1208 | EVP_KDF_CTX *kctx; | |
bf5739a0 P |
1209 | OSSL_PARAM params[6], *p = params; |
1210 | char kdftype = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV; | |
87d9955e SS |
1211 | unsigned char out[8]; |
1212 | /* Test data from NIST CAVS 14.1 test vectors */ | |
bf5739a0 | 1213 | static unsigned char key[] = { |
87d9955e SS |
1214 | 0x00, 0x00, 0x00, 0x81, 0x00, 0x87, 0x5c, 0x55, 0x1c, 0xef, 0x52, 0x6a, |
1215 | 0x4a, 0x8b, 0xe1, 0xa7, 0xdf, 0x27, 0xe9, 0xed, 0x35, 0x4b, 0xac, 0x9a, | |
1216 | 0xfb, 0x71, 0xf5, 0x3d, 0xba, 0xe9, 0x05, 0x67, 0x9d, 0x14, 0xf9, 0xfa, | |
1217 | 0xf2, 0x46, 0x9c, 0x53, 0x45, 0x7c, 0xf8, 0x0a, 0x36, 0x6b, 0xe2, 0x78, | |
1218 | 0x96, 0x5b, 0xa6, 0x25, 0x52, 0x76, 0xca, 0x2d, 0x9f, 0x4a, 0x97, 0xd2, | |
1219 | 0x71, 0xf7, 0x1e, 0x50, 0xd8, 0xa9, 0xec, 0x46, 0x25, 0x3a, 0x6a, 0x90, | |
1220 | 0x6a, 0xc2, 0xc5, 0xe4, 0xf4, 0x8b, 0x27, 0xa6, 0x3c, 0xe0, 0x8d, 0x80, | |
1221 | 0x39, 0x0a, 0x49, 0x2a, 0xa4, 0x3b, 0xad, 0x9d, 0x88, 0x2c, 0xca, 0xc2, | |
1222 | 0x3d, 0xac, 0x88, 0xbc, 0xad, 0xa4, 0xb4, 0xd4, 0x26, 0xa3, 0x62, 0x08, | |
1223 | 0x3d, 0xab, 0x65, 0x69, 0xc5, 0x4c, 0x22, 0x4d, 0xd2, 0xd8, 0x76, 0x43, | |
1224 | 0xaa, 0x22, 0x76, 0x93, 0xe1, 0x41, 0xad, 0x16, 0x30, 0xce, 0x13, 0x14, | |
1225 | 0x4e | |
1226 | }; | |
bf5739a0 | 1227 | static unsigned char xcghash[] = { |
87d9955e SS |
1228 | 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23, |
1229 | 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7, | |
1230 | 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42 | |
1231 | }; | |
bf5739a0 | 1232 | static unsigned char sessid[] = { |
87d9955e SS |
1233 | 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23, |
1234 | 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7, | |
1235 | 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42 | |
1236 | }; | |
8bbeaaa4 | 1237 | static const unsigned char expected[sizeof(out)] = { |
87d9955e SS |
1238 | 0x41, 0xff, 0x2e, 0xad, 0x16, 0x83, 0xf1, 0xe6 |
1239 | }; | |
1240 | ||
bf5739a0 P |
1241 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, |
1242 | (char *)"sha256", sizeof("sha256")); | |
1243 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key, | |
1244 | sizeof(key)); | |
1245 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_XCGHASH, | |
1246 | xcghash, sizeof(xcghash)); | |
1247 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_SESSION_ID, | |
1248 | sessid, sizeof(sessid)); | |
1249 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE, | |
1250 | &kdftype, sizeof(kdftype)); | |
1251 | *p = OSSL_PARAM_construct_end(); | |
1252 | ||
d2ba8123 | 1253 | ret = |
27e27cd7 | 1254 | TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSHKDF)) |
660c5344 | 1255 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) |
d2ba8123 SL |
1256 | && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) |
1257 | && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); | |
87d9955e | 1258 | |
660c5344 | 1259 | EVP_KDF_CTX_free(kctx); |
87d9955e SS |
1260 | return ret; |
1261 | } | |
1262 | ||
d2ba8123 SL |
1263 | static int test_kdf_get_kdf(void) |
1264 | { | |
ff756eed | 1265 | EVP_KDF *kdf1 = NULL, *kdf2 = NULL; |
d2ba8123 | 1266 | ASN1_OBJECT *obj; |
ff756eed RL |
1267 | int ok = 1; |
1268 | ||
1269 | if (!TEST_ptr(obj = OBJ_nid2obj(NID_id_pbkdf2)) | |
27e27cd7 | 1270 | || !TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_PBKDF2, NULL)) |
ff756eed RL |
1271 | || !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(OBJ_obj2nid(obj)), |
1272 | NULL)) | |
1273 | || !TEST_ptr_eq(kdf1, kdf2)) | |
1274 | ok = 0; | |
1275 | EVP_KDF_free(kdf1); | |
1276 | kdf1 = NULL; | |
1277 | EVP_KDF_free(kdf2); | |
1278 | kdf2 = NULL; | |
1279 | ||
1280 | if (!TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, SN_tls1_prf, NULL)) | |
1281 | || !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, LN_tls1_prf, NULL)) | |
1282 | || !TEST_ptr_eq(kdf1, kdf2)) | |
1283 | ok = 0; | |
1284 | /* kdf1 is re-used below, so don't free it here */ | |
1285 | EVP_KDF_free(kdf2); | |
1286 | kdf2 = NULL; | |
1287 | ||
1288 | if (!TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(NID_tls1_prf), NULL)) | |
1289 | || !TEST_ptr_eq(kdf1, kdf2)) | |
1290 | ok = 0; | |
1291 | EVP_KDF_free(kdf1); | |
1292 | kdf1 = NULL; | |
1293 | EVP_KDF_free(kdf2); | |
1294 | kdf2 = NULL; | |
1295 | ||
1296 | return ok; | |
d2ba8123 SL |
1297 | } |
1298 | ||
1aec7716 SL |
1299 | #ifndef OPENSSL_NO_CMS |
1300 | static int test_kdf_x942_asn1(void) | |
1301 | { | |
1302 | int ret; | |
1303 | EVP_KDF_CTX *kctx = NULL; | |
bf5739a0 P |
1304 | OSSL_PARAM params[4], *p = params; |
1305 | const char *cek_alg = SN_id_smime_alg_CMS3DESwrap; | |
1aec7716 SL |
1306 | unsigned char out[24]; |
1307 | /* RFC2631 Section 2.1.6 Test data */ | |
bf5739a0 | 1308 | static unsigned char z[] = { |
1aec7716 SL |
1309 | 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d, |
1310 | 0x0e,0x0f,0x10,0x11,0x12,0x13 | |
1311 | }; | |
1312 | static const unsigned char expected[sizeof(out)] = { | |
1313 | 0xa0,0x96,0x61,0x39,0x23,0x76,0xf7,0x04, | |
1314 | 0x4d,0x90,0x52,0xa3,0x97,0x88,0x32,0x46, | |
1315 | 0xb6,0x7f,0x5f,0x1e,0xf6,0x3e,0xb5,0xfb | |
1316 | }; | |
1317 | ||
bf5739a0 | 1318 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, |
1cae59d1 | 1319 | (char *)"sha1", 0); |
bf5739a0 P |
1320 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, |
1321 | sizeof(z)); | |
1322 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG, | |
1cae59d1 | 1323 | (char *)cek_alg, 0); |
bf5739a0 P |
1324 | *p = OSSL_PARAM_construct_end(); |
1325 | ||
1aec7716 | 1326 | ret = |
27e27cd7 | 1327 | TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X942KDF)) |
660c5344 | 1328 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) |
1aec7716 SL |
1329 | && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) |
1330 | && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); | |
1331 | ||
660c5344 | 1332 | EVP_KDF_CTX_free(kctx); |
1aec7716 SL |
1333 | return ret; |
1334 | } | |
1335 | #endif /* OPENSSL_NO_CMS */ | |
1336 | ||
33f54da3 SS |
1337 | static int test_kdf_krb5kdf(void) |
1338 | { | |
1339 | int ret; | |
1340 | EVP_KDF_CTX *kctx; | |
1341 | OSSL_PARAM params[4], *p = params; | |
1342 | unsigned char out[16]; | |
1343 | static unsigned char key[] = { | |
1344 | 0x42, 0x26, 0x3C, 0x6E, 0x89, 0xF4, 0xFC, 0x28, | |
1345 | 0xB8, 0xDF, 0x68, 0xEE, 0x09, 0x79, 0x9F, 0x15 | |
1346 | }; | |
1347 | static unsigned char constant[] = { | |
1348 | 0x00, 0x00, 0x00, 0x02, 0x99 | |
1349 | }; | |
1350 | static const unsigned char expected[sizeof(out)] = { | |
1351 | 0x34, 0x28, 0x0A, 0x38, 0x2B, 0xC9, 0x27, 0x69, | |
1352 | 0xB2, 0xDA, 0x2F, 0x9E, 0xF0, 0x66, 0x85, 0x4B | |
1353 | }; | |
1354 | ||
1355 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER, | |
1356 | (char *)"AES-128-CBC", | |
1357 | sizeof("AES-128-CBC")); | |
1358 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key, | |
1359 | sizeof(key)); | |
1360 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_CONSTANT, | |
1361 | constant, sizeof(constant)); | |
1362 | *p = OSSL_PARAM_construct_end(); | |
1363 | ||
1364 | ret = | |
1365 | TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_KRB5KDF)) | |
660c5344 | 1366 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) |
33f54da3 SS |
1367 | && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) |
1368 | && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); | |
1369 | ||
660c5344 | 1370 | EVP_KDF_CTX_free(kctx); |
33f54da3 SS |
1371 | return ret; |
1372 | } | |
1373 | ||
5a285add DM |
1374 | int setup_tests(void) |
1375 | { | |
726ad13c | 1376 | #if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_CAMELLIA) |
f6dead1b RH |
1377 | ADD_TEST(test_kdf_kbkdf_6803_128); |
1378 | ADD_TEST(test_kdf_kbkdf_6803_256); | |
726ad13c | 1379 | #endif |
1cae59d1 JS |
1380 | ADD_TEST(test_kdf_kbkdf_invalid_digest); |
1381 | ADD_TEST(test_kdf_kbkdf_invalid_mac); | |
1382 | ADD_TEST(test_kdf_kbkdf_zero_output_size); | |
1383 | ADD_TEST(test_kdf_kbkdf_empty_key); | |
1384 | ADD_TEST(test_kdf_kbkdf_1byte_key); | |
a39bc440 RH |
1385 | ADD_TEST(test_kdf_kbkdf_8009_prf1); |
1386 | ADD_TEST(test_kdf_kbkdf_8009_prf2); | |
4757a347 SL |
1387 | #if !defined(OPENSSL_NO_CMAC) |
1388 | ADD_TEST(test_kdf_kbkdf_fixedinfo); | |
1389 | #endif | |
d2ba8123 | 1390 | ADD_TEST(test_kdf_get_kdf); |
5a285add | 1391 | ADD_TEST(test_kdf_tls1_prf); |
1cae59d1 JS |
1392 | ADD_TEST(test_kdf_tls1_prf_invalid_digest); |
1393 | ADD_TEST(test_kdf_tls1_prf_zero_output_size); | |
1394 | ADD_TEST(test_kdf_tls1_prf_empty_secret); | |
1395 | ADD_TEST(test_kdf_tls1_prf_1byte_secret); | |
1396 | ADD_TEST(test_kdf_tls1_prf_empty_seed); | |
1397 | ADD_TEST(test_kdf_tls1_prf_1byte_seed); | |
5a285add | 1398 | ADD_TEST(test_kdf_hkdf); |
1cae59d1 JS |
1399 | ADD_TEST(test_kdf_hkdf_invalid_digest); |
1400 | ADD_TEST(test_kdf_hkdf_zero_output_size); | |
1401 | ADD_TEST(test_kdf_hkdf_empty_key); | |
1402 | ADD_TEST(test_kdf_hkdf_1byte_key); | |
1403 | ADD_TEST(test_kdf_hkdf_empty_salt); | |
5a285add | 1404 | ADD_TEST(test_kdf_pbkdf2); |
1cae59d1 JS |
1405 | ADD_TEST(test_kdf_pbkdf2_small_output); |
1406 | ADD_TEST(test_kdf_pbkdf2_large_output); | |
1407 | ADD_TEST(test_kdf_pbkdf2_small_salt); | |
1408 | ADD_TEST(test_kdf_pbkdf2_small_iterations); | |
1409 | ADD_TEST(test_kdf_pbkdf2_small_salt_pkcs5); | |
1410 | ADD_TEST(test_kdf_pbkdf2_small_iterations_pkcs5); | |
1411 | ADD_TEST(test_kdf_pbkdf2_invalid_digest); | |
5a285add DM |
1412 | #ifndef OPENSSL_NO_SCRYPT |
1413 | ADD_TEST(test_kdf_scrypt); | |
1414 | #endif | |
9537fe57 SL |
1415 | ADD_TEST(test_kdf_ss_hash); |
1416 | ADD_TEST(test_kdf_ss_hmac); | |
1417 | ADD_TEST(test_kdf_ss_kmac); | |
87d9955e | 1418 | ADD_TEST(test_kdf_sshkdf); |
8bbeaaa4 | 1419 | ADD_TEST(test_kdf_x963); |
1aec7716 SL |
1420 | #ifndef OPENSSL_NO_CMS |
1421 | ADD_TEST(test_kdf_x942_asn1); | |
1422 | #endif | |
33f54da3 | 1423 | ADD_TEST(test_kdf_krb5kdf); |
5a285add DM |
1424 | return 1; |
1425 | } |