pkey_meth_kdf_test.c 6.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235
  1. /*
  2. * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /* Tests of the EVP_PKEY_CTX_set_* macro family */
  10. #include <stdio.h>
  11. #include <string.h>
  12. #include <openssl/evp.h>
  13. #include <openssl/kdf.h>
  14. #include "testutil.h"
  15. static int test_kdf_tls1_prf(int index)
  16. {
  17. int ret = 0;
  18. EVP_PKEY_CTX *pctx;
  19. unsigned char out[16];
  20. size_t outlen = sizeof(out);
  21. if ((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL)) == NULL) {
  22. TEST_error("EVP_PKEY_TLS1_PRF");
  23. goto err;
  24. }
  25. if (EVP_PKEY_derive_init(pctx) <= 0) {
  26. TEST_error("EVP_PKEY_derive_init");
  27. goto err;
  28. }
  29. if (EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_sha256()) <= 0) {
  30. TEST_error("EVP_PKEY_CTX_set_tls1_prf_md");
  31. goto err;
  32. }
  33. if (EVP_PKEY_CTX_set1_tls1_prf_secret(pctx,
  34. (unsigned char *)"secret", 6) <= 0) {
  35. TEST_error("EVP_PKEY_CTX_set1_tls1_prf_secret");
  36. goto err;
  37. }
  38. if (index == 0) {
  39. if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx,
  40. (unsigned char *)"seed", 4) <= 0) {
  41. TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed");
  42. goto err;
  43. }
  44. } else {
  45. if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx,
  46. (unsigned char *)"se", 2) <= 0) {
  47. TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed");
  48. goto err;
  49. }
  50. if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx,
  51. (unsigned char *)"ed", 2) <= 0) {
  52. TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed");
  53. goto err;
  54. }
  55. }
  56. if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) {
  57. TEST_error("EVP_PKEY_derive");
  58. goto err;
  59. }
  60. {
  61. const unsigned char expected[sizeof(out)] = {
  62. 0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0,
  63. 0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc
  64. };
  65. if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) {
  66. goto err;
  67. }
  68. }
  69. ret = 1;
  70. err:
  71. EVP_PKEY_CTX_free(pctx);
  72. return ret;
  73. }
  74. static int test_kdf_hkdf(int index)
  75. {
  76. int ret = 0;
  77. EVP_PKEY_CTX *pctx;
  78. unsigned char out[10];
  79. size_t outlen = sizeof(out);
  80. if ((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)) == NULL) {
  81. TEST_error("EVP_PKEY_HKDF");
  82. goto err;
  83. }
  84. if (EVP_PKEY_derive_init(pctx) <= 0) {
  85. TEST_error("EVP_PKEY_derive_init");
  86. goto err;
  87. }
  88. if (EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()) <= 0) {
  89. TEST_error("EVP_PKEY_CTX_set_hkdf_md");
  90. goto err;
  91. }
  92. if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, (const unsigned char *)"salt", 4)
  93. <= 0) {
  94. TEST_error("EVP_PKEY_CTX_set1_hkdf_salt");
  95. goto err;
  96. }
  97. if (EVP_PKEY_CTX_set1_hkdf_key(pctx, (const unsigned char *)"secret", 6)
  98. <= 0) {
  99. TEST_error("EVP_PKEY_CTX_set1_hkdf_key");
  100. goto err;
  101. }
  102. if (index == 0) {
  103. if (EVP_PKEY_CTX_add1_hkdf_info(pctx, (const unsigned char *)"label", 5)
  104. <= 0) {
  105. TEST_error("EVP_PKEY_CTX_add1_hkdf_info");
  106. goto err;
  107. }
  108. } else {
  109. if (EVP_PKEY_CTX_add1_hkdf_info(pctx, (const unsigned char *)"lab", 3)
  110. <= 0) {
  111. TEST_error("EVP_PKEY_CTX_add1_hkdf_info");
  112. goto err;
  113. }
  114. if (EVP_PKEY_CTX_add1_hkdf_info(pctx, (const unsigned char *)"el", 2)
  115. <= 0) {
  116. TEST_error("EVP_PKEY_CTX_add1_hkdf_info");
  117. goto err;
  118. }
  119. }
  120. if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) {
  121. TEST_error("EVP_PKEY_derive");
  122. goto err;
  123. }
  124. {
  125. const unsigned char expected[sizeof(out)] = {
  126. 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13
  127. };
  128. if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) {
  129. goto err;
  130. }
  131. }
  132. ret = 1;
  133. err:
  134. EVP_PKEY_CTX_free(pctx);
  135. return ret;
  136. }
  137. #ifndef OPENSSL_NO_SCRYPT
  138. static int test_kdf_scrypt(void)
  139. {
  140. int ret = 0;
  141. EVP_PKEY_CTX *pctx;
  142. unsigned char out[64];
  143. size_t outlen = sizeof(out);
  144. if ((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, NULL)) == NULL) {
  145. TEST_error("EVP_PKEY_SCRYPT");
  146. goto err;
  147. }
  148. if (EVP_PKEY_derive_init(pctx) <= 0) {
  149. TEST_error("EVP_PKEY_derive_init");
  150. goto err;
  151. }
  152. if (EVP_PKEY_CTX_set1_pbe_pass(pctx, "password", 8) <= 0) {
  153. TEST_error("EVP_PKEY_CTX_set1_pbe_pass");
  154. goto err;
  155. }
  156. if (EVP_PKEY_CTX_set1_scrypt_salt(pctx, (unsigned char *)"NaCl", 4) <= 0) {
  157. TEST_error("EVP_PKEY_CTX_set1_scrypt_salt");
  158. goto err;
  159. }
  160. if (EVP_PKEY_CTX_set_scrypt_N(pctx, 1024) <= 0) {
  161. TEST_error("EVP_PKEY_CTX_set_scrypt_N");
  162. goto err;
  163. }
  164. if (EVP_PKEY_CTX_set_scrypt_r(pctx, 8) <= 0) {
  165. TEST_error("EVP_PKEY_CTX_set_scrypt_r");
  166. goto err;
  167. }
  168. if (EVP_PKEY_CTX_set_scrypt_p(pctx, 16) <= 0) {
  169. TEST_error("EVP_PKEY_CTX_set_scrypt_p");
  170. goto err;
  171. }
  172. if (EVP_PKEY_CTX_set_scrypt_maxmem_bytes(pctx, 16) <= 0) {
  173. TEST_error("EVP_PKEY_CTX_set_maxmem_bytes");
  174. goto err;
  175. }
  176. if (EVP_PKEY_derive(pctx, out, &outlen) > 0) {
  177. TEST_error("EVP_PKEY_derive should have failed");
  178. goto err;
  179. }
  180. if (EVP_PKEY_CTX_set_scrypt_maxmem_bytes(pctx, 10 * 1024 * 1024) <= 0) {
  181. TEST_error("EVP_PKEY_CTX_set_maxmem_bytes");
  182. goto err;
  183. }
  184. if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) {
  185. TEST_error("EVP_PKEY_derive");
  186. goto err;
  187. }
  188. {
  189. const unsigned char expected[sizeof(out)] = {
  190. 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
  191. 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
  192. 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
  193. 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
  194. 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
  195. 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
  196. 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
  197. 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
  198. };
  199. if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) {
  200. goto err;
  201. }
  202. }
  203. ret = 1;
  204. err:
  205. EVP_PKEY_CTX_free(pctx);
  206. return ret;
  207. }
  208. #endif
  209. int setup_tests(void)
  210. {
  211. int tests = 1;
  212. if (fips_provider_version_ge(NULL, 3, 3, 1))
  213. tests = 2;
  214. ADD_ALL_TESTS(test_kdf_tls1_prf, tests);
  215. ADD_ALL_TESTS(test_kdf_hkdf, tests);
  216. #ifndef OPENSSL_NO_SCRYPT
  217. ADD_TEST(test_kdf_scrypt);
  218. #endif
  219. return 1;
  220. }