1*e0c4386eSCy Schubert /*
2*e0c4386eSCy Schubert * Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved.
3*e0c4386eSCy Schubert * Copyright (c) 2018-2020, Oracle and/or its affiliates. All rights reserved.
4*e0c4386eSCy Schubert *
5*e0c4386eSCy Schubert * Licensed under the Apache License 2.0 (the "License"). You may not use
6*e0c4386eSCy Schubert * this file except in compliance with the License. You can obtain a copy
7*e0c4386eSCy Schubert * in the file LICENSE in the source distribution or at
8*e0c4386eSCy Schubert * https://www.openssl.org/source/license.html
9*e0c4386eSCy Schubert */
10*e0c4386eSCy Schubert
11*e0c4386eSCy Schubert /* Tests of the EVP_KDF_CTX APIs */
12*e0c4386eSCy Schubert
13*e0c4386eSCy Schubert #include <stdio.h>
14*e0c4386eSCy Schubert #include <string.h>
15*e0c4386eSCy Schubert
16*e0c4386eSCy Schubert #include <openssl/evp.h>
17*e0c4386eSCy Schubert #include <openssl/kdf.h>
18*e0c4386eSCy Schubert #include <openssl/core_names.h>
19*e0c4386eSCy Schubert #include "internal/numbers.h"
20*e0c4386eSCy Schubert #include "testutil.h"
21*e0c4386eSCy Schubert
22*e0c4386eSCy Schubert
get_kdfbyname_libctx(OSSL_LIB_CTX * libctx,const char * name)23*e0c4386eSCy Schubert static EVP_KDF_CTX *get_kdfbyname_libctx(OSSL_LIB_CTX *libctx, const char *name)
24*e0c4386eSCy Schubert {
25*e0c4386eSCy Schubert EVP_KDF *kdf = EVP_KDF_fetch(libctx, name, NULL);
26*e0c4386eSCy Schubert EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
27*e0c4386eSCy Schubert
28*e0c4386eSCy Schubert EVP_KDF_free(kdf);
29*e0c4386eSCy Schubert return kctx;
30*e0c4386eSCy Schubert }
31*e0c4386eSCy Schubert
get_kdfbyname(const char * name)32*e0c4386eSCy Schubert static EVP_KDF_CTX *get_kdfbyname(const char *name)
33*e0c4386eSCy Schubert {
34*e0c4386eSCy Schubert return get_kdfbyname_libctx(NULL, name);
35*e0c4386eSCy Schubert }
36*e0c4386eSCy Schubert
construct_tls1_prf_params(const char * digest,const char * secret,const char * seed)37*e0c4386eSCy Schubert static OSSL_PARAM *construct_tls1_prf_params(const char *digest, const char *secret,
38*e0c4386eSCy Schubert const char *seed)
39*e0c4386eSCy Schubert {
40*e0c4386eSCy Schubert OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 4);
41*e0c4386eSCy Schubert OSSL_PARAM *p = params;
42*e0c4386eSCy Schubert
43*e0c4386eSCy Schubert if (params == NULL)
44*e0c4386eSCy Schubert return NULL;
45*e0c4386eSCy Schubert
46*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
47*e0c4386eSCy Schubert (char *)digest, 0);
48*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
49*e0c4386eSCy Schubert (unsigned char *)secret,
50*e0c4386eSCy Schubert strlen(secret));
51*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
52*e0c4386eSCy Schubert (unsigned char *)seed,
53*e0c4386eSCy Schubert strlen(seed));
54*e0c4386eSCy Schubert *p = OSSL_PARAM_construct_end();
55*e0c4386eSCy Schubert
56*e0c4386eSCy Schubert return params;
57*e0c4386eSCy Schubert }
58*e0c4386eSCy Schubert
test_kdf_tls1_prf(void)59*e0c4386eSCy Schubert static int test_kdf_tls1_prf(void)
60*e0c4386eSCy Schubert {
61*e0c4386eSCy Schubert int ret;
62*e0c4386eSCy Schubert EVP_KDF_CTX *kctx = NULL;
63*e0c4386eSCy Schubert unsigned char out[16];
64*e0c4386eSCy Schubert OSSL_PARAM *params;
65*e0c4386eSCy Schubert static const unsigned char expected[sizeof(out)] = {
66*e0c4386eSCy Schubert 0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0,
67*e0c4386eSCy Schubert 0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc
68*e0c4386eSCy Schubert };
69*e0c4386eSCy Schubert
70*e0c4386eSCy Schubert params = construct_tls1_prf_params("sha256", "secret", "seed");
71*e0c4386eSCy Schubert
72*e0c4386eSCy Schubert ret = TEST_ptr(params)
73*e0c4386eSCy Schubert && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
74*e0c4386eSCy Schubert && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
75*e0c4386eSCy Schubert && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
76*e0c4386eSCy Schubert
77*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
78*e0c4386eSCy Schubert OPENSSL_free(params);
79*e0c4386eSCy Schubert return ret;
80*e0c4386eSCy Schubert }
81*e0c4386eSCy Schubert
test_kdf_tls1_prf_invalid_digest(void)82*e0c4386eSCy Schubert static int test_kdf_tls1_prf_invalid_digest(void)
83*e0c4386eSCy Schubert {
84*e0c4386eSCy Schubert int ret;
85*e0c4386eSCy Schubert EVP_KDF_CTX *kctx = NULL;
86*e0c4386eSCy Schubert OSSL_PARAM *params;
87*e0c4386eSCy Schubert
88*e0c4386eSCy Schubert params = construct_tls1_prf_params("blah", "secret", "seed");
89*e0c4386eSCy Schubert
90*e0c4386eSCy Schubert ret = TEST_ptr(params)
91*e0c4386eSCy Schubert && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
92*e0c4386eSCy Schubert && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
93*e0c4386eSCy Schubert
94*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
95*e0c4386eSCy Schubert OPENSSL_free(params);
96*e0c4386eSCy Schubert return ret;
97*e0c4386eSCy Schubert }
98*e0c4386eSCy Schubert
test_kdf_tls1_prf_zero_output_size(void)99*e0c4386eSCy Schubert static int test_kdf_tls1_prf_zero_output_size(void)
100*e0c4386eSCy Schubert {
101*e0c4386eSCy Schubert int ret;
102*e0c4386eSCy Schubert EVP_KDF_CTX *kctx = NULL;
103*e0c4386eSCy Schubert unsigned char out[16];
104*e0c4386eSCy Schubert OSSL_PARAM *params;
105*e0c4386eSCy Schubert
106*e0c4386eSCy Schubert params = construct_tls1_prf_params("sha256", "secret", "seed");
107*e0c4386eSCy Schubert
108*e0c4386eSCy Schubert /* Negative test - derive should fail */
109*e0c4386eSCy Schubert ret = TEST_ptr(params)
110*e0c4386eSCy Schubert && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
111*e0c4386eSCy Schubert && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
112*e0c4386eSCy Schubert && TEST_int_eq(EVP_KDF_derive(kctx, out, 0, NULL), 0);
113*e0c4386eSCy Schubert
114*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
115*e0c4386eSCy Schubert OPENSSL_free(params);
116*e0c4386eSCy Schubert return ret;
117*e0c4386eSCy Schubert }
118*e0c4386eSCy Schubert
test_kdf_tls1_prf_empty_secret(void)119*e0c4386eSCy Schubert static int test_kdf_tls1_prf_empty_secret(void)
120*e0c4386eSCy Schubert {
121*e0c4386eSCy Schubert int ret;
122*e0c4386eSCy Schubert EVP_KDF_CTX *kctx = NULL;
123*e0c4386eSCy Schubert unsigned char out[16];
124*e0c4386eSCy Schubert OSSL_PARAM *params;
125*e0c4386eSCy Schubert
126*e0c4386eSCy Schubert params = construct_tls1_prf_params("sha256", "", "seed");
127*e0c4386eSCy Schubert
128*e0c4386eSCy Schubert ret = TEST_ptr(params)
129*e0c4386eSCy Schubert && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
130*e0c4386eSCy Schubert && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
131*e0c4386eSCy Schubert
132*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
133*e0c4386eSCy Schubert OPENSSL_free(params);
134*e0c4386eSCy Schubert return ret;
135*e0c4386eSCy Schubert }
136*e0c4386eSCy Schubert
test_kdf_tls1_prf_1byte_secret(void)137*e0c4386eSCy Schubert static int test_kdf_tls1_prf_1byte_secret(void)
138*e0c4386eSCy Schubert {
139*e0c4386eSCy Schubert int ret;
140*e0c4386eSCy Schubert EVP_KDF_CTX *kctx = NULL;
141*e0c4386eSCy Schubert unsigned char out[16];
142*e0c4386eSCy Schubert OSSL_PARAM *params;
143*e0c4386eSCy Schubert
144*e0c4386eSCy Schubert params = construct_tls1_prf_params("sha256", "1", "seed");
145*e0c4386eSCy Schubert
146*e0c4386eSCy Schubert ret = TEST_ptr(params)
147*e0c4386eSCy Schubert && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
148*e0c4386eSCy Schubert && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
149*e0c4386eSCy Schubert
150*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
151*e0c4386eSCy Schubert OPENSSL_free(params);
152*e0c4386eSCy Schubert return ret;
153*e0c4386eSCy Schubert }
154*e0c4386eSCy Schubert
test_kdf_tls1_prf_empty_seed(void)155*e0c4386eSCy Schubert static int test_kdf_tls1_prf_empty_seed(void)
156*e0c4386eSCy Schubert {
157*e0c4386eSCy Schubert int ret;
158*e0c4386eSCy Schubert EVP_KDF_CTX *kctx = NULL;
159*e0c4386eSCy Schubert unsigned char out[16];
160*e0c4386eSCy Schubert OSSL_PARAM *params;
161*e0c4386eSCy Schubert
162*e0c4386eSCy Schubert params = construct_tls1_prf_params("sha256", "secret", "");
163*e0c4386eSCy Schubert
164*e0c4386eSCy Schubert /* Negative test - derive should fail */
165*e0c4386eSCy Schubert ret = TEST_ptr(params)
166*e0c4386eSCy Schubert && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
167*e0c4386eSCy Schubert && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
168*e0c4386eSCy Schubert && TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0);
169*e0c4386eSCy Schubert
170*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
171*e0c4386eSCy Schubert OPENSSL_free(params);
172*e0c4386eSCy Schubert return ret;
173*e0c4386eSCy Schubert }
174*e0c4386eSCy Schubert
test_kdf_tls1_prf_1byte_seed(void)175*e0c4386eSCy Schubert static int test_kdf_tls1_prf_1byte_seed(void)
176*e0c4386eSCy Schubert {
177*e0c4386eSCy Schubert int ret;
178*e0c4386eSCy Schubert EVP_KDF_CTX *kctx = NULL;
179*e0c4386eSCy Schubert unsigned char out[16];
180*e0c4386eSCy Schubert OSSL_PARAM *params;
181*e0c4386eSCy Schubert
182*e0c4386eSCy Schubert params = construct_tls1_prf_params("sha256", "secret", "1");
183*e0c4386eSCy Schubert
184*e0c4386eSCy Schubert ret = TEST_ptr(params)
185*e0c4386eSCy Schubert && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
186*e0c4386eSCy Schubert && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
187*e0c4386eSCy Schubert
188*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
189*e0c4386eSCy Schubert OPENSSL_free(params);
190*e0c4386eSCy Schubert return ret;
191*e0c4386eSCy Schubert }
192*e0c4386eSCy Schubert
construct_hkdf_params(char * digest,char * key,size_t keylen,char * salt,char * info)193*e0c4386eSCy Schubert static OSSL_PARAM *construct_hkdf_params(char *digest, char *key,
194*e0c4386eSCy Schubert size_t keylen, char *salt, char *info)
195*e0c4386eSCy Schubert {
196*e0c4386eSCy Schubert OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 5);
197*e0c4386eSCy Schubert OSSL_PARAM *p = params;
198*e0c4386eSCy Schubert
199*e0c4386eSCy Schubert if (params == NULL)
200*e0c4386eSCy Schubert return NULL;
201*e0c4386eSCy Schubert
202*e0c4386eSCy Schubert if (digest != NULL)
203*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
204*e0c4386eSCy Schubert digest, 0);
205*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
206*e0c4386eSCy Schubert salt, strlen(salt));
207*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
208*e0c4386eSCy Schubert (unsigned char *)key, keylen);
209*e0c4386eSCy Schubert if (info != NULL)
210*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
211*e0c4386eSCy Schubert info, strlen(info));
212*e0c4386eSCy Schubert else
213*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE,
214*e0c4386eSCy Schubert "EXTRACT_ONLY", 0);
215*e0c4386eSCy Schubert *p = OSSL_PARAM_construct_end();
216*e0c4386eSCy Schubert
217*e0c4386eSCy Schubert return params;
218*e0c4386eSCy Schubert }
219*e0c4386eSCy Schubert
test_kdf_hkdf(void)220*e0c4386eSCy Schubert static int test_kdf_hkdf(void)
221*e0c4386eSCy Schubert {
222*e0c4386eSCy Schubert int ret;
223*e0c4386eSCy Schubert EVP_KDF_CTX *kctx = NULL;
224*e0c4386eSCy Schubert unsigned char out[10];
225*e0c4386eSCy Schubert OSSL_PARAM *params;
226*e0c4386eSCy Schubert static const unsigned char expected[sizeof(out)] = {
227*e0c4386eSCy Schubert 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13
228*e0c4386eSCy Schubert };
229*e0c4386eSCy Schubert
230*e0c4386eSCy Schubert params = construct_hkdf_params("sha256", "secret", 6, "salt", "label");
231*e0c4386eSCy Schubert
232*e0c4386eSCy Schubert ret = TEST_ptr(params)
233*e0c4386eSCy Schubert && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
234*e0c4386eSCy Schubert && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
235*e0c4386eSCy Schubert && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
236*e0c4386eSCy Schubert
237*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
238*e0c4386eSCy Schubert OPENSSL_free(params);
239*e0c4386eSCy Schubert return ret;
240*e0c4386eSCy Schubert }
241*e0c4386eSCy Schubert
do_kdf_hkdf_gettables(int expand_only,int has_digest)242*e0c4386eSCy Schubert static int do_kdf_hkdf_gettables(int expand_only, int has_digest)
243*e0c4386eSCy Schubert {
244*e0c4386eSCy Schubert int ret = 0;
245*e0c4386eSCy Schubert size_t sz = 0;
246*e0c4386eSCy Schubert OSSL_PARAM *params;
247*e0c4386eSCy Schubert OSSL_PARAM params_get[2];
248*e0c4386eSCy Schubert const OSSL_PARAM *gettables, *p;
249*e0c4386eSCy Schubert EVP_KDF_CTX *kctx = NULL;
250*e0c4386eSCy Schubert
251*e0c4386eSCy Schubert if (!TEST_ptr(params = construct_hkdf_params(
252*e0c4386eSCy Schubert has_digest ? "sha256" : NULL,
253*e0c4386eSCy Schubert "secret", 6, "salt",
254*e0c4386eSCy Schubert expand_only ? NULL : "label"))
255*e0c4386eSCy Schubert || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
256*e0c4386eSCy Schubert || !TEST_true(EVP_KDF_CTX_set_params(kctx, params)))
257*e0c4386eSCy Schubert goto err;
258*e0c4386eSCy Schubert
259*e0c4386eSCy Schubert /* Check OSSL_KDF_PARAM_SIZE is gettable */
260*e0c4386eSCy Schubert if (!TEST_ptr(gettables = EVP_KDF_CTX_gettable_params(kctx))
261*e0c4386eSCy Schubert || !TEST_ptr(p = OSSL_PARAM_locate_const(gettables, OSSL_KDF_PARAM_SIZE)))
262*e0c4386eSCy Schubert goto err;
263*e0c4386eSCy Schubert
264*e0c4386eSCy Schubert /* Get OSSL_KDF_PARAM_SIZE as a size_t */
265*e0c4386eSCy Schubert params_get[0] = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_SIZE, &sz);
266*e0c4386eSCy Schubert params_get[1] = OSSL_PARAM_construct_end();
267*e0c4386eSCy Schubert if (has_digest) {
268*e0c4386eSCy Schubert if (!TEST_int_eq(EVP_KDF_CTX_get_params(kctx, params_get), 1)
269*e0c4386eSCy Schubert || !TEST_size_t_eq(sz, expand_only ? SHA256_DIGEST_LENGTH : SIZE_MAX))
270*e0c4386eSCy Schubert goto err;
271*e0c4386eSCy Schubert } else {
272*e0c4386eSCy Schubert if (!TEST_int_eq(EVP_KDF_CTX_get_params(kctx, params_get), 0))
273*e0c4386eSCy Schubert goto err;
274*e0c4386eSCy Schubert }
275*e0c4386eSCy Schubert
276*e0c4386eSCy Schubert /* Get params returns -2 if an unsupported parameter is requested */
277*e0c4386eSCy Schubert params_get[0] = OSSL_PARAM_construct_end();
278*e0c4386eSCy Schubert if (!TEST_int_eq(EVP_KDF_CTX_get_params(kctx, params_get), -2))
279*e0c4386eSCy Schubert goto err;
280*e0c4386eSCy Schubert ret = 1;
281*e0c4386eSCy Schubert err:
282*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
283*e0c4386eSCy Schubert OPENSSL_free(params);
284*e0c4386eSCy Schubert return ret;
285*e0c4386eSCy Schubert }
286*e0c4386eSCy Schubert
test_kdf_hkdf_gettables(void)287*e0c4386eSCy Schubert static int test_kdf_hkdf_gettables(void)
288*e0c4386eSCy Schubert {
289*e0c4386eSCy Schubert return do_kdf_hkdf_gettables(0, 1);
290*e0c4386eSCy Schubert }
291*e0c4386eSCy Schubert
test_kdf_hkdf_gettables_expandonly(void)292*e0c4386eSCy Schubert static int test_kdf_hkdf_gettables_expandonly(void)
293*e0c4386eSCy Schubert {
294*e0c4386eSCy Schubert return do_kdf_hkdf_gettables(1, 1);
295*e0c4386eSCy Schubert }
296*e0c4386eSCy Schubert
test_kdf_hkdf_gettables_no_digest(void)297*e0c4386eSCy Schubert static int test_kdf_hkdf_gettables_no_digest(void)
298*e0c4386eSCy Schubert {
299*e0c4386eSCy Schubert return do_kdf_hkdf_gettables(1, 0);
300*e0c4386eSCy Schubert }
301*e0c4386eSCy Schubert
test_kdf_hkdf_invalid_digest(void)302*e0c4386eSCy Schubert static int test_kdf_hkdf_invalid_digest(void)
303*e0c4386eSCy Schubert {
304*e0c4386eSCy Schubert int ret;
305*e0c4386eSCy Schubert EVP_KDF_CTX *kctx = NULL;
306*e0c4386eSCy Schubert OSSL_PARAM *params;
307*e0c4386eSCy Schubert
308*e0c4386eSCy Schubert params = construct_hkdf_params("blah", "secret", 6, "salt", "label");
309*e0c4386eSCy Schubert
310*e0c4386eSCy Schubert ret = TEST_ptr(params)
311*e0c4386eSCy Schubert && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
312*e0c4386eSCy Schubert && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
313*e0c4386eSCy Schubert
314*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
315*e0c4386eSCy Schubert OPENSSL_free(params);
316*e0c4386eSCy Schubert return ret;
317*e0c4386eSCy Schubert }
318*e0c4386eSCy Schubert
test_kdf_hkdf_derive_set_params_fail(void)319*e0c4386eSCy Schubert static int test_kdf_hkdf_derive_set_params_fail(void)
320*e0c4386eSCy Schubert {
321*e0c4386eSCy Schubert int ret = 0, i = 0;
322*e0c4386eSCy Schubert EVP_KDF_CTX *kctx = NULL;
323*e0c4386eSCy Schubert OSSL_PARAM params[2];
324*e0c4386eSCy Schubert unsigned char out[10];
325*e0c4386eSCy Schubert
326*e0c4386eSCy Schubert if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)))
327*e0c4386eSCy Schubert goto end;
328*e0c4386eSCy Schubert /*
329*e0c4386eSCy Schubert * Set the wrong type for the digest so that it causes a failure
330*e0c4386eSCy Schubert * inside kdf_hkdf_derive() when kdf_hkdf_set_ctx_params() is called
331*e0c4386eSCy Schubert */
332*e0c4386eSCy Schubert params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_DIGEST, &i);
333*e0c4386eSCy Schubert params[1] = OSSL_PARAM_construct_end();
334*e0c4386eSCy Schubert if (!TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), params), 0))
335*e0c4386eSCy Schubert goto end;
336*e0c4386eSCy Schubert ret = 1;
337*e0c4386eSCy Schubert end:
338*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
339*e0c4386eSCy Schubert return ret;
340*e0c4386eSCy Schubert }
341*e0c4386eSCy Schubert
test_kdf_hkdf_set_invalid_mode(void)342*e0c4386eSCy Schubert static int test_kdf_hkdf_set_invalid_mode(void)
343*e0c4386eSCy Schubert {
344*e0c4386eSCy Schubert int ret = 0, bad_mode = 100;
345*e0c4386eSCy Schubert EVP_KDF_CTX *kctx = NULL;
346*e0c4386eSCy Schubert OSSL_PARAM params[2];
347*e0c4386eSCy Schubert
348*e0c4386eSCy Schubert if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)))
349*e0c4386eSCy Schubert goto end;
350*e0c4386eSCy Schubert params[0] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE,
351*e0c4386eSCy Schubert "BADMODE", 0);
352*e0c4386eSCy Schubert params[1] = OSSL_PARAM_construct_end();
353*e0c4386eSCy Schubert if (!TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 0))
354*e0c4386eSCy Schubert goto end;
355*e0c4386eSCy Schubert
356*e0c4386eSCy Schubert params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE, &bad_mode);
357*e0c4386eSCy Schubert if (!TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 0))
358*e0c4386eSCy Schubert goto end;
359*e0c4386eSCy Schubert
360*e0c4386eSCy Schubert ret = 1;
361*e0c4386eSCy Schubert end:
362*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
363*e0c4386eSCy Schubert return ret;
364*e0c4386eSCy Schubert }
365*e0c4386eSCy Schubert
do_kdf_hkdf_set_invalid_param(const char * key,int type)366*e0c4386eSCy Schubert static int do_kdf_hkdf_set_invalid_param(const char *key, int type)
367*e0c4386eSCy Schubert {
368*e0c4386eSCy Schubert int ret = 0;
369*e0c4386eSCy Schubert EVP_KDF_CTX *kctx = NULL;
370*e0c4386eSCy Schubert OSSL_PARAM params[2];
371*e0c4386eSCy Schubert unsigned char buf[2];
372*e0c4386eSCy Schubert
373*e0c4386eSCy Schubert if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)))
374*e0c4386eSCy Schubert goto end;
375*e0c4386eSCy Schubert /* Set the wrong type for the key so that it causes a failure */
376*e0c4386eSCy Schubert if (type == OSSL_PARAM_UTF8_STRING)
377*e0c4386eSCy Schubert params[0] = OSSL_PARAM_construct_utf8_string(key, "BAD", 0);
378*e0c4386eSCy Schubert else
379*e0c4386eSCy Schubert params[0] = OSSL_PARAM_construct_octet_string(key, buf, sizeof(buf));
380*e0c4386eSCy Schubert params[1] = OSSL_PARAM_construct_end();
381*e0c4386eSCy Schubert if (!TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 0))
382*e0c4386eSCy Schubert goto end;
383*e0c4386eSCy Schubert
384*e0c4386eSCy Schubert ret = 1;
385*e0c4386eSCy Schubert end:
386*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
387*e0c4386eSCy Schubert return ret;
388*e0c4386eSCy Schubert }
389*e0c4386eSCy Schubert
test_kdf_hkdf_set_ctx_param_fail(void)390*e0c4386eSCy Schubert static int test_kdf_hkdf_set_ctx_param_fail(void)
391*e0c4386eSCy Schubert {
392*e0c4386eSCy Schubert return do_kdf_hkdf_set_invalid_param(OSSL_KDF_PARAM_MODE,
393*e0c4386eSCy Schubert OSSL_PARAM_OCTET_STRING)
394*e0c4386eSCy Schubert && do_kdf_hkdf_set_invalid_param(OSSL_KDF_PARAM_KEY,
395*e0c4386eSCy Schubert OSSL_PARAM_UTF8_STRING)
396*e0c4386eSCy Schubert && do_kdf_hkdf_set_invalid_param(OSSL_KDF_PARAM_SALT,
397*e0c4386eSCy Schubert OSSL_PARAM_UTF8_STRING)
398*e0c4386eSCy Schubert && do_kdf_hkdf_set_invalid_param(OSSL_KDF_PARAM_INFO,
399*e0c4386eSCy Schubert OSSL_PARAM_UTF8_STRING);
400*e0c4386eSCy Schubert }
401*e0c4386eSCy Schubert
test_kdf_hkdf_zero_output_size(void)402*e0c4386eSCy Schubert static int test_kdf_hkdf_zero_output_size(void)
403*e0c4386eSCy Schubert {
404*e0c4386eSCy Schubert int ret;
405*e0c4386eSCy Schubert EVP_KDF_CTX *kctx = NULL;
406*e0c4386eSCy Schubert unsigned char out[10];
407*e0c4386eSCy Schubert OSSL_PARAM *params;
408*e0c4386eSCy Schubert
409*e0c4386eSCy Schubert params = construct_hkdf_params("sha256", "secret", 6, "salt", "label");
410*e0c4386eSCy Schubert
411*e0c4386eSCy Schubert /* Negative test - derive should fail */
412*e0c4386eSCy Schubert ret = TEST_ptr(params)
413*e0c4386eSCy Schubert && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
414*e0c4386eSCy Schubert && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
415*e0c4386eSCy Schubert && TEST_int_eq(EVP_KDF_derive(kctx, out, 0, NULL), 0);
416*e0c4386eSCy Schubert
417*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
418*e0c4386eSCy Schubert OPENSSL_free(params);
419*e0c4386eSCy Schubert return ret;
420*e0c4386eSCy Schubert }
421*e0c4386eSCy Schubert
test_kdf_hkdf_empty_key(void)422*e0c4386eSCy Schubert static int test_kdf_hkdf_empty_key(void)
423*e0c4386eSCy Schubert {
424*e0c4386eSCy Schubert int ret;
425*e0c4386eSCy Schubert EVP_KDF_CTX *kctx = NULL;
426*e0c4386eSCy Schubert unsigned char out[10];
427*e0c4386eSCy Schubert OSSL_PARAM *params;
428*e0c4386eSCy Schubert
429*e0c4386eSCy Schubert params = construct_hkdf_params("sha256", "", 0, "salt", "label");
430*e0c4386eSCy Schubert
431*e0c4386eSCy Schubert ret = TEST_ptr(params)
432*e0c4386eSCy Schubert && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
433*e0c4386eSCy Schubert && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
434*e0c4386eSCy Schubert
435*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
436*e0c4386eSCy Schubert OPENSSL_free(params);
437*e0c4386eSCy Schubert return ret;
438*e0c4386eSCy Schubert }
439*e0c4386eSCy Schubert
test_kdf_hkdf_1byte_key(void)440*e0c4386eSCy Schubert static int test_kdf_hkdf_1byte_key(void)
441*e0c4386eSCy Schubert {
442*e0c4386eSCy Schubert int ret;
443*e0c4386eSCy Schubert EVP_KDF_CTX *kctx = NULL;
444*e0c4386eSCy Schubert unsigned char out[10];
445*e0c4386eSCy Schubert OSSL_PARAM *params;
446*e0c4386eSCy Schubert
447*e0c4386eSCy Schubert params = construct_hkdf_params("sha256", "1", 1, "salt", "label");
448*e0c4386eSCy Schubert
449*e0c4386eSCy Schubert ret = TEST_ptr(params)
450*e0c4386eSCy Schubert && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
451*e0c4386eSCy Schubert && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
452*e0c4386eSCy Schubert
453*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
454*e0c4386eSCy Schubert OPENSSL_free(params);
455*e0c4386eSCy Schubert return ret;
456*e0c4386eSCy Schubert }
457*e0c4386eSCy Schubert
test_kdf_hkdf_empty_salt(void)458*e0c4386eSCy Schubert static int test_kdf_hkdf_empty_salt(void)
459*e0c4386eSCy Schubert {
460*e0c4386eSCy Schubert int ret;
461*e0c4386eSCy Schubert EVP_KDF_CTX *kctx = NULL;
462*e0c4386eSCy Schubert unsigned char out[10];
463*e0c4386eSCy Schubert OSSL_PARAM *params;
464*e0c4386eSCy Schubert
465*e0c4386eSCy Schubert params = construct_hkdf_params("sha256", "secret", 6, "", "label");
466*e0c4386eSCy Schubert
467*e0c4386eSCy Schubert ret = TEST_ptr(params)
468*e0c4386eSCy Schubert && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
469*e0c4386eSCy Schubert && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
470*e0c4386eSCy Schubert
471*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
472*e0c4386eSCy Schubert OPENSSL_free(params);
473*e0c4386eSCy Schubert return ret;
474*e0c4386eSCy Schubert }
475*e0c4386eSCy Schubert
construct_pbkdf1_params(char * pass,char * digest,char * salt,unsigned int * iter)476*e0c4386eSCy Schubert static OSSL_PARAM *construct_pbkdf1_params(char *pass, char *digest, char *salt,
477*e0c4386eSCy Schubert unsigned int *iter)
478*e0c4386eSCy Schubert {
479*e0c4386eSCy Schubert OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 5);
480*e0c4386eSCy Schubert OSSL_PARAM *p = params;
481*e0c4386eSCy Schubert
482*e0c4386eSCy Schubert if (params == NULL)
483*e0c4386eSCy Schubert return NULL;
484*e0c4386eSCy Schubert
485*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
486*e0c4386eSCy Schubert (unsigned char *)pass, strlen(pass));
487*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
488*e0c4386eSCy Schubert (unsigned char *)salt, strlen(salt));
489*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_ITER, iter);
490*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
491*e0c4386eSCy Schubert digest, 0);
492*e0c4386eSCy Schubert *p = OSSL_PARAM_construct_end();
493*e0c4386eSCy Schubert
494*e0c4386eSCy Schubert return params;
495*e0c4386eSCy Schubert }
496*e0c4386eSCy Schubert
test_kdf_pbkdf1(void)497*e0c4386eSCy Schubert static int test_kdf_pbkdf1(void)
498*e0c4386eSCy Schubert {
499*e0c4386eSCy Schubert int ret = 0;
500*e0c4386eSCy Schubert EVP_KDF_CTX *kctx = NULL;
501*e0c4386eSCy Schubert unsigned char out[25];
502*e0c4386eSCy Schubert unsigned int iterations = 4096;
503*e0c4386eSCy Schubert OSSL_LIB_CTX *libctx = NULL;
504*e0c4386eSCy Schubert OSSL_PARAM *params = NULL;
505*e0c4386eSCy Schubert OSSL_PROVIDER *legacyprov = NULL;
506*e0c4386eSCy Schubert OSSL_PROVIDER *defprov = NULL;
507*e0c4386eSCy Schubert const unsigned char expected[sizeof(out)] = {
508*e0c4386eSCy Schubert 0xfb, 0x83, 0x4d, 0x36, 0x6d, 0xbc, 0x53, 0x87, 0x35, 0x1b, 0x34, 0x75,
509*e0c4386eSCy Schubert 0x95, 0x88, 0x32, 0x4f, 0x3e, 0x82, 0x81, 0x01, 0x21, 0x93, 0x64, 0x00,
510*e0c4386eSCy Schubert 0xcc
511*e0c4386eSCy Schubert };
512*e0c4386eSCy Schubert
513*e0c4386eSCy Schubert if (!TEST_ptr(libctx = OSSL_LIB_CTX_new()))
514*e0c4386eSCy Schubert goto err;
515*e0c4386eSCy Schubert
516*e0c4386eSCy Schubert /* PBKDF1 only available in the legacy provider */
517*e0c4386eSCy Schubert legacyprov = OSSL_PROVIDER_load(libctx, "legacy");
518*e0c4386eSCy Schubert if (legacyprov == NULL) {
519*e0c4386eSCy Schubert OSSL_LIB_CTX_free(libctx);
520*e0c4386eSCy Schubert return TEST_skip("PBKDF1 only available in legacy provider");
521*e0c4386eSCy Schubert }
522*e0c4386eSCy Schubert
523*e0c4386eSCy Schubert if (!TEST_ptr(defprov = OSSL_PROVIDER_load(libctx, "default")))
524*e0c4386eSCy Schubert goto err;
525*e0c4386eSCy Schubert
526*e0c4386eSCy Schubert params = construct_pbkdf1_params("passwordPASSWORDpassword", "sha256",
527*e0c4386eSCy Schubert "saltSALTsaltSALTsaltSALTsaltSALTsalt",
528*e0c4386eSCy Schubert &iterations);
529*e0c4386eSCy Schubert
530*e0c4386eSCy Schubert if (!TEST_ptr(params)
531*e0c4386eSCy Schubert || !TEST_ptr(kctx = get_kdfbyname_libctx(libctx, OSSL_KDF_NAME_PBKDF1))
532*e0c4386eSCy Schubert || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
533*e0c4386eSCy Schubert || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)
534*e0c4386eSCy Schubert || !TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)))
535*e0c4386eSCy Schubert goto err;
536*e0c4386eSCy Schubert
537*e0c4386eSCy Schubert ret = 1;
538*e0c4386eSCy Schubert err:
539*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
540*e0c4386eSCy Schubert OPENSSL_free(params);
541*e0c4386eSCy Schubert OSSL_PROVIDER_unload(defprov);
542*e0c4386eSCy Schubert OSSL_PROVIDER_unload(legacyprov);
543*e0c4386eSCy Schubert OSSL_LIB_CTX_free(libctx);
544*e0c4386eSCy Schubert return ret;
545*e0c4386eSCy Schubert }
546*e0c4386eSCy Schubert
test_kdf_pbkdf1_key_too_long(void)547*e0c4386eSCy Schubert static int test_kdf_pbkdf1_key_too_long(void)
548*e0c4386eSCy Schubert {
549*e0c4386eSCy Schubert int ret = 0;
550*e0c4386eSCy Schubert EVP_KDF_CTX *kctx = NULL;
551*e0c4386eSCy Schubert unsigned char out[EVP_MAX_MD_SIZE + 1];
552*e0c4386eSCy Schubert unsigned int iterations = 4096;
553*e0c4386eSCy Schubert OSSL_LIB_CTX *libctx = NULL;
554*e0c4386eSCy Schubert OSSL_PARAM *params = NULL;
555*e0c4386eSCy Schubert OSSL_PROVIDER *legacyprov = NULL;
556*e0c4386eSCy Schubert OSSL_PROVIDER *defprov = NULL;
557*e0c4386eSCy Schubert
558*e0c4386eSCy Schubert if (!TEST_ptr(libctx = OSSL_LIB_CTX_new()))
559*e0c4386eSCy Schubert goto err;
560*e0c4386eSCy Schubert
561*e0c4386eSCy Schubert /* PBKDF1 only available in the legacy provider */
562*e0c4386eSCy Schubert legacyprov = OSSL_PROVIDER_load(libctx, "legacy");
563*e0c4386eSCy Schubert if (legacyprov == NULL) {
564*e0c4386eSCy Schubert OSSL_LIB_CTX_free(libctx);
565*e0c4386eSCy Schubert return TEST_skip("PBKDF1 only available in legacy provider");
566*e0c4386eSCy Schubert }
567*e0c4386eSCy Schubert
568*e0c4386eSCy Schubert if (!TEST_ptr(defprov = OSSL_PROVIDER_load(libctx, "default")))
569*e0c4386eSCy Schubert goto err;
570*e0c4386eSCy Schubert
571*e0c4386eSCy Schubert params = construct_pbkdf1_params("passwordPASSWORDpassword", "sha256",
572*e0c4386eSCy Schubert "saltSALTsaltSALTsaltSALTsaltSALTsalt",
573*e0c4386eSCy Schubert &iterations);
574*e0c4386eSCy Schubert
575*e0c4386eSCy Schubert /*
576*e0c4386eSCy Schubert * This is the same test sequence as test_kdf_pbkdf1, but we expect
577*e0c4386eSCy Schubert * failure here as the requested key size is longer than the digest
578*e0c4386eSCy Schubert * can provide
579*e0c4386eSCy Schubert */
580*e0c4386eSCy Schubert if (!TEST_ptr(params)
581*e0c4386eSCy Schubert || !TEST_ptr(kctx = get_kdfbyname_libctx(libctx, OSSL_KDF_NAME_PBKDF1))
582*e0c4386eSCy Schubert || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
583*e0c4386eSCy Schubert || !TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0))
584*e0c4386eSCy Schubert goto err;
585*e0c4386eSCy Schubert
586*e0c4386eSCy Schubert ret = 1;
587*e0c4386eSCy Schubert err:
588*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
589*e0c4386eSCy Schubert OPENSSL_free(params);
590*e0c4386eSCy Schubert OSSL_PROVIDER_unload(defprov);
591*e0c4386eSCy Schubert OSSL_PROVIDER_unload(legacyprov);
592*e0c4386eSCy Schubert OSSL_LIB_CTX_free(libctx);
593*e0c4386eSCy Schubert return ret;
594*e0c4386eSCy Schubert }
595*e0c4386eSCy Schubert
construct_pbkdf2_params(char * pass,char * digest,char * salt,unsigned int * iter,int * mode)596*e0c4386eSCy Schubert static OSSL_PARAM *construct_pbkdf2_params(char *pass, char *digest, char *salt,
597*e0c4386eSCy Schubert unsigned int *iter, int *mode)
598*e0c4386eSCy Schubert {
599*e0c4386eSCy Schubert OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 6);
600*e0c4386eSCy Schubert OSSL_PARAM *p = params;
601*e0c4386eSCy Schubert
602*e0c4386eSCy Schubert if (params == NULL)
603*e0c4386eSCy Schubert return NULL;
604*e0c4386eSCy Schubert
605*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
606*e0c4386eSCy Schubert (unsigned char *)pass, strlen(pass));
607*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
608*e0c4386eSCy Schubert (unsigned char *)salt, strlen(salt));
609*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_ITER, iter);
610*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
611*e0c4386eSCy Schubert digest, 0);
612*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, mode);
613*e0c4386eSCy Schubert *p = OSSL_PARAM_construct_end();
614*e0c4386eSCy Schubert
615*e0c4386eSCy Schubert return params;
616*e0c4386eSCy Schubert }
617*e0c4386eSCy Schubert
test_kdf_pbkdf2(void)618*e0c4386eSCy Schubert static int test_kdf_pbkdf2(void)
619*e0c4386eSCy Schubert {
620*e0c4386eSCy Schubert int ret = 0;
621*e0c4386eSCy Schubert EVP_KDF_CTX *kctx = NULL;
622*e0c4386eSCy Schubert unsigned char out[25];
623*e0c4386eSCy Schubert unsigned int iterations = 4096;
624*e0c4386eSCy Schubert int mode = 0;
625*e0c4386eSCy Schubert OSSL_PARAM *params;
626*e0c4386eSCy Schubert const unsigned char expected[sizeof(out)] = {
627*e0c4386eSCy Schubert 0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f,
628*e0c4386eSCy Schubert 0x32, 0xd8, 0x14, 0xb8, 0x11, 0x6e, 0x84, 0xcf,
629*e0c4386eSCy Schubert 0x2b, 0x17, 0x34, 0x7e, 0xbc, 0x18, 0x00, 0x18,
630*e0c4386eSCy Schubert 0x1c
631*e0c4386eSCy Schubert };
632*e0c4386eSCy Schubert
633*e0c4386eSCy Schubert params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
634*e0c4386eSCy Schubert "saltSALTsaltSALTsaltSALTsaltSALTsalt",
635*e0c4386eSCy Schubert &iterations, &mode);
636*e0c4386eSCy Schubert
637*e0c4386eSCy Schubert if (!TEST_ptr(params)
638*e0c4386eSCy Schubert || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
639*e0c4386eSCy Schubert || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
640*e0c4386eSCy Schubert || !TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)))
641*e0c4386eSCy Schubert goto err;
642*e0c4386eSCy Schubert
643*e0c4386eSCy Schubert ret = 1;
644*e0c4386eSCy Schubert err:
645*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
646*e0c4386eSCy Schubert OPENSSL_free(params);
647*e0c4386eSCy Schubert return ret;
648*e0c4386eSCy Schubert }
649*e0c4386eSCy Schubert
test_kdf_pbkdf2_small_output(void)650*e0c4386eSCy Schubert static int test_kdf_pbkdf2_small_output(void)
651*e0c4386eSCy Schubert {
652*e0c4386eSCy Schubert int ret = 0;
653*e0c4386eSCy Schubert EVP_KDF_CTX *kctx = NULL;
654*e0c4386eSCy Schubert unsigned char out[25];
655*e0c4386eSCy Schubert unsigned int iterations = 4096;
656*e0c4386eSCy Schubert int mode = 0;
657*e0c4386eSCy Schubert OSSL_PARAM *params;
658*e0c4386eSCy Schubert
659*e0c4386eSCy Schubert params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
660*e0c4386eSCy Schubert "saltSALTsaltSALTsaltSALTsaltSALTsalt",
661*e0c4386eSCy Schubert &iterations, &mode);
662*e0c4386eSCy Schubert
663*e0c4386eSCy Schubert if (!TEST_ptr(params)
664*e0c4386eSCy Schubert || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
665*e0c4386eSCy Schubert || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
666*e0c4386eSCy Schubert /* A key length that is too small should fail */
667*e0c4386eSCy Schubert || !TEST_int_eq(EVP_KDF_derive(kctx, out, 112 / 8 - 1, NULL), 0))
668*e0c4386eSCy Schubert goto err;
669*e0c4386eSCy Schubert
670*e0c4386eSCy Schubert ret = 1;
671*e0c4386eSCy Schubert err:
672*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
673*e0c4386eSCy Schubert OPENSSL_free(params);
674*e0c4386eSCy Schubert return ret;
675*e0c4386eSCy Schubert }
676*e0c4386eSCy Schubert
test_kdf_pbkdf2_large_output(void)677*e0c4386eSCy Schubert static int test_kdf_pbkdf2_large_output(void)
678*e0c4386eSCy Schubert {
679*e0c4386eSCy Schubert int ret = 0;
680*e0c4386eSCy Schubert EVP_KDF_CTX *kctx = NULL;
681*e0c4386eSCy Schubert unsigned char out[25];
682*e0c4386eSCy Schubert size_t len = 0;
683*e0c4386eSCy Schubert unsigned int iterations = 4096;
684*e0c4386eSCy Schubert int mode = 0;
685*e0c4386eSCy Schubert OSSL_PARAM *params;
686*e0c4386eSCy Schubert
687*e0c4386eSCy Schubert if (sizeof(len) > 32)
688*e0c4386eSCy Schubert len = SIZE_MAX;
689*e0c4386eSCy Schubert
690*e0c4386eSCy Schubert params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
691*e0c4386eSCy Schubert "saltSALTsaltSALTsaltSALTsaltSALTsalt",
692*e0c4386eSCy Schubert &iterations, &mode);
693*e0c4386eSCy Schubert
694*e0c4386eSCy Schubert if (!TEST_ptr(params)
695*e0c4386eSCy Schubert || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
696*e0c4386eSCy Schubert /* A key length that is too large should fail */
697*e0c4386eSCy Schubert || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
698*e0c4386eSCy Schubert || (len != 0 && !TEST_int_eq(EVP_KDF_derive(kctx, out, len, NULL), 0)))
699*e0c4386eSCy Schubert goto err;
700*e0c4386eSCy Schubert
701*e0c4386eSCy Schubert ret = 1;
702*e0c4386eSCy Schubert err:
703*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
704*e0c4386eSCy Schubert OPENSSL_free(params);
705*e0c4386eSCy Schubert return ret;
706*e0c4386eSCy Schubert }
707*e0c4386eSCy Schubert
test_kdf_pbkdf2_small_salt(void)708*e0c4386eSCy Schubert static int test_kdf_pbkdf2_small_salt(void)
709*e0c4386eSCy Schubert {
710*e0c4386eSCy Schubert int ret = 0;
711*e0c4386eSCy Schubert EVP_KDF_CTX *kctx = NULL;
712*e0c4386eSCy Schubert unsigned int iterations = 4096;
713*e0c4386eSCy Schubert int mode = 0;
714*e0c4386eSCy Schubert OSSL_PARAM *params;
715*e0c4386eSCy Schubert
716*e0c4386eSCy Schubert params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
717*e0c4386eSCy Schubert "saltSALT",
718*e0c4386eSCy Schubert &iterations, &mode);
719*e0c4386eSCy Schubert
720*e0c4386eSCy Schubert if (!TEST_ptr(params)
721*e0c4386eSCy Schubert || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
722*e0c4386eSCy Schubert /* A salt that is too small should fail */
723*e0c4386eSCy Schubert || !TEST_false(EVP_KDF_CTX_set_params(kctx, params)))
724*e0c4386eSCy Schubert goto err;
725*e0c4386eSCy Schubert
726*e0c4386eSCy Schubert ret = 1;
727*e0c4386eSCy Schubert err:
728*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
729*e0c4386eSCy Schubert OPENSSL_free(params);
730*e0c4386eSCy Schubert return ret;
731*e0c4386eSCy Schubert }
732*e0c4386eSCy Schubert
test_kdf_pbkdf2_small_iterations(void)733*e0c4386eSCy Schubert static int test_kdf_pbkdf2_small_iterations(void)
734*e0c4386eSCy Schubert {
735*e0c4386eSCy Schubert int ret = 0;
736*e0c4386eSCy Schubert EVP_KDF_CTX *kctx = NULL;
737*e0c4386eSCy Schubert unsigned int iterations = 1;
738*e0c4386eSCy Schubert int mode = 0;
739*e0c4386eSCy Schubert OSSL_PARAM *params;
740*e0c4386eSCy Schubert
741*e0c4386eSCy Schubert params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
742*e0c4386eSCy Schubert "saltSALTsaltSALTsaltSALTsaltSALTsalt",
743*e0c4386eSCy Schubert &iterations, &mode);
744*e0c4386eSCy Schubert
745*e0c4386eSCy Schubert if (!TEST_ptr(params)
746*e0c4386eSCy Schubert || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
747*e0c4386eSCy Schubert /* An iteration count that is too small should fail */
748*e0c4386eSCy Schubert || !TEST_false(EVP_KDF_CTX_set_params(kctx, params)))
749*e0c4386eSCy Schubert goto err;
750*e0c4386eSCy Schubert
751*e0c4386eSCy Schubert ret = 1;
752*e0c4386eSCy Schubert err:
753*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
754*e0c4386eSCy Schubert OPENSSL_free(params);
755*e0c4386eSCy Schubert return ret;
756*e0c4386eSCy Schubert }
757*e0c4386eSCy Schubert
test_kdf_pbkdf2_small_salt_pkcs5(void)758*e0c4386eSCy Schubert static int test_kdf_pbkdf2_small_salt_pkcs5(void)
759*e0c4386eSCy Schubert {
760*e0c4386eSCy Schubert int ret = 0;
761*e0c4386eSCy Schubert EVP_KDF_CTX *kctx = NULL;
762*e0c4386eSCy Schubert unsigned char out[25];
763*e0c4386eSCy Schubert unsigned int iterations = 4096;
764*e0c4386eSCy Schubert int mode = 1;
765*e0c4386eSCy Schubert OSSL_PARAM *params;
766*e0c4386eSCy Schubert OSSL_PARAM mode_params[2];
767*e0c4386eSCy Schubert
768*e0c4386eSCy Schubert params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
769*e0c4386eSCy Schubert "saltSALT",
770*e0c4386eSCy Schubert &iterations, &mode);
771*e0c4386eSCy Schubert
772*e0c4386eSCy Schubert if (!TEST_ptr(params)
773*e0c4386eSCy Schubert || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
774*e0c4386eSCy Schubert /* A salt that is too small should pass in pkcs5 mode */
775*e0c4386eSCy Schubert || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
776*e0c4386eSCy Schubert || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0))
777*e0c4386eSCy Schubert goto err;
778*e0c4386eSCy Schubert
779*e0c4386eSCy Schubert mode = 0;
780*e0c4386eSCy Schubert mode_params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &mode);
781*e0c4386eSCy Schubert mode_params[1] = OSSL_PARAM_construct_end();
782*e0c4386eSCy Schubert
783*e0c4386eSCy Schubert /* If the "pkcs5" mode is disabled then the derive will now fail */
784*e0c4386eSCy Schubert if (!TEST_true(EVP_KDF_CTX_set_params(kctx, mode_params))
785*e0c4386eSCy Schubert || !TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0))
786*e0c4386eSCy Schubert goto err;
787*e0c4386eSCy Schubert
788*e0c4386eSCy Schubert ret = 1;
789*e0c4386eSCy Schubert err:
790*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
791*e0c4386eSCy Schubert OPENSSL_free(params);
792*e0c4386eSCy Schubert return ret;
793*e0c4386eSCy Schubert }
794*e0c4386eSCy Schubert
test_kdf_pbkdf2_small_iterations_pkcs5(void)795*e0c4386eSCy Schubert static int test_kdf_pbkdf2_small_iterations_pkcs5(void)
796*e0c4386eSCy Schubert {
797*e0c4386eSCy Schubert int ret = 0;
798*e0c4386eSCy Schubert EVP_KDF_CTX *kctx = NULL;
799*e0c4386eSCy Schubert unsigned char out[25];
800*e0c4386eSCy Schubert unsigned int iterations = 1;
801*e0c4386eSCy Schubert int mode = 1;
802*e0c4386eSCy Schubert OSSL_PARAM *params;
803*e0c4386eSCy Schubert OSSL_PARAM mode_params[2];
804*e0c4386eSCy Schubert
805*e0c4386eSCy Schubert params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
806*e0c4386eSCy Schubert "saltSALTsaltSALTsaltSALTsaltSALTsalt",
807*e0c4386eSCy Schubert &iterations, &mode);
808*e0c4386eSCy Schubert
809*e0c4386eSCy Schubert if (!TEST_ptr(params)
810*e0c4386eSCy Schubert || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
811*e0c4386eSCy Schubert /* An iteration count that is too small will pass in pkcs5 mode */
812*e0c4386eSCy Schubert || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
813*e0c4386eSCy Schubert || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0))
814*e0c4386eSCy Schubert goto err;
815*e0c4386eSCy Schubert
816*e0c4386eSCy Schubert mode = 0;
817*e0c4386eSCy Schubert mode_params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &mode);
818*e0c4386eSCy Schubert mode_params[1] = OSSL_PARAM_construct_end();
819*e0c4386eSCy Schubert
820*e0c4386eSCy Schubert /* If the "pkcs5" mode is disabled then the derive will now fail */
821*e0c4386eSCy Schubert if (!TEST_true(EVP_KDF_CTX_set_params(kctx, mode_params))
822*e0c4386eSCy Schubert || !TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0))
823*e0c4386eSCy Schubert goto err;
824*e0c4386eSCy Schubert
825*e0c4386eSCy Schubert ret = 1;
826*e0c4386eSCy Schubert err:
827*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
828*e0c4386eSCy Schubert OPENSSL_free(params);
829*e0c4386eSCy Schubert return ret;
830*e0c4386eSCy Schubert }
831*e0c4386eSCy Schubert
test_kdf_pbkdf2_invalid_digest(void)832*e0c4386eSCy Schubert static int test_kdf_pbkdf2_invalid_digest(void)
833*e0c4386eSCy Schubert {
834*e0c4386eSCy Schubert int ret = 0;
835*e0c4386eSCy Schubert EVP_KDF_CTX *kctx = NULL;
836*e0c4386eSCy Schubert unsigned int iterations = 4096;
837*e0c4386eSCy Schubert int mode = 0;
838*e0c4386eSCy Schubert OSSL_PARAM *params;
839*e0c4386eSCy Schubert
840*e0c4386eSCy Schubert params = construct_pbkdf2_params("passwordPASSWORDpassword", "blah",
841*e0c4386eSCy Schubert "saltSALTsaltSALTsaltSALTsaltSALTsalt",
842*e0c4386eSCy Schubert &iterations, &mode);
843*e0c4386eSCy Schubert
844*e0c4386eSCy Schubert if (!TEST_ptr(params)
845*e0c4386eSCy Schubert || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
846*e0c4386eSCy Schubert /* Unknown digest should fail */
847*e0c4386eSCy Schubert || !TEST_false(EVP_KDF_CTX_set_params(kctx, params)))
848*e0c4386eSCy Schubert goto err;
849*e0c4386eSCy Schubert
850*e0c4386eSCy Schubert ret = 1;
851*e0c4386eSCy Schubert err:
852*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
853*e0c4386eSCy Schubert OPENSSL_free(params);
854*e0c4386eSCy Schubert return ret;
855*e0c4386eSCy Schubert }
856*e0c4386eSCy Schubert
857*e0c4386eSCy Schubert #ifndef OPENSSL_NO_SCRYPT
test_kdf_scrypt(void)858*e0c4386eSCy Schubert static int test_kdf_scrypt(void)
859*e0c4386eSCy Schubert {
860*e0c4386eSCy Schubert int ret;
861*e0c4386eSCy Schubert EVP_KDF_CTX *kctx;
862*e0c4386eSCy Schubert OSSL_PARAM params[7], *p = params;
863*e0c4386eSCy Schubert unsigned char out[64];
864*e0c4386eSCy Schubert unsigned int nu = 1024, ru = 8, pu = 16, maxmem = 16;
865*e0c4386eSCy Schubert static const unsigned char expected[sizeof(out)] = {
866*e0c4386eSCy Schubert 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
867*e0c4386eSCy Schubert 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
868*e0c4386eSCy Schubert 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
869*e0c4386eSCy Schubert 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
870*e0c4386eSCy Schubert 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
871*e0c4386eSCy Schubert 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
872*e0c4386eSCy Schubert 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
873*e0c4386eSCy Schubert 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
874*e0c4386eSCy Schubert };
875*e0c4386eSCy Schubert
876*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
877*e0c4386eSCy Schubert (char *)"password", 8);
878*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
879*e0c4386eSCy Schubert (char *)"NaCl", 4);
880*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_N, &nu);
881*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_R, &ru);
882*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_P, &pu);
883*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_MAXMEM, &maxmem);
884*e0c4386eSCy Schubert *p = OSSL_PARAM_construct_end();
885*e0c4386eSCy Schubert
886*e0c4386eSCy Schubert ret =
887*e0c4386eSCy Schubert TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SCRYPT))
888*e0c4386eSCy Schubert && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
889*e0c4386eSCy Schubert /* failure test *//*
890*e0c4386eSCy Schubert && TEST_int_le(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)*/
891*e0c4386eSCy Schubert && TEST_true(OSSL_PARAM_set_uint(p - 1, 10 * 1024 * 1024))
892*e0c4386eSCy Schubert && TEST_true(EVP_KDF_CTX_set_params(kctx, p - 1))
893*e0c4386eSCy Schubert && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)
894*e0c4386eSCy Schubert && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
895*e0c4386eSCy Schubert
896*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
897*e0c4386eSCy Schubert return ret;
898*e0c4386eSCy Schubert }
899*e0c4386eSCy Schubert #endif /* OPENSSL_NO_SCRYPT */
900*e0c4386eSCy Schubert
test_kdf_ss_hash(void)901*e0c4386eSCy Schubert static int test_kdf_ss_hash(void)
902*e0c4386eSCy Schubert {
903*e0c4386eSCy Schubert int ret;
904*e0c4386eSCy Schubert EVP_KDF_CTX *kctx;
905*e0c4386eSCy Schubert OSSL_PARAM params[4], *p = params;
906*e0c4386eSCy Schubert unsigned char out[14];
907*e0c4386eSCy Schubert static unsigned char z[] = {
908*e0c4386eSCy Schubert 0x6d,0xbd,0xc2,0x3f,0x04,0x54,0x88,0xe4,0x06,0x27,0x57,0xb0,0x6b,0x9e,
909*e0c4386eSCy Schubert 0xba,0xe1,0x83,0xfc,0x5a,0x59,0x46,0xd8,0x0d,0xb9,0x3f,0xec,0x6f,0x62,
910*e0c4386eSCy Schubert 0xec,0x07,0xe3,0x72,0x7f,0x01,0x26,0xae,0xd1,0x2c,0xe4,0xb2,0x62,0xf4,
911*e0c4386eSCy Schubert 0x7d,0x48,0xd5,0x42,0x87,0xf8,0x1d,0x47,0x4c,0x7c,0x3b,0x18,0x50,0xe9
912*e0c4386eSCy Schubert };
913*e0c4386eSCy Schubert static unsigned char other[] = {
914*e0c4386eSCy Schubert 0xa1,0xb2,0xc3,0xd4,0xe5,0x43,0x41,0x56,0x53,0x69,0x64,0x3c,0x83,0x2e,
915*e0c4386eSCy Schubert 0x98,0x49,0xdc,0xdb,0xa7,0x1e,0x9a,0x31,0x39,0xe6,0x06,0xe0,0x95,0xde,
916*e0c4386eSCy Schubert 0x3c,0x26,0x4a,0x66,0xe9,0x8a,0x16,0x58,0x54,0xcd,0x07,0x98,0x9b,0x1e,
917*e0c4386eSCy Schubert 0xe0,0xec,0x3f,0x8d,0xbe
918*e0c4386eSCy Schubert };
919*e0c4386eSCy Schubert static const unsigned char expected[sizeof(out)] = {
920*e0c4386eSCy Schubert 0xa4,0x62,0xde,0x16,0xa8,0x9d,0xe8,0x46,0x6e,0xf5,0x46,0x0b,0x47,0xb8
921*e0c4386eSCy Schubert };
922*e0c4386eSCy Schubert
923*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
924*e0c4386eSCy Schubert (char *)"sha224", 0);
925*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
926*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
927*e0c4386eSCy Schubert sizeof(other));
928*e0c4386eSCy Schubert *p = OSSL_PARAM_construct_end();
929*e0c4386eSCy Schubert
930*e0c4386eSCy Schubert ret =
931*e0c4386eSCy Schubert TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
932*e0c4386eSCy Schubert && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
933*e0c4386eSCy Schubert && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
934*e0c4386eSCy Schubert
935*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
936*e0c4386eSCy Schubert return ret;
937*e0c4386eSCy Schubert }
938*e0c4386eSCy Schubert
test_kdf_x963(void)939*e0c4386eSCy Schubert static int test_kdf_x963(void)
940*e0c4386eSCy Schubert {
941*e0c4386eSCy Schubert int ret;
942*e0c4386eSCy Schubert EVP_KDF_CTX *kctx;
943*e0c4386eSCy Schubert OSSL_PARAM params[4], *p = params;
944*e0c4386eSCy Schubert unsigned char out[1024 / 8];
945*e0c4386eSCy Schubert /*
946*e0c4386eSCy Schubert * Test data from https://csrc.nist.gov/CSRC/media/Projects/
947*e0c4386eSCy Schubert * Cryptographic-Algorithm-Validation-Program/documents/components/
948*e0c4386eSCy Schubert * 800-135testvectors/ansx963_2001.zip
949*e0c4386eSCy Schubert */
950*e0c4386eSCy Schubert static unsigned char z[] = {
951*e0c4386eSCy Schubert 0x00, 0xaa, 0x5b, 0xb7, 0x9b, 0x33, 0xe3, 0x89, 0xfa, 0x58, 0xce, 0xad,
952*e0c4386eSCy Schubert 0xc0, 0x47, 0x19, 0x7f, 0x14, 0xe7, 0x37, 0x12, 0xf4, 0x52, 0xca, 0xa9,
953*e0c4386eSCy Schubert 0xfc, 0x4c, 0x9a, 0xdb, 0x36, 0x93, 0x48, 0xb8, 0x15, 0x07, 0x39, 0x2f,
954*e0c4386eSCy Schubert 0x1a, 0x86, 0xdd, 0xfd, 0xb7, 0xc4, 0xff, 0x82, 0x31, 0xc4, 0xbd, 0x0f,
955*e0c4386eSCy Schubert 0x44, 0xe4, 0x4a, 0x1b, 0x55, 0xb1, 0x40, 0x47, 0x47, 0xa9, 0xe2, 0xe7,
956*e0c4386eSCy Schubert 0x53, 0xf5, 0x5e, 0xf0, 0x5a, 0x2d
957*e0c4386eSCy Schubert };
958*e0c4386eSCy Schubert static unsigned char shared[] = {
959*e0c4386eSCy Schubert 0xe3, 0xb5, 0xb4, 0xc1, 0xb0, 0xd5, 0xcf, 0x1d, 0x2b, 0x3a, 0x2f, 0x99,
960*e0c4386eSCy Schubert 0x37, 0x89, 0x5d, 0x31
961*e0c4386eSCy Schubert };
962*e0c4386eSCy Schubert static const unsigned char expected[sizeof(out)] = {
963*e0c4386eSCy Schubert 0x44, 0x63, 0xf8, 0x69, 0xf3, 0xcc, 0x18, 0x76, 0x9b, 0x52, 0x26, 0x4b,
964*e0c4386eSCy Schubert 0x01, 0x12, 0xb5, 0x85, 0x8f, 0x7a, 0xd3, 0x2a, 0x5a, 0x2d, 0x96, 0xd8,
965*e0c4386eSCy Schubert 0xcf, 0xfa, 0xbf, 0x7f, 0xa7, 0x33, 0x63, 0x3d, 0x6e, 0x4d, 0xd2, 0xa5,
966*e0c4386eSCy Schubert 0x99, 0xac, 0xce, 0xb3, 0xea, 0x54, 0xa6, 0x21, 0x7c, 0xe0, 0xb5, 0x0e,
967*e0c4386eSCy Schubert 0xef, 0x4f, 0x6b, 0x40, 0xa5, 0xc3, 0x02, 0x50, 0xa5, 0xa8, 0xee, 0xee,
968*e0c4386eSCy Schubert 0x20, 0x80, 0x02, 0x26, 0x70, 0x89, 0xdb, 0xf3, 0x51, 0xf3, 0xf5, 0x02,
969*e0c4386eSCy Schubert 0x2a, 0xa9, 0x63, 0x8b, 0xf1, 0xee, 0x41, 0x9d, 0xea, 0x9c, 0x4f, 0xf7,
970*e0c4386eSCy Schubert 0x45, 0xa2, 0x5a, 0xc2, 0x7b, 0xda, 0x33, 0xca, 0x08, 0xbd, 0x56, 0xdd,
971*e0c4386eSCy Schubert 0x1a, 0x59, 0xb4, 0x10, 0x6c, 0xf2, 0xdb, 0xbc, 0x0a, 0xb2, 0xaa, 0x8e,
972*e0c4386eSCy Schubert 0x2e, 0xfa, 0x7b, 0x17, 0x90, 0x2d, 0x34, 0x27, 0x69, 0x51, 0xce, 0xcc,
973*e0c4386eSCy Schubert 0xab, 0x87, 0xf9, 0x66, 0x1c, 0x3e, 0x88, 0x16
974*e0c4386eSCy Schubert };
975*e0c4386eSCy Schubert
976*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
977*e0c4386eSCy Schubert (char *)"sha512", 0);
978*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
979*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, shared,
980*e0c4386eSCy Schubert sizeof(shared));
981*e0c4386eSCy Schubert *p = OSSL_PARAM_construct_end();
982*e0c4386eSCy Schubert
983*e0c4386eSCy Schubert ret =
984*e0c4386eSCy Schubert TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X963KDF))
985*e0c4386eSCy Schubert && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
986*e0c4386eSCy Schubert && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
987*e0c4386eSCy Schubert
988*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
989*e0c4386eSCy Schubert return ret;
990*e0c4386eSCy Schubert }
991*e0c4386eSCy Schubert
992*e0c4386eSCy Schubert #if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_CAMELLIA)
993*e0c4386eSCy Schubert /*
994*e0c4386eSCy Schubert * KBKDF test vectors from RFC 6803 (Camellia Encryption for Kerberos 5)
995*e0c4386eSCy Schubert * section 10.
996*e0c4386eSCy Schubert */
test_kdf_kbkdf_6803_128(void)997*e0c4386eSCy Schubert static int test_kdf_kbkdf_6803_128(void)
998*e0c4386eSCy Schubert {
999*e0c4386eSCy Schubert int ret = 0, i, p;
1000*e0c4386eSCy Schubert EVP_KDF_CTX *kctx;
1001*e0c4386eSCy Schubert OSSL_PARAM params[7];
1002*e0c4386eSCy Schubert static unsigned char input_key[] = {
1003*e0c4386eSCy Schubert 0x57, 0xD0, 0x29, 0x72, 0x98, 0xFF, 0xD9, 0xD3,
1004*e0c4386eSCy Schubert 0x5D, 0xE5, 0xA4, 0x7F, 0xB4, 0xBD, 0xE2, 0x4B,
1005*e0c4386eSCy Schubert };
1006*e0c4386eSCy Schubert static unsigned char constants[][5] = {
1007*e0c4386eSCy Schubert { 0x00, 0x00, 0x00, 0x02, 0x99 },
1008*e0c4386eSCy Schubert { 0x00, 0x00, 0x00, 0x02, 0xaa },
1009*e0c4386eSCy Schubert { 0x00, 0x00, 0x00, 0x02, 0x55 },
1010*e0c4386eSCy Schubert };
1011*e0c4386eSCy Schubert static unsigned char outputs[][16] = {
1012*e0c4386eSCy Schubert {0xD1, 0x55, 0x77, 0x5A, 0x20, 0x9D, 0x05, 0xF0,
1013*e0c4386eSCy Schubert 0x2B, 0x38, 0xD4, 0x2A, 0x38, 0x9E, 0x5A, 0x56},
1014*e0c4386eSCy Schubert {0x64, 0xDF, 0x83, 0xF8, 0x5A, 0x53, 0x2F, 0x17,
1015*e0c4386eSCy Schubert 0x57, 0x7D, 0x8C, 0x37, 0x03, 0x57, 0x96, 0xAB},
1016*e0c4386eSCy Schubert {0x3E, 0x4F, 0xBD, 0xF3, 0x0F, 0xB8, 0x25, 0x9C,
1017*e0c4386eSCy Schubert 0x42, 0x5C, 0xB6, 0xC9, 0x6F, 0x1F, 0x46, 0x35}
1018*e0c4386eSCy Schubert };
1019*e0c4386eSCy Schubert static unsigned char iv[16] = { 0 };
1020*e0c4386eSCy Schubert unsigned char result[16] = { 0 };
1021*e0c4386eSCy Schubert
1022*e0c4386eSCy Schubert for (i = 0; i < 3; i++) {
1023*e0c4386eSCy Schubert p = 0;
1024*e0c4386eSCy Schubert params[p++] = OSSL_PARAM_construct_utf8_string(
1025*e0c4386eSCy Schubert OSSL_KDF_PARAM_CIPHER, "CAMELLIA-128-CBC", 0);
1026*e0c4386eSCy Schubert params[p++] = OSSL_PARAM_construct_utf8_string(
1027*e0c4386eSCy Schubert OSSL_KDF_PARAM_MAC, "CMAC", 0);
1028*e0c4386eSCy Schubert params[p++] = OSSL_PARAM_construct_utf8_string(
1029*e0c4386eSCy Schubert OSSL_KDF_PARAM_MODE, "FEEDBACK", 0);
1030*e0c4386eSCy Schubert params[p++] = OSSL_PARAM_construct_octet_string(
1031*e0c4386eSCy Schubert OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
1032*e0c4386eSCy Schubert params[p++] = OSSL_PARAM_construct_octet_string(
1033*e0c4386eSCy Schubert OSSL_KDF_PARAM_SALT, constants[i], sizeof(constants[i]));
1034*e0c4386eSCy Schubert params[p++] = OSSL_PARAM_construct_octet_string(
1035*e0c4386eSCy Schubert OSSL_KDF_PARAM_SEED, iv, sizeof(iv));
1036*e0c4386eSCy Schubert params[p] = OSSL_PARAM_construct_end();
1037*e0c4386eSCy Schubert
1038*e0c4386eSCy Schubert kctx = get_kdfbyname("KBKDF");
1039*e0c4386eSCy Schubert ret = TEST_ptr(kctx)
1040*e0c4386eSCy Schubert && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result),
1041*e0c4386eSCy Schubert params), 0)
1042*e0c4386eSCy Schubert && TEST_mem_eq(result, sizeof(result), outputs[i],
1043*e0c4386eSCy Schubert sizeof(outputs[i]));
1044*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
1045*e0c4386eSCy Schubert if (ret != 1)
1046*e0c4386eSCy Schubert return ret;
1047*e0c4386eSCy Schubert }
1048*e0c4386eSCy Schubert
1049*e0c4386eSCy Schubert return ret;
1050*e0c4386eSCy Schubert }
1051*e0c4386eSCy Schubert
test_kdf_kbkdf_6803_256(void)1052*e0c4386eSCy Schubert static int test_kdf_kbkdf_6803_256(void)
1053*e0c4386eSCy Schubert {
1054*e0c4386eSCy Schubert int ret = 0, i, p;
1055*e0c4386eSCy Schubert EVP_KDF_CTX *kctx;
1056*e0c4386eSCy Schubert OSSL_PARAM params[7];
1057*e0c4386eSCy Schubert static unsigned char input_key[] = {
1058*e0c4386eSCy Schubert 0xB9, 0xD6, 0x82, 0x8B, 0x20, 0x56, 0xB7, 0xBE,
1059*e0c4386eSCy Schubert 0x65, 0x6D, 0x88, 0xA1, 0x23, 0xB1, 0xFA, 0xC6,
1060*e0c4386eSCy Schubert 0x82, 0x14, 0xAC, 0x2B, 0x72, 0x7E, 0xCF, 0x5F,
1061*e0c4386eSCy Schubert 0x69, 0xAF, 0xE0, 0xC4, 0xDF, 0x2A, 0x6D, 0x2C,
1062*e0c4386eSCy Schubert };
1063*e0c4386eSCy Schubert static unsigned char constants[][5] = {
1064*e0c4386eSCy Schubert { 0x00, 0x00, 0x00, 0x02, 0x99 },
1065*e0c4386eSCy Schubert { 0x00, 0x00, 0x00, 0x02, 0xaa },
1066*e0c4386eSCy Schubert { 0x00, 0x00, 0x00, 0x02, 0x55 },
1067*e0c4386eSCy Schubert };
1068*e0c4386eSCy Schubert static unsigned char outputs[][32] = {
1069*e0c4386eSCy Schubert {0xE4, 0x67, 0xF9, 0xA9, 0x55, 0x2B, 0xC7, 0xD3,
1070*e0c4386eSCy Schubert 0x15, 0x5A, 0x62, 0x20, 0xAF, 0x9C, 0x19, 0x22,
1071*e0c4386eSCy Schubert 0x0E, 0xEE, 0xD4, 0xFF, 0x78, 0xB0, 0xD1, 0xE6,
1072*e0c4386eSCy Schubert 0xA1, 0x54, 0x49, 0x91, 0x46, 0x1A, 0x9E, 0x50,
1073*e0c4386eSCy Schubert },
1074*e0c4386eSCy Schubert {0x41, 0x2A, 0xEF, 0xC3, 0x62, 0xA7, 0x28, 0x5F,
1075*e0c4386eSCy Schubert 0xC3, 0x96, 0x6C, 0x6A, 0x51, 0x81, 0xE7, 0x60,
1076*e0c4386eSCy Schubert 0x5A, 0xE6, 0x75, 0x23, 0x5B, 0x6D, 0x54, 0x9F,
1077*e0c4386eSCy Schubert 0xBF, 0xC9, 0xAB, 0x66, 0x30, 0xA4, 0xC6, 0x04,
1078*e0c4386eSCy Schubert },
1079*e0c4386eSCy Schubert {0xFA, 0x62, 0x4F, 0xA0, 0xE5, 0x23, 0x99, 0x3F,
1080*e0c4386eSCy Schubert 0xA3, 0x88, 0xAE, 0xFD, 0xC6, 0x7E, 0x67, 0xEB,
1081*e0c4386eSCy Schubert 0xCD, 0x8C, 0x08, 0xE8, 0xA0, 0x24, 0x6B, 0x1D,
1082*e0c4386eSCy Schubert 0x73, 0xB0, 0xD1, 0xDD, 0x9F, 0xC5, 0x82, 0xB0,
1083*e0c4386eSCy Schubert },
1084*e0c4386eSCy Schubert };
1085*e0c4386eSCy Schubert static unsigned char iv[16] = { 0 };
1086*e0c4386eSCy Schubert unsigned char result[32] = { 0 };
1087*e0c4386eSCy Schubert
1088*e0c4386eSCy Schubert for (i = 0; i < 3; i++) {
1089*e0c4386eSCy Schubert p = 0;
1090*e0c4386eSCy Schubert params[p++] = OSSL_PARAM_construct_utf8_string(
1091*e0c4386eSCy Schubert OSSL_KDF_PARAM_CIPHER, "CAMELLIA-256-CBC", 0);
1092*e0c4386eSCy Schubert params[p++] = OSSL_PARAM_construct_utf8_string(
1093*e0c4386eSCy Schubert OSSL_KDF_PARAM_MAC, "CMAC", 0);
1094*e0c4386eSCy Schubert params[p++] = OSSL_PARAM_construct_utf8_string(
1095*e0c4386eSCy Schubert OSSL_KDF_PARAM_MODE, "FEEDBACK", 0);
1096*e0c4386eSCy Schubert params[p++] = OSSL_PARAM_construct_octet_string(
1097*e0c4386eSCy Schubert OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
1098*e0c4386eSCy Schubert params[p++] = OSSL_PARAM_construct_octet_string(
1099*e0c4386eSCy Schubert OSSL_KDF_PARAM_SALT, constants[i], sizeof(constants[i]));
1100*e0c4386eSCy Schubert params[p++] = OSSL_PARAM_construct_octet_string(
1101*e0c4386eSCy Schubert OSSL_KDF_PARAM_SEED, iv, sizeof(iv));
1102*e0c4386eSCy Schubert params[p] = OSSL_PARAM_construct_end();
1103*e0c4386eSCy Schubert
1104*e0c4386eSCy Schubert kctx = get_kdfbyname("KBKDF");
1105*e0c4386eSCy Schubert ret = TEST_ptr(kctx)
1106*e0c4386eSCy Schubert && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result),
1107*e0c4386eSCy Schubert params), 0)
1108*e0c4386eSCy Schubert && TEST_mem_eq(result, sizeof(result), outputs[i],
1109*e0c4386eSCy Schubert sizeof(outputs[i]));
1110*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
1111*e0c4386eSCy Schubert if (ret != 1)
1112*e0c4386eSCy Schubert return ret;
1113*e0c4386eSCy Schubert }
1114*e0c4386eSCy Schubert
1115*e0c4386eSCy Schubert return ret;
1116*e0c4386eSCy Schubert }
1117*e0c4386eSCy Schubert #endif
1118*e0c4386eSCy Schubert
construct_kbkdf_params(char * digest,char * mac,unsigned char * key,size_t keylen,char * salt,char * info)1119*e0c4386eSCy Schubert static OSSL_PARAM *construct_kbkdf_params(char *digest, char *mac, unsigned char *key,
1120*e0c4386eSCy Schubert size_t keylen, char *salt, char *info)
1121*e0c4386eSCy Schubert {
1122*e0c4386eSCy Schubert OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 7);
1123*e0c4386eSCy Schubert OSSL_PARAM *p = params;
1124*e0c4386eSCy Schubert
1125*e0c4386eSCy Schubert if (params == NULL)
1126*e0c4386eSCy Schubert return NULL;
1127*e0c4386eSCy Schubert
1128*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_utf8_string(
1129*e0c4386eSCy Schubert OSSL_KDF_PARAM_DIGEST, digest, 0);
1130*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_utf8_string(
1131*e0c4386eSCy Schubert OSSL_KDF_PARAM_MAC, mac, 0);
1132*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_utf8_string(
1133*e0c4386eSCy Schubert OSSL_KDF_PARAM_MODE, "COUNTER", 0);
1134*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_octet_string(
1135*e0c4386eSCy Schubert OSSL_KDF_PARAM_KEY, key, keylen);
1136*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_octet_string(
1137*e0c4386eSCy Schubert OSSL_KDF_PARAM_SALT, salt, strlen(salt));
1138*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_octet_string(
1139*e0c4386eSCy Schubert OSSL_KDF_PARAM_INFO, info, strlen(info));
1140*e0c4386eSCy Schubert *p = OSSL_PARAM_construct_end();
1141*e0c4386eSCy Schubert
1142*e0c4386eSCy Schubert return params;
1143*e0c4386eSCy Schubert }
1144*e0c4386eSCy Schubert
test_kdf_kbkdf_invalid_digest(void)1145*e0c4386eSCy Schubert static int test_kdf_kbkdf_invalid_digest(void)
1146*e0c4386eSCy Schubert {
1147*e0c4386eSCy Schubert int ret;
1148*e0c4386eSCy Schubert EVP_KDF_CTX *kctx;
1149*e0c4386eSCy Schubert OSSL_PARAM *params;
1150*e0c4386eSCy Schubert
1151*e0c4386eSCy Schubert static unsigned char key[] = {0x01};
1152*e0c4386eSCy Schubert
1153*e0c4386eSCy Schubert params = construct_kbkdf_params("blah", "HMAC", key, 1, "prf", "test");
1154*e0c4386eSCy Schubert if (!TEST_ptr(params))
1155*e0c4386eSCy Schubert return 0;
1156*e0c4386eSCy Schubert
1157*e0c4386eSCy Schubert /* Negative test case - set_params should fail */
1158*e0c4386eSCy Schubert kctx = get_kdfbyname("KBKDF");
1159*e0c4386eSCy Schubert ret = TEST_ptr(kctx)
1160*e0c4386eSCy Schubert && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
1161*e0c4386eSCy Schubert
1162*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
1163*e0c4386eSCy Schubert OPENSSL_free(params);
1164*e0c4386eSCy Schubert return ret;
1165*e0c4386eSCy Schubert }
1166*e0c4386eSCy Schubert
test_kdf_kbkdf_invalid_mac(void)1167*e0c4386eSCy Schubert static int test_kdf_kbkdf_invalid_mac(void)
1168*e0c4386eSCy Schubert {
1169*e0c4386eSCy Schubert int ret;
1170*e0c4386eSCy Schubert EVP_KDF_CTX *kctx;
1171*e0c4386eSCy Schubert OSSL_PARAM *params;
1172*e0c4386eSCy Schubert
1173*e0c4386eSCy Schubert static unsigned char key[] = {0x01};
1174*e0c4386eSCy Schubert
1175*e0c4386eSCy Schubert params = construct_kbkdf_params("sha256", "blah", key, 1, "prf", "test");
1176*e0c4386eSCy Schubert if (!TEST_ptr(params))
1177*e0c4386eSCy Schubert return 0;
1178*e0c4386eSCy Schubert
1179*e0c4386eSCy Schubert /* Negative test case - set_params should fail */
1180*e0c4386eSCy Schubert kctx = get_kdfbyname("KBKDF");
1181*e0c4386eSCy Schubert ret = TEST_ptr(kctx)
1182*e0c4386eSCy Schubert && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
1183*e0c4386eSCy Schubert
1184*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
1185*e0c4386eSCy Schubert OPENSSL_free(params);
1186*e0c4386eSCy Schubert return ret;
1187*e0c4386eSCy Schubert }
1188*e0c4386eSCy Schubert
test_kdf_kbkdf_empty_key(void)1189*e0c4386eSCy Schubert static int test_kdf_kbkdf_empty_key(void)
1190*e0c4386eSCy Schubert {
1191*e0c4386eSCy Schubert int ret;
1192*e0c4386eSCy Schubert EVP_KDF_CTX *kctx;
1193*e0c4386eSCy Schubert OSSL_PARAM *params;
1194*e0c4386eSCy Schubert
1195*e0c4386eSCy Schubert static unsigned char key[] = {0x01};
1196*e0c4386eSCy Schubert unsigned char result[32] = { 0 };
1197*e0c4386eSCy Schubert
1198*e0c4386eSCy Schubert params = construct_kbkdf_params("sha256", "HMAC", key, 0, "prf", "test");
1199*e0c4386eSCy Schubert if (!TEST_ptr(params))
1200*e0c4386eSCy Schubert return 0;
1201*e0c4386eSCy Schubert
1202*e0c4386eSCy Schubert /* Negative test case - derive should fail */
1203*e0c4386eSCy Schubert kctx = get_kdfbyname("KBKDF");
1204*e0c4386eSCy Schubert ret = TEST_ptr(kctx)
1205*e0c4386eSCy Schubert && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
1206*e0c4386eSCy Schubert && TEST_int_eq(EVP_KDF_derive(kctx, result, sizeof(result), NULL), 0);
1207*e0c4386eSCy Schubert
1208*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
1209*e0c4386eSCy Schubert OPENSSL_free(params);
1210*e0c4386eSCy Schubert return ret;
1211*e0c4386eSCy Schubert }
1212*e0c4386eSCy Schubert
test_kdf_kbkdf_1byte_key(void)1213*e0c4386eSCy Schubert static int test_kdf_kbkdf_1byte_key(void)
1214*e0c4386eSCy Schubert {
1215*e0c4386eSCy Schubert int ret;
1216*e0c4386eSCy Schubert EVP_KDF_CTX *kctx;
1217*e0c4386eSCy Schubert OSSL_PARAM *params;
1218*e0c4386eSCy Schubert
1219*e0c4386eSCy Schubert static unsigned char key[] = {0x01};
1220*e0c4386eSCy Schubert unsigned char result[32] = { 0 };
1221*e0c4386eSCy Schubert
1222*e0c4386eSCy Schubert params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test");
1223*e0c4386eSCy Schubert if (!TEST_ptr(params))
1224*e0c4386eSCy Schubert return 0;
1225*e0c4386eSCy Schubert
1226*e0c4386eSCy Schubert kctx = get_kdfbyname("KBKDF");
1227*e0c4386eSCy Schubert ret = TEST_ptr(kctx)
1228*e0c4386eSCy Schubert && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), params), 0);
1229*e0c4386eSCy Schubert
1230*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
1231*e0c4386eSCy Schubert OPENSSL_free(params);
1232*e0c4386eSCy Schubert return ret;
1233*e0c4386eSCy Schubert }
1234*e0c4386eSCy Schubert
test_kdf_kbkdf_zero_output_size(void)1235*e0c4386eSCy Schubert static int test_kdf_kbkdf_zero_output_size(void)
1236*e0c4386eSCy Schubert {
1237*e0c4386eSCy Schubert int ret;
1238*e0c4386eSCy Schubert EVP_KDF_CTX *kctx;
1239*e0c4386eSCy Schubert OSSL_PARAM *params;
1240*e0c4386eSCy Schubert
1241*e0c4386eSCy Schubert static unsigned char key[] = {0x01};
1242*e0c4386eSCy Schubert unsigned char result[32] = { 0 };
1243*e0c4386eSCy Schubert
1244*e0c4386eSCy Schubert params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test");
1245*e0c4386eSCy Schubert if (!TEST_ptr(params))
1246*e0c4386eSCy Schubert return 0;
1247*e0c4386eSCy Schubert
1248*e0c4386eSCy Schubert /* Negative test case - derive should fail */
1249*e0c4386eSCy Schubert kctx = get_kdfbyname("KBKDF");
1250*e0c4386eSCy Schubert ret = TEST_ptr(kctx)
1251*e0c4386eSCy Schubert && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
1252*e0c4386eSCy Schubert && TEST_int_eq(EVP_KDF_derive(kctx, result, 0, NULL), 0);
1253*e0c4386eSCy Schubert
1254*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
1255*e0c4386eSCy Schubert OPENSSL_free(params);
1256*e0c4386eSCy Schubert return ret;
1257*e0c4386eSCy Schubert }
1258*e0c4386eSCy Schubert
1259*e0c4386eSCy Schubert /* Two test vectors from RFC 8009 (AES Encryption with HMAC-SHA2 for Kerberos
1260*e0c4386eSCy Schubert * 5) appendix A. */
test_kdf_kbkdf_8009_prf1(void)1261*e0c4386eSCy Schubert static int test_kdf_kbkdf_8009_prf1(void)
1262*e0c4386eSCy Schubert {
1263*e0c4386eSCy Schubert int ret, i = 0;
1264*e0c4386eSCy Schubert EVP_KDF_CTX *kctx;
1265*e0c4386eSCy Schubert OSSL_PARAM params[6];
1266*e0c4386eSCy Schubert char *label = "prf", *digest = "sha256", *prf_input = "test",
1267*e0c4386eSCy Schubert *mac = "HMAC";
1268*e0c4386eSCy Schubert static unsigned char input_key[] = {
1269*e0c4386eSCy Schubert 0x37, 0x05, 0xD9, 0x60, 0x80, 0xC1, 0x77, 0x28,
1270*e0c4386eSCy Schubert 0xA0, 0xE8, 0x00, 0xEA, 0xB6, 0xE0, 0xD2, 0x3C,
1271*e0c4386eSCy Schubert };
1272*e0c4386eSCy Schubert static unsigned char output[] = {
1273*e0c4386eSCy Schubert 0x9D, 0x18, 0x86, 0x16, 0xF6, 0x38, 0x52, 0xFE,
1274*e0c4386eSCy Schubert 0x86, 0x91, 0x5B, 0xB8, 0x40, 0xB4, 0xA8, 0x86,
1275*e0c4386eSCy Schubert 0xFF, 0x3E, 0x6B, 0xB0, 0xF8, 0x19, 0xB4, 0x9B,
1276*e0c4386eSCy Schubert 0x89, 0x33, 0x93, 0xD3, 0x93, 0x85, 0x42, 0x95,
1277*e0c4386eSCy Schubert };
1278*e0c4386eSCy Schubert unsigned char result[sizeof(output)] = { 0 };
1279*e0c4386eSCy Schubert
1280*e0c4386eSCy Schubert params[i++] = OSSL_PARAM_construct_utf8_string(
1281*e0c4386eSCy Schubert OSSL_KDF_PARAM_DIGEST, digest, 0);
1282*e0c4386eSCy Schubert params[i++] = OSSL_PARAM_construct_utf8_string(
1283*e0c4386eSCy Schubert OSSL_KDF_PARAM_MAC, mac, 0);
1284*e0c4386eSCy Schubert params[i++] = OSSL_PARAM_construct_octet_string(
1285*e0c4386eSCy Schubert OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
1286*e0c4386eSCy Schubert params[i++] = OSSL_PARAM_construct_octet_string(
1287*e0c4386eSCy Schubert OSSL_KDF_PARAM_SALT, label, strlen(label));
1288*e0c4386eSCy Schubert params[i++] = OSSL_PARAM_construct_octet_string(
1289*e0c4386eSCy Schubert OSSL_KDF_PARAM_INFO, prf_input, strlen(prf_input));
1290*e0c4386eSCy Schubert params[i] = OSSL_PARAM_construct_end();
1291*e0c4386eSCy Schubert
1292*e0c4386eSCy Schubert kctx = get_kdfbyname("KBKDF");
1293*e0c4386eSCy Schubert ret = TEST_ptr(kctx)
1294*e0c4386eSCy Schubert && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), params), 0)
1295*e0c4386eSCy Schubert && TEST_mem_eq(result, sizeof(result), output, sizeof(output));
1296*e0c4386eSCy Schubert
1297*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
1298*e0c4386eSCy Schubert return ret;
1299*e0c4386eSCy Schubert }
1300*e0c4386eSCy Schubert
test_kdf_kbkdf_8009_prf2(void)1301*e0c4386eSCy Schubert static int test_kdf_kbkdf_8009_prf2(void)
1302*e0c4386eSCy Schubert {
1303*e0c4386eSCy Schubert int ret, i = 0;
1304*e0c4386eSCy Schubert EVP_KDF_CTX *kctx;
1305*e0c4386eSCy Schubert OSSL_PARAM params[6];
1306*e0c4386eSCy Schubert char *label = "prf", *digest = "sha384", *prf_input = "test",
1307*e0c4386eSCy Schubert *mac = "HMAC";
1308*e0c4386eSCy Schubert static unsigned char input_key[] = {
1309*e0c4386eSCy Schubert 0x6D, 0x40, 0x4D, 0x37, 0xFA, 0xF7, 0x9F, 0x9D,
1310*e0c4386eSCy Schubert 0xF0, 0xD3, 0x35, 0x68, 0xD3, 0x20, 0x66, 0x98,
1311*e0c4386eSCy Schubert 0x00, 0xEB, 0x48, 0x36, 0x47, 0x2E, 0xA8, 0xA0,
1312*e0c4386eSCy Schubert 0x26, 0xD1, 0x6B, 0x71, 0x82, 0x46, 0x0C, 0x52,
1313*e0c4386eSCy Schubert };
1314*e0c4386eSCy Schubert static unsigned char output[] = {
1315*e0c4386eSCy Schubert 0x98, 0x01, 0xF6, 0x9A, 0x36, 0x8C, 0x2B, 0xF6,
1316*e0c4386eSCy Schubert 0x75, 0xE5, 0x95, 0x21, 0xE1, 0x77, 0xD9, 0xA0,
1317*e0c4386eSCy Schubert 0x7F, 0x67, 0xEF, 0xE1, 0xCF, 0xDE, 0x8D, 0x3C,
1318*e0c4386eSCy Schubert 0x8D, 0x6F, 0x6A, 0x02, 0x56, 0xE3, 0xB1, 0x7D,
1319*e0c4386eSCy Schubert 0xB3, 0xC1, 0xB6, 0x2A, 0xD1, 0xB8, 0x55, 0x33,
1320*e0c4386eSCy Schubert 0x60, 0xD1, 0x73, 0x67, 0xEB, 0x15, 0x14, 0xD2,
1321*e0c4386eSCy Schubert };
1322*e0c4386eSCy Schubert unsigned char result[sizeof(output)] = { 0 };
1323*e0c4386eSCy Schubert
1324*e0c4386eSCy Schubert params[i++] = OSSL_PARAM_construct_utf8_string(
1325*e0c4386eSCy Schubert OSSL_KDF_PARAM_DIGEST, digest, 0);
1326*e0c4386eSCy Schubert params[i++] = OSSL_PARAM_construct_utf8_string(
1327*e0c4386eSCy Schubert OSSL_KDF_PARAM_MAC, mac, 0);
1328*e0c4386eSCy Schubert params[i++] = OSSL_PARAM_construct_octet_string(
1329*e0c4386eSCy Schubert OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
1330*e0c4386eSCy Schubert params[i++] = OSSL_PARAM_construct_octet_string(
1331*e0c4386eSCy Schubert OSSL_KDF_PARAM_SALT, label, strlen(label));
1332*e0c4386eSCy Schubert params[i++] = OSSL_PARAM_construct_octet_string(
1333*e0c4386eSCy Schubert OSSL_KDF_PARAM_INFO, prf_input, strlen(prf_input));
1334*e0c4386eSCy Schubert params[i] = OSSL_PARAM_construct_end();
1335*e0c4386eSCy Schubert
1336*e0c4386eSCy Schubert kctx = get_kdfbyname("KBKDF");
1337*e0c4386eSCy Schubert ret = TEST_ptr(kctx)
1338*e0c4386eSCy Schubert && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), params), 0)
1339*e0c4386eSCy Schubert && TEST_mem_eq(result, sizeof(result), output, sizeof(output));
1340*e0c4386eSCy Schubert
1341*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
1342*e0c4386eSCy Schubert return ret;
1343*e0c4386eSCy Schubert }
1344*e0c4386eSCy Schubert
1345*e0c4386eSCy Schubert #if !defined(OPENSSL_NO_CMAC)
1346*e0c4386eSCy Schubert /*
1347*e0c4386eSCy Schubert * Test vector taken from
1348*e0c4386eSCy Schubert * https://csrc.nist.gov/CSRC/media/Projects/
1349*e0c4386eSCy Schubert * Cryptographic-Algorithm-Validation-Program/documents/KBKDF800-108/CounterMode.zip
1350*e0c4386eSCy Schubert * Note: Only 32 bit counter is supported ([RLEN=32_BITS])
1351*e0c4386eSCy Schubert */
test_kdf_kbkdf_fixedinfo(void)1352*e0c4386eSCy Schubert static int test_kdf_kbkdf_fixedinfo(void)
1353*e0c4386eSCy Schubert {
1354*e0c4386eSCy Schubert int ret;
1355*e0c4386eSCy Schubert EVP_KDF_CTX *kctx;
1356*e0c4386eSCy Schubert OSSL_PARAM params[8], *p = params;
1357*e0c4386eSCy Schubert static char *cipher = "AES128";
1358*e0c4386eSCy Schubert static char *mac = "CMAC";
1359*e0c4386eSCy Schubert static char *mode = "COUNTER";
1360*e0c4386eSCy Schubert int use_l = 0;
1361*e0c4386eSCy Schubert int use_separator = 0;
1362*e0c4386eSCy Schubert
1363*e0c4386eSCy Schubert static unsigned char input_key[] = {
1364*e0c4386eSCy Schubert 0xc1, 0x0b, 0x15, 0x2e, 0x8c, 0x97, 0xb7, 0x7e,
1365*e0c4386eSCy Schubert 0x18, 0x70, 0x4e, 0x0f, 0x0b, 0xd3, 0x83, 0x05,
1366*e0c4386eSCy Schubert };
1367*e0c4386eSCy Schubert static unsigned char fixed_input[] = {
1368*e0c4386eSCy Schubert 0x98, 0xcd, 0x4c, 0xbb, 0xbe, 0xbe, 0x15, 0xd1,
1369*e0c4386eSCy Schubert 0x7d, 0xc8, 0x6e, 0x6d, 0xba, 0xd8, 0x00, 0xa2,
1370*e0c4386eSCy Schubert 0xdc, 0xbd, 0x64, 0xf7, 0xc7, 0xad, 0x0e, 0x78,
1371*e0c4386eSCy Schubert 0xe9, 0xcf, 0x94, 0xff, 0xdb, 0xa8, 0x9d, 0x03,
1372*e0c4386eSCy Schubert 0xe9, 0x7e, 0xad, 0xf6, 0xc4, 0xf7, 0xb8, 0x06,
1373*e0c4386eSCy Schubert 0xca, 0xf5, 0x2a, 0xa3, 0x8f, 0x09, 0xd0, 0xeb,
1374*e0c4386eSCy Schubert 0x71, 0xd7, 0x1f, 0x49, 0x7b, 0xcc, 0x69, 0x06,
1375*e0c4386eSCy Schubert 0xb4, 0x8d, 0x36, 0xc4,
1376*e0c4386eSCy Schubert
1377*e0c4386eSCy Schubert };
1378*e0c4386eSCy Schubert static unsigned char output[] = {
1379*e0c4386eSCy Schubert 0x26, 0xfa, 0xf6, 0x19, 0x08, 0xad, 0x9e, 0xe8,
1380*e0c4386eSCy Schubert 0x81, 0xb8, 0x30, 0x5c, 0x22, 0x1d, 0xb5, 0x3f,
1381*e0c4386eSCy Schubert };
1382*e0c4386eSCy Schubert unsigned char result[sizeof(output)] = { 0 };
1383*e0c4386eSCy Schubert
1384*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER, cipher, 0);
1385*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, mac, 0);
1386*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE, mode, 0);
1387*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, input_key,
1388*e0c4386eSCy Schubert sizeof(input_key));
1389*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
1390*e0c4386eSCy Schubert fixed_input, sizeof(fixed_input));
1391*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_USE_L, &use_l);
1392*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR,
1393*e0c4386eSCy Schubert &use_separator);
1394*e0c4386eSCy Schubert *p = OSSL_PARAM_construct_end();
1395*e0c4386eSCy Schubert
1396*e0c4386eSCy Schubert kctx = get_kdfbyname("KBKDF");
1397*e0c4386eSCy Schubert ret = TEST_ptr(kctx)
1398*e0c4386eSCy Schubert && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), params), 0)
1399*e0c4386eSCy Schubert && TEST_mem_eq(result, sizeof(result), output, sizeof(output));
1400*e0c4386eSCy Schubert
1401*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
1402*e0c4386eSCy Schubert return ret;
1403*e0c4386eSCy Schubert }
1404*e0c4386eSCy Schubert #endif /* OPENSSL_NO_CMAC */
1405*e0c4386eSCy Schubert
test_kdf_ss_hmac(void)1406*e0c4386eSCy Schubert static int test_kdf_ss_hmac(void)
1407*e0c4386eSCy Schubert {
1408*e0c4386eSCy Schubert int ret;
1409*e0c4386eSCy Schubert EVP_KDF_CTX *kctx;
1410*e0c4386eSCy Schubert OSSL_PARAM params[6], *p = params;
1411*e0c4386eSCy Schubert unsigned char out[16];
1412*e0c4386eSCy Schubert static unsigned char z[] = {
1413*e0c4386eSCy Schubert 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
1414*e0c4386eSCy Schubert };
1415*e0c4386eSCy Schubert static unsigned char other[] = {
1416*e0c4386eSCy Schubert 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
1417*e0c4386eSCy Schubert };
1418*e0c4386eSCy Schubert static unsigned char salt[] = {
1419*e0c4386eSCy Schubert 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
1420*e0c4386eSCy Schubert 0x3f,0x89
1421*e0c4386eSCy Schubert };
1422*e0c4386eSCy Schubert static const unsigned char expected[sizeof(out)] = {
1423*e0c4386eSCy Schubert 0x44,0xf6,0x76,0xe8,0x5c,0x1b,0x1a,0x8b,0xbc,0x3d,0x31,0x92,0x18,0x63,
1424*e0c4386eSCy Schubert 0x1c,0xa3
1425*e0c4386eSCy Schubert };
1426*e0c4386eSCy Schubert
1427*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
1428*e0c4386eSCy Schubert (char *)OSSL_MAC_NAME_HMAC, 0);
1429*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
1430*e0c4386eSCy Schubert (char *)"sha256", 0);
1431*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
1432*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
1433*e0c4386eSCy Schubert sizeof(other));
1434*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt,
1435*e0c4386eSCy Schubert sizeof(salt));
1436*e0c4386eSCy Schubert *p = OSSL_PARAM_construct_end();
1437*e0c4386eSCy Schubert
1438*e0c4386eSCy Schubert ret =
1439*e0c4386eSCy Schubert TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
1440*e0c4386eSCy Schubert && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
1441*e0c4386eSCy Schubert && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1442*e0c4386eSCy Schubert
1443*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
1444*e0c4386eSCy Schubert return ret;
1445*e0c4386eSCy Schubert }
1446*e0c4386eSCy Schubert
test_kdf_ss_kmac(void)1447*e0c4386eSCy Schubert static int test_kdf_ss_kmac(void)
1448*e0c4386eSCy Schubert {
1449*e0c4386eSCy Schubert int ret;
1450*e0c4386eSCy Schubert EVP_KDF_CTX *kctx;
1451*e0c4386eSCy Schubert OSSL_PARAM params[7], *p = params;
1452*e0c4386eSCy Schubert unsigned char out[64];
1453*e0c4386eSCy Schubert size_t mac_size = 20;
1454*e0c4386eSCy Schubert static unsigned char z[] = {
1455*e0c4386eSCy Schubert 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
1456*e0c4386eSCy Schubert };
1457*e0c4386eSCy Schubert static unsigned char other[] = {
1458*e0c4386eSCy Schubert 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
1459*e0c4386eSCy Schubert };
1460*e0c4386eSCy Schubert static unsigned char salt[] = {
1461*e0c4386eSCy Schubert 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
1462*e0c4386eSCy Schubert 0x3f,0x89
1463*e0c4386eSCy Schubert };
1464*e0c4386eSCy Schubert static const unsigned char expected[sizeof(out)] = {
1465*e0c4386eSCy Schubert 0xe9,0xc1,0x84,0x53,0xa0,0x62,0xb5,0x3b,0xdb,0xfc,0xbb,0x5a,0x34,0xbd,
1466*e0c4386eSCy Schubert 0xb8,0xe5,0xe7,0x07,0xee,0xbb,0x5d,0xd1,0x34,0x42,0x43,0xd8,0xcf,0xc2,
1467*e0c4386eSCy Schubert 0xc2,0xe6,0x33,0x2f,0x91,0xbd,0xa5,0x86,0xf3,0x7d,0xe4,0x8a,0x65,0xd4,
1468*e0c4386eSCy Schubert 0xc5,0x14,0xfd,0xef,0xaa,0x1e,0x67,0x54,0xf3,0x73,0xd2,0x38,0xe1,0x95,
1469*e0c4386eSCy Schubert 0xae,0x15,0x7e,0x1d,0xe8,0x14,0x98,0x03
1470*e0c4386eSCy Schubert };
1471*e0c4386eSCy Schubert
1472*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
1473*e0c4386eSCy Schubert (char *)OSSL_MAC_NAME_KMAC128, 0);
1474*e0c4386eSCy Schubert /* The digest parameter is not needed here and should be ignored */
1475*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
1476*e0c4386eSCy Schubert (char *)"SHA256", 0);
1477*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
1478*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
1479*e0c4386eSCy Schubert sizeof(other));
1480*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt,
1481*e0c4386eSCy Schubert sizeof(salt));
1482*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_MAC_SIZE, &mac_size);
1483*e0c4386eSCy Schubert *p = OSSL_PARAM_construct_end();
1484*e0c4386eSCy Schubert
1485*e0c4386eSCy Schubert ret =
1486*e0c4386eSCy Schubert TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
1487*e0c4386eSCy Schubert && TEST_size_t_eq(EVP_KDF_CTX_get_kdf_size(kctx), 0)
1488*e0c4386eSCy Schubert && TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 1)
1489*e0c4386eSCy Schubert /* The bug fix for KMAC returning SIZE_MAX was added in 3.0.8 */
1490*e0c4386eSCy Schubert && (fips_provider_version_lt(NULL, 3, 0, 8)
1491*e0c4386eSCy Schubert || TEST_size_t_eq(EVP_KDF_CTX_get_kdf_size(kctx), SIZE_MAX))
1492*e0c4386eSCy Schubert && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)
1493*e0c4386eSCy Schubert && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1494*e0c4386eSCy Schubert
1495*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
1496*e0c4386eSCy Schubert return ret;
1497*e0c4386eSCy Schubert }
1498*e0c4386eSCy Schubert
test_kdf_sshkdf(void)1499*e0c4386eSCy Schubert static int test_kdf_sshkdf(void)
1500*e0c4386eSCy Schubert {
1501*e0c4386eSCy Schubert int ret;
1502*e0c4386eSCy Schubert EVP_KDF_CTX *kctx;
1503*e0c4386eSCy Schubert OSSL_PARAM params[6], *p = params;
1504*e0c4386eSCy Schubert char kdftype = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV;
1505*e0c4386eSCy Schubert unsigned char out[8];
1506*e0c4386eSCy Schubert /* Test data from NIST CAVS 14.1 test vectors */
1507*e0c4386eSCy Schubert static unsigned char key[] = {
1508*e0c4386eSCy Schubert 0x00, 0x00, 0x00, 0x81, 0x00, 0x87, 0x5c, 0x55, 0x1c, 0xef, 0x52, 0x6a,
1509*e0c4386eSCy Schubert 0x4a, 0x8b, 0xe1, 0xa7, 0xdf, 0x27, 0xe9, 0xed, 0x35, 0x4b, 0xac, 0x9a,
1510*e0c4386eSCy Schubert 0xfb, 0x71, 0xf5, 0x3d, 0xba, 0xe9, 0x05, 0x67, 0x9d, 0x14, 0xf9, 0xfa,
1511*e0c4386eSCy Schubert 0xf2, 0x46, 0x9c, 0x53, 0x45, 0x7c, 0xf8, 0x0a, 0x36, 0x6b, 0xe2, 0x78,
1512*e0c4386eSCy Schubert 0x96, 0x5b, 0xa6, 0x25, 0x52, 0x76, 0xca, 0x2d, 0x9f, 0x4a, 0x97, 0xd2,
1513*e0c4386eSCy Schubert 0x71, 0xf7, 0x1e, 0x50, 0xd8, 0xa9, 0xec, 0x46, 0x25, 0x3a, 0x6a, 0x90,
1514*e0c4386eSCy Schubert 0x6a, 0xc2, 0xc5, 0xe4, 0xf4, 0x8b, 0x27, 0xa6, 0x3c, 0xe0, 0x8d, 0x80,
1515*e0c4386eSCy Schubert 0x39, 0x0a, 0x49, 0x2a, 0xa4, 0x3b, 0xad, 0x9d, 0x88, 0x2c, 0xca, 0xc2,
1516*e0c4386eSCy Schubert 0x3d, 0xac, 0x88, 0xbc, 0xad, 0xa4, 0xb4, 0xd4, 0x26, 0xa3, 0x62, 0x08,
1517*e0c4386eSCy Schubert 0x3d, 0xab, 0x65, 0x69, 0xc5, 0x4c, 0x22, 0x4d, 0xd2, 0xd8, 0x76, 0x43,
1518*e0c4386eSCy Schubert 0xaa, 0x22, 0x76, 0x93, 0xe1, 0x41, 0xad, 0x16, 0x30, 0xce, 0x13, 0x14,
1519*e0c4386eSCy Schubert 0x4e
1520*e0c4386eSCy Schubert };
1521*e0c4386eSCy Schubert static unsigned char xcghash[] = {
1522*e0c4386eSCy Schubert 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
1523*e0c4386eSCy Schubert 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
1524*e0c4386eSCy Schubert 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
1525*e0c4386eSCy Schubert };
1526*e0c4386eSCy Schubert static unsigned char sessid[] = {
1527*e0c4386eSCy Schubert 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
1528*e0c4386eSCy Schubert 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
1529*e0c4386eSCy Schubert 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
1530*e0c4386eSCy Schubert };
1531*e0c4386eSCy Schubert static const unsigned char expected[sizeof(out)] = {
1532*e0c4386eSCy Schubert 0x41, 0xff, 0x2e, 0xad, 0x16, 0x83, 0xf1, 0xe6
1533*e0c4386eSCy Schubert };
1534*e0c4386eSCy Schubert
1535*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
1536*e0c4386eSCy Schubert (char *)"sha256", 0);
1537*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key,
1538*e0c4386eSCy Schubert sizeof(key));
1539*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_XCGHASH,
1540*e0c4386eSCy Schubert xcghash, sizeof(xcghash));
1541*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_SESSION_ID,
1542*e0c4386eSCy Schubert sessid, sizeof(sessid));
1543*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE,
1544*e0c4386eSCy Schubert &kdftype, sizeof(kdftype));
1545*e0c4386eSCy Schubert *p = OSSL_PARAM_construct_end();
1546*e0c4386eSCy Schubert
1547*e0c4386eSCy Schubert ret =
1548*e0c4386eSCy Schubert TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSHKDF))
1549*e0c4386eSCy Schubert && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
1550*e0c4386eSCy Schubert && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1551*e0c4386eSCy Schubert
1552*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
1553*e0c4386eSCy Schubert return ret;
1554*e0c4386eSCy Schubert }
1555*e0c4386eSCy Schubert
test_kdfs_same(EVP_KDF * kdf1,EVP_KDF * kdf2)1556*e0c4386eSCy Schubert static int test_kdfs_same( EVP_KDF *kdf1, EVP_KDF *kdf2)
1557*e0c4386eSCy Schubert {
1558*e0c4386eSCy Schubert /* Fast path in case the two are the same algorithm pointer */
1559*e0c4386eSCy Schubert if (kdf1 == kdf2)
1560*e0c4386eSCy Schubert return 1;
1561*e0c4386eSCy Schubert /*
1562*e0c4386eSCy Schubert * Compare their names and providers instead.
1563*e0c4386eSCy Schubert * This is necessary in a non-caching build (or a cache flush during fetch)
1564*e0c4386eSCy Schubert * because without the algorithm in the cache, fetching it a second time
1565*e0c4386eSCy Schubert * will result in a different pointer.
1566*e0c4386eSCy Schubert */
1567*e0c4386eSCy Schubert return TEST_ptr_eq(EVP_KDF_get0_provider(kdf1), EVP_KDF_get0_provider(kdf2))
1568*e0c4386eSCy Schubert && TEST_str_eq(EVP_KDF_get0_name(kdf1), EVP_KDF_get0_name(kdf2));
1569*e0c4386eSCy Schubert }
1570*e0c4386eSCy Schubert
test_kdf_get_kdf(void)1571*e0c4386eSCy Schubert static int test_kdf_get_kdf(void)
1572*e0c4386eSCy Schubert {
1573*e0c4386eSCy Schubert EVP_KDF *kdf1 = NULL, *kdf2 = NULL;
1574*e0c4386eSCy Schubert ASN1_OBJECT *obj;
1575*e0c4386eSCy Schubert int ok = 1;
1576*e0c4386eSCy Schubert
1577*e0c4386eSCy Schubert if (!TEST_ptr(obj = OBJ_nid2obj(NID_id_pbkdf2))
1578*e0c4386eSCy Schubert || !TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_PBKDF2, NULL))
1579*e0c4386eSCy Schubert || !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(OBJ_obj2nid(obj)),
1580*e0c4386eSCy Schubert NULL))
1581*e0c4386eSCy Schubert || !test_kdfs_same(kdf1, kdf2))
1582*e0c4386eSCy Schubert ok = 0;
1583*e0c4386eSCy Schubert EVP_KDF_free(kdf1);
1584*e0c4386eSCy Schubert kdf1 = NULL;
1585*e0c4386eSCy Schubert EVP_KDF_free(kdf2);
1586*e0c4386eSCy Schubert kdf2 = NULL;
1587*e0c4386eSCy Schubert
1588*e0c4386eSCy Schubert if (!TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, SN_tls1_prf, NULL))
1589*e0c4386eSCy Schubert || !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, LN_tls1_prf, NULL))
1590*e0c4386eSCy Schubert || !test_kdfs_same(kdf1, kdf2))
1591*e0c4386eSCy Schubert ok = 0;
1592*e0c4386eSCy Schubert /* kdf1 is re-used below, so don't free it here */
1593*e0c4386eSCy Schubert EVP_KDF_free(kdf2);
1594*e0c4386eSCy Schubert kdf2 = NULL;
1595*e0c4386eSCy Schubert
1596*e0c4386eSCy Schubert if (!TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(NID_tls1_prf), NULL))
1597*e0c4386eSCy Schubert || !test_kdfs_same(kdf1, kdf2))
1598*e0c4386eSCy Schubert ok = 0;
1599*e0c4386eSCy Schubert EVP_KDF_free(kdf1);
1600*e0c4386eSCy Schubert kdf1 = NULL;
1601*e0c4386eSCy Schubert EVP_KDF_free(kdf2);
1602*e0c4386eSCy Schubert kdf2 = NULL;
1603*e0c4386eSCy Schubert
1604*e0c4386eSCy Schubert return ok;
1605*e0c4386eSCy Schubert }
1606*e0c4386eSCy Schubert
1607*e0c4386eSCy Schubert #if !defined(OPENSSL_NO_CMS) && !defined(OPENSSL_NO_DES)
test_kdf_x942_asn1(void)1608*e0c4386eSCy Schubert static int test_kdf_x942_asn1(void)
1609*e0c4386eSCy Schubert {
1610*e0c4386eSCy Schubert int ret;
1611*e0c4386eSCy Schubert EVP_KDF_CTX *kctx = NULL;
1612*e0c4386eSCy Schubert OSSL_PARAM params[4], *p = params;
1613*e0c4386eSCy Schubert const char *cek_alg = SN_id_smime_alg_CMS3DESwrap;
1614*e0c4386eSCy Schubert unsigned char out[24];
1615*e0c4386eSCy Schubert /* RFC2631 Section 2.1.6 Test data */
1616*e0c4386eSCy Schubert static unsigned char z[] = {
1617*e0c4386eSCy Schubert 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,
1618*e0c4386eSCy Schubert 0x0e,0x0f,0x10,0x11,0x12,0x13
1619*e0c4386eSCy Schubert };
1620*e0c4386eSCy Schubert static const unsigned char expected[sizeof(out)] = {
1621*e0c4386eSCy Schubert 0xa0,0x96,0x61,0x39,0x23,0x76,0xf7,0x04,
1622*e0c4386eSCy Schubert 0x4d,0x90,0x52,0xa3,0x97,0x88,0x32,0x46,
1623*e0c4386eSCy Schubert 0xb6,0x7f,0x5f,0x1e,0xf6,0x3e,0xb5,0xfb
1624*e0c4386eSCy Schubert };
1625*e0c4386eSCy Schubert
1626*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
1627*e0c4386eSCy Schubert (char *)"sha1", 0);
1628*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z,
1629*e0c4386eSCy Schubert sizeof(z));
1630*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG,
1631*e0c4386eSCy Schubert (char *)cek_alg, 0);
1632*e0c4386eSCy Schubert *p = OSSL_PARAM_construct_end();
1633*e0c4386eSCy Schubert
1634*e0c4386eSCy Schubert ret =
1635*e0c4386eSCy Schubert TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X942KDF_ASN1))
1636*e0c4386eSCy Schubert && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
1637*e0c4386eSCy Schubert && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1638*e0c4386eSCy Schubert
1639*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
1640*e0c4386eSCy Schubert return ret;
1641*e0c4386eSCy Schubert }
1642*e0c4386eSCy Schubert #endif /* OPENSSL_NO_CMS */
1643*e0c4386eSCy Schubert
test_kdf_krb5kdf(void)1644*e0c4386eSCy Schubert static int test_kdf_krb5kdf(void)
1645*e0c4386eSCy Schubert {
1646*e0c4386eSCy Schubert int ret;
1647*e0c4386eSCy Schubert EVP_KDF_CTX *kctx;
1648*e0c4386eSCy Schubert OSSL_PARAM params[4], *p = params;
1649*e0c4386eSCy Schubert unsigned char out[16];
1650*e0c4386eSCy Schubert static unsigned char key[] = {
1651*e0c4386eSCy Schubert 0x42, 0x26, 0x3C, 0x6E, 0x89, 0xF4, 0xFC, 0x28,
1652*e0c4386eSCy Schubert 0xB8, 0xDF, 0x68, 0xEE, 0x09, 0x79, 0x9F, 0x15
1653*e0c4386eSCy Schubert };
1654*e0c4386eSCy Schubert static unsigned char constant[] = {
1655*e0c4386eSCy Schubert 0x00, 0x00, 0x00, 0x02, 0x99
1656*e0c4386eSCy Schubert };
1657*e0c4386eSCy Schubert static const unsigned char expected[sizeof(out)] = {
1658*e0c4386eSCy Schubert 0x34, 0x28, 0x0A, 0x38, 0x2B, 0xC9, 0x27, 0x69,
1659*e0c4386eSCy Schubert 0xB2, 0xDA, 0x2F, 0x9E, 0xF0, 0x66, 0x85, 0x4B
1660*e0c4386eSCy Schubert };
1661*e0c4386eSCy Schubert
1662*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER,
1663*e0c4386eSCy Schubert (char *)"AES-128-CBC", 0);
1664*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key,
1665*e0c4386eSCy Schubert sizeof(key));
1666*e0c4386eSCy Schubert *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_CONSTANT,
1667*e0c4386eSCy Schubert constant, sizeof(constant));
1668*e0c4386eSCy Schubert *p = OSSL_PARAM_construct_end();
1669*e0c4386eSCy Schubert
1670*e0c4386eSCy Schubert ret =
1671*e0c4386eSCy Schubert TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_KRB5KDF))
1672*e0c4386eSCy Schubert && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
1673*e0c4386eSCy Schubert && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1674*e0c4386eSCy Schubert
1675*e0c4386eSCy Schubert EVP_KDF_CTX_free(kctx);
1676*e0c4386eSCy Schubert return ret;
1677*e0c4386eSCy Schubert }
1678*e0c4386eSCy Schubert
setup_tests(void)1679*e0c4386eSCy Schubert int setup_tests(void)
1680*e0c4386eSCy Schubert {
1681*e0c4386eSCy Schubert ADD_TEST(test_kdf_pbkdf1);
1682*e0c4386eSCy Schubert ADD_TEST(test_kdf_pbkdf1_key_too_long);
1683*e0c4386eSCy Schubert #if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_CAMELLIA)
1684*e0c4386eSCy Schubert ADD_TEST(test_kdf_kbkdf_6803_128);
1685*e0c4386eSCy Schubert ADD_TEST(test_kdf_kbkdf_6803_256);
1686*e0c4386eSCy Schubert #endif
1687*e0c4386eSCy Schubert ADD_TEST(test_kdf_kbkdf_invalid_digest);
1688*e0c4386eSCy Schubert ADD_TEST(test_kdf_kbkdf_invalid_mac);
1689*e0c4386eSCy Schubert ADD_TEST(test_kdf_kbkdf_zero_output_size);
1690*e0c4386eSCy Schubert ADD_TEST(test_kdf_kbkdf_empty_key);
1691*e0c4386eSCy Schubert ADD_TEST(test_kdf_kbkdf_1byte_key);
1692*e0c4386eSCy Schubert ADD_TEST(test_kdf_kbkdf_8009_prf1);
1693*e0c4386eSCy Schubert ADD_TEST(test_kdf_kbkdf_8009_prf2);
1694*e0c4386eSCy Schubert #if !defined(OPENSSL_NO_CMAC)
1695*e0c4386eSCy Schubert ADD_TEST(test_kdf_kbkdf_fixedinfo);
1696*e0c4386eSCy Schubert #endif
1697*e0c4386eSCy Schubert ADD_TEST(test_kdf_get_kdf);
1698*e0c4386eSCy Schubert ADD_TEST(test_kdf_tls1_prf);
1699*e0c4386eSCy Schubert ADD_TEST(test_kdf_tls1_prf_invalid_digest);
1700*e0c4386eSCy Schubert ADD_TEST(test_kdf_tls1_prf_zero_output_size);
1701*e0c4386eSCy Schubert ADD_TEST(test_kdf_tls1_prf_empty_secret);
1702*e0c4386eSCy Schubert ADD_TEST(test_kdf_tls1_prf_1byte_secret);
1703*e0c4386eSCy Schubert ADD_TEST(test_kdf_tls1_prf_empty_seed);
1704*e0c4386eSCy Schubert ADD_TEST(test_kdf_tls1_prf_1byte_seed);
1705*e0c4386eSCy Schubert ADD_TEST(test_kdf_hkdf);
1706*e0c4386eSCy Schubert ADD_TEST(test_kdf_hkdf_invalid_digest);
1707*e0c4386eSCy Schubert ADD_TEST(test_kdf_hkdf_zero_output_size);
1708*e0c4386eSCy Schubert ADD_TEST(test_kdf_hkdf_empty_key);
1709*e0c4386eSCy Schubert ADD_TEST(test_kdf_hkdf_1byte_key);
1710*e0c4386eSCy Schubert ADD_TEST(test_kdf_hkdf_empty_salt);
1711*e0c4386eSCy Schubert ADD_TEST(test_kdf_hkdf_gettables);
1712*e0c4386eSCy Schubert ADD_TEST(test_kdf_hkdf_gettables_expandonly);
1713*e0c4386eSCy Schubert ADD_TEST(test_kdf_hkdf_gettables_no_digest);
1714*e0c4386eSCy Schubert ADD_TEST(test_kdf_hkdf_derive_set_params_fail);
1715*e0c4386eSCy Schubert ADD_TEST(test_kdf_hkdf_set_invalid_mode);
1716*e0c4386eSCy Schubert ADD_TEST(test_kdf_hkdf_set_ctx_param_fail);
1717*e0c4386eSCy Schubert ADD_TEST(test_kdf_pbkdf2);
1718*e0c4386eSCy Schubert ADD_TEST(test_kdf_pbkdf2_small_output);
1719*e0c4386eSCy Schubert ADD_TEST(test_kdf_pbkdf2_large_output);
1720*e0c4386eSCy Schubert ADD_TEST(test_kdf_pbkdf2_small_salt);
1721*e0c4386eSCy Schubert ADD_TEST(test_kdf_pbkdf2_small_iterations);
1722*e0c4386eSCy Schubert ADD_TEST(test_kdf_pbkdf2_small_salt_pkcs5);
1723*e0c4386eSCy Schubert ADD_TEST(test_kdf_pbkdf2_small_iterations_pkcs5);
1724*e0c4386eSCy Schubert ADD_TEST(test_kdf_pbkdf2_invalid_digest);
1725*e0c4386eSCy Schubert #ifndef OPENSSL_NO_SCRYPT
1726*e0c4386eSCy Schubert ADD_TEST(test_kdf_scrypt);
1727*e0c4386eSCy Schubert #endif
1728*e0c4386eSCy Schubert ADD_TEST(test_kdf_ss_hash);
1729*e0c4386eSCy Schubert ADD_TEST(test_kdf_ss_hmac);
1730*e0c4386eSCy Schubert ADD_TEST(test_kdf_ss_kmac);
1731*e0c4386eSCy Schubert ADD_TEST(test_kdf_sshkdf);
1732*e0c4386eSCy Schubert ADD_TEST(test_kdf_x963);
1733*e0c4386eSCy Schubert #if !defined(OPENSSL_NO_CMS) && !defined(OPENSSL_NO_DES)
1734*e0c4386eSCy Schubert ADD_TEST(test_kdf_x942_asn1);
1735*e0c4386eSCy Schubert #endif
1736*e0c4386eSCy Schubert ADD_TEST(test_kdf_krb5kdf);
1737*e0c4386eSCy Schubert return 1;
1738*e0c4386eSCy Schubert }
1739