1# 2# Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the Apache License 2.0 (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9# Tests start with one of these keywords 10# Cipher Decrypt Derive Digest Encoding KDF MAC PBE 11# PrivPubKeyPair Sign Verify VerifyRecover 12# and continue until a blank line. Lines starting with a pound sign are ignored. 13 14Title = TLS12 PRF tests (from NIST test vectors) 15 16FIPSversion = <=3.1.0 17KDF = TLS1-PRF 18Ctrl.digest = digest:SHA256 19Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc 20Ctrl.label = seed:master secret 21Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c 22Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce 23Output = 202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf 24 25FIPSversion = <=3.1.0 26KDF = TLS1-PRF 27Ctrl.digest = digest:SHA256 28Ctrl.Secret = hexsecret:202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf 29Ctrl.label = seed:key expansion 30Ctrl.server_random = hexseed:ae6c806f8ad4d80784549dff28a4b58fd837681a51d928c3e30ee5ff14f39868 31Ctrl.client_random = hexseed:62e1fd91f23f558a605f28478c58cf72637b89784d959df7e946d3f07bd1b616 32Output = d06139889fffac1e3a71865f504aa5d0d2a2e89506c6f2279b670c3e1b74f531016a2530c51a3a0f7e1d6590d0f0566b2f387f8d11fd4f731cdd572d2eae927f6f2f81410b25e6960be68985add6c38445ad9f8c64bf8068bf9a6679485d966f1ad6f68b43495b10a683755ea2b858d70ccac7ec8b053c6bd41ca299d4e51928 33 34# As above but use long name for KDF 35FIPSversion = <=3.1.0 36KDF = tls1-prf 37Ctrl.digest = digest:SHA256 38Ctrl.Secret = hexsecret:202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf 39Ctrl.label = seed:key expansion 40Ctrl.server_random = hexseed:ae6c806f8ad4d80784549dff28a4b58fd837681a51d928c3e30ee5ff14f39868 41Ctrl.client_random = hexseed:62e1fd91f23f558a605f28478c58cf72637b89784d959df7e946d3f07bd1b616 42Output = d06139889fffac1e3a71865f504aa5d0d2a2e89506c6f2279b670c3e1b74f531016a2530c51a3a0f7e1d6590d0f0566b2f387f8d11fd4f731cdd572d2eae927f6f2f81410b25e6960be68985add6c38445ad9f8c64bf8068bf9a6679485d966f1ad6f68b43495b10a683755ea2b858d70ccac7ec8b053c6bd41ca299d4e51928 43 44# Missing digest. 45Availablein = default 46KDF = TLS1-PRF 47Ctrl.Secret = hexsecret:01 48Ctrl.Seed = hexseed:02 49Output = 03 50Result = KDF_DERIVE_ERROR 51 52# Test that "master secret" is not not used in FIPS mode 53FIPSversion = >=3.4.0 54KDF = TLS1-PRF 55Ctrl.digest = digest:SHA256 56Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc 57Ctrl.label = seed:master secret 58Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c 59Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce 60Result = KDF_DERIVE_ERROR 61Reason = invalid key length 62 63# FIPS indicator callback test 64Availablein = fips 65FIPSversion = >=3.4.0 66KDF = TLS1-PRF 67Unapproved = 1 68CtrlInit = ems_check:0 69Ctrl.digest = digest:SHA256 70Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc 71Ctrl.label = seed:master secret 72Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c 73Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce 74Output = 202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf 75 76# Test that unsupported XOF is rejected 77Availablein = default 78KDF = TLS1-PRF 79Ctrl.digest = digest:SHAKE-256 80Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc 81Ctrl.label = seed:extended master secret 82Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c 83Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce 84Result = KDF_CTRL_ERROR 85 86Title = FIPS indicator tests 87 88# Test that the operation with unapproved digest function is rejected 89Availablein = fips 90FIPSversion = >=3.4.0 91KDF = TLS1-PRF 92Ctrl.digest = digest:SHA512-256 93Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc 94Ctrl.label = seed:extended master secret 95Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c 96Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce 97Result = KDF_CTRL_ERROR 98Reason = digest not allowed 99 100# Test that the operation with unapproved digest function is is reported as 101# unapproved 102Availablein = fips 103FIPSversion = >=3.4.0 104KDF = TLS1-PRF 105Unapproved = 1 106Ctrl.digest-check = digest-check:0 107Ctrl.digest = digest:SHA512-256 108Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc 109Ctrl.label = seed:extended master secret 110Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c 111Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce 112Output = 17be20a3b4cc05524d7de353b2f125537c23372144111b0367bda166fcfc09cf1c94909a408b986f53afbdc41d93ae09 113 114 115# Test that the key whose length is shorter than 112 bits is rejected 116Availablein = fips 117FIPSversion = >=3.4.0 118KDF = TLS1-PRF 119Ctrl.digest = digest:SHA256 120Ctrl.Secret = hexsecret:0102030405060708090a0b 121Ctrl.label = seed:extended master secret 122Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c 123Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce 124Result = KDF_CTRL_ERROR 125Reason = invalid key length 126 127# Test that the key whose length is shorter than 112 bits is reported as 128# unapproved 129Availablein = fips 130FIPSversion = >=3.4.0 131KDF = TLS1-PRF 132Unapproved = 1 133Ctrl.key-check = key-check:0 134Ctrl.digest = digest:SHA256 135Ctrl.Secret = hexsecret:0102030405060708090a0b 136Ctrl.label = seed:extended master secret 137Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c 138Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce 139Output = 8cb203c99a13871fd96cecd2770720df3c4ebd49e1cbc956fddb400f9c051fb69b63d7abb2f996f4e4d1ac0e9153f51b 140