diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2019-05-03 13:04:58 +1000 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2019-06-11 20:40:07 +1000 |
| commit | f0efeea29eca6e528a976f62ae2422eee34ea0eb (patch) | |
| tree | 468ae2e94d4aaf2cd9bc2972d97f447117da68af /test/recipes/20-test_kdf.t | |
| parent | 83b4a24384e62ed8cf91f51bf9a303f98017e13e (diff) | |
| download | openssl-new-f0efeea29eca6e528a976f62ae2422eee34ea0eb.tar.gz | |
PBKDF2 updates to conform to SP800-132
The existing code used PKCS5 specifications.
SP800-132 adds the following additional constraints for:
- the range of the key length.
- the minimum iteration count (1000 recommended).
- salt length (at least 128 bits).
These additional constraints may cause errors (in scrypt, and
some PKCS5 related test vectors). To disable the new
constraints use the new ctrl string "pkcs5".
For backwards compatability, the checks are only enabled by
default for fips mode.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8868)
Diffstat (limited to 'test/recipes/20-test_kdf.t')
| -rwxr-xr-x | test/recipes/20-test_kdf.t | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/test/recipes/20-test_kdf.t b/test/recipes/20-test_kdf.t index 0ea484e0cd..39fb485290 100755 --- a/test/recipes/20-test_kdf.t +++ b/test/recipes/20-test_kdf.t @@ -25,8 +25,8 @@ my @kdf_tests = ( { cmd => [qw{openssl kdf -keylen 10 -kdfopt digest:SHA256 -kdfopt key:secret -kdfopt salt:salt -kdfopt info:label HKDF}], expected => '2a:c4:36:9f:52:59:96:f8:de:13', desc => 'HKDF SHA256' }, - { cmd => [qw{openssl kdf -keylen 32 -kdfopt digest:SHA256 -kdfopt pass:password -kdfopt salt:salt -kdfopt iter:2 PBKDF2}], - expected => 'ae:4d:0c:95:af:6b:46:d3:2d:0a:df:f9:28:f0:6d:d0:2a:30:3f:8e:f3:c2:51:df:d6:e2:d8:5a:95:47:4c:43', + { cmd => [qw{openssl kdf -keylen 25 -kdfopt digest:SHA256 -kdfopt pass:passwordPASSWORDpassword -kdfopt salt:saltSALTsaltSALTsaltSALTsaltSALTsalt -kdfopt iter:4096 PBKDF2}], + expected => '34:8C:89:DB:CB:D3:2B:2F:32:D8:14:B8:11:6E:84:CF:2B:17:34:7E:BC:18:00:18:1C', desc => 'PBKDF2 SHA256'}, { cmd => [qw{openssl kdf -keylen 64 -kdfopt mac:KMAC128 -kdfopt maclen:20 -kdfopt hexkey:b74a149a161546f8c20b06ac4ed4 -kdfopt hexinfo:348a37a27ef1282f5f020dcc -kdfopt hexsalt:3638271ccd68a25dc24ecddd39ef3f89 SSKDF}], expected => 'e9:c1:84:53:a0:62:b5:3b:db:fc:bb:5a:34:bd:b8:e5:e7:07:ee:bb:5d:d1:34:42:43:d8:cf:c2:c2:e6:33:2f:91:bd:a5:86:f3:7d:e4:8a:65:d4:c5:14:fd:ef:aa:1e:67:54:f3:73:d2:38:e1:95:ae:15:7e:1d:e8:14:98:03', |