Use RFC 5869 test case for HKDF self-test

According to NIST SP 800-131Ar2 section 8, the length of the key-derivation key shall be at least 112 bits. Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#23833)
xnox · Apr 2, 2024 · 23fd48d · 23fd48d
1 parent 294782f
commit 23fd48d
Showing 1 changed file with 26 additions and 8 deletions.
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
@@ -267,21 +267,39 @@ static const ST_KAT_CIPHER st_kat_cipher_tests[] = {
 };
 
 static const char hkdf_digest[] = "SHA256";
-static const unsigned char hkdf_secret[] = { 's', 'e', 'c', 'r', 'e', 't' };
-static const unsigned char hkdf_salt[] = { 's', 'a', 'l', 't' };
-static const unsigned char hkdf_info[] = { 'l', 'a', 'b', 'e', 'l' };
-
+/*
+ * Input parameters and expected result are from RFC 5869 test case 1, which is
+ * with a key-derivation key >= 112 bits required by NIST SP 800-131Ar2
+ * section 8.
+ */
+static const unsigned char hkdf_secret[] = {
+    0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+    0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+    0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b
+};
+static const unsigned char hkdf_salt[] = {
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0a, 0x0b, 0x0c
+};
+static const unsigned char hkdf_info[] = {
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+    0xf8, 0xf9
+};
+static const unsigned char hkdf_expected[] = {
+    0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
+    0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
+    0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
+    0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
+    0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
+    0x58, 0x65
+};
 static const ST_KAT_PARAM hkdf_params[] = {
     ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, hkdf_digest),
     ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_KEY, hkdf_secret),
     ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_SALT, hkdf_salt),
     ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, hkdf_info),
     ST_KAT_PARAM_END()
 };
-static const unsigned char hkdf_expected[] = {
-    0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8,
-    0xde, 0x13
-};
 
 static const char sskdf_digest[] = "SHA224";
 static const unsigned char sskdf_secret[] = {