return parse_bin(value, &kdata->output, &kdata->output_len);
if (strcmp(keyword, "Ctrl") == 0)
return pkey_test_ctrl(t, kdata->ctx, value);
+ if (strcmp(keyword, "KDFType") == 0) {
+ OSSL_PARAM params[2];
+
+ params[0] = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_TYPE,
+ (char *)value, 0);
+ params[1] = OSSL_PARAM_construct_end();
+ if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0)
+ return -1;
+ return 1;
+ }
+ if (strcmp(keyword, "KDFDigest") == 0) {
+ OSSL_PARAM params[2];
+
+ params[0] = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST,
+ (char *)value, 0);
+ params[1] = OSSL_PARAM_construct_end();
+ if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0)
+ return -1;
+ return 1;
+ }
+ if (strcmp(keyword, "CEKAlg") == 0) {
+ OSSL_PARAM params[2];
+
+ params[0] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG,
+ (char *)value, 0);
+ params[1] = OSSL_PARAM_construct_end();
+ if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0)
+ return -1;
+ return 1;
+ }
+ if (strcmp(keyword, "KDFOutlen") == 0) {
+ OSSL_PARAM params[2];
+ char *endptr;
+ size_t outlen = (size_t)strtoul(value, &endptr, 0);
+
+ if (endptr[0] != '\0')
+ return -1;
+
+ params[0] = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN,
+ &outlen);
+ params[1] = OSSL_PARAM_construct_end();
+ if (EVP_PKEY_CTX_set_params(kdata->ctx, params) == 0)
+ return -1;
+ return 1;
+ }
return 0;
}
goto err;
}
- if (EVP_PKEY_derive(dctx, NULL, &got_len) <= 0) {
+ if (EVP_PKEY_derive(dctx, NULL, &got_len) <= 0
+ || !TEST_size_t_ne(got_len, 0)) {
t->err = "DERIVE_ERROR";
goto err;
}
Ctrl = dh_pad:1
SharedSecret=00006620DD85B56EE8540C8040CAC46B7385344A164E4DBDF521F7D99F88FA68EDD295A45E36E0BBD5FF5DE84598824E2CA52ED82ACA918CAECC6B22846D0FC6F0203E8B6963964D11E9E704F83AF1D60E9B1931139E9E9967C4665A831A75D99359A8BA80DD5921E74379AF4CA8DB453EDBC5E669AB17A5254CA6C96794CD5196BE90AF37742C8F6812515FFCC45B08F4158EFF9559F1AEF3665B3D91519DCBC6DF22CD6DA521B86613558602E73D2CA4666972F7D2CB6B46299B1DF2DA29A2A2D99D105E10CB553D6738A9B1DB2A0314C3CF30642D5C44695623D8B95C4426BEA830FB51816B4F086945E9B12A445F42DD68610E3F378A6E69A383D13D85BF
+# The following two testcases check that the padding is implicitly enabled
+# with X942KDF-ASN1 KDF.
+# The plain shared secret for these keys needs padding as seen above.
+Derive=ffdhe2048-1
+PeerKey=ffdhe2048-2-pub
+KDFType=X942KDF-ASN1
+KDFOutlen=32
+KDFDigest=SHA-256
+CEKAlg=id-aes128-wrap
+Ctrl = dh_pad:1
+SharedSecret=89A249DF4EE9033B89C2B4E52072A736D94F51143A1ED5C8F1E91FCBEBE09654
+
+Derive=ffdhe2048-2
+PeerKey=ffdhe2048-1-pub
+KDFType=X942KDF-ASN1
+KDFOutlen=32
+KDFDigest=SHA-256
+CEKAlg=id-aes128-wrap
+Ctrl = dh_pad:0
+SharedSecret=89A249DF4EE9033B89C2B4E52072A736D94F51143A1ED5C8F1E91FCBEBE09654
+
PrivateKey=ffdhe3072-1
-----BEGIN PRIVATE KEY-----
MIIByQIBADCCAZsGCSqGSIb3DQEDATCCAYwCggGBAP//////////rfhUWKK7Spqv