From: pohsingwu <pohsingwu@synology.com>
Date: Wed, 13 Mar 2024 06:42:14 +0000 (+0800)
Subject: Use RFC 5869 test case for HKDF self-test
X-Git-Tag: openssl-3.4.0-alpha1~766
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=23fd48da04a4e906848199fddab2dc2b4f81d874;p=thirdparty%2Fopenssl.git

Use RFC 5869 test case for HKDF self-test

According to NIST SP 800-131Ar2 section 8, the length of the
key-derivation key shall be at least 112 bits.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23833)
---

diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
index afff3ba4df6..6962fb9b6b2 100644
--- a/providers/fips/self_test_data.inc
+++ b/providers/fips/self_test_data.inc
@@ -267,10 +267,32 @@ static const ST_KAT_CIPHER st_kat_cipher_tests[] = {
 };
 
 static const char hkdf_digest[] = "SHA256";
-static const unsigned char hkdf_secret[] = { 's', 'e', 'c', 'r', 'e', 't' };
-static const unsigned char hkdf_salt[] = { 's', 'a', 'l', 't' };
-static const unsigned char hkdf_info[] = { 'l', 'a', 'b', 'e', 'l' };
-
+/*
+ * Input parameters and expected result are from RFC 5869 test case 1, which is
+ * with a key-derivation key >= 112 bits required by NIST SP 800-131Ar2
+ * section 8.
+ */
+static const unsigned char hkdf_secret[] = {
+    0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+    0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+    0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b
+};
+static const unsigned char hkdf_salt[] = {
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0a, 0x0b, 0x0c
+};
+static const unsigned char hkdf_info[] = {
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+    0xf8, 0xf9
+};
+static const unsigned char hkdf_expected[] = {
+    0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
+    0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
+    0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
+    0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
+    0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
+    0x58, 0x65
+};
 static const ST_KAT_PARAM hkdf_params[] = {
     ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, hkdf_digest),
     ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, hkdf_secret),
@@ -278,10 +300,6 @@ static const ST_KAT_PARAM hkdf_params[] = {
     ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, hkdf_info),
     ST_KAT_PARAM_END()
 };
-static const unsigned char hkdf_expected[] = {
-    0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8,
-    0xde, 0x13
-};
 
 static const char sskdf_digest[] = "SHA224";
 static const unsigned char sskdf_secret[] = {