2 * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved.
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
11 /* Tests of the EVP_KDF_CTX APIs */
16 #include <openssl/evp.h>
17 #include <openssl/kdf.h>
18 #include <openssl/core_names.h>
21 static EVP_KDF_CTX *get_kdfbyname(const char *name)
23 EVP_KDF *kdf = EVP_KDF_fetch(NULL, name, NULL);
24 EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
30 static int test_kdf_tls1_prf(void)
33 EVP_KDF_CTX *kctx = NULL;
34 unsigned char out[16];
35 OSSL_PARAM params[4], *p = params;
36 static const unsigned char expected[sizeof(out)] = {
37 0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0,
38 0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc
41 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
42 (char *)"sha256", sizeof("sha256"));
43 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
44 (unsigned char *)"secret",
46 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
47 (unsigned char *)"seed",
49 *p = OSSL_PARAM_construct_end();
52 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
53 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
54 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
55 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
57 EVP_KDF_CTX_free(kctx);
61 static int test_kdf_hkdf(void)
65 unsigned char out[10];
66 OSSL_PARAM params[5], *p = params;
67 static const unsigned char expected[sizeof(out)] = {
68 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13
71 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
72 (char *)"sha256", sizeof("sha256"));
73 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
74 (unsigned char *)"salt", 4);
75 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
76 (unsigned char *)"secret", 6);
77 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
78 (unsigned char *)"label", 5);
79 *p = OSSL_PARAM_construct_end();
82 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
83 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
84 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
85 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
87 EVP_KDF_CTX_free(kctx);
91 static int test_kdf_pbkdf2(void)
95 unsigned char out[25];
97 unsigned int iterations = 4096;
99 OSSL_PARAM params[6], *p = params;
100 const unsigned char expected[sizeof(out)] = {
101 0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f,
102 0x32, 0xd8, 0x14, 0xb8, 0x11, 0x6e, 0x84, 0xcf,
103 0x2b, 0x17, 0x34, 0x7e, 0xbc, 0x18, 0x00, 0x18,
107 if (sizeof(len) > 32)
110 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
112 "passwordPASSWORDpassword", 24);
113 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
115 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
117 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_ITER, &iterations);
118 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
119 (char *)"sha256", 7);
120 *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &mode);
121 *p = OSSL_PARAM_construct_end();
123 if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
124 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
125 || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
126 || !TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))
127 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
128 /* A key length that is too small should fail */
129 || !TEST_int_eq(EVP_KDF_derive(kctx, out, 112 / 8 - 1), 0)
130 /* A key length that is too large should fail */
131 || (len != 0 && !TEST_int_eq(EVP_KDF_derive(kctx, out, len), 0)))
135 /* Salt length less than 128 bits should fail */
136 || TEST_int_eq(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT,
139 /* A small iteration count should fail */
140 || TEST_int_eq(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 1), 0)
141 || TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE,
143 /* Small salts will pass if the "pkcs5" mode is enabled */
144 || TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT,
147 /* A small iteration count will pass if "pkcs5" mode is enabled */
148 || TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 1), 0)
150 * If the "pkcs5" mode is disabled then the small salt and iter will
151 * fail when the derive gets called.
153 || TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE,
155 || TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out)), 0);
159 EVP_KDF_CTX_free(kctx);
163 #ifndef OPENSSL_NO_SCRYPT
164 static int test_kdf_scrypt(void)
168 OSSL_PARAM params[7], *p = params;
169 unsigned char out[64];
170 unsigned int nu = 1024, ru = 8, pu = 16, maxmem = 16;
171 static const unsigned char expected[sizeof(out)] = {
172 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
173 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
174 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
175 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
176 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
177 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
178 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
179 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
182 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
183 (char *)"password", 8);
184 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
186 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_N, &nu);
187 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_R, &ru);
188 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_P, &pu);
189 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_MAXMEM, &maxmem);
190 *p = OSSL_PARAM_construct_end();
193 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SCRYPT))
194 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
196 && TEST_int_le(EVP_KDF_derive(kctx, out, sizeof(out)), 0)*/
197 && TEST_true(OSSL_PARAM_set_uint(p - 1, 10 * 1024 * 1024))
198 && TEST_true(EVP_KDF_CTX_set_params(kctx, p - 1))
199 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
200 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
202 EVP_KDF_CTX_free(kctx);
205 #endif /* OPENSSL_NO_SCRYPT */
207 static int test_kdf_ss_hash(void)
211 OSSL_PARAM params[4], *p = params;
212 unsigned char out[14];
213 static unsigned char z[] = {
214 0x6d,0xbd,0xc2,0x3f,0x04,0x54,0x88,0xe4,0x06,0x27,0x57,0xb0,0x6b,0x9e,
215 0xba,0xe1,0x83,0xfc,0x5a,0x59,0x46,0xd8,0x0d,0xb9,0x3f,0xec,0x6f,0x62,
216 0xec,0x07,0xe3,0x72,0x7f,0x01,0x26,0xae,0xd1,0x2c,0xe4,0xb2,0x62,0xf4,
217 0x7d,0x48,0xd5,0x42,0x87,0xf8,0x1d,0x47,0x4c,0x7c,0x3b,0x18,0x50,0xe9
219 static unsigned char other[] = {
220 0xa1,0xb2,0xc3,0xd4,0xe5,0x43,0x41,0x56,0x53,0x69,0x64,0x3c,0x83,0x2e,
221 0x98,0x49,0xdc,0xdb,0xa7,0x1e,0x9a,0x31,0x39,0xe6,0x06,0xe0,0x95,0xde,
222 0x3c,0x26,0x4a,0x66,0xe9,0x8a,0x16,0x58,0x54,0xcd,0x07,0x98,0x9b,0x1e,
223 0xe0,0xec,0x3f,0x8d,0xbe
225 static const unsigned char expected[sizeof(out)] = {
226 0xa4,0x62,0xde,0x16,0xa8,0x9d,0xe8,0x46,0x6e,0xf5,0x46,0x0b,0x47,0xb8
229 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
230 (char *)"sha224", sizeof("sha224"));
231 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
232 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
234 *p = OSSL_PARAM_construct_end();
237 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
238 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
239 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
240 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
242 EVP_KDF_CTX_free(kctx);
246 static int test_kdf_x963(void)
250 OSSL_PARAM params[4], *p = params;
251 unsigned char out[1024 / 8];
253 * Test data from https://csrc.nist.gov/CSRC/media/Projects/
254 * Cryptographic-Algorithm-Validation-Program/documents/components/
255 * 800-135testvectors/ansx963_2001.zip
257 static unsigned char z[] = {
258 0x00, 0xaa, 0x5b, 0xb7, 0x9b, 0x33, 0xe3, 0x89, 0xfa, 0x58, 0xce, 0xad,
259 0xc0, 0x47, 0x19, 0x7f, 0x14, 0xe7, 0x37, 0x12, 0xf4, 0x52, 0xca, 0xa9,
260 0xfc, 0x4c, 0x9a, 0xdb, 0x36, 0x93, 0x48, 0xb8, 0x15, 0x07, 0x39, 0x2f,
261 0x1a, 0x86, 0xdd, 0xfd, 0xb7, 0xc4, 0xff, 0x82, 0x31, 0xc4, 0xbd, 0x0f,
262 0x44, 0xe4, 0x4a, 0x1b, 0x55, 0xb1, 0x40, 0x47, 0x47, 0xa9, 0xe2, 0xe7,
263 0x53, 0xf5, 0x5e, 0xf0, 0x5a, 0x2d
265 static unsigned char shared[] = {
266 0xe3, 0xb5, 0xb4, 0xc1, 0xb0, 0xd5, 0xcf, 0x1d, 0x2b, 0x3a, 0x2f, 0x99,
267 0x37, 0x89, 0x5d, 0x31
269 static const unsigned char expected[sizeof(out)] = {
270 0x44, 0x63, 0xf8, 0x69, 0xf3, 0xcc, 0x18, 0x76, 0x9b, 0x52, 0x26, 0x4b,
271 0x01, 0x12, 0xb5, 0x85, 0x8f, 0x7a, 0xd3, 0x2a, 0x5a, 0x2d, 0x96, 0xd8,
272 0xcf, 0xfa, 0xbf, 0x7f, 0xa7, 0x33, 0x63, 0x3d, 0x6e, 0x4d, 0xd2, 0xa5,
273 0x99, 0xac, 0xce, 0xb3, 0xea, 0x54, 0xa6, 0x21, 0x7c, 0xe0, 0xb5, 0x0e,
274 0xef, 0x4f, 0x6b, 0x40, 0xa5, 0xc3, 0x02, 0x50, 0xa5, 0xa8, 0xee, 0xee,
275 0x20, 0x80, 0x02, 0x26, 0x70, 0x89, 0xdb, 0xf3, 0x51, 0xf3, 0xf5, 0x02,
276 0x2a, 0xa9, 0x63, 0x8b, 0xf1, 0xee, 0x41, 0x9d, 0xea, 0x9c, 0x4f, 0xf7,
277 0x45, 0xa2, 0x5a, 0xc2, 0x7b, 0xda, 0x33, 0xca, 0x08, 0xbd, 0x56, 0xdd,
278 0x1a, 0x59, 0xb4, 0x10, 0x6c, 0xf2, 0xdb, 0xbc, 0x0a, 0xb2, 0xaa, 0x8e,
279 0x2e, 0xfa, 0x7b, 0x17, 0x90, 0x2d, 0x34, 0x27, 0x69, 0x51, 0xce, 0xcc,
280 0xab, 0x87, 0xf9, 0x66, 0x1c, 0x3e, 0x88, 0x16
283 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
284 (char *)"sha512", sizeof("sha512"));
285 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
286 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, shared,
288 *p = OSSL_PARAM_construct_end();
291 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X963KDF))
292 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
293 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
294 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
296 EVP_KDF_CTX_free(kctx);
300 /* Two test vectors from RFC 8009 (AES Encryption with HMAC-SHA2 for Kerberos
302 static int test_kdf_kbkdf_8009_prf1(void)
306 OSSL_PARAM params[6];
307 char *label = "prf", *digest = "sha256", *prf_input = "test",
309 static unsigned char input_key[] = {
310 0x37, 0x05, 0xD9, 0x60, 0x80, 0xC1, 0x77, 0x28,
311 0xA0, 0xE8, 0x00, 0xEA, 0xB6, 0xE0, 0xD2, 0x3C,
313 static unsigned char output[] = {
314 0x9D, 0x18, 0x86, 0x16, 0xF6, 0x38, 0x52, 0xFE,
315 0x86, 0x91, 0x5B, 0xB8, 0x40, 0xB4, 0xA8, 0x86,
316 0xFF, 0x3E, 0x6B, 0xB0, 0xF8, 0x19, 0xB4, 0x9B,
317 0x89, 0x33, 0x93, 0xD3, 0x93, 0x85, 0x42, 0x95,
319 unsigned char result[sizeof(output)] = { 0 };
321 params[i++] = OSSL_PARAM_construct_utf8_string(
322 OSSL_KDF_PARAM_DIGEST, digest, strlen(digest) + 1);
323 params[i++] = OSSL_PARAM_construct_utf8_string(
324 OSSL_KDF_PARAM_MAC, mac, strlen(mac) + 1);
325 params[i++] = OSSL_PARAM_construct_octet_string(
326 OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
327 params[i++] = OSSL_PARAM_construct_octet_string(
328 OSSL_KDF_PARAM_SALT, label, strlen(label));
329 params[i++] = OSSL_PARAM_construct_octet_string(
330 OSSL_KDF_PARAM_INFO, prf_input, strlen(prf_input));
331 params[i] = OSSL_PARAM_construct_end();
333 kctx = get_kdfbyname("KBKDF");
335 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
336 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0)
337 && TEST_mem_eq(result, sizeof(result), output, sizeof(output));
339 EVP_KDF_CTX_free(kctx);
343 static int test_kdf_kbkdf_8009_prf2(void)
347 OSSL_PARAM params[6];
348 char *label = "prf", *digest = "sha384", *prf_input = "test",
350 static unsigned char input_key[] = {
351 0x6D, 0x40, 0x4D, 0x37, 0xFA, 0xF7, 0x9F, 0x9D,
352 0xF0, 0xD3, 0x35, 0x68, 0xD3, 0x20, 0x66, 0x98,
353 0x00, 0xEB, 0x48, 0x36, 0x47, 0x2E, 0xA8, 0xA0,
354 0x26, 0xD1, 0x6B, 0x71, 0x82, 0x46, 0x0C, 0x52,
356 static unsigned char output[] = {
357 0x98, 0x01, 0xF6, 0x9A, 0x36, 0x8C, 0x2B, 0xF6,
358 0x75, 0xE5, 0x95, 0x21, 0xE1, 0x77, 0xD9, 0xA0,
359 0x7F, 0x67, 0xEF, 0xE1, 0xCF, 0xDE, 0x8D, 0x3C,
360 0x8D, 0x6F, 0x6A, 0x02, 0x56, 0xE3, 0xB1, 0x7D,
361 0xB3, 0xC1, 0xB6, 0x2A, 0xD1, 0xB8, 0x55, 0x33,
362 0x60, 0xD1, 0x73, 0x67, 0xEB, 0x15, 0x14, 0xD2,
364 unsigned char result[sizeof(output)] = { 0 };
366 params[i++] = OSSL_PARAM_construct_utf8_string(
367 OSSL_KDF_PARAM_DIGEST, digest, strlen(digest) + 1);
368 params[i++] = OSSL_PARAM_construct_utf8_string(
369 OSSL_KDF_PARAM_MAC, mac, strlen(mac) + 1);
370 params[i++] = OSSL_PARAM_construct_octet_string(
371 OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
372 params[i++] = OSSL_PARAM_construct_octet_string(
373 OSSL_KDF_PARAM_SALT, label, strlen(label));
374 params[i++] = OSSL_PARAM_construct_octet_string(
375 OSSL_KDF_PARAM_INFO, prf_input, strlen(prf_input));
376 params[i] = OSSL_PARAM_construct_end();
378 kctx = get_kdfbyname("KBKDF");
380 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
381 && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0)
382 && TEST_mem_eq(result, sizeof(result), output, sizeof(output));
384 EVP_KDF_CTX_free(kctx);
388 static int test_kdf_ss_hmac(void)
392 OSSL_PARAM params[6], *p = params;
393 unsigned char out[16];
394 static unsigned char z[] = {
395 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
397 static unsigned char other[] = {
398 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
400 static unsigned char salt[] = {
401 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
404 static const unsigned char expected[sizeof(out)] = {
405 0x44,0xf6,0x76,0xe8,0x5c,0x1b,0x1a,0x8b,0xbc,0x3d,0x31,0x92,0x18,0x63,
409 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
410 (char *)OSSL_MAC_NAME_HMAC,
411 sizeof(OSSL_MAC_NAME_HMAC));
412 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
413 (char *)"sha256", sizeof("sha256"));
414 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
415 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
417 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt,
419 *p = OSSL_PARAM_construct_end();
422 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
423 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
424 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
425 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
427 EVP_KDF_CTX_free(kctx);
431 static int test_kdf_ss_kmac(void)
435 OSSL_PARAM params[6], *p = params;
436 unsigned char out[64];
437 size_t mac_size = 20;
438 static unsigned char z[] = {
439 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
441 static unsigned char other[] = {
442 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
444 static unsigned char salt[] = {
445 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
448 static const unsigned char expected[sizeof(out)] = {
449 0xe9,0xc1,0x84,0x53,0xa0,0x62,0xb5,0x3b,0xdb,0xfc,0xbb,0x5a,0x34,0xbd,
450 0xb8,0xe5,0xe7,0x07,0xee,0xbb,0x5d,0xd1,0x34,0x42,0x43,0xd8,0xcf,0xc2,
451 0xc2,0xe6,0x33,0x2f,0x91,0xbd,0xa5,0x86,0xf3,0x7d,0xe4,0x8a,0x65,0xd4,
452 0xc5,0x14,0xfd,0xef,0xaa,0x1e,0x67,0x54,0xf3,0x73,0xd2,0x38,0xe1,0x95,
453 0xae,0x15,0x7e,0x1d,0xe8,0x14,0x98,0x03
456 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
457 (char *)OSSL_MAC_NAME_KMAC128,
458 sizeof(OSSL_MAC_NAME_KMAC128));
459 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
460 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
462 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt,
464 *p++ = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_MAC_SIZE, &mac_size);
465 *p = OSSL_PARAM_construct_end();
468 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
469 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
470 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
471 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
473 EVP_KDF_CTX_free(kctx);
477 static int test_kdf_sshkdf(void)
481 OSSL_PARAM params[6], *p = params;
482 char kdftype = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV;
483 unsigned char out[8];
484 /* Test data from NIST CAVS 14.1 test vectors */
485 static unsigned char key[] = {
486 0x00, 0x00, 0x00, 0x81, 0x00, 0x87, 0x5c, 0x55, 0x1c, 0xef, 0x52, 0x6a,
487 0x4a, 0x8b, 0xe1, 0xa7, 0xdf, 0x27, 0xe9, 0xed, 0x35, 0x4b, 0xac, 0x9a,
488 0xfb, 0x71, 0xf5, 0x3d, 0xba, 0xe9, 0x05, 0x67, 0x9d, 0x14, 0xf9, 0xfa,
489 0xf2, 0x46, 0x9c, 0x53, 0x45, 0x7c, 0xf8, 0x0a, 0x36, 0x6b, 0xe2, 0x78,
490 0x96, 0x5b, 0xa6, 0x25, 0x52, 0x76, 0xca, 0x2d, 0x9f, 0x4a, 0x97, 0xd2,
491 0x71, 0xf7, 0x1e, 0x50, 0xd8, 0xa9, 0xec, 0x46, 0x25, 0x3a, 0x6a, 0x90,
492 0x6a, 0xc2, 0xc5, 0xe4, 0xf4, 0x8b, 0x27, 0xa6, 0x3c, 0xe0, 0x8d, 0x80,
493 0x39, 0x0a, 0x49, 0x2a, 0xa4, 0x3b, 0xad, 0x9d, 0x88, 0x2c, 0xca, 0xc2,
494 0x3d, 0xac, 0x88, 0xbc, 0xad, 0xa4, 0xb4, 0xd4, 0x26, 0xa3, 0x62, 0x08,
495 0x3d, 0xab, 0x65, 0x69, 0xc5, 0x4c, 0x22, 0x4d, 0xd2, 0xd8, 0x76, 0x43,
496 0xaa, 0x22, 0x76, 0x93, 0xe1, 0x41, 0xad, 0x16, 0x30, 0xce, 0x13, 0x14,
499 static unsigned char xcghash[] = {
500 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
501 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
502 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
504 static unsigned char sessid[] = {
505 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
506 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
507 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
509 static const unsigned char expected[sizeof(out)] = {
510 0x41, 0xff, 0x2e, 0xad, 0x16, 0x83, 0xf1, 0xe6
513 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
514 (char *)"sha256", sizeof("sha256"));
515 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key,
517 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_XCGHASH,
518 xcghash, sizeof(xcghash));
519 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_SESSION_ID,
520 sessid, sizeof(sessid));
521 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE,
522 &kdftype, sizeof(kdftype));
523 *p = OSSL_PARAM_construct_end();
526 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSHKDF))
527 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
528 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
529 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
531 EVP_KDF_CTX_free(kctx);
535 static int test_kdf_get_kdf(void)
537 EVP_KDF *kdf1 = NULL, *kdf2 = NULL;
541 if (!TEST_ptr(obj = OBJ_nid2obj(NID_id_pbkdf2))
542 || !TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_PBKDF2, NULL))
543 || !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(OBJ_obj2nid(obj)),
545 || !TEST_ptr_eq(kdf1, kdf2))
552 if (!TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, SN_tls1_prf, NULL))
553 || !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, LN_tls1_prf, NULL))
554 || !TEST_ptr_eq(kdf1, kdf2))
556 /* kdf1 is re-used below, so don't free it here */
560 if (!TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(NID_tls1_prf), NULL))
561 || !TEST_ptr_eq(kdf1, kdf2))
571 #ifndef OPENSSL_NO_CMS
572 static int test_kdf_x942_asn1(void)
575 EVP_KDF_CTX *kctx = NULL;
576 OSSL_PARAM params[4], *p = params;
577 const char *cek_alg = SN_id_smime_alg_CMS3DESwrap;
578 unsigned char out[24];
579 /* RFC2631 Section 2.1.6 Test data */
580 static unsigned char z[] = {
581 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,
582 0x0e,0x0f,0x10,0x11,0x12,0x13
584 static const unsigned char expected[sizeof(out)] = {
585 0xa0,0x96,0x61,0x39,0x23,0x76,0xf7,0x04,
586 0x4d,0x90,0x52,0xa3,0x97,0x88,0x32,0x46,
587 0xb6,0x7f,0x5f,0x1e,0xf6,0x3e,0xb5,0xfb
590 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
591 (char *)"sha1", sizeof("sha1"));
592 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z,
594 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG,
596 strlen(cek_alg) + 1);
597 *p = OSSL_PARAM_construct_end();
600 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X942KDF))
601 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
602 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
603 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
605 EVP_KDF_CTX_free(kctx);
608 #endif /* OPENSSL_NO_CMS */
610 int setup_tests(void)
612 ADD_TEST(test_kdf_kbkdf_8009_prf1);
613 ADD_TEST(test_kdf_kbkdf_8009_prf2);
614 ADD_TEST(test_kdf_get_kdf);
615 ADD_TEST(test_kdf_tls1_prf);
616 ADD_TEST(test_kdf_hkdf);
617 ADD_TEST(test_kdf_pbkdf2);
618 #ifndef OPENSSL_NO_SCRYPT
619 ADD_TEST(test_kdf_scrypt);
621 ADD_TEST(test_kdf_ss_hash);
622 ADD_TEST(test_kdf_ss_hmac);
623 ADD_TEST(test_kdf_ss_kmac);
624 ADD_TEST(test_kdf_sshkdf);
625 ADD_TEST(test_kdf_x963);
626 #ifndef OPENSSL_NO_CMS
627 ADD_TEST(test_kdf_x942_asn1);