1 /*
2 * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2018-2020, Oracle and/or its affiliates. All rights reserved.
4 *
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
9 */
10
11 /* Tests of the EVP_KDF_CTX APIs */
12
13 #include <stdio.h>
14 #include <string.h>
15
16 #include <openssl/evp.h>
17 #include <openssl/kdf.h>
18 #include <openssl/core_names.h>
19 #include "internal/numbers.h"
20 #include "testutil.h"
21
22
get_kdfbyname_libctx(OSSL_LIB_CTX * libctx,const char * name)23 static EVP_KDF_CTX *get_kdfbyname_libctx(OSSL_LIB_CTX *libctx, const char *name)
24 {
25 EVP_KDF *kdf = EVP_KDF_fetch(libctx, name, NULL);
26 EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
27
28 EVP_KDF_free(kdf);
29 return kctx;
30 }
31
get_kdfbyname(const char * name)32 static EVP_KDF_CTX *get_kdfbyname(const char *name)
33 {
34 return get_kdfbyname_libctx(NULL, name);
35 }
36
construct_tls1_prf_params(const char * digest,const char * secret,const char * seed)37 static OSSL_PARAM *construct_tls1_prf_params(const char *digest, const char *secret,
38 const char *seed)
39 {
40 OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 4);
41 OSSL_PARAM *p = params;
42
43 if (params == NULL)
44 return NULL;
45
46 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
47 (char *)digest, 0);
48 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
49 (unsigned char *)secret,
50 strlen(secret));
51 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
52 (unsigned char *)seed,
53 strlen(seed));
54 *p = OSSL_PARAM_construct_end();
55
56 return params;
57 }
58
test_kdf_tls1_prf(void)59 static int test_kdf_tls1_prf(void)
60 {
61 int ret;
62 EVP_KDF_CTX *kctx = NULL;
63 unsigned char out[16];
64 OSSL_PARAM *params;
65 static const unsigned char expected[sizeof(out)] = {
66 0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0,
67 0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc
68 };
69
70 params = construct_tls1_prf_params("sha256", "secret", "seed");
71
72 ret = TEST_ptr(params)
73 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
74 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
75 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
76
77 EVP_KDF_CTX_free(kctx);
78 OPENSSL_free(params);
79 return ret;
80 }
81
test_kdf_tls1_prf_invalid_digest(void)82 static int test_kdf_tls1_prf_invalid_digest(void)
83 {
84 int ret;
85 EVP_KDF_CTX *kctx = NULL;
86 OSSL_PARAM *params;
87
88 params = construct_tls1_prf_params("blah", "secret", "seed");
89
90 ret = TEST_ptr(params)
91 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
92 && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
93
94 EVP_KDF_CTX_free(kctx);
95 OPENSSL_free(params);
96 return ret;
97 }
98
test_kdf_tls1_prf_zero_output_size(void)99 static int test_kdf_tls1_prf_zero_output_size(void)
100 {
101 int ret;
102 EVP_KDF_CTX *kctx = NULL;
103 unsigned char out[16];
104 OSSL_PARAM *params;
105
106 params = construct_tls1_prf_params("sha256", "secret", "seed");
107
108 /* Negative test - derive should fail */
109 ret = TEST_ptr(params)
110 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
111 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
112 && TEST_int_eq(EVP_KDF_derive(kctx, out, 0, NULL), 0);
113
114 EVP_KDF_CTX_free(kctx);
115 OPENSSL_free(params);
116 return ret;
117 }
118
test_kdf_tls1_prf_empty_secret(void)119 static int test_kdf_tls1_prf_empty_secret(void)
120 {
121 int ret;
122 EVP_KDF_CTX *kctx = NULL;
123 unsigned char out[16];
124 OSSL_PARAM *params;
125
126 params = construct_tls1_prf_params("sha256", "", "seed");
127
128 ret = TEST_ptr(params)
129 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
130 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
131
132 EVP_KDF_CTX_free(kctx);
133 OPENSSL_free(params);
134 return ret;
135 }
136
test_kdf_tls1_prf_1byte_secret(void)137 static int test_kdf_tls1_prf_1byte_secret(void)
138 {
139 int ret;
140 EVP_KDF_CTX *kctx = NULL;
141 unsigned char out[16];
142 OSSL_PARAM *params;
143
144 params = construct_tls1_prf_params("sha256", "1", "seed");
145
146 ret = TEST_ptr(params)
147 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
148 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
149
150 EVP_KDF_CTX_free(kctx);
151 OPENSSL_free(params);
152 return ret;
153 }
154
test_kdf_tls1_prf_empty_seed(void)155 static int test_kdf_tls1_prf_empty_seed(void)
156 {
157 int ret;
158 EVP_KDF_CTX *kctx = NULL;
159 unsigned char out[16];
160 OSSL_PARAM *params;
161
162 params = construct_tls1_prf_params("sha256", "secret", "");
163
164 /* Negative test - derive should fail */
165 ret = TEST_ptr(params)
166 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
167 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
168 && TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0);
169
170 EVP_KDF_CTX_free(kctx);
171 OPENSSL_free(params);
172 return ret;
173 }
174
test_kdf_tls1_prf_1byte_seed(void)175 static int test_kdf_tls1_prf_1byte_seed(void)
176 {
177 int ret;
178 EVP_KDF_CTX *kctx = NULL;
179 unsigned char out[16];
180 OSSL_PARAM *params;
181
182 params = construct_tls1_prf_params("sha256", "secret", "1");
183
184 ret = TEST_ptr(params)
185 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
186 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
187
188 EVP_KDF_CTX_free(kctx);
189 OPENSSL_free(params);
190 return ret;
191 }
192
construct_hkdf_params(char * digest,char * key,size_t keylen,char * salt,char * info)193 static OSSL_PARAM *construct_hkdf_params(char *digest, char *key,
194 size_t keylen, char *salt, char *info)
195 {
196 OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 5);
197 OSSL_PARAM *p = params;
198
199 if (params == NULL)
200 return NULL;
201
202 if (digest != NULL)
203 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
204 digest, 0);
205 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
206 salt, strlen(salt));
207 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
208 (unsigned char *)key, keylen);
209 if (info != NULL)
210 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
211 info, strlen(info));
212 else
213 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE,
214 "EXTRACT_ONLY", 0);
215 *p = OSSL_PARAM_construct_end();
216
217 return params;
218 }
219
test_kdf_hkdf(void)220 static int test_kdf_hkdf(void)
221 {
222 int ret;
223 EVP_KDF_CTX *kctx = NULL;
224 unsigned char out[10];
225 OSSL_PARAM *params;
226 static const unsigned char expected[sizeof(out)] = {
227 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13
228 };
229
230 params = construct_hkdf_params("sha256", "secret", 6, "salt", "label");
231
232 ret = TEST_ptr(params)
233 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
234 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
235 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
236
237 EVP_KDF_CTX_free(kctx);
238 OPENSSL_free(params);
239 return ret;
240 }
241
do_kdf_hkdf_gettables(int expand_only,int has_digest)242 static int do_kdf_hkdf_gettables(int expand_only, int has_digest)
243 {
244 int ret = 0;
245 size_t sz = 0;
246 OSSL_PARAM *params;
247 OSSL_PARAM params_get[2];
248 const OSSL_PARAM *gettables, *p;
249 EVP_KDF_CTX *kctx = NULL;
250
251 if (!TEST_ptr(params = construct_hkdf_params(
252 has_digest ? "sha256" : NULL,
253 "secret", 6, "salt",
254 expand_only ? NULL : "label"))
255 || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
256 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params)))
257 goto err;
258
259 /* Check OSSL_KDF_PARAM_SIZE is gettable */
260 if (!TEST_ptr(gettables = EVP_KDF_CTX_gettable_params(kctx))
261 || !TEST_ptr(p = OSSL_PARAM_locate_const(gettables, OSSL_KDF_PARAM_SIZE)))
262 goto err;
263
264 /* Get OSSL_KDF_PARAM_SIZE as a size_t */
265 params_get[0] = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_SIZE, &sz);
266 params_get[1] = OSSL_PARAM_construct_end();
267 if (has_digest) {
268 if (!TEST_int_eq(EVP_KDF_CTX_get_params(kctx, params_get), 1)
269 || !TEST_size_t_eq(sz, expand_only ? SHA256_DIGEST_LENGTH : SIZE_MAX))
270 goto err;
271 } else {
272 if (!TEST_int_eq(EVP_KDF_CTX_get_params(kctx, params_get), 0))
273 goto err;
274 }
275
276 /* Get params returns -2 if an unsupported parameter is requested */
277 params_get[0] = OSSL_PARAM_construct_end();
278 if (!TEST_int_eq(EVP_KDF_CTX_get_params(kctx, params_get), -2))
279 goto err;
280 ret = 1;
281 err:
282 EVP_KDF_CTX_free(kctx);
283 OPENSSL_free(params);
284 return ret;
285 }
286
test_kdf_hkdf_gettables(void)287 static int test_kdf_hkdf_gettables(void)
288 {
289 return do_kdf_hkdf_gettables(0, 1);
290 }
291
test_kdf_hkdf_gettables_expandonly(void)292 static int test_kdf_hkdf_gettables_expandonly(void)
293 {
294 return do_kdf_hkdf_gettables(1, 1);
295 }
296
test_kdf_hkdf_gettables_no_digest(void)297 static int test_kdf_hkdf_gettables_no_digest(void)
298 {
299 return do_kdf_hkdf_gettables(1, 0);
300 }
301
test_kdf_hkdf_invalid_digest(void)302 static int test_kdf_hkdf_invalid_digest(void)
303 {
304 int ret;
305 EVP_KDF_CTX *kctx = NULL;
306 OSSL_PARAM *params;
307
308 params = construct_hkdf_params("blah", "secret", 6, "salt", "label");
309
310 ret = TEST_ptr(params)
311 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
312 && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
313
314 EVP_KDF_CTX_free(kctx);
315 OPENSSL_free(params);
316 return ret;
317 }
318
test_kdf_hkdf_derive_set_params_fail(void)319 static int test_kdf_hkdf_derive_set_params_fail(void)
320 {
321 int ret = 0, i = 0;
322 EVP_KDF_CTX *kctx = NULL;
323 OSSL_PARAM params[2];
324 unsigned char out[10];
325
326 if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)))
327 goto end;
328 /*
329 * Set the wrong type for the digest so that it causes a failure
330 * inside kdf_hkdf_derive() when kdf_hkdf_set_ctx_params() is called
331 */
332 params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_DIGEST, &i);
333 params[1] = OSSL_PARAM_construct_end();
334 if (!TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), params), 0))
335 goto end;
336 ret = 1;
337 end:
338 EVP_KDF_CTX_free(kctx);
339 return ret;
340 }
341
test_kdf_hkdf_set_invalid_mode(void)342 static int test_kdf_hkdf_set_invalid_mode(void)
343 {
344 int ret = 0, bad_mode = 100;
345 EVP_KDF_CTX *kctx = NULL;
346 OSSL_PARAM params[2];
347
348 if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)))
349 goto end;
350 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE,
351 "BADMODE", 0);
352 params[1] = OSSL_PARAM_construct_end();
353 if (!TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 0))
354 goto end;
355
356 params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE, &bad_mode);
357 if (!TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 0))
358 goto end;
359
360 ret = 1;
361 end:
362 EVP_KDF_CTX_free(kctx);
363 return ret;
364 }
365
do_kdf_hkdf_set_invalid_param(const char * key,int type)366 static int do_kdf_hkdf_set_invalid_param(const char *key, int type)
367 {
368 int ret = 0;
369 EVP_KDF_CTX *kctx = NULL;
370 OSSL_PARAM params[2];
371 unsigned char buf[2];
372
373 if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)))
374 goto end;
375 /* Set the wrong type for the key so that it causes a failure */
376 if (type == OSSL_PARAM_UTF8_STRING)
377 params[0] = OSSL_PARAM_construct_utf8_string(key, "BAD", 0);
378 else
379 params[0] = OSSL_PARAM_construct_octet_string(key, buf, sizeof(buf));
380 params[1] = OSSL_PARAM_construct_end();
381 if (!TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 0))
382 goto end;
383
384 ret = 1;
385 end:
386 EVP_KDF_CTX_free(kctx);
387 return ret;
388 }
389
test_kdf_hkdf_set_ctx_param_fail(void)390 static int test_kdf_hkdf_set_ctx_param_fail(void)
391 {
392 return do_kdf_hkdf_set_invalid_param(OSSL_KDF_PARAM_MODE,
393 OSSL_PARAM_OCTET_STRING)
394 && do_kdf_hkdf_set_invalid_param(OSSL_KDF_PARAM_KEY,
395 OSSL_PARAM_UTF8_STRING)
396 && do_kdf_hkdf_set_invalid_param(OSSL_KDF_PARAM_SALT,
397 OSSL_PARAM_UTF8_STRING)
398 && do_kdf_hkdf_set_invalid_param(OSSL_KDF_PARAM_INFO,
399 OSSL_PARAM_UTF8_STRING);
400 }
401
test_kdf_hkdf_zero_output_size(void)402 static int test_kdf_hkdf_zero_output_size(void)
403 {
404 int ret;
405 EVP_KDF_CTX *kctx = NULL;
406 unsigned char out[10];
407 OSSL_PARAM *params;
408
409 params = construct_hkdf_params("sha256", "secret", 6, "salt", "label");
410
411 /* Negative test - derive should fail */
412 ret = TEST_ptr(params)
413 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
414 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
415 && TEST_int_eq(EVP_KDF_derive(kctx, out, 0, NULL), 0);
416
417 EVP_KDF_CTX_free(kctx);
418 OPENSSL_free(params);
419 return ret;
420 }
421
test_kdf_hkdf_empty_key(void)422 static int test_kdf_hkdf_empty_key(void)
423 {
424 int ret;
425 EVP_KDF_CTX *kctx = NULL;
426 unsigned char out[10];
427 OSSL_PARAM *params;
428
429 params = construct_hkdf_params("sha256", "", 0, "salt", "label");
430
431 ret = TEST_ptr(params)
432 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
433 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
434
435 EVP_KDF_CTX_free(kctx);
436 OPENSSL_free(params);
437 return ret;
438 }
439
test_kdf_hkdf_1byte_key(void)440 static int test_kdf_hkdf_1byte_key(void)
441 {
442 int ret;
443 EVP_KDF_CTX *kctx = NULL;
444 unsigned char out[10];
445 OSSL_PARAM *params;
446
447 params = construct_hkdf_params("sha256", "1", 1, "salt", "label");
448
449 ret = TEST_ptr(params)
450 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
451 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
452
453 EVP_KDF_CTX_free(kctx);
454 OPENSSL_free(params);
455 return ret;
456 }
457
test_kdf_hkdf_empty_salt(void)458 static int test_kdf_hkdf_empty_salt(void)
459 {
460 int ret;
461 EVP_KDF_CTX *kctx = NULL;
462 unsigned char out[10];
463 OSSL_PARAM *params;
464
465 params = construct_hkdf_params("sha256", "secret", 6, "", "label");
466
467 ret = TEST_ptr(params)
468 && TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
469 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
470
471 EVP_KDF_CTX_free(kctx);
472 OPENSSL_free(params);
473 return ret;
474 }
475
construct_pbkdf1_params(char * pass,char * digest,char * salt,unsigned int * iter)476 static OSSL_PARAM *construct_pbkdf1_params(char *pass, char *digest, char *salt,
477 unsigned int *iter)
478 {
479 OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 5);
480 OSSL_PARAM *p = params;
481
482 if (params == NULL)
483 return NULL;
484
485 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
486 (unsigned char *)pass, strlen(pass));
487 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
488 (unsigned char *)salt, strlen(salt));
489 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_ITER, iter);
490 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
491 digest, 0);
492 *p = OSSL_PARAM_construct_end();
493
494 return params;
495 }
496
test_kdf_pbkdf1(void)497 static int test_kdf_pbkdf1(void)
498 {
499 int ret = 0;
500 EVP_KDF_CTX *kctx = NULL;
501 unsigned char out[25];
502 unsigned int iterations = 4096;
503 OSSL_LIB_CTX *libctx = NULL;
504 OSSL_PARAM *params = NULL;
505 OSSL_PROVIDER *legacyprov = NULL;
506 OSSL_PROVIDER *defprov = NULL;
507 const unsigned char expected[sizeof(out)] = {
508 0xfb, 0x83, 0x4d, 0x36, 0x6d, 0xbc, 0x53, 0x87, 0x35, 0x1b, 0x34, 0x75,
509 0x95, 0x88, 0x32, 0x4f, 0x3e, 0x82, 0x81, 0x01, 0x21, 0x93, 0x64, 0x00,
510 0xcc
511 };
512
513 if (!TEST_ptr(libctx = OSSL_LIB_CTX_new()))
514 goto err;
515
516 /* PBKDF1 only available in the legacy provider */
517 legacyprov = OSSL_PROVIDER_load(libctx, "legacy");
518 if (legacyprov == NULL) {
519 OSSL_LIB_CTX_free(libctx);
520 return TEST_skip("PBKDF1 only available in legacy provider");
521 }
522
523 if (!TEST_ptr(defprov = OSSL_PROVIDER_load(libctx, "default")))
524 goto err;
525
526 params = construct_pbkdf1_params("passwordPASSWORDpassword", "sha256",
527 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
528 &iterations);
529
530 if (!TEST_ptr(params)
531 || !TEST_ptr(kctx = get_kdfbyname_libctx(libctx, OSSL_KDF_NAME_PBKDF1))
532 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
533 || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)
534 || !TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)))
535 goto err;
536
537 ret = 1;
538 err:
539 EVP_KDF_CTX_free(kctx);
540 OPENSSL_free(params);
541 OSSL_PROVIDER_unload(defprov);
542 OSSL_PROVIDER_unload(legacyprov);
543 OSSL_LIB_CTX_free(libctx);
544 return ret;
545 }
546
construct_pbkdf2_params(char * pass,char * digest,char * salt,unsigned int * iter,int * mode)547 static OSSL_PARAM *construct_pbkdf2_params(char *pass, char *digest, char *salt,
548 unsigned int *iter, int *mode)
549 {
550 OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 6);
551 OSSL_PARAM *p = params;
552
553 if (params == NULL)
554 return NULL;
555
556 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
557 (unsigned char *)pass, strlen(pass));
558 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
559 (unsigned char *)salt, strlen(salt));
560 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_ITER, iter);
561 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
562 digest, 0);
563 *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, mode);
564 *p = OSSL_PARAM_construct_end();
565
566 return params;
567 }
568
test_kdf_pbkdf2(void)569 static int test_kdf_pbkdf2(void)
570 {
571 int ret = 0;
572 EVP_KDF_CTX *kctx = NULL;
573 unsigned char out[25];
574 unsigned int iterations = 4096;
575 int mode = 0;
576 OSSL_PARAM *params;
577 const unsigned char expected[sizeof(out)] = {
578 0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f,
579 0x32, 0xd8, 0x14, 0xb8, 0x11, 0x6e, 0x84, 0xcf,
580 0x2b, 0x17, 0x34, 0x7e, 0xbc, 0x18, 0x00, 0x18,
581 0x1c
582 };
583
584 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
585 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
586 &iterations, &mode);
587
588 if (!TEST_ptr(params)
589 || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
590 || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
591 || !TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)))
592 goto err;
593
594 ret = 1;
595 err:
596 EVP_KDF_CTX_free(kctx);
597 OPENSSL_free(params);
598 return ret;
599 }
600
test_kdf_pbkdf2_small_output(void)601 static int test_kdf_pbkdf2_small_output(void)
602 {
603 int ret = 0;
604 EVP_KDF_CTX *kctx = NULL;
605 unsigned char out[25];
606 unsigned int iterations = 4096;
607 int mode = 0;
608 OSSL_PARAM *params;
609
610 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
611 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
612 &iterations, &mode);
613
614 if (!TEST_ptr(params)
615 || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
616 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
617 /* A key length that is too small should fail */
618 || !TEST_int_eq(EVP_KDF_derive(kctx, out, 112 / 8 - 1, NULL), 0))
619 goto err;
620
621 ret = 1;
622 err:
623 EVP_KDF_CTX_free(kctx);
624 OPENSSL_free(params);
625 return ret;
626 }
627
test_kdf_pbkdf2_large_output(void)628 static int test_kdf_pbkdf2_large_output(void)
629 {
630 int ret = 0;
631 EVP_KDF_CTX *kctx = NULL;
632 unsigned char out[25];
633 size_t len = 0;
634 unsigned int iterations = 4096;
635 int mode = 0;
636 OSSL_PARAM *params;
637
638 if (sizeof(len) > 32)
639 len = SIZE_MAX;
640
641 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
642 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
643 &iterations, &mode);
644
645 if (!TEST_ptr(params)
646 || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
647 /* A key length that is too large should fail */
648 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
649 || (len != 0 && !TEST_int_eq(EVP_KDF_derive(kctx, out, len, NULL), 0)))
650 goto err;
651
652 ret = 1;
653 err:
654 EVP_KDF_CTX_free(kctx);
655 OPENSSL_free(params);
656 return ret;
657 }
658
test_kdf_pbkdf2_small_salt(void)659 static int test_kdf_pbkdf2_small_salt(void)
660 {
661 int ret = 0;
662 EVP_KDF_CTX *kctx = NULL;
663 unsigned int iterations = 4096;
664 int mode = 0;
665 OSSL_PARAM *params;
666
667 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
668 "saltSALT",
669 &iterations, &mode);
670
671 if (!TEST_ptr(params)
672 || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
673 /* A salt that is too small should fail */
674 || !TEST_false(EVP_KDF_CTX_set_params(kctx, params)))
675 goto err;
676
677 ret = 1;
678 err:
679 EVP_KDF_CTX_free(kctx);
680 OPENSSL_free(params);
681 return ret;
682 }
683
test_kdf_pbkdf2_small_iterations(void)684 static int test_kdf_pbkdf2_small_iterations(void)
685 {
686 int ret = 0;
687 EVP_KDF_CTX *kctx = NULL;
688 unsigned int iterations = 1;
689 int mode = 0;
690 OSSL_PARAM *params;
691
692 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
693 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
694 &iterations, &mode);
695
696 if (!TEST_ptr(params)
697 || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
698 /* An iteration count that is too small should fail */
699 || !TEST_false(EVP_KDF_CTX_set_params(kctx, params)))
700 goto err;
701
702 ret = 1;
703 err:
704 EVP_KDF_CTX_free(kctx);
705 OPENSSL_free(params);
706 return ret;
707 }
708
test_kdf_pbkdf2_small_salt_pkcs5(void)709 static int test_kdf_pbkdf2_small_salt_pkcs5(void)
710 {
711 int ret = 0;
712 EVP_KDF_CTX *kctx = NULL;
713 unsigned char out[25];
714 unsigned int iterations = 4096;
715 int mode = 1;
716 OSSL_PARAM *params;
717 OSSL_PARAM mode_params[2];
718
719 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
720 "saltSALT",
721 &iterations, &mode);
722
723 if (!TEST_ptr(params)
724 || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
725 /* A salt that is too small should pass in pkcs5 mode */
726 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
727 || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0))
728 goto err;
729
730 mode = 0;
731 mode_params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &mode);
732 mode_params[1] = OSSL_PARAM_construct_end();
733
734 /* If the "pkcs5" mode is disabled then the derive will now fail */
735 if (!TEST_true(EVP_KDF_CTX_set_params(kctx, mode_params))
736 || !TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0))
737 goto err;
738
739 ret = 1;
740 err:
741 EVP_KDF_CTX_free(kctx);
742 OPENSSL_free(params);
743 return ret;
744 }
745
test_kdf_pbkdf2_small_iterations_pkcs5(void)746 static int test_kdf_pbkdf2_small_iterations_pkcs5(void)
747 {
748 int ret = 0;
749 EVP_KDF_CTX *kctx = NULL;
750 unsigned char out[25];
751 unsigned int iterations = 1;
752 int mode = 1;
753 OSSL_PARAM *params;
754 OSSL_PARAM mode_params[2];
755
756 params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
757 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
758 &iterations, &mode);
759
760 if (!TEST_ptr(params)
761 || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
762 /* An iteration count that is too small will pass in pkcs5 mode */
763 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
764 || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0))
765 goto err;
766
767 mode = 0;
768 mode_params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &mode);
769 mode_params[1] = OSSL_PARAM_construct_end();
770
771 /* If the "pkcs5" mode is disabled then the derive will now fail */
772 if (!TEST_true(EVP_KDF_CTX_set_params(kctx, mode_params))
773 || !TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0))
774 goto err;
775
776 ret = 1;
777 err:
778 EVP_KDF_CTX_free(kctx);
779 OPENSSL_free(params);
780 return ret;
781 }
782
test_kdf_pbkdf2_invalid_digest(void)783 static int test_kdf_pbkdf2_invalid_digest(void)
784 {
785 int ret = 0;
786 EVP_KDF_CTX *kctx = NULL;
787 unsigned int iterations = 4096;
788 int mode = 0;
789 OSSL_PARAM *params;
790
791 params = construct_pbkdf2_params("passwordPASSWORDpassword", "blah",
792 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
793 &iterations, &mode);
794
795 if (!TEST_ptr(params)
796 || !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
797 /* Unknown digest should fail */
798 || !TEST_false(EVP_KDF_CTX_set_params(kctx, params)))
799 goto err;
800
801 ret = 1;
802 err:
803 EVP_KDF_CTX_free(kctx);
804 OPENSSL_free(params);
805 return ret;
806 }
807
808 #ifndef OPENSSL_NO_SCRYPT
test_kdf_scrypt(void)809 static int test_kdf_scrypt(void)
810 {
811 int ret;
812 EVP_KDF_CTX *kctx;
813 OSSL_PARAM params[7], *p = params;
814 unsigned char out[64];
815 unsigned int nu = 1024, ru = 8, pu = 16, maxmem = 16;
816 static const unsigned char expected[sizeof(out)] = {
817 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
818 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
819 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
820 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
821 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
822 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
823 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
824 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
825 };
826
827 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
828 (char *)"password", 8);
829 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
830 (char *)"NaCl", 4);
831 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_N, &nu);
832 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_R, &ru);
833 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_P, &pu);
834 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_MAXMEM, &maxmem);
835 *p = OSSL_PARAM_construct_end();
836
837 ret =
838 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SCRYPT))
839 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
840 /* failure test *//*
841 && TEST_int_le(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)*/
842 && TEST_true(OSSL_PARAM_set_uint(p - 1, 10 * 1024 * 1024))
843 && TEST_true(EVP_KDF_CTX_set_params(kctx, p - 1))
844 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)
845 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
846
847 EVP_KDF_CTX_free(kctx);
848 return ret;
849 }
850 #endif /* OPENSSL_NO_SCRYPT */
851
test_kdf_ss_hash(void)852 static int test_kdf_ss_hash(void)
853 {
854 int ret;
855 EVP_KDF_CTX *kctx;
856 OSSL_PARAM params[4], *p = params;
857 unsigned char out[14];
858 static unsigned char z[] = {
859 0x6d,0xbd,0xc2,0x3f,0x04,0x54,0x88,0xe4,0x06,0x27,0x57,0xb0,0x6b,0x9e,
860 0xba,0xe1,0x83,0xfc,0x5a,0x59,0x46,0xd8,0x0d,0xb9,0x3f,0xec,0x6f,0x62,
861 0xec,0x07,0xe3,0x72,0x7f,0x01,0x26,0xae,0xd1,0x2c,0xe4,0xb2,0x62,0xf4,
862 0x7d,0x48,0xd5,0x42,0x87,0xf8,0x1d,0x47,0x4c,0x7c,0x3b,0x18,0x50,0xe9
863 };
864 static unsigned char other[] = {
865 0xa1,0xb2,0xc3,0xd4,0xe5,0x43,0x41,0x56,0x53,0x69,0x64,0x3c,0x83,0x2e,
866 0x98,0x49,0xdc,0xdb,0xa7,0x1e,0x9a,0x31,0x39,0xe6,0x06,0xe0,0x95,0xde,
867 0x3c,0x26,0x4a,0x66,0xe9,0x8a,0x16,0x58,0x54,0xcd,0x07,0x98,0x9b,0x1e,
868 0xe0,0xec,0x3f,0x8d,0xbe
869 };
870 static const unsigned char expected[sizeof(out)] = {
871 0xa4,0x62,0xde,0x16,0xa8,0x9d,0xe8,0x46,0x6e,0xf5,0x46,0x0b,0x47,0xb8
872 };
873
874 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
875 (char *)"sha224", 0);
876 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
877 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
878 sizeof(other));
879 *p = OSSL_PARAM_construct_end();
880
881 ret =
882 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
883 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
884 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
885
886 EVP_KDF_CTX_free(kctx);
887 return ret;
888 }
889
test_kdf_x963(void)890 static int test_kdf_x963(void)
891 {
892 int ret;
893 EVP_KDF_CTX *kctx;
894 OSSL_PARAM params[4], *p = params;
895 unsigned char out[1024 / 8];
896 /*
897 * Test data from https://csrc.nist.gov/CSRC/media/Projects/
898 * Cryptographic-Algorithm-Validation-Program/documents/components/
899 * 800-135testvectors/ansx963_2001.zip
900 */
901 static unsigned char z[] = {
902 0x00, 0xaa, 0x5b, 0xb7, 0x9b, 0x33, 0xe3, 0x89, 0xfa, 0x58, 0xce, 0xad,
903 0xc0, 0x47, 0x19, 0x7f, 0x14, 0xe7, 0x37, 0x12, 0xf4, 0x52, 0xca, 0xa9,
904 0xfc, 0x4c, 0x9a, 0xdb, 0x36, 0x93, 0x48, 0xb8, 0x15, 0x07, 0x39, 0x2f,
905 0x1a, 0x86, 0xdd, 0xfd, 0xb7, 0xc4, 0xff, 0x82, 0x31, 0xc4, 0xbd, 0x0f,
906 0x44, 0xe4, 0x4a, 0x1b, 0x55, 0xb1, 0x40, 0x47, 0x47, 0xa9, 0xe2, 0xe7,
907 0x53, 0xf5, 0x5e, 0xf0, 0x5a, 0x2d
908 };
909 static unsigned char shared[] = {
910 0xe3, 0xb5, 0xb4, 0xc1, 0xb0, 0xd5, 0xcf, 0x1d, 0x2b, 0x3a, 0x2f, 0x99,
911 0x37, 0x89, 0x5d, 0x31
912 };
913 static const unsigned char expected[sizeof(out)] = {
914 0x44, 0x63, 0xf8, 0x69, 0xf3, 0xcc, 0x18, 0x76, 0x9b, 0x52, 0x26, 0x4b,
915 0x01, 0x12, 0xb5, 0x85, 0x8f, 0x7a, 0xd3, 0x2a, 0x5a, 0x2d, 0x96, 0xd8,
916 0xcf, 0xfa, 0xbf, 0x7f, 0xa7, 0x33, 0x63, 0x3d, 0x6e, 0x4d, 0xd2, 0xa5,
917 0x99, 0xac, 0xce, 0xb3, 0xea, 0x54, 0xa6, 0x21, 0x7c, 0xe0, 0xb5, 0x0e,
918 0xef, 0x4f, 0x6b, 0x40, 0xa5, 0xc3, 0x02, 0x50, 0xa5, 0xa8, 0xee, 0xee,
919 0x20, 0x80, 0x02, 0x26, 0x70, 0x89, 0xdb, 0xf3, 0x51, 0xf3, 0xf5, 0x02,
920 0x2a, 0xa9, 0x63, 0x8b, 0xf1, 0xee, 0x41, 0x9d, 0xea, 0x9c, 0x4f, 0xf7,
921 0x45, 0xa2, 0x5a, 0xc2, 0x7b, 0xda, 0x33, 0xca, 0x08, 0xbd, 0x56, 0xdd,
922 0x1a, 0x59, 0xb4, 0x10, 0x6c, 0xf2, 0xdb, 0xbc, 0x0a, 0xb2, 0xaa, 0x8e,
923 0x2e, 0xfa, 0x7b, 0x17, 0x90, 0x2d, 0x34, 0x27, 0x69, 0x51, 0xce, 0xcc,
924 0xab, 0x87, 0xf9, 0x66, 0x1c, 0x3e, 0x88, 0x16
925 };
926
927 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
928 (char *)"sha512", 0);
929 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
930 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, shared,
931 sizeof(shared));
932 *p = OSSL_PARAM_construct_end();
933
934 ret =
935 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X963KDF))
936 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
937 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
938
939 EVP_KDF_CTX_free(kctx);
940 return ret;
941 }
942
943 #if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_CAMELLIA)
944 /*
945 * KBKDF test vectors from RFC 6803 (Camellia Encryption for Kerberos 5)
946 * section 10.
947 */
test_kdf_kbkdf_6803_128(void)948 static int test_kdf_kbkdf_6803_128(void)
949 {
950 int ret = 0, i, p;
951 EVP_KDF_CTX *kctx;
952 OSSL_PARAM params[7];
953 static unsigned char input_key[] = {
954 0x57, 0xD0, 0x29, 0x72, 0x98, 0xFF, 0xD9, 0xD3,
955 0x5D, 0xE5, 0xA4, 0x7F, 0xB4, 0xBD, 0xE2, 0x4B,
956 };
957 static unsigned char constants[][5] = {
958 { 0x00, 0x00, 0x00, 0x02, 0x99 },
959 { 0x00, 0x00, 0x00, 0x02, 0xaa },
960 { 0x00, 0x00, 0x00, 0x02, 0x55 },
961 };
962 static unsigned char outputs[][16] = {
963 {0xD1, 0x55, 0x77, 0x5A, 0x20, 0x9D, 0x05, 0xF0,
964 0x2B, 0x38, 0xD4, 0x2A, 0x38, 0x9E, 0x5A, 0x56},
965 {0x64, 0xDF, 0x83, 0xF8, 0x5A, 0x53, 0x2F, 0x17,
966 0x57, 0x7D, 0x8C, 0x37, 0x03, 0x57, 0x96, 0xAB},
967 {0x3E, 0x4F, 0xBD, 0xF3, 0x0F, 0xB8, 0x25, 0x9C,
968 0x42, 0x5C, 0xB6, 0xC9, 0x6F, 0x1F, 0x46, 0x35}
969 };
970 static unsigned char iv[16] = { 0 };
971 unsigned char result[16] = { 0 };
972
973 for (i = 0; i < 3; i++) {
974 p = 0;
975 params[p++] = OSSL_PARAM_construct_utf8_string(
976 OSSL_KDF_PARAM_CIPHER, "CAMELLIA-128-CBC", 0);
977 params[p++] = OSSL_PARAM_construct_utf8_string(
978 OSSL_KDF_PARAM_MAC, "CMAC", 0);
979 params[p++] = OSSL_PARAM_construct_utf8_string(
980 OSSL_KDF_PARAM_MODE, "FEEDBACK", 0);
981 params[p++] = OSSL_PARAM_construct_octet_string(
982 OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
983 params[p++] = OSSL_PARAM_construct_octet_string(
984 OSSL_KDF_PARAM_SALT, constants[i], sizeof(constants[i]));
985 params[p++] = OSSL_PARAM_construct_octet_string(
986 OSSL_KDF_PARAM_SEED, iv, sizeof(iv));
987 params[p] = OSSL_PARAM_construct_end();
988
989 kctx = get_kdfbyname("KBKDF");
990 ret = TEST_ptr(kctx)
991 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result),
992 params), 0)
993 && TEST_mem_eq(result, sizeof(result), outputs[i],
994 sizeof(outputs[i]));
995 EVP_KDF_CTX_free(kctx);
996 if (ret != 1)
997 return ret;
998 }
999
1000 return ret;
1001 }
1002
test_kdf_kbkdf_6803_256(void)1003 static int test_kdf_kbkdf_6803_256(void)
1004 {
1005 int ret = 0, i, p;
1006 EVP_KDF_CTX *kctx;
1007 OSSL_PARAM params[7];
1008 static unsigned char input_key[] = {
1009 0xB9, 0xD6, 0x82, 0x8B, 0x20, 0x56, 0xB7, 0xBE,
1010 0x65, 0x6D, 0x88, 0xA1, 0x23, 0xB1, 0xFA, 0xC6,
1011 0x82, 0x14, 0xAC, 0x2B, 0x72, 0x7E, 0xCF, 0x5F,
1012 0x69, 0xAF, 0xE0, 0xC4, 0xDF, 0x2A, 0x6D, 0x2C,
1013 };
1014 static unsigned char constants[][5] = {
1015 { 0x00, 0x00, 0x00, 0x02, 0x99 },
1016 { 0x00, 0x00, 0x00, 0x02, 0xaa },
1017 { 0x00, 0x00, 0x00, 0x02, 0x55 },
1018 };
1019 static unsigned char outputs[][32] = {
1020 {0xE4, 0x67, 0xF9, 0xA9, 0x55, 0x2B, 0xC7, 0xD3,
1021 0x15, 0x5A, 0x62, 0x20, 0xAF, 0x9C, 0x19, 0x22,
1022 0x0E, 0xEE, 0xD4, 0xFF, 0x78, 0xB0, 0xD1, 0xE6,
1023 0xA1, 0x54, 0x49, 0x91, 0x46, 0x1A, 0x9E, 0x50,
1024 },
1025 {0x41, 0x2A, 0xEF, 0xC3, 0x62, 0xA7, 0x28, 0x5F,
1026 0xC3, 0x96, 0x6C, 0x6A, 0x51, 0x81, 0xE7, 0x60,
1027 0x5A, 0xE6, 0x75, 0x23, 0x5B, 0x6D, 0x54, 0x9F,
1028 0xBF, 0xC9, 0xAB, 0x66, 0x30, 0xA4, 0xC6, 0x04,
1029 },
1030 {0xFA, 0x62, 0x4F, 0xA0, 0xE5, 0x23, 0x99, 0x3F,
1031 0xA3, 0x88, 0xAE, 0xFD, 0xC6, 0x7E, 0x67, 0xEB,
1032 0xCD, 0x8C, 0x08, 0xE8, 0xA0, 0x24, 0x6B, 0x1D,
1033 0x73, 0xB0, 0xD1, 0xDD, 0x9F, 0xC5, 0x82, 0xB0,
1034 },
1035 };
1036 static unsigned char iv[16] = { 0 };
1037 unsigned char result[32] = { 0 };
1038
1039 for (i = 0; i < 3; i++) {
1040 p = 0;
1041 params[p++] = OSSL_PARAM_construct_utf8_string(
1042 OSSL_KDF_PARAM_CIPHER, "CAMELLIA-256-CBC", 0);
1043 params[p++] = OSSL_PARAM_construct_utf8_string(
1044 OSSL_KDF_PARAM_MAC, "CMAC", 0);
1045 params[p++] = OSSL_PARAM_construct_utf8_string(
1046 OSSL_KDF_PARAM_MODE, "FEEDBACK", 0);
1047 params[p++] = OSSL_PARAM_construct_octet_string(
1048 OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
1049 params[p++] = OSSL_PARAM_construct_octet_string(
1050 OSSL_KDF_PARAM_SALT, constants[i], sizeof(constants[i]));
1051 params[p++] = OSSL_PARAM_construct_octet_string(
1052 OSSL_KDF_PARAM_SEED, iv, sizeof(iv));
1053 params[p] = OSSL_PARAM_construct_end();
1054
1055 kctx = get_kdfbyname("KBKDF");
1056 ret = TEST_ptr(kctx)
1057 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result),
1058 params), 0)
1059 && TEST_mem_eq(result, sizeof(result), outputs[i],
1060 sizeof(outputs[i]));
1061 EVP_KDF_CTX_free(kctx);
1062 if (ret != 1)
1063 return ret;
1064 }
1065
1066 return ret;
1067 }
1068 #endif
1069
construct_kbkdf_params(char * digest,char * mac,unsigned char * key,size_t keylen,char * salt,char * info,int * r)1070 static OSSL_PARAM *construct_kbkdf_params(char *digest, char *mac, unsigned char *key,
1071 size_t keylen, char *salt, char *info, int *r)
1072 {
1073 OSSL_PARAM *params = OPENSSL_malloc(sizeof(OSSL_PARAM) * 8);
1074 OSSL_PARAM *p = params;
1075
1076 if (params == NULL)
1077 return NULL;
1078
1079 *p++ = OSSL_PARAM_construct_utf8_string(
1080 OSSL_KDF_PARAM_DIGEST, digest, 0);
1081 *p++ = OSSL_PARAM_construct_utf8_string(
1082 OSSL_KDF_PARAM_MAC, mac, 0);
1083 *p++ = OSSL_PARAM_construct_utf8_string(
1084 OSSL_KDF_PARAM_MODE, "COUNTER", 0);
1085 *p++ = OSSL_PARAM_construct_octet_string(
1086 OSSL_KDF_PARAM_KEY, key, keylen);
1087 *p++ = OSSL_PARAM_construct_octet_string(
1088 OSSL_KDF_PARAM_SALT, salt, strlen(salt));
1089 *p++ = OSSL_PARAM_construct_octet_string(
1090 OSSL_KDF_PARAM_INFO, info, strlen(info));
1091 *p++ = OSSL_PARAM_construct_int(
1092 OSSL_KDF_PARAM_KBKDF_R, r);
1093 *p = OSSL_PARAM_construct_end();
1094
1095 return params;
1096 }
1097
test_kdf_kbkdf_invalid_digest(void)1098 static int test_kdf_kbkdf_invalid_digest(void)
1099 {
1100 int ret;
1101 EVP_KDF_CTX *kctx;
1102 OSSL_PARAM *params;
1103
1104 static unsigned char key[] = {0x01};
1105 int r = 32;
1106
1107 params = construct_kbkdf_params("blah", "HMAC", key, 1, "prf", "test", &r);
1108 if (!TEST_ptr(params))
1109 return 0;
1110
1111 /* Negative test case - set_params should fail */
1112 kctx = get_kdfbyname("KBKDF");
1113 ret = TEST_ptr(kctx)
1114 && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
1115
1116 EVP_KDF_CTX_free(kctx);
1117 OPENSSL_free(params);
1118 return ret;
1119 }
1120
test_kdf_kbkdf_invalid_mac(void)1121 static int test_kdf_kbkdf_invalid_mac(void)
1122 {
1123 int ret;
1124 EVP_KDF_CTX *kctx;
1125 OSSL_PARAM *params;
1126
1127 static unsigned char key[] = {0x01};
1128 int r = 32;
1129
1130 params = construct_kbkdf_params("sha256", "blah", key, 1, "prf", "test", &r);
1131 if (!TEST_ptr(params))
1132 return 0;
1133
1134 /* Negative test case - set_params should fail */
1135 kctx = get_kdfbyname("KBKDF");
1136 ret = TEST_ptr(kctx)
1137 && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
1138
1139 EVP_KDF_CTX_free(kctx);
1140 OPENSSL_free(params);
1141 return ret;
1142 }
1143
test_kdf_kbkdf_invalid_r(void)1144 static int test_kdf_kbkdf_invalid_r(void)
1145 {
1146 int ret;
1147 EVP_KDF_CTX *kctx;
1148 OSSL_PARAM *params;
1149
1150 static unsigned char key[] = {0x01};
1151 int r = 31;
1152
1153 params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test", &r);
1154 if (!TEST_ptr(params))
1155 return 0;
1156
1157 /* Negative test case - derive should fail */
1158 kctx = get_kdfbyname("KBKDF");
1159 ret = TEST_ptr(kctx)
1160 && TEST_false(EVP_KDF_CTX_set_params(kctx, params));
1161
1162 EVP_KDF_CTX_free(kctx);
1163 OPENSSL_free(params);
1164 return ret;
1165 }
1166
1167
test_kdf_kbkdf_empty_key(void)1168 static int test_kdf_kbkdf_empty_key(void)
1169 {
1170 int ret;
1171 EVP_KDF_CTX *kctx;
1172 OSSL_PARAM *params;
1173
1174 static unsigned char key[] = {0x01};
1175 unsigned char result[32] = { 0 };
1176 int r = 32;
1177
1178 params = construct_kbkdf_params("sha256", "HMAC", key, 0, "prf", "test", &r);
1179 if (!TEST_ptr(params))
1180 return 0;
1181
1182 /* Negative test case - derive should fail */
1183 kctx = get_kdfbyname("KBKDF");
1184 ret = TEST_ptr(kctx)
1185 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
1186 && TEST_int_eq(EVP_KDF_derive(kctx, result, sizeof(result), NULL), 0);
1187
1188 EVP_KDF_CTX_free(kctx);
1189 OPENSSL_free(params);
1190 return ret;
1191 }
1192
test_kdf_kbkdf_1byte_key(void)1193 static int test_kdf_kbkdf_1byte_key(void)
1194 {
1195 int ret;
1196 EVP_KDF_CTX *kctx;
1197 OSSL_PARAM *params;
1198
1199 static unsigned char key[] = {0x01};
1200 unsigned char result[32] = { 0 };
1201 int r = 32;
1202
1203 params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test", &r);
1204 if (!TEST_ptr(params))
1205 return 0;
1206
1207 kctx = get_kdfbyname("KBKDF");
1208 ret = TEST_ptr(kctx)
1209 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), params), 0);
1210
1211 EVP_KDF_CTX_free(kctx);
1212 OPENSSL_free(params);
1213 return ret;
1214 }
1215
test_kdf_kbkdf_zero_output_size(void)1216 static int test_kdf_kbkdf_zero_output_size(void)
1217 {
1218 int ret;
1219 EVP_KDF_CTX *kctx;
1220 OSSL_PARAM *params;
1221
1222 static unsigned char key[] = {0x01};
1223 unsigned char result[32] = { 0 };
1224 int r = 32;
1225
1226 params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test", &r);
1227 if (!TEST_ptr(params))
1228 return 0;
1229
1230 /* Negative test case - derive should fail */
1231 kctx = get_kdfbyname("KBKDF");
1232 ret = TEST_ptr(kctx)
1233 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
1234 && TEST_int_eq(EVP_KDF_derive(kctx, result, 0, NULL), 0);
1235
1236 EVP_KDF_CTX_free(kctx);
1237 OPENSSL_free(params);
1238 return ret;
1239 }
1240
1241 /* Two test vectors from RFC 8009 (AES Encryption with HMAC-SHA2 for Kerberos
1242 * 5) appendix A. */
test_kdf_kbkdf_8009_prf1(void)1243 static int test_kdf_kbkdf_8009_prf1(void)
1244 {
1245 int ret, i = 0;
1246 EVP_KDF_CTX *kctx;
1247 OSSL_PARAM params[6];
1248 char *label = "prf", *digest = "sha256", *prf_input = "test",
1249 *mac = "HMAC";
1250 static unsigned char input_key[] = {
1251 0x37, 0x05, 0xD9, 0x60, 0x80, 0xC1, 0x77, 0x28,
1252 0xA0, 0xE8, 0x00, 0xEA, 0xB6, 0xE0, 0xD2, 0x3C,
1253 };
1254 static unsigned char output[] = {
1255 0x9D, 0x18, 0x86, 0x16, 0xF6, 0x38, 0x52, 0xFE,
1256 0x86, 0x91, 0x5B, 0xB8, 0x40, 0xB4, 0xA8, 0x86,
1257 0xFF, 0x3E, 0x6B, 0xB0, 0xF8, 0x19, 0xB4, 0x9B,
1258 0x89, 0x33, 0x93, 0xD3, 0x93, 0x85, 0x42, 0x95,
1259 };
1260 unsigned char result[sizeof(output)] = { 0 };
1261
1262 params[i++] = OSSL_PARAM_construct_utf8_string(
1263 OSSL_KDF_PARAM_DIGEST, digest, 0);
1264 params[i++] = OSSL_PARAM_construct_utf8_string(
1265 OSSL_KDF_PARAM_MAC, mac, 0);
1266 params[i++] = OSSL_PARAM_construct_octet_string(
1267 OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
1268 params[i++] = OSSL_PARAM_construct_octet_string(
1269 OSSL_KDF_PARAM_SALT, label, strlen(label));
1270 params[i++] = OSSL_PARAM_construct_octet_string(
1271 OSSL_KDF_PARAM_INFO, prf_input, strlen(prf_input));
1272 params[i] = OSSL_PARAM_construct_end();
1273
1274 kctx = get_kdfbyname("KBKDF");
1275 ret = TEST_ptr(kctx)
1276 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), params), 0)
1277 && TEST_mem_eq(result, sizeof(result), output, sizeof(output));
1278
1279 EVP_KDF_CTX_free(kctx);
1280 return ret;
1281 }
1282
test_kdf_kbkdf_8009_prf2(void)1283 static int test_kdf_kbkdf_8009_prf2(void)
1284 {
1285 int ret, i = 0;
1286 EVP_KDF_CTX *kctx;
1287 OSSL_PARAM params[6];
1288 char *label = "prf", *digest = "sha384", *prf_input = "test",
1289 *mac = "HMAC";
1290 static unsigned char input_key[] = {
1291 0x6D, 0x40, 0x4D, 0x37, 0xFA, 0xF7, 0x9F, 0x9D,
1292 0xF0, 0xD3, 0x35, 0x68, 0xD3, 0x20, 0x66, 0x98,
1293 0x00, 0xEB, 0x48, 0x36, 0x47, 0x2E, 0xA8, 0xA0,
1294 0x26, 0xD1, 0x6B, 0x71, 0x82, 0x46, 0x0C, 0x52,
1295 };
1296 static unsigned char output[] = {
1297 0x98, 0x01, 0xF6, 0x9A, 0x36, 0x8C, 0x2B, 0xF6,
1298 0x75, 0xE5, 0x95, 0x21, 0xE1, 0x77, 0xD9, 0xA0,
1299 0x7F, 0x67, 0xEF, 0xE1, 0xCF, 0xDE, 0x8D, 0x3C,
1300 0x8D, 0x6F, 0x6A, 0x02, 0x56, 0xE3, 0xB1, 0x7D,
1301 0xB3, 0xC1, 0xB6, 0x2A, 0xD1, 0xB8, 0x55, 0x33,
1302 0x60, 0xD1, 0x73, 0x67, 0xEB, 0x15, 0x14, 0xD2,
1303 };
1304 unsigned char result[sizeof(output)] = { 0 };
1305
1306 params[i++] = OSSL_PARAM_construct_utf8_string(
1307 OSSL_KDF_PARAM_DIGEST, digest, 0);
1308 params[i++] = OSSL_PARAM_construct_utf8_string(
1309 OSSL_KDF_PARAM_MAC, mac, 0);
1310 params[i++] = OSSL_PARAM_construct_octet_string(
1311 OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
1312 params[i++] = OSSL_PARAM_construct_octet_string(
1313 OSSL_KDF_PARAM_SALT, label, strlen(label));
1314 params[i++] = OSSL_PARAM_construct_octet_string(
1315 OSSL_KDF_PARAM_INFO, prf_input, strlen(prf_input));
1316 params[i] = OSSL_PARAM_construct_end();
1317
1318 kctx = get_kdfbyname("KBKDF");
1319 ret = TEST_ptr(kctx)
1320 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), params), 0)
1321 && TEST_mem_eq(result, sizeof(result), output, sizeof(output));
1322
1323 EVP_KDF_CTX_free(kctx);
1324 return ret;
1325 }
1326
1327 #if !defined(OPENSSL_NO_CMAC)
1328 /*
1329 * Test vector taken from
1330 * https://csrc.nist.gov/CSRC/media/Projects/
1331 * Cryptographic-Algorithm-Validation-Program/documents/KBKDF800-108/CounterMode.zip
1332 */
test_kdf_kbkdf_fixedinfo(void)1333 static int test_kdf_kbkdf_fixedinfo(void)
1334 {
1335 int ret;
1336 EVP_KDF_CTX *kctx;
1337 OSSL_PARAM params[8], *p = params;
1338 static char *cipher = "AES128";
1339 static char *mac = "CMAC";
1340 static char *mode = "COUNTER";
1341 int use_l = 0;
1342 int use_separator = 0;
1343
1344 static unsigned char input_key[] = {
1345 0xc1, 0x0b, 0x15, 0x2e, 0x8c, 0x97, 0xb7, 0x7e,
1346 0x18, 0x70, 0x4e, 0x0f, 0x0b, 0xd3, 0x83, 0x05,
1347 };
1348 static unsigned char fixed_input[] = {
1349 0x98, 0xcd, 0x4c, 0xbb, 0xbe, 0xbe, 0x15, 0xd1,
1350 0x7d, 0xc8, 0x6e, 0x6d, 0xba, 0xd8, 0x00, 0xa2,
1351 0xdc, 0xbd, 0x64, 0xf7, 0xc7, 0xad, 0x0e, 0x78,
1352 0xe9, 0xcf, 0x94, 0xff, 0xdb, 0xa8, 0x9d, 0x03,
1353 0xe9, 0x7e, 0xad, 0xf6, 0xc4, 0xf7, 0xb8, 0x06,
1354 0xca, 0xf5, 0x2a, 0xa3, 0x8f, 0x09, 0xd0, 0xeb,
1355 0x71, 0xd7, 0x1f, 0x49, 0x7b, 0xcc, 0x69, 0x06,
1356 0xb4, 0x8d, 0x36, 0xc4,
1357
1358 };
1359 static unsigned char output[] = {
1360 0x26, 0xfa, 0xf6, 0x19, 0x08, 0xad, 0x9e, 0xe8,
1361 0x81, 0xb8, 0x30, 0x5c, 0x22, 0x1d, 0xb5, 0x3f,
1362 };
1363 unsigned char result[sizeof(output)] = { 0 };
1364
1365 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER, cipher, 0);
1366 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, mac, 0);
1367 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE, mode, 0);
1368 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, input_key,
1369 sizeof(input_key));
1370 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
1371 fixed_input, sizeof(fixed_input));
1372 *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_USE_L, &use_l);
1373 *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR,
1374 &use_separator);
1375 *p = OSSL_PARAM_construct_end();
1376
1377 kctx = get_kdfbyname("KBKDF");
1378 ret = TEST_ptr(kctx)
1379 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), params), 0)
1380 && TEST_mem_eq(result, sizeof(result), output, sizeof(output));
1381
1382 EVP_KDF_CTX_free(kctx);
1383 return ret;
1384 }
1385 #endif /* OPENSSL_NO_CMAC */
1386
test_kdf_ss_hmac(void)1387 static int test_kdf_ss_hmac(void)
1388 {
1389 int ret;
1390 EVP_KDF_CTX *kctx;
1391 OSSL_PARAM params[6], *p = params;
1392 unsigned char out[16];
1393 static unsigned char z[] = {
1394 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
1395 };
1396 static unsigned char other[] = {
1397 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
1398 };
1399 static unsigned char salt[] = {
1400 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
1401 0x3f,0x89
1402 };
1403 static const unsigned char expected[sizeof(out)] = {
1404 0x44,0xf6,0x76,0xe8,0x5c,0x1b,0x1a,0x8b,0xbc,0x3d,0x31,0x92,0x18,0x63,
1405 0x1c,0xa3
1406 };
1407
1408 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
1409 (char *)OSSL_MAC_NAME_HMAC, 0);
1410 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
1411 (char *)"sha256", 0);
1412 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
1413 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
1414 sizeof(other));
1415 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt,
1416 sizeof(salt));
1417 *p = OSSL_PARAM_construct_end();
1418
1419 ret =
1420 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
1421 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
1422 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1423
1424 EVP_KDF_CTX_free(kctx);
1425 return ret;
1426 }
1427
test_kdf_ss_kmac(void)1428 static int test_kdf_ss_kmac(void)
1429 {
1430 int ret;
1431 EVP_KDF_CTX *kctx;
1432 OSSL_PARAM params[6], *p = params;
1433 unsigned char out[64];
1434 size_t mac_size = 20;
1435 static unsigned char z[] = {
1436 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
1437 };
1438 static unsigned char other[] = {
1439 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
1440 };
1441 static unsigned char salt[] = {
1442 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
1443 0x3f,0x89
1444 };
1445 static const unsigned char expected[sizeof(out)] = {
1446 0xe9,0xc1,0x84,0x53,0xa0,0x62,0xb5,0x3b,0xdb,0xfc,0xbb,0x5a,0x34,0xbd,
1447 0xb8,0xe5,0xe7,0x07,0xee,0xbb,0x5d,0xd1,0x34,0x42,0x43,0xd8,0xcf,0xc2,
1448 0xc2,0xe6,0x33,0x2f,0x91,0xbd,0xa5,0x86,0xf3,0x7d,0xe4,0x8a,0x65,0xd4,
1449 0xc5,0x14,0xfd,0xef,0xaa,0x1e,0x67,0x54,0xf3,0x73,0xd2,0x38,0xe1,0x95,
1450 0xae,0x15,0x7e,0x1d,0xe8,0x14,0x98,0x03
1451 };
1452
1453 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
1454 (char *)OSSL_MAC_NAME_KMAC128, 0);
1455 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
1456 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
1457 sizeof(other));
1458 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt,
1459 sizeof(salt));
1460 *p++ = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_MAC_SIZE, &mac_size);
1461 *p = OSSL_PARAM_construct_end();
1462
1463 ret =
1464 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
1465 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
1466 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1467
1468 EVP_KDF_CTX_free(kctx);
1469 return ret;
1470 }
1471
test_kdf_sshkdf(void)1472 static int test_kdf_sshkdf(void)
1473 {
1474 int ret;
1475 EVP_KDF_CTX *kctx;
1476 OSSL_PARAM params[6], *p = params;
1477 char kdftype = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV;
1478 unsigned char out[8];
1479 /* Test data from NIST CAVS 14.1 test vectors */
1480 static unsigned char key[] = {
1481 0x00, 0x00, 0x00, 0x81, 0x00, 0x87, 0x5c, 0x55, 0x1c, 0xef, 0x52, 0x6a,
1482 0x4a, 0x8b, 0xe1, 0xa7, 0xdf, 0x27, 0xe9, 0xed, 0x35, 0x4b, 0xac, 0x9a,
1483 0xfb, 0x71, 0xf5, 0x3d, 0xba, 0xe9, 0x05, 0x67, 0x9d, 0x14, 0xf9, 0xfa,
1484 0xf2, 0x46, 0x9c, 0x53, 0x45, 0x7c, 0xf8, 0x0a, 0x36, 0x6b, 0xe2, 0x78,
1485 0x96, 0x5b, 0xa6, 0x25, 0x52, 0x76, 0xca, 0x2d, 0x9f, 0x4a, 0x97, 0xd2,
1486 0x71, 0xf7, 0x1e, 0x50, 0xd8, 0xa9, 0xec, 0x46, 0x25, 0x3a, 0x6a, 0x90,
1487 0x6a, 0xc2, 0xc5, 0xe4, 0xf4, 0x8b, 0x27, 0xa6, 0x3c, 0xe0, 0x8d, 0x80,
1488 0x39, 0x0a, 0x49, 0x2a, 0xa4, 0x3b, 0xad, 0x9d, 0x88, 0x2c, 0xca, 0xc2,
1489 0x3d, 0xac, 0x88, 0xbc, 0xad, 0xa4, 0xb4, 0xd4, 0x26, 0xa3, 0x62, 0x08,
1490 0x3d, 0xab, 0x65, 0x69, 0xc5, 0x4c, 0x22, 0x4d, 0xd2, 0xd8, 0x76, 0x43,
1491 0xaa, 0x22, 0x76, 0x93, 0xe1, 0x41, 0xad, 0x16, 0x30, 0xce, 0x13, 0x14,
1492 0x4e
1493 };
1494 static unsigned char xcghash[] = {
1495 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
1496 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
1497 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
1498 };
1499 static unsigned char sessid[] = {
1500 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
1501 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
1502 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
1503 };
1504 static const unsigned char expected[sizeof(out)] = {
1505 0x41, 0xff, 0x2e, 0xad, 0x16, 0x83, 0xf1, 0xe6
1506 };
1507
1508 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
1509 (char *)"sha256", 0);
1510 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key,
1511 sizeof(key));
1512 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_XCGHASH,
1513 xcghash, sizeof(xcghash));
1514 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_SESSION_ID,
1515 sessid, sizeof(sessid));
1516 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE,
1517 &kdftype, sizeof(kdftype));
1518 *p = OSSL_PARAM_construct_end();
1519
1520 ret =
1521 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSHKDF))
1522 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
1523 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1524
1525 EVP_KDF_CTX_free(kctx);
1526 return ret;
1527 }
1528
test_kdfs_same(EVP_KDF * kdf1,EVP_KDF * kdf2)1529 static int test_kdfs_same(EVP_KDF *kdf1, EVP_KDF *kdf2)
1530 {
1531 /* Fast path in case the two are the same algorithm pointer */
1532 if (kdf1 == kdf2)
1533 return 1;
1534 /*
1535 * Compare their names and providers instead.
1536 * This is necessary in a non-caching build (or a cache flush during fetch)
1537 * because without the algorithm in the cache, fetching it a second time
1538 * will result in a different pointer.
1539 */
1540 return TEST_ptr_eq(EVP_KDF_get0_provider(kdf1), EVP_KDF_get0_provider(kdf2))
1541 && TEST_str_eq(EVP_KDF_get0_name(kdf1), EVP_KDF_get0_name(kdf2));
1542 }
1543
test_kdf_get_kdf(void)1544 static int test_kdf_get_kdf(void)
1545 {
1546 EVP_KDF *kdf1 = NULL, *kdf2 = NULL;
1547 ASN1_OBJECT *obj;
1548 int ok = 1;
1549
1550 if (!TEST_ptr(obj = OBJ_nid2obj(NID_id_pbkdf2))
1551 || !TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_PBKDF2, NULL))
1552 || !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(OBJ_obj2nid(obj)),
1553 NULL))
1554 || !test_kdfs_same(kdf1, kdf2))
1555 ok = 0;
1556 EVP_KDF_free(kdf1);
1557 kdf1 = NULL;
1558 EVP_KDF_free(kdf2);
1559 kdf2 = NULL;
1560
1561 if (!TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, SN_tls1_prf, NULL))
1562 || !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, LN_tls1_prf, NULL))
1563 || !test_kdfs_same(kdf1, kdf2))
1564 ok = 0;
1565 /* kdf1 is re-used below, so don't free it here */
1566 EVP_KDF_free(kdf2);
1567 kdf2 = NULL;
1568
1569 if (!TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(NID_tls1_prf), NULL))
1570 || !test_kdfs_same(kdf1, kdf2))
1571 ok = 0;
1572 EVP_KDF_free(kdf1);
1573 kdf1 = NULL;
1574 EVP_KDF_free(kdf2);
1575 kdf2 = NULL;
1576
1577 return ok;
1578 }
1579
1580 #if !defined(OPENSSL_NO_CMS) && !defined(OPENSSL_NO_DES)
test_kdf_x942_asn1(void)1581 static int test_kdf_x942_asn1(void)
1582 {
1583 int ret;
1584 EVP_KDF_CTX *kctx = NULL;
1585 OSSL_PARAM params[4], *p = params;
1586 const char *cek_alg = SN_id_smime_alg_CMS3DESwrap;
1587 unsigned char out[24];
1588 /* RFC2631 Section 2.1.6 Test data */
1589 static unsigned char z[] = {
1590 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,
1591 0x0e,0x0f,0x10,0x11,0x12,0x13
1592 };
1593 static const unsigned char expected[sizeof(out)] = {
1594 0xa0,0x96,0x61,0x39,0x23,0x76,0xf7,0x04,
1595 0x4d,0x90,0x52,0xa3,0x97,0x88,0x32,0x46,
1596 0xb6,0x7f,0x5f,0x1e,0xf6,0x3e,0xb5,0xfb
1597 };
1598
1599 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
1600 (char *)"sha1", 0);
1601 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z,
1602 sizeof(z));
1603 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG,
1604 (char *)cek_alg, 0);
1605 *p = OSSL_PARAM_construct_end();
1606
1607 ret =
1608 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X942KDF_ASN1))
1609 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
1610 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1611
1612 EVP_KDF_CTX_free(kctx);
1613 return ret;
1614 }
1615 #endif /* OPENSSL_NO_CMS */
1616
test_kdf_krb5kdf(void)1617 static int test_kdf_krb5kdf(void)
1618 {
1619 int ret;
1620 EVP_KDF_CTX *kctx;
1621 OSSL_PARAM params[4], *p = params;
1622 unsigned char out[16];
1623 static unsigned char key[] = {
1624 0x42, 0x26, 0x3C, 0x6E, 0x89, 0xF4, 0xFC, 0x28,
1625 0xB8, 0xDF, 0x68, 0xEE, 0x09, 0x79, 0x9F, 0x15
1626 };
1627 static unsigned char constant[] = {
1628 0x00, 0x00, 0x00, 0x02, 0x99
1629 };
1630 static const unsigned char expected[sizeof(out)] = {
1631 0x34, 0x28, 0x0A, 0x38, 0x2B, 0xC9, 0x27, 0x69,
1632 0xB2, 0xDA, 0x2F, 0x9E, 0xF0, 0x66, 0x85, 0x4B
1633 };
1634
1635 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER,
1636 (char *)"AES-128-CBC", 0);
1637 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key,
1638 sizeof(key));
1639 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_CONSTANT,
1640 constant, sizeof(constant));
1641 *p = OSSL_PARAM_construct_end();
1642
1643 ret =
1644 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_KRB5KDF))
1645 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
1646 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1647
1648 EVP_KDF_CTX_free(kctx);
1649 return ret;
1650 }
1651
setup_tests(void)1652 int setup_tests(void)
1653 {
1654 ADD_TEST(test_kdf_pbkdf1);
1655 #if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_CAMELLIA)
1656 ADD_TEST(test_kdf_kbkdf_6803_128);
1657 ADD_TEST(test_kdf_kbkdf_6803_256);
1658 #endif
1659 ADD_TEST(test_kdf_kbkdf_invalid_digest);
1660 ADD_TEST(test_kdf_kbkdf_invalid_mac);
1661 ADD_TEST(test_kdf_kbkdf_invalid_r);
1662 ADD_TEST(test_kdf_kbkdf_zero_output_size);
1663 ADD_TEST(test_kdf_kbkdf_empty_key);
1664 ADD_TEST(test_kdf_kbkdf_1byte_key);
1665 ADD_TEST(test_kdf_kbkdf_8009_prf1);
1666 ADD_TEST(test_kdf_kbkdf_8009_prf2);
1667 #if !defined(OPENSSL_NO_CMAC)
1668 ADD_TEST(test_kdf_kbkdf_fixedinfo);
1669 #endif
1670 ADD_TEST(test_kdf_get_kdf);
1671 ADD_TEST(test_kdf_tls1_prf);
1672 ADD_TEST(test_kdf_tls1_prf_invalid_digest);
1673 ADD_TEST(test_kdf_tls1_prf_zero_output_size);
1674 ADD_TEST(test_kdf_tls1_prf_empty_secret);
1675 ADD_TEST(test_kdf_tls1_prf_1byte_secret);
1676 ADD_TEST(test_kdf_tls1_prf_empty_seed);
1677 ADD_TEST(test_kdf_tls1_prf_1byte_seed);
1678 ADD_TEST(test_kdf_hkdf);
1679 ADD_TEST(test_kdf_hkdf_invalid_digest);
1680 ADD_TEST(test_kdf_hkdf_zero_output_size);
1681 ADD_TEST(test_kdf_hkdf_empty_key);
1682 ADD_TEST(test_kdf_hkdf_1byte_key);
1683 ADD_TEST(test_kdf_hkdf_empty_salt);
1684 ADD_TEST(test_kdf_hkdf_gettables);
1685 ADD_TEST(test_kdf_hkdf_gettables_expandonly);
1686 ADD_TEST(test_kdf_hkdf_gettables_no_digest);
1687 ADD_TEST(test_kdf_hkdf_derive_set_params_fail);
1688 ADD_TEST(test_kdf_hkdf_set_invalid_mode);
1689 ADD_TEST(test_kdf_hkdf_set_ctx_param_fail);
1690 ADD_TEST(test_kdf_pbkdf2);
1691 ADD_TEST(test_kdf_pbkdf2_small_output);
1692 ADD_TEST(test_kdf_pbkdf2_large_output);
1693 ADD_TEST(test_kdf_pbkdf2_small_salt);
1694 ADD_TEST(test_kdf_pbkdf2_small_iterations);
1695 ADD_TEST(test_kdf_pbkdf2_small_salt_pkcs5);
1696 ADD_TEST(test_kdf_pbkdf2_small_iterations_pkcs5);
1697 ADD_TEST(test_kdf_pbkdf2_invalid_digest);
1698 #ifndef OPENSSL_NO_SCRYPT
1699 ADD_TEST(test_kdf_scrypt);
1700 #endif
1701 ADD_TEST(test_kdf_ss_hash);
1702 ADD_TEST(test_kdf_ss_hmac);
1703 ADD_TEST(test_kdf_ss_kmac);
1704 ADD_TEST(test_kdf_sshkdf);
1705 ADD_TEST(test_kdf_x963);
1706 #if !defined(OPENSSL_NO_CMS) && !defined(OPENSSL_NO_DES)
1707 ADD_TEST(test_kdf_x942_asn1);
1708 #endif
1709 ADD_TEST(test_kdf_krb5kdf);
1710 return 1;
1711 }
1712
