Add PKEY_CTX setter tests for TLS1-PRF
authorJohannes Bauer <joe@johannes-bauer.com>
Sat, 19 Aug 2017 16:05:30 +0000 (18:05 +0200)
committerMatt Caswell <matt@openssl.org>
Mon, 21 Aug 2017 09:05:14 +0000 (10:05 +0100)
PKEY_CTX setters tests were previously present for HKDF and scrypt; this
patch also adds tests for the third currently supported KDF, TLS1-PRF.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4196)

test/pkey_meth_kdf_test.c

index c832e8e..5d4c468 100644 (file)
 #include <openssl/kdf.h>
 #include "testutil.h"
 
+static int test_kdf_tls1_prf(void)
+{
+    EVP_PKEY_CTX *pctx;
+    unsigned char out[16];
+    size_t outlen = sizeof(out);
+    pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
+
+    if (EVP_PKEY_derive_init(pctx) <= 0) {
+        TEST_error("EVP_PKEY_derive_init");
+        return 0;
+    }
+    if (EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_sha256()) <= 0) {
+        TEST_error("EVP_PKEY_CTX_set_tls1_prf_md");
+        return 0;
+    }
+    if (EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, "secret", 6) <= 0) {
+        TEST_error("EVP_PKEY_CTX_set1_tls1_prf_secret");
+        return 0;
+    }
+    if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, "seed", 4) <= 0) {
+        TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed");
+        return 0;
+    }
+    if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) {
+        TEST_error("EVP_PKEY_derive");
+        return 0;
+    }
+
+    {
+        const unsigned char expected[sizeof(out)] = {
+            0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0,
+            0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc
+        };
+        if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) {
+            return 0;
+        }
+    }
+    EVP_PKEY_CTX_free(pctx);
+    return 1;
+}
+
 static int test_kdf_hkdf(void)
 {
     EVP_PKEY_CTX *pctx;
@@ -131,6 +172,7 @@ static int test_kdf_scrypt(void)
 
 int setup_tests()
 {
+    ADD_TEST(test_kdf_tls1_prf);
     ADD_TEST(test_kdf_hkdf);
 #ifndef OPENSSL_NO_SCRYPT
     ADD_TEST(test_kdf_scrypt);