diff options
author | Simo Sorce <simo@redhat.com> | 2019-09-17 16:35:23 -0400 |
---|---|---|
committer | Tomas Mraz <tmraz@fedoraproject.org> | 2019-10-23 08:32:48 +0200 |
commit | 33f54da3dda8ef95c2a8d8580fde312c6fe4d3fb (patch) | |
tree | 587fa80c2a189d5bea1901eeb0f74fbe71f75dfe /test | |
parent | eb2ff0408ac6e934e05db7ed4006855c018584f1 (diff) |
Add KRB5KDF from RFC 3961
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9949)
Diffstat (limited to 'test')
-rw-r--r-- | test/evp_kdf_test.c | 38 | ||||
-rw-r--r-- | test/evp_test.c | 9 | ||||
-rw-r--r-- | test/recipes/30-test_evp_data/evpkdf.txt | 120 |
3 files changed, 167 insertions, 0 deletions
diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c index 21a0c270fe..ddf935b818 100644 --- a/test/evp_kdf_test.c +++ b/test/evp_kdf_test.c @@ -732,6 +732,43 @@ static int test_kdf_x942_asn1(void) } #endif /* OPENSSL_NO_CMS */ +static int test_kdf_krb5kdf(void) +{ + int ret; + EVP_KDF_CTX *kctx; + OSSL_PARAM params[4], *p = params; + unsigned char out[16]; + static unsigned char key[] = { + 0x42, 0x26, 0x3C, 0x6E, 0x89, 0xF4, 0xFC, 0x28, + 0xB8, 0xDF, 0x68, 0xEE, 0x09, 0x79, 0x9F, 0x15 + }; + static unsigned char constant[] = { + 0x00, 0x00, 0x00, 0x02, 0x99 + }; + static const unsigned char expected[sizeof(out)] = { + 0x34, 0x28, 0x0A, 0x38, 0x2B, 0xC9, 0x27, 0x69, + 0xB2, 0xDA, 0x2F, 0x9E, 0xF0, 0x66, 0x85, 0x4B + }; + + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER, + (char *)"AES-128-CBC", + sizeof("AES-128-CBC")); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, key, + sizeof(key)); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_CONSTANT, + constant, sizeof(constant)); + *p = OSSL_PARAM_construct_end(); + + ret = + TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_KRB5KDF)) + && TEST_true(EVP_KDF_CTX_set_params(kctx, params)) + && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) + && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); + + EVP_KDF_CTX_free(kctx); + return ret; +} + int setup_tests(void) { ADD_TEST(test_kdf_kbkdf_6803_128); @@ -753,5 +790,6 @@ int setup_tests(void) #ifndef OPENSSL_NO_CMS ADD_TEST(test_kdf_x942_asn1); #endif + ADD_TEST(test_kdf_krb5kdf); return 1; } diff --git a/test/evp_test.c b/test/evp_test.c index b68ad3b9c4..1039c2131a 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -2116,6 +2116,15 @@ static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx, if (nid != NID_undef && EVP_get_digestbynid(nid) == NULL) t->skip = 1; } + if (p != NULL && strcmp(name, "cipher") == 0) { + /* If p has an OID and lookup fails assume disabled algorithm */ + int nid = OBJ_sn2nid(p); + + if (nid == NID_undef) + nid = OBJ_ln2nid(p); + if (nid != NID_undef && EVP_get_cipherbynid(nid) == NULL) + t->skip = 1; + } OPENSSL_free(name); return 1; } diff --git a/test/recipes/30-test_evp_data/evpkdf.txt b/test/recipes/30-test_evp_data/evpkdf.txt index 3905f17ebc..73d3b3ca9e 100644 --- a/test/recipes/30-test_evp_data/evpkdf.txt +++ b/test/recipes/30-test_evp_data/evpkdf.txt @@ -6523,3 +6523,123 @@ Ctrl.hexsecret = hexsecret:000102030405060708090a0b0c0d0e0f10111213 Ctrl.cekalg = cekalg:id-smime-alg-CMSRC2wrap Ctrl.hexukm = hexukm:0123456789abcdeffedcba98765432010123456789abcdeffedcba98765432010123456789abcdeffedcba98765432010123456789abcdeffedcba9876543201 Output = 48950c46e0530075403cce72889604e0 + +Title = KRB5KDF tests (from RFC 3961 test vectors and krb5 sources) + +#RFC3961 +KDF = KRB5KDF +Ctrl.cipher = cipher:DES-EDE3-CBC +Ctrl.hexkey = hexkey:dce06b1f64c857a11c3db57c51899b2cc1791008ce973b92 +Ctrl.hexconstant = hexconstant:0000000155 +Output = 925179d04591a79b5d3192c4a7e9c289b049c71f6ee604cd + +KDF = KRB5KDF +Ctrl.cipher = cipher:DES-EDE3-CBC +Ctrl.hexkey = hexkey:5e13d31c70ef765746578531cb51c15bf11ca82c97cee9f2 +Ctrl.hexconstant = hexconstant:00000001aa +Output = 9e58e5a146d9942a101c469845d67a20e3c4259ed913f207 + +KDF = KRB5KDF +Ctrl.cipher = cipher:DES-EDE3-CBC +Ctrl.hexkey = hexkey:98e6fd8a04a4b6859b75a176540b9752bad3ecd610a252bc +Ctrl.hexconstant = hexconstant:0000000155 +Output = 13fef80d763e94ec6d13fd2ca1d085070249dad39808eabf + +KDF = KRB5KDF +Ctrl.cipher = cipher:DES-EDE3-CBC +Ctrl.hexkey = hexkey:622aec25a2fe2cad7094680b7c64940280084c1a7cec92b5 +Ctrl.hexconstant = hexconstant:00000001aa +Output = f8dfbf04b097e6d9dc0702686bcb3489d91fd9a4516b703e + +KDF = KRB5KDF +Ctrl.cipher = cipher:DES-EDE3-CBC +Ctrl.hexkey = hexkey:d3f8298ccb166438dcb9b93ee5a7629286a491f838f802fb +Ctrl.hexconstant = hexconstant:6b65726265726f73 +Output = 2370da575d2a3da864cebfdc5204d56df779a7df43d9da43 + +KDF = KRB5KDF +Ctrl.cipher = cipher:DES-EDE3-CBC +Ctrl.hexkey = hexkey:c1081649ada74362e6a1459d01dfd30d67c2234c940704da +Ctrl.hexconstant = hexconstant:0000000155 +Output = 348057ec98fdc48016161c2a4c7a943e92ae492c989175f7 + +KDF = KRB5KDF +Ctrl.cipher = cipher:DES-EDE3-CBC +Ctrl.hexkey = hexkey:5d154af238f46713155719d55e2f1f790dd661f279a7917c +Ctrl.hexconstant = hexconstant:00000001aa +Output = a8808ac267dada3dcbe9a7c84626fbc761c294b01315e5c1 + +KDF = KRB5KDF +Ctrl.cipher = cipher:DES-EDE3-CBC +Ctrl.hexkey = hexkey:798562e049852f57dc8c343ba17f2ca1d97394efc8adc443 +Ctrl.hexconstant = hexconstant:0000000155 +Output = c813f88a3be3b334f75425ce9175fbe3c8493b89c8703b49 + +KDF = KRB5KDF +Ctrl.cipher = cipher:DES-EDE3-CBC +Ctrl.hexkey = hexkey:26dce334b545292f2feab9a8701a89a4b99eb9942cecd016 +Ctrl.hexconstant = hexconstant:00000001aa +Output = f48ffd6e83f83e7354e694fd252cf83bfe58f7d5ba37ec5d + +#Krb5 sources +KDF = KRB5KDF +Ctrl.cipher = cipher:DES-EDE3-CBC +Ctrl.hexkey = hexkey:850BB51358548CD05E86768C313E3BFEF7511937DCF72C3E +Ctrl.hexconstant = hexconstant:0000000299 +Output = F78C496D16E6C2DAE0E0B6C24057A84C0426AEEF26FD6DCE + +KDF = KRB5KDF +Ctrl.cipher = cipher:DES-EDE3-CBC +Ctrl.hexkey = hexkey:850BB51358548CD05E86768C313E3BFEF7511937DCF72C3E +Ctrl.hexconstant = hexconstant:00000002AA +Output = 5B5723D0B634CB684C3EBA5264E9A70D52E683231AD3C4CE + +KDF = KRB5KDF +Ctrl.cipher = cipher:DES-EDE3-CBC +Ctrl.hexkey = hexkey:850BB51358548CD05E86768C313E3BFEF7511937DCF72C3E +Ctrl.hexconstant = hexconstant:0000000255 +Output = A77C94980E9B7345A81525C423A737CE67F4CD91B6B3DA45 + +KDF = KRB5KDF +Ctrl.cipher = cipher:AES-128-CBC +Ctrl.hexkey = hexkey:42263C6E89F4FC28B8DF68EE09799F15 +Ctrl.hexconstant = hexconstant:0000000299 +Output = 34280A382BC92769B2DA2F9EF066854B + +KDF = KRB5KDF +Ctrl.cipher = cipher:AES-128-CBC +Ctrl.hexkey = hexkey:42263C6E89F4FC28B8DF68EE09799F15 +Ctrl.hexconstant = hexconstant:00000002AA +Output = 5B14FC4E250E14DDF9DCCF1AF6674F53 + +KDF = KRB5KDF +Ctrl.cipher = cipher:AES-128-CBC +Ctrl.hexkey = hexkey:42263C6E89F4FC28B8DF68EE09799F15 +Ctrl.hexconstant = hexconstant:0000000255 +Output = 4ED31063621684F09AE8D89991AF3E8F + +KDF = KRB5KDF +Ctrl.cipher = cipher:AES-256-CBC +Ctrl.hexkey = hexkey:FE697B52BC0D3CE14432BA036A92E65BBB52280990A2FA27883998D72AF30161 +Ctrl.hexconstant = hexconstant:0000000299 +Output = BFAB388BDCB238E9F9C98D6A878304F04D30C82556375AC507A7A852790F4674 + +KDF = KRB5KDF +Ctrl.cipher = cipher:AES-256-CBC +Ctrl.hexkey = hexkey:FE697B52BC0D3CE14432BA036A92E65BBB52280990A2FA27883998D72AF30161 +Ctrl.hexconstant = hexconstant:00000002AA +Output = C7CFD9CD75FE793A586A542D87E0D1396F1134A104BB1A9190B8C90ADA3DDF37 + +KDF = KRB5KDF +Ctrl.cipher = cipher:AES-256-CBC +Ctrl.hexkey = hexkey:FE697B52BC0D3CE14432BA036A92E65BBB52280990A2FA27883998D72AF30161 +Ctrl.hexconstant = hexconstant:0000000255 +Output = 97151B4C76945063E2EB0529DC067D97D7BBA90776D8126D91F34F3101AEA8BA + +#Same as the first but with no "fixup" +KDF = KRB5KDF +Ctrl.cipher = cipher:DES-EDE3-CBC +Ctrl.hexkey = hexkey:dce06b1f64c857a11c3db57c51899b2cc1791008ce973b92 +Ctrl.hexconstant = hexconstant:0000000155 +Output = 935079d14490a75c3093c4a6e8c3b049c71e6ee705 + |