]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/evp_kdf_test.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Create provider errors and use them
[thirdparty/openssl.git] / test / evp_kdf_test.c
1 /*
2 * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved.
4 *
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
9 */
10
11 /* Tests of the EVP_KDF_CTX APIs */
12
13 #include <stdio.h>
14 #include <string.h>
15
16 #include <openssl/evp.h>
17 #include <openssl/kdf.h>
18 #include "testutil.h"
19
20 static int test_kdf_tls1_prf(void)
21 {
22 int ret;
23 EVP_KDF_CTX *kctx;
24 unsigned char out[16];
25 const unsigned char expected[sizeof(out)] = {
26 0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0,
27 0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc
28 };
29
30 ret = TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_TLS1_PRF))
31 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()),
32 0)
33 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_TLS_SECRET,
34 "secret", (size_t)6), 0)
35 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_TLS_SEED, "seed",
36 (size_t)4), 0)
37 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
38 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
39
40 EVP_KDF_CTX_free(kctx);
41 return ret;
42 }
43
44 static int test_kdf_hkdf(void)
45 {
46 int ret;
47 EVP_KDF_CTX *kctx;
48 unsigned char out[10];
49 const unsigned char expected[sizeof(out)] = {
50 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13
51 };
52
53 ret = TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_HKDF))
54 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()),
55 0)
56 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt",
57 (size_t)4), 0)
58 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, "secret",
59 (size_t)6), 0)
60 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_HKDF_INFO,
61 "label", (size_t)5), 0)
62 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
63 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
64
65 EVP_KDF_CTX_free(kctx);
66 return ret;
67 }
68
69 static int test_kdf_pbkdf2(void)
70 {
71 int ret;
72 EVP_KDF_CTX *kctx;
73 unsigned char out[32];
74 const unsigned char expected[sizeof(out)] = {
75 0xae, 0x4d, 0x0c, 0x95, 0xaf, 0x6b, 0x46, 0xd3,
76 0x2d, 0x0a, 0xdf, 0xf9, 0x28, 0xf0, 0x6d, 0xd0,
77 0x2a, 0x30, 0x3f, 0x8e, 0xf3, 0xc2, 0x51, 0xdf,
78 0xd6, 0xe2, 0xd8, 0x5a, 0x95, 0x47, 0x4c, 0x43
79 };
80
81 ret = TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_PBKDF2))
82 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password",
83 (size_t)8), 0)
84 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt",
85 (size_t)4), 0)
86 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 2), 0)
87 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()),
88 0)
89 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
90 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
91
92 EVP_KDF_CTX_free(kctx);
93 return ret;
94 }
95
96 #ifndef OPENSSL_NO_SCRYPT
97 static int test_kdf_scrypt(void)
98 {
99 int ret;
100 EVP_KDF_CTX *kctx;
101 unsigned char out[64];
102 const unsigned char expected[sizeof(out)] = {
103 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
104 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
105 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
106 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
107 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
108 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
109 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
110 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
111 };
112
113 ret = TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SCRYPT))
114 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password",
115 (size_t)8), 0)
116 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "NaCl",
117 (size_t)4), 0)
118 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_N,
119 (uint64_t)1024), 0)
120 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_R,
121 (uint32_t)8), 0)
122 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_P,
123 (uint32_t)16), 0)
124 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAXMEM_BYTES,
125 (uint64_t)16), 0)
126 /* failure test */
127 && TEST_int_le(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
128 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAXMEM_BYTES,
129 (uint64_t)(10 * 1024 * 1024)), 0)
130 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
131 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
132
133 EVP_KDF_CTX_free(kctx);
134 return ret;
135 }
136 #endif /* OPENSSL_NO_SCRYPT */
137
138 static int test_kdf_ss_hash(void)
139 {
140 int ret;
141 EVP_KDF_CTX *kctx = NULL;
142 const unsigned char z[] = {
143 0x6d,0xbd,0xc2,0x3f,0x04,0x54,0x88,0xe4,0x06,0x27,0x57,0xb0,0x6b,0x9e,
144 0xba,0xe1,0x83,0xfc,0x5a,0x59,0x46,0xd8,0x0d,0xb9,0x3f,0xec,0x6f,0x62,
145 0xec,0x07,0xe3,0x72,0x7f,0x01,0x26,0xae,0xd1,0x2c,0xe4,0xb2,0x62,0xf4,
146 0x7d,0x48,0xd5,0x42,0x87,0xf8,0x1d,0x47,0x4c,0x7c,0x3b,0x18,0x50,0xe9
147 };
148 const unsigned char other[] = {
149 0xa1,0xb2,0xc3,0xd4,0xe5,0x43,0x41,0x56,0x53,0x69,0x64,0x3c,0x83,0x2e,
150 0x98,0x49,0xdc,0xdb,0xa7,0x1e,0x9a,0x31,0x39,0xe6,0x06,0xe0,0x95,0xde,
151 0x3c,0x26,0x4a,0x66,0xe9,0x8a,0x16,0x58,0x54,0xcd,0x07,0x98,0x9b,0x1e,
152 0xe0,0xec,0x3f,0x8d,0xbe
153 };
154 const unsigned char expected[] = {
155 0xa4,0x62,0xde,0x16,0xa8,0x9d,0xe8,0x46,0x6e,0xf5,0x46,0x0b,0x47,0xb8
156 };
157 unsigned char out[14];
158
159 ret = TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS))
160 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha224()),
161 0)
162 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z, sizeof(z)),
163 0)
164 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, other,
165 sizeof(other)), 0)
166 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
167 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
168
169 EVP_KDF_CTX_free(kctx);
170 return ret;
171 }
172
173 static int test_kdf_ss_hmac(void)
174 {
175 int ret;
176 EVP_KDF_CTX *kctx;
177 const EVP_MAC *mac;
178
179 const unsigned char z[] = {
180 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
181 };
182 const unsigned char other[] = {
183 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
184 };
185 const unsigned char salt[] = {
186 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
187 0x3f,0x89
188 };
189 const unsigned char expected[] = {
190 0x44,0xf6,0x76,0xe8,0x5c,0x1b,0x1a,0x8b,0xbc,0x3d,0x31,0x92,0x18,0x63,
191 0x1c,0xa3
192 };
193 unsigned char out[16];
194
195 ret = TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS))
196 && TEST_ptr(mac = EVP_get_macbyname("HMAC"))
197 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC, mac), 0)
198 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()),
199 0)
200 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z, sizeof(z)),
201 0)
202 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, other,
203 sizeof(other)), 0)
204 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, salt,
205 sizeof(salt)), 0)
206 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
207 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
208
209 EVP_KDF_CTX_free(kctx);
210 return ret;
211 }
212
213 static int test_kdf_ss_kmac(void)
214 {
215 int ret;
216 EVP_KDF_CTX *kctx;
217 unsigned char out[64];
218 const EVP_MAC *mac;
219
220 const unsigned char z[] = {
221 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
222 };
223 const unsigned char other[] = {
224 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
225 };
226 const unsigned char salt[] = {
227 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
228 0x3f,0x89
229 };
230 const unsigned char expected[] = {
231 0xe9,0xc1,0x84,0x53,0xa0,0x62,0xb5,0x3b,0xdb,0xfc,0xbb,0x5a,0x34,0xbd,
232 0xb8,0xe5,0xe7,0x07,0xee,0xbb,0x5d,0xd1,0x34,0x42,0x43,0xd8,0xcf,0xc2,
233 0xc2,0xe6,0x33,0x2f,0x91,0xbd,0xa5,0x86,0xf3,0x7d,0xe4,0x8a,0x65,0xd4,
234 0xc5,0x14,0xfd,0xef,0xaa,0x1e,0x67,0x54,0xf3,0x73,0xd2,0x38,0xe1,0x95,
235 0xae,0x15,0x7e,0x1d,0xe8,0x14,0x98,0x03
236 };
237
238 ret = TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS))
239 && TEST_ptr(mac = EVP_get_macbyname("KMAC128"))
240 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC, mac), 0)
241 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z,
242 sizeof(z)), 0)
243 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, other,
244 sizeof(other)), 0)
245 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, salt,
246 sizeof(salt)), 0)
247 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC_SIZE,
248 (size_t)20), 0)
249 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
250 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
251
252 EVP_KDF_CTX_free(kctx);
253 return ret;
254 }
255
256 static int test_kdf_sshkdf(void)
257 {
258 int ret;
259 EVP_KDF_CTX *kctx;
260 unsigned char out[8];
261 /* Test data from NIST CAVS 14.1 test vectors */
262 const unsigned char key[] = {
263 0x00, 0x00, 0x00, 0x81, 0x00, 0x87, 0x5c, 0x55, 0x1c, 0xef, 0x52, 0x6a,
264 0x4a, 0x8b, 0xe1, 0xa7, 0xdf, 0x27, 0xe9, 0xed, 0x35, 0x4b, 0xac, 0x9a,
265 0xfb, 0x71, 0xf5, 0x3d, 0xba, 0xe9, 0x05, 0x67, 0x9d, 0x14, 0xf9, 0xfa,
266 0xf2, 0x46, 0x9c, 0x53, 0x45, 0x7c, 0xf8, 0x0a, 0x36, 0x6b, 0xe2, 0x78,
267 0x96, 0x5b, 0xa6, 0x25, 0x52, 0x76, 0xca, 0x2d, 0x9f, 0x4a, 0x97, 0xd2,
268 0x71, 0xf7, 0x1e, 0x50, 0xd8, 0xa9, 0xec, 0x46, 0x25, 0x3a, 0x6a, 0x90,
269 0x6a, 0xc2, 0xc5, 0xe4, 0xf4, 0x8b, 0x27, 0xa6, 0x3c, 0xe0, 0x8d, 0x80,
270 0x39, 0x0a, 0x49, 0x2a, 0xa4, 0x3b, 0xad, 0x9d, 0x88, 0x2c, 0xca, 0xc2,
271 0x3d, 0xac, 0x88, 0xbc, 0xad, 0xa4, 0xb4, 0xd4, 0x26, 0xa3, 0x62, 0x08,
272 0x3d, 0xab, 0x65, 0x69, 0xc5, 0x4c, 0x22, 0x4d, 0xd2, 0xd8, 0x76, 0x43,
273 0xaa, 0x22, 0x76, 0x93, 0xe1, 0x41, 0xad, 0x16, 0x30, 0xce, 0x13, 0x14,
274 0x4e
275 };
276 const unsigned char xcghash[] = {
277 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
278 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
279 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
280 };
281 const unsigned char sessid[] = {
282 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
283 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
284 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
285 };
286 const unsigned char expected[sizeof(out)] = {
287 0x41, 0xff, 0x2e, 0xad, 0x16, 0x83, 0xf1, 0xe6
288 };
289
290 ret = TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF))
291 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()),
292 0)
293 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, key,
294 sizeof(key)), 0)
295 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSHKDF_XCGHASH,
296 xcghash, sizeof(xcghash)), 0)
297 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID,
298 sessid, sizeof(sessid)), 0)
299 && TEST_int_gt(
300 EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSHKDF_TYPE,
301 (int)EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV),
302 0)
303 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
304 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
305
306 EVP_KDF_CTX_free(kctx);
307 return ret;
308 }
309
310 int setup_tests(void)
311 {
312 ADD_TEST(test_kdf_tls1_prf);
313 ADD_TEST(test_kdf_hkdf);
314 ADD_TEST(test_kdf_pbkdf2);
315 #ifndef OPENSSL_NO_SCRYPT
316 ADD_TEST(test_kdf_scrypt);
317 #endif
318 ADD_TEST(test_kdf_ss_hash);
319 ADD_TEST(test_kdf_ss_hmac);
320 ADD_TEST(test_kdf_ss_kmac);
321 ADD_TEST(test_kdf_sshkdf);
322 return 1;
323 }
A mirror of the official openssl repository