]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/evp_kdf_test.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Fix s390 EDDSA HW support in providers.
[thirdparty/openssl.git] / test / evp_kdf_test.c
CommitLineData
5a285add 1/*
fbd2ece1 2 * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.
4757a347 3 * Copyright (c) 2018-2020, Oracle and/or its affiliates. All rights reserved.
5a285add
DM		 4 *
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
9 */
10
11/* Tests of the EVP_KDF_CTX APIs */
12
13#include <stdio.h>
14#include <string.h>
15
16#include <openssl/evp.h>
17#include <openssl/kdf.h>
81ff9eeb 18#include <openssl/core_names.h>
5a285add
DM		 19#include "testutil.h"
20
bf5739a0
P		 21static EVP_KDF_CTX *get_kdfbyname(const char *name)
22{
23 EVP_KDF *kdf = EVP_KDF_fetch(NULL, name, NULL);
660c5344 24 EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
bf5739a0
P		 25
26 EVP_KDF_free(kdf);
27 return kctx;
28}
29
1cae59d1
JS		 30static OSSL_PARAM *construct_tls1_prf_params(const char *digest, const char *secret,
31 const char *seed)
32{
33 OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 4);
34 OSSL_PARAM *p = params;
35
36 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
37 (char *)digest, 0);
38 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
39 (unsigned char *)secret,
40 strlen(secret));
41 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
42 (unsigned char *)seed,
43 strlen(seed));
44 *p = OSSL_PARAM_construct_end();
45
46 return params;
47}
48
5a285add
DM		 49static int test_kdf_tls1_prf(void)
50{
a3c62426 51 int ret;
d2ba8123 52 EVP_KDF_CTX *kctx = NULL;
5a285add 53 unsigned char out[16];
1cae59d1 54 OSSL_PARAM *params;
8bbeaaa4 55 static const unsigned char expected[sizeof(out)] = {
a3c62426
SL		 56 0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0,
57 0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc
58 };
5a285add 59
1cae59d1 60 params = construct_tls1_prf_params("sha256", "secret", "seed");
bf5739a0 61
d2ba8123 62 ret =
27e27cd7 63 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
660c5344 64 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
d2ba8123
SL		 65 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
66 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
5a285add 67
660c5344 68 EVP_KDF_CTX_free(kctx);
1cae59d1 69 OPENSSL_free(params);
5a285add
DM		 70 return ret;
71}
72
1cae59d1
JS		 73static int test_kdf_tls1_prf_invalid_digest(void)
74{
75 int ret;
76 EVP_KDF_CTX *kctx = NULL;
77 OSSL_PARAM *params;
78
79 params = construct_tls1_prf_params("blah", "secret", "seed");
80
81 ret =
82 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
83 && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
84
85 EVP_KDF_CTX_free(kctx);
86 OPENSSL_free(params);
87 return ret;
88}
89
90static int test_kdf_tls1_prf_zero_output_size(void)
91{
92 int ret;
93 EVP_KDF_CTX *kctx = NULL;
94 unsigned char out[16];
95 OSSL_PARAM *params;
96
97 params = construct_tls1_prf_params("sha256", "secret", "seed");
98
99 /* Negative test - derive should fail */
100 ret =
101 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
102 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
103 && TEST_int_eq(EVP_KDF_derive(kctx, out, 0), 0);
104
105 EVP_KDF_CTX_free(kctx);
106 OPENSSL_free(params);
107 return ret;
108}
109
110static int test_kdf_tls1_prf_empty_secret(void)
111{
112 int ret;
113 EVP_KDF_CTX *kctx = NULL;
114 unsigned char out[16];
115 OSSL_PARAM *params;
116
117 params = construct_tls1_prf_params("sha256", "", "seed");
118
119 ret =
120 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
121 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
122 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0);
123
124 EVP_KDF_CTX_free(kctx);
125 OPENSSL_free(params);
126 return ret;
127}
128
129static int test_kdf_tls1_prf_1byte_secret(void)
130{
131 int ret;
132 EVP_KDF_CTX *kctx = NULL;
133 unsigned char out[16];
134 OSSL_PARAM *params;
135
136 params = construct_tls1_prf_params("sha256", "1", "seed");
137
138 ret =
139 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
140 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
141 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0);
142
143 EVP_KDF_CTX_free(kctx);
144 OPENSSL_free(params);
145 return ret;
146}
147
148static int test_kdf_tls1_prf_empty_seed(void)
149{
150 int ret;
151 EVP_KDF_CTX *kctx = NULL;
152 unsigned char out[16];
153 OSSL_PARAM *params;
154
155 params = construct_tls1_prf_params("sha256", "secret", "");
156
157 /* Negative test - derive should fail */
158 ret =
159 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
160 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
161 && TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out)), 0);
162
163 EVP_KDF_CTX_free(kctx);
164 OPENSSL_free(params);
165 return ret;
166}
167
168static int test_kdf_tls1_prf_1byte_seed(void)
169{
170 int ret;
171 EVP_KDF_CTX *kctx = NULL;
172 unsigned char out[16];
173 OSSL_PARAM *params;
174
175 params = construct_tls1_prf_params("sha256", "secret", "1");
176
177 ret =
178 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
179 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
180 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0);
181
182 EVP_KDF_CTX_free(kctx);
183 OPENSSL_free(params);
184 return ret;
185}
186
187static OSSL_PARAM *construct_hkdf_params(char *digest, char *key,
188 size_t keylen, char *salt, char *info)
189{
190 OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 5);
191 OSSL_PARAM *p = params;
192
193 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
194 digest, 0);
195 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
196 salt, strlen(salt));
197 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
198 (unsigned char *)key, keylen);
199 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
200 info, strlen(info));
201 *p = OSSL_PARAM_construct_end();
202
203 return params;
204}
205
5a285add
DM		 206static int test_kdf_hkdf(void)
207{
a3c62426 208 int ret;
5a285add
DM		 209 EVP_KDF_CTX *kctx;
210 unsigned char out[10];
1cae59d1 211 OSSL_PARAM *params;
8bbeaaa4 212 static const unsigned char expected[sizeof(out)] = {
a3c62426
SL		 213 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13
214 };
5a285add 215
1cae59d1 216 params = construct_hkdf_params("sha256", "secret", 6, "salt", "label");
bf5739a0 217
d2ba8123 218 ret =
27e27cd7 219 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
660c5344 220 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
d2ba8123
SL		 221 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
222 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
5a285add 223
660c5344 224 EVP_KDF_CTX_free(kctx);
1cae59d1
JS		 225 OPENSSL_free(params);
226 return ret;
227}
228
229static int test_kdf_hkdf_invalid_digest(void)
230{
231 int ret;
232 EVP_KDF_CTX *kctx;
233 OSSL_PARAM *params;
234
235 params = construct_hkdf_params("blah", "secret", 6, "salt", "label");
236
237 ret =
238 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
239 && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
240
241 EVP_KDF_CTX_free(kctx);
242 OPENSSL_free(params);
243 return ret;
244}
245
246static int test_kdf_hkdf_zero_output_size(void)
247{
248 int ret;
249 EVP_KDF_CTX *kctx;
250 unsigned char out[10];
251 OSSL_PARAM *params;
252
253 params = construct_hkdf_params("sha256", "secret", 6, "salt", "label");
254
255 /* Negative test - derive should fail */
256 ret =
257 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
258 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
259 && TEST_int_eq(EVP_KDF_derive(kctx, out, 0), 0);
260
261 EVP_KDF_CTX_free(kctx);
262 OPENSSL_free(params);
263 return ret;
264}
265
266static int test_kdf_hkdf_empty_key(void)
267{
268 int ret;
269 EVP_KDF_CTX *kctx;
270 unsigned char out[10];
271 OSSL_PARAM *params;
272
273 params = construct_hkdf_params("sha256", "", 0, "salt", "label");
274
275 ret =
276 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
277 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
278 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0);
279
280 EVP_KDF_CTX_free(kctx);
281 OPENSSL_free(params);
282 return ret;
283}
284
285static int test_kdf_hkdf_1byte_key(void)
286{
287 int ret;
288 EVP_KDF_CTX *kctx;
289 unsigned char out[10];
290 OSSL_PARAM *params;
291
292 params = construct_hkdf_params("sha256", "1", 1, "salt", "label");
293
294 ret =
295 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
296 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
297 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0);
298
299 EVP_KDF_CTX_free(kctx);
300 OPENSSL_free(params);
301 return ret;
302}
303
304static int test_kdf_hkdf_empty_salt(void)
305{
306 int ret;
307 EVP_KDF_CTX *kctx;
308 unsigned char out[10];
309 OSSL_PARAM *params;
310
311 params = construct_hkdf_params("sha256", "secret", 6, "", "label");
312
313 ret =
314 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
315 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
316 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0);
317
318 EVP_KDF_CTX_free(kctx);
319 OPENSSL_free(params);
5a285add
DM		 320 return ret;
321}
322
1cae59d1
JS		 323static OSSL_PARAM *construct_pbkdf2_params(char *pass, char *digest, char *salt,
324 unsigned int *iter, int *mode)
325{
326 OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 6);
327 OSSL_PARAM *p = params;
328
329 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
330 (unsigned char *)pass, strlen(pass));
331 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
332 (unsigned char *)salt, strlen(salt));
333 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_ITER, iter);
334 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
335 digest, 0);
336 *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, mode);
337 *p = OSSL_PARAM_construct_end();
338
339 return params;
340}
341
5a285add
DM		 342static int test_kdf_pbkdf2(void)
343{
bf5739a0 344 int ret = 0;
5a285add 345 EVP_KDF_CTX *kctx;
f0efeea2 346 unsigned char out[25];
bf5739a0
P		 347 unsigned int iterations = 4096;
348 int mode = 0;
1cae59d1 349 OSSL_PARAM *params;
f0efeea2
SL		 350 const unsigned char expected[sizeof(out)] = {
351 0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f,
352 0x32, 0xd8, 0x14, 0xb8, 0x11, 0x6e, 0x84, 0xcf,
353 0x2b, 0x17, 0x34, 0x7e, 0xbc, 0x18, 0x00, 0x18,
354 0x1c
a3c62426 355 };
5a285add 356
1cae59d1
JS		 357 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
358 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
359 &iterations, &mode);
bf5739a0 360
27e27cd7 361 if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
660c5344 362 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
bf5739a0 363 || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
1cae59d1
JS		 364 || !TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)))
365 goto err;
366
367 ret = 1;
368err:
369 EVP_KDF_CTX_free(kctx);
370 OPENSSL_free(params);
371 return ret;
372}
373
374static int test_kdf_pbkdf2_small_output(void)
375{
376 int ret = 0;
377 EVP_KDF_CTX *kctx;
378 unsigned char out[25];
379 unsigned int iterations = 4096;
380 int mode = 0;
381 OSSL_PARAM *params;
382
383 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
384 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
385 &iterations, &mode);
386
387 if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
660c5344 388 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
bf5739a0 389 /* A key length that is too small should fail */
1cae59d1
JS		 390 || !TEST_int_eq(EVP_KDF_derive(kctx, out, 112 / 8 - 1), 0))
391 goto err;
392
393 ret = 1;
394err:
395 EVP_KDF_CTX_free(kctx);
396 OPENSSL_free(params);
397 return ret;
398}
399
400static int test_kdf_pbkdf2_large_output(void)
401{
402 int ret = 0;
403 EVP_KDF_CTX *kctx;
404 unsigned char out[25];
405 size_t len = 0;
406 unsigned int iterations = 4096;
407 int mode = 0;
408 OSSL_PARAM *params;
409
410 if (sizeof(len) > 32)
411 len = SIZE_MAX;
412
413 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
414 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
415 &iterations, &mode);
416
417 if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
418 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
bf5739a0
P		 419 /* A key length that is too large should fail */
420 || (len != 0 && !TEST_int_eq(EVP_KDF_derive(kctx, out, len), 0)))
421 goto err;
1cae59d1 422
bf5739a0
P		 423 ret = 1;
424err:
660c5344 425 EVP_KDF_CTX_free(kctx);
1cae59d1
JS		 426 OPENSSL_free(params);
427 return ret;
428}
429
430static int test_kdf_pbkdf2_small_salt(void)
431{
432 int ret = 0;
433 EVP_KDF_CTX *kctx;
434 unsigned int iterations = 4096;
435 int mode = 0;
436 OSSL_PARAM *params;
437
438 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
439 "saltSALT",
440 &iterations, &mode);
441
442 if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
443 /* A salt that is too small should fail */
444 || !TEST_false(EVP_KDF_CTX_set_params(kctx, params)))
445 goto err;
446
447 ret = 1;
448err:
449 EVP_KDF_CTX_free(kctx);
450 OPENSSL_free(params);
451 return ret;
452}
453
454static int test_kdf_pbkdf2_small_iterations(void)
455{
456 int ret = 0;
457 EVP_KDF_CTX *kctx;
458 unsigned int iterations = 1;
459 int mode = 0;
460 OSSL_PARAM *params;
461
462 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
463 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
464 &iterations, &mode);
465
466 if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
467 /* An iteration count that is too small should fail */
468 || !TEST_false(EVP_KDF_CTX_set_params(kctx, params)))
469 goto err;
470
471 ret = 1;
472err:
473 EVP_KDF_CTX_free(kctx);
474 OPENSSL_free(params);
475 return ret;
476}
477
478static int test_kdf_pbkdf2_small_salt_pkcs5(void)
479{
480 int ret = 0;
481 EVP_KDF_CTX *kctx;
482 unsigned char out[25];
483 unsigned int iterations = 4096;
484 int mode = 1;
485 OSSL_PARAM *params;
486 OSSL_PARAM mode_params[2];
487
488 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
489 "saltSALT",
490 &iterations, &mode);
491
492 if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
493 /* A salt that is too small should pass in pkcs5 mode */
494 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
495 || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0))
496 goto err;
497
498 mode = 0;
499 mode_params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &mode);
500 mode_params[1] = OSSL_PARAM_construct_end();
501
502 /* If the "pkcs5" mode is disabled then the derive will now fail */
503 if (!TEST_true(EVP_KDF_CTX_set_params(kctx, mode_params))
504 || !TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out)), 0))
505 goto err;
506
507 ret = 1;
508err:
509 EVP_KDF_CTX_free(kctx);
510 OPENSSL_free(params);
511 return ret;
512}
513
514static int test_kdf_pbkdf2_small_iterations_pkcs5(void)
515{
516 int ret = 0;
517 EVP_KDF_CTX *kctx;
518 unsigned char out[25];
519 unsigned int iterations = 1;
520 int mode = 1;
521 OSSL_PARAM *params;
522 OSSL_PARAM mode_params[2];
523
524 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
525 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
526 &iterations, &mode);
527
528 if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
529 /* An iteration count that is too small will pass in pkcs5 mode */
530 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
531 || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0))
532 goto err;
533
534 mode = 0;
535 mode_params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &mode);
536 mode_params[1] = OSSL_PARAM_construct_end();
537
538 /* If the "pkcs5" mode is disabled then the derive will now fail */
539 if (!TEST_true(EVP_KDF_CTX_set_params(kctx, mode_params))
540 || !TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out)), 0))
541 goto err;
542
543 ret = 1;
544err:
545 EVP_KDF_CTX_free(kctx);
546 OPENSSL_free(params);
547 return ret;
548}
549
550static int test_kdf_pbkdf2_invalid_digest(void)
551{
552 int ret = 0;
553 EVP_KDF_CTX *kctx;
554 unsigned int iterations = 4096;
555 int mode = 0;
556 OSSL_PARAM *params;
557
558 params = construct_pbkdf2_params("passwordPASSWORDpassword", "blah",
559 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
560 &iterations, &mode);
561
562 if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
563 /* Unknown digest should fail */
564 || !TEST_false(EVP_KDF_CTX_set_params(kctx, params)))
565 goto err;
566
567 ret = 1;
568err:
569 EVP_KDF_CTX_free(kctx);
570 OPENSSL_free(params);
5a285add
DM		 571 return ret;
572}
573
574#ifndef OPENSSL_NO_SCRYPT
575static int test_kdf_scrypt(void)
576{
a3c62426 577 int ret;
5a285add 578 EVP_KDF_CTX *kctx;
bf5739a0 579 OSSL_PARAM params[7], *p = params;
5a285add 580 unsigned char out[64];
bf5739a0 581 unsigned int nu = 1024, ru = 8, pu = 16, maxmem = 16;
8bbeaaa4 582 static const unsigned char expected[sizeof(out)] = {
a3c62426
SL		 583 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
584 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
585 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
586 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
587 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
588 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
589 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
590 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
591 };
5a285add 592
bf5739a0
P		 593 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
594 (char *)"password", 8);
595 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
596 (char *)"NaCl", 4);
597 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_N, &nu);
598 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_R, &ru);
599 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_P, &pu);
600 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_MAXMEM, &maxmem);
601 *p = OSSL_PARAM_construct_end();
602
d2ba8123 603 ret =
27e27cd7 604 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SCRYPT))
660c5344 605 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
bf5739a0
P		 606 /* failure test *//*
607 && TEST_int_le(EVP_KDF_derive(kctx, out, sizeof(out)), 0)*/
608 && TEST_true(OSSL_PARAM_set_uint(p - 1, 10 * 1024 * 1024))
660c5344 609 && TEST_true(EVP_KDF_CTX_set_params(kctx, p - 1))
d2ba8123
SL		 610 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
611 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
5a285add 612
660c5344 613 EVP_KDF_CTX_free(kctx);
5a285add
DM		 614 return ret;
615}
a3c62426 616#endif /* OPENSSL_NO_SCRYPT */
5a285add 617
9537fe57
SL		 618static int test_kdf_ss_hash(void)
619{
a3c62426 620 int ret;
bf5739a0
P		 621 EVP_KDF_CTX *kctx;
622 OSSL_PARAM params[4], *p = params;
8bbeaaa4 623 unsigned char out[14];
bf5739a0 624 static unsigned char z[] = {
9537fe57
SL		 625 0x6d,0xbd,0xc2,0x3f,0x04,0x54,0x88,0xe4,0x06,0x27,0x57,0xb0,0x6b,0x9e,
626 0xba,0xe1,0x83,0xfc,0x5a,0x59,0x46,0xd8,0x0d,0xb9,0x3f,0xec,0x6f,0x62,
627 0xec,0x07,0xe3,0x72,0x7f,0x01,0x26,0xae,0xd1,0x2c,0xe4,0xb2,0x62,0xf4,
628 0x7d,0x48,0xd5,0x42,0x87,0xf8,0x1d,0x47,0x4c,0x7c,0x3b,0x18,0x50,0xe9
629 };
bf5739a0 630 static unsigned char other[] = {
9537fe57
SL		 631 0xa1,0xb2,0xc3,0xd4,0xe5,0x43,0x41,0x56,0x53,0x69,0x64,0x3c,0x83,0x2e,
632 0x98,0x49,0xdc,0xdb,0xa7,0x1e,0x9a,0x31,0x39,0xe6,0x06,0xe0,0x95,0xde,
633 0x3c,0x26,0x4a,0x66,0xe9,0x8a,0x16,0x58,0x54,0xcd,0x07,0x98,0x9b,0x1e,
634 0xe0,0xec,0x3f,0x8d,0xbe
635 };
8bbeaaa4 636 static const unsigned char expected[sizeof(out)] = {
9537fe57
SL		 637 0xa4,0x62,0xde,0x16,0xa8,0x9d,0xe8,0x46,0x6e,0xf5,0x46,0x0b,0x47,0xb8
638 };
9537fe57 639
bf5739a0
P		 640 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
641 (char *)"sha224", sizeof("sha224"));
642 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
643 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
644 sizeof(other));
645 *p = OSSL_PARAM_construct_end();
646
d2ba8123 647 ret =
27e27cd7 648 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
660c5344 649 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
d2ba8123
SL		 650 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
651 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
9537fe57 652
660c5344 653 EVP_KDF_CTX_free(kctx);
a3c62426 654 return ret;
9537fe57
SL		 655}
656
8bbeaaa4
SL		 657static int test_kdf_x963(void)
658{
659 int ret;
bf5739a0
P		 660 EVP_KDF_CTX *kctx;
661 OSSL_PARAM params[4], *p = params;
8bbeaaa4
SL		 662 unsigned char out[1024 / 8];
663 /*
664 * Test data from https://csrc.nist.gov/CSRC/media/Projects/
665 * Cryptographic-Algorithm-Validation-Program/documents/components/
666 * 800-135testvectors/ansx963_2001.zip
667 */
bf5739a0 668 static unsigned char z[] = {
8bbeaaa4
SL		 669 0x00, 0xaa, 0x5b, 0xb7, 0x9b, 0x33, 0xe3, 0x89, 0xfa, 0x58, 0xce, 0xad,
670 0xc0, 0x47, 0x19, 0x7f, 0x14, 0xe7, 0x37, 0x12, 0xf4, 0x52, 0xca, 0xa9,
671 0xfc, 0x4c, 0x9a, 0xdb, 0x36, 0x93, 0x48, 0xb8, 0x15, 0x07, 0x39, 0x2f,
672 0x1a, 0x86, 0xdd, 0xfd, 0xb7, 0xc4, 0xff, 0x82, 0x31, 0xc4, 0xbd, 0x0f,
673 0x44, 0xe4, 0x4a, 0x1b, 0x55, 0xb1, 0x40, 0x47, 0x47, 0xa9, 0xe2, 0xe7,
674 0x53, 0xf5, 0x5e, 0xf0, 0x5a, 0x2d
675 };
bf5739a0 676 static unsigned char shared[] = {
8bbeaaa4
SL		 677 0xe3, 0xb5, 0xb4, 0xc1, 0xb0, 0xd5, 0xcf, 0x1d, 0x2b, 0x3a, 0x2f, 0x99,
678 0x37, 0x89, 0x5d, 0x31
679 };
680 static const unsigned char expected[sizeof(out)] = {
681 0x44, 0x63, 0xf8, 0x69, 0xf3, 0xcc, 0x18, 0x76, 0x9b, 0x52, 0x26, 0x4b,
682 0x01, 0x12, 0xb5, 0x85, 0x8f, 0x7a, 0xd3, 0x2a, 0x5a, 0x2d, 0x96, 0xd8,
683 0xcf, 0xfa, 0xbf, 0x7f, 0xa7, 0x33, 0x63, 0x3d, 0x6e, 0x4d, 0xd2, 0xa5,
684 0x99, 0xac, 0xce, 0xb3, 0xea, 0x54, 0xa6, 0x21, 0x7c, 0xe0, 0xb5, 0x0e,
685 0xef, 0x4f, 0x6b, 0x40, 0xa5, 0xc3, 0x02, 0x50, 0xa5, 0xa8, 0xee, 0xee,
686 0x20, 0x80, 0x02, 0x26, 0x70, 0x89, 0xdb, 0xf3, 0x51, 0xf3, 0xf5, 0x02,
687 0x2a, 0xa9, 0x63, 0x8b, 0xf1, 0xee, 0x41, 0x9d, 0xea, 0x9c, 0x4f, 0xf7,
688 0x45, 0xa2, 0x5a, 0xc2, 0x7b, 0xda, 0x33, 0xca, 0x08, 0xbd, 0x56, 0xdd,
689 0x1a, 0x59, 0xb4, 0x10, 0x6c, 0xf2, 0xdb, 0xbc, 0x0a, 0xb2, 0xaa, 0x8e,
690 0x2e, 0xfa, 0x7b, 0x17, 0x90, 0x2d, 0x34, 0x27, 0x69, 0x51, 0xce, 0xcc,
691 0xab, 0x87, 0xf9, 0x66, 0x1c, 0x3e, 0x88, 0x16
692 };
693
bf5739a0
P		 694 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
695 (char *)"sha512", sizeof("sha512"));
696 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
697 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, shared,
698 sizeof(shared));
699 *p = OSSL_PARAM_construct_end();
700
8bbeaaa4 701 ret =
27e27cd7 702 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X963KDF))
660c5344 703 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
8bbeaaa4
SL		 704 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
705 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
706
660c5344 707 EVP_KDF_CTX_free(kctx);
8bbeaaa4
SL		 708 return ret;
709}
710
726ad13c 711#if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_CAMELLIA)
f6dead1b
RH		 712/*
713 * KBKDF test vectors from RFC 6803 (Camellia Encryption for Kerberos 5)
714 * section 10.
715 */
716static int test_kdf_kbkdf_6803_128(void)
717{
718 int ret = 0, i, p;
719 EVP_KDF_CTX *kctx;
720 OSSL_PARAM params[7];
721 static unsigned char input_key[] = {
722 0x57, 0xD0, 0x29, 0x72, 0x98, 0xFF, 0xD9, 0xD3,
723 0x5D, 0xE5, 0xA4, 0x7F, 0xB4, 0xBD, 0xE2, 0x4B,
724 };
725 static unsigned char constants[][5] = {
726 { 0x00, 0x00, 0x00, 0x02, 0x99 },
727 { 0x00, 0x00, 0x00, 0x02, 0xaa },
728 { 0x00, 0x00, 0x00, 0x02, 0x55 },
729 };
730 static unsigned char outputs[][16] = {
731 {0xD1, 0x55, 0x77, 0x5A, 0x20, 0x9D, 0x05, 0xF0,
732 0x2B, 0x38, 0xD4, 0x2A, 0x38, 0x9E, 0x5A, 0x56},
733 {0x64, 0xDF, 0x83, 0xF8, 0x5A, 0x53, 0x2F, 0x17,
734 0x57, 0x7D, 0x8C, 0x37, 0x03, 0x57, 0x96, 0xAB},
735 {0x3E, 0x4F, 0xBD, 0xF3, 0x0F, 0xB8, 0x25, 0x9C,
736 0x42, 0x5C, 0xB6, 0xC9, 0x6F, 0x1F, 0x46, 0x35}
737 };
738 static unsigned char iv[16] = { 0 };
739 unsigned char result[16] = { 0 };
740
741 for (i = 0; i < 3; i++) {
742 p = 0;
743 params[p++] = OSSL_PARAM_construct_utf8_string(
744 OSSL_KDF_PARAM_CIPHER, "CAMELLIA-128-CBC", 0);
745 params[p++] = OSSL_PARAM_construct_utf8_string(
746 OSSL_KDF_PARAM_MAC, "CMAC", 0);
747 params[p++] = OSSL_PARAM_construct_utf8_string(
748 OSSL_KDF_PARAM_MODE, "FEEDBACK", 0);
749 params[p++] = OSSL_PARAM_construct_octet_string(
750 OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
751 params[p++] = OSSL_PARAM_construct_octet_string(
752 OSSL_KDF_PARAM_SALT, constants[i], sizeof(constants[i]));
753 params[p++] = OSSL_PARAM_construct_octet_string(
754 OSSL_KDF_PARAM_SEED, iv, sizeof(iv));
755 params[p] = OSSL_PARAM_construct_end();
756
757 kctx = get_kdfbyname("KBKDF");
758 ret = TEST_ptr(kctx)
660c5344 759 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
f6dead1b
RH		 760 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0)
761 && TEST_mem_eq(result, sizeof(result), outputs[i],
762 sizeof(outputs[i]));
660c5344 763 EVP_KDF_CTX_free(kctx);
f6dead1b
RH		 764 if (ret != 1)
765 return ret;
766 }
767
768 return ret;
769}
770
771static int test_kdf_kbkdf_6803_256(void)
772{
773 int ret = 0, i, p;
774 EVP_KDF_CTX *kctx;
775 OSSL_PARAM params[7];
776 static unsigned char input_key[] = {
777 0xB9, 0xD6, 0x82, 0x8B, 0x20, 0x56, 0xB7, 0xBE,
778 0x65, 0x6D, 0x88, 0xA1, 0x23, 0xB1, 0xFA, 0xC6,
779 0x82, 0x14, 0xAC, 0x2B, 0x72, 0x7E, 0xCF, 0x5F,
780 0x69, 0xAF, 0xE0, 0xC4, 0xDF, 0x2A, 0x6D, 0x2C,
781 };
782 static unsigned char constants[][5] = {
783 { 0x00, 0x00, 0x00, 0x02, 0x99 },
784 { 0x00, 0x00, 0x00, 0x02, 0xaa },
785 { 0x00, 0x00, 0x00, 0x02, 0x55 },
786 };
787 static unsigned char outputs[][32] = {
788 {0xE4, 0x67, 0xF9, 0xA9, 0x55, 0x2B, 0xC7, 0xD3,
789 0x15, 0x5A, 0x62, 0x20, 0xAF, 0x9C, 0x19, 0x22,
790 0x0E, 0xEE, 0xD4, 0xFF, 0x78, 0xB0, 0xD1, 0xE6,
791 0xA1, 0x54, 0x49, 0x91, 0x46, 0x1A, 0x9E, 0x50,
792 },
793 {0x41, 0x2A, 0xEF, 0xC3, 0x62, 0xA7, 0x28, 0x5F,
794 0xC3, 0x96, 0x6C, 0x6A, 0x51, 0x81, 0xE7, 0x60,
795 0x5A, 0xE6, 0x75, 0x23, 0x5B, 0x6D, 0x54, 0x9F,
796 0xBF, 0xC9, 0xAB, 0x66, 0x30, 0xA4, 0xC6, 0x04,
797 },
798 {0xFA, 0x62, 0x4F, 0xA0, 0xE5, 0x23, 0x99, 0x3F,
799 0xA3, 0x88, 0xAE, 0xFD, 0xC6, 0x7E, 0x67, 0xEB,
800 0xCD, 0x8C, 0x08, 0xE8, 0xA0, 0x24, 0x6B, 0x1D,
801 0x73, 0xB0, 0xD1, 0xDD, 0x9F, 0xC5, 0x82, 0xB0,
802 },
803 };
804 static unsigned char iv[16] = { 0 };
805 unsigned char result[32] = { 0 };
806
807 for (i = 0; i < 3; i++) {
808 p = 0;
809 params[p++] = OSSL_PARAM_construct_utf8_string(
810 OSSL_KDF_PARAM_CIPHER, "CAMELLIA-256-CBC", 0);
811 params[p++] = OSSL_PARAM_construct_utf8_string(
812 OSSL_KDF_PARAM_MAC, "CMAC", 0);
813 params[p++] = OSSL_PARAM_construct_utf8_string(
814 OSSL_KDF_PARAM_MODE, "FEEDBACK", 0);
815 params[p++] = OSSL_PARAM_construct_octet_string(
816 OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
817 params[p++] = OSSL_PARAM_construct_octet_string(
818 OSSL_KDF_PARAM_SALT, constants[i], sizeof(constants[i]));
819 params[p++] = OSSL_PARAM_construct_octet_string(
820 OSSL_KDF_PARAM_SEED, iv, sizeof(iv));
821 params[p] = OSSL_PARAM_construct_end();
822
823 kctx = get_kdfbyname("KBKDF");
824 ret = TEST_ptr(kctx)
660c5344 825 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
f6dead1b
RH		 826 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0)
827 && TEST_mem_eq(result, sizeof(result), outputs[i],
828 sizeof(outputs[i]));
660c5344 829 EVP_KDF_CTX_free(kctx);
f6dead1b
RH		 830 if (ret != 1)
831 return ret;
832 }
833
834 return ret;
835}
726ad13c 836#endif
f6dead1b 837
1cae59d1
JS		 838static OSSL_PARAM *construct_kbkdf_params(char *digest, char *mac, unsigned char *key,
839 size_t keylen, char *salt, char *info)
840{
841 OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 7);
842 OSSL_PARAM *p = params;
843
844 *p++ = OSSL_PARAM_construct_utf8_string(
845 OSSL_KDF_PARAM_DIGEST, digest, 0);
846 *p++ = OSSL_PARAM_construct_utf8_string(
847 OSSL_KDF_PARAM_MAC, mac, 0);
848 *p++ = OSSL_PARAM_construct_utf8_string(
849 OSSL_KDF_PARAM_MODE, "COUNTER", 0);
850 *p++ = OSSL_PARAM_construct_octet_string(
851 OSSL_KDF_PARAM_KEY, key, keylen);
852 *p++ = OSSL_PARAM_construct_octet_string(
853 OSSL_KDF_PARAM_SALT, salt, strlen(salt));
854 *p++ = OSSL_PARAM_construct_octet_string(
855 OSSL_KDF_PARAM_INFO, info, strlen(info));
856 *p = OSSL_PARAM_construct_end();
857
858 return params;
859}
860
861static int test_kdf_kbkdf_invalid_digest(void)
862{
863 int ret;
864 EVP_KDF_CTX *kctx;
865 OSSL_PARAM *params;
866
867 static unsigned char key[] = {0x01};
868
869 params = construct_kbkdf_params("blah", "HMAC", key, 1, "prf", "test");
870
871 /* Negative test case - set_params should fail */
872 kctx = get_kdfbyname("KBKDF");
873 ret = TEST_ptr(kctx)
874 && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
875
876 EVP_KDF_CTX_free(kctx);
877 OPENSSL_free(params);
878 return ret;
879}
880
881static int test_kdf_kbkdf_invalid_mac(void)
882{
883 int ret;
884 EVP_KDF_CTX *kctx;
885 OSSL_PARAM *params;
886
887 static unsigned char key[] = {0x01};
888
889 params = construct_kbkdf_params("sha256", "blah", key, 1, "prf", "test");
890
891 /* Negative test case - set_params should fail */
892 kctx = get_kdfbyname("KBKDF");
893 ret = TEST_ptr(kctx)
894 && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
895
896 EVP_KDF_CTX_free(kctx);
897 OPENSSL_free(params);
898 return ret;
899}
900
901static int test_kdf_kbkdf_empty_key(void)
902{
903 int ret;
904 EVP_KDF_CTX *kctx;
905 OSSL_PARAM *params;
906
907 static unsigned char key[] = {0x01};
908 unsigned char result[32] = { 0 };
909
910 params = construct_kbkdf_params("sha256", "HMAC", key, 0, "prf", "test");
911
912 /* Negative test case - derive should fail */
913 kctx = get_kdfbyname("KBKDF");
914 ret = TEST_ptr(kctx)
915 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
916 && TEST_int_eq(EVP_KDF_derive(kctx, result, sizeof(result)), 0);
917
918 EVP_KDF_CTX_free(kctx);
919 OPENSSL_free(params);
920 return ret;
921}
922
923static int test_kdf_kbkdf_1byte_key(void)
924{
925 int ret;
926 EVP_KDF_CTX *kctx;
927 OSSL_PARAM *params;
928
929 static unsigned char key[] = {0x01};
930 unsigned char result[32] = { 0 };
931
932 params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test");
933
934 kctx = get_kdfbyname("KBKDF");
935 ret = TEST_ptr(kctx)
936 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
937 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0);
938
939 EVP_KDF_CTX_free(kctx);
940 OPENSSL_free(params);
941 return ret;
942}
943
944static int test_kdf_kbkdf_zero_output_size(void)
945{
946 int ret;
947 EVP_KDF_CTX *kctx;
948 OSSL_PARAM *params;
949
950 static unsigned char key[] = {0x01};
951 unsigned char result[32] = { 0 };
952
953 params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test");
954
955 /* Negative test case - derive should fail */
956 kctx = get_kdfbyname("KBKDF");
957 ret = TEST_ptr(kctx)
958 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
959 && TEST_int_eq(EVP_KDF_derive(kctx, result, 0), 0);
960
961 EVP_KDF_CTX_free(kctx);
962 OPENSSL_free(params);
963 return ret;
964}
965
a39bc440
RH		 966/* Two test vectors from RFC 8009 (AES Encryption with HMAC-SHA2 for Kerberos
967 * 5) appendix A. */
968static int test_kdf_kbkdf_8009_prf1(void)
969{
970 int ret, i = 0;
971 EVP_KDF_CTX *kctx;
972 OSSL_PARAM params[6];
973 char *label = "prf", *digest = "sha256", *prf_input = "test",
974 *mac = "HMAC";
975 static unsigned char input_key[] = {
976 0x37, 0x05, 0xD9, 0x60, 0x80, 0xC1, 0x77, 0x28,
977 0xA0, 0xE8, 0x00, 0xEA, 0xB6, 0xE0, 0xD2, 0x3C,
978 };
979 static unsigned char output[] = {
980 0x9D, 0x18, 0x86, 0x16, 0xF6, 0x38, 0x52, 0xFE,
981 0x86, 0x91, 0x5B, 0xB8, 0x40, 0xB4, 0xA8, 0x86,
982 0xFF, 0x3E, 0x6B, 0xB0, 0xF8, 0x19, 0xB4, 0x9B,
983 0x89, 0x33, 0x93, 0xD3, 0x93, 0x85, 0x42, 0x95,
984 };
985 unsigned char result[sizeof(output)] = { 0 };
986
987 params[i++] = OSSL_PARAM_construct_utf8_string(
1cae59d1 988 OSSL_KDF_PARAM_DIGEST, digest, 0);
a39bc440 989 params[i++] = OSSL_PARAM_construct_utf8_string(
1cae59d1 990 OSSL_KDF_PARAM_MAC, mac, 0);
a39bc440
RH		 991 params[i++] = OSSL_PARAM_construct_octet_string(
992 OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
993 params[i++] = OSSL_PARAM_construct_octet_string(
994 OSSL_KDF_PARAM_SALT, label, strlen(label));
995 params[i++] = OSSL_PARAM_construct_octet_string(
996 OSSL_KDF_PARAM_INFO, prf_input, strlen(prf_input));
997 params[i] = OSSL_PARAM_construct_end();
998
999 kctx = get_kdfbyname("KBKDF");
1000 ret = TEST_ptr(kctx)
660c5344 1001 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
a39bc440
RH		 1002 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0)
1003 && TEST_mem_eq(result, sizeof(result), output, sizeof(output));
1004
660c5344 1005 EVP_KDF_CTX_free(kctx);
a39bc440
RH		 1006 return ret;
1007}
1008
1009static int test_kdf_kbkdf_8009_prf2(void)
1010{
1011 int ret, i = 0;
1012 EVP_KDF_CTX *kctx;
1013 OSSL_PARAM params[6];
1014 char *label = "prf", *digest = "sha384", *prf_input = "test",
1015 *mac = "HMAC";
1016 static unsigned char input_key[] = {
1017 0x6D, 0x40, 0x4D, 0x37, 0xFA, 0xF7, 0x9F, 0x9D,
1018 0xF0, 0xD3, 0x35, 0x68, 0xD3, 0x20, 0x66, 0x98,
1019 0x00, 0xEB, 0x48, 0x36, 0x47, 0x2E, 0xA8, 0xA0,
1020 0x26, 0xD1, 0x6B, 0x71, 0x82, 0x46, 0x0C, 0x52,
1021 };
1022 static unsigned char output[] = {
1023 0x98, 0x01, 0xF6, 0x9A, 0x36, 0x8C, 0x2B, 0xF6,
1024 0x75, 0xE5, 0x95, 0x21, 0xE1, 0x77, 0xD9, 0xA0,
1025 0x7F, 0x67, 0xEF, 0xE1, 0xCF, 0xDE, 0x8D, 0x3C,
1026 0x8D, 0x6F, 0x6A, 0x02, 0x56, 0xE3, 0xB1, 0x7D,
1027 0xB3, 0xC1, 0xB6, 0x2A, 0xD1, 0xB8, 0x55, 0x33,
1028 0x60, 0xD1, 0x73, 0x67, 0xEB, 0x15, 0x14, 0xD2,
1029 };
1030 unsigned char result[sizeof(output)] = { 0 };
1031
1032 params[i++] = OSSL_PARAM_construct_utf8_string(
1cae59d1 1033 OSSL_KDF_PARAM_DIGEST, digest, 0);
a39bc440 1034 params[i++] = OSSL_PARAM_construct_utf8_string(
1cae59d1 1035 OSSL_KDF_PARAM_MAC, mac, 0);
a39bc440
RH		 1036 params[i++] = OSSL_PARAM_construct_octet_string(
1037 OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
1038 params[i++] = OSSL_PARAM_construct_octet_string(
1039 OSSL_KDF_PARAM_SALT, label, strlen(label));
1040 params[i++] = OSSL_PARAM_construct_octet_string(
1041 OSSL_KDF_PARAM_INFO, prf_input, strlen(prf_input));
1042 params[i] = OSSL_PARAM_construct_end();
1043
1044 kctx = get_kdfbyname("KBKDF");
1045 ret = TEST_ptr(kctx)
660c5344 1046 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
a39bc440
RH		 1047 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0)
1048 && TEST_mem_eq(result, sizeof(result), output, sizeof(output));
1049
660c5344 1050 EVP_KDF_CTX_free(kctx);
a39bc440
RH		 1051 return ret;
1052}
1053
4757a347
SL		 1054#if !defined(OPENSSL_NO_CMAC)
1055/*
1056 * Test vector taken from
1057 * https://csrc.nist.gov/CSRC/media/Projects/
1058 * Cryptographic-Algorithm-Validation-Program/documents/KBKDF800-108/CounterMode.zip
1059 * Note: Only 32 bit counter is supported ([RLEN=32_BITS])
1060 */
1061static int test_kdf_kbkdf_fixedinfo(void)
1062{
1063 int ret;
1064 EVP_KDF_CTX *kctx;
1065 OSSL_PARAM params[8], *p = params;
1066 static char *cipher = "AES128";
1067 static char *mac = "CMAC";
1068 static char *mode = "COUNTER";
1069 int use_l = 0;
1070 int use_separator = 0;
1071
1072 static unsigned char input_key[] = {
1073 0xc1, 0x0b, 0x15, 0x2e, 0x8c, 0x97, 0xb7, 0x7e,
1074 0x18, 0x70, 0x4e, 0x0f, 0x0b, 0xd3, 0x83, 0x05,
1075 };
1076 static unsigned char fixed_input[] = {
1077 0x98, 0xcd, 0x4c, 0xbb, 0xbe, 0xbe, 0x15, 0xd1,
1078 0x7d, 0xc8, 0x6e, 0x6d, 0xba, 0xd8, 0x00, 0xa2,
1079 0xdc, 0xbd, 0x64, 0xf7, 0xc7, 0xad, 0x0e, 0x78,
1080 0xe9, 0xcf, 0x94, 0xff, 0xdb, 0xa8, 0x9d, 0x03,
1081 0xe9, 0x7e, 0xad, 0xf6, 0xc4, 0xf7, 0xb8, 0x06,
1082 0xca, 0xf5, 0x2a, 0xa3, 0x8f, 0x09, 0xd0, 0xeb,
1083 0x71, 0xd7, 0x1f, 0x49, 0x7b, 0xcc, 0x69, 0x06,
1084 0xb4, 0x8d, 0x36, 0xc4,
1085
1086 };
1087 static unsigned char output[] = {
1088 0x26, 0xfa, 0xf6, 0x19, 0x08, 0xad, 0x9e, 0xe8,
1089 0x81, 0xb8, 0x30, 0x5c, 0x22, 0x1d, 0xb5, 0x3f,
1090 };
1091 unsigned char result[sizeof(output)] = { 0 };
1092
1093 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER, cipher, 0);
1094 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, mac, 0);
1095 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE, mode, 0);
1096 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, input_key,
1097 sizeof(input_key));
1098 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
1099 fixed_input, sizeof(fixed_input));
1100 *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_USE_L, &use_l);
1101 *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR,
1102 &use_separator);
1103 *p = OSSL_PARAM_construct_end();
1104
1105 kctx = get_kdfbyname("KBKDF");
1106 ret = TEST_ptr(kctx)
1107 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
1108 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0)
1109 && TEST_mem_eq(result, sizeof(result), output, sizeof(output));
1110
1111 EVP_KDF_CTX_free(kctx);
1112 return ret;
1113}
1114#endif /* OPENSSL_NO_CMAC */
1115
9537fe57
SL		 1116static int test_kdf_ss_hmac(void)
1117{
a3c62426 1118 int ret;
9537fe57 1119 EVP_KDF_CTX *kctx;
bf5739a0 1120 OSSL_PARAM params[6], *p = params;
8bbeaaa4 1121 unsigned char out[16];
bf5739a0 1122 static unsigned char z[] = {
9537fe57
SL		 1123 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
1124 };
bf5739a0 1125 static unsigned char other[] = {
9537fe57
SL		 1126 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
1127 };
bf5739a0 1128 static unsigned char salt[] = {
9537fe57
SL		 1129 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
1130 0x3f,0x89
1131 };
8bbeaaa4 1132 static const unsigned char expected[sizeof(out)] = {
9537fe57
SL		 1133 0x44,0xf6,0x76,0xe8,0x5c,0x1b,0x1a,0x8b,0xbc,0x3d,0x31,0x92,0x18,0x63,
1134 0x1c,0xa3
1135 };
9537fe57 1136
bf5739a0
P		 1137 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
1138 (char *)OSSL_MAC_NAME_HMAC,
1139 sizeof(OSSL_MAC_NAME_HMAC));
1140 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
1141 (char *)"sha256", sizeof("sha256"));
1142 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
1143 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
1144 sizeof(other));
1145 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt,
1146 sizeof(salt));
1147 *p = OSSL_PARAM_construct_end();
1148
d2ba8123 1149 ret =
27e27cd7 1150 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
660c5344 1151 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
d2ba8123
SL		 1152 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
1153 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
9537fe57 1154
660c5344 1155 EVP_KDF_CTX_free(kctx);
a3c62426 1156 return ret;
9537fe57
SL		 1157}
1158
1159static int test_kdf_ss_kmac(void)
1160{
a3c62426 1161 int ret;
9537fe57 1162 EVP_KDF_CTX *kctx;
bf5739a0 1163 OSSL_PARAM params[6], *p = params;
9537fe57 1164 unsigned char out[64];
bf5739a0
P		 1165 size_t mac_size = 20;
1166 static unsigned char z[] = {
9537fe57
SL		 1167 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
1168 };
bf5739a0 1169 static unsigned char other[] = {
9537fe57
SL		 1170 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
1171 };
bf5739a0 1172 static unsigned char salt[] = {
9537fe57
SL		 1173 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
1174 0x3f,0x89
1175 };
8bbeaaa4 1176 static const unsigned char expected[sizeof(out)] = {
9537fe57
SL		 1177 0xe9,0xc1,0x84,0x53,0xa0,0x62,0xb5,0x3b,0xdb,0xfc,0xbb,0x5a,0x34,0xbd,
1178 0xb8,0xe5,0xe7,0x07,0xee,0xbb,0x5d,0xd1,0x34,0x42,0x43,0xd8,0xcf,0xc2,
1179 0xc2,0xe6,0x33,0x2f,0x91,0xbd,0xa5,0x86,0xf3,0x7d,0xe4,0x8a,0x65,0xd4,
1180 0xc5,0x14,0xfd,0xef,0xaa,0x1e,0x67,0x54,0xf3,0x73,0xd2,0x38,0xe1,0x95,
1181 0xae,0x15,0x7e,0x1d,0xe8,0x14,0x98,0x03
1182 };
1183
bf5739a0
P		 1184 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
1185 (char *)OSSL_MAC_NAME_KMAC128,
1186 sizeof(OSSL_MAC_NAME_KMAC128));
1187 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
1188 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
1189 sizeof(other));
1190 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt,
1191 sizeof(salt));
1192 *p++ = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_MAC_SIZE, &mac_size);
1193 *p = OSSL_PARAM_construct_end();
1194
d2ba8123 1195 ret =
27e27cd7 1196 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
660c5344 1197 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
d2ba8123
SL		 1198 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
1199 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
9537fe57 1200
660c5344 1201 EVP_KDF_CTX_free(kctx);
a3c62426 1202 return ret;
9537fe57
SL		 1203}
1204
87d9955e
SS		 1205static int test_kdf_sshkdf(void)
1206{
1207 int ret;
1208 EVP_KDF_CTX *kctx;
bf5739a0
P		 1209 OSSL_PARAM params[6], *p = params;
1210 char kdftype = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV;
87d9955e
SS		 1211 unsigned char out[8];
1212 /* Test data from NIST CAVS 14.1 test vectors */
bf5739a0 1213 static unsigned char key[] = {
87d9955e
SS		 1214 0x00, 0x00, 0x00, 0x81, 0x00, 0x87, 0x5c, 0x55, 0x1c, 0xef, 0x52, 0x6a,
1215 0x4a, 0x8b, 0xe1, 0xa7, 0xdf, 0x27, 0xe9, 0xed, 0x35, 0x4b, 0xac, 0x9a,
1216 0xfb, 0x71, 0xf5, 0x3d, 0xba, 0xe9, 0x05, 0x67, 0x9d, 0x14, 0xf9, 0xfa,
1217 0xf2, 0x46, 0x9c, 0x53, 0x45, 0x7c, 0xf8, 0x0a, 0x36, 0x6b, 0xe2, 0x78,
1218 0x96, 0x5b, 0xa6, 0x25, 0x52, 0x76, 0xca, 0x2d, 0x9f, 0x4a, 0x97, 0xd2,
1219 0x71, 0xf7, 0x1e, 0x50, 0xd8, 0xa9, 0xec, 0x46, 0x25, 0x3a, 0x6a, 0x90,
1220 0x6a, 0xc2, 0xc5, 0xe4, 0xf4, 0x8b, 0x27, 0xa6, 0x3c, 0xe0, 0x8d, 0x80,
1221 0x39, 0x0a, 0x49, 0x2a, 0xa4, 0x3b, 0xad, 0x9d, 0x88, 0x2c, 0xca, 0xc2,
1222 0x3d, 0xac, 0x88, 0xbc, 0xad, 0xa4, 0xb4, 0xd4, 0x26, 0xa3, 0x62, 0x08,
1223 0x3d, 0xab, 0x65, 0x69, 0xc5, 0x4c, 0x22, 0x4d, 0xd2, 0xd8, 0x76, 0x43,
1224 0xaa, 0x22, 0x76, 0x93, 0xe1, 0x41, 0xad, 0x16, 0x30, 0xce, 0x13, 0x14,
1225 0x4e
1226 };
bf5739a0 1227 static unsigned char xcghash[] = {
87d9955e
SS		 1228 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
1229 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
1230 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
1231 };
bf5739a0 1232 static unsigned char sessid[] = {
87d9955e
SS		 1233 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
1234 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
1235 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
1236 };
8bbeaaa4 1237 static const unsigned char expected[sizeof(out)] = {
87d9955e
SS		 1238 0x41, 0xff, 0x2e, 0xad, 0x16, 0x83, 0xf1, 0xe6
1239 };
1240
bf5739a0
P		 1241 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
1242 (char *)"sha256", sizeof("sha256"));
1243 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key,
1244 sizeof(key));
1245 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_XCGHASH,
1246 xcghash, sizeof(xcghash));
1247 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_SESSION_ID,
1248 sessid, sizeof(sessid));
1249 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE,
1250 &kdftype, sizeof(kdftype));
1251 *p = OSSL_PARAM_construct_end();
1252
d2ba8123 1253 ret =
27e27cd7 1254 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSHKDF))
660c5344 1255 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
d2ba8123
SL		 1256 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
1257 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
87d9955e 1258
660c5344 1259 EVP_KDF_CTX_free(kctx);
87d9955e
SS		 1260 return ret;
1261}
1262
d2ba8123
SL		 1263static int test_kdf_get_kdf(void)
1264{
ff756eed 1265 EVP_KDF *kdf1 = NULL, *kdf2 = NULL;
d2ba8123 1266 ASN1_OBJECT *obj;
ff756eed
RL		 1267 int ok = 1;
1268
1269 if (!TEST_ptr(obj = OBJ_nid2obj(NID_id_pbkdf2))
27e27cd7 1270 || !TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_PBKDF2, NULL))
ff756eed
RL		 1271 || !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(OBJ_obj2nid(obj)),
1272 NULL))
1273 || !TEST_ptr_eq(kdf1, kdf2))
1274 ok = 0;
1275 EVP_KDF_free(kdf1);
1276 kdf1 = NULL;
1277 EVP_KDF_free(kdf2);
1278 kdf2 = NULL;
1279
1280 if (!TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, SN_tls1_prf, NULL))
1281 || !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, LN_tls1_prf, NULL))
1282 || !TEST_ptr_eq(kdf1, kdf2))
1283 ok = 0;
1284 /* kdf1 is re-used below, so don't free it here */
1285 EVP_KDF_free(kdf2);
1286 kdf2 = NULL;
1287
1288 if (!TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(NID_tls1_prf), NULL))
1289 || !TEST_ptr_eq(kdf1, kdf2))
1290 ok = 0;
1291 EVP_KDF_free(kdf1);
1292 kdf1 = NULL;
1293 EVP_KDF_free(kdf2);
1294 kdf2 = NULL;
1295
1296 return ok;
d2ba8123
SL		 1297}
1298
1aec7716
SL		 1299#ifndef OPENSSL_NO_CMS
1300static int test_kdf_x942_asn1(void)
1301{
1302 int ret;
1303 EVP_KDF_CTX *kctx = NULL;
bf5739a0
P		 1304 OSSL_PARAM params[4], *p = params;
1305 const char *cek_alg = SN_id_smime_alg_CMS3DESwrap;
1aec7716
SL		 1306 unsigned char out[24];
1307 /* RFC2631 Section 2.1.6 Test data */
bf5739a0 1308 static unsigned char z[] = {
1aec7716
SL		 1309 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,
1310 0x0e,0x0f,0x10,0x11,0x12,0x13
1311 };
1312 static const unsigned char expected[sizeof(out)] = {
1313 0xa0,0x96,0x61,0x39,0x23,0x76,0xf7,0x04,
1314 0x4d,0x90,0x52,0xa3,0x97,0x88,0x32,0x46,
1315 0xb6,0x7f,0x5f,0x1e,0xf6,0x3e,0xb5,0xfb
1316 };
1317
bf5739a0 1318 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
1cae59d1 1319 (char *)"sha1", 0);
bf5739a0
P		 1320 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z,
1321 sizeof(z));
1322 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG,
1cae59d1 1323 (char *)cek_alg, 0);
bf5739a0
P		 1324 *p = OSSL_PARAM_construct_end();
1325
1aec7716 1326 ret =
27e27cd7 1327 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X942KDF))
660c5344 1328 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
1aec7716
SL		 1329 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
1330 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1331
660c5344 1332 EVP_KDF_CTX_free(kctx);
1aec7716
SL		 1333 return ret;
1334}
1335#endif /* OPENSSL_NO_CMS */
1336
33f54da3
SS		 1337static int test_kdf_krb5kdf(void)
1338{
1339 int ret;
1340 EVP_KDF_CTX *kctx;
1341 OSSL_PARAM params[4], *p = params;
1342 unsigned char out[16];
1343 static unsigned char key[] = {
1344 0x42, 0x26, 0x3C, 0x6E, 0x89, 0xF4, 0xFC, 0x28,
1345 0xB8, 0xDF, 0x68, 0xEE, 0x09, 0x79, 0x9F, 0x15
1346 };
1347 static unsigned char constant[] = {
1348 0x00, 0x00, 0x00, 0x02, 0x99
1349 };
1350 static const unsigned char expected[sizeof(out)] = {
1351 0x34, 0x28, 0x0A, 0x38, 0x2B, 0xC9, 0x27, 0x69,
1352 0xB2, 0xDA, 0x2F, 0x9E, 0xF0, 0x66, 0x85, 0x4B
1353 };
1354
1355 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER,
1356 (char *)"AES-128-CBC",
1357 sizeof("AES-128-CBC"));
1358 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key,
1359 sizeof(key));
1360 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_CONSTANT,
1361 constant, sizeof(constant));
1362 *p = OSSL_PARAM_construct_end();
1363
1364 ret =
1365 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_KRB5KDF))
660c5344 1366 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
33f54da3
SS		 1367 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
1368 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1369
660c5344 1370 EVP_KDF_CTX_free(kctx);
33f54da3
SS		 1371 return ret;
1372}
1373
5a285add
DM		 1374int setup_tests(void)
1375{
726ad13c 1376#if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_CAMELLIA)
f6dead1b
RH		 1377 ADD_TEST(test_kdf_kbkdf_6803_128);
1378 ADD_TEST(test_kdf_kbkdf_6803_256);
726ad13c 1379#endif
1cae59d1
JS		 1380 ADD_TEST(test_kdf_kbkdf_invalid_digest);
1381 ADD_TEST(test_kdf_kbkdf_invalid_mac);
1382 ADD_TEST(test_kdf_kbkdf_zero_output_size);
1383 ADD_TEST(test_kdf_kbkdf_empty_key);
1384 ADD_TEST(test_kdf_kbkdf_1byte_key);
a39bc440
RH		 1385 ADD_TEST(test_kdf_kbkdf_8009_prf1);
1386 ADD_TEST(test_kdf_kbkdf_8009_prf2);
4757a347
SL		 1387#if !defined(OPENSSL_NO_CMAC)
1388 ADD_TEST(test_kdf_kbkdf_fixedinfo);
1389#endif
d2ba8123 1390 ADD_TEST(test_kdf_get_kdf);
5a285add 1391 ADD_TEST(test_kdf_tls1_prf);
1cae59d1
JS		 1392 ADD_TEST(test_kdf_tls1_prf_invalid_digest);
1393 ADD_TEST(test_kdf_tls1_prf_zero_output_size);
1394 ADD_TEST(test_kdf_tls1_prf_empty_secret);
1395 ADD_TEST(test_kdf_tls1_prf_1byte_secret);
1396 ADD_TEST(test_kdf_tls1_prf_empty_seed);
1397 ADD_TEST(test_kdf_tls1_prf_1byte_seed);
5a285add 1398 ADD_TEST(test_kdf_hkdf);
1cae59d1
JS		 1399 ADD_TEST(test_kdf_hkdf_invalid_digest);
1400 ADD_TEST(test_kdf_hkdf_zero_output_size);
1401 ADD_TEST(test_kdf_hkdf_empty_key);
1402 ADD_TEST(test_kdf_hkdf_1byte_key);
1403 ADD_TEST(test_kdf_hkdf_empty_salt);
5a285add 1404 ADD_TEST(test_kdf_pbkdf2);
1cae59d1
JS		 1405 ADD_TEST(test_kdf_pbkdf2_small_output);
1406 ADD_TEST(test_kdf_pbkdf2_large_output);
1407 ADD_TEST(test_kdf_pbkdf2_small_salt);
1408 ADD_TEST(test_kdf_pbkdf2_small_iterations);
1409 ADD_TEST(test_kdf_pbkdf2_small_salt_pkcs5);
1410 ADD_TEST(test_kdf_pbkdf2_small_iterations_pkcs5);
1411 ADD_TEST(test_kdf_pbkdf2_invalid_digest);
5a285add
DM		 1412#ifndef OPENSSL_NO_SCRYPT
1413 ADD_TEST(test_kdf_scrypt);
1414#endif
9537fe57
SL		 1415 ADD_TEST(test_kdf_ss_hash);
1416 ADD_TEST(test_kdf_ss_hmac);
1417 ADD_TEST(test_kdf_ss_kmac);
87d9955e 1418 ADD_TEST(test_kdf_sshkdf);
8bbeaaa4 1419 ADD_TEST(test_kdf_x963);
1aec7716
SL		 1420#ifndef OPENSSL_NO_CMS
1421 ADD_TEST(test_kdf_x942_asn1);
1422#endif
33f54da3 1423 ADD_TEST(test_kdf_krb5kdf);
5a285add
DM		 1424 return 1;
1425}
A mirror of the official openssl repository