From 6a38b09a7fa6eaac6bcbe567382fbe7d3d719503 Mon Sep 17 00:00:00 2001
From: Pauli <pauli@openssl.org>
Date: Wed, 28 Apr 2021 12:58:08 +1000
Subject: mac: allow XOF MACs to be specified either via control or via the
 dedicated function

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15061)
---
 test/evp_test.c                                 | 50 ++++++++++++++++------
 test/recipes/30-test_evp_data/evpmac_common.txt | 57 ++++++++++++++++++++++++-
 2 files changed, 92 insertions(+), 15 deletions(-)

(limited to 'test')

diff --git a/test/evp_test.c b/test/evp_test.c
index 79ca676c87..abb0485459 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -1029,6 +1029,8 @@ typedef struct mac_data_st {
     /* MAC salt (blake2) */
     unsigned char *salt;
     size_t salt_len;
+    /* XOF mode? */
+    int xof;
     /* Collection of controls */
     STACK_OF(OPENSSL_STRING) *controls;
 } MAC_DATA;
@@ -1123,6 +1125,8 @@ static int mac_test_parse(EVP_TEST *t,
         return parse_bin(value, &mdata->input, &mdata->input_len);
     if (strcmp(keyword, "Output") == 0)
         return parse_bin(value, &mdata->output, &mdata->output_len);
+    if (strcmp(keyword, "XOF") == 0)
+        return mdata->xof = 1;
     if (strcmp(keyword, "Ctrl") == 0)
         return sk_OPENSSL_STRING_push(mdata->controls,
                                       OPENSSL_strdup(value)) != 0;
@@ -1164,6 +1168,10 @@ static int mac_test_run_pkey(EVP_TEST *t)
     size_t got_len;
     int i;
 
+    /* We don't do XOF mode via PKEY */
+    if (expected->xof)
+        return 1;
+
     if (expected->alg == NULL)
         TEST_info("Trying the EVP_PKEY %s test", OBJ_nid2sn(expected->type));
     else
@@ -1360,20 +1368,34 @@ static int mac_test_run_mac(EVP_TEST *t)
         t->err = "MAC_UPDATE_ERROR";
         goto err;
     }
-    if (!EVP_MAC_final(ctx, NULL, &got_len, 0)) {
-        t->err = "MAC_FINAL_LENGTH_ERROR";
-        goto err;
-    }
-    if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
-        t->err = "TEST_FAILURE";
-        goto err;
-    }
-    if (!EVP_MAC_final(ctx, got, &got_len, got_len)
-        || !memory_err_compare(t, "TEST_MAC_ERR",
-                               expected->output, expected->output_len,
-                               got, got_len)) {
-        t->err = "TEST_MAC_ERR";
-        goto err;
+    if (expected->xof) {
+        if (!TEST_ptr(got = OPENSSL_malloc(expected->output_len))) {
+            t->err = "TEST_FAILURE";
+            goto err;
+        }
+        if (!EVP_MAC_finalXOF(ctx, got, expected->output_len)
+            || !memory_err_compare(t, "TEST_MAC_ERR",
+                                   expected->output, expected->output_len,
+                                   got, expected->output_len)) {
+            t->err = "MAC_FINAL_ERROR";
+            goto err;
+        }
+    } else {
+        if (!EVP_MAC_final(ctx, NULL, &got_len, 0)) {
+            t->err = "MAC_FINAL_LENGTH_ERROR";
+            goto err;
+        }
+        if (!TEST_ptr(got = OPENSSL_malloc(got_len))) {
+            t->err = "TEST_FAILURE";
+            goto err;
+        }
+        if (!EVP_MAC_final(ctx, got, &got_len, got_len)
+            || !memory_err_compare(t, "TEST_MAC_ERR",
+                                   expected->output, expected->output_len,
+                                   got, got_len)) {
+            t->err = "TEST_MAC_ERR";
+            goto err;
+        }
     }
     t->err = NULL;
  err:
diff --git a/test/recipes/30-test_evp_data/evpmac_common.txt b/test/recipes/30-test_evp_data/evpmac_common.txt
index e2219ca12a..0229659807 100644
--- a/test/recipes/30-test_evp_data/evpmac_common.txt
+++ b/test/recipes/30-test_evp_data/evpmac_common.txt
@@ -346,6 +346,61 @@ Ctrl = size:64
 
 Title = KMAC XOF Tests (From NIST)
 
+MAC = KMAC128
+Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+Input = 00010203
+Output = CD83740BBD92CCC8CF032B1481A0F4460E7CA9DD12B08A0C4031178BACD6EC35
+XOF = 1
+
+MAC = KMAC128
+Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+Input = 00010203
+Custom = "My Tagged Application"
+Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C
+XOF = 1
+
+MAC = KMAC128
+Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+Custom = "My Tagged Application"
+Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F
+XOF = 1
+Ctrl = size:32
+
+MAC = KMAC256
+Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+Input = 00010203
+Custom = "My Tagged Application"
+Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B
+XOF = 1
+
+MAC = KMAC256
+Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+Custom = ""
+Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B
+XOF = 1
+
+MAC = KMAC256
+Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+Custom = "My Tagged Application"
+Output = D5BE731C954ED7732846BB59DBE3A8E30F83E77A4BFF4459F2F1C2B4ECEBB8CE67BA01C62E8AB8578D2D499BD1BB276768781190020A306A97DE281DCC30305D
+Ctrl = size:64
+XOF = 1
+
+Title = KMAC long customisation string (from NIST ACVP)
+
+MAC = KMAC256
+Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3
+Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D
+Custom = "]J&/.?L/c&}p(b!X|?>i7!]CAH6P@1<R'6|uOu2Vu^kCM!$ Een^pn&Zlale){mQhKjqe,)'-fsX6:u@D6+ZA^b70A)n)LMxo:Y!62;:[hP*yLERjL@rq30+iRaD#9|"
+Output = 4057EFD76A63049418AFC54559589821322B6029808A3BCAE4D49E961F909F5F667ACAD56BBCFB8033DCB4CC10AF1B53F014B8
+Ctrl = size:51
+XOF = 1
+
+Title = KMAC XOF Tests via ctrl (From NIST)
+
 MAC = KMAC128
 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
 Input = 00010203
@@ -389,7 +444,7 @@ Output = D5BE731C954ED7732846BB59DBE3A8E30F83E77A4BFF4459F2F1C2B4ECEBB8CE67BA01C
 Ctrl = size:64
 Ctrl = xof:1
 
-Title = KMAC long customisation string (from NIST ACVP)
+Title = KMAC long customisation string via ctrl (from NIST ACVP)
 
 MAC = KMAC256
 Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3
-- 
cgit v1.2.3