PBKDF2 updates to conform to SP800-132

The existing code used PKCS5 specifications. SP800-132 adds the following additional constraints for: - the range of the key length. - the minimum iteration count (1000 recommended). - salt length (at least 128 bits). These additional constraints may cause errors (in scrypt, and some PKCS5 related test vectors). To disable the new constraints use the new ctrl string "pkcs5". For backwards compatability, the checks are only enabled by default for fips mode. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8868)
author: Shane Lontis <shane.lontis@oracle.com> 2019-05-03 13:04:58 +1000
committer: Shane Lontis <shane.lontis@oracle.com> 2019-06-11 20:40:07 +1000
commit: f0efeea29eca6e528a976f62ae2422eee34ea0eb (patch)
tree: 468ae2e94d4aaf2cd9bc2972d97f447117da68af /test/evp_kdf_test.c
parent: 83b4a24384e62ed8cf91f51bf9a303f98017e13e (diff)
download: openssl-f0efeea29eca6e528a976f62ae2422eee34ea0eb.zip
openssl-f0efeea29eca6e528a976f62ae2422eee34ea0eb.tar.gz
openssl-f0efeea29eca6e528a976f62ae2422eee34ea0eb.tar.bz2
1 files changed, 49 insertions, 16 deletions
diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c
index 79177f9..3b515f9 100644
--- a/test/evp_kdf_test.c
+++ b/test/evp_kdf_test.c
@@ -74,24 +74,57 @@ static int test_kdf_pbkdf2(void)
 {
     int ret;
     EVP_KDF_CTX *kctx;
-    unsigned char out[32];
-    static const unsigned char expected[sizeof(out)] = {
-        0xae, 0x4d, 0x0c, 0x95, 0xaf, 0x6b, 0x46, 0xd3,
-        0x2d, 0x0a, 0xdf, 0xf9, 0x28, 0xf0, 0x6d, 0xd0,
-        0x2a, 0x30, 0x3f, 0x8e, 0xf3, 0xc2, 0x51, 0xdf,
-        0xd6, 0xe2, 0xd8, 0x5a, 0x95, 0x47, 0x4c, 0x43
+    unsigned char out[25];
+    size_t len = 0;
+    const unsigned char expected[sizeof(out)] = {
+        0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f,
+        0x32, 0xd8, 0x14, 0xb8, 0x11, 0x6e, 0x84, 0xcf,
+        0x2b, 0x17, 0x34, 0x7e, 0xbc, 0x18, 0x00, 0x18,
+        0x1c
     };
 
-    ret =
-        TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_PBKDF2))
-        && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password",
-                                    (size_t)8), 0)
-        && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt",
-                                    (size_t)4), 0)
-        && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 2), 0)
-        && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()), 0)
-        && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
-        && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
+    if (sizeof(len) > 32)
+        len = SIZE_MAX;
+
+    ret = TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_PBKDF2))
+          && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS,
+                                      "passwordPASSWORDpassword",
+                                      (size_t)24), 0)
+          && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT,
+                                      "saltSALTsaltSALTsaltSALTsaltSALTsalt",
+                                      (size_t)36), 0)
+          && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 4096), 0)
+          && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()),
+                         0)
+          && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE,
+                                            0), 0)
+          && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
+          && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected))
+          /* A key length that is too small should fail */
+          && TEST_int_eq(EVP_KDF_derive(kctx, out, 112 / 8 - 1), 0)
+          /* A key length that is too large should fail */
+          && (len == 0 || TEST_int_eq(EVP_KDF_derive(kctx, out, len), 0))
+          /* Salt length less than 128 bits should fail */
+          && TEST_int_eq(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT,
+                                      "123456781234567",
+                                      (size_t)15), 0)
+          /* A small iteration count should fail */
+          && TEST_int_eq(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 1), 0)
+          && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE,
+                                      1), 0)
+          /* Small salts will pass if the "pkcs5" mode is enabled */
+          && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT,
+                                      "123456781234567",
+                                      (size_t)15), 0)
+          /* A small iteration count will pass if "pkcs5" mode is enabled */
+          && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 1), 0)
+          /*
+           * If the "pkcs5" mode is disabled then the small salt and iter will
+           * fail when the derive gets called.
+           */
+          && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE,
+                                      0), 0)
+          && TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out)), 0);
 
     EVP_KDF_CTX_free(kctx);
     return ret;
author	Shane Lontis <shane.lontis@oracle.com>	2019-05-03 13:04:58 +1000
committer	Shane Lontis <shane.lontis@oracle.com>	2019-06-11 20:40:07 +1000
commit	f0efeea29eca6e528a976f62ae2422eee34ea0eb (patch)
tree	468ae2e94d4aaf2cd9bc2972d97f447117da68af /test/evp_kdf_test.c
parent	83b4a24384e62ed8cf91f51bf9a303f98017e13e (diff)
download	openssl-f0efeea29eca6e528a976f62ae2422eee34ea0eb.zip openssl-f0efeea29eca6e528a976f62ae2422eee34ea0eb.tar.gz openssl-f0efeea29eca6e528a976f62ae2422eee34ea0eb.tar.bz2