]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/evp_kdf_test.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Run evp_test in FIPS mode
[thirdparty/openssl.git] / test / evp_kdf_test.c
1 /*
2 * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved.
4 *
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
9 */
10
11 /* Tests of the EVP_KDF_CTX APIs */
12
13 #include <stdio.h>
14 #include <string.h>
15
16 #include <openssl/evp.h>
17 #include <openssl/kdf.h>
18 #include "testutil.h"
19
20 static int test_kdf_tls1_prf(void)
21 {
22 int ret;
23 EVP_KDF_CTX *kctx = NULL;
24 const EVP_KDF *kdf;
25 unsigned char out[16];
26 static const unsigned char expected[sizeof(out)] = {
27 0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0,
28 0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc
29 };
30
31 ret =
32 TEST_ptr(kdf = EVP_get_kdfbyname(SN_tls1_prf))
33 && TEST_ptr(kctx = EVP_KDF_CTX_new(kdf))
34 && TEST_ptr_eq(EVP_KDF_CTX_kdf(kctx), kdf)
35 && TEST_str_eq(EVP_KDF_name(kdf), SN_tls1_prf)
36 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()), 0)
37 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_TLS_SECRET,
38 "secret", (size_t)6), 0)
39 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_TLS_SEED, "seed",
40 (size_t)4), 0)
41 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
42 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
43
44 EVP_KDF_CTX_free(kctx);
45 return ret;
46 }
47
48 static int test_kdf_hkdf(void)
49 {
50 int ret;
51 EVP_KDF_CTX *kctx;
52 unsigned char out[10];
53 static const unsigned char expected[sizeof(out)] = {
54 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13
55 };
56
57 ret =
58 TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_HKDF))
59 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()), 0)
60 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt",
61 (size_t)4), 0)
62 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, "secret",
63 (size_t)6), 0)
64 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_HKDF_INFO, "label",
65 (size_t)5), 0)
66 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
67 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
68
69 EVP_KDF_CTX_free(kctx);
70 return ret;
71 }
72
73 static int test_kdf_pbkdf2(void)
74 {
75 int ret;
76 EVP_KDF_CTX *kctx;
77 unsigned char out[25];
78 size_t len = 0;
79 const unsigned char expected[sizeof(out)] = {
80 0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f,
81 0x32, 0xd8, 0x14, 0xb8, 0x11, 0x6e, 0x84, 0xcf,
82 0x2b, 0x17, 0x34, 0x7e, 0xbc, 0x18, 0x00, 0x18,
83 0x1c
84 };
85
86 if (sizeof(len) > 32)
87 len = SIZE_MAX;
88
89 ret = TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_PBKDF2))
90 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS,
91 "passwordPASSWORDpassword",
92 (size_t)24), 0)
93 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT,
94 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
95 (size_t)36), 0)
96 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 4096), 0)
97 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()),
98 0)
99 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE,
100 0), 0)
101 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
102 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))
103 /* A key length that is too small should fail */
104 && TEST_int_eq(EVP_KDF_derive(kctx, out, 112 / 8 - 1), 0)
105 /* A key length that is too large should fail */
106 && (len == 0 || TEST_int_eq(EVP_KDF_derive(kctx, out, len), 0))
107 /* Salt length less than 128 bits should fail */
108 && TEST_int_eq(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT,
109 "123456781234567",
110 (size_t)15), 0)
111 /* A small iteration count should fail */
112 && TEST_int_eq(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 1), 0)
113 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE,
114 1), 0)
115 /* Small salts will pass if the "pkcs5" mode is enabled */
116 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT,
117 "123456781234567",
118 (size_t)15), 0)
119 /* A small iteration count will pass if "pkcs5" mode is enabled */
120 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 1), 0)
121 /*
122 * If the "pkcs5" mode is disabled then the small salt and iter will
123 * fail when the derive gets called.
124 */
125 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE,
126 0), 0)
127 && TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out)), 0);
128
129 EVP_KDF_CTX_free(kctx);
130 return ret;
131 }
132
133 #ifndef OPENSSL_NO_SCRYPT
134 static int test_kdf_scrypt(void)
135 {
136 int ret;
137 EVP_KDF_CTX *kctx;
138 unsigned char out[64];
139 static const unsigned char expected[sizeof(out)] = {
140 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
141 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
142 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
143 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
144 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
145 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
146 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
147 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
148 };
149
150 ret =
151 TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SCRYPT))
152 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password",
153 (size_t)8), 0)
154 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "NaCl",
155 (size_t)4), 0)
156 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_N,
157 (uint64_t)1024), 0)
158 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_R,
159 (uint32_t)8), 0)
160 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_P,
161 (uint32_t)16), 0)
162 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAXMEM_BYTES,
163 (uint64_t)16), 0)
164 /* failure test */
165 && TEST_int_le(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
166 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAXMEM_BYTES,
167 (uint64_t)(10 * 1024 * 1024)), 0)
168 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
169 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
170
171 EVP_KDF_CTX_free(kctx);
172 return ret;
173 }
174 #endif /* OPENSSL_NO_SCRYPT */
175
176 static int test_kdf_ss_hash(void)
177 {
178 int ret;
179 EVP_KDF_CTX *kctx = NULL;
180 unsigned char out[14];
181 static const unsigned char z[] = {
182 0x6d,0xbd,0xc2,0x3f,0x04,0x54,0x88,0xe4,0x06,0x27,0x57,0xb0,0x6b,0x9e,
183 0xba,0xe1,0x83,0xfc,0x5a,0x59,0x46,0xd8,0x0d,0xb9,0x3f,0xec,0x6f,0x62,
184 0xec,0x07,0xe3,0x72,0x7f,0x01,0x26,0xae,0xd1,0x2c,0xe4,0xb2,0x62,0xf4,
185 0x7d,0x48,0xd5,0x42,0x87,0xf8,0x1d,0x47,0x4c,0x7c,0x3b,0x18,0x50,0xe9
186 };
187 static const unsigned char other[] = {
188 0xa1,0xb2,0xc3,0xd4,0xe5,0x43,0x41,0x56,0x53,0x69,0x64,0x3c,0x83,0x2e,
189 0x98,0x49,0xdc,0xdb,0xa7,0x1e,0x9a,0x31,0x39,0xe6,0x06,0xe0,0x95,0xde,
190 0x3c,0x26,0x4a,0x66,0xe9,0x8a,0x16,0x58,0x54,0xcd,0x07,0x98,0x9b,0x1e,
191 0xe0,0xec,0x3f,0x8d,0xbe
192 };
193 static const unsigned char expected[sizeof(out)] = {
194 0xa4,0x62,0xde,0x16,0xa8,0x9d,0xe8,0x46,0x6e,0xf5,0x46,0x0b,0x47,0xb8
195 };
196
197 ret =
198 TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS))
199 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha224()), 0)
200 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z, sizeof(z)), 0)
201 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, other,
202 sizeof(other)), 0)
203 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
204 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
205
206 EVP_KDF_CTX_free(kctx);
207 return ret;
208 }
209
210 static int test_kdf_x963(void)
211 {
212 int ret;
213 EVP_KDF_CTX *kctx = NULL;
214 unsigned char out[1024 / 8];
215 /*
216 * Test data from https://csrc.nist.gov/CSRC/media/Projects/
217 * Cryptographic-Algorithm-Validation-Program/documents/components/
218 * 800-135testvectors/ansx963_2001.zip
219 */
220 static const unsigned char z[] = {
221 0x00, 0xaa, 0x5b, 0xb7, 0x9b, 0x33, 0xe3, 0x89, 0xfa, 0x58, 0xce, 0xad,
222 0xc0, 0x47, 0x19, 0x7f, 0x14, 0xe7, 0x37, 0x12, 0xf4, 0x52, 0xca, 0xa9,
223 0xfc, 0x4c, 0x9a, 0xdb, 0x36, 0x93, 0x48, 0xb8, 0x15, 0x07, 0x39, 0x2f,
224 0x1a, 0x86, 0xdd, 0xfd, 0xb7, 0xc4, 0xff, 0x82, 0x31, 0xc4, 0xbd, 0x0f,
225 0x44, 0xe4, 0x4a, 0x1b, 0x55, 0xb1, 0x40, 0x47, 0x47, 0xa9, 0xe2, 0xe7,
226 0x53, 0xf5, 0x5e, 0xf0, 0x5a, 0x2d
227 };
228 static const unsigned char shared[] = {
229 0xe3, 0xb5, 0xb4, 0xc1, 0xb0, 0xd5, 0xcf, 0x1d, 0x2b, 0x3a, 0x2f, 0x99,
230 0x37, 0x89, 0x5d, 0x31
231 };
232 static const unsigned char expected[sizeof(out)] = {
233 0x44, 0x63, 0xf8, 0x69, 0xf3, 0xcc, 0x18, 0x76, 0x9b, 0x52, 0x26, 0x4b,
234 0x01, 0x12, 0xb5, 0x85, 0x8f, 0x7a, 0xd3, 0x2a, 0x5a, 0x2d, 0x96, 0xd8,
235 0xcf, 0xfa, 0xbf, 0x7f, 0xa7, 0x33, 0x63, 0x3d, 0x6e, 0x4d, 0xd2, 0xa5,
236 0x99, 0xac, 0xce, 0xb3, 0xea, 0x54, 0xa6, 0x21, 0x7c, 0xe0, 0xb5, 0x0e,
237 0xef, 0x4f, 0x6b, 0x40, 0xa5, 0xc3, 0x02, 0x50, 0xa5, 0xa8, 0xee, 0xee,
238 0x20, 0x80, 0x02, 0x26, 0x70, 0x89, 0xdb, 0xf3, 0x51, 0xf3, 0xf5, 0x02,
239 0x2a, 0xa9, 0x63, 0x8b, 0xf1, 0xee, 0x41, 0x9d, 0xea, 0x9c, 0x4f, 0xf7,
240 0x45, 0xa2, 0x5a, 0xc2, 0x7b, 0xda, 0x33, 0xca, 0x08, 0xbd, 0x56, 0xdd,
241 0x1a, 0x59, 0xb4, 0x10, 0x6c, 0xf2, 0xdb, 0xbc, 0x0a, 0xb2, 0xaa, 0x8e,
242 0x2e, 0xfa, 0x7b, 0x17, 0x90, 0x2d, 0x34, 0x27, 0x69, 0x51, 0xce, 0xcc,
243 0xab, 0x87, 0xf9, 0x66, 0x1c, 0x3e, 0x88, 0x16
244 };
245
246 ret =
247 TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_X963))
248 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha512()), 0)
249 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z, sizeof(z)), 0)
250 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SHARED_INFO, shared,
251 sizeof(shared)), 0)
252 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
253 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
254
255 EVP_KDF_CTX_free(kctx);
256 return ret;
257 }
258
259 static int test_kdf_ss_hmac(void)
260 {
261 int ret;
262 EVP_KDF_CTX *kctx;
263 const EVP_MAC *mac;
264 unsigned char out[16];
265 static const unsigned char z[] = {
266 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
267 };
268 static const unsigned char other[] = {
269 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
270 };
271 static const unsigned char salt[] = {
272 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
273 0x3f,0x89
274 };
275 static const unsigned char expected[sizeof(out)] = {
276 0x44,0xf6,0x76,0xe8,0x5c,0x1b,0x1a,0x8b,0xbc,0x3d,0x31,0x92,0x18,0x63,
277 0x1c,0xa3
278 };
279
280 ret =
281 TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS))
282 && TEST_ptr(mac = EVP_get_macbyname("HMAC"))
283 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC, mac), 0)
284 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()), 0)
285 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z, sizeof(z)), 0)
286 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, other,
287 sizeof(other)), 0)
288 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, salt,
289 sizeof(salt)), 0)
290 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
291 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
292
293 EVP_KDF_CTX_free(kctx);
294 return ret;
295 }
296
297 static int test_kdf_ss_kmac(void)
298 {
299 int ret;
300 EVP_KDF_CTX *kctx;
301 unsigned char out[64];
302 const EVP_MAC *mac;
303 static const unsigned char z[] = {
304 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
305 };
306 static const unsigned char other[] = {
307 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
308 };
309 static const unsigned char salt[] = {
310 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
311 0x3f,0x89
312 };
313 static const unsigned char expected[sizeof(out)] = {
314 0xe9,0xc1,0x84,0x53,0xa0,0x62,0xb5,0x3b,0xdb,0xfc,0xbb,0x5a,0x34,0xbd,
315 0xb8,0xe5,0xe7,0x07,0xee,0xbb,0x5d,0xd1,0x34,0x42,0x43,0xd8,0xcf,0xc2,
316 0xc2,0xe6,0x33,0x2f,0x91,0xbd,0xa5,0x86,0xf3,0x7d,0xe4,0x8a,0x65,0xd4,
317 0xc5,0x14,0xfd,0xef,0xaa,0x1e,0x67,0x54,0xf3,0x73,0xd2,0x38,0xe1,0x95,
318 0xae,0x15,0x7e,0x1d,0xe8,0x14,0x98,0x03
319 };
320
321 ret =
322 TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS))
323 && TEST_ptr(mac = EVP_get_macbyname("KMAC128"))
324 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC, mac), 0)
325 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z,
326 sizeof(z)), 0)
327 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, other,
328 sizeof(other)), 0)
329 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, salt,
330 sizeof(salt)), 0)
331 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC_SIZE,
332 (size_t)20), 0)
333 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
334 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
335
336 EVP_KDF_CTX_free(kctx);
337 return ret;
338 }
339
340 static int test_kdf_sshkdf(void)
341 {
342 int ret;
343 EVP_KDF_CTX *kctx;
344 unsigned char out[8];
345 /* Test data from NIST CAVS 14.1 test vectors */
346 static const unsigned char key[] = {
347 0x00, 0x00, 0x00, 0x81, 0x00, 0x87, 0x5c, 0x55, 0x1c, 0xef, 0x52, 0x6a,
348 0x4a, 0x8b, 0xe1, 0xa7, 0xdf, 0x27, 0xe9, 0xed, 0x35, 0x4b, 0xac, 0x9a,
349 0xfb, 0x71, 0xf5, 0x3d, 0xba, 0xe9, 0x05, 0x67, 0x9d, 0x14, 0xf9, 0xfa,
350 0xf2, 0x46, 0x9c, 0x53, 0x45, 0x7c, 0xf8, 0x0a, 0x36, 0x6b, 0xe2, 0x78,
351 0x96, 0x5b, 0xa6, 0x25, 0x52, 0x76, 0xca, 0x2d, 0x9f, 0x4a, 0x97, 0xd2,
352 0x71, 0xf7, 0x1e, 0x50, 0xd8, 0xa9, 0xec, 0x46, 0x25, 0x3a, 0x6a, 0x90,
353 0x6a, 0xc2, 0xc5, 0xe4, 0xf4, 0x8b, 0x27, 0xa6, 0x3c, 0xe0, 0x8d, 0x80,
354 0x39, 0x0a, 0x49, 0x2a, 0xa4, 0x3b, 0xad, 0x9d, 0x88, 0x2c, 0xca, 0xc2,
355 0x3d, 0xac, 0x88, 0xbc, 0xad, 0xa4, 0xb4, 0xd4, 0x26, 0xa3, 0x62, 0x08,
356 0x3d, 0xab, 0x65, 0x69, 0xc5, 0x4c, 0x22, 0x4d, 0xd2, 0xd8, 0x76, 0x43,
357 0xaa, 0x22, 0x76, 0x93, 0xe1, 0x41, 0xad, 0x16, 0x30, 0xce, 0x13, 0x14,
358 0x4e
359 };
360 static const unsigned char xcghash[] = {
361 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
362 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
363 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
364 };
365 static const unsigned char sessid[] = {
366 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
367 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
368 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
369 };
370 static const unsigned char expected[sizeof(out)] = {
371 0x41, 0xff, 0x2e, 0xad, 0x16, 0x83, 0xf1, 0xe6
372 };
373
374 ret =
375 TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF))
376 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()), 0)
377 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, key,
378 sizeof(key)), 0)
379 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSHKDF_XCGHASH,
380 xcghash, sizeof(xcghash)), 0)
381 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID,
382 sessid, sizeof(sessid)), 0)
383 && TEST_int_gt(
384 EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSHKDF_TYPE,
385 (int)EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV), 0)
386 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
387 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
388
389 EVP_KDF_CTX_free(kctx);
390 return ret;
391 }
392
393 static int test_kdf_get_kdf(void)
394 {
395 const EVP_KDF *kdf1, *kdf2;
396 ASN1_OBJECT *obj;
397
398 return
399 TEST_ptr(obj = OBJ_nid2obj(NID_id_pbkdf2))
400 && TEST_ptr(kdf1 = EVP_get_kdfbyname(LN_id_pbkdf2))
401 && TEST_ptr(kdf2 = EVP_get_kdfbyobj(obj))
402 && TEST_ptr_eq(kdf1, kdf2)
403 && TEST_ptr(kdf1 = EVP_get_kdfbyname(SN_tls1_prf))
404 && TEST_ptr(kdf2 = EVP_get_kdfbyname(LN_tls1_prf))
405 && TEST_ptr_eq(kdf1, kdf2)
406 && TEST_ptr(kdf2 = EVP_get_kdfbynid(NID_tls1_prf))
407 && TEST_ptr_eq(kdf1, kdf2);
408 }
409
410 #ifndef OPENSSL_NO_CMS
411 static int test_kdf_x942_asn1(void)
412 {
413 int ret;
414 EVP_KDF_CTX *kctx = NULL;
415 unsigned char out[24];
416 /* RFC2631 Section 2.1.6 Test data */
417 static const unsigned char z[] = {
418 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,
419 0x0e,0x0f,0x10,0x11,0x12,0x13
420 };
421 static const unsigned char expected[sizeof(out)] = {
422 0xa0,0x96,0x61,0x39,0x23,0x76,0xf7,0x04,
423 0x4d,0x90,0x52,0xa3,0x97,0x88,0x32,0x46,
424 0xb6,0x7f,0x5f,0x1e,0xf6,0x3e,0xb5,0xfb
425 };
426
427 ret =
428 TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_X942))
429 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha1()), 0)
430 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z, sizeof(z)), 0)
431 && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_CEK_ALG,
432 SN_id_smime_alg_CMS3DESwrap), 0)
433 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
434 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
435
436 EVP_KDF_CTX_free(kctx);
437 return ret;
438 }
439 #endif /* OPENSSL_NO_CMS */
440
441 int setup_tests(void)
442 {
443 ADD_TEST(test_kdf_get_kdf);
444 ADD_TEST(test_kdf_tls1_prf);
445 ADD_TEST(test_kdf_hkdf);
446 ADD_TEST(test_kdf_pbkdf2);
447 #ifndef OPENSSL_NO_SCRYPT
448 ADD_TEST(test_kdf_scrypt);
449 #endif
450 ADD_TEST(test_kdf_ss_hash);
451 ADD_TEST(test_kdf_ss_hmac);
452 ADD_TEST(test_kdf_ss_kmac);
453 ADD_TEST(test_kdf_sshkdf);
454 ADD_TEST(test_kdf_x963);
455 #ifndef OPENSSL_NO_CMS
456 ADD_TEST(test_kdf_x942_asn1);
457 #endif
458 return 1;
459 }
A mirror of the official openssl repository