evp_kdf_test.c

Last change on this file was 109052, checked in by vboxsync, 4 weeks ago
openssl-3.4.1: Applied our changes, regenerated files, added missing files and functions. This time with a three way merge. bugref:10890
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 73.5 KB

Line
1	/*
2	* Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved.
3	* Copyright (c) 2018-2020, Oracle and/or its affiliates. All rights reserved.
4	*
5	* Licensed under the Apache License 2.0 (the "License"). You may not use
6	* this file except in compliance with the License. You can obtain a copy
7	* in the file LICENSE in the source distribution or at
8	* https://www.openssl.org/source/license.html
9	*/
10
11	/* Tests of the EVP_KDF_CTX APIs */
12
13	#include <stdio.h>
14	#include <string.h>
15
16	#include <openssl/evp.h>
17	#include <openssl/kdf.h>
18	#include <openssl/core_names.h>
19	#include "internal/numbers.h"
20	#include "testutil.h"
21
22
23	static EVP_KDF_CTX get_kdfbyname_libctx(OSSL_LIB_CTX libctx, const char *name)
24	{
25	EVP_KDF *kdf = EVP_KDF_fetch(libctx, name, NULL);
26	EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
27
28	EVP_KDF_free(kdf);
29	return kctx;
30	}
31
32	static EVP_KDF_CTX get_kdfbyname(const char name)
33	{
34	return get_kdfbyname_libctx(NULL, name);
35	}
36
37	static OSSL_PARAM construct_tls1_prf_params(const char digest, const char *secret,
38	const char *seed)
39	{
40	OSSL_PARAM params = OPENSSL_malloc(sizeof(OSSL_PARAM) 4);
41	OSSL_PARAM *p = params;
42
43	if (params == NULL)
44	return NULL;
45
46	*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
47	(char *)digest, 0);
48	*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
49	(unsigned char *)secret,
50	strlen(secret));
51	*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
52	(unsigned char *)seed,
53	strlen(seed));
54	*p = OSSL_PARAM_construct_end();
55
56	return params;
57	}
58
59	static int test_kdf_tls1_prf(void)
60	{
61	int ret;
62	EVP_KDF_CTX *kctx = NULL;
63	unsigned char out[16];
64	OSSL_PARAM *params;
65	static const unsigned char expected[sizeof(out)] = {
66	0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0,
67	0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc
68	};
69
70	params = construct_tls1_prf_params("sha256", "secret", "seed");
71
72	ret = TEST_ptr(params)
73	&& TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
74	&& TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
75	&& TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
76
77	EVP_KDF_CTX_free(kctx);
78	OPENSSL_free(params);
79	return ret;
80	}
81
82	static int test_kdf_tls1_prf_invalid_digest(void)
83	{
84	int ret;
85	EVP_KDF_CTX *kctx = NULL;
86	OSSL_PARAM *params;
87
88	params = construct_tls1_prf_params("blah", "secret", "seed");
89
90	ret = TEST_ptr(params)
91	&& TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
92	&& TEST_false(EVP_KDF_CTX_set_params(kctx, params));
93
94	EVP_KDF_CTX_free(kctx);
95	OPENSSL_free(params);
96	return ret;
97	}
98
99	static int test_kdf_tls1_prf_zero_output_size(void)
100	{
101	int ret;
102	EVP_KDF_CTX *kctx = NULL;
103	unsigned char out[16];
104	OSSL_PARAM *params;
105
106	params = construct_tls1_prf_params("sha256", "secret", "seed");
107
108	/* Negative test - derive should fail */
109	ret = TEST_ptr(params)
110	&& TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
111	&& TEST_true(EVP_KDF_CTX_set_params(kctx, params))
112	&& TEST_int_eq(EVP_KDF_derive(kctx, out, 0, NULL), 0);
113
114	EVP_KDF_CTX_free(kctx);
115	OPENSSL_free(params);
116	return ret;
117	}
118
119	static int test_kdf_tls1_prf_empty_secret(void)
120	{
121	int ret;
122	EVP_KDF_CTX *kctx = NULL;
123	unsigned char out[16];
124	OSSL_PARAM *params;
125
126	params = construct_tls1_prf_params("sha256", "", "seed");
127
128	ret = TEST_ptr(params)
129	&& TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
130	&& TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
131
132	EVP_KDF_CTX_free(kctx);
133	OPENSSL_free(params);
134	return ret;
135	}
136
137	static int test_kdf_tls1_prf_1byte_secret(void)
138	{
139	int ret;
140	EVP_KDF_CTX *kctx = NULL;
141	unsigned char out[16];
142	OSSL_PARAM *params;
143
144	params = construct_tls1_prf_params("sha256", "1", "seed");
145
146	ret = TEST_ptr(params)
147	&& TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
148	&& TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
149
150	EVP_KDF_CTX_free(kctx);
151	OPENSSL_free(params);
152	return ret;
153	}
154
155	static int test_kdf_tls1_prf_empty_seed(void)
156	{
157	int ret;
158	EVP_KDF_CTX *kctx = NULL;
159	unsigned char out[16];
160	OSSL_PARAM *params;
161
162	params = construct_tls1_prf_params("sha256", "secret", "");
163
164	/* Negative test - derive should fail */
165	ret = TEST_ptr(params)
166	&& TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
167	&& TEST_true(EVP_KDF_CTX_set_params(kctx, params))
168	&& TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0);
169
170	EVP_KDF_CTX_free(kctx);
171	OPENSSL_free(params);
172	return ret;
173	}
174
175	static int test_kdf_tls1_prf_1byte_seed(void)
176	{
177	int ret;
178	EVP_KDF_CTX *kctx = NULL;
179	unsigned char out[16];
180	OSSL_PARAM *params;
181
182	params = construct_tls1_prf_params("sha256", "secret", "1");
183
184	ret = TEST_ptr(params)
185	&& TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_TLS1_PRF))
186	&& TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
187
188	EVP_KDF_CTX_free(kctx);
189	OPENSSL_free(params);
190	return ret;
191	}
192
193	static OSSL_PARAM construct_hkdf_params(char digest, char *key,
194	size_t keylen, char salt, char info)
195	{
196	OSSL_PARAM params = OPENSSL_malloc(sizeof(OSSL_PARAM) 5);
197	OSSL_PARAM *p = params;
198
199	if (params == NULL)
200	return NULL;
201
202	if (digest != NULL)
203	*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
204	digest, 0);
205	*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
206	salt, strlen(salt));
207	*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
208	(unsigned char *)key, keylen);
209	if (info != NULL)
210	*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
211	info, strlen(info));
212	else
213	*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE,
214	"EXTRACT_ONLY", 0);
215	*p = OSSL_PARAM_construct_end();
216
217	return params;
218	}
219
220	static int test_kdf_hkdf(void)
221	{
222	int ret;
223	EVP_KDF_CTX *kctx = NULL;
224	unsigned char out[10];
225	OSSL_PARAM *params;
226	static const unsigned char expected[sizeof(out)] = {
227	0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13
228	};
229
230	params = construct_hkdf_params("sha256", "secret", 6, "salt", "label");
231
232	ret = TEST_ptr(params)
233	&& TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
234	&& TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
235	&& TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
236
237	EVP_KDF_CTX_free(kctx);
238	OPENSSL_free(params);
239	return ret;
240	}
241
242	static int do_kdf_hkdf_gettables(int expand_only, int has_digest)
243	{
244	int ret = 0;
245	size_t sz = 0;
246	OSSL_PARAM *params;
247	OSSL_PARAM params_get[2];
248	const OSSL_PARAM gettables, p;
249	EVP_KDF_CTX *kctx = NULL;
250
251	if (!TEST_ptr(params = construct_hkdf_params(
252	has_digest ? "sha256" : NULL,
253	"secret", 6, "salt",
254	expand_only ? NULL : "label"))
255	\|\| !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
256	\|\| !TEST_true(EVP_KDF_CTX_set_params(kctx, params)))
257	goto err;
258
259	/* Check OSSL_KDF_PARAM_SIZE is gettable */
260	if (!TEST_ptr(gettables = EVP_KDF_CTX_gettable_params(kctx))
261	\|\| !TEST_ptr(p = OSSL_PARAM_locate_const(gettables, OSSL_KDF_PARAM_SIZE)))
262	goto err;
263
264	/* Get OSSL_KDF_PARAM_SIZE as a size_t */
265	params_get[0] = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_SIZE, &sz);
266	params_get[1] = OSSL_PARAM_construct_end();
267	if (has_digest) {
268	if (!TEST_int_eq(EVP_KDF_CTX_get_params(kctx, params_get), 1)
269	\|\| !TEST_size_t_eq(sz, expand_only ? SHA256_DIGEST_LENGTH : SIZE_MAX))
270	goto err;
271	} else {
272	if (!TEST_int_eq(EVP_KDF_CTX_get_params(kctx, params_get), 0))
273	goto err;
274	}
275
276	/* Get params returns 1 if an unsupported parameter is requested */
277	params_get[0] = OSSL_PARAM_construct_end();
278	if (!TEST_int_eq(EVP_KDF_CTX_get_params(kctx, params_get), 1))
279	goto err;
280	ret = 1;
281	err:
282	EVP_KDF_CTX_free(kctx);
283	OPENSSL_free(params);
284	return ret;
285	}
286
287	static int test_kdf_hkdf_gettables(void)
288	{
289	return do_kdf_hkdf_gettables(0, 1);
290	}
291
292	static int test_kdf_hkdf_gettables_expandonly(void)
293	{
294	return do_kdf_hkdf_gettables(1, 1);
295	}
296
297	static int test_kdf_hkdf_gettables_no_digest(void)
298	{
299	return do_kdf_hkdf_gettables(1, 0);
300	}
301
302	static int test_kdf_hkdf_invalid_digest(void)
303	{
304	int ret;
305	EVP_KDF_CTX *kctx = NULL;
306	OSSL_PARAM *params;
307
308	params = construct_hkdf_params("blah", "secret", 6, "salt", "label");
309
310	ret = TEST_ptr(params)
311	&& TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
312	&& TEST_false(EVP_KDF_CTX_set_params(kctx, params));
313
314	EVP_KDF_CTX_free(kctx);
315	OPENSSL_free(params);
316	return ret;
317	}
318
319	static int test_kdf_hkdf_derive_set_params_fail(void)
320	{
321	int ret = 0, i = 0;
322	EVP_KDF_CTX *kctx = NULL;
323	OSSL_PARAM params[2];
324	unsigned char out[10];
325
326	if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)))
327	goto end;
328	/*
329	* Set the wrong type for the digest so that it causes a failure
330	* inside kdf_hkdf_derive() when kdf_hkdf_set_ctx_params() is called
331	*/
332	params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_DIGEST, &i);
333	params[1] = OSSL_PARAM_construct_end();
334	if (!TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), params), 0))
335	goto end;
336	ret = 1;
337	end:
338	EVP_KDF_CTX_free(kctx);
339	return ret;
340	}
341
342	static int test_kdf_hkdf_set_invalid_mode(void)
343	{
344	int ret = 0, bad_mode = 100;
345	EVP_KDF_CTX *kctx = NULL;
346	OSSL_PARAM params[2];
347
348	if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)))
349	goto end;
350	params[0] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE,
351	"BADMODE", 0);
352	params[1] = OSSL_PARAM_construct_end();
353	if (!TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 0))
354	goto end;
355
356	params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE, &bad_mode);
357	if (!TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 0))
358	goto end;
359
360	ret = 1;
361	end:
362	EVP_KDF_CTX_free(kctx);
363	return ret;
364	}
365
366	static int do_kdf_hkdf_set_invalid_param(const char *key, int type)
367	{
368	int ret = 0;
369	EVP_KDF_CTX *kctx = NULL;
370	OSSL_PARAM params[2];
371	unsigned char buf[2];
372
373	if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF)))
374	goto end;
375	/* Set the wrong type for the key so that it causes a failure */
376	if (type == OSSL_PARAM_UTF8_STRING)
377	params[0] = OSSL_PARAM_construct_utf8_string(key, "BAD", 0);
378	else
379	params[0] = OSSL_PARAM_construct_octet_string(key, buf, sizeof(buf));
380	params[1] = OSSL_PARAM_construct_end();
381	if (!TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 0))
382	goto end;
383
384	ret = 1;
385	end:
386	EVP_KDF_CTX_free(kctx);
387	return ret;
388	}
389
390	static int test_kdf_hkdf_set_ctx_param_fail(void)
391	{
392	return do_kdf_hkdf_set_invalid_param(OSSL_KDF_PARAM_MODE,
393	OSSL_PARAM_OCTET_STRING)
394	&& do_kdf_hkdf_set_invalid_param(OSSL_KDF_PARAM_KEY,
395	OSSL_PARAM_UTF8_STRING)
396	&& do_kdf_hkdf_set_invalid_param(OSSL_KDF_PARAM_SALT,
397	OSSL_PARAM_UTF8_STRING)
398	&& do_kdf_hkdf_set_invalid_param(OSSL_KDF_PARAM_INFO,
399	OSSL_PARAM_UTF8_STRING);
400	}
401
402	static int test_kdf_hkdf_zero_output_size(void)
403	{
404	int ret;
405	EVP_KDF_CTX *kctx = NULL;
406	unsigned char out[10];
407	OSSL_PARAM *params;
408
409	params = construct_hkdf_params("sha256", "secret", 6, "salt", "label");
410
411	/* Negative test - derive should fail */
412	ret = TEST_ptr(params)
413	&& TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
414	&& TEST_true(EVP_KDF_CTX_set_params(kctx, params))
415	&& TEST_int_eq(EVP_KDF_derive(kctx, out, 0, NULL), 0);
416
417	EVP_KDF_CTX_free(kctx);
418	OPENSSL_free(params);
419	return ret;
420	}
421
422	static int test_kdf_hkdf_empty_key(void)
423	{
424	int ret;
425	EVP_KDF_CTX *kctx = NULL;
426	unsigned char out[10];
427	OSSL_PARAM *params;
428
429	params = construct_hkdf_params("sha256", "", 0, "salt", "label");
430
431	ret = TEST_ptr(params)
432	&& TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
433	&& TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
434
435	EVP_KDF_CTX_free(kctx);
436	OPENSSL_free(params);
437	return ret;
438	}
439
440	static int test_kdf_hkdf_1byte_key(void)
441	{
442	int ret;
443	EVP_KDF_CTX *kctx = NULL;
444	unsigned char out[10];
445	OSSL_PARAM *params;
446
447	params = construct_hkdf_params("sha256", "1", 1, "salt", "label");
448
449	ret = TEST_ptr(params)
450	&& TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
451	&& TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
452
453	EVP_KDF_CTX_free(kctx);
454	OPENSSL_free(params);
455	return ret;
456	}
457
458	static int test_kdf_hkdf_empty_salt(void)
459	{
460	int ret;
461	EVP_KDF_CTX *kctx = NULL;
462	unsigned char out[10];
463	OSSL_PARAM *params;
464
465	params = construct_hkdf_params("sha256", "secret", 6, "", "label");
466
467	ret = TEST_ptr(params)
468	&& TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HKDF))
469	&& TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0);
470
471	EVP_KDF_CTX_free(kctx);
472	OPENSSL_free(params);
473	return ret;
474	}
475
476	static OSSL_PARAM construct_pbkdf1_params(char pass, char digest, char salt,
477	unsigned int *iter)
478	{
479	OSSL_PARAM params = OPENSSL_malloc(sizeof(OSSL_PARAM) 5);
480	OSSL_PARAM *p = params;
481
482	if (params == NULL)
483	return NULL;
484
485	*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
486	(unsigned char *)pass, strlen(pass));
487	*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
488	(unsigned char *)salt, strlen(salt));
489	*p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_ITER, iter);
490	*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
491	digest, 0);
492	*p = OSSL_PARAM_construct_end();
493
494	return params;
495	}
496
497	static int test_kdf_pbkdf1(void)
498	{
499	int ret = 0;
500	EVP_KDF_CTX *kctx = NULL;
501	unsigned char out[25];
502	unsigned int iterations = 4096;
503	OSSL_LIB_CTX *libctx = NULL;
504	OSSL_PARAM *params = NULL;
505	OSSL_PROVIDER *legacyprov = NULL;
506	OSSL_PROVIDER *defprov = NULL;
507	const unsigned char expected[sizeof(out)] = {
508	0xfb, 0x83, 0x4d, 0x36, 0x6d, 0xbc, 0x53, 0x87, 0x35, 0x1b, 0x34, 0x75,
509	0x95, 0x88, 0x32, 0x4f, 0x3e, 0x82, 0x81, 0x01, 0x21, 0x93, 0x64, 0x00,
510	0xcc
511	};
512
513	if (!TEST_ptr(libctx = OSSL_LIB_CTX_new()))
514	goto err;
515
516	/* PBKDF1 only available in the legacy provider */
517	legacyprov = OSSL_PROVIDER_load(libctx, "legacy");
518	if (legacyprov == NULL) {
519	OSSL_LIB_CTX_free(libctx);
520	return TEST_skip("PBKDF1 only available in legacy provider");
521	}
522
523	if (!TEST_ptr(defprov = OSSL_PROVIDER_load(libctx, "default")))
524	goto err;
525
526	params = construct_pbkdf1_params("passwordPASSWORDpassword", "sha256",
527	"saltSALTsaltSALTsaltSALTsaltSALTsalt",
528	&iterations);
529
530	if (!TEST_ptr(params)
531	\|\| !TEST_ptr(kctx = get_kdfbyname_libctx(libctx, OSSL_KDF_NAME_PBKDF1))
532	\|\| !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
533	\|\| !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)
534	\|\| !TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)))
535	goto err;
536
537	ret = 1;
538	err:
539	EVP_KDF_CTX_free(kctx);
540	OPENSSL_free(params);
541	OSSL_PROVIDER_unload(defprov);
542	OSSL_PROVIDER_unload(legacyprov);
543	OSSL_LIB_CTX_free(libctx);
544	return ret;
545	}
546
547	static int test_kdf_pbkdf1_key_too_long(void)
548	{
549	int ret = 0;
550	EVP_KDF_CTX *kctx = NULL;
551	unsigned char out[EVP_MAX_MD_SIZE + 1];
552	unsigned int iterations = 4096;
553	OSSL_LIB_CTX *libctx = NULL;
554	OSSL_PARAM *params = NULL;
555	OSSL_PROVIDER *legacyprov = NULL;
556	OSSL_PROVIDER *defprov = NULL;
557
558	if (!TEST_ptr(libctx = OSSL_LIB_CTX_new()))
559	goto err;
560
561	/* PBKDF1 only available in the legacy provider */
562	legacyprov = OSSL_PROVIDER_load(libctx, "legacy");
563	if (legacyprov == NULL) {
564	OSSL_LIB_CTX_free(libctx);
565	return TEST_skip("PBKDF1 only available in legacy provider");
566	}
567
568	if (!TEST_ptr(defprov = OSSL_PROVIDER_load(libctx, "default")))
569	goto err;
570
571	params = construct_pbkdf1_params("passwordPASSWORDpassword", "sha256",
572	"saltSALTsaltSALTsaltSALTsaltSALTsalt",
573	&iterations);
574
575	/*
576	* This is the same test sequence as test_kdf_pbkdf1, but we expect
577	* failure here as the requested key size is longer than the digest
578	* can provide
579	*/
580	if (!TEST_ptr(params)
581	\|\| !TEST_ptr(kctx = get_kdfbyname_libctx(libctx, OSSL_KDF_NAME_PBKDF1))
582	\|\| !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
583	\|\| !TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0))
584	goto err;
585
586	ret = 1;
587	err:
588	EVP_KDF_CTX_free(kctx);
589	OPENSSL_free(params);
590	OSSL_PROVIDER_unload(defprov);
591	OSSL_PROVIDER_unload(legacyprov);
592	OSSL_LIB_CTX_free(libctx);
593	return ret;
594	}
595
596	static OSSL_PARAM construct_pbkdf2_params(char pass, char digest, char salt,
597	unsigned int iter, int mode)
598	{
599	OSSL_PARAM params = OPENSSL_malloc(sizeof(OSSL_PARAM) 6);
600	OSSL_PARAM *p = params;
601
602	if (params == NULL)
603	return NULL;
604
605	*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
606	(unsigned char *)pass, strlen(pass));
607	*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
608	(unsigned char *)salt, strlen(salt));
609	*p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_ITER, iter);
610	*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
611	digest, 0);
612	*p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, mode);
613	*p = OSSL_PARAM_construct_end();
614
615	return params;
616	}
617
618	static int test_kdf_pbkdf2(void)
619	{
620	int ret = 0;
621	EVP_KDF_CTX *kctx = NULL;
622	unsigned char out[25];
623	unsigned int iterations = 4096;
624	int mode = 0;
625	OSSL_PARAM *params;
626	const unsigned char expected[sizeof(out)] = {
627	0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f,
628	0x32, 0xd8, 0x14, 0xb8, 0x11, 0x6e, 0x84, 0xcf,
629	0x2b, 0x17, 0x34, 0x7e, 0xbc, 0x18, 0x00, 0x18,
630	0x1c
631	};
632
633	params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
634	"saltSALTsaltSALTsaltSALTsaltSALTsalt",
635	&iterations, &mode);
636
637	if (!TEST_ptr(params)
638	\|\| !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
639	\|\| !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
640	\|\| !TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)))
641	goto err;
642
643	ret = 1;
644	err:
645	EVP_KDF_CTX_free(kctx);
646	OPENSSL_free(params);
647	return ret;
648	}
649
650	static int test_kdf_pbkdf2_small_output(void)
651	{
652	int ret = 0;
653	EVP_KDF_CTX *kctx = NULL;
654	unsigned char out[25];
655	unsigned int iterations = 4096;
656	int mode = 0;
657	OSSL_PARAM *params;
658
659	params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
660	"saltSALTsaltSALTsaltSALTsaltSALTsalt",
661	&iterations, &mode);
662
663	if (!TEST_ptr(params)
664	\|\| !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
665	\|\| !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
666	/* A key length that is too small should fail */
667	\|\| !TEST_int_eq(EVP_KDF_derive(kctx, out, 112 / 8 - 1, NULL), 0))
668	goto err;
669
670	ret = 1;
671	err:
672	EVP_KDF_CTX_free(kctx);
673	OPENSSL_free(params);
674	return ret;
675	}
676
677	static int test_kdf_pbkdf2_large_output(void)
678	{
679	int ret = 0;
680	EVP_KDF_CTX *kctx = NULL;
681	unsigned char out[25];
682	size_t len = 0;
683	unsigned int iterations = 4096;
684	int mode = 0;
685	OSSL_PARAM *params;
686
687	if (sizeof(len) > 32)
688	len = SIZE_MAX;
689
690	params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
691	"saltSALTsaltSALTsaltSALTsaltSALTsalt",
692	&iterations, &mode);
693
694	if (!TEST_ptr(params)
695	\|\| !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
696	/* A key length that is too large should fail */
697	\|\| !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
698	\|\| (len != 0 && !TEST_int_eq(EVP_KDF_derive(kctx, out, len, NULL), 0)))
699	goto err;
700
701	ret = 1;
702	err:
703	EVP_KDF_CTX_free(kctx);
704	OPENSSL_free(params);
705	return ret;
706	}
707
708	static int test_kdf_pbkdf2_small_salt(void)
709	{
710	int ret = 0;
711	EVP_KDF_CTX *kctx = NULL;
712	unsigned int iterations = 4096;
713	int mode = 0;
714	OSSL_PARAM *params;
715
716	params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
717	"saltSALT",
718	&iterations, &mode);
719
720	if (!TEST_ptr(params)
721	\|\| !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
722	/* A salt that is too small should fail */
723	\|\| !TEST_false(EVP_KDF_CTX_set_params(kctx, params)))
724	goto err;
725
726	ret = 1;
727	err:
728	EVP_KDF_CTX_free(kctx);
729	OPENSSL_free(params);
730	return ret;
731	}
732
733	static int test_kdf_pbkdf2_small_iterations(void)
734	{
735	int ret = 0;
736	EVP_KDF_CTX *kctx = NULL;
737	unsigned int iterations = 1;
738	int mode = 0;
739	OSSL_PARAM *params;
740
741	params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
742	"saltSALTsaltSALTsaltSALTsaltSALTsalt",
743	&iterations, &mode);
744
745	if (!TEST_ptr(params)
746	\|\| !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
747	/* An iteration count that is too small should fail */
748	\|\| !TEST_false(EVP_KDF_CTX_set_params(kctx, params)))
749	goto err;
750
751	ret = 1;
752	err:
753	EVP_KDF_CTX_free(kctx);
754	OPENSSL_free(params);
755	return ret;
756	}
757
758	static int test_kdf_pbkdf2_small_salt_pkcs5(void)
759	{
760	int ret = 0;
761	EVP_KDF_CTX *kctx = NULL;
762	unsigned char out[25];
763	unsigned int iterations = 4096;
764	int mode = 1;
765	OSSL_PARAM *params;
766	OSSL_PARAM mode_params[2];
767
768	params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
769	"saltSALT",
770	&iterations, &mode);
771
772	if (!TEST_ptr(params)
773	\|\| !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
774	/* A salt that is too small should pass in pkcs5 mode */
775	\|\| !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
776	\|\| !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0))
777	goto err;
778
779	mode = 0;
780	mode_params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &mode);
781	mode_params[1] = OSSL_PARAM_construct_end();
782
783	/* If the "pkcs5" mode is disabled then the derive will now fail */
784	if (!TEST_true(EVP_KDF_CTX_set_params(kctx, mode_params))
785	\|\| !TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0))
786	goto err;
787
788	ret = 1;
789	err:
790	EVP_KDF_CTX_free(kctx);
791	OPENSSL_free(params);
792	return ret;
793	}
794
795	static int test_kdf_pbkdf2_small_iterations_pkcs5(void)
796	{
797	int ret = 0;
798	EVP_KDF_CTX *kctx = NULL;
799	unsigned char out[25];
800	unsigned int iterations = 1;
801	int mode = 1;
802	OSSL_PARAM *params;
803	OSSL_PARAM mode_params[2];
804
805	params = construct_pbkdf2_params("passwordPASSWORDpassword", "sha256",
806	"saltSALTsaltSALTsaltSALTsaltSALTsalt",
807	&iterations, &mode);
808
809	if (!TEST_ptr(params)
810	\|\| !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
811	/* An iteration count that is too small will pass in pkcs5 mode */
812	\|\| !TEST_true(EVP_KDF_CTX_set_params(kctx, params))
813	\|\| !TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0))
814	goto err;
815
816	mode = 0;
817	mode_params[0] = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &mode);
818	mode_params[1] = OSSL_PARAM_construct_end();
819
820	/* If the "pkcs5" mode is disabled then the derive will now fail */
821	if (!TEST_true(EVP_KDF_CTX_set_params(kctx, mode_params))
822	\|\| !TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0))
823	goto err;
824
825	ret = 1;
826	err:
827	EVP_KDF_CTX_free(kctx);
828	OPENSSL_free(params);
829	return ret;
830	}
831
832	static int test_kdf_pbkdf2_invalid_digest(void)
833	{
834	int ret = 0;
835	EVP_KDF_CTX *kctx = NULL;
836	unsigned int iterations = 4096;
837	int mode = 0;
838	OSSL_PARAM *params;
839
840	params = construct_pbkdf2_params("passwordPASSWORDpassword", "blah",
841	"saltSALTsaltSALTsaltSALTsaltSALTsalt",
842	&iterations, &mode);
843
844	if (!TEST_ptr(params)
845	\|\| !TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_PBKDF2))
846	/* Unknown digest should fail */
847	\|\| !TEST_false(EVP_KDF_CTX_set_params(kctx, params)))
848	goto err;
849
850	ret = 1;
851	err:
852	EVP_KDF_CTX_free(kctx);
853	OPENSSL_free(params);
854	return ret;
855	}
856
857	#ifndef OPENSSL_NO_SCRYPT
858	static int test_kdf_scrypt(void)
859	{
860	int i, ret;
861	EVP_KDF_CTX *kctx;
862	OSSL_PARAM params[7], *p = params;
863	unsigned char out[64];
864	unsigned int nu = 1024, ru = 8, pu = 16, maxmem = 16;
865	static const unsigned char expected[sizeof(out)] = {
866	0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
867	0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
868	0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
869	0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
870	0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
871	0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
872	0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
873	0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
874	};
875
876	*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
877	(char *)"password", 8);
878	*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
879	(char *)"NaCl", 4);
880	*p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_N, &nu);
881	*p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_R, &ru);
882	*p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_P, &pu);
883	*p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_MAXMEM, &maxmem);
884	*p = OSSL_PARAM_construct_end();
885
886	ret = TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SCRYPT));
887	for (i = 0; ret && i < 2; ++i) {
888	ret = ret
889	&& TEST_true(EVP_KDF_CTX_set_params(kctx, params));
890	if (i == 0)
891	ret = ret
892	&& TEST_int_le(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)
893	&& TEST_true(OSSL_PARAM_set_uint(p - 1, 10 * 1024 * 1024))
894	&& TEST_true(EVP_KDF_CTX_set_params(kctx, p - 1));
895	ret = ret
896	&& TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)
897	&& TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
898	if (i == 0)
899	EVP_KDF_CTX_reset(kctx);
900	}
901
902	EVP_KDF_CTX_free(kctx);
903	return ret;
904	}
905	#endif /* OPENSSL_NO_SCRYPT */
906
907	static int test_kdf_ss_hash(void)
908	{
909	int ret;
910	EVP_KDF_CTX *kctx;
911	OSSL_PARAM params[4], *p = params;
912	unsigned char out[14];
913	static unsigned char z[] = {
914	0x6d,0xbd,0xc2,0x3f,0x04,0x54,0x88,0xe4,0x06,0x27,0x57,0xb0,0x6b,0x9e,
915	0xba,0xe1,0x83,0xfc,0x5a,0x59,0x46,0xd8,0x0d,0xb9,0x3f,0xec,0x6f,0x62,
916	0xec,0x07,0xe3,0x72,0x7f,0x01,0x26,0xae,0xd1,0x2c,0xe4,0xb2,0x62,0xf4,
917	0x7d,0x48,0xd5,0x42,0x87,0xf8,0x1d,0x47,0x4c,0x7c,0x3b,0x18,0x50,0xe9
918	};
919	static unsigned char other[] = {
920	0xa1,0xb2,0xc3,0xd4,0xe5,0x43,0x41,0x56,0x53,0x69,0x64,0x3c,0x83,0x2e,
921	0x98,0x49,0xdc,0xdb,0xa7,0x1e,0x9a,0x31,0x39,0xe6,0x06,0xe0,0x95,0xde,
922	0x3c,0x26,0x4a,0x66,0xe9,0x8a,0x16,0x58,0x54,0xcd,0x07,0x98,0x9b,0x1e,
923	0xe0,0xec,0x3f,0x8d,0xbe
924	};
925	static const unsigned char expected[sizeof(out)] = {
926	0xa4,0x62,0xde,0x16,0xa8,0x9d,0xe8,0x46,0x6e,0xf5,0x46,0x0b,0x47,0xb8
927	};
928
929	*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
930	(char *)"sha224", 0);
931	*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
932	*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
933	sizeof(other));
934	*p = OSSL_PARAM_construct_end();
935
936	ret =
937	TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
938	&& TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
939	&& TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
940
941	EVP_KDF_CTX_free(kctx);
942	return ret;
943	}
944
945	static int test_kdf_x963(void)
946	{
947	int ret;
948	EVP_KDF_CTX *kctx;
949	OSSL_PARAM params[4], *p = params;
950	unsigned char out[1024 / 8];
951	/*
952	* Test data from https://csrc.nist.gov/CSRC/media/Projects/
953	* Cryptographic-Algorithm-Validation-Program/documents/components/
954	* 800-135testvectors/ansx963_2001.zip
955	*/
956	static unsigned char z[] = {
957	0x00, 0xaa, 0x5b, 0xb7, 0x9b, 0x33, 0xe3, 0x89, 0xfa, 0x58, 0xce, 0xad,
958	0xc0, 0x47, 0x19, 0x7f, 0x14, 0xe7, 0x37, 0x12, 0xf4, 0x52, 0xca, 0xa9,
959	0xfc, 0x4c, 0x9a, 0xdb, 0x36, 0x93, 0x48, 0xb8, 0x15, 0x07, 0x39, 0x2f,
960	0x1a, 0x86, 0xdd, 0xfd, 0xb7, 0xc4, 0xff, 0x82, 0x31, 0xc4, 0xbd, 0x0f,
961	0x44, 0xe4, 0x4a, 0x1b, 0x55, 0xb1, 0x40, 0x47, 0x47, 0xa9, 0xe2, 0xe7,
962	0x53, 0xf5, 0x5e, 0xf0, 0x5a, 0x2d
963	};
964	static unsigned char shared[] = {
965	0xe3, 0xb5, 0xb4, 0xc1, 0xb0, 0xd5, 0xcf, 0x1d, 0x2b, 0x3a, 0x2f, 0x99,
966	0x37, 0x89, 0x5d, 0x31
967	};
968	static const unsigned char expected[sizeof(out)] = {
969	0x44, 0x63, 0xf8, 0x69, 0xf3, 0xcc, 0x18, 0x76, 0x9b, 0x52, 0x26, 0x4b,
970	0x01, 0x12, 0xb5, 0x85, 0x8f, 0x7a, 0xd3, 0x2a, 0x5a, 0x2d, 0x96, 0xd8,
971	0xcf, 0xfa, 0xbf, 0x7f, 0xa7, 0x33, 0x63, 0x3d, 0x6e, 0x4d, 0xd2, 0xa5,
972	0x99, 0xac, 0xce, 0xb3, 0xea, 0x54, 0xa6, 0x21, 0x7c, 0xe0, 0xb5, 0x0e,
973	0xef, 0x4f, 0x6b, 0x40, 0xa5, 0xc3, 0x02, 0x50, 0xa5, 0xa8, 0xee, 0xee,
974	0x20, 0x80, 0x02, 0x26, 0x70, 0x89, 0xdb, 0xf3, 0x51, 0xf3, 0xf5, 0x02,
975	0x2a, 0xa9, 0x63, 0x8b, 0xf1, 0xee, 0x41, 0x9d, 0xea, 0x9c, 0x4f, 0xf7,
976	0x45, 0xa2, 0x5a, 0xc2, 0x7b, 0xda, 0x33, 0xca, 0x08, 0xbd, 0x56, 0xdd,
977	0x1a, 0x59, 0xb4, 0x10, 0x6c, 0xf2, 0xdb, 0xbc, 0x0a, 0xb2, 0xaa, 0x8e,
978	0x2e, 0xfa, 0x7b, 0x17, 0x90, 0x2d, 0x34, 0x27, 0x69, 0x51, 0xce, 0xcc,
979	0xab, 0x87, 0xf9, 0x66, 0x1c, 0x3e, 0x88, 0x16
980	};
981
982	*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
983	(char *)"sha512", 0);
984	*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
985	*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, shared,
986	sizeof(shared));
987	*p = OSSL_PARAM_construct_end();
988
989	ret =
990	TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X963KDF))
991	&& TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
992	&& TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
993
994	EVP_KDF_CTX_free(kctx);
995	return ret;
996	}
997
998	#if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_CAMELLIA)
999	/*
1000	* KBKDF test vectors from RFC 6803 (Camellia Encryption for Kerberos 5)
1001	* section 10.
1002	*/
1003	static int test_kdf_kbkdf_6803_128(void)
1004	{
1005	int ret = 0, i, p;
1006	EVP_KDF_CTX *kctx;
1007	OSSL_PARAM params[7];
1008	static unsigned char input_key[] = {
1009	0x57, 0xD0, 0x29, 0x72, 0x98, 0xFF, 0xD9, 0xD3,
1010	0x5D, 0xE5, 0xA4, 0x7F, 0xB4, 0xBD, 0xE2, 0x4B,
1011	};
1012	static unsigned char constants[][5] = {
1013	{ 0x00, 0x00, 0x00, 0x02, 0x99 },
1014	{ 0x00, 0x00, 0x00, 0x02, 0xaa },
1015	{ 0x00, 0x00, 0x00, 0x02, 0x55 },
1016	};
1017	static unsigned char outputs[][16] = {
1018	{0xD1, 0x55, 0x77, 0x5A, 0x20, 0x9D, 0x05, 0xF0,
1019	0x2B, 0x38, 0xD4, 0x2A, 0x38, 0x9E, 0x5A, 0x56},
1020	{0x64, 0xDF, 0x83, 0xF8, 0x5A, 0x53, 0x2F, 0x17,
1021	0x57, 0x7D, 0x8C, 0x37, 0x03, 0x57, 0x96, 0xAB},
1022	{0x3E, 0x4F, 0xBD, 0xF3, 0x0F, 0xB8, 0x25, 0x9C,
1023	0x42, 0x5C, 0xB6, 0xC9, 0x6F, 0x1F, 0x46, 0x35}
1024	};
1025	static unsigned char iv[16] = { 0 };
1026	unsigned char result[16] = { 0 };
1027
1028	for (i = 0; i < 3; i++) {
1029	p = 0;
1030	params[p++] = OSSL_PARAM_construct_utf8_string(
1031	OSSL_KDF_PARAM_CIPHER, "CAMELLIA-128-CBC", 0);
1032	params[p++] = OSSL_PARAM_construct_utf8_string(
1033	OSSL_KDF_PARAM_MAC, "CMAC", 0);
1034	params[p++] = OSSL_PARAM_construct_utf8_string(
1035	OSSL_KDF_PARAM_MODE, "FEEDBACK", 0);
1036	params[p++] = OSSL_PARAM_construct_octet_string(
1037	OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
1038	params[p++] = OSSL_PARAM_construct_octet_string(
1039	OSSL_KDF_PARAM_SALT, constants[i], sizeof(constants[i]));
1040	params[p++] = OSSL_PARAM_construct_octet_string(
1041	OSSL_KDF_PARAM_SEED, iv, sizeof(iv));
1042	params[p] = OSSL_PARAM_construct_end();
1043
1044	kctx = get_kdfbyname("KBKDF");
1045	ret = TEST_ptr(kctx)
1046	&& TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result),
1047	params), 0)
1048	&& TEST_mem_eq(result, sizeof(result), outputs[i],
1049	sizeof(outputs[i]));
1050	EVP_KDF_CTX_free(kctx);
1051	if (ret != 1)
1052	return ret;
1053	}
1054
1055	return ret;
1056	}
1057
1058	static int test_kdf_kbkdf_6803_256(void)
1059	{
1060	int ret = 0, i, p;
1061	EVP_KDF_CTX *kctx;
1062	OSSL_PARAM params[7];
1063	static unsigned char input_key[] = {
1064	0xB9, 0xD6, 0x82, 0x8B, 0x20, 0x56, 0xB7, 0xBE,
1065	0x65, 0x6D, 0x88, 0xA1, 0x23, 0xB1, 0xFA, 0xC6,
1066	0x82, 0x14, 0xAC, 0x2B, 0x72, 0x7E, 0xCF, 0x5F,
1067	0x69, 0xAF, 0xE0, 0xC4, 0xDF, 0x2A, 0x6D, 0x2C,
1068	};
1069	static unsigned char constants[][5] = {
1070	{ 0x00, 0x00, 0x00, 0x02, 0x99 },
1071	{ 0x00, 0x00, 0x00, 0x02, 0xaa },
1072	{ 0x00, 0x00, 0x00, 0x02, 0x55 },
1073	};
1074	static unsigned char outputs[][32] = {
1075	{0xE4, 0x67, 0xF9, 0xA9, 0x55, 0x2B, 0xC7, 0xD3,
1076	0x15, 0x5A, 0x62, 0x20, 0xAF, 0x9C, 0x19, 0x22,
1077	0x0E, 0xEE, 0xD4, 0xFF, 0x78, 0xB0, 0xD1, 0xE6,
1078	0xA1, 0x54, 0x49, 0x91, 0x46, 0x1A, 0x9E, 0x50,
1079	},
1080	{0x41, 0x2A, 0xEF, 0xC3, 0x62, 0xA7, 0x28, 0x5F,
1081	0xC3, 0x96, 0x6C, 0x6A, 0x51, 0x81, 0xE7, 0x60,
1082	0x5A, 0xE6, 0x75, 0x23, 0x5B, 0x6D, 0x54, 0x9F,
1083	0xBF, 0xC9, 0xAB, 0x66, 0x30, 0xA4, 0xC6, 0x04,
1084	},
1085	{0xFA, 0x62, 0x4F, 0xA0, 0xE5, 0x23, 0x99, 0x3F,
1086	0xA3, 0x88, 0xAE, 0xFD, 0xC6, 0x7E, 0x67, 0xEB,
1087	0xCD, 0x8C, 0x08, 0xE8, 0xA0, 0x24, 0x6B, 0x1D,
1088	0x73, 0xB0, 0xD1, 0xDD, 0x9F, 0xC5, 0x82, 0xB0,
1089	},
1090	};
1091	static unsigned char iv[16] = { 0 };
1092	unsigned char result[32] = { 0 };
1093
1094	for (i = 0; i < 3; i++) {
1095	p = 0;
1096	params[p++] = OSSL_PARAM_construct_utf8_string(
1097	OSSL_KDF_PARAM_CIPHER, "CAMELLIA-256-CBC", 0);
1098	params[p++] = OSSL_PARAM_construct_utf8_string(
1099	OSSL_KDF_PARAM_MAC, "CMAC", 0);
1100	params[p++] = OSSL_PARAM_construct_utf8_string(
1101	OSSL_KDF_PARAM_MODE, "FEEDBACK", 0);
1102	params[p++] = OSSL_PARAM_construct_octet_string(
1103	OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
1104	params[p++] = OSSL_PARAM_construct_octet_string(
1105	OSSL_KDF_PARAM_SALT, constants[i], sizeof(constants[i]));
1106	params[p++] = OSSL_PARAM_construct_octet_string(
1107	OSSL_KDF_PARAM_SEED, iv, sizeof(iv));
1108	params[p] = OSSL_PARAM_construct_end();
1109
1110	kctx = get_kdfbyname("KBKDF");
1111	ret = TEST_ptr(kctx)
1112	&& TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result),
1113	params), 0)
1114	&& TEST_mem_eq(result, sizeof(result), outputs[i],
1115	sizeof(outputs[i]));
1116	EVP_KDF_CTX_free(kctx);
1117	if (ret != 1)
1118	return ret;
1119	}
1120
1121	return ret;
1122	}
1123	#endif
1124
1125	static OSSL_PARAM construct_kbkdf_params(char digest, char mac, unsigned char key,
1126	size_t keylen, char salt, char info, int *r)
1127	{
1128	OSSL_PARAM params = OPENSSL_malloc(sizeof(OSSL_PARAM) 8);
1129	OSSL_PARAM *p = params;
1130
1131	if (params == NULL)
1132	return NULL;
1133
1134	*p++ = OSSL_PARAM_construct_utf8_string(
1135	OSSL_KDF_PARAM_DIGEST, digest, 0);
1136	*p++ = OSSL_PARAM_construct_utf8_string(
1137	OSSL_KDF_PARAM_MAC, mac, 0);
1138	*p++ = OSSL_PARAM_construct_utf8_string(
1139	OSSL_KDF_PARAM_MODE, "COUNTER", 0);
1140	*p++ = OSSL_PARAM_construct_octet_string(
1141	OSSL_KDF_PARAM_KEY, key, keylen);
1142	*p++ = OSSL_PARAM_construct_octet_string(
1143	OSSL_KDF_PARAM_SALT, salt, strlen(salt));
1144	*p++ = OSSL_PARAM_construct_octet_string(
1145	OSSL_KDF_PARAM_INFO, info, strlen(info));
1146	*p++ = OSSL_PARAM_construct_int(
1147	OSSL_KDF_PARAM_KBKDF_R, r);
1148	*p = OSSL_PARAM_construct_end();
1149
1150	return params;
1151	}
1152
1153	static int test_kdf_kbkdf_invalid_digest(void)
1154	{
1155	int ret;
1156	EVP_KDF_CTX *kctx;
1157	OSSL_PARAM *params;
1158
1159	static unsigned char key[] = {0x01};
1160	int r = 32;
1161
1162	params = construct_kbkdf_params("blah", "HMAC", key, 1, "prf", "test", &r);
1163	if (!TEST_ptr(params))
1164	return 0;
1165
1166	/* Negative test case - set_params should fail */
1167	kctx = get_kdfbyname("KBKDF");
1168	ret = TEST_ptr(kctx)
1169	&& TEST_false(EVP_KDF_CTX_set_params(kctx, params));
1170
1171	EVP_KDF_CTX_free(kctx);
1172	OPENSSL_free(params);
1173	return ret;
1174	}
1175
1176	static int test_kdf_kbkdf_invalid_mac(void)
1177	{
1178	int ret;
1179	EVP_KDF_CTX *kctx;
1180	OSSL_PARAM *params;
1181
1182	static unsigned char key[] = {0x01};
1183	int r = 32;
1184
1185	params = construct_kbkdf_params("sha256", "blah", key, 1, "prf", "test", &r);
1186	if (!TEST_ptr(params))
1187	return 0;
1188
1189	/* Negative test case - set_params should fail */
1190	kctx = get_kdfbyname("KBKDF");
1191	ret = TEST_ptr(kctx)
1192	&& TEST_false(EVP_KDF_CTX_set_params(kctx, params));
1193
1194	EVP_KDF_CTX_free(kctx);
1195	OPENSSL_free(params);
1196	return ret;
1197	}
1198
1199	static int test_kdf_kbkdf_invalid_r(void)
1200	{
1201	int ret;
1202	EVP_KDF_CTX *kctx;
1203	OSSL_PARAM *params;
1204
1205	static unsigned char key[] = {0x01};
1206	int r = 31;
1207
1208	params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test", &r);
1209	if (!TEST_ptr(params))
1210	return 0;
1211
1212	/* Negative test case - derive should fail */
1213	kctx = get_kdfbyname("KBKDF");
1214	ret = TEST_ptr(kctx)
1215	&& TEST_false(EVP_KDF_CTX_set_params(kctx, params));
1216
1217	EVP_KDF_CTX_free(kctx);
1218	OPENSSL_free(params);
1219	return ret;
1220	}
1221
1222
1223	static int test_kdf_kbkdf_empty_key(void)
1224	{
1225	int ret;
1226	EVP_KDF_CTX *kctx;
1227	OSSL_PARAM *params;
1228
1229	static unsigned char key[] = {0x01};
1230	unsigned char result[32] = { 0 };
1231	int r = 32;
1232
1233	params = construct_kbkdf_params("sha256", "HMAC", key, 0, "prf", "test", &r);
1234	if (!TEST_ptr(params))
1235	return 0;
1236
1237	/* Negative test case - derive should fail */
1238	kctx = get_kdfbyname("KBKDF");
1239	ret = TEST_ptr(kctx)
1240	&& TEST_true(EVP_KDF_CTX_set_params(kctx, params))
1241	&& TEST_int_eq(EVP_KDF_derive(kctx, result, sizeof(result), NULL), 0);
1242
1243	EVP_KDF_CTX_free(kctx);
1244	OPENSSL_free(params);
1245	return ret;
1246	}
1247
1248	static int test_kdf_kbkdf_1byte_key(void)
1249	{
1250	int ret;
1251	EVP_KDF_CTX *kctx;
1252	OSSL_PARAM *params;
1253
1254	static unsigned char key[] = {0x01};
1255	unsigned char result[32] = { 0 };
1256	int r = 32;
1257
1258	params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test", &r);
1259	if (!TEST_ptr(params))
1260	return 0;
1261
1262	kctx = get_kdfbyname("KBKDF");
1263	ret = TEST_ptr(kctx)
1264	&& TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), params), 0);
1265
1266	EVP_KDF_CTX_free(kctx);
1267	OPENSSL_free(params);
1268	return ret;
1269	}
1270
1271	static int test_kdf_kbkdf_zero_output_size(void)
1272	{
1273	int ret;
1274	EVP_KDF_CTX *kctx;
1275	OSSL_PARAM *params;
1276
1277	static unsigned char key[] = {0x01};
1278	unsigned char result[32] = { 0 };
1279	int r = 32;
1280
1281	params = construct_kbkdf_params("sha256", "HMAC", key, 1, "prf", "test", &r);
1282	if (!TEST_ptr(params))
1283	return 0;
1284
1285	/* Negative test case - derive should fail */
1286	kctx = get_kdfbyname("KBKDF");
1287	ret = TEST_ptr(kctx)
1288	&& TEST_true(EVP_KDF_CTX_set_params(kctx, params))
1289	&& TEST_int_eq(EVP_KDF_derive(kctx, result, 0, NULL), 0);
1290
1291	EVP_KDF_CTX_free(kctx);
1292	OPENSSL_free(params);
1293	return ret;
1294	}
1295
1296	/* Two test vectors from RFC 8009 (AES Encryption with HMAC-SHA2 for Kerberos
1297	* 5) appendix A. */
1298	static int test_kdf_kbkdf_8009_prf1(void)
1299	{
1300	int ret, i = 0;
1301	EVP_KDF_CTX *kctx;
1302	OSSL_PARAM params[6];
1303	char label = "prf", digest = "sha256", *prf_input = "test",
1304	*mac = "HMAC";
1305	static unsigned char input_key[] = {
1306	0x37, 0x05, 0xD9, 0x60, 0x80, 0xC1, 0x77, 0x28,
1307	0xA0, 0xE8, 0x00, 0xEA, 0xB6, 0xE0, 0xD2, 0x3C,
1308	};
1309	static unsigned char output[] = {
1310	0x9D, 0x18, 0x86, 0x16, 0xF6, 0x38, 0x52, 0xFE,
1311	0x86, 0x91, 0x5B, 0xB8, 0x40, 0xB4, 0xA8, 0x86,
1312	0xFF, 0x3E, 0x6B, 0xB0, 0xF8, 0x19, 0xB4, 0x9B,
1313	0x89, 0x33, 0x93, 0xD3, 0x93, 0x85, 0x42, 0x95,
1314	};
1315	unsigned char result[sizeof(output)] = { 0 };
1316
1317	params[i++] = OSSL_PARAM_construct_utf8_string(
1318	OSSL_KDF_PARAM_DIGEST, digest, 0);
1319	params[i++] = OSSL_PARAM_construct_utf8_string(
1320	OSSL_KDF_PARAM_MAC, mac, 0);
1321	params[i++] = OSSL_PARAM_construct_octet_string(
1322	OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
1323	params[i++] = OSSL_PARAM_construct_octet_string(
1324	OSSL_KDF_PARAM_SALT, label, strlen(label));
1325	params[i++] = OSSL_PARAM_construct_octet_string(
1326	OSSL_KDF_PARAM_INFO, prf_input, strlen(prf_input));
1327	params[i] = OSSL_PARAM_construct_end();
1328
1329	kctx = get_kdfbyname("KBKDF");
1330	ret = TEST_ptr(kctx)
1331	&& TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), params), 0)
1332	&& TEST_mem_eq(result, sizeof(result), output, sizeof(output));
1333
1334	EVP_KDF_CTX_free(kctx);
1335	return ret;
1336	}
1337
1338	static int test_kdf_kbkdf_8009_prf2(void)
1339	{
1340	int ret, i = 0;
1341	EVP_KDF_CTX *kctx;
1342	OSSL_PARAM params[6];
1343	char label = "prf", digest = "sha384", *prf_input = "test",
1344	*mac = "HMAC";
1345	static unsigned char input_key[] = {
1346	0x6D, 0x40, 0x4D, 0x37, 0xFA, 0xF7, 0x9F, 0x9D,
1347	0xF0, 0xD3, 0x35, 0x68, 0xD3, 0x20, 0x66, 0x98,
1348	0x00, 0xEB, 0x48, 0x36, 0x47, 0x2E, 0xA8, 0xA0,
1349	0x26, 0xD1, 0x6B, 0x71, 0x82, 0x46, 0x0C, 0x52,
1350	};
1351	static unsigned char output[] = {
1352	0x98, 0x01, 0xF6, 0x9A, 0x36, 0x8C, 0x2B, 0xF6,
1353	0x75, 0xE5, 0x95, 0x21, 0xE1, 0x77, 0xD9, 0xA0,
1354	0x7F, 0x67, 0xEF, 0xE1, 0xCF, 0xDE, 0x8D, 0x3C,
1355	0x8D, 0x6F, 0x6A, 0x02, 0x56, 0xE3, 0xB1, 0x7D,
1356	0xB3, 0xC1, 0xB6, 0x2A, 0xD1, 0xB8, 0x55, 0x33,
1357	0x60, 0xD1, 0x73, 0x67, 0xEB, 0x15, 0x14, 0xD2,
1358	};
1359	unsigned char result[sizeof(output)] = { 0 };
1360
1361	params[i++] = OSSL_PARAM_construct_utf8_string(
1362	OSSL_KDF_PARAM_DIGEST, digest, 0);
1363	params[i++] = OSSL_PARAM_construct_utf8_string(
1364	OSSL_KDF_PARAM_MAC, mac, 0);
1365	params[i++] = OSSL_PARAM_construct_octet_string(
1366	OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
1367	params[i++] = OSSL_PARAM_construct_octet_string(
1368	OSSL_KDF_PARAM_SALT, label, strlen(label));
1369	params[i++] = OSSL_PARAM_construct_octet_string(
1370	OSSL_KDF_PARAM_INFO, prf_input, strlen(prf_input));
1371	params[i] = OSSL_PARAM_construct_end();
1372
1373	kctx = get_kdfbyname("KBKDF");
1374	ret = TEST_ptr(kctx)
1375	&& TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), params), 0)
1376	&& TEST_mem_eq(result, sizeof(result), output, sizeof(output));
1377
1378	EVP_KDF_CTX_free(kctx);
1379	return ret;
1380	}
1381
1382	#if !defined(OPENSSL_NO_CMAC)
1383	/*
1384	* Test vector taken from
1385	* https://csrc.nist.gov/CSRC/media/Projects/
1386	* Cryptographic-Algorithm-Validation-Program/documents/KBKDF800-108/CounterMode.zip
1387	*/
1388	static int test_kdf_kbkdf_fixedinfo(void)
1389	{
1390	int ret;
1391	EVP_KDF_CTX *kctx;
1392	OSSL_PARAM params[8], *p = params;
1393	static char *cipher = "AES128";
1394	static char *mac = "CMAC";
1395	static char *mode = "COUNTER";
1396	int use_l = 0;
1397	int use_separator = 0;
1398
1399	static unsigned char input_key[] = {
1400	0xc1, 0x0b, 0x15, 0x2e, 0x8c, 0x97, 0xb7, 0x7e,
1401	0x18, 0x70, 0x4e, 0x0f, 0x0b, 0xd3, 0x83, 0x05,
1402	};
1403	static unsigned char fixed_input[] = {
1404	0x98, 0xcd, 0x4c, 0xbb, 0xbe, 0xbe, 0x15, 0xd1,
1405	0x7d, 0xc8, 0x6e, 0x6d, 0xba, 0xd8, 0x00, 0xa2,
1406	0xdc, 0xbd, 0x64, 0xf7, 0xc7, 0xad, 0x0e, 0x78,
1407	0xe9, 0xcf, 0x94, 0xff, 0xdb, 0xa8, 0x9d, 0x03,
1408	0xe9, 0x7e, 0xad, 0xf6, 0xc4, 0xf7, 0xb8, 0x06,
1409	0xca, 0xf5, 0x2a, 0xa3, 0x8f, 0x09, 0xd0, 0xeb,
1410	0x71, 0xd7, 0x1f, 0x49, 0x7b, 0xcc, 0x69, 0x06,
1411	0xb4, 0x8d, 0x36, 0xc4,
1412
1413	};
1414	static unsigned char output[] = {
1415	0x26, 0xfa, 0xf6, 0x19, 0x08, 0xad, 0x9e, 0xe8,
1416	0x81, 0xb8, 0x30, 0x5c, 0x22, 0x1d, 0xb5, 0x3f,
1417	};
1418	unsigned char result[sizeof(output)] = { 0 };
1419
1420	*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER, cipher, 0);
1421	*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, mac, 0);
1422	*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE, mode, 0);
1423	*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, input_key,
1424	sizeof(input_key));
1425	*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
1426	fixed_input, sizeof(fixed_input));
1427	*p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_USE_L, &use_l);
1428	*p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR,
1429	&use_separator);
1430	*p = OSSL_PARAM_construct_end();
1431
1432	kctx = get_kdfbyname("KBKDF");
1433	ret = TEST_ptr(kctx)
1434	&& TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), params), 0)
1435	&& TEST_mem_eq(result, sizeof(result), output, sizeof(output));
1436
1437	EVP_KDF_CTX_free(kctx);
1438	return ret;
1439	}
1440	#endif /* OPENSSL_NO_CMAC */
1441
1442	static int test_kdf_kbkdf_kmac(void)
1443	{
1444	int ret;
1445	EVP_KDF_CTX *kctx;
1446	OSSL_PARAM params[5], *p = params;
1447	static char *mac = "KMAC256";
1448
1449	static unsigned char input_key[] = {
1450	0xDD, 0x81, 0xEF, 0xC8, 0x2C, 0xDD, 0xEC, 0x51,
1451	0xC4, 0x09, 0xBD, 0x8C, 0xCB, 0xAF, 0x94, 0xF6,
1452	0x5F, 0xFA, 0x7B, 0x92, 0xF1, 0x11, 0xF9, 0x40,
1453	0x2B, 0x0D, 0x6A, 0xE0, 0x5E, 0x44, 0x92, 0x34,
1454	0xF0, 0x3B, 0xBA, 0xF5, 0x4F, 0xEF, 0x19, 0x45,
1455	0xDA
1456	};
1457	static unsigned char context[] = {
1458	0x81, 0xA1, 0xFE, 0x39, 0x91, 0xEE, 0x3F, 0xD3,
1459	0x90, 0x4E, 0x82, 0xE6, 0x13, 0x20, 0xEC, 0x6B,
1460	0x6E, 0x14, 0x0B, 0xBA, 0x95, 0x5D, 0x0B, 0x52,
1461	0x8E, 0x27, 0x67, 0xB3, 0xE0, 0x77, 0x05, 0x15,
1462	0xBD, 0x78, 0xF6, 0xE8, 0x8A, 0x7D, 0x9B, 0x08,
1463	0x20, 0x0F, 0xE9, 0x8D, 0xD6, 0x24, 0x67, 0xE2,
1464	0xCC, 0x6D, 0x42, 0xE6, 0x60, 0x50, 0x20, 0x77,
1465	0x89, 0x89, 0xB7, 0x2D, 0xF7, 0x5F, 0xE2, 0x79,
1466	0xDB, 0x58, 0x0B, 0x7B, 0x02, 0xB9, 0xD9, 0xB0,
1467	0xFA, 0x6B, 0x0B, 0xB6, 0xD4, 0x95, 0xDB, 0x46,
1468	0x55, 0x5F, 0x12, 0xC3, 0xF0, 0xE0, 0x6E, 0xC8,
1469	0xF4, 0xF8, 0xA1, 0x64, 0x2E, 0x96, 0x74, 0x2B,
1470	0xC6, 0xBD, 0x22, 0xB1, 0x6A, 0xBC, 0x41, 0xDF,
1471	0x30, 0x32, 0xC7, 0xCE, 0x18, 0x14, 0x70, 0x2A,
1472	0xED, 0xE5, 0xC4, 0x6B, 0x8A, 0xA8, 0x36, 0xFD,
1473	0x0A, 0x76, 0x38, 0x44, 0x98, 0x0A, 0xE3, 0xC2,
1474	0x3A, 0x24, 0xCB, 0x45, 0xBF, 0xC9, 0x2C, 0x19,
1475	0xCB, 0x9D, 0x6C, 0x27, 0xDE, 0x78, 0x3E, 0x2C,
1476	0x3D, 0x39, 0x6E, 0x11, 0x59, 0xAE, 0x4F, 0x91,
1477	0x03, 0xE2, 0x7B, 0x97, 0xD6, 0x0C, 0x7D, 0x9D,
1478	0x5A, 0xA5, 0x47, 0x57, 0x41, 0xAD, 0x64, 0x5B,
1479	0xF7, 0x1D, 0x1A, 0xDA, 0x3A, 0x39, 0xDF, 0x85,
1480	0x0D, 0x0F, 0x50, 0x15, 0xA7, 0x3D, 0x68, 0x81,
1481	0x7B, 0x0D, 0xF2, 0x24, 0x24, 0x23, 0x37, 0xE5,
1482	0x77, 0xA6, 0x61, 0xBE, 0xFE, 0x4B, 0x3B, 0x8E,
1483	0x4F, 0x15, 0x4F, 0xC1, 0x30, 0xCB, 0x9E, 0xF5,
1484	0x06, 0x9F, 0xBB, 0x0E, 0xF2, 0xF4, 0x43, 0xBB,
1485	0x64, 0x45, 0xA3, 0x7D, 0x3B, 0xB4, 0x70, 0x47,
1486	0xDF, 0x4A, 0xA5, 0xD9, 0x2F, 0xE6, 0x25, 0xC8,
1487	0x1D, 0x43, 0x0A, 0xEA, 0xF9, 0xCC, 0xC7, 0x1F,
1488	0x8A, 0x2D, 0xD8, 0x95, 0x6B, 0x16, 0x30, 0x1D,
1489	0x80, 0x90, 0xA4, 0x23, 0x14, 0x59, 0xD1, 0x5A,
1490	0x00, 0x48, 0x8D, 0xF7, 0xEA, 0x29, 0x23, 0xDF,
1491	0x35, 0x26, 0x25, 0x22, 0x12, 0xC4, 0x4C, 0x09,
1492	0x69, 0xB8, 0xD6, 0x0C, 0x0E, 0x71, 0x90, 0x6C,
1493	0x42, 0x90, 0x02, 0x53, 0xC5, 0x5A, 0xEF, 0x42,
1494	0x66, 0x1D, 0xAF, 0x45, 0xD5, 0x31, 0xD7, 0x61,
1495	0x3A, 0xE6, 0x06, 0xFB, 0x83, 0x72, 0xAD, 0x82,
1496	0xE3, 0x6A, 0x7E, 0x03, 0x9B, 0x37, 0x77, 0xAF,
1497	0x8D, 0x63, 0x28, 0xC2, 0x8A, 0x5E, 0xC6, 0x3B,
1498	0x22, 0xA8, 0x94, 0xC0, 0x46, 0x2F, 0x73, 0xE7,
1499	0xBB, 0x72, 0x44, 0x85, 0x20, 0x1D, 0xD0, 0x6A,
1500	0x52, 0x8C, 0xB1, 0x8B, 0x96, 0x11, 0xEB, 0xFB,
1501	0xDD, 0xF5, 0x74, 0x49, 0x19, 0x93, 0xD3, 0x7F,
1502	0x6C, 0x27, 0x19, 0x54, 0xDD, 0x00, 0x0F, 0x95,
1503	0xF6, 0x14, 0x15, 0x87, 0x32, 0x54, 0xA5, 0x02,
1504	0xAD, 0x41, 0x55, 0x5E, 0xDD, 0x32, 0x62, 0x3B,
1505	0xFC, 0x71, 0xC1, 0x56, 0xC4, 0x6A, 0xFC, 0xD0,
1506	0xF9, 0x77, 0xDA, 0xC5, 0x20, 0x7D, 0xAC, 0xA8,
1507	0xEB, 0x8F, 0xBE, 0xF9, 0x4D, 0xE8, 0x6D, 0x9E,
1508	0x4C, 0x39, 0xB3, 0x15, 0x63, 0xCD, 0xF6, 0x46,
1509	0xEC, 0x3A, 0xD2, 0x89, 0xA9, 0xFA, 0x24, 0xB4,
1510	0x0E, 0x62, 0x6F, 0x9F, 0xF3, 0xF1, 0x3C, 0x61,
1511	0x57, 0xB9, 0x2C, 0xD4, 0x78, 0x4F, 0x76, 0xCF,
1512	0xFB, 0x6A, 0x51, 0xE8, 0x1E, 0x0A, 0x33, 0x69,
1513	0x16, 0xCD, 0xB7, 0x5C, 0xDF, 0x03, 0x62, 0x17,
1514	0x63, 0x37, 0x49, 0xC3, 0xB7, 0x68, 0x09, 0x9E,
1515	0x22, 0xD2, 0x20, 0x96, 0x37, 0x0D, 0x13, 0xA4,
1516	0x96, 0xB1, 0x8D, 0x0B, 0x12, 0x87, 0xEB, 0x57,
1517	0x25, 0x27, 0x08, 0xFC, 0x90, 0x5E, 0x33, 0x77,
1518	0x50, 0x63, 0xE1, 0x8C, 0xF4, 0x0C, 0x80, 0x89,
1519	0x76, 0x63, 0x70, 0x0A, 0x61, 0x59, 0x90, 0x1F,
1520	0xC9, 0x47, 0xBA, 0x12, 0x7B, 0xB2, 0x7A, 0x44,
1521	0xC3, 0x3D, 0xD0, 0x38, 0xF1, 0x7F, 0x02, 0x92
1522	};
1523	static unsigned char label[] = {
1524	0xA5, 0xDE, 0x2A, 0x0A, 0xF0, 0xDA, 0x59, 0x04,
1525	0xCC, 0xFF, 0x50, 0xD3, 0xA5, 0xD2, 0xDE, 0xA3,
1526	0x33, 0xC0, 0x27, 0xED, 0xDC, 0x6A, 0x54, 0x54,
1527	0x95, 0x78, 0x74, 0x0D, 0xE7, 0xB7, 0x92, 0xD6,
1528	0x64, 0xD5, 0xFB, 0x1F, 0x0F, 0x87, 0xFD, 0x65,
1529	0x79, 0x8B, 0x81, 0x83, 0x95, 0x40, 0x7A, 0x19,
1530	0x8D, 0xCA, 0xE0, 0x4A, 0x93, 0xA8
1531	};
1532	static unsigned char output[] = {
1533	0xB5, 0x61, 0xE3, 0x7D, 0x06, 0xD5, 0x34, 0x80,
1534	0x74, 0x61, 0x16, 0x08, 0x6F, 0x89, 0x6F, 0xB1,
1535	0x43, 0xAF, 0x61, 0x28, 0x93, 0xD8, 0xDF, 0xF6,
1536	0xB6, 0x23, 0x43, 0x68, 0xE4, 0x84, 0xF3, 0xED,
1537	0x50, 0xB6, 0x81, 0x6D, 0x50, 0xF4, 0xAF, 0xF2,
1538	0xA5, 0x50, 0x7E, 0x25, 0xBF, 0x05, 0xBE, 0xE7,
1539	0x07, 0xB0, 0x95, 0xC3, 0x04, 0x38, 0xB4, 0xF9,
1540	0xC1, 0x1E, 0x96, 0x08, 0xF4, 0xC9, 0x05, 0x54,
1541	0x4A, 0xB6, 0x81, 0x92, 0x5B, 0x34, 0x8A, 0x45,
1542	0xDD, 0x7D, 0x98, 0x51, 0x1F, 0xD9, 0x90, 0x23,
1543	0x59, 0x97, 0xA2, 0x4E, 0x43, 0x49, 0xEB, 0x4E,
1544	0x86, 0xEC, 0x20, 0x3C, 0x31, 0xFF, 0x49, 0x55,
1545	0x49, 0xF5, 0xF5, 0x16, 0x79, 0xD9, 0x1C, 0x8E,
1546	0x6E, 0xB3, 0x1C, 0xAF, 0xC8, 0xAB, 0x3A, 0x5A,
1547	0xCE, 0xB1, 0xBD, 0x59, 0x69, 0xEE, 0xC0, 0x28,
1548	0x3E, 0x94, 0xD2, 0xCC, 0x91, 0x93, 0x73, 0x6A,
1549	0xD6, 0xB6, 0xC1, 0x42, 0x97, 0xB1, 0x13, 0xCF,
1550	0xF9, 0x55, 0x35, 0x50, 0xFC, 0x86, 0x75, 0x98,
1551	0x9F, 0xFC, 0x96, 0xB1, 0x43, 0x41, 0x8F, 0xFC,
1552	0x31, 0x09, 0x3B, 0x35, 0x22, 0x7B, 0x01, 0x96,
1553	0xA7, 0xF0, 0x78, 0x7B, 0x57, 0x00, 0xF2, 0xE5,
1554	0x92, 0x36, 0xCE, 0x64, 0xFD, 0x65, 0x09, 0xD8,
1555	0xBC, 0x5C, 0x82, 0x5C, 0x4C, 0x62, 0x5B, 0xCE,
1556	0x09, 0xB6, 0xCF, 0x4D, 0xAD, 0x8E, 0xDD, 0x96,
1557	0xB0, 0xCA, 0x52, 0xC1, 0xF4, 0x17, 0x0E, 0x2D,
1558	0x4E, 0xC3, 0xF9, 0x89, 0x1A, 0x24, 0x3D, 0x01,
1559	0xC8, 0x05, 0xBF, 0x7D, 0x2A, 0x46, 0xCD, 0x9A,
1560	0x66, 0xEE, 0x05, 0x78, 0x88, 0x2A, 0xEF, 0x37,
1561	0x9E, 0x72, 0x55, 0xDA, 0x82, 0x7A, 0x9B, 0xE8,
1562	0xF7, 0xA6, 0x74, 0xB8, 0x74, 0x39, 0x03, 0xE8,
1563	0xB9, 0x1F, 0x97, 0x78, 0xB9, 0xD9, 0x37, 0x16,
1564	0xFD, 0x2F, 0x31, 0xDE, 0xCC, 0x06, 0xD6, 0x5A,
1565	0xEB, 0xD1, 0xBB, 0x84, 0x30, 0x16, 0x81, 0xB0,
1566	0x7E, 0x04, 0x8C, 0x06, 0x67, 0xD1, 0x8A, 0x07,
1567	0x33, 0x76, 0x42, 0x8E, 0x87, 0xAB, 0x90, 0x6F,
1568	0x08, 0xED, 0x8D, 0xE8, 0xD0, 0x20, 0x00, 0x7E,
1569	0x3C, 0x4D, 0xA4, 0x40, 0x37, 0x13, 0x0F, 0x00,
1570	0x0C, 0xB7, 0x26, 0x03, 0x93, 0xD0, 0xBB, 0x08,
1571	0xD3, 0xCC, 0xA9, 0x28, 0xC2
1572	};
1573	unsigned char result[sizeof(output)] = { 0 };
1574
1575	*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, mac, 0);
1576	*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
1577	input_key, sizeof(input_key));
1578	*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
1579	context, sizeof(context));
1580	*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
1581	label, sizeof(label));
1582	*p = OSSL_PARAM_construct_end();
1583
1584	kctx = get_kdfbyname("KBKDF");
1585	ret = TEST_ptr(kctx)
1586	&& TEST_size_t_eq(EVP_KDF_CTX_get_kdf_size(kctx), SIZE_MAX)
1587	&& TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result), params), 0)
1588	&& TEST_mem_eq(result, sizeof(result), output, sizeof(output));
1589
1590	EVP_KDF_CTX_free(kctx);
1591	return ret;
1592	}
1593
1594	static int test_kdf_ss_hmac(void)
1595	{
1596	int ret;
1597	EVP_KDF_CTX *kctx;
1598	OSSL_PARAM params[6], *p = params;
1599	unsigned char out[16];
1600	static unsigned char z[] = {
1601	0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
1602	};
1603	static unsigned char other[] = {
1604	0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
1605	};
1606	static unsigned char salt[] = {
1607	0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
1608	0x3f,0x89
1609	};
1610	static const unsigned char expected[sizeof(out)] = {
1611	0x44,0xf6,0x76,0xe8,0x5c,0x1b,0x1a,0x8b,0xbc,0x3d,0x31,0x92,0x18,0x63,
1612	0x1c,0xa3
1613	};
1614
1615	*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
1616	(char *)OSSL_MAC_NAME_HMAC, 0);
1617	*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
1618	(char *)"sha256", 0);
1619	*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
1620	*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
1621	sizeof(other));
1622	*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt,
1623	sizeof(salt));
1624	*p = OSSL_PARAM_construct_end();
1625
1626	ret =
1627	TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
1628	&& TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
1629	&& TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1630
1631	EVP_KDF_CTX_free(kctx);
1632	return ret;
1633	}
1634
1635	static int test_kdf_ss_kmac(void)
1636	{
1637	int ret;
1638	EVP_KDF_CTX *kctx;
1639	OSSL_PARAM params[7], *p = params;
1640	unsigned char out[64];
1641	size_t mac_size = 20;
1642	static unsigned char z[] = {
1643	0xb7,0x4a,0x14,0x9a,0x16,0x15,0x46,0xf8,0xc2,0x0b,0x06,0xac,0x4e,0xd4
1644	};
1645	static unsigned char other[] = {
1646	0x34,0x8a,0x37,0xa2,0x7e,0xf1,0x28,0x2f,0x5f,0x02,0x0d,0xcc
1647	};
1648	static unsigned char salt[] = {
1649	0x36,0x38,0x27,0x1c,0xcd,0x68,0xa2,0x5d,0xc2,0x4e,0xcd,0xdd,0x39,0xef,
1650	0x3f,0x89
1651	};
1652	static const unsigned char expected[sizeof(out)] = {
1653	0xe9,0xc1,0x84,0x53,0xa0,0x62,0xb5,0x3b,0xdb,0xfc,0xbb,0x5a,0x34,0xbd,
1654	0xb8,0xe5,0xe7,0x07,0xee,0xbb,0x5d,0xd1,0x34,0x42,0x43,0xd8,0xcf,0xc2,
1655	0xc2,0xe6,0x33,0x2f,0x91,0xbd,0xa5,0x86,0xf3,0x7d,0xe4,0x8a,0x65,0xd4,
1656	0xc5,0x14,0xfd,0xef,0xaa,0x1e,0x67,0x54,0xf3,0x73,0xd2,0x38,0xe1,0x95,
1657	0xae,0x15,0x7e,0x1d,0xe8,0x14,0x98,0x03
1658	};
1659
1660	*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
1661	(char *)OSSL_MAC_NAME_KMAC128, 0);
1662	/* The digest parameter is not needed here and should be ignored */
1663	*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
1664	(char *)"SHA256", 0);
1665	*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z));
1666	*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other,
1667	sizeof(other));
1668	*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, salt,
1669	sizeof(salt));
1670	*p++ = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_MAC_SIZE, &mac_size);
1671	*p = OSSL_PARAM_construct_end();
1672
1673	ret =
1674	TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF))
1675	&& TEST_size_t_eq(EVP_KDF_CTX_get_kdf_size(kctx), 0)
1676	&& TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 1)
1677	/* The bug fix for KMAC returning SIZE_MAX was added in 3.0.8 */
1678	&& (fips_provider_version_lt(NULL, 3, 0, 8)
1679	\|\| TEST_size_t_eq(EVP_KDF_CTX_get_kdf_size(kctx), SIZE_MAX))
1680	&& TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)
1681	&& TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1682
1683	EVP_KDF_CTX_free(kctx);
1684	return ret;
1685	}
1686
1687	static int test_kdf_sshkdf(void)
1688	{
1689	int ret;
1690	EVP_KDF_CTX *kctx;
1691	OSSL_PARAM params[6], *p = params;
1692	char kdftype = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV;
1693	unsigned char out[8];
1694	/* Test data from NIST CAVS 14.1 test vectors */
1695	static unsigned char key[] = {
1696	0x00, 0x00, 0x00, 0x81, 0x00, 0x87, 0x5c, 0x55, 0x1c, 0xef, 0x52, 0x6a,
1697	0x4a, 0x8b, 0xe1, 0xa7, 0xdf, 0x27, 0xe9, 0xed, 0x35, 0x4b, 0xac, 0x9a,
1698	0xfb, 0x71, 0xf5, 0x3d, 0xba, 0xe9, 0x05, 0x67, 0x9d, 0x14, 0xf9, 0xfa,
1699	0xf2, 0x46, 0x9c, 0x53, 0x45, 0x7c, 0xf8, 0x0a, 0x36, 0x6b, 0xe2, 0x78,
1700	0x96, 0x5b, 0xa6, 0x25, 0x52, 0x76, 0xca, 0x2d, 0x9f, 0x4a, 0x97, 0xd2,
1701	0x71, 0xf7, 0x1e, 0x50, 0xd8, 0xa9, 0xec, 0x46, 0x25, 0x3a, 0x6a, 0x90,
1702	0x6a, 0xc2, 0xc5, 0xe4, 0xf4, 0x8b, 0x27, 0xa6, 0x3c, 0xe0, 0x8d, 0x80,
1703	0x39, 0x0a, 0x49, 0x2a, 0xa4, 0x3b, 0xad, 0x9d, 0x88, 0x2c, 0xca, 0xc2,
1704	0x3d, 0xac, 0x88, 0xbc, 0xad, 0xa4, 0xb4, 0xd4, 0x26, 0xa3, 0x62, 0x08,
1705	0x3d, 0xab, 0x65, 0x69, 0xc5, 0x4c, 0x22, 0x4d, 0xd2, 0xd8, 0x76, 0x43,
1706	0xaa, 0x22, 0x76, 0x93, 0xe1, 0x41, 0xad, 0x16, 0x30, 0xce, 0x13, 0x14,
1707	0x4e
1708	};
1709	static unsigned char xcghash[] = {
1710	0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
1711	0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
1712	0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
1713	};
1714	static unsigned char sessid[] = {
1715	0x0e, 0x68, 0x3f, 0xc8, 0xa9, 0xed, 0x7c, 0x2f, 0xf0, 0x2d, 0xef, 0x23,
1716	0xb2, 0x74, 0x5e, 0xbc, 0x99, 0xb2, 0x67, 0xda, 0xa8, 0x6a, 0x4a, 0xa7,
1717	0x69, 0x72, 0x39, 0x08, 0x82, 0x53, 0xf6, 0x42
1718	};
1719	static const unsigned char expected[sizeof(out)] = {
1720	0x41, 0xff, 0x2e, 0xad, 0x16, 0x83, 0xf1, 0xe6
1721	};
1722
1723	*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
1724	(char *)"sha256", 0);
1725	*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key,
1726	sizeof(key));
1727	*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_XCGHASH,
1728	xcghash, sizeof(xcghash));
1729	*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SSHKDF_SESSION_ID,
1730	sessid, sizeof(sessid));
1731	*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE,
1732	&kdftype, sizeof(kdftype));
1733	*p = OSSL_PARAM_construct_end();
1734
1735	ret =
1736	TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSHKDF))
1737	&& TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
1738	&& TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1739
1740	EVP_KDF_CTX_free(kctx);
1741	return ret;
1742	}
1743
1744	static int test_kdfs_same(EVP_KDF kdf1, EVP_KDF kdf2)
1745	{
1746	/* Fast path in case the two are the same algorithm pointer */
1747	if (kdf1 == kdf2)
1748	return 1;
1749	/*
1750	* Compare their names and providers instead.
1751	* This is necessary in a non-caching build (or a cache flush during fetch)
1752	* because without the algorithm in the cache, fetching it a second time
1753	* will result in a different pointer.
1754	*/
1755	return TEST_ptr_eq(EVP_KDF_get0_provider(kdf1), EVP_KDF_get0_provider(kdf2))
1756	&& TEST_str_eq(EVP_KDF_get0_name(kdf1), EVP_KDF_get0_name(kdf2));
1757	}
1758
1759	static int test_kdf_get_kdf(void)
1760	{
1761	EVP_KDF kdf1 = NULL, kdf2 = NULL;
1762	ASN1_OBJECT *obj;
1763	int ok = 1;
1764
1765	if (!TEST_ptr(obj = OBJ_nid2obj(NID_id_pbkdf2))
1766	\|\| !TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_PBKDF2, NULL))
1767	\|\| !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(OBJ_obj2nid(obj)),
1768	NULL))
1769	\|\| !test_kdfs_same(kdf1, kdf2))
1770	ok = 0;
1771	EVP_KDF_free(kdf1);
1772	kdf1 = NULL;
1773	EVP_KDF_free(kdf2);
1774	kdf2 = NULL;
1775
1776	if (!TEST_ptr(kdf1 = EVP_KDF_fetch(NULL, SN_tls1_prf, NULL))
1777	\|\| !TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, LN_tls1_prf, NULL))
1778	\|\| !test_kdfs_same(kdf1, kdf2))
1779	ok = 0;
1780	/* kdf1 is reused below, so don't free it here */
1781	EVP_KDF_free(kdf2);
1782	kdf2 = NULL;
1783
1784	if (!TEST_ptr(kdf2 = EVP_KDF_fetch(NULL, OBJ_nid2sn(NID_tls1_prf), NULL))
1785	\|\| !test_kdfs_same(kdf1, kdf2))
1786	ok = 0;
1787	EVP_KDF_free(kdf1);
1788	kdf1 = NULL;
1789	EVP_KDF_free(kdf2);
1790	kdf2 = NULL;
1791
1792	return ok;
1793	}
1794
1795	#if !defined(OPENSSL_NO_CMS) && !defined(OPENSSL_NO_DES)
1796	static int test_kdf_x942_asn1(void)
1797	{
1798	int ret;
1799	EVP_KDF_CTX *kctx = NULL;
1800	OSSL_PARAM params[4], *p = params;
1801	const char *cek_alg = SN_id_smime_alg_CMS3DESwrap;
1802	unsigned char out[24];
1803	/* RFC2631 Section 2.1.6 Test data */
1804	static unsigned char z[] = {
1805	0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,
1806	0x0e,0x0f,0x10,0x11,0x12,0x13
1807	};
1808	static const unsigned char expected[sizeof(out)] = {
1809	0xa0,0x96,0x61,0x39,0x23,0x76,0xf7,0x04,
1810	0x4d,0x90,0x52,0xa3,0x97,0x88,0x32,0x46,
1811	0xb6,0x7f,0x5f,0x1e,0xf6,0x3e,0xb5,0xfb
1812	};
1813
1814	*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
1815	(char *)"sha1", 0);
1816	*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z,
1817	sizeof(z));
1818	*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG,
1819	(char *)cek_alg, 0);
1820	*p = OSSL_PARAM_construct_end();
1821
1822	ret =
1823	TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X942KDF_ASN1))
1824	&& TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
1825	&& TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1826
1827	EVP_KDF_CTX_free(kctx);
1828	return ret;
1829	}
1830	#endif /* OPENSSL_NO_CMS */
1831
1832	static int test_kdf_krb5kdf(void)
1833	{
1834	int ret;
1835	EVP_KDF_CTX *kctx;
1836	OSSL_PARAM params[4], *p = params;
1837	unsigned char out[16];
1838	static unsigned char key[] = {
1839	0x42, 0x26, 0x3C, 0x6E, 0x89, 0xF4, 0xFC, 0x28,
1840	0xB8, 0xDF, 0x68, 0xEE, 0x09, 0x79, 0x9F, 0x15
1841	};
1842	static unsigned char constant[] = {
1843	0x00, 0x00, 0x00, 0x02, 0x99
1844	};
1845	static const unsigned char expected[sizeof(out)] = {
1846	0x34, 0x28, 0x0A, 0x38, 0x2B, 0xC9, 0x27, 0x69,
1847	0xB2, 0xDA, 0x2F, 0x9E, 0xF0, 0x66, 0x85, 0x4B
1848	};
1849
1850	*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER,
1851	(char *)"AES-128-CBC", 0);
1852	*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key,
1853	sizeof(key));
1854	*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_CONSTANT,
1855	constant, sizeof(constant));
1856	*p = OSSL_PARAM_construct_end();
1857
1858	ret =
1859	TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_KRB5KDF))
1860	&& TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0)
1861	&& TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
1862
1863	EVP_KDF_CTX_free(kctx);
1864	return ret;
1865	}
1866
1867	static int test_kdf_hmac_drbg_settables(void)
1868	{
1869	int ret = 0, i = 0, j = 0;
1870	EVP_KDF_CTX *kctx = NULL;
1871	const OSSL_PARAM *settableparams;
1872	OSSL_PARAM params[5];
1873	static const unsigned char ent[32] = { 0 };
1874	unsigned char out[32];
1875	char digestname[32];
1876	char macname[32];
1877	EVP_MD *shake256 = NULL;
1878
1879	/* Test there are settables */
1880	if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HMACDRBGKDF))
1881	\|\| !TEST_ptr(settableparams = EVP_KDF_CTX_settable_params(kctx)))
1882	goto err;
1883
1884	/* Fail if no params have been set when doing a derive */
1885	if (!TEST_int_le(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0))
1886	goto err;
1887
1888	/* Fail if we pass the wrong type for params */
1889	params[1] = OSSL_PARAM_construct_end();
1890	for (i = 0; settableparams[i].key != NULL; ++i) {
1891	/* Skip "properties" key since it returns 1 unless the digest is also set */
1892	if (OPENSSL_strcasecmp(settableparams[i].key,
1893	OSSL_KDF_PARAM_PROPERTIES) != 0) {
1894	TEST_note("Testing set int into %s fails", settableparams[i].key);
1895	params[0] = OSSL_PARAM_construct_int(settableparams[i].key, &j);
1896	if (!TEST_int_le(EVP_KDF_CTX_set_params(kctx, params), 0))
1897	goto err;
1898	}
1899	}
1900	/* Test that we can set values multiple times */
1901	params[0] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_HMACDRBG_ENTROPY,
1902	(char *)ent, sizeof(ent));
1903	params[1] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_HMACDRBG_NONCE,
1904	(char *)ent, sizeof(ent));
1905	params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_DIGEST, "SHA256",
1906	0);
1907	params[3] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_PROPERTIES, "",
1908	0);
1909	params[4] = OSSL_PARAM_construct_end();
1910	if (!TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 1))
1911	goto err;
1912	if (!TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 1))
1913	goto err;
1914	/* Test we can retrieve values back */
1915	params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_DIGEST,
1916	digestname, sizeof(digestname));
1917	params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_MAC,
1918	macname, sizeof(macname));
1919	params[2] = OSSL_PARAM_construct_end();
1920	if (!TEST_int_eq(EVP_KDF_CTX_get_params(kctx, params), 1)
1921	\|\| !TEST_mem_eq(digestname, params[0].return_size, "SHA2-256", 8)
1922	\|\| !TEST_mem_eq(macname, params[1].return_size, "HMAC", 4))
1923	goto err;
1924
1925	/* Test the derive */
1926	if (!TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 1))
1927	goto err;
1928
1929	/* test that XOF digests are not allowed */
1930	params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_DIGEST,
1931	"shake256", 0);
1932	params[1] = OSSL_PARAM_construct_end();
1933	if (!TEST_int_le(EVP_KDF_CTX_set_params(kctx, params), 0))
1934	goto err;
1935
1936	ret = 1;
1937	err:
1938	EVP_MD_free(shake256);
1939	EVP_KDF_CTX_free(kctx);
1940	return ret;
1941	}
1942
1943	static int test_kdf_hmac_drbg_gettables(void)
1944	{
1945	int ret = 0, i, j = 0;
1946	EVP_KDF_CTX *kctx = NULL;
1947	const OSSL_PARAM *gettableparams;
1948	OSSL_PARAM params[3];
1949	char buf[64];
1950
1951	/* Test there are gettables */
1952	if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_HMACDRBGKDF))
1953	\|\| !TEST_ptr(gettableparams = EVP_KDF_CTX_gettable_params(kctx)))
1954	goto err;
1955	/* Fail if we pass the wrong type for params */
1956	params[1] = OSSL_PARAM_construct_end();
1957	for (i = 0; gettableparams[i].key != NULL; ++i) {
1958	params[0] = OSSL_PARAM_construct_int(gettableparams[i].key, &j);
1959	if (!TEST_int_le(EVP_KDF_CTX_get_params(kctx, params), 0))
1960	goto err;
1961	}
1962	/* fail to get params if they are not set yet */
1963	for (i = 0; gettableparams[i].key != NULL; ++i) {
1964	params[0] = OSSL_PARAM_construct_utf8_string(gettableparams[i].key,
1965	buf, sizeof(buf));
1966	if (!TEST_int_le(EVP_KDF_CTX_get_params(kctx, params), 0))
1967	goto err;
1968	}
1969	ret = 1;
1970	err:
1971	EVP_KDF_CTX_free(kctx);
1972	return ret;
1973	}
1974
1975	/* Test that changing the KBKDF algorithm from KMAC to HMAC works correctly */
1976	static int test_kbkdf_mac_change(void)
1977	{
1978	int ret = 0;
1979	EVP_KDF_CTX *kctx = NULL;
1980	OSSL_PARAM params[9], *p = params;
1981	/* Test data taken from the evptest corpus */
1982	int l = 0, sep = 0, r = 8;
1983	static /* const */ unsigned char key[] = {
1984	0x3e, 0xdc, 0x6b, 0x5b, 0x8f, 0x7a, 0xad, 0xbd,
1985	0x71, 0x37, 0x32, 0xb4, 0x82, 0xb8, 0xf9, 0x79,
1986	0x28, 0x6e, 0x1e, 0xa3, 0xb8, 0xf8, 0xf9, 0x9c,
1987	0x30, 0xc8, 0x84, 0xcf, 0xe3, 0x34, 0x9b, 0x83
1988	};
1989	static /* const */ unsigned char info[] = {
1990	0x98, 0xe9, 0x98, 0x8b, 0xb4, 0xcc, 0x8b, 0x34,
1991	0xd7, 0x92, 0x2e, 0x1c, 0x68, 0xad, 0x69, 0x2b,
1992	0xa2, 0xa1, 0xd9, 0xae, 0x15, 0x14, 0x95, 0x71,
1993	0x67, 0x5f, 0x17, 0xa7, 0x7a, 0xd4, 0x9e, 0x80,
1994	0xc8, 0xd2, 0xa8, 0x5e, 0x83, 0x1a, 0x26, 0x44,
1995	0x5b, 0x1f, 0x0f, 0xf4, 0x4d, 0x70, 0x84, 0xa1,
1996	0x72, 0x06, 0xb4, 0x89, 0x6c, 0x81, 0x12, 0xda,
1997	0xad, 0x18, 0x60, 0x5a
1998	};
1999	static const unsigned char output[] = {
2000	0x6c, 0x03, 0x76, 0x52, 0x99, 0x06, 0x74, 0xa0,
2001	0x78, 0x44, 0x73, 0x2d, 0x0a, 0xd9, 0x85, 0xf9
2002	};
2003	unsigned char out[sizeof(output)];
2004
2005	params[0] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
2006	OSSL_MAC_NAME_KMAC128, 0);
2007	params[1] = OSSL_PARAM_construct_end();
2008	if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_KBKDF))
2009	\|\| !TEST_true(EVP_KDF_CTX_set_params(kctx, params)))
2010	goto err;
2011
2012	*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE, "COUNTER", 0);
2013	*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, "HMAC", 0);
2014	*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, "SHA256", 0);
2015	*p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_USE_L, &l);
2016	*p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR, &sep);
2017	*p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_R, &r);
2018	*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
2019	key, sizeof(key));
2020	*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
2021	info, sizeof(info));
2022	*p = OSSL_PARAM_construct_end();
2023	if (!TEST_true(EVP_KDF_derive(kctx, out, sizeof(out), params))
2024	\|\| !TEST_mem_eq(out, sizeof(out), output, sizeof(output)))
2025	goto err;
2026
2027	ret = 1;
2028	err:
2029	EVP_KDF_CTX_free(kctx);
2030	return ret;
2031	}
2032
2033	int setup_tests(void)
2034	{
2035	ADD_TEST(test_kdf_pbkdf1);
2036	ADD_TEST(test_kdf_pbkdf1_key_too_long);
2037	#if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_CAMELLIA)
2038	ADD_TEST(test_kdf_kbkdf_6803_128);
2039	ADD_TEST(test_kdf_kbkdf_6803_256);
2040	#endif
2041	ADD_TEST(test_kdf_kbkdf_invalid_digest);
2042	ADD_TEST(test_kdf_kbkdf_invalid_mac);
2043	ADD_TEST(test_kdf_kbkdf_invalid_r);
2044	ADD_TEST(test_kdf_kbkdf_zero_output_size);
2045	ADD_TEST(test_kdf_kbkdf_empty_key);
2046	ADD_TEST(test_kdf_kbkdf_1byte_key);
2047	ADD_TEST(test_kdf_kbkdf_8009_prf1);
2048	ADD_TEST(test_kdf_kbkdf_8009_prf2);
2049	#if !defined(OPENSSL_NO_CMAC)
2050	ADD_TEST(test_kdf_kbkdf_fixedinfo);
2051	#endif
2052	if (fips_provider_version_ge(NULL, 3, 1, 0))
2053	ADD_TEST(test_kdf_kbkdf_kmac);
2054	ADD_TEST(test_kdf_get_kdf);
2055	ADD_TEST(test_kdf_tls1_prf);
2056	ADD_TEST(test_kdf_tls1_prf_invalid_digest);
2057	ADD_TEST(test_kdf_tls1_prf_zero_output_size);
2058	ADD_TEST(test_kdf_tls1_prf_empty_secret);
2059	ADD_TEST(test_kdf_tls1_prf_1byte_secret);
2060	ADD_TEST(test_kdf_tls1_prf_empty_seed);
2061	ADD_TEST(test_kdf_tls1_prf_1byte_seed);
2062	ADD_TEST(test_kdf_hkdf);
2063	ADD_TEST(test_kdf_hkdf_invalid_digest);
2064	ADD_TEST(test_kdf_hkdf_zero_output_size);
2065	ADD_TEST(test_kdf_hkdf_empty_key);
2066	ADD_TEST(test_kdf_hkdf_1byte_key);
2067	ADD_TEST(test_kdf_hkdf_empty_salt);
2068	ADD_TEST(test_kdf_hkdf_gettables);
2069	ADD_TEST(test_kdf_hkdf_gettables_expandonly);
2070	ADD_TEST(test_kdf_hkdf_gettables_no_digest);
2071	ADD_TEST(test_kdf_hkdf_derive_set_params_fail);
2072	ADD_TEST(test_kdf_hkdf_set_invalid_mode);
2073	ADD_TEST(test_kdf_hkdf_set_ctx_param_fail);
2074	ADD_TEST(test_kdf_pbkdf2);
2075	ADD_TEST(test_kdf_pbkdf2_small_output);
2076	ADD_TEST(test_kdf_pbkdf2_large_output);
2077	ADD_TEST(test_kdf_pbkdf2_small_salt);
2078	ADD_TEST(test_kdf_pbkdf2_small_iterations);
2079	ADD_TEST(test_kdf_pbkdf2_small_salt_pkcs5);
2080	ADD_TEST(test_kdf_pbkdf2_small_iterations_pkcs5);
2081	ADD_TEST(test_kdf_pbkdf2_invalid_digest);
2082	#ifndef OPENSSL_NO_SCRYPT
2083	ADD_TEST(test_kdf_scrypt);
2084	#endif
2085	ADD_TEST(test_kdf_ss_hash);
2086	ADD_TEST(test_kdf_ss_hmac);
2087	ADD_TEST(test_kdf_ss_kmac);
2088	ADD_TEST(test_kdf_sshkdf);
2089	ADD_TEST(test_kdf_x963);
2090	#if !defined(OPENSSL_NO_CMS) && !defined(OPENSSL_NO_DES)
2091	ADD_TEST(test_kdf_x942_asn1);
2092	#endif
2093	ADD_TEST(test_kdf_krb5kdf);
2094	ADD_TEST(test_kdf_hmac_drbg_settables);
2095	ADD_TEST(test_kdf_hmac_drbg_gettables);
2096	ADD_TEST(test_kbkdf_mac_change);
2097	return 1;
2098	}

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/libs/openssl-3.4.1/test/evp_kdf_test.c

Download in other formats: