From 68250138fead8561057a864c565f58934d14b59f Mon Sep 17 00:00:00 2001
From: Rajeev Ranjan <ranjan.rajeev@siemens.com>
Date: Fri, 19 Jan 2024 15:21:33 +0100
Subject: [PATCH] add test vectors for tls1_3 integrity-only ciphers.

---
 test/evp_test.c                               |   2 +-
 test/recipes/30-test_evp.t                    |   2 +
 .../30-test_evp_data/evpciph_enull_hmac.txt   | 104 ++++++++++++++++++
 3 files changed, 107 insertions(+), 1 deletion(-)
 create mode 100644 test/recipes/30-test_evp_data/evpciph_enull_hmac.txt

diff --git a/test/evp_test.c b/test/evp_test.c
index cef7b1b9e83bcf..352f15746c6fdc 100644
--- a/test/evp_test.c
+++ b/test/evp_test.c
@@ -1064,7 +1064,7 @@ static int cipher_test_enc(EVP_TEST *t, int enc, size_t out_misalign,
                             tmp + out_misalign, tmplen + tmpflen))
         goto err;
     if (enc && expected->aead && !expected->tls_aad) {
-        unsigned char rtag[16];
+        unsigned char rtag[48]; /* longest known for TLS_SHA384_SHA384 */
 
         if (!TEST_size_t_le(expected->tag_len, sizeof(rtag))) {
             t->err = "TAG_LENGTH_INTERNAL_ERROR";
diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t
index eddca5c58ea390..2406e60ed33043 100644
--- a/test/recipes/30-test_evp.t
+++ b/test/recipes/30-test_evp.t
@@ -31,6 +31,7 @@ my $no_ec2m = disabled("ec2m");
 my $no_sm2 = disabled("sm2");
 my $no_siv = disabled("siv");
 my $no_argon2 = disabled("argon2");
+my $no_tls1_3_integrity_only_ciphers = disabled("tls1_3-integrity-only_ciphers");
 
 # Default config depends on if the legacy module is built or not
 my $defaultcnf = $no_legacy ? 'default.cnf' : 'default-and-legacy.cnf';
@@ -131,6 +132,7 @@ push @defltfiles, qw(evppkey_dsa_rfc6979.txt) unless $no_dsa;
 push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2;
 push @defltfiles, qw(evpciph_aes_gcm_siv.txt) unless $no_siv;
 push @defltfiles, qw(evpciph_aes_siv.txt) unless $no_siv;
+push @defltfiles, qw(evpciph_enull_hmac.txt) unless $no_tls1_3_integrity_only_ciphers;
 push @defltfiles, qw(evpkdf_argon2.txt) unless $no_argon2;
 
 plan tests =>
diff --git a/test/recipes/30-test_evp_data/evpciph_enull_hmac.txt b/test/recipes/30-test_evp_data/evpciph_enull_hmac.txt
new file mode 100644
index 00000000000000..46e3a4142e5d0e
--- /dev/null
+++ b/test/recipes/30-test_evp_data/evpciph_enull_hmac.txt
@@ -0,0 +1,104 @@
+#
+# Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# Tests start with one of these keywords
+#       Cipher Decrypt Derive Digest Encoding KDF MAC PBE
+#       PrivPubKeyPair Sign Verify VerifyRecover
+# and continue until a blank line. Lines starting with a pound sign are ignored.
+
+Title = Test vectors for TLS1_3 integrity-only ciphers
+
+# self-generated
+
+Cipher = eNULL-HMAC-SHA256
+Key = d39e38d50e5f292e909dab90baffa94f9dee079cf42684ebfa9acea691a0ec67
+IV = d0e3ca88e3061efc82a01bdee2bedbd5d576a4ed2ae2551d5961d851386f5f11
+AAD = a7c121c002008692ce378502ae443242
+Tag = ba12646c0660c251d2078c2f0a4a7fc97de2c2693b71a6e5ee952c1370167fa2
+Plaintext = c33caf56ac18930afb753b039e86fb52271adfa48310ead4b2d003e50469d006636669e94642affe091524538273b02f1d94b84dc3
+Ciphertext = c33caf56ac18930afb753b039e86fb52271adfa48310ead4b2d003e50469d006636669e94642affe091524538273b02f1d94b84dc3
+
+Cipher = eNULL-HMAC-SHA256
+Key =  4bd2ff014e96f282eb9c46cbf91fb2f8ec49c1075e3eb5bfd2cde9f77f28059a
+IV =  9ad73ea6bdc490b13f63ad5469c29d22bd57e1ccf33a195aed3f4caa5561f87f
+AAD =  b2386b80232c9cee10c16f2cd7eba83f
+Tag =  7fe6919c588f082814c304ecc06f3dc74ee6a925f1c94bdc52bef03dbbe1589c
+Plaintext =  342ec0a55180d378a2be7486384502c5
+Ciphertext =  342ec0a55180d378a2be7486384502c5
+
+Cipher = eNULL-HMAC-SHA256
+Key =  ff6b4c6e933b722b56b027269fca1e247494b5efaa882eb5e0080ec2a0627bf7
+IV =  aa4a62f9168e19ea6183734e1bf5e1cb30dc9ee5c8409b97a5b47b
+AAD =  e6c7451bbebe9e951817580541c31686
+Tag =  2df54be430a45352b9819a8fd1520eed8f79b138fe6138c72b66e31db76358de
+Plaintext =  2a11905e67a36eb1ffe63917794d8c01
+Ciphertext =  2a11905e67a36eb1ffe63917794d8c01
+Result = INVALID_IV_LENGTH
+
+Cipher = eNULL-HMAC-SHA256
+Key = 8161ebe250e72836fc7b921800f7031dabb82b10c1070ad61c4b470efdd2d638
+IV = 9b3585f400107d1d00a4c73d1ccf5c6298cc31f31d7eb6bf16125aad981c38f4
+AAD = 303646bafecf6437cf0608bee640ea3a
+Tag = 308ede06619e016da2b2a5bc4cad2a83bbed3a9b8e7f48d8cf129641370dee19
+Plaintext = 15d16f28104e53a2b4c52405b696beab19ac1794cbe3f723781948ee5306cce6905afab06b30cc84a4ea2aadbbf5c66fa6b812ada3
+Ciphertext = 15d16f28104e53a2b4c52405b696beab19ac1794cbe3f723781948ee5306cce6905afab06b30cc84a4ea2aadbbf5c66fa6b812ada3
+Operation = DECRYPT
+Result = CIPHERFINAL_ERROR
+
+Cipher = eNULL-HMAC-SHA256
+Key =  4bd2ff014e96f282eb9c46cbf91fb2f8ec49c1075e3eb5bfd2cde9f77f28059a
+IV =  9ad73ea6bdc490b13f63ad5469c29d22bd57e1ccf33a195aed3f4caa5561f87a
+AAD =  b2386b80232c9cee10c16f2cd7eba83f
+Tag =  7fe6919c588f082814c304ecc06f3dc74ee6a925f1c94bdc52bef03dbbe1589c
+Plaintext =  342ec0a55180d378a2be7486384502c5
+Ciphertext =  342ec0a55180d378a2be7486384502c5
+Operation = DECRYPT
+Result = CIPHERFINAL_ERROR
+
+Cipher = eNULL-HMAC-SHA384
+Key = 89b1805bd63d4fc480e326600aa503d9a013850decd16ee9ad62c78ccf3933aa81e76745c8880d0c0b650e04f5618cdf
+IV = 8edaf8503b55553042ce8df39c0f36fb6ebc1b747066c40001f6eaa772386d11773358cb179af672df221de9ce961ca7
+AAD = 0132a0a2eb8739df5377f7ba5ba943b1
+Tag = 1b3d387ec9f32790f9e1556371743b10c18a4cb53ebe3a1fff005bcf10262ee4fa923f80c6013b14c3d5934666470dec
+Plaintext = 3ef534d83d90c06202b4a6ed890b522ab1cfd88c55f09302d513110861042e28731b360e3d32eb8573a738128006cefb9a71db9f20
+Ciphertext = 3ef534d83d90c06202b4a6ed890b522ab1cfd88c55f09302d513110861042e28731b360e3d32eb8573a738128006cefb9a71db9f20
+
+Cipher = eNULL-HMAC-SHA384
+Key = 7c8add456590f28bada7019409b6035cb7738b8c1520278102b53f5eae5c6aec91945e566445e6c73a7f9495c5d4e478
+IV = 012acc710cd8a57da8f0eccb8cb79c8136f6e65ba19eb1681a6abe5667840a260a716ce0d0f2264573938af7ba457673
+AAD = 5220730c154a9413ba591f600e271ba1
+Tag = 666c95d04fcf546df116098cfc86e1bd5fc054d7c1556401606a37ac5107007e9166bb32ea49143a777647813e60ff43
+Plaintext = 2f2e7819b01d74a0923cd0d4608eb442f1ee11385d12ed92fc186bdc2ef41add320e851af9ee62fa716f5745662e25c279f5
+Ciphertext = 2f2e7819b01d74a0923cd0d4608eb442f1ee11385d12ed92fc186bdc2ef41add320e851af9ee62fa716f5745662e25c279f5
+
+Cipher = eNULL-HMAC-SHA384
+Key = 8d47db7047c3275322a48b6c524fc6042752a5f7fe08b30f2521facff8bd55a21525ccd46bee3e1a4a748705d791bfab
+IV = 5299a18c72a8959e3b926778cfcdce656b5374d98e98071831f0169c43a25ad06f4876638da29aee2427381502e21749
+AAD = c86661ac3848f504
+Tag = 8656f4fe6309696930e23db23f8cc9b3335c1fd1e1b50478ebb36482e2b8e7b49bcc2d10c42050f118c0c62f0ab0588b
+Plaintext = 3454bb97690f8931af15b26dc35217c4
+Ciphertext = 3454bb97690f8931af15b26dc35217c4
+
+Cipher = eNULL-HMAC-SHA384
+Key = 8d47db7047c3275322a48b6c524fc6042752a5f7fe08b30f2521facff8bd55a21525ccd46bee3e1a4a748705d791bfab
+IV = 5299a18c72a8959e3b926778cfcdce656b5374d98e98071831f0169c43a25ad06f4876638da29aee2427381502e21749
+AAD = c86661ac3848f504
+Tag = 8656f4fe6309696930e23db23f8cc9b3335c1fd1e1b50478ebb36482e2b8e7b49bcc2d10c42050f118c0c62f0ab0588c
+Plaintext = 3454bb97690f8931af15b26dc35217c4
+Ciphertext = 3454bb97690f8931af15b26dc35217c4
+Operation = DECRYPT
+Result = CIPHERFINAL_ERROR
+
+Cipher = eNULL-HMAC-SHA384
+Key = 7c8add456590f28bada7019409b6035cb7738b8c1520278102b53f5eae5c6aec91945e566445e6c73a7f9495c5d4e478
+IV = 012acc710cd8a57da8f0eccb8cb79c8136f6e65ba19eb1681a6abe5667840a260a716ce0d0f2264573938af7ba4576
+AAD = 5220730c154a9413ba591f600e271ba1
+Tag = 666c95d04fcf546df116098cfc86e1bd5fc054d7c1556401606a37ac5107007e9166bb32ea49143a777647813e60ff43
+Plaintext = 2f2e7819b01d74a0923cd0d4608eb442f1ee11385d12ed92fc186bdc2ef41add320e851af9ee62fa716f5745662e25c279f5
+Ciphertext = 2f2e7819b01d74a0923cd0d4608eb442f1ee11385d12ed92fc186bdc2ef41add320e851af9ee62fa716f5745662e25c279f5
+Result = INVALID_IV_LENGTH