1 /*
2 * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2018-2020, Oracle and/or its affiliates. All rights reserved.
4 *
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
9 */
10
11 /* Tests of the EVP_KDF_CTX APIs */
12
13 #include <stdio.h>
14 #include <string.h>
15
16 #include <openssl/evp.h>
17 #include <openssl/kdf.h>
18 #include <openssl/core_names.h>
19 #include "internal/numbers.h"
20 #include "testutil.h"
21
22
get_kdfbyname_libctx(OSSL_LIB_CTX * libctx,const char * name)23 static EVP_KDF_CTX *get_kdfbyname_libctx(OSSL_LIB_CTX *libctx, const char *name)
24 {
25 EVP_KDF *kdf = EVP_KDF_fetch(libctx, name, NULL);
26 EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
27
28 EVP_KDF_free(kdf);
29 return kctx;
30 }
31
get_kdfbyname(const char * name)32 static EVP_KDF_CTX *get_kdfbyname(const char *name)
33 {
34 return get_kdfbyname_libctx(NULL, name);
35 }
36
construct_tls1_prf_params(const char * digest,const char * secret,const char * seed)37 static OSSL_PARAM *construct_tls1_prf_params(const char *digest, const char *secret,
38 const char *seed)
39 {
40 OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 4);
41 OSSL_PARAM *p = params;
42
43 if (params == NULL)
44 return NULL;
45
46 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
47 (char *)digest, 0);
48 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
49 (unsigned char *)secret,
50 strlen(secret));
51 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
52 (unsigned char *)seed,
53 strlen(seed));
54 *p = OSSL_PARAM_construct_end();
55
56 return params;
57 }
58
test_kdf_tls1_prf(void)59 static int test_kdf_tls1_prf(void)
60 {
61 int ret;
62 EVP_KDF_CTX *kctx = NULL;
63 unsigned char out[16];
64 OSSL_PARAM *params;
65 static const unsigned char expected[sizeof(out)] = {
66 0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0,
67 0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc
68 };
69
70 params = construct_tls1_prf_params("sha256", "secret", "seed");
71
72 ret = TEST_ptr(params)
73 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
74 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
75 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
76
77 EVP_KDF_CTX_free(kctx);
78 OPENSSL_free(params);
79 return ret;
80 }
81
test_kdf_tls1_prf_invalid_digest(void)82 static int test_kdf_tls1_prf_invalid_digest(void)
83 {
84 int ret;
85 EVP_KDF_CTX *kctx = NULL;
86 OSSL_PARAM *params;
87
88 params = construct_tls1_prf_params("blah", "secret", "seed");
89
90 ret = TEST_ptr(params)
91 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
92 && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
93
94 EVP_KDF_CTX_free(kctx);
95 OPENSSL_free(params);
96 return ret;
97 }
98
test_kdf_tls1_prf_zero_output_size(void)99 static int test_kdf_tls1_prf_zero_output_size(void)
100 {
101 int ret;
102 EVP_KDF_CTX *kctx = NULL;
103 unsigned char out[16];
104 OSSL_PARAM *params;
105
106 params = construct_tls1_prf_params("sha256", "secret", "seed");
107
108 /* Negative test - derive should fail */
109 ret = TEST_ptr(params)
110 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
111 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
112 && TEST_int_eq(EVP_KDF_derive(kctx, out, 0, NULL), 0);
113
114 EVP_KDF_CTX_free(kctx);
115 OPENSSL_free(params);
116 return ret;
117 }
118
test_kdf_tls1_prf_empty_secret(void)119 static int test_kdf_tls1_prf_empty_secret(void)
120 {
121 int ret;
122 EVP_KDF_CTX *kctx = NULL;
123 unsigned char out[16];
124 OSSL_PARAM *params;
125
126 params = construct_tls1_prf_params("sha256", "", "seed");
127
128 ret = TEST_ptr(params)
129 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
130 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
131
132 EVP_KDF_CTX_free(kctx);
133 OPENSSL_free(params);
134 return ret;
135 }
136
test_kdf_tls1_prf_1byte_secret(void)137 static int test_kdf_tls1_prf_1byte_secret(void)
138 {
139 int ret;
140 EVP_KDF_CTX *kctx = NULL;
141 unsigned char out[16];
142 OSSL_PARAM *params;
143
144 params = construct_tls1_prf_params("sha256", "1", "seed");
145
146 ret = TEST_ptr(params)
147 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
148 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
149
150 EVP_KDF_CTX_free(kctx);
151 OPENSSL_free(params);
152 return ret;
153 }
154
test_kdf_tls1_prf_empty_seed(void)155 static int test_kdf_tls1_prf_empty_seed(void)
156 {
157 int ret;
158 EVP_KDF_CTX *kctx = NULL;
159 unsigned char out[16];
160 OSSL_PARAM *params;
161
162 params = construct_tls1_prf_params("sha256", "secret", "");
163
164 /* Negative test - derive should fail */
165 ret = TEST_ptr(params)
166 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
167 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
168 && TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0);
169
170 EVP_KDF_CTX_free(kctx);
171 OPENSSL_free(params);
172 return ret;
173 }
174
test_kdf_tls1_prf_1byte_seed(void)175 static int test_kdf_tls1_prf_1byte_seed(void)
176 {
177 int ret;
178 EVP_KDF_CTX *kctx = NULL;
179 unsigned char out[16];
180 OSSL_PARAM *params;
181
182 params = construct_tls1_prf_params("sha256", "secret", "1");
183
184 ret = TEST_ptr(params)
185 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
186 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
187
188 EVP_KDF_CTX_free(kctx);
189 OPENSSL_free(params);
190 return ret;
191 }
192
construct_hkdf_params(char * digest,char * key,size_t keylen,char * salt,char * info)193 static OSSL_PARAM *construct_hkdf_params(char *digest, char *key,
194 size_t keylen, char *salt, char *info)
195 {
196 OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 5);
197 OSSL_PARAM *p = params;
198
199 if (params == NULL)
200 return NULL;
201
202 if (digest != NULL)
203 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
204 digest, 0);
205 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
206 salt, strlen(salt));
207 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
208 (unsigned char *)key, keylen);
209 if (info != NULL)
210 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
211 info, strlen(info));
212 else
213 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE,
214 "EXTRACT_ONLY", 0);
215 *p = OSSL_PARAM_construct_end();
216
217 return params;
218 }
219
test_kdf_hkdf(void)220 static int test_kdf_hkdf(void)
221 {
222 int ret;
223 EVP_KDF_CTX *kctx = NULL;
224 unsigned char out[10];
225 OSSL_PARAM *params;
226 static const unsigned char expected[sizeof(out)] = {
227 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13
228 };
229
230 params = construct_hkdf_params("sha256", "secret", 6, "salt", "label");
231
232 ret = TEST_ptr(params)
233 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
234 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
235 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
236
237 EVP_KDF_CTX_free(kctx);
238 OPENSSL_free(params);
239 return ret;
240 }
241
do_kdf_hkdf_gettables(int expand_only,int has_digest)242 static int do_kdf_hkdf_gettables(int expand_only, int has_digest)
243 {
244 int ret = 0;
245 size_t sz = 0;
246 OSSL_PARAM *params;
247 OSSL_PARAM params_get[2];
248 const OSSL_PARAM *gettables, *p;
249 EVP_KDF_CTX *kctx = NULL;
250
251 if (!TEST_ptr(params = construct_hkdf_params(
252 has_digest ? "sha256" : NULL,
253 "secret", 6, "salt",
254 expand_only ? NULL : "label"))
255 || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
256 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params)))
257 goto err;
258
259 /* Check OSSL_KDF_PARAM_SIZE is gettable */
260 if (!TEST_ptr(gettables = EVP_KDF_CTX_gettable_params(kctx))
261 || !TEST_ptr(p = OSSL_PARAM_locate_const(gettables, OSSL_KDF_PARAM_SIZE)))
262 goto err;
263
264 /* Get OSSL_KDF_PARAM_SIZE as a size_t */
265 params_get[0] = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_SIZE, &sz);
266 params_get[1] = OSSL_PARAM_construct_end();
267 if (has_digest) {
268 if (!TEST_int_eq(EVP_KDF_CTX_get_params(kctx, params_get), 1)
269 || !TEST_size_t_eq(sz, expand_only ? SHA256_DIGEST_LENGTH : SIZE_MAX))
270 goto err;
271 } else {
272 if (!TEST_int_eq(EVP_KDF_CTX_get_params(kctx, params_get), 0))
273 goto err;
274 }
275
276 /* Get params returns -2 if an unsupported parameter is requested */
277 params_get[0] = OSSL_PARAM_construct_end();
278 if (!TEST_int_eq(EVP_KDF_CTX_get_params(kctx, params_get), -2))
279 goto err;
280 ret = 1;
281 err:
282 EVP_KDF_CTX_free(kctx);
283 OPENSSL_free(params);
284 return ret;
285 }
286
test_kdf_hkdf_gettables(void)287 static int test_kdf_hkdf_gettables(void)
288 {
289 return do_kdf_hkdf_gettables(0, 1);
290 }
291
test_kdf_hkdf_gettables_expandonly(void)292 static int test_kdf_hkdf_gettables_expandonly(void)
293 {
294 return do_kdf_hkdf_gettables(1, 1);
295 }
296
test_kdf_hkdf_gettables_no_digest(void)297 static int test_kdf_hkdf_gettables_no_digest(void)
298 {
299 return do_kdf_hkdf_gettables(1, 0);
300 }
301
test_kdf_hkdf_invalid_digest(void)302 static int test_kdf_hkdf_invalid_digest(void)
303 {
304 int ret;
305 EVP_KDF_CTX *kctx = NULL;
306 OSSL_PARAM *params;
307
308 params = construct_hkdf_params("blah", "secret", 6, "salt", "label");
309
310 ret = TEST_ptr(params)
311 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
312 && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
313
314 EVP_KDF_CTX_free(kctx);
315 OPENSSL_free(params);
316 return ret;
317 }
318
test_kdf_hkdf_derive_set_params_fail(void)319 static int test_kdf_hkdf_derive_set_params_fail(void)
320 {
321 int ret = 0, i = 0;
322 EVP_KDF_CTX *kctx = NULL;
323 OSSL_PARAM params[2];
324 unsigned char out[10];
325
326 if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)))
327 goto end;
328 /*
329 * Set the wrong type for the digest so that it causes a failure
330 * inside kdf_hkdf_derive() when kdf_hkdf_set_ctx_params() is called
331 */
332 params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_DIGEST, &i);
333 params[1] = OSSL_PARAM_construct_end();
334 if (!TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), params), 0))
335 goto end;
336 ret = 1;
337 end:
338 EVP_KDF_CTX_free(kctx);
339 return ret;
340 }
341
test_kdf_hkdf_set_invalid_mode(void)342 static int test_kdf_hkdf_set_invalid_mode(void)
343 {
344 int ret = 0, bad_mode = 100;
345 EVP_KDF_CTX *kctx = NULL;
346 OSSL_PARAM params[2];
347
348 if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)))
349 goto end;
350 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE,
351 "BADMODE", 0);
352 params[1] = OSSL_PARAM_construct_end();
353 if (!TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 0))
354 goto end;
355
356 params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE, &bad_mode);
357 if (!TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 0))
358 goto end;
359
360 ret = 1;
361 end:
362 EVP_KDF_CTX_free(kctx);
363 return ret;
364 }
365
do_kdf_hkdf_set_invalid_param(const char * key,int type)366 static int do_kdf_hkdf_set_invalid_param(const char *key, int type)
367 {
368 int ret = 0;
369 EVP_KDF_CTX *kctx = NULL;
370 OSSL_PARAM params[2];
371 unsigned char buf[2];
372
373 if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)))
374 goto end;
375 /* Set the wrong type for the key so that it causes a failure */
376 if (type == OSSL_PARAM_UTF8_STRING)
377 params[0] = OSSL_PARAM_construct_utf8_string(key, "BAD", 0);
378 else
379 params[0] = OSSL_PARAM_construct_octet_string(key, buf, sizeof(buf));
380 params[1] = OSSL_PARAM_construct_end();
381 if (!TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 0))
382 goto end;
383
384 ret = 1;
385 end:
386 EVP_KDF_CTX_free(kctx);
387 return ret;
388 }
389
test_kdf_hkdf_set_ctx_param_fail(void)390 static int test_kdf_hkdf_set_ctx_param_fail(void)
391 {
392 return do_kdf_hkdf_set_invalid_param(OSSL_KDF_PARAM_MODE,
393 OSSL_PARAM_OCTET_STRING)
394 && do_kdf_hkdf_set_invalid_param(OSSL_KDF_PARAM_KEY,
395 OSSL_PARAM_UTF8_STRING)
396 && do_kdf_hkdf_set_invalid_param(OSSL_KDF_PARAM_SALT,
397 OSSL_PARAM_UTF8_STRING)
398 && do_kdf_hkdf_set_invalid_param(OSSL_KDF_PARAM_INFO,
399 OSSL_PARAM_UTF8_STRING);
400 }
401
test_kdf_hkdf_zero_output_size(void)402 static int test_kdf_hkdf_zero_output_size(void)
403 {
404 int ret;
405 EVP_KDF_CTX *kctx = NULL;
406 unsigned char out[10];
407 OSSL_PARAM *params;
408
409 params = construct_hkdf_params("sha256", "secret", 6, "salt", "label");
410
411 /* Negative test - derive should fail */
412 ret = TEST_ptr(params)
413 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
414 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
415 && TEST_int_eq(EVP_KDF_derive(kctx, out, 0, NULL), 0);
416
417 EVP_KDF_CTX_free(kctx);
418 OPENSSL_free(params);
419 return ret;
420 }
421
test_kdf_hkdf_empty_key(void)422 static int test_kdf_hkdf_empty_key(void)
423 {
424 int ret;
425 EVP_KDF_CTX *kctx = NULL;
426 unsigned char out[10];
427 OSSL_PARAM *params;
428
429 params = construct_hkdf_params("sha256", "", 0, "salt", "label");
430
431 ret = TEST_ptr(params)
432 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
433 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
434
435 EVP_KDF_CTX_free(kctx);
436 OPENSSL_free(params);
437 return ret;
438 }
439
test_kdf_hkdf_1byte_key(void)440 static int test_kdf_hkdf_1byte_key(void)
441 {
442 int ret;
443 EVP_KDF_CTX *kctx = NULL;
444 unsigned char out[10];
445 OSSL_PARAM *params;
446
447 params = construct_hkdf_params("sha256", "1", 1, "salt", "label");
448
449 ret = TEST_ptr(params)
450 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
451 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
452
453 EVP_KDF_CTX_free(kctx);
454 OPENSSL_free(params);
455 return ret;
456 }
457
test_kdf_hkdf_empty_salt(void)458 static int test_kdf_hkdf_empty_salt(void)
459 {
460 int ret;
461 EVP_KDF_CTX *kctx = NULL;
462 unsigned char out[10];
463 OSSL_PARAM *params;
464
465 params = construct_hkdf_params("sha256", "secret", 6, "", "label");
466
467 ret = TEST_ptr(params)
468 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
469 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
470
471 EVP_KDF_CTX_free(kctx);
472 OPENSSL_free(params);
473 return ret;
474 }
475
construct_pbkdf1_params(char * pass,char * digest,char * salt,unsigned int * iter)476 static OSSL_PARAM *construct_pbkdf1_params(char *pass, char *digest, char *salt,
477 unsigned int *iter)
478 {
479 OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 5);
480 OSSL_PARAM *p = params;
481
482 if (params == NULL)
483 return NULL;
484
485 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
486 (unsigned char *)pass, strlen(pass));
487 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
488 (unsigned char *)salt, strlen(salt));
489 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_ITER, iter);
490 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
491 digest, 0);
492 *p = OSSL_PARAM_construct_end();
493
494 return params;
495 }
496
test_kdf_pbkdf1(void)497 static int test_kdf_pbkdf1(void)
498 {
499 int ret = 0;
500 EVP_KDF_CTX *kctx = NULL;
501 unsigned char out[25];
502 unsigned int iterations = 4096;
503 OSSL_LIB_CTX *libctx = NULL;
504 OSSL_PARAM *params = NULL;
505 OSSL_PROVIDER *legacyprov = NULL;
506 OSSL_PROVIDER *defprov = NULL;
507 const unsigned char expected[sizeof(out)] = {
508 0xfb, 0x83, 0x4d, 0x36, 0x6d, 0xbc, 0x53, 0x87, 0x35, 0x1b, 0x34, 0x75,
509 0x95, 0x88, 0x32, 0x4f, 0x3e, 0x82, 0x81, 0x01, 0x21, 0x93, 0x64, 0x00,
510 0xcc
511 };
512
513 if (!TEST_ptr(libctx = OSSL_LIB_CTX_new()))
514 goto err;
515
516 /* PBKDF1 only available in the legacy provider */
517 legacyprov = OSSL_PROVIDER_load(libctx, "legacy");
518 if (legacyprov == NULL) {
519 OSSL_LIB_CTX_free(libctx);
520 return TEST_skip("PBKDF1 only available in legacy provider");
521 }
522
523 if (!TEST_ptr(defprov = OSSL_PROVIDER_load(libctx, "default")))
524 goto err;
525
526 params = construct_pbkdf1_params("passwordPASSWORDpassword", "sha256",
527 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
528 &iterations);
529
530 if (!TEST_ptr(params)
531 || !TEST_ptr(kctx = get_kdfbyname_libctx(libctx, OSSL_KDF_NAME_PBKDF1))
532 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
533 || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)
534 || !TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)))
535 goto err;
536
537 ret = 1;
538 err:
539 EVP_KDF_CTX_free(kctx);
540 OPENSSL_free(params);
541 OSSL_PROVIDER_unload(defprov);
542 OSSL_PROVIDER_unload(legacyprov);
543 OSSL_LIB_CTX_free(libctx);
544 return ret;
545 }
546
construct_pbkdf2_params(char * pass,char * digest,char * salt,unsigned int * iter,int * mode)547 static OSSL_PARAM *construct_pbkdf2_params(char *pass, char *digest, char *salt,
548 unsigned int *iter, int *mode)
549 {
550 OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 6);
551 OSSL_PARAM *p = params;
552
553 if (params == NULL)
554 return NULL;
555
556 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
557 (unsigned char *)pass, strlen(pass));
558 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
559 (unsigned char *)salt, strlen(salt));
560 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_ITER, iter);
561 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
562 digest, 0);
563 *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, mode);
564 *p = OSSL_PARAM_construct_end();
565
566 return params;
567 }
568
test_kdf_pbkdf2(void)569 static int test_kdf_pbkdf2(void)
570 {
571 int ret = 0;
572 EVP_KDF_CTX *kctx = NULL;
573 unsigned char out[25];
574 unsigned int iterations = 4096;
575 int mode = 0;
576 OSSL_PARAM *params;
577 const unsigned char expected[sizeof(out)] = {
578 0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f,
579 0x32, 0xd8, 0x14, 0xb8, 0x11, 0x6e, 0x84, 0xcf,
580 0x2b, 0x17, 0x34, 0x7e, 0xbc, 0x18, 0x00, 0x18,
581 0x1c
582 };
583
584 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
585 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
586 &iterations, &mode);
587
588 if (!TEST_ptr(params)
589 || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
590 || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
591 || !TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)))
592 goto err;
593
594 ret = 1;
595 err:
596 EVP_KDF_CTX_free(kctx);
597 OPENSSL_free(params);
598 return ret;
599 }
600
test_kdf_pbkdf2_small_output(void)601 static int test_kdf_pbkdf2_small_output(void)
602 {
603 int ret = 0;
604 EVP_KDF_CTX *kctx = NULL;
605 unsigned char out[25];
606 unsigned int iterations = 4096;
607 int mode = 0;
608 OSSL_PARAM *params;
609
610 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
611 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
612 &iterations, &mode);
613
614 if (!TEST_ptr(params)
615 || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
616 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
617 /* A key length that is too small should fail */
618 || !TEST_int_eq(EVP_KDF_derive(kctx, out, 112 / 8 - 1, NULL), 0))
619 goto err;
620
621 ret = 1;
622 err:
623 EVP_KDF_CTX_free(kctx);
624 OPENSSL_free(params);
625 return ret;
626 }
627
test_kdf_pbkdf2_large_output(void)628 static int test_kdf_pbkdf2_large_output(void)
629 {
630 int ret = 0;
631 EVP_KDF_CTX *kctx = NULL;
632 unsigned char out[25];
633 size_t len = 0;
634 unsigned int iterations = 4096;
635 int mode = 0;
636 OSSL_PARAM *params;
637
638 if (sizeof(len) > 32)
639 len = SIZE_MAX;
640
641 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
642 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
643 &iterations, &mode);
644
645 if (!TEST_ptr(params)
646 || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
647 /* A key length that is too large should fail */
648 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
649 || (len != 0 && !TEST_int_eq(EVP_KDF_derive(kctx, out, len, NULL), 0)))
650 goto err;
651
652 ret = 1;
653 err:
654 EVP_KDF_CTX_free(kctx);
655 OPENSSL_free(params);
656 return ret;
657 }
658
test_kdf_pbkdf2_small_salt(void)659 static int test_kdf_pbkdf2_small_salt(void)
660 {
661 int ret = 0;
662 EVP_KDF_CTX *kctx = NULL;
663 unsigned int iterations = 4096;
664 int mode = 0;
665 OSSL_PARAM *params;
666
667 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
668 "saltSALT",
669 &iterations, &mode);
670
671 if (!TEST_ptr(params)
672 || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
673 /* A salt that is too small should fail */
674 || !TEST_false(EVP_KDF_CTX_set_params(kctx, params)))
675 goto err;
676
677 ret = 1;
678 err:
679 EVP_KDF_CTX_free(kctx);
680 OPENSSL_free(params);
681 return ret;
682 }
683
test_kdf_pbkdf2_small_iterations(void)684 static int test_kdf_pbkdf2_small_iterations(void)
685 {
686 int ret = 0;
687 EVP_KDF_CTX *kctx = NULL;
688 unsigned int iterations = 1;
689 int mode = 0;
690 OSSL_PARAM *params;
691
692 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
693 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
694 &iterations, &mode);
695
696 if (!TEST_ptr(params)
697 || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
698 /* An iteration count that is too small should fail */
699 || !TEST_false(EVP_KDF_CTX_set_params(kctx, params)))
700 goto err;
701
702 ret = 1;
703 err:
704 EVP_KDF_CTX_free(kctx);
705 OPENSSL_free(params);
706 return ret;
707 }
708
test_kdf_pbkdf2_small_salt_pkcs5(void)709 static int test_kdf_pbkdf2_small_salt_pkcs5(void)
710 {
711 int ret = 0;
712 EVP_KDF_CTX *kctx = NULL;
713 unsigned char out[25];
714 unsigned int iterations = 4096;
715 int mode = 1;
716 OSSL_PARAM *params;
717 OSSL_PARAM mode_params[2];
718
719 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
720 "saltSALT",
721 &iterations, &mode);
722
723 if (!TEST_ptr(params)
724 || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
725 /* A salt that is too small should pass in pkcs5 mode */
726 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
727 || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0))
728 goto err;
729
730 mode = 0;
731 mode_params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &mode);
732 mode_params[1] = OSSL_PARAM_construct_end();
733
734 /* If the "pkcs5" mode is disabled then the derive will now fail */
735 if (!TEST_true(EVP_KDF_CTX_set_params(kctx, mode_params))
736 || !TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0))
737 goto err;
738
739 ret = 1;
740 err:
741 EVP_KDF_CTX_free(kctx);
742 OPENSSL_free(params);
743 return ret;
744 }
745
test_kdf_pbkdf2_small_iterations_pkcs5(void)746 static int test_kdf_pbkdf2_small_iterations_pkcs5(void)
747 {
748 int ret = 0;
749 EVP_KDF_CTX *kctx = NULL;
750 unsigned char out[25];
751 unsigned int iterations = 1;
752 int mode = 1;
753 OSSL_PARAM *params;
754 OSSL_PARAM mode_params[2];
755
756 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
757 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
758 &iterations, &mode);
759
760 if (!TEST_ptr(params)
761 || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
762 /* An iteration count that is too small will pass in pkcs5 mode */
763 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
764 || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0))
765 goto err;
766
767 mode = 0;
768 mode_params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &mode);
769 mode_params[1] = OSSL_PARAM_construct_end();
770
771 /* If the "pkcs5" mode is disabled then the derive will now fail */
772 if (!TEST_true(EVP_KDF_CTX_set_params(kctx, mode_params))
773 || !TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0))
774 goto err;
775
776 ret = 1;
777 err:
778 EVP_KDF_CTX_free(kctx);
779 OPENSSL_free(params);
780 return ret;
781 }
782
test_kdf_pbkdf2_invalid_digest(void)783 static int test_kdf_pbkdf2_invalid_digest(void)
784 {
785 int ret = 0;
786 EVP_KDF_CTX *kctx = NULL;
787 unsigned int iterations = 4096;
788 int mode = 0;
789 OSSL_PARAM *params;
790
791 params = construct_pbkdf2_params("passwordPASSWORDpassword", "blah",
792 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
793 &iterations, &mode);
794
795 if (!TEST_ptr(params)
796 || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
797 /* Unknown digest should fail */
798 || !TEST_false(EVP_KDF_CTX_set_params(kctx, params)))
799 goto err;
800
801 ret = 1;
802 err:
803 EVP_KDF_CTX_free(kctx);
804 OPENSSL_free(params);
805 return ret;
806 }
807
808 #ifndef OPENSSL_NO_SCRYPT
test_kdf_scrypt(void)809 static int test_kdf_scrypt(void)
810 {
811 int ret;
812 EVP_KDF_CTX *kctx;
813 OSSL_PARAM params[7], *p = params;
814 unsigned char out[64];
815 unsigned int nu = 1024, ru = 8, pu = 16, maxmem = 16;
816 static const unsigned char expected[sizeof(out)] = {
817 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
818 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
819 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
820 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
821 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
822 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
823 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
824 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
825 };
826
827 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
828 (char *)"password", 8);
829 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
830 (char *)"NaCl", 4);
831 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_N, &nu);
832 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_R, &ru);
833 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_P, &pu);
834 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_MAXMEM, &maxmem);
835 *p = OSSL_PARAM_construct_end();
836
837 ret =
838 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SCRYPT))
839 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
840 /* failure test *//*
841 && TEST_int_le(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)*/
842 && TEST_true(OSSL_PARAM_set_uint(p - 1, 10 * 1024 * 1024))
843 && TEST_true(EVP_KDF_CTX_set_params(kctx, p - 1))
844 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)
845 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
846
847 EVP_KDF_CTX_free(kctx);
848 return ret;
849 }
850 #endif /* OPENSSL_NO_SCRYPT */
851
test_kdf_ss_hash(void)852 static int test_kdf_ss_hash(void)
853 {
854 int ret;
855 EVP_KDF_CTX *kctx;
856 OSSL_PARAM params[4], *p = params;
857 unsigned char out[14];
858 static unsigned char z[] = {
859 0x6d,0xbd,0xc2,0x3f,0x04,0x54,0x88,0xe4,0x06,0x27,0x57,0xb0,0x6b,0x9e,
860 0xba,0xe1,0x83,0xfc,0x5a,0x59,0x46,0xd8,0x0d,0xb9,0x3f,0xec,0x6f,0x62,
861 0xec,0x07,0xe3,0x72,0x7f,0x01,0x26,0xae,0xd1,0x2c,0xe4,0xb2,0x62,0xf4,
862 0x7d,0x48,0xd5,0x42,0x87,0xf8,0x1d,0x47,0x4c,0x7c,0x3b,0x18,0x50,0xe9
863 };
864 static unsigned char other[] = {
865 0xa1,0xb2,0xc3,0xd4,0xe5,0x43,0x41,0x56,0x53,0x69,0x64,0x3c,0x83,0x2e,
866 0x98,0x49,0xdc,0xdb,0xa7,0x1e,0x9a,0x31,0x39,0xe6,0x06,0xe0,0x95,0xde,
867 0x3c,0x26,0x4a,0x66,0xe9,0x8a,0x16,0x58,0x54,0xcd,0x07,0x98,0x9b,0x1e,
868 0xe0,0xec,0x3f,0x8d,0xbe
869 };
870 static const unsigned char expected[sizeof(out)] = {
871 0xa4,0x62,0xde,0x16,0xa8,0x9d,0xe8,0x46,0x6e,0xf5,0x46,0x0b,0x47,0xb8
872 };
873
874 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
875 (char *)"sha224", 0);
876 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
877 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
878 sizeof(other));
879 *p = OSSL_PARAM_construct_end();
880
881 ret =
882 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
883 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
884 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
885
886 EVP_KDF_CTX_free(kctx);
887 return ret;
888 }
889
test_kdf_x963(void)890 static int test_kdf_x963(void)
891 {
892 int ret;
893 EVP_KDF_CTX *kctx;
894 OSSL_PARAM params[4], *p = params;
895 unsigned char out[1024 / 8];
896 /*
897 * Test data from https://csrc.nist.gov/CSRC/media/Projects/
898 * Cryptographic-Algorithm-Validation-Program/documents/components/
899 * 800-135testvectors/ansx963_2001.zip
900 */
901 static unsigned char z[] = {
902 0x00, 0xaa, 0x5b, 0xb7, 0x9b, 0x33, 0xe3, 0x89, 0xfa, 0x58, 0xce, 0xad,
903 0xc0, 0x47, 0x19, 0x7f, 0x14, 0xe7, 0x37, 0x12, 0xf4, 0x52, 0xca, 0xa9,
904 0xfc, 0x4c, 0x9a, 0xdb, 0x36, 0x93, 0x48, 0xb8, 0x15, 0x07, 0x39, 0x2f,
905 0x1a, 0x86, 0xdd, 0xfd, 0xb7, 0xc4, 0xff, 0x82, 0x31, 0xc4, 0xbd, 0x0f,
906 0x44, 0xe4, 0x4a, 0x1b, 0x55, 0xb1, 0x40, 0x47, 0x47, 0xa9, 0xe2, 0xe7,
907 0x53, 0xf5, 0x5e, 0xf0, 0x5a, 0x2d
908 };
909 static unsigned char shared[] = {
910 0xe3, 0xb5, 0xb4, 0xc1, 0xb0, 0xd5, 0xcf, 0x1d, 0x2b, 0x3a, 0x2f, 0x99,
911 0x37, 0x89, 0x5d, 0x31
912 };
913 static const unsigned char expected[sizeof(out)] = {
914 0x44, 0x63, 0xf8, 0x69, 0xf3, 0xcc, 0x18, 0x76, 0x9b, 0x52, 0x26, 0x4b,
915 0x01, 0x12, 0xb5, 0x85, 0x8f, 0x7a, 0xd3, 0x2a, 0x5a, 0x2d, 0x96, 0xd8,
916 0xcf, 0xfa, 0xbf, 0x7f, 0xa7, 0x33, 0x63, 0x3d, 0x6e, 0x4d, 0xd2, 0xa5,
917 0x99, 0xac, 0xce, 0xb3, 0xea, 0x54, 0xa6, 0x21, 0x7c, 0xe0, 0xb5, 0x0e,
918 0xef, 0x4f, 0x6b, 0x40, 0xa5, 0xc3, 0x02, 0x50, 0xa5, 0xa8, 0xee, 0xee,
919 0x20, 0x80, 0x02, 0x26, 0x70, 0x89, 0xdb, 0xf3, 0x51, 0xf3, 0xf5, 0x02,
920 0x2a, 0xa9, 0x63, 0x8b, 0xf1, 0xee, 0x41, 0x9d, 0xea, 0x9c, 0x4f, 0xf7,
921 0x45, 0xa2, 0x5a, 0xc2, 0x7b, 0xda, 0x33, 0xca, 0x08, 0xbd, 0x56, 0xdd,
922 0x1a, 0x59, 0xb4, 0x10, 0x6c, 0xf2, 0xdb, 0xbc, 0x0a, 0xb2, 0xaa, 0x8e,
923 0x2e, 0xfa, 0x7b, 0x17, 0x90, 0x2d, 0x34, 0x27, 0x69, 0x51, 0xce, 0xcc,
924 0xab, 0x87, 0xf9, 0x66, 0x1c, 0x3e, 0x88, 0x16
925 };
926
927 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
928 (char *)"sha512", 0);
929 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
930 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, shared,
931 sizeof(shared));
932 *p = OSSL_PARAM_construct_end();
933
934 ret =
935 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X963KDF))
936 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
937 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
938
939 EVP_KDF_CTX_free(kctx);
940 return ret;
941 }
942
943 #if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_CAMELLIA)
944 /*
945 * KBKDF test vectors from RFC 6803 (Camellia Encryption for Kerberos 5)
946 * section 10.
947 */
test_kdf_kbkdf_6803_128(void)948 static int test_kdf_kbkdf_6803_128(void)
949 {
950 int ret = 0, i, p;
951 EVP_KDF_CTX *kctx;
952 OSSL_PARAM params[7];
953 static unsigned char input_key[] = {
954 0x57, 0xD0, 0x29, 0x72, 0x98, 0xFF, 0xD9, 0xD3,
955 0x5D, 0xE5, 0xA4, 0x7F, 0xB4, 0xBD, 0xE2, 0x4B,
956 };
957 static unsigned char constants[][5] = {
958 { 0x00, 0x00, 0x00, 0x02, 0x99 },
959 { 0x00, 0x00, 0x00, 0x02, 0xaa },
960 { 0x00, 0x00, 0x00, 0x02, 0x55 },
961 };
962 static unsigned char outputs[][16] = {
963 {0xD1, 0x55, 0x77, 0x5A, 0x20, 0x9D, 0x05, 0xF0,
964 0x2B, 0x38, 0xD4, 0x2A, 0x38, 0x9E, 0x5A, 0x56},
965 {0x64, 0xDF, 0x83, 0xF8, 0x5A, 0x53, 0x2F, 0x17,
966 0x57, 0x7D, 0x8C, 0x37, 0x03, 0x57, 0x96, 0xAB},
967 {0x3E, 0x4F, 0xBD, 0xF3, 0x0F, 0xB8, 0x25, 0x9C,
968 0x42, 0x5C, 0xB6, 0xC9, 0x6F, 0x1F, 0x46, 0x35}
969 };
970 static unsigned char iv[16] = { 0 };
971 unsigned char result[16] = { 0 };
972
973 for (i = 0; i < 3; i++) {
974 p = 0;
975 params[p++] = OSSL_PARAM_construct_utf8_string(
976 OSSL_KDF_PARAM_CIPHER, "CAMELLIA-128-CBC", 0);
977 params[p++] = OSSL_PARAM_construct_utf8_string(
978 OSSL_KDF_PARAM_MAC, "CMAC", 0);
979 params[p++] = OSSL_PARAM_construct_utf8_string(
980 OSSL_KDF_PARAM_MODE, "FEEDBACK", 0);
981 params[p++] = OSSL_PARAM_construct_octet_string(
982 OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
983 params[p++] = OSSL_PARAM_construct_octet_string(
984 OSSL_KDF_PARAM_SALT, constants[i], sizeof(constants[i]));
985 params[p++] = OSSL_PARAM_construct_octet_string(
986 OSSL_KDF_PARAM_SEED, iv, sizeof(iv));
987 params[p] = OSSL_PARAM_construct_end();
988
989 kctx = get_kdfbyname("KBKDF");
990 ret = TEST_ptr(kctx)
991 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result),
992 params), 0)
993 && TEST_mem_eq(result, sizeof(result), outputs[i],
994 sizeof(outputs[i]));
995 EVP_KDF_CTX_free(kctx);
996 if (ret != 1)
997 return ret;
998 }
999
1000 return ret;
1001 }
1002
test_kdf_kbkdf_6803_256(void)1003 static int test_kdf_kbkdf_6803_256(void)
1004 {
1005 int ret = 0, i, p;
1006 EVP_KDF_CTX *kctx;
1007 OSSL_PARAM params[7];
1008 static unsigned char input_key[] = {
1009 0xB9, 0xD6, 0x82, 0x8B, 0x20, 0x56, 0xB7, 0xBE,
1010 0x65, 0x6D, 0x88, 0xA1, 0x23, 0xB1, 0xFA, 0xC6,
1011 0x82, 0x14, 0xAC, 0x2B, 0x72, 0x7E, 0xCF, 0x5F,
1012 0x69, 0xAF, 0xE0, 0xC4, 0xDF, 0x2A, 0x6D, 0x2C,
1013 };
1014 static unsigned char constants[][5] = {
1015 { 0x00, 0x00, 0x00, 0x02, 0x99 },
1016 { 0x00, 0x00, 0x00, 0x02, 0xaa },
1017 { 0x00, 0x00, 0x00, 0x02, 0x55 },
1018 };
1019 static unsigned char outputs[][32] = {
1020 {0xE4, 0x67, 0xF9, 0xA9, 0x55, 0x2B, 0xC7, 0xD3,
1021 0x15, 0x5A, 0x62, 0x20, 0xAF, 0x9C, 0x19, 0x22,
1022 0x0E, 0xEE, 0xD4, 0xFF, 0x78, 0xB0, 0xD1, 0xE6,
1023 0xA1, 0x54, 0x49, 0x91, 0x46, 0x1A, 0x9E, 0x50,
1024 },
1025 {0x41, 0x2A, 0xEF, 0xC3, 0x62, 0xA7, 0x28, 0x5F,
1026 0xC3, 0x96, 0x6C, 0x6A, 0x51, 0x81, 0xE7, 0x60,
1027 0x5A, 0xE6, 0x75, 0x23, 0x5B, 0x6D, 0x54, 0x9F,
1028 0xBF, 0xC9, 0xAB, 0x66, 0x30, 0xA4, 0xC6, 0x04,
1029 },
1030 {0xFA, 0x62, 0x4F, 0xA0, 0xE5, 0x23, 0x99, 0x3F,
1031 0xA3, 0x88, 0xAE, 0xFD, 0xC6, 0x7E, 0x67, 0xEB,
1032 0xCD, 0x8C, 0x08, 0xE8, 0xA0, 0x24, 0x6B, 0x1D,
1033 0x73, 0xB0, 0xD1, 0xDD, 0x9F, 0xC5, 0x82, 0xB0,
1034 },
1035 };
1036 static unsigned char iv[16] = { 0 };
1037 unsigned char result[32] = { 0 };
1038
1039 for (i = 0; i < 3; i++) {
1040 p = 0;
1041 params[p++] = OSSL_PARAM_construct_utf8_string(
1042 OSSL_KDF_PARAM_CIPHER, "CAMELLIA-256-CBC", 0);
1043 params[p++] = OSSL_PARAM_construct_utf8_string(
1044 OSSL_KDF_PARAM_MAC, "CMAC", 0);
1045 params[p++] = OSSL_PARAM_construct_utf8_string(
1046 OSSL_KDF_PARAM_MODE, "FEEDBACK", 0);
1047 params[p++] = OSSL_PARAM_construct_octet_string(
1048 OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
1049 params[p++] = OSSL_PARAM_construct_octet_string(
1050 OSSL_KDF_PARAM_SALT, constants[i], sizeof(constants[i]));
1051 params[p++] = OSSL_PARAM_construct_octet_string(
1052 OSSL_KDF_PARAM_SEED, iv, sizeof(iv));
1053 params[p] = OSSL_PARAM_construct_end();
1054
1055 kctx = get_kdfbyname("KBKDF");
1056 ret = TEST_ptr(kctx)
1057 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result),
1058 params), 0)
1059 && TEST_mem_eq(result, sizeof(result), outputs[i],
1060 sizeof(outputs[i]));
1061 EVP_KDF_CTX_free(kctx);
1062 if (ret != 1)
1063 return ret;
1064 }
1065
1066 return ret;
1067 }
1068 #endif
1069
construct_kbkdf_params(char * digest,char * mac,unsigned char * key,size_t keylen,char * salt,char * info)1070 static OSSL_PARAM *construct_kbkdf_params(char *digest, char *mac, unsigned char *key,
1071 size_t keylen, char *salt, char *info)
1072 {
1073 OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 7);
1074 OSSL_PARAM *p = params;
1075
1076 if (params == NULL)
1077 return NULL;
1078
1079 *p++ = OSSL_PARAM_construct_utf8_string(
1080 OSSL_KDF_PARAM_DIGEST, digest, 0);
1081 *p++ = OSSL_PARAM_construct_utf8_string(
1082 OSSL_KDF_PARAM_MAC, mac, 0);
1083 *p++ = OSSL_PARAM_construct_utf8_string(
1084 OSSL_KDF_PARAM_MODE, "COUNTER", 0);
1085 *p++ = OSSL_PARAM_construct_octet_string(
1086 OSSL_KDF_PARAM_KEY, key, keylen);
1087 *p++ = OSSL_PARAM_construct_octet_string(
1088 OSSL_KDF_PARAM_SALT, salt, strlen(salt));
1089 *p++ = OSSL_PARAM_construct_octet_string(
1090 OSSL_KDF_PARAM_INFO, info, strlen(info));
1091 *p = OSSL_PARAM_construct_end();
1092
1093 return params;
1094 }
1095
test_kdf_kbkdf_invalid_digest(void)1096 static int test_kdf_kbkdf_invalid_digest(void)
1097 {
1098 int ret;
1099 EVP_KDF_CTX *kctx;
1100 OSSL_PARAM *params;
1101
1102 static unsigned char key[] = {0x01};
1103
1104 params = construct_kbkdf_params("blah", "HMAC", key, 1, "prf", "test");
1105 if (!TEST_ptr(params))
1106 return 0;
1107
1108 /* Negative test case - set_params should fail */
1109 kctx = get_kdfbyname("KBKDF");
1110 ret = TEST_ptr(kctx)
1111 && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
1112
1113 EVP_KDF_CTX_free(kctx);
1114 OPENSSL_free(params);
1115 return ret;
1116 }
1117
test_kdf_kbkdf_invalid_mac(void)1118 static int test_kdf_kbkdf_invalid_mac(void)
1119 {
1120 int ret;
1121 EVP_KDF_CTX *kctx;
1122 OSSL_PARAM *params;
1123
1124 static unsigned char key[] = {0x01};
1125
1126 params = construct_kbkdf_params("sha256", "blah", key, 1, "prf", "test");
1127 if (!TEST_ptr(params))
1128 return 0;
1129
1130 /* Negative test case - set_params should fail */
1131 kctx = get_kdfbyname("KBKDF");
1132 ret = TEST_ptr(kctx)
1133 && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
1134
1135 EVP_KDF_CTX_free(kctx);
1136 OPENSSL_free(params);
1137 return ret;
1138 }
1139
test_kdf_kbkdf_empty_key(void)1140 static int test_kdf_kbkdf_empty_key(void)
1141 {
1142 int ret;
1143 EVP_KDF_CTX *kctx;
1144 OSSL_PARAM *params;
1145
1146 static unsigned char key[] = {0x01};
1147 unsigned char result[32] = { 0 };
1148
1149 params = construct_kbkdf_params("sha256", "HMAC", key, 0, "prf", "test");
1150 if (!TEST_ptr(params))
1151 return 0;
1152
1153 /* Negative test case - derive should fail */
1154 kctx = get_kdfbyname("KBKDF");
1155 ret = TEST_ptr(kctx)
1156 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
1157 && TEST_int_eq(EVP_KDF_derive(kctx, result, sizeof(result), NULL), 0);
1158
1159 EVP_KDF_CTX_free(kctx);
1160 OPENSSL_free(params);
1161 return ret;
1162 }
1163
test_kdf_kbkdf_1byte_key(void)1164 static int test_kdf_kbkdf_1byte_key(void)
1165 {
1166 int ret;
1167 EVP_KDF_CTX *kctx;
1168 OSSL_PARAM *params;
1169
1170 static unsigned char key[] = {0x01};
1171 unsigned char result[32] = { 0 };
1172
1173 params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test");
1174 if (!TEST_ptr(params))
1175 return 0;
1176
1177 kctx = get_kdfbyname("KBKDF");
1178 ret = TEST_ptr(kctx)
1179 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), params), 0);
1180
1181 EVP_KDF_CTX_free(kctx);
1182 OPENSSL_free(params);
1183 return ret;
1184 }
1185
test_kdf_kbkdf_zero_output_size(void)1186 static int test_kdf_kbkdf_zero_output_size(void)
1187 {
1188 int ret;
1189 EVP_KDF_CTX *kctx;
1190 OSSL_PARAM *params;
1191
1192 static unsigned char key[] = {0x01};
1193 unsigned char result[32] = { 0 };
1194
1195 params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test");
1196 if (!TEST_ptr(params))
1197 return 0;
1198
1199 /* Negative test case - derive should fail */
1200 kctx = get_kdfbyname("KBKDF");
1201 ret = TEST_ptr(kctx)
1202 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
1203 && TEST_int_eq(EVP_KDF_derive(kctx, result, 0, NULL), 0);
1204
1205 EVP_KDF_CTX_free(kctx);
1206 OPENSSL_free(params);
1207 return ret;
1208 }
1209
1210 /* Two test vectors from RFC 8009 (AES Encryption with HMAC-SHA2 for Kerberos
1211 * 5) appendix A. */
test_kdf_kbkdf_8009_prf1(void)1212 static int test_kdf_kbkdf_8009_prf1(void)
1213 {
1214 int ret, i = 0;
1215 EVP_KDF_CTX *kctx;
1216 OSSL_PARAM params[6];
1217 char *label = "prf", *digest = "sha256", *prf_input = "test",
1218 *mac = "HMAC";
1219 static unsigned char input_key[] = {
1220 0x37, 0x05, 0xD9, 0x60, 0x80, 0xC1, 0x77, 0x28,
1221 0xA0, 0xE8, 0x00, 0xEA, 0xB6, 0xE0, 0xD2, 0x3C,
1222 };
1223 static unsigned char output[] = {
1224 0x9D, 0x18, 0x86, 0x16, 0xF6, 0x38, 0x52, 0xFE,
1225 0x86, 0x91, 0x5B, 0xB8, 0x40, 0xB4, 0xA8, 0x86,
1226 0xFF, 0x3E, 0x6B, 0xB0, 0xF8, 0x19, 0xB4, 0x9B,
1227 0x89, 0x33, 0x93, 0xD3, 0x93, 0x85, 0x42, 0x95,
1228 };
1229 unsigned char result[sizeof(output)] = { 0 };
1230
1231 params[i++] = OSSL_PARAM_construct_utf8_string(
1232 OSSL_KDF_PARAM_DIGEST, digest, 0);
1233 params[i++] = OSSL_PARAM_construct_utf8_string(
1234 OSSL_KDF_PARAM_MAC, mac, 0);
1235 params[i++] = OSSL_PARAM_construct_octet_string(
1236 OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
1237 params[i++] = OSSL_PARAM_construct_octet_string(
1238 OSSL_KDF_PARAM_SALT, label, strlen(label));
1239 params[i++] = OSSL_PARAM_construct_octet_string(
1240 OSSL_KDF_PARAM_INFO, prf_input, strlen(prf_input));
1241 params[i] = OSSL_PARAM_construct_end();
1242
1243 kctx = get_kdfbyname("KBKDF");
1244 ret = TEST_ptr(kctx)
1245 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), params), 0)
1246 && TEST_mem_eq(result, sizeof(result), output, sizeof(output));
1247
1248 EVP_KDF_CTX_free(kctx);
1249 return ret;
1250 }
1251
test_kdf_kbkdf_8009_prf2(void)1252 static int test_kdf_kbkdf_8009_prf2(void)
1253 {
1254 int ret, i = 0;
1255 EVP_KDF_CTX *kctx;
1256 OSSL_PARAM params[6];
1257 char *label = "prf", *digest = "sha384", *prf_input = "test",
1258 *mac = "HMAC";
1259 static unsigned char input_key[] = {
1260 0x6D, 0x40, 0x4D, 0x37, 0xFA, 0xF7, 0x9F, 0x9D,
1261 0xF0, 0xD3, 0x35, 0x68, 0xD3, 0x20, 0x66, 0x98,
1262 0x00, 0xEB, 0x48, 0x36, 0x47, 0x2E, 0xA8, 0xA0,
1263 0x26, 0xD1, 0x6B, 0x71, 0x82, 0x46, 0x0C, 0x52,
1264 };
1265 static unsigned char output[] = {
1266 0x98, 0x01, 0xF6, 0x9A, 0x36, 0x8C, 0x2B, 0xF6,
1267 0x75, 0xE5, 0x95, 0x21, 0xE1, 0x77, 0xD9, 0xA0,
1268 0x7F, 0x67, 0xEF, 0xE1, 0xCF, 0xDE, 0x8D, 0x3C,
1269 0x8D, 0x6F, 0x6A, 0x02, 0x56, 0xE3, 0xB1, 0x7D,
1270 0xB3, 0xC1, 0xB6, 0x2A, 0xD1, 0xB8, 0x55, 0x33,
1271 0x60, 0xD1, 0x73, 0x67, 0xEB, 0x15, 0x14, 0xD2,
1272 };
1273 unsigned char result[sizeof(output)] = { 0 };
1274
1275 params[i++] = OSSL_PARAM_construct_utf8_string(
1276 OSSL_KDF_PARAM_DIGEST, digest, 0);
1277 params[i++] = OSSL_PARAM_construct_utf8_string(
1278 OSSL_KDF_PARAM_MAC, mac, 0);
1279 params[i++] = OSSL_PARAM_construct_octet_string(
1280 OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
1281 params[i++] = OSSL_PARAM_construct_octet_string(
1282 OSSL_KDF_PARAM_SALT, label, strlen(label));
1283 params[i++] = OSSL_PARAM_construct_octet_string(
1284 OSSL_KDF_PARAM_INFO, prf_input, strlen(prf_input));
1285 params[i] = OSSL_PARAM_construct_end();
1286
1287 kctx = get_kdfbyname("KBKDF");
1288 ret = TEST_ptr(kctx)
1289 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), params), 0)
1290 && TEST_mem_eq(result, sizeof(result), output, sizeof(output));
1291
1292 EVP_KDF_CTX_free(kctx);
1293 return ret;
1294 }
1295
1296 #if !defined(OPENSSL_NO_CMAC)
1297 /*
1298 * Test vector taken from
1299 * https://csrc.nist.gov/CSRC/media/Projects/
1300 * Cryptographic-Algorithm-Validation-Program/documents/KBKDF800-108/CounterMode.zip
1301 * Note: Only 32 bit counter is supported ([RLEN=32_BITS])
1302 */
test_kdf_kbkdf_fixedinfo(void)1303 static int test_kdf_kbkdf_fixedinfo(void)
1304 {
1305 int ret;
1306 EVP_KDF_CTX *kctx;
1307 OSSL_PARAM params[8], *p = params;
1308 static char *cipher = "AES128";
1309 static char *mac = "CMAC";
1310 static char *mode = "COUNTER";
1311 int use_l = 0;
1312 int use_separator = 0;
1313
1314 static unsigned char input_key[] = {
1315 0xc1, 0x0b, 0x15, 0x2e, 0x8c, 0x97, 0xb7, 0x7e,
1316 0x18, 0x70, 0x4e, 0x0f, 0x0b, 0xd3, 0x83, 0x05,
1317 };
1318 static unsigned char fixed_input[] = {
1319 0x98, 0xcd, 0x4c, 0xbb, 0xbe, 0xbe, 0x15, 0xd1,
1320 0x7d, 0xc8, 0x6e, 0x6d, 0xba, 0xd8, 0x00, 0xa2,
1321 0xdc, 0xbd, 0x64, 0xf7, 0xc7, 0xad, 0x0e, 0x78,
1322 0xe9, 0xcf, 0x94, 0xff, 0xdb, 0xa8, 0x9d, 0x03,
1323 0xe9, 0x7e, 0xad, 0xf6, 0xc4, 0xf7, 0xb8, 0x06,
1324 0xca, 0xf5, 0x2a, 0xa3, 0x8f, 0x09, 0xd0, 0xeb,
1325 0x71, 0xd7, 0x1f, 0x49, 0x7b, 0xcc, 0x69, 0x06,
1326 0xb4, 0x8d, 0x36, 0xc4,
1327
1328 };
1329 static unsigned char output[] = {
1330 0x26, 0xfa, 0xf6, 0x19, 0x08, 0xad, 0x9e, 0xe8,
1331 0x81, 0xb8, 0x30, 0x5c, 0x22, 0x1d, 0xb5, 0x3f,
1332 };
1333 unsigned char result[sizeof(output)] = { 0 };
1334
1335 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER, cipher, 0);
1336 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, mac, 0);
1337 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE, mode, 0);
1338 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, input_key,
1339 sizeof(input_key));
1340 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
1341 fixed_input, sizeof(fixed_input));
1342 *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_USE_L, &use_l);
1343 *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR,
1344 &use_separator);
1345 *p = OSSL_PARAM_construct_end();
1346
1347 kctx = get_kdfbyname("KBKDF");
1348 ret = TEST_ptr(kctx)
1349 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), params), 0)
1350 && TEST_mem_eq(result, sizeof(result), output, sizeof(output));
1351
1352 EVP_KDF_CTX_free(kctx);
1353 return ret;
1354 }
1355 #endif /* OPENSSL_NO_CMAC */
1356
test_kdf_ss_hmac(void)1357 static int test_kdf_ss_hmac(void)
1358 {
1359 int ret;
1360 EVP_KDF_CTX *kctx;
1361 OSSL_PARAM params[6], *p = params;
1362 unsigned char out[16];
1363 static unsigned char z[] = {
1364 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
1365 };
1366 static unsigned char other[] = {
1367 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
1368 };
1369 static unsigned char salt[] = {
1370 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
1371 0x3f,0x89
1372 };
1373 static const unsigned char expected[sizeof(out)] = {
1374 0x44,0xf6,0x76,0xe8,0x5c,0x1b,0x1a,0x8b,0xbc,0x3d,0x31,0x92,0x18,0x63,
1375 0x1c,0xa3
1376 };
1377
1378 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
1379 (char *)OSSL_MAC_NAME_HMAC, 0);
1380 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
1381 (char *)"sha256", 0);
1382 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
1383 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
1384 sizeof(other));
1385 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt,
1386 sizeof(salt));
1387 *p = OSSL_PARAM_construct_end();
1388
1389 ret =
1390 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
1391 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
1392 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1393
1394 EVP_KDF_CTX_free(kctx);
1395 return ret;
1396 }
1397
test_kdf_ss_kmac(void)1398 static int test_kdf_ss_kmac(void)
1399 {
1400 int ret;
1401 EVP_KDF_CTX *kctx;
1402 OSSL_PARAM params[7], *p = params;
1403 unsigned char out[64];
1404 size_t mac_size = 20;
1405 static unsigned char z[] = {
1406 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
1407 };
1408 static unsigned char other[] = {
1409 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
1410 };
1411 static unsigned char salt[] = {
1412 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
1413 0x3f,0x89
1414 };
1415 static const unsigned char expected[sizeof(out)] = {
1416 0xe9,0xc1,0x84,0x53,0xa0,0x62,0xb5,0x3b,0xdb,0xfc,0xbb,0x5a,0x34,0xbd,
1417 0xb8,0xe5,0xe7,0x07,0xee,0xbb,0x5d,0xd1,0x34,0x42,0x43,0xd8,0xcf,0xc2,
1418 0xc2,0xe6,0x33,0x2f,0x91,0xbd,0xa5,0x86,0xf3,0x7d,0xe4,0x8a,0x65,0xd4,
1419 0xc5,0x14,0xfd,0xef,0xaa,0x1e,0x67,0x54,0xf3,0x73,0xd2,0x38,0xe1,0x95,
1420 0xae,0x15,0x7e,0x1d,0xe8,0x14,0x98,0x03
1421 };
1422
1423 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
1424 (char *)OSSL_MAC_NAME_KMAC128, 0);
1425 /* The digest parameter is not needed here and should be ignored */
1426 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
1427 (char *)"SHA256", 0);
1428 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
1429 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
1430 sizeof(other));
1431 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt,
1432 sizeof(salt));
1433 *p++ = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_MAC_SIZE, &mac_size);
1434 *p = OSSL_PARAM_construct_end();
1435
1436 ret =
1437 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
1438 && TEST_size_t_eq(EVP_KDF_CTX_get_kdf_size(kctx), 0)
1439 && TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 1)
1440 /* The bug fix for KMAC returning SIZE_MAX was added in 3.0.8 */
1441 && (fips_provider_version_lt(NULL, 3, 0, 8)
1442 || TEST_size_t_eq(EVP_KDF_CTX_get_kdf_size(kctx), SIZE_MAX))
1443 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)
1444 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1445
1446 EVP_KDF_CTX_free(kctx);
1447 return ret;
1448 }
1449
test_kdf_sshkdf(void)1450 static int test_kdf_sshkdf(void)
1451 {
1452 int ret;
1453 EVP_KDF_CTX *kctx;
1454 OSSL_PARAM params[6], *p = params;
1455 char kdftype = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV;
1456 unsigned char out[8];
1457 /* Test data from NIST CAVS 14.1 test vectors */
1458 static unsigned char key[] = {
1459 0x00, 0x00, 0x00, 0x81, 0x00, 0x87, 0x5c, 0x55, 0x1c, 0xef, 0x52, 0x6a,
1460 0x4a, 0x8b, 0xe1, 0xa7, 0xdf, 0x27, 0xe9, 0xed, 0x35, 0x4b, 0xac, 0x9a,
1461 0xfb, 0x71, 0xf5, 0x3d, 0xba, 0xe9, 0x05, 0x67, 0x9d, 0x14, 0xf9, 0xfa,
1462 0xf2, 0x46, 0x9c, 0x53, 0x45, 0x7c, 0xf8, 0x0a, 0x36, 0x6b, 0xe2, 0x78,
1463 0x96, 0x5b, 0xa6, 0x25, 0x52, 0x76, 0xca, 0x2d, 0x9f, 0x4a, 0x97, 0xd2,
1464 0x71, 0xf7, 0x1e, 0x50, 0xd8, 0xa9, 0xec, 0x46, 0x25, 0x3a, 0x6a, 0x90,
1465 0x6a, 0xc2, 0xc5, 0xe4, 0xf4, 0x8b, 0x27, 0xa6, 0x3c, 0xe0, 0x8d, 0x80,
1466 0x39, 0x0a, 0x49, 0x2a, 0xa4, 0x3b, 0xad, 0x9d, 0x88, 0x2c, 0xca, 0xc2,
1467 0x3d, 0xac, 0x88, 0xbc, 0xad, 0xa4, 0xb4, 0xd4, 0x26, 0xa3, 0x62, 0x08,
1468 0x3d, 0xab, 0x65, 0x69, 0xc5, 0x4c, 0x22, 0x4d, 0xd2, 0xd8, 0x76, 0x43,
1469 0xaa, 0x22, 0x76, 0x93, 0xe1, 0x41, 0xad, 0x16, 0x30, 0xce, 0x13, 0x14,
1470 0x4e
1471 };
1472 static unsigned char xcghash[] = {
1473 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
1474 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
1475 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
1476 };
1477 static unsigned char sessid[] = {
1478 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
1479 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
1480 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
1481 };
1482 static const unsigned char expected[sizeof(out)] = {
1483 0x41, 0xff, 0x2e, 0xad, 0x16, 0x83, 0xf1, 0xe6
1484 };
1485
1486 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
1487 (char *)"sha256", 0);
1488 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key,
1489 sizeof(key));
1490 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_XCGHASH,
1491 xcghash, sizeof(xcghash));
1492 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_SESSION_ID,
1493 sessid, sizeof(sessid));
1494 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE,
1495 &kdftype, sizeof(kdftype));
1496 *p = OSSL_PARAM_construct_end();
1497
1498 ret =
1499 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSHKDF))
1500 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
1501 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1502
1503 EVP_KDF_CTX_free(kctx);
1504 return ret;
1505 }
1506
test_kdfs_same(EVP_KDF * kdf1,EVP_KDF * kdf2)1507 static int test_kdfs_same( EVP_KDF *kdf1, EVP_KDF *kdf2)
1508 {
1509 /* Fast path in case the two are the same algorithm pointer */
1510 if (kdf1 == kdf2)
1511 return 1;
1512 /*
1513 * Compare their names and providers instead.
1514 * This is necessary in a non-caching build (or a cache flush during fetch)
1515 * because without the algorithm in the cache, fetching it a second time
1516 * will result in a different pointer.
1517 */
1518 return TEST_ptr_eq(EVP_KDF_get0_provider(kdf1), EVP_KDF_get0_provider(kdf2))
1519 && TEST_str_eq(EVP_KDF_get0_name(kdf1), EVP_KDF_get0_name(kdf2));
1520 }
1521
test_kdf_get_kdf(void)1522 static int test_kdf_get_kdf(void)
1523 {
1524 EVP_KDF *kdf1 = NULL, *kdf2 = NULL;
1525 ASN1_OBJECT *obj;
1526 int ok = 1;
1527
1528 if (!TEST_ptr(obj = OBJ_nid2obj(NID_id_pbkdf2))
1529 || !TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_PBKDF2, NULL))
1530 || !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(OBJ_obj2nid(obj)),
1531 NULL))
1532 || !test_kdfs_same(kdf1, kdf2))
1533 ok = 0;
1534 EVP_KDF_free(kdf1);
1535 kdf1 = NULL;
1536 EVP_KDF_free(kdf2);
1537 kdf2 = NULL;
1538
1539 if (!TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, SN_tls1_prf, NULL))
1540 || !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, LN_tls1_prf, NULL))
1541 || !test_kdfs_same(kdf1, kdf2))
1542 ok = 0;
1543 /* kdf1 is re-used below, so don't free it here */
1544 EVP_KDF_free(kdf2);
1545 kdf2 = NULL;
1546
1547 if (!TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(NID_tls1_prf), NULL))
1548 || !test_kdfs_same(kdf1, kdf2))
1549 ok = 0;
1550 EVP_KDF_free(kdf1);
1551 kdf1 = NULL;
1552 EVP_KDF_free(kdf2);
1553 kdf2 = NULL;
1554
1555 return ok;
1556 }
1557
1558 #if !defined(OPENSSL_NO_CMS) && !defined(OPENSSL_NO_DES)
test_kdf_x942_asn1(void)1559 static int test_kdf_x942_asn1(void)
1560 {
1561 int ret;
1562 EVP_KDF_CTX *kctx = NULL;
1563 OSSL_PARAM params[4], *p = params;
1564 const char *cek_alg = SN_id_smime_alg_CMS3DESwrap;
1565 unsigned char out[24];
1566 /* RFC2631 Section 2.1.6 Test data */
1567 static unsigned char z[] = {
1568 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,
1569 0x0e,0x0f,0x10,0x11,0x12,0x13
1570 };
1571 static const unsigned char expected[sizeof(out)] = {
1572 0xa0,0x96,0x61,0x39,0x23,0x76,0xf7,0x04,
1573 0x4d,0x90,0x52,0xa3,0x97,0x88,0x32,0x46,
1574 0xb6,0x7f,0x5f,0x1e,0xf6,0x3e,0xb5,0xfb
1575 };
1576
1577 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
1578 (char *)"sha1", 0);
1579 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z,
1580 sizeof(z));
1581 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG,
1582 (char *)cek_alg, 0);
1583 *p = OSSL_PARAM_construct_end();
1584
1585 ret =
1586 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X942KDF_ASN1))
1587 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
1588 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1589
1590 EVP_KDF_CTX_free(kctx);
1591 return ret;
1592 }
1593 #endif /* OPENSSL_NO_CMS */
1594
test_kdf_krb5kdf(void)1595 static int test_kdf_krb5kdf(void)
1596 {
1597 int ret;
1598 EVP_KDF_CTX *kctx;
1599 OSSL_PARAM params[4], *p = params;
1600 unsigned char out[16];
1601 static unsigned char key[] = {
1602 0x42, 0x26, 0x3C, 0x6E, 0x89, 0xF4, 0xFC, 0x28,
1603 0xB8, 0xDF, 0x68, 0xEE, 0x09, 0x79, 0x9F, 0x15
1604 };
1605 static unsigned char constant[] = {
1606 0x00, 0x00, 0x00, 0x02, 0x99
1607 };
1608 static const unsigned char expected[sizeof(out)] = {
1609 0x34, 0x28, 0x0A, 0x38, 0x2B, 0xC9, 0x27, 0x69,
1610 0xB2, 0xDA, 0x2F, 0x9E, 0xF0, 0x66, 0x85, 0x4B
1611 };
1612
1613 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER,
1614 (char *)"AES-128-CBC", 0);
1615 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key,
1616 sizeof(key));
1617 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_CONSTANT,
1618 constant, sizeof(constant));
1619 *p = OSSL_PARAM_construct_end();
1620
1621 ret =
1622 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_KRB5KDF))
1623 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
1624 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1625
1626 EVP_KDF_CTX_free(kctx);
1627 return ret;
1628 }
1629
setup_tests(void)1630 int setup_tests(void)
1631 {
1632 ADD_TEST(test_kdf_pbkdf1);
1633 #if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_CAMELLIA)
1634 ADD_TEST(test_kdf_kbkdf_6803_128);
1635 ADD_TEST(test_kdf_kbkdf_6803_256);
1636 #endif
1637 ADD_TEST(test_kdf_kbkdf_invalid_digest);
1638 ADD_TEST(test_kdf_kbkdf_invalid_mac);
1639 ADD_TEST(test_kdf_kbkdf_zero_output_size);
1640 ADD_TEST(test_kdf_kbkdf_empty_key);
1641 ADD_TEST(test_kdf_kbkdf_1byte_key);
1642 ADD_TEST(test_kdf_kbkdf_8009_prf1);
1643 ADD_TEST(test_kdf_kbkdf_8009_prf2);
1644 #if !defined(OPENSSL_NO_CMAC)
1645 ADD_TEST(test_kdf_kbkdf_fixedinfo);
1646 #endif
1647 ADD_TEST(test_kdf_get_kdf);
1648 ADD_TEST(test_kdf_tls1_prf);
1649 ADD_TEST(test_kdf_tls1_prf_invalid_digest);
1650 ADD_TEST(test_kdf_tls1_prf_zero_output_size);
1651 ADD_TEST(test_kdf_tls1_prf_empty_secret);
1652 ADD_TEST(test_kdf_tls1_prf_1byte_secret);
1653 ADD_TEST(test_kdf_tls1_prf_empty_seed);
1654 ADD_TEST(test_kdf_tls1_prf_1byte_seed);
1655 ADD_TEST(test_kdf_hkdf);
1656 ADD_TEST(test_kdf_hkdf_invalid_digest);
1657 ADD_TEST(test_kdf_hkdf_zero_output_size);
1658 ADD_TEST(test_kdf_hkdf_empty_key);
1659 ADD_TEST(test_kdf_hkdf_1byte_key);
1660 ADD_TEST(test_kdf_hkdf_empty_salt);
1661 ADD_TEST(test_kdf_hkdf_gettables);
1662 ADD_TEST(test_kdf_hkdf_gettables_expandonly);
1663 ADD_TEST(test_kdf_hkdf_gettables_no_digest);
1664 ADD_TEST(test_kdf_hkdf_derive_set_params_fail);
1665 ADD_TEST(test_kdf_hkdf_set_invalid_mode);
1666 ADD_TEST(test_kdf_hkdf_set_ctx_param_fail);
1667 ADD_TEST(test_kdf_pbkdf2);
1668 ADD_TEST(test_kdf_pbkdf2_small_output);
1669 ADD_TEST(test_kdf_pbkdf2_large_output);
1670 ADD_TEST(test_kdf_pbkdf2_small_salt);
1671 ADD_TEST(test_kdf_pbkdf2_small_iterations);
1672 ADD_TEST(test_kdf_pbkdf2_small_salt_pkcs5);
1673 ADD_TEST(test_kdf_pbkdf2_small_iterations_pkcs5);
1674 ADD_TEST(test_kdf_pbkdf2_invalid_digest);
1675 #ifndef OPENSSL_NO_SCRYPT
1676 ADD_TEST(test_kdf_scrypt);
1677 #endif
1678 ADD_TEST(test_kdf_ss_hash);
1679 ADD_TEST(test_kdf_ss_hmac);
1680 ADD_TEST(test_kdf_ss_kmac);
1681 ADD_TEST(test_kdf_sshkdf);
1682 ADD_TEST(test_kdf_x963);
1683 #if !defined(OPENSSL_NO_CMS) && !defined(OPENSSL_NO_DES)
1684 ADD_TEST(test_kdf_x942_asn1);
1685 #endif
1686 ADD_TEST(test_kdf_krb5kdf);
1687 return 1;
1688 }
1689