TclTLS
Check-in [4cc32676a2]
Login
HomeTimelineDownloadBrowse SourceBranchesTagsTicketsWiki
Overview
Comment:Added KDF test cases
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | crypto
Files: files | file ages | folders
SHA3-256: 4cc32676a2e4ec247859257dda142c82ab89a76f9c571649716e64725811ab0e
User & Date: bohagan on 2023-12-25 02:04:23
Other Links: branch diff | manifest | tags
Context
2023-12-25
03:58
Updated documentation to add KDF commands, list KDFs command, and list cipher/digest info attributes. check-in: 17448b5ea7 user: bohagan tags: crypto
02:04
Added KDF test cases check-in: 4cc32676a2 user: bohagan tags: crypto
2023-12-24
22:57
Moved common get cipher, digest, etc. functions to tlsUtil.c file. Renamed tlsKey.c to tlsKDF.c to better reflect contents. Standardized error messages. check-in: 94f8408d0d user: bohagan tags: crypto
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Modified generic/tlsUtil.c from [8f89b37f61] to [8602dbd8e8]. 

212
213
214
215
216
217
218




































219
220
221
222
223
224
225

	Tcl_SetObjResult(interp, Tcl_ObjPrintf("Salt too long. Must be <= %d bytes", max));
	return NULL;
    }
    return salt;
}

/*******************************************************************/





































/*
 *-------------------------------------------------------------------
 *
 * Util_GetInt --
 *
 *	Get integer value from TclObj








>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>








212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261

	Tcl_SetObjResult(interp, Tcl_ObjPrintf("Salt too long. Must be <= %d bytes", max));
	return NULL;
    }
    return salt;
}

/*******************************************************************/

/*
 *-------------------------------------------------------------------
 *
 * Util_GetBinaryArray --
 *
 *	Get binary array from TclObj
 *
 * Returns:
 *	Pointer to type or NULL, and size
 *
 * Side effects:
 *	None
 *
 *-------------------------------------------------------------------
 */
unsigned char *Util_GetBinaryArray(Tcl_Interp *interp, Tcl_Obj *dataObj, int *len, char *name, int min, int max, int no_null) {
    unsigned char *data = NULL;
    *len = 0;

    if (dataObj != NULL) {
	data = Tcl_GetByteArrayFromObj(dataObj, len);
    } else if (no_null) {
	Tcl_AppendResult(interp, "no ", name, (char *) NULL);
	return NULL;
    }

    if (*len < min) {
	Tcl_SetObjResult(interp, Tcl_ObjPrintf("Invalid length for \"%s\": must be >= %d", name, min));
	return NULL;
    } else if (max > 0 && *len > max) {
	Tcl_SetObjResult(interp, Tcl_ObjPrintf("Invalid length for \"%s\": must be <= %d", name, max));
	return NULL;
    }
    return data;
}

/*
 *-------------------------------------------------------------------
 *
 * Util_GetInt --
 *
 *	Get integer value from TclObj

Modified tests/digest.csv from [2969f7b1ad] to [c6f01eee03]. 

74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94

MD File,sha512,,,::tls::md -digest sha512 -file $test_file,,,d178e759dc59127071588d2fad173c06238d87e800a6403c0a30daa4faaf05d0e7ce04916afaa6a58a30cbeb597dacb01c62f9fb9d89bab9da630c699e4816f1,,,
MD File,md5 bin,,,binary encode hex [::tls::md -digest md5 -file $test_file -bin],,,962bf0803b4232ec23bd8427bb94ea09,,,
MD File,md5 hex,,,::tls::md -digest md5 -file $test_file -hex,,,962bf0803b4232ec23bd8427bb94ea09,,,
,,,,,,,,,,
command,# MD Error Cases,,,,,,,,,
MD Errors,Too few args,,,::tls::md,,,"wrong # args: should be ""::tls::md ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]""",,,1
MD Errors,Too many args,,,::tls::md too many command line args to pass the test without an error or failing,,,"wrong # args: should be ""::tls::md ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]""",,,1
MD Errors,Invalid digest,,,::tls::md bogus data,,,"Invalid digest ""bogus""",,,1
MD Errors,Invalid digest Arg,,,::tls::md -digest bogus -data data,,,"Invalid digest ""bogus""",,,1
MD Errors,No digest,,,::tls::md -hex -data value,,,No digest specified,,,1
MD Errors,Invalid option,,,::tls::md -digest sha256 -bogus value,,,"bad option ""-bogus"": must be -bin, -binary, -hex, -hexadecimal, -chan, -channel, -cipher, -command, -data, -digest, -file, -filename, -hash, -key, or -mac",,,1
MD Errors,Invalid file,,,::tls::md -digest sha256 -file bogus,,,"couldn't open ""bogus"": no such file or directory",,,1
MD Errors,Invalid channel,,,::tls::md -digest sha256 -channel bogus,,,"can not find channel named ""bogus""",,,1
MD Errors,No operation,,,::tls::md -digest sha256 -bin,,,"No operation specified: Use -channel, -command, -data, or -file option",,,1
,,,,,,,,,,
,,,,,,,,,,
command,# Test CMAC command,,,,,,,,,
command,"set test_cipher ""aes-128-cbc""",,,,,,,,,
command,"set test_key ""Example key 1234""",,,,,,,,,
CMAC,data,,,::tls::cmac -cipher $test_cipher -key $test_key -data $test_data,,,baf5c20f9973e2d606b14c7efdfe52fa,,,
CMAC,file,,,::tls::cmac -cipher $test_cipher -key $test_key -file $test_file,,,baf5c20f9973e2d606b14c7efdfe52fa,,,








|
|
|



|








74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94

MD File,sha512,,,::tls::md -digest sha512 -file $test_file,,,d178e759dc59127071588d2fad173c06238d87e800a6403c0a30daa4faaf05d0e7ce04916afaa6a58a30cbeb597dacb01c62f9fb9d89bab9da630c699e4816f1,,,
MD File,md5 bin,,,binary encode hex [::tls::md -digest md5 -file $test_file -bin],,,962bf0803b4232ec23bd8427bb94ea09,,,
MD File,md5 hex,,,::tls::md -digest md5 -file $test_file -hex,,,962bf0803b4232ec23bd8427bb94ea09,,,
,,,,,,,,,,
command,# MD Error Cases,,,,,,,,,
MD Errors,Too few args,,,::tls::md,,,"wrong # args: should be ""::tls::md ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]""",,,1
MD Errors,Too many args,,,::tls::md too many command line args to pass the test without an error or failing,,,"wrong # args: should be ""::tls::md ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]""",,,1
MD Errors,Invalid digest,,,::tls::md bogus data,,,"invalid digest ""bogus""",,,1
MD Errors,Invalid digest Arg,,,::tls::md -digest bogus -data data,,,"invalid digest ""bogus""",,,1
MD Errors,No digest,,,::tls::md -hex -data value,,,no digest,,,1
MD Errors,Invalid option,,,::tls::md -digest sha256 -bogus value,,,"bad option ""-bogus"": must be -bin, -binary, -hex, -hexadecimal, -chan, -channel, -cipher, -command, -data, -digest, -file, -filename, -hash, -key, or -mac",,,1
MD Errors,Invalid file,,,::tls::md -digest sha256 -file bogus,,,"couldn't open ""bogus"": no such file or directory",,,1
MD Errors,Invalid channel,,,::tls::md -digest sha256 -channel bogus,,,"can not find channel named ""bogus""",,,1
MD Errors,No operation,,,::tls::md -digest sha256 -bin,,,"No operation: Use -channel, -command, -data, or -file option",,,1
,,,,,,,,,,
,,,,,,,,,,
command,# Test CMAC command,,,,,,,,,
command,"set test_cipher ""aes-128-cbc""",,,,,,,,,
command,"set test_key ""Example key 1234""",,,,,,,,,
CMAC,data,,,::tls::cmac -cipher $test_cipher -key $test_key -data $test_data,,,baf5c20f9973e2d606b14c7efdfe52fa,,,
CMAC,file,,,::tls::cmac -cipher $test_cipher -key $test_key -file $test_file,,,baf5c20f9973e2d606b14c7efdfe52fa,,,

105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121

,,,,,,,,,,
command,# Test CMAC Shortcut,,,,,,,,,
CMAC Shortcut,data,,,::tls::cmac $test_cipher -key $test_key $test_data,,,baf5c20f9973e2d606b14c7efdfe52fa,,,
,,,,,,,,,,
command,# CMAC Error Cases,,,,,,,,,
CMAC Errors,Too few args,,,::tls::cmac,,,"wrong # args: should be ""::tls::cmac ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]""",,,1
CMAC Errors,Too many args,,,::tls::cmac too many command line args to pass the test without an error or failing,,,"wrong # args: should be ""::tls::cmac ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]""",,,1
CMAC Errors,No cipher,,,::tls::cmac -hex -data $test_data,,,No cipher specified,,,1
CMAC Errors,No key,,,::tls::cmac -cipher $test_cipher -data $test_data,,,No key specified,,,1
CMAC Errors,Invalid cipher,,,::tls::cmac -cipher bogus -data $test_data,,,"Invalid cipher ""bogus""",,,1
,,,,,,,,,,
,,,,,,,,,,
command,# Test HMAC command,,,,,,,,,
command,set test_digest md5,,,,,,,,,
command,"set test_key ""Example key""",,,,,,,,,
HMAC,data,,,::tls::hmac -digest $test_digest -key $test_key -data $test_data,,,f98327ef3e20ab6d388f676c6a79d93d,,,
HMAC,file,,,::tls::hmac -digest $test_digest -key $test_key -file $test_file,,,f98327ef3e20ab6d388f676c6a79d93d,,,








|
|
|








105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121

,,,,,,,,,,
command,# Test CMAC Shortcut,,,,,,,,,
CMAC Shortcut,data,,,::tls::cmac $test_cipher -key $test_key $test_data,,,baf5c20f9973e2d606b14c7efdfe52fa,,,
,,,,,,,,,,
command,# CMAC Error Cases,,,,,,,,,
CMAC Errors,Too few args,,,::tls::cmac,,,"wrong # args: should be ""::tls::cmac ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]""",,,1
CMAC Errors,Too many args,,,::tls::cmac too many command line args to pass the test without an error or failing,,,"wrong # args: should be ""::tls::cmac ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]""",,,1
CMAC Errors,No cipher,,,::tls::cmac -hex -data $test_data,,,no cipher,,,1
CMAC Errors,No key,,,::tls::cmac -cipher $test_cipher -data $test_data,,,no key,,,1
CMAC Errors,Invalid cipher,,,::tls::cmac -cipher bogus -data $test_data,,,"invalid cipher ""bogus""",,,1
,,,,,,,,,,
,,,,,,,,,,
command,# Test HMAC command,,,,,,,,,
command,set test_digest md5,,,,,,,,,
command,"set test_key ""Example key""",,,,,,,,,
HMAC,data,,,::tls::hmac -digest $test_digest -key $test_key -data $test_data,,,f98327ef3e20ab6d388f676c6a79d93d,,,
HMAC,file,,,::tls::hmac -digest $test_digest -key $test_key -file $test_file,,,f98327ef3e20ab6d388f676c6a79d93d,,,

132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164

,,,,,,,,,,
command,# Test HMAC Shortcut,,,,,,,,,
HMAC Shortcut,data,,,::tls::hmac $test_digest -key $test_key $test_data,,,f98327ef3e20ab6d388f676c6a79d93d,,,
,,,,,,,,,,
command,# HMAC Error Cases,,,,,,,,,
HMAC Errors,Too few args,,,::tls::hmac,,,"wrong # args: should be ""::tls::hmac ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]""",,,1
HMAC Errors,Too many args,,,::tls::hmac too many command line args to pass the test without an error or failing,,,"wrong # args: should be ""::tls::hmac ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]""",,,1
HMAC Errors,No digest,,,::tls::hmac -hex -data $test_data,,,No digest specified,,,1
HMAC Errors,No key,,,::tls::hmac -digest sha256 -data $test_data,,,No key specified,,,1
HMAC Errors,Invalid digest,,,::tls::md -digest bogus -key $test_key -data $test_data,,,"Invalid digest ""bogus""",,,1
,,,,,,,,,,
,,,,,,,,,,
command,# Test MAC command,,,,,,,,,
command,"set test_cipher ""aes-128-cbc""",,,,,,,,,
command,set test_digest sha256,,,,,,,,,
command,"set test_key ""Example key 1234""",,,,,,,,,
MAC,CMAC,,,::tls::mac -cipher $test_cipher -key $test_key -mac cmac -data $test_data,,,baf5c20f9973e2d606b14c7efdfe52fa,,,
MAC,HMAC,,,::tls::mac -digest $test_digest -key $test_key -mac hmac -data $test_data,,,676daf96370d0e3c5598557da38a9a810a4fbacbb2d10c67f6dfa83f10f48e96,,,
MAC,MD-CMAC,,,::tls::md -cipher $test_cipher -key $test_key -mac cmac -data $test_data,,,baf5c20f9973e2d606b14c7efdfe52fa,,,
MAC,MD-HMAC,,,::tls::md -digest $test_digest -key $test_key -mac hmac -data $test_data,,,676daf96370d0e3c5598557da38a9a810a4fbacbb2d10c67f6dfa83f10f48e96,,,
,,,,,,,,,,
command,# MAC Error Cases,,,,,,,,,
MAC Errors,Too few args,,,::tls::mac,,,"wrong # args: should be ""::tls::mac ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]""",,,1
MAC Errors,No mac,,,::tls::mac -key $test_key -data $test_data,,,No MAC specified,,,1
MAC Errors,No key,,,::tls::mac -mac hmac -data $test_data,,,No key specified,,,1
MAC Errors,Invalid MAC,,,::tls::mac -mac scrypt -key $test_key -data $test_data,,,"Invalid MAC ""scrypt""",,,1
MAC Errors,Too many args,,,::tls::mac too many command line args to pass the test without an error or failing,,,"wrong # args: should be ""::tls::mac ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]""",,,1
,,,,,,,,,,
,,,,,,,,,,
command,# RFC 1321 Message Digest 5,,,,,,,,,
RFC1321-MD5,TC1,,,"::tls::md -digest md5 -data """"",,,d41d8cd98f00b204e9800998ecf8427e,,,
RFC1321-MD5,TC2,,,"::tls::md -digest md5 -data ""a""",,,0cc175b9c0f1b6a831c399e269772661,,,
RFC1321-MD5,TC3,,,"::tls::md -digest md5 -data ""abc""",,,900150983cd24fb0d6963f7d28e17f72,,,








|
|
|













|
|
|








132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164

,,,,,,,,,,
command,# Test HMAC Shortcut,,,,,,,,,
HMAC Shortcut,data,,,::tls::hmac $test_digest -key $test_key $test_data,,,f98327ef3e20ab6d388f676c6a79d93d,,,
,,,,,,,,,,
command,# HMAC Error Cases,,,,,,,,,
HMAC Errors,Too few args,,,::tls::hmac,,,"wrong # args: should be ""::tls::hmac ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]""",,,1
HMAC Errors,Too many args,,,::tls::hmac too many command line args to pass the test without an error or failing,,,"wrong # args: should be ""::tls::hmac ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]""",,,1
HMAC Errors,No digest,,,::tls::hmac -hex -data $test_data,,,no digest,,,1
HMAC Errors,No key,,,::tls::hmac -digest sha256 -data $test_data,,,no key,,,1
HMAC Errors,Invalid digest,,,::tls::md -digest bogus -key $test_key -data $test_data,,,"invalid digest ""bogus""",,,1
,,,,,,,,,,
,,,,,,,,,,
command,# Test MAC command,,,,,,,,,
command,"set test_cipher ""aes-128-cbc""",,,,,,,,,
command,set test_digest sha256,,,,,,,,,
command,"set test_key ""Example key 1234""",,,,,,,,,
MAC,CMAC,,,::tls::mac -cipher $test_cipher -key $test_key -mac cmac -data $test_data,,,baf5c20f9973e2d606b14c7efdfe52fa,,,
MAC,HMAC,,,::tls::mac -digest $test_digest -key $test_key -mac hmac -data $test_data,,,676daf96370d0e3c5598557da38a9a810a4fbacbb2d10c67f6dfa83f10f48e96,,,
MAC,MD-CMAC,,,::tls::md -cipher $test_cipher -key $test_key -mac cmac -data $test_data,,,baf5c20f9973e2d606b14c7efdfe52fa,,,
MAC,MD-HMAC,,,::tls::md -digest $test_digest -key $test_key -mac hmac -data $test_data,,,676daf96370d0e3c5598557da38a9a810a4fbacbb2d10c67f6dfa83f10f48e96,,,
,,,,,,,,,,
command,# MAC Error Cases,,,,,,,,,
MAC Errors,Too few args,,,::tls::mac,,,"wrong # args: should be ""::tls::mac ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]""",,,1
MAC Errors,No mac,,,::tls::mac -key $test_key -data $test_data,,,no MAC,,,1
MAC Errors,No key,,,::tls::mac -mac hmac -digest $test_digest -data $test_data,,,no key,,,1
MAC Errors,Invalid MAC,,,::tls::mac -mac bogus -key $test_key -data $test_data,,,"invalid MAC ""bogus""",,,1
MAC Errors,Too many args,,,::tls::mac too many command line args to pass the test without an error or failing,,,"wrong # args: should be ""::tls::mac ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]""",,,1
,,,,,,,,,,
,,,,,,,,,,
command,# RFC 1321 Message Digest 5,,,,,,,,,
RFC1321-MD5,TC1,,,"::tls::md -digest md5 -data """"",,,d41d8cd98f00b204e9800998ecf8427e,,,
RFC1321-MD5,TC2,,,"::tls::md -digest md5 -data ""a""",,,0cc175b9c0f1b6a831c399e269772661,,,
RFC1321-MD5,TC3,,,"::tls::md -digest md5 -data ""abc""",,,900150983cd24fb0d6963f7d28e17f72,,,

Modified tests/digest.test from [c72f5245d1] to [7ee14183fa]. 

235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273


test MD_Errors-8.2 {Too many args} -body {
	::tls::md too many command line args to pass the test without an error or failing
    } -result {wrong # args: should be "::tls::md ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]"} -returnCodes {1}

test MD_Errors-8.3 {Invalid digest} -body {
	::tls::md bogus data
    } -result {Invalid digest "bogus"} -returnCodes {1}

test MD_Errors-8.4 {Invalid digest Arg} -body {
	::tls::md -digest bogus -data data
    } -result {Invalid digest "bogus"} -returnCodes {1}

test MD_Errors-8.5 {No digest} -body {
	::tls::md -hex -data value
    } -result {No digest specified} -returnCodes {1}

test MD_Errors-8.6 {Invalid option} -body {
	::tls::md -digest sha256 -bogus value
    } -result {bad option "-bogus": must be -bin, -binary, -hex, -hexadecimal, -chan, -channel, -cipher, -command, -data, -digest, -file, -filename, -hash, -key, or -mac} -returnCodes {1}

test MD_Errors-8.7 {Invalid file} -body {
	::tls::md -digest sha256 -file bogus
    } -result {couldn't open "bogus": no such file or directory} -returnCodes {1}

test MD_Errors-8.8 {Invalid channel} -body {
	::tls::md -digest sha256 -channel bogus
    } -result {can not find channel named "bogus"} -returnCodes {1}

test MD_Errors-8.9 {No operation} -body {
	::tls::md -digest sha256 -bin
    } -result {No operation specified: Use -channel, -command, -data, or -file option} -returnCodes {1}


# Test CMAC command
set test_cipher "aes-128-cbc"
set test_key "Example key 1234"










|



|



|















|








235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273


test MD_Errors-8.2 {Too many args} -body {
	::tls::md too many command line args to pass the test without an error or failing
    } -result {wrong # args: should be "::tls::md ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]"} -returnCodes {1}

test MD_Errors-8.3 {Invalid digest} -body {
	::tls::md bogus data
    } -result {invalid digest "bogus"} -returnCodes {1}

test MD_Errors-8.4 {Invalid digest Arg} -body {
	::tls::md -digest bogus -data data
    } -result {invalid digest "bogus"} -returnCodes {1}

test MD_Errors-8.5 {No digest} -body {
	::tls::md -hex -data value
    } -result {no digest} -returnCodes {1}

test MD_Errors-8.6 {Invalid option} -body {
	::tls::md -digest sha256 -bogus value
    } -result {bad option "-bogus": must be -bin, -binary, -hex, -hexadecimal, -chan, -channel, -cipher, -command, -data, -digest, -file, -filename, -hash, -key, or -mac} -returnCodes {1}

test MD_Errors-8.7 {Invalid file} -body {
	::tls::md -digest sha256 -file bogus
    } -result {couldn't open "bogus": no such file or directory} -returnCodes {1}

test MD_Errors-8.8 {Invalid channel} -body {
	::tls::md -digest sha256 -channel bogus
    } -result {can not find channel named "bogus"} -returnCodes {1}

test MD_Errors-8.9 {No operation} -body {
	::tls::md -digest sha256 -bin
    } -result {No operation: Use -channel, -command, -data, or -file option} -returnCodes {1}


# Test CMAC command
set test_cipher "aes-128-cbc"
set test_key "Example key 1234"



330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352


test CMAC_Errors-12.2 {Too many args} -body {
	::tls::cmac too many command line args to pass the test without an error or failing
    } -result {wrong # args: should be "::tls::cmac ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]"} -returnCodes {1}

test CMAC_Errors-12.3 {No cipher} -body {
	::tls::cmac -hex -data $test_data
    } -result {No cipher specified} -returnCodes {1}

test CMAC_Errors-12.4 {No key} -body {
	::tls::cmac -cipher $test_cipher -data $test_data
    } -result {No key specified} -returnCodes {1}

test CMAC_Errors-12.5 {Invalid cipher} -body {
	::tls::cmac -cipher bogus -data $test_data
    } -result {Invalid cipher "bogus"} -returnCodes {1}


# Test HMAC command
set test_digest md5
set test_key "Example key"










|



|



|








330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352


test CMAC_Errors-12.2 {Too many args} -body {
	::tls::cmac too many command line args to pass the test without an error or failing
    } -result {wrong # args: should be "::tls::cmac ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]"} -returnCodes {1}

test CMAC_Errors-12.3 {No cipher} -body {
	::tls::cmac -hex -data $test_data
    } -result {no cipher} -returnCodes {1}

test CMAC_Errors-12.4 {No key} -body {
	::tls::cmac -cipher $test_cipher -data $test_data
    } -result {no key} -returnCodes {1}

test CMAC_Errors-12.5 {Invalid cipher} -body {
	::tls::cmac -cipher bogus -data $test_data
    } -result {invalid cipher "bogus"} -returnCodes {1}


# Test HMAC command
set test_digest md5
set test_key "Example key"



409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431


test HMAC_Errors-16.2 {Too many args} -body {
	::tls::hmac too many command line args to pass the test without an error or failing
    } -result {wrong # args: should be "::tls::hmac ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]"} -returnCodes {1}

test HMAC_Errors-16.3 {No digest} -body {
	::tls::hmac -hex -data $test_data
    } -result {No digest specified} -returnCodes {1}

test HMAC_Errors-16.4 {No key} -body {
	::tls::hmac -digest sha256 -data $test_data
    } -result {No key specified} -returnCodes {1}

test HMAC_Errors-16.5 {Invalid digest} -body {
	::tls::md -digest bogus -key $test_key -data $test_data
    } -result {Invalid digest "bogus"} -returnCodes {1}


# Test MAC command
set test_cipher "aes-128-cbc"
set test_digest sha256
set test_key "Example key 1234"









|



|



|








409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431


test HMAC_Errors-16.2 {Too many args} -body {
	::tls::hmac too many command line args to pass the test without an error or failing
    } -result {wrong # args: should be "::tls::hmac ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]"} -returnCodes {1}

test HMAC_Errors-16.3 {No digest} -body {
	::tls::hmac -hex -data $test_data
    } -result {no digest} -returnCodes {1}

test HMAC_Errors-16.4 {No key} -body {
	::tls::hmac -digest sha256 -data $test_data
    } -result {no key} -returnCodes {1}

test HMAC_Errors-16.5 {Invalid digest} -body {
	::tls::md -digest bogus -key $test_key -data $test_data
    } -result {invalid digest "bogus"} -returnCodes {1}


# Test MAC command
set test_cipher "aes-128-cbc"
set test_digest sha256
set test_key "Example key 1234"


451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473


test MAC_Errors-18.1 {Too few args} -body {
	::tls::mac
    } -result {wrong # args: should be "::tls::mac ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]"} -returnCodes {1}

test MAC_Errors-18.2 {No mac} -body {
	::tls::mac -key $test_key -data $test_data
    } -result {No MAC specified} -returnCodes {1}

test MAC_Errors-18.3 {No key} -body {
	::tls::mac -mac hmac -data $test_data
    } -result {No key specified} -returnCodes {1}

test MAC_Errors-18.4 {Invalid MAC} -body {
	::tls::mac -mac scrypt -key $test_key -data $test_data
    } -result {Invalid MAC "scrypt"} -returnCodes {1}

test MAC_Errors-18.5 {Too many args} -body {
	::tls::mac too many command line args to pass the test without an error or failing
    } -result {wrong # args: should be "::tls::mac ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]"} -returnCodes {1}


# RFC 1321 Message Digest 5








|


|
|


|
|








451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473


test MAC_Errors-18.1 {Too few args} -body {
	::tls::mac
    } -result {wrong # args: should be "::tls::mac ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]"} -returnCodes {1}

test MAC_Errors-18.2 {No mac} -body {
	::tls::mac -key $test_key -data $test_data
    } -result {no MAC} -returnCodes {1}

test MAC_Errors-18.3 {No key} -body {
	::tls::mac -mac hmac -digest $test_digest -data $test_data
    } -result {no key} -returnCodes {1}

test MAC_Errors-18.4 {Invalid MAC} -body {
	::tls::mac -mac bogus -key $test_key -data $test_data
    } -result {invalid MAC "bogus"} -returnCodes {1}

test MAC_Errors-18.5 {Too many args} -body {
	::tls::mac too many command line args to pass the test without an error or failing
    } -result {wrong # args: should be "::tls::mac ?-bin|-hex? ?-cipher name? ?-digest name? ?-key key? ?-mac name? [-channel chan | -command cmdName | -file filename | ?-data? data]"} -returnCodes {1}


# RFC 1321 Message Digest 5

Modified tests/info.csv from [a605570f7c] to [fa6b9dae2b]. 

52
53
54
55
56
57
58
59
60
61
62
63
64
65
66

Ciphers Errors,SSL3,!ssl3,,::tls::ciphers ssl3,,,ssl3: protocol not supported,,,1
Ciphers Errors,TLS1.0,!tls1,,::tls::ciphers tls1,,,tls1: protocol not supported,,,1
Ciphers Errors,TLS1.1,!tls1.1,,::tls::ciphers tls1.1,,,tls1.0: protocol not supported,,,1
Ciphers Errors,TLS1.2,!tls1.2,,::tls::ciphers tls1.2,,,tls1.1: protocol not supported,,,1
Ciphers Errors,TLS1.3,!tls1.3,,::tls::ciphers tls1.3,,,tls1.3: protocol not supported,,,1
,,,,,,,,,,
command,# Test Cipher Info,,,,,,,,,
Cipher Info,AES-256-CCM,,,tls::cipher aes-256-ccm,,,nid aes-256-ccm name id-aes256-CCM description {} block_size 1 key_length 32 iv_length 12 type aes-256-ccm provider {} mode CCM flags {{Variable Length} 0 {Always Call Init} 1 {Custom IV} 1 {Control Init} 1 {Custom Cipher} 1 {AEAD Cipher} 1 {Custom Copy} 1 {Non FIPS Allow} 0},,,
,,,,,,,,,,
command,# Test list digests,,,,,,,,,
Digests List,All,,,lcompare [lsort [exec_get_digests]] [lsort [tls::digests]],,,missing {} unexpected {},,,
,,,,,,,,,,
command,# Test Digest Info,,,,,,,,,
Digest Info,md5,,,tls::digests md5,,,name MD5 description {} size 16 block_size 64 provider {} type md5 pkey_type md5WithRSAEncryption flags {One-shot 0 XOF 0 DigestAlgorithmId_NULL 0 DigestAlgorithmId_Abscent 0 DigestAlgorithmId_Custom 0 FIPS 0},,,
,,,,,,,,,,








|








52
53
54
55
56
57
58
59
60
61
62
63
64
65
66

Ciphers Errors,SSL3,!ssl3,,::tls::ciphers ssl3,,,ssl3: protocol not supported,,,1
Ciphers Errors,TLS1.0,!tls1,,::tls::ciphers tls1,,,tls1: protocol not supported,,,1
Ciphers Errors,TLS1.1,!tls1.1,,::tls::ciphers tls1.1,,,tls1.0: protocol not supported,,,1
Ciphers Errors,TLS1.2,!tls1.2,,::tls::ciphers tls1.2,,,tls1.1: protocol not supported,,,1
Ciphers Errors,TLS1.3,!tls1.3,,::tls::ciphers tls1.3,,,tls1.3: protocol not supported,,,1
,,,,,,,,,,
command,# Test Cipher Info,,,,,,,,,
Cipher Info,AES-256-CCM,,,tls::cipher aes-256-ccm,,,nid aes-256-ccm name id-aes256-CCM description {} block_size 1 key_length 32 iv_length 12 type aes-256-ccm provider {} mode CCM flags {{Variable Length} 0 {Always Call Init} 1 {Custom IV} 1 {Control Init} 1 {Custom Cipher} 1 {AEAD Cipher} 1 {Custom Copy} 1 {Non FIPS Allow} 0} tag_length 16 aad_length 13,,,
,,,,,,,,,,
command,# Test list digests,,,,,,,,,
Digests List,All,,,lcompare [lsort [exec_get_digests]] [lsort [tls::digests]],,,missing {} unexpected {},,,
,,,,,,,,,,
command,# Test Digest Info,,,,,,,,,
Digest Info,md5,,,tls::digests md5,,,name MD5 description {} size 16 block_size 64 provider {} type md5 pkey_type md5WithRSAEncryption flags {One-shot 0 XOF 0 DigestAlgorithmId_NULL 0 DigestAlgorithmId_Abscent 0 DigestAlgorithmId_Custom 0 FIPS 0},,,
,,,,,,,,,,

74
75
76
77
78
79
80
81
82
83
84
85
86
87

Protocols,All,,,lcompare $::protocols [::tls::protocols],,,missing {ssl2 ssl3} unexpected {},,,
,,,,,,,,,,
command,# Test show version,,,,,,,,,
Version,All,,,::tls::version,,glob,*,,,
Version,OpenSSL,OpenSSL,,::tls::version,,glob,OpenSSL*,,,
,,,,,,,,,,
command,# Error Cases,,,,,,,,,
Error Cases,Cipher Too few args,,,::tls::cipher,,,"wrong # args: should be ""::tls::cipher ?name?""",,,1
Error Cases,Cipher Too many args,,,::tls::cipher too many args,,,"wrong # args: should be ""::tls::cipher ?name?""",,,1
Error Cases,Digests Too many args,,,::tls::digests too many args,,,"wrong # args: should be ""::tls::digests ?name?""",,,1
Error Cases,MACs Too many args,,,::tls::macs too many args,,,"wrong # args: should be ""::tls::macs ?name?""",,,1
Error Cases,Pkeys Too many args,,,::tls::pkeys too many args,,,"wrong # args: should be ""::tls::pkeys ?name?""",,,1
Error Cases,Protocols Too many args,,,::tls::protocols too many args,,,"wrong # args: should be ""::tls::protocols""",,,1
Error Cases,Version Too many args,,,::tls::version too many args,,,"wrong # args: should be ""::tls::version""",,,1








<







74
75
76
77
78
79
80

81
82
83
84
85
86

Protocols,All,,,lcompare $::protocols [::tls::protocols],,,missing {ssl2 ssl3} unexpected {},,,
,,,,,,,,,,
command,# Test show version,,,,,,,,,
Version,All,,,::tls::version,,glob,*,,,
Version,OpenSSL,OpenSSL,,::tls::version,,glob,OpenSSL*,,,
,,,,,,,,,,
command,# Error Cases,,,,,,,,,

Error Cases,Cipher Too many args,,,::tls::cipher too many args,,,"wrong # args: should be ""::tls::cipher ?name?""",,,1
Error Cases,Digests Too many args,,,::tls::digests too many args,,,"wrong # args: should be ""::tls::digests ?name?""",,,1
Error Cases,MACs Too many args,,,::tls::macs too many args,,,"wrong # args: should be ""::tls::macs ?name?""",,,1
Error Cases,Pkeys Too many args,,,::tls::pkeys too many args,,,"wrong # args: should be ""::tls::pkeys ?name?""",,,1
Error Cases,Protocols Too many args,,,::tls::protocols too many args,,,"wrong # args: should be ""::tls::protocols""",,,1
Error Cases,Version Too many args,,,::tls::version too many args,,,"wrong # args: should be ""::tls::version""",,,1

Modified tests/info.test from [421d0bdeb4] to [f5b53d50c6]. 

157
158
159
160
161
162
163
164
165
166
167
168
169
170
171

    } -result {tls1.3: protocol not supported} -returnCodes {1}

# Test Cipher Info


test Cipher_Info-6.1 {AES-256-CCM} -body {
	tls::cipher aes-256-ccm
    } -result {nid aes-256-ccm name id-aes256-CCM description {} block_size 1 key_length 32 iv_length 12 type aes-256-ccm provider {} mode CCM flags {{Variable Length} 0 {Always Call Init} 1 {Custom IV} 1 {Control Init} 1 {Custom Cipher} 1 {AEAD Cipher} 1 {Custom Copy} 1 {Non FIPS Allow} 0}}

# Test list digests


test Digests_List-7.1 {All} -body {
	lcompare [lsort [exec_get_digests]] [lsort [tls::digests]]
    } -result {missing {} unexpected {}}








|








157
158
159
160
161
162
163
164
165
166
167
168
169
170
171

    } -result {tls1.3: protocol not supported} -returnCodes {1}

# Test Cipher Info


test Cipher_Info-6.1 {AES-256-CCM} -body {
	tls::cipher aes-256-ccm
    } -result {nid aes-256-ccm name id-aes256-CCM description {} block_size 1 key_length 32 iv_length 12 type aes-256-ccm provider {} mode CCM flags {{Variable Length} 0 {Always Call Init} 1 {Custom IV} 1 {Control Init} 1 {Custom Cipher} 1 {AEAD Cipher} 1 {Custom Copy} 1 {Non FIPS Allow} 0} tag_length 16 aad_length 13}

# Test list digests


test Digests_List-7.1 {All} -body {
	lcompare [lsort [exec_get_digests]] [lsort [tls::digests]]
    } -result {missing {} unexpected {}}

208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245

test Version-12.2 {OpenSSL} -constraints {OpenSSL} -body {
	::tls::version
    } -match {glob} -result {OpenSSL*}

# Error Cases


test Error_Cases-13.1 {Cipher Too few args} -body {
	::tls::cipher
    } -result {wrong # args: should be "::tls::cipher ?name?"} -returnCodes {1}

test Error_Cases-13.2 {Cipher Too many args} -body {
	::tls::cipher too many args
    } -result {wrong # args: should be "::tls::cipher ?name?"} -returnCodes {1}

test Error_Cases-13.3 {Digests Too many args} -body {
	::tls::digests too many args
    } -result {wrong # args: should be "::tls::digests ?name?"} -returnCodes {1}

test Error_Cases-13.4 {MACs Too many args} -body {
	::tls::macs too many args
    } -result {wrong # args: should be "::tls::macs ?name?"} -returnCodes {1}

test Error_Cases-13.5 {Pkeys Too many args} -body {
	::tls::pkeys too many args
    } -result {wrong # args: should be "::tls::pkeys ?name?"} -returnCodes {1}

test Error_Cases-13.6 {Protocols Too many args} -body {
	::tls::protocols too many args
    } -result {wrong # args: should be "::tls::protocols"} -returnCodes {1}

test Error_Cases-13.7 {Version Too many args} -body {
	::tls::version too many args
    } -result {wrong # args: should be "::tls::version"} -returnCodes {1}

# Cleanup
::tcltest::cleanupTests
return








|
<
<
<
<



|



|



|



|



|







208
209
210
211
212
213
214
215




216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241

test Version-12.2 {OpenSSL} -constraints {OpenSSL} -body {
	::tls::version
    } -match {glob} -result {OpenSSL*}

# Error Cases


test Error_Cases-13.1 {Cipher Too many args} -body {




	::tls::cipher too many args
    } -result {wrong # args: should be "::tls::cipher ?name?"} -returnCodes {1}

test Error_Cases-13.2 {Digests Too many args} -body {
	::tls::digests too many args
    } -result {wrong # args: should be "::tls::digests ?name?"} -returnCodes {1}

test Error_Cases-13.3 {MACs Too many args} -body {
	::tls::macs too many args
    } -result {wrong # args: should be "::tls::macs ?name?"} -returnCodes {1}

test Error_Cases-13.4 {Pkeys Too many args} -body {
	::tls::pkeys too many args
    } -result {wrong # args: should be "::tls::pkeys ?name?"} -returnCodes {1}

test Error_Cases-13.5 {Protocols Too many args} -body {
	::tls::protocols too many args
    } -result {wrong # args: should be "::tls::protocols"} -returnCodes {1}

test Error_Cases-13.6 {Version Too many args} -body {
	::tls::version too many args
    } -result {wrong # args: should be "::tls::version"} -returnCodes {1}

# Cleanup
::tcltest::cleanupTests
return

Added tests/kdf.csv version [ecd5209032]. 



































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80

# Group,Name,Constraints,Setup,Body,Cleanup,Match,Result,Output,Error Output,Return Codes
command,package require tls,,,,,,,,,
,,,,,,,,,,
command,# PBKDF2 Error Cases,,,,,,,,,
PBKDF2 Errors,Too few args,,,::tls::pbkdf2,,,"wrong # args: should be ""::tls::pbkdf2 [-cipher cipher | -size length] -digest digest ?-iterations count? ?-password string? ?-salt string?""",,,1
PBKDF2 Errors,Too many args,,,::tls::pbkdf2 too many command line args to pass the test without an error or failing,,,"wrong # args: should be ""::tls::pbkdf2 [-cipher cipher | -size length] -digest digest ?-iterations count? ?-password string? ?-salt string?""",,,1
PBKDF2 Errors,Invalid cipher,,,::tls::pbkdf2 -digest sha256 -password key -cipher bogus,,,"invalid cipher ""bogus""",,,1
PBKDF2 Errors,Invalid digest,,,::tls::pbkdf2 -digest bogus -password key,,,"invalid digest ""bogus""",,,1
PBKDF2 Errors,Invalid iterations,,,::tls::pbkdf2 -digest sha256 -password key -iterations -1,,,"invalid value ""-1"" for option ""iterations"": must be >= 1",,,1
PBKDF2 Errors,No password value,,,::tls::pbkdf2 -digest sha256 -password,,,"No value for option ""-password""",,,1
PBKDF2 Errors,No salt value,,,::tls::pbkdf2 -digest sha256 -password key -salt,,,"No value for option ""-salt""",,,1
PBKDF2 Errors,Invalid size,,,::tls::pbkdf2 -digest sha256 -password key -size 0,,,"invalid value ""0"" for option ""-size"": must be >= 1",,,1
PBKDF2 Errors,Too big size,,,::tls::pbkdf2 -digest sha256 -password key -size 400,,,"invalid value ""400"" for option ""-size"": must be <= 320",,,1
,,,,,,,,,,
command,# HKDF Error Cases,,,,,,,,,
HKDF Errors,Too few args,,,::tls::hkdf,,,"wrong # args: should be ""::tls::hkdf -digest digest -key string ?-info string? ?-salt string? ?-size derived_length?""",,,1
HKDF Errors,Too many args,,,::tls::hkdf too many command line args to pass the test without an error or failing,,,"wrong # args: should be ""::tls::hkdf -digest digest -key string ?-info string? ?-salt string? ?-size derived_length?""",,,1
HKDF Errors,No digest,,,::tls::hkdf -key key -key key,,,no digest,,,1
HKDF Errors,No key,,,::tls::hkdf -digest sha256 -digest sha256,,,no key,,,1
HKDF Errors,No info value,,,::tls::hkdf -digest sha256 -key key -info,,,"No value for option ""-info""",,,1
HKDF Errors,No salt value,,,::tls::hkdf -digest sha256 -password key -salt,,,"No value for option ""-salt""",,,1
HKDF Errors,Invalid size,,,::tls::hkdf -digest sha256 -password key -size 0,,,"invalid value ""0"" for option ""-size"": must be >= 1",,,1
HKDF Errors,Too big size,,,::tls::hkdf -digest sha256 -password key -size 8161,,,"""Key derivation failed: """,,,1
,,,,,,,,,,
command,# Scrypt Error Cases,,,,,,,,,
Scrypt Errors,Too few args,,,::tls::scrypt,,,"wrong # args: should be ""::tls::scrypt -password string -salt string ?-N costParameter? ?-r blockSize? ?-p parallelization? ?-size derived_length?""",,,1
Scrypt Errors,Too many args,,,::tls::scrypt too many command line args to pass the test without an error or failing,,,"wrong # args: should be ""::tls::scrypt -password string -salt string ?-N costParameter? ?-r blockSize? ?-p parallelization? ?-size derived_length?""",,,1
Scrypt Errors,No password value,,,::tls::scrypt -salt salt -salt salt,,,no password,,,1
Scrypt Errors,No salt value,,,::tls::scrypt -password key -password key,,,no salt,,,1
Scrypt Errors,Invalid size,,,::tls::scrypt -password key -salt salt -size 0,,,"invalid value ""0"" for option ""-size"": must be >= 1",,,1
Scrypt Errors,Invalid N costParameter,knownIgnored,,::tls::scrypt -password key -salt salt -N 0,,,,,,1
Scrypt Errors,Invalid r blockSize,knownIgnored,,::tls::scrypt -password key -salt salt -r 0,,,,,,1
Scrypt Errors,Invalid p parallelization,knownIgnored,,::tls::scrypt -password key -salt salt -p 0,,,,,,1
,,,,,,,,,,
command,set digest sha1,,,,,,,,,
command,"set P ""password""",,,,,,,,,
command,"set S ""salt""",,,,,,,,,
command,set dkLen 20,,,,,,,,,
,,,,,,,,,,
command,# PBKDF2 RFC 6070,,,,,,,,,
PBKDF2 RFC 6070,Test Case 1,,,binary encode hex [::tls::pbkdf2 -digest $digest -password $P -salt $S -iterations 1 -size $dkLen],,,0c60c80f961f0e71f3a9b524af6012062fe037a6,,,
PBKDF2 RFC 6070,Test Case 2,,,binary encode hex [::tls::pbkdf2 -digest $digest -password $P -salt $S -iterations 2 -size $dkLen],,,ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957,,,
PBKDF2 RFC 6070,Test Case 3,,,binary encode hex [::tls::pbkdf2 -digest $digest -password $P -salt $S -iterations 4096 -size $dkLen],,,4b007901b765489abead49d926f721d065a429c1,,,
PBKDF2 RFC 6070,Test Case 4,,,binary encode hex [::tls::pbkdf2 -digest $digest -password $P -salt $S -iterations 16777216 -size $dkLen],,,eefe3d61cd4da4e4e9945b3d6ba2158c2634e984,,,
,,,,,,,,,,
command,set digest sha1,,,,,,,,,
command,set key [binary decode hex 0b0b0b0b0b0b0b0b0b0b0b],,,,,,,,,
command,set salt [binary decode hex 000102030405060708090a0b0c],,,,,,,,,
command,set info [binary decode hex f0f1f2f3f4f5f6f7f8f9],,,,,,,,,
command,set size 42,,,,,,,,,
,,,,,,,,,,
command,# HKDF RFC 6234,,,,,,,,,
HKDF RFC 6234,"A.4.  Test Case 4, Basic test case with SHA-1",,,binary encode hex [::tls::hkdf -digest $digest -password $key -salt $salt -info $info -size $size],,,085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896,,,
,,,,,,,,,,
command,set key [binary decode hex 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f],,,,,,,,,
command,set salt [binary decode hex 606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf],,,,,,,,,
command,set info [binary decode hex b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff],,,,,,,,,
command,set size 82,,,,,,,,,
,,,,,,,,,,
HKDF RFC 6234,"A.5.  Test Case 5, Test with SHA-1 and longer inputs/outputs",,,binary encode hex [::tls::hkdf -digest $digest -password $key -salt $salt -info $info -size $size],,,0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4,,,
,,,,,,,,,,
command,set key [binary decode hex 0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b],,,,,,,,,
command,"set salt """"",,,,,,,,,
command,"set info """"",,,,,,,,,
command,set size 42,,,,,,,,,
,,,,,,,,,,
HKDF RFC 6234,"A.6.  Test Case 6, Test with SHA-1 and zero-length salt/info",,,binary encode hex [::tls::hkdf -digest $digest -password $key -salt $salt -info $info -size $size],,,0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918,,,
,,,,,,,,,,
command,set key [binary decode hex 0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c],,,,,,,,,
command,"set salt """"",,,,,,,,,
command,"set info """"",,,,,,,,,
command,set size 42,,,,,,,,,
,,,,,,,,,,
HKDF RFC 6234,"A.7.  Test Case 7, Test with SHA-1, salt not provided (defaults to HashLen zero octets), zero-length info",,,binary encode hex [::tls::hkdf -digest $digest -password $key -salt $salt -info $info -size $size],,,2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48,,,
,,,,,,,,,,
command,# Scrypt RFC 7914,,,,,,,,,
Scrypt RFC 7914,Test Case 1,,,"binary encode hex [::tls::scrypt -password """" -salt """" -N 16 -r 1 -p 1 -size 64]",,,77d6576238657b203b19ca42c18a0497f16b4844e3074ae8dfdffa3fede21442fcd0069ded0948f8326a753a0fc81f17e8d3e0fb2e0d3628cf35e20c38d18906,,,
Scrypt RFC 7914,Test Case 2,,,"binary encode hex [::tls::scrypt -password ""password"" -salt ""NaCl"" -N 1024 -r 8 -p 16 -size 64]",,,fdbabe1c9d3472007856e7190d01e9fe7c6ad7cbc8237830e77376634b3731622eaf30d92e22a3886ff109279d9830dac727afb94a83ee6d8360cbdfa2cc0640,,,
Scrypt RFC 7914,Test Case 3,,,"binary encode hex [::tls::scrypt -password ""pleaseletmein"" -salt ""SodiumChloride"" -N 16384 -r 8 -p 1 -size 64]",,,7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b543f6545da1f2d5432955613f0fcf62d49705242a9af9e61e85dc0d651e40dfcf017b45575887,,,
Scrypt RFC 7914,Test Case 4,,,"binary encode hex [::tls::scrypt -password ""pleaseletmein"" -salt ""SodiumChloride"" -N 1048576 -r 8 -p 1 -size 64]",,,2101cb9b6a511aaeaddbbe09cf70f881ec568d574a2ffd4dabe5ee9820adaa478e56fd8f4ba5d09ffa1c6d927c40f4c337304049e8a952fbcbf45c6fa77a41a4,,,

Added tests/kdf.test version [e9cb54f939]. 







































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210

# Auto generated test cases for kdf.csv

# Load Tcl Test package
if {[lsearch [namespace children] ::tcltest] == -1} {
	package require tcltest
	namespace import ::tcltest::*
}

set auto_path [concat [list [file dirname [file dirname [info script]]]] $auto_path]

package require tls

# PBKDF2 Error Cases


test PBKDF2_Errors-1.1 {Too few args} -body {
	::tls::pbkdf2
    } -result {wrong # args: should be "::tls::pbkdf2 [-cipher cipher | -size length] -digest digest ?-iterations count? ?-password string? ?-salt string?"} -returnCodes {1}

test PBKDF2_Errors-1.2 {Too many args} -body {
	::tls::pbkdf2 too many command line args to pass the test without an error or failing
    } -result {wrong # args: should be "::tls::pbkdf2 [-cipher cipher | -size length] -digest digest ?-iterations count? ?-password string? ?-salt string?"} -returnCodes {1}

test PBKDF2_Errors-1.3 {Invalid cipher} -body {
	::tls::pbkdf2 -digest sha256 -password key -cipher bogus
    } -result {invalid cipher "bogus"} -returnCodes {1}

test PBKDF2_Errors-1.4 {Invalid digest} -body {
	::tls::pbkdf2 -digest bogus -password key
    } -result {invalid digest "bogus"} -returnCodes {1}

test PBKDF2_Errors-1.5 {Invalid iterations} -body {
	::tls::pbkdf2 -digest sha256 -password key -iterations -1
    } -result {invalid value "-1" for option "iterations": must be >= 1} -returnCodes {1}

test PBKDF2_Errors-1.6 {No password value} -body {
	::tls::pbkdf2 -digest sha256 -password
    } -result {No value for option "-password"} -returnCodes {1}

test PBKDF2_Errors-1.7 {No salt value} -body {
	::tls::pbkdf2 -digest sha256 -password key -salt
    } -result {No value for option "-salt"} -returnCodes {1}

test PBKDF2_Errors-1.8 {Invalid size} -body {
	::tls::pbkdf2 -digest sha256 -password key -size 0
    } -result {invalid value "0" for option "-size": must be >= 1} -returnCodes {1}

test PBKDF2_Errors-1.9 {Too big size} -body {
	::tls::pbkdf2 -digest sha256 -password key -size 400
    } -result {invalid value "400" for option "-size": must be <= 320} -returnCodes {1}

# HKDF Error Cases


test HKDF_Errors-2.1 {Too few args} -body {
	::tls::hkdf
    } -result {wrong # args: should be "::tls::hkdf -digest digest -key string ?-info string? ?-salt string? ?-size derived_length?"} -returnCodes {1}

test HKDF_Errors-2.2 {Too many args} -body {
	::tls::hkdf too many command line args to pass the test without an error or failing
    } -result {wrong # args: should be "::tls::hkdf -digest digest -key string ?-info string? ?-salt string? ?-size derived_length?"} -returnCodes {1}

test HKDF_Errors-2.3 {No digest} -body {
	::tls::hkdf -key key -key key
    } -result {no digest} -returnCodes {1}

test HKDF_Errors-2.4 {No key} -body {
	::tls::hkdf -digest sha256 -digest sha256
    } -result {no key} -returnCodes {1}

test HKDF_Errors-2.5 {No info value} -body {
	::tls::hkdf -digest sha256 -key key -info
    } -result {No value for option "-info"} -returnCodes {1}

test HKDF_Errors-2.6 {No salt value} -body {
	::tls::hkdf -digest sha256 -password key -salt
    } -result {No value for option "-salt"} -returnCodes {1}

test HKDF_Errors-2.7 {Invalid size} -body {
	::tls::hkdf -digest sha256 -password key -size 0
    } -result {invalid value "0" for option "-size": must be >= 1} -returnCodes {1}

test HKDF_Errors-2.8 {Too big size} -body {
	::tls::hkdf -digest sha256 -password key -size 8161
    } -result "Key derivation failed: " -returnCodes {1}

# Scrypt Error Cases


test Scrypt_Errors-3.1 {Too few args} -body {
	::tls::scrypt
    } -result {wrong # args: should be "::tls::scrypt -password string -salt string ?-N costParameter? ?-r blockSize? ?-p parallelization? ?-size derived_length?"} -returnCodes {1}

test Scrypt_Errors-3.2 {Too many args} -body {
	::tls::scrypt too many command line args to pass the test without an error or failing
    } -result {wrong # args: should be "::tls::scrypt -password string -salt string ?-N costParameter? ?-r blockSize? ?-p parallelization? ?-size derived_length?"} -returnCodes {1}

test Scrypt_Errors-3.3 {No password value} -body {
	::tls::scrypt -salt salt -salt salt
    } -result {no password} -returnCodes {1}

test Scrypt_Errors-3.4 {No salt value} -body {
	::tls::scrypt -password key -password key
    } -result {no salt} -returnCodes {1}

test Scrypt_Errors-3.5 {Invalid size} -body {
	::tls::scrypt -password key -salt salt -size 0
    } -result {invalid value "0" for option "-size": must be >= 1} -returnCodes {1}

test Scrypt_Errors-3.6 {Invalid N costParameter} -constraints {knownIgnored} -body {
	::tls::scrypt -password key -salt salt -N 0
    } -returnCodes {1}

test Scrypt_Errors-3.7 {Invalid r blockSize} -constraints {knownIgnored} -body {
	::tls::scrypt -password key -salt salt -r 0
    } -returnCodes {1}

test Scrypt_Errors-3.8 {Invalid p parallelization} -constraints {knownIgnored} -body {
	::tls::scrypt -password key -salt salt -p 0
    } -returnCodes {1}

set digest sha1
set P "password"
set S "salt"
set dkLen 20

# PBKDF2 RFC 6070


test PBKDF2_RFC_6070-4.1 {Test Case 1} -body {
	binary encode hex [::tls::pbkdf2 -digest $digest -password $P -salt $S -iterations 1 -size $dkLen]
    } -result {0c60c80f961f0e71f3a9b524af6012062fe037a6}

test PBKDF2_RFC_6070-4.2 {Test Case 2} -body {
	binary encode hex [::tls::pbkdf2 -digest $digest -password $P -salt $S -iterations 2 -size $dkLen]
    } -result {ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957}

test PBKDF2_RFC_6070-4.3 {Test Case 3} -body {
	binary encode hex [::tls::pbkdf2 -digest $digest -password $P -salt $S -iterations 4096 -size $dkLen]
    } -result {4b007901b765489abead49d926f721d065a429c1}

test PBKDF2_RFC_6070-4.4 {Test Case 4} -body {
	binary encode hex [::tls::pbkdf2 -digest $digest -password $P -salt $S -iterations 16777216 -size $dkLen]
    } -result {eefe3d61cd4da4e4e9945b3d6ba2158c2634e984}

set digest sha1
set key [binary decode hex 0b0b0b0b0b0b0b0b0b0b0b]
set salt [binary decode hex 000102030405060708090a0b0c]
set info [binary decode hex f0f1f2f3f4f5f6f7f8f9]
set size 42

# HKDF RFC 6234


test HKDF_RFC_6234-5.1 {A.4.  Test Case 4, Basic test case with SHA-1} -body {
	binary encode hex [::tls::hkdf -digest $digest -password $key -salt $salt -info $info -size $size]
    } -result {085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896}

set key [binary decode hex 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f]
set salt [binary decode hex 606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf]
set info [binary decode hex b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff]
set size 82


test HKDF_RFC_6234-5.2 {A.5.  Test Case 5, Test with SHA-1 and longer inputs/outputs} -body {
	binary encode hex [::tls::hkdf -digest $digest -password $key -salt $salt -info $info -size $size]
    } -result {0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4}

set key [binary decode hex 0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b]
set salt ""
set info ""
set size 42


test HKDF_RFC_6234-5.3 {A.6.  Test Case 6, Test with SHA-1 and zero-length salt/info} -body {
	binary encode hex [::tls::hkdf -digest $digest -password $key -salt $salt -info $info -size $size]
    } -result {0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918}

set key [binary decode hex 0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c]
set salt ""
set info ""
set size 42


test HKDF_RFC_6234-5.4 {A.7.  Test Case 7, Test with SHA-1, salt not provided (defaults to HashLen zero octets), zero-length info} -body {
	binary encode hex [::tls::hkdf -digest $digest -password $key -salt $salt -info $info -size $size]
    } -result {2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48}

# Scrypt RFC 7914


test Scrypt_RFC_7914-6.1 {Test Case 1} -body {
	binary encode hex [::tls::scrypt -password "" -salt "" -N 16 -r 1 -p 1 -size 64]
    } -result {77d6576238657b203b19ca42c18a0497f16b4844e3074ae8dfdffa3fede21442fcd0069ded0948f8326a753a0fc81f17e8d3e0fb2e0d3628cf35e20c38d18906}

test Scrypt_RFC_7914-6.2 {Test Case 2} -body {
	binary encode hex [::tls::scrypt -password "password" -salt "NaCl" -N 1024 -r 8 -p 16 -size 64]
    } -result {fdbabe1c9d3472007856e7190d01e9fe7c6ad7cbc8237830e77376634b3731622eaf30d92e22a3886ff109279d9830dac727afb94a83ee6d8360cbdfa2cc0640}

test Scrypt_RFC_7914-6.3 {Test Case 3} -body {
	binary encode hex [::tls::scrypt -password "pleaseletmein" -salt "SodiumChloride" -N 16384 -r 8 -p 1 -size 64]
    } -result {7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b543f6545da1f2d5432955613f0fcf62d49705242a9af9e61e85dc0d651e40dfcf017b45575887}

test Scrypt_RFC_7914-6.4 {Test Case 4} -body {
	binary encode hex [::tls::scrypt -password "pleaseletmein" -salt "SodiumChloride" -N 1048576 -r 8 -p 1 -size 64]
    } -result {2101cb9b6a511aaeaddbbe09cf70f881ec568d574a2ffd4dabe5ee9820adaa478e56fd8f4ba5d09ffa1c6d927c40f4c337304049e8a952fbcbf45c6fa77a41a4}

# Cleanup
::tcltest::cleanupTests
return

Powered by Fossil · RSS