This includes KDF's for ss,x963,hmac-drbg,KB,KRB5,PVK,SNMP,SSH and X942.
SSKDF/X963KDF Changes: Modify code to handle algorithms being disabled via configuration options.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/29576)
no-gost,
enable-h3demo,
enable-hqinterop,
+ no-hmac-drbg-kdf,
no-hw,
no-idea,
+ no-kbkdf,
+ no-krb5kdf,
enable-lms,
no-makedepend,
enable-md2,
no-poly1305,
no-posix-io,
no-psk,
+ no-pvkkdf,
no-rc2,
enable-rc5,
no-rdrand,
no-sm2-precomp,
no-sm3,
no-sm4,
+ no-snmpkdf,
no-sock,
no-sse2,
+ no-sshkdf,
+ no-sskdf,
no-ssl,
no-ssl-trace,
enable-sslkeylog,
no-uplink,
no-weak-ssl-ciphers,
no-whirlpool,
+ no-x942kdf,
+ no-x963kdf,
enable-zlib-dynamic,
-DOPENSSL_PEDANTIC_ZEROIZATION,
-DOPENSSL_PEDANTIC_ZEROIZATION enable-fips,
providers/implementations/kdfs/sskdf.inc
providers/implementations/kdfs/tls1_prf.inc
providers/implementations/kdfs/x942kdf.inc
+providers/implementations/kdfs/x963kdf.inc
providers/implementations/kem/ec_kem.inc
providers/implementations/kem/ecx_kem.inc
providers/implementations/kem/ml_kem_kem.inc
### Changes between 3.6 and 4.0 [xx XXX xxxx]
+ * Added configure options to disable KDF algorithms for
+ hmac-drbg-kdf, kbkdf, krb5kdf, pvkkdf, snmpkdf, sskdf, sshkdf, x942kdf and x963kdf.
+
+ *Shane Lontis*
+
* Remove support for an SSLv2 Client Hello. When a client wanted to support
both SSLv2 and higher versions like SSLv3 or even TLSv1, it needed to
send an SSLv2 Client Hello. SSLv2 support itself was removed in version
"demos",
"h3demo",
"hqinterop",
+ "hmac-drbg-kdf",
"deprecated",
"des",
"dgram",
"idea",
"integrity-only-ciphers",
"jitter",
+ "kbkdf",
+ "krb5kdf",
"ktls",
"legacy",
"lms",
"poly1305",
"posix-io",
"psk",
+ "pvkkdf",
"quic",
"unstable-qlog",
"rc2",
"sm2-precomp",
"sm3",
"sm4",
+ "snmpkdf",
"sock",
"srp",
"srtp",
"sse2",
+ "sshkdf",
+ "sskdf",
"ssl-trace",
"stdio",
"sslkeylog",
"uplink",
"weak-ssl-ciphers",
"whirlpool",
+ "x942kdf",
+ "x963kdf",
"zlib",
"zlib-dynamic",
"zstd",
"cmac", "cms", "cmp", "comp", "ct",
"des", "dgram", "dh", "dsa",
"ec",
- "filenames",
- "idea", "ktls", "lms",
+ "filenames", "hmac-drbg-kdf",
+ "idea", "kbkdf", "krb5kdf", "ktls", "lms",
"md4", "ml-dsa", "ml-kem", "multiblock",
"nextprotoneg", "ocsp", "ocb", "poly1305", "psk",
- "rc2", "rc4", "rmd160",
+ "pvkkdf", "rc2", "rc4", "rmd160",
"scrypt", "seed", "siphash", "siv",
- "slh-dsa", "sm3", "sm4", "srp",
- "srtp", "ssl-trace",
+ "slh-dsa", "sm3", "sm4", "snmpkdf",
+ "srp", "srtp", "sshkdf", "sskdf",
+ "ssl-trace",
"tfo",
"ts", "ui-console", "whirlpool",
+ "x942kdf", "x963kdf",
"fips-securitychecks" ],
sub { $config{processor} eq "386" }
=> [ "sse2" ],
Don't build support for loading Dynamic Shared Objects (DSO)
-### no-ec
-
-Don't build support for Elliptic Curves.
-
-### no-ec2m
-
-Don't build support for binary Elliptic Curves
-
### no-tls-deprecated-ec
Disable legacy TLS EC groups that were deprecated in RFC8422. These are the
Disabling this also disables the legacy algorithms: MD2 (already disabled by default).
-### enable-lms
-
-Enable Leighton-Micali Signatures (LMS) support.
-Support is currently limited to verification only as per
-[SP 800-208](https://csrc.nist.gov/pubs/sp/800/208/final).
-
### no-makedepend
Don't generate dependencies.
-### no-ml-dsa
-
-Disable Module-Lattice-Based Digital Signature Standard (ML-DSA) support.
-ML-DSA is based on CRYSTALS-DILITHIUM. See [FIPS 204].
-
-### no-ml-kem
-
-Disable Module-Lattice-Based Key-Encapsulation Mechanism Standard (ML-KEM)
-support. ML-KEM is based on CRYSTALS-KYBER. See [FIPS 203].
-
### no-module
Don't build any dynamically loadable modules.
See [Notes on shared libraries](#notes-on-shared-libraries) below.
-### no-slh-dsa
-
-Disable Stateless Hash Based Digital Signature Standard support.
-(SLH-DSA is based on SPHINCS+. See [FIPS 205])
-
### no-sm2-precomp
Disable using the SM2 precomputed table on aarch64 to make the library smaller.
### enable-{algorithm}
- enable-{md2|rc5}
+ enable-{md2|rc5|lms}
Build with support for the specified algorithm.
+The `lms` algorithm support is currently limited to verification only as per
+[SP 800-208](https://csrc.nist.gov/pubs/sp/800/208/final).
+
### no-{algorithm}
no-{aria|bf|blake2|camellia|cast|chacha|cmac|
- des|dh|dsa|ecdh|ecdsa|idea|md4|mdc2|ml-dsa|
- ml-kem|ocb|poly1305|rc2|rc4|rmd160|scrypt|
- seed|siphash|siv|sm2|sm3|sm4|whirlpool}
+ des|dh|dsa|
+ ec|ec2m|ecdh|ecdsa|hmac-drbg-kdf|idea|kbkdf|krb5kdf|
+ md4|mdc2|
+ ml-dsa|ml-kem|
+ ocb|poly1305|pvkkdf|rc2|rc4|rmd160|scrypt|
+ seed|siphash|siv|slh-dsa|sm2|sm3|sm4|snmpkdf|sshkdf|sskdf|
+ x942kdf|x963kdf|whirlpool}
Build without support for the specified algorithm.
providers/implementations/kdfs/sskdf.inc \
providers/implementations/kdfs/tls1_prf.inc \
providers/implementations/kdfs/x942kdf.inc \
+ providers/implementations/kdfs/x963kdf.inc \
providers/implementations/kem/ec_kem.inc \
providers/implementations/kem/ecx_kem.inc \
providers/implementations/kem/ml_kem_kem.inc \
providers/implementations/kdfs/sskdf.inc \
providers/implementations/kdfs/tls1_prf.inc \
providers/implementations/kdfs/x942kdf.inc \
+ providers/implementations/kdfs/x963kdf.inc \
providers/implementations/kem/ec_kem.inc \
providers/implementations/kem/ecx_kem.inc \
providers/implementations/kem/ml_kem_kem.inc \
providers/implementations/kdfs/tls1_prf.inc.in
GENERATE[providers/implementations/kdfs/x942kdf.inc]=\
providers/implementations/kdfs/x942kdf.inc.in
+GENERATE[providers/implementations/kdfs/x963kdf.inc]=\
+ providers/implementations/kdfs/x963kdf.inc.in
GENERATE[providers/implementations/kem/ec_kem.inc]=\
providers/implementations/kem/ec_kem.inc.in
GENERATE[providers/implementations/kem/ecx_kem.inc]=\
The EVP_KDF-X963 algorithm implements the key derivation function (X963KDF).
X963KDF is used by Cryptographic Message Syntax (CMS) for EC KeyAgreement, to
-derive a key using input such as a shared secret key and shared info.
+derive a key using input such as a shared secret key and shared info. It is
+also used by SM2 encryption and decryption operations.
The output is considered to be keying material.
{ PROV_NAMES_HKDF_SHA512, "provider=default", ossl_kdf_hkdf_sha512_functions },
{ PROV_NAMES_TLS1_3_KDF, "provider=default",
ossl_kdf_tls1_3_kdf_functions },
- { PROV_NAMES_SSKDF, "provider=default", ossl_kdf_sskdf_functions },
+ { PROV_NAMES_TLS1_PRF, "provider=default", ossl_kdf_tls1_prf_functions },
{ PROV_NAMES_PBKDF2, "provider=default", ossl_kdf_pbkdf2_functions },
{ PROV_NAMES_PKCS12KDF, "provider=default", ossl_kdf_pkcs12_functions },
+#ifndef OPENSSL_NO_SSKDF
+ { PROV_NAMES_SSKDF, "provider=default", ossl_kdf_sskdf_functions },
+#endif
+#ifndef OPENSSL_NO_SNMPKDF
{ PROV_NAMES_SNMPKDF, "provider=default", ossl_kdf_snmpkdf_functions },
+#endif
+#ifndef OPENSSL_NO_SSHKDF
{ PROV_NAMES_SSHKDF, "provider=default", ossl_kdf_sshkdf_functions },
+#endif
+#ifndef OPENSSL_NO_X963KDF
{ PROV_NAMES_X963KDF, "provider=default", ossl_kdf_x963_kdf_functions },
- { PROV_NAMES_TLS1_PRF, "provider=default", ossl_kdf_tls1_prf_functions },
+#endif
+#ifndef OPENSSL_NO_KBKDF
{ PROV_NAMES_KBKDF, "provider=default", ossl_kdf_kbkdf_functions },
+#endif
+#ifndef OPENSSL_NO_X942KDF
{ PROV_NAMES_X942KDF_ASN1, "provider=default", ossl_kdf_x942_kdf_functions },
+#endif
#ifndef OPENSSL_NO_SCRYPT
{ PROV_NAMES_SCRYPT, "provider=default", ossl_kdf_scrypt_functions },
#endif
+#ifndef OPENSSL_NO_KRB5KDF
{ PROV_NAMES_KRB5KDF, "provider=default", ossl_kdf_krb5kdf_functions },
+#endif
+#ifndef OPENSSL_NO_HMAC_DRBG_KDF
{ PROV_NAMES_HMAC_DRBG_KDF, "provider=default",
ossl_kdf_hmac_drbg_functions },
+#endif
#ifndef OPENSSL_NO_ARGON2
{ PROV_NAMES_ARGON2I, "provider=default", ossl_kdf_argon2i_functions },
{ PROV_NAMES_ARGON2D, "provider=default", ossl_kdf_argon2d_functions },
{ NULL, NULL, NULL }
};
-#define FIPS_KDFS_COMMON() \
- { PROV_NAMES_HKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_functions }, \
- { PROV_NAMES_HKDF_SHA256, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_sha256_functions }, \
- { PROV_NAMES_HKDF_SHA384, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_sha384_functions }, \
- { PROV_NAMES_HKDF_SHA512, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_sha512_functions }, \
- { PROV_NAMES_TLS1_3_KDF, FIPS_DEFAULT_PROPERTIES, \
- ossl_kdf_tls1_3_kdf_functions }, \
- { PROV_NAMES_SSKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_sskdf_functions }, \
- { PROV_NAMES_PBKDF2, FIPS_DEFAULT_PROPERTIES, ossl_kdf_pbkdf2_functions }, \
- { PROV_NAMES_SNMPKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_snmpkdf_functions }, \
- { PROV_NAMES_SSHKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_sshkdf_functions }, \
- { PROV_NAMES_X963KDF, FIPS_DEFAULT_PROPERTIES, \
- ossl_kdf_x963_kdf_functions }, \
- { PROV_NAMES_X942KDF_ASN1, FIPS_DEFAULT_PROPERTIES, \
- ossl_kdf_x942_kdf_functions }, \
- { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, \
- ossl_kdf_tls1_prf_functions }, \
- { \
- PROV_NAMES_KBKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_kbkdf_functions \
- }
+/* clang-format off */
+#define FIPS_KDFS_COMMON() \
+ { PROV_NAMES_HKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_functions }, \
+ { PROV_NAMES_HKDF_SHA256, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_sha256_functions }, \
+ { PROV_NAMES_HKDF_SHA384, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_sha384_functions }, \
+ { PROV_NAMES_HKDF_SHA512, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hkdf_sha512_functions }, \
+ { PROV_NAMES_TLS1_3_KDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_tls1_3_kdf_functions }, \
+ { PROV_NAMES_PBKDF2, FIPS_DEFAULT_PROPERTIES, ossl_kdf_pbkdf2_functions }, \
+ { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_tls1_prf_functions }
+/* clang-format on */
+/*
+ * NOTE:
+ * Any algorithms added to this table need to be copied to fips_kdfs_internal[].
+ */
static const OSSL_ALGORITHM fips_kdfs[] = {
FIPS_KDFS_COMMON(),
+#ifndef OPENSSL_NO_SSKDF
+ { PROV_NAMES_SSKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_sskdf_functions },
+#endif
+#ifndef OPENSSL_NO_SNMPKDF
+ { PROV_NAMES_SNMPKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_snmpkdf_functions },
+#endif
+#ifndef OPENSSL_NO_SSHKDF
+ { PROV_NAMES_SSHKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_sshkdf_functions },
+#endif
+#ifndef OPENSSL_NO_KBKDF
+ { PROV_NAMES_KBKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_kbkdf_functions },
+#endif
+#ifndef OPENSSL_NO_X942KDF
+ { PROV_NAMES_X942KDF_ASN1, FIPS_DEFAULT_PROPERTIES,
+ ossl_kdf_x942_kdf_functions },
+#endif
+#ifndef OPENSSL_NO_X963KDF
+ { PROV_NAMES_X963KDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_x963_kdf_functions },
+#endif
{ NULL, NULL, NULL }
};
static const OSSL_ALGORITHM fips_kdfs_internal[] = {
FIPS_KDFS_COMMON(),
+#ifndef OPENSSL_NO_SSKDF
+ { PROV_NAMES_SSKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_sskdf_functions },
+#endif
+#ifndef OPENSSL_NO_SNMPKDF
+ { PROV_NAMES_SNMPKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_snmpkdf_functions },
+#endif
+#ifndef OPENSSL_NO_SSHKDF
+ { PROV_NAMES_SSHKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_sshkdf_functions },
+#endif
+#ifndef OPENSSL_NO_KBKDF
+ { PROV_NAMES_KBKDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_kbkdf_functions },
+#endif
+#ifndef OPENSSL_NO_X942KDF
+ { PROV_NAMES_X942KDF_ASN1, FIPS_DEFAULT_PROPERTIES,
+ ossl_kdf_x942_kdf_functions },
+#endif
+#ifndef OPENSSL_NO_X963KDF
+ { PROV_NAMES_X963KDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_x963_kdf_functions },
+#endif
+
+#ifndef OPENSSL_NO_HMAC_DRBG_KDF
/* For deterministic ECDSA */
{ PROV_NAMES_HMAC_DRBG_KDF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_hmac_drbg_functions },
+#endif
{ NULL, NULL, NULL }
};
ST_KAT_PARAM_END()
};
+#ifndef OPENSSL_NO_SNMPKDF
static const char snmpkdf_digest[] = "SHA1";
static const unsigned char snmpkdf_eid[] = {
0x80, 0x00, 0x02, 0xb8, 0x05, 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde,
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_PASSWORD, snmpkdf_password),
ST_KAT_PARAM_END()
};
+#endif
+#ifndef OPENSSL_NO_SSKDF
static const char sskdf_digest[] = "SHA256";
static const unsigned char sskdf_secret[] = {
0x6d, 0xbd, 0xc2, 0x3f, 0x04, 0x54, 0x88, 0xe4,
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, sskdf_otherinfo),
ST_KAT_PARAM_END()
};
+#endif /* OPENSSL_NO_SSKDF */
+#ifndef OPENSSL_NO_X942KDF
static const char x942kdf_digest[] = "SHA256";
static const char x942kdf_cekalg[] = "AES-128-WRAP";
static const unsigned char x942kdf_secret[] = {
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, x942kdf_secret),
ST_KAT_PARAM_END()
};
+#endif /* OPENSSL_NO_X942KDF */
+#ifndef OPENSSL_NO_X963KDF
static const char x963kdf_digest[] = "SHA256";
static const unsigned char x963kdf_otherinfo[] = {
0x75, 0xee, 0xf8, 0x1a, 0xa3, 0x04, 0x1e, 0x33,
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, x963kdf_otherinfo),
ST_KAT_PARAM_END()
};
+#endif /* OPENSSL_NO_X963KDF */
static const char pbkdf2_digest[] = "SHA256";
/*
ST_KAT_PARAM_END()
};
+#ifndef OPENSSL_NO_KBKDF
static const char kbkdf_digest[] = "SHA256";
static const char kbkdf_mac[] = "HMAC";
static const unsigned char kbkdf_salt[] = { 'p', 'r', 'f' };
ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, kbkdf_kmac_context),
ST_KAT_PARAM_END()
};
+#endif /* OPENSSL_NO_KBKDF */
static const char tls13_kdf_digest[] = "SHA256";
static int tls13_kdf_extract_mode = EVP_KDF_HKDF_MODE_EXTRACT_ONLY;
pbkdf2_params,
ITM(pbkdf2_expected)
},
+#ifndef OPENSSL_NO_KBKDF
{
OSSL_SELF_TEST_DESC_KDF_KBKDF,
OSSL_KDF_NAME_KBKDF,
kbkdf_kmac_params,
ITM(kbkdf_kmac_expected)
},
+#endif
{
OSSL_SELF_TEST_DESC_KDF_HKDF,
OSSL_KDF_NAME_HKDF,
hkdf_params,
ITM(hkdf_expected)
},
+#ifndef OPENSSL_NO_SNMPKDF
{
OSSL_SELF_TEST_DESC_KDF_SNMPKDF,
OSSL_KDF_NAME_SNMPKDF,
snmpkdf_params,
ITM(snmpkdf_expected)
},
+#endif
+#ifndef OPENSSL_NO_SSKDF
{
OSSL_SELF_TEST_DESC_KDF_SSKDF,
OSSL_KDF_NAME_SSKDF,
sskdf_params,
ITM(sskdf_expected)
},
+#endif
+#ifndef OPENSSL_NO_X963KDF
{
OSSL_SELF_TEST_DESC_KDF_X963KDF,
OSSL_KDF_NAME_X963KDF,
x963kdf_params,
ITM(x963kdf_expected)
},
+#endif
+#ifndef OPENSSL_NO_X942KDF
{
OSSL_SELF_TEST_DESC_KDF_X942KDF,
OSSL_KDF_NAME_X942KDF_ASN1,
x942kdf_params,
ITM(x942kdf_expected)
},
+#endif
};
/*-
0x45, 0xc3, 0x6f, 0x9e, 0x2e, 0xc1, 0x44, 0x9f,
0xfd, 0x79, 0xdb, 0x90, 0x3e, 0xb9, 0xb2
};
+#ifndef OPENSSL_NO_HMAC_DRBG_KDF
static const unsigned char ecdsa_prime_expected_detsig[] = {
0x30, 0x3c, 0x02, 0x1c, 0x6a, 0x6d, 0x2c, 0x88,
0x2b, 0xe5, 0x6b, 0xe6, 0xb1, 0x28, 0xe7, 0xa8,
0xf9, 0x16, 0xe6, 0x06, 0xa5, 0xf0, 0x94, 0x2f,
0x57, 0xf1, 0x7e, 0xf2, 0x16, 0x76
};
+#endif
static const ST_KAT_PARAM ecdsa_prime_key[] = {
ST_KAT_PARAM_UTF8STRING(OSSL_PKEY_PARAM_GROUP_NAME, ecd_prime_curve_name),
ST_KAT_PARAM_OCTET(OSSL_PKEY_PARAM_PUB_KEY, ecd_prime_pub),
ITM(sig_kat_persstr),
ITM(ecdsa_prime_expected_sig)
},
+# ifndef OPENSSL_NO_HMAC_DRBG_KDF
{
OSSL_SELF_TEST_DESC_SIGN_DetECDSA,
"EC", "ECDSA-SHA256", 0, 0,
ITM(ecdsa_prime_expected_detsig),
ecdsa_sig_params
},
+# endif
# ifndef OPENSSL_NO_EC2M
{
OSSL_SELF_TEST_DESC_SIGN_ECDSA,
SOURCE[$HKDF_GOAL]=hkdf.c
-SOURCE[$KBKDF_GOAL]=kbkdf.c
+IF[{- !$disable{kbkdf} -}]
+ SOURCE[$KBKDF_GOAL]=kbkdf.c
+ENDIF
-SOURCE[$KRB5KDF_GOAL]=krb5kdf.c
+IF[{- !$disabled{krb5kdf} -}]
+ SOURCE[$KRB5KDF_GOAL]=krb5kdf.c
+ENDIF
SOURCE[$PBKDF1_GOAL]=pbkdf1.c
SOURCE[$PBKDF2_GOAL]=pbkdf2.c
-SOURCE[$PVKKDF_GOAL]=pvkkdf.c
+IF[{- !$disabled{pvkkdf} -}]
+ SOURCE[$PVKKDF_GOAL]=pvkkdf.c
+ENDIF
SOURCE[$PKCS12KDF_GOAL]=pkcs12kdf.c
-SOURCE[$SSKDF_GOAL]=sskdf.c
+IF[{- !$disabled{sskdf} || !$disabled{x963kdf} -}]
+ SOURCE[$SSKDF_GOAL]=sskdf.c
+ENDIF
-SOURCE[$SCRYPT_GOAL]=scrypt.c
-SOURCE[$SNMPKDF_GOAL]=snmpkdf.c
-SOURCE[$SSHKDF_GOAL]=sshkdf.c
-SOURCE[$X942KDF_GOAL]=x942kdf.c
-DEPEND[x942kdf.o]=../../common/include/prov/der_wrap.h
+IF[{- !$disabled{scrypt} -}]
+ SOURCE[$SCRYPT_GOAL]=scrypt.c
+ENDIF
+
+IF[{- !$disabled{snmpkdf} -}]
+ SOURCE[$SNMPKDF_GOAL]=snmpkdf.c
+ENDIF
+
+IF[{- !$disabled{sshkdf} -}]
+ SOURCE[$SSHKDF_GOAL]=sshkdf.c
+ENDIF
+
+IF[{- !$disabled{x942kdf} -}]
+ SOURCE[$X942KDF_GOAL]=x942kdf.c
+ DEPEND[x942kdf.o]=../../common/include/prov/der_wrap.h
+ENDIF
+
+IF[{- !$disabled{hmac-drbg-kdf} -}]
+ SOURCE[$HMAC_DRBG_KDF_GOAL]=hmacdrbg_kdf.c
+ENDIF
-SOURCE[$HMAC_DRBG_KDF_GOAL]=hmacdrbg_kdf.c
SOURCE[$ARGON2_GOAL]=argon2.c
#include "prov/securitycheck.h"
#include "internal/params.h"
+#define SSKDF_MAX_INLEN (1 << 30)
+#define SSKDF_MAX_INFOS 5
+
typedef struct {
void *provctx;
EVP_MAC_CTX *macctx; /* H(x) = HMAC_hash OR H(x) = KMAC */
OSSL_FIPS_IND_DECLARE
} KDF_SSKDF;
-#define SSKDF_MAX_INLEN (1 << 30)
-#define SSKDF_KMAC128_DEFAULT_SALT_SIZE (168 - 4)
-#define SSKDF_KMAC256_DEFAULT_SALT_SIZE (136 - 4)
-
-#define SSKDF_MAX_INFOS 5
-
-/* KMAC uses a Customisation string of 'KDF' */
-static const unsigned char kmac_custom_str[] = { 0x4B, 0x44, 0x46 };
+struct sskdf_all_set_ctx_params_st {
+ OSSL_PARAM *secret;
+ OSSL_PARAM *propq;
+ OSSL_PARAM *digest;
+ OSSL_PARAM *mac;
+ OSSL_PARAM *salt;
+ OSSL_PARAM *size;
+#ifdef FIPS_MODULE
+ OSSL_PARAM *ind_k;
+ OSSL_PARAM *ind_d;
+#endif
+ OSSL_PARAM *info[SSKDF_MAX_INFOS];
+ int num_info;
+};
static OSSL_FUNC_kdf_newctx_fn sskdf_new;
static OSSL_FUNC_kdf_dupctx_fn sskdf_dup;
static OSSL_FUNC_kdf_freectx_fn sskdf_free;
static OSSL_FUNC_kdf_reset_fn sskdf_reset;
+
+#ifndef OPENSSL_NO_SSKDF
+#define SSKDF_KMAC128_DEFAULT_SALT_SIZE (168 - 4)
+#define SSKDF_KMAC256_DEFAULT_SALT_SIZE (136 - 4)
+/* KMAC uses a Customisation string of 'KDF' */
+static const unsigned char kmac_custom_str[] = { 0x4B, 0x44, 0x46 };
+
static OSSL_FUNC_kdf_derive_fn sskdf_derive;
static OSSL_FUNC_kdf_settable_ctx_params_fn sskdf_settable_ctx_params;
static OSSL_FUNC_kdf_set_ctx_params_fn sskdf_set_ctx_params;
-static OSSL_FUNC_kdf_gettable_ctx_params_fn sskdf_common_gettable_ctx_params;
-static OSSL_FUNC_kdf_get_ctx_params_fn sskdf_common_get_ctx_params;
+static OSSL_FUNC_kdf_gettable_ctx_params_fn sskdf_gettable_ctx_params;
+static OSSL_FUNC_kdf_get_ctx_params_fn sskdf_get_ctx_params;
+#define sskdf_set_ctx_params_st sskdf_all_set_ctx_params_st
+#include "providers/implementations/kdfs/sskdf.inc"
+#endif
+#ifndef OPENSSL_NO_X963KDF
static OSSL_FUNC_kdf_derive_fn x963kdf_derive;
static OSSL_FUNC_kdf_settable_ctx_params_fn x963kdf_settable_ctx_params;
static OSSL_FUNC_kdf_set_ctx_params_fn x963kdf_set_ctx_params;
-
+static OSSL_FUNC_kdf_gettable_ctx_params_fn x963kdf_gettable_ctx_params;
+static OSSL_FUNC_kdf_get_ctx_params_fn x963kdf_get_ctx_params;
+#define x963kdf_set_ctx_params_st sskdf_all_set_ctx_params_st
+#include "providers/implementations/kdfs/x963kdf.inc"
+#endif
/*
* Refer to https://csrc.nist.gov/publications/detail/sp/800-56c/rev-1/final
* Section 4. One-Step Key Derivation using H(x) = hash(x)
return ret;
}
+#ifndef OPENSSL_NO_SSKDF
static int kmac_init(EVP_MAC_CTX *ctx, const unsigned char *custom,
size_t custom_len, size_t kmac_out_len,
size_t derived_key_len, unsigned char **out)
EVP_MAC_CTX_free(ctx);
return ret;
}
+#endif /* OPENSSL_NO_SSKDF */
static void *sskdf_new(void *provctx)
{
return (len <= 0) ? 0 : (size_t)len;
}
+#ifndef OPENSSL_NO_SSKDF
#ifdef FIPS_MODULE
static int fips_sskdf_key_check_passed(KDF_SSKDF *ctx)
{
}
return 1;
}
-#endif
+#endif /* FIPS_MODULE */
static int sskdf_derive(void *vctx, unsigned char *key, size_t keylen,
const OSSL_PARAM params[])
ctx->info, ctx->info_len, 0, key, keylen);
}
}
+#endif
+#ifndef OPENSSL_NO_X963KDF
#ifdef FIPS_MODULE
static int fips_x963kdf_digest_check_passed(KDF_SSKDF *ctx, const EVP_MD *md)
{
}
return 1;
}
-#endif
+#endif /* FIPS_MODULE */
static int x963kdf_derive(void *vctx, unsigned char *key, size_t keylen,
const OSSL_PARAM params[])
return SSKDF_hash_kdm(md, ctx->secret, ctx->secret_len,
ctx->info, ctx->info_len, 1, key, keylen);
}
-
-struct sskdf_all_set_ctx_params_st {
- OSSL_PARAM *secret;
- OSSL_PARAM *propq;
- OSSL_PARAM *digest;
- OSSL_PARAM *mac;
- OSSL_PARAM *salt;
- OSSL_PARAM *size;
-#ifdef FIPS_MODULE
- OSSL_PARAM *ind_k;
- OSSL_PARAM *ind_d;
-#endif
- OSSL_PARAM *info[SSKDF_MAX_INFOS];
- int num_info;
-};
-
-#define sskdf_set_ctx_params_st sskdf_all_set_ctx_params_st
-#define x963kdf_set_ctx_params_st sskdf_all_set_ctx_params_st
-
-#include "providers/implementations/kdfs/sskdf.inc"
+#endif /* OPENSSL_NO_X963KDF */
static int sskdf_common_set_ctx_params(KDF_SSKDF *ctx, struct sskdf_all_set_ctx_params_st *p,
- const OSSL_PARAM *params)
+ const OSSL_PARAM *params, OSSL_LIB_CTX *libctx)
{
- OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
+
const EVP_MD *md = NULL;
size_t sz;
int r;
- if (!ossl_prov_macctx_load(&ctx->macctx,
- p->mac, NULL, p->digest, p->propq,
- NULL, NULL, NULL, libctx))
- return 0;
- if (ctx->macctx != NULL) {
- if (EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->macctx),
- OSSL_MAC_NAME_KMAC128)
- || EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->macctx),
- OSSL_MAC_NAME_KMAC256)) {
- ctx->is_kmac = 1;
- }
- }
-
if (p->digest != NULL) {
if (!ossl_prov_digest_load(&ctx->digest, p->digest, p->propq, libctx))
return 0;
== 0)
return 0;
- if (ossl_param_get1_octet_string_from_param(p->salt, &ctx->salt,
- &ctx->salt_len)
- == 0)
- return 0;
-
if (p->size != NULL) {
if (!OSSL_PARAM_get_size_t(p->size, &sz) || sz == 0)
return 0;
return 1;
}
+#ifndef OPENSSL_NO_SSKDF
static int sskdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
{
KDF_SSKDF *ctx = (KDF_SSKDF *)vctx;
+ OSSL_LIB_CTX *libctx;
struct sskdf_all_set_ctx_params_st p;
if (ctx == NULL || !sskdf_set_ctx_params_decoder(params, &p))
if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(ctx, OSSL_FIPS_IND_SETTABLE0, p.ind_k))
return 0;
- if (!sskdf_common_set_ctx_params(ctx, &p, params))
+ libctx = PROV_LIBCTX_OF(ctx->provctx);
+ if (!ossl_prov_macctx_load(&ctx->macctx,
+ p.mac, NULL, p.digest, p.propq,
+ NULL, NULL, NULL, libctx))
+ return 0;
+ if (ctx->macctx != NULL) {
+ if (EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->macctx),
+ OSSL_MAC_NAME_KMAC128)
+ || EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->macctx),
+ OSSL_MAC_NAME_KMAC256)) {
+ ctx->is_kmac = 1;
+ }
+ }
+ if (ossl_param_get1_octet_string_from_param(p.salt, &ctx->salt,
+ &ctx->salt_len)
+ == 0)
+ return 0;
+ if (!sskdf_common_set_ctx_params(ctx, &p, params, libctx))
return 0;
#ifdef FIPS_MODULE
return sskdf_set_ctx_params_list;
}
-static int sskdf_common_get_ctx_params(void *vctx, OSSL_PARAM params[])
+static int sskdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
{
KDF_SSKDF *ctx = (KDF_SSKDF *)vctx;
struct sskdf_get_ctx_params_st p;
return 1;
}
-static const OSSL_PARAM *sskdf_common_gettable_ctx_params(ossl_unused void *ctx, ossl_unused void *provctx)
+static const OSSL_PARAM *sskdf_gettable_ctx_params(ossl_unused void *ctx, ossl_unused void *provctx)
{
return sskdf_get_ctx_params_list;
}
+#endif /* OPENSSL_NO_SSKDF */
+
+#ifndef OPENSSL_NO_X963KDF
static int x963kdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
{
KDF_SSKDF *ctx = (KDF_SSKDF *)vctx;
if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(ctx, OSSL_FIPS_IND_SETTABLE1, p.ind_k))
return 0;
- if (!sskdf_common_set_ctx_params(ctx, &p, params))
+ if (!sskdf_common_set_ctx_params(ctx, &p, params, PROV_LIBCTX_OF(ctx->provctx)))
return 0;
#ifdef FIPS_MODULE
return x963kdf_set_ctx_params_list;
}
+static int x963kdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
+{
+ KDF_SSKDF *ctx = (KDF_SSKDF *)vctx;
+ struct x963kdf_get_ctx_params_st p;
+
+ if (ctx == NULL || !x963kdf_get_ctx_params_decoder(params, &p))
+ return 0;
+
+ if (p.size != NULL) {
+ if (!OSSL_PARAM_set_size_t(p.size, sskdf_size(ctx)))
+ return 0;
+ }
+
+ if (!OSSL_FIPS_IND_GET_CTX_PARAM(ctx, p.ind))
+ return 0;
+
+ return 1;
+}
+
+static const OSSL_PARAM *x963kdf_gettable_ctx_params(ossl_unused void *ctx, ossl_unused void *provctx)
+{
+ return x963kdf_get_ctx_params_list;
+}
+
+#endif /* OPENSSL_NO_X963KDF */
+
+#ifndef OPENSSL_NO_SSKDF
const OSSL_DISPATCH ossl_kdf_sskdf_functions[] = {
{ OSSL_FUNC_KDF_NEWCTX, (void (*)(void))sskdf_new },
{ OSSL_FUNC_KDF_DUPCTX, (void (*)(void))sskdf_dup },
(void (*)(void))sskdf_settable_ctx_params },
{ OSSL_FUNC_KDF_SET_CTX_PARAMS, (void (*)(void))sskdf_set_ctx_params },
{ OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS,
- (void (*)(void))sskdf_common_gettable_ctx_params },
- { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void (*)(void))sskdf_common_get_ctx_params },
+ (void (*)(void))sskdf_gettable_ctx_params },
+ { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void (*)(void))sskdf_get_ctx_params },
OSSL_DISPATCH_END
};
+#endif
+#ifndef OPENSSL_NO_X963KDF
const OSSL_DISPATCH ossl_kdf_x963_kdf_functions[] = {
{ OSSL_FUNC_KDF_NEWCTX, (void (*)(void))sskdf_new },
{ OSSL_FUNC_KDF_DUPCTX, (void (*)(void))sskdf_dup },
(void (*)(void))x963kdf_settable_ctx_params },
{ OSSL_FUNC_KDF_SET_CTX_PARAMS, (void (*)(void))x963kdf_set_ctx_params },
{ OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS,
- (void (*)(void))sskdf_common_gettable_ctx_params },
- { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void (*)(void))sskdf_common_get_ctx_params },
+ (void (*)(void))x963kdf_gettable_ctx_params },
+ { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void (*)(void))x963kdf_get_ctx_params },
OSSL_DISPATCH_END
};
+#endif
(['OSSL_KDF_PARAM_SIZE', 'size', 'size_t'],
['OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int', 'fips'],
)); -}
-
-{- produce_param_decoder('x963kdf_set_ctx_params',
- (['OSSL_KDF_PARAM_SECRET', 'secret', 'octet_string'],
- ['OSSL_KDF_PARAM_KEY', 'secret', 'octet_string'],
- ['OSSL_KDF_PARAM_INFO', 'info', 'octet_string', SSKDF_MAX_INFOS],
- ['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'],
- ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'],
- ['OSSL_KDF_PARAM_MAC', 'mac', 'utf8_string'],
- ['OSSL_KDF_PARAM_SALT', 'salt', 'octet_string'],
- ['OSSL_KDF_PARAM_MAC_SIZE', 'size', 'size_t'],
- ['OSSL_KDF_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int', 'fips'],
- ['OSSL_KDF_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int', 'fips'],
- )); -}
--- /dev/null
+/*
+ * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the \"License\"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+{-
+use OpenSSL::paramnames qw(produce_param_decoder);
+-}
+
+{- produce_param_decoder('x963kdf_get_ctx_params',
+ (['OSSL_KDF_PARAM_SIZE', 'size', 'size_t'],
+ ['OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int', 'fips'],
+ )); -}
+
+{- produce_param_decoder('x963kdf_set_ctx_params',
+ (['OSSL_KDF_PARAM_SECRET', 'secret', 'octet_string'],
+ ['OSSL_KDF_PARAM_KEY', 'secret', 'octet_string'],
+ ['OSSL_KDF_PARAM_INFO', 'info', 'octet_string', SSKDF_MAX_INFOS],
+ ['OSSL_KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'],
+ ['OSSL_KDF_PARAM_DIGEST', 'digest', 'utf8_string'],
+ ['OSSL_KDF_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int', 'fips'],
+ ['OSSL_KDF_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int', 'fips'],
+ )); -}
static const OSSL_ALGORITHM legacy_kdfs[] = {
ALG(PROV_NAMES_PBKDF1, ossl_kdf_pbkdf1_functions),
+#ifndef OPENSSL_NO_PVKKDF
ALG(PROV_NAMES_PVKKDF, ossl_kdf_pvk_functions),
+#endif
{ NULL, NULL, NULL }
};
dump_pem, 0);
}
-#ifndef OPENSSL_NO_RC4
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_PVKKDF)
static int test_protected_via_PVK(const char *type, EVP_PKEY *key)
{
int ret = 0;
}
#define ADD_TEST_SUITE_UNPROTECTED_PVK(KEYTYPE) \
ADD_TEST(test_unprotected_##KEYTYPE##_via_PVK)
-#ifndef OPENSSL_NO_RC4
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_PVKKDF)
#define IMPLEMENT_TEST_SUITE_PROTECTED_PVK(KEYTYPE, KEYTYPEstr) \
static int test_protected_##KEYTYPE##_via_PVK(void) \
{ \
IMPLEMENT_TEST_SUITE_LEGACY(DSA, "DSA")
IMPLEMENT_TEST_SUITE_MSBLOB(DSA, "DSA")
IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(DSA, "DSA")
-#ifndef OPENSSL_NO_RC4
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_PVKKDF)
IMPLEMENT_TEST_SUITE_PROTECTED_PVK(DSA, "DSA")
#endif
#endif
*/
IMPLEMENT_TEST_SUITE_MSBLOB(RSA, "RSA")
IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK(RSA, "RSA")
-#ifndef OPENSSL_NO_RC4
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_PVKKDF)
IMPLEMENT_TEST_SUITE_PROTECTED_PVK(RSA, "RSA")
#endif
ADD_TEST_SUITE_LEGACY(DSA);
ADD_TEST_SUITE_MSBLOB(DSA);
ADD_TEST_SUITE_UNPROTECTED_PVK(DSA);
-#ifndef OPENSSL_NO_RC4
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_PVKKDF)
ADD_TEST_SUITE_PROTECTED_PVK(DSA);
#endif
#endif
*/
ADD_TEST_SUITE_MSBLOB(RSA);
ADD_TEST_SUITE_UNPROTECTED_PVK(RSA);
-#ifndef OPENSSL_NO_RC4
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_PVKKDF)
ADD_TEST_SUITE_PROTECTED_PVK(RSA);
#endif
EVP_MD_CTX *md_ctx_verify = NULL;
EVP_PKEY_CTX *cctx = NULL;
EVP_MD *check_md = NULL;
-
+ uint8_t sm2_id[] = { 1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r' };
+#ifndef OPENSSL_NO_X963KDF
uint8_t ciphertext[128];
size_t ctext_len = sizeof(ciphertext);
-
uint8_t plaintext[8];
size_t ptext_len = sizeof(plaintext);
-
- uint8_t sm2_id[] = { 1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r' };
-
OSSL_PARAM sparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
OSSL_PARAM gparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
int i;
char mdname[OSSL_MAX_NAME_SIZE];
+#endif
if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
"SM2", testpropq)))
goto done;
/* now check encryption/decryption */
-
+#ifndef OPENSSL_NO_X963KDF
gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
mdname, sizeof(mdname));
for (i = 0; i < 2; i++) {
if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
goto done;
}
-
+#endif /* OPENSSL_NO_X963KDF */
ret = 1;
done:
EVP_PKEY_CTX_free(pctx);
}
#endif /* OPENSSL_NO_SCRYPT */
+#ifndef OPENSSL_NO_SSKDF
static int test_kdf_ss_hash(void)
{
int ret;
EVP_KDF_CTX_free(kctx);
return ret;
}
+#endif /* OPENSSL_NO_SSKDF */
+#ifndef OPENSSL_NO_X963KDF
static int test_kdf_x963(void)
{
int ret;
EVP_KDF_CTX_free(kctx);
return ret;
}
+#endif /* OPENSSL_NO_X963KDF */
+#ifndef OPENSSL_NO_KBKDF
#if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_CAMELLIA)
/*
* KBKDF test vectors from RFC 6803 (Camellia Encryption for Kerberos 5)
EVP_KDF_CTX_free(kctx);
return ret;
}
+#endif /* OPENSSL_NO_KBKDF */
+#ifndef OPENSSL_NO_SSKDF
static int test_kdf_ss_hmac(void)
{
int ret;
EVP_KDF_CTX_free(kctx);
return ret;
}
+#endif /* OPENSSL_NO_SSKDF */
+#ifndef OPENSSL_NO_SSHKDF
static int test_kdf_sshkdf(void)
{
int ret;
EVP_KDF_CTX_free(kctx);
return ret;
}
+#endif /* OPENSSL_NO_SSHKDF */
static int test_kdfs_same(EVP_KDF *kdf1, EVP_KDF *kdf2)
{
return ok;
}
-#if !defined(OPENSSL_NO_CMS) && !defined(OPENSSL_NO_DES)
+#if !defined(OPENSSL_NO_CMS) && !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_X942KDF)
static int test_kdf_x942_asn1(void)
{
int ret;
}
#endif /* OPENSSL_NO_CMS */
+#ifndef OPENSSL_NO_KRB5KDF
static int test_kdf_krb5kdf(void)
{
int ret;
EVP_KDF_CTX_free(kctx);
return ret;
}
+#endif /* OPENSSL_NO_KRB5KDF */
+#ifndef OPENSSL_NO_HMAC_DRBG_KDF
static int test_kdf_hmac_drbg_settables(void)
{
int ret = 0, i = 0, j = 0;
EVP_KDF_CTX_free(kctx);
return ret;
}
+#endif /* OPENSSL_NO_HMAC_DRBG_KDF */
+#ifndef OPENSSL_NO_KBKDF
/* Test that changing the KBKDF algorithm from KMAC to HMAC works correctly */
static int test_kbkdf_mac_change(void)
{
EVP_KDF_CTX_free(kctx);
return ret;
}
+#endif /* OPENSSL_NO_KBKDF */
int setup_tests(void)
{
ADD_TEST(test_kdf_pbkdf1);
ADD_TEST(test_kdf_pbkdf1_skey);
ADD_TEST(test_kdf_pbkdf1_key_too_long);
+#ifndef OPENSSL_NO_KBKDF
#if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_CAMELLIA)
ADD_TEST(test_kdf_kbkdf_6803_128);
ADD_TEST(test_kdf_kbkdf_6803_256);
#endif
if (fips_provider_version_ge(NULL, 3, 1, 0))
ADD_TEST(test_kdf_kbkdf_kmac);
+#endif /* OPENSSL_NO_KBKDF */
ADD_TEST(test_kdf_get_kdf);
ADD_TEST(test_kdf_tls1_prf);
ADD_TEST(test_kdf_tls1_prf_set_skey);
#ifndef OPENSSL_NO_SCRYPT
ADD_TEST(test_kdf_scrypt);
#endif
+#ifndef OPENSSL_NO_SSKDF
ADD_TEST(test_kdf_ss_hash);
ADD_TEST(test_kdf_ss_hmac);
ADD_TEST(test_kdf_ss_kmac);
+#endif
+#ifndef OPENSSL_NO_SSHKDF
ADD_TEST(test_kdf_sshkdf);
+#endif
+#ifndef OPENSSL_NO_X963KDF
ADD_TEST(test_kdf_x963);
-#if !defined(OPENSSL_NO_CMS) && !defined(OPENSSL_NO_DES)
+#endif
+#if !defined(OPENSSL_NO_CMS) && !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_X942KDF)
ADD_TEST(test_kdf_x942_asn1);
#endif
+#ifndef OPENSSL_NO_KRB5KDF
ADD_TEST(test_kdf_krb5kdf);
+#endif
+#ifndef OPENSSL_NO_HMAC_DRBG_KDF
ADD_TEST(test_kdf_hmac_drbg_settables);
ADD_TEST(test_kdf_hmac_drbg_gettables);
+#endif
+#ifndef OPENSSL_NO_KBKDF
ADD_TEST(test_kbkdf_mac_change);
+#endif
return 1;
}
SKIP: {
skip "Skipping PVK conversion test", 1
if disabled($cmd) || $cmd eq 'pkey' || disabled("rc4")
- || disabled ("legacy");
+ || disabled ("legacy") || disabled("pvkkdf");
subtest "$cmd conversions -- private key" => sub {
tconversion( -type => 'pvk', -prefix => "$cmd-pvk",
"Generating signature with xoflen should fail");
};
+ skip "HMAC-DRBG-KDF is not supported by this OpenSSL build", 1
+ if disabled("hmac-drbg-kdf");
+
subtest "signing using the nonce-type sigopt" => sub {
plan tests => 1;
my $data_to_sign = srctop_file('test', 'data.bin');
{ cmd => [qw{openssl kdf -keylen 25 -digest SHA256 -kdfopt pass:passwordPASSWORDpassword -kdfopt salt:saltSALTsaltSALTsaltSALTsaltSALTsalt -kdfopt iter:4096 PBKDF2}],
expected => '34:8C:89:DB:CB:D3:2B:2F:32:D8:14:B8:11:6E:84:CF:2B:17:34:7E:BC:18:00:18:1C',
desc => 'PBKDF2 SHA256'},
- { cmd => [qw{openssl kdf -keylen 64 -mac KMAC128 -kdfopt maclen:20 -kdfopt hexkey:b74a149a161546f8c20b06ac4ed4 -kdfopt hexinfo:348a37a27ef1282f5f020dcc -kdfopt hexsalt:3638271ccd68a25dc24ecddd39ef3f89 SSKDF}],
- expected => 'e9:c1:84:53:a0:62:b5:3b:db:fc:bb:5a:34:bd:b8:e5:e7:07:ee:bb:5d:d1:34:42:43:d8:cf:c2:c2:e6:33:2f:91:bd:a5:86:f3:7d:e4:8a:65:d4:c5:14:fd:ef:aa:1e:67:54:f3:73:d2:38:e1:95:ae:15:7e:1d:e8:14:98:03',
- desc => 'SSKDF KMAC128'},
- { cmd => [qw{openssl kdf -keylen 16 -mac HMAC -digest SHA256 -kdfopt hexkey:b74a149a161546f8c20b06ac4ed4 -kdfopt hexinfo:348a37a27ef1282f5f020dcc -kdfopt hexsalt:3638271ccd68a25dc24ecddd39ef3f89 SSKDF}],
- expected => '44:f6:76:e8:5c:1b:1a:8b:bc:3d:31:92:18:63:1c:a3',
- desc => 'SSKDF HMAC SHA256'},
- { cmd => [qw{openssl kdf -keylen 14 -digest SHA224 -kdfopt hexkey:6dbdc23f045488e4062757b06b9ebae183fc5a5946d80db93fec6f62ec07e3727f0126aed12ce4b262f47d48d54287f81d474c7c3b1850e9 -kdfopt hexinfo:a1b2c3d4e54341565369643c832e9849dcdba71e9a3139e606e095de3c264a66e98a165854cd07989b1ee0ec3f8dbe SSKDF}],
- expected => 'a4:62:de:16:a8:9d:e8:46:6e:f5:46:0b:47:b8',
- desc => 'SSKDF HASH SHA224'},
- { cmd => [qw{openssl kdf -keylen 16 -digest SHA256 -kdfopt hexkey:0102030405 -kdfopt hexxcghash:06090A -kdfopt hexsession_id:01020304 -kdfopt type:A SSHKDF}],
- expected => '5C:49:94:47:3B:B1:53:3A:58:EB:19:42:04:D3:78:16',
- desc => 'SSHKDF SHA256'},
# Using the -kdfopt digest: option instead of -digest
{ cmd => [qw{openssl kdf -keylen 16 -kdfopt digest:SHA256 -kdfopt secret:secret -kdfopt seed:seed TLS1-PRF}],
{ cmd => [qw{openssl kdf -keylen 25 -kdfopt digest:SHA256 -kdfopt pass:passwordPASSWORDpassword -kdfopt salt:saltSALTsaltSALTsaltSALTsaltSALTsalt -kdfopt iter:4096 PBKDF2}],
expected => '34:8C:89:DB:CB:D3:2B:2F:32:D8:14:B8:11:6E:84:CF:2B:17:34:7E:BC:18:00:18:1C',
desc => 'PBKDF2 SHA256'},
- { cmd => [qw{openssl kdf -keylen 64 -mac KMAC128 -kdfopt maclen:20 -kdfopt hexkey:b74a149a161546f8c20b06ac4ed4 -kdfopt hexinfo:348a37a27ef1282f5f020dcc -kdfopt hexsalt:3638271ccd68a25dc24ecddd39ef3f89 SSKDF}],
+);
+
+my @sshkdf_tests = (
+ { cmd => [qw{openssl kdf -keylen 16 -digest SHA256 -kdfopt hexkey:0102030405 -kdfopt hexxcghash:06090A -kdfopt hexsession_id:01020304 -kdfopt type:A SSHKDF}],
+ expected => '5C:49:94:47:3B:B1:53:3A:58:EB:19:42:04:D3:78:16',
+ desc => 'SSHKDF SHA256'},
+ { cmd => [qw{openssl kdf -keylen 16 -kdfopt digest:SHA256 -kdfopt hexkey:0102030405 -kdfopt hexxcghash:06090A -kdfopt hexsession_id:01020304 -kdfopt type:A SSHKDF}],
+ expected => '5C:49:94:47:3B:B1:53:3A:58:EB:19:42:04:D3:78:16',
+ desc => 'SSHKDF SHA256'},
+);
+
+my @sskdf_tests = (
+ { cmd => [qw{openssl kdf -keylen 64 -mac KMAC128 -kdfopt maclen:20 -kdfopt hexkey:b74a149a161546f8c20b06ac4ed4 -kdfopt hexinfo:348a37a27ef1282f5f020dcc -kdfopt hexsalt:3638271ccd68a25dc24ecddd39ef3f89 SSKDF}],
expected => 'e9:c1:84:53:a0:62:b5:3b:db:fc:bb:5a:34:bd:b8:e5:e7:07:ee:bb:5d:d1:34:42:43:d8:cf:c2:c2:e6:33:2f:91:bd:a5:86:f3:7d:e4:8a:65:d4:c5:14:fd:ef:aa:1e:67:54:f3:73:d2:38:e1:95:ae:15:7e:1d:e8:14:98:03',
desc => 'SSKDF KMAC128'},
{ cmd => [qw{openssl kdf -keylen 16 -mac HMAC -kdfopt digest:SHA256 -kdfopt hexkey:b74a149a161546f8c20b06ac4ed4 -kdfopt hexinfo:348a37a27ef1282f5f020dcc -kdfopt hexsalt:3638271ccd68a25dc24ecddd39ef3f89 SSKDF}],
{ cmd => [qw{openssl kdf -keylen 14 -kdfopt digest:SHA224 -kdfopt hexkey:6dbdc23f045488e4062757b06b9ebae183fc5a5946d80db93fec6f62ec07e3727f0126aed12ce4b262f47d48d54287f81d474c7c3b1850e9 -kdfopt hexinfo:a1b2c3d4e54341565369643c832e9849dcdba71e9a3139e606e095de3c264a66e98a165854cd07989b1ee0ec3f8dbe SSKDF}],
expected => 'a4:62:de:16:a8:9d:e8:46:6e:f5:46:0b:47:b8',
desc => 'SSKDF HASH SHA224'},
- { cmd => [qw{openssl kdf -keylen 16 -kdfopt digest:SHA256 -kdfopt hexkey:0102030405 -kdfopt hexxcghash:06090A -kdfopt hexsession_id:01020304 -kdfopt type:A SSHKDF}],
- expected => '5C:49:94:47:3B:B1:53:3A:58:EB:19:42:04:D3:78:16',
- desc => 'SSHKDF SHA256'},
-
# Additionally using -kdfopt mac: instead of -mac
{ cmd => [qw{openssl kdf -keylen 64 -kdfopt mac:KMAC128 -kdfopt maclen:20 -kdfopt hexkey:b74a149a161546f8c20b06ac4ed4 -kdfopt hexinfo:348a37a27ef1282f5f020dcc -kdfopt hexsalt:3638271ccd68a25dc24ecddd39ef3f89 SSKDF}],
expected => 'e9:c1:84:53:a0:62:b5:3b:db:fc:bb:5a:34:bd:b8:e5:e7:07:ee:bb:5d:d1:34:42:43:d8:cf:c2:c2:e6:33:2f:91:bd:a5:86:f3:7d:e4:8a:65:d4:c5:14:fd:ef:aa:1e:67:54:f3:73:d2:38:e1:95:ae:15:7e:1d:e8:14:98:03',
);
push @kdf_tests, @scrypt_tests unless disabled("scrypt");
+push @kdf_tests, @sshkdf_tests unless disabled("sshkdf");
+push @kdf_tests, @sskdf_tests unless disabled("sskdf");
plan tests => scalar @kdf_tests;
SKIP: {
skip "Skipping tests that require EC, SM2 or SM3", 4
- if disabled("ec") || disabled("sm2") || disabled("sm3");
+ if disabled("ec") || disabled("sm2") || disabled("sm3") || disabled("x963kdf");
# SM2
ok_nofips(run(app(([ 'openssl', 'pkeyutl', '-sign',
my $no_ec = disabled("ec");
my $no_ecx = disabled("ecx");
my $no_ec2m = disabled("ec2m");
-my $no_sm2 = disabled("sm2");
+my $no_sm2 = disabled("sm2") || disabled("x963kdf");
my $no_siv = disabled("siv");
my $no_argon2 = disabled("argon2");
my $no_ml_dsa = disabled("ml-dsa");
my $no_ml_kem = disabled("ml-kem");
my $no_lms = disabled("lms");
+my $no_sskdf = disabled("sskdf");
+my $no_x942kdf = disabled("x942kdf");
+my $no_x963kdf = disabled("x963kdf");
+my $no_determinstic_nonce = disabled("hmac-drbg-kdf");
+my $no_kbkdf = disabled("kbkdf");
+my $no_krb5kdf = disabled("krb5kdf");
+my $no_snmpkdf = disabled("snmpkdf");
+my $no_sshkdf = disabled("sshkdf");
# Default config depends on if the legacy module is built or not
my $defaultcnf = $no_legacy ? 'default.cnf' : 'default-and-legacy.cnf';
evpciph_aes_stitched.txt
evpciph_des3_common.txt
evpkdf_hkdf.txt
- evpkdf_kbkdf_counter.txt
- evpkdf_kbkdf_kmac.txt
evpkdf_pbkdf1.txt
evpkdf_pbkdf2.txt
- evpkdf_snmp.txt
- evpkdf_ss.txt
- evpkdf_ssh.txt
evpkdf_tls12_prf.txt
evpkdf_tls13_kdf.txt
- evpkdf_x942.txt
- evpkdf_x963.txt
evpmac_common.txt
evpmd_sha.txt
evppbe_pbkdf2.txt
evppkey_rsa_sigalg.txt
evprand.txt
);
+push @files, qw(evpkdf_ssh.txt) unless $no_sshkdf;
+push @files, qw(evpkdf_snmp.txt) unless $no_snmpkdf;
+push @files, qw(
+ evpkdf_kbkdf_counter.txt
+ evpkdf_kbkdf_kmac.txt
+ ) unless $no_kbkdf;
+push @files, qw(evpkdf_ss.txt) unless $no_sskdf;
+push @files, qw(evpkdf_x942.txt) unless $no_x942kdf;
+push @files, qw(evpkdf_x963.txt) unless $no_x963kdf;
push @files, qw(
evppkey_ffdhe.txt
evppkey_dh.txt
) unless $no_dh;
-push @files, qw(
- evpkdf_x942_des.txt
- evpmac_cmac_des.txt
- ) unless $no_des;
+push @files, qw(evppkey_ffdhe_x942kdf.txt) unless ($no_x942kdf || $no_dh);
+push @files, qw(evpmac_cmac_des.txt) unless $no_des;
+push @files, qw(evpkdf_x942_des.txt) unless ($no_des || $no_x942kdf);
push @files, qw(
evppkey_slh_dsa_siggen.txt
evppkey_slh_dsa_sigver.txt
) unless $no_lms;
push @files, qw(
evppkey_ecdsa_rfc6979.txt
- ) unless $no_ec;
+ ) unless ($no_ec || $no_determinstic_nonce);
# A list of tests that only run with the default provider
# (i.e. The algorithms are not present in the fips provider)
evpciph_seed.txt
evpciph_sm4.txt
evpencod.txt
- evpkdf_krb5.txt
evpkdf_scrypt.txt
evpkdf_tls11_prf.txt
- evpkdf_hmac_drbg.txt
evpmac_blake.txt
evpmac_poly1305.txt
evpmac_siphash.txt
evppkey_kdf_scrypt.txt
evppkey_kdf_tls1_prf.txt
);
+push @defltfiles, qw(evpkdf_krb5.txt) unless $no_krb5kdf;
push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec;
push @defltfiles, qw(evppkey_ecx_kem.txt) unless $no_ecx;
-push @defltfiles, qw(evppkey_dsa_rfc6979.txt) unless $no_dsa;
+push @defltfiles, qw(evppkey_dsa_rfc6979.txt) unless ($no_dsa || $no_determinstic_nonce);
push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2;
push @defltfiles, qw(evpciph_aes_gcm_siv.txt) unless $no_siv;
push @defltfiles, qw(evpciph_aes_siv.txt) unless $no_siv;
push @defltfiles, qw(evpkdf_argon2.txt) unless $no_argon2;
+push @defltfiles, qw(evpkdf_hmac_drbg.txt) unless $no_determinstic_nonce;
plan tests =>
+ (scalar(@configs) * scalar(@files))
Ctrl = dh_pad:1
SharedSecret=00006620DD85B56EE8540C8040CAC46B7385344A164E4DBDF521F7D99F88FA68EDD295A45E36E0BBD5FF5DE84598824E2CA52ED82ACA918CAECC6B22846D0FC6F0203E8B6963964D11E9E704F83AF1D60E9B1931139E9E9967C4665A831A75D99359A8BA80DD5921E74379AF4CA8DB453EDBC5E669AB17A5254CA6C96794CD5196BE90AF37742C8F6812515FFCC45B08F4158EFF9559F1AEF3665B3D91519DCBC6DF22CD6DA521B86613558602E73D2CA4666972F7D2CB6B46299B1DF2DA29A2A2D99D105E10CB553D6738A9B1DB2A0314C3CF30642D5C44695623D8B95C4426BEA830FB51816B4F086945E9B12A445F42DD68610E3F378A6E69A383D13D85BF
-# The following two testcases check that the padding is implicitly enabled
-# with X942KDF-ASN1 KDF.
-# The plain shared secret for these keys needs padding as seen above.
-Derive=ffdhe2048-1
-PeerKey=ffdhe2048-2-pub
-Ctrl = kdf-type:X942KDF-ASN1
-Ctrl = kdf-outlen:32
-Ctrl = kdf-digest:SHA-256
-Ctrl = cekalg:AES-128-WRAP
-Ctrl = dh_pad:1
-SharedSecret=89A249DF4EE9033B89C2B4E52072A736D94F51143A1ED5C8F1E91FCBEBE09654
-
-# FIPS(3.0.0): allows the padding to be set, later versions do not #17859
-FIPSversion = >3.0.0
-Derive=ffdhe2048-2
-PeerKey=ffdhe2048-1-pub
-Ctrl = kdf-type:X942KDF-ASN1
-Ctrl = kdf-outlen:32
-Ctrl = kdf-digest:SHA-256
-Ctrl = cekalg:AES-128-WRAP
-Ctrl = dh_pad:0
-SharedSecret=89A249DF4EE9033B89C2B4E52072A736D94F51143A1ED5C8F1E91FCBEBE09654
-
PrivateKey=ffdhe3072-1
-----BEGIN PRIVATE KEY-----
MIIByQIBADCCAZsGCSqGSIb3DQEDATCCAYwCggGBAP//////////rfhUWKK7Spqv
--- /dev/null
+#
+# Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# Tests start with one of these keywords
+# Cipher Decrypt Derive Digest Encoding KDF MAC PBE
+# PrivPubKeyPair Sign Verify VerifyRecover
+# and continue until a blank line. Lines starting with a pound sign are ignored.
+
+
+# ffdhe2048-1 and ffdhe2048-2 were randomly generated and have a shared secret
+# less than 256 bytes in length (to test padding) other keys have no special
+# properties
+PrivateKey=ffdhe2048-1
+-----BEGIN PRIVATE KEY-----
+MIIBQwIBADCCARsGCSqGSIb3DQEDATCCAQwCggEBAP//////////rfhUWKK7Spqv
+3FYgJz088di5xYPOLTaVqeE2QRRkM/vMk53OJJs++X0v42NjDHXY9oGyAq7EYXrT
+3x7V1f1lYSQz9R9fBm7QhWNlVT3tGvO1VxNef1fJNZhPDHDg5ot34qaJ2vPv6HId
+8VihNq3nNTCsyk9IOnl6vAqxgrMk+2HRCKlLssjj+7lq2rdg1/RoHU9Co945TfSu
+Vu3nY3K7GQsHp8juCm1wngL84c334uzANATNKDQvYZFy/pzphYP/jk8SMu7ygYPD
+/jsbTG+tczu1/LwuwiAFxY7xg30Wg7LG80omwbLv+ohrQjhhKFyX//////////8C
+AQICAgDhBB8CHQGUa5iGUF9rGvDjv9PDFGIvtS9OIqbbi8rqm4b6
+-----END PRIVATE KEY-----
+
+PrivateKey=ffdhe2048-2
+-----BEGIN PRIVATE KEY-----
+MIIBQwIBADCCARsGCSqGSIb3DQEDATCCAQwCggEBAP//////////rfhUWKK7Spqv
+3FYgJz088di5xYPOLTaVqeE2QRRkM/vMk53OJJs++X0v42NjDHXY9oGyAq7EYXrT
+3x7V1f1lYSQz9R9fBm7QhWNlVT3tGvO1VxNef1fJNZhPDHDg5ot34qaJ2vPv6HId
+8VihNq3nNTCsyk9IOnl6vAqxgrMk+2HRCKlLssjj+7lq2rdg1/RoHU9Co945TfSu
+Vu3nY3K7GQsHp8juCm1wngL84c334uzANATNKDQvYZFy/pzphYP/jk8SMu7ygYPD
+/jsbTG+tczu1/LwuwiAFxY7xg30Wg7LG80omwbLv+ohrQjhhKFyX//////////8C
+AQICAgDhBB8CHQEYNZIth+/EaIgKK2gcxFutVjUTWYCaReyTKMvP
+-----END PRIVATE KEY-----
+
+PublicKey=ffdhe2048-1-pub
+-----BEGIN PUBLIC KEY-----
+MIICKTCCARsGCSqGSIb3DQEDATCCAQwCggEBAP//////////rfhUWKK7Spqv3FYg
+Jz088di5xYPOLTaVqeE2QRRkM/vMk53OJJs++X0v42NjDHXY9oGyAq7EYXrT3x7V
+1f1lYSQz9R9fBm7QhWNlVT3tGvO1VxNef1fJNZhPDHDg5ot34qaJ2vPv6HId8Vih
+Nq3nNTCsyk9IOnl6vAqxgrMk+2HRCKlLssjj+7lq2rdg1/RoHU9Co945TfSuVu3n
+Y3K7GQsHp8juCm1wngL84c334uzANATNKDQvYZFy/pzphYP/jk8SMu7ygYPD/jsb
+TG+tczu1/LwuwiAFxY7xg30Wg7LG80omwbLv+ohrQjhhKFyX//////////8CAQIC
+AgDhA4IBBgACggEBAOYRygvHGUKaIXLfUatc2YkYcm9Ew65H0hwpiDXG6XHAYAjJ
+bjKNJxdFRjjeCwtJEAGlyUtjSHrka6dHDfzkQfDK6u13Z+3Xmh+nCMZwPOHDNR3I
+Ep5vy3quU7suD3ADDrjwX3sVfsXensgh+JpexbrR+leHATf8aX1g8jQofFdi1Wn7
+CbE6VciU4b32L8HPwO1ePpJGib70Em45VurmUfCwNXgEUnu1N6LYRAjH9vnjB529
+C3BSp58rJnA2aslacC0CFY6YVCQfLTdN7y+F5QlGrdGd6wQmf3FXPLf9iYSiuLrm
+jW/WDFmPnwAn5A7TEgiNeNu8pwsSKPgZqdW+lyw=
+-----END PUBLIC KEY-----
+
+PublicKey=ffdhe2048-2-pub
+-----BEGIN PUBLIC KEY-----
+MIICKTCCARsGCSqGSIb3DQEDATCCAQwCggEBAP//////////rfhUWKK7Spqv3FYg
+Jz088di5xYPOLTaVqeE2QRRkM/vMk53OJJs++X0v42NjDHXY9oGyAq7EYXrT3x7V
+1f1lYSQz9R9fBm7QhWNlVT3tGvO1VxNef1fJNZhPDHDg5ot34qaJ2vPv6HId8Vih
+Nq3nNTCsyk9IOnl6vAqxgrMk+2HRCKlLssjj+7lq2rdg1/RoHU9Co945TfSuVu3n
+Y3K7GQsHp8juCm1wngL84c334uzANATNKDQvYZFy/pzphYP/jk8SMu7ygYPD/jsb
+TG+tczu1/LwuwiAFxY7xg30Wg7LG80omwbLv+ohrQjhhKFyX//////////8CAQIC
+AgDhA4IBBgACggEBAN5LAdrzTwa7nT7855NJQLNum5Yr1O8XZupjvwtVIrJgORvh
+L8VMKJoerEwOZ38snTsh9tuKnAWrmdIyFhnOjaHm40GlvInQGff5Lwb1itf7ib3U
+ELPOO29PajwY1RocWKX7Wfdj8n6Kd9gHhdoO5v8MyZMCkUU6Rz6y1VzaVwykdsqA
+kbMdZfK8Dkpd5PBZ8SJpJF02IEzvh5OYfjcbMN2K0lDO5ZvoMYQku7yXr6PfJebC
+CpoVOaoqH19n3g8Xni8IFi7znI83UqxKuYhyYCuMwtE+HS+9WkmkQ1coo512Gw2f
+TcY3pf9gGZ41xLFxCOdrUbR3QlieI+zl+TttLzM=
+-----END PUBLIC KEY-----
+
+PrivPubKeyPair=ffdhe2048-1:ffdhe2048-1-pub
+
+PrivPubKeyPair=ffdhe2048-2:ffdhe2048-2-pub
+
+# The following two testcases check that the padding is implicitly enabled
+# with X942KDF-ASN1 KDF.
+# The plain shared secret for these keys needs padding as seen above.
+Derive=ffdhe2048-1
+PeerKey=ffdhe2048-2-pub
+Ctrl = kdf-type:X942KDF-ASN1
+Ctrl = kdf-outlen:32
+Ctrl = kdf-digest:SHA-256
+Ctrl = cekalg:AES-128-WRAP
+Ctrl = dh_pad:1
+SharedSecret=89A249DF4EE9033B89C2B4E52072A736D94F51143A1ED5C8F1E91FCBEBE09654
+
+# FIPS(3.0.0): allows the padding to be set, later versions do not #17859
+FIPSversion = >3.0.0
+Derive=ffdhe2048-2
+PeerKey=ffdhe2048-1-pub
+Ctrl = kdf-type:X942KDF-ASN1
+Ctrl = kdf-outlen:32
+Ctrl = kdf-digest:SHA-256
+Ctrl = cekalg:AES-128-WRAP
+Ctrl = dh_pad:0
+SharedSecret=89A249DF4EE9033B89C2B4E52072A736D94F51143A1ED5C8F1E91FCBEBE09654
my $dsaallow = '1';
my $no_pqc = 0;
my $no_hkdf_fixed = 0;
+my $no_x963kdf = disabled("x963kdf");
+my $no_x942kdf = disabled("x942kdf");
my $datadir = srctop_dir("test", "recipes", "80-test_cms_data");
my $smdir = srctop_dir("test", "smime-certs");
]
);
-if ($no_fips || $old_fips) {
+if (!$no_x942kdf && ($no_fips || $old_fips)) {
# Only SHA1 supported in dh_cms_encrypt()
push(@smime_cms_param_tests,
SKIP: {
skip "EC or DES isn't supported in this build", 1
- if disabled("ec") || disabled("des");
+ if disabled("ec") || disabled("des") || disabled("x963kdf");
my $out = "smtst.txt";
sub check_availability {
my $tnam = shift;
- return "$tnam: skipped, EC disabled\n"
- if ($no_ec && $tnam =~ /ECDH/);
+ return "$tnam: skipped, X963KDF disabled\n"
+ if ($no_x963kdf && $tnam =~ /ECDH/);
return "$tnam: skipped, ECDH disabled\n"
if ($no_ec && $tnam =~ /ECDH/);
return "$tnam: skipped, EC2M disabled\n"
( "testrsa.msb" );
push(@data_files,
( "testrsa.pvk" ))
- unless disabled("legacy") || disabled("rc4");
+ unless disabled("legacy") || disabled("rc4") || disabled("pvkkdf");
my @src_rsa_files =
( "test/testrsa.pem",
"test/testrsapub.pem" );
return group;
}
+#ifndef OPENSSL_NO_X963KDF
static int test_sm2_crypt(const EC_GROUP *group,
const EVP_MD *digest,
const char *privkey_hex,
return testresult;
}
+#endif /* OPENSSL_NO_X963KDF */
static int test_sm2_sign(const EC_GROUP *group,
const char *userid,
if (fake_rand == NULL)
return 0;
+#ifndef OPENSSL_NO_X963KDF
ADD_TEST(sm2_crypt_test);
+#endif
ADD_TEST(sm2_sig_test);
#endif
return 1;
projects / thirdparty / openssl.git / commitdiff
