]>
Commit | Line | Data |
---|---|---|
5a285add DM |
1 | /* |
2 | * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved. | |
4 | * | |
5 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
6 | * this file except in compliance with the License. You can obtain a copy | |
7 | * in the file LICENSE in the source distribution or at | |
8 | * https://www.openssl.org/source/license.html | |
9 | */ | |
10 | ||
11 | /* Tests of the EVP_KDF_CTX APIs */ | |
12 | ||
13 | #include <stdio.h> | |
14 | #include <string.h> | |
15 | ||
16 | #include <openssl/evp.h> | |
17 | #include <openssl/kdf.h> | |
18 | #include "testutil.h" | |
19 | ||
20 | static int test_kdf_tls1_prf(void) | |
21 | { | |
a3c62426 | 22 | int ret; |
5a285add DM |
23 | EVP_KDF_CTX *kctx; |
24 | unsigned char out[16]; | |
a3c62426 SL |
25 | const unsigned char expected[sizeof(out)] = { |
26 | 0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0, | |
27 | 0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc | |
28 | }; | |
5a285add | 29 | |
a3c62426 SL |
30 | ret = TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_TLS1_PRF)) |
31 | && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()), | |
32 | 0) | |
33 | && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_TLS_SECRET, | |
34 | "secret", (size_t)6), 0) | |
35 | && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_TLS_SEED, "seed", | |
36 | (size_t)4), 0) | |
37 | && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) | |
38 | && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); | |
5a285add | 39 | |
5a285add DM |
40 | EVP_KDF_CTX_free(kctx); |
41 | return ret; | |
42 | } | |
43 | ||
44 | static int test_kdf_hkdf(void) | |
45 | { | |
a3c62426 | 46 | int ret; |
5a285add DM |
47 | EVP_KDF_CTX *kctx; |
48 | unsigned char out[10]; | |
a3c62426 SL |
49 | const unsigned char expected[sizeof(out)] = { |
50 | 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13 | |
51 | }; | |
5a285add | 52 | |
a3c62426 SL |
53 | ret = TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_HKDF)) |
54 | && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()), | |
55 | 0) | |
56 | && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", | |
57 | (size_t)4), 0) | |
58 | && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, "secret", | |
59 | (size_t)6), 0) | |
60 | && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_HKDF_INFO, | |
61 | "label", (size_t)5), 0) | |
62 | && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) | |
63 | && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); | |
5a285add | 64 | |
5a285add DM |
65 | EVP_KDF_CTX_free(kctx); |
66 | return ret; | |
67 | } | |
68 | ||
69 | static int test_kdf_pbkdf2(void) | |
70 | { | |
a3c62426 | 71 | int ret; |
5a285add DM |
72 | EVP_KDF_CTX *kctx; |
73 | unsigned char out[32]; | |
a3c62426 SL |
74 | const unsigned char expected[sizeof(out)] = { |
75 | 0xae, 0x4d, 0x0c, 0x95, 0xaf, 0x6b, 0x46, 0xd3, | |
76 | 0x2d, 0x0a, 0xdf, 0xf9, 0x28, 0xf0, 0x6d, 0xd0, | |
77 | 0x2a, 0x30, 0x3f, 0x8e, 0xf3, 0xc2, 0x51, 0xdf, | |
78 | 0xd6, 0xe2, 0xd8, 0x5a, 0x95, 0x47, 0x4c, 0x43 | |
79 | }; | |
5a285add | 80 | |
a3c62426 SL |
81 | ret = TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_PBKDF2)) |
82 | && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password", | |
83 | (size_t)8), 0) | |
84 | && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", | |
85 | (size_t)4), 0) | |
86 | && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 2), 0) | |
87 | && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()), | |
88 | 0) | |
89 | && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) | |
90 | && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); | |
5a285add | 91 | |
5a285add DM |
92 | EVP_KDF_CTX_free(kctx); |
93 | return ret; | |
94 | } | |
95 | ||
96 | #ifndef OPENSSL_NO_SCRYPT | |
97 | static int test_kdf_scrypt(void) | |
98 | { | |
a3c62426 | 99 | int ret; |
5a285add DM |
100 | EVP_KDF_CTX *kctx; |
101 | unsigned char out[64]; | |
a3c62426 SL |
102 | const unsigned char expected[sizeof(out)] = { |
103 | 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00, | |
104 | 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe, | |
105 | 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30, | |
106 | 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62, | |
107 | 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88, | |
108 | 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda, | |
109 | 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d, | |
110 | 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40 | |
111 | }; | |
5a285add | 112 | |
a3c62426 SL |
113 | ret = TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SCRYPT)) |
114 | && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password", | |
115 | (size_t)8), 0) | |
116 | && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "NaCl", | |
117 | (size_t)4), 0) | |
118 | && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_N, | |
119 | (uint64_t)1024), 0) | |
120 | && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_R, | |
121 | (uint32_t)8), 0) | |
122 | && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_P, | |
123 | (uint32_t)16), 0) | |
124 | && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAXMEM_BYTES, | |
125 | (uint64_t)16), 0) | |
126 | /* failure test */ | |
127 | && TEST_int_le(EVP_KDF_derive(kctx, out, sizeof(out)), 0) | |
128 | && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAXMEM_BYTES, | |
129 | (uint64_t)(10 * 1024 * 1024)), 0) | |
130 | && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) | |
131 | && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); | |
5a285add | 132 | |
5a285add DM |
133 | EVP_KDF_CTX_free(kctx); |
134 | return ret; | |
135 | } | |
a3c62426 | 136 | #endif /* OPENSSL_NO_SCRYPT */ |
5a285add | 137 | |
9537fe57 SL |
138 | static int test_kdf_ss_hash(void) |
139 | { | |
a3c62426 SL |
140 | int ret; |
141 | EVP_KDF_CTX *kctx = NULL; | |
9537fe57 SL |
142 | const unsigned char z[] = { |
143 | 0x6d,0xbd,0xc2,0x3f,0x04,0x54,0x88,0xe4,0x06,0x27,0x57,0xb0,0x6b,0x9e, | |
144 | 0xba,0xe1,0x83,0xfc,0x5a,0x59,0x46,0xd8,0x0d,0xb9,0x3f,0xec,0x6f,0x62, | |
145 | 0xec,0x07,0xe3,0x72,0x7f,0x01,0x26,0xae,0xd1,0x2c,0xe4,0xb2,0x62,0xf4, | |
146 | 0x7d,0x48,0xd5,0x42,0x87,0xf8,0x1d,0x47,0x4c,0x7c,0x3b,0x18,0x50,0xe9 | |
147 | }; | |
148 | const unsigned char other[] = { | |
149 | 0xa1,0xb2,0xc3,0xd4,0xe5,0x43,0x41,0x56,0x53,0x69,0x64,0x3c,0x83,0x2e, | |
150 | 0x98,0x49,0xdc,0xdb,0xa7,0x1e,0x9a,0x31,0x39,0xe6,0x06,0xe0,0x95,0xde, | |
151 | 0x3c,0x26,0x4a,0x66,0xe9,0x8a,0x16,0x58,0x54,0xcd,0x07,0x98,0x9b,0x1e, | |
152 | 0xe0,0xec,0x3f,0x8d,0xbe | |
153 | }; | |
154 | const unsigned char expected[] = { | |
155 | 0xa4,0x62,0xde,0x16,0xa8,0x9d,0xe8,0x46,0x6e,0xf5,0x46,0x0b,0x47,0xb8 | |
156 | }; | |
157 | unsigned char out[14]; | |
158 | ||
a3c62426 SL |
159 | ret = TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS)) |
160 | && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha224()), | |
161 | 0) | |
162 | && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z, sizeof(z)), | |
163 | 0) | |
164 | && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, other, | |
165 | sizeof(other)), 0) | |
166 | && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) | |
167 | && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); | |
9537fe57 SL |
168 | |
169 | EVP_KDF_CTX_free(kctx); | |
a3c62426 | 170 | return ret; |
9537fe57 SL |
171 | } |
172 | ||
173 | static int test_kdf_ss_hmac(void) | |
174 | { | |
a3c62426 | 175 | int ret; |
9537fe57 SL |
176 | EVP_KDF_CTX *kctx; |
177 | const EVP_MAC *mac; | |
178 | ||
179 | const unsigned char z[] = { | |
180 | 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4 | |
181 | }; | |
182 | const unsigned char other[] = { | |
183 | 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc | |
184 | }; | |
185 | const unsigned char salt[] = { | |
186 | 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef, | |
187 | 0x3f,0x89 | |
188 | }; | |
189 | const unsigned char expected[] = { | |
190 | 0x44,0xf6,0x76,0xe8,0x5c,0x1b,0x1a,0x8b,0xbc,0x3d,0x31,0x92,0x18,0x63, | |
191 | 0x1c,0xa3 | |
192 | }; | |
193 | unsigned char out[16]; | |
194 | ||
a3c62426 SL |
195 | ret = TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS)) |
196 | && TEST_ptr(mac = EVP_get_macbyname("HMAC")) | |
197 | && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC, mac), 0) | |
198 | && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()), | |
199 | 0) | |
200 | && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z, sizeof(z)), | |
201 | 0) | |
202 | && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, other, | |
203 | sizeof(other)), 0) | |
204 | && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, salt, | |
205 | sizeof(salt)), 0) | |
206 | && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) | |
207 | && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); | |
9537fe57 SL |
208 | |
209 | EVP_KDF_CTX_free(kctx); | |
a3c62426 | 210 | return ret; |
9537fe57 SL |
211 | } |
212 | ||
213 | static int test_kdf_ss_kmac(void) | |
214 | { | |
a3c62426 | 215 | int ret; |
9537fe57 SL |
216 | EVP_KDF_CTX *kctx; |
217 | unsigned char out[64]; | |
218 | const EVP_MAC *mac; | |
219 | ||
220 | const unsigned char z[] = { | |
221 | 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4 | |
222 | }; | |
223 | const unsigned char other[] = { | |
224 | 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc | |
225 | }; | |
226 | const unsigned char salt[] = { | |
227 | 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef, | |
228 | 0x3f,0x89 | |
229 | }; | |
230 | const unsigned char expected[] = { | |
231 | 0xe9,0xc1,0x84,0x53,0xa0,0x62,0xb5,0x3b,0xdb,0xfc,0xbb,0x5a,0x34,0xbd, | |
232 | 0xb8,0xe5,0xe7,0x07,0xee,0xbb,0x5d,0xd1,0x34,0x42,0x43,0xd8,0xcf,0xc2, | |
233 | 0xc2,0xe6,0x33,0x2f,0x91,0xbd,0xa5,0x86,0xf3,0x7d,0xe4,0x8a,0x65,0xd4, | |
234 | 0xc5,0x14,0xfd,0xef,0xaa,0x1e,0x67,0x54,0xf3,0x73,0xd2,0x38,0xe1,0x95, | |
235 | 0xae,0x15,0x7e,0x1d,0xe8,0x14,0x98,0x03 | |
236 | }; | |
237 | ||
a3c62426 SL |
238 | ret = TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS)) |
239 | && TEST_ptr(mac = EVP_get_macbyname("KMAC128")) | |
240 | && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC, mac), 0) | |
241 | && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z, | |
242 | sizeof(z)), 0) | |
243 | && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, other, | |
244 | sizeof(other)), 0) | |
245 | && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, salt, | |
246 | sizeof(salt)), 0) | |
247 | && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC_SIZE, | |
248 | (size_t)20), 0) | |
249 | && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) | |
250 | && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); | |
9537fe57 SL |
251 | |
252 | EVP_KDF_CTX_free(kctx); | |
a3c62426 | 253 | return ret; |
9537fe57 SL |
254 | } |
255 | ||
5a285add DM |
256 | int setup_tests(void) |
257 | { | |
258 | ADD_TEST(test_kdf_tls1_prf); | |
259 | ADD_TEST(test_kdf_hkdf); | |
260 | ADD_TEST(test_kdf_pbkdf2); | |
261 | #ifndef OPENSSL_NO_SCRYPT | |
262 | ADD_TEST(test_kdf_scrypt); | |
263 | #endif | |
9537fe57 SL |
264 | ADD_TEST(test_kdf_ss_hash); |
265 | ADD_TEST(test_kdf_ss_hmac); | |
266 | ADD_TEST(test_kdf_ss_kmac); | |
5a285add DM |
267 | return 1; |
268 | } |