2 * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved.
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
11 /* Tests of the EVP_KDF_CTX APIs */
16 #include <openssl/evp.h>
17 #include <openssl/kdf.h>
20 static int test_kdf_tls1_prf(void)
24 unsigned char out[16];
26 if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_TLS1_PRF)) == NULL) {
27 TEST_error("EVP_KDF_TLS1_PRF");
30 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
31 TEST_error("EVP_KDF_CTRL_SET_MD");
34 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_TLS_SECRET,
35 "secret", (size_t)6) <= 0) {
36 TEST_error("EVP_KDF_CTRL_SET_TLS_SECRET");
39 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_TLS_SEED, "seed", (size_t)4) <= 0) {
40 TEST_error("EVP_KDF_CTRL_ADD_TLS_SEED");
43 if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
44 TEST_error("EVP_KDF_derive");
49 const unsigned char expected[sizeof(out)] = {
50 0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0,
51 0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc
53 if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) {
59 EVP_KDF_CTX_free(kctx);
63 static int test_kdf_hkdf(void)
67 unsigned char out[10];
69 if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_HKDF)) == NULL) {
70 TEST_error("EVP_KDF_HKDF");
73 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
74 TEST_error("EVP_KDF_CTRL_SET_MD");
77 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", (size_t)4) <= 0) {
78 TEST_error("EVP_KDF_CTRL_SET_SALT");
81 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, "secret", (size_t)6) <= 0) {
82 TEST_error("EVP_KDF_CTRL_SET_KEY");
85 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_HKDF_INFO,
86 "label", (size_t)5) <= 0) {
87 TEST_error("EVP_KDF_CTRL_ADD_HKDF_INFO");
90 if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
91 TEST_error("EVP_KDF_derive");
96 const unsigned char expected[sizeof(out)] = {
97 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13
99 if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) {
105 EVP_KDF_CTX_free(kctx);
109 static int test_kdf_pbkdf2(void)
113 unsigned char out[32];
115 if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_PBKDF2)) == NULL) {
116 TEST_error("EVP_KDF_PBKDF2");
119 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password", (size_t)8) <= 0) {
120 TEST_error("EVP_KDF_CTRL_SET_PASS");
123 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", (size_t)4) <= 0) {
124 TEST_error("EVP_KDF_CTRL_SET_SALT");
127 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 2) <= 0) {
128 TEST_error("EVP_KDF_CTRL_SET_ITER");
131 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
132 TEST_error("EVP_KDF_CTRL_SET_MD");
135 if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
136 TEST_error("EVP_KDF_derive");
141 const unsigned char expected[sizeof(out)] = {
142 0xae, 0x4d, 0x0c, 0x95, 0xaf, 0x6b, 0x46, 0xd3,
143 0x2d, 0x0a, 0xdf, 0xf9, 0x28, 0xf0, 0x6d, 0xd0,
144 0x2a, 0x30, 0x3f, 0x8e, 0xf3, 0xc2, 0x51, 0xdf,
145 0xd6, 0xe2, 0xd8, 0x5a, 0x95, 0x47, 0x4c, 0x43
147 if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) {
153 EVP_KDF_CTX_free(kctx);
157 #ifndef OPENSSL_NO_SCRYPT
158 static int test_kdf_scrypt(void)
162 unsigned char out[64];
164 if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_SCRYPT)) == NULL) {
165 TEST_error("EVP_KDF_SCRYPT");
168 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password", (size_t)8) <= 0) {
169 TEST_error("EVP_KDF_CTRL_SET_PASS");
172 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "NaCl", (size_t)4) <= 0) {
173 TEST_error("EVP_KDF_CTRL_SET_SALT");
176 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_N, (uint64_t)1024) <= 0) {
177 TEST_error("EVP_KDF_CTRL_SET_SCRYPT_N");
180 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_R, (uint32_t)8) <= 0) {
181 TEST_error("EVP_KDF_CTRL_SET_SCRYPT_R");
184 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_P, (uint32_t)16) <= 0) {
185 TEST_error("EVP_KDF_CTRL_SET_SCRYPT_P");
188 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAXMEM_BYTES, (uint64_t)16) <= 0) {
189 TEST_error("EVP_KDF_CTRL_SET_MAXMEM_BYTES");
192 if (EVP_KDF_derive(kctx, out, sizeof(out)) > 0) {
193 TEST_error("EVP_KDF_derive should have failed");
196 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAXMEM_BYTES,
197 (uint64_t)(10 * 1024 * 1024)) <= 0) {
198 TEST_error("EVP_KDF_CTRL_SET_MAXMEM_BYTES");
201 if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
202 TEST_error("EVP_KDF_derive");
207 const unsigned char expected[sizeof(out)] = {
208 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
209 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
210 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
211 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
212 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
213 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
214 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
215 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
217 if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) {
223 EVP_KDF_CTX_free(kctx);
228 static int test_kdf_ss_hash(void)
231 const unsigned char z[] = {
232 0x6d,0xbd,0xc2,0x3f,0x04,0x54,0x88,0xe4,0x06,0x27,0x57,0xb0,0x6b,0x9e,
233 0xba,0xe1,0x83,0xfc,0x5a,0x59,0x46,0xd8,0x0d,0xb9,0x3f,0xec,0x6f,0x62,
234 0xec,0x07,0xe3,0x72,0x7f,0x01,0x26,0xae,0xd1,0x2c,0xe4,0xb2,0x62,0xf4,
235 0x7d,0x48,0xd5,0x42,0x87,0xf8,0x1d,0x47,0x4c,0x7c,0x3b,0x18,0x50,0xe9
237 const unsigned char other[] = {
238 0xa1,0xb2,0xc3,0xd4,0xe5,0x43,0x41,0x56,0x53,0x69,0x64,0x3c,0x83,0x2e,
239 0x98,0x49,0xdc,0xdb,0xa7,0x1e,0x9a,0x31,0x39,0xe6,0x06,0xe0,0x95,0xde,
240 0x3c,0x26,0x4a,0x66,0xe9,0x8a,0x16,0x58,0x54,0xcd,0x07,0x98,0x9b,0x1e,
241 0xe0,0xec,0x3f,0x8d,0xbe
243 const unsigned char expected[] = {
244 0xa4,0x62,0xde,0x16,0xa8,0x9d,0xe8,0x46,0x6e,0xf5,0x46,0x0b,0x47,0xb8
246 unsigned char out[14];
248 kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS);
250 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha224()) <= 0) {
251 TEST_error("EVP_KDF_CTRL_SET_MD");
254 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z, sizeof(z)) <= 0) {
255 TEST_error("EVP_KDF_CTRL_SET_KEY");
258 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, other,
259 sizeof(other)) <= 0) {
260 TEST_error("EVP_KDF_CTRL_SET_OTHER");
263 if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
264 TEST_error("EVP_KDF_derive");
268 if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)))
271 EVP_KDF_CTX_free(kctx);
275 static int test_kdf_ss_hmac(void)
280 const unsigned char z[] = {
281 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
283 const unsigned char other[] = {
284 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
286 const unsigned char salt[] = {
287 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
290 const unsigned char expected[] = {
291 0x44,0xf6,0x76,0xe8,0x5c,0x1b,0x1a,0x8b,0xbc,0x3d,0x31,0x92,0x18,0x63,
294 unsigned char out[16];
296 kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS);
297 mac = EVP_get_macbyname("HMAC");
299 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC, mac) <= 0) {
300 TEST_error("EVP_KDF_CTRL_SET_MAC");
303 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
304 TEST_error("EVP_KDF_CTRL_SET_MD");
307 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z, sizeof(z)) <= 0) {
308 TEST_error("EVP_KDF_CTRL_SET_KEY");
311 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, other,
312 sizeof(other)) <= 0) {
313 TEST_error("EVP_KDF_CTRL_SET_OTHER");
316 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, salt, sizeof(salt)) <= 0) {
317 TEST_error("EVP_KDF_CTRL_SET_SALT");
320 if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
321 TEST_error("EVP_KDF_derive");
325 if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)))
328 EVP_KDF_CTX_free(kctx);
332 static int test_kdf_ss_kmac(void)
335 unsigned char out[64];
338 const unsigned char z[] = {
339 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
341 const unsigned char other[] = {
342 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
344 const unsigned char salt[] = {
345 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
348 const unsigned char expected[] = {
349 0xe9,0xc1,0x84,0x53,0xa0,0x62,0xb5,0x3b,0xdb,0xfc,0xbb,0x5a,0x34,0xbd,
350 0xb8,0xe5,0xe7,0x07,0xee,0xbb,0x5d,0xd1,0x34,0x42,0x43,0xd8,0xcf,0xc2,
351 0xc2,0xe6,0x33,0x2f,0x91,0xbd,0xa5,0x86,0xf3,0x7d,0xe4,0x8a,0x65,0xd4,
352 0xc5,0x14,0xfd,0xef,0xaa,0x1e,0x67,0x54,0xf3,0x73,0xd2,0x38,0xe1,0x95,
353 0xae,0x15,0x7e,0x1d,0xe8,0x14,0x98,0x03
356 kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS);
357 mac = EVP_get_macbyname("KMAC128");
359 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC, mac) <= 0) {
360 TEST_error("EVP_KDF_CTRL_SET_MAC");
363 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z, sizeof(z)) <= 0) {
364 TEST_error("EVP_KDF_CTRL_SET_KEY");
367 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, other,
368 sizeof(other)) <= 0) {
369 TEST_error("EVP_KDF_CTRL_SET_OTHER");
372 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, salt, sizeof(salt)) <= 0) {
373 TEST_error("EVP_KDF_CTRL_SET_SALT");
376 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC_SIZE, (size_t)20) <= 0) {
377 TEST_error("EVP_KDF_CTRL_SET_MACSIZE");
380 if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
381 TEST_error("EVP_KDF_derive");
385 if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)))
388 EVP_KDF_CTX_free(kctx);
392 int setup_tests(void)
394 ADD_TEST(test_kdf_tls1_prf);
395 ADD_TEST(test_kdf_hkdf);
396 ADD_TEST(test_kdf_pbkdf2);
397 #ifndef OPENSSL_NO_SCRYPT
398 ADD_TEST(test_kdf_scrypt);
400 ADD_TEST(test_kdf_ss_hash);
401 ADD_TEST(test_kdf_ss_hmac);
402 ADD_TEST(test_kdf_ss_kmac);