]> git.ipfire.org Git - thirdparty/openssl.git/blame - test/evp_kdf_test.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Fix various typos, repeated words, align some spelling to LDP.
[thirdparty/openssl.git] / test / evp_kdf_test.c
CommitLineData
5a285add 1/*
a28d06f3 2 * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
4757a347 3 * Copyright (c) 2018-2020, Oracle and/or its affiliates. All rights reserved.
5a285add
DM		 4 *
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
9 */
10
11/* Tests of the EVP_KDF_CTX APIs */
12
13#include <stdio.h>
14#include <string.h>
15
16#include <openssl/evp.h>
17#include <openssl/kdf.h>
81ff9eeb 18#include <openssl/core_names.h>
6251895c 19#include "internal/numbers.h"
5a285add
DM		 20#include "testutil.h"
21
189c4759
SL		 22
23static EVP_KDF_CTX *get_kdfbyname_libctx(OSSL_LIB_CTX *libctx, const char *name)
bf5739a0 24{
189c4759 25 EVP_KDF *kdf = EVP_KDF_fetch(libctx, name, NULL);
660c5344 26 EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
bf5739a0
P		 27
28 EVP_KDF_free(kdf);
29 return kctx;
30}
31
189c4759
SL		 32static EVP_KDF_CTX *get_kdfbyname(const char *name)
33{
34 return get_kdfbyname_libctx(NULL, name);
35}
36
1cae59d1
JS		 37static OSSL_PARAM *construct_tls1_prf_params(const char *digest, const char *secret,
38 const char *seed)
39{
40 OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 4);
41 OSSL_PARAM *p = params;
42
0f183675
JS		 43 if (params == NULL)
44 return NULL;
45
1cae59d1
JS		 46 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
47 (char *)digest, 0);
48 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
49 (unsigned char *)secret,
50 strlen(secret));
51 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
52 (unsigned char *)seed,
53 strlen(seed));
54 *p = OSSL_PARAM_construct_end();
55
56 return params;
57}
58
5a285add
DM		 59static int test_kdf_tls1_prf(void)
60{
a3c62426 61 int ret;
d2ba8123 62 EVP_KDF_CTX *kctx = NULL;
5a285add 63 unsigned char out[16];
1cae59d1 64 OSSL_PARAM *params;
8bbeaaa4 65 static const unsigned char expected[sizeof(out)] = {
a3c62426
SL		 66 0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0,
67 0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc
68 };
5a285add 69
1cae59d1 70 params = construct_tls1_prf_params("sha256", "secret", "seed");
bf5739a0 71
0f183675
JS		 72 ret = TEST_ptr(params)
73 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
05cdec39 74 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
d2ba8123 75 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
5a285add 76
660c5344 77 EVP_KDF_CTX_free(kctx);
1cae59d1 78 OPENSSL_free(params);
5a285add
DM		 79 return ret;
80}
81
1cae59d1
JS		 82static int test_kdf_tls1_prf_invalid_digest(void)
83{
84 int ret;
85 EVP_KDF_CTX *kctx = NULL;
86 OSSL_PARAM *params;
87
88 params = construct_tls1_prf_params("blah", "secret", "seed");
89
0f183675
JS		 90 ret = TEST_ptr(params)
91 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
1cae59d1
JS		 92 && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
93
94 EVP_KDF_CTX_free(kctx);
95 OPENSSL_free(params);
96 return ret;
97}
98
99static int test_kdf_tls1_prf_zero_output_size(void)
100{
101 int ret;
102 EVP_KDF_CTX *kctx = NULL;
103 unsigned char out[16];
104 OSSL_PARAM *params;
105
106 params = construct_tls1_prf_params("sha256", "secret", "seed");
107
108 /* Negative test - derive should fail */
0f183675
JS		 109 ret = TEST_ptr(params)
110 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
1cae59d1 111 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
05cdec39 112 && TEST_int_eq(EVP_KDF_derive(kctx, out, 0, NULL), 0);
1cae59d1
JS		 113
114 EVP_KDF_CTX_free(kctx);
115 OPENSSL_free(params);
116 return ret;
117}
118
119static int test_kdf_tls1_prf_empty_secret(void)
120{
121 int ret;
122 EVP_KDF_CTX *kctx = NULL;
123 unsigned char out[16];
124 OSSL_PARAM *params;
125
126 params = construct_tls1_prf_params("sha256", "", "seed");
127
0f183675
JS		 128 ret = TEST_ptr(params)
129 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
05cdec39 130 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
1cae59d1
JS		 131
132 EVP_KDF_CTX_free(kctx);
133 OPENSSL_free(params);
134 return ret;
135}
136
137static int test_kdf_tls1_prf_1byte_secret(void)
138{
139 int ret;
140 EVP_KDF_CTX *kctx = NULL;
141 unsigned char out[16];
142 OSSL_PARAM *params;
143
144 params = construct_tls1_prf_params("sha256", "1", "seed");
145
0f183675
JS		 146 ret = TEST_ptr(params)
147 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
05cdec39 148 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
1cae59d1
JS		 149
150 EVP_KDF_CTX_free(kctx);
151 OPENSSL_free(params);
152 return ret;
153}
154
155static int test_kdf_tls1_prf_empty_seed(void)
156{
157 int ret;
158 EVP_KDF_CTX *kctx = NULL;
159 unsigned char out[16];
160 OSSL_PARAM *params;
161
162 params = construct_tls1_prf_params("sha256", "secret", "");
163
164 /* Negative test - derive should fail */
0f183675
JS		 165 ret = TEST_ptr(params)
166 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
1cae59d1 167 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
05cdec39 168 && TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0);
1cae59d1
JS		 169
170 EVP_KDF_CTX_free(kctx);
171 OPENSSL_free(params);
172 return ret;
173}
174
175static int test_kdf_tls1_prf_1byte_seed(void)
176{
177 int ret;
178 EVP_KDF_CTX *kctx = NULL;
179 unsigned char out[16];
180 OSSL_PARAM *params;
181
182 params = construct_tls1_prf_params("sha256", "secret", "1");
183
0f183675
JS		 184 ret = TEST_ptr(params)
185 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
05cdec39 186 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
1cae59d1
JS		 187
188 EVP_KDF_CTX_free(kctx);
189 OPENSSL_free(params);
190 return ret;
191}
192
193static OSSL_PARAM *construct_hkdf_params(char *digest, char *key,
194 size_t keylen, char *salt, char *info)
195{
196 OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 5);
197 OSSL_PARAM *p = params;
198
0f183675
JS		 199 if (params == NULL)
200 return NULL;
201
9d300aa2
SL		 202 if (digest != NULL)
203 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
204 digest, 0);
1cae59d1
JS		 205 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
206 salt, strlen(salt));
207 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
208 (unsigned char *)key, keylen);
9d300aa2
SL		 209 if (info != NULL)
210 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
211 info, strlen(info));
212 else
213 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE,
214 "EXTRACT_ONLY", 0);
1cae59d1
JS		 215 *p = OSSL_PARAM_construct_end();
216
217 return params;
218}
219
5a285add
DM		 220static int test_kdf_hkdf(void)
221{
a3c62426 222 int ret;
0f183675 223 EVP_KDF_CTX *kctx = NULL;
5a285add 224 unsigned char out[10];
1cae59d1 225 OSSL_PARAM *params;
8bbeaaa4 226 static const unsigned char expected[sizeof(out)] = {
a3c62426
SL		 227 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13
228 };
5a285add 229
1cae59d1 230 params = construct_hkdf_params("sha256", "secret", 6, "salt", "label");
bf5739a0 231
0f183675
JS		 232 ret = TEST_ptr(params)
233 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
05cdec39 234 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
d2ba8123 235 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
5a285add 236
660c5344 237 EVP_KDF_CTX_free(kctx);
1cae59d1
JS		 238 OPENSSL_free(params);
239 return ret;
240}
241
9d300aa2
SL		 242static int do_kdf_hkdf_gettables(int expand_only, int has_digest)
243{
244 int ret = 0;
245 size_t sz = 0;
246 OSSL_PARAM *params;
247 OSSL_PARAM params_get[2];
248 const OSSL_PARAM *gettables, *p;
249 EVP_KDF_CTX *kctx = NULL;
250
251 if (!TEST_ptr(params = construct_hkdf_params(
252 has_digest ? "sha256" : NULL,
253 "secret", 6, "salt",
254 expand_only ? NULL : "label"))
255 || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
256 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params)))
257 goto err;
258
259 /* Check OSSL_KDF_PARAM_SIZE is gettable */
260 if (!TEST_ptr(gettables = EVP_KDF_CTX_gettable_params(kctx))
261 || !TEST_ptr(p = OSSL_PARAM_locate_const(gettables, OSSL_KDF_PARAM_SIZE)))
262 goto err;
263
264 /* Get OSSL_KDF_PARAM_SIZE as a size_t */
265 params_get[0] = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_SIZE, &sz);
266 params_get[1] = OSSL_PARAM_construct_end();
267 if (has_digest) {
268 if (!TEST_int_eq(EVP_KDF_CTX_get_params(kctx, params_get), 1)
269 || !TEST_size_t_eq(sz, expand_only ? SHA256_DIGEST_LENGTH : SIZE_MAX))
270 goto err;
271 } else {
272 if (!TEST_int_eq(EVP_KDF_CTX_get_params(kctx, params_get), 0))
273 goto err;
274 }
275
276 /* Get params returns -2 if an unsupported parameter is requested */
277 params_get[0] = OSSL_PARAM_construct_end();
278 if (!TEST_int_eq(EVP_KDF_CTX_get_params(kctx, params_get), -2))
279 goto err;
280 ret = 1;
281err:
282 EVP_KDF_CTX_free(kctx);
283 OPENSSL_free(params);
284 return ret;
285}
286
287static int test_kdf_hkdf_gettables(void)
288{
289 return do_kdf_hkdf_gettables(0, 1);
290}
291
292static int test_kdf_hkdf_gettables_expandonly(void)
293{
294 return do_kdf_hkdf_gettables(1, 1);
295}
296
297static int test_kdf_hkdf_gettables_no_digest(void)
298{
299 return do_kdf_hkdf_gettables(1, 0);
300}
301
1cae59d1
JS		 302static int test_kdf_hkdf_invalid_digest(void)
303{
304 int ret;
0f183675 305 EVP_KDF_CTX *kctx = NULL;
1cae59d1
JS		 306 OSSL_PARAM *params;
307
308 params = construct_hkdf_params("blah", "secret", 6, "salt", "label");
309
0f183675
JS		 310 ret = TEST_ptr(params)
311 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
1cae59d1
JS		 312 && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
313
314 EVP_KDF_CTX_free(kctx);
315 OPENSSL_free(params);
316 return ret;
317}
318
9d300aa2
SL		 319static int test_kdf_hkdf_derive_set_params_fail(void)
320{
321 int ret = 0, i = 0;
322 EVP_KDF_CTX *kctx = NULL;
323 OSSL_PARAM params[2];
324 unsigned char out[10];
325
326 if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)))
327 goto end;
328 /*
329 * Set the wrong type for the digest so that it causes a failure
330 * inside kdf_hkdf_derive() when kdf_hkdf_set_ctx_params() is called
331 */
332 params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_DIGEST, &i);
333 params[1] = OSSL_PARAM_construct_end();
334 if (!TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), params), 0))
335 goto end;
336 ret = 1;
337end:
338 EVP_KDF_CTX_free(kctx);
339 return ret;
340}
341
342static int test_kdf_hkdf_set_invalid_mode(void)
343{
344 int ret = 0, bad_mode = 100;
345 EVP_KDF_CTX *kctx = NULL;
346 OSSL_PARAM params[2];
347
348 if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)))
349 goto end;
350 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE,
351 "BADMODE", 0);
352 params[1] = OSSL_PARAM_construct_end();
353 if (!TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 0))
354 goto end;
355
356 params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE, &bad_mode);
357 if (!TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 0))
358 goto end;
359
360 ret = 1;
361end:
362 EVP_KDF_CTX_free(kctx);
363 return ret;
364}
365
366static int do_kdf_hkdf_set_invalid_param(const char *key, int type)
367{
368 int ret = 0;
369 EVP_KDF_CTX *kctx = NULL;
370 OSSL_PARAM params[2];
371 unsigned char buf[2];
372
373 if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)))
374 goto end;
375 /* Set the wrong type for the key so that it causes a failure */
376 if (type == OSSL_PARAM_UTF8_STRING)
377 params[0] = OSSL_PARAM_construct_utf8_string(key, "BAD", 0);
378 else
379 params[0] = OSSL_PARAM_construct_octet_string(key, buf, sizeof(buf));
380 params[1] = OSSL_PARAM_construct_end();
381 if (!TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 0))
382 goto end;
383
384 ret = 1;
385end:
386 EVP_KDF_CTX_free(kctx);
387 return ret;
388}
389
390static int test_kdf_hkdf_set_ctx_param_fail(void)
391{
392 return do_kdf_hkdf_set_invalid_param(OSSL_KDF_PARAM_MODE,
393 OSSL_PARAM_OCTET_STRING)
394 && do_kdf_hkdf_set_invalid_param(OSSL_KDF_PARAM_KEY,
395 OSSL_PARAM_UTF8_STRING)
396 && do_kdf_hkdf_set_invalid_param(OSSL_KDF_PARAM_SALT,
397 OSSL_PARAM_UTF8_STRING)
398 && do_kdf_hkdf_set_invalid_param(OSSL_KDF_PARAM_INFO,
399 OSSL_PARAM_UTF8_STRING);
400}
401
1cae59d1
JS		 402static int test_kdf_hkdf_zero_output_size(void)
403{
404 int ret;
0f183675 405 EVP_KDF_CTX *kctx = NULL;
1cae59d1
JS		 406 unsigned char out[10];
407 OSSL_PARAM *params;
408
409 params = construct_hkdf_params("sha256", "secret", 6, "salt", "label");
410
411 /* Negative test - derive should fail */
0f183675
JS		 412 ret = TEST_ptr(params)
413 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
1cae59d1 414 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
05cdec39 415 && TEST_int_eq(EVP_KDF_derive(kctx, out, 0, NULL), 0);
1cae59d1
JS		 416
417 EVP_KDF_CTX_free(kctx);
418 OPENSSL_free(params);
419 return ret;
420}
421
422static int test_kdf_hkdf_empty_key(void)
423{
424 int ret;
0f183675 425 EVP_KDF_CTX *kctx = NULL;
1cae59d1
JS		 426 unsigned char out[10];
427 OSSL_PARAM *params;
428
429 params = construct_hkdf_params("sha256", "", 0, "salt", "label");
430
0f183675
JS		 431 ret = TEST_ptr(params)
432 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
05cdec39 433 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
1cae59d1
JS		 434
435 EVP_KDF_CTX_free(kctx);
436 OPENSSL_free(params);
437 return ret;
438}
439
440static int test_kdf_hkdf_1byte_key(void)
441{
442 int ret;
0f183675 443 EVP_KDF_CTX *kctx = NULL;
1cae59d1
JS		 444 unsigned char out[10];
445 OSSL_PARAM *params;
446
447 params = construct_hkdf_params("sha256", "1", 1, "salt", "label");
448
0f183675
JS		 449 ret = TEST_ptr(params)
450 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
05cdec39 451 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
1cae59d1
JS		 452
453 EVP_KDF_CTX_free(kctx);
454 OPENSSL_free(params);
455 return ret;
456}
457
458static int test_kdf_hkdf_empty_salt(void)
459{
460 int ret;
0f183675 461 EVP_KDF_CTX *kctx = NULL;
1cae59d1
JS		 462 unsigned char out[10];
463 OSSL_PARAM *params;
464
465 params = construct_hkdf_params("sha256", "secret", 6, "", "label");
466
0f183675
JS		 467 ret = TEST_ptr(params)
468 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
05cdec39 469 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
1cae59d1
JS		 470
471 EVP_KDF_CTX_free(kctx);
472 OPENSSL_free(params);
5a285add
DM		 473 return ret;
474}
475
0f183675
JS		 476static OSSL_PARAM *construct_pbkdf1_params(char *pass, char *digest, char *salt,
477 unsigned int *iter)
478{
479 OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 5);
480 OSSL_PARAM *p = params;
481
482 if (params == NULL)
483 return NULL;
484
485 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
486 (unsigned char *)pass, strlen(pass));
487 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
488 (unsigned char *)salt, strlen(salt));
489 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_ITER, iter);
490 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
491 digest, 0);
492 *p = OSSL_PARAM_construct_end();
493
494 return params;
495}
496
497static int test_kdf_pbkdf1(void)
498{
499 int ret = 0;
500 EVP_KDF_CTX *kctx = NULL;
501 unsigned char out[25];
502 unsigned int iterations = 4096;
189c4759
SL		 503 OSSL_LIB_CTX *libctx = NULL;
504 OSSL_PARAM *params = NULL;
e59bfbaa
TM		 505 OSSL_PROVIDER *legacyprov = NULL;
506 OSSL_PROVIDER *defprov = NULL;
0f183675
JS		 507 const unsigned char expected[sizeof(out)] = {
508 0xfb, 0x83, 0x4d, 0x36, 0x6d, 0xbc, 0x53, 0x87, 0x35, 0x1b, 0x34, 0x75,
509 0x95, 0x88, 0x32, 0x4f, 0x3e, 0x82, 0x81, 0x01, 0x21, 0x93, 0x64, 0x00,
510 0xcc
511 };
512
189c4759
SL		 513 if (!TEST_ptr(libctx = OSSL_LIB_CTX_new()))
514 goto err;
515
0f183675 516 /* PBKDF1 only available in the legacy provider */
e59bfbaa
TM		 517 legacyprov = OSSL_PROVIDER_load(libctx, "legacy");
518 if (legacyprov == NULL) {
9d300aa2 519 OSSL_LIB_CTX_free(libctx);
0f183675 520 return TEST_skip("PBKDF1 only available in legacy provider");
9d300aa2 521 }
0f183675 522
e59bfbaa
TM		 523 if (!TEST_ptr(defprov = OSSL_PROVIDER_load(libctx, "default")))
524 goto err;
525
0f183675
JS		 526 params = construct_pbkdf1_params("passwordPASSWORDpassword", "sha256",
527 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
528 &iterations);
529
530 if (!TEST_ptr(params)
189c4759 531 || !TEST_ptr(kctx = get_kdfbyname_libctx(libctx, OSSL_KDF_NAME_PBKDF1))
0f183675
JS		 532 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
533 || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)
534 || !TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)))
535 goto err;
536
537 ret = 1;
538err:
539 EVP_KDF_CTX_free(kctx);
540 OPENSSL_free(params);
e59bfbaa
TM		 541 OSSL_PROVIDER_unload(defprov);
542 OSSL_PROVIDER_unload(legacyprov);
189c4759 543 OSSL_LIB_CTX_free(libctx);
0f183675
JS		 544 return ret;
545}
546
1cae59d1
JS		 547static OSSL_PARAM *construct_pbkdf2_params(char *pass, char *digest, char *salt,
548 unsigned int *iter, int *mode)
549{
550 OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 6);
551 OSSL_PARAM *p = params;
552
0f183675
JS		 553 if (params == NULL)
554 return NULL;
555
1cae59d1
JS		 556 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
557 (unsigned char *)pass, strlen(pass));
558 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
559 (unsigned char *)salt, strlen(salt));
560 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_ITER, iter);
561 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
562 digest, 0);
563 *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, mode);
564 *p = OSSL_PARAM_construct_end();
565
566 return params;
567}
568
5a285add
DM		 569static int test_kdf_pbkdf2(void)
570{
bf5739a0 571 int ret = 0;
0f183675 572 EVP_KDF_CTX *kctx = NULL;
f0efeea2 573 unsigned char out[25];
bf5739a0
P		 574 unsigned int iterations = 4096;
575 int mode = 0;
1cae59d1 576 OSSL_PARAM *params;
f0efeea2
SL		 577 const unsigned char expected[sizeof(out)] = {
578 0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f,
579 0x32, 0xd8, 0x14, 0xb8, 0x11, 0x6e, 0x84, 0xcf,
580 0x2b, 0x17, 0x34, 0x7e, 0xbc, 0x18, 0x00, 0x18,
581 0x1c
a3c62426 582 };
5a285add 583
1cae59d1
JS		 584 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
585 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
586 &iterations, &mode);
bf5739a0 587
0f183675
JS		 588 if (!TEST_ptr(params)
589 || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
05cdec39 590 || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
1cae59d1
JS		 591 || !TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)))
592 goto err;
593
594 ret = 1;
595err:
596 EVP_KDF_CTX_free(kctx);
597 OPENSSL_free(params);
598 return ret;
599}
600
601static int test_kdf_pbkdf2_small_output(void)
602{
603 int ret = 0;
0f183675 604 EVP_KDF_CTX *kctx = NULL;
1cae59d1
JS		 605 unsigned char out[25];
606 unsigned int iterations = 4096;
607 int mode = 0;
608 OSSL_PARAM *params;
609
610 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
611 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
612 &iterations, &mode);
613
0f183675
JS		 614 if (!TEST_ptr(params)
615 || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
660c5344 616 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
bf5739a0 617 /* A key length that is too small should fail */
05cdec39 618 || !TEST_int_eq(EVP_KDF_derive(kctx, out, 112 / 8 - 1, NULL), 0))
1cae59d1
JS		 619 goto err;
620
621 ret = 1;
622err:
623 EVP_KDF_CTX_free(kctx);
624 OPENSSL_free(params);
625 return ret;
626}
627
628static int test_kdf_pbkdf2_large_output(void)
629{
630 int ret = 0;
0f183675 631 EVP_KDF_CTX *kctx = NULL;
1cae59d1
JS		 632 unsigned char out[25];
633 size_t len = 0;
634 unsigned int iterations = 4096;
635 int mode = 0;
636 OSSL_PARAM *params;
637
638 if (sizeof(len) > 32)
639 len = SIZE_MAX;
640
641 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
642 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
643 &iterations, &mode);
644
0f183675
JS		 645 if (!TEST_ptr(params)
646 || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
bf5739a0 647 /* A key length that is too large should fail */
05cdec39
P		 648 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
649 || (len != 0 && !TEST_int_eq(EVP_KDF_derive(kctx, out, len, NULL), 0)))
bf5739a0 650 goto err;
1cae59d1 651
bf5739a0
P		 652 ret = 1;
653err:
660c5344 654 EVP_KDF_CTX_free(kctx);
1cae59d1
JS		 655 OPENSSL_free(params);
656 return ret;
657}
658
659static int test_kdf_pbkdf2_small_salt(void)
660{
661 int ret = 0;
0f183675 662 EVP_KDF_CTX *kctx = NULL;
1cae59d1
JS		 663 unsigned int iterations = 4096;
664 int mode = 0;
665 OSSL_PARAM *params;
666
667 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
668 "saltSALT",
669 &iterations, &mode);
670
0f183675
JS		 671 if (!TEST_ptr(params)
672 || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
1cae59d1
JS		 673 /* A salt that is too small should fail */
674 || !TEST_false(EVP_KDF_CTX_set_params(kctx, params)))
675 goto err;
676
677 ret = 1;
678err:
679 EVP_KDF_CTX_free(kctx);
680 OPENSSL_free(params);
681 return ret;
682}
683
684static int test_kdf_pbkdf2_small_iterations(void)
685{
686 int ret = 0;
0f183675 687 EVP_KDF_CTX *kctx = NULL;
1cae59d1
JS		 688 unsigned int iterations = 1;
689 int mode = 0;
690 OSSL_PARAM *params;
691
692 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
693 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
694 &iterations, &mode);
695
0f183675
JS		 696 if (!TEST_ptr(params)
697 || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
1cae59d1
JS		 698 /* An iteration count that is too small should fail */
699 || !TEST_false(EVP_KDF_CTX_set_params(kctx, params)))
700 goto err;
701
702 ret = 1;
703err:
704 EVP_KDF_CTX_free(kctx);
705 OPENSSL_free(params);
706 return ret;
707}
708
709static int test_kdf_pbkdf2_small_salt_pkcs5(void)
710{
711 int ret = 0;
0f183675 712 EVP_KDF_CTX *kctx = NULL;
1cae59d1
JS		 713 unsigned char out[25];
714 unsigned int iterations = 4096;
715 int mode = 1;
716 OSSL_PARAM *params;
717 OSSL_PARAM mode_params[2];
718
719 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
720 "saltSALT",
721 &iterations, &mode);
722
0f183675
JS		 723 if (!TEST_ptr(params)
724 || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
1cae59d1
JS		 725 /* A salt that is too small should pass in pkcs5 mode */
726 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
05cdec39 727 || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0))
1cae59d1
JS		 728 goto err;
729
730 mode = 0;
731 mode_params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &mode);
732 mode_params[1] = OSSL_PARAM_construct_end();
733
734 /* If the "pkcs5" mode is disabled then the derive will now fail */
735 if (!TEST_true(EVP_KDF_CTX_set_params(kctx, mode_params))
05cdec39 736 || !TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0))
1cae59d1
JS		 737 goto err;
738
739 ret = 1;
740err:
741 EVP_KDF_CTX_free(kctx);
742 OPENSSL_free(params);
743 return ret;
744}
745
746static int test_kdf_pbkdf2_small_iterations_pkcs5(void)
747{
748 int ret = 0;
0f183675 749 EVP_KDF_CTX *kctx = NULL;
1cae59d1
JS		 750 unsigned char out[25];
751 unsigned int iterations = 1;
752 int mode = 1;
753 OSSL_PARAM *params;
754 OSSL_PARAM mode_params[2];
755
756 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
757 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
758 &iterations, &mode);
759
0f183675
JS		 760 if (!TEST_ptr(params)
761 || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
1cae59d1
JS		 762 /* An iteration count that is too small will pass in pkcs5 mode */
763 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
05cdec39 764 || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0))
1cae59d1
JS		 765 goto err;
766
767 mode = 0;
768 mode_params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &mode);
769 mode_params[1] = OSSL_PARAM_construct_end();
770
771 /* If the "pkcs5" mode is disabled then the derive will now fail */
772 if (!TEST_true(EVP_KDF_CTX_set_params(kctx, mode_params))
05cdec39 773 || !TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0))
1cae59d1
JS		 774 goto err;
775
776 ret = 1;
777err:
778 EVP_KDF_CTX_free(kctx);
779 OPENSSL_free(params);
780 return ret;
781}
782
783static int test_kdf_pbkdf2_invalid_digest(void)
784{
785 int ret = 0;
0f183675 786 EVP_KDF_CTX *kctx = NULL;
1cae59d1
JS		 787 unsigned int iterations = 4096;
788 int mode = 0;
789 OSSL_PARAM *params;
790
791 params = construct_pbkdf2_params("passwordPASSWORDpassword", "blah",
792 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
793 &iterations, &mode);
794
0f183675
JS		 795 if (!TEST_ptr(params)
796 || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
1cae59d1
JS		 797 /* Unknown digest should fail */
798 || !TEST_false(EVP_KDF_CTX_set_params(kctx, params)))
799 goto err;
800
801 ret = 1;
802err:
803 EVP_KDF_CTX_free(kctx);
804 OPENSSL_free(params);
5a285add
DM		 805 return ret;
806}
807
808#ifndef OPENSSL_NO_SCRYPT
809static int test_kdf_scrypt(void)
810{
a3c62426 811 int ret;
5a285add 812 EVP_KDF_CTX *kctx;
bf5739a0 813 OSSL_PARAM params[7], *p = params;
5a285add 814 unsigned char out[64];
bf5739a0 815 unsigned int nu = 1024, ru = 8, pu = 16, maxmem = 16;
8bbeaaa4 816 static const unsigned char expected[sizeof(out)] = {
a3c62426
SL		 817 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
818 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
819 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
820 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
821 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
822 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
823 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
824 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
825 };
5a285add 826
bf5739a0
P		 827 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
828 (char *)"password", 8);
829 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
830 (char *)"NaCl", 4);
831 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_N, &nu);
832 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_R, &ru);
833 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_P, &pu);
834 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_MAXMEM, &maxmem);
835 *p = OSSL_PARAM_construct_end();
836
d2ba8123 837 ret =
27e27cd7 838 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SCRYPT))
660c5344 839 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
bf5739a0 840 /* failure test *//*
05cdec39 841 && TEST_int_le(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)*/
bf5739a0 842 && TEST_true(OSSL_PARAM_set_uint(p - 1, 10 * 1024 * 1024))
660c5344 843 && TEST_true(EVP_KDF_CTX_set_params(kctx, p - 1))
05cdec39 844 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)
d2ba8123 845 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
5a285add 846
660c5344 847 EVP_KDF_CTX_free(kctx);
5a285add
DM		 848 return ret;
849}
a3c62426 850#endif /* OPENSSL_NO_SCRYPT */
5a285add 851
9537fe57
SL		 852static int test_kdf_ss_hash(void)
853{
a3c62426 854 int ret;
bf5739a0
P		 855 EVP_KDF_CTX *kctx;
856 OSSL_PARAM params[4], *p = params;
8bbeaaa4 857 unsigned char out[14];
bf5739a0 858 static unsigned char z[] = {
9537fe57
SL		 859 0x6d,0xbd,0xc2,0x3f,0x04,0x54,0x88,0xe4,0x06,0x27,0x57,0xb0,0x6b,0x9e,
860 0xba,0xe1,0x83,0xfc,0x5a,0x59,0x46,0xd8,0x0d,0xb9,0x3f,0xec,0x6f,0x62,
861 0xec,0x07,0xe3,0x72,0x7f,0x01,0x26,0xae,0xd1,0x2c,0xe4,0xb2,0x62,0xf4,
862 0x7d,0x48,0xd5,0x42,0x87,0xf8,0x1d,0x47,0x4c,0x7c,0x3b,0x18,0x50,0xe9
863 };
bf5739a0 864 static unsigned char other[] = {
9537fe57
SL		 865 0xa1,0xb2,0xc3,0xd4,0xe5,0x43,0x41,0x56,0x53,0x69,0x64,0x3c,0x83,0x2e,
866 0x98,0x49,0xdc,0xdb,0xa7,0x1e,0x9a,0x31,0x39,0xe6,0x06,0xe0,0x95,0xde,
867 0x3c,0x26,0x4a,0x66,0xe9,0x8a,0x16,0x58,0x54,0xcd,0x07,0x98,0x9b,0x1e,
868 0xe0,0xec,0x3f,0x8d,0xbe
869 };
8bbeaaa4 870 static const unsigned char expected[sizeof(out)] = {
9537fe57
SL		 871 0xa4,0x62,0xde,0x16,0xa8,0x9d,0xe8,0x46,0x6e,0xf5,0x46,0x0b,0x47,0xb8
872 };
9537fe57 873
bf5739a0 874 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
3262300a 875 (char *)"sha224", 0);
bf5739a0
P		 876 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
877 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
878 sizeof(other));
879 *p = OSSL_PARAM_construct_end();
880
d2ba8123 881 ret =
27e27cd7 882 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
05cdec39 883 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
d2ba8123 884 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
9537fe57 885
660c5344 886 EVP_KDF_CTX_free(kctx);
a3c62426 887 return ret;
9537fe57
SL		 888}
889
8bbeaaa4
SL		 890static int test_kdf_x963(void)
891{
892 int ret;
bf5739a0
P		 893 EVP_KDF_CTX *kctx;
894 OSSL_PARAM params[4], *p = params;
8bbeaaa4
SL		 895 unsigned char out[1024 / 8];
896 /*
897 * Test data from https://csrc.nist.gov/CSRC/media/Projects/
898 * Cryptographic-Algorithm-Validation-Program/documents/components/
899 * 800-135testvectors/ansx963_2001.zip
900 */
bf5739a0 901 static unsigned char z[] = {
8bbeaaa4
SL		 902 0x00, 0xaa, 0x5b, 0xb7, 0x9b, 0x33, 0xe3, 0x89, 0xfa, 0x58, 0xce, 0xad,
903 0xc0, 0x47, 0x19, 0x7f, 0x14, 0xe7, 0x37, 0x12, 0xf4, 0x52, 0xca, 0xa9,
904 0xfc, 0x4c, 0x9a, 0xdb, 0x36, 0x93, 0x48, 0xb8, 0x15, 0x07, 0x39, 0x2f,
905 0x1a, 0x86, 0xdd, 0xfd, 0xb7, 0xc4, 0xff, 0x82, 0x31, 0xc4, 0xbd, 0x0f,
906 0x44, 0xe4, 0x4a, 0x1b, 0x55, 0xb1, 0x40, 0x47, 0x47, 0xa9, 0xe2, 0xe7,
907 0x53, 0xf5, 0x5e, 0xf0, 0x5a, 0x2d
908 };
bf5739a0 909 static unsigned char shared[] = {
8bbeaaa4
SL		 910 0xe3, 0xb5, 0xb4, 0xc1, 0xb0, 0xd5, 0xcf, 0x1d, 0x2b, 0x3a, 0x2f, 0x99,
911 0x37, 0x89, 0x5d, 0x31
912 };
913 static const unsigned char expected[sizeof(out)] = {
914 0x44, 0x63, 0xf8, 0x69, 0xf3, 0xcc, 0x18, 0x76, 0x9b, 0x52, 0x26, 0x4b,
915 0x01, 0x12, 0xb5, 0x85, 0x8f, 0x7a, 0xd3, 0x2a, 0x5a, 0x2d, 0x96, 0xd8,
916 0xcf, 0xfa, 0xbf, 0x7f, 0xa7, 0x33, 0x63, 0x3d, 0x6e, 0x4d, 0xd2, 0xa5,
917 0x99, 0xac, 0xce, 0xb3, 0xea, 0x54, 0xa6, 0x21, 0x7c, 0xe0, 0xb5, 0x0e,
918 0xef, 0x4f, 0x6b, 0x40, 0xa5, 0xc3, 0x02, 0x50, 0xa5, 0xa8, 0xee, 0xee,
919 0x20, 0x80, 0x02, 0x26, 0x70, 0x89, 0xdb, 0xf3, 0x51, 0xf3, 0xf5, 0x02,
920 0x2a, 0xa9, 0x63, 0x8b, 0xf1, 0xee, 0x41, 0x9d, 0xea, 0x9c, 0x4f, 0xf7,
921 0x45, 0xa2, 0x5a, 0xc2, 0x7b, 0xda, 0x33, 0xca, 0x08, 0xbd, 0x56, 0xdd,
922 0x1a, 0x59, 0xb4, 0x10, 0x6c, 0xf2, 0xdb, 0xbc, 0x0a, 0xb2, 0xaa, 0x8e,
923 0x2e, 0xfa, 0x7b, 0x17, 0x90, 0x2d, 0x34, 0x27, 0x69, 0x51, 0xce, 0xcc,
924 0xab, 0x87, 0xf9, 0x66, 0x1c, 0x3e, 0x88, 0x16
925 };
926
bf5739a0 927 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
3262300a 928 (char *)"sha512", 0);
bf5739a0
P		 929 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
930 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, shared,
931 sizeof(shared));
932 *p = OSSL_PARAM_construct_end();
933
8bbeaaa4 934 ret =
27e27cd7 935 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X963KDF))
05cdec39 936 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
8bbeaaa4
SL		 937 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
938
660c5344 939 EVP_KDF_CTX_free(kctx);
8bbeaaa4
SL		 940 return ret;
941}
942
726ad13c 943#if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_CAMELLIA)
f6dead1b
RH		 944/*
945 * KBKDF test vectors from RFC 6803 (Camellia Encryption for Kerberos 5)
946 * section 10.
947 */
948static int test_kdf_kbkdf_6803_128(void)
949{
950 int ret = 0, i, p;
951 EVP_KDF_CTX *kctx;
952 OSSL_PARAM params[7];
953 static unsigned char input_key[] = {
954 0x57, 0xD0, 0x29, 0x72, 0x98, 0xFF, 0xD9, 0xD3,
955 0x5D, 0xE5, 0xA4, 0x7F, 0xB4, 0xBD, 0xE2, 0x4B,
956 };
957 static unsigned char constants[][5] = {
958 { 0x00, 0x00, 0x00, 0x02, 0x99 },
959 { 0x00, 0x00, 0x00, 0x02, 0xaa },
960 { 0x00, 0x00, 0x00, 0x02, 0x55 },
961 };
962 static unsigned char outputs[][16] = {
963 {0xD1, 0x55, 0x77, 0x5A, 0x20, 0x9D, 0x05, 0xF0,
964 0x2B, 0x38, 0xD4, 0x2A, 0x38, 0x9E, 0x5A, 0x56},
965 {0x64, 0xDF, 0x83, 0xF8, 0x5A, 0x53, 0x2F, 0x17,
966 0x57, 0x7D, 0x8C, 0x37, 0x03, 0x57, 0x96, 0xAB},
967 {0x3E, 0x4F, 0xBD, 0xF3, 0x0F, 0xB8, 0x25, 0x9C,
968 0x42, 0x5C, 0xB6, 0xC9, 0x6F, 0x1F, 0x46, 0x35}
969 };
970 static unsigned char iv[16] = { 0 };
971 unsigned char result[16] = { 0 };
972
973 for (i = 0; i < 3; i++) {
974 p = 0;
975 params[p++] = OSSL_PARAM_construct_utf8_string(
976 OSSL_KDF_PARAM_CIPHER, "CAMELLIA-128-CBC", 0);
977 params[p++] = OSSL_PARAM_construct_utf8_string(
978 OSSL_KDF_PARAM_MAC, "CMAC", 0);
979 params[p++] = OSSL_PARAM_construct_utf8_string(
980 OSSL_KDF_PARAM_MODE, "FEEDBACK", 0);
981 params[p++] = OSSL_PARAM_construct_octet_string(
982 OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
983 params[p++] = OSSL_PARAM_construct_octet_string(
984 OSSL_KDF_PARAM_SALT, constants[i], sizeof(constants[i]));
985 params[p++] = OSSL_PARAM_construct_octet_string(
986 OSSL_KDF_PARAM_SEED, iv, sizeof(iv));
987 params[p] = OSSL_PARAM_construct_end();
988
989 kctx = get_kdfbyname("KBKDF");
990 ret = TEST_ptr(kctx)
05cdec39
P		 991 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result),
992 params), 0)
f6dead1b
RH		 993 && TEST_mem_eq(result, sizeof(result), outputs[i],
994 sizeof(outputs[i]));
660c5344 995 EVP_KDF_CTX_free(kctx);
f6dead1b
RH		 996 if (ret != 1)
997 return ret;
998 }
999
1000 return ret;
1001}
1002
1003static int test_kdf_kbkdf_6803_256(void)
1004{
1005 int ret = 0, i, p;
1006 EVP_KDF_CTX *kctx;
1007 OSSL_PARAM params[7];
1008 static unsigned char input_key[] = {
1009 0xB9, 0xD6, 0x82, 0x8B, 0x20, 0x56, 0xB7, 0xBE,
1010 0x65, 0x6D, 0x88, 0xA1, 0x23, 0xB1, 0xFA, 0xC6,
1011 0x82, 0x14, 0xAC, 0x2B, 0x72, 0x7E, 0xCF, 0x5F,
1012 0x69, 0xAF, 0xE0, 0xC4, 0xDF, 0x2A, 0x6D, 0x2C,
1013 };
1014 static unsigned char constants[][5] = {
1015 { 0x00, 0x00, 0x00, 0x02, 0x99 },
1016 { 0x00, 0x00, 0x00, 0x02, 0xaa },
1017 { 0x00, 0x00, 0x00, 0x02, 0x55 },
1018 };
1019 static unsigned char outputs[][32] = {
1020 {0xE4, 0x67, 0xF9, 0xA9, 0x55, 0x2B, 0xC7, 0xD3,
1021 0x15, 0x5A, 0x62, 0x20, 0xAF, 0x9C, 0x19, 0x22,
1022 0x0E, 0xEE, 0xD4, 0xFF, 0x78, 0xB0, 0xD1, 0xE6,
1023 0xA1, 0x54, 0x49, 0x91, 0x46, 0x1A, 0x9E, 0x50,
1024 },
1025 {0x41, 0x2A, 0xEF, 0xC3, 0x62, 0xA7, 0x28, 0x5F,
1026 0xC3, 0x96, 0x6C, 0x6A, 0x51, 0x81, 0xE7, 0x60,
1027 0x5A, 0xE6, 0x75, 0x23, 0x5B, 0x6D, 0x54, 0x9F,
1028 0xBF, 0xC9, 0xAB, 0x66, 0x30, 0xA4, 0xC6, 0x04,
1029 },
1030 {0xFA, 0x62, 0x4F, 0xA0, 0xE5, 0x23, 0x99, 0x3F,
1031 0xA3, 0x88, 0xAE, 0xFD, 0xC6, 0x7E, 0x67, 0xEB,
1032 0xCD, 0x8C, 0x08, 0xE8, 0xA0, 0x24, 0x6B, 0x1D,
1033 0x73, 0xB0, 0xD1, 0xDD, 0x9F, 0xC5, 0x82, 0xB0,
1034 },
1035 };
1036 static unsigned char iv[16] = { 0 };
1037 unsigned char result[32] = { 0 };
1038
1039 for (i = 0; i < 3; i++) {
1040 p = 0;
1041 params[p++] = OSSL_PARAM_construct_utf8_string(
1042 OSSL_KDF_PARAM_CIPHER, "CAMELLIA-256-CBC", 0);
1043 params[p++] = OSSL_PARAM_construct_utf8_string(
1044 OSSL_KDF_PARAM_MAC, "CMAC", 0);
1045 params[p++] = OSSL_PARAM_construct_utf8_string(
1046 OSSL_KDF_PARAM_MODE, "FEEDBACK", 0);
1047 params[p++] = OSSL_PARAM_construct_octet_string(
1048 OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
1049 params[p++] = OSSL_PARAM_construct_octet_string(
1050 OSSL_KDF_PARAM_SALT, constants[i], sizeof(constants[i]));
1051 params[p++] = OSSL_PARAM_construct_octet_string(
1052 OSSL_KDF_PARAM_SEED, iv, sizeof(iv));
1053 params[p] = OSSL_PARAM_construct_end();
1054
1055 kctx = get_kdfbyname("KBKDF");
1056 ret = TEST_ptr(kctx)
05cdec39
P		 1057 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result),
1058 params), 0)
f6dead1b
RH		 1059 && TEST_mem_eq(result, sizeof(result), outputs[i],
1060 sizeof(outputs[i]));
660c5344 1061 EVP_KDF_CTX_free(kctx);
f6dead1b
RH		 1062 if (ret != 1)
1063 return ret;
1064 }
1065
1066 return ret;
1067}
726ad13c 1068#endif
f6dead1b 1069
1cae59d1 1070static OSSL_PARAM *construct_kbkdf_params(char *digest, char *mac, unsigned char *key,
0e9a265e 1071 size_t keylen, char *salt, char *info, int *r)
1cae59d1 1072{
0e9a265e 1073 OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 8);
1cae59d1
JS		 1074 OSSL_PARAM *p = params;
1075
0f183675
JS		 1076 if (params == NULL)
1077 return NULL;
1078
1cae59d1
JS		 1079 *p++ = OSSL_PARAM_construct_utf8_string(
1080 OSSL_KDF_PARAM_DIGEST, digest, 0);
1081 *p++ = OSSL_PARAM_construct_utf8_string(
1082 OSSL_KDF_PARAM_MAC, mac, 0);
1083 *p++ = OSSL_PARAM_construct_utf8_string(
1084 OSSL_KDF_PARAM_MODE, "COUNTER", 0);
1085 *p++ = OSSL_PARAM_construct_octet_string(
1086 OSSL_KDF_PARAM_KEY, key, keylen);
1087 *p++ = OSSL_PARAM_construct_octet_string(
1088 OSSL_KDF_PARAM_SALT, salt, strlen(salt));
1089 *p++ = OSSL_PARAM_construct_octet_string(
1090 OSSL_KDF_PARAM_INFO, info, strlen(info));
0e9a265e
PU		 1091 *p++ = OSSL_PARAM_construct_int(
1092 OSSL_KDF_PARAM_KBKDF_R, r);
1cae59d1
JS		 1093 *p = OSSL_PARAM_construct_end();
1094
1095 return params;
1096}
1097
1098static int test_kdf_kbkdf_invalid_digest(void)
1099{
1100 int ret;
1101 EVP_KDF_CTX *kctx;
1102 OSSL_PARAM *params;
1103
1104 static unsigned char key[] = {0x01};
0e9a265e 1105 int r = 32;
1cae59d1 1106
0e9a265e 1107 params = construct_kbkdf_params("blah", "HMAC", key, 1, "prf", "test", &r);
0f183675
JS		 1108 if (!TEST_ptr(params))
1109 return 0;
1cae59d1
JS		 1110
1111 /* Negative test case - set_params should fail */
1112 kctx = get_kdfbyname("KBKDF");
1113 ret = TEST_ptr(kctx)
1114 && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
1115
1116 EVP_KDF_CTX_free(kctx);
1117 OPENSSL_free(params);
1118 return ret;
1119}
1120
1121static int test_kdf_kbkdf_invalid_mac(void)
1122{
1123 int ret;
1124 EVP_KDF_CTX *kctx;
1125 OSSL_PARAM *params;
1126
1127 static unsigned char key[] = {0x01};
0e9a265e 1128 int r = 32;
1cae59d1 1129
0e9a265e 1130 params = construct_kbkdf_params("sha256", "blah", key, 1, "prf", "test", &r);
0f183675
JS		 1131 if (!TEST_ptr(params))
1132 return 0;
1cae59d1
JS		 1133
1134 /* Negative test case - set_params should fail */
1135 kctx = get_kdfbyname("KBKDF");
1136 ret = TEST_ptr(kctx)
1137 && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
1138
1139 EVP_KDF_CTX_free(kctx);
1140 OPENSSL_free(params);
1141 return ret;
1142}
1143
0e9a265e
PU		 1144static int test_kdf_kbkdf_invalid_r(void)
1145{
1146 int ret;
1147 EVP_KDF_CTX *kctx;
1148 OSSL_PARAM *params;
1149
1150 static unsigned char key[] = {0x01};
1151 int r = 31;
1152
1153 params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test", &r);
1154 if (!TEST_ptr(params))
1155 return 0;
1156
1157 /* Negative test case - derive should fail */
1158 kctx = get_kdfbyname("KBKDF");
1159 ret = TEST_ptr(kctx)
1160 && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
1161
1162 EVP_KDF_CTX_free(kctx);
1163 OPENSSL_free(params);
1164 return ret;
1165}
1166
1167
1cae59d1
JS		 1168static int test_kdf_kbkdf_empty_key(void)
1169{
1170 int ret;
1171 EVP_KDF_CTX *kctx;
1172 OSSL_PARAM *params;
1173
1174 static unsigned char key[] = {0x01};
1175 unsigned char result[32] = { 0 };
0e9a265e 1176 int r = 32;
1cae59d1 1177
0e9a265e 1178 params = construct_kbkdf_params("sha256", "HMAC", key, 0, "prf", "test", &r);
0f183675
JS		 1179 if (!TEST_ptr(params))
1180 return 0;
1cae59d1
JS		 1181
1182 /* Negative test case - derive should fail */
1183 kctx = get_kdfbyname("KBKDF");
1184 ret = TEST_ptr(kctx)
1185 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
05cdec39 1186 && TEST_int_eq(EVP_KDF_derive(kctx, result, sizeof(result), NULL), 0);
1cae59d1
JS		 1187
1188 EVP_KDF_CTX_free(kctx);
1189 OPENSSL_free(params);
1190 return ret;
1191}
1192
1193static int test_kdf_kbkdf_1byte_key(void)
1194{
1195 int ret;
1196 EVP_KDF_CTX *kctx;
1197 OSSL_PARAM *params;
1198
1199 static unsigned char key[] = {0x01};
1200 unsigned char result[32] = { 0 };
0e9a265e 1201 int r = 32;
1cae59d1 1202
0e9a265e 1203 params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test", &r);
0f183675
JS		 1204 if (!TEST_ptr(params))
1205 return 0;
1cae59d1
JS		 1206
1207 kctx = get_kdfbyname("KBKDF");
1208 ret = TEST_ptr(kctx)
05cdec39 1209 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), params), 0);
1cae59d1
JS		 1210
1211 EVP_KDF_CTX_free(kctx);
1212 OPENSSL_free(params);
1213 return ret;
1214}
1215
1216static int test_kdf_kbkdf_zero_output_size(void)
1217{
1218 int ret;
1219 EVP_KDF_CTX *kctx;
1220 OSSL_PARAM *params;
1221
1222 static unsigned char key[] = {0x01};
1223 unsigned char result[32] = { 0 };
0e9a265e 1224 int r = 32;
1cae59d1 1225
0e9a265e 1226 params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test", &r);
0f183675
JS		 1227 if (!TEST_ptr(params))
1228 return 0;
1cae59d1
JS		 1229
1230 /* Negative test case - derive should fail */
1231 kctx = get_kdfbyname("KBKDF");
1232 ret = TEST_ptr(kctx)
1233 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
05cdec39 1234 && TEST_int_eq(EVP_KDF_derive(kctx, result, 0, NULL), 0);
1cae59d1
JS		 1235
1236 EVP_KDF_CTX_free(kctx);
1237 OPENSSL_free(params);
1238 return ret;
1239}
1240
a39bc440
RH		 1241/* Two test vectors from RFC 8009 (AES Encryption with HMAC-SHA2 for Kerberos
1242 * 5) appendix A. */
1243static int test_kdf_kbkdf_8009_prf1(void)
1244{
1245 int ret, i = 0;
1246 EVP_KDF_CTX *kctx;
1247 OSSL_PARAM params[6];
1248 char *label = "prf", *digest = "sha256", *prf_input = "test",
1249 *mac = "HMAC";
1250 static unsigned char input_key[] = {
1251 0x37, 0x05, 0xD9, 0x60, 0x80, 0xC1, 0x77, 0x28,
1252 0xA0, 0xE8, 0x00, 0xEA, 0xB6, 0xE0, 0xD2, 0x3C,
1253 };
1254 static unsigned char output[] = {
1255 0x9D, 0x18, 0x86, 0x16, 0xF6, 0x38, 0x52, 0xFE,
1256 0x86, 0x91, 0x5B, 0xB8, 0x40, 0xB4, 0xA8, 0x86,
1257 0xFF, 0x3E, 0x6B, 0xB0, 0xF8, 0x19, 0xB4, 0x9B,
1258 0x89, 0x33, 0x93, 0xD3, 0x93, 0x85, 0x42, 0x95,
1259 };
1260 unsigned char result[sizeof(output)] = { 0 };
1261
1262 params[i++] = OSSL_PARAM_construct_utf8_string(
1cae59d1 1263 OSSL_KDF_PARAM_DIGEST, digest, 0);
a39bc440 1264 params[i++] = OSSL_PARAM_construct_utf8_string(
1cae59d1 1265 OSSL_KDF_PARAM_MAC, mac, 0);
a39bc440
RH		 1266 params[i++] = OSSL_PARAM_construct_octet_string(
1267 OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
1268 params[i++] = OSSL_PARAM_construct_octet_string(
1269 OSSL_KDF_PARAM_SALT, label, strlen(label));
1270 params[i++] = OSSL_PARAM_construct_octet_string(
1271 OSSL_KDF_PARAM_INFO, prf_input, strlen(prf_input));
1272 params[i] = OSSL_PARAM_construct_end();
1273
1274 kctx = get_kdfbyname("KBKDF");
1275 ret = TEST_ptr(kctx)
05cdec39 1276 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), params), 0)
a39bc440
RH		 1277 && TEST_mem_eq(result, sizeof(result), output, sizeof(output));
1278
660c5344 1279 EVP_KDF_CTX_free(kctx);
a39bc440
RH		 1280 return ret;
1281}
1282
1283static int test_kdf_kbkdf_8009_prf2(void)
1284{
1285 int ret, i = 0;
1286 EVP_KDF_CTX *kctx;
1287 OSSL_PARAM params[6];
1288 char *label = "prf", *digest = "sha384", *prf_input = "test",
1289 *mac = "HMAC";
1290 static unsigned char input_key[] = {
1291 0x6D, 0x40, 0x4D, 0x37, 0xFA, 0xF7, 0x9F, 0x9D,
1292 0xF0, 0xD3, 0x35, 0x68, 0xD3, 0x20, 0x66, 0x98,
1293 0x00, 0xEB, 0x48, 0x36, 0x47, 0x2E, 0xA8, 0xA0,
1294 0x26, 0xD1, 0x6B, 0x71, 0x82, 0x46, 0x0C, 0x52,
1295 };
1296 static unsigned char output[] = {
1297 0x98, 0x01, 0xF6, 0x9A, 0x36, 0x8C, 0x2B, 0xF6,
1298 0x75, 0xE5, 0x95, 0x21, 0xE1, 0x77, 0xD9, 0xA0,
1299 0x7F, 0x67, 0xEF, 0xE1, 0xCF, 0xDE, 0x8D, 0x3C,
1300 0x8D, 0x6F, 0x6A, 0x02, 0x56, 0xE3, 0xB1, 0x7D,
1301 0xB3, 0xC1, 0xB6, 0x2A, 0xD1, 0xB8, 0x55, 0x33,
1302 0x60, 0xD1, 0x73, 0x67, 0xEB, 0x15, 0x14, 0xD2,
1303 };
1304 unsigned char result[sizeof(output)] = { 0 };
1305
1306 params[i++] = OSSL_PARAM_construct_utf8_string(
1cae59d1 1307 OSSL_KDF_PARAM_DIGEST, digest, 0);
a39bc440 1308 params[i++] = OSSL_PARAM_construct_utf8_string(
1cae59d1 1309 OSSL_KDF_PARAM_MAC, mac, 0);
a39bc440
RH		 1310 params[i++] = OSSL_PARAM_construct_octet_string(
1311 OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
1312 params[i++] = OSSL_PARAM_construct_octet_string(
1313 OSSL_KDF_PARAM_SALT, label, strlen(label));
1314 params[i++] = OSSL_PARAM_construct_octet_string(
1315 OSSL_KDF_PARAM_INFO, prf_input, strlen(prf_input));
1316 params[i] = OSSL_PARAM_construct_end();
1317
1318 kctx = get_kdfbyname("KBKDF");
1319 ret = TEST_ptr(kctx)
05cdec39 1320 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), params), 0)
a39bc440
RH		 1321 && TEST_mem_eq(result, sizeof(result), output, sizeof(output));
1322
660c5344 1323 EVP_KDF_CTX_free(kctx);
a39bc440
RH		 1324 return ret;
1325}
1326
4757a347
SL		 1327#if !defined(OPENSSL_NO_CMAC)
1328/*
1329 * Test vector taken from
1330 * https://csrc.nist.gov/CSRC/media/Projects/
1331 * Cryptographic-Algorithm-Validation-Program/documents/KBKDF800-108/CounterMode.zip
4757a347
SL		 1332 */
1333static int test_kdf_kbkdf_fixedinfo(void)
1334{
1335 int ret;
1336 EVP_KDF_CTX *kctx;
1337 OSSL_PARAM params[8], *p = params;
1338 static char *cipher = "AES128";
1339 static char *mac = "CMAC";
1340 static char *mode = "COUNTER";
1341 int use_l = 0;
1342 int use_separator = 0;
1343
1344 static unsigned char input_key[] = {
1345 0xc1, 0x0b, 0x15, 0x2e, 0x8c, 0x97, 0xb7, 0x7e,
1346 0x18, 0x70, 0x4e, 0x0f, 0x0b, 0xd3, 0x83, 0x05,
1347 };
1348 static unsigned char fixed_input[] = {
1349 0x98, 0xcd, 0x4c, 0xbb, 0xbe, 0xbe, 0x15, 0xd1,
1350 0x7d, 0xc8, 0x6e, 0x6d, 0xba, 0xd8, 0x00, 0xa2,
1351 0xdc, 0xbd, 0x64, 0xf7, 0xc7, 0xad, 0x0e, 0x78,
1352 0xe9, 0xcf, 0x94, 0xff, 0xdb, 0xa8, 0x9d, 0x03,
1353 0xe9, 0x7e, 0xad, 0xf6, 0xc4, 0xf7, 0xb8, 0x06,
1354 0xca, 0xf5, 0x2a, 0xa3, 0x8f, 0x09, 0xd0, 0xeb,
1355 0x71, 0xd7, 0x1f, 0x49, 0x7b, 0xcc, 0x69, 0x06,
1356 0xb4, 0x8d, 0x36, 0xc4,
1357
1358 };
1359 static unsigned char output[] = {
1360 0x26, 0xfa, 0xf6, 0x19, 0x08, 0xad, 0x9e, 0xe8,
1361 0x81, 0xb8, 0x30, 0x5c, 0x22, 0x1d, 0xb5, 0x3f,
1362 };
1363 unsigned char result[sizeof(output)] = { 0 };
1364
1365 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER, cipher, 0);
1366 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, mac, 0);
1367 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE, mode, 0);
1368 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, input_key,
1369 sizeof(input_key));
1370 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
1371 fixed_input, sizeof(fixed_input));
1372 *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_USE_L, &use_l);
1373 *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR,
1374 &use_separator);
1375 *p = OSSL_PARAM_construct_end();
1376
1377 kctx = get_kdfbyname("KBKDF");
1378 ret = TEST_ptr(kctx)
05cdec39 1379 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), params), 0)
4757a347
SL		 1380 && TEST_mem_eq(result, sizeof(result), output, sizeof(output));
1381
1382 EVP_KDF_CTX_free(kctx);
1383 return ret;
1384}
1385#endif /* OPENSSL_NO_CMAC */
1386
9537fe57
SL		 1387static int test_kdf_ss_hmac(void)
1388{
a3c62426 1389 int ret;
9537fe57 1390 EVP_KDF_CTX *kctx;
bf5739a0 1391 OSSL_PARAM params[6], *p = params;
8bbeaaa4 1392 unsigned char out[16];
bf5739a0 1393 static unsigned char z[] = {
9537fe57
SL		 1394 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
1395 };
bf5739a0 1396 static unsigned char other[] = {
9537fe57
SL		 1397 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
1398 };
bf5739a0 1399 static unsigned char salt[] = {
9537fe57
SL		 1400 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
1401 0x3f,0x89
1402 };
8bbeaaa4 1403 static const unsigned char expected[sizeof(out)] = {
9537fe57
SL		 1404 0x44,0xf6,0x76,0xe8,0x5c,0x1b,0x1a,0x8b,0xbc,0x3d,0x31,0x92,0x18,0x63,
1405 0x1c,0xa3
1406 };
9537fe57 1407
bf5739a0 1408 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
3262300a 1409 (char *)OSSL_MAC_NAME_HMAC, 0);
bf5739a0 1410 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
3262300a 1411 (char *)"sha256", 0);
bf5739a0
P		 1412 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
1413 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
1414 sizeof(other));
1415 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt,
1416 sizeof(salt));
1417 *p = OSSL_PARAM_construct_end();
1418
d2ba8123 1419 ret =
27e27cd7 1420 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
05cdec39 1421 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
d2ba8123 1422 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
9537fe57 1423
660c5344 1424 EVP_KDF_CTX_free(kctx);
a3c62426 1425 return ret;
9537fe57
SL		 1426}
1427
1428static int test_kdf_ss_kmac(void)
1429{
a3c62426 1430 int ret;
9537fe57 1431 EVP_KDF_CTX *kctx;
bf5739a0 1432 OSSL_PARAM params[6], *p = params;
9537fe57 1433 unsigned char out[64];
bf5739a0
P		 1434 size_t mac_size = 20;
1435 static unsigned char z[] = {
9537fe57
SL		 1436 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
1437 };
bf5739a0 1438 static unsigned char other[] = {
9537fe57
SL		 1439 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
1440 };
bf5739a0 1441 static unsigned char salt[] = {
9537fe57
SL		 1442 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
1443 0x3f,0x89
1444 };
8bbeaaa4 1445 static const unsigned char expected[sizeof(out)] = {
9537fe57
SL		 1446 0xe9,0xc1,0x84,0x53,0xa0,0x62,0xb5,0x3b,0xdb,0xfc,0xbb,0x5a,0x34,0xbd,
1447 0xb8,0xe5,0xe7,0x07,0xee,0xbb,0x5d,0xd1,0x34,0x42,0x43,0xd8,0xcf,0xc2,
1448 0xc2,0xe6,0x33,0x2f,0x91,0xbd,0xa5,0x86,0xf3,0x7d,0xe4,0x8a,0x65,0xd4,
1449 0xc5,0x14,0xfd,0xef,0xaa,0x1e,0x67,0x54,0xf3,0x73,0xd2,0x38,0xe1,0x95,
1450 0xae,0x15,0x7e,0x1d,0xe8,0x14,0x98,0x03
1451 };
1452
bf5739a0 1453 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
3262300a 1454 (char *)OSSL_MAC_NAME_KMAC128, 0);
bf5739a0
P		 1455 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
1456 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
1457 sizeof(other));
1458 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt,
1459 sizeof(salt));
1460 *p++ = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_MAC_SIZE, &mac_size);
1461 *p = OSSL_PARAM_construct_end();
1462
d2ba8123 1463 ret =
27e27cd7 1464 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
05cdec39 1465 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
d2ba8123 1466 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
9537fe57 1467
660c5344 1468 EVP_KDF_CTX_free(kctx);
a3c62426 1469 return ret;
9537fe57
SL		 1470}
1471
87d9955e
SS		 1472static int test_kdf_sshkdf(void)
1473{
1474 int ret;
1475 EVP_KDF_CTX *kctx;
bf5739a0 1476 OSSL_PARAM params[6], *p = params;
a8eb71ad 1477 char kdftype = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV;
87d9955e
SS		 1478 unsigned char out[8];
1479 /* Test data from NIST CAVS 14.1 test vectors */
bf5739a0 1480 static unsigned char key[] = {
87d9955e
SS		 1481 0x00, 0x00, 0x00, 0x81, 0x00, 0x87, 0x5c, 0x55, 0x1c, 0xef, 0x52, 0x6a,
1482 0x4a, 0x8b, 0xe1, 0xa7, 0xdf, 0x27, 0xe9, 0xed, 0x35, 0x4b, 0xac, 0x9a,
1483 0xfb, 0x71, 0xf5, 0x3d, 0xba, 0xe9, 0x05, 0x67, 0x9d, 0x14, 0xf9, 0xfa,
1484 0xf2, 0x46, 0x9c, 0x53, 0x45, 0x7c, 0xf8, 0x0a, 0x36, 0x6b, 0xe2, 0x78,
1485 0x96, 0x5b, 0xa6, 0x25, 0x52, 0x76, 0xca, 0x2d, 0x9f, 0x4a, 0x97, 0xd2,
1486 0x71, 0xf7, 0x1e, 0x50, 0xd8, 0xa9, 0xec, 0x46, 0x25, 0x3a, 0x6a, 0x90,
1487 0x6a, 0xc2, 0xc5, 0xe4, 0xf4, 0x8b, 0x27, 0xa6, 0x3c, 0xe0, 0x8d, 0x80,
1488 0x39, 0x0a, 0x49, 0x2a, 0xa4, 0x3b, 0xad, 0x9d, 0x88, 0x2c, 0xca, 0xc2,
1489 0x3d, 0xac, 0x88, 0xbc, 0xad, 0xa4, 0xb4, 0xd4, 0x26, 0xa3, 0x62, 0x08,
1490 0x3d, 0xab, 0x65, 0x69, 0xc5, 0x4c, 0x22, 0x4d, 0xd2, 0xd8, 0x76, 0x43,
1491 0xaa, 0x22, 0x76, 0x93, 0xe1, 0x41, 0xad, 0x16, 0x30, 0xce, 0x13, 0x14,
1492 0x4e
1493 };
bf5739a0 1494 static unsigned char xcghash[] = {
87d9955e
SS		 1495 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
1496 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
1497 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
1498 };
bf5739a0 1499 static unsigned char sessid[] = {
87d9955e
SS		 1500 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
1501 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
1502 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
1503 };
8bbeaaa4 1504 static const unsigned char expected[sizeof(out)] = {
87d9955e
SS		 1505 0x41, 0xff, 0x2e, 0xad, 0x16, 0x83, 0xf1, 0xe6
1506 };
1507
bf5739a0 1508 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
3262300a 1509 (char *)"sha256", 0);
bf5739a0
P		 1510 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key,
1511 sizeof(key));
1512 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_XCGHASH,
1513 xcghash, sizeof(xcghash));
1514 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_SESSION_ID,
1515 sessid, sizeof(sessid));
1516 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE,
a8eb71ad 1517 &kdftype, sizeof(kdftype));
bf5739a0
P		 1518 *p = OSSL_PARAM_construct_end();
1519
d2ba8123 1520 ret =
27e27cd7 1521 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSHKDF))
05cdec39 1522 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
d2ba8123 1523 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
87d9955e 1524
660c5344 1525 EVP_KDF_CTX_free(kctx);
87d9955e
SS		 1526 return ret;
1527}
1528
1287dabd 1529static int test_kdfs_same(EVP_KDF *kdf1, EVP_KDF *kdf2)
b5873b31
P		 1530{
1531 /* Fast path in case the two are the same algorithm pointer */
1532 if (kdf1 == kdf2)
1533 return 1;
1534 /*
1535 * Compare their names and providers instead.
1536 * This is necessary in a non-caching build (or a cache flush during fetch)
1537 * because without the algorithm in the cache, fetching it a second time
1538 * will result in a different pointer.
1539 */
ed576acd
TM		 1540 return TEST_ptr_eq(EVP_KDF_get0_provider(kdf1), EVP_KDF_get0_provider(kdf2))
1541 && TEST_str_eq(EVP_KDF_get0_name(kdf1), EVP_KDF_get0_name(kdf2));
b5873b31
P		 1542}
1543
d2ba8123
SL		 1544static int test_kdf_get_kdf(void)
1545{
ff756eed 1546 EVP_KDF *kdf1 = NULL, *kdf2 = NULL;
d2ba8123 1547 ASN1_OBJECT *obj;
ff756eed
RL		 1548 int ok = 1;
1549
1550 if (!TEST_ptr(obj = OBJ_nid2obj(NID_id_pbkdf2))
27e27cd7 1551 || !TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_PBKDF2, NULL))
ff756eed
RL		 1552 || !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(OBJ_obj2nid(obj)),
1553 NULL))
b5873b31 1554 || !test_kdfs_same(kdf1, kdf2))
ff756eed
RL		 1555 ok = 0;
1556 EVP_KDF_free(kdf1);
1557 kdf1 = NULL;
1558 EVP_KDF_free(kdf2);
1559 kdf2 = NULL;
1560
1561 if (!TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, SN_tls1_prf, NULL))
1562 || !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, LN_tls1_prf, NULL))
b5873b31 1563 || !test_kdfs_same(kdf1, kdf2))
ff756eed
RL		 1564 ok = 0;
1565 /* kdf1 is re-used below, so don't free it here */
1566 EVP_KDF_free(kdf2);
1567 kdf2 = NULL;
1568
1569 if (!TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(NID_tls1_prf), NULL))
b5873b31 1570 || !test_kdfs_same(kdf1, kdf2))
ff756eed
RL		 1571 ok = 0;
1572 EVP_KDF_free(kdf1);
1573 kdf1 = NULL;
1574 EVP_KDF_free(kdf2);
1575 kdf2 = NULL;
1576
1577 return ok;
d2ba8123
SL		 1578}
1579
e98a182e 1580#if !defined(OPENSSL_NO_CMS) && !defined(OPENSSL_NO_DES)
1aec7716
SL		 1581static int test_kdf_x942_asn1(void)
1582{
1583 int ret;
1584 EVP_KDF_CTX *kctx = NULL;
bf5739a0
P		 1585 OSSL_PARAM params[4], *p = params;
1586 const char *cek_alg = SN_id_smime_alg_CMS3DESwrap;
1aec7716
SL		 1587 unsigned char out[24];
1588 /* RFC2631 Section 2.1.6 Test data */
bf5739a0 1589 static unsigned char z[] = {
1aec7716
SL		 1590 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,
1591 0x0e,0x0f,0x10,0x11,0x12,0x13
1592 };
1593 static const unsigned char expected[sizeof(out)] = {
1594 0xa0,0x96,0x61,0x39,0x23,0x76,0xf7,0x04,
1595 0x4d,0x90,0x52,0xa3,0x97,0x88,0x32,0x46,
1596 0xb6,0x7f,0x5f,0x1e,0xf6,0x3e,0xb5,0xfb
1597 };
1598
bf5739a0 1599 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
1cae59d1 1600 (char *)"sha1", 0);
bf5739a0
P		 1601 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z,
1602 sizeof(z));
1603 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG,
1cae59d1 1604 (char *)cek_alg, 0);
bf5739a0
P		 1605 *p = OSSL_PARAM_construct_end();
1606
1aec7716 1607 ret =
89cccbea 1608 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X942KDF_ASN1))
05cdec39 1609 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
1aec7716
SL		 1610 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1611
660c5344 1612 EVP_KDF_CTX_free(kctx);
1aec7716
SL		 1613 return ret;
1614}
1615#endif /* OPENSSL_NO_CMS */
1616
33f54da3
SS		 1617static int test_kdf_krb5kdf(void)
1618{
1619 int ret;
1620 EVP_KDF_CTX *kctx;
1621 OSSL_PARAM params[4], *p = params;
1622 unsigned char out[16];
1623 static unsigned char key[] = {
1624 0x42, 0x26, 0x3C, 0x6E, 0x89, 0xF4, 0xFC, 0x28,
1625 0xB8, 0xDF, 0x68, 0xEE, 0x09, 0x79, 0x9F, 0x15
1626 };
1627 static unsigned char constant[] = {
1628 0x00, 0x00, 0x00, 0x02, 0x99
1629 };
1630 static const unsigned char expected[sizeof(out)] = {
1631 0x34, 0x28, 0x0A, 0x38, 0x2B, 0xC9, 0x27, 0x69,
1632 0xB2, 0xDA, 0x2F, 0x9E, 0xF0, 0x66, 0x85, 0x4B
1633 };
1634
1635 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER,
3262300a 1636 (char *)"AES-128-CBC", 0);
33f54da3
SS		 1637 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key,
1638 sizeof(key));
1639 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_CONSTANT,
1640 constant, sizeof(constant));
1641 *p = OSSL_PARAM_construct_end();
1642
1643 ret =
1644 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_KRB5KDF))
05cdec39 1645 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
33f54da3
SS		 1646 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1647
660c5344 1648 EVP_KDF_CTX_free(kctx);
33f54da3
SS		 1649 return ret;
1650}
1651
5a285add
DM		 1652int setup_tests(void)
1653{
189c4759 1654 ADD_TEST(test_kdf_pbkdf1);
726ad13c 1655#if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_CAMELLIA)
f6dead1b
RH		 1656 ADD_TEST(test_kdf_kbkdf_6803_128);
1657 ADD_TEST(test_kdf_kbkdf_6803_256);
726ad13c 1658#endif
1cae59d1
JS		 1659 ADD_TEST(test_kdf_kbkdf_invalid_digest);
1660 ADD_TEST(test_kdf_kbkdf_invalid_mac);
0e9a265e 1661 ADD_TEST(test_kdf_kbkdf_invalid_r);
1cae59d1
JS		 1662 ADD_TEST(test_kdf_kbkdf_zero_output_size);
1663 ADD_TEST(test_kdf_kbkdf_empty_key);
1664 ADD_TEST(test_kdf_kbkdf_1byte_key);
a39bc440
RH		 1665 ADD_TEST(test_kdf_kbkdf_8009_prf1);
1666 ADD_TEST(test_kdf_kbkdf_8009_prf2);
4757a347
SL		 1667#if !defined(OPENSSL_NO_CMAC)
1668 ADD_TEST(test_kdf_kbkdf_fixedinfo);
1669#endif
d2ba8123 1670 ADD_TEST(test_kdf_get_kdf);
5a285add 1671 ADD_TEST(test_kdf_tls1_prf);
1cae59d1
JS		 1672 ADD_TEST(test_kdf_tls1_prf_invalid_digest);
1673 ADD_TEST(test_kdf_tls1_prf_zero_output_size);
1674 ADD_TEST(test_kdf_tls1_prf_empty_secret);
1675 ADD_TEST(test_kdf_tls1_prf_1byte_secret);
1676 ADD_TEST(test_kdf_tls1_prf_empty_seed);
1677 ADD_TEST(test_kdf_tls1_prf_1byte_seed);
5a285add 1678 ADD_TEST(test_kdf_hkdf);
1cae59d1
JS		 1679 ADD_TEST(test_kdf_hkdf_invalid_digest);
1680 ADD_TEST(test_kdf_hkdf_zero_output_size);
1681 ADD_TEST(test_kdf_hkdf_empty_key);
1682 ADD_TEST(test_kdf_hkdf_1byte_key);
1683 ADD_TEST(test_kdf_hkdf_empty_salt);
9d300aa2
SL		 1684 ADD_TEST(test_kdf_hkdf_gettables);
1685 ADD_TEST(test_kdf_hkdf_gettables_expandonly);
1686 ADD_TEST(test_kdf_hkdf_gettables_no_digest);
1687 ADD_TEST(test_kdf_hkdf_derive_set_params_fail);
1688 ADD_TEST(test_kdf_hkdf_set_invalid_mode);
1689 ADD_TEST(test_kdf_hkdf_set_ctx_param_fail);
5a285add 1690 ADD_TEST(test_kdf_pbkdf2);
1cae59d1
JS		 1691 ADD_TEST(test_kdf_pbkdf2_small_output);
1692 ADD_TEST(test_kdf_pbkdf2_large_output);
1693 ADD_TEST(test_kdf_pbkdf2_small_salt);
1694 ADD_TEST(test_kdf_pbkdf2_small_iterations);
1695 ADD_TEST(test_kdf_pbkdf2_small_salt_pkcs5);
1696 ADD_TEST(test_kdf_pbkdf2_small_iterations_pkcs5);
1697 ADD_TEST(test_kdf_pbkdf2_invalid_digest);
5a285add
DM		 1698#ifndef OPENSSL_NO_SCRYPT
1699 ADD_TEST(test_kdf_scrypt);
1700#endif
9537fe57
SL		 1701 ADD_TEST(test_kdf_ss_hash);
1702 ADD_TEST(test_kdf_ss_hmac);
1703 ADD_TEST(test_kdf_ss_kmac);
87d9955e 1704 ADD_TEST(test_kdf_sshkdf);
8bbeaaa4 1705 ADD_TEST(test_kdf_x963);
e98a182e 1706#if !defined(OPENSSL_NO_CMS) && !defined(OPENSSL_NO_DES)
1aec7716
SL		 1707 ADD_TEST(test_kdf_x942_asn1);
1708#endif
33f54da3 1709 ADD_TEST(test_kdf_krb5kdf);
5a285add
DM		 1710 return 1;
1711}
A mirror of the official openssl repository