diff options
Diffstat (limited to 'providers')
-rw-r--r-- | providers/fips/self_test_data.inc | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc index 5895a31a5b..8bbe312149 100644 --- a/providers/fips/self_test_data.inc +++ b/providers/fips/self_test_data.inc @@ -354,19 +354,29 @@ static const ST_KAT_PARAM x963kdf_params[] = { }; static const char pbkdf2_digest[] = "SHA256"; +/* + * Input parameters from RFC 6070, vector 5 (because it is the only one with + * a salt >= 16 bytes, which NIST SP 800-132 section 5.1 requires). The + * expected output is taken from + * https://github.com/brycx/Test-Vector-Generation/blob/master/PBKDF2/pbkdf2-hmac-sha2-test-vectors.md, + * which ran these test vectors with SHA-256. + */ static const unsigned char pbkdf2_password[] = { - 0x70, 0x61, 0x73, 0x73, 0x00, 0x77, 0x6f, 0x72, - 0x64 + 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x50, 0x41, 0x53, 0x53, + 0x57, 0x4f, 0x52, 0x44, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64 }; static const unsigned char pbkdf2_salt[] = { - 0x73, 0x61, 0x00, 0x6c, 0x74 + 0x73, 0x61, 0x6c, 0x74, 0x53, 0x41, 0x4c, 0x54, 0x73, 0x61, 0x6c, 0x74, + 0x53, 0x41, 0x4c, 0x54, 0x73, 0x61, 0x6c, 0x74, 0x53, 0x41, 0x4c, 0x54, + 0x73, 0x61, 0x6c, 0x74, 0x53, 0x41, 0x4c, 0x54, 0x73, 0x61, 0x6c, 0x74 }; static const unsigned char pbkdf2_expected[] = { - 0x89, 0xb6, 0x9d, 0x05, 0x16, 0xf8, 0x29, 0x89, - 0x3c, 0x69, 0x62, 0x26, 0x65, 0x0a, 0x86, 0x87, + 0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f, 0x32, 0xd8, 0x14, 0xb8, + 0x11, 0x6e, 0x84, 0xcf, 0x2b, 0x17, 0x34, 0x7e, 0xbc, 0x18, 0x00, 0x18, + 0x1c }; static int pbkdf2_iterations = 4096; -static int pbkdf2_pkcs5 = 1; +static int pbkdf2_pkcs5 = 0; static const ST_KAT_PARAM pbkdf2_params[] = { ST_KAT_PARAM_UTF8STRING(OSSL_KDF_PARAM_DIGEST, pbkdf2_digest), ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_PASSWORD, pbkdf2_password), |