1b0d17251Schristos /*
2*0e2e28bcSchristos * Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved.
3b0d17251Schristos * Copyright (c) 2018-2020, Oracle and/or its affiliates. All rights reserved.
4b0d17251Schristos *
5b0d17251Schristos * Licensed under the Apache License 2.0 (the "License"). You may not use
6b0d17251Schristos * this file except in compliance with the License. You can obtain a copy
7b0d17251Schristos * in the file LICENSE in the source distribution or at
8b0d17251Schristos * https://www.openssl.org/source/license.html
9b0d17251Schristos */
10b0d17251Schristos
11b0d17251Schristos /* Tests of the EVP_KDF_CTX APIs */
12b0d17251Schristos
13b0d17251Schristos #include <stdio.h>
14b0d17251Schristos #include <string.h>
15b0d17251Schristos
16b0d17251Schristos #include <openssl/evp.h>
17b0d17251Schristos #include <openssl/kdf.h>
18b0d17251Schristos #include <openssl/core_names.h>
19b0d17251Schristos #include "internal/numbers.h"
20b0d17251Schristos #include "testutil.h"
21b0d17251Schristos
22b0d17251Schristos
get_kdfbyname_libctx(OSSL_LIB_CTX * libctx,const char * name)23b0d17251Schristos static EVP_KDF_CTX *get_kdfbyname_libctx(OSSL_LIB_CTX *libctx, const char *name)
24b0d17251Schristos {
25b0d17251Schristos EVP_KDF *kdf = EVP_KDF_fetch(libctx, name, NULL);
26b0d17251Schristos EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
27b0d17251Schristos
28b0d17251Schristos EVP_KDF_free(kdf);
29b0d17251Schristos return kctx;
30b0d17251Schristos }
31b0d17251Schristos
get_kdfbyname(const char * name)32b0d17251Schristos static EVP_KDF_CTX *get_kdfbyname(const char *name)
33b0d17251Schristos {
34b0d17251Schristos return get_kdfbyname_libctx(NULL, name);
35b0d17251Schristos }
36b0d17251Schristos
construct_tls1_prf_params(const char * digest,const char * secret,const char * seed)37b0d17251Schristos static OSSL_PARAM *construct_tls1_prf_params(const char *digest, const char *secret,
38b0d17251Schristos const char *seed)
39b0d17251Schristos {
40b0d17251Schristos OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 4);
41b0d17251Schristos OSSL_PARAM *p = params;
42b0d17251Schristos
43b0d17251Schristos if (params == NULL)
44b0d17251Schristos return NULL;
45b0d17251Schristos
46b0d17251Schristos *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
47b0d17251Schristos (char *)digest, 0);
48b0d17251Schristos *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
49b0d17251Schristos (unsigned char *)secret,
50b0d17251Schristos strlen(secret));
51b0d17251Schristos *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
52b0d17251Schristos (unsigned char *)seed,
53b0d17251Schristos strlen(seed));
54b0d17251Schristos *p = OSSL_PARAM_construct_end();
55b0d17251Schristos
56b0d17251Schristos return params;
57b0d17251Schristos }
58b0d17251Schristos
test_kdf_tls1_prf(void)59b0d17251Schristos static int test_kdf_tls1_prf(void)
60b0d17251Schristos {
61b0d17251Schristos int ret;
62b0d17251Schristos EVP_KDF_CTX *kctx = NULL;
63b0d17251Schristos unsigned char out[16];
64b0d17251Schristos OSSL_PARAM *params;
65b0d17251Schristos static const unsigned char expected[sizeof(out)] = {
66b0d17251Schristos 0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0,
67b0d17251Schristos 0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc
68b0d17251Schristos };
69b0d17251Schristos
70b0d17251Schristos params = construct_tls1_prf_params("sha256", "secret", "seed");
71b0d17251Schristos
72b0d17251Schristos ret = TEST_ptr(params)
73b0d17251Schristos && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
74b0d17251Schristos && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
75b0d17251Schristos && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
76b0d17251Schristos
77b0d17251Schristos EVP_KDF_CTX_free(kctx);
78b0d17251Schristos OPENSSL_free(params);
79b0d17251Schristos return ret;
80b0d17251Schristos }
81b0d17251Schristos
test_kdf_tls1_prf_invalid_digest(void)82b0d17251Schristos static int test_kdf_tls1_prf_invalid_digest(void)
83b0d17251Schristos {
84b0d17251Schristos int ret;
85b0d17251Schristos EVP_KDF_CTX *kctx = NULL;
86b0d17251Schristos OSSL_PARAM *params;
87b0d17251Schristos
88b0d17251Schristos params = construct_tls1_prf_params("blah", "secret", "seed");
89b0d17251Schristos
90b0d17251Schristos ret = TEST_ptr(params)
91b0d17251Schristos && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
92b0d17251Schristos && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
93b0d17251Schristos
94b0d17251Schristos EVP_KDF_CTX_free(kctx);
95b0d17251Schristos OPENSSL_free(params);
96b0d17251Schristos return ret;
97b0d17251Schristos }
98b0d17251Schristos
test_kdf_tls1_prf_zero_output_size(void)99b0d17251Schristos static int test_kdf_tls1_prf_zero_output_size(void)
100b0d17251Schristos {
101b0d17251Schristos int ret;
102b0d17251Schristos EVP_KDF_CTX *kctx = NULL;
103b0d17251Schristos unsigned char out[16];
104b0d17251Schristos OSSL_PARAM *params;
105b0d17251Schristos
106b0d17251Schristos params = construct_tls1_prf_params("sha256", "secret", "seed");
107b0d17251Schristos
108b0d17251Schristos /* Negative test - derive should fail */
109b0d17251Schristos ret = TEST_ptr(params)
110b0d17251Schristos && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
111b0d17251Schristos && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
112b0d17251Schristos && TEST_int_eq(EVP_KDF_derive(kctx, out, 0, NULL), 0);
113b0d17251Schristos
114b0d17251Schristos EVP_KDF_CTX_free(kctx);
115b0d17251Schristos OPENSSL_free(params);
116b0d17251Schristos return ret;
117b0d17251Schristos }
118b0d17251Schristos
test_kdf_tls1_prf_empty_secret(void)119b0d17251Schristos static int test_kdf_tls1_prf_empty_secret(void)
120b0d17251Schristos {
121b0d17251Schristos int ret;
122b0d17251Schristos EVP_KDF_CTX *kctx = NULL;
123b0d17251Schristos unsigned char out[16];
124b0d17251Schristos OSSL_PARAM *params;
125b0d17251Schristos
126b0d17251Schristos params = construct_tls1_prf_params("sha256", "", "seed");
127b0d17251Schristos
128b0d17251Schristos ret = TEST_ptr(params)
129b0d17251Schristos && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
130b0d17251Schristos && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
131b0d17251Schristos
132b0d17251Schristos EVP_KDF_CTX_free(kctx);
133b0d17251Schristos OPENSSL_free(params);
134b0d17251Schristos return ret;
135b0d17251Schristos }
136b0d17251Schristos
test_kdf_tls1_prf_1byte_secret(void)137b0d17251Schristos static int test_kdf_tls1_prf_1byte_secret(void)
138b0d17251Schristos {
139b0d17251Schristos int ret;
140b0d17251Schristos EVP_KDF_CTX *kctx = NULL;
141b0d17251Schristos unsigned char out[16];
142b0d17251Schristos OSSL_PARAM *params;
143b0d17251Schristos
144b0d17251Schristos params = construct_tls1_prf_params("sha256", "1", "seed");
145b0d17251Schristos
146b0d17251Schristos ret = TEST_ptr(params)
147b0d17251Schristos && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
148b0d17251Schristos && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
149b0d17251Schristos
150b0d17251Schristos EVP_KDF_CTX_free(kctx);
151b0d17251Schristos OPENSSL_free(params);
152b0d17251Schristos return ret;
153b0d17251Schristos }
154b0d17251Schristos
test_kdf_tls1_prf_empty_seed(void)155b0d17251Schristos static int test_kdf_tls1_prf_empty_seed(void)
156b0d17251Schristos {
157b0d17251Schristos int ret;
158b0d17251Schristos EVP_KDF_CTX *kctx = NULL;
159b0d17251Schristos unsigned char out[16];
160b0d17251Schristos OSSL_PARAM *params;
161b0d17251Schristos
162b0d17251Schristos params = construct_tls1_prf_params("sha256", "secret", "");
163b0d17251Schristos
164b0d17251Schristos /* Negative test - derive should fail */
165b0d17251Schristos ret = TEST_ptr(params)
166b0d17251Schristos && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
167b0d17251Schristos && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
168b0d17251Schristos && TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0);
169b0d17251Schristos
170b0d17251Schristos EVP_KDF_CTX_free(kctx);
171b0d17251Schristos OPENSSL_free(params);
172b0d17251Schristos return ret;
173b0d17251Schristos }
174b0d17251Schristos
test_kdf_tls1_prf_1byte_seed(void)175b0d17251Schristos static int test_kdf_tls1_prf_1byte_seed(void)
176b0d17251Schristos {
177b0d17251Schristos int ret;
178b0d17251Schristos EVP_KDF_CTX *kctx = NULL;
179b0d17251Schristos unsigned char out[16];
180b0d17251Schristos OSSL_PARAM *params;
181b0d17251Schristos
182b0d17251Schristos params = construct_tls1_prf_params("sha256", "secret", "1");
183b0d17251Schristos
184b0d17251Schristos ret = TEST_ptr(params)
185b0d17251Schristos && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
186b0d17251Schristos && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
187b0d17251Schristos
188b0d17251Schristos EVP_KDF_CTX_free(kctx);
189b0d17251Schristos OPENSSL_free(params);
190b0d17251Schristos return ret;
191b0d17251Schristos }
192b0d17251Schristos
construct_hkdf_params(char * digest,char * key,size_t keylen,char * salt,char * info)193b0d17251Schristos static OSSL_PARAM *construct_hkdf_params(char *digest, char *key,
194b0d17251Schristos size_t keylen, char *salt, char *info)
195b0d17251Schristos {
196b0d17251Schristos OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 5);
197b0d17251Schristos OSSL_PARAM *p = params;
198b0d17251Schristos
199b0d17251Schristos if (params == NULL)
200b0d17251Schristos return NULL;
201b0d17251Schristos
202b0d17251Schristos if (digest != NULL)
203b0d17251Schristos *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
204b0d17251Schristos digest, 0);
205b0d17251Schristos *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
206b0d17251Schristos salt, strlen(salt));
207b0d17251Schristos *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
208b0d17251Schristos (unsigned char *)key, keylen);
209b0d17251Schristos if (info != NULL)
210b0d17251Schristos *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
211b0d17251Schristos info, strlen(info));
212b0d17251Schristos else
213b0d17251Schristos *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE,
214b0d17251Schristos "EXTRACT_ONLY", 0);
215b0d17251Schristos *p = OSSL_PARAM_construct_end();
216b0d17251Schristos
217b0d17251Schristos return params;
218b0d17251Schristos }
219b0d17251Schristos
test_kdf_hkdf(void)220b0d17251Schristos static int test_kdf_hkdf(void)
221b0d17251Schristos {
222b0d17251Schristos int ret;
223b0d17251Schristos EVP_KDF_CTX *kctx = NULL;
224b0d17251Schristos unsigned char out[10];
225b0d17251Schristos OSSL_PARAM *params;
226b0d17251Schristos static const unsigned char expected[sizeof(out)] = {
227b0d17251Schristos 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13
228b0d17251Schristos };
229b0d17251Schristos
230b0d17251Schristos params = construct_hkdf_params("sha256", "secret", 6, "salt", "label");
231b0d17251Schristos
232b0d17251Schristos ret = TEST_ptr(params)
233b0d17251Schristos && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
234b0d17251Schristos && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
235b0d17251Schristos && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
236b0d17251Schristos
237b0d17251Schristos EVP_KDF_CTX_free(kctx);
238b0d17251Schristos OPENSSL_free(params);
239b0d17251Schristos return ret;
240b0d17251Schristos }
241b0d17251Schristos
do_kdf_hkdf_gettables(int expand_only,int has_digest)242b0d17251Schristos static int do_kdf_hkdf_gettables(int expand_only, int has_digest)
243b0d17251Schristos {
244b0d17251Schristos int ret = 0;
245b0d17251Schristos size_t sz = 0;
246b0d17251Schristos OSSL_PARAM *params;
247b0d17251Schristos OSSL_PARAM params_get[2];
248b0d17251Schristos const OSSL_PARAM *gettables, *p;
249b0d17251Schristos EVP_KDF_CTX *kctx = NULL;
250b0d17251Schristos
251b0d17251Schristos if (!TEST_ptr(params = construct_hkdf_params(
252b0d17251Schristos has_digest ? "sha256" : NULL,
253b0d17251Schristos "secret", 6, "salt",
254b0d17251Schristos expand_only ? NULL : "label"))
255b0d17251Schristos || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
256b0d17251Schristos || !TEST_true(EVP_KDF_CTX_set_params(kctx, params)))
257b0d17251Schristos goto err;
258b0d17251Schristos
259b0d17251Schristos /* Check OSSL_KDF_PARAM_SIZE is gettable */
260b0d17251Schristos if (!TEST_ptr(gettables = EVP_KDF_CTX_gettable_params(kctx))
261b0d17251Schristos || !TEST_ptr(p = OSSL_PARAM_locate_const(gettables, OSSL_KDF_PARAM_SIZE)))
262b0d17251Schristos goto err;
263b0d17251Schristos
264b0d17251Schristos /* Get OSSL_KDF_PARAM_SIZE as a size_t */
265b0d17251Schristos params_get[0] = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_SIZE, &sz);
266b0d17251Schristos params_get[1] = OSSL_PARAM_construct_end();
267b0d17251Schristos if (has_digest) {
268b0d17251Schristos if (!TEST_int_eq(EVP_KDF_CTX_get_params(kctx, params_get), 1)
269b0d17251Schristos || !TEST_size_t_eq(sz, expand_only ? SHA256_DIGEST_LENGTH : SIZE_MAX))
270b0d17251Schristos goto err;
271b0d17251Schristos } else {
272b0d17251Schristos if (!TEST_int_eq(EVP_KDF_CTX_get_params(kctx, params_get), 0))
273b0d17251Schristos goto err;
274b0d17251Schristos }
275b0d17251Schristos
276b0d17251Schristos /* Get params returns -2 if an unsupported parameter is requested */
277b0d17251Schristos params_get[0] = OSSL_PARAM_construct_end();
278b0d17251Schristos if (!TEST_int_eq(EVP_KDF_CTX_get_params(kctx, params_get), -2))
279b0d17251Schristos goto err;
280b0d17251Schristos ret = 1;
281b0d17251Schristos err:
282b0d17251Schristos EVP_KDF_CTX_free(kctx);
283b0d17251Schristos OPENSSL_free(params);
284b0d17251Schristos return ret;
285b0d17251Schristos }
286b0d17251Schristos
test_kdf_hkdf_gettables(void)287b0d17251Schristos static int test_kdf_hkdf_gettables(void)
288b0d17251Schristos {
289b0d17251Schristos return do_kdf_hkdf_gettables(0, 1);
290b0d17251Schristos }
291b0d17251Schristos
test_kdf_hkdf_gettables_expandonly(void)292b0d17251Schristos static int test_kdf_hkdf_gettables_expandonly(void)
293b0d17251Schristos {
294b0d17251Schristos return do_kdf_hkdf_gettables(1, 1);
295b0d17251Schristos }
296b0d17251Schristos
test_kdf_hkdf_gettables_no_digest(void)297b0d17251Schristos static int test_kdf_hkdf_gettables_no_digest(void)
298b0d17251Schristos {
299b0d17251Schristos return do_kdf_hkdf_gettables(1, 0);
300b0d17251Schristos }
301b0d17251Schristos
test_kdf_hkdf_invalid_digest(void)302b0d17251Schristos static int test_kdf_hkdf_invalid_digest(void)
303b0d17251Schristos {
304b0d17251Schristos int ret;
305b0d17251Schristos EVP_KDF_CTX *kctx = NULL;
306b0d17251Schristos OSSL_PARAM *params;
307b0d17251Schristos
308b0d17251Schristos params = construct_hkdf_params("blah", "secret", 6, "salt", "label");
309b0d17251Schristos
310b0d17251Schristos ret = TEST_ptr(params)
311b0d17251Schristos && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
312b0d17251Schristos && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
313b0d17251Schristos
314b0d17251Schristos EVP_KDF_CTX_free(kctx);
315b0d17251Schristos OPENSSL_free(params);
316b0d17251Schristos return ret;
317b0d17251Schristos }
318b0d17251Schristos
test_kdf_hkdf_derive_set_params_fail(void)319b0d17251Schristos static int test_kdf_hkdf_derive_set_params_fail(void)
320b0d17251Schristos {
321b0d17251Schristos int ret = 0, i = 0;
322b0d17251Schristos EVP_KDF_CTX *kctx = NULL;
323b0d17251Schristos OSSL_PARAM params[2];
324b0d17251Schristos unsigned char out[10];
325b0d17251Schristos
326b0d17251Schristos if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)))
327b0d17251Schristos goto end;
328b0d17251Schristos /*
329b0d17251Schristos * Set the wrong type for the digest so that it causes a failure
330b0d17251Schristos * inside kdf_hkdf_derive() when kdf_hkdf_set_ctx_params() is called
331b0d17251Schristos */
332b0d17251Schristos params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_DIGEST, &i);
333b0d17251Schristos params[1] = OSSL_PARAM_construct_end();
334b0d17251Schristos if (!TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), params), 0))
335b0d17251Schristos goto end;
336b0d17251Schristos ret = 1;
337b0d17251Schristos end:
338b0d17251Schristos EVP_KDF_CTX_free(kctx);
339b0d17251Schristos return ret;
340b0d17251Schristos }
341b0d17251Schristos
test_kdf_hkdf_set_invalid_mode(void)342b0d17251Schristos static int test_kdf_hkdf_set_invalid_mode(void)
343b0d17251Schristos {
344b0d17251Schristos int ret = 0, bad_mode = 100;
345b0d17251Schristos EVP_KDF_CTX *kctx = NULL;
346b0d17251Schristos OSSL_PARAM params[2];
347b0d17251Schristos
348b0d17251Schristos if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)))
349b0d17251Schristos goto end;
350b0d17251Schristos params[0] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE,
351b0d17251Schristos "BADMODE", 0);
352b0d17251Schristos params[1] = OSSL_PARAM_construct_end();
353b0d17251Schristos if (!TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 0))
354b0d17251Schristos goto end;
355b0d17251Schristos
356b0d17251Schristos params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE, &bad_mode);
357b0d17251Schristos if (!TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 0))
358b0d17251Schristos goto end;
359b0d17251Schristos
360b0d17251Schristos ret = 1;
361b0d17251Schristos end:
362b0d17251Schristos EVP_KDF_CTX_free(kctx);
363b0d17251Schristos return ret;
364b0d17251Schristos }
365b0d17251Schristos
do_kdf_hkdf_set_invalid_param(const char * key,int type)366b0d17251Schristos static int do_kdf_hkdf_set_invalid_param(const char *key, int type)
367b0d17251Schristos {
368b0d17251Schristos int ret = 0;
369b0d17251Schristos EVP_KDF_CTX *kctx = NULL;
370b0d17251Schristos OSSL_PARAM params[2];
371b0d17251Schristos unsigned char buf[2];
372b0d17251Schristos
373b0d17251Schristos if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)))
374b0d17251Schristos goto end;
375b0d17251Schristos /* Set the wrong type for the key so that it causes a failure */
376b0d17251Schristos if (type == OSSL_PARAM_UTF8_STRING)
377b0d17251Schristos params[0] = OSSL_PARAM_construct_utf8_string(key, "BAD", 0);
378b0d17251Schristos else
379b0d17251Schristos params[0] = OSSL_PARAM_construct_octet_string(key, buf, sizeof(buf));
380b0d17251Schristos params[1] = OSSL_PARAM_construct_end();
381b0d17251Schristos if (!TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 0))
382b0d17251Schristos goto end;
383b0d17251Schristos
384b0d17251Schristos ret = 1;
385b0d17251Schristos end:
386b0d17251Schristos EVP_KDF_CTX_free(kctx);
387b0d17251Schristos return ret;
388b0d17251Schristos }
389b0d17251Schristos
test_kdf_hkdf_set_ctx_param_fail(void)390b0d17251Schristos static int test_kdf_hkdf_set_ctx_param_fail(void)
391b0d17251Schristos {
392b0d17251Schristos return do_kdf_hkdf_set_invalid_param(OSSL_KDF_PARAM_MODE,
393b0d17251Schristos OSSL_PARAM_OCTET_STRING)
394b0d17251Schristos && do_kdf_hkdf_set_invalid_param(OSSL_KDF_PARAM_KEY,
395b0d17251Schristos OSSL_PARAM_UTF8_STRING)
396b0d17251Schristos && do_kdf_hkdf_set_invalid_param(OSSL_KDF_PARAM_SALT,
397b0d17251Schristos OSSL_PARAM_UTF8_STRING)
398b0d17251Schristos && do_kdf_hkdf_set_invalid_param(OSSL_KDF_PARAM_INFO,
399b0d17251Schristos OSSL_PARAM_UTF8_STRING);
400b0d17251Schristos }
401b0d17251Schristos
test_kdf_hkdf_zero_output_size(void)402b0d17251Schristos static int test_kdf_hkdf_zero_output_size(void)
403b0d17251Schristos {
404b0d17251Schristos int ret;
405b0d17251Schristos EVP_KDF_CTX *kctx = NULL;
406b0d17251Schristos unsigned char out[10];
407b0d17251Schristos OSSL_PARAM *params;
408b0d17251Schristos
409b0d17251Schristos params = construct_hkdf_params("sha256", "secret", 6, "salt", "label");
410b0d17251Schristos
411b0d17251Schristos /* Negative test - derive should fail */
412b0d17251Schristos ret = TEST_ptr(params)
413b0d17251Schristos && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
414b0d17251Schristos && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
415b0d17251Schristos && TEST_int_eq(EVP_KDF_derive(kctx, out, 0, NULL), 0);
416b0d17251Schristos
417b0d17251Schristos EVP_KDF_CTX_free(kctx);
418b0d17251Schristos OPENSSL_free(params);
419b0d17251Schristos return ret;
420b0d17251Schristos }
421b0d17251Schristos
test_kdf_hkdf_empty_key(void)422b0d17251Schristos static int test_kdf_hkdf_empty_key(void)
423b0d17251Schristos {
424b0d17251Schristos int ret;
425b0d17251Schristos EVP_KDF_CTX *kctx = NULL;
426b0d17251Schristos unsigned char out[10];
427b0d17251Schristos OSSL_PARAM *params;
428b0d17251Schristos
429b0d17251Schristos params = construct_hkdf_params("sha256", "", 0, "salt", "label");
430b0d17251Schristos
431b0d17251Schristos ret = TEST_ptr(params)
432b0d17251Schristos && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
433b0d17251Schristos && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
434b0d17251Schristos
435b0d17251Schristos EVP_KDF_CTX_free(kctx);
436b0d17251Schristos OPENSSL_free(params);
437b0d17251Schristos return ret;
438b0d17251Schristos }
439b0d17251Schristos
test_kdf_hkdf_1byte_key(void)440b0d17251Schristos static int test_kdf_hkdf_1byte_key(void)
441b0d17251Schristos {
442b0d17251Schristos int ret;
443b0d17251Schristos EVP_KDF_CTX *kctx = NULL;
444b0d17251Schristos unsigned char out[10];
445b0d17251Schristos OSSL_PARAM *params;
446b0d17251Schristos
447b0d17251Schristos params = construct_hkdf_params("sha256", "1", 1, "salt", "label");
448b0d17251Schristos
449b0d17251Schristos ret = TEST_ptr(params)
450b0d17251Schristos && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
451b0d17251Schristos && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
452b0d17251Schristos
453b0d17251Schristos EVP_KDF_CTX_free(kctx);
454b0d17251Schristos OPENSSL_free(params);
455b0d17251Schristos return ret;
456b0d17251Schristos }
457b0d17251Schristos
test_kdf_hkdf_empty_salt(void)458b0d17251Schristos static int test_kdf_hkdf_empty_salt(void)
459b0d17251Schristos {
460b0d17251Schristos int ret;
461b0d17251Schristos EVP_KDF_CTX *kctx = NULL;
462b0d17251Schristos unsigned char out[10];
463b0d17251Schristos OSSL_PARAM *params;
464b0d17251Schristos
465b0d17251Schristos params = construct_hkdf_params("sha256", "secret", 6, "", "label");
466b0d17251Schristos
467b0d17251Schristos ret = TEST_ptr(params)
468b0d17251Schristos && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
469b0d17251Schristos && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
470b0d17251Schristos
471b0d17251Schristos EVP_KDF_CTX_free(kctx);
472b0d17251Schristos OPENSSL_free(params);
473b0d17251Schristos return ret;
474b0d17251Schristos }
475b0d17251Schristos
construct_pbkdf1_params(char * pass,char * digest,char * salt,unsigned int * iter)476b0d17251Schristos static OSSL_PARAM *construct_pbkdf1_params(char *pass, char *digest, char *salt,
477b0d17251Schristos unsigned int *iter)
478b0d17251Schristos {
479b0d17251Schristos OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 5);
480b0d17251Schristos OSSL_PARAM *p = params;
481b0d17251Schristos
482b0d17251Schristos if (params == NULL)
483b0d17251Schristos return NULL;
484b0d17251Schristos
485b0d17251Schristos *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
486b0d17251Schristos (unsigned char *)pass, strlen(pass));
487b0d17251Schristos *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
488b0d17251Schristos (unsigned char *)salt, strlen(salt));
489b0d17251Schristos *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_ITER, iter);
490b0d17251Schristos *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
491b0d17251Schristos digest, 0);
492b0d17251Schristos *p = OSSL_PARAM_construct_end();
493b0d17251Schristos
494b0d17251Schristos return params;
495b0d17251Schristos }
496b0d17251Schristos
test_kdf_pbkdf1(void)497b0d17251Schristos static int test_kdf_pbkdf1(void)
498b0d17251Schristos {
499b0d17251Schristos int ret = 0;
500b0d17251Schristos EVP_KDF_CTX *kctx = NULL;
501b0d17251Schristos unsigned char out[25];
502b0d17251Schristos unsigned int iterations = 4096;
503b0d17251Schristos OSSL_LIB_CTX *libctx = NULL;
504b0d17251Schristos OSSL_PARAM *params = NULL;
505b0d17251Schristos OSSL_PROVIDER *legacyprov = NULL;
506b0d17251Schristos OSSL_PROVIDER *defprov = NULL;
507b0d17251Schristos const unsigned char expected[sizeof(out)] = {
508b0d17251Schristos 0xfb, 0x83, 0x4d, 0x36, 0x6d, 0xbc, 0x53, 0x87, 0x35, 0x1b, 0x34, 0x75,
509b0d17251Schristos 0x95, 0x88, 0x32, 0x4f, 0x3e, 0x82, 0x81, 0x01, 0x21, 0x93, 0x64, 0x00,
510b0d17251Schristos 0xcc
511b0d17251Schristos };
512b0d17251Schristos
513b0d17251Schristos if (!TEST_ptr(libctx = OSSL_LIB_CTX_new()))
514b0d17251Schristos goto err;
515b0d17251Schristos
516b0d17251Schristos /* PBKDF1 only available in the legacy provider */
517b0d17251Schristos legacyprov = OSSL_PROVIDER_load(libctx, "legacy");
518b0d17251Schristos if (legacyprov == NULL) {
519b0d17251Schristos OSSL_LIB_CTX_free(libctx);
520b0d17251Schristos return TEST_skip("PBKDF1 only available in legacy provider");
521b0d17251Schristos }
522b0d17251Schristos
523b0d17251Schristos if (!TEST_ptr(defprov = OSSL_PROVIDER_load(libctx, "default")))
524b0d17251Schristos goto err;
525b0d17251Schristos
526b0d17251Schristos params = construct_pbkdf1_params("passwordPASSWORDpassword", "sha256",
527b0d17251Schristos "saltSALTsaltSALTsaltSALTsaltSALTsalt",
528b0d17251Schristos &iterations);
529b0d17251Schristos
530b0d17251Schristos if (!TEST_ptr(params)
531b0d17251Schristos || !TEST_ptr(kctx = get_kdfbyname_libctx(libctx, OSSL_KDF_NAME_PBKDF1))
532b0d17251Schristos || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
533b0d17251Schristos || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)
534b0d17251Schristos || !TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)))
535b0d17251Schristos goto err;
536b0d17251Schristos
537b0d17251Schristos ret = 1;
538b0d17251Schristos err:
539b0d17251Schristos EVP_KDF_CTX_free(kctx);
540b0d17251Schristos OPENSSL_free(params);
541b0d17251Schristos OSSL_PROVIDER_unload(defprov);
542b0d17251Schristos OSSL_PROVIDER_unload(legacyprov);
543b0d17251Schristos OSSL_LIB_CTX_free(libctx);
544b0d17251Schristos return ret;
545b0d17251Schristos }
546b0d17251Schristos
test_kdf_pbkdf1_key_too_long(void)547*0e2e28bcSchristos static int test_kdf_pbkdf1_key_too_long(void)
548*0e2e28bcSchristos {
549*0e2e28bcSchristos int ret = 0;
550*0e2e28bcSchristos EVP_KDF_CTX *kctx = NULL;
551*0e2e28bcSchristos unsigned char out[EVP_MAX_MD_SIZE + 1];
552*0e2e28bcSchristos unsigned int iterations = 4096;
553*0e2e28bcSchristos OSSL_LIB_CTX *libctx = NULL;
554*0e2e28bcSchristos OSSL_PARAM *params = NULL;
555*0e2e28bcSchristos OSSL_PROVIDER *legacyprov = NULL;
556*0e2e28bcSchristos OSSL_PROVIDER *defprov = NULL;
557*0e2e28bcSchristos
558*0e2e28bcSchristos if (!TEST_ptr(libctx = OSSL_LIB_CTX_new()))
559*0e2e28bcSchristos goto err;
560*0e2e28bcSchristos
561*0e2e28bcSchristos /* PBKDF1 only available in the legacy provider */
562*0e2e28bcSchristos legacyprov = OSSL_PROVIDER_load(libctx, "legacy");
563*0e2e28bcSchristos if (legacyprov == NULL) {
564*0e2e28bcSchristos OSSL_LIB_CTX_free(libctx);
565*0e2e28bcSchristos return TEST_skip("PBKDF1 only available in legacy provider");
566*0e2e28bcSchristos }
567*0e2e28bcSchristos
568*0e2e28bcSchristos if (!TEST_ptr(defprov = OSSL_PROVIDER_load(libctx, "default")))
569*0e2e28bcSchristos goto err;
570*0e2e28bcSchristos
571*0e2e28bcSchristos params = construct_pbkdf1_params("passwordPASSWORDpassword", "sha256",
572*0e2e28bcSchristos "saltSALTsaltSALTsaltSALTsaltSALTsalt",
573*0e2e28bcSchristos &iterations);
574*0e2e28bcSchristos
575*0e2e28bcSchristos /*
576*0e2e28bcSchristos * This is the same test sequence as test_kdf_pbkdf1, but we expect
577*0e2e28bcSchristos * failure here as the requested key size is longer than the digest
578*0e2e28bcSchristos * can provide
579*0e2e28bcSchristos */
580*0e2e28bcSchristos if (!TEST_ptr(params)
581*0e2e28bcSchristos || !TEST_ptr(kctx = get_kdfbyname_libctx(libctx, OSSL_KDF_NAME_PBKDF1))
582*0e2e28bcSchristos || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
583*0e2e28bcSchristos || !TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0))
584*0e2e28bcSchristos goto err;
585*0e2e28bcSchristos
586*0e2e28bcSchristos ret = 1;
587*0e2e28bcSchristos err:
588*0e2e28bcSchristos EVP_KDF_CTX_free(kctx);
589*0e2e28bcSchristos OPENSSL_free(params);
590*0e2e28bcSchristos OSSL_PROVIDER_unload(defprov);
591*0e2e28bcSchristos OSSL_PROVIDER_unload(legacyprov);
592*0e2e28bcSchristos OSSL_LIB_CTX_free(libctx);
593*0e2e28bcSchristos return ret;
594*0e2e28bcSchristos }
595*0e2e28bcSchristos
construct_pbkdf2_params(char * pass,char * digest,char * salt,unsigned int * iter,int * mode)596b0d17251Schristos static OSSL_PARAM *construct_pbkdf2_params(char *pass, char *digest, char *salt,
597b0d17251Schristos unsigned int *iter, int *mode)
598b0d17251Schristos {
599b0d17251Schristos OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 6);
600b0d17251Schristos OSSL_PARAM *p = params;
601b0d17251Schristos
602b0d17251Schristos if (params == NULL)
603b0d17251Schristos return NULL;
604b0d17251Schristos
605b0d17251Schristos *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
606b0d17251Schristos (unsigned char *)pass, strlen(pass));
607b0d17251Schristos *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
608b0d17251Schristos (unsigned char *)salt, strlen(salt));
609b0d17251Schristos *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_ITER, iter);
610b0d17251Schristos *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
611b0d17251Schristos digest, 0);
612b0d17251Schristos *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, mode);
613b0d17251Schristos *p = OSSL_PARAM_construct_end();
614b0d17251Schristos
615b0d17251Schristos return params;
616b0d17251Schristos }
617b0d17251Schristos
test_kdf_pbkdf2(void)618b0d17251Schristos static int test_kdf_pbkdf2(void)
619b0d17251Schristos {
620b0d17251Schristos int ret = 0;
621b0d17251Schristos EVP_KDF_CTX *kctx = NULL;
622b0d17251Schristos unsigned char out[25];
623b0d17251Schristos unsigned int iterations = 4096;
624b0d17251Schristos int mode = 0;
625b0d17251Schristos OSSL_PARAM *params;
626b0d17251Schristos const unsigned char expected[sizeof(out)] = {
627b0d17251Schristos 0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f,
628b0d17251Schristos 0x32, 0xd8, 0x14, 0xb8, 0x11, 0x6e, 0x84, 0xcf,
629b0d17251Schristos 0x2b, 0x17, 0x34, 0x7e, 0xbc, 0x18, 0x00, 0x18,
630b0d17251Schristos 0x1c
631b0d17251Schristos };
632b0d17251Schristos
633b0d17251Schristos params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
634b0d17251Schristos "saltSALTsaltSALTsaltSALTsaltSALTsalt",
635b0d17251Schristos &iterations, &mode);
636b0d17251Schristos
637b0d17251Schristos if (!TEST_ptr(params)
638b0d17251Schristos || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
639b0d17251Schristos || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
640b0d17251Schristos || !TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)))
641b0d17251Schristos goto err;
642b0d17251Schristos
643b0d17251Schristos ret = 1;
644b0d17251Schristos err:
645b0d17251Schristos EVP_KDF_CTX_free(kctx);
646b0d17251Schristos OPENSSL_free(params);
647b0d17251Schristos return ret;
648b0d17251Schristos }
649b0d17251Schristos
test_kdf_pbkdf2_small_output(void)650b0d17251Schristos static int test_kdf_pbkdf2_small_output(void)
651b0d17251Schristos {
652b0d17251Schristos int ret = 0;
653b0d17251Schristos EVP_KDF_CTX *kctx = NULL;
654b0d17251Schristos unsigned char out[25];
655b0d17251Schristos unsigned int iterations = 4096;
656b0d17251Schristos int mode = 0;
657b0d17251Schristos OSSL_PARAM *params;
658b0d17251Schristos
659b0d17251Schristos params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
660b0d17251Schristos "saltSALTsaltSALTsaltSALTsaltSALTsalt",
661b0d17251Schristos &iterations, &mode);
662b0d17251Schristos
663b0d17251Schristos if (!TEST_ptr(params)
664b0d17251Schristos || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
665b0d17251Schristos || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
666b0d17251Schristos /* A key length that is too small should fail */
667b0d17251Schristos || !TEST_int_eq(EVP_KDF_derive(kctx, out, 112 / 8 - 1, NULL), 0))
668b0d17251Schristos goto err;
669b0d17251Schristos
670b0d17251Schristos ret = 1;
671b0d17251Schristos err:
672b0d17251Schristos EVP_KDF_CTX_free(kctx);
673b0d17251Schristos OPENSSL_free(params);
674b0d17251Schristos return ret;
675b0d17251Schristos }
676b0d17251Schristos
test_kdf_pbkdf2_large_output(void)677b0d17251Schristos static int test_kdf_pbkdf2_large_output(void)
678b0d17251Schristos {
679b0d17251Schristos int ret = 0;
680b0d17251Schristos EVP_KDF_CTX *kctx = NULL;
681b0d17251Schristos unsigned char out[25];
682b0d17251Schristos size_t len = 0;
683b0d17251Schristos unsigned int iterations = 4096;
684b0d17251Schristos int mode = 0;
685b0d17251Schristos OSSL_PARAM *params;
686b0d17251Schristos
687b0d17251Schristos if (sizeof(len) > 32)
688b0d17251Schristos len = SIZE_MAX;
689b0d17251Schristos
690b0d17251Schristos params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
691b0d17251Schristos "saltSALTsaltSALTsaltSALTsaltSALTsalt",
692b0d17251Schristos &iterations, &mode);
693b0d17251Schristos
694b0d17251Schristos if (!TEST_ptr(params)
695b0d17251Schristos || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
696b0d17251Schristos /* A key length that is too large should fail */
697b0d17251Schristos || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
698b0d17251Schristos || (len != 0 && !TEST_int_eq(EVP_KDF_derive(kctx, out, len, NULL), 0)))
699b0d17251Schristos goto err;
700b0d17251Schristos
701b0d17251Schristos ret = 1;
702b0d17251Schristos err:
703b0d17251Schristos EVP_KDF_CTX_free(kctx);
704b0d17251Schristos OPENSSL_free(params);
705b0d17251Schristos return ret;
706b0d17251Schristos }
707b0d17251Schristos
test_kdf_pbkdf2_small_salt(void)708b0d17251Schristos static int test_kdf_pbkdf2_small_salt(void)
709b0d17251Schristos {
710b0d17251Schristos int ret = 0;
711b0d17251Schristos EVP_KDF_CTX *kctx = NULL;
712b0d17251Schristos unsigned int iterations = 4096;
713b0d17251Schristos int mode = 0;
714b0d17251Schristos OSSL_PARAM *params;
715b0d17251Schristos
716b0d17251Schristos params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
717b0d17251Schristos "saltSALT",
718b0d17251Schristos &iterations, &mode);
719b0d17251Schristos
720b0d17251Schristos if (!TEST_ptr(params)
721b0d17251Schristos || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
722b0d17251Schristos /* A salt that is too small should fail */
723b0d17251Schristos || !TEST_false(EVP_KDF_CTX_set_params(kctx, params)))
724b0d17251Schristos goto err;
725b0d17251Schristos
726b0d17251Schristos ret = 1;
727b0d17251Schristos err:
728b0d17251Schristos EVP_KDF_CTX_free(kctx);
729b0d17251Schristos OPENSSL_free(params);
730b0d17251Schristos return ret;
731b0d17251Schristos }
732b0d17251Schristos
test_kdf_pbkdf2_small_iterations(void)733b0d17251Schristos static int test_kdf_pbkdf2_small_iterations(void)
734b0d17251Schristos {
735b0d17251Schristos int ret = 0;
736b0d17251Schristos EVP_KDF_CTX *kctx = NULL;
737b0d17251Schristos unsigned int iterations = 1;
738b0d17251Schristos int mode = 0;
739b0d17251Schristos OSSL_PARAM *params;
740b0d17251Schristos
741b0d17251Schristos params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
742b0d17251Schristos "saltSALTsaltSALTsaltSALTsaltSALTsalt",
743b0d17251Schristos &iterations, &mode);
744b0d17251Schristos
745b0d17251Schristos if (!TEST_ptr(params)
746b0d17251Schristos || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
747b0d17251Schristos /* An iteration count that is too small should fail */
748b0d17251Schristos || !TEST_false(EVP_KDF_CTX_set_params(kctx, params)))
749b0d17251Schristos goto err;
750b0d17251Schristos
751b0d17251Schristos ret = 1;
752b0d17251Schristos err:
753b0d17251Schristos EVP_KDF_CTX_free(kctx);
754b0d17251Schristos OPENSSL_free(params);
755b0d17251Schristos return ret;
756b0d17251Schristos }
757b0d17251Schristos
test_kdf_pbkdf2_small_salt_pkcs5(void)758b0d17251Schristos static int test_kdf_pbkdf2_small_salt_pkcs5(void)
759b0d17251Schristos {
760b0d17251Schristos int ret = 0;
761b0d17251Schristos EVP_KDF_CTX *kctx = NULL;
762b0d17251Schristos unsigned char out[25];
763b0d17251Schristos unsigned int iterations = 4096;
764b0d17251Schristos int mode = 1;
765b0d17251Schristos OSSL_PARAM *params;
766b0d17251Schristos OSSL_PARAM mode_params[2];
767b0d17251Schristos
768b0d17251Schristos params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
769b0d17251Schristos "saltSALT",
770b0d17251Schristos &iterations, &mode);
771b0d17251Schristos
772b0d17251Schristos if (!TEST_ptr(params)
773b0d17251Schristos || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
774b0d17251Schristos /* A salt that is too small should pass in pkcs5 mode */
775b0d17251Schristos || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
776b0d17251Schristos || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0))
777b0d17251Schristos goto err;
778b0d17251Schristos
779b0d17251Schristos mode = 0;
780b0d17251Schristos mode_params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &mode);
781b0d17251Schristos mode_params[1] = OSSL_PARAM_construct_end();
782b0d17251Schristos
783b0d17251Schristos /* If the "pkcs5" mode is disabled then the derive will now fail */
784b0d17251Schristos if (!TEST_true(EVP_KDF_CTX_set_params(kctx, mode_params))
785b0d17251Schristos || !TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0))
786b0d17251Schristos goto err;
787b0d17251Schristos
788b0d17251Schristos ret = 1;
789b0d17251Schristos err:
790b0d17251Schristos EVP_KDF_CTX_free(kctx);
791b0d17251Schristos OPENSSL_free(params);
792b0d17251Schristos return ret;
793b0d17251Schristos }
794b0d17251Schristos
test_kdf_pbkdf2_small_iterations_pkcs5(void)795b0d17251Schristos static int test_kdf_pbkdf2_small_iterations_pkcs5(void)
796b0d17251Schristos {
797b0d17251Schristos int ret = 0;
798b0d17251Schristos EVP_KDF_CTX *kctx = NULL;
799b0d17251Schristos unsigned char out[25];
800b0d17251Schristos unsigned int iterations = 1;
801b0d17251Schristos int mode = 1;
802b0d17251Schristos OSSL_PARAM *params;
803b0d17251Schristos OSSL_PARAM mode_params[2];
804b0d17251Schristos
805b0d17251Schristos params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
806b0d17251Schristos "saltSALTsaltSALTsaltSALTsaltSALTsalt",
807b0d17251Schristos &iterations, &mode);
808b0d17251Schristos
809b0d17251Schristos if (!TEST_ptr(params)
810b0d17251Schristos || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
811b0d17251Schristos /* An iteration count that is too small will pass in pkcs5 mode */
812b0d17251Schristos || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
813b0d17251Schristos || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0))
814b0d17251Schristos goto err;
815b0d17251Schristos
816b0d17251Schristos mode = 0;
817b0d17251Schristos mode_params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &mode);
818b0d17251Schristos mode_params[1] = OSSL_PARAM_construct_end();
819b0d17251Schristos
820b0d17251Schristos /* If the "pkcs5" mode is disabled then the derive will now fail */
821b0d17251Schristos if (!TEST_true(EVP_KDF_CTX_set_params(kctx, mode_params))
822b0d17251Schristos || !TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0))
823b0d17251Schristos goto err;
824b0d17251Schristos
825b0d17251Schristos ret = 1;
826b0d17251Schristos err:
827b0d17251Schristos EVP_KDF_CTX_free(kctx);
828b0d17251Schristos OPENSSL_free(params);
829b0d17251Schristos return ret;
830b0d17251Schristos }
831b0d17251Schristos
test_kdf_pbkdf2_invalid_digest(void)832b0d17251Schristos static int test_kdf_pbkdf2_invalid_digest(void)
833b0d17251Schristos {
834b0d17251Schristos int ret = 0;
835b0d17251Schristos EVP_KDF_CTX *kctx = NULL;
836b0d17251Schristos unsigned int iterations = 4096;
837b0d17251Schristos int mode = 0;
838b0d17251Schristos OSSL_PARAM *params;
839b0d17251Schristos
840b0d17251Schristos params = construct_pbkdf2_params("passwordPASSWORDpassword", "blah",
841b0d17251Schristos "saltSALTsaltSALTsaltSALTsaltSALTsalt",
842b0d17251Schristos &iterations, &mode);
843b0d17251Schristos
844b0d17251Schristos if (!TEST_ptr(params)
845b0d17251Schristos || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
846b0d17251Schristos /* Unknown digest should fail */
847b0d17251Schristos || !TEST_false(EVP_KDF_CTX_set_params(kctx, params)))
848b0d17251Schristos goto err;
849b0d17251Schristos
850b0d17251Schristos ret = 1;
851b0d17251Schristos err:
852b0d17251Schristos EVP_KDF_CTX_free(kctx);
853b0d17251Schristos OPENSSL_free(params);
854b0d17251Schristos return ret;
855b0d17251Schristos }
856b0d17251Schristos
857b0d17251Schristos #ifndef OPENSSL_NO_SCRYPT
test_kdf_scrypt(void)858b0d17251Schristos static int test_kdf_scrypt(void)
859b0d17251Schristos {
860b0d17251Schristos int ret;
861b0d17251Schristos EVP_KDF_CTX *kctx;
862b0d17251Schristos OSSL_PARAM params[7], *p = params;
863b0d17251Schristos unsigned char out[64];
864b0d17251Schristos unsigned int nu = 1024, ru = 8, pu = 16, maxmem = 16;
865b0d17251Schristos static const unsigned char expected[sizeof(out)] = {
866b0d17251Schristos 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
867b0d17251Schristos 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
868b0d17251Schristos 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
869b0d17251Schristos 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
870b0d17251Schristos 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
871b0d17251Schristos 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
872b0d17251Schristos 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
873b0d17251Schristos 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
874b0d17251Schristos };
875b0d17251Schristos
876b0d17251Schristos *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
877b0d17251Schristos (char *)"password", 8);
878b0d17251Schristos *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
879b0d17251Schristos (char *)"NaCl", 4);
880b0d17251Schristos *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_N, &nu);
881b0d17251Schristos *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_R, &ru);
882b0d17251Schristos *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_P, &pu);
883b0d17251Schristos *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_MAXMEM, &maxmem);
884b0d17251Schristos *p = OSSL_PARAM_construct_end();
885b0d17251Schristos
886b0d17251Schristos ret =
887b0d17251Schristos TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SCRYPT))
888b0d17251Schristos && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
889b0d17251Schristos /* failure test *//*
890b0d17251Schristos && TEST_int_le(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)*/
891b0d17251Schristos && TEST_true(OSSL_PARAM_set_uint(p - 1, 10 * 1024 * 1024))
892b0d17251Schristos && TEST_true(EVP_KDF_CTX_set_params(kctx, p - 1))
893b0d17251Schristos && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)
894b0d17251Schristos && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
895b0d17251Schristos
896b0d17251Schristos EVP_KDF_CTX_free(kctx);
897b0d17251Schristos return ret;
898b0d17251Schristos }
899b0d17251Schristos #endif /* OPENSSL_NO_SCRYPT */
900b0d17251Schristos
test_kdf_ss_hash(void)901b0d17251Schristos static int test_kdf_ss_hash(void)
902b0d17251Schristos {
903b0d17251Schristos int ret;
904b0d17251Schristos EVP_KDF_CTX *kctx;
905b0d17251Schristos OSSL_PARAM params[4], *p = params;
906b0d17251Schristos unsigned char out[14];
907b0d17251Schristos static unsigned char z[] = {
908b0d17251Schristos 0x6d,0xbd,0xc2,0x3f,0x04,0x54,0x88,0xe4,0x06,0x27,0x57,0xb0,0x6b,0x9e,
909b0d17251Schristos 0xba,0xe1,0x83,0xfc,0x5a,0x59,0x46,0xd8,0x0d,0xb9,0x3f,0xec,0x6f,0x62,
910b0d17251Schristos 0xec,0x07,0xe3,0x72,0x7f,0x01,0x26,0xae,0xd1,0x2c,0xe4,0xb2,0x62,0xf4,
911b0d17251Schristos 0x7d,0x48,0xd5,0x42,0x87,0xf8,0x1d,0x47,0x4c,0x7c,0x3b,0x18,0x50,0xe9
912b0d17251Schristos };
913b0d17251Schristos static unsigned char other[] = {
914b0d17251Schristos 0xa1,0xb2,0xc3,0xd4,0xe5,0x43,0x41,0x56,0x53,0x69,0x64,0x3c,0x83,0x2e,
915b0d17251Schristos 0x98,0x49,0xdc,0xdb,0xa7,0x1e,0x9a,0x31,0x39,0xe6,0x06,0xe0,0x95,0xde,
916b0d17251Schristos 0x3c,0x26,0x4a,0x66,0xe9,0x8a,0x16,0x58,0x54,0xcd,0x07,0x98,0x9b,0x1e,
917b0d17251Schristos 0xe0,0xec,0x3f,0x8d,0xbe
918b0d17251Schristos };
919b0d17251Schristos static const unsigned char expected[sizeof(out)] = {
920b0d17251Schristos 0xa4,0x62,0xde,0x16,0xa8,0x9d,0xe8,0x46,0x6e,0xf5,0x46,0x0b,0x47,0xb8
921b0d17251Schristos };
922b0d17251Schristos
923b0d17251Schristos *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
924b0d17251Schristos (char *)"sha224", 0);
925b0d17251Schristos *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
926b0d17251Schristos *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
927b0d17251Schristos sizeof(other));
928b0d17251Schristos *p = OSSL_PARAM_construct_end();
929b0d17251Schristos
930b0d17251Schristos ret =
931b0d17251Schristos TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
932b0d17251Schristos && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
933b0d17251Schristos && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
934b0d17251Schristos
935b0d17251Schristos EVP_KDF_CTX_free(kctx);
936b0d17251Schristos return ret;
937b0d17251Schristos }
938b0d17251Schristos
test_kdf_x963(void)939b0d17251Schristos static int test_kdf_x963(void)
940b0d17251Schristos {
941b0d17251Schristos int ret;
942b0d17251Schristos EVP_KDF_CTX *kctx;
943b0d17251Schristos OSSL_PARAM params[4], *p = params;
944b0d17251Schristos unsigned char out[1024 / 8];
945b0d17251Schristos /*
946b0d17251Schristos * Test data from https://csrc.nist.gov/CSRC/media/Projects/
947b0d17251Schristos * Cryptographic-Algorithm-Validation-Program/documents/components/
948b0d17251Schristos * 800-135testvectors/ansx963_2001.zip
949b0d17251Schristos */
950b0d17251Schristos static unsigned char z[] = {
951b0d17251Schristos 0x00, 0xaa, 0x5b, 0xb7, 0x9b, 0x33, 0xe3, 0x89, 0xfa, 0x58, 0xce, 0xad,
952b0d17251Schristos 0xc0, 0x47, 0x19, 0x7f, 0x14, 0xe7, 0x37, 0x12, 0xf4, 0x52, 0xca, 0xa9,
953b0d17251Schristos 0xfc, 0x4c, 0x9a, 0xdb, 0x36, 0x93, 0x48, 0xb8, 0x15, 0x07, 0x39, 0x2f,
954b0d17251Schristos 0x1a, 0x86, 0xdd, 0xfd, 0xb7, 0xc4, 0xff, 0x82, 0x31, 0xc4, 0xbd, 0x0f,
955b0d17251Schristos 0x44, 0xe4, 0x4a, 0x1b, 0x55, 0xb1, 0x40, 0x47, 0x47, 0xa9, 0xe2, 0xe7,
956b0d17251Schristos 0x53, 0xf5, 0x5e, 0xf0, 0x5a, 0x2d
957b0d17251Schristos };
958b0d17251Schristos static unsigned char shared[] = {
959b0d17251Schristos 0xe3, 0xb5, 0xb4, 0xc1, 0xb0, 0xd5, 0xcf, 0x1d, 0x2b, 0x3a, 0x2f, 0x99,
960b0d17251Schristos 0x37, 0x89, 0x5d, 0x31
961b0d17251Schristos };
962b0d17251Schristos static const unsigned char expected[sizeof(out)] = {
963b0d17251Schristos 0x44, 0x63, 0xf8, 0x69, 0xf3, 0xcc, 0x18, 0x76, 0x9b, 0x52, 0x26, 0x4b,
964b0d17251Schristos 0x01, 0x12, 0xb5, 0x85, 0x8f, 0x7a, 0xd3, 0x2a, 0x5a, 0x2d, 0x96, 0xd8,
965b0d17251Schristos 0xcf, 0xfa, 0xbf, 0x7f, 0xa7, 0x33, 0x63, 0x3d, 0x6e, 0x4d, 0xd2, 0xa5,
966b0d17251Schristos 0x99, 0xac, 0xce, 0xb3, 0xea, 0x54, 0xa6, 0x21, 0x7c, 0xe0, 0xb5, 0x0e,
967b0d17251Schristos 0xef, 0x4f, 0x6b, 0x40, 0xa5, 0xc3, 0x02, 0x50, 0xa5, 0xa8, 0xee, 0xee,
968b0d17251Schristos 0x20, 0x80, 0x02, 0x26, 0x70, 0x89, 0xdb, 0xf3, 0x51, 0xf3, 0xf5, 0x02,
969b0d17251Schristos 0x2a, 0xa9, 0x63, 0x8b, 0xf1, 0xee, 0x41, 0x9d, 0xea, 0x9c, 0x4f, 0xf7,
970b0d17251Schristos 0x45, 0xa2, 0x5a, 0xc2, 0x7b, 0xda, 0x33, 0xca, 0x08, 0xbd, 0x56, 0xdd,
971b0d17251Schristos 0x1a, 0x59, 0xb4, 0x10, 0x6c, 0xf2, 0xdb, 0xbc, 0x0a, 0xb2, 0xaa, 0x8e,
972b0d17251Schristos 0x2e, 0xfa, 0x7b, 0x17, 0x90, 0x2d, 0x34, 0x27, 0x69, 0x51, 0xce, 0xcc,
973b0d17251Schristos 0xab, 0x87, 0xf9, 0x66, 0x1c, 0x3e, 0x88, 0x16
974b0d17251Schristos };
975b0d17251Schristos
976b0d17251Schristos *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
977b0d17251Schristos (char *)"sha512", 0);
978b0d17251Schristos *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
979b0d17251Schristos *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, shared,
980b0d17251Schristos sizeof(shared));
981b0d17251Schristos *p = OSSL_PARAM_construct_end();
982b0d17251Schristos
983b0d17251Schristos ret =
984b0d17251Schristos TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X963KDF))
985b0d17251Schristos && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
986b0d17251Schristos && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
987b0d17251Schristos
988b0d17251Schristos EVP_KDF_CTX_free(kctx);
989b0d17251Schristos return ret;
990b0d17251Schristos }
991b0d17251Schristos
992b0d17251Schristos #if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_CAMELLIA)
993b0d17251Schristos /*
994b0d17251Schristos * KBKDF test vectors from RFC 6803 (Camellia Encryption for Kerberos 5)
995b0d17251Schristos * section 10.
996b0d17251Schristos */
test_kdf_kbkdf_6803_128(void)997b0d17251Schristos static int test_kdf_kbkdf_6803_128(void)
998b0d17251Schristos {
999b0d17251Schristos int ret = 0, i, p;
1000b0d17251Schristos EVP_KDF_CTX *kctx;
1001b0d17251Schristos OSSL_PARAM params[7];
1002b0d17251Schristos static unsigned char input_key[] = {
1003b0d17251Schristos 0x57, 0xD0, 0x29, 0x72, 0x98, 0xFF, 0xD9, 0xD3,
1004b0d17251Schristos 0x5D, 0xE5, 0xA4, 0x7F, 0xB4, 0xBD, 0xE2, 0x4B,
1005b0d17251Schristos };
1006b0d17251Schristos static unsigned char constants[][5] = {
1007b0d17251Schristos { 0x00, 0x00, 0x00, 0x02, 0x99 },
1008b0d17251Schristos { 0x00, 0x00, 0x00, 0x02, 0xaa },
1009b0d17251Schristos { 0x00, 0x00, 0x00, 0x02, 0x55 },
1010b0d17251Schristos };
1011b0d17251Schristos static unsigned char outputs[][16] = {
1012b0d17251Schristos {0xD1, 0x55, 0x77, 0x5A, 0x20, 0x9D, 0x05, 0xF0,
1013b0d17251Schristos 0x2B, 0x38, 0xD4, 0x2A, 0x38, 0x9E, 0x5A, 0x56},
1014b0d17251Schristos {0x64, 0xDF, 0x83, 0xF8, 0x5A, 0x53, 0x2F, 0x17,
1015b0d17251Schristos 0x57, 0x7D, 0x8C, 0x37, 0x03, 0x57, 0x96, 0xAB},
1016b0d17251Schristos {0x3E, 0x4F, 0xBD, 0xF3, 0x0F, 0xB8, 0x25, 0x9C,
1017b0d17251Schristos 0x42, 0x5C, 0xB6, 0xC9, 0x6F, 0x1F, 0x46, 0x35}
1018b0d17251Schristos };
1019b0d17251Schristos static unsigned char iv[16] = { 0 };
1020b0d17251Schristos unsigned char result[16] = { 0 };
1021b0d17251Schristos
1022b0d17251Schristos for (i = 0; i < 3; i++) {
1023b0d17251Schristos p = 0;
1024b0d17251Schristos params[p++] = OSSL_PARAM_construct_utf8_string(
1025b0d17251Schristos OSSL_KDF_PARAM_CIPHER, "CAMELLIA-128-CBC", 0);
1026b0d17251Schristos params[p++] = OSSL_PARAM_construct_utf8_string(
1027b0d17251Schristos OSSL_KDF_PARAM_MAC, "CMAC", 0);
1028b0d17251Schristos params[p++] = OSSL_PARAM_construct_utf8_string(
1029b0d17251Schristos OSSL_KDF_PARAM_MODE, "FEEDBACK", 0);
1030b0d17251Schristos params[p++] = OSSL_PARAM_construct_octet_string(
1031b0d17251Schristos OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
1032b0d17251Schristos params[p++] = OSSL_PARAM_construct_octet_string(
1033b0d17251Schristos OSSL_KDF_PARAM_SALT, constants[i], sizeof(constants[i]));
1034b0d17251Schristos params[p++] = OSSL_PARAM_construct_octet_string(
1035b0d17251Schristos OSSL_KDF_PARAM_SEED, iv, sizeof(iv));
1036b0d17251Schristos params[p] = OSSL_PARAM_construct_end();
1037b0d17251Schristos
1038b0d17251Schristos kctx = get_kdfbyname("KBKDF");
1039b0d17251Schristos ret = TEST_ptr(kctx)
1040b0d17251Schristos && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result),
1041b0d17251Schristos params), 0)
1042b0d17251Schristos && TEST_mem_eq(result, sizeof(result), outputs[i],
1043b0d17251Schristos sizeof(outputs[i]));
1044b0d17251Schristos EVP_KDF_CTX_free(kctx);
1045b0d17251Schristos if (ret != 1)
1046b0d17251Schristos return ret;
1047b0d17251Schristos }
1048b0d17251Schristos
1049b0d17251Schristos return ret;
1050b0d17251Schristos }
1051b0d17251Schristos
test_kdf_kbkdf_6803_256(void)1052b0d17251Schristos static int test_kdf_kbkdf_6803_256(void)
1053b0d17251Schristos {
1054b0d17251Schristos int ret = 0, i, p;
1055b0d17251Schristos EVP_KDF_CTX *kctx;
1056b0d17251Schristos OSSL_PARAM params[7];
1057b0d17251Schristos static unsigned char input_key[] = {
1058b0d17251Schristos 0xB9, 0xD6, 0x82, 0x8B, 0x20, 0x56, 0xB7, 0xBE,
1059b0d17251Schristos 0x65, 0x6D, 0x88, 0xA1, 0x23, 0xB1, 0xFA, 0xC6,
1060b0d17251Schristos 0x82, 0x14, 0xAC, 0x2B, 0x72, 0x7E, 0xCF, 0x5F,
1061b0d17251Schristos 0x69, 0xAF, 0xE0, 0xC4, 0xDF, 0x2A, 0x6D, 0x2C,
1062b0d17251Schristos };
1063b0d17251Schristos static unsigned char constants[][5] = {
1064b0d17251Schristos { 0x00, 0x00, 0x00, 0x02, 0x99 },
1065b0d17251Schristos { 0x00, 0x00, 0x00, 0x02, 0xaa },
1066b0d17251Schristos { 0x00, 0x00, 0x00, 0x02, 0x55 },
1067b0d17251Schristos };
1068b0d17251Schristos static unsigned char outputs[][32] = {
1069b0d17251Schristos {0xE4, 0x67, 0xF9, 0xA9, 0x55, 0x2B, 0xC7, 0xD3,
1070b0d17251Schristos 0x15, 0x5A, 0x62, 0x20, 0xAF, 0x9C, 0x19, 0x22,
1071b0d17251Schristos 0x0E, 0xEE, 0xD4, 0xFF, 0x78, 0xB0, 0xD1, 0xE6,
1072b0d17251Schristos 0xA1, 0x54, 0x49, 0x91, 0x46, 0x1A, 0x9E, 0x50,
1073b0d17251Schristos },
1074b0d17251Schristos {0x41, 0x2A, 0xEF, 0xC3, 0x62, 0xA7, 0x28, 0x5F,
1075b0d17251Schristos 0xC3, 0x96, 0x6C, 0x6A, 0x51, 0x81, 0xE7, 0x60,
1076b0d17251Schristos 0x5A, 0xE6, 0x75, 0x23, 0x5B, 0x6D, 0x54, 0x9F,
1077b0d17251Schristos 0xBF, 0xC9, 0xAB, 0x66, 0x30, 0xA4, 0xC6, 0x04,
1078b0d17251Schristos },
1079b0d17251Schristos {0xFA, 0x62, 0x4F, 0xA0, 0xE5, 0x23, 0x99, 0x3F,
1080b0d17251Schristos 0xA3, 0x88, 0xAE, 0xFD, 0xC6, 0x7E, 0x67, 0xEB,
1081b0d17251Schristos 0xCD, 0x8C, 0x08, 0xE8, 0xA0, 0x24, 0x6B, 0x1D,
1082b0d17251Schristos 0x73, 0xB0, 0xD1, 0xDD, 0x9F, 0xC5, 0x82, 0xB0,
1083b0d17251Schristos },
1084b0d17251Schristos };
1085b0d17251Schristos static unsigned char iv[16] = { 0 };
1086b0d17251Schristos unsigned char result[32] = { 0 };
1087b0d17251Schristos
1088b0d17251Schristos for (i = 0; i < 3; i++) {
1089b0d17251Schristos p = 0;
1090b0d17251Schristos params[p++] = OSSL_PARAM_construct_utf8_string(
1091b0d17251Schristos OSSL_KDF_PARAM_CIPHER, "CAMELLIA-256-CBC", 0);
1092b0d17251Schristos params[p++] = OSSL_PARAM_construct_utf8_string(
1093b0d17251Schristos OSSL_KDF_PARAM_MAC, "CMAC", 0);
1094b0d17251Schristos params[p++] = OSSL_PARAM_construct_utf8_string(
1095b0d17251Schristos OSSL_KDF_PARAM_MODE, "FEEDBACK", 0);
1096b0d17251Schristos params[p++] = OSSL_PARAM_construct_octet_string(
1097b0d17251Schristos OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
1098b0d17251Schristos params[p++] = OSSL_PARAM_construct_octet_string(
1099b0d17251Schristos OSSL_KDF_PARAM_SALT, constants[i], sizeof(constants[i]));
1100b0d17251Schristos params[p++] = OSSL_PARAM_construct_octet_string(
1101b0d17251Schristos OSSL_KDF_PARAM_SEED, iv, sizeof(iv));
1102b0d17251Schristos params[p] = OSSL_PARAM_construct_end();
1103b0d17251Schristos
1104b0d17251Schristos kctx = get_kdfbyname("KBKDF");
1105b0d17251Schristos ret = TEST_ptr(kctx)
1106b0d17251Schristos && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result),
1107b0d17251Schristos params), 0)
1108b0d17251Schristos && TEST_mem_eq(result, sizeof(result), outputs[i],
1109b0d17251Schristos sizeof(outputs[i]));
1110b0d17251Schristos EVP_KDF_CTX_free(kctx);
1111b0d17251Schristos if (ret != 1)
1112b0d17251Schristos return ret;
1113b0d17251Schristos }
1114b0d17251Schristos
1115b0d17251Schristos return ret;
1116b0d17251Schristos }
1117b0d17251Schristos #endif
1118b0d17251Schristos
construct_kbkdf_params(char * digest,char * mac,unsigned char * key,size_t keylen,char * salt,char * info)1119b0d17251Schristos static OSSL_PARAM *construct_kbkdf_params(char *digest, char *mac, unsigned char *key,
1120b0d17251Schristos size_t keylen, char *salt, char *info)
1121b0d17251Schristos {
1122b0d17251Schristos OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 7);
1123b0d17251Schristos OSSL_PARAM *p = params;
1124b0d17251Schristos
1125b0d17251Schristos if (params == NULL)
1126b0d17251Schristos return NULL;
1127b0d17251Schristos
1128b0d17251Schristos *p++ = OSSL_PARAM_construct_utf8_string(
1129b0d17251Schristos OSSL_KDF_PARAM_DIGEST, digest, 0);
1130b0d17251Schristos *p++ = OSSL_PARAM_construct_utf8_string(
1131b0d17251Schristos OSSL_KDF_PARAM_MAC, mac, 0);
1132b0d17251Schristos *p++ = OSSL_PARAM_construct_utf8_string(
1133b0d17251Schristos OSSL_KDF_PARAM_MODE, "COUNTER", 0);
1134b0d17251Schristos *p++ = OSSL_PARAM_construct_octet_string(
1135b0d17251Schristos OSSL_KDF_PARAM_KEY, key, keylen);
1136b0d17251Schristos *p++ = OSSL_PARAM_construct_octet_string(
1137b0d17251Schristos OSSL_KDF_PARAM_SALT, salt, strlen(salt));
1138b0d17251Schristos *p++ = OSSL_PARAM_construct_octet_string(
1139b0d17251Schristos OSSL_KDF_PARAM_INFO, info, strlen(info));
1140b0d17251Schristos *p = OSSL_PARAM_construct_end();
1141b0d17251Schristos
1142b0d17251Schristos return params;
1143b0d17251Schristos }
1144b0d17251Schristos
test_kdf_kbkdf_invalid_digest(void)1145b0d17251Schristos static int test_kdf_kbkdf_invalid_digest(void)
1146b0d17251Schristos {
1147b0d17251Schristos int ret;
1148b0d17251Schristos EVP_KDF_CTX *kctx;
1149b0d17251Schristos OSSL_PARAM *params;
1150b0d17251Schristos
1151b0d17251Schristos static unsigned char key[] = {0x01};
1152b0d17251Schristos
1153b0d17251Schristos params = construct_kbkdf_params("blah", "HMAC", key, 1, "prf", "test");
1154b0d17251Schristos if (!TEST_ptr(params))
1155b0d17251Schristos return 0;
1156b0d17251Schristos
1157b0d17251Schristos /* Negative test case - set_params should fail */
1158b0d17251Schristos kctx = get_kdfbyname("KBKDF");
1159b0d17251Schristos ret = TEST_ptr(kctx)
1160b0d17251Schristos && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
1161b0d17251Schristos
1162b0d17251Schristos EVP_KDF_CTX_free(kctx);
1163b0d17251Schristos OPENSSL_free(params);
1164b0d17251Schristos return ret;
1165b0d17251Schristos }
1166b0d17251Schristos
test_kdf_kbkdf_invalid_mac(void)1167b0d17251Schristos static int test_kdf_kbkdf_invalid_mac(void)
1168b0d17251Schristos {
1169b0d17251Schristos int ret;
1170b0d17251Schristos EVP_KDF_CTX *kctx;
1171b0d17251Schristos OSSL_PARAM *params;
1172b0d17251Schristos
1173b0d17251Schristos static unsigned char key[] = {0x01};
1174b0d17251Schristos
1175b0d17251Schristos params = construct_kbkdf_params("sha256", "blah", key, 1, "prf", "test");
1176b0d17251Schristos if (!TEST_ptr(params))
1177b0d17251Schristos return 0;
1178b0d17251Schristos
1179b0d17251Schristos /* Negative test case - set_params should fail */
1180b0d17251Schristos kctx = get_kdfbyname("KBKDF");
1181b0d17251Schristos ret = TEST_ptr(kctx)
1182b0d17251Schristos && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
1183b0d17251Schristos
1184b0d17251Schristos EVP_KDF_CTX_free(kctx);
1185b0d17251Schristos OPENSSL_free(params);
1186b0d17251Schristos return ret;
1187b0d17251Schristos }
1188b0d17251Schristos
test_kdf_kbkdf_empty_key(void)1189b0d17251Schristos static int test_kdf_kbkdf_empty_key(void)
1190b0d17251Schristos {
1191b0d17251Schristos int ret;
1192b0d17251Schristos EVP_KDF_CTX *kctx;
1193b0d17251Schristos OSSL_PARAM *params;
1194b0d17251Schristos
1195b0d17251Schristos static unsigned char key[] = {0x01};
1196b0d17251Schristos unsigned char result[32] = { 0 };
1197b0d17251Schristos
1198b0d17251Schristos params = construct_kbkdf_params("sha256", "HMAC", key, 0, "prf", "test");
1199b0d17251Schristos if (!TEST_ptr(params))
1200b0d17251Schristos return 0;
1201b0d17251Schristos
1202b0d17251Schristos /* Negative test case - derive should fail */
1203b0d17251Schristos kctx = get_kdfbyname("KBKDF");
1204b0d17251Schristos ret = TEST_ptr(kctx)
1205b0d17251Schristos && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
1206b0d17251Schristos && TEST_int_eq(EVP_KDF_derive(kctx, result, sizeof(result), NULL), 0);
1207b0d17251Schristos
1208b0d17251Schristos EVP_KDF_CTX_free(kctx);
1209b0d17251Schristos OPENSSL_free(params);
1210b0d17251Schristos return ret;
1211b0d17251Schristos }
1212b0d17251Schristos
test_kdf_kbkdf_1byte_key(void)1213b0d17251Schristos static int test_kdf_kbkdf_1byte_key(void)
1214b0d17251Schristos {
1215b0d17251Schristos int ret;
1216b0d17251Schristos EVP_KDF_CTX *kctx;
1217b0d17251Schristos OSSL_PARAM *params;
1218b0d17251Schristos
1219b0d17251Schristos static unsigned char key[] = {0x01};
1220b0d17251Schristos unsigned char result[32] = { 0 };
1221b0d17251Schristos
1222b0d17251Schristos params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test");
1223b0d17251Schristos if (!TEST_ptr(params))
1224b0d17251Schristos return 0;
1225b0d17251Schristos
1226b0d17251Schristos kctx = get_kdfbyname("KBKDF");
1227b0d17251Schristos ret = TEST_ptr(kctx)
1228b0d17251Schristos && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), params), 0);
1229b0d17251Schristos
1230b0d17251Schristos EVP_KDF_CTX_free(kctx);
1231b0d17251Schristos OPENSSL_free(params);
1232b0d17251Schristos return ret;
1233b0d17251Schristos }
1234b0d17251Schristos
test_kdf_kbkdf_zero_output_size(void)1235b0d17251Schristos static int test_kdf_kbkdf_zero_output_size(void)
1236b0d17251Schristos {
1237b0d17251Schristos int ret;
1238b0d17251Schristos EVP_KDF_CTX *kctx;
1239b0d17251Schristos OSSL_PARAM *params;
1240b0d17251Schristos
1241b0d17251Schristos static unsigned char key[] = {0x01};
1242b0d17251Schristos unsigned char result[32] = { 0 };
1243b0d17251Schristos
1244b0d17251Schristos params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test");
1245b0d17251Schristos if (!TEST_ptr(params))
1246b0d17251Schristos return 0;
1247b0d17251Schristos
1248b0d17251Schristos /* Negative test case - derive should fail */
1249b0d17251Schristos kctx = get_kdfbyname("KBKDF");
1250b0d17251Schristos ret = TEST_ptr(kctx)
1251b0d17251Schristos && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
1252b0d17251Schristos && TEST_int_eq(EVP_KDF_derive(kctx, result, 0, NULL), 0);
1253b0d17251Schristos
1254b0d17251Schristos EVP_KDF_CTX_free(kctx);
1255b0d17251Schristos OPENSSL_free(params);
1256b0d17251Schristos return ret;
1257b0d17251Schristos }
1258b0d17251Schristos
1259b0d17251Schristos /* Two test vectors from RFC 8009 (AES Encryption with HMAC-SHA2 for Kerberos
1260b0d17251Schristos * 5) appendix A. */
test_kdf_kbkdf_8009_prf1(void)1261b0d17251Schristos static int test_kdf_kbkdf_8009_prf1(void)
1262b0d17251Schristos {
1263b0d17251Schristos int ret, i = 0;
1264b0d17251Schristos EVP_KDF_CTX *kctx;
1265b0d17251Schristos OSSL_PARAM params[6];
1266b0d17251Schristos char *label = "prf", *digest = "sha256", *prf_input = "test",
1267b0d17251Schristos *mac = "HMAC";
1268b0d17251Schristos static unsigned char input_key[] = {
1269b0d17251Schristos 0x37, 0x05, 0xD9, 0x60, 0x80, 0xC1, 0x77, 0x28,
1270b0d17251Schristos 0xA0, 0xE8, 0x00, 0xEA, 0xB6, 0xE0, 0xD2, 0x3C,
1271b0d17251Schristos };
1272b0d17251Schristos static unsigned char output[] = {
1273b0d17251Schristos 0x9D, 0x18, 0x86, 0x16, 0xF6, 0x38, 0x52, 0xFE,
1274b0d17251Schristos 0x86, 0x91, 0x5B, 0xB8, 0x40, 0xB4, 0xA8, 0x86,
1275b0d17251Schristos 0xFF, 0x3E, 0x6B, 0xB0, 0xF8, 0x19, 0xB4, 0x9B,
1276b0d17251Schristos 0x89, 0x33, 0x93, 0xD3, 0x93, 0x85, 0x42, 0x95,
1277b0d17251Schristos };
1278b0d17251Schristos unsigned char result[sizeof(output)] = { 0 };
1279b0d17251Schristos
1280b0d17251Schristos params[i++] = OSSL_PARAM_construct_utf8_string(
1281b0d17251Schristos OSSL_KDF_PARAM_DIGEST, digest, 0);
1282b0d17251Schristos params[i++] = OSSL_PARAM_construct_utf8_string(
1283b0d17251Schristos OSSL_KDF_PARAM_MAC, mac, 0);
1284b0d17251Schristos params[i++] = OSSL_PARAM_construct_octet_string(
1285b0d17251Schristos OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
1286b0d17251Schristos params[i++] = OSSL_PARAM_construct_octet_string(
1287b0d17251Schristos OSSL_KDF_PARAM_SALT, label, strlen(label));
1288b0d17251Schristos params[i++] = OSSL_PARAM_construct_octet_string(
1289b0d17251Schristos OSSL_KDF_PARAM_INFO, prf_input, strlen(prf_input));
1290b0d17251Schristos params[i] = OSSL_PARAM_construct_end();
1291b0d17251Schristos
1292b0d17251Schristos kctx = get_kdfbyname("KBKDF");
1293b0d17251Schristos ret = TEST_ptr(kctx)
1294b0d17251Schristos && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), params), 0)
1295b0d17251Schristos && TEST_mem_eq(result, sizeof(result), output, sizeof(output));
1296b0d17251Schristos
1297b0d17251Schristos EVP_KDF_CTX_free(kctx);
1298b0d17251Schristos return ret;
1299b0d17251Schristos }
1300b0d17251Schristos
test_kdf_kbkdf_8009_prf2(void)1301b0d17251Schristos static int test_kdf_kbkdf_8009_prf2(void)
1302b0d17251Schristos {
1303b0d17251Schristos int ret, i = 0;
1304b0d17251Schristos EVP_KDF_CTX *kctx;
1305b0d17251Schristos OSSL_PARAM params[6];
1306b0d17251Schristos char *label = "prf", *digest = "sha384", *prf_input = "test",
1307b0d17251Schristos *mac = "HMAC";
1308b0d17251Schristos static unsigned char input_key[] = {
1309b0d17251Schristos 0x6D, 0x40, 0x4D, 0x37, 0xFA, 0xF7, 0x9F, 0x9D,
1310b0d17251Schristos 0xF0, 0xD3, 0x35, 0x68, 0xD3, 0x20, 0x66, 0x98,
1311b0d17251Schristos 0x00, 0xEB, 0x48, 0x36, 0x47, 0x2E, 0xA8, 0xA0,
1312b0d17251Schristos 0x26, 0xD1, 0x6B, 0x71, 0x82, 0x46, 0x0C, 0x52,
1313b0d17251Schristos };
1314b0d17251Schristos static unsigned char output[] = {
1315b0d17251Schristos 0x98, 0x01, 0xF6, 0x9A, 0x36, 0x8C, 0x2B, 0xF6,
1316b0d17251Schristos 0x75, 0xE5, 0x95, 0x21, 0xE1, 0x77, 0xD9, 0xA0,
1317b0d17251Schristos 0x7F, 0x67, 0xEF, 0xE1, 0xCF, 0xDE, 0x8D, 0x3C,
1318b0d17251Schristos 0x8D, 0x6F, 0x6A, 0x02, 0x56, 0xE3, 0xB1, 0x7D,
1319b0d17251Schristos 0xB3, 0xC1, 0xB6, 0x2A, 0xD1, 0xB8, 0x55, 0x33,
1320b0d17251Schristos 0x60, 0xD1, 0x73, 0x67, 0xEB, 0x15, 0x14, 0xD2,
1321b0d17251Schristos };
1322b0d17251Schristos unsigned char result[sizeof(output)] = { 0 };
1323b0d17251Schristos
1324b0d17251Schristos params[i++] = OSSL_PARAM_construct_utf8_string(
1325b0d17251Schristos OSSL_KDF_PARAM_DIGEST, digest, 0);
1326b0d17251Schristos params[i++] = OSSL_PARAM_construct_utf8_string(
1327b0d17251Schristos OSSL_KDF_PARAM_MAC, mac, 0);
1328b0d17251Schristos params[i++] = OSSL_PARAM_construct_octet_string(
1329b0d17251Schristos OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
1330b0d17251Schristos params[i++] = OSSL_PARAM_construct_octet_string(
1331b0d17251Schristos OSSL_KDF_PARAM_SALT, label, strlen(label));
1332b0d17251Schristos params[i++] = OSSL_PARAM_construct_octet_string(
1333b0d17251Schristos OSSL_KDF_PARAM_INFO, prf_input, strlen(prf_input));
1334b0d17251Schristos params[i] = OSSL_PARAM_construct_end();
1335b0d17251Schristos
1336b0d17251Schristos kctx = get_kdfbyname("KBKDF");
1337b0d17251Schristos ret = TEST_ptr(kctx)
1338b0d17251Schristos && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), params), 0)
1339b0d17251Schristos && TEST_mem_eq(result, sizeof(result), output, sizeof(output));
1340b0d17251Schristos
1341b0d17251Schristos EVP_KDF_CTX_free(kctx);
1342b0d17251Schristos return ret;
1343b0d17251Schristos }
1344b0d17251Schristos
1345b0d17251Schristos #if !defined(OPENSSL_NO_CMAC)
1346b0d17251Schristos /*
1347b0d17251Schristos * Test vector taken from
1348b0d17251Schristos * https://csrc.nist.gov/CSRC/media/Projects/
1349b0d17251Schristos * Cryptographic-Algorithm-Validation-Program/documents/KBKDF800-108/CounterMode.zip
1350b0d17251Schristos * Note: Only 32 bit counter is supported ([RLEN=32_BITS])
1351b0d17251Schristos */
test_kdf_kbkdf_fixedinfo(void)1352b0d17251Schristos static int test_kdf_kbkdf_fixedinfo(void)
1353b0d17251Schristos {
1354b0d17251Schristos int ret;
1355b0d17251Schristos EVP_KDF_CTX *kctx;
1356b0d17251Schristos OSSL_PARAM params[8], *p = params;
1357b0d17251Schristos static char *cipher = "AES128";
1358b0d17251Schristos static char *mac = "CMAC";
1359b0d17251Schristos static char *mode = "COUNTER";
1360b0d17251Schristos int use_l = 0;
1361b0d17251Schristos int use_separator = 0;
1362b0d17251Schristos
1363b0d17251Schristos static unsigned char input_key[] = {
1364b0d17251Schristos 0xc1, 0x0b, 0x15, 0x2e, 0x8c, 0x97, 0xb7, 0x7e,
1365b0d17251Schristos 0x18, 0x70, 0x4e, 0x0f, 0x0b, 0xd3, 0x83, 0x05,
1366b0d17251Schristos };
1367b0d17251Schristos static unsigned char fixed_input[] = {
1368b0d17251Schristos 0x98, 0xcd, 0x4c, 0xbb, 0xbe, 0xbe, 0x15, 0xd1,
1369b0d17251Schristos 0x7d, 0xc8, 0x6e, 0x6d, 0xba, 0xd8, 0x00, 0xa2,
1370b0d17251Schristos 0xdc, 0xbd, 0x64, 0xf7, 0xc7, 0xad, 0x0e, 0x78,
1371b0d17251Schristos 0xe9, 0xcf, 0x94, 0xff, 0xdb, 0xa8, 0x9d, 0x03,
1372b0d17251Schristos 0xe9, 0x7e, 0xad, 0xf6, 0xc4, 0xf7, 0xb8, 0x06,
1373b0d17251Schristos 0xca, 0xf5, 0x2a, 0xa3, 0x8f, 0x09, 0xd0, 0xeb,
1374b0d17251Schristos 0x71, 0xd7, 0x1f, 0x49, 0x7b, 0xcc, 0x69, 0x06,
1375b0d17251Schristos 0xb4, 0x8d, 0x36, 0xc4,
1376b0d17251Schristos
1377b0d17251Schristos };
1378b0d17251Schristos static unsigned char output[] = {
1379b0d17251Schristos 0x26, 0xfa, 0xf6, 0x19, 0x08, 0xad, 0x9e, 0xe8,
1380b0d17251Schristos 0x81, 0xb8, 0x30, 0x5c, 0x22, 0x1d, 0xb5, 0x3f,
1381b0d17251Schristos };
1382b0d17251Schristos unsigned char result[sizeof(output)] = { 0 };
1383b0d17251Schristos
1384b0d17251Schristos *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER, cipher, 0);
1385b0d17251Schristos *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, mac, 0);
1386b0d17251Schristos *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE, mode, 0);
1387b0d17251Schristos *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, input_key,
1388b0d17251Schristos sizeof(input_key));
1389b0d17251Schristos *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
1390b0d17251Schristos fixed_input, sizeof(fixed_input));
1391b0d17251Schristos *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_USE_L, &use_l);
1392b0d17251Schristos *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR,
1393b0d17251Schristos &use_separator);
1394b0d17251Schristos *p = OSSL_PARAM_construct_end();
1395b0d17251Schristos
1396b0d17251Schristos kctx = get_kdfbyname("KBKDF");
1397b0d17251Schristos ret = TEST_ptr(kctx)
1398b0d17251Schristos && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), params), 0)
1399b0d17251Schristos && TEST_mem_eq(result, sizeof(result), output, sizeof(output));
1400b0d17251Schristos
1401b0d17251Schristos EVP_KDF_CTX_free(kctx);
1402b0d17251Schristos return ret;
1403b0d17251Schristos }
1404b0d17251Schristos #endif /* OPENSSL_NO_CMAC */
1405b0d17251Schristos
test_kdf_ss_hmac(void)1406b0d17251Schristos static int test_kdf_ss_hmac(void)
1407b0d17251Schristos {
1408b0d17251Schristos int ret;
1409b0d17251Schristos EVP_KDF_CTX *kctx;
1410b0d17251Schristos OSSL_PARAM params[6], *p = params;
1411b0d17251Schristos unsigned char out[16];
1412b0d17251Schristos static unsigned char z[] = {
1413b0d17251Schristos 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
1414b0d17251Schristos };
1415b0d17251Schristos static unsigned char other[] = {
1416b0d17251Schristos 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
1417b0d17251Schristos };
1418b0d17251Schristos static unsigned char salt[] = {
1419b0d17251Schristos 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
1420b0d17251Schristos 0x3f,0x89
1421b0d17251Schristos };
1422b0d17251Schristos static const unsigned char expected[sizeof(out)] = {
1423b0d17251Schristos 0x44,0xf6,0x76,0xe8,0x5c,0x1b,0x1a,0x8b,0xbc,0x3d,0x31,0x92,0x18,0x63,
1424b0d17251Schristos 0x1c,0xa3
1425b0d17251Schristos };
1426b0d17251Schristos
1427b0d17251Schristos *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
1428b0d17251Schristos (char *)OSSL_MAC_NAME_HMAC, 0);
1429b0d17251Schristos *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
1430b0d17251Schristos (char *)"sha256", 0);
1431b0d17251Schristos *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
1432b0d17251Schristos *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
1433b0d17251Schristos sizeof(other));
1434b0d17251Schristos *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt,
1435b0d17251Schristos sizeof(salt));
1436b0d17251Schristos *p = OSSL_PARAM_construct_end();
1437b0d17251Schristos
1438b0d17251Schristos ret =
1439b0d17251Schristos TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
1440b0d17251Schristos && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
1441b0d17251Schristos && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1442b0d17251Schristos
1443b0d17251Schristos EVP_KDF_CTX_free(kctx);
1444b0d17251Schristos return ret;
1445b0d17251Schristos }
1446b0d17251Schristos
test_kdf_ss_kmac(void)1447b0d17251Schristos static int test_kdf_ss_kmac(void)
1448b0d17251Schristos {
1449b0d17251Schristos int ret;
1450b0d17251Schristos EVP_KDF_CTX *kctx;
1451b0d17251Schristos OSSL_PARAM params[7], *p = params;
1452b0d17251Schristos unsigned char out[64];
1453b0d17251Schristos size_t mac_size = 20;
1454b0d17251Schristos static unsigned char z[] = {
1455b0d17251Schristos 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
1456b0d17251Schristos };
1457b0d17251Schristos static unsigned char other[] = {
1458b0d17251Schristos 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
1459b0d17251Schristos };
1460b0d17251Schristos static unsigned char salt[] = {
1461b0d17251Schristos 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
1462b0d17251Schristos 0x3f,0x89
1463b0d17251Schristos };
1464b0d17251Schristos static const unsigned char expected[sizeof(out)] = {
1465b0d17251Schristos 0xe9,0xc1,0x84,0x53,0xa0,0x62,0xb5,0x3b,0xdb,0xfc,0xbb,0x5a,0x34,0xbd,
1466b0d17251Schristos 0xb8,0xe5,0xe7,0x07,0xee,0xbb,0x5d,0xd1,0x34,0x42,0x43,0xd8,0xcf,0xc2,
1467b0d17251Schristos 0xc2,0xe6,0x33,0x2f,0x91,0xbd,0xa5,0x86,0xf3,0x7d,0xe4,0x8a,0x65,0xd4,
1468b0d17251Schristos 0xc5,0x14,0xfd,0xef,0xaa,0x1e,0x67,0x54,0xf3,0x73,0xd2,0x38,0xe1,0x95,
1469b0d17251Schristos 0xae,0x15,0x7e,0x1d,0xe8,0x14,0x98,0x03
1470b0d17251Schristos };
1471b0d17251Schristos
1472b0d17251Schristos *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
1473b0d17251Schristos (char *)OSSL_MAC_NAME_KMAC128, 0);
1474b0d17251Schristos /* The digest parameter is not needed here and should be ignored */
1475b0d17251Schristos *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
1476b0d17251Schristos (char *)"SHA256", 0);
1477b0d17251Schristos *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
1478b0d17251Schristos *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
1479b0d17251Schristos sizeof(other));
1480b0d17251Schristos *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt,
1481b0d17251Schristos sizeof(salt));
1482b0d17251Schristos *p++ = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_MAC_SIZE, &mac_size);
1483b0d17251Schristos *p = OSSL_PARAM_construct_end();
1484b0d17251Schristos
1485b0d17251Schristos ret =
1486b0d17251Schristos TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
1487b0d17251Schristos && TEST_size_t_eq(EVP_KDF_CTX_get_kdf_size(kctx), 0)
1488b0d17251Schristos && TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 1)
1489b0d17251Schristos /* The bug fix for KMAC returning SIZE_MAX was added in 3.0.8 */
1490b0d17251Schristos && (fips_provider_version_lt(NULL, 3, 0, 8)
1491b0d17251Schristos || TEST_size_t_eq(EVP_KDF_CTX_get_kdf_size(kctx), SIZE_MAX))
1492b0d17251Schristos && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)
1493b0d17251Schristos && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1494b0d17251Schristos
1495b0d17251Schristos EVP_KDF_CTX_free(kctx);
1496b0d17251Schristos return ret;
1497b0d17251Schristos }
1498b0d17251Schristos
test_kdf_sshkdf(void)1499b0d17251Schristos static int test_kdf_sshkdf(void)
1500b0d17251Schristos {
1501b0d17251Schristos int ret;
1502b0d17251Schristos EVP_KDF_CTX *kctx;
1503b0d17251Schristos OSSL_PARAM params[6], *p = params;
1504b0d17251Schristos char kdftype = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV;
1505b0d17251Schristos unsigned char out[8];
1506b0d17251Schristos /* Test data from NIST CAVS 14.1 test vectors */
1507b0d17251Schristos static unsigned char key[] = {
1508b0d17251Schristos 0x00, 0x00, 0x00, 0x81, 0x00, 0x87, 0x5c, 0x55, 0x1c, 0xef, 0x52, 0x6a,
1509b0d17251Schristos 0x4a, 0x8b, 0xe1, 0xa7, 0xdf, 0x27, 0xe9, 0xed, 0x35, 0x4b, 0xac, 0x9a,
1510b0d17251Schristos 0xfb, 0x71, 0xf5, 0x3d, 0xba, 0xe9, 0x05, 0x67, 0x9d, 0x14, 0xf9, 0xfa,
1511b0d17251Schristos 0xf2, 0x46, 0x9c, 0x53, 0x45, 0x7c, 0xf8, 0x0a, 0x36, 0x6b, 0xe2, 0x78,
1512b0d17251Schristos 0x96, 0x5b, 0xa6, 0x25, 0x52, 0x76, 0xca, 0x2d, 0x9f, 0x4a, 0x97, 0xd2,
1513b0d17251Schristos 0x71, 0xf7, 0x1e, 0x50, 0xd8, 0xa9, 0xec, 0x46, 0x25, 0x3a, 0x6a, 0x90,
1514b0d17251Schristos 0x6a, 0xc2, 0xc5, 0xe4, 0xf4, 0x8b, 0x27, 0xa6, 0x3c, 0xe0, 0x8d, 0x80,
1515b0d17251Schristos 0x39, 0x0a, 0x49, 0x2a, 0xa4, 0x3b, 0xad, 0x9d, 0x88, 0x2c, 0xca, 0xc2,
1516b0d17251Schristos 0x3d, 0xac, 0x88, 0xbc, 0xad, 0xa4, 0xb4, 0xd4, 0x26, 0xa3, 0x62, 0x08,
1517b0d17251Schristos 0x3d, 0xab, 0x65, 0x69, 0xc5, 0x4c, 0x22, 0x4d, 0xd2, 0xd8, 0x76, 0x43,
1518b0d17251Schristos 0xaa, 0x22, 0x76, 0x93, 0xe1, 0x41, 0xad, 0x16, 0x30, 0xce, 0x13, 0x14,
1519b0d17251Schristos 0x4e
1520b0d17251Schristos };
1521b0d17251Schristos static unsigned char xcghash[] = {
1522b0d17251Schristos 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
1523b0d17251Schristos 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
1524b0d17251Schristos 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
1525b0d17251Schristos };
1526b0d17251Schristos static unsigned char sessid[] = {
1527b0d17251Schristos 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
1528b0d17251Schristos 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
1529b0d17251Schristos 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
1530b0d17251Schristos };
1531b0d17251Schristos static const unsigned char expected[sizeof(out)] = {
1532b0d17251Schristos 0x41, 0xff, 0x2e, 0xad, 0x16, 0x83, 0xf1, 0xe6
1533b0d17251Schristos };
1534b0d17251Schristos
1535b0d17251Schristos *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
1536b0d17251Schristos (char *)"sha256", 0);
1537b0d17251Schristos *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key,
1538b0d17251Schristos sizeof(key));
1539b0d17251Schristos *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_XCGHASH,
1540b0d17251Schristos xcghash, sizeof(xcghash));
1541b0d17251Schristos *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_SESSION_ID,
1542b0d17251Schristos sessid, sizeof(sessid));
1543b0d17251Schristos *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE,
1544b0d17251Schristos &kdftype, sizeof(kdftype));
1545b0d17251Schristos *p = OSSL_PARAM_construct_end();
1546b0d17251Schristos
1547b0d17251Schristos ret =
1548b0d17251Schristos TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSHKDF))
1549b0d17251Schristos && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
1550b0d17251Schristos && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1551b0d17251Schristos
1552b0d17251Schristos EVP_KDF_CTX_free(kctx);
1553b0d17251Schristos return ret;
1554b0d17251Schristos }
1555b0d17251Schristos
test_kdfs_same(EVP_KDF * kdf1,EVP_KDF * kdf2)1556b0d17251Schristos static int test_kdfs_same( EVP_KDF *kdf1, EVP_KDF *kdf2)
1557b0d17251Schristos {
1558b0d17251Schristos /* Fast path in case the two are the same algorithm pointer */
1559b0d17251Schristos if (kdf1 == kdf2)
1560b0d17251Schristos return 1;
1561b0d17251Schristos /*
1562b0d17251Schristos * Compare their names and providers instead.
1563b0d17251Schristos * This is necessary in a non-caching build (or a cache flush during fetch)
1564b0d17251Schristos * because without the algorithm in the cache, fetching it a second time
1565b0d17251Schristos * will result in a different pointer.
1566b0d17251Schristos */
1567b0d17251Schristos return TEST_ptr_eq(EVP_KDF_get0_provider(kdf1), EVP_KDF_get0_provider(kdf2))
1568b0d17251Schristos && TEST_str_eq(EVP_KDF_get0_name(kdf1), EVP_KDF_get0_name(kdf2));
1569b0d17251Schristos }
1570b0d17251Schristos
test_kdf_get_kdf(void)1571b0d17251Schristos static int test_kdf_get_kdf(void)
1572b0d17251Schristos {
1573b0d17251Schristos EVP_KDF *kdf1 = NULL, *kdf2 = NULL;
1574b0d17251Schristos ASN1_OBJECT *obj;
1575b0d17251Schristos int ok = 1;
1576b0d17251Schristos
1577b0d17251Schristos if (!TEST_ptr(obj = OBJ_nid2obj(NID_id_pbkdf2))
1578b0d17251Schristos || !TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_PBKDF2, NULL))
1579b0d17251Schristos || !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(OBJ_obj2nid(obj)),
1580b0d17251Schristos NULL))
1581b0d17251Schristos || !test_kdfs_same(kdf1, kdf2))
1582b0d17251Schristos ok = 0;
1583b0d17251Schristos EVP_KDF_free(kdf1);
1584b0d17251Schristos kdf1 = NULL;
1585b0d17251Schristos EVP_KDF_free(kdf2);
1586b0d17251Schristos kdf2 = NULL;
1587b0d17251Schristos
1588b0d17251Schristos if (!TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, SN_tls1_prf, NULL))
1589b0d17251Schristos || !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, LN_tls1_prf, NULL))
1590b0d17251Schristos || !test_kdfs_same(kdf1, kdf2))
1591b0d17251Schristos ok = 0;
1592b0d17251Schristos /* kdf1 is re-used below, so don't free it here */
1593b0d17251Schristos EVP_KDF_free(kdf2);
1594b0d17251Schristos kdf2 = NULL;
1595b0d17251Schristos
1596b0d17251Schristos if (!TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(NID_tls1_prf), NULL))
1597b0d17251Schristos || !test_kdfs_same(kdf1, kdf2))
1598b0d17251Schristos ok = 0;
1599b0d17251Schristos EVP_KDF_free(kdf1);
1600b0d17251Schristos kdf1 = NULL;
1601b0d17251Schristos EVP_KDF_free(kdf2);
1602b0d17251Schristos kdf2 = NULL;
1603b0d17251Schristos
1604b0d17251Schristos return ok;
1605b0d17251Schristos }
1606b0d17251Schristos
1607b0d17251Schristos #if !defined(OPENSSL_NO_CMS) && !defined(OPENSSL_NO_DES)
test_kdf_x942_asn1(void)1608b0d17251Schristos static int test_kdf_x942_asn1(void)
1609b0d17251Schristos {
1610b0d17251Schristos int ret;
1611b0d17251Schristos EVP_KDF_CTX *kctx = NULL;
1612b0d17251Schristos OSSL_PARAM params[4], *p = params;
1613b0d17251Schristos const char *cek_alg = SN_id_smime_alg_CMS3DESwrap;
1614b0d17251Schristos unsigned char out[24];
1615b0d17251Schristos /* RFC2631 Section 2.1.6 Test data */
1616b0d17251Schristos static unsigned char z[] = {
1617b0d17251Schristos 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,
1618b0d17251Schristos 0x0e,0x0f,0x10,0x11,0x12,0x13
1619b0d17251Schristos };
1620b0d17251Schristos static const unsigned char expected[sizeof(out)] = {
1621b0d17251Schristos 0xa0,0x96,0x61,0x39,0x23,0x76,0xf7,0x04,
1622b0d17251Schristos 0x4d,0x90,0x52,0xa3,0x97,0x88,0x32,0x46,
1623b0d17251Schristos 0xb6,0x7f,0x5f,0x1e,0xf6,0x3e,0xb5,0xfb
1624b0d17251Schristos };
1625b0d17251Schristos
1626b0d17251Schristos *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
1627b0d17251Schristos (char *)"sha1", 0);
1628b0d17251Schristos *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z,
1629b0d17251Schristos sizeof(z));
1630b0d17251Schristos *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG,
1631b0d17251Schristos (char *)cek_alg, 0);
1632b0d17251Schristos *p = OSSL_PARAM_construct_end();
1633b0d17251Schristos
1634b0d17251Schristos ret =
1635b0d17251Schristos TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X942KDF_ASN1))
1636b0d17251Schristos && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
1637b0d17251Schristos && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1638b0d17251Schristos
1639b0d17251Schristos EVP_KDF_CTX_free(kctx);
1640b0d17251Schristos return ret;
1641b0d17251Schristos }
1642b0d17251Schristos #endif /* OPENSSL_NO_CMS */
1643b0d17251Schristos
test_kdf_krb5kdf(void)1644b0d17251Schristos static int test_kdf_krb5kdf(void)
1645b0d17251Schristos {
1646b0d17251Schristos int ret;
1647b0d17251Schristos EVP_KDF_CTX *kctx;
1648b0d17251Schristos OSSL_PARAM params[4], *p = params;
1649b0d17251Schristos unsigned char out[16];
1650b0d17251Schristos static unsigned char key[] = {
1651b0d17251Schristos 0x42, 0x26, 0x3C, 0x6E, 0x89, 0xF4, 0xFC, 0x28,
1652b0d17251Schristos 0xB8, 0xDF, 0x68, 0xEE, 0x09, 0x79, 0x9F, 0x15
1653b0d17251Schristos };
1654b0d17251Schristos static unsigned char constant[] = {
1655b0d17251Schristos 0x00, 0x00, 0x00, 0x02, 0x99
1656b0d17251Schristos };
1657b0d17251Schristos static const unsigned char expected[sizeof(out)] = {
1658b0d17251Schristos 0x34, 0x28, 0x0A, 0x38, 0x2B, 0xC9, 0x27, 0x69,
1659b0d17251Schristos 0xB2, 0xDA, 0x2F, 0x9E, 0xF0, 0x66, 0x85, 0x4B
1660b0d17251Schristos };
1661b0d17251Schristos
1662b0d17251Schristos *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER,
1663b0d17251Schristos (char *)"AES-128-CBC", 0);
1664b0d17251Schristos *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key,
1665b0d17251Schristos sizeof(key));
1666b0d17251Schristos *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_CONSTANT,
1667b0d17251Schristos constant, sizeof(constant));
1668b0d17251Schristos *p = OSSL_PARAM_construct_end();
1669b0d17251Schristos
1670b0d17251Schristos ret =
1671b0d17251Schristos TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_KRB5KDF))
1672b0d17251Schristos && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
1673b0d17251Schristos && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1674b0d17251Schristos
1675b0d17251Schristos EVP_KDF_CTX_free(kctx);
1676b0d17251Schristos return ret;
1677b0d17251Schristos }
1678b0d17251Schristos
setup_tests(void)1679b0d17251Schristos int setup_tests(void)
1680b0d17251Schristos {
1681b0d17251Schristos ADD_TEST(test_kdf_pbkdf1);
1682*0e2e28bcSchristos ADD_TEST(test_kdf_pbkdf1_key_too_long);
1683b0d17251Schristos #if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_CAMELLIA)
1684b0d17251Schristos ADD_TEST(test_kdf_kbkdf_6803_128);
1685b0d17251Schristos ADD_TEST(test_kdf_kbkdf_6803_256);
1686b0d17251Schristos #endif
1687b0d17251Schristos ADD_TEST(test_kdf_kbkdf_invalid_digest);
1688b0d17251Schristos ADD_TEST(test_kdf_kbkdf_invalid_mac);
1689b0d17251Schristos ADD_TEST(test_kdf_kbkdf_zero_output_size);
1690b0d17251Schristos ADD_TEST(test_kdf_kbkdf_empty_key);
1691b0d17251Schristos ADD_TEST(test_kdf_kbkdf_1byte_key);
1692b0d17251Schristos ADD_TEST(test_kdf_kbkdf_8009_prf1);
1693b0d17251Schristos ADD_TEST(test_kdf_kbkdf_8009_prf2);
1694b0d17251Schristos #if !defined(OPENSSL_NO_CMAC)
1695b0d17251Schristos ADD_TEST(test_kdf_kbkdf_fixedinfo);
1696b0d17251Schristos #endif
1697b0d17251Schristos ADD_TEST(test_kdf_get_kdf);
1698b0d17251Schristos ADD_TEST(test_kdf_tls1_prf);
1699b0d17251Schristos ADD_TEST(test_kdf_tls1_prf_invalid_digest);
1700b0d17251Schristos ADD_TEST(test_kdf_tls1_prf_zero_output_size);
1701b0d17251Schristos ADD_TEST(test_kdf_tls1_prf_empty_secret);
1702b0d17251Schristos ADD_TEST(test_kdf_tls1_prf_1byte_secret);
1703b0d17251Schristos ADD_TEST(test_kdf_tls1_prf_empty_seed);
1704b0d17251Schristos ADD_TEST(test_kdf_tls1_prf_1byte_seed);
1705b0d17251Schristos ADD_TEST(test_kdf_hkdf);
1706b0d17251Schristos ADD_TEST(test_kdf_hkdf_invalid_digest);
1707b0d17251Schristos ADD_TEST(test_kdf_hkdf_zero_output_size);
1708b0d17251Schristos ADD_TEST(test_kdf_hkdf_empty_key);
1709b0d17251Schristos ADD_TEST(test_kdf_hkdf_1byte_key);
1710b0d17251Schristos ADD_TEST(test_kdf_hkdf_empty_salt);
1711b0d17251Schristos ADD_TEST(test_kdf_hkdf_gettables);
1712b0d17251Schristos ADD_TEST(test_kdf_hkdf_gettables_expandonly);
1713b0d17251Schristos ADD_TEST(test_kdf_hkdf_gettables_no_digest);
1714b0d17251Schristos ADD_TEST(test_kdf_hkdf_derive_set_params_fail);
1715b0d17251Schristos ADD_TEST(test_kdf_hkdf_set_invalid_mode);
1716b0d17251Schristos ADD_TEST(test_kdf_hkdf_set_ctx_param_fail);
1717b0d17251Schristos ADD_TEST(test_kdf_pbkdf2);
1718b0d17251Schristos ADD_TEST(test_kdf_pbkdf2_small_output);
1719b0d17251Schristos ADD_TEST(test_kdf_pbkdf2_large_output);
1720b0d17251Schristos ADD_TEST(test_kdf_pbkdf2_small_salt);
1721b0d17251Schristos ADD_TEST(test_kdf_pbkdf2_small_iterations);
1722b0d17251Schristos ADD_TEST(test_kdf_pbkdf2_small_salt_pkcs5);
1723b0d17251Schristos ADD_TEST(test_kdf_pbkdf2_small_iterations_pkcs5);
1724b0d17251Schristos ADD_TEST(test_kdf_pbkdf2_invalid_digest);
1725b0d17251Schristos #ifndef OPENSSL_NO_SCRYPT
1726b0d17251Schristos ADD_TEST(test_kdf_scrypt);
1727b0d17251Schristos #endif
1728b0d17251Schristos ADD_TEST(test_kdf_ss_hash);
1729b0d17251Schristos ADD_TEST(test_kdf_ss_hmac);
1730b0d17251Schristos ADD_TEST(test_kdf_ss_kmac);
1731b0d17251Schristos ADD_TEST(test_kdf_sshkdf);
1732b0d17251Schristos ADD_TEST(test_kdf_x963);
1733b0d17251Schristos #if !defined(OPENSSL_NO_CMS) && !defined(OPENSSL_NO_DES)
1734b0d17251Schristos ADD_TEST(test_kdf_x942_asn1);
1735b0d17251Schristos #endif
1736b0d17251Schristos ADD_TEST(test_kdf_krb5kdf);
1737b0d17251Schristos return 1;
1738b0d17251Schristos }
1739