]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/evp_kdf_test.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
More KDF cleanup
[thirdparty/openssl.git] / test / evp_kdf_test.c
1 /*
2 * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved.
4 *
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
9 */
10
11 /* Tests of the EVP_KDF_CTX APIs */
12
13 #include <stdio.h>
14 #include <string.h>
15
16 #include <openssl/evp.h>
17 #include <openssl/kdf.h>
18 #include <openssl/core_names.h>
19 #include "testutil.h"
20
21 static EVP_KDF_CTX *get_kdfbyname(const char *name)
22 {
23 EVP_KDF *kdf = EVP_KDF_fetch(NULL, name, NULL);
24 EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
25
26 EVP_KDF_free(kdf);
27 return kctx;
28 }
29
30 static int test_kdf_tls1_prf(void)
31 {
32 int ret;
33 EVP_KDF_CTX *kctx = NULL;
34 unsigned char out[16];
35 OSSL_PARAM params[4], *p = params;
36 static const unsigned char expected[sizeof(out)] = {
37 0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0,
38 0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc
39 };
40
41 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
42 (char *)"sha256", sizeof("sha256"));
43 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
44 (unsigned char *)"secret",
45 (size_t)6);
46 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
47 (unsigned char *)"seed",
48 (size_t)4);
49 *p = OSSL_PARAM_construct_end();
50
51 ret =
52 TEST_ptr(kctx = get_kdfbyname(SN_tls1_prf))
53 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
54 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
55 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
56
57 EVP_KDF_CTX_free(kctx);
58 return ret;
59 }
60
61 static int test_kdf_hkdf(void)
62 {
63 int ret;
64 EVP_KDF_CTX *kctx;
65 unsigned char out[10];
66 OSSL_PARAM params[5], *p = params;
67 static const unsigned char expected[sizeof(out)] = {
68 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13
69 };
70
71 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
72 (char *)"sha256", sizeof("sha256"));
73 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
74 (unsigned char *)"salt", 4);
75 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
76 (unsigned char *)"secret", 6);
77 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
78 (unsigned char *)"label", 5);
79 *p = OSSL_PARAM_construct_end();
80
81 ret =
82 TEST_ptr(kctx = get_kdfbyname(SN_hkdf))
83 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
84 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
85 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
86
87 EVP_KDF_CTX_free(kctx);
88 return ret;
89 }
90
91 static int test_kdf_pbkdf2(void)
92 {
93 int ret = 0;
94 EVP_KDF_CTX *kctx;
95 unsigned char out[25];
96 size_t len = 0;
97 unsigned int iterations = 4096;
98 int mode = 0;
99 OSSL_PARAM params[6], *p = params;
100 const unsigned char expected[sizeof(out)] = {
101 0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f,
102 0x32, 0xd8, 0x14, 0xb8, 0x11, 0x6e, 0x84, 0xcf,
103 0x2b, 0x17, 0x34, 0x7e, 0xbc, 0x18, 0x00, 0x18,
104 0x1c
105 };
106
107 if (sizeof(len) > 32)
108 len = SIZE_MAX;
109
110 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
111 (unsigned char *)
112 "passwordPASSWORDpassword", 24);
113 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
114 (unsigned char *)
115 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
116 36);
117 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_ITER, &iterations);
118 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
119 (char *)"sha256", 7);
120 *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &mode);
121 *p = OSSL_PARAM_construct_end();
122
123 if (!TEST_ptr(kctx = get_kdfbyname(LN_id_pbkdf2))
124 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
125 || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
126 || !TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))
127 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
128 /* A key length that is too small should fail */
129 || !TEST_int_eq(EVP_KDF_derive(kctx, out, 112 / 8 - 1), 0)
130 /* A key length that is too large should fail */
131 || (len != 0 && !TEST_int_eq(EVP_KDF_derive(kctx, out, len), 0)))
132 goto err;
133 #if 0
134 /* TODO */
135 /* Salt length less than 128 bits should fail */
136 || TEST_int_eq(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT,
137 "123456781234567",
138 (size_t)15), 0)
139 /* A small iteration count should fail */
140 || TEST_int_eq(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 1), 0)
141 || TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE,
142 1), 0)
143 /* Small salts will pass if the "pkcs5" mode is enabled */
144 || TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT,
145 "123456781234567",
146 (size_t)15), 0)
147 /* A small iteration count will pass if "pkcs5" mode is enabled */
148 || TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 1), 0)
149 /*
150 * If the "pkcs5" mode is disabled then the small salt and iter will
151 * fail when the derive gets called.
152 */
153 || TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE,
154 0), 0)
155 || TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out)), 0);
156 #endif
157 ret = 1;
158 err:
159 EVP_KDF_CTX_free(kctx);
160 return ret;
161 }
162
163 #ifndef OPENSSL_NO_SCRYPT
164 static int test_kdf_scrypt(void)
165 {
166 int ret;
167 EVP_KDF_CTX *kctx;
168 OSSL_PARAM params[7], *p = params;
169 unsigned char out[64];
170 unsigned int nu = 1024, ru = 8, pu = 16, maxmem = 16;
171 static const unsigned char expected[sizeof(out)] = {
172 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
173 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
174 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
175 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
176 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
177 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
178 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
179 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
180 };
181
182 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
183 (char *)"password", 8);
184 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
185 (char *)"NaCl", 4);
186 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_N, &nu);
187 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_R, &ru);
188 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_P, &pu);
189 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_MAXMEM, &maxmem);
190 *p = OSSL_PARAM_construct_end();
191
192 ret =
193 TEST_ptr(kctx = get_kdfbyname(SN_id_scrypt))
194 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
195 /* failure test *//*
196 && TEST_int_le(EVP_KDF_derive(kctx, out, sizeof(out)), 0)*/
197 && TEST_true(OSSL_PARAM_set_uint(p - 1, 10 * 1024 * 1024))
198 && TEST_true(EVP_KDF_CTX_set_params(kctx, p - 1))
199 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
200 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
201
202 EVP_KDF_CTX_free(kctx);
203 return ret;
204 }
205 #endif /* OPENSSL_NO_SCRYPT */
206
207 static int test_kdf_ss_hash(void)
208 {
209 int ret;
210 EVP_KDF_CTX *kctx;
211 OSSL_PARAM params[4], *p = params;
212 unsigned char out[14];
213 static unsigned char z[] = {
214 0x6d,0xbd,0xc2,0x3f,0x04,0x54,0x88,0xe4,0x06,0x27,0x57,0xb0,0x6b,0x9e,
215 0xba,0xe1,0x83,0xfc,0x5a,0x59,0x46,0xd8,0x0d,0xb9,0x3f,0xec,0x6f,0x62,
216 0xec,0x07,0xe3,0x72,0x7f,0x01,0x26,0xae,0xd1,0x2c,0xe4,0xb2,0x62,0xf4,
217 0x7d,0x48,0xd5,0x42,0x87,0xf8,0x1d,0x47,0x4c,0x7c,0x3b,0x18,0x50,0xe9
218 };
219 static unsigned char other[] = {
220 0xa1,0xb2,0xc3,0xd4,0xe5,0x43,0x41,0x56,0x53,0x69,0x64,0x3c,0x83,0x2e,
221 0x98,0x49,0xdc,0xdb,0xa7,0x1e,0x9a,0x31,0x39,0xe6,0x06,0xe0,0x95,0xde,
222 0x3c,0x26,0x4a,0x66,0xe9,0x8a,0x16,0x58,0x54,0xcd,0x07,0x98,0x9b,0x1e,
223 0xe0,0xec,0x3f,0x8d,0xbe
224 };
225 static const unsigned char expected[sizeof(out)] = {
226 0xa4,0x62,0xde,0x16,0xa8,0x9d,0xe8,0x46,0x6e,0xf5,0x46,0x0b,0x47,0xb8
227 };
228
229 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
230 (char *)"sha224", sizeof("sha224"));
231 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
232 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
233 sizeof(other));
234 *p = OSSL_PARAM_construct_end();
235
236 ret =
237 TEST_ptr(kctx = get_kdfbyname(SN_sskdf))
238 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
239 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
240 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
241
242 EVP_KDF_CTX_free(kctx);
243 return ret;
244 }
245
246 static int test_kdf_x963(void)
247 {
248 int ret;
249 EVP_KDF_CTX *kctx;
250 OSSL_PARAM params[4], *p = params;
251 unsigned char out[1024 / 8];
252 /*
253 * Test data from https://csrc.nist.gov/CSRC/media/Projects/
254 * Cryptographic-Algorithm-Validation-Program/documents/components/
255 * 800-135testvectors/ansx963_2001.zip
256 */
257 static unsigned char z[] = {
258 0x00, 0xaa, 0x5b, 0xb7, 0x9b, 0x33, 0xe3, 0x89, 0xfa, 0x58, 0xce, 0xad,
259 0xc0, 0x47, 0x19, 0x7f, 0x14, 0xe7, 0x37, 0x12, 0xf4, 0x52, 0xca, 0xa9,
260 0xfc, 0x4c, 0x9a, 0xdb, 0x36, 0x93, 0x48, 0xb8, 0x15, 0x07, 0x39, 0x2f,
261 0x1a, 0x86, 0xdd, 0xfd, 0xb7, 0xc4, 0xff, 0x82, 0x31, 0xc4, 0xbd, 0x0f,
262 0x44, 0xe4, 0x4a, 0x1b, 0x55, 0xb1, 0x40, 0x47, 0x47, 0xa9, 0xe2, 0xe7,
263 0x53, 0xf5, 0x5e, 0xf0, 0x5a, 0x2d
264 };
265 static unsigned char shared[] = {
266 0xe3, 0xb5, 0xb4, 0xc1, 0xb0, 0xd5, 0xcf, 0x1d, 0x2b, 0x3a, 0x2f, 0x99,
267 0x37, 0x89, 0x5d, 0x31
268 };
269 static const unsigned char expected[sizeof(out)] = {
270 0x44, 0x63, 0xf8, 0x69, 0xf3, 0xcc, 0x18, 0x76, 0x9b, 0x52, 0x26, 0x4b,
271 0x01, 0x12, 0xb5, 0x85, 0x8f, 0x7a, 0xd3, 0x2a, 0x5a, 0x2d, 0x96, 0xd8,
272 0xcf, 0xfa, 0xbf, 0x7f, 0xa7, 0x33, 0x63, 0x3d, 0x6e, 0x4d, 0xd2, 0xa5,
273 0x99, 0xac, 0xce, 0xb3, 0xea, 0x54, 0xa6, 0x21, 0x7c, 0xe0, 0xb5, 0x0e,
274 0xef, 0x4f, 0x6b, 0x40, 0xa5, 0xc3, 0x02, 0x50, 0xa5, 0xa8, 0xee, 0xee,
275 0x20, 0x80, 0x02, 0x26, 0x70, 0x89, 0xdb, 0xf3, 0x51, 0xf3, 0xf5, 0x02,
276 0x2a, 0xa9, 0x63, 0x8b, 0xf1, 0xee, 0x41, 0x9d, 0xea, 0x9c, 0x4f, 0xf7,
277 0x45, 0xa2, 0x5a, 0xc2, 0x7b, 0xda, 0x33, 0xca, 0x08, 0xbd, 0x56, 0xdd,
278 0x1a, 0x59, 0xb4, 0x10, 0x6c, 0xf2, 0xdb, 0xbc, 0x0a, 0xb2, 0xaa, 0x8e,
279 0x2e, 0xfa, 0x7b, 0x17, 0x90, 0x2d, 0x34, 0x27, 0x69, 0x51, 0xce, 0xcc,
280 0xab, 0x87, 0xf9, 0x66, 0x1c, 0x3e, 0x88, 0x16
281 };
282
283 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
284 (char *)"sha512", sizeof("sha512"));
285 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
286 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, shared,
287 sizeof(shared));
288 *p = OSSL_PARAM_construct_end();
289
290 ret =
291 TEST_ptr(kctx = get_kdfbyname(SN_x963kdf))
292 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
293 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
294 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
295
296 EVP_KDF_CTX_free(kctx);
297 return ret;
298 }
299
300 static int test_kdf_ss_hmac(void)
301 {
302 int ret;
303 EVP_KDF_CTX *kctx;
304 OSSL_PARAM params[6], *p = params;
305 unsigned char out[16];
306 static unsigned char z[] = {
307 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
308 };
309 static unsigned char other[] = {
310 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
311 };
312 static unsigned char salt[] = {
313 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
314 0x3f,0x89
315 };
316 static const unsigned char expected[sizeof(out)] = {
317 0x44,0xf6,0x76,0xe8,0x5c,0x1b,0x1a,0x8b,0xbc,0x3d,0x31,0x92,0x18,0x63,
318 0x1c,0xa3
319 };
320
321 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
322 (char *)OSSL_MAC_NAME_HMAC,
323 sizeof(OSSL_MAC_NAME_HMAC));
324 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
325 (char *)"sha256", sizeof("sha256"));
326 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
327 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
328 sizeof(other));
329 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt,
330 sizeof(salt));
331 *p = OSSL_PARAM_construct_end();
332
333 ret =
334 TEST_ptr(kctx = get_kdfbyname(SN_sskdf))
335 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
336 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
337 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
338
339 EVP_KDF_CTX_free(kctx);
340 return ret;
341 }
342
343 static int test_kdf_ss_kmac(void)
344 {
345 int ret;
346 EVP_KDF_CTX *kctx;
347 OSSL_PARAM params[6], *p = params;
348 unsigned char out[64];
349 size_t mac_size = 20;
350 static unsigned char z[] = {
351 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
352 };
353 static unsigned char other[] = {
354 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
355 };
356 static unsigned char salt[] = {
357 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
358 0x3f,0x89
359 };
360 static const unsigned char expected[sizeof(out)] = {
361 0xe9,0xc1,0x84,0x53,0xa0,0x62,0xb5,0x3b,0xdb,0xfc,0xbb,0x5a,0x34,0xbd,
362 0xb8,0xe5,0xe7,0x07,0xee,0xbb,0x5d,0xd1,0x34,0x42,0x43,0xd8,0xcf,0xc2,
363 0xc2,0xe6,0x33,0x2f,0x91,0xbd,0xa5,0x86,0xf3,0x7d,0xe4,0x8a,0x65,0xd4,
364 0xc5,0x14,0xfd,0xef,0xaa,0x1e,0x67,0x54,0xf3,0x73,0xd2,0x38,0xe1,0x95,
365 0xae,0x15,0x7e,0x1d,0xe8,0x14,0x98,0x03
366 };
367
368 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
369 (char *)OSSL_MAC_NAME_KMAC128,
370 sizeof(OSSL_MAC_NAME_KMAC128));
371 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
372 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
373 sizeof(other));
374 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt,
375 sizeof(salt));
376 *p++ = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_MAC_SIZE, &mac_size);
377 *p = OSSL_PARAM_construct_end();
378
379 ret =
380 TEST_ptr(kctx = get_kdfbyname(SN_sskdf))
381 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
382 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
383 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
384
385 EVP_KDF_CTX_free(kctx);
386 return ret;
387 }
388
389 static int test_kdf_sshkdf(void)
390 {
391 int ret;
392 EVP_KDF_CTX *kctx;
393 OSSL_PARAM params[6], *p = params;
394 char kdftype = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV;
395 unsigned char out[8];
396 /* Test data from NIST CAVS 14.1 test vectors */
397 static unsigned char key[] = {
398 0x00, 0x00, 0x00, 0x81, 0x00, 0x87, 0x5c, 0x55, 0x1c, 0xef, 0x52, 0x6a,
399 0x4a, 0x8b, 0xe1, 0xa7, 0xdf, 0x27, 0xe9, 0xed, 0x35, 0x4b, 0xac, 0x9a,
400 0xfb, 0x71, 0xf5, 0x3d, 0xba, 0xe9, 0x05, 0x67, 0x9d, 0x14, 0xf9, 0xfa,
401 0xf2, 0x46, 0x9c, 0x53, 0x45, 0x7c, 0xf8, 0x0a, 0x36, 0x6b, 0xe2, 0x78,
402 0x96, 0x5b, 0xa6, 0x25, 0x52, 0x76, 0xca, 0x2d, 0x9f, 0x4a, 0x97, 0xd2,
403 0x71, 0xf7, 0x1e, 0x50, 0xd8, 0xa9, 0xec, 0x46, 0x25, 0x3a, 0x6a, 0x90,
404 0x6a, 0xc2, 0xc5, 0xe4, 0xf4, 0x8b, 0x27, 0xa6, 0x3c, 0xe0, 0x8d, 0x80,
405 0x39, 0x0a, 0x49, 0x2a, 0xa4, 0x3b, 0xad, 0x9d, 0x88, 0x2c, 0xca, 0xc2,
406 0x3d, 0xac, 0x88, 0xbc, 0xad, 0xa4, 0xb4, 0xd4, 0x26, 0xa3, 0x62, 0x08,
407 0x3d, 0xab, 0x65, 0x69, 0xc5, 0x4c, 0x22, 0x4d, 0xd2, 0xd8, 0x76, 0x43,
408 0xaa, 0x22, 0x76, 0x93, 0xe1, 0x41, 0xad, 0x16, 0x30, 0xce, 0x13, 0x14,
409 0x4e
410 };
411 static unsigned char xcghash[] = {
412 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
413 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
414 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
415 };
416 static unsigned char sessid[] = {
417 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
418 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
419 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
420 };
421 static const unsigned char expected[sizeof(out)] = {
422 0x41, 0xff, 0x2e, 0xad, 0x16, 0x83, 0xf1, 0xe6
423 };
424
425 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
426 (char *)"sha256", sizeof("sha256"));
427 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key,
428 sizeof(key));
429 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_XCGHASH,
430 xcghash, sizeof(xcghash));
431 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_SESSION_ID,
432 sessid, sizeof(sessid));
433 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE,
434 &kdftype, sizeof(kdftype));
435 *p = OSSL_PARAM_construct_end();
436
437 ret =
438 TEST_ptr(kctx = get_kdfbyname(SN_sshkdf))
439 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
440 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
441 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
442
443 EVP_KDF_CTX_free(kctx);
444 return ret;
445 }
446
447 static int test_kdf_get_kdf(void)
448 {
449 EVP_KDF *kdf1 = NULL, *kdf2 = NULL;
450 ASN1_OBJECT *obj;
451 int ok = 1;
452
453 if (!TEST_ptr(obj = OBJ_nid2obj(NID_id_pbkdf2))
454 || !TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, LN_id_pbkdf2, NULL))
455 || !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(OBJ_obj2nid(obj)),
456 NULL))
457 || !TEST_ptr_eq(kdf1, kdf2))
458 ok = 0;
459 EVP_KDF_free(kdf1);
460 kdf1 = NULL;
461 EVP_KDF_free(kdf2);
462 kdf2 = NULL;
463
464 if (!TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, SN_tls1_prf, NULL))
465 || !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, LN_tls1_prf, NULL))
466 || !TEST_ptr_eq(kdf1, kdf2))
467 ok = 0;
468 /* kdf1 is re-used below, so don't free it here */
469 EVP_KDF_free(kdf2);
470 kdf2 = NULL;
471
472 if (!TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(NID_tls1_prf), NULL))
473 || !TEST_ptr_eq(kdf1, kdf2))
474 ok = 0;
475 EVP_KDF_free(kdf1);
476 kdf1 = NULL;
477 EVP_KDF_free(kdf2);
478 kdf2 = NULL;
479
480 return ok;
481 }
482
483 #ifndef OPENSSL_NO_CMS
484 static int test_kdf_x942_asn1(void)
485 {
486 int ret;
487 EVP_KDF_CTX *kctx = NULL;
488 OSSL_PARAM params[4], *p = params;
489 const char *cek_alg = SN_id_smime_alg_CMS3DESwrap;
490 unsigned char out[24];
491 /* RFC2631 Section 2.1.6 Test data */
492 static unsigned char z[] = {
493 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,
494 0x0e,0x0f,0x10,0x11,0x12,0x13
495 };
496 static const unsigned char expected[sizeof(out)] = {
497 0xa0,0x96,0x61,0x39,0x23,0x76,0xf7,0x04,
498 0x4d,0x90,0x52,0xa3,0x97,0x88,0x32,0x46,
499 0xb6,0x7f,0x5f,0x1e,0xf6,0x3e,0xb5,0xfb
500 };
501
502 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
503 (char *)"sha1", sizeof("sha1"));
504 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z,
505 sizeof(z));
506 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG,
507 (char *)cek_alg,
508 strlen(cek_alg) + 1);
509 *p = OSSL_PARAM_construct_end();
510
511 ret =
512 TEST_ptr(kctx = get_kdfbyname(SN_x942kdf))
513 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
514 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
515 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
516
517 EVP_KDF_CTX_free(kctx);
518 return ret;
519 }
520 #endif /* OPENSSL_NO_CMS */
521
522 int setup_tests(void)
523 {
524 ADD_TEST(test_kdf_get_kdf);
525 ADD_TEST(test_kdf_tls1_prf);
526 ADD_TEST(test_kdf_hkdf);
527 ADD_TEST(test_kdf_pbkdf2);
528 #ifndef OPENSSL_NO_SCRYPT
529 ADD_TEST(test_kdf_scrypt);
530 #endif
531 ADD_TEST(test_kdf_ss_hash);
532 ADD_TEST(test_kdf_ss_hmac);
533 ADD_TEST(test_kdf_ss_kmac);
534 ADD_TEST(test_kdf_sshkdf);
535 ADD_TEST(test_kdf_x963);
536 #ifndef OPENSSL_NO_CMS
537 ADD_TEST(test_kdf_x942_asn1);
538 #endif
539 return 1;
540 }
A mirror of the official openssl repository