projects / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
OSSL_STORE: Add reference docs for the built-in Windows store implementation
[openssl.git] / test / dhkem_test.inc
1 /*
2  * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9
10 typedef struct {
11     const char *curvename;
12     /* seed */
13     const unsigned char *ikm;
14     size_t ikmlen;
15     /* expected public key */
16     const unsigned char *pub;
17     size_t publen;
18     /* expected private key */
19     const unsigned char *priv;
20     size_t privlen;
21 } TEST_DERIVEKEY_DATA;
22
23 typedef struct {
24     const char *curve;
25     /* The seed for the senders ephemeral key */
26     const unsigned char *ikmE;
27     size_t ikmElen;
28     /* Recipient key */
29     const unsigned char *rpub;
30     size_t rpublen;
31     const unsigned char *rpriv;
32     size_t rprivlen;
33     /* The senders generated ephemeral public key */
34     const unsigned char *expected_enc;
35     size_t expected_enclen;
36     /* The generated shared secret */
37     const unsigned char *expected_secret;
38     size_t expected_secretlen;
39     /* Senders Auth key */
40     const unsigned char *spub;
41     size_t spublen;
42     const unsigned char *spriv;
43     size_t sprivlen;
44 } TEST_ENCAPDATA;
45
46 static const char *dhkem_supported_curves[] = {
47     "P-256",
48     "P-384",
49     "P-521",
50     "X25519",
51     "X448"
52 };
53
54 /* TEST vectors extracted from RFC 9180 */
55
56 /* Base test values */
57 static const unsigned char x25519_ikme[] = {
58     0x72, 0x68, 0x60, 0x0d, 0x40, 0x3f, 0xce, 0x43,
59     0x15, 0x61, 0xae, 0xf5, 0x83, 0xee, 0x16, 0x13,
60     0x52, 0x7c, 0xff, 0x65, 0x5c, 0x13, 0x43, 0xf2,
61     0x98, 0x12, 0xe6, 0x67, 0x06, 0xdf, 0x32, 0x34
62 };
63 static const unsigned char x25519_ikme_priv[] = {
64     0x52, 0xc4, 0xa7, 0x58, 0xa8, 0x02, 0xcd, 0x8b,
65     0x93, 0x6e, 0xce, 0xea, 0x31, 0x44, 0x32, 0x79,
66     0x8d, 0x5b, 0xaf, 0x2d, 0x7e, 0x92, 0x35, 0xdc,
67     0x08, 0x4a, 0xb1, 0xb9, 0xcf, 0xa2, 0xf7, 0x36
68 };
69 static const unsigned char x25519_ikme_pub[] = {
70     0x37, 0xfd, 0xa3, 0x56, 0x7b, 0xdb, 0xd6, 0x28,
71     0xe8, 0x86, 0x68, 0xc3, 0xc8, 0xd7, 0xe9, 0x7d,
72     0x1d, 0x12, 0x53, 0xb6, 0xd4, 0xea, 0x6d, 0x44,
73     0xc1, 0x50, 0xf7, 0x41, 0xf1, 0xbf, 0x44, 0x31
74 };
75 static const unsigned char x25519_rpub[] = {
76     0x39, 0x48, 0xcf, 0xe0, 0xad, 0x1d, 0xdb, 0x69,
77     0x5d, 0x78, 0x0e, 0x59, 0x07, 0x71, 0x95, 0xda,
78     0x6c, 0x56, 0x50, 0x6b, 0x02, 0x73, 0x29, 0x79,
79     0x4a, 0xb0, 0x2b, 0xca, 0x80, 0x81, 0x5c, 0x4d
80 };
81 static const unsigned char x25519_rpriv[] = {
82     0x46, 0x12, 0xc5, 0x50, 0x26, 0x3f, 0xc8, 0xad,
83     0x58, 0x37, 0x5d, 0xf3, 0xf5, 0x57, 0xaa, 0xc5,
84     0x31, 0xd2, 0x68, 0x50, 0x90, 0x3e, 0x55, 0xa9,
85     0xf2, 0x3f, 0x21, 0xd8, 0x53, 0x4e, 0x8a, 0xc8
86 };
87 static const unsigned char x25519_expected_enc[] = {
88     0x37, 0xfd, 0xa3, 0x56, 0x7b, 0xdb, 0xd6, 0x28,
89     0xe8, 0x86, 0x68, 0xc3, 0xc8, 0xd7, 0xe9, 0x7d,
90     0x1d, 0x12, 0x53, 0xb6, 0xd4, 0xea, 0x6d, 0x44,
91     0xc1, 0x50, 0xf7, 0x41, 0xf1, 0xbf, 0x44, 0x31
92 };
93 static const unsigned char x25519_expected_secret[] = {
94     0xfe, 0x0e, 0x18, 0xc9, 0xf0, 0x24, 0xce, 0x43,
95     0x79, 0x9a, 0xe3, 0x93, 0xc7, 0xe8, 0xfe, 0x8f,
96     0xce, 0x9d, 0x21, 0x88, 0x75, 0xe8, 0x22, 0x7b,
97     0x01, 0x87, 0xc0, 0x4e, 0x7d, 0x2e, 0xa1, 0xfc
98 };
99
100 static const unsigned char x25519_auth_ikme[] = {
101     0x6e, 0x6d, 0x8f, 0x20, 0x0e, 0xa2, 0xfb, 0x20,
102     0xc3, 0x0b, 0x00, 0x3a, 0x8b, 0x4f, 0x43, 0x3d,
103     0x2f, 0x4e, 0xd4, 0xc2, 0x65, 0x8d, 0x5b, 0xc8,
104     0xce, 0x2f, 0xef, 0x71, 0x80, 0x59, 0xc9, 0xf7
105 };
106 static const unsigned char x25519_auth_rpub[] = {
107     0x16, 0x32, 0xd5, 0xc2, 0xf7, 0x1c, 0x2b, 0x38,
108     0xd0, 0xa8, 0xfc, 0xc3, 0x59, 0x35, 0x52, 0x00,
109     0xca, 0xa8, 0xb1, 0xff, 0xdf, 0x28, 0x61, 0x80,
110     0x80, 0x46, 0x6c, 0x90, 0x9c, 0xb6, 0x9b, 0x2e
111 };
112 static const unsigned char x25519_auth_rpriv[] = {
113     0xfd, 0xea, 0x67, 0xcf, 0x83, 0x1f, 0x1c, 0xa9,
114     0x8d, 0x8e, 0x27, 0xb1, 0xf6, 0xab, 0xeb, 0x5b,
115     0x77, 0x45, 0xe9, 0xd3, 0x53, 0x48, 0xb8, 0x0f,
116     0xa4, 0x07, 0xff, 0x69, 0x58, 0xf9, 0x13, 0x7e
117 };
118 static const unsigned char x25519_auth_spub[] = {
119     0x8b, 0x0c, 0x70, 0x87, 0x3d, 0xc5, 0xae, 0xcb,
120     0x7f, 0x9e, 0xe4, 0xe6, 0x24, 0x06, 0xa3, 0x97,
121     0xb3, 0x50, 0xe5, 0x70, 0x12, 0xbe, 0x45, 0xcf,
122     0x53, 0xb7, 0x10, 0x5a, 0xe7, 0x31, 0x79, 0x0b
123 };
124 static const unsigned char x25519_auth_spriv[] = {
125     0xdc, 0x4a, 0x14, 0x63, 0x13, 0xcc, 0xe6, 0x0a,
126     0x27, 0x8a, 0x53, 0x23, 0xd3, 0x21, 0xf0, 0x51,
127     0xc5, 0x70, 0x7e, 0x9c, 0x45, 0xba, 0x21, 0xa3,
128     0x47, 0x9f, 0xec, 0xdf, 0x76, 0xfc, 0x69, 0xdd
129 };
130 static const unsigned char x25519_auth_expected_enc[] = {
131     0x23, 0xfb, 0x95, 0x25, 0x71, 0xa1, 0x4a, 0x25,
132     0xe3, 0xd6, 0x78, 0x14, 0x0c, 0xd0, 0xe5, 0xeb,
133     0x47, 0xa0, 0x96, 0x1b, 0xb1, 0x8a, 0xfc, 0xf8,
134     0x58, 0x96, 0xe5, 0x45, 0x3c, 0x31, 0x2e, 0x76
135 };
136 static const unsigned char x25519_auth_expected_secret[] = {
137     0x2d, 0x6d, 0xb4, 0xcf, 0x71, 0x9d, 0xc7, 0x29,
138     0x3f, 0xcb, 0xf3, 0xfa, 0x64, 0x69, 0x07, 0x08,
139     0xe4, 0x4e, 0x2b, 0xeb, 0xc8, 0x1f, 0x84, 0x60,
140     0x86, 0x77, 0x95, 0x8c, 0x0d, 0x44, 0x48, 0xa7
141 };
142
143 static const unsigned char p256_ikme[] = {
144     0x42, 0x70, 0xe5, 0x4f, 0xfd, 0x08, 0xd7, 0x9d,
145     0x59, 0x28, 0x02, 0x0a, 0xf4, 0x68, 0x6d, 0x8f,
146     0x6b, 0x7d, 0x35, 0xdb, 0xe4, 0x70, 0x26, 0x5f,
147     0x1f, 0x5a, 0xa2, 0x28, 0x16, 0xce, 0x86, 0x0e
148 };
149
150 static const unsigned char p256_ikme_pub[] = {
151     0x04, 0xa9, 0x27, 0x19, 0xc6, 0x19, 0x5d, 0x50,
152     0x85, 0x10, 0x4f, 0x46, 0x9a, 0x8b, 0x98, 0x14,
153     0xd5, 0x83, 0x8f, 0xf7, 0x2b, 0x60, 0x50, 0x1e,
154     0x2c, 0x44, 0x66, 0xe5, 0xe6, 0x7b, 0x32, 0x5a,
155     0xc9, 0x85, 0x36, 0xd7, 0xb6, 0x1a, 0x1a, 0xf4,
156     0xb7, 0x8e, 0x5b, 0x7f, 0x95, 0x1c, 0x09, 0x00,
157     0xbe, 0x86, 0x3c, 0x40, 0x3c, 0xe6, 0x5c, 0x9b,
158     0xfc, 0xb9, 0x38, 0x26, 0x57, 0x22, 0x2d, 0x18,
159     0xc4
160 };
161 static const unsigned char p256_ikme_priv[] = {
162     0x49, 0x95, 0x78, 0x8e, 0xf4, 0xb9, 0xd6, 0x13,
163     0x2b, 0x24, 0x9c, 0xe5, 0x9a, 0x77, 0x28, 0x14,
164     0x93, 0xeb, 0x39, 0xaf, 0x37, 0x3d, 0x23, 0x6a,
165     0x1f, 0xe4, 0x15, 0xcb, 0x0c, 0x2d, 0x7b, 0xeb
166 };
167
168 static const unsigned char p256_ikmr[] = {
169     0x66, 0x8b, 0x37, 0x17, 0x1f, 0x10, 0x72, 0xf3,
170     0xcf, 0x12, 0xea, 0x8a, 0x23, 0x6a, 0x45, 0xdf,
171     0x23, 0xfc, 0x13, 0xb8, 0x2a, 0xf3, 0x60, 0x9a,
172     0xd1, 0xe3, 0x54, 0xf6, 0xef, 0x81, 0x75, 0x50
173 };
174
175 static const unsigned char p256_ikmr_pub[] = {
176     0x04, 0xfe, 0x8c, 0x19, 0xce, 0x09, 0x05, 0x19,
177     0x1e, 0xbc, 0x29, 0x8a, 0x92, 0x45, 0x79, 0x25,
178     0x31, 0xf2, 0x6f, 0x0c, 0xec, 0xe2, 0x46, 0x06,
179     0x39, 0xe8, 0xbc, 0x39, 0xcb, 0x7f, 0x70, 0x6a,
180     0x82, 0x6a, 0x77, 0x9b, 0x4c, 0xf9, 0x69, 0xb8,
181     0xa0, 0xe5, 0x39, 0xc7, 0xf6, 0x2f, 0xb3, 0xd3,
182     0x0a, 0xd6, 0xaa, 0x8f, 0x80, 0xe3, 0x0f, 0x1d,
183     0x12, 0x8a, 0xaf, 0xd6, 0x8a, 0x2c, 0xe7, 0x2e,
184     0xa0
185 };
186
187 static const unsigned char p256_ikmr_priv[] = {
188     0xf3, 0xce, 0x7f, 0xda, 0xe5, 0x7e, 0x1a, 0x31,
189     0x0d, 0x87, 0xf1, 0xeb, 0xbd, 0xe6, 0xf3, 0x28,
190     0xbe, 0x0a, 0x99, 0xcd, 0xbc, 0xad, 0xf4, 0xd6,
191     0x58, 0x9c, 0xf2, 0x9d, 0xe4, 0xb8, 0xff, 0xd2
192 };
193
194 static const unsigned char p256_expected_enc[] = {
195     0x04, 0xa9, 0x27, 0x19, 0xc6, 0x19, 0x5d, 0x50,
196     0x85, 0x10, 0x4f, 0x46, 0x9a, 0x8b, 0x98, 0x14,
197     0xd5, 0x83, 0x8f, 0xf7, 0x2b, 0x60, 0x50, 0x1e,
198     0x2c, 0x44, 0x66, 0xe5, 0xe6, 0x7b, 0x32, 0x5a,
199     0xc9, 0x85, 0x36, 0xd7, 0xb6, 0x1a, 0x1a, 0xf4,
200     0xb7, 0x8e, 0x5b, 0x7f, 0x95, 0x1c, 0x09, 0x00,
201     0xbe, 0x86, 0x3c, 0x40, 0x3c, 0xe6, 0x5c, 0x9b,
202     0xfc, 0xb9, 0x38, 0x26, 0x57, 0x22, 0x2d, 0x18,
203     0xc4
204 };
205 static const unsigned char p256_expected_secret[] = {
206     0xc0, 0xd2, 0x6a, 0xea, 0xb5, 0x36, 0x60, 0x9a,
207     0x57, 0x2b, 0x07, 0x69, 0x5d, 0x93, 0x3b, 0x58,
208     0x9d, 0xcf, 0x36, 0x3f, 0xf9, 0xd9, 0x3c, 0x93,
209     0xad, 0xea, 0x53, 0x7a, 0xea, 0xbb, 0x8c, 0xb8
210 };
211
212 static const unsigned char p521_ikme[] = {
213     0x7f, 0x06, 0xab, 0x82, 0x15, 0x10, 0x5f, 0xc4,
214     0x6a, 0xce, 0xeb, 0x2e, 0x3d, 0xc5, 0x02, 0x8b,
215     0x44, 0x36, 0x4f, 0x96, 0x04, 0x26, 0xeb, 0x0d,
216     0x8e, 0x40, 0x26, 0xc2, 0xf8, 0xb5, 0xd7, 0xe7,
217     0xa9, 0x86, 0x68, 0x8f, 0x15, 0x91, 0xab, 0xf5,
218     0xab, 0x75, 0x3c, 0x35, 0x7a, 0x5d, 0x6f, 0x04,
219     0x40, 0x41, 0x4b, 0x4e, 0xd4, 0xed, 0xe7, 0x13,
220     0x17, 0x77, 0x2a, 0xc9, 0x8d, 0x92, 0x39, 0xf7,
221     0x09, 0x04
222 };
223
224 static const unsigned char p521_ikme_pub[] = {
225     0x04, 0x01, 0x38, 0xb3, 0x85, 0xca, 0x16, 0xbb,
226     0x0d, 0x5f, 0xa0, 0xc0, 0x66, 0x5f, 0xbb, 0xd7,
227     0xe6, 0x9e, 0x3e, 0xe2, 0x9f, 0x63, 0x99, 0x1d,
228     0x3e, 0x9b, 0x5f, 0xa7, 0x40, 0xaa, 0xb8, 0x90,
229     0x0a, 0xae, 0xed, 0x46, 0xed, 0x73, 0xa4, 0x90,
230     0x55, 0x75, 0x84, 0x25, 0xa0, 0xce, 0x36, 0x50,
231     0x7c, 0x54, 0xb2, 0x9c, 0xc5, 0xb8, 0x5a, 0x5c,
232     0xee, 0x6b, 0xae, 0x0c, 0xf1, 0xc2, 0x1f, 0x27,
233     0x31, 0xec, 0xe2, 0x01, 0x3d, 0xc3, 0xfb, 0x7c,
234     0x8d, 0x21, 0x65, 0x4b, 0xb1, 0x61, 0xb4, 0x63,
235     0x96, 0x2c, 0xa1, 0x9e, 0x8c, 0x65, 0x4f, 0xf2,
236     0x4c, 0x94, 0xdd, 0x28, 0x98, 0xde, 0x12, 0x05,
237     0x1f, 0x1e, 0xd0, 0x69, 0x22, 0x37, 0xfb, 0x02,
238     0xb2, 0xf8, 0xd1, 0xdc, 0x1c, 0x73, 0xe9, 0xb3,
239     0x66, 0xb5, 0x29, 0xeb, 0x43, 0x6e, 0x98, 0xa9,
240     0x96, 0xee, 0x52, 0x2a, 0xef, 0x86, 0x3d, 0xd5,
241     0x73, 0x9d, 0x2f, 0x29, 0xb0
242 };
243
244 static const unsigned char p521_ikme_priv[] = {
245     0x01, 0x47, 0x84, 0xc6, 0x92, 0xda, 0x35, 0xdf,
246     0x6e, 0xcd, 0xe9, 0x8e, 0xe4, 0x3a, 0xc4, 0x25,
247     0xdb, 0xdd, 0x09, 0x69, 0xc0, 0xc7, 0x2b, 0x42,
248     0xf2, 0xe7, 0x08, 0xab, 0x9d, 0x53, 0x54, 0x15,
249     0xa8, 0x56, 0x9b, 0xda, 0xcf, 0xcc, 0x0a, 0x11,
250     0x4c, 0x85, 0xb8, 0xe3, 0xf2, 0x6a, 0xcf, 0x4d,
251     0x68, 0x11, 0x5f, 0x8c, 0x91, 0xa6, 0x61, 0x78,
252     0xcd, 0xbd, 0x03, 0xb7, 0xbc, 0xc5, 0x29, 0x1e,
253     0x37, 0x4b
254 };
255
256 static const unsigned char p521_ikmr_pub[] = {
257     0x04, 0x01, 0xb4, 0x54, 0x98, 0xc1, 0x71, 0x4e,
258     0x2d, 0xce, 0x16, 0x7d, 0x3c, 0xaf, 0x16, 0x2e,
259     0x45, 0xe0, 0x64, 0x2a, 0xfc, 0x7e, 0xd4, 0x35,
260     0xdf, 0x79, 0x02, 0xcc, 0xae, 0x0e, 0x84, 0xba,
261     0x0f, 0x7d, 0x37, 0x3f, 0x64, 0x6b, 0x77, 0x38,
262     0xbb, 0xbd, 0xca, 0x11, 0xed, 0x91, 0xbd, 0xea,
263     0xe3, 0xcd, 0xcb, 0xa3, 0x30, 0x1f, 0x24, 0x57,
264     0xbe, 0x45, 0x2f, 0x27, 0x1f, 0xa6, 0x83, 0x75,
265     0x80, 0xe6, 0x61, 0x01, 0x2a, 0xf4, 0x95, 0x83,
266     0xa6, 0x2e, 0x48, 0xd4, 0x4b, 0xed, 0x35, 0x0c,
267     0x71, 0x18, 0xc0, 0xd8, 0xdc, 0x86, 0x1c, 0x23,
268     0x8c, 0x72, 0xa2, 0xbd, 0xa1, 0x7f, 0x64, 0x70,
269     0x4f, 0x46, 0x4b, 0x57, 0x33, 0x8e, 0x7f, 0x40,
270     0xb6, 0x09, 0x59, 0x48, 0x0c, 0x0e, 0x58, 0xe6,
271     0x55, 0x9b, 0x19, 0x0d, 0x81, 0x66, 0x3e, 0xd8,
272     0x16, 0xe5, 0x23, 0xb6, 0xb6, 0xa4, 0x18, 0xf6,
273     0x6d, 0x24, 0x51, 0xec, 0x64
274 };
275 static const unsigned char p521_ikmr_priv[] = {
276     0x01, 0x46, 0x26, 0x80, 0x36, 0x9a, 0xe3, 0x75,
277     0xe4, 0xb3, 0x79, 0x10, 0x70, 0xa7, 0x45, 0x8e,
278     0xd5, 0x27, 0x84, 0x2f, 0x6a, 0x98, 0xa7, 0x9f,
279     0xf5, 0xe0, 0xd4, 0xcb, 0xde, 0x83, 0xc2, 0x71,
280     0x96, 0xa3, 0x91, 0x69, 0x56, 0x65, 0x55, 0x23,
281     0xa6, 0xa2, 0x55, 0x6a, 0x7a, 0xf6, 0x2c, 0x5c,
282     0xad, 0xab, 0xe2, 0xef, 0x9d, 0xa3, 0x76, 0x0b,
283     0xb2, 0x1e, 0x00, 0x52, 0x02, 0xf7, 0xb2, 0x46,
284     0x28, 0x47
285 };
286
287 static const unsigned char p521_expected_enc[] = {
288     0x04, 0x01, 0x38, 0xb3, 0x85, 0xca, 0x16, 0xbb,
289     0x0d, 0x5f, 0xa0, 0xc0, 0x66, 0x5f, 0xbb, 0xd7,
290     0xe6, 0x9e, 0x3e, 0xe2, 0x9f, 0x63, 0x99, 0x1d,
291     0x3e, 0x9b, 0x5f, 0xa7, 0x40, 0xaa, 0xb8, 0x90,
292     0x0a, 0xae, 0xed, 0x46, 0xed, 0x73, 0xa4, 0x90,
293     0x55, 0x75, 0x84, 0x25, 0xa0, 0xce, 0x36, 0x50,
294     0x7c, 0x54, 0xb2, 0x9c, 0xc5, 0xb8, 0x5a, 0x5c,
295     0xee, 0x6b, 0xae, 0x0c, 0xf1, 0xc2, 0x1f, 0x27,
296     0x31, 0xec, 0xe2, 0x01, 0x3d, 0xc3, 0xfb, 0x7c,
297     0x8d, 0x21, 0x65, 0x4b, 0xb1, 0x61, 0xb4, 0x63,
298     0x96, 0x2c, 0xa1, 0x9e, 0x8c, 0x65, 0x4f, 0xf2,
299     0x4c, 0x94, 0xdd, 0x28, 0x98, 0xde, 0x12, 0x05,
300     0x1f, 0x1e, 0xd0, 0x69, 0x22, 0x37, 0xfb, 0x02,
301     0xb2, 0xf8, 0xd1, 0xdc, 0x1c, 0x73, 0xe9, 0xb3,
302     0x66, 0xb5, 0x29, 0xeb, 0x43, 0x6e, 0x98, 0xa9,
303     0x96, 0xee, 0x52, 0x2a, 0xef, 0x86, 0x3d, 0xd5,
304     0x73, 0x9d, 0x2f, 0x29, 0xb0
305 };
306 static const unsigned char p521_expected_secret[] = {
307     0x77, 0x6a, 0xb4, 0x21, 0x30, 0x2f, 0x6e, 0xff,
308     0x7d, 0x7c, 0xb5, 0xcb, 0x1a, 0xda, 0xea, 0x0c,
309     0xd5, 0x08, 0x72, 0xc7, 0x1c, 0x2d, 0x63, 0xc3,
310     0x0c, 0x4f, 0x1d, 0x5e, 0x43, 0x65, 0x33, 0x36,
311     0xfe, 0xf3, 0x3b, 0x10, 0x3c, 0x67, 0xe7, 0xa9,
312     0x8a, 0xdd, 0x2d, 0x3b, 0x66, 0xe2, 0xfd, 0xa9,
313     0x5b, 0x5b, 0x2a, 0x66, 0x7a, 0xa9, 0xda, 0xc7,
314     0xe5, 0x9c, 0xc1, 0xd4, 0x6d, 0x30, 0xe8, 0x18
315 };
316
317 static const unsigned char p521_auth_ikme[] = {
318     0xfe, 0x1c, 0x58, 0x9c, 0x2a, 0x05, 0x89, 0x38,
319     0x95, 0xa5, 0x37, 0xf3, 0x8c, 0x7c, 0xb4, 0x30,
320     0x0b, 0x5a, 0x7e, 0x8f, 0xef, 0x3d, 0x6c, 0xcb,
321     0x8f, 0x07, 0xa4, 0x98, 0x02, 0x9c, 0x61, 0xe9,
322     0x02, 0x62, 0xe0, 0x09, 0xdc, 0x25, 0x4c, 0x7f,
323     0x62, 0x35, 0xf9, 0xc6, 0xb2, 0xfd, 0x6a, 0xef,
324     0xf0, 0xa7, 0x14, 0xdb, 0x13, 0x1b, 0x09, 0x25,
325     0x8c, 0x16, 0xe2, 0x17, 0xb7, 0xbd, 0x2a, 0xa6,
326     0x19, 0xb0
327 };
328
329 static const unsigned char p521_auth_ikmr_pub[] = {
330     0x04, 0x00, 0x7d, 0x41, 0x9b, 0x88, 0x34, 0xe7,
331     0x51, 0x3d, 0x0e, 0x7c, 0xc6, 0x64, 0x24, 0xa1,
332     0x36, 0xec, 0x5e, 0x11, 0x39, 0x5a, 0xb3, 0x53,
333     0xda, 0x32, 0x4e, 0x35, 0x86, 0x67, 0x3e, 0xe7,
334     0x3d, 0x53, 0xab, 0x34, 0xf3, 0x0a, 0x0b, 0x42,
335     0xa9, 0x2d, 0x05, 0x4d, 0x0d, 0xb3, 0x21, 0xb8,
336     0x0f, 0x62, 0x17, 0xe6, 0x55, 0xe3, 0x04, 0xf7,
337     0x27, 0x93, 0x76, 0x7c, 0x42, 0x31, 0x78, 0x5c,
338     0x4a, 0x4a, 0x6e, 0x00, 0x8f, 0x31, 0xb9, 0x3b,
339     0x7a, 0x4f, 0x2b, 0x8c, 0xd1, 0x2e, 0x5f, 0xe5,
340     0xa0, 0x52, 0x3d, 0xc7, 0x13, 0x53, 0xc6, 0x6c,
341     0xbd, 0xad, 0x51, 0xc8, 0x6b, 0x9e, 0x0b, 0xdf,
342     0xcd, 0x9a, 0x45, 0x69, 0x8f, 0x2d, 0xab, 0x18,
343     0x09, 0xab, 0x1b, 0x0f, 0x88, 0xf5, 0x42, 0x27,
344     0x23, 0x2c, 0x85, 0x8a, 0xcc, 0xc4, 0x4d, 0x9a,
345     0x8d, 0x41, 0x77, 0x5a, 0xc0, 0x26, 0x34, 0x15,
346     0x64, 0xa2, 0xd7, 0x49, 0xf4
347 };
348
349 static const unsigned char p521_auth_ikmr_priv[] = {
350     0x01, 0x3e, 0xf3, 0x26, 0x94, 0x09, 0x98, 0x54,
351     0x4a, 0x89, 0x9e, 0x15, 0xe1, 0x72, 0x65, 0x48,
352     0xff, 0x43, 0xbb, 0xdb, 0x23, 0xa8, 0x58, 0x7a,
353     0xa3, 0xbe, 0xf9, 0xd1, 0xb8, 0x57, 0x33, 0x8d,
354     0x87, 0x28, 0x7d, 0xf5, 0x66, 0x70, 0x37, 0xb5,
355     0x19, 0xd6, 0xa1, 0x46, 0x61, 0xe9, 0x50, 0x3c,
356     0xfc, 0x95, 0xa1, 0x54, 0xd9, 0x35, 0x66, 0xd8,
357     0xc8, 0x4e, 0x95, 0xce, 0x93, 0xad, 0x05, 0x29,
358     0x3a, 0x0b
359 };
360
361 static const unsigned char p521_auth_ikms_pub[] = {
362     0x04, 0x01, 0x5c, 0xc3, 0x63, 0x66, 0x32, 0xea,
363     0x9a, 0x38, 0x79, 0xe4, 0x32, 0x40, 0xbe, 0xae,
364     0x5d, 0x15, 0xa4, 0x4f, 0xba, 0x81, 0x92, 0x82,
365     0xfa, 0xc2, 0x6a, 0x19, 0xc9, 0x89, 0xfa, 0xfd,
366     0xd0, 0xf3, 0x30, 0xb8, 0x52, 0x1d, 0xff, 0x7d,
367     0xc3, 0x93, 0x10, 0x1b, 0x01, 0x8c, 0x1e, 0x65,
368     0xb0, 0x7b, 0xe9, 0xf5, 0xfc, 0x9a, 0x28, 0xa1,
369     0xf4, 0x50, 0xd6, 0xa5, 0x41, 0xee, 0x0d, 0x76,
370     0x22, 0x11, 0x33, 0x00, 0x1e, 0x8f, 0x0f, 0x6a,
371     0x05, 0xab, 0x79, 0xf9, 0xb9, 0xbb, 0x9c, 0xcc,
372     0xe1, 0x42, 0xa4, 0x53, 0xd5, 0x9c, 0x5a, 0xbe,
373     0xbb, 0x56, 0x74, 0x83, 0x9d, 0x93, 0x5a, 0x3c,
374     0xa1, 0xa3, 0xfb, 0xc3, 0x28, 0x53, 0x9a, 0x60,
375     0xb3, 0xbc, 0x3c, 0x05, 0xfe, 0xd2, 0x28, 0x38,
376     0x58, 0x4a, 0x72, 0x6b, 0x9c, 0x17, 0x67, 0x96,
377     0xca, 0xd0, 0x16, 0x9b, 0xa4, 0x09, 0x33, 0x32,
378     0xcb, 0xd2, 0xdc, 0x3a, 0x9f
379 };
380
381 static const unsigned char p521_auth_ikms_priv[] = {
382     0x00, 0x10, 0x18, 0x58, 0x45, 0x99, 0x62, 0x5f,
383     0xf9, 0x95, 0x3b, 0x93, 0x05, 0x84, 0x98, 0x50,
384     0xd5, 0xe3, 0x4b, 0xd7, 0x89, 0xd4, 0xb8, 0x11,
385     0x01, 0x13, 0x96, 0x62, 0xfb, 0xea, 0x8b, 0x65,
386     0x08, 0xdd, 0xb9, 0xd0, 0x19, 0xb0, 0xd6, 0x92,
387     0xe7, 0x37, 0xf6, 0x6b, 0xea, 0xe3, 0xf1, 0xf7,
388     0x83, 0xe7, 0x44, 0x20, 0x2a, 0xaf, 0x6f, 0xea,
389     0x01, 0x50, 0x6c, 0x27, 0x28, 0x7e, 0x35, 0x9f,
390     0xe7, 0x76
391 };
392
393 static const unsigned char p521_auth_expected_enc[] = {
394     0x04, 0x01, 0x7d, 0xe1, 0x2e, 0xde, 0x7f, 0x72,
395     0xcb, 0x10, 0x1d, 0xab, 0x36, 0xa1, 0x11, 0x26,
396     0x5c, 0x97, 0xb3, 0x65, 0x48, 0x16, 0xdc, 0xd6,
397     0x18, 0x3f, 0x80, 0x9d, 0x4b, 0x3d, 0x11, 0x1f,
398     0xe7, 0x59, 0x49, 0x7f, 0x8a, 0xef, 0xdc, 0x5d,
399     0xbb, 0x40, 0xd3, 0xe6, 0xd2, 0x1d, 0xb1, 0x5b,
400     0xdc, 0x60, 0xf1, 0x5f, 0x2a, 0x42, 0x07, 0x61,
401     0xbc, 0xae, 0xef, 0x73, 0xb8, 0x91, 0xc2, 0xb1,
402     0x17, 0xe9, 0xcf, 0x01, 0xe2, 0x93, 0x20, 0xb7,
403     0x99, 0xbb, 0xc8, 0x6a, 0xfd, 0xc5, 0xea, 0x97,
404     0xd9, 0x41, 0xea, 0x1c, 0x5b, 0xd5, 0xeb, 0xee,
405     0xac, 0x7a, 0x78, 0x4b, 0x3b, 0xab, 0x52, 0x47,
406     0x46, 0xf3, 0xe6, 0x40, 0xec, 0x26, 0xee, 0x1b,
407     0xd9, 0x12, 0x55, 0xf9, 0x33, 0x0d, 0x97, 0x4f,
408     0x84, 0x50, 0x84, 0x63, 0x7e, 0xe0, 0xe6, 0xfe,
409     0x9f, 0x50, 0x5c, 0x5b, 0x87, 0xc8, 0x6a, 0x4e,
410     0x1a, 0x6c, 0x30, 0x96, 0xdd
411 };
412
413 static const unsigned char p521_auth_expected_secret[] = {
414     0x26, 0x64, 0x8f, 0xa2, 0xa2, 0xde, 0xb0, 0xbf,
415     0xc5, 0x63, 0x49, 0xa5, 0x90, 0xfd, 0x4c, 0xb7,
416     0x10, 0x8a, 0x51, 0x79, 0x7b, 0x63, 0x46, 0x94,
417     0xfc, 0x02, 0x06, 0x1e, 0x8d, 0x91, 0xb3, 0x57,
418     0x6a, 0xc7, 0x36, 0xa6, 0x8b, 0xf8, 0x48, 0xfe,
419     0x2a, 0x58, 0xdf, 0xb1, 0x95, 0x6d, 0x26, 0x6e,
420     0x68, 0x20, 0x9a, 0x4d, 0x63, 0x1e, 0x51, 0x3b,
421     0xad, 0xf8, 0xf4, 0xdc, 0xfc, 0x00, 0xf3, 0x0a
422 };
423
424 static const TEST_DERIVEKEY_DATA ec_derivekey_data[] = {
425     {
426       "P-256",
427       p256_ikme, sizeof(p256_ikme),
428       p256_ikme_pub, sizeof(p256_ikme_pub),
429       p256_ikme_priv, sizeof(p256_ikme_priv)
430     },
431     {
432       "P-256",
433       p256_ikmr, sizeof(p256_ikmr),
434       p256_ikmr_pub, sizeof(p256_ikmr_pub),
435       p256_ikmr_priv, sizeof(p256_ikmr_priv)
436     },
437     {
438       "P-521",
439       p521_ikme, sizeof(p521_ikme),
440       p521_ikme_pub, sizeof(p521_ikme_pub),
441       p521_ikme_priv, sizeof(p521_ikme_priv)
442     }
443 };
444
445 static const TEST_ENCAPDATA ec_encapdata[] = {
446     {
447         "P-256",
448         p256_ikme, sizeof(p256_ikme),
449         p256_ikmr_pub, sizeof(p256_ikmr_pub),
450         p256_ikmr_priv, sizeof(p256_ikmr_priv),
451         p256_expected_enc, sizeof(p256_expected_enc),
452         p256_expected_secret, sizeof(p256_expected_secret),
453     },
454     {
455         "X25519",
456         x25519_ikme, sizeof(x25519_ikme),
457         x25519_rpub, sizeof(x25519_rpub),
458         x25519_rpriv, sizeof(x25519_rpriv),
459         x25519_expected_enc, sizeof(x25519_expected_enc),
460         x25519_expected_secret, sizeof(x25519_expected_secret),
461     },
462     {
463         "P-521",
464         p521_ikme, sizeof(p521_ikme),
465         p521_ikmr_pub, sizeof(p521_ikmr_pub),
466         p521_ikmr_priv, sizeof(p521_ikmr_priv),
467         p521_expected_enc, sizeof(p521_expected_enc),
468         p521_expected_secret, sizeof(p521_expected_secret),
469     },
470     {
471         "P-521",
472         p521_auth_ikme, sizeof(p521_auth_ikme),
473         p521_auth_ikmr_pub, sizeof(p521_auth_ikmr_pub),
474         p521_auth_ikmr_priv, sizeof(p521_auth_ikmr_priv),
475         p521_auth_expected_enc, sizeof(p521_auth_expected_enc),
476         p521_auth_expected_secret, sizeof(p521_auth_expected_secret),
477         p521_auth_ikms_pub, sizeof(p521_auth_ikms_pub),
478         p521_auth_ikms_priv, sizeof(p521_auth_ikms_priv)
479     },
480     {
481         "X25519",
482         x25519_auth_ikme, sizeof(x25519_auth_ikme),
483         x25519_auth_rpub, sizeof(x25519_auth_rpub),
484         x25519_auth_rpriv, sizeof(x25519_auth_rpriv),
485         x25519_auth_expected_enc, sizeof(x25519_auth_expected_enc),
486         x25519_auth_expected_secret, sizeof(x25519_auth_expected_secret),
487         x25519_auth_spub, sizeof(x25519_auth_spub),
488         x25519_auth_spriv, sizeof(x25519_auth_spriv)
489     }
490 };
491
492 /* Test vector from https://github.com/cfrg/draft-irtf-cfrg-hpke */
493 static const unsigned char x448_ikmr[] = {
494     0xd4, 0x5d, 0x16, 0x52, 0xdf, 0x74, 0x92, 0x0a,
495     0xbf, 0x94, 0xa2, 0x88, 0x3c, 0x83, 0x05, 0x0f,
496     0x50, 0x2f, 0xf5, 0x12, 0xff, 0xb5, 0x6f, 0x07,
497     0xb6, 0xd8, 0x33, 0xec, 0x8d, 0xda, 0x74, 0xb6,
498     0xa1, 0xc1, 0xcc, 0x4d, 0x42, 0xa2, 0x26, 0x41,
499     0xc0, 0x96, 0x3d, 0x3c, 0x21, 0xed, 0x82, 0x61,
500     0xf3, 0x44, 0xdc, 0x9e, 0x05, 0x01, 0xa8, 0x1c
501 };
502 static const unsigned char x448_ikmr_priv[] = {
503     0x27, 0xa4, 0x35, 0x46, 0x08, 0xf3, 0xbd, 0xd3,
504     0x8f, 0x1f, 0x5a, 0xf3, 0x05, 0xf3, 0xe0, 0x68,
505     0x2e, 0xfe, 0x4e, 0x25, 0x80, 0x82, 0x49, 0xd8,
506     0xfc, 0xb5, 0x59, 0x27, 0xf6, 0xa9, 0xf4, 0x46,
507     0xb8, 0xdc, 0x1d, 0x0a, 0x2c, 0x3b, 0x8c, 0xb1,
508     0x33, 0xa5, 0x67, 0x3b, 0x59, 0xa6, 0xd5, 0x5c,
509     0xe7, 0x54, 0xec, 0x0c, 0x9a, 0x55, 0x54, 0x01
510 };
511 static const unsigned char x448_ikmr_pub[] = {
512     0x14, 0x5d, 0x08, 0x3e, 0xa7, 0xa6, 0x37, 0x9d,
513     0xbb, 0x32, 0xdc, 0xbd, 0x8a, 0xff, 0x4c, 0x20,
514     0x6e, 0xa5, 0xd0, 0x69, 0xb7, 0x5e, 0x96, 0xc6,
515     0xdd, 0x2a, 0x3e, 0x38, 0xf4, 0x41, 0x47, 0x1a,
516     0xc9, 0x7a, 0xdc, 0xa6, 0x41, 0xfd, 0xad, 0x66,
517     0x68, 0x5a, 0x96, 0xf3, 0x2b, 0x7c, 0x3e, 0x06,
518     0x46, 0x35, 0xfa, 0xb3, 0xcc, 0x89, 0x23, 0x4e
519 };
520
521 static const TEST_DERIVEKEY_DATA ecx_derivekey_data[] = {
522     {
523       "X25519",
524       x25519_ikme, sizeof(x25519_ikme),
525       x25519_ikme_pub, sizeof(x25519_ikme_pub),
526       x25519_ikme_priv, sizeof(x25519_ikme_priv)
527     },
528     {
529       "X448",
530       x448_ikmr, sizeof(x448_ikmr),
531       x448_ikmr_pub, sizeof(x448_ikmr_pub),
532       x448_ikmr_priv, sizeof(x448_ikmr_priv)
533     },
534 };
535
536 /*
537  * Helper function to create a EC or ECX private key from bytes.
538  * The public key can optionally be NULL.
539  */
540 static EVP_PKEY *new_raw_private_key(const char *curvename,
541                                      const unsigned char *priv, size_t privlen,
542                                      const unsigned char *pub, size_t publen)
543 {
544     int ok = 0;
545     EVP_PKEY_CTX *ctx;
546     EVP_PKEY *key = NULL;
547     OSSL_PARAM *params = NULL;
548     BIGNUM *privbn = NULL;
549     OSSL_PARAM_BLD *bld = NULL;
550     int ecx = (curvename[0] == 'X');
551
552     if (ecx)
553         ctx = EVP_PKEY_CTX_new_from_name(libctx, curvename, NULL);
554     else
555         ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL);
556     if (ctx == NULL)
557         return 0;
558
559     bld = OSSL_PARAM_BLD_new();
560     if (bld == NULL)
561         goto err;
562
563     if (ecx) {
564         if (!OSSL_PARAM_BLD_push_octet_string(bld, OSSL_PKEY_PARAM_PRIV_KEY,
565                                              (char *)priv, privlen))
566             goto err;
567     } else {
568         privbn = BN_bin2bn(priv, privlen, NULL);
569         if (privbn == NULL)
570             goto err;
571         if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_GROUP_NAME,
572                                              curvename, 0))
573             goto err;
574         if (!OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, privbn))
575             goto err;
576     }
577
578     if (pub != NULL) {
579         if (!OSSL_PARAM_BLD_push_octet_string(bld, OSSL_PKEY_PARAM_PUB_KEY,
580                                              (char *)pub, publen))
581             goto err;
582     }
583     params = OSSL_PARAM_BLD_to_param(bld);
584     if (params == NULL)
585         goto err;
586
587     if (EVP_PKEY_fromdata_init(ctx) <= 0)
588           goto err;
589     if (EVP_PKEY_fromdata(ctx, &key, EVP_PKEY_KEYPAIR, params) <= 0)
590           goto err;
591     ok = 1;
592 err:
593     if (!ok) {
594         EVP_PKEY_free(key);
595         key = NULL;
596     }
597     BN_free(privbn);
598     OSSL_PARAM_free(params);
599     OSSL_PARAM_BLD_free(bld);
600     EVP_PKEY_CTX_free(ctx);
601     return key;
602 }
603
604 static EVP_PKEY *new_raw_public_key(const char *curvename,
605                                     const unsigned char *pub, size_t publen)
606 {
607     int ok = 0;
608     EVP_PKEY_CTX *ctx;
609     EVP_PKEY *key = NULL;
610     OSSL_PARAM params[3], *p = params;
611     int ecx = (curvename[0] == 'X');
612
613     if (ecx)
614         ctx = EVP_PKEY_CTX_new_from_name(libctx, curvename, NULL);
615     else
616         ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL);
617     if (ctx == NULL)
618         return 0;
619
620     if (!ecx)
621         *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
622                                                 (char *)curvename, 0);
623     *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
624                                              (char *)pub, publen);
625     *p = OSSL_PARAM_construct_end();
626     if (EVP_PKEY_fromdata_init(ctx) <= 0)
627           goto err;
628     if (EVP_PKEY_fromdata(ctx, &key, EVP_PKEY_PUBLIC_KEY, params) <= 0)
629           goto err;
630     ok = 1;
631 err:
632     if (!ok) {
633         EVP_PKEY_free(key);
634         key = NULL;
635     }
636     EVP_PKEY_CTX_free(ctx);
637     return key;
638 }
639
640 /* Helper function to perform encapsulation */
641 static int do_encap(const TEST_ENCAPDATA *t, EVP_PKEY *rpub, EVP_PKEY *spriv)
642 {
643     int ret = 0;
644     unsigned char secret[256] = { 0, };
645     unsigned char enc[256] = { 0, };
646     size_t secretlen = 0, enclen = 0;
647     EVP_PKEY_CTX *sctx = NULL;
648     OSSL_PARAM params[3], *p = params;
649
650     *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KEM_PARAM_OPERATION,
651                                             (char *)OSSL_KEM_PARAM_OPERATION_DHKEM,
652                                             0);
653     *p++ = OSSL_PARAM_construct_octet_string(OSSL_KEM_PARAM_IKME,
654                                              (char *)t->ikmE, t->ikmElen);
655     *p = OSSL_PARAM_construct_end();
656
657     if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(libctx, rpub, NULL)))
658         goto err;
659     if (t->spriv == NULL) {
660         if (!TEST_int_eq(EVP_PKEY_encapsulate_init(sctx, params), 1))
661             goto err;
662     } else {
663         if (!TEST_int_eq(EVP_PKEY_auth_encapsulate_init(sctx, spriv, params), 1))
664         goto err;
665     }
666     ret = TEST_int_eq(EVP_PKEY_encapsulate(sctx, NULL, &enclen, NULL,
667                                               &secretlen), 1)
668           && TEST_int_eq(EVP_PKEY_encapsulate(sctx, enc, &enclen, secret,
669                                               &secretlen), 1)
670           && TEST_mem_eq(enc, enclen, t->expected_enc, t->expected_enclen)
671           && TEST_mem_eq(secret, secretlen,
672                          t->expected_secret, t->expected_secretlen);
673 err:
674     EVP_PKEY_CTX_free(sctx);
675     return ret;
676 }
677
678 /* Helper function to perform decapsulation */
679 static int do_decap(const TEST_ENCAPDATA *t, EVP_PKEY *rpriv, EVP_PKEY *spub)
680 {
681     int ret = 0;
682     EVP_PKEY_CTX *recipctx = NULL;
683     unsigned char secret[256] = { 0, };
684     size_t secretlen = 0;
685
686     if (!TEST_ptr(recipctx = EVP_PKEY_CTX_new_from_pkey(libctx, rpriv, NULL)))
687         goto err;
688     if (t->spub == NULL) {
689         if (!TEST_int_eq(EVP_PKEY_decapsulate_init(recipctx, opparam), 1))
690             goto err;
691     } else {
692         if (!TEST_int_eq(EVP_PKEY_auth_decapsulate_init(recipctx, spub,
693                                                         opparam), 1))
694             goto err;
695     }
696     ret = TEST_int_eq(EVP_PKEY_decapsulate(recipctx, NULL, &secretlen,
697                                               t->expected_enc,
698                                               t->expected_enclen), 1)
699           && TEST_int_eq(EVP_PKEY_decapsulate(recipctx, secret, &secretlen,
700                                               t->expected_enc,
701                                               t->expected_enclen), 1)
702           && TEST_mem_eq(secret, secretlen,
703                          t->expected_secret, t->expected_secretlen);
704 err:
705     EVP_PKEY_CTX_free(recipctx);
706     return ret;
707 }
Unnamed repository; edit this file 'description' to name the repository.