diff options
author | pohsingwu <pohsingwu@synology.com> | 2024-07-17 15:19:51 +0800 |
---|---|---|
committer | Pauli <ppzgs1@gmail.com> | 2024-07-24 13:16:08 +1000 |
commit | 14e46600c68ece74970462a60ad20703221747a1 (patch) | |
tree | 3a7a382ffed5d9f235b619119ddfd3f466215586 /test | |
parent | 5e25b8afc0f964a3f178549d00fbe6a9295188e8 (diff) | |
download | openssl-14e46600c68ece74970462a60ad20703221747a1.tar.gz |
In this commit, we also return different error if the digest is XOF.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23889)
Diffstat (limited to 'test')
-rw-r--r-- | test/recipes/30-test_evp_data/evpkdf_hkdf.txt | 13 | ||||
-rw-r--r-- | test/recipes/30-test_evp_data/evpkdf_ss.txt | 14 | ||||
-rw-r--r-- | test/recipes/30-test_evp_data/evpkdf_ssh.txt | 11 | ||||
-rw-r--r-- | test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt | 11 | ||||
-rw-r--r-- | test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt | 10 | ||||
-rw-r--r-- | test/recipes/30-test_evp_data/evpkdf_x963.txt | 9 | ||||
-rw-r--r-- | test/recipes/30-test_evp_data/evppkey_kdf_hkdf.txt | 13 | ||||
-rw-r--r-- | test/recipes/30-test_evp_data/evppkey_kdf_tls1_prf.txt | 9 |
8 files changed, 52 insertions, 38 deletions
diff --git a/test/recipes/30-test_evp_data/evpkdf_hkdf.txt b/test/recipes/30-test_evp_data/evpkdf_hkdf.txt index 5918840ac7..82f10d803b 100644 --- a/test/recipes/30-test_evp_data/evpkdf_hkdf.txt +++ b/test/recipes/30-test_evp_data/evpkdf_hkdf.txt @@ -222,20 +222,11 @@ Ctrl.salt = hexsalt:000000000000000000000000000000000000000000000000000000000000 Ctrl.info = info: Output = 62f99231760bedd72319cc6cad -Title = FIPS indicator tests - -# Test that the operation with unapproved digest function is rejected -# -# There is no corresponding test for checking `fips-indicator` and derived key -# because that -# * HKDF can be used with SHA-1, SHA-2 and SHA-3 but not with the -# extendable-output functions. -# * HMAC construction is not allowed to be used with the extendable-output -# functions. +# Test that the operation with XOF digest function is rejected FIPSversion = >=3.4.0 KDF = HKDF Ctrl.digest = digest:SHAKE-256 Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b Ctrl.salt = hexsalt:000102030405060708090a0b0c Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 -Result = KDF_DERIVE_ERROR +Result = KDF_CTRL_ERROR diff --git a/test/recipes/30-test_evp_data/evpkdf_ss.txt b/test/recipes/30-test_evp_data/evpkdf_ss.txt index bfa42a296b..b206f86086 100644 --- a/test/recipes/30-test_evp_data/evpkdf_ss.txt +++ b/test/recipes/30-test_evp_data/evpkdf_ss.txt @@ -1132,20 +1132,10 @@ Ctrl.hexinfo = hexinfo:0553552e5345a22404223020a003020110a10c040aaaaaaaaaaaaaaa Ctrl.hexinfo = hexinfo:aaaaaaa20b0409bbbbbbbbbbbbbbbbbb Output = d3c78b78d75313e9a926f75dfb012363fa17fa01db -Title = FIPS indicator tests - -# Test that the operation with unapproved digest function is rejected -# -# There is no corresponding test for checking `fips-indicator` and derived key -# because that -# * SSKDF can be used with SHA-1, SHA-2 and SHA-3 but not with the -# extendable-output functions. -# * The return value from the `EVP_MD_get_size` function for the -# extendable-output functions always is 0, so the `SSKDF_hash_kdm` function -# will return 0 directly. +# Test that the operation with XOF digest function is rejected FIPSversion = >=3.4.0 KDF = SSKDF Ctrl.digest = digest:SHAKE-256 Ctrl.hexsecret = hexsecret:d09a6b1a472f930db4f5e6b967900744 Ctrl.hexinfo = hexinfo:b117255ab5f1b6b96fc434b0 -Result = KDF_DERIVE_ERROR +Result = KDF_CTRL_ERROR diff --git a/test/recipes/30-test_evp_data/evpkdf_ssh.txt b/test/recipes/30-test_evp_data/evpkdf_ssh.txt index 29383a710c..fb33733ad1 100644 --- a/test/recipes/30-test_evp_data/evpkdf_ssh.txt +++ b/test/recipes/30-test_evp_data/evpkdf_ssh.txt @@ -4866,6 +4866,15 @@ Ctrl.type = type:A Output = FF Result = KDF_MISMATCH +# Test that unsupported XOF is rejected +KDF = SSHKDF +Ctrl.digest = digest:SHAKE-256 +Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a686929ff5a25f8e40cb6645ea814fb1a5e0a11f852f86255641e5ed986e83a78bc8269480eac0b0dfd770cab92e7a28dd87ff452466d6ae867cead63b366b1c286e6c4811a9f14c27aea14c5171d49b78c06e3735d36e6a3be321dd5fc82308f34ee1cb17fba94a59 +Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245 +Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245 +Ctrl.type = type:A +Result = KDF_CTRL_ERROR + Title = FIPS indicator tests # Test that the operation with unapproved digest function is rejected @@ -4876,7 +4885,7 @@ Ctrl.hexkey = hexkey:0000008055bae931c07fd824bf10add1902b6fbc7c665347383498a6869 Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245 Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245 Ctrl.type = type:A -Result = KDF_DERIVE_ERROR +Result = KDF_CTRL_ERROR # Test that the operation with unapproved digest function is is reported as # unapproved diff --git a/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt b/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt index e10f24a333..e43c442e7d 100644 --- a/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt +++ b/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt @@ -70,6 +70,15 @@ Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587c Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce Output = 202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf +# Test that unsupported XOF is rejected +KDF = TLS1-PRF +Ctrl.digest = digest:SHAKE-256 +Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc +Ctrl.label = seed:extended master secret +Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c +Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce +Result = KDF_CTRL_ERROR + Title = FIPS indicator tests # Test that the operation with unapproved digest function is rejected @@ -80,7 +89,7 @@ Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55 Ctrl.label = seed:extended master secret Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce -Result = KDF_DERIVE_ERROR +Result = KDF_CTRL_ERROR # Test that the operation with unapproved digest function is is reported as # unapproved diff --git a/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt b/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt index 9eb2975176..453362d614 100644 --- a/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt +++ b/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt @@ -4935,6 +4935,14 @@ Ctrl.mode = mode:EXTRACT_AND_EXPAND Ctrl.digest = digest:SHA256 Result = KDF_CTRL_ERROR +Title = TLS13-KDF unsupported XOF test + +KDF = TLS13-KDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.digest = digest:SHAKE-256 +Ctrl.key = hexkey:f8af6aea2d397baf2948a25b2834200692cff17eee9165e4e27babee9edefd05 +Result = KDF_CTRL_ERROR + Title = FIPS indicator tests # Test that the operation with unapproved digest function is rejected @@ -4943,7 +4951,7 @@ KDF = TLS13-KDF Ctrl.mode = mode:EXTRACT_ONLY Ctrl.digest = digest:SHA512-256 Ctrl.key = hexkey:f8af6aea2d397baf2948a25b2834200692cff17eee9165e4e27babee9edefd05 -Result = KDF_DERIVE_ERROR +Result = KDF_CTRL_ERROR # Test that the operation with unapproved digest function is is reported as # unapproved diff --git a/test/recipes/30-test_evp_data/evpkdf_x963.txt b/test/recipes/30-test_evp_data/evpkdf_x963.txt index a305aa4c02..445ea23d4f 100644 --- a/test/recipes/30-test_evp_data/evpkdf_x963.txt +++ b/test/recipes/30-test_evp_data/evpkdf_x963.txt @@ -121,6 +121,13 @@ Ctrl.hexinfo = hexinfo:cf3a74ba86 Ctrl.hexinfo = hexinfo:af42f1ae85477ead645583 Output = 995d1ab8557dfeafcb347f8182583fa0ac5e6cb3912393592590989f38a0214f6cf7d6fbe23917b0966c6a870876de2a2c13a45fa7aa1715be137ed332e1ffc204ce4dcce33ece6dec7f3da61fa049780040e44142cc8a1e5121cf56b386f65b7c261a192f05e5fefae4221a602bc51c41ef175dc45fb7eab8642421b4f7e3e7 +# Test that unsupported XOF is rejected +KDF = X963KDF +Ctrl.digest = digest:SHAKE-256 +Ctrl.hexsecret = hexsecret:fd17198b89ab39c4ab5d7cca363b82f9fd7e23c3984dc8a2 +Ctrl.hexinfo = hexinfo:856a53f3e36a26bbc5792879f307cce2 +Result = KDF_CTRL_ERROR + Title = FIPS indicator tests # Test that the operation with unapproved digest function is rejected @@ -129,7 +136,7 @@ KDF = X963KDF Ctrl.digest = digest:SHA1 Ctrl.hexsecret = hexsecret:fd17198b89ab39c4ab5d7cca363b82f9fd7e23c3984dc8a2 Ctrl.hexinfo = hexinfo:856a53f3e36a26bbc5792879f307cce2 -Result = KDF_DERIVE_ERROR +Result = KDF_CTRL_ERROR # Test that the operation with unapproved digest function is is reported as # unapproved diff --git a/test/recipes/30-test_evp_data/evppkey_kdf_hkdf.txt b/test/recipes/30-test_evp_data/evppkey_kdf_hkdf.txt index ef574128aa..805f65abc4 100644 --- a/test/recipes/30-test_evp_data/evppkey_kdf_hkdf.txt +++ b/test/recipes/30-test_evp_data/evppkey_kdf_hkdf.txt @@ -194,20 +194,11 @@ Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c Ctrl.salt = salt: Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48 -Title = FIPS indicator tests - -# Test that the operation with unapproved digest function is rejected -# -# There is no corresponding test for checking `fips-indicator` and derived key -# because that -# * HKDF can be used with SHA-1, SHA-2 and SHA-3 but not with the -# extendable-output functions. -# * HMAC construction is not allowed to be used with the extendable-output -# functions. +# Test that the operation with XOF digest function is rejected FIPSversion = >=3.4.0 PKEYKDF = HKDF Ctrl.digest = digest:SHAKE-256 Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b Ctrl.salt = hexsalt:000102030405060708090a0b0c Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 -Result = KDF_DERIVE_ERROR +Result = PKEY_CTRL_ERROR diff --git a/test/recipes/30-test_evp_data/evppkey_kdf_tls1_prf.txt b/test/recipes/30-test_evp_data/evppkey_kdf_tls1_prf.txt index b5276e664e..a1510cc036 100644 --- a/test/recipes/30-test_evp_data/evppkey_kdf_tls1_prf.txt +++ b/test/recipes/30-test_evp_data/evppkey_kdf_tls1_prf.txt @@ -70,6 +70,15 @@ Ctrl.Seed = hexseed:02 Output = 03 Result = KDF_DERIVE_ERROR +# Test that unsupported XOF is rejected +KDF = TLS1-PRF +Ctrl.digest = digest:SHAKE-256 +Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc +Ctrl.label = seed:extended master secret +Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c +Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce +Result = KDF_CTRL_ERROR + Title = FIPS indicator tests # Test that the operation with unapproved digest function is rejected |