]>
Commit | Line | Data |
---|---|---|
5a285add | 1 | /* |
fbd2ece1 | 2 | * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. |
5a285add DM |
3 | * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved. |
4 | * | |
5 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
6 | * this file except in compliance with the License. You can obtain a copy | |
7 | * in the file LICENSE in the source distribution or at | |
8 | * https://www.openssl.org/source/license.html | |
9 | */ | |
10 | ||
11 | /* Tests of the EVP_KDF_CTX APIs */ | |
12 | ||
13 | #include <stdio.h> | |
14 | #include <string.h> | |
15 | ||
16 | #include <openssl/evp.h> | |
17 | #include <openssl/kdf.h> | |
81ff9eeb | 18 | #include <openssl/core_names.h> |
5a285add DM |
19 | #include "testutil.h" |
20 | ||
bf5739a0 P |
21 | static EVP_KDF_CTX *get_kdfbyname(const char *name) |
22 | { | |
23 | EVP_KDF *kdf = EVP_KDF_fetch(NULL, name, NULL); | |
660c5344 | 24 | EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); |
bf5739a0 P |
25 | |
26 | EVP_KDF_free(kdf); | |
27 | return kctx; | |
28 | } | |
29 | ||
5a285add DM |
30 | static int test_kdf_tls1_prf(void) |
31 | { | |
a3c62426 | 32 | int ret; |
d2ba8123 | 33 | EVP_KDF_CTX *kctx = NULL; |
5a285add | 34 | unsigned char out[16]; |
bf5739a0 | 35 | OSSL_PARAM params[4], *p = params; |
8bbeaaa4 | 36 | static const unsigned char expected[sizeof(out)] = { |
a3c62426 SL |
37 | 0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0, |
38 | 0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc | |
39 | }; | |
5a285add | 40 | |
bf5739a0 P |
41 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, |
42 | (char *)"sha256", sizeof("sha256")); | |
43 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET, | |
44 | (unsigned char *)"secret", | |
45 | (size_t)6); | |
46 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, | |
47 | (unsigned char *)"seed", | |
48 | (size_t)4); | |
49 | *p = OSSL_PARAM_construct_end(); | |
50 | ||
d2ba8123 | 51 | ret = |
27e27cd7 | 52 | TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF)) |
660c5344 | 53 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) |
d2ba8123 SL |
54 | && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) |
55 | && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); | |
5a285add | 56 | |
660c5344 | 57 | EVP_KDF_CTX_free(kctx); |
5a285add DM |
58 | return ret; |
59 | } | |
60 | ||
61 | static int test_kdf_hkdf(void) | |
62 | { | |
a3c62426 | 63 | int ret; |
5a285add DM |
64 | EVP_KDF_CTX *kctx; |
65 | unsigned char out[10]; | |
bf5739a0 | 66 | OSSL_PARAM params[5], *p = params; |
8bbeaaa4 | 67 | static const unsigned char expected[sizeof(out)] = { |
a3c62426 SL |
68 | 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13 |
69 | }; | |
5a285add | 70 | |
bf5739a0 P |
71 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, |
72 | (char *)"sha256", sizeof("sha256")); | |
73 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, | |
74 | (unsigned char *)"salt", 4); | |
75 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, | |
76 | (unsigned char *)"secret", 6); | |
77 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, | |
78 | (unsigned char *)"label", 5); | |
79 | *p = OSSL_PARAM_construct_end(); | |
80 | ||
d2ba8123 | 81 | ret = |
27e27cd7 | 82 | TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)) |
660c5344 | 83 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) |
d2ba8123 SL |
84 | && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) |
85 | && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); | |
5a285add | 86 | |
660c5344 | 87 | EVP_KDF_CTX_free(kctx); |
5a285add DM |
88 | return ret; |
89 | } | |
90 | ||
91 | static int test_kdf_pbkdf2(void) | |
92 | { | |
bf5739a0 | 93 | int ret = 0; |
5a285add | 94 | EVP_KDF_CTX *kctx; |
f0efeea2 SL |
95 | unsigned char out[25]; |
96 | size_t len = 0; | |
bf5739a0 P |
97 | unsigned int iterations = 4096; |
98 | int mode = 0; | |
99 | OSSL_PARAM params[6], *p = params; | |
f0efeea2 SL |
100 | const unsigned char expected[sizeof(out)] = { |
101 | 0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f, | |
102 | 0x32, 0xd8, 0x14, 0xb8, 0x11, 0x6e, 0x84, 0xcf, | |
103 | 0x2b, 0x17, 0x34, 0x7e, 0xbc, 0x18, 0x00, 0x18, | |
104 | 0x1c | |
a3c62426 | 105 | }; |
5a285add | 106 | |
f0efeea2 SL |
107 | if (sizeof(len) > 32) |
108 | len = SIZE_MAX; | |
109 | ||
bf5739a0 P |
110 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, |
111 | (unsigned char *) | |
112 | "passwordPASSWORDpassword", 24); | |
113 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, | |
114 | (unsigned char *) | |
115 | "saltSALTsaltSALTsaltSALTsaltSALTsalt", | |
116 | 36); | |
117 | *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_ITER, &iterations); | |
118 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, | |
119 | (char *)"sha256", 7); | |
120 | *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &mode); | |
121 | *p = OSSL_PARAM_construct_end(); | |
122 | ||
27e27cd7 | 123 | if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2)) |
660c5344 | 124 | || !TEST_true(EVP_KDF_CTX_set_params(kctx, params)) |
bf5739a0 P |
125 | || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) |
126 | || !TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)) | |
660c5344 | 127 | || !TEST_true(EVP_KDF_CTX_set_params(kctx, params)) |
bf5739a0 P |
128 | /* A key length that is too small should fail */ |
129 | || !TEST_int_eq(EVP_KDF_derive(kctx, out, 112 / 8 - 1), 0) | |
130 | /* A key length that is too large should fail */ | |
131 | || (len != 0 && !TEST_int_eq(EVP_KDF_derive(kctx, out, len), 0))) | |
132 | goto err; | |
133 | #if 0 | |
134 | /* TODO */ | |
f0efeea2 | 135 | /* Salt length less than 128 bits should fail */ |
bf5739a0 | 136 | || TEST_int_eq(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, |
f0efeea2 SL |
137 | "123456781234567", |
138 | (size_t)15), 0) | |
139 | /* A small iteration count should fail */ | |
bf5739a0 P |
140 | || TEST_int_eq(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 1), 0) |
141 | || TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE, | |
f0efeea2 SL |
142 | 1), 0) |
143 | /* Small salts will pass if the "pkcs5" mode is enabled */ | |
bf5739a0 | 144 | || TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, |
f0efeea2 SL |
145 | "123456781234567", |
146 | (size_t)15), 0) | |
147 | /* A small iteration count will pass if "pkcs5" mode is enabled */ | |
bf5739a0 | 148 | || TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 1), 0) |
f0efeea2 SL |
149 | /* |
150 | * If the "pkcs5" mode is disabled then the small salt and iter will | |
151 | * fail when the derive gets called. | |
152 | */ | |
bf5739a0 | 153 | || TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE, |
f0efeea2 | 154 | 0), 0) |
bf5739a0 P |
155 | || TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out)), 0); |
156 | #endif | |
157 | ret = 1; | |
158 | err: | |
660c5344 | 159 | EVP_KDF_CTX_free(kctx); |
5a285add DM |
160 | return ret; |
161 | } | |
162 | ||
163 | #ifndef OPENSSL_NO_SCRYPT | |
164 | static int test_kdf_scrypt(void) | |
165 | { | |
a3c62426 | 166 | int ret; |
5a285add | 167 | EVP_KDF_CTX *kctx; |
bf5739a0 | 168 | OSSL_PARAM params[7], *p = params; |
5a285add | 169 | unsigned char out[64]; |
bf5739a0 | 170 | unsigned int nu = 1024, ru = 8, pu = 16, maxmem = 16; |
8bbeaaa4 | 171 | static const unsigned char expected[sizeof(out)] = { |
a3c62426 SL |
172 | 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00, |
173 | 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe, | |
174 | 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30, | |
175 | 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62, | |
176 | 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88, | |
177 | 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda, | |
178 | 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d, | |
179 | 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40 | |
180 | }; | |
5a285add | 181 | |
bf5739a0 P |
182 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, |
183 | (char *)"password", 8); | |
184 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, | |
185 | (char *)"NaCl", 4); | |
186 | *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_N, &nu); | |
187 | *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_R, &ru); | |
188 | *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_P, &pu); | |
189 | *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_MAXMEM, &maxmem); | |
190 | *p = OSSL_PARAM_construct_end(); | |
191 | ||
d2ba8123 | 192 | ret = |
27e27cd7 | 193 | TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SCRYPT)) |
660c5344 | 194 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) |
bf5739a0 P |
195 | /* failure test *//* |
196 | && TEST_int_le(EVP_KDF_derive(kctx, out, sizeof(out)), 0)*/ | |
197 | && TEST_true(OSSL_PARAM_set_uint(p - 1, 10 * 1024 * 1024)) | |
660c5344 | 198 | && TEST_true(EVP_KDF_CTX_set_params(kctx, p - 1)) |
d2ba8123 SL |
199 | && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) |
200 | && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); | |
5a285add | 201 | |
660c5344 | 202 | EVP_KDF_CTX_free(kctx); |
5a285add DM |
203 | return ret; |
204 | } | |
a3c62426 | 205 | #endif /* OPENSSL_NO_SCRYPT */ |
5a285add | 206 | |
9537fe57 SL |
207 | static int test_kdf_ss_hash(void) |
208 | { | |
a3c62426 | 209 | int ret; |
bf5739a0 P |
210 | EVP_KDF_CTX *kctx; |
211 | OSSL_PARAM params[4], *p = params; | |
8bbeaaa4 | 212 | unsigned char out[14]; |
bf5739a0 | 213 | static unsigned char z[] = { |
9537fe57 SL |
214 | 0x6d,0xbd,0xc2,0x3f,0x04,0x54,0x88,0xe4,0x06,0x27,0x57,0xb0,0x6b,0x9e, |
215 | 0xba,0xe1,0x83,0xfc,0x5a,0x59,0x46,0xd8,0x0d,0xb9,0x3f,0xec,0x6f,0x62, | |
216 | 0xec,0x07,0xe3,0x72,0x7f,0x01,0x26,0xae,0xd1,0x2c,0xe4,0xb2,0x62,0xf4, | |
217 | 0x7d,0x48,0xd5,0x42,0x87,0xf8,0x1d,0x47,0x4c,0x7c,0x3b,0x18,0x50,0xe9 | |
218 | }; | |
bf5739a0 | 219 | static unsigned char other[] = { |
9537fe57 SL |
220 | 0xa1,0xb2,0xc3,0xd4,0xe5,0x43,0x41,0x56,0x53,0x69,0x64,0x3c,0x83,0x2e, |
221 | 0x98,0x49,0xdc,0xdb,0xa7,0x1e,0x9a,0x31,0x39,0xe6,0x06,0xe0,0x95,0xde, | |
222 | 0x3c,0x26,0x4a,0x66,0xe9,0x8a,0x16,0x58,0x54,0xcd,0x07,0x98,0x9b,0x1e, | |
223 | 0xe0,0xec,0x3f,0x8d,0xbe | |
224 | }; | |
8bbeaaa4 | 225 | static const unsigned char expected[sizeof(out)] = { |
9537fe57 SL |
226 | 0xa4,0x62,0xde,0x16,0xa8,0x9d,0xe8,0x46,0x6e,0xf5,0x46,0x0b,0x47,0xb8 |
227 | }; | |
9537fe57 | 228 | |
bf5739a0 P |
229 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, |
230 | (char *)"sha224", sizeof("sha224")); | |
231 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z)); | |
232 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other, | |
233 | sizeof(other)); | |
234 | *p = OSSL_PARAM_construct_end(); | |
235 | ||
d2ba8123 | 236 | ret = |
27e27cd7 | 237 | TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF)) |
660c5344 | 238 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) |
d2ba8123 SL |
239 | && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) |
240 | && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); | |
9537fe57 | 241 | |
660c5344 | 242 | EVP_KDF_CTX_free(kctx); |
a3c62426 | 243 | return ret; |
9537fe57 SL |
244 | } |
245 | ||
8bbeaaa4 SL |
246 | static int test_kdf_x963(void) |
247 | { | |
248 | int ret; | |
bf5739a0 P |
249 | EVP_KDF_CTX *kctx; |
250 | OSSL_PARAM params[4], *p = params; | |
8bbeaaa4 SL |
251 | unsigned char out[1024 / 8]; |
252 | /* | |
253 | * Test data from https://csrc.nist.gov/CSRC/media/Projects/ | |
254 | * Cryptographic-Algorithm-Validation-Program/documents/components/ | |
255 | * 800-135testvectors/ansx963_2001.zip | |
256 | */ | |
bf5739a0 | 257 | static unsigned char z[] = { |
8bbeaaa4 SL |
258 | 0x00, 0xaa, 0x5b, 0xb7, 0x9b, 0x33, 0xe3, 0x89, 0xfa, 0x58, 0xce, 0xad, |
259 | 0xc0, 0x47, 0x19, 0x7f, 0x14, 0xe7, 0x37, 0x12, 0xf4, 0x52, 0xca, 0xa9, | |
260 | 0xfc, 0x4c, 0x9a, 0xdb, 0x36, 0x93, 0x48, 0xb8, 0x15, 0x07, 0x39, 0x2f, | |
261 | 0x1a, 0x86, 0xdd, 0xfd, 0xb7, 0xc4, 0xff, 0x82, 0x31, 0xc4, 0xbd, 0x0f, | |
262 | 0x44, 0xe4, 0x4a, 0x1b, 0x55, 0xb1, 0x40, 0x47, 0x47, 0xa9, 0xe2, 0xe7, | |
263 | 0x53, 0xf5, 0x5e, 0xf0, 0x5a, 0x2d | |
264 | }; | |
bf5739a0 | 265 | static unsigned char shared[] = { |
8bbeaaa4 SL |
266 | 0xe3, 0xb5, 0xb4, 0xc1, 0xb0, 0xd5, 0xcf, 0x1d, 0x2b, 0x3a, 0x2f, 0x99, |
267 | 0x37, 0x89, 0x5d, 0x31 | |
268 | }; | |
269 | static const unsigned char expected[sizeof(out)] = { | |
270 | 0x44, 0x63, 0xf8, 0x69, 0xf3, 0xcc, 0x18, 0x76, 0x9b, 0x52, 0x26, 0x4b, | |
271 | 0x01, 0x12, 0xb5, 0x85, 0x8f, 0x7a, 0xd3, 0x2a, 0x5a, 0x2d, 0x96, 0xd8, | |
272 | 0xcf, 0xfa, 0xbf, 0x7f, 0xa7, 0x33, 0x63, 0x3d, 0x6e, 0x4d, 0xd2, 0xa5, | |
273 | 0x99, 0xac, 0xce, 0xb3, 0xea, 0x54, 0xa6, 0x21, 0x7c, 0xe0, 0xb5, 0x0e, | |
274 | 0xef, 0x4f, 0x6b, 0x40, 0xa5, 0xc3, 0x02, 0x50, 0xa5, 0xa8, 0xee, 0xee, | |
275 | 0x20, 0x80, 0x02, 0x26, 0x70, 0x89, 0xdb, 0xf3, 0x51, 0xf3, 0xf5, 0x02, | |
276 | 0x2a, 0xa9, 0x63, 0x8b, 0xf1, 0xee, 0x41, 0x9d, 0xea, 0x9c, 0x4f, 0xf7, | |
277 | 0x45, 0xa2, 0x5a, 0xc2, 0x7b, 0xda, 0x33, 0xca, 0x08, 0xbd, 0x56, 0xdd, | |
278 | 0x1a, 0x59, 0xb4, 0x10, 0x6c, 0xf2, 0xdb, 0xbc, 0x0a, 0xb2, 0xaa, 0x8e, | |
279 | 0x2e, 0xfa, 0x7b, 0x17, 0x90, 0x2d, 0x34, 0x27, 0x69, 0x51, 0xce, 0xcc, | |
280 | 0xab, 0x87, 0xf9, 0x66, 0x1c, 0x3e, 0x88, 0x16 | |
281 | }; | |
282 | ||
bf5739a0 P |
283 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, |
284 | (char *)"sha512", sizeof("sha512")); | |
285 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z)); | |
286 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, shared, | |
287 | sizeof(shared)); | |
288 | *p = OSSL_PARAM_construct_end(); | |
289 | ||
8bbeaaa4 | 290 | ret = |
27e27cd7 | 291 | TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X963KDF)) |
660c5344 | 292 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) |
8bbeaaa4 SL |
293 | && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) |
294 | && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); | |
295 | ||
660c5344 | 296 | EVP_KDF_CTX_free(kctx); |
8bbeaaa4 SL |
297 | return ret; |
298 | } | |
299 | ||
726ad13c | 300 | #if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_CAMELLIA) |
f6dead1b RH |
301 | /* |
302 | * KBKDF test vectors from RFC 6803 (Camellia Encryption for Kerberos 5) | |
303 | * section 10. | |
304 | */ | |
305 | static int test_kdf_kbkdf_6803_128(void) | |
306 | { | |
307 | int ret = 0, i, p; | |
308 | EVP_KDF_CTX *kctx; | |
309 | OSSL_PARAM params[7]; | |
310 | static unsigned char input_key[] = { | |
311 | 0x57, 0xD0, 0x29, 0x72, 0x98, 0xFF, 0xD9, 0xD3, | |
312 | 0x5D, 0xE5, 0xA4, 0x7F, 0xB4, 0xBD, 0xE2, 0x4B, | |
313 | }; | |
314 | static unsigned char constants[][5] = { | |
315 | { 0x00, 0x00, 0x00, 0x02, 0x99 }, | |
316 | { 0x00, 0x00, 0x00, 0x02, 0xaa }, | |
317 | { 0x00, 0x00, 0x00, 0x02, 0x55 }, | |
318 | }; | |
319 | static unsigned char outputs[][16] = { | |
320 | {0xD1, 0x55, 0x77, 0x5A, 0x20, 0x9D, 0x05, 0xF0, | |
321 | 0x2B, 0x38, 0xD4, 0x2A, 0x38, 0x9E, 0x5A, 0x56}, | |
322 | {0x64, 0xDF, 0x83, 0xF8, 0x5A, 0x53, 0x2F, 0x17, | |
323 | 0x57, 0x7D, 0x8C, 0x37, 0x03, 0x57, 0x96, 0xAB}, | |
324 | {0x3E, 0x4F, 0xBD, 0xF3, 0x0F, 0xB8, 0x25, 0x9C, | |
325 | 0x42, 0x5C, 0xB6, 0xC9, 0x6F, 0x1F, 0x46, 0x35} | |
326 | }; | |
327 | static unsigned char iv[16] = { 0 }; | |
328 | unsigned char result[16] = { 0 }; | |
329 | ||
330 | for (i = 0; i < 3; i++) { | |
331 | p = 0; | |
332 | params[p++] = OSSL_PARAM_construct_utf8_string( | |
333 | OSSL_KDF_PARAM_CIPHER, "CAMELLIA-128-CBC", 0); | |
334 | params[p++] = OSSL_PARAM_construct_utf8_string( | |
335 | OSSL_KDF_PARAM_MAC, "CMAC", 0); | |
336 | params[p++] = OSSL_PARAM_construct_utf8_string( | |
337 | OSSL_KDF_PARAM_MODE, "FEEDBACK", 0); | |
338 | params[p++] = OSSL_PARAM_construct_octet_string( | |
339 | OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key)); | |
340 | params[p++] = OSSL_PARAM_construct_octet_string( | |
341 | OSSL_KDF_PARAM_SALT, constants[i], sizeof(constants[i])); | |
342 | params[p++] = OSSL_PARAM_construct_octet_string( | |
343 | OSSL_KDF_PARAM_SEED, iv, sizeof(iv)); | |
344 | params[p] = OSSL_PARAM_construct_end(); | |
345 | ||
346 | kctx = get_kdfbyname("KBKDF"); | |
347 | ret = TEST_ptr(kctx) | |
660c5344 | 348 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) |
f6dead1b RH |
349 | && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0) |
350 | && TEST_mem_eq(result, sizeof(result), outputs[i], | |
351 | sizeof(outputs[i])); | |
660c5344 | 352 | EVP_KDF_CTX_free(kctx); |
f6dead1b RH |
353 | if (ret != 1) |
354 | return ret; | |
355 | } | |
356 | ||
357 | return ret; | |
358 | } | |
359 | ||
360 | static int test_kdf_kbkdf_6803_256(void) | |
361 | { | |
362 | int ret = 0, i, p; | |
363 | EVP_KDF_CTX *kctx; | |
364 | OSSL_PARAM params[7]; | |
365 | static unsigned char input_key[] = { | |
366 | 0xB9, 0xD6, 0x82, 0x8B, 0x20, 0x56, 0xB7, 0xBE, | |
367 | 0x65, 0x6D, 0x88, 0xA1, 0x23, 0xB1, 0xFA, 0xC6, | |
368 | 0x82, 0x14, 0xAC, 0x2B, 0x72, 0x7E, 0xCF, 0x5F, | |
369 | 0x69, 0xAF, 0xE0, 0xC4, 0xDF, 0x2A, 0x6D, 0x2C, | |
370 | }; | |
371 | static unsigned char constants[][5] = { | |
372 | { 0x00, 0x00, 0x00, 0x02, 0x99 }, | |
373 | { 0x00, 0x00, 0x00, 0x02, 0xaa }, | |
374 | { 0x00, 0x00, 0x00, 0x02, 0x55 }, | |
375 | }; | |
376 | static unsigned char outputs[][32] = { | |
377 | {0xE4, 0x67, 0xF9, 0xA9, 0x55, 0x2B, 0xC7, 0xD3, | |
378 | 0x15, 0x5A, 0x62, 0x20, 0xAF, 0x9C, 0x19, 0x22, | |
379 | 0x0E, 0xEE, 0xD4, 0xFF, 0x78, 0xB0, 0xD1, 0xE6, | |
380 | 0xA1, 0x54, 0x49, 0x91, 0x46, 0x1A, 0x9E, 0x50, | |
381 | }, | |
382 | {0x41, 0x2A, 0xEF, 0xC3, 0x62, 0xA7, 0x28, 0x5F, | |
383 | 0xC3, 0x96, 0x6C, 0x6A, 0x51, 0x81, 0xE7, 0x60, | |
384 | 0x5A, 0xE6, 0x75, 0x23, 0x5B, 0x6D, 0x54, 0x9F, | |
385 | 0xBF, 0xC9, 0xAB, 0x66, 0x30, 0xA4, 0xC6, 0x04, | |
386 | }, | |
387 | {0xFA, 0x62, 0x4F, 0xA0, 0xE5, 0x23, 0x99, 0x3F, | |
388 | 0xA3, 0x88, 0xAE, 0xFD, 0xC6, 0x7E, 0x67, 0xEB, | |
389 | 0xCD, 0x8C, 0x08, 0xE8, 0xA0, 0x24, 0x6B, 0x1D, | |
390 | 0x73, 0xB0, 0xD1, 0xDD, 0x9F, 0xC5, 0x82, 0xB0, | |
391 | }, | |
392 | }; | |
393 | static unsigned char iv[16] = { 0 }; | |
394 | unsigned char result[32] = { 0 }; | |
395 | ||
396 | for (i = 0; i < 3; i++) { | |
397 | p = 0; | |
398 | params[p++] = OSSL_PARAM_construct_utf8_string( | |
399 | OSSL_KDF_PARAM_CIPHER, "CAMELLIA-256-CBC", 0); | |
400 | params[p++] = OSSL_PARAM_construct_utf8_string( | |
401 | OSSL_KDF_PARAM_MAC, "CMAC", 0); | |
402 | params[p++] = OSSL_PARAM_construct_utf8_string( | |
403 | OSSL_KDF_PARAM_MODE, "FEEDBACK", 0); | |
404 | params[p++] = OSSL_PARAM_construct_octet_string( | |
405 | OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key)); | |
406 | params[p++] = OSSL_PARAM_construct_octet_string( | |
407 | OSSL_KDF_PARAM_SALT, constants[i], sizeof(constants[i])); | |
408 | params[p++] = OSSL_PARAM_construct_octet_string( | |
409 | OSSL_KDF_PARAM_SEED, iv, sizeof(iv)); | |
410 | params[p] = OSSL_PARAM_construct_end(); | |
411 | ||
412 | kctx = get_kdfbyname("KBKDF"); | |
413 | ret = TEST_ptr(kctx) | |
660c5344 | 414 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) |
f6dead1b RH |
415 | && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0) |
416 | && TEST_mem_eq(result, sizeof(result), outputs[i], | |
417 | sizeof(outputs[i])); | |
660c5344 | 418 | EVP_KDF_CTX_free(kctx); |
f6dead1b RH |
419 | if (ret != 1) |
420 | return ret; | |
421 | } | |
422 | ||
423 | return ret; | |
424 | } | |
726ad13c | 425 | #endif |
f6dead1b | 426 | |
a39bc440 RH |
427 | /* Two test vectors from RFC 8009 (AES Encryption with HMAC-SHA2 for Kerberos |
428 | * 5) appendix A. */ | |
429 | static int test_kdf_kbkdf_8009_prf1(void) | |
430 | { | |
431 | int ret, i = 0; | |
432 | EVP_KDF_CTX *kctx; | |
433 | OSSL_PARAM params[6]; | |
434 | char *label = "prf", *digest = "sha256", *prf_input = "test", | |
435 | *mac = "HMAC"; | |
436 | static unsigned char input_key[] = { | |
437 | 0x37, 0x05, 0xD9, 0x60, 0x80, 0xC1, 0x77, 0x28, | |
438 | 0xA0, 0xE8, 0x00, 0xEA, 0xB6, 0xE0, 0xD2, 0x3C, | |
439 | }; | |
440 | static unsigned char output[] = { | |
441 | 0x9D, 0x18, 0x86, 0x16, 0xF6, 0x38, 0x52, 0xFE, | |
442 | 0x86, 0x91, 0x5B, 0xB8, 0x40, 0xB4, 0xA8, 0x86, | |
443 | 0xFF, 0x3E, 0x6B, 0xB0, 0xF8, 0x19, 0xB4, 0x9B, | |
444 | 0x89, 0x33, 0x93, 0xD3, 0x93, 0x85, 0x42, 0x95, | |
445 | }; | |
446 | unsigned char result[sizeof(output)] = { 0 }; | |
447 | ||
448 | params[i++] = OSSL_PARAM_construct_utf8_string( | |
449 | OSSL_KDF_PARAM_DIGEST, digest, strlen(digest) + 1); | |
450 | params[i++] = OSSL_PARAM_construct_utf8_string( | |
451 | OSSL_KDF_PARAM_MAC, mac, strlen(mac) + 1); | |
452 | params[i++] = OSSL_PARAM_construct_octet_string( | |
453 | OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key)); | |
454 | params[i++] = OSSL_PARAM_construct_octet_string( | |
455 | OSSL_KDF_PARAM_SALT, label, strlen(label)); | |
456 | params[i++] = OSSL_PARAM_construct_octet_string( | |
457 | OSSL_KDF_PARAM_INFO, prf_input, strlen(prf_input)); | |
458 | params[i] = OSSL_PARAM_construct_end(); | |
459 | ||
460 | kctx = get_kdfbyname("KBKDF"); | |
461 | ret = TEST_ptr(kctx) | |
660c5344 | 462 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) |
a39bc440 RH |
463 | && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0) |
464 | && TEST_mem_eq(result, sizeof(result), output, sizeof(output)); | |
465 | ||
660c5344 | 466 | EVP_KDF_CTX_free(kctx); |
a39bc440 RH |
467 | return ret; |
468 | } | |
469 | ||
470 | static int test_kdf_kbkdf_8009_prf2(void) | |
471 | { | |
472 | int ret, i = 0; | |
473 | EVP_KDF_CTX *kctx; | |
474 | OSSL_PARAM params[6]; | |
475 | char *label = "prf", *digest = "sha384", *prf_input = "test", | |
476 | *mac = "HMAC"; | |
477 | static unsigned char input_key[] = { | |
478 | 0x6D, 0x40, 0x4D, 0x37, 0xFA, 0xF7, 0x9F, 0x9D, | |
479 | 0xF0, 0xD3, 0x35, 0x68, 0xD3, 0x20, 0x66, 0x98, | |
480 | 0x00, 0xEB, 0x48, 0x36, 0x47, 0x2E, 0xA8, 0xA0, | |
481 | 0x26, 0xD1, 0x6B, 0x71, 0x82, 0x46, 0x0C, 0x52, | |
482 | }; | |
483 | static unsigned char output[] = { | |
484 | 0x98, 0x01, 0xF6, 0x9A, 0x36, 0x8C, 0x2B, 0xF6, | |
485 | 0x75, 0xE5, 0x95, 0x21, 0xE1, 0x77, 0xD9, 0xA0, | |
486 | 0x7F, 0x67, 0xEF, 0xE1, 0xCF, 0xDE, 0x8D, 0x3C, | |
487 | 0x8D, 0x6F, 0x6A, 0x02, 0x56, 0xE3, 0xB1, 0x7D, | |
488 | 0xB3, 0xC1, 0xB6, 0x2A, 0xD1, 0xB8, 0x55, 0x33, | |
489 | 0x60, 0xD1, 0x73, 0x67, 0xEB, 0x15, 0x14, 0xD2, | |
490 | }; | |
491 | unsigned char result[sizeof(output)] = { 0 }; | |
492 | ||
493 | params[i++] = OSSL_PARAM_construct_utf8_string( | |
494 | OSSL_KDF_PARAM_DIGEST, digest, strlen(digest) + 1); | |
495 | params[i++] = OSSL_PARAM_construct_utf8_string( | |
496 | OSSL_KDF_PARAM_MAC, mac, strlen(mac) + 1); | |
497 | params[i++] = OSSL_PARAM_construct_octet_string( | |
498 | OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key)); | |
499 | params[i++] = OSSL_PARAM_construct_octet_string( | |
500 | OSSL_KDF_PARAM_SALT, label, strlen(label)); | |
501 | params[i++] = OSSL_PARAM_construct_octet_string( | |
502 | OSSL_KDF_PARAM_INFO, prf_input, strlen(prf_input)); | |
503 | params[i] = OSSL_PARAM_construct_end(); | |
504 | ||
505 | kctx = get_kdfbyname("KBKDF"); | |
506 | ret = TEST_ptr(kctx) | |
660c5344 | 507 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) |
a39bc440 RH |
508 | && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0) |
509 | && TEST_mem_eq(result, sizeof(result), output, sizeof(output)); | |
510 | ||
660c5344 | 511 | EVP_KDF_CTX_free(kctx); |
a39bc440 RH |
512 | return ret; |
513 | } | |
514 | ||
9537fe57 SL |
515 | static int test_kdf_ss_hmac(void) |
516 | { | |
a3c62426 | 517 | int ret; |
9537fe57 | 518 | EVP_KDF_CTX *kctx; |
bf5739a0 | 519 | OSSL_PARAM params[6], *p = params; |
8bbeaaa4 | 520 | unsigned char out[16]; |
bf5739a0 | 521 | static unsigned char z[] = { |
9537fe57 SL |
522 | 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4 |
523 | }; | |
bf5739a0 | 524 | static unsigned char other[] = { |
9537fe57 SL |
525 | 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc |
526 | }; | |
bf5739a0 | 527 | static unsigned char salt[] = { |
9537fe57 SL |
528 | 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef, |
529 | 0x3f,0x89 | |
530 | }; | |
8bbeaaa4 | 531 | static const unsigned char expected[sizeof(out)] = { |
9537fe57 SL |
532 | 0x44,0xf6,0x76,0xe8,0x5c,0x1b,0x1a,0x8b,0xbc,0x3d,0x31,0x92,0x18,0x63, |
533 | 0x1c,0xa3 | |
534 | }; | |
9537fe57 | 535 | |
bf5739a0 P |
536 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, |
537 | (char *)OSSL_MAC_NAME_HMAC, | |
538 | sizeof(OSSL_MAC_NAME_HMAC)); | |
539 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, | |
540 | (char *)"sha256", sizeof("sha256")); | |
541 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z)); | |
542 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other, | |
543 | sizeof(other)); | |
544 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt, | |
545 | sizeof(salt)); | |
546 | *p = OSSL_PARAM_construct_end(); | |
547 | ||
d2ba8123 | 548 | ret = |
27e27cd7 | 549 | TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF)) |
660c5344 | 550 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) |
d2ba8123 SL |
551 | && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) |
552 | && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); | |
9537fe57 | 553 | |
660c5344 | 554 | EVP_KDF_CTX_free(kctx); |
a3c62426 | 555 | return ret; |
9537fe57 SL |
556 | } |
557 | ||
558 | static int test_kdf_ss_kmac(void) | |
559 | { | |
a3c62426 | 560 | int ret; |
9537fe57 | 561 | EVP_KDF_CTX *kctx; |
bf5739a0 | 562 | OSSL_PARAM params[6], *p = params; |
9537fe57 | 563 | unsigned char out[64]; |
bf5739a0 P |
564 | size_t mac_size = 20; |
565 | static unsigned char z[] = { | |
9537fe57 SL |
566 | 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4 |
567 | }; | |
bf5739a0 | 568 | static unsigned char other[] = { |
9537fe57 SL |
569 | 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc |
570 | }; | |
bf5739a0 | 571 | static unsigned char salt[] = { |
9537fe57 SL |
572 | 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef, |
573 | 0x3f,0x89 | |
574 | }; | |
8bbeaaa4 | 575 | static const unsigned char expected[sizeof(out)] = { |
9537fe57 SL |
576 | 0xe9,0xc1,0x84,0x53,0xa0,0x62,0xb5,0x3b,0xdb,0xfc,0xbb,0x5a,0x34,0xbd, |
577 | 0xb8,0xe5,0xe7,0x07,0xee,0xbb,0x5d,0xd1,0x34,0x42,0x43,0xd8,0xcf,0xc2, | |
578 | 0xc2,0xe6,0x33,0x2f,0x91,0xbd,0xa5,0x86,0xf3,0x7d,0xe4,0x8a,0x65,0xd4, | |
579 | 0xc5,0x14,0xfd,0xef,0xaa,0x1e,0x67,0x54,0xf3,0x73,0xd2,0x38,0xe1,0x95, | |
580 | 0xae,0x15,0x7e,0x1d,0xe8,0x14,0x98,0x03 | |
581 | }; | |
582 | ||
bf5739a0 P |
583 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, |
584 | (char *)OSSL_MAC_NAME_KMAC128, | |
585 | sizeof(OSSL_MAC_NAME_KMAC128)); | |
586 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z)); | |
587 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other, | |
588 | sizeof(other)); | |
589 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt, | |
590 | sizeof(salt)); | |
591 | *p++ = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_MAC_SIZE, &mac_size); | |
592 | *p = OSSL_PARAM_construct_end(); | |
593 | ||
d2ba8123 | 594 | ret = |
27e27cd7 | 595 | TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF)) |
660c5344 | 596 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) |
d2ba8123 SL |
597 | && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) |
598 | && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); | |
9537fe57 | 599 | |
660c5344 | 600 | EVP_KDF_CTX_free(kctx); |
a3c62426 | 601 | return ret; |
9537fe57 SL |
602 | } |
603 | ||
87d9955e SS |
604 | static int test_kdf_sshkdf(void) |
605 | { | |
606 | int ret; | |
607 | EVP_KDF_CTX *kctx; | |
bf5739a0 P |
608 | OSSL_PARAM params[6], *p = params; |
609 | char kdftype = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV; | |
87d9955e SS |
610 | unsigned char out[8]; |
611 | /* Test data from NIST CAVS 14.1 test vectors */ | |
bf5739a0 | 612 | static unsigned char key[] = { |
87d9955e SS |
613 | 0x00, 0x00, 0x00, 0x81, 0x00, 0x87, 0x5c, 0x55, 0x1c, 0xef, 0x52, 0x6a, |
614 | 0x4a, 0x8b, 0xe1, 0xa7, 0xdf, 0x27, 0xe9, 0xed, 0x35, 0x4b, 0xac, 0x9a, | |
615 | 0xfb, 0x71, 0xf5, 0x3d, 0xba, 0xe9, 0x05, 0x67, 0x9d, 0x14, 0xf9, 0xfa, | |
616 | 0xf2, 0x46, 0x9c, 0x53, 0x45, 0x7c, 0xf8, 0x0a, 0x36, 0x6b, 0xe2, 0x78, | |
617 | 0x96, 0x5b, 0xa6, 0x25, 0x52, 0x76, 0xca, 0x2d, 0x9f, 0x4a, 0x97, 0xd2, | |
618 | 0x71, 0xf7, 0x1e, 0x50, 0xd8, 0xa9, 0xec, 0x46, 0x25, 0x3a, 0x6a, 0x90, | |
619 | 0x6a, 0xc2, 0xc5, 0xe4, 0xf4, 0x8b, 0x27, 0xa6, 0x3c, 0xe0, 0x8d, 0x80, | |
620 | 0x39, 0x0a, 0x49, 0x2a, 0xa4, 0x3b, 0xad, 0x9d, 0x88, 0x2c, 0xca, 0xc2, | |
621 | 0x3d, 0xac, 0x88, 0xbc, 0xad, 0xa4, 0xb4, 0xd4, 0x26, 0xa3, 0x62, 0x08, | |
622 | 0x3d, 0xab, 0x65, 0x69, 0xc5, 0x4c, 0x22, 0x4d, 0xd2, 0xd8, 0x76, 0x43, | |
623 | 0xaa, 0x22, 0x76, 0x93, 0xe1, 0x41, 0xad, 0x16, 0x30, 0xce, 0x13, 0x14, | |
624 | 0x4e | |
625 | }; | |
bf5739a0 | 626 | static unsigned char xcghash[] = { |
87d9955e SS |
627 | 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23, |
628 | 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7, | |
629 | 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42 | |
630 | }; | |
bf5739a0 | 631 | static unsigned char sessid[] = { |
87d9955e SS |
632 | 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23, |
633 | 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7, | |
634 | 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42 | |
635 | }; | |
8bbeaaa4 | 636 | static const unsigned char expected[sizeof(out)] = { |
87d9955e SS |
637 | 0x41, 0xff, 0x2e, 0xad, 0x16, 0x83, 0xf1, 0xe6 |
638 | }; | |
639 | ||
bf5739a0 P |
640 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, |
641 | (char *)"sha256", sizeof("sha256")); | |
642 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key, | |
643 | sizeof(key)); | |
644 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_XCGHASH, | |
645 | xcghash, sizeof(xcghash)); | |
646 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_SESSION_ID, | |
647 | sessid, sizeof(sessid)); | |
648 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE, | |
649 | &kdftype, sizeof(kdftype)); | |
650 | *p = OSSL_PARAM_construct_end(); | |
651 | ||
d2ba8123 | 652 | ret = |
27e27cd7 | 653 | TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSHKDF)) |
660c5344 | 654 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) |
d2ba8123 SL |
655 | && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) |
656 | && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); | |
87d9955e | 657 | |
660c5344 | 658 | EVP_KDF_CTX_free(kctx); |
87d9955e SS |
659 | return ret; |
660 | } | |
661 | ||
d2ba8123 SL |
662 | static int test_kdf_get_kdf(void) |
663 | { | |
ff756eed | 664 | EVP_KDF *kdf1 = NULL, *kdf2 = NULL; |
d2ba8123 | 665 | ASN1_OBJECT *obj; |
ff756eed RL |
666 | int ok = 1; |
667 | ||
668 | if (!TEST_ptr(obj = OBJ_nid2obj(NID_id_pbkdf2)) | |
27e27cd7 | 669 | || !TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_PBKDF2, NULL)) |
ff756eed RL |
670 | || !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(OBJ_obj2nid(obj)), |
671 | NULL)) | |
672 | || !TEST_ptr_eq(kdf1, kdf2)) | |
673 | ok = 0; | |
674 | EVP_KDF_free(kdf1); | |
675 | kdf1 = NULL; | |
676 | EVP_KDF_free(kdf2); | |
677 | kdf2 = NULL; | |
678 | ||
679 | if (!TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, SN_tls1_prf, NULL)) | |
680 | || !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, LN_tls1_prf, NULL)) | |
681 | || !TEST_ptr_eq(kdf1, kdf2)) | |
682 | ok = 0; | |
683 | /* kdf1 is re-used below, so don't free it here */ | |
684 | EVP_KDF_free(kdf2); | |
685 | kdf2 = NULL; | |
686 | ||
687 | if (!TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(NID_tls1_prf), NULL)) | |
688 | || !TEST_ptr_eq(kdf1, kdf2)) | |
689 | ok = 0; | |
690 | EVP_KDF_free(kdf1); | |
691 | kdf1 = NULL; | |
692 | EVP_KDF_free(kdf2); | |
693 | kdf2 = NULL; | |
694 | ||
695 | return ok; | |
d2ba8123 SL |
696 | } |
697 | ||
1aec7716 SL |
698 | #ifndef OPENSSL_NO_CMS |
699 | static int test_kdf_x942_asn1(void) | |
700 | { | |
701 | int ret; | |
702 | EVP_KDF_CTX *kctx = NULL; | |
bf5739a0 P |
703 | OSSL_PARAM params[4], *p = params; |
704 | const char *cek_alg = SN_id_smime_alg_CMS3DESwrap; | |
1aec7716 SL |
705 | unsigned char out[24]; |
706 | /* RFC2631 Section 2.1.6 Test data */ | |
bf5739a0 | 707 | static unsigned char z[] = { |
1aec7716 SL |
708 | 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d, |
709 | 0x0e,0x0f,0x10,0x11,0x12,0x13 | |
710 | }; | |
711 | static const unsigned char expected[sizeof(out)] = { | |
712 | 0xa0,0x96,0x61,0x39,0x23,0x76,0xf7,0x04, | |
713 | 0x4d,0x90,0x52,0xa3,0x97,0x88,0x32,0x46, | |
714 | 0xb6,0x7f,0x5f,0x1e,0xf6,0x3e,0xb5,0xfb | |
715 | }; | |
716 | ||
bf5739a0 P |
717 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, |
718 | (char *)"sha1", sizeof("sha1")); | |
719 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, | |
720 | sizeof(z)); | |
721 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG, | |
722 | (char *)cek_alg, | |
723 | strlen(cek_alg) + 1); | |
724 | *p = OSSL_PARAM_construct_end(); | |
725 | ||
1aec7716 | 726 | ret = |
27e27cd7 | 727 | TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X942KDF)) |
660c5344 | 728 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) |
1aec7716 SL |
729 | && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) |
730 | && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); | |
731 | ||
660c5344 | 732 | EVP_KDF_CTX_free(kctx); |
1aec7716 SL |
733 | return ret; |
734 | } | |
735 | #endif /* OPENSSL_NO_CMS */ | |
736 | ||
33f54da3 SS |
737 | static int test_kdf_krb5kdf(void) |
738 | { | |
739 | int ret; | |
740 | EVP_KDF_CTX *kctx; | |
741 | OSSL_PARAM params[4], *p = params; | |
742 | unsigned char out[16]; | |
743 | static unsigned char key[] = { | |
744 | 0x42, 0x26, 0x3C, 0x6E, 0x89, 0xF4, 0xFC, 0x28, | |
745 | 0xB8, 0xDF, 0x68, 0xEE, 0x09, 0x79, 0x9F, 0x15 | |
746 | }; | |
747 | static unsigned char constant[] = { | |
748 | 0x00, 0x00, 0x00, 0x02, 0x99 | |
749 | }; | |
750 | static const unsigned char expected[sizeof(out)] = { | |
751 | 0x34, 0x28, 0x0A, 0x38, 0x2B, 0xC9, 0x27, 0x69, | |
752 | 0xB2, 0xDA, 0x2F, 0x9E, 0xF0, 0x66, 0x85, 0x4B | |
753 | }; | |
754 | ||
755 | *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER, | |
756 | (char *)"AES-128-CBC", | |
757 | sizeof("AES-128-CBC")); | |
758 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key, | |
759 | sizeof(key)); | |
760 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_CONSTANT, | |
761 | constant, sizeof(constant)); | |
762 | *p = OSSL_PARAM_construct_end(); | |
763 | ||
764 | ret = | |
765 | TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_KRB5KDF)) | |
660c5344 | 766 | && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) |
33f54da3 SS |
767 | && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) |
768 | && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); | |
769 | ||
660c5344 | 770 | EVP_KDF_CTX_free(kctx); |
33f54da3 SS |
771 | return ret; |
772 | } | |
773 | ||
5a285add DM |
774 | int setup_tests(void) |
775 | { | |
726ad13c | 776 | #if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_CAMELLIA) |
f6dead1b RH |
777 | ADD_TEST(test_kdf_kbkdf_6803_128); |
778 | ADD_TEST(test_kdf_kbkdf_6803_256); | |
726ad13c | 779 | #endif |
a39bc440 RH |
780 | ADD_TEST(test_kdf_kbkdf_8009_prf1); |
781 | ADD_TEST(test_kdf_kbkdf_8009_prf2); | |
d2ba8123 | 782 | ADD_TEST(test_kdf_get_kdf); |
5a285add DM |
783 | ADD_TEST(test_kdf_tls1_prf); |
784 | ADD_TEST(test_kdf_hkdf); | |
785 | ADD_TEST(test_kdf_pbkdf2); | |
786 | #ifndef OPENSSL_NO_SCRYPT | |
787 | ADD_TEST(test_kdf_scrypt); | |
788 | #endif | |
9537fe57 SL |
789 | ADD_TEST(test_kdf_ss_hash); |
790 | ADD_TEST(test_kdf_ss_hmac); | |
791 | ADD_TEST(test_kdf_ss_kmac); | |
87d9955e | 792 | ADD_TEST(test_kdf_sshkdf); |
8bbeaaa4 | 793 | ADD_TEST(test_kdf_x963); |
1aec7716 SL |
794 | #ifndef OPENSSL_NO_CMS |
795 | ADD_TEST(test_kdf_x942_asn1); | |
796 | #endif | |
33f54da3 | 797 | ADD_TEST(test_kdf_krb5kdf); |
5a285add DM |
798 | return 1; |
799 | } |