search

openssl / openssl

TLS/SSL and crypto library
https://www.openssl.org
Apache License 2.0
25.43k stars 10.06k forks source link

Not getting Expected output for tls13-kdf EXTRACT-ONLY testcase #24487

Open abasapax opened 3 months ago

abasapax commented 3 months ago

Tried to run the below example testcase from(https://github.com/openssl/openssl/blob/openssl-3.0/test/recipes/30-test_evp_data/evpkdf_tls13_kdf.txt) with "openssl kdf" command in openssl-3.0.13.

Example Testcase: KDF = TLS13-KDF Ctrl.mode = mode:EXTRACT_ONLY Ctrl.digest = digest:SHA2-256 Ctrl.key = hexkey:8e27fad32236cb11bb497eb878d636c3f1599f5ffdfae784cbf73e74746769d4 Ctrl.salt = hexsalt:153b6394a9c03cf3f5accc6e455a7693281138a1bcfa3803c26735dd1194d216 Ctrl.prefix = hexprefix:746c73313320 Ctrl.label = hexlabel:64657269766564 Output = cbb0740fd37e5eff32b76cf88511eb83fc9694da4130ca48de754c7f80f561bd

The Label passed in the below command includes "2 bytes for length of derived secret + 1 byte for length of combined prefix and label + bytes for the label itself + 1 byte length of hash + bytes for the hash itself". Note: Pre-extract of derive step uses hash of no messsage.

Output: ./openssl kdf -keylen 32 -kdfopt digest:SHA2-256 -kdfopt key:8e27fad32236cb11bb497eb878d636c3f1599f5ffdfae784cbf73e74746769d4 -kdfopt salt:153b6394a9c03cf3f5accc6e455a7693281138a1bcfa3803c26735dd1194d216 -kdfopt info:00200d746c733133206465726976656420e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HKDF A2:60:87:DA:58:CC:C1:AD:06:27:D9:3E:2A:A1:75:23:C8:69:A2:E8:A2:3D:79:73:A4:7C:6E:E9:C5:2A:5E:06

However the generated output(hex-encoded derived key) from a secret key, salt and info is not matching to the expected output as mentioned in the testcase. Could you please help us in resolving this issue?

slontis commented 1 month ago

This is how you reproduce the output (although I am not sure why you would want to), You had quite a few things not quite right (the main one being that the inputs are hex and you had them as strings). The following produces the expected output.

openssl kdf -keylen 32 -kdfopt digest:SHA2-256 -kdfopt mode:EXTRACT_ONLY -kdfopt hexkey:8e27fad32236cb11bb497eb878d636c3f1599f5ffdfae784cbf73e74746769d4 -kdfopt hexsalt:153b6394a9c03cf3f5accc6e455a7693281138a1bcfa3803c26735dd1194d216 -kdfopt hexprefix:746c73313320 -kdfopt hexlabel:64657269766564 TLS13-KDF

(Also not sure why you were trying to repo it using HKDF..)

The info related to the params is documented in doc/man7/EVP_KDF-TLS13-KDF.pod