]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/evp_kdf_test.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
PBKDF2 implementation: refactor to avoid memleak
[thirdparty/openssl.git] / test / evp_kdf_test.c
CommitLineData
5a285add
DM		 1/*
2 * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved.
4 *
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
9 */
10
11/* Tests of the EVP_KDF_CTX APIs */
12
13#include <stdio.h>
14#include <string.h>
15
16#include <openssl/evp.h>
17#include <openssl/kdf.h>
81ff9eeb 18#include <openssl/core_names.h>
5a285add
DM		 19#include "testutil.h"
20
bf5739a0
P		 21static EVP_KDF_CTX *get_kdfbyname(const char *name)
22{
23 EVP_KDF *kdf = EVP_KDF_fetch(NULL, name, NULL);
24 EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
25
26 EVP_KDF_free(kdf);
27 return kctx;
28}
29
5a285add
DM		 30static int test_kdf_tls1_prf(void)
31{
a3c62426 32 int ret;
d2ba8123 33 EVP_KDF_CTX *kctx = NULL;
5a285add 34 unsigned char out[16];
bf5739a0 35 OSSL_PARAM params[4], *p = params;
8bbeaaa4 36 static const unsigned char expected[sizeof(out)] = {
a3c62426
SL		 37 0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0,
38 0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc
39 };
5a285add 40
bf5739a0
P		 41 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
42 (char *)"sha256", sizeof("sha256"));
43 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
44 (unsigned char *)"secret",
45 (size_t)6);
46 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
47 (unsigned char *)"seed",
48 (size_t)4);
49 *p = OSSL_PARAM_construct_end();
50
d2ba8123 51 ret =
bf5739a0
P		 52 TEST_ptr(kctx = get_kdfbyname(SN_tls1_prf))
53 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
d2ba8123
SL		 54 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
55 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
5a285add 56
5a285add
DM		 57 EVP_KDF_CTX_free(kctx);
58 return ret;
59}
60
61static int test_kdf_hkdf(void)
62{
a3c62426 63 int ret;
5a285add
DM		 64 EVP_KDF_CTX *kctx;
65 unsigned char out[10];
bf5739a0 66 OSSL_PARAM params[5], *p = params;
8bbeaaa4 67 static const unsigned char expected[sizeof(out)] = {
a3c62426
SL		 68 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13
69 };
5a285add 70
bf5739a0
P		 71 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
72 (char *)"sha256", sizeof("sha256"));
73 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
74 (unsigned char *)"salt", 4);
75 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
76 (unsigned char *)"secret", 6);
77 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
78 (unsigned char *)"label", 5);
79 *p = OSSL_PARAM_construct_end();
80
d2ba8123 81 ret =
bf5739a0
P		 82 TEST_ptr(kctx = get_kdfbyname(SN_hkdf))
83 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
d2ba8123
SL		 84 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
85 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
5a285add 86
5a285add
DM		 87 EVP_KDF_CTX_free(kctx);
88 return ret;
89}
90
91static int test_kdf_pbkdf2(void)
92{
bf5739a0 93 int ret = 0;
5a285add 94 EVP_KDF_CTX *kctx;
f0efeea2
SL		 95 unsigned char out[25];
96 size_t len = 0;
bf5739a0
P		 97 unsigned int iterations = 4096;
98 int mode = 0;
99 OSSL_PARAM params[6], *p = params;
f0efeea2
SL		 100 const unsigned char expected[sizeof(out)] = {
101 0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f,
102 0x32, 0xd8, 0x14, 0xb8, 0x11, 0x6e, 0x84, 0xcf,
103 0x2b, 0x17, 0x34, 0x7e, 0xbc, 0x18, 0x00, 0x18,
104 0x1c
a3c62426 105 };
5a285add 106
f0efeea2
SL		 107 if (sizeof(len) > 32)
108 len = SIZE_MAX;
109
bf5739a0
P		 110 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
111 (unsigned char *)
112 "passwordPASSWORDpassword", 24);
113 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
114 (unsigned char *)
115 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
116 36);
117 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_ITER, &iterations);
118 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
119 (char *)"sha256", 7);
120 *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &mode);
121 *p = OSSL_PARAM_construct_end();
122
123 if (!TEST_ptr(kctx = get_kdfbyname(LN_id_pbkdf2))
124 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
125 || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
126 || !TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))
127 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
128 /* A key length that is too small should fail */
129 || !TEST_int_eq(EVP_KDF_derive(kctx, out, 112 / 8 - 1), 0)
130 /* A key length that is too large should fail */
131 || (len != 0 && !TEST_int_eq(EVP_KDF_derive(kctx, out, len), 0)))
132 goto err;
133#if 0
134/* TODO */
f0efeea2 135 /* Salt length less than 128 bits should fail */
bf5739a0 136 || TEST_int_eq(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT,
f0efeea2
SL		 137 "123456781234567",
138 (size_t)15), 0)
139 /* A small iteration count should fail */
bf5739a0
P		 140 || TEST_int_eq(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 1), 0)
141 || TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE,
f0efeea2
SL		 142 1), 0)
143 /* Small salts will pass if the "pkcs5" mode is enabled */
bf5739a0 144 || TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT,
f0efeea2
SL		 145 "123456781234567",
146 (size_t)15), 0)
147 /* A small iteration count will pass if "pkcs5" mode is enabled */
bf5739a0 148 || TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 1), 0)
f0efeea2
SL		 149 /*
150 * If the "pkcs5" mode is disabled then the small salt and iter will
151 * fail when the derive gets called.
152 */
bf5739a0 153 || TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE,
f0efeea2 154 0), 0)
bf5739a0
P		 155 || TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out)), 0);
156#endif
157 ret = 1;
158err:
5a285add
DM		 159 EVP_KDF_CTX_free(kctx);
160 return ret;
161}
162
163#ifndef OPENSSL_NO_SCRYPT
164static int test_kdf_scrypt(void)
165{
a3c62426 166 int ret;
5a285add 167 EVP_KDF_CTX *kctx;
bf5739a0 168 OSSL_PARAM params[7], *p = params;
5a285add 169 unsigned char out[64];
bf5739a0 170 unsigned int nu = 1024, ru = 8, pu = 16, maxmem = 16;
8bbeaaa4 171 static const unsigned char expected[sizeof(out)] = {
a3c62426
SL		 172 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
173 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
174 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
175 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
176 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
177 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
178 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
179 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
180 };
5a285add 181
bf5739a0
P		 182 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
183 (char *)"password", 8);
184 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
185 (char *)"NaCl", 4);
186 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_N, &nu);
187 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_R, &ru);
188 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_P, &pu);
189 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_MAXMEM, &maxmem);
190 *p = OSSL_PARAM_construct_end();
191
d2ba8123 192 ret =
bf5739a0
P		 193 TEST_ptr(kctx = get_kdfbyname(SN_id_scrypt))
194 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
195 /* failure test *//*
196 && TEST_int_le(EVP_KDF_derive(kctx, out, sizeof(out)), 0)*/
197 && TEST_true(OSSL_PARAM_set_uint(p - 1, 10 * 1024 * 1024))
198 && TEST_true(EVP_KDF_CTX_set_params(kctx, p - 1))
d2ba8123
SL		 199 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
200 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
5a285add 201
5a285add
DM		 202 EVP_KDF_CTX_free(kctx);
203 return ret;
204}
a3c62426 205#endif /* OPENSSL_NO_SCRYPT */
5a285add 206
9537fe57
SL		 207static int test_kdf_ss_hash(void)
208{
a3c62426 209 int ret;
bf5739a0
P		 210 EVP_KDF_CTX *kctx;
211 OSSL_PARAM params[4], *p = params;
8bbeaaa4 212 unsigned char out[14];
bf5739a0 213 static unsigned char z[] = {
9537fe57
SL		 214 0x6d,0xbd,0xc2,0x3f,0x04,0x54,0x88,0xe4,0x06,0x27,0x57,0xb0,0x6b,0x9e,
215 0xba,0xe1,0x83,0xfc,0x5a,0x59,0x46,0xd8,0x0d,0xb9,0x3f,0xec,0x6f,0x62,
216 0xec,0x07,0xe3,0x72,0x7f,0x01,0x26,0xae,0xd1,0x2c,0xe4,0xb2,0x62,0xf4,
217 0x7d,0x48,0xd5,0x42,0x87,0xf8,0x1d,0x47,0x4c,0x7c,0x3b,0x18,0x50,0xe9
218 };
bf5739a0 219 static unsigned char other[] = {
9537fe57
SL		 220 0xa1,0xb2,0xc3,0xd4,0xe5,0x43,0x41,0x56,0x53,0x69,0x64,0x3c,0x83,0x2e,
221 0x98,0x49,0xdc,0xdb,0xa7,0x1e,0x9a,0x31,0x39,0xe6,0x06,0xe0,0x95,0xde,
222 0x3c,0x26,0x4a,0x66,0xe9,0x8a,0x16,0x58,0x54,0xcd,0x07,0x98,0x9b,0x1e,
223 0xe0,0xec,0x3f,0x8d,0xbe
224 };
8bbeaaa4 225 static const unsigned char expected[sizeof(out)] = {
9537fe57
SL		 226 0xa4,0x62,0xde,0x16,0xa8,0x9d,0xe8,0x46,0x6e,0xf5,0x46,0x0b,0x47,0xb8
227 };
9537fe57 228
bf5739a0
P		 229 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
230 (char *)"sha224", sizeof("sha224"));
231 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
232 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
233 sizeof(other));
234 *p = OSSL_PARAM_construct_end();
235
d2ba8123 236 ret =
bf5739a0
P		 237 TEST_ptr(kctx = get_kdfbyname(SN_sskdf))
238 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
d2ba8123
SL		 239 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
240 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
9537fe57
SL		 241
242 EVP_KDF_CTX_free(kctx);
a3c62426 243 return ret;
9537fe57
SL		 244}
245
8bbeaaa4
SL		 246static int test_kdf_x963(void)
247{
248 int ret;
bf5739a0
P		 249 EVP_KDF_CTX *kctx;
250 OSSL_PARAM params[4], *p = params;
8bbeaaa4
SL		 251 unsigned char out[1024 / 8];
252 /*
253 * Test data from https://csrc.nist.gov/CSRC/media/Projects/
254 * Cryptographic-Algorithm-Validation-Program/documents/components/
255 * 800-135testvectors/ansx963_2001.zip
256 */
bf5739a0 257 static unsigned char z[] = {
8bbeaaa4
SL		 258 0x00, 0xaa, 0x5b, 0xb7, 0x9b, 0x33, 0xe3, 0x89, 0xfa, 0x58, 0xce, 0xad,
259 0xc0, 0x47, 0x19, 0x7f, 0x14, 0xe7, 0x37, 0x12, 0xf4, 0x52, 0xca, 0xa9,
260 0xfc, 0x4c, 0x9a, 0xdb, 0x36, 0x93, 0x48, 0xb8, 0x15, 0x07, 0x39, 0x2f,
261 0x1a, 0x86, 0xdd, 0xfd, 0xb7, 0xc4, 0xff, 0x82, 0x31, 0xc4, 0xbd, 0x0f,
262 0x44, 0xe4, 0x4a, 0x1b, 0x55, 0xb1, 0x40, 0x47, 0x47, 0xa9, 0xe2, 0xe7,
263 0x53, 0xf5, 0x5e, 0xf0, 0x5a, 0x2d
264 };
bf5739a0 265 static unsigned char shared[] = {
8bbeaaa4
SL		 266 0xe3, 0xb5, 0xb4, 0xc1, 0xb0, 0xd5, 0xcf, 0x1d, 0x2b, 0x3a, 0x2f, 0x99,
267 0x37, 0x89, 0x5d, 0x31
268 };
269 static const unsigned char expected[sizeof(out)] = {
270 0x44, 0x63, 0xf8, 0x69, 0xf3, 0xcc, 0x18, 0x76, 0x9b, 0x52, 0x26, 0x4b,
271 0x01, 0x12, 0xb5, 0x85, 0x8f, 0x7a, 0xd3, 0x2a, 0x5a, 0x2d, 0x96, 0xd8,
272 0xcf, 0xfa, 0xbf, 0x7f, 0xa7, 0x33, 0x63, 0x3d, 0x6e, 0x4d, 0xd2, 0xa5,
273 0x99, 0xac, 0xce, 0xb3, 0xea, 0x54, 0xa6, 0x21, 0x7c, 0xe0, 0xb5, 0x0e,
274 0xef, 0x4f, 0x6b, 0x40, 0xa5, 0xc3, 0x02, 0x50, 0xa5, 0xa8, 0xee, 0xee,
275 0x20, 0x80, 0x02, 0x26, 0x70, 0x89, 0xdb, 0xf3, 0x51, 0xf3, 0xf5, 0x02,
276 0x2a, 0xa9, 0x63, 0x8b, 0xf1, 0xee, 0x41, 0x9d, 0xea, 0x9c, 0x4f, 0xf7,
277 0x45, 0xa2, 0x5a, 0xc2, 0x7b, 0xda, 0x33, 0xca, 0x08, 0xbd, 0x56, 0xdd,
278 0x1a, 0x59, 0xb4, 0x10, 0x6c, 0xf2, 0xdb, 0xbc, 0x0a, 0xb2, 0xaa, 0x8e,
279 0x2e, 0xfa, 0x7b, 0x17, 0x90, 0x2d, 0x34, 0x27, 0x69, 0x51, 0xce, 0xcc,
280 0xab, 0x87, 0xf9, 0x66, 0x1c, 0x3e, 0x88, 0x16
281 };
282
bf5739a0
P		 283 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
284 (char *)"sha512", sizeof("sha512"));
285 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
286 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, shared,
287 sizeof(shared));
288 *p = OSSL_PARAM_construct_end();
289
8bbeaaa4 290 ret =
bf5739a0
P		 291 TEST_ptr(kctx = get_kdfbyname(SN_x963kdf))
292 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
8bbeaaa4
SL		 293 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
294 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
295
296 EVP_KDF_CTX_free(kctx);
297 return ret;
298}
299
9537fe57
SL		 300static int test_kdf_ss_hmac(void)
301{
a3c62426 302 int ret;
9537fe57 303 EVP_KDF_CTX *kctx;
bf5739a0 304 OSSL_PARAM params[6], *p = params;
8bbeaaa4 305 unsigned char out[16];
bf5739a0 306 static unsigned char z[] = {
9537fe57
SL		 307 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
308 };
bf5739a0 309 static unsigned char other[] = {
9537fe57
SL		 310 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
311 };
bf5739a0 312 static unsigned char salt[] = {
9537fe57
SL		 313 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
314 0x3f,0x89
315 };
8bbeaaa4 316 static const unsigned char expected[sizeof(out)] = {
9537fe57
SL		 317 0x44,0xf6,0x76,0xe8,0x5c,0x1b,0x1a,0x8b,0xbc,0x3d,0x31,0x92,0x18,0x63,
318 0x1c,0xa3
319 };
9537fe57 320
bf5739a0
P		 321 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
322 (char *)OSSL_MAC_NAME_HMAC,
323 sizeof(OSSL_MAC_NAME_HMAC));
324 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
325 (char *)"sha256", sizeof("sha256"));
326 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
327 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
328 sizeof(other));
329 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt,
330 sizeof(salt));
331 *p = OSSL_PARAM_construct_end();
332
d2ba8123 333 ret =
bf5739a0
P		 334 TEST_ptr(kctx = get_kdfbyname(SN_sskdf))
335 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
d2ba8123
SL		 336 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
337 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
9537fe57
SL		 338
339 EVP_KDF_CTX_free(kctx);
a3c62426 340 return ret;
9537fe57
SL		 341}
342
343static int test_kdf_ss_kmac(void)
344{
a3c62426 345 int ret;
9537fe57 346 EVP_KDF_CTX *kctx;
bf5739a0 347 OSSL_PARAM params[6], *p = params;
9537fe57 348 unsigned char out[64];
bf5739a0
P		 349 size_t mac_size = 20;
350 static unsigned char z[] = {
9537fe57
SL		 351 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
352 };
bf5739a0 353 static unsigned char other[] = {
9537fe57
SL		 354 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
355 };
bf5739a0 356 static unsigned char salt[] = {
9537fe57
SL		 357 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
358 0x3f,0x89
359 };
8bbeaaa4 360 static const unsigned char expected[sizeof(out)] = {
9537fe57
SL		 361 0xe9,0xc1,0x84,0x53,0xa0,0x62,0xb5,0x3b,0xdb,0xfc,0xbb,0x5a,0x34,0xbd,
362 0xb8,0xe5,0xe7,0x07,0xee,0xbb,0x5d,0xd1,0x34,0x42,0x43,0xd8,0xcf,0xc2,
363 0xc2,0xe6,0x33,0x2f,0x91,0xbd,0xa5,0x86,0xf3,0x7d,0xe4,0x8a,0x65,0xd4,
364 0xc5,0x14,0xfd,0xef,0xaa,0x1e,0x67,0x54,0xf3,0x73,0xd2,0x38,0xe1,0x95,
365 0xae,0x15,0x7e,0x1d,0xe8,0x14,0x98,0x03
366 };
367
bf5739a0
P		 368 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
369 (char *)OSSL_MAC_NAME_KMAC128,
370 sizeof(OSSL_MAC_NAME_KMAC128));
371 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
372 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
373 sizeof(other));
374 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt,
375 sizeof(salt));
376 *p++ = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_MAC_SIZE, &mac_size);
377 *p = OSSL_PARAM_construct_end();
378
d2ba8123 379 ret =
bf5739a0
P		 380 TEST_ptr(kctx = get_kdfbyname(SN_sskdf))
381 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
d2ba8123
SL		 382 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
383 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
9537fe57
SL		 384
385 EVP_KDF_CTX_free(kctx);
a3c62426 386 return ret;
9537fe57
SL		 387}
388
87d9955e
SS		 389static int test_kdf_sshkdf(void)
390{
391 int ret;
392 EVP_KDF_CTX *kctx;
bf5739a0
P		 393 OSSL_PARAM params[6], *p = params;
394 char kdftype = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV;
87d9955e
SS		 395 unsigned char out[8];
396 /* Test data from NIST CAVS 14.1 test vectors */
bf5739a0 397 static unsigned char key[] = {
87d9955e
SS		 398 0x00, 0x00, 0x00, 0x81, 0x00, 0x87, 0x5c, 0x55, 0x1c, 0xef, 0x52, 0x6a,
399 0x4a, 0x8b, 0xe1, 0xa7, 0xdf, 0x27, 0xe9, 0xed, 0x35, 0x4b, 0xac, 0x9a,
400 0xfb, 0x71, 0xf5, 0x3d, 0xba, 0xe9, 0x05, 0x67, 0x9d, 0x14, 0xf9, 0xfa,
401 0xf2, 0x46, 0x9c, 0x53, 0x45, 0x7c, 0xf8, 0x0a, 0x36, 0x6b, 0xe2, 0x78,
402 0x96, 0x5b, 0xa6, 0x25, 0x52, 0x76, 0xca, 0x2d, 0x9f, 0x4a, 0x97, 0xd2,
403 0x71, 0xf7, 0x1e, 0x50, 0xd8, 0xa9, 0xec, 0x46, 0x25, 0x3a, 0x6a, 0x90,
404 0x6a, 0xc2, 0xc5, 0xe4, 0xf4, 0x8b, 0x27, 0xa6, 0x3c, 0xe0, 0x8d, 0x80,
405 0x39, 0x0a, 0x49, 0x2a, 0xa4, 0x3b, 0xad, 0x9d, 0x88, 0x2c, 0xca, 0xc2,
406 0x3d, 0xac, 0x88, 0xbc, 0xad, 0xa4, 0xb4, 0xd4, 0x26, 0xa3, 0x62, 0x08,
407 0x3d, 0xab, 0x65, 0x69, 0xc5, 0x4c, 0x22, 0x4d, 0xd2, 0xd8, 0x76, 0x43,
408 0xaa, 0x22, 0x76, 0x93, 0xe1, 0x41, 0xad, 0x16, 0x30, 0xce, 0x13, 0x14,
409 0x4e
410 };
bf5739a0 411 static unsigned char xcghash[] = {
87d9955e
SS		 412 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
413 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
414 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
415 };
bf5739a0 416 static unsigned char sessid[] = {
87d9955e
SS		 417 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
418 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
419 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
420 };
8bbeaaa4 421 static const unsigned char expected[sizeof(out)] = {
87d9955e
SS		 422 0x41, 0xff, 0x2e, 0xad, 0x16, 0x83, 0xf1, 0xe6
423 };
424
bf5739a0
P		 425 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
426 (char *)"sha256", sizeof("sha256"));
427 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key,
428 sizeof(key));
429 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_XCGHASH,
430 xcghash, sizeof(xcghash));
431 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_SESSION_ID,
432 sessid, sizeof(sessid));
433 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE,
434 &kdftype, sizeof(kdftype));
435 *p = OSSL_PARAM_construct_end();
436
d2ba8123 437 ret =
bf5739a0
P		 438 TEST_ptr(kctx = get_kdfbyname(SN_sshkdf))
439 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
d2ba8123
SL		 440 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
441 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
87d9955e
SS		 442
443 EVP_KDF_CTX_free(kctx);
444 return ret;
445}
446
d2ba8123
SL		 447static int test_kdf_get_kdf(void)
448{
449 const EVP_KDF *kdf1, *kdf2;
450 ASN1_OBJECT *obj;
451
452 return
453 TEST_ptr(obj = OBJ_nid2obj(NID_id_pbkdf2))
454 && TEST_ptr(kdf1 = EVP_get_kdfbyname(LN_id_pbkdf2))
bf5739a0 455 && TEST_ptr(kdf2 = EVP_get_kdfbyname(OBJ_nid2sn(OBJ_obj2nid(obj))))
d2ba8123
SL		 456 && TEST_ptr_eq(kdf1, kdf2)
457 && TEST_ptr(kdf1 = EVP_get_kdfbyname(SN_tls1_prf))
458 && TEST_ptr(kdf2 = EVP_get_kdfbyname(LN_tls1_prf))
459 && TEST_ptr_eq(kdf1, kdf2)
bf5739a0 460 && TEST_ptr(kdf2 = EVP_get_kdfbyname(OBJ_nid2sn(NID_tls1_prf)))
d2ba8123
SL		 461 && TEST_ptr_eq(kdf1, kdf2);
462}
463
1aec7716
SL		 464#ifndef OPENSSL_NO_CMS
465static int test_kdf_x942_asn1(void)
466{
467 int ret;
468 EVP_KDF_CTX *kctx = NULL;
bf5739a0
P		 469 OSSL_PARAM params[4], *p = params;
470 const char *cek_alg = SN_id_smime_alg_CMS3DESwrap;
1aec7716
SL		 471 unsigned char out[24];
472 /* RFC2631 Section 2.1.6 Test data */
bf5739a0 473 static unsigned char z[] = {
1aec7716
SL		 474 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,
475 0x0e,0x0f,0x10,0x11,0x12,0x13
476 };
477 static const unsigned char expected[sizeof(out)] = {
478 0xa0,0x96,0x61,0x39,0x23,0x76,0xf7,0x04,
479 0x4d,0x90,0x52,0xa3,0x97,0x88,0x32,0x46,
480 0xb6,0x7f,0x5f,0x1e,0xf6,0x3e,0xb5,0xfb
481 };
482
bf5739a0
P		 483 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
484 (char *)"sha1", sizeof("sha1"));
485 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z,
486 sizeof(z));
487 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG,
488 (char *)cek_alg,
489 strlen(cek_alg) + 1);
490 *p = OSSL_PARAM_construct_end();
491
1aec7716 492 ret =
bf5739a0
P		 493 TEST_ptr(kctx = get_kdfbyname(SN_x942kdf))
494 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
1aec7716
SL		 495 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
496 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
497
498 EVP_KDF_CTX_free(kctx);
499 return ret;
500}
501#endif /* OPENSSL_NO_CMS */
502
5a285add
DM		 503int setup_tests(void)
504{
d2ba8123 505 ADD_TEST(test_kdf_get_kdf);
5a285add
DM		 506 ADD_TEST(test_kdf_tls1_prf);
507 ADD_TEST(test_kdf_hkdf);
508 ADD_TEST(test_kdf_pbkdf2);
509#ifndef OPENSSL_NO_SCRYPT
510 ADD_TEST(test_kdf_scrypt);
511#endif
9537fe57
SL		 512 ADD_TEST(test_kdf_ss_hash);
513 ADD_TEST(test_kdf_ss_hmac);
514 ADD_TEST(test_kdf_ss_kmac);
87d9955e 515 ADD_TEST(test_kdf_sshkdf);
8bbeaaa4 516 ADD_TEST(test_kdf_x963);
1aec7716
SL		 517#ifndef OPENSSL_NO_CMS
518 ADD_TEST(test_kdf_x942_asn1);
519#endif
5a285add
DM		 520 return 1;
521}
A mirror of the official openssl repository