Ctrl.info = info:
Output = 62f99231760bedd72319cc6cad
-Title = HKDF bad digest test
+Title = FIPS indicator tests
-Availablein = fips
+# Test that the operation with unapproved digest function is rejected
+#
+# There is no corresponding test for checking `fips-indicator` and derived key
+# because that
+# * HKDF can be used with SHA-1, SHA-2 and SHA-3 but not with the
+# extendable-output functions.
+# * HMAC construction is not allowed to be used with the extendable-output
+# functions.
FIPSversion = >=3.4.0
KDF = HKDF
Ctrl.digest = digest:SHAKE-256
Ctrl.hexinfo = hexinfo:aaaaaaa20b0409bbbbbbbbbbbbbbbbbb
Output = d3c78b78d75313e9a926f75dfb012363fa17fa01db
-Title = SSKDF bad digest test
+Title = FIPS indicator tests
-Availablein = fips
+# Test that the operation with unapproved digest function is rejected
+#
+# There is no corresponding test for checking `fips-indicator` and derived key
+# because that
+# * SSKDF can be used with SHA-1, SHA-2 and SHA-3 but not with the
+# extendable-output functions.
+# * The return value from the `EVP_MD_get_size` function for the
+# extendable-output functions always is 0, so the `SSKDF_hash_kdm` function
+# will return 0 directly.
FIPSversion = >=3.4.0
KDF = SSKDF
Ctrl.digest = digest:SHAKE-256
Output = FF
Result = KDF_MISMATCH
-Availablein = fips
+Title = FIPS indicator tests
+
+# Test that the operation with unapproved digest function is rejected
FIPSversion = >=3.4.0
KDF = SSHKDF
Ctrl.digest = digest:SHA512-256
Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245
Ctrl.type = type:A
Result = KDF_DERIVE_ERROR
+
+# Test that the operation with unapproved digest function is is reported as
+# unapproved
+FIPSversion = >=3.4.0
+KDF = SSHKDF
+Unapproved = 1
+Ctrl.digest-check = digest-check:0
+Ctrl.digest = digest:SHA512-256
+Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59
+Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245
+Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245
+Ctrl.type = type:A
+Output = d37ea221cbcc026d95e8c10b7d28a1b41e4ec1b497bae0e4cdbc1446e5bd59e2
Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
Output = 202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf
+
+Title = FIPS indicator tests
+
+# Test that the operation with unapproved digest function is rejected
+FIPSversion = >=3.4.0
+KDF = TLS1-PRF
+Ctrl.digest = digest:SHA512-256
+Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc
+Ctrl.label = seed:extended master secret
+Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
+Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
+Result = KDF_DERIVE_ERROR
+
+# Test that the operation with unapproved digest function is is reported as
+# unapproved
+FIPSversion = >=3.4.0
+KDF = TLS1-PRF
+Unapproved = 1
+Ctrl.digest-check = digest-check:0
+Ctrl.digest = digest:SHA512-256
+Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc
+Ctrl.label = seed:extended master secret
+Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
+Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
+Output = 17be20a3b4cc05524d7de353b2f125537c23372144111b0367bda166fcfc09cf1c94909a408b986f53afbdc41d93ae09
Ctrl.digest = digest:SHA256
Result = KDF_CTRL_ERROR
-Title = TLS13-KDF bad digest test
+Title = FIPS indicator tests
-Availablein = fips
+# Test that the operation with unapproved digest function is rejected
FIPSversion = >=3.4.0
KDF = TLS13-KDF
Ctrl.mode = mode:EXTRACT_ONLY
-Ctrl.digest = digest:SHA3-256
+Ctrl.digest = digest:SHA512-256
Ctrl.key = hexkey:f8af6aea2d397baf2948a25b2834200692cff17eee9165e4e27babee9edefd05
Result = KDF_DERIVE_ERROR
+
+# Test that the operation with unapproved digest function is is reported as
+# unapproved
+FIPSversion = >=3.4.0
+KDF = TLS13-KDF
+Unapproved = 1
+Ctrl.digest-check = digest-check:0
+Ctrl.mode = mode:EXTRACT_ONLY
+Ctrl.digest = digest:SHA512-256
+Ctrl.key = hexkey:f8af6aea2d397baf2948a25b2834200692cff17eee9165e4e27babee9edefd05
+Output = c8240b43113bb8bd211ee97c5145d389e8074f76eeeaac74eb55691062a436e4
Ctrl.hexinfo = hexinfo:af42f1ae85477ead645583
Output = 995d1ab8557dfeafcb347f8182583fa0ac5e6cb3912393592590989f38a0214f6cf7d6fbe23917b0966c6a870876de2a2c13a45fa7aa1715be137ed332e1ffc204ce4dcce33ece6dec7f3da61fa049780040e44142cc8a1e5121cf56b386f65b7c261a192f05e5fefae4221a602bc51c41ef175dc45fb7eab8642421b4f7e3e7
-Title = X963KDF bad digest test
+Title = FIPS indicator tests
-Availablein = fips
+# Test that the operation with unapproved digest function is rejected
FIPSversion = >=3.4.0
KDF = X963KDF
Ctrl.digest = digest:SHA1
Ctrl.hexsecret = hexsecret:fd17198b89ab39c4ab5d7cca363b82f9fd7e23c3984dc8a2
Ctrl.hexinfo = hexinfo:856a53f3e36a26bbc5792879f307cce2
Result = KDF_DERIVE_ERROR
+
+# Test that the operation with unapproved digest function is is reported as
+# unapproved
+FIPSversion = >=3.4.0
+KDF = X963KDF
+Unapproved = 1
+Ctrl.digest-check = digest-check:0
+Ctrl.digest = digest:SHA1
+Ctrl.hexsecret = hexsecret:fd17198b89ab39c4ab5d7cca363b82f9fd7e23c3984dc8a2
+Ctrl.hexinfo = hexinfo:856a53f3e36a26bbc5792879f307cce2
+Output = 6e5fad865cb4a51c95209b16df0cc490bc2c9064405c5bccd4ee4832a531fbe7f10cb79e2eab6ab1149fbd5a23cfdabc41242269c9df22f628c4424333855b64e95e2d4fb8469c669f17176c07d103376b10b384ec5763d8b8c610409f19aca8eb31f9d85cc61a8d6d4a03d03e5a506b78d6847e93d295ee548c65afedd2efec
Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
Ctrl.salt = salt:
Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48
+
+Title = FIPS indicator tests
+
+# Test that the operation with unapproved digest function is rejected
+#
+# There is no corresponding test for checking `fips-indicator` and derived key
+# because that
+# * HKDF can be used with SHA-1, SHA-2 and SHA-3 but not with the
+# extendable-output functions.
+# * HMAC construction is not allowed to be used with the extendable-output
+# functions.
+FIPSversion = >=3.4.0
+PKEYKDF = HKDF
+Ctrl.digest = digest:SHAKE-256
+Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
+Ctrl.salt = hexsalt:000102030405060708090a0b0c
+Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9
+Result = KDF_DERIVE_ERROR
Ctrl.Seed = hexseed:02
Output = 03
Result = KDF_DERIVE_ERROR
+
+Title = FIPS indicator tests
+
+# Test that the operation with unapproved digest function is rejected
+FIPSversion = >=3.4.0
+PKEYKDF = TLS1-PRF
+Ctrl.digest = digest:SHA512-256
+Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc
+Ctrl.label = seed:extended master secret
+Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
+Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
+Result = KDF_DERIVE_ERROR
+
+# Test that the operation with unapproved digest function is is reported as
+# unapproved
+FIPSversion = >=3.4.0
+PKEYKDF = TLS1-PRF
+Unapproved = 1
+Ctrl.digest-check = digest-check:0
+Ctrl.digest = digest:SHA512-256
+Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc
+Ctrl.label = seed:extended master secret
+Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
+Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
+Output = 17be20a3b4cc05524d7de353b2f125537c23372144111b0367bda166fcfc09cf1c94909a408b986f53afbdc41d93ae09
projects / thirdparty / openssl.git / commitdiff
