1e1051a39Sopenharmony_ci/* 2e1051a39Sopenharmony_ci * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved. 3e1051a39Sopenharmony_ci * Copyright (c) 2018-2020, Oracle and/or its affiliates. All rights reserved. 4e1051a39Sopenharmony_ci * 5e1051a39Sopenharmony_ci * Licensed under the Apache License 2.0 (the "License"). You may not use 6e1051a39Sopenharmony_ci * this file except in compliance with the License. You can obtain a copy 7e1051a39Sopenharmony_ci * in the file LICENSE in the source distribution or at 8e1051a39Sopenharmony_ci * https://www.openssl.org/source/license.html 9e1051a39Sopenharmony_ci */ 10e1051a39Sopenharmony_ci 11e1051a39Sopenharmony_ci/* Tests of the EVP_KDF_CTX APIs */ 12e1051a39Sopenharmony_ci 13e1051a39Sopenharmony_ci#include <stdio.h> 14e1051a39Sopenharmony_ci#include <string.h> 15e1051a39Sopenharmony_ci 16e1051a39Sopenharmony_ci#include <openssl/evp.h> 17e1051a39Sopenharmony_ci#include <openssl/kdf.h> 18e1051a39Sopenharmony_ci#include <openssl/core_names.h> 19e1051a39Sopenharmony_ci#include "internal/numbers.h" 20e1051a39Sopenharmony_ci#include "testutil.h" 21e1051a39Sopenharmony_ci 22e1051a39Sopenharmony_ci 23e1051a39Sopenharmony_cistatic EVP_KDF_CTX *get_kdfbyname_libctx(OSSL_LIB_CTX *libctx, const char *name) 24e1051a39Sopenharmony_ci{ 25e1051a39Sopenharmony_ci EVP_KDF *kdf = EVP_KDF_fetch(libctx, name, NULL); 26e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); 27e1051a39Sopenharmony_ci 28e1051a39Sopenharmony_ci EVP_KDF_free(kdf); 29e1051a39Sopenharmony_ci return kctx; 30e1051a39Sopenharmony_ci} 31e1051a39Sopenharmony_ci 32e1051a39Sopenharmony_cistatic EVP_KDF_CTX *get_kdfbyname(const char *name) 33e1051a39Sopenharmony_ci{ 34e1051a39Sopenharmony_ci return get_kdfbyname_libctx(NULL, name); 35e1051a39Sopenharmony_ci} 36e1051a39Sopenharmony_ci 37e1051a39Sopenharmony_cistatic OSSL_PARAM *construct_tls1_prf_params(const char *digest, const char *secret, 38e1051a39Sopenharmony_ci const char *seed) 39e1051a39Sopenharmony_ci{ 40e1051a39Sopenharmony_ci OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 4); 41e1051a39Sopenharmony_ci OSSL_PARAM *p = params; 42e1051a39Sopenharmony_ci 43e1051a39Sopenharmony_ci if (params == NULL) 44e1051a39Sopenharmony_ci return NULL; 45e1051a39Sopenharmony_ci 46e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, 47e1051a39Sopenharmony_ci (char *)digest, 0); 48e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET, 49e1051a39Sopenharmony_ci (unsigned char *)secret, 50e1051a39Sopenharmony_ci strlen(secret)); 51e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, 52e1051a39Sopenharmony_ci (unsigned char *)seed, 53e1051a39Sopenharmony_ci strlen(seed)); 54e1051a39Sopenharmony_ci *p = OSSL_PARAM_construct_end(); 55e1051a39Sopenharmony_ci 56e1051a39Sopenharmony_ci return params; 57e1051a39Sopenharmony_ci} 58e1051a39Sopenharmony_ci 59e1051a39Sopenharmony_cistatic int test_kdf_tls1_prf(void) 60e1051a39Sopenharmony_ci{ 61e1051a39Sopenharmony_ci int ret; 62e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx = NULL; 63e1051a39Sopenharmony_ci unsigned char out[16]; 64e1051a39Sopenharmony_ci OSSL_PARAM *params; 65e1051a39Sopenharmony_ci static const unsigned char expected[sizeof(out)] = { 66e1051a39Sopenharmony_ci 0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0, 67e1051a39Sopenharmony_ci 0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc 68e1051a39Sopenharmony_ci }; 69e1051a39Sopenharmony_ci 70e1051a39Sopenharmony_ci params = construct_tls1_prf_params("sha256", "secret", "seed"); 71e1051a39Sopenharmony_ci 72e1051a39Sopenharmony_ci ret = TEST_ptr(params) 73e1051a39Sopenharmony_ci && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF)) 74e1051a39Sopenharmony_ci && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0) 75e1051a39Sopenharmony_ci && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); 76e1051a39Sopenharmony_ci 77e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 78e1051a39Sopenharmony_ci OPENSSL_free(params); 79e1051a39Sopenharmony_ci return ret; 80e1051a39Sopenharmony_ci} 81e1051a39Sopenharmony_ci 82e1051a39Sopenharmony_cistatic int test_kdf_tls1_prf_invalid_digest(void) 83e1051a39Sopenharmony_ci{ 84e1051a39Sopenharmony_ci int ret; 85e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx = NULL; 86e1051a39Sopenharmony_ci OSSL_PARAM *params; 87e1051a39Sopenharmony_ci 88e1051a39Sopenharmony_ci params = construct_tls1_prf_params("blah", "secret", "seed"); 89e1051a39Sopenharmony_ci 90e1051a39Sopenharmony_ci ret = TEST_ptr(params) 91e1051a39Sopenharmony_ci && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF)) 92e1051a39Sopenharmony_ci && TEST_false(EVP_KDF_CTX_set_params(kctx, params)); 93e1051a39Sopenharmony_ci 94e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 95e1051a39Sopenharmony_ci OPENSSL_free(params); 96e1051a39Sopenharmony_ci return ret; 97e1051a39Sopenharmony_ci} 98e1051a39Sopenharmony_ci 99e1051a39Sopenharmony_cistatic int test_kdf_tls1_prf_zero_output_size(void) 100e1051a39Sopenharmony_ci{ 101e1051a39Sopenharmony_ci int ret; 102e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx = NULL; 103e1051a39Sopenharmony_ci unsigned char out[16]; 104e1051a39Sopenharmony_ci OSSL_PARAM *params; 105e1051a39Sopenharmony_ci 106e1051a39Sopenharmony_ci params = construct_tls1_prf_params("sha256", "secret", "seed"); 107e1051a39Sopenharmony_ci 108e1051a39Sopenharmony_ci /* Negative test - derive should fail */ 109e1051a39Sopenharmony_ci ret = TEST_ptr(params) 110e1051a39Sopenharmony_ci && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF)) 111e1051a39Sopenharmony_ci && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) 112e1051a39Sopenharmony_ci && TEST_int_eq(EVP_KDF_derive(kctx, out, 0, NULL), 0); 113e1051a39Sopenharmony_ci 114e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 115e1051a39Sopenharmony_ci OPENSSL_free(params); 116e1051a39Sopenharmony_ci return ret; 117e1051a39Sopenharmony_ci} 118e1051a39Sopenharmony_ci 119e1051a39Sopenharmony_cistatic int test_kdf_tls1_prf_empty_secret(void) 120e1051a39Sopenharmony_ci{ 121e1051a39Sopenharmony_ci int ret; 122e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx = NULL; 123e1051a39Sopenharmony_ci unsigned char out[16]; 124e1051a39Sopenharmony_ci OSSL_PARAM *params; 125e1051a39Sopenharmony_ci 126e1051a39Sopenharmony_ci params = construct_tls1_prf_params("sha256", "", "seed"); 127e1051a39Sopenharmony_ci 128e1051a39Sopenharmony_ci ret = TEST_ptr(params) 129e1051a39Sopenharmony_ci && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF)) 130e1051a39Sopenharmony_ci && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0); 131e1051a39Sopenharmony_ci 132e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 133e1051a39Sopenharmony_ci OPENSSL_free(params); 134e1051a39Sopenharmony_ci return ret; 135e1051a39Sopenharmony_ci} 136e1051a39Sopenharmony_ci 137e1051a39Sopenharmony_cistatic int test_kdf_tls1_prf_1byte_secret(void) 138e1051a39Sopenharmony_ci{ 139e1051a39Sopenharmony_ci int ret; 140e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx = NULL; 141e1051a39Sopenharmony_ci unsigned char out[16]; 142e1051a39Sopenharmony_ci OSSL_PARAM *params; 143e1051a39Sopenharmony_ci 144e1051a39Sopenharmony_ci params = construct_tls1_prf_params("sha256", "1", "seed"); 145e1051a39Sopenharmony_ci 146e1051a39Sopenharmony_ci ret = TEST_ptr(params) 147e1051a39Sopenharmony_ci && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF)) 148e1051a39Sopenharmony_ci && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0); 149e1051a39Sopenharmony_ci 150e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 151e1051a39Sopenharmony_ci OPENSSL_free(params); 152e1051a39Sopenharmony_ci return ret; 153e1051a39Sopenharmony_ci} 154e1051a39Sopenharmony_ci 155e1051a39Sopenharmony_cistatic int test_kdf_tls1_prf_empty_seed(void) 156e1051a39Sopenharmony_ci{ 157e1051a39Sopenharmony_ci int ret; 158e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx = NULL; 159e1051a39Sopenharmony_ci unsigned char out[16]; 160e1051a39Sopenharmony_ci OSSL_PARAM *params; 161e1051a39Sopenharmony_ci 162e1051a39Sopenharmony_ci params = construct_tls1_prf_params("sha256", "secret", ""); 163e1051a39Sopenharmony_ci 164e1051a39Sopenharmony_ci /* Negative test - derive should fail */ 165e1051a39Sopenharmony_ci ret = TEST_ptr(params) 166e1051a39Sopenharmony_ci && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF)) 167e1051a39Sopenharmony_ci && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) 168e1051a39Sopenharmony_ci && TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0); 169e1051a39Sopenharmony_ci 170e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 171e1051a39Sopenharmony_ci OPENSSL_free(params); 172e1051a39Sopenharmony_ci return ret; 173e1051a39Sopenharmony_ci} 174e1051a39Sopenharmony_ci 175e1051a39Sopenharmony_cistatic int test_kdf_tls1_prf_1byte_seed(void) 176e1051a39Sopenharmony_ci{ 177e1051a39Sopenharmony_ci int ret; 178e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx = NULL; 179e1051a39Sopenharmony_ci unsigned char out[16]; 180e1051a39Sopenharmony_ci OSSL_PARAM *params; 181e1051a39Sopenharmony_ci 182e1051a39Sopenharmony_ci params = construct_tls1_prf_params("sha256", "secret", "1"); 183e1051a39Sopenharmony_ci 184e1051a39Sopenharmony_ci ret = TEST_ptr(params) 185e1051a39Sopenharmony_ci && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF)) 186e1051a39Sopenharmony_ci && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0); 187e1051a39Sopenharmony_ci 188e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 189e1051a39Sopenharmony_ci OPENSSL_free(params); 190e1051a39Sopenharmony_ci return ret; 191e1051a39Sopenharmony_ci} 192e1051a39Sopenharmony_ci 193e1051a39Sopenharmony_cistatic OSSL_PARAM *construct_hkdf_params(char *digest, char *key, 194e1051a39Sopenharmony_ci size_t keylen, char *salt, char *info) 195e1051a39Sopenharmony_ci{ 196e1051a39Sopenharmony_ci OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 5); 197e1051a39Sopenharmony_ci OSSL_PARAM *p = params; 198e1051a39Sopenharmony_ci 199e1051a39Sopenharmony_ci if (params == NULL) 200e1051a39Sopenharmony_ci return NULL; 201e1051a39Sopenharmony_ci 202e1051a39Sopenharmony_ci if (digest != NULL) 203e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, 204e1051a39Sopenharmony_ci digest, 0); 205e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, 206e1051a39Sopenharmony_ci salt, strlen(salt)); 207e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, 208e1051a39Sopenharmony_ci (unsigned char *)key, keylen); 209e1051a39Sopenharmony_ci if (info != NULL) 210e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, 211e1051a39Sopenharmony_ci info, strlen(info)); 212e1051a39Sopenharmony_ci else 213e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE, 214e1051a39Sopenharmony_ci "EXTRACT_ONLY", 0); 215e1051a39Sopenharmony_ci *p = OSSL_PARAM_construct_end(); 216e1051a39Sopenharmony_ci 217e1051a39Sopenharmony_ci return params; 218e1051a39Sopenharmony_ci} 219e1051a39Sopenharmony_ci 220e1051a39Sopenharmony_cistatic int test_kdf_hkdf(void) 221e1051a39Sopenharmony_ci{ 222e1051a39Sopenharmony_ci int ret; 223e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx = NULL; 224e1051a39Sopenharmony_ci unsigned char out[10]; 225e1051a39Sopenharmony_ci OSSL_PARAM *params; 226e1051a39Sopenharmony_ci static const unsigned char expected[sizeof(out)] = { 227e1051a39Sopenharmony_ci 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13 228e1051a39Sopenharmony_ci }; 229e1051a39Sopenharmony_ci 230e1051a39Sopenharmony_ci params = construct_hkdf_params("sha256", "secret", 6, "salt", "label"); 231e1051a39Sopenharmony_ci 232e1051a39Sopenharmony_ci ret = TEST_ptr(params) 233e1051a39Sopenharmony_ci && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)) 234e1051a39Sopenharmony_ci && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0) 235e1051a39Sopenharmony_ci && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); 236e1051a39Sopenharmony_ci 237e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 238e1051a39Sopenharmony_ci OPENSSL_free(params); 239e1051a39Sopenharmony_ci return ret; 240e1051a39Sopenharmony_ci} 241e1051a39Sopenharmony_ci 242e1051a39Sopenharmony_cistatic int do_kdf_hkdf_gettables(int expand_only, int has_digest) 243e1051a39Sopenharmony_ci{ 244e1051a39Sopenharmony_ci int ret = 0; 245e1051a39Sopenharmony_ci size_t sz = 0; 246e1051a39Sopenharmony_ci OSSL_PARAM *params; 247e1051a39Sopenharmony_ci OSSL_PARAM params_get[2]; 248e1051a39Sopenharmony_ci const OSSL_PARAM *gettables, *p; 249e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx = NULL; 250e1051a39Sopenharmony_ci 251e1051a39Sopenharmony_ci if (!TEST_ptr(params = construct_hkdf_params( 252e1051a39Sopenharmony_ci has_digest ? "sha256" : NULL, 253e1051a39Sopenharmony_ci "secret", 6, "salt", 254e1051a39Sopenharmony_ci expand_only ? NULL : "label")) 255e1051a39Sopenharmony_ci || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)) 256e1051a39Sopenharmony_ci || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))) 257e1051a39Sopenharmony_ci goto err; 258e1051a39Sopenharmony_ci 259e1051a39Sopenharmony_ci /* Check OSSL_KDF_PARAM_SIZE is gettable */ 260e1051a39Sopenharmony_ci if (!TEST_ptr(gettables = EVP_KDF_CTX_gettable_params(kctx)) 261e1051a39Sopenharmony_ci || !TEST_ptr(p = OSSL_PARAM_locate_const(gettables, OSSL_KDF_PARAM_SIZE))) 262e1051a39Sopenharmony_ci goto err; 263e1051a39Sopenharmony_ci 264e1051a39Sopenharmony_ci /* Get OSSL_KDF_PARAM_SIZE as a size_t */ 265e1051a39Sopenharmony_ci params_get[0] = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_SIZE, &sz); 266e1051a39Sopenharmony_ci params_get[1] = OSSL_PARAM_construct_end(); 267e1051a39Sopenharmony_ci if (has_digest) { 268e1051a39Sopenharmony_ci if (!TEST_int_eq(EVP_KDF_CTX_get_params(kctx, params_get), 1) 269e1051a39Sopenharmony_ci || !TEST_size_t_eq(sz, expand_only ? SHA256_DIGEST_LENGTH : SIZE_MAX)) 270e1051a39Sopenharmony_ci goto err; 271e1051a39Sopenharmony_ci } else { 272e1051a39Sopenharmony_ci if (!TEST_int_eq(EVP_KDF_CTX_get_params(kctx, params_get), 0)) 273e1051a39Sopenharmony_ci goto err; 274e1051a39Sopenharmony_ci } 275e1051a39Sopenharmony_ci 276e1051a39Sopenharmony_ci /* Get params returns -2 if an unsupported parameter is requested */ 277e1051a39Sopenharmony_ci params_get[0] = OSSL_PARAM_construct_end(); 278e1051a39Sopenharmony_ci if (!TEST_int_eq(EVP_KDF_CTX_get_params(kctx, params_get), -2)) 279e1051a39Sopenharmony_ci goto err; 280e1051a39Sopenharmony_ci ret = 1; 281e1051a39Sopenharmony_cierr: 282e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 283e1051a39Sopenharmony_ci OPENSSL_free(params); 284e1051a39Sopenharmony_ci return ret; 285e1051a39Sopenharmony_ci} 286e1051a39Sopenharmony_ci 287e1051a39Sopenharmony_cistatic int test_kdf_hkdf_gettables(void) 288e1051a39Sopenharmony_ci{ 289e1051a39Sopenharmony_ci return do_kdf_hkdf_gettables(0, 1); 290e1051a39Sopenharmony_ci} 291e1051a39Sopenharmony_ci 292e1051a39Sopenharmony_cistatic int test_kdf_hkdf_gettables_expandonly(void) 293e1051a39Sopenharmony_ci{ 294e1051a39Sopenharmony_ci return do_kdf_hkdf_gettables(1, 1); 295e1051a39Sopenharmony_ci} 296e1051a39Sopenharmony_ci 297e1051a39Sopenharmony_cistatic int test_kdf_hkdf_gettables_no_digest(void) 298e1051a39Sopenharmony_ci{ 299e1051a39Sopenharmony_ci return do_kdf_hkdf_gettables(1, 0); 300e1051a39Sopenharmony_ci} 301e1051a39Sopenharmony_ci 302e1051a39Sopenharmony_cistatic int test_kdf_hkdf_invalid_digest(void) 303e1051a39Sopenharmony_ci{ 304e1051a39Sopenharmony_ci int ret; 305e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx = NULL; 306e1051a39Sopenharmony_ci OSSL_PARAM *params; 307e1051a39Sopenharmony_ci 308e1051a39Sopenharmony_ci params = construct_hkdf_params("blah", "secret", 6, "salt", "label"); 309e1051a39Sopenharmony_ci 310e1051a39Sopenharmony_ci ret = TEST_ptr(params) 311e1051a39Sopenharmony_ci && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)) 312e1051a39Sopenharmony_ci && TEST_false(EVP_KDF_CTX_set_params(kctx, params)); 313e1051a39Sopenharmony_ci 314e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 315e1051a39Sopenharmony_ci OPENSSL_free(params); 316e1051a39Sopenharmony_ci return ret; 317e1051a39Sopenharmony_ci} 318e1051a39Sopenharmony_ci 319e1051a39Sopenharmony_cistatic int test_kdf_hkdf_derive_set_params_fail(void) 320e1051a39Sopenharmony_ci{ 321e1051a39Sopenharmony_ci int ret = 0, i = 0; 322e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx = NULL; 323e1051a39Sopenharmony_ci OSSL_PARAM params[2]; 324e1051a39Sopenharmony_ci unsigned char out[10]; 325e1051a39Sopenharmony_ci 326e1051a39Sopenharmony_ci if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))) 327e1051a39Sopenharmony_ci goto end; 328e1051a39Sopenharmony_ci /* 329e1051a39Sopenharmony_ci * Set the wrong type for the digest so that it causes a failure 330e1051a39Sopenharmony_ci * inside kdf_hkdf_derive() when kdf_hkdf_set_ctx_params() is called 331e1051a39Sopenharmony_ci */ 332e1051a39Sopenharmony_ci params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_DIGEST, &i); 333e1051a39Sopenharmony_ci params[1] = OSSL_PARAM_construct_end(); 334e1051a39Sopenharmony_ci if (!TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)) 335e1051a39Sopenharmony_ci goto end; 336e1051a39Sopenharmony_ci ret = 1; 337e1051a39Sopenharmony_ciend: 338e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 339e1051a39Sopenharmony_ci return ret; 340e1051a39Sopenharmony_ci} 341e1051a39Sopenharmony_ci 342e1051a39Sopenharmony_cistatic int test_kdf_hkdf_set_invalid_mode(void) 343e1051a39Sopenharmony_ci{ 344e1051a39Sopenharmony_ci int ret = 0, bad_mode = 100; 345e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx = NULL; 346e1051a39Sopenharmony_ci OSSL_PARAM params[2]; 347e1051a39Sopenharmony_ci 348e1051a39Sopenharmony_ci if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))) 349e1051a39Sopenharmony_ci goto end; 350e1051a39Sopenharmony_ci params[0] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE, 351e1051a39Sopenharmony_ci "BADMODE", 0); 352e1051a39Sopenharmony_ci params[1] = OSSL_PARAM_construct_end(); 353e1051a39Sopenharmony_ci if (!TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 0)) 354e1051a39Sopenharmony_ci goto end; 355e1051a39Sopenharmony_ci 356e1051a39Sopenharmony_ci params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE, &bad_mode); 357e1051a39Sopenharmony_ci if (!TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 0)) 358e1051a39Sopenharmony_ci goto end; 359e1051a39Sopenharmony_ci 360e1051a39Sopenharmony_ci ret = 1; 361e1051a39Sopenharmony_ciend: 362e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 363e1051a39Sopenharmony_ci return ret; 364e1051a39Sopenharmony_ci} 365e1051a39Sopenharmony_ci 366e1051a39Sopenharmony_cistatic int do_kdf_hkdf_set_invalid_param(const char *key, int type) 367e1051a39Sopenharmony_ci{ 368e1051a39Sopenharmony_ci int ret = 0; 369e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx = NULL; 370e1051a39Sopenharmony_ci OSSL_PARAM params[2]; 371e1051a39Sopenharmony_ci unsigned char buf[2]; 372e1051a39Sopenharmony_ci 373e1051a39Sopenharmony_ci if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))) 374e1051a39Sopenharmony_ci goto end; 375e1051a39Sopenharmony_ci /* Set the wrong type for the key so that it causes a failure */ 376e1051a39Sopenharmony_ci if (type == OSSL_PARAM_UTF8_STRING) 377e1051a39Sopenharmony_ci params[0] = OSSL_PARAM_construct_utf8_string(key, "BAD", 0); 378e1051a39Sopenharmony_ci else 379e1051a39Sopenharmony_ci params[0] = OSSL_PARAM_construct_octet_string(key, buf, sizeof(buf)); 380e1051a39Sopenharmony_ci params[1] = OSSL_PARAM_construct_end(); 381e1051a39Sopenharmony_ci if (!TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 0)) 382e1051a39Sopenharmony_ci goto end; 383e1051a39Sopenharmony_ci 384e1051a39Sopenharmony_ci ret = 1; 385e1051a39Sopenharmony_ciend: 386e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 387e1051a39Sopenharmony_ci return ret; 388e1051a39Sopenharmony_ci} 389e1051a39Sopenharmony_ci 390e1051a39Sopenharmony_cistatic int test_kdf_hkdf_set_ctx_param_fail(void) 391e1051a39Sopenharmony_ci{ 392e1051a39Sopenharmony_ci return do_kdf_hkdf_set_invalid_param(OSSL_KDF_PARAM_MODE, 393e1051a39Sopenharmony_ci OSSL_PARAM_OCTET_STRING) 394e1051a39Sopenharmony_ci && do_kdf_hkdf_set_invalid_param(OSSL_KDF_PARAM_KEY, 395e1051a39Sopenharmony_ci OSSL_PARAM_UTF8_STRING) 396e1051a39Sopenharmony_ci && do_kdf_hkdf_set_invalid_param(OSSL_KDF_PARAM_SALT, 397e1051a39Sopenharmony_ci OSSL_PARAM_UTF8_STRING) 398e1051a39Sopenharmony_ci && do_kdf_hkdf_set_invalid_param(OSSL_KDF_PARAM_INFO, 399e1051a39Sopenharmony_ci OSSL_PARAM_UTF8_STRING); 400e1051a39Sopenharmony_ci} 401e1051a39Sopenharmony_ci 402e1051a39Sopenharmony_cistatic int test_kdf_hkdf_zero_output_size(void) 403e1051a39Sopenharmony_ci{ 404e1051a39Sopenharmony_ci int ret; 405e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx = NULL; 406e1051a39Sopenharmony_ci unsigned char out[10]; 407e1051a39Sopenharmony_ci OSSL_PARAM *params; 408e1051a39Sopenharmony_ci 409e1051a39Sopenharmony_ci params = construct_hkdf_params("sha256", "secret", 6, "salt", "label"); 410e1051a39Sopenharmony_ci 411e1051a39Sopenharmony_ci /* Negative test - derive should fail */ 412e1051a39Sopenharmony_ci ret = TEST_ptr(params) 413e1051a39Sopenharmony_ci && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)) 414e1051a39Sopenharmony_ci && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) 415e1051a39Sopenharmony_ci && TEST_int_eq(EVP_KDF_derive(kctx, out, 0, NULL), 0); 416e1051a39Sopenharmony_ci 417e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 418e1051a39Sopenharmony_ci OPENSSL_free(params); 419e1051a39Sopenharmony_ci return ret; 420e1051a39Sopenharmony_ci} 421e1051a39Sopenharmony_ci 422e1051a39Sopenharmony_cistatic int test_kdf_hkdf_empty_key(void) 423e1051a39Sopenharmony_ci{ 424e1051a39Sopenharmony_ci int ret; 425e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx = NULL; 426e1051a39Sopenharmony_ci unsigned char out[10]; 427e1051a39Sopenharmony_ci OSSL_PARAM *params; 428e1051a39Sopenharmony_ci 429e1051a39Sopenharmony_ci params = construct_hkdf_params("sha256", "", 0, "salt", "label"); 430e1051a39Sopenharmony_ci 431e1051a39Sopenharmony_ci ret = TEST_ptr(params) 432e1051a39Sopenharmony_ci && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)) 433e1051a39Sopenharmony_ci && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0); 434e1051a39Sopenharmony_ci 435e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 436e1051a39Sopenharmony_ci OPENSSL_free(params); 437e1051a39Sopenharmony_ci return ret; 438e1051a39Sopenharmony_ci} 439e1051a39Sopenharmony_ci 440e1051a39Sopenharmony_cistatic int test_kdf_hkdf_1byte_key(void) 441e1051a39Sopenharmony_ci{ 442e1051a39Sopenharmony_ci int ret; 443e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx = NULL; 444e1051a39Sopenharmony_ci unsigned char out[10]; 445e1051a39Sopenharmony_ci OSSL_PARAM *params; 446e1051a39Sopenharmony_ci 447e1051a39Sopenharmony_ci params = construct_hkdf_params("sha256", "1", 1, "salt", "label"); 448e1051a39Sopenharmony_ci 449e1051a39Sopenharmony_ci ret = TEST_ptr(params) 450e1051a39Sopenharmony_ci && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)) 451e1051a39Sopenharmony_ci && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0); 452e1051a39Sopenharmony_ci 453e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 454e1051a39Sopenharmony_ci OPENSSL_free(params); 455e1051a39Sopenharmony_ci return ret; 456e1051a39Sopenharmony_ci} 457e1051a39Sopenharmony_ci 458e1051a39Sopenharmony_cistatic int test_kdf_hkdf_empty_salt(void) 459e1051a39Sopenharmony_ci{ 460e1051a39Sopenharmony_ci int ret; 461e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx = NULL; 462e1051a39Sopenharmony_ci unsigned char out[10]; 463e1051a39Sopenharmony_ci OSSL_PARAM *params; 464e1051a39Sopenharmony_ci 465e1051a39Sopenharmony_ci params = construct_hkdf_params("sha256", "secret", 6, "", "label"); 466e1051a39Sopenharmony_ci 467e1051a39Sopenharmony_ci ret = TEST_ptr(params) 468e1051a39Sopenharmony_ci && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)) 469e1051a39Sopenharmony_ci && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0); 470e1051a39Sopenharmony_ci 471e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 472e1051a39Sopenharmony_ci OPENSSL_free(params); 473e1051a39Sopenharmony_ci return ret; 474e1051a39Sopenharmony_ci} 475e1051a39Sopenharmony_ci 476e1051a39Sopenharmony_cistatic OSSL_PARAM *construct_pbkdf1_params(char *pass, char *digest, char *salt, 477e1051a39Sopenharmony_ci unsigned int *iter) 478e1051a39Sopenharmony_ci{ 479e1051a39Sopenharmony_ci OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 5); 480e1051a39Sopenharmony_ci OSSL_PARAM *p = params; 481e1051a39Sopenharmony_ci 482e1051a39Sopenharmony_ci if (params == NULL) 483e1051a39Sopenharmony_ci return NULL; 484e1051a39Sopenharmony_ci 485e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, 486e1051a39Sopenharmony_ci (unsigned char *)pass, strlen(pass)); 487e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, 488e1051a39Sopenharmony_ci (unsigned char *)salt, strlen(salt)); 489e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_ITER, iter); 490e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, 491e1051a39Sopenharmony_ci digest, 0); 492e1051a39Sopenharmony_ci *p = OSSL_PARAM_construct_end(); 493e1051a39Sopenharmony_ci 494e1051a39Sopenharmony_ci return params; 495e1051a39Sopenharmony_ci} 496e1051a39Sopenharmony_ci 497e1051a39Sopenharmony_cistatic int test_kdf_pbkdf1(void) 498e1051a39Sopenharmony_ci{ 499e1051a39Sopenharmony_ci int ret = 0; 500e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx = NULL; 501e1051a39Sopenharmony_ci unsigned char out[25]; 502e1051a39Sopenharmony_ci unsigned int iterations = 4096; 503e1051a39Sopenharmony_ci OSSL_LIB_CTX *libctx = NULL; 504e1051a39Sopenharmony_ci OSSL_PARAM *params = NULL; 505e1051a39Sopenharmony_ci OSSL_PROVIDER *legacyprov = NULL; 506e1051a39Sopenharmony_ci OSSL_PROVIDER *defprov = NULL; 507e1051a39Sopenharmony_ci const unsigned char expected[sizeof(out)] = { 508e1051a39Sopenharmony_ci 0xfb, 0x83, 0x4d, 0x36, 0x6d, 0xbc, 0x53, 0x87, 0x35, 0x1b, 0x34, 0x75, 509e1051a39Sopenharmony_ci 0x95, 0x88, 0x32, 0x4f, 0x3e, 0x82, 0x81, 0x01, 0x21, 0x93, 0x64, 0x00, 510e1051a39Sopenharmony_ci 0xcc 511e1051a39Sopenharmony_ci }; 512e1051a39Sopenharmony_ci 513e1051a39Sopenharmony_ci if (!TEST_ptr(libctx = OSSL_LIB_CTX_new())) 514e1051a39Sopenharmony_ci goto err; 515e1051a39Sopenharmony_ci 516e1051a39Sopenharmony_ci /* PBKDF1 only available in the legacy provider */ 517e1051a39Sopenharmony_ci legacyprov = OSSL_PROVIDER_load(libctx, "legacy"); 518e1051a39Sopenharmony_ci if (legacyprov == NULL) { 519e1051a39Sopenharmony_ci OSSL_LIB_CTX_free(libctx); 520e1051a39Sopenharmony_ci return TEST_skip("PBKDF1 only available in legacy provider"); 521e1051a39Sopenharmony_ci } 522e1051a39Sopenharmony_ci 523e1051a39Sopenharmony_ci if (!TEST_ptr(defprov = OSSL_PROVIDER_load(libctx, "default"))) 524e1051a39Sopenharmony_ci goto err; 525e1051a39Sopenharmony_ci 526e1051a39Sopenharmony_ci params = construct_pbkdf1_params("passwordPASSWORDpassword", "sha256", 527e1051a39Sopenharmony_ci "saltSALTsaltSALTsaltSALTsaltSALTsalt", 528e1051a39Sopenharmony_ci &iterations); 529e1051a39Sopenharmony_ci 530e1051a39Sopenharmony_ci if (!TEST_ptr(params) 531e1051a39Sopenharmony_ci || !TEST_ptr(kctx = get_kdfbyname_libctx(libctx, OSSL_KDF_NAME_PBKDF1)) 532e1051a39Sopenharmony_ci || !TEST_true(EVP_KDF_CTX_set_params(kctx, params)) 533e1051a39Sopenharmony_ci || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0) 534e1051a39Sopenharmony_ci || !TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) 535e1051a39Sopenharmony_ci goto err; 536e1051a39Sopenharmony_ci 537e1051a39Sopenharmony_ci ret = 1; 538e1051a39Sopenharmony_cierr: 539e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 540e1051a39Sopenharmony_ci OPENSSL_free(params); 541e1051a39Sopenharmony_ci OSSL_PROVIDER_unload(defprov); 542e1051a39Sopenharmony_ci OSSL_PROVIDER_unload(legacyprov); 543e1051a39Sopenharmony_ci OSSL_LIB_CTX_free(libctx); 544e1051a39Sopenharmony_ci return ret; 545e1051a39Sopenharmony_ci} 546e1051a39Sopenharmony_ci 547e1051a39Sopenharmony_cistatic OSSL_PARAM *construct_pbkdf2_params(char *pass, char *digest, char *salt, 548e1051a39Sopenharmony_ci unsigned int *iter, int *mode) 549e1051a39Sopenharmony_ci{ 550e1051a39Sopenharmony_ci OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 6); 551e1051a39Sopenharmony_ci OSSL_PARAM *p = params; 552e1051a39Sopenharmony_ci 553e1051a39Sopenharmony_ci if (params == NULL) 554e1051a39Sopenharmony_ci return NULL; 555e1051a39Sopenharmony_ci 556e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, 557e1051a39Sopenharmony_ci (unsigned char *)pass, strlen(pass)); 558e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, 559e1051a39Sopenharmony_ci (unsigned char *)salt, strlen(salt)); 560e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_ITER, iter); 561e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, 562e1051a39Sopenharmony_ci digest, 0); 563e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, mode); 564e1051a39Sopenharmony_ci *p = OSSL_PARAM_construct_end(); 565e1051a39Sopenharmony_ci 566e1051a39Sopenharmony_ci return params; 567e1051a39Sopenharmony_ci} 568e1051a39Sopenharmony_ci 569e1051a39Sopenharmony_cistatic int test_kdf_pbkdf2(void) 570e1051a39Sopenharmony_ci{ 571e1051a39Sopenharmony_ci int ret = 0; 572e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx = NULL; 573e1051a39Sopenharmony_ci unsigned char out[25]; 574e1051a39Sopenharmony_ci unsigned int iterations = 4096; 575e1051a39Sopenharmony_ci int mode = 0; 576e1051a39Sopenharmony_ci OSSL_PARAM *params; 577e1051a39Sopenharmony_ci const unsigned char expected[sizeof(out)] = { 578e1051a39Sopenharmony_ci 0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f, 579e1051a39Sopenharmony_ci 0x32, 0xd8, 0x14, 0xb8, 0x11, 0x6e, 0x84, 0xcf, 580e1051a39Sopenharmony_ci 0x2b, 0x17, 0x34, 0x7e, 0xbc, 0x18, 0x00, 0x18, 581e1051a39Sopenharmony_ci 0x1c 582e1051a39Sopenharmony_ci }; 583e1051a39Sopenharmony_ci 584e1051a39Sopenharmony_ci params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256", 585e1051a39Sopenharmony_ci "saltSALTsaltSALTsaltSALTsaltSALTsalt", 586e1051a39Sopenharmony_ci &iterations, &mode); 587e1051a39Sopenharmony_ci 588e1051a39Sopenharmony_ci if (!TEST_ptr(params) 589e1051a39Sopenharmony_ci || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2)) 590e1051a39Sopenharmony_ci || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0) 591e1051a39Sopenharmony_ci || !TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) 592e1051a39Sopenharmony_ci goto err; 593e1051a39Sopenharmony_ci 594e1051a39Sopenharmony_ci ret = 1; 595e1051a39Sopenharmony_cierr: 596e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 597e1051a39Sopenharmony_ci OPENSSL_free(params); 598e1051a39Sopenharmony_ci return ret; 599e1051a39Sopenharmony_ci} 600e1051a39Sopenharmony_ci 601e1051a39Sopenharmony_cistatic int test_kdf_pbkdf2_small_output(void) 602e1051a39Sopenharmony_ci{ 603e1051a39Sopenharmony_ci int ret = 0; 604e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx = NULL; 605e1051a39Sopenharmony_ci unsigned char out[25]; 606e1051a39Sopenharmony_ci unsigned int iterations = 4096; 607e1051a39Sopenharmony_ci int mode = 0; 608e1051a39Sopenharmony_ci OSSL_PARAM *params; 609e1051a39Sopenharmony_ci 610e1051a39Sopenharmony_ci params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256", 611e1051a39Sopenharmony_ci "saltSALTsaltSALTsaltSALTsaltSALTsalt", 612e1051a39Sopenharmony_ci &iterations, &mode); 613e1051a39Sopenharmony_ci 614e1051a39Sopenharmony_ci if (!TEST_ptr(params) 615e1051a39Sopenharmony_ci || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2)) 616e1051a39Sopenharmony_ci || !TEST_true(EVP_KDF_CTX_set_params(kctx, params)) 617e1051a39Sopenharmony_ci /* A key length that is too small should fail */ 618e1051a39Sopenharmony_ci || !TEST_int_eq(EVP_KDF_derive(kctx, out, 112 / 8 - 1, NULL), 0)) 619e1051a39Sopenharmony_ci goto err; 620e1051a39Sopenharmony_ci 621e1051a39Sopenharmony_ci ret = 1; 622e1051a39Sopenharmony_cierr: 623e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 624e1051a39Sopenharmony_ci OPENSSL_free(params); 625e1051a39Sopenharmony_ci return ret; 626e1051a39Sopenharmony_ci} 627e1051a39Sopenharmony_ci 628e1051a39Sopenharmony_cistatic int test_kdf_pbkdf2_large_output(void) 629e1051a39Sopenharmony_ci{ 630e1051a39Sopenharmony_ci int ret = 0; 631e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx = NULL; 632e1051a39Sopenharmony_ci unsigned char out[25]; 633e1051a39Sopenharmony_ci size_t len = 0; 634e1051a39Sopenharmony_ci unsigned int iterations = 4096; 635e1051a39Sopenharmony_ci int mode = 0; 636e1051a39Sopenharmony_ci OSSL_PARAM *params; 637e1051a39Sopenharmony_ci 638e1051a39Sopenharmony_ci if (sizeof(len) > 32) 639e1051a39Sopenharmony_ci len = SIZE_MAX; 640e1051a39Sopenharmony_ci 641e1051a39Sopenharmony_ci params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256", 642e1051a39Sopenharmony_ci "saltSALTsaltSALTsaltSALTsaltSALTsalt", 643e1051a39Sopenharmony_ci &iterations, &mode); 644e1051a39Sopenharmony_ci 645e1051a39Sopenharmony_ci if (!TEST_ptr(params) 646e1051a39Sopenharmony_ci || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2)) 647e1051a39Sopenharmony_ci /* A key length that is too large should fail */ 648e1051a39Sopenharmony_ci || !TEST_true(EVP_KDF_CTX_set_params(kctx, params)) 649e1051a39Sopenharmony_ci || (len != 0 && !TEST_int_eq(EVP_KDF_derive(kctx, out, len, NULL), 0))) 650e1051a39Sopenharmony_ci goto err; 651e1051a39Sopenharmony_ci 652e1051a39Sopenharmony_ci ret = 1; 653e1051a39Sopenharmony_cierr: 654e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 655e1051a39Sopenharmony_ci OPENSSL_free(params); 656e1051a39Sopenharmony_ci return ret; 657e1051a39Sopenharmony_ci} 658e1051a39Sopenharmony_ci 659e1051a39Sopenharmony_cistatic int test_kdf_pbkdf2_small_salt(void) 660e1051a39Sopenharmony_ci{ 661e1051a39Sopenharmony_ci int ret = 0; 662e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx = NULL; 663e1051a39Sopenharmony_ci unsigned int iterations = 4096; 664e1051a39Sopenharmony_ci int mode = 0; 665e1051a39Sopenharmony_ci OSSL_PARAM *params; 666e1051a39Sopenharmony_ci 667e1051a39Sopenharmony_ci params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256", 668e1051a39Sopenharmony_ci "saltSALT", 669e1051a39Sopenharmony_ci &iterations, &mode); 670e1051a39Sopenharmony_ci 671e1051a39Sopenharmony_ci if (!TEST_ptr(params) 672e1051a39Sopenharmony_ci || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2)) 673e1051a39Sopenharmony_ci /* A salt that is too small should fail */ 674e1051a39Sopenharmony_ci || !TEST_false(EVP_KDF_CTX_set_params(kctx, params))) 675e1051a39Sopenharmony_ci goto err; 676e1051a39Sopenharmony_ci 677e1051a39Sopenharmony_ci ret = 1; 678e1051a39Sopenharmony_cierr: 679e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 680e1051a39Sopenharmony_ci OPENSSL_free(params); 681e1051a39Sopenharmony_ci return ret; 682e1051a39Sopenharmony_ci} 683e1051a39Sopenharmony_ci 684e1051a39Sopenharmony_cistatic int test_kdf_pbkdf2_small_iterations(void) 685e1051a39Sopenharmony_ci{ 686e1051a39Sopenharmony_ci int ret = 0; 687e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx = NULL; 688e1051a39Sopenharmony_ci unsigned int iterations = 1; 689e1051a39Sopenharmony_ci int mode = 0; 690e1051a39Sopenharmony_ci OSSL_PARAM *params; 691e1051a39Sopenharmony_ci 692e1051a39Sopenharmony_ci params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256", 693e1051a39Sopenharmony_ci "saltSALTsaltSALTsaltSALTsaltSALTsalt", 694e1051a39Sopenharmony_ci &iterations, &mode); 695e1051a39Sopenharmony_ci 696e1051a39Sopenharmony_ci if (!TEST_ptr(params) 697e1051a39Sopenharmony_ci || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2)) 698e1051a39Sopenharmony_ci /* An iteration count that is too small should fail */ 699e1051a39Sopenharmony_ci || !TEST_false(EVP_KDF_CTX_set_params(kctx, params))) 700e1051a39Sopenharmony_ci goto err; 701e1051a39Sopenharmony_ci 702e1051a39Sopenharmony_ci ret = 1; 703e1051a39Sopenharmony_cierr: 704e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 705e1051a39Sopenharmony_ci OPENSSL_free(params); 706e1051a39Sopenharmony_ci return ret; 707e1051a39Sopenharmony_ci} 708e1051a39Sopenharmony_ci 709e1051a39Sopenharmony_cistatic int test_kdf_pbkdf2_small_salt_pkcs5(void) 710e1051a39Sopenharmony_ci{ 711e1051a39Sopenharmony_ci int ret = 0; 712e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx = NULL; 713e1051a39Sopenharmony_ci unsigned char out[25]; 714e1051a39Sopenharmony_ci unsigned int iterations = 4096; 715e1051a39Sopenharmony_ci int mode = 1; 716e1051a39Sopenharmony_ci OSSL_PARAM *params; 717e1051a39Sopenharmony_ci OSSL_PARAM mode_params[2]; 718e1051a39Sopenharmony_ci 719e1051a39Sopenharmony_ci params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256", 720e1051a39Sopenharmony_ci "saltSALT", 721e1051a39Sopenharmony_ci &iterations, &mode); 722e1051a39Sopenharmony_ci 723e1051a39Sopenharmony_ci if (!TEST_ptr(params) 724e1051a39Sopenharmony_ci || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2)) 725e1051a39Sopenharmony_ci /* A salt that is too small should pass in pkcs5 mode */ 726e1051a39Sopenharmony_ci || !TEST_true(EVP_KDF_CTX_set_params(kctx, params)) 727e1051a39Sopenharmony_ci || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)) 728e1051a39Sopenharmony_ci goto err; 729e1051a39Sopenharmony_ci 730e1051a39Sopenharmony_ci mode = 0; 731e1051a39Sopenharmony_ci mode_params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &mode); 732e1051a39Sopenharmony_ci mode_params[1] = OSSL_PARAM_construct_end(); 733e1051a39Sopenharmony_ci 734e1051a39Sopenharmony_ci /* If the "pkcs5" mode is disabled then the derive will now fail */ 735e1051a39Sopenharmony_ci if (!TEST_true(EVP_KDF_CTX_set_params(kctx, mode_params)) 736e1051a39Sopenharmony_ci || !TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)) 737e1051a39Sopenharmony_ci goto err; 738e1051a39Sopenharmony_ci 739e1051a39Sopenharmony_ci ret = 1; 740e1051a39Sopenharmony_cierr: 741e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 742e1051a39Sopenharmony_ci OPENSSL_free(params); 743e1051a39Sopenharmony_ci return ret; 744e1051a39Sopenharmony_ci} 745e1051a39Sopenharmony_ci 746e1051a39Sopenharmony_cistatic int test_kdf_pbkdf2_small_iterations_pkcs5(void) 747e1051a39Sopenharmony_ci{ 748e1051a39Sopenharmony_ci int ret = 0; 749e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx = NULL; 750e1051a39Sopenharmony_ci unsigned char out[25]; 751e1051a39Sopenharmony_ci unsigned int iterations = 1; 752e1051a39Sopenharmony_ci int mode = 1; 753e1051a39Sopenharmony_ci OSSL_PARAM *params; 754e1051a39Sopenharmony_ci OSSL_PARAM mode_params[2]; 755e1051a39Sopenharmony_ci 756e1051a39Sopenharmony_ci params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256", 757e1051a39Sopenharmony_ci "saltSALTsaltSALTsaltSALTsaltSALTsalt", 758e1051a39Sopenharmony_ci &iterations, &mode); 759e1051a39Sopenharmony_ci 760e1051a39Sopenharmony_ci if (!TEST_ptr(params) 761e1051a39Sopenharmony_ci || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2)) 762e1051a39Sopenharmony_ci /* An iteration count that is too small will pass in pkcs5 mode */ 763e1051a39Sopenharmony_ci || !TEST_true(EVP_KDF_CTX_set_params(kctx, params)) 764e1051a39Sopenharmony_ci || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)) 765e1051a39Sopenharmony_ci goto err; 766e1051a39Sopenharmony_ci 767e1051a39Sopenharmony_ci mode = 0; 768e1051a39Sopenharmony_ci mode_params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &mode); 769e1051a39Sopenharmony_ci mode_params[1] = OSSL_PARAM_construct_end(); 770e1051a39Sopenharmony_ci 771e1051a39Sopenharmony_ci /* If the "pkcs5" mode is disabled then the derive will now fail */ 772e1051a39Sopenharmony_ci if (!TEST_true(EVP_KDF_CTX_set_params(kctx, mode_params)) 773e1051a39Sopenharmony_ci || !TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)) 774e1051a39Sopenharmony_ci goto err; 775e1051a39Sopenharmony_ci 776e1051a39Sopenharmony_ci ret = 1; 777e1051a39Sopenharmony_cierr: 778e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 779e1051a39Sopenharmony_ci OPENSSL_free(params); 780e1051a39Sopenharmony_ci return ret; 781e1051a39Sopenharmony_ci} 782e1051a39Sopenharmony_ci 783e1051a39Sopenharmony_cistatic int test_kdf_pbkdf2_invalid_digest(void) 784e1051a39Sopenharmony_ci{ 785e1051a39Sopenharmony_ci int ret = 0; 786e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx = NULL; 787e1051a39Sopenharmony_ci unsigned int iterations = 4096; 788e1051a39Sopenharmony_ci int mode = 0; 789e1051a39Sopenharmony_ci OSSL_PARAM *params; 790e1051a39Sopenharmony_ci 791e1051a39Sopenharmony_ci params = construct_pbkdf2_params("passwordPASSWORDpassword", "blah", 792e1051a39Sopenharmony_ci "saltSALTsaltSALTsaltSALTsaltSALTsalt", 793e1051a39Sopenharmony_ci &iterations, &mode); 794e1051a39Sopenharmony_ci 795e1051a39Sopenharmony_ci if (!TEST_ptr(params) 796e1051a39Sopenharmony_ci || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2)) 797e1051a39Sopenharmony_ci /* Unknown digest should fail */ 798e1051a39Sopenharmony_ci || !TEST_false(EVP_KDF_CTX_set_params(kctx, params))) 799e1051a39Sopenharmony_ci goto err; 800e1051a39Sopenharmony_ci 801e1051a39Sopenharmony_ci ret = 1; 802e1051a39Sopenharmony_cierr: 803e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 804e1051a39Sopenharmony_ci OPENSSL_free(params); 805e1051a39Sopenharmony_ci return ret; 806e1051a39Sopenharmony_ci} 807e1051a39Sopenharmony_ci 808e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_SCRYPT 809e1051a39Sopenharmony_cistatic int test_kdf_scrypt(void) 810e1051a39Sopenharmony_ci{ 811e1051a39Sopenharmony_ci int ret; 812e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx; 813e1051a39Sopenharmony_ci OSSL_PARAM params[7], *p = params; 814e1051a39Sopenharmony_ci unsigned char out[64]; 815e1051a39Sopenharmony_ci unsigned int nu = 1024, ru = 8, pu = 16, maxmem = 16; 816e1051a39Sopenharmony_ci static const unsigned char expected[sizeof(out)] = { 817e1051a39Sopenharmony_ci 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00, 818e1051a39Sopenharmony_ci 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe, 819e1051a39Sopenharmony_ci 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30, 820e1051a39Sopenharmony_ci 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62, 821e1051a39Sopenharmony_ci 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88, 822e1051a39Sopenharmony_ci 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda, 823e1051a39Sopenharmony_ci 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d, 824e1051a39Sopenharmony_ci 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40 825e1051a39Sopenharmony_ci }; 826e1051a39Sopenharmony_ci 827e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, 828e1051a39Sopenharmony_ci (char *)"password", 8); 829e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, 830e1051a39Sopenharmony_ci (char *)"NaCl", 4); 831e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_N, &nu); 832e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_R, &ru); 833e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_P, &pu); 834e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_MAXMEM, &maxmem); 835e1051a39Sopenharmony_ci *p = OSSL_PARAM_construct_end(); 836e1051a39Sopenharmony_ci 837e1051a39Sopenharmony_ci ret = 838e1051a39Sopenharmony_ci TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SCRYPT)) 839e1051a39Sopenharmony_ci && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) 840e1051a39Sopenharmony_ci /* failure test *//* 841e1051a39Sopenharmony_ci && TEST_int_le(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)*/ 842e1051a39Sopenharmony_ci && TEST_true(OSSL_PARAM_set_uint(p - 1, 10 * 1024 * 1024)) 843e1051a39Sopenharmony_ci && TEST_true(EVP_KDF_CTX_set_params(kctx, p - 1)) 844e1051a39Sopenharmony_ci && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0) 845e1051a39Sopenharmony_ci && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); 846e1051a39Sopenharmony_ci 847e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 848e1051a39Sopenharmony_ci return ret; 849e1051a39Sopenharmony_ci} 850e1051a39Sopenharmony_ci#endif /* OPENSSL_NO_SCRYPT */ 851e1051a39Sopenharmony_ci 852e1051a39Sopenharmony_cistatic int test_kdf_ss_hash(void) 853e1051a39Sopenharmony_ci{ 854e1051a39Sopenharmony_ci int ret; 855e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx; 856e1051a39Sopenharmony_ci OSSL_PARAM params[4], *p = params; 857e1051a39Sopenharmony_ci unsigned char out[14]; 858e1051a39Sopenharmony_ci static unsigned char z[] = { 859e1051a39Sopenharmony_ci 0x6d,0xbd,0xc2,0x3f,0x04,0x54,0x88,0xe4,0x06,0x27,0x57,0xb0,0x6b,0x9e, 860e1051a39Sopenharmony_ci 0xba,0xe1,0x83,0xfc,0x5a,0x59,0x46,0xd8,0x0d,0xb9,0x3f,0xec,0x6f,0x62, 861e1051a39Sopenharmony_ci 0xec,0x07,0xe3,0x72,0x7f,0x01,0x26,0xae,0xd1,0x2c,0xe4,0xb2,0x62,0xf4, 862e1051a39Sopenharmony_ci 0x7d,0x48,0xd5,0x42,0x87,0xf8,0x1d,0x47,0x4c,0x7c,0x3b,0x18,0x50,0xe9 863e1051a39Sopenharmony_ci }; 864e1051a39Sopenharmony_ci static unsigned char other[] = { 865e1051a39Sopenharmony_ci 0xa1,0xb2,0xc3,0xd4,0xe5,0x43,0x41,0x56,0x53,0x69,0x64,0x3c,0x83,0x2e, 866e1051a39Sopenharmony_ci 0x98,0x49,0xdc,0xdb,0xa7,0x1e,0x9a,0x31,0x39,0xe6,0x06,0xe0,0x95,0xde, 867e1051a39Sopenharmony_ci 0x3c,0x26,0x4a,0x66,0xe9,0x8a,0x16,0x58,0x54,0xcd,0x07,0x98,0x9b,0x1e, 868e1051a39Sopenharmony_ci 0xe0,0xec,0x3f,0x8d,0xbe 869e1051a39Sopenharmony_ci }; 870e1051a39Sopenharmony_ci static const unsigned char expected[sizeof(out)] = { 871e1051a39Sopenharmony_ci 0xa4,0x62,0xde,0x16,0xa8,0x9d,0xe8,0x46,0x6e,0xf5,0x46,0x0b,0x47,0xb8 872e1051a39Sopenharmony_ci }; 873e1051a39Sopenharmony_ci 874e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, 875e1051a39Sopenharmony_ci (char *)"sha224", 0); 876e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z)); 877e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other, 878e1051a39Sopenharmony_ci sizeof(other)); 879e1051a39Sopenharmony_ci *p = OSSL_PARAM_construct_end(); 880e1051a39Sopenharmony_ci 881e1051a39Sopenharmony_ci ret = 882e1051a39Sopenharmony_ci TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF)) 883e1051a39Sopenharmony_ci && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0) 884e1051a39Sopenharmony_ci && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); 885e1051a39Sopenharmony_ci 886e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 887e1051a39Sopenharmony_ci return ret; 888e1051a39Sopenharmony_ci} 889e1051a39Sopenharmony_ci 890e1051a39Sopenharmony_cistatic int test_kdf_x963(void) 891e1051a39Sopenharmony_ci{ 892e1051a39Sopenharmony_ci int ret; 893e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx; 894e1051a39Sopenharmony_ci OSSL_PARAM params[4], *p = params; 895e1051a39Sopenharmony_ci unsigned char out[1024 / 8]; 896e1051a39Sopenharmony_ci /* 897e1051a39Sopenharmony_ci * Test data from https://csrc.nist.gov/CSRC/media/Projects/ 898e1051a39Sopenharmony_ci * Cryptographic-Algorithm-Validation-Program/documents/components/ 899e1051a39Sopenharmony_ci * 800-135testvectors/ansx963_2001.zip 900e1051a39Sopenharmony_ci */ 901e1051a39Sopenharmony_ci static unsigned char z[] = { 902e1051a39Sopenharmony_ci 0x00, 0xaa, 0x5b, 0xb7, 0x9b, 0x33, 0xe3, 0x89, 0xfa, 0x58, 0xce, 0xad, 903e1051a39Sopenharmony_ci 0xc0, 0x47, 0x19, 0x7f, 0x14, 0xe7, 0x37, 0x12, 0xf4, 0x52, 0xca, 0xa9, 904e1051a39Sopenharmony_ci 0xfc, 0x4c, 0x9a, 0xdb, 0x36, 0x93, 0x48, 0xb8, 0x15, 0x07, 0x39, 0x2f, 905e1051a39Sopenharmony_ci 0x1a, 0x86, 0xdd, 0xfd, 0xb7, 0xc4, 0xff, 0x82, 0x31, 0xc4, 0xbd, 0x0f, 906e1051a39Sopenharmony_ci 0x44, 0xe4, 0x4a, 0x1b, 0x55, 0xb1, 0x40, 0x47, 0x47, 0xa9, 0xe2, 0xe7, 907e1051a39Sopenharmony_ci 0x53, 0xf5, 0x5e, 0xf0, 0x5a, 0x2d 908e1051a39Sopenharmony_ci }; 909e1051a39Sopenharmony_ci static unsigned char shared[] = { 910e1051a39Sopenharmony_ci 0xe3, 0xb5, 0xb4, 0xc1, 0xb0, 0xd5, 0xcf, 0x1d, 0x2b, 0x3a, 0x2f, 0x99, 911e1051a39Sopenharmony_ci 0x37, 0x89, 0x5d, 0x31 912e1051a39Sopenharmony_ci }; 913e1051a39Sopenharmony_ci static const unsigned char expected[sizeof(out)] = { 914e1051a39Sopenharmony_ci 0x44, 0x63, 0xf8, 0x69, 0xf3, 0xcc, 0x18, 0x76, 0x9b, 0x52, 0x26, 0x4b, 915e1051a39Sopenharmony_ci 0x01, 0x12, 0xb5, 0x85, 0x8f, 0x7a, 0xd3, 0x2a, 0x5a, 0x2d, 0x96, 0xd8, 916e1051a39Sopenharmony_ci 0xcf, 0xfa, 0xbf, 0x7f, 0xa7, 0x33, 0x63, 0x3d, 0x6e, 0x4d, 0xd2, 0xa5, 917e1051a39Sopenharmony_ci 0x99, 0xac, 0xce, 0xb3, 0xea, 0x54, 0xa6, 0x21, 0x7c, 0xe0, 0xb5, 0x0e, 918e1051a39Sopenharmony_ci 0xef, 0x4f, 0x6b, 0x40, 0xa5, 0xc3, 0x02, 0x50, 0xa5, 0xa8, 0xee, 0xee, 919e1051a39Sopenharmony_ci 0x20, 0x80, 0x02, 0x26, 0x70, 0x89, 0xdb, 0xf3, 0x51, 0xf3, 0xf5, 0x02, 920e1051a39Sopenharmony_ci 0x2a, 0xa9, 0x63, 0x8b, 0xf1, 0xee, 0x41, 0x9d, 0xea, 0x9c, 0x4f, 0xf7, 921e1051a39Sopenharmony_ci 0x45, 0xa2, 0x5a, 0xc2, 0x7b, 0xda, 0x33, 0xca, 0x08, 0xbd, 0x56, 0xdd, 922e1051a39Sopenharmony_ci 0x1a, 0x59, 0xb4, 0x10, 0x6c, 0xf2, 0xdb, 0xbc, 0x0a, 0xb2, 0xaa, 0x8e, 923e1051a39Sopenharmony_ci 0x2e, 0xfa, 0x7b, 0x17, 0x90, 0x2d, 0x34, 0x27, 0x69, 0x51, 0xce, 0xcc, 924e1051a39Sopenharmony_ci 0xab, 0x87, 0xf9, 0x66, 0x1c, 0x3e, 0x88, 0x16 925e1051a39Sopenharmony_ci }; 926e1051a39Sopenharmony_ci 927e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, 928e1051a39Sopenharmony_ci (char *)"sha512", 0); 929e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z)); 930e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, shared, 931e1051a39Sopenharmony_ci sizeof(shared)); 932e1051a39Sopenharmony_ci *p = OSSL_PARAM_construct_end(); 933e1051a39Sopenharmony_ci 934e1051a39Sopenharmony_ci ret = 935e1051a39Sopenharmony_ci TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X963KDF)) 936e1051a39Sopenharmony_ci && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0) 937e1051a39Sopenharmony_ci && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); 938e1051a39Sopenharmony_ci 939e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 940e1051a39Sopenharmony_ci return ret; 941e1051a39Sopenharmony_ci} 942e1051a39Sopenharmony_ci 943e1051a39Sopenharmony_ci#if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_CAMELLIA) 944e1051a39Sopenharmony_ci/* 945e1051a39Sopenharmony_ci * KBKDF test vectors from RFC 6803 (Camellia Encryption for Kerberos 5) 946e1051a39Sopenharmony_ci * section 10. 947e1051a39Sopenharmony_ci */ 948e1051a39Sopenharmony_cistatic int test_kdf_kbkdf_6803_128(void) 949e1051a39Sopenharmony_ci{ 950e1051a39Sopenharmony_ci int ret = 0, i, p; 951e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx; 952e1051a39Sopenharmony_ci OSSL_PARAM params[7]; 953e1051a39Sopenharmony_ci static unsigned char input_key[] = { 954e1051a39Sopenharmony_ci 0x57, 0xD0, 0x29, 0x72, 0x98, 0xFF, 0xD9, 0xD3, 955e1051a39Sopenharmony_ci 0x5D, 0xE5, 0xA4, 0x7F, 0xB4, 0xBD, 0xE2, 0x4B, 956e1051a39Sopenharmony_ci }; 957e1051a39Sopenharmony_ci static unsigned char constants[][5] = { 958e1051a39Sopenharmony_ci { 0x00, 0x00, 0x00, 0x02, 0x99 }, 959e1051a39Sopenharmony_ci { 0x00, 0x00, 0x00, 0x02, 0xaa }, 960e1051a39Sopenharmony_ci { 0x00, 0x00, 0x00, 0x02, 0x55 }, 961e1051a39Sopenharmony_ci }; 962e1051a39Sopenharmony_ci static unsigned char outputs[][16] = { 963e1051a39Sopenharmony_ci {0xD1, 0x55, 0x77, 0x5A, 0x20, 0x9D, 0x05, 0xF0, 964e1051a39Sopenharmony_ci 0x2B, 0x38, 0xD4, 0x2A, 0x38, 0x9E, 0x5A, 0x56}, 965e1051a39Sopenharmony_ci {0x64, 0xDF, 0x83, 0xF8, 0x5A, 0x53, 0x2F, 0x17, 966e1051a39Sopenharmony_ci 0x57, 0x7D, 0x8C, 0x37, 0x03, 0x57, 0x96, 0xAB}, 967e1051a39Sopenharmony_ci {0x3E, 0x4F, 0xBD, 0xF3, 0x0F, 0xB8, 0x25, 0x9C, 968e1051a39Sopenharmony_ci 0x42, 0x5C, 0xB6, 0xC9, 0x6F, 0x1F, 0x46, 0x35} 969e1051a39Sopenharmony_ci }; 970e1051a39Sopenharmony_ci static unsigned char iv[16] = { 0 }; 971e1051a39Sopenharmony_ci unsigned char result[16] = { 0 }; 972e1051a39Sopenharmony_ci 973e1051a39Sopenharmony_ci for (i = 0; i < 3; i++) { 974e1051a39Sopenharmony_ci p = 0; 975e1051a39Sopenharmony_ci params[p++] = OSSL_PARAM_construct_utf8_string( 976e1051a39Sopenharmony_ci OSSL_KDF_PARAM_CIPHER, "CAMELLIA-128-CBC", 0); 977e1051a39Sopenharmony_ci params[p++] = OSSL_PARAM_construct_utf8_string( 978e1051a39Sopenharmony_ci OSSL_KDF_PARAM_MAC, "CMAC", 0); 979e1051a39Sopenharmony_ci params[p++] = OSSL_PARAM_construct_utf8_string( 980e1051a39Sopenharmony_ci OSSL_KDF_PARAM_MODE, "FEEDBACK", 0); 981e1051a39Sopenharmony_ci params[p++] = OSSL_PARAM_construct_octet_string( 982e1051a39Sopenharmony_ci OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key)); 983e1051a39Sopenharmony_ci params[p++] = OSSL_PARAM_construct_octet_string( 984e1051a39Sopenharmony_ci OSSL_KDF_PARAM_SALT, constants[i], sizeof(constants[i])); 985e1051a39Sopenharmony_ci params[p++] = OSSL_PARAM_construct_octet_string( 986e1051a39Sopenharmony_ci OSSL_KDF_PARAM_SEED, iv, sizeof(iv)); 987e1051a39Sopenharmony_ci params[p] = OSSL_PARAM_construct_end(); 988e1051a39Sopenharmony_ci 989e1051a39Sopenharmony_ci kctx = get_kdfbyname("KBKDF"); 990e1051a39Sopenharmony_ci ret = TEST_ptr(kctx) 991e1051a39Sopenharmony_ci && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), 992e1051a39Sopenharmony_ci params), 0) 993e1051a39Sopenharmony_ci && TEST_mem_eq(result, sizeof(result), outputs[i], 994e1051a39Sopenharmony_ci sizeof(outputs[i])); 995e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 996e1051a39Sopenharmony_ci if (ret != 1) 997e1051a39Sopenharmony_ci return ret; 998e1051a39Sopenharmony_ci } 999e1051a39Sopenharmony_ci 1000e1051a39Sopenharmony_ci return ret; 1001e1051a39Sopenharmony_ci} 1002e1051a39Sopenharmony_ci 1003e1051a39Sopenharmony_cistatic int test_kdf_kbkdf_6803_256(void) 1004e1051a39Sopenharmony_ci{ 1005e1051a39Sopenharmony_ci int ret = 0, i, p; 1006e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx; 1007e1051a39Sopenharmony_ci OSSL_PARAM params[7]; 1008e1051a39Sopenharmony_ci static unsigned char input_key[] = { 1009e1051a39Sopenharmony_ci 0xB9, 0xD6, 0x82, 0x8B, 0x20, 0x56, 0xB7, 0xBE, 1010e1051a39Sopenharmony_ci 0x65, 0x6D, 0x88, 0xA1, 0x23, 0xB1, 0xFA, 0xC6, 1011e1051a39Sopenharmony_ci 0x82, 0x14, 0xAC, 0x2B, 0x72, 0x7E, 0xCF, 0x5F, 1012e1051a39Sopenharmony_ci 0x69, 0xAF, 0xE0, 0xC4, 0xDF, 0x2A, 0x6D, 0x2C, 1013e1051a39Sopenharmony_ci }; 1014e1051a39Sopenharmony_ci static unsigned char constants[][5] = { 1015e1051a39Sopenharmony_ci { 0x00, 0x00, 0x00, 0x02, 0x99 }, 1016e1051a39Sopenharmony_ci { 0x00, 0x00, 0x00, 0x02, 0xaa }, 1017e1051a39Sopenharmony_ci { 0x00, 0x00, 0x00, 0x02, 0x55 }, 1018e1051a39Sopenharmony_ci }; 1019e1051a39Sopenharmony_ci static unsigned char outputs[][32] = { 1020e1051a39Sopenharmony_ci {0xE4, 0x67, 0xF9, 0xA9, 0x55, 0x2B, 0xC7, 0xD3, 1021e1051a39Sopenharmony_ci 0x15, 0x5A, 0x62, 0x20, 0xAF, 0x9C, 0x19, 0x22, 1022e1051a39Sopenharmony_ci 0x0E, 0xEE, 0xD4, 0xFF, 0x78, 0xB0, 0xD1, 0xE6, 1023e1051a39Sopenharmony_ci 0xA1, 0x54, 0x49, 0x91, 0x46, 0x1A, 0x9E, 0x50, 1024e1051a39Sopenharmony_ci }, 1025e1051a39Sopenharmony_ci {0x41, 0x2A, 0xEF, 0xC3, 0x62, 0xA7, 0x28, 0x5F, 1026e1051a39Sopenharmony_ci 0xC3, 0x96, 0x6C, 0x6A, 0x51, 0x81, 0xE7, 0x60, 1027e1051a39Sopenharmony_ci 0x5A, 0xE6, 0x75, 0x23, 0x5B, 0x6D, 0x54, 0x9F, 1028e1051a39Sopenharmony_ci 0xBF, 0xC9, 0xAB, 0x66, 0x30, 0xA4, 0xC6, 0x04, 1029e1051a39Sopenharmony_ci }, 1030e1051a39Sopenharmony_ci {0xFA, 0x62, 0x4F, 0xA0, 0xE5, 0x23, 0x99, 0x3F, 1031e1051a39Sopenharmony_ci 0xA3, 0x88, 0xAE, 0xFD, 0xC6, 0x7E, 0x67, 0xEB, 1032e1051a39Sopenharmony_ci 0xCD, 0x8C, 0x08, 0xE8, 0xA0, 0x24, 0x6B, 0x1D, 1033e1051a39Sopenharmony_ci 0x73, 0xB0, 0xD1, 0xDD, 0x9F, 0xC5, 0x82, 0xB0, 1034e1051a39Sopenharmony_ci }, 1035e1051a39Sopenharmony_ci }; 1036e1051a39Sopenharmony_ci static unsigned char iv[16] = { 0 }; 1037e1051a39Sopenharmony_ci unsigned char result[32] = { 0 }; 1038e1051a39Sopenharmony_ci 1039e1051a39Sopenharmony_ci for (i = 0; i < 3; i++) { 1040e1051a39Sopenharmony_ci p = 0; 1041e1051a39Sopenharmony_ci params[p++] = OSSL_PARAM_construct_utf8_string( 1042e1051a39Sopenharmony_ci OSSL_KDF_PARAM_CIPHER, "CAMELLIA-256-CBC", 0); 1043e1051a39Sopenharmony_ci params[p++] = OSSL_PARAM_construct_utf8_string( 1044e1051a39Sopenharmony_ci OSSL_KDF_PARAM_MAC, "CMAC", 0); 1045e1051a39Sopenharmony_ci params[p++] = OSSL_PARAM_construct_utf8_string( 1046e1051a39Sopenharmony_ci OSSL_KDF_PARAM_MODE, "FEEDBACK", 0); 1047e1051a39Sopenharmony_ci params[p++] = OSSL_PARAM_construct_octet_string( 1048e1051a39Sopenharmony_ci OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key)); 1049e1051a39Sopenharmony_ci params[p++] = OSSL_PARAM_construct_octet_string( 1050e1051a39Sopenharmony_ci OSSL_KDF_PARAM_SALT, constants[i], sizeof(constants[i])); 1051e1051a39Sopenharmony_ci params[p++] = OSSL_PARAM_construct_octet_string( 1052e1051a39Sopenharmony_ci OSSL_KDF_PARAM_SEED, iv, sizeof(iv)); 1053e1051a39Sopenharmony_ci params[p] = OSSL_PARAM_construct_end(); 1054e1051a39Sopenharmony_ci 1055e1051a39Sopenharmony_ci kctx = get_kdfbyname("KBKDF"); 1056e1051a39Sopenharmony_ci ret = TEST_ptr(kctx) 1057e1051a39Sopenharmony_ci && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), 1058e1051a39Sopenharmony_ci params), 0) 1059e1051a39Sopenharmony_ci && TEST_mem_eq(result, sizeof(result), outputs[i], 1060e1051a39Sopenharmony_ci sizeof(outputs[i])); 1061e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 1062e1051a39Sopenharmony_ci if (ret != 1) 1063e1051a39Sopenharmony_ci return ret; 1064e1051a39Sopenharmony_ci } 1065e1051a39Sopenharmony_ci 1066e1051a39Sopenharmony_ci return ret; 1067e1051a39Sopenharmony_ci} 1068e1051a39Sopenharmony_ci#endif 1069e1051a39Sopenharmony_ci 1070e1051a39Sopenharmony_cistatic OSSL_PARAM *construct_kbkdf_params(char *digest, char *mac, unsigned char *key, 1071e1051a39Sopenharmony_ci size_t keylen, char *salt, char *info) 1072e1051a39Sopenharmony_ci{ 1073e1051a39Sopenharmony_ci OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 7); 1074e1051a39Sopenharmony_ci OSSL_PARAM *p = params; 1075e1051a39Sopenharmony_ci 1076e1051a39Sopenharmony_ci if (params == NULL) 1077e1051a39Sopenharmony_ci return NULL; 1078e1051a39Sopenharmony_ci 1079e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_utf8_string( 1080e1051a39Sopenharmony_ci OSSL_KDF_PARAM_DIGEST, digest, 0); 1081e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_utf8_string( 1082e1051a39Sopenharmony_ci OSSL_KDF_PARAM_MAC, mac, 0); 1083e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_utf8_string( 1084e1051a39Sopenharmony_ci OSSL_KDF_PARAM_MODE, "COUNTER", 0); 1085e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_octet_string( 1086e1051a39Sopenharmony_ci OSSL_KDF_PARAM_KEY, key, keylen); 1087e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_octet_string( 1088e1051a39Sopenharmony_ci OSSL_KDF_PARAM_SALT, salt, strlen(salt)); 1089e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_octet_string( 1090e1051a39Sopenharmony_ci OSSL_KDF_PARAM_INFO, info, strlen(info)); 1091e1051a39Sopenharmony_ci *p = OSSL_PARAM_construct_end(); 1092e1051a39Sopenharmony_ci 1093e1051a39Sopenharmony_ci return params; 1094e1051a39Sopenharmony_ci} 1095e1051a39Sopenharmony_ci 1096e1051a39Sopenharmony_cistatic int test_kdf_kbkdf_invalid_digest(void) 1097e1051a39Sopenharmony_ci{ 1098e1051a39Sopenharmony_ci int ret; 1099e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx; 1100e1051a39Sopenharmony_ci OSSL_PARAM *params; 1101e1051a39Sopenharmony_ci 1102e1051a39Sopenharmony_ci static unsigned char key[] = {0x01}; 1103e1051a39Sopenharmony_ci 1104e1051a39Sopenharmony_ci params = construct_kbkdf_params("blah", "HMAC", key, 1, "prf", "test"); 1105e1051a39Sopenharmony_ci if (!TEST_ptr(params)) 1106e1051a39Sopenharmony_ci return 0; 1107e1051a39Sopenharmony_ci 1108e1051a39Sopenharmony_ci /* Negative test case - set_params should fail */ 1109e1051a39Sopenharmony_ci kctx = get_kdfbyname("KBKDF"); 1110e1051a39Sopenharmony_ci ret = TEST_ptr(kctx) 1111e1051a39Sopenharmony_ci && TEST_false(EVP_KDF_CTX_set_params(kctx, params)); 1112e1051a39Sopenharmony_ci 1113e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 1114e1051a39Sopenharmony_ci OPENSSL_free(params); 1115e1051a39Sopenharmony_ci return ret; 1116e1051a39Sopenharmony_ci} 1117e1051a39Sopenharmony_ci 1118e1051a39Sopenharmony_cistatic int test_kdf_kbkdf_invalid_mac(void) 1119e1051a39Sopenharmony_ci{ 1120e1051a39Sopenharmony_ci int ret; 1121e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx; 1122e1051a39Sopenharmony_ci OSSL_PARAM *params; 1123e1051a39Sopenharmony_ci 1124e1051a39Sopenharmony_ci static unsigned char key[] = {0x01}; 1125e1051a39Sopenharmony_ci 1126e1051a39Sopenharmony_ci params = construct_kbkdf_params("sha256", "blah", key, 1, "prf", "test"); 1127e1051a39Sopenharmony_ci if (!TEST_ptr(params)) 1128e1051a39Sopenharmony_ci return 0; 1129e1051a39Sopenharmony_ci 1130e1051a39Sopenharmony_ci /* Negative test case - set_params should fail */ 1131e1051a39Sopenharmony_ci kctx = get_kdfbyname("KBKDF"); 1132e1051a39Sopenharmony_ci ret = TEST_ptr(kctx) 1133e1051a39Sopenharmony_ci && TEST_false(EVP_KDF_CTX_set_params(kctx, params)); 1134e1051a39Sopenharmony_ci 1135e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 1136e1051a39Sopenharmony_ci OPENSSL_free(params); 1137e1051a39Sopenharmony_ci return ret; 1138e1051a39Sopenharmony_ci} 1139e1051a39Sopenharmony_ci 1140e1051a39Sopenharmony_cistatic int test_kdf_kbkdf_empty_key(void) 1141e1051a39Sopenharmony_ci{ 1142e1051a39Sopenharmony_ci int ret; 1143e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx; 1144e1051a39Sopenharmony_ci OSSL_PARAM *params; 1145e1051a39Sopenharmony_ci 1146e1051a39Sopenharmony_ci static unsigned char key[] = {0x01}; 1147e1051a39Sopenharmony_ci unsigned char result[32] = { 0 }; 1148e1051a39Sopenharmony_ci 1149e1051a39Sopenharmony_ci params = construct_kbkdf_params("sha256", "HMAC", key, 0, "prf", "test"); 1150e1051a39Sopenharmony_ci if (!TEST_ptr(params)) 1151e1051a39Sopenharmony_ci return 0; 1152e1051a39Sopenharmony_ci 1153e1051a39Sopenharmony_ci /* Negative test case - derive should fail */ 1154e1051a39Sopenharmony_ci kctx = get_kdfbyname("KBKDF"); 1155e1051a39Sopenharmony_ci ret = TEST_ptr(kctx) 1156e1051a39Sopenharmony_ci && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) 1157e1051a39Sopenharmony_ci && TEST_int_eq(EVP_KDF_derive(kctx, result, sizeof(result), NULL), 0); 1158e1051a39Sopenharmony_ci 1159e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 1160e1051a39Sopenharmony_ci OPENSSL_free(params); 1161e1051a39Sopenharmony_ci return ret; 1162e1051a39Sopenharmony_ci} 1163e1051a39Sopenharmony_ci 1164e1051a39Sopenharmony_cistatic int test_kdf_kbkdf_1byte_key(void) 1165e1051a39Sopenharmony_ci{ 1166e1051a39Sopenharmony_ci int ret; 1167e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx; 1168e1051a39Sopenharmony_ci OSSL_PARAM *params; 1169e1051a39Sopenharmony_ci 1170e1051a39Sopenharmony_ci static unsigned char key[] = {0x01}; 1171e1051a39Sopenharmony_ci unsigned char result[32] = { 0 }; 1172e1051a39Sopenharmony_ci 1173e1051a39Sopenharmony_ci params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test"); 1174e1051a39Sopenharmony_ci if (!TEST_ptr(params)) 1175e1051a39Sopenharmony_ci return 0; 1176e1051a39Sopenharmony_ci 1177e1051a39Sopenharmony_ci kctx = get_kdfbyname("KBKDF"); 1178e1051a39Sopenharmony_ci ret = TEST_ptr(kctx) 1179e1051a39Sopenharmony_ci && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), params), 0); 1180e1051a39Sopenharmony_ci 1181e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 1182e1051a39Sopenharmony_ci OPENSSL_free(params); 1183e1051a39Sopenharmony_ci return ret; 1184e1051a39Sopenharmony_ci} 1185e1051a39Sopenharmony_ci 1186e1051a39Sopenharmony_cistatic int test_kdf_kbkdf_zero_output_size(void) 1187e1051a39Sopenharmony_ci{ 1188e1051a39Sopenharmony_ci int ret; 1189e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx; 1190e1051a39Sopenharmony_ci OSSL_PARAM *params; 1191e1051a39Sopenharmony_ci 1192e1051a39Sopenharmony_ci static unsigned char key[] = {0x01}; 1193e1051a39Sopenharmony_ci unsigned char result[32] = { 0 }; 1194e1051a39Sopenharmony_ci 1195e1051a39Sopenharmony_ci params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test"); 1196e1051a39Sopenharmony_ci if (!TEST_ptr(params)) 1197e1051a39Sopenharmony_ci return 0; 1198e1051a39Sopenharmony_ci 1199e1051a39Sopenharmony_ci /* Negative test case - derive should fail */ 1200e1051a39Sopenharmony_ci kctx = get_kdfbyname("KBKDF"); 1201e1051a39Sopenharmony_ci ret = TEST_ptr(kctx) 1202e1051a39Sopenharmony_ci && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) 1203e1051a39Sopenharmony_ci && TEST_int_eq(EVP_KDF_derive(kctx, result, 0, NULL), 0); 1204e1051a39Sopenharmony_ci 1205e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 1206e1051a39Sopenharmony_ci OPENSSL_free(params); 1207e1051a39Sopenharmony_ci return ret; 1208e1051a39Sopenharmony_ci} 1209e1051a39Sopenharmony_ci 1210e1051a39Sopenharmony_ci/* Two test vectors from RFC 8009 (AES Encryption with HMAC-SHA2 for Kerberos 1211e1051a39Sopenharmony_ci * 5) appendix A. */ 1212e1051a39Sopenharmony_cistatic int test_kdf_kbkdf_8009_prf1(void) 1213e1051a39Sopenharmony_ci{ 1214e1051a39Sopenharmony_ci int ret, i = 0; 1215e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx; 1216e1051a39Sopenharmony_ci OSSL_PARAM params[6]; 1217e1051a39Sopenharmony_ci char *label = "prf", *digest = "sha256", *prf_input = "test", 1218e1051a39Sopenharmony_ci *mac = "HMAC"; 1219e1051a39Sopenharmony_ci static unsigned char input_key[] = { 1220e1051a39Sopenharmony_ci 0x37, 0x05, 0xD9, 0x60, 0x80, 0xC1, 0x77, 0x28, 1221e1051a39Sopenharmony_ci 0xA0, 0xE8, 0x00, 0xEA, 0xB6, 0xE0, 0xD2, 0x3C, 1222e1051a39Sopenharmony_ci }; 1223e1051a39Sopenharmony_ci static unsigned char output[] = { 1224e1051a39Sopenharmony_ci 0x9D, 0x18, 0x86, 0x16, 0xF6, 0x38, 0x52, 0xFE, 1225e1051a39Sopenharmony_ci 0x86, 0x91, 0x5B, 0xB8, 0x40, 0xB4, 0xA8, 0x86, 1226e1051a39Sopenharmony_ci 0xFF, 0x3E, 0x6B, 0xB0, 0xF8, 0x19, 0xB4, 0x9B, 1227e1051a39Sopenharmony_ci 0x89, 0x33, 0x93, 0xD3, 0x93, 0x85, 0x42, 0x95, 1228e1051a39Sopenharmony_ci }; 1229e1051a39Sopenharmony_ci unsigned char result[sizeof(output)] = { 0 }; 1230e1051a39Sopenharmony_ci 1231e1051a39Sopenharmony_ci params[i++] = OSSL_PARAM_construct_utf8_string( 1232e1051a39Sopenharmony_ci OSSL_KDF_PARAM_DIGEST, digest, 0); 1233e1051a39Sopenharmony_ci params[i++] = OSSL_PARAM_construct_utf8_string( 1234e1051a39Sopenharmony_ci OSSL_KDF_PARAM_MAC, mac, 0); 1235e1051a39Sopenharmony_ci params[i++] = OSSL_PARAM_construct_octet_string( 1236e1051a39Sopenharmony_ci OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key)); 1237e1051a39Sopenharmony_ci params[i++] = OSSL_PARAM_construct_octet_string( 1238e1051a39Sopenharmony_ci OSSL_KDF_PARAM_SALT, label, strlen(label)); 1239e1051a39Sopenharmony_ci params[i++] = OSSL_PARAM_construct_octet_string( 1240e1051a39Sopenharmony_ci OSSL_KDF_PARAM_INFO, prf_input, strlen(prf_input)); 1241e1051a39Sopenharmony_ci params[i] = OSSL_PARAM_construct_end(); 1242e1051a39Sopenharmony_ci 1243e1051a39Sopenharmony_ci kctx = get_kdfbyname("KBKDF"); 1244e1051a39Sopenharmony_ci ret = TEST_ptr(kctx) 1245e1051a39Sopenharmony_ci && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), params), 0) 1246e1051a39Sopenharmony_ci && TEST_mem_eq(result, sizeof(result), output, sizeof(output)); 1247e1051a39Sopenharmony_ci 1248e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 1249e1051a39Sopenharmony_ci return ret; 1250e1051a39Sopenharmony_ci} 1251e1051a39Sopenharmony_ci 1252e1051a39Sopenharmony_cistatic int test_kdf_kbkdf_8009_prf2(void) 1253e1051a39Sopenharmony_ci{ 1254e1051a39Sopenharmony_ci int ret, i = 0; 1255e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx; 1256e1051a39Sopenharmony_ci OSSL_PARAM params[6]; 1257e1051a39Sopenharmony_ci char *label = "prf", *digest = "sha384", *prf_input = "test", 1258e1051a39Sopenharmony_ci *mac = "HMAC"; 1259e1051a39Sopenharmony_ci static unsigned char input_key[] = { 1260e1051a39Sopenharmony_ci 0x6D, 0x40, 0x4D, 0x37, 0xFA, 0xF7, 0x9F, 0x9D, 1261e1051a39Sopenharmony_ci 0xF0, 0xD3, 0x35, 0x68, 0xD3, 0x20, 0x66, 0x98, 1262e1051a39Sopenharmony_ci 0x00, 0xEB, 0x48, 0x36, 0x47, 0x2E, 0xA8, 0xA0, 1263e1051a39Sopenharmony_ci 0x26, 0xD1, 0x6B, 0x71, 0x82, 0x46, 0x0C, 0x52, 1264e1051a39Sopenharmony_ci }; 1265e1051a39Sopenharmony_ci static unsigned char output[] = { 1266e1051a39Sopenharmony_ci 0x98, 0x01, 0xF6, 0x9A, 0x36, 0x8C, 0x2B, 0xF6, 1267e1051a39Sopenharmony_ci 0x75, 0xE5, 0x95, 0x21, 0xE1, 0x77, 0xD9, 0xA0, 1268e1051a39Sopenharmony_ci 0x7F, 0x67, 0xEF, 0xE1, 0xCF, 0xDE, 0x8D, 0x3C, 1269e1051a39Sopenharmony_ci 0x8D, 0x6F, 0x6A, 0x02, 0x56, 0xE3, 0xB1, 0x7D, 1270e1051a39Sopenharmony_ci 0xB3, 0xC1, 0xB6, 0x2A, 0xD1, 0xB8, 0x55, 0x33, 1271e1051a39Sopenharmony_ci 0x60, 0xD1, 0x73, 0x67, 0xEB, 0x15, 0x14, 0xD2, 1272e1051a39Sopenharmony_ci }; 1273e1051a39Sopenharmony_ci unsigned char result[sizeof(output)] = { 0 }; 1274e1051a39Sopenharmony_ci 1275e1051a39Sopenharmony_ci params[i++] = OSSL_PARAM_construct_utf8_string( 1276e1051a39Sopenharmony_ci OSSL_KDF_PARAM_DIGEST, digest, 0); 1277e1051a39Sopenharmony_ci params[i++] = OSSL_PARAM_construct_utf8_string( 1278e1051a39Sopenharmony_ci OSSL_KDF_PARAM_MAC, mac, 0); 1279e1051a39Sopenharmony_ci params[i++] = OSSL_PARAM_construct_octet_string( 1280e1051a39Sopenharmony_ci OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key)); 1281e1051a39Sopenharmony_ci params[i++] = OSSL_PARAM_construct_octet_string( 1282e1051a39Sopenharmony_ci OSSL_KDF_PARAM_SALT, label, strlen(label)); 1283e1051a39Sopenharmony_ci params[i++] = OSSL_PARAM_construct_octet_string( 1284e1051a39Sopenharmony_ci OSSL_KDF_PARAM_INFO, prf_input, strlen(prf_input)); 1285e1051a39Sopenharmony_ci params[i] = OSSL_PARAM_construct_end(); 1286e1051a39Sopenharmony_ci 1287e1051a39Sopenharmony_ci kctx = get_kdfbyname("KBKDF"); 1288e1051a39Sopenharmony_ci ret = TEST_ptr(kctx) 1289e1051a39Sopenharmony_ci && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), params), 0) 1290e1051a39Sopenharmony_ci && TEST_mem_eq(result, sizeof(result), output, sizeof(output)); 1291e1051a39Sopenharmony_ci 1292e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 1293e1051a39Sopenharmony_ci return ret; 1294e1051a39Sopenharmony_ci} 1295e1051a39Sopenharmony_ci 1296e1051a39Sopenharmony_ci#if !defined(OPENSSL_NO_CMAC) 1297e1051a39Sopenharmony_ci/* 1298e1051a39Sopenharmony_ci * Test vector taken from 1299e1051a39Sopenharmony_ci * https://csrc.nist.gov/CSRC/media/Projects/ 1300e1051a39Sopenharmony_ci * Cryptographic-Algorithm-Validation-Program/documents/KBKDF800-108/CounterMode.zip 1301e1051a39Sopenharmony_ci * Note: Only 32 bit counter is supported ([RLEN=32_BITS]) 1302e1051a39Sopenharmony_ci */ 1303e1051a39Sopenharmony_cistatic int test_kdf_kbkdf_fixedinfo(void) 1304e1051a39Sopenharmony_ci{ 1305e1051a39Sopenharmony_ci int ret; 1306e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx; 1307e1051a39Sopenharmony_ci OSSL_PARAM params[8], *p = params; 1308e1051a39Sopenharmony_ci static char *cipher = "AES128"; 1309e1051a39Sopenharmony_ci static char *mac = "CMAC"; 1310e1051a39Sopenharmony_ci static char *mode = "COUNTER"; 1311e1051a39Sopenharmony_ci int use_l = 0; 1312e1051a39Sopenharmony_ci int use_separator = 0; 1313e1051a39Sopenharmony_ci 1314e1051a39Sopenharmony_ci static unsigned char input_key[] = { 1315e1051a39Sopenharmony_ci 0xc1, 0x0b, 0x15, 0x2e, 0x8c, 0x97, 0xb7, 0x7e, 1316e1051a39Sopenharmony_ci 0x18, 0x70, 0x4e, 0x0f, 0x0b, 0xd3, 0x83, 0x05, 1317e1051a39Sopenharmony_ci }; 1318e1051a39Sopenharmony_ci static unsigned char fixed_input[] = { 1319e1051a39Sopenharmony_ci 0x98, 0xcd, 0x4c, 0xbb, 0xbe, 0xbe, 0x15, 0xd1, 1320e1051a39Sopenharmony_ci 0x7d, 0xc8, 0x6e, 0x6d, 0xba, 0xd8, 0x00, 0xa2, 1321e1051a39Sopenharmony_ci 0xdc, 0xbd, 0x64, 0xf7, 0xc7, 0xad, 0x0e, 0x78, 1322e1051a39Sopenharmony_ci 0xe9, 0xcf, 0x94, 0xff, 0xdb, 0xa8, 0x9d, 0x03, 1323e1051a39Sopenharmony_ci 0xe9, 0x7e, 0xad, 0xf6, 0xc4, 0xf7, 0xb8, 0x06, 1324e1051a39Sopenharmony_ci 0xca, 0xf5, 0x2a, 0xa3, 0x8f, 0x09, 0xd0, 0xeb, 1325e1051a39Sopenharmony_ci 0x71, 0xd7, 0x1f, 0x49, 0x7b, 0xcc, 0x69, 0x06, 1326e1051a39Sopenharmony_ci 0xb4, 0x8d, 0x36, 0xc4, 1327e1051a39Sopenharmony_ci 1328e1051a39Sopenharmony_ci }; 1329e1051a39Sopenharmony_ci static unsigned char output[] = { 1330e1051a39Sopenharmony_ci 0x26, 0xfa, 0xf6, 0x19, 0x08, 0xad, 0x9e, 0xe8, 1331e1051a39Sopenharmony_ci 0x81, 0xb8, 0x30, 0x5c, 0x22, 0x1d, 0xb5, 0x3f, 1332e1051a39Sopenharmony_ci }; 1333e1051a39Sopenharmony_ci unsigned char result[sizeof(output)] = { 0 }; 1334e1051a39Sopenharmony_ci 1335e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER, cipher, 0); 1336e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, mac, 0); 1337e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE, mode, 0); 1338e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, input_key, 1339e1051a39Sopenharmony_ci sizeof(input_key)); 1340e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, 1341e1051a39Sopenharmony_ci fixed_input, sizeof(fixed_input)); 1342e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_USE_L, &use_l); 1343e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR, 1344e1051a39Sopenharmony_ci &use_separator); 1345e1051a39Sopenharmony_ci *p = OSSL_PARAM_construct_end(); 1346e1051a39Sopenharmony_ci 1347e1051a39Sopenharmony_ci kctx = get_kdfbyname("KBKDF"); 1348e1051a39Sopenharmony_ci ret = TEST_ptr(kctx) 1349e1051a39Sopenharmony_ci && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), params), 0) 1350e1051a39Sopenharmony_ci && TEST_mem_eq(result, sizeof(result), output, sizeof(output)); 1351e1051a39Sopenharmony_ci 1352e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 1353e1051a39Sopenharmony_ci return ret; 1354e1051a39Sopenharmony_ci} 1355e1051a39Sopenharmony_ci#endif /* OPENSSL_NO_CMAC */ 1356e1051a39Sopenharmony_ci 1357e1051a39Sopenharmony_cistatic int test_kdf_ss_hmac(void) 1358e1051a39Sopenharmony_ci{ 1359e1051a39Sopenharmony_ci int ret; 1360e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx; 1361e1051a39Sopenharmony_ci OSSL_PARAM params[6], *p = params; 1362e1051a39Sopenharmony_ci unsigned char out[16]; 1363e1051a39Sopenharmony_ci static unsigned char z[] = { 1364e1051a39Sopenharmony_ci 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4 1365e1051a39Sopenharmony_ci }; 1366e1051a39Sopenharmony_ci static unsigned char other[] = { 1367e1051a39Sopenharmony_ci 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc 1368e1051a39Sopenharmony_ci }; 1369e1051a39Sopenharmony_ci static unsigned char salt[] = { 1370e1051a39Sopenharmony_ci 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef, 1371e1051a39Sopenharmony_ci 0x3f,0x89 1372e1051a39Sopenharmony_ci }; 1373e1051a39Sopenharmony_ci static const unsigned char expected[sizeof(out)] = { 1374e1051a39Sopenharmony_ci 0x44,0xf6,0x76,0xe8,0x5c,0x1b,0x1a,0x8b,0xbc,0x3d,0x31,0x92,0x18,0x63, 1375e1051a39Sopenharmony_ci 0x1c,0xa3 1376e1051a39Sopenharmony_ci }; 1377e1051a39Sopenharmony_ci 1378e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, 1379e1051a39Sopenharmony_ci (char *)OSSL_MAC_NAME_HMAC, 0); 1380e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, 1381e1051a39Sopenharmony_ci (char *)"sha256", 0); 1382e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z)); 1383e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other, 1384e1051a39Sopenharmony_ci sizeof(other)); 1385e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt, 1386e1051a39Sopenharmony_ci sizeof(salt)); 1387e1051a39Sopenharmony_ci *p = OSSL_PARAM_construct_end(); 1388e1051a39Sopenharmony_ci 1389e1051a39Sopenharmony_ci ret = 1390e1051a39Sopenharmony_ci TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF)) 1391e1051a39Sopenharmony_ci && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0) 1392e1051a39Sopenharmony_ci && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); 1393e1051a39Sopenharmony_ci 1394e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 1395e1051a39Sopenharmony_ci return ret; 1396e1051a39Sopenharmony_ci} 1397e1051a39Sopenharmony_ci 1398e1051a39Sopenharmony_cistatic int test_kdf_ss_kmac(void) 1399e1051a39Sopenharmony_ci{ 1400e1051a39Sopenharmony_ci int ret; 1401e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx; 1402e1051a39Sopenharmony_ci OSSL_PARAM params[7], *p = params; 1403e1051a39Sopenharmony_ci unsigned char out[64]; 1404e1051a39Sopenharmony_ci size_t mac_size = 20; 1405e1051a39Sopenharmony_ci static unsigned char z[] = { 1406e1051a39Sopenharmony_ci 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4 1407e1051a39Sopenharmony_ci }; 1408e1051a39Sopenharmony_ci static unsigned char other[] = { 1409e1051a39Sopenharmony_ci 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc 1410e1051a39Sopenharmony_ci }; 1411e1051a39Sopenharmony_ci static unsigned char salt[] = { 1412e1051a39Sopenharmony_ci 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef, 1413e1051a39Sopenharmony_ci 0x3f,0x89 1414e1051a39Sopenharmony_ci }; 1415e1051a39Sopenharmony_ci static const unsigned char expected[sizeof(out)] = { 1416e1051a39Sopenharmony_ci 0xe9,0xc1,0x84,0x53,0xa0,0x62,0xb5,0x3b,0xdb,0xfc,0xbb,0x5a,0x34,0xbd, 1417e1051a39Sopenharmony_ci 0xb8,0xe5,0xe7,0x07,0xee,0xbb,0x5d,0xd1,0x34,0x42,0x43,0xd8,0xcf,0xc2, 1418e1051a39Sopenharmony_ci 0xc2,0xe6,0x33,0x2f,0x91,0xbd,0xa5,0x86,0xf3,0x7d,0xe4,0x8a,0x65,0xd4, 1419e1051a39Sopenharmony_ci 0xc5,0x14,0xfd,0xef,0xaa,0x1e,0x67,0x54,0xf3,0x73,0xd2,0x38,0xe1,0x95, 1420e1051a39Sopenharmony_ci 0xae,0x15,0x7e,0x1d,0xe8,0x14,0x98,0x03 1421e1051a39Sopenharmony_ci }; 1422e1051a39Sopenharmony_ci 1423e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, 1424e1051a39Sopenharmony_ci (char *)OSSL_MAC_NAME_KMAC128, 0); 1425e1051a39Sopenharmony_ci /* The digest parameter is not needed here and should be ignored */ 1426e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, 1427e1051a39Sopenharmony_ci (char *)"SHA256", 0); 1428e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z)); 1429e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other, 1430e1051a39Sopenharmony_ci sizeof(other)); 1431e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt, 1432e1051a39Sopenharmony_ci sizeof(salt)); 1433e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_MAC_SIZE, &mac_size); 1434e1051a39Sopenharmony_ci *p = OSSL_PARAM_construct_end(); 1435e1051a39Sopenharmony_ci 1436e1051a39Sopenharmony_ci ret = 1437e1051a39Sopenharmony_ci TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF)) 1438e1051a39Sopenharmony_ci && TEST_size_t_eq(EVP_KDF_CTX_get_kdf_size(kctx), 0) 1439e1051a39Sopenharmony_ci && TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 1) 1440e1051a39Sopenharmony_ci /* The bug fix for KMAC returning SIZE_MAX was added in 3.0.8 */ 1441e1051a39Sopenharmony_ci && (fips_provider_version_lt(NULL, 3, 0, 8) 1442e1051a39Sopenharmony_ci || TEST_size_t_eq(EVP_KDF_CTX_get_kdf_size(kctx), SIZE_MAX)) 1443e1051a39Sopenharmony_ci && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0) 1444e1051a39Sopenharmony_ci && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); 1445e1051a39Sopenharmony_ci 1446e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 1447e1051a39Sopenharmony_ci return ret; 1448e1051a39Sopenharmony_ci} 1449e1051a39Sopenharmony_ci 1450e1051a39Sopenharmony_cistatic int test_kdf_sshkdf(void) 1451e1051a39Sopenharmony_ci{ 1452e1051a39Sopenharmony_ci int ret; 1453e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx; 1454e1051a39Sopenharmony_ci OSSL_PARAM params[6], *p = params; 1455e1051a39Sopenharmony_ci char kdftype = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV; 1456e1051a39Sopenharmony_ci unsigned char out[8]; 1457e1051a39Sopenharmony_ci /* Test data from NIST CAVS 14.1 test vectors */ 1458e1051a39Sopenharmony_ci static unsigned char key[] = { 1459e1051a39Sopenharmony_ci 0x00, 0x00, 0x00, 0x81, 0x00, 0x87, 0x5c, 0x55, 0x1c, 0xef, 0x52, 0x6a, 1460e1051a39Sopenharmony_ci 0x4a, 0x8b, 0xe1, 0xa7, 0xdf, 0x27, 0xe9, 0xed, 0x35, 0x4b, 0xac, 0x9a, 1461e1051a39Sopenharmony_ci 0xfb, 0x71, 0xf5, 0x3d, 0xba, 0xe9, 0x05, 0x67, 0x9d, 0x14, 0xf9, 0xfa, 1462e1051a39Sopenharmony_ci 0xf2, 0x46, 0x9c, 0x53, 0x45, 0x7c, 0xf8, 0x0a, 0x36, 0x6b, 0xe2, 0x78, 1463e1051a39Sopenharmony_ci 0x96, 0x5b, 0xa6, 0x25, 0x52, 0x76, 0xca, 0x2d, 0x9f, 0x4a, 0x97, 0xd2, 1464e1051a39Sopenharmony_ci 0x71, 0xf7, 0x1e, 0x50, 0xd8, 0xa9, 0xec, 0x46, 0x25, 0x3a, 0x6a, 0x90, 1465e1051a39Sopenharmony_ci 0x6a, 0xc2, 0xc5, 0xe4, 0xf4, 0x8b, 0x27, 0xa6, 0x3c, 0xe0, 0x8d, 0x80, 1466e1051a39Sopenharmony_ci 0x39, 0x0a, 0x49, 0x2a, 0xa4, 0x3b, 0xad, 0x9d, 0x88, 0x2c, 0xca, 0xc2, 1467e1051a39Sopenharmony_ci 0x3d, 0xac, 0x88, 0xbc, 0xad, 0xa4, 0xb4, 0xd4, 0x26, 0xa3, 0x62, 0x08, 1468e1051a39Sopenharmony_ci 0x3d, 0xab, 0x65, 0x69, 0xc5, 0x4c, 0x22, 0x4d, 0xd2, 0xd8, 0x76, 0x43, 1469e1051a39Sopenharmony_ci 0xaa, 0x22, 0x76, 0x93, 0xe1, 0x41, 0xad, 0x16, 0x30, 0xce, 0x13, 0x14, 1470e1051a39Sopenharmony_ci 0x4e 1471e1051a39Sopenharmony_ci }; 1472e1051a39Sopenharmony_ci static unsigned char xcghash[] = { 1473e1051a39Sopenharmony_ci 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23, 1474e1051a39Sopenharmony_ci 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7, 1475e1051a39Sopenharmony_ci 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42 1476e1051a39Sopenharmony_ci }; 1477e1051a39Sopenharmony_ci static unsigned char sessid[] = { 1478e1051a39Sopenharmony_ci 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23, 1479e1051a39Sopenharmony_ci 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7, 1480e1051a39Sopenharmony_ci 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42 1481e1051a39Sopenharmony_ci }; 1482e1051a39Sopenharmony_ci static const unsigned char expected[sizeof(out)] = { 1483e1051a39Sopenharmony_ci 0x41, 0xff, 0x2e, 0xad, 0x16, 0x83, 0xf1, 0xe6 1484e1051a39Sopenharmony_ci }; 1485e1051a39Sopenharmony_ci 1486e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, 1487e1051a39Sopenharmony_ci (char *)"sha256", 0); 1488e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key, 1489e1051a39Sopenharmony_ci sizeof(key)); 1490e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_XCGHASH, 1491e1051a39Sopenharmony_ci xcghash, sizeof(xcghash)); 1492e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_SESSION_ID, 1493e1051a39Sopenharmony_ci sessid, sizeof(sessid)); 1494e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE, 1495e1051a39Sopenharmony_ci &kdftype, sizeof(kdftype)); 1496e1051a39Sopenharmony_ci *p = OSSL_PARAM_construct_end(); 1497e1051a39Sopenharmony_ci 1498e1051a39Sopenharmony_ci ret = 1499e1051a39Sopenharmony_ci TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSHKDF)) 1500e1051a39Sopenharmony_ci && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0) 1501e1051a39Sopenharmony_ci && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); 1502e1051a39Sopenharmony_ci 1503e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 1504e1051a39Sopenharmony_ci return ret; 1505e1051a39Sopenharmony_ci} 1506e1051a39Sopenharmony_ci 1507e1051a39Sopenharmony_cistatic int test_kdfs_same( EVP_KDF *kdf1, EVP_KDF *kdf2) 1508e1051a39Sopenharmony_ci{ 1509e1051a39Sopenharmony_ci /* Fast path in case the two are the same algorithm pointer */ 1510e1051a39Sopenharmony_ci if (kdf1 == kdf2) 1511e1051a39Sopenharmony_ci return 1; 1512e1051a39Sopenharmony_ci /* 1513e1051a39Sopenharmony_ci * Compare their names and providers instead. 1514e1051a39Sopenharmony_ci * This is necessary in a non-caching build (or a cache flush during fetch) 1515e1051a39Sopenharmony_ci * because without the algorithm in the cache, fetching it a second time 1516e1051a39Sopenharmony_ci * will result in a different pointer. 1517e1051a39Sopenharmony_ci */ 1518e1051a39Sopenharmony_ci return TEST_ptr_eq(EVP_KDF_get0_provider(kdf1), EVP_KDF_get0_provider(kdf2)) 1519e1051a39Sopenharmony_ci && TEST_str_eq(EVP_KDF_get0_name(kdf1), EVP_KDF_get0_name(kdf2)); 1520e1051a39Sopenharmony_ci} 1521e1051a39Sopenharmony_ci 1522e1051a39Sopenharmony_cistatic int test_kdf_get_kdf(void) 1523e1051a39Sopenharmony_ci{ 1524e1051a39Sopenharmony_ci EVP_KDF *kdf1 = NULL, *kdf2 = NULL; 1525e1051a39Sopenharmony_ci ASN1_OBJECT *obj; 1526e1051a39Sopenharmony_ci int ok = 1; 1527e1051a39Sopenharmony_ci 1528e1051a39Sopenharmony_ci if (!TEST_ptr(obj = OBJ_nid2obj(NID_id_pbkdf2)) 1529e1051a39Sopenharmony_ci || !TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_PBKDF2, NULL)) 1530e1051a39Sopenharmony_ci || !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(OBJ_obj2nid(obj)), 1531e1051a39Sopenharmony_ci NULL)) 1532e1051a39Sopenharmony_ci || !test_kdfs_same(kdf1, kdf2)) 1533e1051a39Sopenharmony_ci ok = 0; 1534e1051a39Sopenharmony_ci EVP_KDF_free(kdf1); 1535e1051a39Sopenharmony_ci kdf1 = NULL; 1536e1051a39Sopenharmony_ci EVP_KDF_free(kdf2); 1537e1051a39Sopenharmony_ci kdf2 = NULL; 1538e1051a39Sopenharmony_ci 1539e1051a39Sopenharmony_ci if (!TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, SN_tls1_prf, NULL)) 1540e1051a39Sopenharmony_ci || !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, LN_tls1_prf, NULL)) 1541e1051a39Sopenharmony_ci || !test_kdfs_same(kdf1, kdf2)) 1542e1051a39Sopenharmony_ci ok = 0; 1543e1051a39Sopenharmony_ci /* kdf1 is re-used below, so don't free it here */ 1544e1051a39Sopenharmony_ci EVP_KDF_free(kdf2); 1545e1051a39Sopenharmony_ci kdf2 = NULL; 1546e1051a39Sopenharmony_ci 1547e1051a39Sopenharmony_ci if (!TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(NID_tls1_prf), NULL)) 1548e1051a39Sopenharmony_ci || !test_kdfs_same(kdf1, kdf2)) 1549e1051a39Sopenharmony_ci ok = 0; 1550e1051a39Sopenharmony_ci EVP_KDF_free(kdf1); 1551e1051a39Sopenharmony_ci kdf1 = NULL; 1552e1051a39Sopenharmony_ci EVP_KDF_free(kdf2); 1553e1051a39Sopenharmony_ci kdf2 = NULL; 1554e1051a39Sopenharmony_ci 1555e1051a39Sopenharmony_ci return ok; 1556e1051a39Sopenharmony_ci} 1557e1051a39Sopenharmony_ci 1558e1051a39Sopenharmony_ci#if !defined(OPENSSL_NO_CMS) && !defined(OPENSSL_NO_DES) 1559e1051a39Sopenharmony_cistatic int test_kdf_x942_asn1(void) 1560e1051a39Sopenharmony_ci{ 1561e1051a39Sopenharmony_ci int ret; 1562e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx = NULL; 1563e1051a39Sopenharmony_ci OSSL_PARAM params[4], *p = params; 1564e1051a39Sopenharmony_ci const char *cek_alg = SN_id_smime_alg_CMS3DESwrap; 1565e1051a39Sopenharmony_ci unsigned char out[24]; 1566e1051a39Sopenharmony_ci /* RFC2631 Section 2.1.6 Test data */ 1567e1051a39Sopenharmony_ci static unsigned char z[] = { 1568e1051a39Sopenharmony_ci 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d, 1569e1051a39Sopenharmony_ci 0x0e,0x0f,0x10,0x11,0x12,0x13 1570e1051a39Sopenharmony_ci }; 1571e1051a39Sopenharmony_ci static const unsigned char expected[sizeof(out)] = { 1572e1051a39Sopenharmony_ci 0xa0,0x96,0x61,0x39,0x23,0x76,0xf7,0x04, 1573e1051a39Sopenharmony_ci 0x4d,0x90,0x52,0xa3,0x97,0x88,0x32,0x46, 1574e1051a39Sopenharmony_ci 0xb6,0x7f,0x5f,0x1e,0xf6,0x3e,0xb5,0xfb 1575e1051a39Sopenharmony_ci }; 1576e1051a39Sopenharmony_ci 1577e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, 1578e1051a39Sopenharmony_ci (char *)"sha1", 0); 1579e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, 1580e1051a39Sopenharmony_ci sizeof(z)); 1581e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG, 1582e1051a39Sopenharmony_ci (char *)cek_alg, 0); 1583e1051a39Sopenharmony_ci *p = OSSL_PARAM_construct_end(); 1584e1051a39Sopenharmony_ci 1585e1051a39Sopenharmony_ci ret = 1586e1051a39Sopenharmony_ci TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X942KDF_ASN1)) 1587e1051a39Sopenharmony_ci && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0) 1588e1051a39Sopenharmony_ci && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); 1589e1051a39Sopenharmony_ci 1590e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 1591e1051a39Sopenharmony_ci return ret; 1592e1051a39Sopenharmony_ci} 1593e1051a39Sopenharmony_ci#endif /* OPENSSL_NO_CMS */ 1594e1051a39Sopenharmony_ci 1595e1051a39Sopenharmony_cistatic int test_kdf_krb5kdf(void) 1596e1051a39Sopenharmony_ci{ 1597e1051a39Sopenharmony_ci int ret; 1598e1051a39Sopenharmony_ci EVP_KDF_CTX *kctx; 1599e1051a39Sopenharmony_ci OSSL_PARAM params[4], *p = params; 1600e1051a39Sopenharmony_ci unsigned char out[16]; 1601e1051a39Sopenharmony_ci static unsigned char key[] = { 1602e1051a39Sopenharmony_ci 0x42, 0x26, 0x3C, 0x6E, 0x89, 0xF4, 0xFC, 0x28, 1603e1051a39Sopenharmony_ci 0xB8, 0xDF, 0x68, 0xEE, 0x09, 0x79, 0x9F, 0x15 1604e1051a39Sopenharmony_ci }; 1605e1051a39Sopenharmony_ci static unsigned char constant[] = { 1606e1051a39Sopenharmony_ci 0x00, 0x00, 0x00, 0x02, 0x99 1607e1051a39Sopenharmony_ci }; 1608e1051a39Sopenharmony_ci static const unsigned char expected[sizeof(out)] = { 1609e1051a39Sopenharmony_ci 0x34, 0x28, 0x0A, 0x38, 0x2B, 0xC9, 0x27, 0x69, 1610e1051a39Sopenharmony_ci 0xB2, 0xDA, 0x2F, 0x9E, 0xF0, 0x66, 0x85, 0x4B 1611e1051a39Sopenharmony_ci }; 1612e1051a39Sopenharmony_ci 1613e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER, 1614e1051a39Sopenharmony_ci (char *)"AES-128-CBC", 0); 1615e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key, 1616e1051a39Sopenharmony_ci sizeof(key)); 1617e1051a39Sopenharmony_ci *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_CONSTANT, 1618e1051a39Sopenharmony_ci constant, sizeof(constant)); 1619e1051a39Sopenharmony_ci *p = OSSL_PARAM_construct_end(); 1620e1051a39Sopenharmony_ci 1621e1051a39Sopenharmony_ci ret = 1622e1051a39Sopenharmony_ci TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_KRB5KDF)) 1623e1051a39Sopenharmony_ci && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0) 1624e1051a39Sopenharmony_ci && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); 1625e1051a39Sopenharmony_ci 1626e1051a39Sopenharmony_ci EVP_KDF_CTX_free(kctx); 1627e1051a39Sopenharmony_ci return ret; 1628e1051a39Sopenharmony_ci} 1629e1051a39Sopenharmony_ci 1630e1051a39Sopenharmony_ciint setup_tests(void) 1631e1051a39Sopenharmony_ci{ 1632e1051a39Sopenharmony_ci ADD_TEST(test_kdf_pbkdf1); 1633e1051a39Sopenharmony_ci#if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_CAMELLIA) 1634e1051a39Sopenharmony_ci ADD_TEST(test_kdf_kbkdf_6803_128); 1635e1051a39Sopenharmony_ci ADD_TEST(test_kdf_kbkdf_6803_256); 1636e1051a39Sopenharmony_ci#endif 1637e1051a39Sopenharmony_ci ADD_TEST(test_kdf_kbkdf_invalid_digest); 1638e1051a39Sopenharmony_ci ADD_TEST(test_kdf_kbkdf_invalid_mac); 1639e1051a39Sopenharmony_ci ADD_TEST(test_kdf_kbkdf_zero_output_size); 1640e1051a39Sopenharmony_ci ADD_TEST(test_kdf_kbkdf_empty_key); 1641e1051a39Sopenharmony_ci ADD_TEST(test_kdf_kbkdf_1byte_key); 1642e1051a39Sopenharmony_ci ADD_TEST(test_kdf_kbkdf_8009_prf1); 1643e1051a39Sopenharmony_ci ADD_TEST(test_kdf_kbkdf_8009_prf2); 1644e1051a39Sopenharmony_ci#if !defined(OPENSSL_NO_CMAC) 1645e1051a39Sopenharmony_ci ADD_TEST(test_kdf_kbkdf_fixedinfo); 1646e1051a39Sopenharmony_ci#endif 1647e1051a39Sopenharmony_ci ADD_TEST(test_kdf_get_kdf); 1648e1051a39Sopenharmony_ci ADD_TEST(test_kdf_tls1_prf); 1649e1051a39Sopenharmony_ci ADD_TEST(test_kdf_tls1_prf_invalid_digest); 1650e1051a39Sopenharmony_ci ADD_TEST(test_kdf_tls1_prf_zero_output_size); 1651e1051a39Sopenharmony_ci ADD_TEST(test_kdf_tls1_prf_empty_secret); 1652e1051a39Sopenharmony_ci ADD_TEST(test_kdf_tls1_prf_1byte_secret); 1653e1051a39Sopenharmony_ci ADD_TEST(test_kdf_tls1_prf_empty_seed); 1654e1051a39Sopenharmony_ci ADD_TEST(test_kdf_tls1_prf_1byte_seed); 1655e1051a39Sopenharmony_ci ADD_TEST(test_kdf_hkdf); 1656e1051a39Sopenharmony_ci ADD_TEST(test_kdf_hkdf_invalid_digest); 1657e1051a39Sopenharmony_ci ADD_TEST(test_kdf_hkdf_zero_output_size); 1658e1051a39Sopenharmony_ci ADD_TEST(test_kdf_hkdf_empty_key); 1659e1051a39Sopenharmony_ci ADD_TEST(test_kdf_hkdf_1byte_key); 1660e1051a39Sopenharmony_ci ADD_TEST(test_kdf_hkdf_empty_salt); 1661e1051a39Sopenharmony_ci ADD_TEST(test_kdf_hkdf_gettables); 1662e1051a39Sopenharmony_ci ADD_TEST(test_kdf_hkdf_gettables_expandonly); 1663e1051a39Sopenharmony_ci ADD_TEST(test_kdf_hkdf_gettables_no_digest); 1664e1051a39Sopenharmony_ci ADD_TEST(test_kdf_hkdf_derive_set_params_fail); 1665e1051a39Sopenharmony_ci ADD_TEST(test_kdf_hkdf_set_invalid_mode); 1666e1051a39Sopenharmony_ci ADD_TEST(test_kdf_hkdf_set_ctx_param_fail); 1667e1051a39Sopenharmony_ci ADD_TEST(test_kdf_pbkdf2); 1668e1051a39Sopenharmony_ci ADD_TEST(test_kdf_pbkdf2_small_output); 1669e1051a39Sopenharmony_ci ADD_TEST(test_kdf_pbkdf2_large_output); 1670e1051a39Sopenharmony_ci ADD_TEST(test_kdf_pbkdf2_small_salt); 1671e1051a39Sopenharmony_ci ADD_TEST(test_kdf_pbkdf2_small_iterations); 1672e1051a39Sopenharmony_ci ADD_TEST(test_kdf_pbkdf2_small_salt_pkcs5); 1673e1051a39Sopenharmony_ci ADD_TEST(test_kdf_pbkdf2_small_iterations_pkcs5); 1674e1051a39Sopenharmony_ci ADD_TEST(test_kdf_pbkdf2_invalid_digest); 1675e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_SCRYPT 1676e1051a39Sopenharmony_ci ADD_TEST(test_kdf_scrypt); 1677e1051a39Sopenharmony_ci#endif 1678e1051a39Sopenharmony_ci ADD_TEST(test_kdf_ss_hash); 1679e1051a39Sopenharmony_ci ADD_TEST(test_kdf_ss_hmac); 1680e1051a39Sopenharmony_ci ADD_TEST(test_kdf_ss_kmac); 1681e1051a39Sopenharmony_ci ADD_TEST(test_kdf_sshkdf); 1682e1051a39Sopenharmony_ci ADD_TEST(test_kdf_x963); 1683e1051a39Sopenharmony_ci#if !defined(OPENSSL_NO_CMS) && !defined(OPENSSL_NO_DES) 1684e1051a39Sopenharmony_ci ADD_TEST(test_kdf_x942_asn1); 1685e1051a39Sopenharmony_ci#endif 1686e1051a39Sopenharmony_ci ADD_TEST(test_kdf_krb5kdf); 1687e1051a39Sopenharmony_ci return 1; 1688e1051a39Sopenharmony_ci} 1689