]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/dhkem_test.inc
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fix various typos, repeated words, align some spelling to LDP.
[thirdparty/openssl.git] / test / dhkem_test.inc
1 /*
2 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 typedef struct {
11 const char *curvename;
12 /* seed */
13 const unsigned char *ikm;
14 size_t ikmlen;
15 /* expected public key */
16 const unsigned char *pub;
17 size_t publen;
18 /* expected private key */
19 const unsigned char *priv;
20 size_t privlen;
21 } TEST_DERIVEKEY_DATA;
22
23 typedef struct {
24 const char *curve;
25 /* The seed for the senders ephemeral key */
26 const unsigned char *ikmE;
27 size_t ikmElen;
28 /* Recipient key */
29 const unsigned char *rpub;
30 size_t rpublen;
31 const unsigned char *rpriv;
32 size_t rprivlen;
33 /* The senders generated ephemeral public key */
34 const unsigned char *expected_enc;
35 size_t expected_enclen;
36 /* The generated shared secret */
37 const unsigned char *expected_secret;
38 size_t expected_secretlen;
39 /* Senders Auth key */
40 const unsigned char *spub;
41 size_t spublen;
42 const unsigned char *spriv;
43 size_t sprivlen;
44 } TEST_ENCAPDATA;
45
46 static const char *dhkem_supported_curves[] = {
47 "P-256",
48 "P-384",
49 "P-521",
50 "X25519",
51 "X448"
52 };
53
54 /* TEST vectors extracted from RFC 9180 */
55
56 /* Base test values */
57 static const unsigned char x25519_ikme[] = {
58 0x72, 0x68, 0x60, 0x0d, 0x40, 0x3f, 0xce, 0x43,
59 0x15, 0x61, 0xae, 0xf5, 0x83, 0xee, 0x16, 0x13,
60 0x52, 0x7c, 0xff, 0x65, 0x5c, 0x13, 0x43, 0xf2,
61 0x98, 0x12, 0xe6, 0x67, 0x06, 0xdf, 0x32, 0x34
62 };
63 static const unsigned char x25519_ikme_priv[] = {
64 0x52, 0xc4, 0xa7, 0x58, 0xa8, 0x02, 0xcd, 0x8b,
65 0x93, 0x6e, 0xce, 0xea, 0x31, 0x44, 0x32, 0x79,
66 0x8d, 0x5b, 0xaf, 0x2d, 0x7e, 0x92, 0x35, 0xdc,
67 0x08, 0x4a, 0xb1, 0xb9, 0xcf, 0xa2, 0xf7, 0x36
68 };
69 static const unsigned char x25519_ikme_pub[] = {
70 0x37, 0xfd, 0xa3, 0x56, 0x7b, 0xdb, 0xd6, 0x28,
71 0xe8, 0x86, 0x68, 0xc3, 0xc8, 0xd7, 0xe9, 0x7d,
72 0x1d, 0x12, 0x53, 0xb6, 0xd4, 0xea, 0x6d, 0x44,
73 0xc1, 0x50, 0xf7, 0x41, 0xf1, 0xbf, 0x44, 0x31
74 };
75 static const unsigned char x25519_rpub[] = {
76 0x39, 0x48, 0xcf, 0xe0, 0xad, 0x1d, 0xdb, 0x69,
77 0x5d, 0x78, 0x0e, 0x59, 0x07, 0x71, 0x95, 0xda,
78 0x6c, 0x56, 0x50, 0x6b, 0x02, 0x73, 0x29, 0x79,
79 0x4a, 0xb0, 0x2b, 0xca, 0x80, 0x81, 0x5c, 0x4d
80 };
81 static const unsigned char x25519_rpriv[] = {
82 0x46, 0x12, 0xc5, 0x50, 0x26, 0x3f, 0xc8, 0xad,
83 0x58, 0x37, 0x5d, 0xf3, 0xf5, 0x57, 0xaa, 0xc5,
84 0x31, 0xd2, 0x68, 0x50, 0x90, 0x3e, 0x55, 0xa9,
85 0xf2, 0x3f, 0x21, 0xd8, 0x53, 0x4e, 0x8a, 0xc8
86 };
87 static const unsigned char x25519_expected_enc[] = {
88 0x37, 0xfd, 0xa3, 0x56, 0x7b, 0xdb, 0xd6, 0x28,
89 0xe8, 0x86, 0x68, 0xc3, 0xc8, 0xd7, 0xe9, 0x7d,
90 0x1d, 0x12, 0x53, 0xb6, 0xd4, 0xea, 0x6d, 0x44,
91 0xc1, 0x50, 0xf7, 0x41, 0xf1, 0xbf, 0x44, 0x31
92 };
93 static const unsigned char x25519_expected_secret[] = {
94 0xfe, 0x0e, 0x18, 0xc9, 0xf0, 0x24, 0xce, 0x43,
95 0x79, 0x9a, 0xe3, 0x93, 0xc7, 0xe8, 0xfe, 0x8f,
96 0xce, 0x9d, 0x21, 0x88, 0x75, 0xe8, 0x22, 0x7b,
97 0x01, 0x87, 0xc0, 0x4e, 0x7d, 0x2e, 0xa1, 0xfc
98 };
99
100 static const unsigned char x25519_auth_ikme[] = {
101 0x6e, 0x6d, 0x8f, 0x20, 0x0e, 0xa2, 0xfb, 0x20,
102 0xc3, 0x0b, 0x00, 0x3a, 0x8b, 0x4f, 0x43, 0x3d,
103 0x2f, 0x4e, 0xd4, 0xc2, 0x65, 0x8d, 0x5b, 0xc8,
104 0xce, 0x2f, 0xef, 0x71, 0x80, 0x59, 0xc9, 0xf7
105 };
106 static const unsigned char x25519_auth_rpub[] = {
107 0x16, 0x32, 0xd5, 0xc2, 0xf7, 0x1c, 0x2b, 0x38,
108 0xd0, 0xa8, 0xfc, 0xc3, 0x59, 0x35, 0x52, 0x00,
109 0xca, 0xa8, 0xb1, 0xff, 0xdf, 0x28, 0x61, 0x80,
110 0x80, 0x46, 0x6c, 0x90, 0x9c, 0xb6, 0x9b, 0x2e
111 };
112 static const unsigned char x25519_auth_rpriv[] = {
113 0xfd, 0xea, 0x67, 0xcf, 0x83, 0x1f, 0x1c, 0xa9,
114 0x8d, 0x8e, 0x27, 0xb1, 0xf6, 0xab, 0xeb, 0x5b,
115 0x77, 0x45, 0xe9, 0xd3, 0x53, 0x48, 0xb8, 0x0f,
116 0xa4, 0x07, 0xff, 0x69, 0x58, 0xf9, 0x13, 0x7e
117 };
118 static const unsigned char x25519_auth_spub[] = {
119 0x8b, 0x0c, 0x70, 0x87, 0x3d, 0xc5, 0xae, 0xcb,
120 0x7f, 0x9e, 0xe4, 0xe6, 0x24, 0x06, 0xa3, 0x97,
121 0xb3, 0x50, 0xe5, 0x70, 0x12, 0xbe, 0x45, 0xcf,
122 0x53, 0xb7, 0x10, 0x5a, 0xe7, 0x31, 0x79, 0x0b
123 };
124 static const unsigned char x25519_auth_spriv[] = {
125 0xdc, 0x4a, 0x14, 0x63, 0x13, 0xcc, 0xe6, 0x0a,
126 0x27, 0x8a, 0x53, 0x23, 0xd3, 0x21, 0xf0, 0x51,
127 0xc5, 0x70, 0x7e, 0x9c, 0x45, 0xba, 0x21, 0xa3,
128 0x47, 0x9f, 0xec, 0xdf, 0x76, 0xfc, 0x69, 0xdd
129 };
130 static const unsigned char x25519_auth_expected_enc[] = {
131 0x23, 0xfb, 0x95, 0x25, 0x71, 0xa1, 0x4a, 0x25,
132 0xe3, 0xd6, 0x78, 0x14, 0x0c, 0xd0, 0xe5, 0xeb,
133 0x47, 0xa0, 0x96, 0x1b, 0xb1, 0x8a, 0xfc, 0xf8,
134 0x58, 0x96, 0xe5, 0x45, 0x3c, 0x31, 0x2e, 0x76
135 };
136 static const unsigned char x25519_auth_expected_secret[] = {
137 0x2d, 0x6d, 0xb4, 0xcf, 0x71, 0x9d, 0xc7, 0x29,
138 0x3f, 0xcb, 0xf3, 0xfa, 0x64, 0x69, 0x07, 0x08,
139 0xe4, 0x4e, 0x2b, 0xeb, 0xc8, 0x1f, 0x84, 0x60,
140 0x86, 0x77, 0x95, 0x8c, 0x0d, 0x44, 0x48, 0xa7
141 };
142
143 static const unsigned char p256_ikme[] = {
144 0x42, 0x70, 0xe5, 0x4f, 0xfd, 0x08, 0xd7, 0x9d,
145 0x59, 0x28, 0x02, 0x0a, 0xf4, 0x68, 0x6d, 0x8f,
146 0x6b, 0x7d, 0x35, 0xdb, 0xe4, 0x70, 0x26, 0x5f,
147 0x1f, 0x5a, 0xa2, 0x28, 0x16, 0xce, 0x86, 0x0e
148 };
149
150 static const unsigned char p256_ikme_pub[] = {
151 0x04, 0xa9, 0x27, 0x19, 0xc6, 0x19, 0x5d, 0x50,
152 0x85, 0x10, 0x4f, 0x46, 0x9a, 0x8b, 0x98, 0x14,
153 0xd5, 0x83, 0x8f, 0xf7, 0x2b, 0x60, 0x50, 0x1e,
154 0x2c, 0x44, 0x66, 0xe5, 0xe6, 0x7b, 0x32, 0x5a,
155 0xc9, 0x85, 0x36, 0xd7, 0xb6, 0x1a, 0x1a, 0xf4,
156 0xb7, 0x8e, 0x5b, 0x7f, 0x95, 0x1c, 0x09, 0x00,
157 0xbe, 0x86, 0x3c, 0x40, 0x3c, 0xe6, 0x5c, 0x9b,
158 0xfc, 0xb9, 0x38, 0x26, 0x57, 0x22, 0x2d, 0x18,
159 0xc4
160 };
161 static const unsigned char p256_ikme_priv[] = {
162 0x49, 0x95, 0x78, 0x8e, 0xf4, 0xb9, 0xd6, 0x13,
163 0x2b, 0x24, 0x9c, 0xe5, 0x9a, 0x77, 0x28, 0x14,
164 0x93, 0xeb, 0x39, 0xaf, 0x37, 0x3d, 0x23, 0x6a,
165 0x1f, 0xe4, 0x15, 0xcb, 0x0c, 0x2d, 0x7b, 0xeb
166 };
167
168 static const unsigned char p256_ikmr[] = {
169 0x66, 0x8b, 0x37, 0x17, 0x1f, 0x10, 0x72, 0xf3,
170 0xcf, 0x12, 0xea, 0x8a, 0x23, 0x6a, 0x45, 0xdf,
171 0x23, 0xfc, 0x13, 0xb8, 0x2a, 0xf3, 0x60, 0x9a,
172 0xd1, 0xe3, 0x54, 0xf6, 0xef, 0x81, 0x75, 0x50
173 };
174
175 static const unsigned char p256_ikmr_pub[] = {
176 0x04, 0xfe, 0x8c, 0x19, 0xce, 0x09, 0x05, 0x19,
177 0x1e, 0xbc, 0x29, 0x8a, 0x92, 0x45, 0x79, 0x25,
178 0x31, 0xf2, 0x6f, 0x0c, 0xec, 0xe2, 0x46, 0x06,
179 0x39, 0xe8, 0xbc, 0x39, 0xcb, 0x7f, 0x70, 0x6a,
180 0x82, 0x6a, 0x77, 0x9b, 0x4c, 0xf9, 0x69, 0xb8,
181 0xa0, 0xe5, 0x39, 0xc7, 0xf6, 0x2f, 0xb3, 0xd3,
182 0x0a, 0xd6, 0xaa, 0x8f, 0x80, 0xe3, 0x0f, 0x1d,
183 0x12, 0x8a, 0xaf, 0xd6, 0x8a, 0x2c, 0xe7, 0x2e,
184 0xa0
185 };
186
187 static const unsigned char p256_ikmr_priv[] = {
188 0xf3, 0xce, 0x7f, 0xda, 0xe5, 0x7e, 0x1a, 0x31,
189 0x0d, 0x87, 0xf1, 0xeb, 0xbd, 0xe6, 0xf3, 0x28,
190 0xbe, 0x0a, 0x99, 0xcd, 0xbc, 0xad, 0xf4, 0xd6,
191 0x58, 0x9c, 0xf2, 0x9d, 0xe4, 0xb8, 0xff, 0xd2
192 };
193
194 static const unsigned char p256_expected_enc[] = {
195 0x04, 0xa9, 0x27, 0x19, 0xc6, 0x19, 0x5d, 0x50,
196 0x85, 0x10, 0x4f, 0x46, 0x9a, 0x8b, 0x98, 0x14,
197 0xd5, 0x83, 0x8f, 0xf7, 0x2b, 0x60, 0x50, 0x1e,
198 0x2c, 0x44, 0x66, 0xe5, 0xe6, 0x7b, 0x32, 0x5a,
199 0xc9, 0x85, 0x36, 0xd7, 0xb6, 0x1a, 0x1a, 0xf4,
200 0xb7, 0x8e, 0x5b, 0x7f, 0x95, 0x1c, 0x09, 0x00,
201 0xbe, 0x86, 0x3c, 0x40, 0x3c, 0xe6, 0x5c, 0x9b,
202 0xfc, 0xb9, 0x38, 0x26, 0x57, 0x22, 0x2d, 0x18,
203 0xc4
204 };
205 static const unsigned char p256_expected_secret[] = {
206 0xc0, 0xd2, 0x6a, 0xea, 0xb5, 0x36, 0x60, 0x9a,
207 0x57, 0x2b, 0x07, 0x69, 0x5d, 0x93, 0x3b, 0x58,
208 0x9d, 0xcf, 0x36, 0x3f, 0xf9, 0xd9, 0x3c, 0x93,
209 0xad, 0xea, 0x53, 0x7a, 0xea, 0xbb, 0x8c, 0xb8
210 };
211
212 static const unsigned char p521_ikme[] = {
213 0x7f, 0x06, 0xab, 0x82, 0x15, 0x10, 0x5f, 0xc4,
214 0x6a, 0xce, 0xeb, 0x2e, 0x3d, 0xc5, 0x02, 0x8b,
215 0x44, 0x36, 0x4f, 0x96, 0x04, 0x26, 0xeb, 0x0d,
216 0x8e, 0x40, 0x26, 0xc2, 0xf8, 0xb5, 0xd7, 0xe7,
217 0xa9, 0x86, 0x68, 0x8f, 0x15, 0x91, 0xab, 0xf5,
218 0xab, 0x75, 0x3c, 0x35, 0x7a, 0x5d, 0x6f, 0x04,
219 0x40, 0x41, 0x4b, 0x4e, 0xd4, 0xed, 0xe7, 0x13,
220 0x17, 0x77, 0x2a, 0xc9, 0x8d, 0x92, 0x39, 0xf7,
221 0x09, 0x04
222 };
223
224 static const unsigned char p521_ikme_pub[] = {
225 0x04, 0x01, 0x38, 0xb3, 0x85, 0xca, 0x16, 0xbb,
226 0x0d, 0x5f, 0xa0, 0xc0, 0x66, 0x5f, 0xbb, 0xd7,
227 0xe6, 0x9e, 0x3e, 0xe2, 0x9f, 0x63, 0x99, 0x1d,
228 0x3e, 0x9b, 0x5f, 0xa7, 0x40, 0xaa, 0xb8, 0x90,
229 0x0a, 0xae, 0xed, 0x46, 0xed, 0x73, 0xa4, 0x90,
230 0x55, 0x75, 0x84, 0x25, 0xa0, 0xce, 0x36, 0x50,
231 0x7c, 0x54, 0xb2, 0x9c, 0xc5, 0xb8, 0x5a, 0x5c,
232 0xee, 0x6b, 0xae, 0x0c, 0xf1, 0xc2, 0x1f, 0x27,
233 0x31, 0xec, 0xe2, 0x01, 0x3d, 0xc3, 0xfb, 0x7c,
234 0x8d, 0x21, 0x65, 0x4b, 0xb1, 0x61, 0xb4, 0x63,
235 0x96, 0x2c, 0xa1, 0x9e, 0x8c, 0x65, 0x4f, 0xf2,
236 0x4c, 0x94, 0xdd, 0x28, 0x98, 0xde, 0x12, 0x05,
237 0x1f, 0x1e, 0xd0, 0x69, 0x22, 0x37, 0xfb, 0x02,
238 0xb2, 0xf8, 0xd1, 0xdc, 0x1c, 0x73, 0xe9, 0xb3,
239 0x66, 0xb5, 0x29, 0xeb, 0x43, 0x6e, 0x98, 0xa9,
240 0x96, 0xee, 0x52, 0x2a, 0xef, 0x86, 0x3d, 0xd5,
241 0x73, 0x9d, 0x2f, 0x29, 0xb0
242 };
243
244 static const unsigned char p521_ikme_priv[] = {
245 0x01, 0x47, 0x84, 0xc6, 0x92, 0xda, 0x35, 0xdf,
246 0x6e, 0xcd, 0xe9, 0x8e, 0xe4, 0x3a, 0xc4, 0x25,
247 0xdb, 0xdd, 0x09, 0x69, 0xc0, 0xc7, 0x2b, 0x42,
248 0xf2, 0xe7, 0x08, 0xab, 0x9d, 0x53, 0x54, 0x15,
249 0xa8, 0x56, 0x9b, 0xda, 0xcf, 0xcc, 0x0a, 0x11,
250 0x4c, 0x85, 0xb8, 0xe3, 0xf2, 0x6a, 0xcf, 0x4d,
251 0x68, 0x11, 0x5f, 0x8c, 0x91, 0xa6, 0x61, 0x78,
252 0xcd, 0xbd, 0x03, 0xb7, 0xbc, 0xc5, 0x29, 0x1e,
253 0x37, 0x4b
254 };
255
256 static const unsigned char p521_ikmr_pub[] = {
257 0x04, 0x01, 0xb4, 0x54, 0x98, 0xc1, 0x71, 0x4e,
258 0x2d, 0xce, 0x16, 0x7d, 0x3c, 0xaf, 0x16, 0x2e,
259 0x45, 0xe0, 0x64, 0x2a, 0xfc, 0x7e, 0xd4, 0x35,
260 0xdf, 0x79, 0x02, 0xcc, 0xae, 0x0e, 0x84, 0xba,
261 0x0f, 0x7d, 0x37, 0x3f, 0x64, 0x6b, 0x77, 0x38,
262 0xbb, 0xbd, 0xca, 0x11, 0xed, 0x91, 0xbd, 0xea,
263 0xe3, 0xcd, 0xcb, 0xa3, 0x30, 0x1f, 0x24, 0x57,
264 0xbe, 0x45, 0x2f, 0x27, 0x1f, 0xa6, 0x83, 0x75,
265 0x80, 0xe6, 0x61, 0x01, 0x2a, 0xf4, 0x95, 0x83,
266 0xa6, 0x2e, 0x48, 0xd4, 0x4b, 0xed, 0x35, 0x0c,
267 0x71, 0x18, 0xc0, 0xd8, 0xdc, 0x86, 0x1c, 0x23,
268 0x8c, 0x72, 0xa2, 0xbd, 0xa1, 0x7f, 0x64, 0x70,
269 0x4f, 0x46, 0x4b, 0x57, 0x33, 0x8e, 0x7f, 0x40,
270 0xb6, 0x09, 0x59, 0x48, 0x0c, 0x0e, 0x58, 0xe6,
271 0x55, 0x9b, 0x19, 0x0d, 0x81, 0x66, 0x3e, 0xd8,
272 0x16, 0xe5, 0x23, 0xb6, 0xb6, 0xa4, 0x18, 0xf6,
273 0x6d, 0x24, 0x51, 0xec, 0x64
274 };
275 static const unsigned char p521_ikmr_priv[] = {
276 0x01, 0x46, 0x26, 0x80, 0x36, 0x9a, 0xe3, 0x75,
277 0xe4, 0xb3, 0x79, 0x10, 0x70, 0xa7, 0x45, 0x8e,
278 0xd5, 0x27, 0x84, 0x2f, 0x6a, 0x98, 0xa7, 0x9f,
279 0xf5, 0xe0, 0xd4, 0xcb, 0xde, 0x83, 0xc2, 0x71,
280 0x96, 0xa3, 0x91, 0x69, 0x56, 0x65, 0x55, 0x23,
281 0xa6, 0xa2, 0x55, 0x6a, 0x7a, 0xf6, 0x2c, 0x5c,
282 0xad, 0xab, 0xe2, 0xef, 0x9d, 0xa3, 0x76, 0x0b,
283 0xb2, 0x1e, 0x00, 0x52, 0x02, 0xf7, 0xb2, 0x46,
284 0x28, 0x47
285 };
286
287 static const unsigned char p521_expected_enc[] = {
288 0x04, 0x01, 0x38, 0xb3, 0x85, 0xca, 0x16, 0xbb,
289 0x0d, 0x5f, 0xa0, 0xc0, 0x66, 0x5f, 0xbb, 0xd7,
290 0xe6, 0x9e, 0x3e, 0xe2, 0x9f, 0x63, 0x99, 0x1d,
291 0x3e, 0x9b, 0x5f, 0xa7, 0x40, 0xaa, 0xb8, 0x90,
292 0x0a, 0xae, 0xed, 0x46, 0xed, 0x73, 0xa4, 0x90,
293 0x55, 0x75, 0x84, 0x25, 0xa0, 0xce, 0x36, 0x50,
294 0x7c, 0x54, 0xb2, 0x9c, 0xc5, 0xb8, 0x5a, 0x5c,
295 0xee, 0x6b, 0xae, 0x0c, 0xf1, 0xc2, 0x1f, 0x27,
296 0x31, 0xec, 0xe2, 0x01, 0x3d, 0xc3, 0xfb, 0x7c,
297 0x8d, 0x21, 0x65, 0x4b, 0xb1, 0x61, 0xb4, 0x63,
298 0x96, 0x2c, 0xa1, 0x9e, 0x8c, 0x65, 0x4f, 0xf2,
299 0x4c, 0x94, 0xdd, 0x28, 0x98, 0xde, 0x12, 0x05,
300 0x1f, 0x1e, 0xd0, 0x69, 0x22, 0x37, 0xfb, 0x02,
301 0xb2, 0xf8, 0xd1, 0xdc, 0x1c, 0x73, 0xe9, 0xb3,
302 0x66, 0xb5, 0x29, 0xeb, 0x43, 0x6e, 0x98, 0xa9,
303 0x96, 0xee, 0x52, 0x2a, 0xef, 0x86, 0x3d, 0xd5,
304 0x73, 0x9d, 0x2f, 0x29, 0xb0
305 };
306 static const unsigned char p521_expected_secret[] = {
307 0x77, 0x6a, 0xb4, 0x21, 0x30, 0x2f, 0x6e, 0xff,
308 0x7d, 0x7c, 0xb5, 0xcb, 0x1a, 0xda, 0xea, 0x0c,
309 0xd5, 0x08, 0x72, 0xc7, 0x1c, 0x2d, 0x63, 0xc3,
310 0x0c, 0x4f, 0x1d, 0x5e, 0x43, 0x65, 0x33, 0x36,
311 0xfe, 0xf3, 0x3b, 0x10, 0x3c, 0x67, 0xe7, 0xa9,
312 0x8a, 0xdd, 0x2d, 0x3b, 0x66, 0xe2, 0xfd, 0xa9,
313 0x5b, 0x5b, 0x2a, 0x66, 0x7a, 0xa9, 0xda, 0xc7,
314 0xe5, 0x9c, 0xc1, 0xd4, 0x6d, 0x30, 0xe8, 0x18
315 };
316
317 static const unsigned char p521_auth_ikme[] = {
318 0xfe, 0x1c, 0x58, 0x9c, 0x2a, 0x05, 0x89, 0x38,
319 0x95, 0xa5, 0x37, 0xf3, 0x8c, 0x7c, 0xb4, 0x30,
320 0x0b, 0x5a, 0x7e, 0x8f, 0xef, 0x3d, 0x6c, 0xcb,
321 0x8f, 0x07, 0xa4, 0x98, 0x02, 0x9c, 0x61, 0xe9,
322 0x02, 0x62, 0xe0, 0x09, 0xdc, 0x25, 0x4c, 0x7f,
323 0x62, 0x35, 0xf9, 0xc6, 0xb2, 0xfd, 0x6a, 0xef,
324 0xf0, 0xa7, 0x14, 0xdb, 0x13, 0x1b, 0x09, 0x25,
325 0x8c, 0x16, 0xe2, 0x17, 0xb7, 0xbd, 0x2a, 0xa6,
326 0x19, 0xb0
327 };
328
329 static const unsigned char p521_auth_ikmr_pub[] = {
330 0x04, 0x00, 0x7d, 0x41, 0x9b, 0x88, 0x34, 0xe7,
331 0x51, 0x3d, 0x0e, 0x7c, 0xc6, 0x64, 0x24, 0xa1,
332 0x36, 0xec, 0x5e, 0x11, 0x39, 0x5a, 0xb3, 0x53,
333 0xda, 0x32, 0x4e, 0x35, 0x86, 0x67, 0x3e, 0xe7,
334 0x3d, 0x53, 0xab, 0x34, 0xf3, 0x0a, 0x0b, 0x42,
335 0xa9, 0x2d, 0x05, 0x4d, 0x0d, 0xb3, 0x21, 0xb8,
336 0x0f, 0x62, 0x17, 0xe6, 0x55, 0xe3, 0x04, 0xf7,
337 0x27, 0x93, 0x76, 0x7c, 0x42, 0x31, 0x78, 0x5c,
338 0x4a, 0x4a, 0x6e, 0x00, 0x8f, 0x31, 0xb9, 0x3b,
339 0x7a, 0x4f, 0x2b, 0x8c, 0xd1, 0x2e, 0x5f, 0xe5,
340 0xa0, 0x52, 0x3d, 0xc7, 0x13, 0x53, 0xc6, 0x6c,
341 0xbd, 0xad, 0x51, 0xc8, 0x6b, 0x9e, 0x0b, 0xdf,
342 0xcd, 0x9a, 0x45, 0x69, 0x8f, 0x2d, 0xab, 0x18,
343 0x09, 0xab, 0x1b, 0x0f, 0x88, 0xf5, 0x42, 0x27,
344 0x23, 0x2c, 0x85, 0x8a, 0xcc, 0xc4, 0x4d, 0x9a,
345 0x8d, 0x41, 0x77, 0x5a, 0xc0, 0x26, 0x34, 0x15,
346 0x64, 0xa2, 0xd7, 0x49, 0xf4
347 };
348
349 static const unsigned char p521_auth_ikmr_priv[] = {
350 0x01, 0x3e, 0xf3, 0x26, 0x94, 0x09, 0x98, 0x54,
351 0x4a, 0x89, 0x9e, 0x15, 0xe1, 0x72, 0x65, 0x48,
352 0xff, 0x43, 0xbb, 0xdb, 0x23, 0xa8, 0x58, 0x7a,
353 0xa3, 0xbe, 0xf9, 0xd1, 0xb8, 0x57, 0x33, 0x8d,
354 0x87, 0x28, 0x7d, 0xf5, 0x66, 0x70, 0x37, 0xb5,
355 0x19, 0xd6, 0xa1, 0x46, 0x61, 0xe9, 0x50, 0x3c,
356 0xfc, 0x95, 0xa1, 0x54, 0xd9, 0x35, 0x66, 0xd8,
357 0xc8, 0x4e, 0x95, 0xce, 0x93, 0xad, 0x05, 0x29,
358 0x3a, 0x0b
359 };
360
361 static const unsigned char p521_auth_ikms_pub[] = {
362 0x04, 0x01, 0x5c, 0xc3, 0x63, 0x66, 0x32, 0xea,
363 0x9a, 0x38, 0x79, 0xe4, 0x32, 0x40, 0xbe, 0xae,
364 0x5d, 0x15, 0xa4, 0x4f, 0xba, 0x81, 0x92, 0x82,
365 0xfa, 0xc2, 0x6a, 0x19, 0xc9, 0x89, 0xfa, 0xfd,
366 0xd0, 0xf3, 0x30, 0xb8, 0x52, 0x1d, 0xff, 0x7d,
367 0xc3, 0x93, 0x10, 0x1b, 0x01, 0x8c, 0x1e, 0x65,
368 0xb0, 0x7b, 0xe9, 0xf5, 0xfc, 0x9a, 0x28, 0xa1,
369 0xf4, 0x50, 0xd6, 0xa5, 0x41, 0xee, 0x0d, 0x76,
370 0x22, 0x11, 0x33, 0x00, 0x1e, 0x8f, 0x0f, 0x6a,
371 0x05, 0xab, 0x79, 0xf9, 0xb9, 0xbb, 0x9c, 0xcc,
372 0xe1, 0x42, 0xa4, 0x53, 0xd5, 0x9c, 0x5a, 0xbe,
373 0xbb, 0x56, 0x74, 0x83, 0x9d, 0x93, 0x5a, 0x3c,
374 0xa1, 0xa3, 0xfb, 0xc3, 0x28, 0x53, 0x9a, 0x60,
375 0xb3, 0xbc, 0x3c, 0x05, 0xfe, 0xd2, 0x28, 0x38,
376 0x58, 0x4a, 0x72, 0x6b, 0x9c, 0x17, 0x67, 0x96,
377 0xca, 0xd0, 0x16, 0x9b, 0xa4, 0x09, 0x33, 0x32,
378 0xcb, 0xd2, 0xdc, 0x3a, 0x9f
379 };
380
381 static const unsigned char p521_auth_ikms_priv[] = {
382 0x00, 0x10, 0x18, 0x58, 0x45, 0x99, 0x62, 0x5f,
383 0xf9, 0x95, 0x3b, 0x93, 0x05, 0x84, 0x98, 0x50,
384 0xd5, 0xe3, 0x4b, 0xd7, 0x89, 0xd4, 0xb8, 0x11,
385 0x01, 0x13, 0x96, 0x62, 0xfb, 0xea, 0x8b, 0x65,
386 0x08, 0xdd, 0xb9, 0xd0, 0x19, 0xb0, 0xd6, 0x92,
387 0xe7, 0x37, 0xf6, 0x6b, 0xea, 0xe3, 0xf1, 0xf7,
388 0x83, 0xe7, 0x44, 0x20, 0x2a, 0xaf, 0x6f, 0xea,
389 0x01, 0x50, 0x6c, 0x27, 0x28, 0x7e, 0x35, 0x9f,
390 0xe7, 0x76
391 };
392
393 static const unsigned char p521_auth_expected_enc[] = {
394 0x04, 0x01, 0x7d, 0xe1, 0x2e, 0xde, 0x7f, 0x72,
395 0xcb, 0x10, 0x1d, 0xab, 0x36, 0xa1, 0x11, 0x26,
396 0x5c, 0x97, 0xb3, 0x65, 0x48, 0x16, 0xdc, 0xd6,
397 0x18, 0x3f, 0x80, 0x9d, 0x4b, 0x3d, 0x11, 0x1f,
398 0xe7, 0x59, 0x49, 0x7f, 0x8a, 0xef, 0xdc, 0x5d,
399 0xbb, 0x40, 0xd3, 0xe6, 0xd2, 0x1d, 0xb1, 0x5b,
400 0xdc, 0x60, 0xf1, 0x5f, 0x2a, 0x42, 0x07, 0x61,
401 0xbc, 0xae, 0xef, 0x73, 0xb8, 0x91, 0xc2, 0xb1,
402 0x17, 0xe9, 0xcf, 0x01, 0xe2, 0x93, 0x20, 0xb7,
403 0x99, 0xbb, 0xc8, 0x6a, 0xfd, 0xc5, 0xea, 0x97,
404 0xd9, 0x41, 0xea, 0x1c, 0x5b, 0xd5, 0xeb, 0xee,
405 0xac, 0x7a, 0x78, 0x4b, 0x3b, 0xab, 0x52, 0x47,
406 0x46, 0xf3, 0xe6, 0x40, 0xec, 0x26, 0xee, 0x1b,
407 0xd9, 0x12, 0x55, 0xf9, 0x33, 0x0d, 0x97, 0x4f,
408 0x84, 0x50, 0x84, 0x63, 0x7e, 0xe0, 0xe6, 0xfe,
409 0x9f, 0x50, 0x5c, 0x5b, 0x87, 0xc8, 0x6a, 0x4e,
410 0x1a, 0x6c, 0x30, 0x96, 0xdd
411 };
412
413 static const unsigned char p521_auth_expected_secret[] = {
414 0x26, 0x64, 0x8f, 0xa2, 0xa2, 0xde, 0xb0, 0xbf,
415 0xc5, 0x63, 0x49, 0xa5, 0x90, 0xfd, 0x4c, 0xb7,
416 0x10, 0x8a, 0x51, 0x79, 0x7b, 0x63, 0x46, 0x94,
417 0xfc, 0x02, 0x06, 0x1e, 0x8d, 0x91, 0xb3, 0x57,
418 0x6a, 0xc7, 0x36, 0xa6, 0x8b, 0xf8, 0x48, 0xfe,
419 0x2a, 0x58, 0xdf, 0xb1, 0x95, 0x6d, 0x26, 0x6e,
420 0x68, 0x20, 0x9a, 0x4d, 0x63, 0x1e, 0x51, 0x3b,
421 0xad, 0xf8, 0xf4, 0xdc, 0xfc, 0x00, 0xf3, 0x0a
422 };
423
424 static const TEST_DERIVEKEY_DATA ec_derivekey_data[] = {
425 {
426 "P-256",
427 p256_ikme, sizeof(p256_ikme),
428 p256_ikme_pub, sizeof(p256_ikme_pub),
429 p256_ikme_priv, sizeof(p256_ikme_priv)
430 },
431 {
432 "P-256",
433 p256_ikmr, sizeof(p256_ikmr),
434 p256_ikmr_pub, sizeof(p256_ikmr_pub),
435 p256_ikmr_priv, sizeof(p256_ikmr_priv)
436 },
437 {
438 "P-521",
439 p521_ikme, sizeof(p521_ikme),
440 p521_ikme_pub, sizeof(p521_ikme_pub),
441 p521_ikme_priv, sizeof(p521_ikme_priv)
442 }
443 };
444
445 static const TEST_ENCAPDATA ec_encapdata[] = {
446 {
447 "P-256",
448 p256_ikme, sizeof(p256_ikme),
449 p256_ikmr_pub, sizeof(p256_ikmr_pub),
450 p256_ikmr_priv, sizeof(p256_ikmr_priv),
451 p256_expected_enc, sizeof(p256_expected_enc),
452 p256_expected_secret, sizeof(p256_expected_secret),
453 },
454 {
455 "X25519",
456 x25519_ikme, sizeof(x25519_ikme),
457 x25519_rpub, sizeof(x25519_rpub),
458 x25519_rpriv, sizeof(x25519_rpriv),
459 x25519_expected_enc, sizeof(x25519_expected_enc),
460 x25519_expected_secret, sizeof(x25519_expected_secret),
461 },
462 {
463 "P-521",
464 p521_ikme, sizeof(p521_ikme),
465 p521_ikmr_pub, sizeof(p521_ikmr_pub),
466 p521_ikmr_priv, sizeof(p521_ikmr_priv),
467 p521_expected_enc, sizeof(p521_expected_enc),
468 p521_expected_secret, sizeof(p521_expected_secret),
469 },
470 {
471 "P-521",
472 p521_auth_ikme, sizeof(p521_auth_ikme),
473 p521_auth_ikmr_pub, sizeof(p521_auth_ikmr_pub),
474 p521_auth_ikmr_priv, sizeof(p521_auth_ikmr_priv),
475 p521_auth_expected_enc, sizeof(p521_auth_expected_enc),
476 p521_auth_expected_secret, sizeof(p521_auth_expected_secret),
477 p521_auth_ikms_pub, sizeof(p521_auth_ikms_pub),
478 p521_auth_ikms_priv, sizeof(p521_auth_ikms_priv)
479 },
480 {
481 "X25519",
482 x25519_auth_ikme, sizeof(x25519_auth_ikme),
483 x25519_auth_rpub, sizeof(x25519_auth_rpub),
484 x25519_auth_rpriv, sizeof(x25519_auth_rpriv),
485 x25519_auth_expected_enc, sizeof(x25519_auth_expected_enc),
486 x25519_auth_expected_secret, sizeof(x25519_auth_expected_secret),
487 x25519_auth_spub, sizeof(x25519_auth_spub),
488 x25519_auth_spriv, sizeof(x25519_auth_spriv)
489 }
490 };
491
492 /* Test vector from https://github.com/cfrg/draft-irtf-cfrg-hpke */
493 static const unsigned char x448_ikmr[] = {
494 0xd4, 0x5d, 0x16, 0x52, 0xdf, 0x74, 0x92, 0x0a,
495 0xbf, 0x94, 0xa2, 0x88, 0x3c, 0x83, 0x05, 0x0f,
496 0x50, 0x2f, 0xf5, 0x12, 0xff, 0xb5, 0x6f, 0x07,
497 0xb6, 0xd8, 0x33, 0xec, 0x8d, 0xda, 0x74, 0xb6,
498 0xa1, 0xc1, 0xcc, 0x4d, 0x42, 0xa2, 0x26, 0x41,
499 0xc0, 0x96, 0x3d, 0x3c, 0x21, 0xed, 0x82, 0x61,
500 0xf3, 0x44, 0xdc, 0x9e, 0x05, 0x01, 0xa8, 0x1c
501 };
502 static const unsigned char x448_ikmr_priv[] = {
503 0x27, 0xa4, 0x35, 0x46, 0x08, 0xf3, 0xbd, 0xd3,
504 0x8f, 0x1f, 0x5a, 0xf3, 0x05, 0xf3, 0xe0, 0x68,
505 0x2e, 0xfe, 0x4e, 0x25, 0x80, 0x82, 0x49, 0xd8,
506 0xfc, 0xb5, 0x59, 0x27, 0xf6, 0xa9, 0xf4, 0x46,
507 0xb8, 0xdc, 0x1d, 0x0a, 0x2c, 0x3b, 0x8c, 0xb1,
508 0x33, 0xa5, 0x67, 0x3b, 0x59, 0xa6, 0xd5, 0x5c,
509 0xe7, 0x54, 0xec, 0x0c, 0x9a, 0x55, 0x54, 0x01
510 };
511 static const unsigned char x448_ikmr_pub[] = {
512 0x14, 0x5d, 0x08, 0x3e, 0xa7, 0xa6, 0x37, 0x9d,
513 0xbb, 0x32, 0xdc, 0xbd, 0x8a, 0xff, 0x4c, 0x20,
514 0x6e, 0xa5, 0xd0, 0x69, 0xb7, 0x5e, 0x96, 0xc6,
515 0xdd, 0x2a, 0x3e, 0x38, 0xf4, 0x41, 0x47, 0x1a,
516 0xc9, 0x7a, 0xdc, 0xa6, 0x41, 0xfd, 0xad, 0x66,
517 0x68, 0x5a, 0x96, 0xf3, 0x2b, 0x7c, 0x3e, 0x06,
518 0x46, 0x35, 0xfa, 0xb3, 0xcc, 0x89, 0x23, 0x4e
519 };
520
521 static const TEST_DERIVEKEY_DATA ecx_derivekey_data[] = {
522 {
523 "X25519",
524 x25519_ikme, sizeof(x25519_ikme),
525 x25519_ikme_pub, sizeof(x25519_ikme_pub),
526 x25519_ikme_priv, sizeof(x25519_ikme_priv)
527 },
528 {
529 "X448",
530 x448_ikmr, sizeof(x448_ikmr),
531 x448_ikmr_pub, sizeof(x448_ikmr_pub),
532 x448_ikmr_priv, sizeof(x448_ikmr_priv)
533 },
534 };
535
536 /*
537 * Helper function to create a EC or ECX private key from bytes.
538 * The public key can optionally be NULL.
539 */
540 static EVP_PKEY *new_raw_private_key(const char *curvename,
541 const unsigned char *priv, size_t privlen,
542 const unsigned char *pub, size_t publen)
543 {
544 int ok = 0;
545 EVP_PKEY_CTX *ctx;
546 EVP_PKEY *key = NULL;
547 OSSL_PARAM *params = NULL;
548 BIGNUM *privbn = NULL;
549 OSSL_PARAM_BLD *bld = NULL;
550 int ecx = (curvename[0] == 'X');
551
552 if (ecx)
553 ctx = EVP_PKEY_CTX_new_from_name(libctx, curvename, NULL);
554 else
555 ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL);
556 if (ctx == NULL)
557 return 0;
558
559 bld = OSSL_PARAM_BLD_new();
560 if (bld == NULL)
561 goto err;
562
563 if (ecx) {
564 if (!OSSL_PARAM_BLD_push_octet_string(bld, OSSL_PKEY_PARAM_PRIV_KEY,
565 (char *)priv, privlen))
566 goto err;
567 } else {
568 privbn = BN_bin2bn(priv, privlen, NULL);
569 if (privbn == NULL)
570 goto err;
571 if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_GROUP_NAME,
572 curvename, 0))
573 goto err;
574 if (!OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, privbn))
575 goto err;
576 }
577
578 if (pub != NULL) {
579 if (!OSSL_PARAM_BLD_push_octet_string(bld, OSSL_PKEY_PARAM_PUB_KEY,
580 (char *)pub, publen))
581 goto err;
582 }
583 params = OSSL_PARAM_BLD_to_param(bld);
584 if (params == NULL)
585 goto err;
586
587 if (EVP_PKEY_fromdata_init(ctx) <= 0)
588 goto err;
589 if (EVP_PKEY_fromdata(ctx, &key, EVP_PKEY_KEYPAIR, params) <= 0)
590 goto err;
591 ok = 1;
592 err:
593 if (!ok) {
594 EVP_PKEY_free(key);
595 key = NULL;
596 }
597 BN_free(privbn);
598 OSSL_PARAM_free(params);
599 OSSL_PARAM_BLD_free(bld);
600 EVP_PKEY_CTX_free(ctx);
601 return key;
602 }
603
604 static EVP_PKEY *new_raw_public_key(const char *curvename,
605 const unsigned char *pub, size_t publen)
606 {
607 int ok = 0;
608 EVP_PKEY_CTX *ctx;
609 EVP_PKEY *key = NULL;
610 OSSL_PARAM params[3], *p = params;
611 int ecx = (curvename[0] == 'X');
612
613 if (ecx)
614 ctx = EVP_PKEY_CTX_new_from_name(libctx, curvename, NULL);
615 else
616 ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL);
617 if (ctx == NULL)
618 return 0;
619
620 if (!ecx)
621 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
622 (char *)curvename, 0);
623 *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
624 (char *)pub, publen);
625 *p = OSSL_PARAM_construct_end();
626 if (EVP_PKEY_fromdata_init(ctx) <= 0)
627 goto err;
628 if (EVP_PKEY_fromdata(ctx, &key, EVP_PKEY_PUBLIC_KEY, params) <= 0)
629 goto err;
630 ok = 1;
631 err:
632 if (!ok) {
633 EVP_PKEY_free(key);
634 key = NULL;
635 }
636 EVP_PKEY_CTX_free(ctx);
637 return key;
638 }
639
640 /* Helper function to perform encapsulation */
641 static int do_encap(const TEST_ENCAPDATA *t, EVP_PKEY *rpub, EVP_PKEY *spriv)
642 {
643 int ret = 0;
644 unsigned char secret[256] = { 0, };
645 unsigned char enc[256] = { 0, };
646 size_t secretlen = 0, enclen = 0;
647 EVP_PKEY_CTX *sctx = NULL;
648 OSSL_PARAM params[3], *p = params;
649
650 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KEM_PARAM_OPERATION,
651 (char *)OSSL_KEM_PARAM_OPERATION_DHKEM,
652 0);
653 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KEM_PARAM_IKME,
654 (char *)t->ikmE, t->ikmElen);
655 *p = OSSL_PARAM_construct_end();
656
657 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, rpub, NULL)))
658 goto err;
659 if (t->spriv == NULL) {
660 if (!TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, params), 1))
661 goto err;
662 } else {
663 if (!TEST_int_eq(EVP_PKEY_auth_encapsulate_init(sctx, spriv, params), 1))
664 goto err;
665 }
666 ret = TEST_int_eq(EVP_PKEY_encapsulate(sctx, NULL, &enclen, NULL,
667 &secretlen), 1)
668 && TEST_int_eq(EVP_PKEY_encapsulate(sctx, enc, &enclen, secret,
669 &secretlen), 1)
670 && TEST_mem_eq(enc, enclen, t->expected_enc, t->expected_enclen)
671 && TEST_mem_eq(secret, secretlen,
672 t->expected_secret, t->expected_secretlen);
673 err:
674 EVP_PKEY_CTX_free(sctx);
675 return ret;
676 }
677
678 /* Helper function to perform decapsulation */
679 static int do_decap(const TEST_ENCAPDATA *t, EVP_PKEY *rpriv, EVP_PKEY *spub)
680 {
681 int ret = 0;
682 EVP_PKEY_CTX *recipctx = NULL;
683 unsigned char secret[256] = { 0, };
684 size_t secretlen = 0;
685
686 if (!TEST_ptr(recipctx = EVP_PKEY_CTX_new_from_pkey(libctx, rpriv, NULL)))
687 goto err;
688 if (t->spub == NULL) {
689 if (!TEST_int_eq(EVP_PKEY_decapsulate_init(recipctx, opparam), 1))
690 goto err;
691 } else {
692 if (!TEST_int_eq(EVP_PKEY_auth_decapsulate_init(recipctx, spub,
693 opparam), 1))
694 goto err;
695 }
696 ret = TEST_int_eq(EVP_PKEY_decapsulate(recipctx, NULL, &secretlen,
697 t->expected_enc,
698 t->expected_enclen), 1)
699 && TEST_int_eq(EVP_PKEY_decapsulate(recipctx, secret, &secretlen,
700 t->expected_enc,
701 t->expected_enclen), 1)
702 && TEST_mem_eq(secret, secretlen,
703 t->expected_secret, t->expected_secretlen);
704 err:
705 EVP_PKEY_CTX_free(recipctx);
706 return ret;
707 }
A mirror of the official openssl repository