Add FIPS indicator tests for KDFs

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23900)

test/evp_test.c

@@ -3691,6 +3691,7 @@ static int pkey_kdf_test_parse(EVP_TEST *t,
 
 static int pkey_kdf_test_run(EVP_TEST *t)
 {
+    int ret = 1;
     PKEY_KDF_DATA *expected = t->data;
     unsigned char *got = NULL;
     size_t got_len = 0;
@@ -3724,6 +3725,10 @@ static int pkey_kdf_test_run(EVP_TEST *t)
         t->err = "KDF_DERIVE_ERROR";
         goto err;
     }
+    if (!pkey_check_fips_approved(expected->ctx, t)) {
+        ret = 0;
+        goto err;
+    }
     if (!TEST_mem_eq(expected->output, expected->output_len, got, got_len)) {
         t->err = "KDF_MISMATCH";
         goto err;
@@ -3732,7 +3737,7 @@ static int pkey_kdf_test_run(EVP_TEST *t)
 
  err:
     OPENSSL_free(got);
-    return 1;
+    return ret;
 }
 
 static const EVP_TEST_METHOD pkey_kdf_test_method = {

test/recipes/30-test_evp_data/evpkdf_hkdf.txt

@@ -232,3 +232,26 @@ Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
 Ctrl.salt = hexsalt:000102030405060708090a0b0c
 Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9
 Result = KDF_CTRL_ERROR
+
+Title = FIPS indicator tests
+
+# Test that the key whose length is shorter than 112 bits is rejected
+FIPSversion = >=3.4.0
+KDF = HKDF
+Ctrl.digest = digest:SHA1
+Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b
+Ctrl.salt = hexsalt:000102030405060708090a0b0c
+Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9
+Result = KDF_DERIVE_ERROR
+
+# Test that the key whose length is shorter than 112 bits is reported as
+# unapproved
+FIPSversion = >=3.4.0
+KDF = HKDF
+Unapproved = 1
+Ctrl.key-check = key-check:0
+Ctrl.digest = digest:SHA1
+Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b
+Ctrl.salt = hexsalt:000102030405060708090a0b0c
+Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9
+Output = 085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896

test/recipes/30-test_evp_data/evpkdf_ss.txt

@@ -1151,3 +1151,24 @@ Ctrl.digest = digest:SHAKE-256
 Ctrl.hexsecret = hexsecret:d09a6b1a472f930db4f5e6b967900744
 Ctrl.hexinfo = hexinfo:b117255ab5f1b6b96fc434b0
 Result = KDF_CTRL_ERROR
+
+Title = FIPS indicator tests
+
+# Test that the key whose length is shorter than 112 bits is rejected
+FIPSversion = >=3.4.0
+KDF = SSKDF
+Ctrl.digest = digest:SHA1
+Ctrl.hexsecret = hexsecret:d7e6
+Ctrl.hexinfo = hexinfo:0bbe1fa8722023d7c3da4fff
+Result = KDF_DERIVE_ERROR
+
+# Test that the key whose length is shorter than 112 bits is reported as
+# unapproved
+FIPSversion = >=3.4.0
+KDF = SSKDF
+Unapproved = 1
+Ctrl.key-check = key-check:0
+Ctrl.digest = digest:SHA1
+Ctrl.hexsecret = hexsecret:d7e6
+Ctrl.hexinfo = hexinfo:0bbe1fa8722023d7c3da4fff
+Output = 31e798e9931b612a3ad1b9b1008faa8c

test/recipes/30-test_evp_data/evpkdf_ssh.txt

@@ -4910,3 +4910,26 @@ Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245
 Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245
 Ctrl.type = type:A
 Output = d37ea221cbcc026d95e8c10b7d28a1b41e4ec1b497bae0e4cdbc1446e5bd59e2
+
+# Test that the key whose length is shorter than 112 bits is rejected
+FIPSversion = >=3.4.0
+KDF = SSHKDF
+Ctrl.digest = digest:SHA1
+Ctrl.hexkey = hexkey:0102030405060708090a0b
+Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245
+Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245
+Ctrl.type = type:A
+Result = KDF_DERIVE_ERROR
+
+# Test that the key whose length is shorter than 112 bits is reported as
+# unapproved
+FIPSversion = >=3.4.0
+KDF = SSHKDF
+Unapproved = 1
+Ctrl.key-check = key-check:0
+Ctrl.digest = digest:SHA1
+Ctrl.hexkey = hexkey:0102030405060708090a0b
+Ctrl.hexxcghash = hexxcghash:a4ebd45934f56792b5112dcd75a1075fdc889245
+Ctrl.hexsession_id = hexsession_id:a4ebd45934f56792b5112dcd75a1075fdc889245
+Ctrl.type = type:A
+Output = 825b46b410c8b6ea

test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt

@@ -105,3 +105,27 @@ Ctrl.label = seed:extended master secret
 Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
 Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
 Output = 17be20a3b4cc05524d7de353b2f125537c23372144111b0367bda166fcfc09cf1c94909a408b986f53afbdc41d93ae09
+
+
+# Test that the key whose length is shorter than 112 bits is rejected
+FIPSversion = >=3.4.0
+KDF = TLS1-PRF
+Ctrl.digest = digest:SHA256
+Ctrl.Secret = hexsecret:0102030405060708090a0b
+Ctrl.label = seed:extended master secret
+Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
+Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
+Result = KDF_DERIVE_ERROR
+
+# Test that the key whose length is shorter than 112 bits is reported as
+# unapproved
+FIPSversion = >=3.4.0
+KDF = TLS1-PRF
+Unapproved = 1
+Ctrl.key-check = key-check:0
+Ctrl.digest = digest:SHA256
+Ctrl.Secret = hexsecret:0102030405060708090a0b
+Ctrl.label = seed:extended master secret
+Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
+Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
+Output = 8cb203c99a13871fd96cecd2770720df3c4ebd49e1cbc956fddb400f9c051fb69b63d7abb2f996f4e4d1ac0e9153f51b

test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt

@@ -4971,3 +4971,44 @@ Ctrl.mode = mode:EXTRACT_ONLY
 Ctrl.digest = digest:SHA512-256
 Ctrl.key = hexkey:f8af6aea2d397baf2948a25b2834200692cff17eee9165e4e27babee9edefd05
 Output = c8240b43113bb8bd211ee97c5145d389e8074f76eeeaac74eb55691062a436e4
+
+# Test that the key whose length is shorter than 112 bits is rejected
+FIPSversion = >=3.4.0
+KDF = TLS13-KDF
+Ctrl.mode = mode:EXTRACT_ONLY
+Ctrl.digest = digest:SHA2-256
+Ctrl.key = hexkey:0102030405060708090a0b
+Result = KDF_DERIVE_ERROR
+
+FIPSversion = >=3.4.0
+KDF = TLS13-KDF
+Ctrl.mode = mode:EXPAND_ONLY
+Ctrl.digest = digest:SHA2-256
+Ctrl.key = hexkey:0102030405060708090a0b
+Ctrl.data = hexdata:7c92f68bd5bf3638ea338a6494722e1b44127e1b7e8aad535f2322a644ff22b3
+Ctrl.prefix = hexprefix:746c73313320
+Ctrl.label = hexlabel:6320652074726166666963
+Result = KDF_DERIVE_ERROR
+
+# Test that the key whose length is shorter than 112 bits is reported as
+# unapproved
+FIPSversion = >=3.4.0
+KDF = TLS13-KDF
+Unapproved = 1
+Ctrl.key-check = key-check:0
+Ctrl.mode = mode:EXTRACT_ONLY
+Ctrl.digest = digest:SHA2-256
+Ctrl.key = hexkey:0102030405060708090a0b
+Output = ac5ae06e0f6bff82f6256f0fc9fb943554752ba0c93f42ee6499b99c9e5c24a8
+
+FIPSversion = >=3.4.0
+KDF = TLS13-KDF
+Unapproved = 1
+Ctrl.key-check = key-check:0
+Ctrl.mode = mode:EXPAND_ONLY
+Ctrl.digest = digest:SHA2-256
+Ctrl.key = hexkey:0b0b0b0b0b0b0b0b0b0b0b
+Ctrl.data = hexdata:7c92f68bd5bf3638ea338a6494722e1b44127e1b7e8aad535f2322a644ff22b3
+Ctrl.prefix = hexprefix:746c73313320
+Ctrl.label = hexlabel:6320652074726166666963
+Output = a8464234c7957b85460bf7abda8e20aa43b9e0944c02d76c1c28672619cf6978

test/recipes/30-test_evp_data/evpkdf_x963.txt

@@ -156,3 +156,22 @@ Ctrl.digest = digest:SHA1
 Ctrl.hexsecret = hexsecret:fd17198b89ab39c4ab5d7cca363b82f9fd7e23c3984dc8a2
 Ctrl.hexinfo = hexinfo:856a53f3e36a26bbc5792879f307cce2
 Output = 6e5fad865cb4a51c95209b16df0cc490bc2c9064405c5bccd4ee4832a531fbe7f10cb79e2eab6ab1149fbd5a23cfdabc41242269c9df22f628c4424333855b64e95e2d4fb8469c669f17176c07d103376b10b384ec5763d8b8c610409f19aca8eb31f9d85cc61a8d6d4a03d03e5a506b78d6847e93d295ee548c65afedd2efec
+
+# Test that the key whose length is shorter than 112 bits is rejected
+FIPSversion = >=3.4.0
+KDF = X963KDF
+Ctrl.digest = digest:SHA224
+Ctrl.hexsecret = hexsecret:0102030405060908090a0b
+Ctrl.hexinfo = hexinfo:0102030405060708090a0b0c0d0e0f10
+Result = KDF_DERIVE_ERROR
+
+# Test that the key whose length is shorter than 112 bits is reported as
+# unapproved
+FIPSversion = >=3.4.0
+KDF = X963KDF
+Unapproved = 1
+Ctrl.key-check = key-check:0
+Ctrl.digest = digest:SHA224
+Ctrl.hexsecret = hexsecret:0102030405060908090a0b
+Ctrl.hexinfo = hexinfo:0102030405060708090a0b0c0d0e0f10
+Output = cdbb95eaacfd7df6bee013777ad8cd39129db2b61be91d20bb4a0130deccbd265e1f81c5a7112a7ac463204bd354b47eea04b63404ed4a1d8a991d3c9e17ab22c6f8a23686f3fea364a1a2b22cb6210e99ec0ed24f27779f028f68239f12fc572b23694d4dc6063f602b4496cec6f2698f69b24bbffba7127d8a1c9a49c96a83

test/recipes/30-test_evp_data/evppkey_kdf_hkdf.txt

@@ -204,3 +204,26 @@ Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
 Ctrl.salt = hexsalt:000102030405060708090a0b0c
 Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9
 Result = PKEY_CTRL_ERROR
+
+Title = FIPS indicator tests
+
+# Test that the key whose length is shorter than 112 bits is rejected
+FIPSversion = >=3.4.0
+PKEYKDF = HKDF
+Ctrl.digest = digest:SHA1
+Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b
+Ctrl.salt = hexsalt:000102030405060708090a0b0c
+Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9
+Result = KDF_DERIVE_ERROR
+
+# Test that the key whose length is shorter than 112 bits is reported as
+# unapproved
+FIPSversion = >=3.4.0
+PKEYKDF = HKDF
+Unapproved = 1
+Ctrl.key-check = key-check:0
+Ctrl.digest = digest:SHA1
+Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b
+Ctrl.salt = hexsalt:000102030405060708090a0b0c
+Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9
+Output = 085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896

test/recipes/30-test_evp_data/evppkey_kdf_tls1_prf.txt

@@ -103,3 +103,26 @@ Ctrl.label = seed:extended master secret
 Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
 Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
 Output = 17be20a3b4cc05524d7de353b2f125537c23372144111b0367bda166fcfc09cf1c94909a408b986f53afbdc41d93ae09
+
+# Test that the key whose length is shorter than 112 bits is rejected
+FIPSversion = >=3.4.0
+PKEYKDF = TLS1-PRF
+Ctrl.digest = digest:SHA256
+Ctrl.Secret = hexsecret:0102030405060708090a0b
+Ctrl.label = seed:extended master secret
+Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
+Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
+Result = KDF_DERIVE_ERROR
+
+# Test that the key whose length is shorter than 112 bits is reported as
+# unapproved
+FIPSversion = >=3.4.0
+PKEYKDF = TLS1-PRF
+Unapproved = 1
+Ctrl.key-check = key-check:0
+Ctrl.digest = digest:SHA256
+Ctrl.Secret = hexsecret:0102030405060708090a0b
+Ctrl.label = seed:extended master secret
+Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
+Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
+Output = 8cb203c99a13871fd96cecd2770720df3c4ebd49e1cbc956fddb400f9c051fb69b63d7abb2f996f4e4d1ac0e9153f51b