Note that the mac command is preferrable to the MAC command line options.
[openssl.git] / test / evp_kdf_test.c
1 /*
2  * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
3  * Copyright (c) 2018-2019, Oracle and/or its affiliates.  All rights reserved.
4  *
5  * Licensed under the Apache License 2.0 (the "License").  You may not use
6  * this file except in compliance with the License.  You can obtain a copy
7  * in the file LICENSE in the source distribution or at
8  * https://www.openssl.org/source/license.html
9  */
10
11 /* Tests of the EVP_KDF_CTX APIs */
12
13 #include <stdio.h>
14 #include <string.h>
15
16 #include <openssl/evp.h>
17 #include <openssl/kdf.h>
18 #include "testutil.h"
19
20 static int test_kdf_tls1_prf(void)
21 {
22     int ret;
23     EVP_KDF_CTX *kctx = NULL;
24     const EVP_KDF *kdf;
25     unsigned char out[16];
26     static const unsigned char expected[sizeof(out)] = {
27         0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0,
28         0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc
29     };
30
31     ret =
32         TEST_ptr(kdf = EVP_get_kdfbyname(SN_tls1_prf))
33         && TEST_ptr(kctx = EVP_KDF_CTX_new(kdf))
34         && TEST_ptr_eq(EVP_KDF_CTX_kdf(kctx), kdf)
35         && TEST_str_eq(EVP_KDF_name(kdf), SN_tls1_prf)
36         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()), 0)
37         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_TLS_SECRET,
38                                     "secret", (size_t)6), 0)
39         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_TLS_SEED, "seed",
40                                     (size_t)4), 0)
41         && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
42         && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
43
44     EVP_KDF_CTX_free(kctx);
45     return ret;
46 }
47
48 static int test_kdf_hkdf(void)
49 {
50     int ret;
51     EVP_KDF_CTX *kctx;
52     unsigned char out[10];
53     static const unsigned char expected[sizeof(out)] = {
54         0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13
55     };
56
57     ret =
58         TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_HKDF))
59         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()), 0)
60         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt",
61                                     (size_t)4), 0)
62         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, "secret",
63                                     (size_t)6), 0)
64         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_HKDF_INFO, "label",
65                                     (size_t)5), 0)
66         && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
67         && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
68
69     EVP_KDF_CTX_free(kctx);
70     return ret;
71 }
72
73 static int test_kdf_pbkdf2(void)
74 {
75     int ret;
76     EVP_KDF_CTX *kctx;
77     unsigned char out[25];
78     size_t len = 0;
79     const unsigned char expected[sizeof(out)] = {
80         0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f,
81         0x32, 0xd8, 0x14, 0xb8, 0x11, 0x6e, 0x84, 0xcf,
82         0x2b, 0x17, 0x34, 0x7e, 0xbc, 0x18, 0x00, 0x18,
83         0x1c
84     };
85
86     if (sizeof(len) > 32)
87         len = SIZE_MAX;
88
89     ret = TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_PBKDF2))
90           && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS,
91                                       "passwordPASSWORDpassword",
92                                       (size_t)24), 0)
93           && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT,
94                                       "saltSALTsaltSALTsaltSALTsaltSALTsalt",
95                                       (size_t)36), 0)
96           && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 4096), 0)
97           && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()),
98                          0)
99           && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE,
100                                             0), 0)
101           && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
102           && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))
103           /* A key length that is too small should fail */
104           && TEST_int_eq(EVP_KDF_derive(kctx, out, 112 / 8 - 1), 0)
105           /* A key length that is too large should fail */
106           && (len == 0 || TEST_int_eq(EVP_KDF_derive(kctx, out, len), 0))
107           /* Salt length less than 128 bits should fail */
108           && TEST_int_eq(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT,
109                                       "123456781234567",
110                                       (size_t)15), 0)
111           /* A small iteration count should fail */
112           && TEST_int_eq(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 1), 0)
113           && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE,
114                                       1), 0)
115           /* Small salts will pass if the "pkcs5" mode is enabled */
116           && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT,
117                                       "123456781234567",
118                                       (size_t)15), 0)
119           /* A small iteration count will pass if "pkcs5" mode is enabled */
120           && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 1), 0)
121           /*
122            * If the "pkcs5" mode is disabled then the small salt and iter will
123            * fail when the derive gets called.
124            */
125           && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE,
126                                       0), 0)
127           && TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out)), 0);
128
129     EVP_KDF_CTX_free(kctx);
130     return ret;
131 }
132
133 #ifndef OPENSSL_NO_SCRYPT
134 static int test_kdf_scrypt(void)
135 {
136     int ret;
137     EVP_KDF_CTX *kctx;
138     unsigned char out[64];
139     static const unsigned char expected[sizeof(out)] = {
140         0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
141         0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
142         0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
143         0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
144         0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
145         0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
146         0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
147         0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
148     };
149
150     ret =
151         TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SCRYPT))
152         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password",
153                                     (size_t)8), 0)
154         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "NaCl",
155                                     (size_t)4), 0)
156         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_N,
157                                     (uint64_t)1024), 0)
158         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_R,
159                                     (uint32_t)8), 0)
160         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_P,
161                                     (uint32_t)16), 0)
162         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAXMEM_BYTES,
163                                     (uint64_t)16), 0)
164         /* failure test */
165         && TEST_int_le(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
166         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAXMEM_BYTES,
167                                     (uint64_t)(10 * 1024 * 1024)), 0)
168         && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
169         && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
170
171     EVP_KDF_CTX_free(kctx);
172     return ret;
173 }
174 #endif /* OPENSSL_NO_SCRYPT */
175
176 static int test_kdf_ss_hash(void)
177 {
178     int ret;
179     EVP_KDF_CTX *kctx = NULL;
180     unsigned char out[14];
181     static const unsigned char z[] = {
182         0x6d,0xbd,0xc2,0x3f,0x04,0x54,0x88,0xe4,0x06,0x27,0x57,0xb0,0x6b,0x9e,
183         0xba,0xe1,0x83,0xfc,0x5a,0x59,0x46,0xd8,0x0d,0xb9,0x3f,0xec,0x6f,0x62,
184         0xec,0x07,0xe3,0x72,0x7f,0x01,0x26,0xae,0xd1,0x2c,0xe4,0xb2,0x62,0xf4,
185         0x7d,0x48,0xd5,0x42,0x87,0xf8,0x1d,0x47,0x4c,0x7c,0x3b,0x18,0x50,0xe9
186     };
187     static const unsigned char other[] = {
188         0xa1,0xb2,0xc3,0xd4,0xe5,0x43,0x41,0x56,0x53,0x69,0x64,0x3c,0x83,0x2e,
189         0x98,0x49,0xdc,0xdb,0xa7,0x1e,0x9a,0x31,0x39,0xe6,0x06,0xe0,0x95,0xde,
190         0x3c,0x26,0x4a,0x66,0xe9,0x8a,0x16,0x58,0x54,0xcd,0x07,0x98,0x9b,0x1e,
191         0xe0,0xec,0x3f,0x8d,0xbe
192     };
193     static const unsigned char expected[sizeof(out)] = {
194         0xa4,0x62,0xde,0x16,0xa8,0x9d,0xe8,0x46,0x6e,0xf5,0x46,0x0b,0x47,0xb8
195     };
196
197     ret =
198         TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS))
199         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha224()), 0)
200         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z, sizeof(z)), 0)
201         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, other,
202                                     sizeof(other)), 0)
203         && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
204         && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
205
206     EVP_KDF_CTX_free(kctx);
207     return ret;
208 }
209
210 static int test_kdf_x963(void)
211 {
212     int ret;
213     EVP_KDF_CTX *kctx = NULL;
214     unsigned char out[1024 / 8];
215     /*
216      * Test data from https://csrc.nist.gov/CSRC/media/Projects/
217      *  Cryptographic-Algorithm-Validation-Program/documents/components/
218      *  800-135testvectors/ansx963_2001.zip
219      */
220     static const unsigned char z[] = {
221         0x00, 0xaa, 0x5b, 0xb7, 0x9b, 0x33, 0xe3, 0x89, 0xfa, 0x58, 0xce, 0xad,
222         0xc0, 0x47, 0x19, 0x7f, 0x14, 0xe7, 0x37, 0x12, 0xf4, 0x52, 0xca, 0xa9,
223         0xfc, 0x4c, 0x9a, 0xdb, 0x36, 0x93, 0x48, 0xb8, 0x15, 0x07, 0x39, 0x2f,
224         0x1a, 0x86, 0xdd, 0xfd, 0xb7, 0xc4, 0xff, 0x82, 0x31, 0xc4, 0xbd, 0x0f,
225         0x44, 0xe4, 0x4a, 0x1b, 0x55, 0xb1, 0x40, 0x47, 0x47, 0xa9, 0xe2, 0xe7,
226         0x53, 0xf5, 0x5e, 0xf0, 0x5a, 0x2d
227     };
228     static const unsigned char shared[] = {
229         0xe3, 0xb5, 0xb4, 0xc1, 0xb0, 0xd5, 0xcf, 0x1d, 0x2b, 0x3a, 0x2f, 0x99,
230         0x37, 0x89, 0x5d, 0x31
231     };
232     static const unsigned char expected[sizeof(out)] = {
233         0x44, 0x63, 0xf8, 0x69, 0xf3, 0xcc, 0x18, 0x76, 0x9b, 0x52, 0x26, 0x4b,
234         0x01, 0x12, 0xb5, 0x85, 0x8f, 0x7a, 0xd3, 0x2a, 0x5a, 0x2d, 0x96, 0xd8,
235         0xcf, 0xfa, 0xbf, 0x7f, 0xa7, 0x33, 0x63, 0x3d, 0x6e, 0x4d, 0xd2, 0xa5,
236         0x99, 0xac, 0xce, 0xb3, 0xea, 0x54, 0xa6, 0x21, 0x7c, 0xe0, 0xb5, 0x0e,
237         0xef, 0x4f, 0x6b, 0x40, 0xa5, 0xc3, 0x02, 0x50, 0xa5, 0xa8, 0xee, 0xee,
238         0x20, 0x80, 0x02, 0x26, 0x70, 0x89, 0xdb, 0xf3, 0x51, 0xf3, 0xf5, 0x02,
239         0x2a, 0xa9, 0x63, 0x8b, 0xf1, 0xee, 0x41, 0x9d, 0xea, 0x9c, 0x4f, 0xf7,
240         0x45, 0xa2, 0x5a, 0xc2, 0x7b, 0xda, 0x33, 0xca, 0x08, 0xbd, 0x56, 0xdd,
241         0x1a, 0x59, 0xb4, 0x10, 0x6c, 0xf2, 0xdb, 0xbc, 0x0a, 0xb2, 0xaa, 0x8e,
242         0x2e, 0xfa, 0x7b, 0x17, 0x90, 0x2d, 0x34, 0x27, 0x69, 0x51, 0xce, 0xcc,
243         0xab, 0x87, 0xf9, 0x66, 0x1c, 0x3e, 0x88, 0x16
244     };
245
246     ret =
247         TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_X963))
248         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha512()), 0)
249         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z, sizeof(z)), 0)
250         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SHARED_INFO, shared,
251                                     sizeof(shared)), 0)
252         && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
253         && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
254
255     EVP_KDF_CTX_free(kctx);
256     return ret;
257 }
258
259 static int test_kdf_ss_hmac(void)
260 {
261     int ret;
262     EVP_KDF_CTX *kctx;
263     unsigned char out[16];
264     static const unsigned char z[] = {
265         0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
266     };
267     static const unsigned char other[] = {
268         0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
269     };
270     static const unsigned char salt[] = {
271         0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
272         0x3f,0x89
273     };
274     static const unsigned char expected[sizeof(out)] = {
275         0x44,0xf6,0x76,0xe8,0x5c,0x1b,0x1a,0x8b,0xbc,0x3d,0x31,0x92,0x18,0x63,
276         0x1c,0xa3
277     };
278
279     ret =
280         TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS))
281         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC, "HMAC"), 0)
282         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD,  EVP_sha256()), 0)
283         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z, sizeof(z)), 0)
284         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, other,
285                                     sizeof(other)), 0)
286         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, salt,
287                                     sizeof(salt)), 0)
288         && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
289         && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
290
291     EVP_KDF_CTX_free(kctx);
292     return ret;
293 }
294
295 static int test_kdf_ss_kmac(void)
296 {
297     int ret;
298     EVP_KDF_CTX *kctx;
299     unsigned char out[64];
300     static const unsigned char z[] = {
301         0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
302     };
303     static const unsigned char other[] = {
304         0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
305     };
306     static const unsigned char salt[] = {
307         0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
308         0x3f,0x89
309     };
310     static const unsigned char expected[sizeof(out)] = {
311         0xe9,0xc1,0x84,0x53,0xa0,0x62,0xb5,0x3b,0xdb,0xfc,0xbb,0x5a,0x34,0xbd,
312         0xb8,0xe5,0xe7,0x07,0xee,0xbb,0x5d,0xd1,0x34,0x42,0x43,0xd8,0xcf,0xc2,
313         0xc2,0xe6,0x33,0x2f,0x91,0xbd,0xa5,0x86,0xf3,0x7d,0xe4,0x8a,0x65,0xd4,
314         0xc5,0x14,0xfd,0xef,0xaa,0x1e,0x67,0x54,0xf3,0x73,0xd2,0x38,0xe1,0x95,
315         0xae,0x15,0x7e,0x1d,0xe8,0x14,0x98,0x03
316     };
317
318     ret =
319         TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS))
320         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC, "KMAC128"), 0)
321         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z,
322                                     sizeof(z)), 0)
323         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, other,
324                                     sizeof(other)), 0)
325         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, salt,
326                                     sizeof(salt)), 0)
327         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC_SIZE,
328                                     (size_t)20), 0)
329         && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
330         && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
331
332     EVP_KDF_CTX_free(kctx);
333     return ret;
334 }
335
336 static int test_kdf_sshkdf(void)
337 {
338     int ret;
339     EVP_KDF_CTX *kctx;
340     unsigned char out[8];
341     /* Test data from NIST CAVS 14.1 test vectors */
342     static const unsigned char key[] = {
343         0x00, 0x00, 0x00, 0x81, 0x00, 0x87, 0x5c, 0x55, 0x1c, 0xef, 0x52, 0x6a,
344         0x4a, 0x8b, 0xe1, 0xa7, 0xdf, 0x27, 0xe9, 0xed, 0x35, 0x4b, 0xac, 0x9a,
345         0xfb, 0x71, 0xf5, 0x3d, 0xba, 0xe9, 0x05, 0x67, 0x9d, 0x14, 0xf9, 0xfa,
346         0xf2, 0x46, 0x9c, 0x53, 0x45, 0x7c, 0xf8, 0x0a, 0x36, 0x6b, 0xe2, 0x78,
347         0x96, 0x5b, 0xa6, 0x25, 0x52, 0x76, 0xca, 0x2d, 0x9f, 0x4a, 0x97, 0xd2,
348         0x71, 0xf7, 0x1e, 0x50, 0xd8, 0xa9, 0xec, 0x46, 0x25, 0x3a, 0x6a, 0x90,
349         0x6a, 0xc2, 0xc5, 0xe4, 0xf4, 0x8b, 0x27, 0xa6, 0x3c, 0xe0, 0x8d, 0x80,
350         0x39, 0x0a, 0x49, 0x2a, 0xa4, 0x3b, 0xad, 0x9d, 0x88, 0x2c, 0xca, 0xc2,
351         0x3d, 0xac, 0x88, 0xbc, 0xad, 0xa4, 0xb4, 0xd4, 0x26, 0xa3, 0x62, 0x08,
352         0x3d, 0xab, 0x65, 0x69, 0xc5, 0x4c, 0x22, 0x4d, 0xd2, 0xd8, 0x76, 0x43,
353         0xaa, 0x22, 0x76, 0x93, 0xe1, 0x41, 0xad, 0x16, 0x30, 0xce, 0x13, 0x14,
354         0x4e
355     };
356     static const unsigned char xcghash[] = {
357         0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
358         0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
359         0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
360     };
361     static const unsigned char sessid[] = {
362         0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
363         0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
364         0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
365     };
366     static const unsigned char expected[sizeof(out)] = {
367         0x41, 0xff, 0x2e, 0xad, 0x16, 0x83, 0xf1, 0xe6
368     };
369
370     ret =
371         TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF))
372         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()), 0)
373         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, key,
374                                     sizeof(key)), 0)
375         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSHKDF_XCGHASH,
376                                     xcghash, sizeof(xcghash)), 0)
377         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID,
378                                     sessid, sizeof(sessid)), 0)
379         && TEST_int_gt(
380                 EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSHKDF_TYPE,
381                             (int)EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV), 0)
382         && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
383         && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
384
385     EVP_KDF_CTX_free(kctx);
386     return ret;
387 }
388
389 static int test_kdf_get_kdf(void)
390 {
391     const EVP_KDF *kdf1, *kdf2;
392     ASN1_OBJECT *obj;
393
394     return
395         TEST_ptr(obj = OBJ_nid2obj(NID_id_pbkdf2))
396         && TEST_ptr(kdf1 = EVP_get_kdfbyname(LN_id_pbkdf2))
397         && TEST_ptr(kdf2 = EVP_get_kdfbyobj(obj))
398         && TEST_ptr_eq(kdf1, kdf2)
399         && TEST_ptr(kdf1 = EVP_get_kdfbyname(SN_tls1_prf))
400         && TEST_ptr(kdf2 = EVP_get_kdfbyname(LN_tls1_prf))
401         && TEST_ptr_eq(kdf1, kdf2)
402         && TEST_ptr(kdf2 = EVP_get_kdfbynid(NID_tls1_prf))
403         && TEST_ptr_eq(kdf1, kdf2);
404 }
405
406 #ifndef OPENSSL_NO_CMS
407 static int test_kdf_x942_asn1(void)
408 {
409     int ret;
410     EVP_KDF_CTX *kctx = NULL;
411     unsigned char out[24];
412     /* RFC2631 Section 2.1.6 Test data */
413     static const unsigned char z[] = {
414         0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,
415         0x0e,0x0f,0x10,0x11,0x12,0x13
416     };
417     static const unsigned char expected[sizeof(out)] = {
418         0xa0,0x96,0x61,0x39,0x23,0x76,0xf7,0x04,
419         0x4d,0x90,0x52,0xa3,0x97,0x88,0x32,0x46,
420         0xb6,0x7f,0x5f,0x1e,0xf6,0x3e,0xb5,0xfb
421     };
422
423     ret =
424         TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_X942))
425         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha1()), 0)
426         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z, sizeof(z)), 0)
427         && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_CEK_ALG,
428                                     SN_id_smime_alg_CMS3DESwrap), 0)
429         && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
430         && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
431
432     EVP_KDF_CTX_free(kctx);
433     return ret;
434 }
435 #endif /* OPENSSL_NO_CMS */
436
437 int setup_tests(void)
438 {
439     ADD_TEST(test_kdf_get_kdf);
440     ADD_TEST(test_kdf_tls1_prf);
441     ADD_TEST(test_kdf_hkdf);
442     ADD_TEST(test_kdf_pbkdf2);
443 #ifndef OPENSSL_NO_SCRYPT
444     ADD_TEST(test_kdf_scrypt);
445 #endif
446     ADD_TEST(test_kdf_ss_hash);
447     ADD_TEST(test_kdf_ss_hmac);
448     ADD_TEST(test_kdf_ss_kmac);
449     ADD_TEST(test_kdf_sshkdf);
450     ADD_TEST(test_kdf_x963);
451 #ifndef OPENSSL_NO_CMS
452     ADD_TEST(test_kdf_x942_asn1);
453 #endif
454     return 1;
455 }