static int pkey_kdf_test_run(EVP_TEST *t)
{
+ int ret = 1;
PKEY_KDF_DATA *expected = t->data;
unsigned char *got = NULL;
size_t got_len = 0;
t->err = "KDF_DERIVE_ERROR";
goto err;
}
+ if (!pkey_check_fips_approved(expected->ctx, t)) {
+ ret = 0;
+ goto err;
+ }
if (!TEST_mem_eq(expected->output, expected->output_len, got, got_len)) {
t->err = "KDF_MISMATCH";
goto err;
err:
OPENSSL_free(got);
- return 1;
+ return ret;
}
static const EVP_TEST_METHOD pkey_kdf_test_method = {
Ctrl.salt = hexsalt:000102030405060708090a0b0c
Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9
Result = KDF_CTRL_ERROR
+
+Title = FIPS indicator tests
+
+# Test that the key whose length is shorter than 112 bits is rejected
+FIPSversion = >=3.4.0
+KDF = HKDF
+Ctrl.digest = digest:SHA1
+Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b
+Ctrl.salt = hexsalt:000102030405060708090a0b0c
+Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9
+Result = KDF_DERIVE_ERROR
+
+# Test that the key whose length is shorter than 112 bits is reported as
+# unapproved
+FIPSversion = >=3.4.0
+KDF = HKDF
+Unapproved = 1
+Ctrl.key-check = key-check:0
+Ctrl.digest = digest:SHA1
+Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b
+Ctrl.salt = hexsalt:000102030405060708090a0b0c
+Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9
+Output = 085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896
Ctrl.hexsecret = hexsecret:d09a6b1a472f930db4f5e6b967900744
Ctrl.hexinfo = hexinfo:b117255ab5f1b6b96fc434b0
Result = KDF_CTRL_ERROR
+
+Title = FIPS indicator tests
+
+# Test that the key whose length is shorter than 112 bits is rejected
+FIPSversion = >=3.4.0
+KDF = SSKDF
+Ctrl.digest = digest:SHA1
+Ctrl.hexsecret = hexsecret:d7e6
+Ctrl.hexinfo = hexinfo:0bbe1fa8722023d7c3da4fff
+Result = KDF_DERIVE_ERROR
+
+# Test that the key whose length is shorter than 112 bits is reported as
+# unapproved
+FIPSversion = >=3.4.0
+KDF = SSKDF
+Unapproved = 1
+Ctrl.key-check = key-check:0
+Ctrl.digest = digest:SHA1
+Ctrl.hexsecret = hexsecret:d7e6
+Ctrl.hexinfo = hexinfo:0bbe1fa8722023d7c3da4fff
+Output = 31e798e9931b612a3ad1b9b1008faa8c
Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245
Ctrl.type = type:A
Output = d37ea221cbcc026d95e8c10b7d28a1b41e4ec1b497bae0e4cdbc1446e5bd59e2
+
+# Test that the key whose length is shorter than 112 bits is rejected
+FIPSversion = >=3.4.0
+KDF = SSHKDF
+Ctrl.digest = digest:SHA1
+Ctrl.hexkey = hexkey:0102030405060708090a0b
+Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245
+Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245
+Ctrl.type = type:A
+Result = KDF_DERIVE_ERROR
+
+# Test that the key whose length is shorter than 112 bits is reported as
+# unapproved
+FIPSversion = >=3.4.0
+KDF = SSHKDF
+Unapproved = 1
+Ctrl.key-check = key-check:0
+Ctrl.digest = digest:SHA1
+Ctrl.hexkey = hexkey:0102030405060708090a0b
+Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245
+Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245
+Ctrl.type = type:A
+Output = 825b46b410c8b6ea
Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
Output = 17be20a3b4cc05524d7de353b2f125537c23372144111b0367bda166fcfc09cf1c94909a408b986f53afbdc41d93ae09
+
+
+# Test that the key whose length is shorter than 112 bits is rejected
+FIPSversion = >=3.4.0
+KDF = TLS1-PRF
+Ctrl.digest = digest:SHA256
+Ctrl.Secret = hexsecret:0102030405060708090a0b
+Ctrl.label = seed:extended master secret
+Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
+Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
+Result = KDF_DERIVE_ERROR
+
+# Test that the key whose length is shorter than 112 bits is reported as
+# unapproved
+FIPSversion = >=3.4.0
+KDF = TLS1-PRF
+Unapproved = 1
+Ctrl.key-check = key-check:0
+Ctrl.digest = digest:SHA256
+Ctrl.Secret = hexsecret:0102030405060708090a0b
+Ctrl.label = seed:extended master secret
+Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
+Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
+Output = 8cb203c99a13871fd96cecd2770720df3c4ebd49e1cbc956fddb400f9c051fb69b63d7abb2f996f4e4d1ac0e9153f51b
Ctrl.digest = digest:SHA512-256
Ctrl.key = hexkey:f8af6aea2d397baf2948a25b2834200692cff17eee9165e4e27babee9edefd05
Output = c8240b43113bb8bd211ee97c5145d389e8074f76eeeaac74eb55691062a436e4
+
+# Test that the key whose length is shorter than 112 bits is rejected
+FIPSversion = >=3.4.0
+KDF = TLS13-KDF
+Ctrl.mode = mode:EXTRACT_ONLY
+Ctrl.digest = digest:SHA2-256
+Ctrl.key = hexkey:0102030405060708090a0b
+Result = KDF_DERIVE_ERROR
+
+FIPSversion = >=3.4.0
+KDF = TLS13-KDF
+Ctrl.mode = mode:EXPAND_ONLY
+Ctrl.digest = digest:SHA2-256
+Ctrl.key = hexkey:0102030405060708090a0b
+Ctrl.data = hexdata:7c92f68bd5bf3638ea338a6494722e1b44127e1b7e8aad535f2322a644ff22b3
+Ctrl.prefix = hexprefix:746c73313320
+Ctrl.label = hexlabel:6320652074726166666963
+Result = KDF_DERIVE_ERROR
+
+# Test that the key whose length is shorter than 112 bits is reported as
+# unapproved
+FIPSversion = >=3.4.0
+KDF = TLS13-KDF
+Unapproved = 1
+Ctrl.key-check = key-check:0
+Ctrl.mode = mode:EXTRACT_ONLY
+Ctrl.digest = digest:SHA2-256
+Ctrl.key = hexkey:0102030405060708090a0b
+Output = ac5ae06e0f6bff82f6256f0fc9fb943554752ba0c93f42ee6499b99c9e5c24a8
+
+FIPSversion = >=3.4.0
+KDF = TLS13-KDF
+Unapproved = 1
+Ctrl.key-check = key-check:0
+Ctrl.mode = mode:EXPAND_ONLY
+Ctrl.digest = digest:SHA2-256
+Ctrl.key = hexkey:0b0b0b0b0b0b0b0b0b0b0b
+Ctrl.data = hexdata:7c92f68bd5bf3638ea338a6494722e1b44127e1b7e8aad535f2322a644ff22b3
+Ctrl.prefix = hexprefix:746c73313320
+Ctrl.label = hexlabel:6320652074726166666963
+Output = a8464234c7957b85460bf7abda8e20aa43b9e0944c02d76c1c28672619cf6978
Ctrl.hexsecret = hexsecret:fd17198b89ab39c4ab5d7cca363b82f9fd7e23c3984dc8a2
Ctrl.hexinfo = hexinfo:856a53f3e36a26bbc5792879f307cce2
Output = 6e5fad865cb4a51c95209b16df0cc490bc2c9064405c5bccd4ee4832a531fbe7f10cb79e2eab6ab1149fbd5a23cfdabc41242269c9df22f628c4424333855b64e95e2d4fb8469c669f17176c07d103376b10b384ec5763d8b8c610409f19aca8eb31f9d85cc61a8d6d4a03d03e5a506b78d6847e93d295ee548c65afedd2efec
+
+# Test that the key whose length is shorter than 112 bits is rejected
+FIPSversion = >=3.4.0
+KDF = X963KDF
+Ctrl.digest = digest:SHA224
+Ctrl.hexsecret = hexsecret:0102030405060908090a0b
+Ctrl.hexinfo = hexinfo:0102030405060708090a0b0c0d0e0f10
+Result = KDF_DERIVE_ERROR
+
+# Test that the key whose length is shorter than 112 bits is reported as
+# unapproved
+FIPSversion = >=3.4.0
+KDF = X963KDF
+Unapproved = 1
+Ctrl.key-check = key-check:0
+Ctrl.digest = digest:SHA224
+Ctrl.hexsecret = hexsecret:0102030405060908090a0b
+Ctrl.hexinfo = hexinfo:0102030405060708090a0b0c0d0e0f10
+Output = cdbb95eaacfd7df6bee013777ad8cd39129db2b61be91d20bb4a0130deccbd265e1f81c5a7112a7ac463204bd354b47eea04b63404ed4a1d8a991d3c9e17ab22c6f8a23686f3fea364a1a2b22cb6210e99ec0ed24f27779f028f68239f12fc572b23694d4dc6063f602b4496cec6f2698f69b24bbffba7127d8a1c9a49c96a83
Ctrl.salt = hexsalt:000102030405060708090a0b0c
Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9
Result = PKEY_CTRL_ERROR
+
+Title = FIPS indicator tests
+
+# Test that the key whose length is shorter than 112 bits is rejected
+FIPSversion = >=3.4.0
+PKEYKDF = HKDF
+Ctrl.digest = digest:SHA1
+Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b
+Ctrl.salt = hexsalt:000102030405060708090a0b0c
+Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9
+Result = KDF_DERIVE_ERROR
+
+# Test that the key whose length is shorter than 112 bits is reported as
+# unapproved
+FIPSversion = >=3.4.0
+PKEYKDF = HKDF
+Unapproved = 1
+Ctrl.key-check = key-check:0
+Ctrl.digest = digest:SHA1
+Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b
+Ctrl.salt = hexsalt:000102030405060708090a0b0c
+Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9
+Output = 085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896
Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
Output = 17be20a3b4cc05524d7de353b2f125537c23372144111b0367bda166fcfc09cf1c94909a408b986f53afbdc41d93ae09
+
+# Test that the key whose length is shorter than 112 bits is rejected
+FIPSversion = >=3.4.0
+PKEYKDF = TLS1-PRF
+Ctrl.digest = digest:SHA256
+Ctrl.Secret = hexsecret:0102030405060708090a0b
+Ctrl.label = seed:extended master secret
+Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
+Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
+Result = KDF_DERIVE_ERROR
+
+# Test that the key whose length is shorter than 112 bits is reported as
+# unapproved
+FIPSversion = >=3.4.0
+PKEYKDF = TLS1-PRF
+Unapproved = 1
+Ctrl.key-check = key-check:0
+Ctrl.digest = digest:SHA256
+Ctrl.Secret = hexsecret:0102030405060708090a0b
+Ctrl.label = seed:extended master secret
+Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
+Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
+Output = 8cb203c99a13871fd96cecd2770720df3c4ebd49e1cbc956fddb400f9c051fb69b63d7abb2f996f4e4d1ac0e9153f51b
projects / thirdparty / openssl.git / commitdiff
