[KDF] Add KBKDF implementation for counter-mode HMAC

Implement SP800-108 section 5.1 with HMAC intended for use in Kerberos. Add test vectors from RFC 8009. Adds error codes PROV_R_INVALID_MAC and PROV_R_MISSING_MAC. Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9924)
author: Robbie Harwood <rharwood@redhat.com> 2019-09-10 23:46:44 +0200
committer: Richard Levitte <levitte@openssl.org> 2019-09-27 23:17:26 +0200
commit: a39bc4404baa4e065d01efe829a1f26eba737049 (patch)
tree: e9e744551b5ab87c382f569ff115e8b354dcfb1c /test/evp_kdf_test.c
parent: OSSL_PARAM functions: change to allow the data field to be NULL (diff)
download: openssl-a39bc4404baa4e065d01efe829a1f26eba737049.tar.xz
openssl-a39bc4404baa4e065d01efe829a1f26eba737049.zip
1 files changed, 90 insertions, 0 deletions
diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c
index 6d8517ff87..3761dff9fa 100644
--- a/test/evp_kdf_test.c
+++ b/test/evp_kdf_test.c
@@ -297,6 +297,94 @@ static int test_kdf_x963(void)
     return ret;
 }
 
+/* Two test vectors from RFC 8009 (AES Encryption with HMAC-SHA2 for Kerberos
+ * 5) appendix A. */
+static int test_kdf_kbkdf_8009_prf1(void)
+{
+    int ret, i = 0;
+    EVP_KDF_CTX *kctx;
+    OSSL_PARAM params[6];
+    char *label = "prf", *digest = "sha256", *prf_input = "test",
+        *mac = "HMAC";
+    static unsigned char input_key[] = {
+        0x37, 0x05, 0xD9, 0x60, 0x80, 0xC1, 0x77, 0x28,
+        0xA0, 0xE8, 0x00, 0xEA, 0xB6, 0xE0, 0xD2, 0x3C,
+    };
+    static unsigned char output[] = {
+        0x9D, 0x18, 0x86, 0x16, 0xF6, 0x38, 0x52, 0xFE,
+        0x86, 0x91, 0x5B, 0xB8, 0x40, 0xB4, 0xA8, 0x86,
+        0xFF, 0x3E, 0x6B, 0xB0, 0xF8, 0x19, 0xB4, 0x9B,
+        0x89, 0x33, 0x93, 0xD3, 0x93, 0x85, 0x42, 0x95,
+    };
+    unsigned char result[sizeof(output)] = { 0 };
+
+    params[i++] = OSSL_PARAM_construct_utf8_string(
+        OSSL_KDF_PARAM_DIGEST, digest, strlen(digest) + 1);
+    params[i++] = OSSL_PARAM_construct_utf8_string(
+        OSSL_KDF_PARAM_MAC, mac, strlen(mac) + 1);
+    params[i++] = OSSL_PARAM_construct_octet_string(
+        OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
+    params[i++] = OSSL_PARAM_construct_octet_string(
+        OSSL_KDF_PARAM_SALT, label, strlen(label));
+    params[i++] = OSSL_PARAM_construct_octet_string(
+        OSSL_KDF_PARAM_INFO, prf_input, strlen(prf_input));
+    params[i] = OSSL_PARAM_construct_end();
+
+    kctx = get_kdfbyname("KBKDF");
+    ret = TEST_ptr(kctx)
+        && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
+        && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0)
+        && TEST_mem_eq(result, sizeof(result), output, sizeof(output));
+
+    EVP_KDF_CTX_free(kctx);
+    return ret;
+}
+
+static int test_kdf_kbkdf_8009_prf2(void)
+{
+    int ret, i = 0;
+    EVP_KDF_CTX *kctx;
+    OSSL_PARAM params[6];
+    char *label = "prf", *digest = "sha384", *prf_input = "test",
+        *mac = "HMAC";
+    static unsigned char input_key[] = {
+        0x6D, 0x40, 0x4D, 0x37, 0xFA, 0xF7, 0x9F, 0x9D,
+        0xF0, 0xD3, 0x35, 0x68, 0xD3, 0x20, 0x66, 0x98,
+        0x00, 0xEB, 0x48, 0x36, 0x47, 0x2E, 0xA8, 0xA0,
+        0x26, 0xD1, 0x6B, 0x71, 0x82, 0x46, 0x0C, 0x52,
+    };
+    static unsigned char output[] = {
+        0x98, 0x01, 0xF6, 0x9A, 0x36, 0x8C, 0x2B, 0xF6,
+        0x75, 0xE5, 0x95, 0x21, 0xE1, 0x77, 0xD9, 0xA0,
+        0x7F, 0x67, 0xEF, 0xE1, 0xCF, 0xDE, 0x8D, 0x3C,
+        0x8D, 0x6F, 0x6A, 0x02, 0x56, 0xE3, 0xB1, 0x7D,
+        0xB3, 0xC1, 0xB6, 0x2A, 0xD1, 0xB8, 0x55, 0x33,
+        0x60, 0xD1, 0x73, 0x67, 0xEB, 0x15, 0x14, 0xD2,
+    };
+    unsigned char result[sizeof(output)] = { 0 };
+
+    params[i++] = OSSL_PARAM_construct_utf8_string(
+        OSSL_KDF_PARAM_DIGEST, digest, strlen(digest) + 1);
+    params[i++] = OSSL_PARAM_construct_utf8_string(
+        OSSL_KDF_PARAM_MAC, mac, strlen(mac) + 1);
+    params[i++] = OSSL_PARAM_construct_octet_string(
+        OSSL_KDF_PARAM_KEY, input_key, sizeof(input_key));
+    params[i++] = OSSL_PARAM_construct_octet_string(
+        OSSL_KDF_PARAM_SALT, label, strlen(label));
+    params[i++] = OSSL_PARAM_construct_octet_string(
+        OSSL_KDF_PARAM_INFO, prf_input, strlen(prf_input));
+    params[i] = OSSL_PARAM_construct_end();
+
+    kctx = get_kdfbyname("KBKDF");
+    ret = TEST_ptr(kctx)
+        && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
+        && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0)
+        && TEST_mem_eq(result, sizeof(result), output, sizeof(output));
+
+    EVP_KDF_CTX_free(kctx);
+    return ret;
+}
+
 static int test_kdf_ss_hmac(void)
 {
     int ret;
@@ -521,6 +609,8 @@ static int test_kdf_x942_asn1(void)
 
 int setup_tests(void)
 {
+    ADD_TEST(test_kdf_kbkdf_8009_prf1);
+    ADD_TEST(test_kdf_kbkdf_8009_prf2);
     ADD_TEST(test_kdf_get_kdf);
     ADD_TEST(test_kdf_tls1_prf);
     ADD_TEST(test_kdf_hkdf);
author	Robbie Harwood <rharwood@redhat.com>	2019-09-10 23:46:44 +0200
committer	Richard Levitte <levitte@openssl.org>	2019-09-27 23:17:26 +0200
commit	a39bc4404baa4e065d01efe829a1f26eba737049 (patch)
tree	e9e744551b5ab87c382f569ff115e8b354dcfb1c /test/evp_kdf_test.c
parent	OSSL_PARAM functions: change to allow the data field to be NULL (diff)
download	openssl-a39bc4404baa4e065d01efe829a1f26eba737049.tar.xz openssl-a39bc4404baa4e065d01efe829a1f26eba737049.zip