1#
2# Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved.
3#
4# Licensed under the Apache License 2.0 (the "License").  You may not use
5# this file except in compliance with the License.  You can obtain a copy
6# in the file LICENSE in the source distribution or at
7# https://www.openssl.org/source/license.html
8
9# Tests start with one of these keywords
10#       Cipher Decrypt Derive Digest Encoding KDF MAC PBE
11#       PrivPubKeyPair Sign Verify VerifyRecover
12# and continue until a blank line. Lines starting with a pound sign are ignored.
13
14Title = TLS1 PRF tests (from NIST test vectors)
15
16PKEYKDF = TLS1-PRF
17Ctrl.md = md:MD5-SHA1
18Ctrl.Secret = hexsecret:bded7fa5c1699c010be23dd06ada3a48349f21e5f86263d512c0c5cc379f0e780ec55d9844b2f1db02a96453513568d0
19Ctrl.label = seed:master secret
20Ctrl.client_random = hexseed:e5acaf549cd25c22d964c0d930fa4b5261d2507fad84c33715b7b9a864020693
21Ctrl.server_random = hexseed:135e4d557fdf3aa6406d82975d5c606a9734c9334b42136e96990fbd5358cdb2
22Output = 2f6962dfbc744c4b2138bb6b3d33054c5ecc14f24851d9896395a44ab3964efc2090c5bf51a0891209f46c1e1e998f62
23
24PKEYKDF = TLS1-PRF
25Ctrl.md = md:MD5-SHA1
26Ctrl.Secret = hexsecret:2f6962dfbc744c4b2138bb6b3d33054c5ecc14f24851d9896395a44ab3964efc2090c5bf51a0891209f46c1e1e998f62
27Ctrl.label = seed:key expansion
28Ctrl.server_random = hexseed:67267e650eb32444119d222a368c191af3082888dc35afe8368e638c828874be
29Ctrl.client_random = hexseed:d58a7b1cd4fedaa232159df652ce188f9d997e061b9bf48e83b62990440931f6
30Output = 3088825988e77fce68d19f756e18e43eb7fe672433504feaf99b3c503d9091b164f166db301d70c9fc0870b4a94563907bee1a61fb786cb717576890bcc51cb9ead97e01d0a2fea99c953377b195205ff07b369589178796edc963fd80fdbe518a2fc1c35c18ae8d
31
32# Missing secret.
33PKEYKDF = TLS1-PRF
34Ctrl.md = md:MD5-SHA1
35Ctrl.Seed = hexseed:02
36Output = 03
37Result = KDF_DERIVE_ERROR
38
39# PKEYKDF variants.
40
41PKEYKDF = TLS1-PRF
42Ctrl.md = md:SHA256
43Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc
44Ctrl.label = seed:master secret
45Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
46Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
47Output = 202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf
48
49PKEYKDF = TLS1-PRF
50Ctrl.md = md:SHA256
51Ctrl.Secret = hexsecret:202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf
52Ctrl.label = seed:key expansion
53Ctrl.server_random = hexseed:ae6c806f8ad4d80784549dff28a4b58fd837681a51d928c3e30ee5ff14f39868
54Ctrl.client_random = hexseed:62e1fd91f23f558a605f28478c58cf72637b89784d959df7e946d3f07bd1b616
55Output = d06139889fffac1e3a71865f504aa5d0d2a2e89506c6f2279b670c3e1b74f531016a2530c51a3a0f7e1d6590d0f0566b2f387f8d11fd4f731cdd572d2eae927f6f2f81410b25e6960be68985add6c38445ad9f8c64bf8068bf9a6679485d966f1ad6f68b43495b10a683755ea2b858d70ccac7ec8b053c6bd41ca299d4e51928
56
57# As above but use long name for KDF
58PKEYKDF = tls1-prf
59Ctrl.md = md:SHA256
60Ctrl.Secret = hexsecret:202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf
61Ctrl.label = seed:key expansion
62Ctrl.server_random = hexseed:ae6c806f8ad4d80784549dff28a4b58fd837681a51d928c3e30ee5ff14f39868
63Ctrl.client_random = hexseed:62e1fd91f23f558a605f28478c58cf72637b89784d959df7e946d3f07bd1b616
64Output = d06139889fffac1e3a71865f504aa5d0d2a2e89506c6f2279b670c3e1b74f531016a2530c51a3a0f7e1d6590d0f0566b2f387f8d11fd4f731cdd572d2eae927f6f2f81410b25e6960be68985add6c38445ad9f8c64bf8068bf9a6679485d966f1ad6f68b43495b10a683755ea2b858d70ccac7ec8b053c6bd41ca299d4e51928
65
66# Missing digest.
67PKEYKDF = TLS1-PRF
68Ctrl.Secret = hexsecret:01
69Ctrl.Seed = hexseed:02
70Output = 03
71Result = KDF_DERIVE_ERROR
72
73# Test that unsupported XOF is rejected
74KDF = TLS1-PRF
75Ctrl.digest = digest:SHAKE-256
76Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc
77Ctrl.label = seed:extended master secret
78Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
79Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
80Result = KDF_CTRL_ERROR
81
82Title = FIPS indicator tests
83
84# Test that the operation with unapproved digest function is rejected
85Availablein = fips
86FIPSversion = >=3.4.0
87PKEYKDF = TLS1-PRF
88Ctrl.digest = digest:SHA512-256
89Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc
90Ctrl.label = seed:extended master secret
91Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
92Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
93Result = KDF_DERIVE_ERROR
94Reason = digest not allowed
95
96# Test that the operation with unapproved digest function is is reported as
97# unapproved
98Availablein = fips
99FIPSversion = >=3.4.0
100PKEYKDF = TLS1-PRF
101Unapproved = 1
102Ctrl.digest-check = digest-check:0
103Ctrl.digest = digest:SHA512-256
104Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc
105Ctrl.label = seed:extended master secret
106Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
107Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
108Output = 17be20a3b4cc05524d7de353b2f125537c23372144111b0367bda166fcfc09cf1c94909a408b986f53afbdc41d93ae09
109
110# Test that the key whose length is shorter than 112 bits is rejected
111Availablein = fips
112FIPSversion = >=3.4.0
113PKEYKDF = TLS1-PRF
114Ctrl.digest = digest:SHA256
115Ctrl.Secret = hexsecret:0102030405060708090a0b
116Ctrl.label = seed:extended master secret
117Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
118Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
119Result = KDF_CTRL_ERROR
120Reason = invalid key length
121
122# Test that the key whose length is shorter than 112 bits is reported as
123# unapproved
124Availablein = fips
125FIPSversion = >=3.4.0
126PKEYKDF = TLS1-PRF
127Unapproved = 1
128Ctrl.key-check = key-check:0
129Ctrl.digest = digest:SHA256
130Ctrl.Secret = hexsecret:0102030405060708090a0b
131Ctrl.label = seed:extended master secret
132Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
133Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
134Output = 8cb203c99a13871fd96cecd2770720df3c4ebd49e1cbc956fddb400f9c051fb69b63d7abb2f996f4e4d1ac0e9153f51b
135