2 * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved.
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
11 /* Tests of the EVP_KDF_CTX APIs */
16 #include <openssl/evp.h>
17 #include <openssl/kdf.h>
18 #include <openssl/core_names.h>
21 static EVP_KDF_CTX *get_kdfbyname(const char *name)
23 EVP_KDF *kdf = EVP_KDF_fetch(NULL, name, NULL);
24 EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
30 static OSSL_PARAM *construct_tls1_prf_params(const char *digest, const char *secret,
33 OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 4);
34 OSSL_PARAM *p = params;
36 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
38 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
39 (unsigned char *)secret,
41 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
42 (unsigned char *)seed,
44 *p = OSSL_PARAM_construct_end();
49 static int test_kdf_tls1_prf(void)
52 EVP_KDF_CTX *kctx = NULL;
53 unsigned char out[16];
55 static const unsigned char expected[sizeof(out)] = {
56 0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0,
57 0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc
60 params = construct_tls1_prf_params("sha256", "secret", "seed");
63 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
64 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
65 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
66 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
68 EVP_KDF_CTX_free(kctx);
73 static int test_kdf_tls1_prf_invalid_digest(void)
76 EVP_KDF_CTX *kctx = NULL;
79 params = construct_tls1_prf_params("blah", "secret", "seed");
82 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
83 && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
85 EVP_KDF_CTX_free(kctx);
90 static int test_kdf_tls1_prf_zero_output_size(void)
93 EVP_KDF_CTX *kctx = NULL;
94 unsigned char out[16];
97 params = construct_tls1_prf_params("sha256", "secret", "seed");
99 /* Negative test - derive should fail */
101 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
102 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
103 && TEST_int_eq(EVP_KDF_derive(kctx, out, 0), 0);
105 EVP_KDF_CTX_free(kctx);
106 OPENSSL_free(params);
110 static int test_kdf_tls1_prf_empty_secret(void)
113 EVP_KDF_CTX *kctx = NULL;
114 unsigned char out[16];
117 params = construct_tls1_prf_params("sha256", "", "seed");
120 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
121 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
122 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0);
124 EVP_KDF_CTX_free(kctx);
125 OPENSSL_free(params);
129 static int test_kdf_tls1_prf_1byte_secret(void)
132 EVP_KDF_CTX *kctx = NULL;
133 unsigned char out[16];
136 params = construct_tls1_prf_params("sha256", "1", "seed");
139 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
140 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
141 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0);
143 EVP_KDF_CTX_free(kctx);
144 OPENSSL_free(params);
148 static int test_kdf_tls1_prf_empty_seed(void)
151 EVP_KDF_CTX *kctx = NULL;
152 unsigned char out[16];
155 params = construct_tls1_prf_params("sha256", "secret", "");
157 /* Negative test - derive should fail */
159 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
160 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
161 && TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out)), 0);
163 EVP_KDF_CTX_free(kctx);
164 OPENSSL_free(params);
168 static int test_kdf_tls1_prf_1byte_seed(void)
171 EVP_KDF_CTX *kctx = NULL;
172 unsigned char out[16];
175 params = construct_tls1_prf_params("sha256", "secret", "1");
178 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
179 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
180 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0);
182 EVP_KDF_CTX_free(kctx);
183 OPENSSL_free(params);
187 static OSSL_PARAM *construct_hkdf_params(char *digest, char *key,
188 size_t keylen, char *salt, char *info)
190 OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 5);
191 OSSL_PARAM *p = params;
193 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
195 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
197 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
198 (unsigned char *)key, keylen);
199 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
201 *p = OSSL_PARAM_construct_end();
206 static int test_kdf_hkdf(void)
210 unsigned char out[10];
212 static const unsigned char expected[sizeof(out)] = {
213 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13
216 params = construct_hkdf_params("sha256", "secret", 6, "salt", "label");
219 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
220 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
221 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
222 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
224 EVP_KDF_CTX_free(kctx);
225 OPENSSL_free(params);
229 static int test_kdf_hkdf_invalid_digest(void)
235 params = construct_hkdf_params("blah", "secret", 6, "salt", "label");
238 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
239 && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
241 EVP_KDF_CTX_free(kctx);
242 OPENSSL_free(params);
246 static int test_kdf_hkdf_zero_output_size(void)
250 unsigned char out[10];
253 params = construct_hkdf_params("sha256", "secret", 6, "salt", "label");
255 /* Negative test - derive should fail */
257 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
258 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
259 && TEST_int_eq(EVP_KDF_derive(kctx, out, 0), 0);
261 EVP_KDF_CTX_free(kctx);
262 OPENSSL_free(params);
266 static int test_kdf_hkdf_empty_key(void)
270 unsigned char out[10];
273 params = construct_hkdf_params("sha256", "", 0, "salt", "label");
276 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
277 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
278 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0);
280 EVP_KDF_CTX_free(kctx);
281 OPENSSL_free(params);
285 static int test_kdf_hkdf_1byte_key(void)
289 unsigned char out[10];
292 params = construct_hkdf_params("sha256", "1", 1, "salt", "label");
295 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
296 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
297 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0);
299 EVP_KDF_CTX_free(kctx);
300 OPENSSL_free(params);
304 static int test_kdf_hkdf_empty_salt(void)
308 unsigned char out[10];
311 params = construct_hkdf_params("sha256", "secret", 6, "", "label");
314 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
315 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
316 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0);
318 EVP_KDF_CTX_free(kctx);
319 OPENSSL_free(params);
323 static OSSL_PARAM *construct_pbkdf2_params(char *pass, char *digest, char *salt,
324 unsigned int *iter, int *mode)
326 OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 6);
327 OSSL_PARAM *p = params;
329 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
330 (unsigned char *)pass, strlen(pass));
331 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
332 (unsigned char *)salt, strlen(salt));
333 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_ITER, iter);
334 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
336 *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, mode);
337 *p = OSSL_PARAM_construct_end();
342 static int test_kdf_pbkdf2(void)
346 unsigned char out[25];
347 unsigned int iterations = 4096;
350 const unsigned char expected[sizeof(out)] = {
351 0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f,
352 0x32, 0xd8, 0x14, 0xb8, 0x11, 0x6e, 0x84, 0xcf,
353 0x2b, 0x17, 0x34, 0x7e, 0xbc, 0x18, 0x00, 0x18,
357 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
358 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
361 if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
362 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
363 || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
364 || !TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)))
369 EVP_KDF_CTX_free(kctx);
370 OPENSSL_free(params);
374 static int test_kdf_pbkdf2_small_output(void)
378 unsigned char out[25];
379 unsigned int iterations = 4096;
383 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
384 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
387 if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
388 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
389 /* A key length that is too small should fail */
390 || !TEST_int_eq(EVP_KDF_derive(kctx, out, 112 / 8 - 1), 0))
395 EVP_KDF_CTX_free(kctx);
396 OPENSSL_free(params);
400 static int test_kdf_pbkdf2_large_output(void)
404 unsigned char out[25];
406 unsigned int iterations = 4096;
410 if (sizeof(len) > 32)
413 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
414 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
417 if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
418 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
419 /* A key length that is too large should fail */
420 || (len != 0 && !TEST_int_eq(EVP_KDF_derive(kctx, out, len), 0)))
425 EVP_KDF_CTX_free(kctx);
426 OPENSSL_free(params);
430 static int test_kdf_pbkdf2_small_salt(void)
434 unsigned int iterations = 4096;
438 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
442 if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
443 /* A salt that is too small should fail */
444 || !TEST_false(EVP_KDF_CTX_set_params(kctx, params)))
449 EVP_KDF_CTX_free(kctx);
450 OPENSSL_free(params);
454 static int test_kdf_pbkdf2_small_iterations(void)
458 unsigned int iterations = 1;
462 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
463 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
466 if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
467 /* An iteration count that is too small should fail */
468 || !TEST_false(EVP_KDF_CTX_set_params(kctx, params)))
473 EVP_KDF_CTX_free(kctx);
474 OPENSSL_free(params);
478 static int test_kdf_pbkdf2_small_salt_pkcs5(void)
482 unsigned char out[25];
483 unsigned int iterations = 4096;
486 OSSL_PARAM mode_params[2];
488 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
492 if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
493 /* A salt that is too small should pass in pkcs5 mode */
494 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
495 || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0))
499 mode_params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &mode);
500 mode_params[1] = OSSL_PARAM_construct_end();
502 /* If the "pkcs5" mode is disabled then the derive will now fail */
503 if (!TEST_true(EVP_KDF_CTX_set_params(kctx, mode_params))
504 || !TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out)), 0))
509 EVP_KDF_CTX_free(kctx);
510 OPENSSL_free(params);
514 static int test_kdf_pbkdf2_small_iterations_pkcs5(void)
518 unsigned char out[25];
519 unsigned int iterations = 1;
522 OSSL_PARAM mode_params[2];
524 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
525 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
528 if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
529 /* An iteration count that is too small will pass in pkcs5 mode */
530 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
531 || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0))
535 mode_params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &mode);
536 mode_params[1] = OSSL_PARAM_construct_end();
538 /* If the "pkcs5" mode is disabled then the derive will now fail */
539 if (!TEST_true(EVP_KDF_CTX_set_params(kctx, mode_params))
540 || !TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out)), 0))
545 EVP_KDF_CTX_free(kctx);
546 OPENSSL_free(params);
550 static int test_kdf_pbkdf2_invalid_digest(void)
554 unsigned int iterations = 4096;
558 params = construct_pbkdf2_params("passwordPASSWORDpassword", "blah",
559 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
562 if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
563 /* Unknown digest should fail */
564 || !TEST_false(EVP_KDF_CTX_set_params(kctx, params)))
569 EVP_KDF_CTX_free(kctx);
570 OPENSSL_free(params);
574 #ifndef OPENSSL_NO_SCRYPT
575 static int test_kdf_scrypt(void)
579 OSSL_PARAM params[7], *p = params;
580 unsigned char out[64];
581 unsigned int nu = 1024, ru = 8, pu = 16, maxmem = 16;
582 static const unsigned char expected[sizeof(out)] = {
583 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
584 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
585 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
586 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
587 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
588 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
589 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
590 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
593 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
594 (char *)"password", 8);
595 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
597 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_N, &nu);
598 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_R, &ru);
599 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_P, &pu);
600 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_MAXMEM, &maxmem);
601 *p = OSSL_PARAM_construct_end();
604 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SCRYPT))
605 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
607 && TEST_int_le(EVP_KDF_derive(kctx, out, sizeof(out)), 0)*/
608 && TEST_true(OSSL_PARAM_set_uint(p - 1, 10 * 1024 * 1024))
609 && TEST_true(EVP_KDF_CTX_set_params(kctx, p - 1))
610 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
611 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
613 EVP_KDF_CTX_free(kctx);
616 #endif /* OPENSSL_NO_SCRYPT */
618 static int test_kdf_ss_hash(void)
622 OSSL_PARAM params[4], *p = params;
623 unsigned char out[14];
624 static unsigned char z[] = {
625 0x6d,0xbd,0xc2,0x3f,0x04,0x54,0x88,0xe4,0x06,0x27,0x57,0xb0,0x6b,0x9e,
626 0xba,0xe1,0x83,0xfc,0x5a,0x59,0x46,0xd8,0x0d,0xb9,0x3f,0xec,0x6f,0x62,
627 0xec,0x07,0xe3,0x72,0x7f,0x01,0x26,0xae,0xd1,0x2c,0xe4,0xb2,0x62,0xf4,
628 0x7d,0x48,0xd5,0x42,0x87,0xf8,0x1d,0x47,0x4c,0x7c,0x3b,0x18,0x50,0xe9
630 static unsigned char other[] = {
631 0xa1,0xb2,0xc3,0xd4,0xe5,0x43,0x41,0x56,0x53,0x69,0x64,0x3c,0x83,0x2e,
632 0x98,0x49,0xdc,0xdb,0xa7,0x1e,0x9a,0x31,0x39,0xe6,0x06,0xe0,0x95,0xde,
633 0x3c,0x26,0x4a,0x66,0xe9,0x8a,0x16,0x58,0x54,0xcd,0x07,0x98,0x9b,0x1e,
634 0xe0,0xec,0x3f,0x8d,0xbe
636 static const unsigned char expected[sizeof(out)] = {
637 0xa4,0x62,0xde,0x16,0xa8,0x9d,0xe8,0x46,0x6e,0xf5,0x46,0x0b,0x47,0xb8
640 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
641 (char *)"sha224", sizeof("sha224"));
642 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
643 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
645 *p = OSSL_PARAM_construct_end();
648 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
649 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
650 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
651 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
653 EVP_KDF_CTX_free(kctx);
657 static int test_kdf_x963(void)
661 OSSL_PARAM params[4], *p = params;
662 unsigned char out[1024 / 8];
664 * Test data from https://csrc.nist.gov/CSRC/media/Projects/
665 * Cryptographic-Algorithm-Validation-Program/documents/components/
666 * 800-135testvectors/ansx963_2001.zip
668 static unsigned char z[] = {
669 0x00, 0xaa, 0x5b, 0xb7, 0x9b, 0x33, 0xe3, 0x89, 0xfa, 0x58, 0xce, 0xad,
670 0xc0, 0x47, 0x19, 0x7f, 0x14, 0xe7, 0x37, 0x12, 0xf4, 0x52, 0xca, 0xa9,
671 0xfc, 0x4c, 0x9a, 0xdb, 0x36, 0x93, 0x48, 0xb8, 0x15, 0x07, 0x39, 0x2f,
672 0x1a, 0x86, 0xdd, 0xfd, 0xb7, 0xc4, 0xff, 0x82, 0x31, 0xc4, 0xbd, 0x0f,
673 0x44, 0xe4, 0x4a, 0x1b, 0x55, 0xb1, 0x40, 0x47, 0x47, 0xa9, 0xe2, 0xe7,
674 0x53, 0xf5, 0x5e, 0xf0, 0x5a, 0x2d
676 static unsigned char shared[] = {
677 0xe3, 0xb5, 0xb4, 0xc1, 0xb0, 0xd5, 0xcf, 0x1d, 0x2b, 0x3a, 0x2f, 0x99,
678 0x37, 0x89, 0x5d, 0x31
680 static const unsigned char expected[sizeof(out)] = {
681 0x44, 0x63, 0xf8, 0x69, 0xf3, 0xcc, 0x18, 0x76, 0x9b, 0x52, 0x26, 0x4b,
682 0x01, 0x12, 0xb5, 0x85, 0x8f, 0x7a, 0xd3, 0x2a, 0x5a, 0x2d, 0x96, 0xd8,
683 0xcf, 0xfa, 0xbf, 0x7f, 0xa7, 0x33, 0x63, 0x3d, 0x6e, 0x4d, 0xd2, 0xa5,
684 0x99, 0xac, 0xce, 0xb3, 0xea, 0x54, 0xa6, 0x21, 0x7c, 0xe0, 0xb5, 0x0e,
685 0xef, 0x4f, 0x6b, 0x40, 0xa5, 0xc3, 0x02, 0x50, 0xa5, 0xa8, 0xee, 0xee,
686 0x20, 0x80, 0x02, 0x26, 0x70, 0x89, 0xdb, 0xf3, 0x51, 0xf3, 0xf5, 0x02,
687 0x2a, 0xa9, 0x63, 0x8b, 0xf1, 0xee, 0x41, 0x9d, 0xea, 0x9c, 0x4f, 0xf7,
688 0x45, 0xa2, 0x5a, 0xc2, 0x7b, 0xda, 0x33, 0xca, 0x08, 0xbd, 0x56, 0xdd,
689 0x1a, 0x59, 0xb4, 0x10, 0x6c, 0xf2, 0xdb, 0xbc, 0x0a, 0xb2, 0xaa, 0x8e,
690 0x2e, 0xfa, 0x7b, 0x17, 0x90, 0x2d, 0x34, 0x27, 0x69, 0x51, 0xce, 0xcc,
691 0xab, 0x87, 0xf9, 0x66, 0x1c, 0x3e, 0x88, 0x16
694 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
695 (char *)"sha512", sizeof("sha512"));
696 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
697 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, shared,
699 *p = OSSL_PARAM_construct_end();
702 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X963KDF))
703 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
704 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
705 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
707 EVP_KDF_CTX_free(kctx);
711 #if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_CAMELLIA)
713 * KBKDF test vectors from RFC 6803 (Camellia Encryption for Kerberos 5)
716 static int test_kdf_kbkdf_6803_128(void)
720 OSSL_PARAM params[7];
721 static unsigned char input_key[] = {
722 0x57, 0xD0, 0x29, 0x72, 0x98, 0xFF, 0xD9, 0xD3,
723 0x5D, 0xE5, 0xA4, 0x7F, 0xB4, 0xBD, 0xE2, 0x4B,
725 static unsigned char constants[][5] = {
726 { 0x00, 0x00, 0x00, 0x02, 0x99 },
727 { 0x00, 0x00, 0x00, 0x02, 0xaa },
728 { 0x00, 0x00, 0x00, 0x02, 0x55 },
730 static unsigned char outputs[][16] = {
731 {0xD1, 0x55, 0x77, 0x5A, 0x20, 0x9D, 0x05, 0xF0,
732 0x2B, 0x38, 0xD4, 0x2A, 0x38, 0x9E, 0x5A, 0x56},
733 {0x64, 0xDF, 0x83, 0xF8, 0x5A, 0x53, 0x2F, 0x17,
734 0x57, 0x7D, 0x8C, 0x37, 0x03, 0x57, 0x96, 0xAB},
735 {0x3E, 0x4F, 0xBD, 0xF3, 0x0F, 0xB8, 0x25, 0x9C,
736 0x42, 0x5C, 0xB6, 0xC9, 0x6F, 0x1F, 0x46, 0x35}
738 static unsigned char iv[16] = { 0 };
739 unsigned char result[16] = { 0 };
741 for (i = 0; i < 3; i++) {
743 params[p++] = OSSL_PARAM_construct_utf8_string(
744 OSSL_KDF_PARAM_CIPHER, "CAMELLIA-128-CBC", 0);
745 params[p++] = OSSL_PARAM_construct_utf8_string(
746 OSSL_KDF_PARAM_MAC, "CMAC", 0);
747 params[p++] = OSSL_PARAM_construct_utf8_string(
748 OSSL_KDF_PARAM_MODE, "FEEDBACK", 0);
749 params[p++] = OSSL_PARAM_construct_octet_string(
750 OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
751 params[p++] = OSSL_PARAM_construct_octet_string(
752 OSSL_KDF_PARAM_SALT, constants[i], sizeof(constants[i]));
753 params[p++] = OSSL_PARAM_construct_octet_string(
754 OSSL_KDF_PARAM_SEED, iv, sizeof(iv));
755 params[p] = OSSL_PARAM_construct_end();
757 kctx = get_kdfbyname("KBKDF");
759 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
760 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0)
761 && TEST_mem_eq(result, sizeof(result), outputs[i],
763 EVP_KDF_CTX_free(kctx);
771 static int test_kdf_kbkdf_6803_256(void)
775 OSSL_PARAM params[7];
776 static unsigned char input_key[] = {
777 0xB9, 0xD6, 0x82, 0x8B, 0x20, 0x56, 0xB7, 0xBE,
778 0x65, 0x6D, 0x88, 0xA1, 0x23, 0xB1, 0xFA, 0xC6,
779 0x82, 0x14, 0xAC, 0x2B, 0x72, 0x7E, 0xCF, 0x5F,
780 0x69, 0xAF, 0xE0, 0xC4, 0xDF, 0x2A, 0x6D, 0x2C,
782 static unsigned char constants[][5] = {
783 { 0x00, 0x00, 0x00, 0x02, 0x99 },
784 { 0x00, 0x00, 0x00, 0x02, 0xaa },
785 { 0x00, 0x00, 0x00, 0x02, 0x55 },
787 static unsigned char outputs[][32] = {
788 {0xE4, 0x67, 0xF9, 0xA9, 0x55, 0x2B, 0xC7, 0xD3,
789 0x15, 0x5A, 0x62, 0x20, 0xAF, 0x9C, 0x19, 0x22,
790 0x0E, 0xEE, 0xD4, 0xFF, 0x78, 0xB0, 0xD1, 0xE6,
791 0xA1, 0x54, 0x49, 0x91, 0x46, 0x1A, 0x9E, 0x50,
793 {0x41, 0x2A, 0xEF, 0xC3, 0x62, 0xA7, 0x28, 0x5F,
794 0xC3, 0x96, 0x6C, 0x6A, 0x51, 0x81, 0xE7, 0x60,
795 0x5A, 0xE6, 0x75, 0x23, 0x5B, 0x6D, 0x54, 0x9F,
796 0xBF, 0xC9, 0xAB, 0x66, 0x30, 0xA4, 0xC6, 0x04,
798 {0xFA, 0x62, 0x4F, 0xA0, 0xE5, 0x23, 0x99, 0x3F,
799 0xA3, 0x88, 0xAE, 0xFD, 0xC6, 0x7E, 0x67, 0xEB,
800 0xCD, 0x8C, 0x08, 0xE8, 0xA0, 0x24, 0x6B, 0x1D,
801 0x73, 0xB0, 0xD1, 0xDD, 0x9F, 0xC5, 0x82, 0xB0,
804 static unsigned char iv[16] = { 0 };
805 unsigned char result[32] = { 0 };
807 for (i = 0; i < 3; i++) {
809 params[p++] = OSSL_PARAM_construct_utf8_string(
810 OSSL_KDF_PARAM_CIPHER, "CAMELLIA-256-CBC", 0);
811 params[p++] = OSSL_PARAM_construct_utf8_string(
812 OSSL_KDF_PARAM_MAC, "CMAC", 0);
813 params[p++] = OSSL_PARAM_construct_utf8_string(
814 OSSL_KDF_PARAM_MODE, "FEEDBACK", 0);
815 params[p++] = OSSL_PARAM_construct_octet_string(
816 OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
817 params[p++] = OSSL_PARAM_construct_octet_string(
818 OSSL_KDF_PARAM_SALT, constants[i], sizeof(constants[i]));
819 params[p++] = OSSL_PARAM_construct_octet_string(
820 OSSL_KDF_PARAM_SEED, iv, sizeof(iv));
821 params[p] = OSSL_PARAM_construct_end();
823 kctx = get_kdfbyname("KBKDF");
825 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
826 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0)
827 && TEST_mem_eq(result, sizeof(result), outputs[i],
829 EVP_KDF_CTX_free(kctx);
838 static OSSL_PARAM *construct_kbkdf_params(char *digest, char *mac, unsigned char *key,
839 size_t keylen, char *salt, char *info)
841 OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 7);
842 OSSL_PARAM *p = params;
844 *p++ = OSSL_PARAM_construct_utf8_string(
845 OSSL_KDF_PARAM_DIGEST, digest, 0);
846 *p++ = OSSL_PARAM_construct_utf8_string(
847 OSSL_KDF_PARAM_MAC, mac, 0);
848 *p++ = OSSL_PARAM_construct_utf8_string(
849 OSSL_KDF_PARAM_MODE, "COUNTER", 0);
850 *p++ = OSSL_PARAM_construct_octet_string(
851 OSSL_KDF_PARAM_KEY, key, keylen);
852 *p++ = OSSL_PARAM_construct_octet_string(
853 OSSL_KDF_PARAM_SALT, salt, strlen(salt));
854 *p++ = OSSL_PARAM_construct_octet_string(
855 OSSL_KDF_PARAM_INFO, info, strlen(info));
856 *p = OSSL_PARAM_construct_end();
861 static int test_kdf_kbkdf_invalid_digest(void)
867 static unsigned char key[] = {0x01};
869 params = construct_kbkdf_params("blah", "HMAC", key, 1, "prf", "test");
871 /* Negative test case - set_params should fail */
872 kctx = get_kdfbyname("KBKDF");
874 && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
876 EVP_KDF_CTX_free(kctx);
877 OPENSSL_free(params);
881 static int test_kdf_kbkdf_invalid_mac(void)
887 static unsigned char key[] = {0x01};
889 params = construct_kbkdf_params("sha256", "blah", key, 1, "prf", "test");
891 /* Negative test case - set_params should fail */
892 kctx = get_kdfbyname("KBKDF");
894 && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
896 EVP_KDF_CTX_free(kctx);
897 OPENSSL_free(params);
901 static int test_kdf_kbkdf_empty_key(void)
907 static unsigned char key[] = {0x01};
908 unsigned char result[32] = { 0 };
910 params = construct_kbkdf_params("sha256", "HMAC", key, 0, "prf", "test");
912 /* Negative test case - derive should fail */
913 kctx = get_kdfbyname("KBKDF");
915 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
916 && TEST_int_eq(EVP_KDF_derive(kctx, result, sizeof(result)), 0);
918 EVP_KDF_CTX_free(kctx);
919 OPENSSL_free(params);
923 static int test_kdf_kbkdf_1byte_key(void)
929 static unsigned char key[] = {0x01};
930 unsigned char result[32] = { 0 };
932 params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test");
934 kctx = get_kdfbyname("KBKDF");
936 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
937 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0);
939 EVP_KDF_CTX_free(kctx);
940 OPENSSL_free(params);
944 static int test_kdf_kbkdf_zero_output_size(void)
950 static unsigned char key[] = {0x01};
951 unsigned char result[32] = { 0 };
953 params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test");
955 /* Negative test case - derive should fail */
956 kctx = get_kdfbyname("KBKDF");
958 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
959 && TEST_int_eq(EVP_KDF_derive(kctx, result, 0), 0);
961 EVP_KDF_CTX_free(kctx);
962 OPENSSL_free(params);
966 /* Two test vectors from RFC 8009 (AES Encryption with HMAC-SHA2 for Kerberos
968 static int test_kdf_kbkdf_8009_prf1(void)
972 OSSL_PARAM params[6];
973 char *label = "prf", *digest = "sha256", *prf_input = "test",
975 static unsigned char input_key[] = {
976 0x37, 0x05, 0xD9, 0x60, 0x80, 0xC1, 0x77, 0x28,
977 0xA0, 0xE8, 0x00, 0xEA, 0xB6, 0xE0, 0xD2, 0x3C,
979 static unsigned char output[] = {
980 0x9D, 0x18, 0x86, 0x16, 0xF6, 0x38, 0x52, 0xFE,
981 0x86, 0x91, 0x5B, 0xB8, 0x40, 0xB4, 0xA8, 0x86,
982 0xFF, 0x3E, 0x6B, 0xB0, 0xF8, 0x19, 0xB4, 0x9B,
983 0x89, 0x33, 0x93, 0xD3, 0x93, 0x85, 0x42, 0x95,
985 unsigned char result[sizeof(output)] = { 0 };
987 params[i++] = OSSL_PARAM_construct_utf8_string(
988 OSSL_KDF_PARAM_DIGEST, digest, 0);
989 params[i++] = OSSL_PARAM_construct_utf8_string(
990 OSSL_KDF_PARAM_MAC, mac, 0);
991 params[i++] = OSSL_PARAM_construct_octet_string(
992 OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
993 params[i++] = OSSL_PARAM_construct_octet_string(
994 OSSL_KDF_PARAM_SALT, label, strlen(label));
995 params[i++] = OSSL_PARAM_construct_octet_string(
996 OSSL_KDF_PARAM_INFO, prf_input, strlen(prf_input));
997 params[i] = OSSL_PARAM_construct_end();
999 kctx = get_kdfbyname("KBKDF");
1000 ret = TEST_ptr(kctx)
1001 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
1002 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0)
1003 && TEST_mem_eq(result, sizeof(result), output, sizeof(output));
1005 EVP_KDF_CTX_free(kctx);
1009 static int test_kdf_kbkdf_8009_prf2(void)
1013 OSSL_PARAM params[6];
1014 char *label = "prf", *digest = "sha384", *prf_input = "test",
1016 static unsigned char input_key[] = {
1017 0x6D, 0x40, 0x4D, 0x37, 0xFA, 0xF7, 0x9F, 0x9D,
1018 0xF0, 0xD3, 0x35, 0x68, 0xD3, 0x20, 0x66, 0x98,
1019 0x00, 0xEB, 0x48, 0x36, 0x47, 0x2E, 0xA8, 0xA0,
1020 0x26, 0xD1, 0x6B, 0x71, 0x82, 0x46, 0x0C, 0x52,
1022 static unsigned char output[] = {
1023 0x98, 0x01, 0xF6, 0x9A, 0x36, 0x8C, 0x2B, 0xF6,
1024 0x75, 0xE5, 0x95, 0x21, 0xE1, 0x77, 0xD9, 0xA0,
1025 0x7F, 0x67, 0xEF, 0xE1, 0xCF, 0xDE, 0x8D, 0x3C,
1026 0x8D, 0x6F, 0x6A, 0x02, 0x56, 0xE3, 0xB1, 0x7D,
1027 0xB3, 0xC1, 0xB6, 0x2A, 0xD1, 0xB8, 0x55, 0x33,
1028 0x60, 0xD1, 0x73, 0x67, 0xEB, 0x15, 0x14, 0xD2,
1030 unsigned char result[sizeof(output)] = { 0 };
1032 params[i++] = OSSL_PARAM_construct_utf8_string(
1033 OSSL_KDF_PARAM_DIGEST, digest, 0);
1034 params[i++] = OSSL_PARAM_construct_utf8_string(
1035 OSSL_KDF_PARAM_MAC, mac, 0);
1036 params[i++] = OSSL_PARAM_construct_octet_string(
1037 OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
1038 params[i++] = OSSL_PARAM_construct_octet_string(
1039 OSSL_KDF_PARAM_SALT, label, strlen(label));
1040 params[i++] = OSSL_PARAM_construct_octet_string(
1041 OSSL_KDF_PARAM_INFO, prf_input, strlen(prf_input));
1042 params[i] = OSSL_PARAM_construct_end();
1044 kctx = get_kdfbyname("KBKDF");
1045 ret = TEST_ptr(kctx)
1046 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
1047 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0)
1048 && TEST_mem_eq(result, sizeof(result), output, sizeof(output));
1050 EVP_KDF_CTX_free(kctx);
1054 static int test_kdf_ss_hmac(void)
1058 OSSL_PARAM params[6], *p = params;
1059 unsigned char out[16];
1060 static unsigned char z[] = {
1061 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
1063 static unsigned char other[] = {
1064 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
1066 static unsigned char salt[] = {
1067 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
1070 static const unsigned char expected[sizeof(out)] = {
1071 0x44,0xf6,0x76,0xe8,0x5c,0x1b,0x1a,0x8b,0xbc,0x3d,0x31,0x92,0x18,0x63,
1075 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
1076 (char *)OSSL_MAC_NAME_HMAC,
1077 sizeof(OSSL_MAC_NAME_HMAC));
1078 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
1079 (char *)"sha256", sizeof("sha256"));
1080 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
1081 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
1083 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt,
1085 *p = OSSL_PARAM_construct_end();
1088 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
1089 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
1090 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
1091 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1093 EVP_KDF_CTX_free(kctx);
1097 static int test_kdf_ss_kmac(void)
1101 OSSL_PARAM params[6], *p = params;
1102 unsigned char out[64];
1103 size_t mac_size = 20;
1104 static unsigned char z[] = {
1105 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
1107 static unsigned char other[] = {
1108 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
1110 static unsigned char salt[] = {
1111 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
1114 static const unsigned char expected[sizeof(out)] = {
1115 0xe9,0xc1,0x84,0x53,0xa0,0x62,0xb5,0x3b,0xdb,0xfc,0xbb,0x5a,0x34,0xbd,
1116 0xb8,0xe5,0xe7,0x07,0xee,0xbb,0x5d,0xd1,0x34,0x42,0x43,0xd8,0xcf,0xc2,
1117 0xc2,0xe6,0x33,0x2f,0x91,0xbd,0xa5,0x86,0xf3,0x7d,0xe4,0x8a,0x65,0xd4,
1118 0xc5,0x14,0xfd,0xef,0xaa,0x1e,0x67,0x54,0xf3,0x73,0xd2,0x38,0xe1,0x95,
1119 0xae,0x15,0x7e,0x1d,0xe8,0x14,0x98,0x03
1122 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
1123 (char *)OSSL_MAC_NAME_KMAC128,
1124 sizeof(OSSL_MAC_NAME_KMAC128));
1125 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
1126 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
1128 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt,
1130 *p++ = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_MAC_SIZE, &mac_size);
1131 *p = OSSL_PARAM_construct_end();
1134 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
1135 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
1136 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
1137 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1139 EVP_KDF_CTX_free(kctx);
1143 static int test_kdf_sshkdf(void)
1147 OSSL_PARAM params[6], *p = params;
1148 char kdftype = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV;
1149 unsigned char out[8];
1150 /* Test data from NIST CAVS 14.1 test vectors */
1151 static unsigned char key[] = {
1152 0x00, 0x00, 0x00, 0x81, 0x00, 0x87, 0x5c, 0x55, 0x1c, 0xef, 0x52, 0x6a,
1153 0x4a, 0x8b, 0xe1, 0xa7, 0xdf, 0x27, 0xe9, 0xed, 0x35, 0x4b, 0xac, 0x9a,
1154 0xfb, 0x71, 0xf5, 0x3d, 0xba, 0xe9, 0x05, 0x67, 0x9d, 0x14, 0xf9, 0xfa,
1155 0xf2, 0x46, 0x9c, 0x53, 0x45, 0x7c, 0xf8, 0x0a, 0x36, 0x6b, 0xe2, 0x78,
1156 0x96, 0x5b, 0xa6, 0x25, 0x52, 0x76, 0xca, 0x2d, 0x9f, 0x4a, 0x97, 0xd2,
1157 0x71, 0xf7, 0x1e, 0x50, 0xd8, 0xa9, 0xec, 0x46, 0x25, 0x3a, 0x6a, 0x90,
1158 0x6a, 0xc2, 0xc5, 0xe4, 0xf4, 0x8b, 0x27, 0xa6, 0x3c, 0xe0, 0x8d, 0x80,
1159 0x39, 0x0a, 0x49, 0x2a, 0xa4, 0x3b, 0xad, 0x9d, 0x88, 0x2c, 0xca, 0xc2,
1160 0x3d, 0xac, 0x88, 0xbc, 0xad, 0xa4, 0xb4, 0xd4, 0x26, 0xa3, 0x62, 0x08,
1161 0x3d, 0xab, 0x65, 0x69, 0xc5, 0x4c, 0x22, 0x4d, 0xd2, 0xd8, 0x76, 0x43,
1162 0xaa, 0x22, 0x76, 0x93, 0xe1, 0x41, 0xad, 0x16, 0x30, 0xce, 0x13, 0x14,
1165 static unsigned char xcghash[] = {
1166 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
1167 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
1168 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
1170 static unsigned char sessid[] = {
1171 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
1172 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
1173 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
1175 static const unsigned char expected[sizeof(out)] = {
1176 0x41, 0xff, 0x2e, 0xad, 0x16, 0x83, 0xf1, 0xe6
1179 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
1180 (char *)"sha256", sizeof("sha256"));
1181 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key,
1183 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_XCGHASH,
1184 xcghash, sizeof(xcghash));
1185 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_SESSION_ID,
1186 sessid, sizeof(sessid));
1187 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE,
1188 &kdftype, sizeof(kdftype));
1189 *p = OSSL_PARAM_construct_end();
1192 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSHKDF))
1193 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
1194 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
1195 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1197 EVP_KDF_CTX_free(kctx);
1201 static int test_kdf_get_kdf(void)
1203 EVP_KDF *kdf1 = NULL, *kdf2 = NULL;
1207 if (!TEST_ptr(obj = OBJ_nid2obj(NID_id_pbkdf2))
1208 || !TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_PBKDF2, NULL))
1209 || !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(OBJ_obj2nid(obj)),
1211 || !TEST_ptr_eq(kdf1, kdf2))
1218 if (!TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, SN_tls1_prf, NULL))
1219 || !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, LN_tls1_prf, NULL))
1220 || !TEST_ptr_eq(kdf1, kdf2))
1222 /* kdf1 is re-used below, so don't free it here */
1226 if (!TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(NID_tls1_prf), NULL))
1227 || !TEST_ptr_eq(kdf1, kdf2))
1237 #ifndef OPENSSL_NO_CMS
1238 static int test_kdf_x942_asn1(void)
1241 EVP_KDF_CTX *kctx = NULL;
1242 OSSL_PARAM params[4], *p = params;
1243 const char *cek_alg = SN_id_smime_alg_CMS3DESwrap;
1244 unsigned char out[24];
1245 /* RFC2631 Section 2.1.6 Test data */
1246 static unsigned char z[] = {
1247 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,
1248 0x0e,0x0f,0x10,0x11,0x12,0x13
1250 static const unsigned char expected[sizeof(out)] = {
1251 0xa0,0x96,0x61,0x39,0x23,0x76,0xf7,0x04,
1252 0x4d,0x90,0x52,0xa3,0x97,0x88,0x32,0x46,
1253 0xb6,0x7f,0x5f,0x1e,0xf6,0x3e,0xb5,0xfb
1256 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
1258 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z,
1260 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG,
1261 (char *)cek_alg, 0);
1262 *p = OSSL_PARAM_construct_end();
1265 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X942KDF))
1266 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
1267 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
1268 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1270 EVP_KDF_CTX_free(kctx);
1273 #endif /* OPENSSL_NO_CMS */
1275 static int test_kdf_krb5kdf(void)
1279 OSSL_PARAM params[4], *p = params;
1280 unsigned char out[16];
1281 static unsigned char key[] = {
1282 0x42, 0x26, 0x3C, 0x6E, 0x89, 0xF4, 0xFC, 0x28,
1283 0xB8, 0xDF, 0x68, 0xEE, 0x09, 0x79, 0x9F, 0x15
1285 static unsigned char constant[] = {
1286 0x00, 0x00, 0x00, 0x02, 0x99
1288 static const unsigned char expected[sizeof(out)] = {
1289 0x34, 0x28, 0x0A, 0x38, 0x2B, 0xC9, 0x27, 0x69,
1290 0xB2, 0xDA, 0x2F, 0x9E, 0xF0, 0x66, 0x85, 0x4B
1293 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER,
1294 (char *)"AES-128-CBC",
1295 sizeof("AES-128-CBC"));
1296 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key,
1298 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_CONSTANT,
1299 constant, sizeof(constant));
1300 *p = OSSL_PARAM_construct_end();
1303 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_KRB5KDF))
1304 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
1305 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
1306 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1308 EVP_KDF_CTX_free(kctx);
1312 int setup_tests(void)
1314 #if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_CAMELLIA)
1315 ADD_TEST(test_kdf_kbkdf_6803_128);
1316 ADD_TEST(test_kdf_kbkdf_6803_256);
1318 ADD_TEST(test_kdf_kbkdf_invalid_digest);
1319 ADD_TEST(test_kdf_kbkdf_invalid_mac);
1320 ADD_TEST(test_kdf_kbkdf_zero_output_size);
1321 ADD_TEST(test_kdf_kbkdf_empty_key);
1322 ADD_TEST(test_kdf_kbkdf_1byte_key);
1323 ADD_TEST(test_kdf_kbkdf_8009_prf1);
1324 ADD_TEST(test_kdf_kbkdf_8009_prf2);
1325 ADD_TEST(test_kdf_get_kdf);
1326 ADD_TEST(test_kdf_tls1_prf);
1327 ADD_TEST(test_kdf_tls1_prf_invalid_digest);
1328 ADD_TEST(test_kdf_tls1_prf_zero_output_size);
1329 ADD_TEST(test_kdf_tls1_prf_empty_secret);
1330 ADD_TEST(test_kdf_tls1_prf_1byte_secret);
1331 ADD_TEST(test_kdf_tls1_prf_empty_seed);
1332 ADD_TEST(test_kdf_tls1_prf_1byte_seed);
1333 ADD_TEST(test_kdf_hkdf);
1334 ADD_TEST(test_kdf_hkdf_invalid_digest);
1335 ADD_TEST(test_kdf_hkdf_zero_output_size);
1336 ADD_TEST(test_kdf_hkdf_empty_key);
1337 ADD_TEST(test_kdf_hkdf_1byte_key);
1338 ADD_TEST(test_kdf_hkdf_empty_salt);
1339 ADD_TEST(test_kdf_pbkdf2);
1340 ADD_TEST(test_kdf_pbkdf2_small_output);
1341 ADD_TEST(test_kdf_pbkdf2_large_output);
1342 ADD_TEST(test_kdf_pbkdf2_small_salt);
1343 ADD_TEST(test_kdf_pbkdf2_small_iterations);
1344 ADD_TEST(test_kdf_pbkdf2_small_salt_pkcs5);
1345 ADD_TEST(test_kdf_pbkdf2_small_iterations_pkcs5);
1346 ADD_TEST(test_kdf_pbkdf2_invalid_digest);
1347 #ifndef OPENSSL_NO_SCRYPT
1348 ADD_TEST(test_kdf_scrypt);
1350 ADD_TEST(test_kdf_ss_hash);
1351 ADD_TEST(test_kdf_ss_hmac);
1352 ADD_TEST(test_kdf_ss_kmac);
1353 ADD_TEST(test_kdf_sshkdf);
1354 ADD_TEST(test_kdf_x963);
1355 #ifndef OPENSSL_NO_CMS
1356 ADD_TEST(test_kdf_x942_asn1);
1358 ADD_TEST(test_kdf_krb5kdf);
projects / openssl.git / blob