2 * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved.
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
11 /* Tests of the EVP_KDF_CTX APIs */
16 #include <openssl/evp.h>
17 #include <openssl/kdf.h>
20 static int test_kdf_tls1_prf(void)
24 unsigned char out
[16];
25 const unsigned char expected
[sizeof(out
)] = {
26 0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0,
27 0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc
30 ret
= TEST_ptr(kctx
= EVP_KDF_CTX_new_id(EVP_KDF_TLS1_PRF
))
31 && TEST_int_gt(EVP_KDF_ctrl(kctx
, EVP_KDF_CTRL_SET_MD
, EVP_sha256()),
33 && TEST_int_gt(EVP_KDF_ctrl(kctx
, EVP_KDF_CTRL_SET_TLS_SECRET
,
34 "secret", (size_t)6), 0)
35 && TEST_int_gt(EVP_KDF_ctrl(kctx
, EVP_KDF_CTRL_ADD_TLS_SEED
, "seed",
37 && TEST_int_gt(EVP_KDF_derive(kctx
, out
, sizeof(out
)), 0)
38 && TEST_mem_eq(out
, sizeof(out
), expected
, sizeof(expected
));
40 EVP_KDF_CTX_free(kctx
);
44 static int test_kdf_hkdf(void)
48 unsigned char out
[10];
49 const unsigned char expected
[sizeof(out
)] = {
50 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13
53 ret
= TEST_ptr(kctx
= EVP_KDF_CTX_new_id(EVP_KDF_HKDF
))
54 && TEST_int_gt(EVP_KDF_ctrl(kctx
, EVP_KDF_CTRL_SET_MD
, EVP_sha256()),
56 && TEST_int_gt(EVP_KDF_ctrl(kctx
, EVP_KDF_CTRL_SET_SALT
, "salt",
58 && TEST_int_gt(EVP_KDF_ctrl(kctx
, EVP_KDF_CTRL_SET_KEY
, "secret",
60 && TEST_int_gt(EVP_KDF_ctrl(kctx
, EVP_KDF_CTRL_ADD_HKDF_INFO
,
61 "label", (size_t)5), 0)
62 && TEST_int_gt(EVP_KDF_derive(kctx
, out
, sizeof(out
)), 0)
63 && TEST_mem_eq(out
, sizeof(out
), expected
, sizeof(expected
));
65 EVP_KDF_CTX_free(kctx
);
69 static int test_kdf_pbkdf2(void)
73 unsigned char out
[32];
74 const unsigned char expected
[sizeof(out
)] = {
75 0xae, 0x4d, 0x0c, 0x95, 0xaf, 0x6b, 0x46, 0xd3,
76 0x2d, 0x0a, 0xdf, 0xf9, 0x28, 0xf0, 0x6d, 0xd0,
77 0x2a, 0x30, 0x3f, 0x8e, 0xf3, 0xc2, 0x51, 0xdf,
78 0xd6, 0xe2, 0xd8, 0x5a, 0x95, 0x47, 0x4c, 0x43
81 ret
= TEST_ptr(kctx
= EVP_KDF_CTX_new_id(EVP_KDF_PBKDF2
))
82 && TEST_int_gt(EVP_KDF_ctrl(kctx
, EVP_KDF_CTRL_SET_PASS
, "password",
84 && TEST_int_gt(EVP_KDF_ctrl(kctx
, EVP_KDF_CTRL_SET_SALT
, "salt",
86 && TEST_int_gt(EVP_KDF_ctrl(kctx
, EVP_KDF_CTRL_SET_ITER
, 2), 0)
87 && TEST_int_gt(EVP_KDF_ctrl(kctx
, EVP_KDF_CTRL_SET_MD
, EVP_sha256()),
89 && TEST_int_gt(EVP_KDF_derive(kctx
, out
, sizeof(out
)), 0)
90 && TEST_mem_eq(out
, sizeof(out
), expected
, sizeof(expected
));
92 EVP_KDF_CTX_free(kctx
);
96 #ifndef OPENSSL_NO_SCRYPT
97 static int test_kdf_scrypt(void)
101 unsigned char out
[64];
102 const unsigned char expected
[sizeof(out
)] = {
103 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
104 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
105 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
106 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
107 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
108 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
109 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
110 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
113 ret
= TEST_ptr(kctx
= EVP_KDF_CTX_new_id(EVP_KDF_SCRYPT
))
114 && TEST_int_gt(EVP_KDF_ctrl(kctx
, EVP_KDF_CTRL_SET_PASS
, "password",
116 && TEST_int_gt(EVP_KDF_ctrl(kctx
, EVP_KDF_CTRL_SET_SALT
, "NaCl",
118 && TEST_int_gt(EVP_KDF_ctrl(kctx
, EVP_KDF_CTRL_SET_SCRYPT_N
,
120 && TEST_int_gt(EVP_KDF_ctrl(kctx
, EVP_KDF_CTRL_SET_SCRYPT_R
,
122 && TEST_int_gt(EVP_KDF_ctrl(kctx
, EVP_KDF_CTRL_SET_SCRYPT_P
,
124 && TEST_int_gt(EVP_KDF_ctrl(kctx
, EVP_KDF_CTRL_SET_MAXMEM_BYTES
,
127 && TEST_int_le(EVP_KDF_derive(kctx
, out
, sizeof(out
)), 0)
128 && TEST_int_gt(EVP_KDF_ctrl(kctx
, EVP_KDF_CTRL_SET_MAXMEM_BYTES
,
129 (uint64_t)(10 * 1024 * 1024)), 0)
130 && TEST_int_gt(EVP_KDF_derive(kctx
, out
, sizeof(out
)), 0)
131 && TEST_mem_eq(out
, sizeof(out
), expected
, sizeof(expected
));
133 EVP_KDF_CTX_free(kctx
);
136 #endif /* OPENSSL_NO_SCRYPT */
138 static int test_kdf_ss_hash(void)
141 EVP_KDF_CTX
*kctx
= NULL
;
142 const unsigned char z
[] = {
143 0x6d,0xbd,0xc2,0x3f,0x04,0x54,0x88,0xe4,0x06,0x27,0x57,0xb0,0x6b,0x9e,
144 0xba,0xe1,0x83,0xfc,0x5a,0x59,0x46,0xd8,0x0d,0xb9,0x3f,0xec,0x6f,0x62,
145 0xec,0x07,0xe3,0x72,0x7f,0x01,0x26,0xae,0xd1,0x2c,0xe4,0xb2,0x62,0xf4,
146 0x7d,0x48,0xd5,0x42,0x87,0xf8,0x1d,0x47,0x4c,0x7c,0x3b,0x18,0x50,0xe9
148 const unsigned char other
[] = {
149 0xa1,0xb2,0xc3,0xd4,0xe5,0x43,0x41,0x56,0x53,0x69,0x64,0x3c,0x83,0x2e,
150 0x98,0x49,0xdc,0xdb,0xa7,0x1e,0x9a,0x31,0x39,0xe6,0x06,0xe0,0x95,0xde,
151 0x3c,0x26,0x4a,0x66,0xe9,0x8a,0x16,0x58,0x54,0xcd,0x07,0x98,0x9b,0x1e,
152 0xe0,0xec,0x3f,0x8d,0xbe
154 const unsigned char expected
[] = {
155 0xa4,0x62,0xde,0x16,0xa8,0x9d,0xe8,0x46,0x6e,0xf5,0x46,0x0b,0x47,0xb8
157 unsigned char out
[14];
159 ret
= TEST_ptr(kctx
= EVP_KDF_CTX_new_id(EVP_KDF_SS
))
160 && TEST_int_gt(EVP_KDF_ctrl(kctx
, EVP_KDF_CTRL_SET_MD
, EVP_sha224()),
162 && TEST_int_gt(EVP_KDF_ctrl(kctx
, EVP_KDF_CTRL_SET_KEY
, z
, sizeof(z
)),
164 && TEST_int_gt(EVP_KDF_ctrl(kctx
, EVP_KDF_CTRL_SET_SSKDF_INFO
, other
,
166 && TEST_int_gt(EVP_KDF_derive(kctx
, out
, sizeof(out
)), 0)
167 && TEST_mem_eq(out
, sizeof(out
), expected
, sizeof(expected
));
169 EVP_KDF_CTX_free(kctx
);
173 static int test_kdf_ss_hmac(void)
179 const unsigned char z
[] = {
180 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
182 const unsigned char other
[] = {
183 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
185 const unsigned char salt
[] = {
186 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
189 const unsigned char expected
[] = {
190 0x44,0xf6,0x76,0xe8,0x5c,0x1b,0x1a,0x8b,0xbc,0x3d,0x31,0x92,0x18,0x63,
193 unsigned char out
[16];
195 ret
= TEST_ptr(kctx
= EVP_KDF_CTX_new_id(EVP_KDF_SS
))
196 && TEST_ptr(mac
= EVP_get_macbyname("HMAC"))
197 && TEST_int_gt(EVP_KDF_ctrl(kctx
, EVP_KDF_CTRL_SET_MAC
, mac
), 0)
198 && TEST_int_gt(EVP_KDF_ctrl(kctx
, EVP_KDF_CTRL_SET_MD
, EVP_sha256()),
200 && TEST_int_gt(EVP_KDF_ctrl(kctx
, EVP_KDF_CTRL_SET_KEY
, z
, sizeof(z
)),
202 && TEST_int_gt(EVP_KDF_ctrl(kctx
, EVP_KDF_CTRL_SET_SSKDF_INFO
, other
,
204 && TEST_int_gt(EVP_KDF_ctrl(kctx
, EVP_KDF_CTRL_SET_SALT
, salt
,
206 && TEST_int_gt(EVP_KDF_derive(kctx
, out
, sizeof(out
)), 0)
207 && TEST_mem_eq(out
, sizeof(out
), expected
, sizeof(expected
));
209 EVP_KDF_CTX_free(kctx
);
213 static int test_kdf_ss_kmac(void)
217 unsigned char out
[64];
220 const unsigned char z
[] = {
221 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
223 const unsigned char other
[] = {
224 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
226 const unsigned char salt
[] = {
227 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
230 const unsigned char expected
[] = {
231 0xe9,0xc1,0x84,0x53,0xa0,0x62,0xb5,0x3b,0xdb,0xfc,0xbb,0x5a,0x34,0xbd,
232 0xb8,0xe5,0xe7,0x07,0xee,0xbb,0x5d,0xd1,0x34,0x42,0x43,0xd8,0xcf,0xc2,
233 0xc2,0xe6,0x33,0x2f,0x91,0xbd,0xa5,0x86,0xf3,0x7d,0xe4,0x8a,0x65,0xd4,
234 0xc5,0x14,0xfd,0xef,0xaa,0x1e,0x67,0x54,0xf3,0x73,0xd2,0x38,0xe1,0x95,
235 0xae,0x15,0x7e,0x1d,0xe8,0x14,0x98,0x03
238 ret
= TEST_ptr(kctx
= EVP_KDF_CTX_new_id(EVP_KDF_SS
))
239 && TEST_ptr(mac
= EVP_get_macbyname("KMAC128"))
240 && TEST_int_gt(EVP_KDF_ctrl(kctx
, EVP_KDF_CTRL_SET_MAC
, mac
), 0)
241 && TEST_int_gt(EVP_KDF_ctrl(kctx
, EVP_KDF_CTRL_SET_KEY
, z
,
243 && TEST_int_gt(EVP_KDF_ctrl(kctx
, EVP_KDF_CTRL_SET_SSKDF_INFO
, other
,
245 && TEST_int_gt(EVP_KDF_ctrl(kctx
, EVP_KDF_CTRL_SET_SALT
, salt
,
247 && TEST_int_gt(EVP_KDF_ctrl(kctx
, EVP_KDF_CTRL_SET_MAC_SIZE
,
249 && TEST_int_gt(EVP_KDF_derive(kctx
, out
, sizeof(out
)), 0)
250 && TEST_mem_eq(out
, sizeof(out
), expected
, sizeof(expected
));
252 EVP_KDF_CTX_free(kctx
);
256 int setup_tests(void)
258 ADD_TEST(test_kdf_tls1_prf
);
259 ADD_TEST(test_kdf_hkdf
);
260 ADD_TEST(test_kdf_pbkdf2
);
261 #ifndef OPENSSL_NO_SCRYPT
262 ADD_TEST(test_kdf_scrypt
);
264 ADD_TEST(test_kdf_ss_hash
);
265 ADD_TEST(test_kdf_ss_hmac
);
266 ADD_TEST(test_kdf_ss_kmac
);