return ret;
}
+static int test_kdf_hmac_drbg_settables(void)
+{
+ int ret = 0, i = 0, j = 0;
+ EVP_KDF_CTX *kctx = NULL;
+ const OSSL_PARAM *settableparams;
+ OSSL_PARAM params[5];
+ static const unsigned char ent[32] = { 0 };
+ unsigned char out[32];
+ char digestname[32];
+ char macname[32];
+ EVP_MD *shake256 = NULL;
+
+ /* Test there are settables */
+ if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HMACDRBGKDF))
+ || !TEST_ptr(settableparams = EVP_KDF_CTX_settable_params(kctx)))
+ goto err;
+
+ /* Fail if no params have been set when doing a derive */
+ if (!TEST_int_le(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0))
+ goto err;
+
+ /* Fail if we pass the wrong type for params */
+ params[1] = OSSL_PARAM_construct_end();
+ for (i = 0; settableparams[i].key != NULL; ++i) {
+ /* Skip "properties" key since it returns 1 unless the digest is also set */
+ if (OPENSSL_strcasecmp(settableparams[i].key,
+ OSSL_KDF_PARAM_PROPERTIES) != 0) {
+ TEST_note("Testing set int into %s fails", settableparams[i].key);
+ params[0] = OSSL_PARAM_construct_int(settableparams[i].key, &j);
+ if (!TEST_int_le(EVP_KDF_CTX_set_params(kctx, params), 0))
+ goto err;
+ }
+ }
+ /* Test that we can set values multiple times */
+ params[0] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_HMACDRBG_ENTROPY,
+ (char *)ent, sizeof(ent));
+ params[1] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_HMACDRBG_NONCE,
+ (char *)ent, sizeof(ent));
+ params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_DIGEST, "SHA256",
+ 0);
+ params[3] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_PROPERTIES, "",
+ 0);
+ params[4] = OSSL_PARAM_construct_end();
+ if (!TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 1))
+ goto err;
+ if (!TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 1))
+ goto err;
+ /* Test we can retrieve values back */
+ params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_DIGEST,
+ digestname, sizeof(digestname));
+ params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_MAC,
+ macname, sizeof(macname));
+ params[2] = OSSL_PARAM_construct_end();
+ if (!TEST_int_eq(EVP_KDF_CTX_get_params(kctx, params), 1)
+ || !TEST_mem_eq(digestname, params[0].return_size, "SHA2-256", 8)
+ || !TEST_mem_eq(macname, params[1].return_size, "HMAC", 4))
+ goto err;
+
+ /* Test the derive */
+ if (!TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 1))
+ goto err;
+
+ /* test that XOF digests are not allowed */
+ params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_DIGEST,
+ "shake256", 0);
+ params[1] = OSSL_PARAM_construct_end();
+ if (!TEST_int_le(EVP_KDF_CTX_set_params(kctx, params), 0))
+ goto err;
+
+ ret = 1;
+err:
+ EVP_MD_free(shake256);
+ EVP_KDF_CTX_free(kctx);
+ return ret;
+}
+
+static int test_kdf_hmac_drbg_gettables(void)
+{
+ int ret = 0, i, j = 0;
+ EVP_KDF_CTX *kctx = NULL;
+ const OSSL_PARAM *gettableparams;
+ OSSL_PARAM params[3];
+ char buf[64];
+
+ /* Test there are gettables */
+ if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HMACDRBGKDF))
+ || !TEST_ptr(gettableparams = EVP_KDF_CTX_gettable_params(kctx)))
+ goto err;
+ /* Fail if we pass the wrong type for params */
+ params[1] = OSSL_PARAM_construct_end();
+ for (i = 0; gettableparams[i].key != NULL; ++i) {
+ params[0] = OSSL_PARAM_construct_int(gettableparams[i].key, &j);
+ if (!TEST_int_le(EVP_KDF_CTX_get_params(kctx, params), 0))
+ goto err;
+ }
+ /* fail to get params if they are not set yet */
+ for (i = 0; gettableparams[i].key != NULL; ++i) {
+ params[0] = OSSL_PARAM_construct_utf8_string(gettableparams[i].key,
+ buf, sizeof(buf));
+ if (!TEST_int_le(EVP_KDF_CTX_get_params(kctx, params), 0))
+ goto err;
+ }
+ ret = 1;
+err:
+ EVP_KDF_CTX_free(kctx);
+ return ret;
+}
+
int setup_tests(void)
{
ADD_TEST(test_kdf_pbkdf1);
ADD_TEST(test_kdf_x942_asn1);
#endif
ADD_TEST(test_kdf_krb5kdf);
+ ADD_TEST(test_kdf_hmac_drbg_settables);
+ ADD_TEST(test_kdf_hmac_drbg_gettables);
return 1;
}
projects / openssl.git / blobdiff