2 * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved.
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
11 /* Tests of the EVP_KDF_CTX APIs */
16 #include <openssl/evp.h>
17 #include <openssl/kdf.h>
18 #include <openssl/core_names.h>
21 static EVP_KDF_CTX *get_kdfbyname(const char *name)
23 EVP_KDF *kdf = EVP_KDF_fetch(NULL, name, NULL);
24 EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
30 static int test_kdf_tls1_prf(void)
33 EVP_KDF_CTX *kctx = NULL;
34 unsigned char out[16];
35 OSSL_PARAM params[4], *p = params;
36 static const unsigned char expected[sizeof(out)] = {
37 0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0,
38 0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc
41 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
42 (char *)"sha256", sizeof("sha256"));
43 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
44 (unsigned char *)"secret",
46 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
47 (unsigned char *)"seed",
49 *p = OSSL_PARAM_construct_end();
52 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
53 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
54 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
55 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
57 EVP_KDF_CTX_free(kctx);
61 static int test_kdf_hkdf(void)
65 unsigned char out[10];
66 OSSL_PARAM params[5], *p = params;
67 static const unsigned char expected[sizeof(out)] = {
68 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13
71 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
72 (char *)"sha256", sizeof("sha256"));
73 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
74 (unsigned char *)"salt", 4);
75 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
76 (unsigned char *)"secret", 6);
77 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
78 (unsigned char *)"label", 5);
79 *p = OSSL_PARAM_construct_end();
82 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
83 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
84 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
85 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
87 EVP_KDF_CTX_free(kctx);
91 static int test_kdf_pbkdf2(void)
95 unsigned char out[25];
97 unsigned int iterations = 4096;
99 OSSL_PARAM params[6], *p = params;
100 const unsigned char expected[sizeof(out)] = {
101 0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f,
102 0x32, 0xd8, 0x14, 0xb8, 0x11, 0x6e, 0x84, 0xcf,
103 0x2b, 0x17, 0x34, 0x7e, 0xbc, 0x18, 0x00, 0x18,
107 if (sizeof(len) > 32)
110 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
112 "passwordPASSWORDpassword", 24);
113 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
115 "saltSALTsaltSALTsaltSALTsaltSALTsalt",
117 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_ITER, &iterations);
118 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
119 (char *)"sha256", 7);
120 *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &mode);
121 *p = OSSL_PARAM_construct_end();
123 if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
124 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
125 || !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
126 || !TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))
127 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
128 /* A key length that is too small should fail */
129 || !TEST_int_eq(EVP_KDF_derive(kctx, out, 112 / 8 - 1), 0)
130 /* A key length that is too large should fail */
131 || (len != 0 && !TEST_int_eq(EVP_KDF_derive(kctx, out, len), 0)))
135 /* Salt length less than 128 bits should fail */
136 || TEST_int_eq(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT,
139 /* A small iteration count should fail */
140 || TEST_int_eq(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 1), 0)
141 || TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE,
143 /* Small salts will pass if the "pkcs5" mode is enabled */
144 || TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT,
147 /* A small iteration count will pass if "pkcs5" mode is enabled */
148 || TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 1), 0)
150 * If the "pkcs5" mode is disabled then the small salt and iter will
151 * fail when the derive gets called.
153 || TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE,
155 || TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out)), 0);
159 EVP_KDF_CTX_free(kctx);
163 #ifndef OPENSSL_NO_SCRYPT
164 static int test_kdf_scrypt(void)
168 OSSL_PARAM params[7], *p = params;
169 unsigned char out[64];
170 unsigned int nu = 1024, ru = 8, pu = 16, maxmem = 16;
171 static const unsigned char expected[sizeof(out)] = {
172 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
173 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
174 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
175 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
176 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
177 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
178 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
179 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
182 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
183 (char *)"password", 8);
184 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
186 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_N, &nu);
187 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_R, &ru);
188 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_P, &pu);
189 *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_MAXMEM, &maxmem);
190 *p = OSSL_PARAM_construct_end();
193 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SCRYPT))
194 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
196 && TEST_int_le(EVP_KDF_derive(kctx, out, sizeof(out)), 0)*/
197 && TEST_true(OSSL_PARAM_set_uint(p - 1, 10 * 1024 * 1024))
198 && TEST_true(EVP_KDF_CTX_set_params(kctx, p - 1))
199 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
200 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
202 EVP_KDF_CTX_free(kctx);
205 #endif /* OPENSSL_NO_SCRYPT */
207 static int test_kdf_ss_hash(void)
211 OSSL_PARAM params[4], *p = params;
212 unsigned char out[14];
213 static unsigned char z[] = {
214 0x6d,0xbd,0xc2,0x3f,0x04,0x54,0x88,0xe4,0x06,0x27,0x57,0xb0,0x6b,0x9e,
215 0xba,0xe1,0x83,0xfc,0x5a,0x59,0x46,0xd8,0x0d,0xb9,0x3f,0xec,0x6f,0x62,
216 0xec,0x07,0xe3,0x72,0x7f,0x01,0x26,0xae,0xd1,0x2c,0xe4,0xb2,0x62,0xf4,
217 0x7d,0x48,0xd5,0x42,0x87,0xf8,0x1d,0x47,0x4c,0x7c,0x3b,0x18,0x50,0xe9
219 static unsigned char other[] = {
220 0xa1,0xb2,0xc3,0xd4,0xe5,0x43,0x41,0x56,0x53,0x69,0x64,0x3c,0x83,0x2e,
221 0x98,0x49,0xdc,0xdb,0xa7,0x1e,0x9a,0x31,0x39,0xe6,0x06,0xe0,0x95,0xde,
222 0x3c,0x26,0x4a,0x66,0xe9,0x8a,0x16,0x58,0x54,0xcd,0x07,0x98,0x9b,0x1e,
223 0xe0,0xec,0x3f,0x8d,0xbe
225 static const unsigned char expected[sizeof(out)] = {
226 0xa4,0x62,0xde,0x16,0xa8,0x9d,0xe8,0x46,0x6e,0xf5,0x46,0x0b,0x47,0xb8
229 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
230 (char *)"sha224", sizeof("sha224"));
231 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
232 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
234 *p = OSSL_PARAM_construct_end();
237 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
238 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
239 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
240 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
242 EVP_KDF_CTX_free(kctx);
246 static int test_kdf_x963(void)
250 OSSL_PARAM params[4], *p = params;
251 unsigned char out[1024 / 8];
253 * Test data from https://csrc.nist.gov/CSRC/media/Projects/
254 * Cryptographic-Algorithm-Validation-Program/documents/components/
255 * 800-135testvectors/ansx963_2001.zip
257 static unsigned char z[] = {
258 0x00, 0xaa, 0x5b, 0xb7, 0x9b, 0x33, 0xe3, 0x89, 0xfa, 0x58, 0xce, 0xad,
259 0xc0, 0x47, 0x19, 0x7f, 0x14, 0xe7, 0x37, 0x12, 0xf4, 0x52, 0xca, 0xa9,
260 0xfc, 0x4c, 0x9a, 0xdb, 0x36, 0x93, 0x48, 0xb8, 0x15, 0x07, 0x39, 0x2f,
261 0x1a, 0x86, 0xdd, 0xfd, 0xb7, 0xc4, 0xff, 0x82, 0x31, 0xc4, 0xbd, 0x0f,
262 0x44, 0xe4, 0x4a, 0x1b, 0x55, 0xb1, 0x40, 0x47, 0x47, 0xa9, 0xe2, 0xe7,
263 0x53, 0xf5, 0x5e, 0xf0, 0x5a, 0x2d
265 static unsigned char shared[] = {
266 0xe3, 0xb5, 0xb4, 0xc1, 0xb0, 0xd5, 0xcf, 0x1d, 0x2b, 0x3a, 0x2f, 0x99,
267 0x37, 0x89, 0x5d, 0x31
269 static const unsigned char expected[sizeof(out)] = {
270 0x44, 0x63, 0xf8, 0x69, 0xf3, 0xcc, 0x18, 0x76, 0x9b, 0x52, 0x26, 0x4b,
271 0x01, 0x12, 0xb5, 0x85, 0x8f, 0x7a, 0xd3, 0x2a, 0x5a, 0x2d, 0x96, 0xd8,
272 0xcf, 0xfa, 0xbf, 0x7f, 0xa7, 0x33, 0x63, 0x3d, 0x6e, 0x4d, 0xd2, 0xa5,
273 0x99, 0xac, 0xce, 0xb3, 0xea, 0x54, 0xa6, 0x21, 0x7c, 0xe0, 0xb5, 0x0e,
274 0xef, 0x4f, 0x6b, 0x40, 0xa5, 0xc3, 0x02, 0x50, 0xa5, 0xa8, 0xee, 0xee,
275 0x20, 0x80, 0x02, 0x26, 0x70, 0x89, 0xdb, 0xf3, 0x51, 0xf3, 0xf5, 0x02,
276 0x2a, 0xa9, 0x63, 0x8b, 0xf1, 0xee, 0x41, 0x9d, 0xea, 0x9c, 0x4f, 0xf7,
277 0x45, 0xa2, 0x5a, 0xc2, 0x7b, 0xda, 0x33, 0xca, 0x08, 0xbd, 0x56, 0xdd,
278 0x1a, 0x59, 0xb4, 0x10, 0x6c, 0xf2, 0xdb, 0xbc, 0x0a, 0xb2, 0xaa, 0x8e,
279 0x2e, 0xfa, 0x7b, 0x17, 0x90, 0x2d, 0x34, 0x27, 0x69, 0x51, 0xce, 0xcc,
280 0xab, 0x87, 0xf9, 0x66, 0x1c, 0x3e, 0x88, 0x16
283 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
284 (char *)"sha512", sizeof("sha512"));
285 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
286 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, shared,
288 *p = OSSL_PARAM_construct_end();
291 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X963KDF))
292 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
293 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
294 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
296 EVP_KDF_CTX_free(kctx);
300 static int test_kdf_ss_hmac(void)
304 OSSL_PARAM params[6], *p = params;
305 unsigned char out[16];
306 static unsigned char z[] = {
307 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
309 static unsigned char other[] = {
310 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
312 static unsigned char salt[] = {
313 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
316 static const unsigned char expected[sizeof(out)] = {
317 0x44,0xf6,0x76,0xe8,0x5c,0x1b,0x1a,0x8b,0xbc,0x3d,0x31,0x92,0x18,0x63,
321 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
322 (char *)OSSL_MAC_NAME_HMAC,
323 sizeof(OSSL_MAC_NAME_HMAC));
324 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
325 (char *)"sha256", sizeof("sha256"));
326 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
327 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
329 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt,
331 *p = OSSL_PARAM_construct_end();
334 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
335 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
336 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
337 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
339 EVP_KDF_CTX_free(kctx);
343 static int test_kdf_ss_kmac(void)
347 OSSL_PARAM params[6], *p = params;
348 unsigned char out[64];
349 size_t mac_size = 20;
350 static unsigned char z[] = {
351 0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
353 static unsigned char other[] = {
354 0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
356 static unsigned char salt[] = {
357 0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
360 static const unsigned char expected[sizeof(out)] = {
361 0xe9,0xc1,0x84,0x53,0xa0,0x62,0xb5,0x3b,0xdb,0xfc,0xbb,0x5a,0x34,0xbd,
362 0xb8,0xe5,0xe7,0x07,0xee,0xbb,0x5d,0xd1,0x34,0x42,0x43,0xd8,0xcf,0xc2,
363 0xc2,0xe6,0x33,0x2f,0x91,0xbd,0xa5,0x86,0xf3,0x7d,0xe4,0x8a,0x65,0xd4,
364 0xc5,0x14,0xfd,0xef,0xaa,0x1e,0x67,0x54,0xf3,0x73,0xd2,0x38,0xe1,0x95,
365 0xae,0x15,0x7e,0x1d,0xe8,0x14,0x98,0x03
368 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
369 (char *)OSSL_MAC_NAME_KMAC128,
370 sizeof(OSSL_MAC_NAME_KMAC128));
371 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
372 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
374 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt,
376 *p++ = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_MAC_SIZE, &mac_size);
377 *p = OSSL_PARAM_construct_end();
380 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
381 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
382 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
383 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
385 EVP_KDF_CTX_free(kctx);
389 static int test_kdf_sshkdf(void)
393 OSSL_PARAM params[6], *p = params;
394 char kdftype = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV;
395 unsigned char out[8];
396 /* Test data from NIST CAVS 14.1 test vectors */
397 static unsigned char key[] = {
398 0x00, 0x00, 0x00, 0x81, 0x00, 0x87, 0x5c, 0x55, 0x1c, 0xef, 0x52, 0x6a,
399 0x4a, 0x8b, 0xe1, 0xa7, 0xdf, 0x27, 0xe9, 0xed, 0x35, 0x4b, 0xac, 0x9a,
400 0xfb, 0x71, 0xf5, 0x3d, 0xba, 0xe9, 0x05, 0x67, 0x9d, 0x14, 0xf9, 0xfa,
401 0xf2, 0x46, 0x9c, 0x53, 0x45, 0x7c, 0xf8, 0x0a, 0x36, 0x6b, 0xe2, 0x78,
402 0x96, 0x5b, 0xa6, 0x25, 0x52, 0x76, 0xca, 0x2d, 0x9f, 0x4a, 0x97, 0xd2,
403 0x71, 0xf7, 0x1e, 0x50, 0xd8, 0xa9, 0xec, 0x46, 0x25, 0x3a, 0x6a, 0x90,
404 0x6a, 0xc2, 0xc5, 0xe4, 0xf4, 0x8b, 0x27, 0xa6, 0x3c, 0xe0, 0x8d, 0x80,
405 0x39, 0x0a, 0x49, 0x2a, 0xa4, 0x3b, 0xad, 0x9d, 0x88, 0x2c, 0xca, 0xc2,
406 0x3d, 0xac, 0x88, 0xbc, 0xad, 0xa4, 0xb4, 0xd4, 0x26, 0xa3, 0x62, 0x08,
407 0x3d, 0xab, 0x65, 0x69, 0xc5, 0x4c, 0x22, 0x4d, 0xd2, 0xd8, 0x76, 0x43,
408 0xaa, 0x22, 0x76, 0x93, 0xe1, 0x41, 0xad, 0x16, 0x30, 0xce, 0x13, 0x14,
411 static unsigned char xcghash[] = {
412 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
413 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
414 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
416 static unsigned char sessid[] = {
417 0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
418 0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
419 0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
421 static const unsigned char expected[sizeof(out)] = {
422 0x41, 0xff, 0x2e, 0xad, 0x16, 0x83, 0xf1, 0xe6
425 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
426 (char *)"sha256", sizeof("sha256"));
427 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key,
429 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_XCGHASH,
430 xcghash, sizeof(xcghash));
431 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_SESSION_ID,
432 sessid, sizeof(sessid));
433 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE,
434 &kdftype, sizeof(kdftype));
435 *p = OSSL_PARAM_construct_end();
438 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSHKDF))
439 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
440 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
441 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
443 EVP_KDF_CTX_free(kctx);
447 static int test_kdf_get_kdf(void)
449 EVP_KDF *kdf1 = NULL, *kdf2 = NULL;
453 if (!TEST_ptr(obj = OBJ_nid2obj(NID_id_pbkdf2))
454 || !TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_PBKDF2, NULL))
455 || !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(OBJ_obj2nid(obj)),
457 || !TEST_ptr_eq(kdf1, kdf2))
464 if (!TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, SN_tls1_prf, NULL))
465 || !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, LN_tls1_prf, NULL))
466 || !TEST_ptr_eq(kdf1, kdf2))
468 /* kdf1 is re-used below, so don't free it here */
472 if (!TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(NID_tls1_prf), NULL))
473 || !TEST_ptr_eq(kdf1, kdf2))
483 #ifndef OPENSSL_NO_CMS
484 static int test_kdf_x942_asn1(void)
487 EVP_KDF_CTX *kctx = NULL;
488 OSSL_PARAM params[4], *p = params;
489 const char *cek_alg = SN_id_smime_alg_CMS3DESwrap;
490 unsigned char out[24];
491 /* RFC2631 Section 2.1.6 Test data */
492 static unsigned char z[] = {
493 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,
494 0x0e,0x0f,0x10,0x11,0x12,0x13
496 static const unsigned char expected[sizeof(out)] = {
497 0xa0,0x96,0x61,0x39,0x23,0x76,0xf7,0x04,
498 0x4d,0x90,0x52,0xa3,0x97,0x88,0x32,0x46,
499 0xb6,0x7f,0x5f,0x1e,0xf6,0x3e,0xb5,0xfb
502 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
503 (char *)"sha1", sizeof("sha1"));
504 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z,
506 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG,
508 strlen(cek_alg) + 1);
509 *p = OSSL_PARAM_construct_end();
512 TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X942KDF))
513 && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
514 && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
515 && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
517 EVP_KDF_CTX_free(kctx);
520 #endif /* OPENSSL_NO_CMS */
522 int setup_tests(void)
524 ADD_TEST(test_kdf_get_kdf);
525 ADD_TEST(test_kdf_tls1_prf);
526 ADD_TEST(test_kdf_hkdf);
527 ADD_TEST(test_kdf_pbkdf2);
528 #ifndef OPENSSL_NO_SCRYPT
529 ADD_TEST(test_kdf_scrypt);
531 ADD_TEST(test_kdf_ss_hash);
532 ADD_TEST(test_kdf_ss_hmac);
533 ADD_TEST(test_kdf_ss_kmac);
534 ADD_TEST(test_kdf_sshkdf);
535 ADD_TEST(test_kdf_x963);
536 #ifndef OPENSSL_NO_CMS
537 ADD_TEST(test_kdf_x942_asn1);