]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/evp_kdf_test.c
projects / thirdparty / openssl.git / blob
? search:


ed7407255ad4d8510a7fcf5caeda5e506008f6ab
[thirdparty/openssl.git] / test / evp_kdf_test.c
1 /*
2 * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2018-2020, Oracle and/or its affiliates. All rights reserved.
4 *
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
9 */
10
11 /* Tests of the EVP_KDF_CTX APIs */
12
13 #include <stdio.h>
14 #include <string.h>
15
16 #include <openssl/evp.h>
17 #include <openssl/kdf.h>
18 #include <openssl/core_names.h>
19 #include "internal/numbers.h"
20 #include "testutil.h"
21
22
23 static EVP_KDF_CTX *get_kdfbyname_libctx(OSSL_LIB_CTX *libctx, const char *name)
24 {
25 EVP_KDF *kdf = EVP_KDF_fetch(libctx, name, NULL);
26 EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
27
28 EVP_KDF_free(kdf);
29 return kctx;
30 }
31
32 static EVP_KDF_CTX *get_kdfbyname(const char *name)
33 {
34 return get_kdfbyname_libctx(NULL, name);
35 }
36
37 static OSSL_PARAM *construct_tls1_prf_params(const char *digest, const char *secret,
38 const char *seed)
39 {
40 OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 4);
41 OSSL_PARAM *p = params;
42
43 if (params == NULL)
44 return NULL;
45
46 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
47 (char *)digest, 0);
48 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
49 (unsigned char *)secret,
50 strlen(secret));
51 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
52 (unsigned char *)seed,
53 strlen(seed));
54 *p = OSSL_PARAM_construct_end();
55
56 return params;
57 }
58
59 static int test_kdf_tls1_prf(void)
60 {
61 int ret;
62 EVP_KDF_CTX *kctx = NULL;
63 unsigned char out[16];
64 OSSL_PARAM *params;
65 static const unsigned char expected[sizeof(out)] = {
66 0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0,
67 0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc
68 };
69
70 params = construct_tls1_prf_params("sha256", "secret", "seed");
71
72 ret = TEST_ptr(params)
73 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
74 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
75 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
76
77 EVP_KDF_CTX_free(kctx);
78 OPENSSL_free(params);
79 return ret;
80 }
81
82 static int test_kdf_tls1_prf_invalid_digest(void)
83 {
84 int ret;
85 EVP_KDF_CTX *kctx = NULL;
86 OSSL_PARAM *params;
87
88 params = construct_tls1_prf_params("blah", "secret", "seed");
89
90 ret = TEST_ptr(params)
91 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
92 && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
93
94 EVP_KDF_CTX_free(kctx);
95 OPENSSL_free(params);
96 return ret;
97 }
98
99 static int test_kdf_tls1_prf_zero_output_size(void)
100 {
101 int ret;
102 EVP_KDF_CTX *kctx = NULL;
103 unsigned char out[16];
104 OSSL_PARAM *params;
105
106 params = construct_tls1_prf_params("sha256", "secret", "seed");
107
108 /* Negative test - derive should fail */
109 ret = TEST_ptr(params)
110 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
111 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
112 && TEST_int_eq(EVP_KDF_derive(kctx, out, 0, NULL), 0);
113
114 EVP_KDF_CTX_free(kctx);
115 OPENSSL_free(params);
116 return ret;
117 }
118
119 static int test_kdf_tls1_prf_empty_secret(void)
120 {
121 int ret;
122 EVP_KDF_CTX *kctx = NULL;
123 unsigned char out[16];
124 OSSL_PARAM *params;
125
126 params = construct_tls1_prf_params("sha256", "", "seed");
127
128 ret = TEST_ptr(params)
129 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
130 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
131
132 EVP_KDF_CTX_free(kctx);
133 OPENSSL_free(params);
134 return ret;
135 }
136
137 static int test_kdf_tls1_prf_1byte_secret(void)
138 {
139 int ret;
140 EVP_KDF_CTX *kctx = NULL;
141 unsigned char out[16];
142 OSSL_PARAM *params;
143
144 params = construct_tls1_prf_params("sha256", "1", "seed");
145
146 ret = TEST_ptr(params)
147 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
148 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
149
150 EVP_KDF_CTX_free(kctx);
151 OPENSSL_free(params);
152 return ret;
153 }
154
155 static int test_kdf_tls1_prf_empty_seed(void)
156 {
157 int ret;
158 EVP_KDF_CTX *kctx = NULL;
159 unsigned char out[16];
160 OSSL_PARAM *params;
161
162 params = construct_tls1_prf_params("sha256", "secret", "");
163
164 /* Negative test - derive should fail */
165 ret = TEST_ptr(params)
166 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
167 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
168 && TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0);
169
170 EVP_KDF_CTX_free(kctx);
171 OPENSSL_free(params);
172 return ret;
173 }
174
175 static int test_kdf_tls1_prf_1byte_seed(void)
176 {
177 int ret;
178 EVP_KDF_CTX *kctx = NULL;
179 unsigned char out[16];
180 OSSL_PARAM *params;
181
182 params = construct_tls1_prf_params("sha256", "secret", "1");
183
184 ret = TEST_ptr(params)
185 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
186 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
187
188 EVP_KDF_CTX_free(kctx);
189 OPENSSL_free(params);
190 return ret;
191 }
192
193 static OSSL_PARAM *construct_hkdf_params(char *digest, char *key,
194 size_t keylen, char *salt, char *info)
195 {
196 OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 5);
197 OSSL_PARAM *p = params;
198
199 if (params == NULL)
200 return NULL;
201
202 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
203 digest, 0);
204 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
205 salt, strlen(salt));
206 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
207 (unsigned char *)key, keylen);
208 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
209 info, strlen(info));
210 *p = OSSL_PARAM_construct_end();
211
212 return params;
213 }
214
215 static int test_kdf_hkdf(void)
216 {
217 int ret;
218 EVP_KDF_CTX *kctx = NULL;
219 unsigned char out[10];
220 OSSL_PARAM *params;
221 static const unsigned char expected[sizeof(out)] = {
222 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13
223 };
224
225 params = construct_hkdf_params("sha256", "secret", 6, "salt", "label");
226
227 ret = TEST_ptr(params)
228 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
229 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
230 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
231
232 EVP_KDF_CTX_free(kctx);
233 OPENSSL_free(params);
234 return ret;
235 }
236
237 static int test_kdf_hkdf_invalid_digest(void)
238 {
239 int ret;
240 EVP_KDF_CTX *kctx = NULL;
241 OSSL_PARAM *params;
242
243 params = construct_hkdf_params("blah", "secret", 6, "salt", "label");
244
245 ret = TEST_ptr(params)
246 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
247 && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
248
249 EVP_KDF_CTX_free(kctx);
250 OPENSSL_free(params);
251 return ret;
252 }
253
254 static int test_kdf_hkdf_zero_output_size(void)
255 {
256 int ret;
257 EVP_KDF_CTX *kctx = NULL;
258 unsigned char out[10];
259 OSSL_PARAM *params;
260
261 params = construct_hkdf_params("sha256", "secret", 6, "salt", "label");
262
263 /* Negative test - derive should fail */
264 ret = TEST_ptr(params)
265 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
266 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
267 && TEST_int_eq(EVP_KDF_derive(kctx, out, 0, NULL), 0);
268
269 EVP_KDF_CTX_free(kctx);
270 OPENSSL_free(params);
271 return ret;
272 }
273
274 static int test_kdf_hkdf_empty_key(void)
275 {
276 int ret;
277 EVP_KDF_CTX *kctx = NULL;
278 unsigned char out[10];
279 OSSL_PARAM *params;
280
281 params = construct_hkdf_params("sha256", "", 0, "salt", "label");
282
283 ret = TEST_ptr(params)
284 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
285 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
286
287 EVP_KDF_CTX_free(kctx);
288 OPENSSL_free(params);
289 return ret;
290 }
291
292 static int test_kdf_hkdf_1byte_key(void)
293 {
294 int ret;
295 EVP_KDF_CTX *kctx = NULL;
296 unsigned char out[10];
297 OSSL_PARAM *params;
298
299 params = construct_hkdf_params("sha256", "1", 1, "salt", "label");
300
301 ret = TEST_ptr(params)
302 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
303 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
304
305 EVP_KDF_CTX_free(kctx);
306 OPENSSL_free(params);
307 return ret;
308 }
309
310 static int test_kdf_hkdf_empty_salt(void)
311 {
312 int ret;
313 EVP_KDF_CTX *kctx = NULL;
314 unsigned char out[10];
315 OSSL_PARAM *params;
316
317 params = construct_hkdf_params("sha256", "secret", 6, "", "label");
318
319 ret = TEST_ptr(params)
320 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
321 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
322
323 EVP_KDF_CTX_free(kctx);
324 OPENSSL_free(params);
325 return ret;
326 }
327
328 static OSSL_PARAM *construct_pbkdf1_params(char *pass, char *digest, char *salt,
329 unsigned int *iter)
330 {
331 OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 5);
332 OSSL_PARAM *p = params;
333
334 if (params == NULL)
335 return NULL;
336
337 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
338 (unsigned char *)pass, strlen(pass));
339 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
340 (unsigned char *)salt, strlen(salt));
341 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_ITER, iter);
342 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
343 digest, 0);
344 *p = OSSL_PARAM_construct_end();
345
346 return params;
347 }
348
349 static int test_kdf_pbkdf1(void)
350 {
351 int ret = 0;
352 EVP_KDF_CTX *kctx = NULL;
353 unsigned char out[25];
354 unsigned int iterations = 4096;
355 OSSL_LIB_CTX *libctx = NULL;
356 OSSL_PARAM *params = NULL;
357 OSSL_PROVIDER *prov = NULL;
358 const unsigned char expected[sizeof(out)] = {
359 0xfb, 0x83, 0x4d, 0x36, 0x6d, 0xbc, 0x53, 0x87, 0x35, 0x1b, 0x34, 0x75,
360 0x95, 0x88, 0x32, 0x4f, 0x3e, 0x82, 0x81, 0x01, 0x21, 0x93, 0x64, 0x00,
361 0xcc
362 };
363
364 if (!TEST_ptr(libctx = OSSL_LIB_CTX_new()))
365 goto err;
366
367 /* PBKDF1 only available in the legacy provider */
368 prov = OSSL_PROVIDER_load(libctx, "legacy");
369 if (prov == NULL)
370 return TEST_skip("PBKDF1 only available in legacy provider");
371
372 params = construct_pbkdf1_params("passwordPASSWORDpassword", "sha256",
373 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
374 &iterations);
375
376 if (!TEST_ptr(params)
377 || !TEST_ptr(kctx = get_kdfbyname_libctx(libctx, OSSL_KDF_NAME_PBKDF1))
378 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
379 || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)
380 || !TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)))
381 goto err;
382
383 ret = 1;
384 err:
385 EVP_KDF_CTX_free(kctx);
386 OPENSSL_free(params);
387 OSSL_PROVIDER_unload(prov);
388 OSSL_LIB_CTX_free(libctx);
389 return ret;
390 }
391
392 static OSSL_PARAM *construct_pbkdf2_params(char *pass, char *digest, char *salt,
393 unsigned int *iter, int *mode)
394 {
395 OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 6);
396 OSSL_PARAM *p = params;
397
398 if (params == NULL)
399 return NULL;
400
401 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
402 (unsigned char *)pass, strlen(pass));
403 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
404 (unsigned char *)salt, strlen(salt));
405 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_ITER, iter);
406 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
407 digest, 0);
408 *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, mode);
409 *p = OSSL_PARAM_construct_end();
410
411 return params;
412 }
413
414 static int test_kdf_pbkdf2(void)
415 {
416 int ret = 0;
417 EVP_KDF_CTX *kctx = NULL;
418 unsigned char out[25];
419 unsigned int iterations = 4096;
420 int mode = 0;
421 OSSL_PARAM *params;
422 const unsigned char expected[sizeof(out)] = {
423 0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f,
424 0x32, 0xd8, 0x14, 0xb8, 0x11, 0x6e, 0x84, 0xcf,
425 0x2b, 0x17, 0x34, 0x7e, 0xbc, 0x18, 0x00, 0x18,
426 0x1c
427 };
428
429 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
430 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
431 &iterations, &mode);
432
433 if (!TEST_ptr(params)
434 || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
435 || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
436 || !TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)))
437 goto err;
438
439 ret = 1;
440 err:
441 EVP_KDF_CTX_free(kctx);
442 OPENSSL_free(params);
443 return ret;
444 }
445
446 static int test_kdf_pbkdf2_small_output(void)
447 {
448 int ret = 0;
449 EVP_KDF_CTX *kctx = NULL;
450 unsigned char out[25];
451 unsigned int iterations = 4096;
452 int mode = 0;
453 OSSL_PARAM *params;
454
455 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
456 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
457 &iterations, &mode);
458
459 if (!TEST_ptr(params)
460 || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
461 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
462 /* A key length that is too small should fail */
463 || !TEST_int_eq(EVP_KDF_derive(kctx, out, 112 / 8 - 1, NULL), 0))
464 goto err;
465
466 ret = 1;
467 err:
468 EVP_KDF_CTX_free(kctx);
469 OPENSSL_free(params);
470 return ret;
471 }
472
473 static int test_kdf_pbkdf2_large_output(void)
474 {
475 int ret = 0;
476 EVP_KDF_CTX *kctx = NULL;
477 unsigned char out[25];
478 size_t len = 0;
479 unsigned int iterations = 4096;
480 int mode = 0;
481 OSSL_PARAM *params;
482
483 if (sizeof(len) > 32)
484 len = SIZE_MAX;
485
486 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
487 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
488 &iterations, &mode);
489
490 if (!TEST_ptr(params)
491 || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
492 /* A key length that is too large should fail */
493 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
494 || (len != 0 && !TEST_int_eq(EVP_KDF_derive(kctx, out, len, NULL), 0)))
495 goto err;
496
497 ret = 1;
498 err:
499 EVP_KDF_CTX_free(kctx);
500 OPENSSL_free(params);
501 return ret;
502 }
503
504 static int test_kdf_pbkdf2_small_salt(void)
505 {
506 int ret = 0;
507 EVP_KDF_CTX *kctx = NULL;
508 unsigned int iterations = 4096;
509 int mode = 0;
510 OSSL_PARAM *params;
511
512 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
513 "saltSALT",
514 &iterations, &mode);
515
516 if (!TEST_ptr(params)
517 || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
518 /* A salt that is too small should fail */
519 || !TEST_false(EVP_KDF_CTX_set_params(kctx, params)))
520 goto err;
521
522 ret = 1;
523 err:
524 EVP_KDF_CTX_free(kctx);
525 OPENSSL_free(params);
526 return ret;
527 }
528
529 static int test_kdf_pbkdf2_small_iterations(void)
530 {
531 int ret = 0;
532 EVP_KDF_CTX *kctx = NULL;
533 unsigned int iterations = 1;
534 int mode = 0;
535 OSSL_PARAM *params;
536
537 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
538 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
539 &iterations, &mode);
540
541 if (!TEST_ptr(params)
542 || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
543 /* An iteration count that is too small should fail */
544 || !TEST_false(EVP_KDF_CTX_set_params(kctx, params)))
545 goto err;
546
547 ret = 1;
548 err:
549 EVP_KDF_CTX_free(kctx);
550 OPENSSL_free(params);
551 return ret;
552 }
553
554 static int test_kdf_pbkdf2_small_salt_pkcs5(void)
555 {
556 int ret = 0;
557 EVP_KDF_CTX *kctx = NULL;
558 unsigned char out[25];
559 unsigned int iterations = 4096;
560 int mode = 1;
561 OSSL_PARAM *params;
562 OSSL_PARAM mode_params[2];
563
564 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
565 "saltSALT",
566 &iterations, &mode);
567
568 if (!TEST_ptr(params)
569 || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
570 /* A salt that is too small should pass in pkcs5 mode */
571 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
572 || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0))
573 goto err;
574
575 mode = 0;
576 mode_params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &mode);
577 mode_params[1] = OSSL_PARAM_construct_end();
578
579 /* If the "pkcs5" mode is disabled then the derive will now fail */
580 if (!TEST_true(EVP_KDF_CTX_set_params(kctx, mode_params))
581 || !TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0))
582 goto err;
583
584 ret = 1;
585 err:
586 EVP_KDF_CTX_free(kctx);
587 OPENSSL_free(params);
588 return ret;
589 }
590
591 static int test_kdf_pbkdf2_small_iterations_pkcs5(void)
592 {
593 int ret = 0;
594 EVP_KDF_CTX *kctx = NULL;
595 unsigned char out[25];
596 unsigned int iterations = 1;
597 int mode = 1;
598 OSSL_PARAM *params;
599 OSSL_PARAM mode_params[2];
600
601 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
602 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
603 &iterations, &mode);
604
605 if (!TEST_ptr(params)
606 || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
607 /* An iteration count that is too small will pass in pkcs5 mode */
608 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
609 || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0))
610 goto err;
611
612 mode = 0;
613 mode_params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &mode);
614 mode_params[1] = OSSL_PARAM_construct_end();
615
616 /* If the "pkcs5" mode is disabled then the derive will now fail */
617 if (!TEST_true(EVP_KDF_CTX_set_params(kctx, mode_params))
618 || !TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0))
619 goto err;
620
621 ret = 1;
622 err:
623 EVP_KDF_CTX_free(kctx);
624 OPENSSL_free(params);
625 return ret;
626 }
627
628 static int test_kdf_pbkdf2_invalid_digest(void)
629 {
630 int ret = 0;
631 EVP_KDF_CTX *kctx = NULL;
632 unsigned int iterations = 4096;
633 int mode = 0;
634 OSSL_PARAM *params;
635
636 params = construct_pbkdf2_params("passwordPASSWORDpassword", "blah",
637 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
638 &iterations, &mode);
639
640 if (!TEST_ptr(params)
641 || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
642 /* Unknown digest should fail */
643 || !TEST_false(EVP_KDF_CTX_set_params(kctx, params)))
644 goto err;
645
646 ret = 1;
647 err:
648 EVP_KDF_CTX_free(kctx);
649 OPENSSL_free(params);
650 return ret;
651 }
652
653 #ifndef OPENSSL_NO_SCRYPT
654 static int test_kdf_scrypt(void)
655 {
656 int ret;
657 EVP_KDF_CTX *kctx;
658 OSSL_PARAM params[7], *p = params;
659 unsigned char out[64];
660 unsigned int nu = 1024, ru = 8, pu = 16, maxmem = 16;
661 static const unsigned char expected[sizeof(out)] = {
662 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
663 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
664 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
665 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
666 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
667 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
668 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
669 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
670 };
671
672 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
673 (char *)"password", 8);
674 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
675 (char *)"NaCl", 4);
676 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_N, &nu);
677 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_R, &ru);
678 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_P, &pu);
679 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_MAXMEM, &maxmem);
680 *p = OSSL_PARAM_construct_end();
681
682 ret =
683 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SCRYPT))
684 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
685 /* failure test *//*
686 && TEST_int_le(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)*/
687 && TEST_true(OSSL_PARAM_set_uint(p - 1, 10 * 1024 * 1024))
688 && TEST_true(EVP_KDF_CTX_set_params(kctx, p - 1))
689 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)
690 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
691
692 EVP_KDF_CTX_free(kctx);
693 return ret;
694 }
695 #endif /* OPENSSL_NO_SCRYPT */
696
697 static int test_kdf_ss_hash(void)
698 {
699 int ret;
700 EVP_KDF_CTX *kctx;
701 OSSL_PARAM params[4], *p = params;
702 unsigned char out[14];
703 static unsigned char z[] = {
704 0x6d,0xbd,0xc2,0x3f,0x04,0x54,0x88,0xe4,0x06,0x27,0x57,0xb0,0x6b,0x9e,
705 0xba,0xe1,0x83,0xfc,0x5a,0x59,0x46,0xd8,0x0d,0xb9,0x3f,0xec,0x6f,0x62,
706 0xec,0x07,0xe3,0x72,0x7f,0x01,0x26,0xae,0xd1,0x2c,0xe4,0xb2,0x62,0xf4,
707 0x7d,0x48,0xd5,0x42,0x87,0xf8,0x1d,0x47,0x4c,0x7c,0x3b,0x18,0x50,0xe9
708 };
709 static unsigned char other[] = {
710 0xa1,0xb2,0xc3,0xd4,0xe5,0x43,0x41,0x56,0x53,0x69,0x64,0x3c,0x83,0x2e,
711 0x98,0x49,0xdc,0xdb,0xa7,0x1e,0x9a,0x31,0x39,0xe6,0x06,0xe0,0x95,0xde,
712 0x3c,0x26,0x4a,0x66,0xe9,0x8a,0x16,0x58,0x54,0xcd,0x07,0x98,0x9b,0x1e,
713 0xe0,0xec,0x3f,0x8d,0xbe
714 };
715 static const unsigned char expected[sizeof(out)] = {
716 0xa4,0x62,0xde,0x16,0xa8,0x9d,0xe8,0x46,0x6e,0xf5,0x46,0x0b,0x47,0xb8
717 };
718
719 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
720 (char *)"sha224", 0);
721 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
722 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
723 sizeof(other));
724 *p = OSSL_PARAM_construct_end();
725
726 ret =
727 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
728 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
729 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
730
731 EVP_KDF_CTX_free(kctx);
732 return ret;
733 }
734
735 static int test_kdf_x963(void)
736 {
737 int ret;
738 EVP_KDF_CTX *kctx;
739 OSSL_PARAM params[4], *p = params;
740 unsigned char out[1024 / 8];
741 /*
742 * Test data from https://csrc.nist.gov/CSRC/media/Projects/
743 * Cryptographic-Algorithm-Validation-Program/documents/components/
744 * 800-135testvectors/ansx963_2001.zip
745 */
746 static unsigned char z[] = {
747 0x00, 0xaa, 0x5b, 0xb7, 0x9b, 0x33, 0xe3, 0x89, 0xfa, 0x58, 0xce, 0xad,
748 0xc0, 0x47, 0x19, 0x7f, 0x14, 0xe7, 0x37, 0x12, 0xf4, 0x52, 0xca, 0xa9,
749 0xfc, 0x4c, 0x9a, 0xdb, 0x36, 0x93, 0x48, 0xb8, 0x15, 0x07, 0x39, 0x2f,
750 0x1a, 0x86, 0xdd, 0xfd, 0xb7, 0xc4, 0xff, 0x82, 0x31, 0xc4, 0xbd, 0x0f,
751 0x44, 0xe4, 0x4a, 0x1b, 0x55, 0xb1, 0x40, 0x47, 0x47, 0xa9, 0xe2, 0xe7,
752 0x53, 0xf5, 0x5e, 0xf0, 0x5a, 0x2d
753 };
754 static unsigned char shared[] = {
755 0xe3, 0xb5, 0xb4, 0xc1, 0xb0, 0xd5, 0xcf, 0x1d, 0x2b, 0x3a, 0x2f, 0x99,
756 0x37, 0x89, 0x5d, 0x31
757 };
758 static const unsigned char expected[sizeof(out)] = {
759 0x44, 0x63, 0xf8, 0x69, 0xf3, 0xcc, 0x18, 0x76, 0x9b, 0x52, 0x26, 0x4b,
760 0x01, 0x12, 0xb5, 0x85, 0x8f, 0x7a, 0xd3, 0x2a, 0x5a, 0x2d, 0x96, 0xd8,
761 0xcf, 0xfa, 0xbf, 0x7f, 0xa7, 0x33, 0x63, 0x3d, 0x6e, 0x4d, 0xd2, 0xa5,
762 0x99, 0xac, 0xce, 0xb3, 0xea, 0x54, 0xa6, 0x21, 0x7c, 0xe0, 0xb5, 0x0e,
763 0xef, 0x4f, 0x6b, 0x40, 0xa5, 0xc3, 0x02, 0x50, 0xa5, 0xa8, 0xee, 0xee,
764 0x20, 0x80, 0x02, 0x26, 0x70, 0x89, 0xdb, 0xf3, 0x51, 0xf3, 0xf5, 0x02,
765 0x2a, 0xa9, 0x63, 0x8b, 0xf1, 0xee, 0x41, 0x9d, 0xea, 0x9c, 0x4f, 0xf7,
766 0x45, 0xa2, 0x5a, 0xc2, 0x7b, 0xda, 0x33, 0xca, 0x08, 0xbd, 0x56, 0xdd,
767 0x1a, 0x59, 0xb4, 0x10, 0x6c, 0xf2, 0xdb, 0xbc, 0x0a, 0xb2, 0xaa, 0x8e,
768 0x2e, 0xfa, 0x7b, 0x17, 0x90, 0x2d, 0x34, 0x27, 0x69, 0x51, 0xce, 0xcc,
769 0xab, 0x87, 0xf9, 0x66, 0x1c, 0x3e, 0x88, 0x16
770 };
771
772 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
773 (char *)"sha512", 0);
774 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
775 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, shared,
776 sizeof(shared));
777 *p = OSSL_PARAM_construct_end();
778
779 ret =
780 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X963KDF))
781 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
782 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
783
784 EVP_KDF_CTX_free(kctx);
785 return ret;
786 }
787
788 #if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_CAMELLIA)
789 /*
790 * KBKDF test vectors from RFC 6803 (Camellia Encryption for Kerberos 5)
791 * section 10.
792 */
793 static int test_kdf_kbkdf_6803_128(void)
794 {
795 int ret = 0, i, p;
796 EVP_KDF_CTX *kctx;
797 OSSL_PARAM params[7];
798 static unsigned char input_key[] = {
799 0x57, 0xD0, 0x29, 0x72, 0x98, 0xFF, 0xD9, 0xD3,
800 0x5D, 0xE5, 0xA4, 0x7F, 0xB4, 0xBD, 0xE2, 0x4B,
801 };
802 static unsigned char constants[][5] = {
803 { 0x00, 0x00, 0x00, 0x02, 0x99 },
804 { 0x00, 0x00, 0x00, 0x02, 0xaa },
805 { 0x00, 0x00, 0x00, 0x02, 0x55 },
806 };
807 static unsigned char outputs[][16] = {
808 {0xD1, 0x55, 0x77, 0x5A, 0x20, 0x9D, 0x05, 0xF0,
809 0x2B, 0x38, 0xD4, 0x2A, 0x38, 0x9E, 0x5A, 0x56},
810 {0x64, 0xDF, 0x83, 0xF8, 0x5A, 0x53, 0x2F, 0x17,
811 0x57, 0x7D, 0x8C, 0x37, 0x03, 0x57, 0x96, 0xAB},
812 {0x3E, 0x4F, 0xBD, 0xF3, 0x0F, 0xB8, 0x25, 0x9C,
813 0x42, 0x5C, 0xB6, 0xC9, 0x6F, 0x1F, 0x46, 0x35}
814 };
815 static unsigned char iv[16] = { 0 };
816 unsigned char result[16] = { 0 };
817
818 for (i = 0; i < 3; i++) {
819 p = 0;
820 params[p++] = OSSL_PARAM_construct_utf8_string(
821 OSSL_KDF_PARAM_CIPHER, "CAMELLIA-128-CBC", 0);
822 params[p++] = OSSL_PARAM_construct_utf8_string(
823 OSSL_KDF_PARAM_MAC, "CMAC", 0);
824 params[p++] = OSSL_PARAM_construct_utf8_string(
825 OSSL_KDF_PARAM_MODE, "FEEDBACK", 0);
826 params[p++] = OSSL_PARAM_construct_octet_string(
827 OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
828 params[p++] = OSSL_PARAM_construct_octet_string(
829 OSSL_KDF_PARAM_SALT, constants[i], sizeof(constants[i]));
830 params[p++] = OSSL_PARAM_construct_octet_string(
831 OSSL_KDF_PARAM_SEED, iv, sizeof(iv));
832 params[p] = OSSL_PARAM_construct_end();
833
834 kctx = get_kdfbyname("KBKDF");
835 ret = TEST_ptr(kctx)
836 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result),
837 params), 0)
838 && TEST_mem_eq(result, sizeof(result), outputs[i],
839 sizeof(outputs[i]));
840 EVP_KDF_CTX_free(kctx);
841 if (ret != 1)
842 return ret;
843 }
844
845 return ret;
846 }
847
848 static int test_kdf_kbkdf_6803_256(void)
849 {
850 int ret = 0, i, p;
851 EVP_KDF_CTX *kctx;
852 OSSL_PARAM params[7];
853 static unsigned char input_key[] = {
854 0xB9, 0xD6, 0x82, 0x8B, 0x20, 0x56, 0xB7, 0xBE,
855 0x65, 0x6D, 0x88, 0xA1, 0x23, 0xB1, 0xFA, 0xC6,
856 0x82, 0x14, 0xAC, 0x2B, 0x72, 0x7E, 0xCF, 0x5F,
857 0x69, 0xAF, 0xE0, 0xC4, 0xDF, 0x2A, 0x6D, 0x2C,
858 };
859 static unsigned char constants[][5] = {
860 { 0x00, 0x00, 0x00, 0x02, 0x99 },
861 { 0x00, 0x00, 0x00, 0x02, 0xaa },
862 { 0x00, 0x00, 0x00, 0x02, 0x55 },
863 };
864 static unsigned char outputs[][32] = {
865 {0xE4, 0x67, 0xF9, 0xA9, 0x55, 0x2B, 0xC7, 0xD3,
866 0x15, 0x5A, 0x62, 0x20, 0xAF, 0x9C, 0x19, 0x22,
867 0x0E, 0xEE, 0xD4, 0xFF, 0x78, 0xB0, 0xD1, 0xE6,
868 0xA1, 0x54, 0x49, 0x91, 0x46, 0x1A, 0x9E, 0x50,
869 },
870 {0x41, 0x2A, 0xEF, 0xC3, 0x62, 0xA7, 0x28, 0x5F,
871 0xC3, 0x96, 0x6C, 0x6A, 0x51, 0x81, 0xE7, 0x60,
872 0x5A, 0xE6, 0x75, 0x23, 0x5B, 0x6D, 0x54, 0x9F,
873 0xBF, 0xC9, 0xAB, 0x66, 0x30, 0xA4, 0xC6, 0x04,
874 },
875 {0xFA, 0x62, 0x4F, 0xA0, 0xE5, 0x23, 0x99, 0x3F,
876 0xA3, 0x88, 0xAE, 0xFD, 0xC6, 0x7E, 0x67, 0xEB,
877 0xCD, 0x8C, 0x08, 0xE8, 0xA0, 0x24, 0x6B, 0x1D,
878 0x73, 0xB0, 0xD1, 0xDD, 0x9F, 0xC5, 0x82, 0xB0,
879 },
880 };
881 static unsigned char iv[16] = { 0 };
882 unsigned char result[32] = { 0 };
883
884 for (i = 0; i < 3; i++) {
885 p = 0;
886 params[p++] = OSSL_PARAM_construct_utf8_string(
887 OSSL_KDF_PARAM_CIPHER, "CAMELLIA-256-CBC", 0);
888 params[p++] = OSSL_PARAM_construct_utf8_string(
889 OSSL_KDF_PARAM_MAC, "CMAC", 0);
890 params[p++] = OSSL_PARAM_construct_utf8_string(
891 OSSL_KDF_PARAM_MODE, "FEEDBACK", 0);
892 params[p++] = OSSL_PARAM_construct_octet_string(
893 OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
894 params[p++] = OSSL_PARAM_construct_octet_string(
895 OSSL_KDF_PARAM_SALT, constants[i], sizeof(constants[i]));
896 params[p++] = OSSL_PARAM_construct_octet_string(
897 OSSL_KDF_PARAM_SEED, iv, sizeof(iv));
898 params[p] = OSSL_PARAM_construct_end();
899
900 kctx = get_kdfbyname("KBKDF");
901 ret = TEST_ptr(kctx)
902 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result),
903 params), 0)
904 && TEST_mem_eq(result, sizeof(result), outputs[i],
905 sizeof(outputs[i]));
906 EVP_KDF_CTX_free(kctx);
907 if (ret != 1)
908 return ret;
909 }
910
911 return ret;
912 }
913 #endif
914
915 static OSSL_PARAM *construct_kbkdf_params(char *digest, char *mac, unsigned char *key,
916 size_t keylen, char *salt, char *info)
917 {
918 OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 7);
919 OSSL_PARAM *p = params;
920
921 if (params == NULL)
922 return NULL;
923
924 *p++ = OSSL_PARAM_construct_utf8_string(
925 OSSL_KDF_PARAM_DIGEST, digest, 0);
926 *p++ = OSSL_PARAM_construct_utf8_string(
927 OSSL_KDF_PARAM_MAC, mac, 0);
928 *p++ = OSSL_PARAM_construct_utf8_string(
929 OSSL_KDF_PARAM_MODE, "COUNTER", 0);
930 *p++ = OSSL_PARAM_construct_octet_string(
931 OSSL_KDF_PARAM_KEY, key, keylen);
932 *p++ = OSSL_PARAM_construct_octet_string(
933 OSSL_KDF_PARAM_SALT, salt, strlen(salt));
934 *p++ = OSSL_PARAM_construct_octet_string(
935 OSSL_KDF_PARAM_INFO, info, strlen(info));
936 *p = OSSL_PARAM_construct_end();
937
938 return params;
939 }
940
941 static int test_kdf_kbkdf_invalid_digest(void)
942 {
943 int ret;
944 EVP_KDF_CTX *kctx;
945 OSSL_PARAM *params;
946
947 static unsigned char key[] = {0x01};
948
949 params = construct_kbkdf_params("blah", "HMAC", key, 1, "prf", "test");
950 if (!TEST_ptr(params))
951 return 0;
952
953 /* Negative test case - set_params should fail */
954 kctx = get_kdfbyname("KBKDF");
955 ret = TEST_ptr(kctx)
956 && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
957
958 EVP_KDF_CTX_free(kctx);
959 OPENSSL_free(params);
960 return ret;
961 }
962
963 static int test_kdf_kbkdf_invalid_mac(void)
964 {
965 int ret;
966 EVP_KDF_CTX *kctx;
967 OSSL_PARAM *params;
968
969 static unsigned char key[] = {0x01};
970
971 params = construct_kbkdf_params("sha256", "blah", key, 1, "prf", "test");
972 if (!TEST_ptr(params))
973 return 0;
974
975 /* Negative test case - set_params should fail */
976 kctx = get_kdfbyname("KBKDF");
977 ret = TEST_ptr(kctx)
978 && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
979
980 EVP_KDF_CTX_free(kctx);
981 OPENSSL_free(params);
982 return ret;
983 }
984
985 static int test_kdf_kbkdf_empty_key(void)
986 {
987 int ret;
988 EVP_KDF_CTX *kctx;
989 OSSL_PARAM *params;
990
991 static unsigned char key[] = {0x01};
992 unsigned char result[32] = { 0 };
993
994 params = construct_kbkdf_params("sha256", "HMAC", key, 0, "prf", "test");
995 if (!TEST_ptr(params))
996 return 0;
997
998 /* Negative test case - derive should fail */
999 kctx = get_kdfbyname("KBKDF");
1000 ret = TEST_ptr(kctx)
1001 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
1002 && TEST_int_eq(EVP_KDF_derive(kctx, result, sizeof(result), NULL), 0);
1003
1004 EVP_KDF_CTX_free(kctx);
1005 OPENSSL_free(params);
1006 return ret;
1007 }
1008
1009 static int test_kdf_kbkdf_1byte_key(void)
1010 {
1011 int ret;
1012 EVP_KDF_CTX *kctx;
1013 OSSL_PARAM *params;
1014
1015 static unsigned char key[] = {0x01};
1016 unsigned char result[32] = { 0 };
1017
1018 params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test");
1019 if (!TEST_ptr(params))
1020 return 0;
1021
1022 kctx = get_kdfbyname("KBKDF");
1023 ret = TEST_ptr(kctx)
1024 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), params), 0);
1025
1026 EVP_KDF_CTX_free(kctx);
1027 OPENSSL_free(params);
1028 return ret;
1029 }
1030
1031 static int test_kdf_kbkdf_zero_output_size(void)
1032 {
1033 int ret;
1034 EVP_KDF_CTX *kctx;
1035 OSSL_PARAM *params;
1036
1037 static unsigned char key[] = {0x01};
1038 unsigned char result[32] = { 0 };
1039
1040 params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test");
1041 if (!TEST_ptr(params))
1042 return 0;
1043
1044 /* Negative test case - derive should fail */
1045 kctx = get_kdfbyname("KBKDF");
1046 ret = TEST_ptr(kctx)
1047 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
1048 && TEST_int_eq(EVP_KDF_derive(kctx, result, 0, NULL), 0);
1049
1050 EVP_KDF_CTX_free(kctx);
1051 OPENSSL_free(params);
1052 return ret;
1053 }
1054
1055 /* Two test vectors from RFC 8009 (AES Encryption with HMAC-SHA2 for Kerberos
1056 * 5) appendix A. */
1057 static int test_kdf_kbkdf_8009_prf1(void)
1058 {
1059 int ret, i = 0;
1060 EVP_KDF_CTX *kctx;
1061 OSSL_PARAM params[6];
1062 char *label = "prf", *digest = "sha256", *prf_input = "test",
1063 *mac = "HMAC";
1064 static unsigned char input_key[] = {
1065 0x37, 0x05, 0xD9, 0x60, 0x80, 0xC1, 0x77, 0x28,
1066 0xA0, 0xE8, 0x00, 0xEA, 0xB6, 0xE0, 0xD2, 0x3C,
1067 };
1068 static unsigned char output[] = {
1069 0x9D, 0x18, 0x86, 0x16, 0xF6, 0x38, 0x52, 0xFE,
1070 0x86, 0x91, 0x5B, 0xB8, 0x40, 0xB4, 0xA8, 0x86,
1071 0xFF, 0x3E, 0x6B, 0xB0, 0xF8, 0x19, 0xB4, 0x9B,
1072 0x89, 0x33, 0x93, 0xD3, 0x93, 0x85, 0x42, 0x95,
1073 };
1074 unsigned char result[sizeof(output)] = { 0 };
1075
1076 params[i++] = OSSL_PARAM_construct_utf8_string(
1077 OSSL_KDF_PARAM_DIGEST, digest, 0);
1078 params[i++] = OSSL_PARAM_construct_utf8_string(
1079 OSSL_KDF_PARAM_MAC, mac, 0);
1080 params[i++] = OSSL_PARAM_construct_octet_string(
1081 OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
1082 params[i++] = OSSL_PARAM_construct_octet_string(
1083 OSSL_KDF_PARAM_SALT, label, strlen(label));
1084 params[i++] = OSSL_PARAM_construct_octet_string(
1085 OSSL_KDF_PARAM_INFO, prf_input, strlen(prf_input));
1086 params[i] = OSSL_PARAM_construct_end();
1087
1088 kctx = get_kdfbyname("KBKDF");
1089 ret = TEST_ptr(kctx)
1090 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), params), 0)
1091 && TEST_mem_eq(result, sizeof(result), output, sizeof(output));
1092
1093 EVP_KDF_CTX_free(kctx);
1094 return ret;
1095 }
1096
1097 static int test_kdf_kbkdf_8009_prf2(void)
1098 {
1099 int ret, i = 0;
1100 EVP_KDF_CTX *kctx;
1101 OSSL_PARAM params[6];
1102 char *label = "prf", *digest = "sha384", *prf_input = "test",
1103 *mac = "HMAC";
1104 static unsigned char input_key[] = {
1105 0x6D, 0x40, 0x4D, 0x37, 0xFA, 0xF7, 0x9F, 0x9D,
1106 0xF0, 0xD3, 0x35, 0x68, 0xD3, 0x20, 0x66, 0x98,
1107 0x00, 0xEB, 0x48, 0x36, 0x47, 0x2E, 0xA8, 0xA0,
1108 0x26, 0xD1, 0x6B, 0x71, 0x82, 0x46, 0x0C, 0x52,
1109 };
1110 static unsigned char output[] = {
1111 0x98, 0x01, 0xF6, 0x9A, 0x36, 0x8C, 0x2B, 0xF6,
1112 0x75, 0xE5, 0x95, 0x21, 0xE1, 0x77, 0xD9, 0xA0,
1113 0x7F, 0x67, 0xEF, 0xE1, 0xCF, 0xDE, 0x8D, 0x3C,
1114 0x8D, 0x6F, 0x6A, 0x02, 0x56, 0xE3, 0xB1, 0x7D,
1115 0xB3, 0xC1, 0xB6, 0x2A, 0xD1, 0xB8, 0x55, 0x33,
1116 0x60, 0xD1, 0x73, 0x67, 0xEB, 0x15, 0x14, 0xD2,
1117 };
1118 unsigned char result[sizeof(output)] = { 0 };
1119
1120 params[i++] = OSSL_PARAM_construct_utf8_string(
1121 OSSL_KDF_PARAM_DIGEST, digest, 0);
1122 params[i++] = OSSL_PARAM_construct_utf8_string(
1123 OSSL_KDF_PARAM_MAC, mac, 0);
1124 params[i++] = OSSL_PARAM_construct_octet_string(
1125 OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
1126 params[i++] = OSSL_PARAM_construct_octet_string(
1127 OSSL_KDF_PARAM_SALT, label, strlen(label));
1128 params[i++] = OSSL_PARAM_construct_octet_string(
1129 OSSL_KDF_PARAM_INFO, prf_input, strlen(prf_input));
1130 params[i] = OSSL_PARAM_construct_end();
1131
1132 kctx = get_kdfbyname("KBKDF");
1133 ret = TEST_ptr(kctx)
1134 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), params), 0)
1135 && TEST_mem_eq(result, sizeof(result), output, sizeof(output));
1136
1137 EVP_KDF_CTX_free(kctx);
1138 return ret;
1139 }
1140
1141 #if !defined(OPENSSL_NO_CMAC)
1142 /*
1143 * Test vector taken from
1144 * https://csrc.nist.gov/CSRC/media/Projects/
1145 * Cryptographic-Algorithm-Validation-Program/documents/KBKDF800-108/CounterMode.zip
1146 * Note: Only 32 bit counter is supported ([RLEN=32_BITS])
1147 */
1148 static int test_kdf_kbkdf_fixedinfo(void)
1149 {
1150 int ret;
1151 EVP_KDF_CTX *kctx;
1152 OSSL_PARAM params[8], *p = params;
1153 static char *cipher = "AES128";
1154 static char *mac = "CMAC";
1155 static char *mode = "COUNTER";
1156 int use_l = 0;
1157 int use_separator = 0;
1158
1159 static unsigned char input_key[] = {
1160 0xc1, 0x0b, 0x15, 0x2e, 0x8c, 0x97, 0xb7, 0x7e,
1161 0x18, 0x70, 0x4e, 0x0f, 0x0b, 0xd3, 0x83, 0x05,
1162 };
1163 static unsigned char fixed_input[] = {
1164 0x98, 0xcd, 0x4c, 0xbb, 0xbe, 0xbe, 0x15, 0xd1,
1165 0x7d, 0xc8, 0x6e, 0x6d, 0xba, 0xd8, 0x00, 0xa2,
1166 0xdc, 0xbd, 0x64, 0xf7, 0xc7, 0xad, 0x0e, 0x78,
1167 0xe9, 0xcf, 0x94, 0xff, 0xdb, 0xa8, 0x9d, 0x03,
1168 0xe9, 0x7e, 0xad, 0xf6, 0xc4, 0xf7, 0xb8, 0x06,
1169 0xca, 0xf5, 0x2a, 0xa3, 0x8f, 0x09, 0xd0, 0xeb,
1170 0x71, 0xd7, 0x1f, 0x49, 0x7b, 0xcc, 0x69, 0x06,
1171 0xb4, 0x8d, 0x36, 0xc4,
1172
1173 };
1174 static unsigned char output[] = {
1175 0x26, 0xfa, 0xf6, 0x19, 0x08, 0xad, 0x9e, 0xe8,
1176 0x81, 0xb8, 0x30, 0x5c, 0x22, 0x1d, 0xb5, 0x3f,
1177 };
1178 unsigned char result[sizeof(output)] = { 0 };
1179
1180 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER, cipher, 0);
1181 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, mac, 0);
1182 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE, mode, 0);
1183 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, input_key,
1184 sizeof(input_key));
1185 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
1186 fixed_input, sizeof(fixed_input));
1187 *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_USE_L, &use_l);
1188 *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR,
1189 &use_separator);
1190 *p = OSSL_PARAM_construct_end();
1191
1192 kctx = get_kdfbyname("KBKDF");
1193 ret = TEST_ptr(kctx)
1194 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), params), 0)
1195 && TEST_mem_eq(result, sizeof(result), output, sizeof(output));
1196
1197 EVP_KDF_CTX_free(kctx);
1198 return ret;
1199 }
1200 #endif /* OPENSSL_NO_CMAC */
1201
1202 static int test_kdf_ss_hmac(void)
1203 {
1204 int ret;
1205 EVP_KDF_CTX *kctx;
1206 OSSL_PARAM params[6], *p = params;
1207 unsigned char out[16];
1208 static unsigned char z[] = {
1209 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
1210 };
1211 static unsigned char other[] = {
1212 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
1213 };
1214 static unsigned char salt[] = {
1215 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
1216 0x3f,0x89
1217 };
1218 static const unsigned char expected[sizeof(out)] = {
1219 0x44,0xf6,0x76,0xe8,0x5c,0x1b,0x1a,0x8b,0xbc,0x3d,0x31,0x92,0x18,0x63,
1220 0x1c,0xa3
1221 };
1222
1223 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
1224 (char *)OSSL_MAC_NAME_HMAC, 0);
1225 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
1226 (char *)"sha256", 0);
1227 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
1228 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
1229 sizeof(other));
1230 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt,
1231 sizeof(salt));
1232 *p = OSSL_PARAM_construct_end();
1233
1234 ret =
1235 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
1236 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
1237 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1238
1239 EVP_KDF_CTX_free(kctx);
1240 return ret;
1241 }
1242
1243 static int test_kdf_ss_kmac(void)
1244 {
1245 int ret;
1246 EVP_KDF_CTX *kctx;
1247 OSSL_PARAM params[6], *p = params;
1248 unsigned char out[64];
1249 size_t mac_size = 20;
1250 static unsigned char z[] = {
1251 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
1252 };
1253 static unsigned char other[] = {
1254 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
1255 };
1256 static unsigned char salt[] = {
1257 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
1258 0x3f,0x89
1259 };
1260 static const unsigned char expected[sizeof(out)] = {
1261 0xe9,0xc1,0x84,0x53,0xa0,0x62,0xb5,0x3b,0xdb,0xfc,0xbb,0x5a,0x34,0xbd,
1262 0xb8,0xe5,0xe7,0x07,0xee,0xbb,0x5d,0xd1,0x34,0x42,0x43,0xd8,0xcf,0xc2,
1263 0xc2,0xe6,0x33,0x2f,0x91,0xbd,0xa5,0x86,0xf3,0x7d,0xe4,0x8a,0x65,0xd4,
1264 0xc5,0x14,0xfd,0xef,0xaa,0x1e,0x67,0x54,0xf3,0x73,0xd2,0x38,0xe1,0x95,
1265 0xae,0x15,0x7e,0x1d,0xe8,0x14,0x98,0x03
1266 };
1267
1268 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
1269 (char *)OSSL_MAC_NAME_KMAC128, 0);
1270 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
1271 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
1272 sizeof(other));
1273 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt,
1274 sizeof(salt));
1275 *p++ = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_MAC_SIZE, &mac_size);
1276 *p = OSSL_PARAM_construct_end();
1277
1278 ret =
1279 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
1280 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
1281 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1282
1283 EVP_KDF_CTX_free(kctx);
1284 return ret;
1285 }
1286
1287 static int test_kdf_sshkdf(void)
1288 {
1289 int ret;
1290 EVP_KDF_CTX *kctx;
1291 OSSL_PARAM params[6], *p = params;
1292 char kdftype = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV;
1293 unsigned char out[8];
1294 /* Test data from NIST CAVS 14.1 test vectors */
1295 static unsigned char key[] = {
1296 0x00, 0x00, 0x00, 0x81, 0x00, 0x87, 0x5c, 0x55, 0x1c, 0xef, 0x52, 0x6a,
1297 0x4a, 0x8b, 0xe1, 0xa7, 0xdf, 0x27, 0xe9, 0xed, 0x35, 0x4b, 0xac, 0x9a,
1298 0xfb, 0x71, 0xf5, 0x3d, 0xba, 0xe9, 0x05, 0x67, 0x9d, 0x14, 0xf9, 0xfa,
1299 0xf2, 0x46, 0x9c, 0x53, 0x45, 0x7c, 0xf8, 0x0a, 0x36, 0x6b, 0xe2, 0x78,
1300 0x96, 0x5b, 0xa6, 0x25, 0x52, 0x76, 0xca, 0x2d, 0x9f, 0x4a, 0x97, 0xd2,
1301 0x71, 0xf7, 0x1e, 0x50, 0xd8, 0xa9, 0xec, 0x46, 0x25, 0x3a, 0x6a, 0x90,
1302 0x6a, 0xc2, 0xc5, 0xe4, 0xf4, 0x8b, 0x27, 0xa6, 0x3c, 0xe0, 0x8d, 0x80,
1303 0x39, 0x0a, 0x49, 0x2a, 0xa4, 0x3b, 0xad, 0x9d, 0x88, 0x2c, 0xca, 0xc2,
1304 0x3d, 0xac, 0x88, 0xbc, 0xad, 0xa4, 0xb4, 0xd4, 0x26, 0xa3, 0x62, 0x08,
1305 0x3d, 0xab, 0x65, 0x69, 0xc5, 0x4c, 0x22, 0x4d, 0xd2, 0xd8, 0x76, 0x43,
1306 0xaa, 0x22, 0x76, 0x93, 0xe1, 0x41, 0xad, 0x16, 0x30, 0xce, 0x13, 0x14,
1307 0x4e
1308 };
1309 static unsigned char xcghash[] = {
1310 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
1311 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
1312 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
1313 };
1314 static unsigned char sessid[] = {
1315 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
1316 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
1317 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
1318 };
1319 static const unsigned char expected[sizeof(out)] = {
1320 0x41, 0xff, 0x2e, 0xad, 0x16, 0x83, 0xf1, 0xe6
1321 };
1322
1323 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
1324 (char *)"sha256", 0);
1325 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key,
1326 sizeof(key));
1327 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_XCGHASH,
1328 xcghash, sizeof(xcghash));
1329 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_SESSION_ID,
1330 sessid, sizeof(sessid));
1331 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE,
1332 &kdftype, sizeof(kdftype));
1333 *p = OSSL_PARAM_construct_end();
1334
1335 ret =
1336 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSHKDF))
1337 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
1338 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1339
1340 EVP_KDF_CTX_free(kctx);
1341 return ret;
1342 }
1343
1344 static int test_kdfs_same( EVP_KDF *kdf1, EVP_KDF *kdf2)
1345 {
1346 /* Fast path in case the two are the same algorithm pointer */
1347 if (kdf1 == kdf2)
1348 return 1;
1349 /*
1350 * Compare their names and providers instead.
1351 * This is necessary in a non-caching build (or a cache flush during fetch)
1352 * because without the algorithm in the cache, fetching it a second time
1353 * will result in a different pointer.
1354 */
1355 return TEST_ptr_eq(EVP_KDF_provider(kdf1), EVP_KDF_provider(kdf2))
1356 && TEST_str_eq(EVP_KDF_name(kdf1), EVP_KDF_name(kdf2));
1357 }
1358
1359 static int test_kdf_get_kdf(void)
1360 {
1361 EVP_KDF *kdf1 = NULL, *kdf2 = NULL;
1362 ASN1_OBJECT *obj;
1363 int ok = 1;
1364
1365 if (!TEST_ptr(obj = OBJ_nid2obj(NID_id_pbkdf2))
1366 || !TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_PBKDF2, NULL))
1367 || !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(OBJ_obj2nid(obj)),
1368 NULL))
1369 || !test_kdfs_same(kdf1, kdf2))
1370 ok = 0;
1371 EVP_KDF_free(kdf1);
1372 kdf1 = NULL;
1373 EVP_KDF_free(kdf2);
1374 kdf2 = NULL;
1375
1376 if (!TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, SN_tls1_prf, NULL))
1377 || !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, LN_tls1_prf, NULL))
1378 || !test_kdfs_same(kdf1, kdf2))
1379 ok = 0;
1380 /* kdf1 is re-used below, so don't free it here */
1381 EVP_KDF_free(kdf2);
1382 kdf2 = NULL;
1383
1384 if (!TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(NID_tls1_prf), NULL))
1385 || !test_kdfs_same(kdf1, kdf2))
1386 ok = 0;
1387 EVP_KDF_free(kdf1);
1388 kdf1 = NULL;
1389 EVP_KDF_free(kdf2);
1390 kdf2 = NULL;
1391
1392 return ok;
1393 }
1394
1395 #if !defined(OPENSSL_NO_CMS) && !defined(OPENSSL_NO_DES)
1396 static int test_kdf_x942_asn1(void)
1397 {
1398 int ret;
1399 EVP_KDF_CTX *kctx = NULL;
1400 OSSL_PARAM params[4], *p = params;
1401 const char *cek_alg = SN_id_smime_alg_CMS3DESwrap;
1402 unsigned char out[24];
1403 /* RFC2631 Section 2.1.6 Test data */
1404 static unsigned char z[] = {
1405 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,
1406 0x0e,0x0f,0x10,0x11,0x12,0x13
1407 };
1408 static const unsigned char expected[sizeof(out)] = {
1409 0xa0,0x96,0x61,0x39,0x23,0x76,0xf7,0x04,
1410 0x4d,0x90,0x52,0xa3,0x97,0x88,0x32,0x46,
1411 0xb6,0x7f,0x5f,0x1e,0xf6,0x3e,0xb5,0xfb
1412 };
1413
1414 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
1415 (char *)"sha1", 0);
1416 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z,
1417 sizeof(z));
1418 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG,
1419 (char *)cek_alg, 0);
1420 *p = OSSL_PARAM_construct_end();
1421
1422 ret =
1423 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X942KDF_ASN1))
1424 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
1425 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1426
1427 EVP_KDF_CTX_free(kctx);
1428 return ret;
1429 }
1430 #endif /* OPENSSL_NO_CMS */
1431
1432 static int test_kdf_krb5kdf(void)
1433 {
1434 int ret;
1435 EVP_KDF_CTX *kctx;
1436 OSSL_PARAM params[4], *p = params;
1437 unsigned char out[16];
1438 static unsigned char key[] = {
1439 0x42, 0x26, 0x3C, 0x6E, 0x89, 0xF4, 0xFC, 0x28,
1440 0xB8, 0xDF, 0x68, 0xEE, 0x09, 0x79, 0x9F, 0x15
1441 };
1442 static unsigned char constant[] = {
1443 0x00, 0x00, 0x00, 0x02, 0x99
1444 };
1445 static const unsigned char expected[sizeof(out)] = {
1446 0x34, 0x28, 0x0A, 0x38, 0x2B, 0xC9, 0x27, 0x69,
1447 0xB2, 0xDA, 0x2F, 0x9E, 0xF0, 0x66, 0x85, 0x4B
1448 };
1449
1450 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER,
1451 (char *)"AES-128-CBC", 0);
1452 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key,
1453 sizeof(key));
1454 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_CONSTANT,
1455 constant, sizeof(constant));
1456 *p = OSSL_PARAM_construct_end();
1457
1458 ret =
1459 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_KRB5KDF))
1460 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
1461 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1462
1463 EVP_KDF_CTX_free(kctx);
1464 return ret;
1465 }
1466
1467 int setup_tests(void)
1468 {
1469 ADD_TEST(test_kdf_pbkdf1);
1470 #if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_CAMELLIA)
1471 ADD_TEST(test_kdf_kbkdf_6803_128);
1472 ADD_TEST(test_kdf_kbkdf_6803_256);
1473 #endif
1474 ADD_TEST(test_kdf_kbkdf_invalid_digest);
1475 ADD_TEST(test_kdf_kbkdf_invalid_mac);
1476 ADD_TEST(test_kdf_kbkdf_zero_output_size);
1477 ADD_TEST(test_kdf_kbkdf_empty_key);
1478 ADD_TEST(test_kdf_kbkdf_1byte_key);
1479 ADD_TEST(test_kdf_kbkdf_8009_prf1);
1480 ADD_TEST(test_kdf_kbkdf_8009_prf2);
1481 #if !defined(OPENSSL_NO_CMAC)
1482 ADD_TEST(test_kdf_kbkdf_fixedinfo);
1483 #endif
1484 ADD_TEST(test_kdf_get_kdf);
1485 ADD_TEST(test_kdf_tls1_prf);
1486 ADD_TEST(test_kdf_tls1_prf_invalid_digest);
1487 ADD_TEST(test_kdf_tls1_prf_zero_output_size);
1488 ADD_TEST(test_kdf_tls1_prf_empty_secret);
1489 ADD_TEST(test_kdf_tls1_prf_1byte_secret);
1490 ADD_TEST(test_kdf_tls1_prf_empty_seed);
1491 ADD_TEST(test_kdf_tls1_prf_1byte_seed);
1492 ADD_TEST(test_kdf_hkdf);
1493 ADD_TEST(test_kdf_hkdf_invalid_digest);
1494 ADD_TEST(test_kdf_hkdf_zero_output_size);
1495 ADD_TEST(test_kdf_hkdf_empty_key);
1496 ADD_TEST(test_kdf_hkdf_1byte_key);
1497 ADD_TEST(test_kdf_hkdf_empty_salt);
1498 ADD_TEST(test_kdf_pbkdf2);
1499 ADD_TEST(test_kdf_pbkdf2_small_output);
1500 ADD_TEST(test_kdf_pbkdf2_large_output);
1501 ADD_TEST(test_kdf_pbkdf2_small_salt);
1502 ADD_TEST(test_kdf_pbkdf2_small_iterations);
1503 ADD_TEST(test_kdf_pbkdf2_small_salt_pkcs5);
1504 ADD_TEST(test_kdf_pbkdf2_small_iterations_pkcs5);
1505 ADD_TEST(test_kdf_pbkdf2_invalid_digest);
1506 #ifndef OPENSSL_NO_SCRYPT
1507 ADD_TEST(test_kdf_scrypt);
1508 #endif
1509 ADD_TEST(test_kdf_ss_hash);
1510 ADD_TEST(test_kdf_ss_hmac);
1511 ADD_TEST(test_kdf_ss_kmac);
1512 ADD_TEST(test_kdf_sshkdf);
1513 ADD_TEST(test_kdf_x963);
1514 #if !defined(OPENSSL_NO_CMS) && !defined(OPENSSL_NO_DES)
1515 ADD_TEST(test_kdf_x942_asn1);
1516 #endif
1517 ADD_TEST(test_kdf_krb5kdf);
1518 return 1;
1519 }
A mirror of the official openssl repository