]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/evp_kdf_test.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Remove getenv(OPENSSL_FIPS) in openssl command
[thirdparty/openssl.git] / test / evp_kdf_test.c
1 /*
2 * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved.
4 *
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
9 */
10
11 /* Tests of the EVP_KDF_CTX APIs */
12
13 #include <stdio.h>
14 #include <string.h>
15
16 #include <openssl/evp.h>
17 #include <openssl/kdf.h>
18 #include <openssl/core_names.h>
19 #include "testutil.h"
20
21 static EVP_KDF_CTX *get_kdfbyname(const char *name)
22 {
23 EVP_KDF *kdf = EVP_KDF_fetch(NULL, name, NULL);
24 EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
25
26 EVP_KDF_free(kdf);
27 return kctx;
28 }
29
30 static int test_kdf_tls1_prf(void)
31 {
32 int ret;
33 EVP_KDF_CTX *kctx = NULL;
34 unsigned char out[16];
35 OSSL_PARAM params[4], *p = params;
36 static const unsigned char expected[sizeof(out)] = {
37 0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0,
38 0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc
39 };
40
41 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
42 (char *)"sha256", sizeof("sha256"));
43 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
44 (unsigned char *)"secret",
45 (size_t)6);
46 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
47 (unsigned char *)"seed",
48 (size_t)4);
49 *p = OSSL_PARAM_construct_end();
50
51 ret =
52 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
53 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
54 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
55 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
56
57 EVP_KDF_CTX_free(kctx);
58 return ret;
59 }
60
61 static int test_kdf_hkdf(void)
62 {
63 int ret;
64 EVP_KDF_CTX *kctx;
65 unsigned char out[10];
66 OSSL_PARAM params[5], *p = params;
67 static const unsigned char expected[sizeof(out)] = {
68 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13
69 };
70
71 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
72 (char *)"sha256", sizeof("sha256"));
73 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
74 (unsigned char *)"salt", 4);
75 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
76 (unsigned char *)"secret", 6);
77 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
78 (unsigned char *)"label", 5);
79 *p = OSSL_PARAM_construct_end();
80
81 ret =
82 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
83 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
84 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
85 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
86
87 EVP_KDF_CTX_free(kctx);
88 return ret;
89 }
90
91 static int test_kdf_pbkdf2(void)
92 {
93 int ret = 0;
94 EVP_KDF_CTX *kctx;
95 unsigned char out[25];
96 size_t len = 0;
97 unsigned int iterations = 4096;
98 int mode = 0;
99 OSSL_PARAM params[6], *p = params;
100 const unsigned char expected[sizeof(out)] = {
101 0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f,
102 0x32, 0xd8, 0x14, 0xb8, 0x11, 0x6e, 0x84, 0xcf,
103 0x2b, 0x17, 0x34, 0x7e, 0xbc, 0x18, 0x00, 0x18,
104 0x1c
105 };
106
107 if (sizeof(len) > 32)
108 len = SIZE_MAX;
109
110 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
111 (unsigned char *)
112 "passwordPASSWORDpassword", 24);
113 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
114 (unsigned char *)
115 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
116 36);
117 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_ITER, &iterations);
118 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
119 (char *)"sha256", 7);
120 *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &mode);
121 *p = OSSL_PARAM_construct_end();
122
123 if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
124 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
125 || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
126 || !TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))
127 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
128 /* A key length that is too small should fail */
129 || !TEST_int_eq(EVP_KDF_derive(kctx, out, 112 / 8 - 1), 0)
130 /* A key length that is too large should fail */
131 || (len != 0 && !TEST_int_eq(EVP_KDF_derive(kctx, out, len), 0)))
132 goto err;
133 #if 0
134 /* TODO */
135 /* Salt length less than 128 bits should fail */
136 || TEST_int_eq(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT,
137 "123456781234567",
138 (size_t)15), 0)
139 /* A small iteration count should fail */
140 || TEST_int_eq(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 1), 0)
141 || TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE,
142 1), 0)
143 /* Small salts will pass if the "pkcs5" mode is enabled */
144 || TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT,
145 "123456781234567",
146 (size_t)15), 0)
147 /* A small iteration count will pass if "pkcs5" mode is enabled */
148 || TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 1), 0)
149 /*
150 * If the "pkcs5" mode is disabled then the small salt and iter will
151 * fail when the derive gets called.
152 */
153 || TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE,
154 0), 0)
155 || TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out)), 0);
156 #endif
157 ret = 1;
158 err:
159 EVP_KDF_CTX_free(kctx);
160 return ret;
161 }
162
163 #ifndef OPENSSL_NO_SCRYPT
164 static int test_kdf_scrypt(void)
165 {
166 int ret;
167 EVP_KDF_CTX *kctx;
168 OSSL_PARAM params[7], *p = params;
169 unsigned char out[64];
170 unsigned int nu = 1024, ru = 8, pu = 16, maxmem = 16;
171 static const unsigned char expected[sizeof(out)] = {
172 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
173 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
174 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
175 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
176 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
177 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
178 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
179 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
180 };
181
182 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
183 (char *)"password", 8);
184 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
185 (char *)"NaCl", 4);
186 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_N, &nu);
187 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_R, &ru);
188 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_P, &pu);
189 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_MAXMEM, &maxmem);
190 *p = OSSL_PARAM_construct_end();
191
192 ret =
193 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SCRYPT))
194 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
195 /* failure test *//*
196 && TEST_int_le(EVP_KDF_derive(kctx, out, sizeof(out)), 0)*/
197 && TEST_true(OSSL_PARAM_set_uint(p - 1, 10 * 1024 * 1024))
198 && TEST_true(EVP_KDF_CTX_set_params(kctx, p - 1))
199 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
200 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
201
202 EVP_KDF_CTX_free(kctx);
203 return ret;
204 }
205 #endif /* OPENSSL_NO_SCRYPT */
206
207 static int test_kdf_ss_hash(void)
208 {
209 int ret;
210 EVP_KDF_CTX *kctx;
211 OSSL_PARAM params[4], *p = params;
212 unsigned char out[14];
213 static unsigned char z[] = {
214 0x6d,0xbd,0xc2,0x3f,0x04,0x54,0x88,0xe4,0x06,0x27,0x57,0xb0,0x6b,0x9e,
215 0xba,0xe1,0x83,0xfc,0x5a,0x59,0x46,0xd8,0x0d,0xb9,0x3f,0xec,0x6f,0x62,
216 0xec,0x07,0xe3,0x72,0x7f,0x01,0x26,0xae,0xd1,0x2c,0xe4,0xb2,0x62,0xf4,
217 0x7d,0x48,0xd5,0x42,0x87,0xf8,0x1d,0x47,0x4c,0x7c,0x3b,0x18,0x50,0xe9
218 };
219 static unsigned char other[] = {
220 0xa1,0xb2,0xc3,0xd4,0xe5,0x43,0x41,0x56,0x53,0x69,0x64,0x3c,0x83,0x2e,
221 0x98,0x49,0xdc,0xdb,0xa7,0x1e,0x9a,0x31,0x39,0xe6,0x06,0xe0,0x95,0xde,
222 0x3c,0x26,0x4a,0x66,0xe9,0x8a,0x16,0x58,0x54,0xcd,0x07,0x98,0x9b,0x1e,
223 0xe0,0xec,0x3f,0x8d,0xbe
224 };
225 static const unsigned char expected[sizeof(out)] = {
226 0xa4,0x62,0xde,0x16,0xa8,0x9d,0xe8,0x46,0x6e,0xf5,0x46,0x0b,0x47,0xb8
227 };
228
229 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
230 (char *)"sha224", sizeof("sha224"));
231 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
232 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
233 sizeof(other));
234 *p = OSSL_PARAM_construct_end();
235
236 ret =
237 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
238 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
239 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
240 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
241
242 EVP_KDF_CTX_free(kctx);
243 return ret;
244 }
245
246 static int test_kdf_x963(void)
247 {
248 int ret;
249 EVP_KDF_CTX *kctx;
250 OSSL_PARAM params[4], *p = params;
251 unsigned char out[1024 / 8];
252 /*
253 * Test data from https://csrc.nist.gov/CSRC/media/Projects/
254 * Cryptographic-Algorithm-Validation-Program/documents/components/
255 * 800-135testvectors/ansx963_2001.zip
256 */
257 static unsigned char z[] = {
258 0x00, 0xaa, 0x5b, 0xb7, 0x9b, 0x33, 0xe3, 0x89, 0xfa, 0x58, 0xce, 0xad,
259 0xc0, 0x47, 0x19, 0x7f, 0x14, 0xe7, 0x37, 0x12, 0xf4, 0x52, 0xca, 0xa9,
260 0xfc, 0x4c, 0x9a, 0xdb, 0x36, 0x93, 0x48, 0xb8, 0x15, 0x07, 0x39, 0x2f,
261 0x1a, 0x86, 0xdd, 0xfd, 0xb7, 0xc4, 0xff, 0x82, 0x31, 0xc4, 0xbd, 0x0f,
262 0x44, 0xe4, 0x4a, 0x1b, 0x55, 0xb1, 0x40, 0x47, 0x47, 0xa9, 0xe2, 0xe7,
263 0x53, 0xf5, 0x5e, 0xf0, 0x5a, 0x2d
264 };
265 static unsigned char shared[] = {
266 0xe3, 0xb5, 0xb4, 0xc1, 0xb0, 0xd5, 0xcf, 0x1d, 0x2b, 0x3a, 0x2f, 0x99,
267 0x37, 0x89, 0x5d, 0x31
268 };
269 static const unsigned char expected[sizeof(out)] = {
270 0x44, 0x63, 0xf8, 0x69, 0xf3, 0xcc, 0x18, 0x76, 0x9b, 0x52, 0x26, 0x4b,
271 0x01, 0x12, 0xb5, 0x85, 0x8f, 0x7a, 0xd3, 0x2a, 0x5a, 0x2d, 0x96, 0xd8,
272 0xcf, 0xfa, 0xbf, 0x7f, 0xa7, 0x33, 0x63, 0x3d, 0x6e, 0x4d, 0xd2, 0xa5,
273 0x99, 0xac, 0xce, 0xb3, 0xea, 0x54, 0xa6, 0x21, 0x7c, 0xe0, 0xb5, 0x0e,
274 0xef, 0x4f, 0x6b, 0x40, 0xa5, 0xc3, 0x02, 0x50, 0xa5, 0xa8, 0xee, 0xee,
275 0x20, 0x80, 0x02, 0x26, 0x70, 0x89, 0xdb, 0xf3, 0x51, 0xf3, 0xf5, 0x02,
276 0x2a, 0xa9, 0x63, 0x8b, 0xf1, 0xee, 0x41, 0x9d, 0xea, 0x9c, 0x4f, 0xf7,
277 0x45, 0xa2, 0x5a, 0xc2, 0x7b, 0xda, 0x33, 0xca, 0x08, 0xbd, 0x56, 0xdd,
278 0x1a, 0x59, 0xb4, 0x10, 0x6c, 0xf2, 0xdb, 0xbc, 0x0a, 0xb2, 0xaa, 0x8e,
279 0x2e, 0xfa, 0x7b, 0x17, 0x90, 0x2d, 0x34, 0x27, 0x69, 0x51, 0xce, 0xcc,
280 0xab, 0x87, 0xf9, 0x66, 0x1c, 0x3e, 0x88, 0x16
281 };
282
283 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
284 (char *)"sha512", sizeof("sha512"));
285 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
286 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, shared,
287 sizeof(shared));
288 *p = OSSL_PARAM_construct_end();
289
290 ret =
291 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X963KDF))
292 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
293 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
294 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
295
296 EVP_KDF_CTX_free(kctx);
297 return ret;
298 }
299
300 #if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_CAMELLIA)
301 /*
302 * KBKDF test vectors from RFC 6803 (Camellia Encryption for Kerberos 5)
303 * section 10.
304 */
305 static int test_kdf_kbkdf_6803_128(void)
306 {
307 int ret = 0, i, p;
308 EVP_KDF_CTX *kctx;
309 OSSL_PARAM params[7];
310 static unsigned char input_key[] = {
311 0x57, 0xD0, 0x29, 0x72, 0x98, 0xFF, 0xD9, 0xD3,
312 0x5D, 0xE5, 0xA4, 0x7F, 0xB4, 0xBD, 0xE2, 0x4B,
313 };
314 static unsigned char constants[][5] = {
315 { 0x00, 0x00, 0x00, 0x02, 0x99 },
316 { 0x00, 0x00, 0x00, 0x02, 0xaa },
317 { 0x00, 0x00, 0x00, 0x02, 0x55 },
318 };
319 static unsigned char outputs[][16] = {
320 {0xD1, 0x55, 0x77, 0x5A, 0x20, 0x9D, 0x05, 0xF0,
321 0x2B, 0x38, 0xD4, 0x2A, 0x38, 0x9E, 0x5A, 0x56},
322 {0x64, 0xDF, 0x83, 0xF8, 0x5A, 0x53, 0x2F, 0x17,
323 0x57, 0x7D, 0x8C, 0x37, 0x03, 0x57, 0x96, 0xAB},
324 {0x3E, 0x4F, 0xBD, 0xF3, 0x0F, 0xB8, 0x25, 0x9C,
325 0x42, 0x5C, 0xB6, 0xC9, 0x6F, 0x1F, 0x46, 0x35}
326 };
327 static unsigned char iv[16] = { 0 };
328 unsigned char result[16] = { 0 };
329
330 for (i = 0; i < 3; i++) {
331 p = 0;
332 params[p++] = OSSL_PARAM_construct_utf8_string(
333 OSSL_KDF_PARAM_CIPHER, "CAMELLIA-128-CBC", 0);
334 params[p++] = OSSL_PARAM_construct_utf8_string(
335 OSSL_KDF_PARAM_MAC, "CMAC", 0);
336 params[p++] = OSSL_PARAM_construct_utf8_string(
337 OSSL_KDF_PARAM_MODE, "FEEDBACK", 0);
338 params[p++] = OSSL_PARAM_construct_octet_string(
339 OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
340 params[p++] = OSSL_PARAM_construct_octet_string(
341 OSSL_KDF_PARAM_SALT, constants[i], sizeof(constants[i]));
342 params[p++] = OSSL_PARAM_construct_octet_string(
343 OSSL_KDF_PARAM_SEED, iv, sizeof(iv));
344 params[p] = OSSL_PARAM_construct_end();
345
346 kctx = get_kdfbyname("KBKDF");
347 ret = TEST_ptr(kctx)
348 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
349 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0)
350 && TEST_mem_eq(result, sizeof(result), outputs[i],
351 sizeof(outputs[i]));
352 EVP_KDF_CTX_free(kctx);
353 if (ret != 1)
354 return ret;
355 }
356
357 return ret;
358 }
359
360 static int test_kdf_kbkdf_6803_256(void)
361 {
362 int ret = 0, i, p;
363 EVP_KDF_CTX *kctx;
364 OSSL_PARAM params[7];
365 static unsigned char input_key[] = {
366 0xB9, 0xD6, 0x82, 0x8B, 0x20, 0x56, 0xB7, 0xBE,
367 0x65, 0x6D, 0x88, 0xA1, 0x23, 0xB1, 0xFA, 0xC6,
368 0x82, 0x14, 0xAC, 0x2B, 0x72, 0x7E, 0xCF, 0x5F,
369 0x69, 0xAF, 0xE0, 0xC4, 0xDF, 0x2A, 0x6D, 0x2C,
370 };
371 static unsigned char constants[][5] = {
372 { 0x00, 0x00, 0x00, 0x02, 0x99 },
373 { 0x00, 0x00, 0x00, 0x02, 0xaa },
374 { 0x00, 0x00, 0x00, 0x02, 0x55 },
375 };
376 static unsigned char outputs[][32] = {
377 {0xE4, 0x67, 0xF9, 0xA9, 0x55, 0x2B, 0xC7, 0xD3,
378 0x15, 0x5A, 0x62, 0x20, 0xAF, 0x9C, 0x19, 0x22,
379 0x0E, 0xEE, 0xD4, 0xFF, 0x78, 0xB0, 0xD1, 0xE6,
380 0xA1, 0x54, 0x49, 0x91, 0x46, 0x1A, 0x9E, 0x50,
381 },
382 {0x41, 0x2A, 0xEF, 0xC3, 0x62, 0xA7, 0x28, 0x5F,
383 0xC3, 0x96, 0x6C, 0x6A, 0x51, 0x81, 0xE7, 0x60,
384 0x5A, 0xE6, 0x75, 0x23, 0x5B, 0x6D, 0x54, 0x9F,
385 0xBF, 0xC9, 0xAB, 0x66, 0x30, 0xA4, 0xC6, 0x04,
386 },
387 {0xFA, 0x62, 0x4F, 0xA0, 0xE5, 0x23, 0x99, 0x3F,
388 0xA3, 0x88, 0xAE, 0xFD, 0xC6, 0x7E, 0x67, 0xEB,
389 0xCD, 0x8C, 0x08, 0xE8, 0xA0, 0x24, 0x6B, 0x1D,
390 0x73, 0xB0, 0xD1, 0xDD, 0x9F, 0xC5, 0x82, 0xB0,
391 },
392 };
393 static unsigned char iv[16] = { 0 };
394 unsigned char result[32] = { 0 };
395
396 for (i = 0; i < 3; i++) {
397 p = 0;
398 params[p++] = OSSL_PARAM_construct_utf8_string(
399 OSSL_KDF_PARAM_CIPHER, "CAMELLIA-256-CBC", 0);
400 params[p++] = OSSL_PARAM_construct_utf8_string(
401 OSSL_KDF_PARAM_MAC, "CMAC", 0);
402 params[p++] = OSSL_PARAM_construct_utf8_string(
403 OSSL_KDF_PARAM_MODE, "FEEDBACK", 0);
404 params[p++] = OSSL_PARAM_construct_octet_string(
405 OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
406 params[p++] = OSSL_PARAM_construct_octet_string(
407 OSSL_KDF_PARAM_SALT, constants[i], sizeof(constants[i]));
408 params[p++] = OSSL_PARAM_construct_octet_string(
409 OSSL_KDF_PARAM_SEED, iv, sizeof(iv));
410 params[p] = OSSL_PARAM_construct_end();
411
412 kctx = get_kdfbyname("KBKDF");
413 ret = TEST_ptr(kctx)
414 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
415 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0)
416 && TEST_mem_eq(result, sizeof(result), outputs[i],
417 sizeof(outputs[i]));
418 EVP_KDF_CTX_free(kctx);
419 if (ret != 1)
420 return ret;
421 }
422
423 return ret;
424 }
425 #endif
426
427 /* Two test vectors from RFC 8009 (AES Encryption with HMAC-SHA2 for Kerberos
428 * 5) appendix A. */
429 static int test_kdf_kbkdf_8009_prf1(void)
430 {
431 int ret, i = 0;
432 EVP_KDF_CTX *kctx;
433 OSSL_PARAM params[6];
434 char *label = "prf", *digest = "sha256", *prf_input = "test",
435 *mac = "HMAC";
436 static unsigned char input_key[] = {
437 0x37, 0x05, 0xD9, 0x60, 0x80, 0xC1, 0x77, 0x28,
438 0xA0, 0xE8, 0x00, 0xEA, 0xB6, 0xE0, 0xD2, 0x3C,
439 };
440 static unsigned char output[] = {
441 0x9D, 0x18, 0x86, 0x16, 0xF6, 0x38, 0x52, 0xFE,
442 0x86, 0x91, 0x5B, 0xB8, 0x40, 0xB4, 0xA8, 0x86,
443 0xFF, 0x3E, 0x6B, 0xB0, 0xF8, 0x19, 0xB4, 0x9B,
444 0x89, 0x33, 0x93, 0xD3, 0x93, 0x85, 0x42, 0x95,
445 };
446 unsigned char result[sizeof(output)] = { 0 };
447
448 params[i++] = OSSL_PARAM_construct_utf8_string(
449 OSSL_KDF_PARAM_DIGEST, digest, strlen(digest) + 1);
450 params[i++] = OSSL_PARAM_construct_utf8_string(
451 OSSL_KDF_PARAM_MAC, mac, strlen(mac) + 1);
452 params[i++] = OSSL_PARAM_construct_octet_string(
453 OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
454 params[i++] = OSSL_PARAM_construct_octet_string(
455 OSSL_KDF_PARAM_SALT, label, strlen(label));
456 params[i++] = OSSL_PARAM_construct_octet_string(
457 OSSL_KDF_PARAM_INFO, prf_input, strlen(prf_input));
458 params[i] = OSSL_PARAM_construct_end();
459
460 kctx = get_kdfbyname("KBKDF");
461 ret = TEST_ptr(kctx)
462 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
463 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0)
464 && TEST_mem_eq(result, sizeof(result), output, sizeof(output));
465
466 EVP_KDF_CTX_free(kctx);
467 return ret;
468 }
469
470 static int test_kdf_kbkdf_8009_prf2(void)
471 {
472 int ret, i = 0;
473 EVP_KDF_CTX *kctx;
474 OSSL_PARAM params[6];
475 char *label = "prf", *digest = "sha384", *prf_input = "test",
476 *mac = "HMAC";
477 static unsigned char input_key[] = {
478 0x6D, 0x40, 0x4D, 0x37, 0xFA, 0xF7, 0x9F, 0x9D,
479 0xF0, 0xD3, 0x35, 0x68, 0xD3, 0x20, 0x66, 0x98,
480 0x00, 0xEB, 0x48, 0x36, 0x47, 0x2E, 0xA8, 0xA0,
481 0x26, 0xD1, 0x6B, 0x71, 0x82, 0x46, 0x0C, 0x52,
482 };
483 static unsigned char output[] = {
484 0x98, 0x01, 0xF6, 0x9A, 0x36, 0x8C, 0x2B, 0xF6,
485 0x75, 0xE5, 0x95, 0x21, 0xE1, 0x77, 0xD9, 0xA0,
486 0x7F, 0x67, 0xEF, 0xE1, 0xCF, 0xDE, 0x8D, 0x3C,
487 0x8D, 0x6F, 0x6A, 0x02, 0x56, 0xE3, 0xB1, 0x7D,
488 0xB3, 0xC1, 0xB6, 0x2A, 0xD1, 0xB8, 0x55, 0x33,
489 0x60, 0xD1, 0x73, 0x67, 0xEB, 0x15, 0x14, 0xD2,
490 };
491 unsigned char result[sizeof(output)] = { 0 };
492
493 params[i++] = OSSL_PARAM_construct_utf8_string(
494 OSSL_KDF_PARAM_DIGEST, digest, strlen(digest) + 1);
495 params[i++] = OSSL_PARAM_construct_utf8_string(
496 OSSL_KDF_PARAM_MAC, mac, strlen(mac) + 1);
497 params[i++] = OSSL_PARAM_construct_octet_string(
498 OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
499 params[i++] = OSSL_PARAM_construct_octet_string(
500 OSSL_KDF_PARAM_SALT, label, strlen(label));
501 params[i++] = OSSL_PARAM_construct_octet_string(
502 OSSL_KDF_PARAM_INFO, prf_input, strlen(prf_input));
503 params[i] = OSSL_PARAM_construct_end();
504
505 kctx = get_kdfbyname("KBKDF");
506 ret = TEST_ptr(kctx)
507 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
508 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0)
509 && TEST_mem_eq(result, sizeof(result), output, sizeof(output));
510
511 EVP_KDF_CTX_free(kctx);
512 return ret;
513 }
514
515 static int test_kdf_ss_hmac(void)
516 {
517 int ret;
518 EVP_KDF_CTX *kctx;
519 OSSL_PARAM params[6], *p = params;
520 unsigned char out[16];
521 static unsigned char z[] = {
522 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
523 };
524 static unsigned char other[] = {
525 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
526 };
527 static unsigned char salt[] = {
528 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
529 0x3f,0x89
530 };
531 static const unsigned char expected[sizeof(out)] = {
532 0x44,0xf6,0x76,0xe8,0x5c,0x1b,0x1a,0x8b,0xbc,0x3d,0x31,0x92,0x18,0x63,
533 0x1c,0xa3
534 };
535
536 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
537 (char *)OSSL_MAC_NAME_HMAC,
538 sizeof(OSSL_MAC_NAME_HMAC));
539 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
540 (char *)"sha256", sizeof("sha256"));
541 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
542 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
543 sizeof(other));
544 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt,
545 sizeof(salt));
546 *p = OSSL_PARAM_construct_end();
547
548 ret =
549 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
550 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
551 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
552 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
553
554 EVP_KDF_CTX_free(kctx);
555 return ret;
556 }
557
558 static int test_kdf_ss_kmac(void)
559 {
560 int ret;
561 EVP_KDF_CTX *kctx;
562 OSSL_PARAM params[6], *p = params;
563 unsigned char out[64];
564 size_t mac_size = 20;
565 static unsigned char z[] = {
566 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
567 };
568 static unsigned char other[] = {
569 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
570 };
571 static unsigned char salt[] = {
572 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
573 0x3f,0x89
574 };
575 static const unsigned char expected[sizeof(out)] = {
576 0xe9,0xc1,0x84,0x53,0xa0,0x62,0xb5,0x3b,0xdb,0xfc,0xbb,0x5a,0x34,0xbd,
577 0xb8,0xe5,0xe7,0x07,0xee,0xbb,0x5d,0xd1,0x34,0x42,0x43,0xd8,0xcf,0xc2,
578 0xc2,0xe6,0x33,0x2f,0x91,0xbd,0xa5,0x86,0xf3,0x7d,0xe4,0x8a,0x65,0xd4,
579 0xc5,0x14,0xfd,0xef,0xaa,0x1e,0x67,0x54,0xf3,0x73,0xd2,0x38,0xe1,0x95,
580 0xae,0x15,0x7e,0x1d,0xe8,0x14,0x98,0x03
581 };
582
583 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
584 (char *)OSSL_MAC_NAME_KMAC128,
585 sizeof(OSSL_MAC_NAME_KMAC128));
586 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
587 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
588 sizeof(other));
589 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt,
590 sizeof(salt));
591 *p++ = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_MAC_SIZE, &mac_size);
592 *p = OSSL_PARAM_construct_end();
593
594 ret =
595 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
596 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
597 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
598 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
599
600 EVP_KDF_CTX_free(kctx);
601 return ret;
602 }
603
604 static int test_kdf_sshkdf(void)
605 {
606 int ret;
607 EVP_KDF_CTX *kctx;
608 OSSL_PARAM params[6], *p = params;
609 char kdftype = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV;
610 unsigned char out[8];
611 /* Test data from NIST CAVS 14.1 test vectors */
612 static unsigned char key[] = {
613 0x00, 0x00, 0x00, 0x81, 0x00, 0x87, 0x5c, 0x55, 0x1c, 0xef, 0x52, 0x6a,
614 0x4a, 0x8b, 0xe1, 0xa7, 0xdf, 0x27, 0xe9, 0xed, 0x35, 0x4b, 0xac, 0x9a,
615 0xfb, 0x71, 0xf5, 0x3d, 0xba, 0xe9, 0x05, 0x67, 0x9d, 0x14, 0xf9, 0xfa,
616 0xf2, 0x46, 0x9c, 0x53, 0x45, 0x7c, 0xf8, 0x0a, 0x36, 0x6b, 0xe2, 0x78,
617 0x96, 0x5b, 0xa6, 0x25, 0x52, 0x76, 0xca, 0x2d, 0x9f, 0x4a, 0x97, 0xd2,
618 0x71, 0xf7, 0x1e, 0x50, 0xd8, 0xa9, 0xec, 0x46, 0x25, 0x3a, 0x6a, 0x90,
619 0x6a, 0xc2, 0xc5, 0xe4, 0xf4, 0x8b, 0x27, 0xa6, 0x3c, 0xe0, 0x8d, 0x80,
620 0x39, 0x0a, 0x49, 0x2a, 0xa4, 0x3b, 0xad, 0x9d, 0x88, 0x2c, 0xca, 0xc2,
621 0x3d, 0xac, 0x88, 0xbc, 0xad, 0xa4, 0xb4, 0xd4, 0x26, 0xa3, 0x62, 0x08,
622 0x3d, 0xab, 0x65, 0x69, 0xc5, 0x4c, 0x22, 0x4d, 0xd2, 0xd8, 0x76, 0x43,
623 0xaa, 0x22, 0x76, 0x93, 0xe1, 0x41, 0xad, 0x16, 0x30, 0xce, 0x13, 0x14,
624 0x4e
625 };
626 static unsigned char xcghash[] = {
627 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
628 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
629 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
630 };
631 static unsigned char sessid[] = {
632 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
633 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
634 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
635 };
636 static const unsigned char expected[sizeof(out)] = {
637 0x41, 0xff, 0x2e, 0xad, 0x16, 0x83, 0xf1, 0xe6
638 };
639
640 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
641 (char *)"sha256", sizeof("sha256"));
642 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key,
643 sizeof(key));
644 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_XCGHASH,
645 xcghash, sizeof(xcghash));
646 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_SESSION_ID,
647 sessid, sizeof(sessid));
648 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE,
649 &kdftype, sizeof(kdftype));
650 *p = OSSL_PARAM_construct_end();
651
652 ret =
653 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSHKDF))
654 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
655 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
656 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
657
658 EVP_KDF_CTX_free(kctx);
659 return ret;
660 }
661
662 static int test_kdf_get_kdf(void)
663 {
664 EVP_KDF *kdf1 = NULL, *kdf2 = NULL;
665 ASN1_OBJECT *obj;
666 int ok = 1;
667
668 if (!TEST_ptr(obj = OBJ_nid2obj(NID_id_pbkdf2))
669 || !TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_PBKDF2, NULL))
670 || !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(OBJ_obj2nid(obj)),
671 NULL))
672 || !TEST_ptr_eq(kdf1, kdf2))
673 ok = 0;
674 EVP_KDF_free(kdf1);
675 kdf1 = NULL;
676 EVP_KDF_free(kdf2);
677 kdf2 = NULL;
678
679 if (!TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, SN_tls1_prf, NULL))
680 || !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, LN_tls1_prf, NULL))
681 || !TEST_ptr_eq(kdf1, kdf2))
682 ok = 0;
683 /* kdf1 is re-used below, so don't free it here */
684 EVP_KDF_free(kdf2);
685 kdf2 = NULL;
686
687 if (!TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(NID_tls1_prf), NULL))
688 || !TEST_ptr_eq(kdf1, kdf2))
689 ok = 0;
690 EVP_KDF_free(kdf1);
691 kdf1 = NULL;
692 EVP_KDF_free(kdf2);
693 kdf2 = NULL;
694
695 return ok;
696 }
697
698 #ifndef OPENSSL_NO_CMS
699 static int test_kdf_x942_asn1(void)
700 {
701 int ret;
702 EVP_KDF_CTX *kctx = NULL;
703 OSSL_PARAM params[4], *p = params;
704 const char *cek_alg = SN_id_smime_alg_CMS3DESwrap;
705 unsigned char out[24];
706 /* RFC2631 Section 2.1.6 Test data */
707 static unsigned char z[] = {
708 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,
709 0x0e,0x0f,0x10,0x11,0x12,0x13
710 };
711 static const unsigned char expected[sizeof(out)] = {
712 0xa0,0x96,0x61,0x39,0x23,0x76,0xf7,0x04,
713 0x4d,0x90,0x52,0xa3,0x97,0x88,0x32,0x46,
714 0xb6,0x7f,0x5f,0x1e,0xf6,0x3e,0xb5,0xfb
715 };
716
717 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
718 (char *)"sha1", sizeof("sha1"));
719 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z,
720 sizeof(z));
721 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG,
722 (char *)cek_alg,
723 strlen(cek_alg) + 1);
724 *p = OSSL_PARAM_construct_end();
725
726 ret =
727 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X942KDF))
728 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
729 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
730 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
731
732 EVP_KDF_CTX_free(kctx);
733 return ret;
734 }
735 #endif /* OPENSSL_NO_CMS */
736
737 static int test_kdf_krb5kdf(void)
738 {
739 int ret;
740 EVP_KDF_CTX *kctx;
741 OSSL_PARAM params[4], *p = params;
742 unsigned char out[16];
743 static unsigned char key[] = {
744 0x42, 0x26, 0x3C, 0x6E, 0x89, 0xF4, 0xFC, 0x28,
745 0xB8, 0xDF, 0x68, 0xEE, 0x09, 0x79, 0x9F, 0x15
746 };
747 static unsigned char constant[] = {
748 0x00, 0x00, 0x00, 0x02, 0x99
749 };
750 static const unsigned char expected[sizeof(out)] = {
751 0x34, 0x28, 0x0A, 0x38, 0x2B, 0xC9, 0x27, 0x69,
752 0xB2, 0xDA, 0x2F, 0x9E, 0xF0, 0x66, 0x85, 0x4B
753 };
754
755 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER,
756 (char *)"AES-128-CBC",
757 sizeof("AES-128-CBC"));
758 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key,
759 sizeof(key));
760 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_CONSTANT,
761 constant, sizeof(constant));
762 *p = OSSL_PARAM_construct_end();
763
764 ret =
765 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_KRB5KDF))
766 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
767 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
768 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
769
770 EVP_KDF_CTX_free(kctx);
771 return ret;
772 }
773
774 int setup_tests(void)
775 {
776 #if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_CAMELLIA)
777 ADD_TEST(test_kdf_kbkdf_6803_128);
778 ADD_TEST(test_kdf_kbkdf_6803_256);
779 #endif
780 ADD_TEST(test_kdf_kbkdf_8009_prf1);
781 ADD_TEST(test_kdf_kbkdf_8009_prf2);
782 ADD_TEST(test_kdf_get_kdf);
783 ADD_TEST(test_kdf_tls1_prf);
784 ADD_TEST(test_kdf_hkdf);
785 ADD_TEST(test_kdf_pbkdf2);
786 #ifndef OPENSSL_NO_SCRYPT
787 ADD_TEST(test_kdf_scrypt);
788 #endif
789 ADD_TEST(test_kdf_ss_hash);
790 ADD_TEST(test_kdf_ss_hmac);
791 ADD_TEST(test_kdf_ss_kmac);
792 ADD_TEST(test_kdf_sshkdf);
793 ADD_TEST(test_kdf_x963);
794 #ifndef OPENSSL_NO_CMS
795 ADD_TEST(test_kdf_x942_asn1);
796 #endif
797 ADD_TEST(test_kdf_krb5kdf);
798 return 1;
799 }
A mirror of the official openssl repository