1 files changed, 81 insertions, 1 deletions
diff --git a/src/regress/lib/libcrypto/evp/evp_test.c b/src/regress/lib/libcrypto/evp/evp_test.c
index a699832c45..0bd8b4d092 100644
--- a/src/regress/lib/libcrypto/evp/evp_test.c
+++ b/src/regress/lib/libcrypto/evp/evp_test.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: evp_test.c,v 1.20 2024/07/09 17:24:12 tb Exp $ */
+/*      $OpenBSD: evp_test.c,v 1.21 2025/05/22 00:13:47 kenjiro Exp $ */
 /*
 * Copyright (c) 2017, 2022 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2023, 2024 Theo Buehler <tb@openbsd.org>
@@ -802,6 +802,85 @@ kdf_compare_bytes(const char *label, const unsigned char *d1, int len1,
 }
 static int
+evp_kdf_hkdf_basic(void)
+{
+        EVP_PKEY_CTX *pctx;
+        unsigned char out[42];
+        size_t outlen = sizeof(out);
+        int failed = 1;
+        /* Test vector from RFC 5869, Appendix A.1. */
+        const unsigned char ikm[] = {
+                0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+                0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+                0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+                0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+                0x0b, 0x0b,
+        };
+        const unsigned char salt[] = {
+                0x00, 0x01, 0x02, 0x03, 0x04, 0x05,
+                0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+                0x0c,
+        };
+        const unsigned char info[] = {
+                0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5,
+                0xf6, 0xf7, 0xf8, 0xf9,
+        };
+        const unsigned char expected[42] = {
+                0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
+                0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
+                0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
+                0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
+                0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
+                0x58, 0x65,
+        };
+        if ((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)) == NULL) {
+                fprintf(stderr, "FAIL: EVP_PKEY_CTX_new_id\n");
+                goto err;
+        }
+        if (EVP_PKEY_derive_init(pctx) <= 0) {
+                fprintf(stderr, "FAIL: EVP_PKEY_derive_init\n");
+                goto err;
+        }
+        if (EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()) <= 0) {
+                fprintf(stderr, "FAIL: EVP_PKEY_CTX_set_hkdf_md\n");
+                goto err;
+        }
+        if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, sizeof(salt)) <= 0) {
+                fprintf(stderr, "FAIL: EVP_PKEY_CTX_set1_hkdf_salt\n");
+                goto err;
+        }
+        if (EVP_PKEY_CTX_set1_hkdf_key(pctx, ikm, sizeof(ikm)) <= 0) {
+                fprintf(stderr, "FAIL: EVP_PKEY_CTX_set1_hkdf_key\n");
+                goto err;
+        }
+        if (EVP_PKEY_CTX_add1_hkdf_info(pctx, info, sizeof(info)) <= 0) {
+                fprintf(stderr, "FAIL: EVP_PKEY_CTX_add1_hkdf_info\n");
+                goto err;
+        }
+        if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) {
+                fprintf(stderr, "FAIL: EVP_PKEY_derive\n");
+                goto err;
+        }
+        if (!kdf_compare_bytes("HKDF test", out, outlen, expected, sizeof(expected)))
+                goto err;
+        failed = 0;
+ err:
+        EVP_PKEY_CTX_free(pctx);
+        return failed;
+}
+static int
 evp_kdf_tls1_prf_basic(void)
 {
        EVP_PKEY_CTX *pctx;
@@ -1038,6 +1117,7 @@ main(int argc, char **argv)
        failed |= obj_name_do_all_test();
        failed |= evp_get_cipherbyname_test();
        failed |= evp_get_digestbyname_test();
+        failed |= evp_kdf_hkdf_basic();
        failed |= evp_kdf_tls1_prf_basic();
        failed |= evp_kdf_tls1_prf();

diff --git a/src/regress/lib/libcrypto/evp/evp_test.c b/src/regress/lib/libcrypto/evp/evp_test.c index a699832c45..0bd8b4d092 100644 --- a/src/regress/lib/libcrypto/evp/evp_test.c +++ b/src/regress/lib/libcrypto/evp/evp_test.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: evp_test.c,v 1.20 2024/07/09 17:24:12 tb Exp $ */	1	/* $OpenBSD: evp_test.c,v 1.21 2025/05/22 00:13:47 kenjiro Exp $ */
2	/*	2	/*
3	* Copyright (c) 2017, 2022 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2017, 2022 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2023, 2024 Theo Buehler <tb@openbsd.org>	4	* Copyright (c) 2023, 2024 Theo Buehler <tb@openbsd.org>
@@ -802,6 +802,85 @@ kdf_compare_bytes(const char label, const unsigned char d1, int len1,
802	}	802	}
803		803
804	static int	804	static int
		805	evp_kdf_hkdf_basic(void)
		806	{
		807	EVP_PKEY_CTX *pctx;
		808	unsigned char out[42];
		809	size_t outlen = sizeof(out);
		810	int failed = 1;
		811
		812	/* Test vector from RFC 5869, Appendix A.1. */
		813	const unsigned char ikm[] = {
		814	0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
		815	0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
		816	0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
		817	0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
		818	0x0b, 0x0b,
		819	};
		820	const unsigned char salt[] = {
		821	0x00, 0x01, 0x02, 0x03, 0x04, 0x05,
		822	0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
		823	0x0c,
		824	};
		825	const unsigned char info[] = {
		826	0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5,
		827	0xf6, 0xf7, 0xf8, 0xf9,
		828	};
		829	const unsigned char expected[42] = {
		830	0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
		831	0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
		832	0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
		833	0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
		834	0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
		835	0x58, 0x65,
		836	};
		837
		838	if ((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)) == NULL) {
		839	fprintf(stderr, "FAIL: EVP_PKEY_CTX_new_id\n");
		840	goto err;
		841	}
		842
		843	if (EVP_PKEY_derive_init(pctx) <= 0) {
		844	fprintf(stderr, "FAIL: EVP_PKEY_derive_init\n");
		845	goto err;
		846	}
		847
		848	if (EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()) <= 0) {
		849	fprintf(stderr, "FAIL: EVP_PKEY_CTX_set_hkdf_md\n");
		850	goto err;
		851	}
		852
		853	if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, sizeof(salt)) <= 0) {
		854	fprintf(stderr, "FAIL: EVP_PKEY_CTX_set1_hkdf_salt\n");
		855	goto err;
		856	}
		857
		858	if (EVP_PKEY_CTX_set1_hkdf_key(pctx, ikm, sizeof(ikm)) <= 0) {
		859	fprintf(stderr, "FAIL: EVP_PKEY_CTX_set1_hkdf_key\n");
		860	goto err;
		861	}
		862
		863	if (EVP_PKEY_CTX_add1_hkdf_info(pctx, info, sizeof(info)) <= 0) {
		864	fprintf(stderr, "FAIL: EVP_PKEY_CTX_add1_hkdf_info\n");
		865	goto err;
		866	}
		867
		868	if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) {
		869	fprintf(stderr, "FAIL: EVP_PKEY_derive\n");
		870	goto err;
		871	}
		872
		873	if (!kdf_compare_bytes("HKDF test", out, outlen, expected, sizeof(expected)))
		874	goto err;
		875
		876	failed = 0;
		877
		878	err:
		879	EVP_PKEY_CTX_free(pctx);
		880	return failed;
		881	}
		882
		883	static int
805	evp_kdf_tls1_prf_basic(void)	884	evp_kdf_tls1_prf_basic(void)
806	{	885	{
807	EVP_PKEY_CTX *pctx;	886	EVP_PKEY_CTX *pctx;
@@ -1038,6 +1117,7 @@ main(int argc, char **argv)
1038	failed \|= obj_name_do_all_test();	1117	failed \|= obj_name_do_all_test();
1039	failed \|= evp_get_cipherbyname_test();	1118	failed \|= evp_get_cipherbyname_test();
1040	failed \|= evp_get_digestbyname_test();	1119	failed \|= evp_get_digestbyname_test();
		1120	failed \|= evp_kdf_hkdf_basic();
1041	failed \|= evp_kdf_tls1_prf_basic();	1121	failed \|= evp_kdf_tls1_prf_basic();
1042	failed \|= evp_kdf_tls1_prf();	1122	failed \|= evp_kdf_tls1_prf();
1043		1123