1 /* 2 * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* Tests of the EVP_PKEY_CTX_set_* macro family */ 11 12 #include <stdio.h> 13 #include <string.h> 14 15 #include <openssl/evp.h> 16 #include <openssl/kdf.h> 17 #include "testutil.h" 18 19 static int test_kdf_tls1_prf(int index) 20 { 21 int ret = 0; 22 EVP_PKEY_CTX *pctx; 23 unsigned char out[16]; 24 size_t outlen = sizeof(out); 25 26 if ((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL)) == NULL) { 27 TEST_error("EVP_PKEY_TLS1_PRF"); 28 goto err; 29 } 30 if (EVP_PKEY_derive_init(pctx) <= 0) { 31 TEST_error("EVP_PKEY_derive_init"); 32 goto err; 33 } 34 if (EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_sha256()) <= 0) { 35 TEST_error("EVP_PKEY_CTX_set_tls1_prf_md"); 36 goto err; 37 } 38 if (EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, 39 (unsigned char *)"secret", 6) <= 0) { 40 TEST_error("EVP_PKEY_CTX_set1_tls1_prf_secret"); 41 goto err; 42 } 43 if (index == 0) { 44 if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, 45 (unsigned char *)"seed", 4) <= 0) { 46 TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed"); 47 goto err; 48 } 49 } else { 50 if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, 51 (unsigned char *)"se", 2) <= 0) { 52 TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed"); 53 goto err; 54 } 55 if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, 56 (unsigned char *)"ed", 2) <= 0) { 57 TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed"); 58 goto err; 59 } 60 } 61 if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) { 62 TEST_error("EVP_PKEY_derive"); 63 goto err; 64 } 65 66 { 67 const unsigned char expected[sizeof(out)] = { 68 0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0, 69 0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc 70 }; 71 if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) { 72 goto err; 73 } 74 } 75 ret = 1; 76 err: 77 EVP_PKEY_CTX_free(pctx); 78 return ret; 79 } 80 81 static int test_kdf_hkdf(int index) 82 { 83 int ret = 0; 84 EVP_PKEY_CTX *pctx; 85 unsigned char out[10]; 86 size_t outlen = sizeof(out); 87 88 if ((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)) == NULL) { 89 TEST_error("EVP_PKEY_HKDF"); 90 goto err; 91 } 92 if (EVP_PKEY_derive_init(pctx) <= 0) { 93 TEST_error("EVP_PKEY_derive_init"); 94 goto err; 95 } 96 if (EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()) <= 0) { 97 TEST_error("EVP_PKEY_CTX_set_hkdf_md"); 98 goto err; 99 } 100 if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, (const unsigned char *)"salt", 4) 101 <= 0) { 102 TEST_error("EVP_PKEY_CTX_set1_hkdf_salt"); 103 goto err; 104 } 105 if (EVP_PKEY_CTX_set1_hkdf_key(pctx, (const unsigned char *)"secret", 6) 106 <= 0) { 107 TEST_error("EVP_PKEY_CTX_set1_hkdf_key"); 108 goto err; 109 } 110 if (index == 0) { 111 if (EVP_PKEY_CTX_add1_hkdf_info(pctx, (const unsigned char *)"label", 5) 112 <= 0) { 113 TEST_error("EVP_PKEY_CTX_add1_hkdf_info"); 114 goto err; 115 } 116 } else { 117 if (EVP_PKEY_CTX_add1_hkdf_info(pctx, (const unsigned char *)"lab", 3) 118 <= 0) { 119 TEST_error("EVP_PKEY_CTX_add1_hkdf_info"); 120 goto err; 121 } 122 if (EVP_PKEY_CTX_add1_hkdf_info(pctx, (const unsigned char *)"el", 2) 123 <= 0) { 124 TEST_error("EVP_PKEY_CTX_add1_hkdf_info"); 125 goto err; 126 } 127 } 128 if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) { 129 TEST_error("EVP_PKEY_derive"); 130 goto err; 131 } 132 133 { 134 const unsigned char expected[sizeof(out)] = { 135 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13 136 }; 137 if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) { 138 goto err; 139 } 140 } 141 ret = 1; 142 err: 143 EVP_PKEY_CTX_free(pctx); 144 return ret; 145 } 146 147 #ifndef OPENSSL_NO_SCRYPT 148 static int test_kdf_scrypt(void) 149 { 150 int ret = 0; 151 EVP_PKEY_CTX *pctx; 152 unsigned char out[64]; 153 size_t outlen = sizeof(out); 154 155 if ((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, NULL)) == NULL) { 156 TEST_error("EVP_PKEY_SCRYPT"); 157 goto err; 158 } 159 if (EVP_PKEY_derive_init(pctx) <= 0) { 160 TEST_error("EVP_PKEY_derive_init"); 161 goto err; 162 } 163 if (EVP_PKEY_CTX_set1_pbe_pass(pctx, "password", 8) <= 0) { 164 TEST_error("EVP_PKEY_CTX_set1_pbe_pass"); 165 goto err; 166 } 167 if (EVP_PKEY_CTX_set1_scrypt_salt(pctx, (unsigned char *)"NaCl", 4) <= 0) { 168 TEST_error("EVP_PKEY_CTX_set1_scrypt_salt"); 169 goto err; 170 } 171 if (EVP_PKEY_CTX_set_scrypt_N(pctx, 1024) <= 0) { 172 TEST_error("EVP_PKEY_CTX_set_scrypt_N"); 173 goto err; 174 } 175 if (EVP_PKEY_CTX_set_scrypt_r(pctx, 8) <= 0) { 176 TEST_error("EVP_PKEY_CTX_set_scrypt_r"); 177 goto err; 178 } 179 if (EVP_PKEY_CTX_set_scrypt_p(pctx, 16) <= 0) { 180 TEST_error("EVP_PKEY_CTX_set_scrypt_p"); 181 goto err; 182 } 183 if (EVP_PKEY_CTX_set_scrypt_maxmem_bytes(pctx, 16) <= 0) { 184 TEST_error("EVP_PKEY_CTX_set_maxmem_bytes"); 185 goto err; 186 } 187 if (EVP_PKEY_derive(pctx, out, &outlen) > 0) { 188 TEST_error("EVP_PKEY_derive should have failed"); 189 goto err; 190 } 191 if (EVP_PKEY_CTX_set_scrypt_maxmem_bytes(pctx, 10 * 1024 * 1024) <= 0) { 192 TEST_error("EVP_PKEY_CTX_set_maxmem_bytes"); 193 goto err; 194 } 195 if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) { 196 TEST_error("EVP_PKEY_derive"); 197 goto err; 198 } 199 200 { 201 const unsigned char expected[sizeof(out)] = { 202 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00, 203 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe, 204 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30, 205 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62, 206 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88, 207 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda, 208 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d, 209 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40 210 }; 211 if (!TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))) { 212 goto err; 213 } 214 } 215 ret = 1; 216 err: 217 EVP_PKEY_CTX_free(pctx); 218 return ret; 219 } 220 #endif 221 222 int setup_tests(void) 223 { 224 int tests = 1; 225 226 if (fips_provider_version_ge(NULL, 3, 3, 1)) 227 tests = 2; 228 229 ADD_ALL_TESTS(test_kdf_tls1_prf, tests); 230 ADD_ALL_TESTS(test_kdf_hkdf, tests); 231 #ifndef OPENSSL_NO_SCRYPT 232 ADD_TEST(test_kdf_scrypt); 233 #endif 234 return 1; 235 } 236