source-git / openssl

Clone
Source Code
GIT

Blame crypto/fips/fips_kdf_selftest.c

c8 c8s master
  1.   dd46e1f777d2d56ed692a3e9100ebe5052e12513
  2.   crypto
  3.   fips
  4.   fips_kdf_selftest.c
Blob History Raw
Packit Service 084de1 
/*
Packit Service 084de1 
 * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
Packit Service 084de1 
 * Copyright (c) 2018-2019, Oracle and/or its affiliates.  All rights reserved.
Packit Service 084de1 
 *
Packit Service 084de1 
 * Licensed under the Apache License 2.0 (the "License").  You may not use
Packit Service 084de1 
 * this file except in compliance with the License.  You can obtain a copy
Packit Service 084de1 
 * in the file LICENSE in the source distribution or at
Packit Service 084de1 
 * https://www.openssl.org/source/license.html
Packit Service 084de1 
 */
Packit Service 084de1
Packit Service 084de1 
#include <string.h>
Packit Service 084de1 
#include <openssl/err.h>
Packit Service 084de1 
#include <openssl/fips.h>
Packit Service 084de1 
#include "crypto/fips.h"
Packit Service 084de1
Packit Service 084de1 
#include <openssl/evp.h>
Packit Service 084de1 
#include <openssl/kdf.h>
Packit Service 084de1
Packit Service 084de1 
#ifdef OPENSSL_FIPS
Packit Service dd46e1 
static int FIPS_selftest_tls1_prf(void)
Packit Service dd46e1 
{
Packit Service dd46e1 
    int ret = 0;
Packit Service dd46e1 
    EVP_KDF_CTX *kctx;
Packit Service dd46e1 
    unsigned char out[16];
Packit Service dd46e1
Packit Service dd46e1 
    if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_TLS1_PRF)) == NULL) {
Packit Service dd46e1 
        goto err;
Packit Service dd46e1 
    }
Packit Service dd46e1 
    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
Packit Service dd46e1 
        goto err;
Packit Service dd46e1 
    }
Packit Service dd46e1 
    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_TLS_SECRET,
Packit Service dd46e1 
                     "secret", (size_t)6) <= 0) {
Packit Service dd46e1 
        goto err;
Packit Service dd46e1 
    }
Packit Service dd46e1 
    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_TLS_SEED, "seed", (size_t)4) <= 0) {
Packit Service dd46e1 
        goto err;
Packit Service dd46e1 
    }
Packit Service dd46e1 
    if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
Packit Service dd46e1 
        goto err;
Packit Service dd46e1 
    }
Packit Service dd46e1
Packit Service dd46e1 
    {
Packit Service dd46e1 
        const unsigned char expected[sizeof(out)] = {
Packit Service dd46e1 
            0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0,
Packit Service dd46e1 
            0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc
Packit Service dd46e1 
        };
Packit Service dd46e1 
        if (memcmp(out, expected, sizeof(expected))) {
Packit Service dd46e1 
            goto err;
Packit Service dd46e1 
        }
Packit Service dd46e1 
    }
Packit Service dd46e1 
    ret = 1;
Packit Service dd46e1
Packit Service dd46e1 
err:
Packit Service dd46e1 
    if (!ret)
Packit Service dd46e1 
        FIPSerr(FIPS_F_FIPS_SELFTEST_TLS1_PRF, FIPS_R_SELFTEST_FAILED);
Packit Service dd46e1 
    EVP_KDF_CTX_free(kctx);
Packit Service dd46e1 
    return ret;
Packit Service dd46e1 
}
Packit Service dd46e1
Packit Service dd46e1 
static int FIPS_selftest_hkdf(void)
Packit Service dd46e1 
{
Packit Service dd46e1 
    int ret = 0;
Packit Service dd46e1 
    EVP_KDF_CTX *kctx;
Packit Service dd46e1 
    unsigned char out[10];
Packit Service dd46e1
Packit Service dd46e1 
    if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_HKDF)) == NULL) {
Packit Service dd46e1 
        goto err;
Packit Service dd46e1 
    }
Packit Service dd46e1 
    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
Packit Service dd46e1 
        goto err;
Packit Service dd46e1 
    }
Packit Service dd46e1 
    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", (size_t)4) <= 0) {
Packit Service dd46e1 
        goto err;
Packit Service dd46e1 
    }
Packit Service dd46e1 
    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, "secret", (size_t)6) <= 0) {
Packit Service dd46e1 
        goto err;
Packit Service dd46e1 
    }
Packit Service dd46e1 
    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_HKDF_INFO,
Packit Service dd46e1 
                     "label", (size_t)5) <= 0) {
Packit Service dd46e1 
        goto err;
Packit Service dd46e1 
    }
Packit Service dd46e1 
    if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
Packit Service dd46e1 
        goto err;
Packit Service dd46e1 
    }
Packit Service dd46e1
Packit Service dd46e1 
    {
Packit Service dd46e1 
        const unsigned char expected[sizeof(out)] = {
Packit Service dd46e1 
            0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13
Packit Service dd46e1 
        };
Packit Service dd46e1 
        if (memcmp(out, expected, sizeof(expected))) {
Packit Service dd46e1 
            goto err;
Packit Service dd46e1 
        }
Packit Service dd46e1 
    }
Packit Service dd46e1 
    ret = 1;
Packit Service dd46e1 
err:
Packit Service dd46e1 
    if (!ret)
Packit Service dd46e1 
        FIPSerr(FIPS_F_FIPS_SELFTEST_HKDF, FIPS_R_SELFTEST_FAILED);
Packit Service dd46e1 
    EVP_KDF_CTX_free(kctx);
Packit Service dd46e1 
    return ret;
Packit Service dd46e1 
}
Packit Service dd46e1
Packit Service dd46e1 
static int FIPS_selftest_sshkdf(void)
Packit Service dd46e1 
{
Packit Service dd46e1 
    int ret = 0;
Packit Service dd46e1 
    EVP_KDF_CTX *kctx;
Packit Service dd46e1 
    unsigned char out[32];
Packit Service dd46e1 
    const unsigned char input_key[] = {
Packit Service dd46e1 
        0x00, 0x00, 0x00, 0x80, 0x0f, 0xaa, 0x17, 0x2b,
Packit Service dd46e1 
        0x8c, 0x28, 0x7e, 0x37, 0x2b, 0xb2, 0x36, 0xad,
Packit Service dd46e1 
        0x34, 0xc7, 0x33, 0x69, 0x5c, 0x13, 0xd7, 0x7f,
Packit Service dd46e1 
        0x88, 0x2a, 0xdc, 0x0f, 0x47, 0xe5, 0xa7, 0xf6,
Packit Service dd46e1 
        0xa3, 0xde, 0x07, 0xef, 0xb1, 0x01, 0x20, 0x7a,
Packit Service dd46e1 
        0xa5, 0xd6, 0x65, 0xb6, 0x19, 0x82, 0x6f, 0x75,
Packit Service dd46e1 
        0x65, 0x91, 0xf6, 0x53, 0x10, 0xbb, 0xd2, 0xc9,
Packit Service dd46e1 
        0x2c, 0x93, 0x84, 0xe6, 0xc6, 0xa6, 0x7b, 0x42,
Packit Service dd46e1 
        0xde, 0xc3, 0x82, 0xfd, 0xb2, 0x4c, 0x59, 0x1d,
Packit Service dd46e1 
        0x79, 0xff, 0x5e, 0x47, 0x73, 0x7b, 0x0f, 0x5b,
Packit Service dd46e1 
        0x84, 0x79, 0x69, 0x4c, 0x3a, 0xdc, 0x19, 0x40,
Packit Service dd46e1 
        0x17, 0x04, 0x91, 0x2b, 0xbf, 0xec, 0x27, 0x04,
Packit Service dd46e1 
        0xd4, 0xd5, 0xbe, 0xbb, 0xfc, 0x1a, 0x7f, 0xc7,
Packit Service dd46e1 
        0x96, 0xe2, 0x77, 0x63, 0x4e, 0x40, 0x85, 0x18,
Packit Service dd46e1 
        0x51, 0xa1, 0x87, 0xec, 0x2d, 0x37, 0xed, 0x3f,
Packit Service dd46e1 
        0x35, 0x1c, 0x45, 0x96, 0xa5, 0xa0, 0x89, 0x29,
Packit Service dd46e1 
        0x16, 0xb4, 0xc5, 0x5f
Packit Service dd46e1 
    };
Packit Service dd46e1 
    const unsigned char xcghash[] = {
Packit Service dd46e1 
        0xa3, 0x47, 0xf5, 0xf1, 0xe1, 0x91, 0xc3, 0x5f,
Packit Service dd46e1 
        0x21, 0x2c, 0x93, 0x24, 0xd5, 0x86, 0x7e, 0xfd,
Packit Service dd46e1 
        0xf8, 0x30, 0x26, 0xbe, 0x62, 0xc2, 0xb1, 0x6a,
Packit Service dd46e1 
        0xe0, 0x06, 0xed, 0xb3, 0x37, 0x8d, 0x40, 0x06
Packit Service dd46e1 
    };
Packit Service dd46e1 
    const unsigned char session_id[] = {
Packit Service dd46e1 
        0x90, 0xbe, 0xfc, 0xef, 0x3f, 0xf8, 0xf9, 0x20,
Packit Service dd46e1 
        0x67, 0x4a, 0x9f, 0xab, 0x94, 0x19, 0x8c, 0xf3,
Packit Service dd46e1 
        0xfd, 0x9d, 0xca, 0x24, 0xa2, 0x1d, 0x3c, 0x9d,
Packit Service dd46e1 
        0xba, 0x39, 0x4d, 0xaa, 0xfb, 0xc6, 0x21, 0xed
Packit Service dd46e1 
    };
Packit Service dd46e1
Packit Service dd46e1
Packit Service dd46e1 
    if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF)) == NULL) {
Packit Service dd46e1 
        goto err;
Packit Service dd46e1 
    }
Packit Service dd46e1 
    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
Packit Service dd46e1 
        goto err;
Packit Service dd46e1 
    }
Packit Service dd46e1 
    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, input_key,
Packit Service dd46e1 
                     sizeof(input_key)) <= 0) {
Packit Service dd46e1 
        goto err;
Packit Service dd46e1 
    }
Packit Service dd46e1 
    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSHKDF_XCGHASH, xcghash,
Packit Service dd46e1 
                     sizeof(xcghash)) <= 0) {
Packit Service dd46e1 
        goto err;
Packit Service dd46e1 
    }
Packit Service dd46e1 
    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID, session_id,
Packit Service dd46e1 
                     sizeof(session_id)) <= 0) {
Packit Service dd46e1 
        goto err;
Packit Service dd46e1 
    }
Packit Service dd46e1 
    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSHKDF_TYPE, (int)'F') <= 0) {
Packit Service dd46e1 
        goto err;
Packit Service dd46e1 
    }
Packit Service dd46e1 
    if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
Packit Service dd46e1 
        goto err;
Packit Service dd46e1 
    }
Packit Service dd46e1
Packit Service dd46e1 
    {
Packit Service dd46e1 
        const unsigned char expected[sizeof(out)] = {
Packit Service dd46e1 
            0x14, 0x7a, 0x77, 0x14, 0x45, 0x12, 0x3f, 0x84,
Packit Service dd46e1 
            0x6d, 0x8a, 0xe5, 0x14, 0xd7, 0xff, 0x9b, 0x3c,
Packit Service dd46e1 
            0x93, 0xb2, 0xbc, 0xeb, 0x7c, 0x7c, 0x95, 0x00,
Packit Service dd46e1 
            0x94, 0x21, 0x61, 0xb8, 0xe2, 0xd0, 0x11, 0x0f
Packit Service dd46e1 
        };
Packit Service dd46e1 
        if (memcmp(out, expected, sizeof(expected))) {
Packit Service dd46e1 
            goto err;
Packit Service dd46e1 
        }
Packit Service dd46e1 
    }
Packit Service dd46e1 
    ret = 1;
Packit Service dd46e1
Packit Service dd46e1 
err:
Packit Service dd46e1 
    if (!ret)
Packit Service dd46e1 
        FIPSerr(FIPS_F_FIPS_SELFTEST_SSHKDF, FIPS_R_SELFTEST_FAILED);
Packit Service dd46e1 
    EVP_KDF_CTX_free(kctx);
Packit Service dd46e1 
    return ret;
Packit Service dd46e1 
}
Packit Service dd46e1
Packit Service dd46e1 
static int FIPS_selftest_pbkdf2(void)
Packit Service 084de1 
{
Packit Service 084de1 
    int ret = 0;
Packit Service 084de1 
    EVP_KDF_CTX *kctx;
Packit Service 084de1 
    unsigned char out[32];
Packit Service 084de1
Packit Service 084de1 
    if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_PBKDF2)) == NULL) {
Packit Service 084de1 
        goto err;
Packit Service 084de1 
    }
Packit Service 084de1 
    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password", (size_t)8) <= 0) {
Packit Service 084de1 
        goto err;
Packit Service 084de1 
    }
Packit Service 084de1 
    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", (size_t)4) <= 0) {
Packit Service 084de1 
        goto err;
Packit Service 084de1 
    }
Packit Service 084de1 
    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 2) <= 0) {
Packit Service 084de1 
        goto err;
Packit Service 084de1 
    }
Packit Service 084de1 
    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
Packit Service 084de1 
        goto err;
Packit Service 084de1 
    }
Packit Service 084de1 
    if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
Packit Service 084de1 
        goto err;
Packit Service 084de1 
    }
Packit Service 084de1
Packit Service 084de1 
    {
Packit Service 084de1 
        const unsigned char expected[sizeof(out)] = {
Packit Service 084de1 
            0xae, 0x4d, 0x0c, 0x95, 0xaf, 0x6b, 0x46, 0xd3,
Packit Service 084de1 
            0x2d, 0x0a, 0xdf, 0xf9, 0x28, 0xf0, 0x6d, 0xd0,
Packit Service 084de1 
            0x2a, 0x30, 0x3f, 0x8e, 0xf3, 0xc2, 0x51, 0xdf,
Packit Service 084de1 
            0xd6, 0xe2, 0xd8, 0x5a, 0x95, 0x47, 0x4c, 0x43
Packit Service 084de1 
        };
Packit Service 084de1 
        if (memcmp(out, expected, sizeof(expected))) {
Packit Service 084de1 
            goto err;
Packit Service 084de1 
        }
Packit Service 084de1 
    }
Packit Service 084de1 
    ret = 1;
Packit Service 084de1
Packit Service 084de1 
err:
Packit Service 084de1 
    if (!ret)
Packit Service 084de1 
        FIPSerr(FIPS_F_FIPS_SELFTEST_PBKDF2, FIPS_R_SELFTEST_FAILED);
Packit Service 084de1 
    EVP_KDF_CTX_free(kctx);
Packit Service 084de1 
    return ret;
Packit Service 084de1 
}
Packit Service 084de1
Packit Service 084de1 
/* Test vector from RFC 8009 (AES Encryption with HMAC-SHA2 for Kerberos
Packit Service 084de1 
 * 5) appendix A. */
Packit Service dd46e1 
static int FIPS_selftest_kbkdf(void)
Packit Service 084de1 
{
Packit Service 084de1 
    int ret = 0;
Packit Service 084de1 
    EVP_KDF_CTX *kctx;
Packit Service 084de1 
    char *label = "prf", *prf_input = "test";
Packit Service dd46e1 
    const unsigned char input_key[] = {
Packit Service 084de1 
        0x37, 0x05, 0xD9, 0x60, 0x80, 0xC1, 0x77, 0x28,
Packit Service 084de1 
        0xA0, 0xE8, 0x00, 0xEA, 0xB6, 0xE0, 0xD2, 0x3C,
Packit Service 084de1 
    };
Packit Service dd46e1 
    const unsigned char output[] = {
Packit Service 084de1 
        0x9D, 0x18, 0x86, 0x16, 0xF6, 0x38, 0x52, 0xFE,
Packit Service 084de1 
        0x86, 0x91, 0x5B, 0xB8, 0x40, 0xB4, 0xA8, 0x86,
Packit Service 084de1 
        0xFF, 0x3E, 0x6B, 0xB0, 0xF8, 0x19, 0xB4, 0x9B,
Packit Service 084de1 
        0x89, 0x33, 0x93, 0xD3, 0x93, 0x85, 0x42, 0x95,
Packit Service 084de1 
    };
Packit Service 084de1 
    unsigned char result[sizeof(output)] = { 0 };
Packit Service 084de1
Packit Service 084de1 
    if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_KB)) == NULL) {
Packit Service 084de1 
        goto err;
Packit Service 084de1 
    }
Packit Service 084de1 
    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_MAC_TYPE, EVP_KDF_KB_MAC_TYPE_HMAC) <= 0) {
Packit Service 084de1 
        goto err;
Packit Service 084de1 
    }
Packit Service 084de1 
    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
Packit Service 084de1 
        goto err;
Packit Service 084de1 
    }
Packit Service 084de1 
    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, input_key, sizeof(input_key)) <= 0) {
Packit Service 084de1 
        goto err;
Packit Service 084de1 
    }
Packit Service 084de1 
    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, label, strlen(label)) <= 0) {
Packit Service 084de1 
        goto err;
Packit Service 084de1 
    }
Packit Service 084de1 
    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KB_INFO, prf_input, strlen(prf_input)) <= 0) {
Packit Service 084de1 
        goto err;
Packit Service 084de1 
    }
Packit Service 084de1 
    ret = EVP_KDF_derive(kctx, result, sizeof(result)) > 0
Packit Service 084de1 
        && memcmp(result, output, sizeof(output)) == 0;
Packit Service 084de1 
err:
Packit Service 084de1 
    if (!ret)
Packit Service 084de1 
        FIPSerr(FIPS_F_FIPS_SELFTEST_KBKDF, FIPS_R_SELFTEST_FAILED);
Packit Service 084de1 
    EVP_KDF_CTX_free(kctx);
Packit Service 084de1 
    return ret;
Packit Service 084de1 
}
Packit Service 084de1
Packit Service dd46e1 
static int FIPS_selftest_krb5kdf(void)
Packit Service dd46e1 
{
Packit Service dd46e1 
    int ret = 0;
Packit Service dd46e1 
    EVP_KDF_CTX *kctx;
Packit Service dd46e1 
    unsigned char out[16];
Packit Service dd46e1 
    const unsigned char key[] = {
Packit Service dd46e1 
        0x42, 0x26, 0x3C, 0x6E, 0x89, 0xF4, 0xFC, 0x28,
Packit Service dd46e1 
        0xB8, 0xDF, 0x68, 0xEE, 0x09, 0x79, 0x9F, 0x15
Packit Service dd46e1 
    };
Packit Service dd46e1 
    const unsigned char constant[] = {
Packit Service dd46e1 
        0x00, 0x00, 0x00, 0x02, 0x99
Packit Service dd46e1 
    };
Packit Service dd46e1 
    const unsigned char expected[sizeof(out)] = {
Packit Service dd46e1 
        0x34, 0x28, 0x0A, 0x38, 0x2B, 0xC9, 0x27, 0x69,
Packit Service dd46e1 
        0xB2, 0xDA, 0x2F, 0x9E, 0xF0, 0x66, 0x85, 0x4B
Packit Service dd46e1 
    };
Packit Service dd46e1
Packit Service dd46e1 
    if ((kctx = EVP_KDF_CTX_new_id(EVP_KDF_KRB5KDF)) == NULL) {
Packit Service dd46e1 
        goto err;
Packit Service dd46e1 
    }
Packit Service dd46e1 
    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_CIPHER, EVP_aes_128_cbc()) <= 0) {
Packit Service dd46e1 
        goto err;
Packit Service dd46e1 
    }
Packit Service dd46e1 
    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, key, sizeof(key)) <= 0) {
Packit Service dd46e1 
        goto err;
Packit Service dd46e1 
    }
Packit Service dd46e1 
    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KRB5KDF_CONSTANT, constant, sizeof(constant)) <= 0) {
Packit Service dd46e1 
        goto err;
Packit Service dd46e1 
    }
Packit Service dd46e1
Packit Service dd46e1 
    ret =
Packit Service dd46e1 
        EVP_KDF_derive(kctx, out, sizeof(out)) > 0
Packit Service dd46e1 
        && memcmp(out, expected, sizeof(expected)) == 0;
Packit Service dd46e1
Packit Service dd46e1 
err:
Packit Service dd46e1 
    if (!ret)
Packit Service dd46e1 
        FIPSerr(FIPS_F_FIPS_SELFTEST_KRB5KDF, FIPS_R_SELFTEST_FAILED);
Packit Service dd46e1 
    EVP_KDF_CTX_free(kctx);
Packit Service dd46e1 
    return ret;
Packit Service dd46e1 
}
Packit Service dd46e1
Packit Service dd46e1 
static int FIPS_selftest_sskdf(void)
Packit Service dd46e1 
{
Packit Service dd46e1 
    int ret = 0;
Packit Service dd46e1 
    EVP_KDF_CTX *kctx;
Packit Service dd46e1 
    const unsigned char z[] = {
Packit Service dd46e1 
        0x6d,0xbd,0xc2,0x3f,0x04,0x54,0x88,0xe4,0x06,0x27,0x57,0xb0,0x6b,0x9e,
Packit Service dd46e1 
        0xba,0xe1,0x83,0xfc,0x5a,0x59,0x46,0xd8,0x0d,0xb9,0x3f,0xec,0x6f,0x62,
Packit Service dd46e1 
        0xec,0x07,0xe3,0x72,0x7f,0x01,0x26,0xae,0xd1,0x2c,0xe4,0xb2,0x62,0xf4,
Packit Service dd46e1 
        0x7d,0x48,0xd5,0x42,0x87,0xf8,0x1d,0x47,0x4c,0x7c,0x3b,0x18,0x50,0xe9
Packit Service dd46e1 
    };
Packit Service dd46e1 
    const unsigned char other[] = {
Packit Service dd46e1 
        0xa1,0xb2,0xc3,0xd4,0xe5,0x43,0x41,0x56,0x53,0x69,0x64,0x3c,0x83,0x2e,
Packit Service dd46e1 
        0x98,0x49,0xdc,0xdb,0xa7,0x1e,0x9a,0x31,0x39,0xe6,0x06,0xe0,0x95,0xde,
Packit Service dd46e1 
        0x3c,0x26,0x4a,0x66,0xe9,0x8a,0x16,0x58,0x54,0xcd,0x07,0x98,0x9b,0x1e,
Packit Service dd46e1 
        0xe0,0xec,0x3f,0x8d,0xbe
Packit Service dd46e1 
    };
Packit Service dd46e1 
    const unsigned char expected[] = {
Packit Service dd46e1 
        0xa4,0x62,0xde,0x16,0xa8,0x9d,0xe8,0x46,0x6e,0xf5,0x46,0x0b,0x47,0xb8
Packit Service dd46e1 
    };
Packit Service dd46e1 
    unsigned char out[14];
Packit Service dd46e1
Packit Service dd46e1 
    kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS);
Packit Service dd46e1
Packit Service dd46e1 
    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha224()) <= 0) {
Packit Service dd46e1 
        goto err;
Packit Service dd46e1 
    }
Packit Service dd46e1 
    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z, sizeof(z)) <= 0) {
Packit Service dd46e1 
        goto err;
Packit Service dd46e1 
    }
Packit Service dd46e1 
    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, other,
Packit Service dd46e1 
                     sizeof(other)) <= 0) {
Packit Service dd46e1 
        goto err;
Packit Service dd46e1 
    }
Packit Service dd46e1 
    if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
Packit Service dd46e1 
        goto err;
Packit Service dd46e1 
    }
Packit Service dd46e1
Packit Service dd46e1 
    if (memcmp(out, expected, sizeof(expected)))
Packit Service dd46e1 
        goto err;
Packit Service dd46e1 
    ret = 1;
Packit Service dd46e1
Packit Service dd46e1 
err:
Packit Service dd46e1 
    if (!ret)
Packit Service dd46e1 
        FIPSerr(FIPS_F_FIPS_SELFTEST_SSKDF, FIPS_R_SELFTEST_FAILED);
Packit Service dd46e1 
    EVP_KDF_CTX_free(kctx);
Packit Service dd46e1 
    return ret;
Packit Service dd46e1 
}
Packit Service dd46e1
Packit Service 084de1 
int FIPS_selftest_kdf(void)
Packit Service 084de1 
{
Packit Service dd46e1 
    return FIPS_selftest_tls1_prf()
Packit Service dd46e1 
        && FIPS_selftest_hkdf()
Packit Service dd46e1 
        && FIPS_selftest_sshkdf()
Packit Service dd46e1 
        && FIPS_selftest_pbkdf2()
Packit Service dd46e1 
        && FIPS_selftest_kbkdf()
Packit Service dd46e1 
        && FIPS_selftest_krb5kdf()
Packit Service dd46e1 
        && FIPS_selftest_sskdf();
Packit Service 084de1 
}
Packit Service 084de1
Packit Service 084de1 
#endif

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation