]>
Commit | Line | Data |
---|---|---|
02d74055 P |
1 | /* |
2 | * Copyright (C) 2020 Pascal Knecht | |
3 | * Copyright (C) 2020 Méline Sieber | |
19ef2aec TB |
4 | * |
5 | * Copyright (C) secunet Security Networks AG | |
02d74055 P |
6 | * |
7 | * This program is free software; you can redistribute it and/or modify it | |
8 | * under the terms of the GNU General Public License as published by the | |
9 | * Free Software Foundation; either version 2 of the License, or (at your | |
10 | * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. | |
11 | * | |
12 | * This program is distributed in the hope that it will be useful, but | |
13 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY | |
14 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
15 | * for more details. | |
16 | */ | |
17 | ||
18 | #include <test_suite.h> | |
19 | ||
20 | #include "tls_hkdf.h" | |
21 | ||
9389fef7 PK |
22 | static chunk_t ulfheim_ecdhe = chunk_from_chars( |
23 | 0xdf,0x4a,0x29,0x1b,0xaa,0x1e,0xb7,0xcf,0xa6,0x93,0x4b,0x29,0xb4,0x74,0xba,0xad, | |
24 | 0x26,0x97,0xe2,0x9f,0x1f,0x92,0x0d,0xcc,0x77,0xc8,0xa0,0xa0,0x88,0x44,0x76,0x24, | |
25 | ); | |
26 | ||
27 | static chunk_t ulfheim_client_server_hello = chunk_from_chars( | |
28 | /* Client Hello */ | |
29 | 0x01,0x00,0x00,0xc6,0x03,0x03,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09, | |
30 | 0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19, | |
31 | 0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,0x20,0xe0,0xe1,0xe2,0xe3,0xe4,0xe5,0xe6,0xe7,0xe8, | |
32 | 0xe9,0xea,0xeb,0xec,0xed,0xee,0xef,0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,0xf8, | |
33 | 0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff,0x00,0x06,0x13,0x01,0x13,0x02,0x13,0x03,0x01, | |
34 | 0x00,0x00,0x77,0x00,0x00,0x00,0x18,0x00,0x16,0x00,0x00,0x13,0x65,0x78,0x61,0x6d, | |
35 | 0x70,0x6c,0x65,0x2e,0x75,0x6c,0x66,0x68,0x65,0x69,0x6d,0x2e,0x6e,0x65,0x74,0x00, | |
36 | 0x0a,0x00,0x08,0x00,0x06,0x00,0x1d,0x00,0x17,0x00,0x18,0x00,0x0d,0x00,0x14,0x00, | |
37 | 0x12,0x04,0x03,0x08,0x04,0x04,0x01,0x05,0x03,0x08,0x05,0x05,0x01,0x08,0x06,0x06, | |
38 | 0x01,0x02,0x01,0x00,0x33,0x00,0x26,0x00,0x24,0x00,0x1d,0x00,0x20,0x35,0x80,0x72, | |
39 | 0xd6,0x36,0x58,0x80,0xd1,0xae,0xea,0x32,0x9a,0xdf,0x91,0x21,0x38,0x38,0x51,0xed, | |
40 | 0x21,0xa2,0x8e,0x3b,0x75,0xe9,0x65,0xd0,0xd2,0xcd,0x16,0x62,0x54,0x00,0x2d,0x00, | |
41 | 0x02,0x01,0x01,0x00,0x2b,0x00,0x03,0x02,0x03,0x04, | |
42 | /* Server Hello */ | |
43 | 0x02,0x00,0x00,0x76,0x03,0x03,0x70,0x71,0x72,0x73,0x74,0x75,0x76,0x77,0x78,0x79, | |
44 | 0x7a,0x7b,0x7c,0x7d,0x7e,0x7f,0x80,0x81,0x82,0x83,0x84,0x85,0x86,0x87,0x88,0x89, | |
45 | 0x8a,0x8b,0x8c,0x8d,0x8e,0x8f,0x20,0xe0,0xe1,0xe2,0xe3,0xe4,0xe5,0xe6,0xe7,0xe8, | |
46 | 0xe9,0xea,0xeb,0xec,0xed,0xee,0xef,0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,0xf8, | |
47 | 0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff,0x13,0x01,0x00,0x00,0x2e,0x00,0x33,0x00,0x24, | |
48 | 0x00,0x1d,0x00,0x20,0x9f,0xd7,0xad,0x6d,0xcf,0xf4,0x29,0x8d,0xd3,0xf9,0x6d,0x5b, | |
49 | 0x1b,0x2a,0xf9,0x10,0xa0,0x53,0x5b,0x14,0x88,0xd7,0xf8,0xfa,0xbb,0x34,0x9a,0x98, | |
50 | 0x28,0x80,0xb6,0x15,0x00,0x2b,0x00,0x02,0x03,0x04, | |
51 | ); | |
52 | ||
53 | static chunk_t ulfheim_server_data = chunk_from_chars( | |
54 | /* Server Encrypted Extension */ | |
55 | 0x08,0x00,0x00,0x02,0x00,0x00, | |
56 | /* Server Certificate */ | |
57 | 0x0b,0x00,0x03,0x2e,0x00,0x00,0x03,0x2a,0x00,0x03,0x25,0x30,0x82,0x03,0x21,0x30, | |
58 | 0x82,0x02,0x09,0xa0,0x03,0x02,0x01,0x02,0x02,0x08,0x15,0x5a,0x92,0xad,0xc2,0x04, | |
59 | 0x8f,0x90,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b,0x05, | |
60 | 0x00,0x30,0x22,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53, | |
61 | 0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0a,0x13,0x0a,0x45,0x78,0x61,0x6d,0x70, | |
62 | 0x6c,0x65,0x20,0x43,0x41,0x30,0x1e,0x17,0x0d,0x31,0x38,0x31,0x30,0x30,0x35,0x30, | |
63 | 0x31,0x33,0x38,0x31,0x37,0x5a,0x17,0x0d,0x31,0x39,0x31,0x30,0x30,0x35,0x30,0x31, | |
64 | 0x33,0x38,0x31,0x37,0x5a,0x30,0x2b,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06, | |
65 | 0x13,0x02,0x55,0x53,0x31,0x1c,0x30,0x1a,0x06,0x03,0x55,0x04,0x03,0x13,0x13,0x65, | |
66 | 0x78,0x61,0x6d,0x70,0x6c,0x65,0x2e,0x75,0x6c,0x66,0x68,0x65,0x69,0x6d,0x2e,0x6e, | |
67 | 0x65,0x74,0x30,0x82,0x01,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d, | |
68 | 0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a,0x02,0x82, | |
69 | 0x01,0x01,0x00,0xc4,0x80,0x36,0x06,0xba,0xe7,0x47,0x6b,0x08,0x94,0x04,0xec,0xa7, | |
70 | 0xb6,0x91,0x04,0x3f,0xf7,0x92,0xbc,0x19,0xee,0xfb,0x7d,0x74,0xd7,0xa8,0x0d,0x00, | |
71 | 0x1e,0x7b,0x4b,0x3a,0x4a,0xe6,0x0f,0xe8,0xc0,0x71,0xfc,0x73,0xe7,0x02,0x4c,0x0d, | |
72 | 0xbc,0xf4,0xbd,0xd1,0x1d,0x39,0x6b,0xba,0x70,0x46,0x4a,0x13,0xe9,0x4a,0xf8,0x3d, | |
73 | 0xf3,0xe1,0x09,0x59,0x54,0x7b,0xc9,0x55,0xfb,0x41,0x2d,0xa3,0x76,0x52,0x11,0xe1, | |
74 | 0xf3,0xdc,0x77,0x6c,0xaa,0x53,0x37,0x6e,0xca,0x3a,0xec,0xbe,0xc3,0xaa,0xb7,0x3b, | |
75 | 0x31,0xd5,0x6c,0xb6,0x52,0x9c,0x80,0x98,0xbc,0xc9,0xe0,0x28,0x18,0xe2,0x0b,0xf7, | |
76 | 0xf8,0xa0,0x3a,0xfd,0x17,0x04,0x50,0x9e,0xce,0x79,0xbd,0x9f,0x39,0xf1,0xea,0x69, | |
77 | 0xec,0x47,0x97,0x2e,0x83,0x0f,0xb5,0xca,0x95,0xde,0x95,0xa1,0xe6,0x04,0x22,0xd5, | |
78 | 0xee,0xbe,0x52,0x79,0x54,0xa1,0xe7,0xbf,0x8a,0x86,0xf6,0x46,0x6d,0x0d,0x9f,0x16, | |
79 | 0x95,0x1a,0x4c,0xf7,0xa0,0x46,0x92,0x59,0x5c,0x13,0x52,0xf2,0x54,0x9e,0x5a,0xfb, | |
80 | 0x4e,0xbf,0xd7,0x7a,0x37,0x95,0x01,0x44,0xe4,0xc0,0x26,0x87,0x4c,0x65,0x3e,0x40, | |
81 | 0x7d,0x7d,0x23,0x07,0x44,0x01,0xf4,0x84,0xff,0xd0,0x8f,0x7a,0x1f,0xa0,0x52,0x10, | |
82 | 0xd1,0xf4,0xf0,0xd5,0xce,0x79,0x70,0x29,0x32,0xe2,0xca,0xbe,0x70,0x1f,0xdf,0xad, | |
83 | 0x6b,0x4b,0xb7,0x11,0x01,0xf4,0x4b,0xad,0x66,0x6a,0x11,0x13,0x0f,0xe2,0xee,0x82, | |
84 | 0x9e,0x4d,0x02,0x9d,0xc9,0x1c,0xdd,0x67,0x16,0xdb,0xb9,0x06,0x18,0x86,0xed,0xc1, | |
85 | 0xba,0x94,0x21,0x02,0x03,0x01,0x00,0x01,0xa3,0x52,0x30,0x50,0x30,0x0e,0x06,0x03, | |
86 | 0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x05,0xa0,0x30,0x1d,0x06,0x03, | |
87 | 0x55,0x1d,0x25,0x04,0x16,0x30,0x14,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x03, | |
88 | 0x02,0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x30,0x1f,0x06,0x03,0x55, | |
89 | 0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x89,0x4f,0xde,0x5b,0xcc,0x69,0xe2,0x52, | |
90 | 0xcf,0x3e,0xa3,0x00,0xdf,0xb1,0x97,0xb8,0x1d,0xe1,0xc1,0x46,0x30,0x0d,0x06,0x09, | |
91 | 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b,0x05,0x00,0x03,0x82,0x01,0x01,0x00, | |
92 | 0x59,0x16,0x45,0xa6,0x9a,0x2e,0x37,0x79,0xe4,0xf6,0xdd,0x27,0x1a,0xba,0x1c,0x0b, | |
93 | 0xfd,0x6c,0xd7,0x55,0x99,0xb5,0xe7,0xc3,0x6e,0x53,0x3e,0xff,0x36,0x59,0x08,0x43, | |
94 | 0x24,0xc9,0xe7,0xa5,0x04,0x07,0x9d,0x39,0xe0,0xd4,0x29,0x87,0xff,0xe3,0xeb,0xdd, | |
95 | 0x09,0xc1,0xcf,0x1d,0x91,0x44,0x55,0x87,0x0b,0x57,0x1d,0xd1,0x9b,0xdf,0x1d,0x24, | |
96 | 0xf8,0xbb,0x9a,0x11,0xfe,0x80,0xfd,0x59,0x2b,0xa0,0x39,0x8c,0xde,0x11,0xe2,0x65, | |
97 | 0x1e,0x61,0x8c,0xe5,0x98,0xfa,0x96,0xe5,0x37,0x2e,0xef,0x3d,0x24,0x8a,0xfd,0xe1, | |
98 | 0x74,0x63,0xeb,0xbf,0xab,0xb8,0xe4,0xd1,0xab,0x50,0x2a,0x54,0xec,0x00,0x64,0xe9, | |
99 | 0x2f,0x78,0x19,0x66,0x0d,0x3f,0x27,0xcf,0x20,0x9e,0x66,0x7f,0xce,0x5a,0xe2,0xe4, | |
100 | 0xac,0x99,0xc7,0xc9,0x38,0x18,0xf8,0xb2,0x51,0x07,0x22,0xdf,0xed,0x97,0xf3,0x2e, | |
101 | 0x3e,0x93,0x49,0xd4,0xc6,0x6c,0x9e,0xa6,0x39,0x6d,0x74,0x44,0x62,0xa0,0x6b,0x42, | |
102 | 0xc6,0xd5,0xba,0x68,0x8e,0xac,0x3a,0x01,0x7b,0xdd,0xfc,0x8e,0x2c,0xfc,0xad,0x27, | |
103 | 0xcb,0x69,0xd3,0xcc,0xdc,0xa2,0x80,0x41,0x44,0x65,0xd3,0xae,0x34,0x8c,0xe0,0xf3, | |
104 | 0x4a,0xb2,0xfb,0x9c,0x61,0x83,0x71,0x31,0x2b,0x19,0x10,0x41,0x64,0x1c,0x23,0x7f, | |
105 | 0x11,0xa5,0xd6,0x5c,0x84,0x4f,0x04,0x04,0x84,0x99,0x38,0x71,0x2b,0x95,0x9e,0xd6, | |
106 | 0x85,0xbc,0x5c,0x5d,0xd6,0x45,0xed,0x19,0x90,0x94,0x73,0x40,0x29,0x26,0xdc,0xb4, | |
107 | 0x0e,0x34,0x69,0xa1,0x59,0x41,0xe8,0xe2,0xcc,0xa8,0x4b,0xb6,0x08,0x46,0x36,0xa0, | |
108 | 0x00,0x00, | |
109 | /* Server Certificate Verify */ | |
110 | 0x0f,0x00,0x01,0x04,0x08,0x04,0x01,0x00,0x17,0xfe,0xb5,0x33,0xca,0x6d,0x00,0x7d, | |
111 | 0x00,0x58,0x25,0x79,0x68,0x42,0x4b,0xbc,0x3a,0xa6,0x90,0x9e,0x9d,0x49,0x55,0x75, | |
112 | 0x76,0xa5,0x20,0xe0,0x4a,0x5e,0xf0,0x5f,0x0e,0x86,0xd2,0x4f,0xf4,0x3f,0x8e,0xb8, | |
113 | 0x61,0xee,0xf5,0x95,0x22,0x8d,0x70,0x32,0xaa,0x36,0x0f,0x71,0x4e,0x66,0x74,0x13, | |
114 | 0x92,0x6e,0xf4,0xf8,0xb5,0x80,0x3b,0x69,0xe3,0x55,0x19,0xe3,0xb2,0x3f,0x43,0x73, | |
115 | 0xdf,0xac,0x67,0x87,0x06,0x6d,0xcb,0x47,0x56,0xb5,0x45,0x60,0xe0,0x88,0x6e,0x9b, | |
116 | 0x96,0x2c,0x4a,0xd2,0x8d,0xab,0x26,0xba,0xd1,0xab,0xc2,0x59,0x16,0xb0,0x9a,0xf2, | |
117 | 0x86,0x53,0x7f,0x68,0x4f,0x80,0x8a,0xef,0xee,0x73,0x04,0x6c,0xb7,0xdf,0x0a,0x84, | |
118 | 0xfb,0xb5,0x96,0x7a,0xca,0x13,0x1f,0x4b,0x1c,0xf3,0x89,0x79,0x94,0x03,0xa3,0x0c, | |
119 | 0x02,0xd2,0x9c,0xbd,0xad,0xb7,0x25,0x12,0xdb,0x9c,0xec,0x2e,0x5e,0x1d,0x00,0xe5, | |
120 | 0x0c,0xaf,0xcf,0x6f,0x21,0x09,0x1e,0xbc,0x4f,0x25,0x3c,0x5e,0xab,0x01,0xa6,0x79, | |
121 | 0xba,0xea,0xbe,0xed,0xb9,0xc9,0x61,0x8f,0x66,0x00,0x6b,0x82,0x44,0xd6,0x62,0x2a, | |
122 | 0xaa,0x56,0x88,0x7c,0xcf,0xc6,0x6a,0x0f,0x38,0x51,0xdf,0xa1,0x3a,0x78,0xcf,0xf7, | |
123 | 0x99,0x1e,0x03,0xcb,0x2c,0x3a,0x0e,0xd8,0x7d,0x73,0x67,0x36,0x2e,0xb7,0x80,0x5b, | |
124 | 0x00,0xb2,0x52,0x4f,0xf2,0x98,0xa4,0xda,0x48,0x7c,0xac,0xde,0xaf,0x8a,0x23,0x36, | |
125 | 0xc5,0x63,0x1b,0x3e,0xfa,0x93,0x5b,0xb4,0x11,0xe7,0x53,0xca,0x13,0xb0,0x15,0xfe, | |
126 | 0xc7,0xe4,0xa7,0x30,0xf1,0x36,0x9f,0x9e, | |
127 | /* Server Handshake Finish */ | |
128 | 0x14,0x00,0x00,0x20,0xea,0x6e,0xe1,0x76,0xdc,0xcc,0x4a,0xf1,0x85,0x9e,0x9e,0x4e, | |
129 | 0x93,0xf7,0x97,0xea,0xc9,0xa7,0x8c,0xe4,0x39,0x30,0x1e,0x35,0x27,0x5a,0xd4,0x3f, | |
130 | 0x3c,0xdd,0xbd,0xe3, | |
131 | ); | |
132 | ||
133 | static void check_secret(tls_hkdf_t *hkdf, tls_hkdf_label_t label, chunk_t data, chunk_t exp_secret) | |
134 | { | |
135 | chunk_t secret; | |
136 | ||
137 | ck_assert(hkdf->generate_secret(hkdf, label, data, &secret)); | |
138 | ck_assert_chunk_eq(exp_secret, secret); | |
139 | ||
140 | chunk_free(&secret); | |
141 | } | |
142 | ||
143 | static void check_secret_key_iv(tls_hkdf_t *hkdf, tls_hkdf_label_t label, | |
144 | chunk_t data, bool is_server, chunk_t exp_secret, | |
145 | int key_length, int iv_length, chunk_t exp_key, | |
146 | chunk_t exp_iv) | |
147 | { | |
148 | chunk_t key, iv; | |
149 | ||
150 | check_secret(hkdf, label, data, exp_secret); | |
151 | ||
152 | ck_assert(hkdf->derive_key(hkdf, is_server, key_length, &key)); | |
153 | ck_assert_chunk_eq(exp_key, key); | |
154 | ||
155 | ck_assert(hkdf->derive_iv(hkdf, is_server, iv_length, &iv)); | |
156 | ck_assert_chunk_eq(exp_iv, iv); | |
157 | ||
158 | chunk_free(&key); | |
159 | chunk_free(&iv); | |
160 | } | |
161 | ||
162 | static void check_finished(tls_hkdf_t *hkdf, bool is_server, chunk_t exp_finished) | |
163 | { | |
164 | chunk_t finished; | |
165 | ||
166 | ck_assert(hkdf->derive_finished(hkdf, is_server, &finished)); | |
167 | ck_assert_chunk_eq(exp_finished, finished); | |
168 | ||
169 | chunk_free(&finished); | |
170 | } | |
171 | ||
172 | static void check_resumption(tls_hkdf_t *hkdf, chunk_t data, chunk_t exp_resume) | |
173 | { | |
174 | chunk_t nonce, resume; | |
175 | ||
176 | nonce = chunk_from_chars(0x00,0x00); | |
177 | ck_assert(hkdf->resume(hkdf, data, nonce, &resume)); | |
178 | ck_assert_chunk_eq(exp_resume, resume); | |
179 | ||
180 | chunk_free(&resume); | |
181 | } | |
182 | ||
02d74055 P |
183 | START_TEST(test_ulfheim_handshake) |
184 | { | |
9389fef7 PK |
185 | chunk_t exp_client_handshake_traffic_secret = chunk_from_chars( |
186 | 0xff,0x0e,0x5b,0x96,0x52,0x91,0xc6,0x08,0xc1,0xe8,0xcd,0x26,0x7e,0xef,0xc0,0xaf, | |
187 | 0xcc,0x5e,0x98,0xa2,0x78,0x63,0x73,0xf0,0xdb,0x47,0xb0,0x47,0x86,0xd7,0x2a,0xea, | |
02d74055 P |
188 | ); |
189 | ||
9389fef7 PK |
190 | chunk_t exp_client_handshake_key = chunk_from_chars( |
191 | 0x71,0x54,0xf3,0x14,0xe6,0xbe,0x7d,0xc0,0x08,0xdf,0x2c,0x83,0x2b,0xaa,0x1d,0x39, | |
02d74055 P |
192 | ); |
193 | ||
9389fef7 PK |
194 | chunk_t exp_client_handshake_iv = chunk_from_chars( |
195 | 0x71,0xab,0xc2,0xca,0xe4,0xc6,0x99,0xd4,0x7c,0x60,0x02,0x68, | |
02d74055 P |
196 | ); |
197 | ||
9389fef7 PK |
198 | chunk_t exp_server_handshake_traffic_secret = chunk_from_chars( |
199 | 0xa2,0x06,0x72,0x65,0xe7,0xf0,0x65,0x2a,0x92,0x3d,0x5d,0x72,0xab,0x04,0x67,0xc4, | |
200 | 0x61,0x32,0xee,0xb9,0x68,0xb6,0xa3,0x2d,0x31,0x1c,0x80,0x58,0x68,0x54,0x88,0x14, | |
02d74055 P |
201 | ); |
202 | ||
9389fef7 PK |
203 | chunk_t exp_server_handshake_key = chunk_from_chars( |
204 | 0x84,0x47,0x80,0xa7,0xac,0xad,0x9f,0x98,0x0f,0xa2,0x5c,0x11,0x4e,0x43,0x40,0x2a, | |
02d74055 P |
205 | ); |
206 | ||
9389fef7 PK |
207 | chunk_t exp_server_handshake_iv = chunk_from_chars( |
208 | 0x4c,0x04,0x2d,0xdc,0x12,0x0a,0x38,0xd1,0x41,0x7f,0xc8,0x15, | |
02d74055 P |
209 | ); |
210 | ||
9389fef7 PK |
211 | chunk_t exp_client_finished_key = chunk_from_chars( |
212 | 0x7c,0x60,0xf8,0xd6,0x34,0x6f,0x4a,0x96,0x91,0xd2,0xae,0x64,0x5a,0x78,0x85,0xe0, | |
213 | 0x10,0x4a,0xdf,0xf9,0x8e,0xba,0x98,0x1c,0xa2,0xf9,0x9e,0xf6,0x2b,0xdd,0x8f,0xaa, | |
02d74055 P |
214 | ); |
215 | ||
9389fef7 PK |
216 | chunk_t exp_server_finished_key = chunk_from_chars( |
217 | 0xea,0x84,0xab,0xd2,0xad,0xa0,0xb5,0xc6,0x4c,0x08,0x07,0xa3,0x26,0xb6,0xfd,0x94, | |
218 | 0xa9,0x59,0x7e,0x39,0xca,0x62,0x10,0x60,0x7c,0x0d,0x3c,0x8c,0x76,0x68,0x65,0x71, | |
02d74055 P |
219 | ); |
220 | ||
9389fef7 PK |
221 | tls_hkdf_t *hkdf = tls_hkdf_create(HASH_SHA256, chunk_empty); |
222 | ck_assert(hkdf); | |
223 | ||
224 | hkdf->set_shared_secret(hkdf, ulfheim_ecdhe); | |
225 | ||
226 | /* Generate client handshake traffic secret */ | |
227 | check_secret_key_iv(hkdf, TLS_HKDF_C_HS_TRAFFIC, ulfheim_client_server_hello, | |
228 | FALSE, exp_client_handshake_traffic_secret, 16, 12, | |
229 | exp_client_handshake_key, exp_client_handshake_iv); | |
230 | ||
231 | check_finished(hkdf, FALSE, exp_client_finished_key); | |
232 | ||
233 | /* Generate server handshake traffic secret */ | |
234 | check_secret_key_iv(hkdf, TLS_HKDF_S_HS_TRAFFIC, ulfheim_client_server_hello, | |
235 | TRUE, exp_server_handshake_traffic_secret, 16, 12, | |
236 | exp_server_handshake_key, exp_server_handshake_iv); | |
02d74055 | 237 | |
9389fef7 PK |
238 | check_finished(hkdf, TRUE, exp_server_finished_key); |
239 | ||
240 | hkdf->destroy(hkdf); | |
241 | } | |
242 | END_TEST | |
243 | ||
244 | START_TEST(test_ulfheim_traffic) | |
245 | { | |
246 | chunk_t exp_client_application_traffic_secret = chunk_from_chars( | |
247 | 0xb8,0x82,0x22,0x31,0xc1,0xd6,0x76,0xec,0xca,0x1c,0x11,0xff,0xf6,0x59,0x42,0x80, | |
248 | 0x31,0x4d,0x03,0xa4,0xe9,0x1c,0xf1,0xaf,0x7f,0xe7,0x3f,0x8f,0x7b,0xe2,0xc1,0x1b, | |
02d74055 P |
249 | ); |
250 | ||
9389fef7 PK |
251 | chunk_t exp_client_application_key = chunk_from_chars( |
252 | 0x49,0x13,0x4b,0x95,0x32,0x8f,0x27,0x9f,0x01,0x83,0x86,0x05,0x89,0xac,0x67,0x07, | |
253 | ); | |
02d74055 | 254 | |
9389fef7 PK |
255 | chunk_t exp_client_application_iv = chunk_from_chars( |
256 | 0xbc,0x4d,0xd5,0xf7,0xb9,0x8a,0xcf,0xf8,0x54,0x66,0x26,0x1d, | |
257 | ); | |
02d74055 | 258 | |
9389fef7 PK |
259 | chunk_t exp_server_application_traffic_secret = chunk_from_chars( |
260 | 0x3f,0xc3,0x5e,0xa7,0x06,0x93,0x06,0x9a,0x27,0x79,0x56,0xaf,0xa2,0x3b,0x8f,0x45, | |
261 | 0x43,0xce,0x68,0xac,0x59,0x5f,0x2a,0xac,0xe0,0x5c,0xd7,0xa1,0xc9,0x20,0x23,0xd5, | |
262 | ); | |
02d74055 | 263 | |
9389fef7 PK |
264 | chunk_t exp_server_application_key = chunk_from_chars( |
265 | 0x0b,0x6d,0x22,0xc8,0xff,0x68,0x09,0x7e,0xa8,0x71,0xc6,0x72,0x07,0x37,0x73,0xbf, | |
266 | ); | |
02d74055 | 267 | |
9389fef7 PK |
268 | chunk_t exp_server_application_iv = chunk_from_chars( |
269 | 0x1b,0x13,0xdd,0x9f,0x8d,0x8f,0x17,0x09,0x1d,0x34,0xb3,0x49, | |
270 | ); | |
02d74055 | 271 | |
9389fef7 | 272 | chunk_t hs_data; |
02d74055 | 273 | |
9389fef7 PK |
274 | tls_hkdf_t *hkdf = tls_hkdf_create(HASH_SHA256, chunk_empty); |
275 | ck_assert(hkdf); | |
02d74055 | 276 | |
9389fef7 | 277 | hkdf->set_shared_secret(hkdf, ulfheim_ecdhe); |
02d74055 | 278 | |
9389fef7 PK |
279 | /* Generate client application traffic secret */ |
280 | hs_data = chunk_cata("cc", ulfheim_client_server_hello, ulfheim_server_data); | |
281 | check_secret_key_iv(hkdf, TLS_HKDF_C_AP_TRAFFIC, hs_data, FALSE, | |
282 | exp_client_application_traffic_secret, 16, 12, | |
283 | exp_client_application_key, exp_client_application_iv); | |
02d74055 | 284 | |
9389fef7 PK |
285 | /* Generate server application traffic secret */ |
286 | check_secret_key_iv(hkdf, TLS_HKDF_S_AP_TRAFFIC, hs_data, TRUE, | |
287 | exp_server_application_traffic_secret, 16, 12, | |
288 | exp_server_application_key, exp_server_application_iv); | |
02d74055 P |
289 | |
290 | hkdf->destroy(hkdf); | |
02d74055 P |
291 | } |
292 | END_TEST | |
293 | ||
9389fef7 | 294 | START_TEST(test_rfc8448_simple_1_rtt_handshake) |
02d74055 | 295 | { |
9389fef7 PK |
296 | chunk_t client_hello = chunk_from_chars( |
297 | 0x01,0x00,0x00,0xc0,0x03,0x03,0xcb,0x34,0xec,0xb1,0xe7,0x81,0x63,0xba,0x1c,0x38, | |
298 | 0xc6,0xda,0xcb,0x19,0x6a,0x6d,0xff,0xa2,0x1a,0x8d,0x99,0x12,0xec,0x18,0xa2,0xef, | |
299 | 0x62,0x83,0x02,0x4d,0xec,0xe7,0x00,0x00,0x06,0x13,0x01,0x13,0x03,0x13,0x02,0x01, | |
300 | 0x00,0x00,0x91,0x00,0x00,0x00,0x0b,0x00,0x09,0x00,0x00,0x06,0x73,0x65,0x72,0x76, | |
301 | 0x65,0x72,0xff,0x01,0x00,0x01,0x00,0x00,0x0a,0x00,0x14,0x00,0x12,0x00,0x1d,0x00, | |
302 | 0x17,0x00,0x18,0x00,0x19,0x01,0x00,0x01,0x01,0x01,0x02,0x01,0x03,0x01,0x04,0x00, | |
303 | 0x23,0x00,0x00,0x00,0x33,0x00,0x26,0x00,0x24,0x00,0x1d,0x00,0x20,0x99,0x38,0x1d, | |
304 | 0xe5,0x60,0xe4,0xbd,0x43,0xd2,0x3d,0x8e,0x43,0x5a,0x7d,0xba,0xfe,0xb3,0xc0,0x6e, | |
305 | 0x51,0xc1,0x3c,0xae,0x4d,0x54,0x13,0x69,0x1e,0x52,0x9a,0xaf,0x2c,0x00,0x2b,0x00, | |
306 | 0x03,0x02,0x03,0x04,0x00,0x0d,0x00,0x20,0x00,0x1e,0x04,0x03,0x05,0x03,0x06,0x03, | |
307 | 0x02,0x03,0x08,0x04,0x08,0x05,0x08,0x06,0x04,0x01,0x05,0x01,0x06,0x01,0x02,0x01, | |
308 | 0x04,0x02,0x05,0x02,0x06,0x02,0x02,0x02,0x00,0x2d,0x00,0x02,0x01,0x01,0x00,0x1c, | |
309 | 0x00,0x02,0x40,0x01, | |
310 | ); | |
311 | ||
312 | chunk_t server_hello = chunk_from_chars( | |
313 | 0x02,0x00,0x00,0x56,0x03,0x03,0xa6,0xaf,0x06,0xa4,0x12,0x18,0x60,0xdc,0x5e,0x6e, | |
314 | 0x60,0x24,0x9c,0xd3,0x4c,0x95,0x93,0x0c,0x8a,0xc5,0xcb,0x14,0x34,0xda,0xc1,0x55, | |
315 | 0x77,0x2e,0xd3,0xe2,0x69,0x28,0x00,0x13,0x01,0x00,0x00,0x2e,0x00,0x33,0x00,0x24, | |
316 | 0x00,0x1d,0x00,0x20,0xc9,0x82,0x88,0x76,0x11,0x20,0x95,0xfe,0x66,0x76,0x2b,0xdb, | |
317 | 0xf7,0xc6,0x72,0xe1,0x56,0xd6,0xcc,0x25,0x3b,0x83,0x3d,0xf1,0xdd,0x69,0xb1,0xb0, | |
318 | 0x4e,0x75,0x1f,0x0f,0x00,0x2b,0x00,0x02,0x03,0x04, | |
319 | ); | |
320 | ||
321 | chunk_t server_data = chunk_from_chars( | |
02d74055 | 322 | /* Server Encrypted Extension */ |
9389fef7 PK |
323 | 0x08,0x00,0x00,0x24,0x00,0x22,0x00,0x0a,0x00,0x14,0x00,0x12,0x00,0x1d,0x00,0x17, |
324 | 0x00,0x18,0x00,0x19,0x01,0x00,0x01,0x01,0x01,0x02,0x01,0x03,0x01,0x04,0x00,0x1c, | |
325 | 0x00,0x02,0x40,0x01,0x00,0x00,0x00,0x00, | |
02d74055 | 326 | /* Server Certificate */ |
9389fef7 PK |
327 | 0x0b,0x00,0x01,0xb9,0x00,0x00,0x01,0xb5,0x00,0x01,0xb0,0x30,0x82,0x01,0xac,0x30, |
328 | 0x82,0x01,0x15,0xa0,0x03,0x02,0x01,0x02,0x02,0x01,0x02,0x30,0x0d,0x06,0x09,0x2a, | |
329 | 0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b,0x05,0x00,0x30,0x0e,0x31,0x0c,0x30,0x0a, | |
330 | 0x06,0x03,0x55,0x04,0x03,0x13,0x03,0x72,0x73,0x61,0x30,0x1e,0x17,0x0d,0x31,0x36, | |
331 | 0x30,0x37,0x33,0x30,0x30,0x31,0x32,0x33,0x35,0x39,0x5a,0x17,0x0d,0x32,0x36,0x30, | |
332 | 0x37,0x33,0x30,0x30,0x31,0x32,0x33,0x35,0x39,0x5a,0x30,0x0e,0x31,0x0c,0x30,0x0a, | |
333 | 0x06,0x03,0x55,0x04,0x03,0x13,0x03,0x72,0x73,0x61,0x30,0x81,0x9f,0x30,0x0d,0x06, | |
334 | 0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8d,0x00, | |
335 | 0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xb4,0xbb,0x49,0x8f,0x82,0x79,0x30,0x3d,0x98, | |
336 | 0x08,0x36,0x39,0x9b,0x36,0xc6,0x98,0x8c,0x0c,0x68,0xde,0x55,0xe1,0xbd,0xb8,0x26, | |
337 | 0xd3,0x90,0x1a,0x24,0x61,0xea,0xfd,0x2d,0xe4,0x9a,0x91,0xd0,0x15,0xab,0xbc,0x9a, | |
338 | 0x95,0x13,0x7a,0xce,0x6c,0x1a,0xf1,0x9e,0xaa,0x6a,0xf9,0x8c,0x7c,0xed,0x43,0x12, | |
339 | 0x09,0x98,0xe1,0x87,0xa8,0x0e,0xe0,0xcc,0xb0,0x52,0x4b,0x1b,0x01,0x8c,0x3e,0x0b, | |
340 | 0x63,0x26,0x4d,0x44,0x9a,0x6d,0x38,0xe2,0x2a,0x5f,0xda,0x43,0x08,0x46,0x74,0x80, | |
341 | 0x30,0x53,0x0e,0xf0,0x46,0x1c,0x8c,0xa9,0xd9,0xef,0xbf,0xae,0x8e,0xa6,0xd1,0xd0, | |
342 | 0x3e,0x2b,0xd1,0x93,0xef,0xf0,0xab,0x9a,0x80,0x02,0xc4,0x74,0x28,0xa6,0xd3,0x5a, | |
343 | 0x8d,0x88,0xd7,0x9f,0x7f,0x1e,0x3f,0x02,0x03,0x01,0x00,0x01,0xa3,0x1a,0x30,0x18, | |
344 | 0x30,0x09,0x06,0x03,0x55,0x1d,0x13,0x04,0x02,0x30,0x00,0x30,0x0b,0x06,0x03,0x55, | |
345 | 0x1d,0x0f,0x04,0x04,0x03,0x02,0x05,0xa0,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86, | |
346 | 0xf7,0x0d,0x01,0x01,0x0b,0x05,0x00,0x03,0x81,0x81,0x00,0x85,0xaa,0xd2,0xa0,0xe5, | |
347 | 0xb9,0x27,0x6b,0x90,0x8c,0x65,0xf7,0x3a,0x72,0x67,0x17,0x06,0x18,0xa5,0x4c,0x5f, | |
348 | 0x8a,0x7b,0x33,0x7d,0x2d,0xf7,0xa5,0x94,0x36,0x54,0x17,0xf2,0xea,0xe8,0xf8,0xa5, | |
349 | 0x8c,0x8f,0x81,0x72,0xf9,0x31,0x9c,0xf3,0x6b,0x7f,0xd6,0xc5,0x5b,0x80,0xf2,0x1a, | |
350 | 0x03,0x01,0x51,0x56,0x72,0x60,0x96,0xfd,0x33,0x5e,0x5e,0x67,0xf2,0xdb,0xf1,0x02, | |
351 | 0x70,0x2e,0x60,0x8c,0xca,0xe6,0xbe,0xc1,0xfc,0x63,0xa4,0x2a,0x99,0xbe,0x5c,0x3e, | |
352 | 0xb7,0x10,0x7c,0x3c,0x54,0xe9,0xb9,0xeb,0x2b,0xd5,0x20,0x3b,0x1c,0x3b,0x84,0xe0, | |
353 | 0xa8,0xb2,0xf7,0x59,0x40,0x9b,0xa3,0xea,0xc9,0xd9,0x1d,0x40,0x2d,0xcc,0x0c,0xc8, | |
354 | 0xf8,0x96,0x12,0x29,0xac,0x91,0x87,0xb4,0x2b,0x4d,0xe1,0x00,0x00, | |
02d74055 | 355 | /* Server Certificate Verify */ |
9389fef7 PK |
356 | 0x0f,0x00,0x00,0x84,0x08,0x04,0x00,0x80,0x5a,0x74,0x7c,0x5d,0x88,0xfa,0x9b,0xd2, |
357 | 0xe5,0x5a,0xb0,0x85,0xa6,0x10,0x15,0xb7,0x21,0x1f,0x82,0x4c,0xd4,0x84,0x14,0x5a, | |
358 | 0xb3,0xff,0x52,0xf1,0xfd,0xa8,0x47,0x7b,0x0b,0x7a,0xbc,0x90,0xdb,0x78,0xe2,0xd3, | |
359 | 0x3a,0x5c,0x14,0x1a,0x07,0x86,0x53,0xfa,0x6b,0xef,0x78,0x0c,0x5e,0xa2,0x48,0xee, | |
360 | 0xaa,0xa7,0x85,0xc4,0xf3,0x94,0xca,0xb6,0xd3,0x0b,0xbe,0x8d,0x48,0x59,0xee,0x51, | |
361 | 0x1f,0x60,0x29,0x57,0xb1,0x54,0x11,0xac,0x02,0x76,0x71,0x45,0x9e,0x46,0x44,0x5c, | |
362 | 0x9e,0xa5,0x8c,0x18,0x1e,0x81,0x8e,0x95,0xb8,0xc3,0xfb,0x0b,0xf3,0x27,0x84,0x09, | |
363 | 0xd3,0xbe,0x15,0x2a,0x3d,0xa5,0x04,0x3e,0x06,0x3d,0xda,0x65,0xcd,0xf5,0xae,0xa2, | |
364 | 0x0d,0x53,0xdf,0xac,0xd4,0x2f,0x74,0xf3, | |
02d74055 | 365 | /* Server Handshake Finish */ |
9389fef7 PK |
366 | 0x14,0x00,0x00,0x20,0x9b,0x9b,0x14,0x1d,0x90,0x63,0x37,0xfb,0xd2,0xcb,0xdc,0xe7, |
367 | 0x1d,0xf4,0xde,0xda,0x4a,0xb4,0x2c,0x30,0x95,0x72,0xcb,0x7f,0xff,0xee,0x54,0x54, | |
368 | 0xb7,0x8f,0x07,0x18, | |
369 | ); | |
370 | ||
371 | chunk_t client_finished = chunk_from_chars( | |
372 | 0x14,0x00,0x00,0x20,0xa8,0xec,0x43,0x6d,0x67,0x76,0x34,0xae,0x52,0x5a,0xc1,0xfc, | |
373 | 0xeb,0xe1,0x1a,0x03,0x9e,0xc1,0x76,0x94,0xfa,0xc6,0xe9,0x85,0x27,0xb6,0x42,0xf2, | |
374 | 0xed,0xd5,0xce,0x61, | |
02d74055 P |
375 | ); |
376 | ||
377 | chunk_t ecdhe = chunk_from_chars( | |
9389fef7 PK |
378 | 0x8b,0xd4,0x05,0x4f,0xb5,0x5b,0x9d,0x63,0xfd,0xfb,0xac,0xf9,0xf0,0x4b,0x9f,0x0d, |
379 | 0x35,0xe6,0xd6,0x3f,0x53,0x75,0x63,0xef,0xd4,0x62,0x72,0x90,0x0f,0x89,0x49,0x2d, | |
380 | ); | |
381 | ||
382 | chunk_t exp_client_handshake_traffic_secret = chunk_from_chars( | |
383 | 0xb3,0xed,0xdb,0x12,0x6e,0x06,0x7f,0x35,0xa7,0x80,0xb3,0xab,0xf4,0x5e,0x2d,0x8f, | |
384 | 0x3b,0x1a,0x95,0x07,0x38,0xf5,0x2e,0x96,0x00,0x74,0x6a,0x0e,0x27,0xa5,0x5a,0x21, | |
385 | ); | |
386 | ||
387 | chunk_t exp_client_handshake_key = chunk_from_chars( | |
388 | 0xdb,0xfa,0xa6,0x93,0xd1,0x76,0x2c,0x5b,0x66,0x6a,0xf5,0xd9,0x50,0x25,0x8d,0x01, | |
389 | ); | |
390 | ||
391 | chunk_t exp_client_handshake_iv = chunk_from_chars( | |
392 | 0x5b,0xd3,0xc7,0x1b,0x83,0x6e,0x0b,0x76,0xbb,0x73,0x26,0x5f, | |
393 | ); | |
394 | ||
395 | chunk_t exp_server_handshake_traffic_secret = chunk_from_chars( | |
396 | 0xb6,0x7b,0x7d,0x69,0x0c,0xc1,0x6c,0x4e,0x75,0xe5,0x42,0x13,0xcb,0x2d,0x37,0xb4, | |
397 | 0xe9,0xc9,0x12,0xbc,0xde,0xd9,0x10,0x5d,0x42,0xbe,0xfd,0x59,0xd3,0x91,0xad,0x38, | |
398 | ); | |
399 | ||
400 | chunk_t exp_server_handshake_key = chunk_from_chars( | |
401 | 0x3f,0xce,0x51,0x60,0x09,0xc2,0x17,0x27,0xd0,0xf2,0xe4,0xe8,0x6e,0xe4,0x03,0xbc, | |
402 | ); | |
403 | ||
404 | chunk_t exp_server_handshake_iv = chunk_from_chars( | |
405 | 0x5d,0x31,0x3e,0xb2,0x67,0x12,0x76,0xee,0x13,0x00,0x0b,0x30, | |
406 | ); | |
407 | ||
408 | chunk_t exp_client_finished_key = chunk_from_chars( | |
409 | 0xb8,0x0a,0xd0,0x10,0x15,0xfb,0x2f,0x0b,0xd6,0x5f,0xf7,0xd4,0xda,0x5d,0x6b,0xf8, | |
410 | 0x3f,0x84,0x82,0x1d,0x1f,0x87,0xfd,0xc7,0xd3,0xc7,0x5b,0x5a,0x7b,0x42,0xd9,0xc4, | |
411 | ); | |
412 | ||
413 | chunk_t exp_server_finished_key = chunk_from_chars( | |
414 | 0x00,0x8d,0x3b,0x66,0xf8,0x16,0xea,0x55,0x9f,0x96,0xb5,0x37,0xe8,0x85,0xc3,0x1f, | |
415 | 0xc0,0x68,0xbf,0x49,0x2c,0x65,0x2f,0x01,0xf2,0x88,0xa1,0xd8,0xcd,0xc1,0x9f,0xc8, | |
416 | ); | |
417 | ||
418 | chunk_t exp_client_application_traffic_secret = chunk_from_chars( | |
419 | 0x9e,0x40,0x64,0x6c,0xe7,0x9a,0x7f,0x9d,0xc0,0x5a,0xf8,0x88,0x9b,0xce,0x65,0x52, | |
420 | 0x87,0x5a,0xfa,0x0b,0x06,0xdf,0x00,0x87,0xf7,0x92,0xeb,0xb7,0xc1,0x75,0x04,0xa5, | |
02d74055 P |
421 | ); |
422 | ||
9389fef7 PK |
423 | chunk_t exp_client_application_key = chunk_from_chars( |
424 | 0x17,0x42,0x2d,0xda,0x59,0x6e,0xd5,0xd9,0xac,0xd8,0x90,0xe3,0xc6,0x3f,0x50,0x51, | |
02d74055 P |
425 | ); |
426 | ||
9389fef7 PK |
427 | chunk_t exp_client_application_iv = chunk_from_chars( |
428 | 0x5b,0x78,0x92,0x3d,0xee,0x08,0x57,0x90,0x33,0xe5,0x23,0xd9, | |
02d74055 P |
429 | ); |
430 | ||
9389fef7 PK |
431 | chunk_t exp_server_application_traffic_secret = chunk_from_chars( |
432 | 0xa1,0x1a,0xf9,0xf0,0x55,0x31,0xf8,0x56,0xad,0x47,0x11,0x6b,0x45,0xa9,0x50,0x32, | |
433 | 0x82,0x04,0xb4,0xf4,0x4b,0xfb,0x6b,0x3a,0x4b,0x4f,0x1f,0x3f,0xcb,0x63,0x16,0x43, | |
02d74055 P |
434 | ); |
435 | ||
9389fef7 PK |
436 | chunk_t exp_server_application_key = chunk_from_chars( |
437 | 0x9f,0x02,0x28,0x3b,0x6c,0x9c,0x07,0xef,0xc2,0x6b,0xb9,0xf2,0xac,0x92,0xe3,0x56, | |
02d74055 P |
438 | ); |
439 | ||
9389fef7 PK |
440 | chunk_t exp_server_application_iv = chunk_from_chars( |
441 | 0xcf,0x78,0x2b,0x88,0xdd,0x83,0x54,0x9a,0xad,0xf1,0xe9,0x84, | |
442 | ); | |
443 | ||
444 | chunk_t exp_generated_resumption_secret = chunk_from_chars( | |
445 | 0x4e,0xcd,0x0e,0xb6,0xec,0x3b,0x4d,0x87,0xf5,0xd6,0x02,0x8f,0x92,0x2c,0xa4,0xc5, | |
446 | 0x85,0x1a,0x27,0x7f,0xd4,0x13,0x11,0xc9,0xe6,0x2d,0x2c,0x94,0x92,0xe1,0xc4,0xf3, | |
447 | ); | |
448 | ||
449 | chunk_t hs_data; | |
02d74055 P |
450 | |
451 | tls_hkdf_t *hkdf = tls_hkdf_create(HASH_SHA256, chunk_empty); | |
9389fef7 PK |
452 | ck_assert(hkdf); |
453 | ||
02d74055 P |
454 | hkdf->set_shared_secret(hkdf, ecdhe); |
455 | ||
9389fef7 PK |
456 | /* Generate client handshake traffic secret */ |
457 | hs_data = chunk_cata("cc", client_hello, server_hello); | |
458 | check_secret_key_iv(hkdf, TLS_HKDF_C_HS_TRAFFIC, hs_data, FALSE, | |
459 | exp_client_handshake_traffic_secret, 16, 12, | |
460 | exp_client_handshake_key, | |
461 | exp_client_handshake_iv); | |
462 | check_finished(hkdf, FALSE, exp_client_finished_key); | |
463 | ||
464 | /* Generate server handshake traffic secret */ | |
465 | check_secret_key_iv(hkdf, TLS_HKDF_S_HS_TRAFFIC, hs_data, TRUE, | |
466 | exp_server_handshake_traffic_secret, 16, 12, | |
467 | exp_server_handshake_key, | |
468 | exp_server_handshake_iv); | |
469 | check_finished(hkdf, TRUE, exp_server_finished_key); | |
470 | ||
02d74055 | 471 | /* Generate client application traffic secret */ |
9389fef7 PK |
472 | hs_data = chunk_cata("cc", hs_data, server_data); |
473 | check_secret_key_iv(hkdf, TLS_HKDF_C_AP_TRAFFIC, hs_data, FALSE, | |
474 | exp_client_application_traffic_secret, 16, 12, | |
475 | exp_client_application_key, | |
476 | exp_client_application_iv); | |
477 | ||
478 | /* Generate server application traffic secret */ | |
479 | check_secret_key_iv(hkdf, TLS_HKDF_S_AP_TRAFFIC, hs_data, TRUE, | |
480 | exp_server_application_traffic_secret, 16, 12, | |
481 | exp_server_application_key, | |
482 | exp_server_application_iv); | |
483 | ||
484 | /* Generating resumption master secret */ | |
485 | hs_data = chunk_cata("cc", hs_data, client_finished); | |
486 | check_resumption(hkdf, hs_data, exp_generated_resumption_secret); | |
487 | ||
488 | hkdf->destroy(hkdf); | |
489 | } | |
490 | END_TEST | |
02d74055 | 491 | |
9389fef7 PK |
492 | START_TEST(test_rfc8448_resumed_0_rtt_handshake) |
493 | { | |
494 | chunk_t client_hello = chunk_from_chars( | |
495 | 0x01,0x00,0x01,0xfc,0x03,0x03,0x1b,0xc3,0xce,0xb6,0xbb,0xe3,0x9c,0xff,0x93,0x83, | |
496 | 0x55,0xb5,0xa5,0x0a,0xdb,0x6d,0xb2,0x1b,0x7a,0x6a,0xf6,0x49,0xd7,0xb4,0xbc,0x41, | |
497 | 0x9d,0x78,0x76,0x48,0x7d,0x95,0x00,0x00,0x06,0x13,0x01,0x13,0x03,0x13,0x02,0x01, | |
498 | 0x00,0x01,0xcd,0x00,0x00,0x00,0x0b,0x00,0x09,0x00,0x00,0x06,0x73,0x65,0x72,0x76, | |
499 | 0x65,0x72,0xff,0x01,0x00,0x01,0x00,0x00,0x0a,0x00,0x14,0x00,0x12,0x00,0x1d,0x00, | |
500 | 0x17,0x00,0x18,0x00,0x19,0x01,0x00,0x01,0x01,0x01,0x02,0x01,0x03,0x01,0x04,0x00, | |
501 | 0x33,0x00,0x26,0x00,0x24,0x00,0x1d,0x00,0x20,0xe4,0xff,0xb6,0x8a,0xc0,0x5f,0x8d, | |
502 | 0x96,0xc9,0x9d,0xa2,0x66,0x98,0x34,0x6c,0x6b,0xe1,0x64,0x82,0xba,0xdd,0xda,0xfe, | |
503 | 0x05,0x1a,0x66,0xb4,0xf1,0x8d,0x66,0x8f,0x0b,0x00,0x2a,0x00,0x00,0x00,0x2b,0x00, | |
504 | 0x03,0x02,0x03,0x04,0x00,0x0d,0x00,0x20,0x00,0x1e,0x04,0x03,0x05,0x03,0x06,0x03, | |
505 | 0x02,0x03,0x08,0x04,0x08,0x05,0x08,0x06,0x04,0x01,0x05,0x01,0x06,0x01,0x02,0x01, | |
506 | 0x04,0x02,0x05,0x02,0x06,0x02,0x02,0x02,0x00,0x2d,0x00,0x02,0x01,0x01,0x00,0x1c, | |
507 | 0x00,0x02,0x40,0x01,0x00,0x15,0x00,0x57,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, | |
508 | 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, | |
509 | 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, | |
510 | 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, | |
511 | 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, | |
512 | 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, | |
513 | 0x29,0x00,0xdd,0x00,0xb8,0x00,0xb2,0x2c,0x03,0x5d,0x82,0x93,0x59,0xee,0x5f,0xf7, | |
514 | 0xaf,0x4e,0xc9,0x00,0x00,0x00,0x00,0x26,0x2a,0x64,0x94,0xdc,0x48,0x6d,0x2c,0x8a, | |
515 | 0x34,0xcb,0x33,0xfa,0x90,0xbf,0x1b,0x00,0x70,0xad,0x3c,0x49,0x88,0x83,0xc9,0x36, | |
516 | 0x7c,0x09,0xa2,0xbe,0x78,0x5a,0xbc,0x55,0xcd,0x22,0x60,0x97,0xa3,0xa9,0x82,0x11, | |
517 | 0x72,0x83,0xf8,0x2a,0x03,0xa1,0x43,0xef,0xd3,0xff,0x5d,0xd3,0x6d,0x64,0xe8,0x61, | |
518 | 0xbe,0x7f,0xd6,0x1d,0x28,0x27,0xdb,0x27,0x9c,0xce,0x14,0x50,0x77,0xd4,0x54,0xa3, | |
519 | 0x66,0x4d,0x4e,0x6d,0xa4,0xd2,0x9e,0xe0,0x37,0x25,0xa6,0xa4,0xda,0xfc,0xd0,0xfc, | |
520 | 0x67,0xd2,0xae,0xa7,0x05,0x29,0x51,0x3e,0x3d,0xa2,0x67,0x7f,0xa5,0x90,0x6c,0x5b, | |
521 | 0x3f,0x7d,0x8f,0x92,0xf2,0x28,0xbd,0xa4,0x0d,0xda,0x72,0x14,0x70,0xf9,0xfb,0xf2, | |
522 | 0x97,0xb5,0xae,0xa6,0x17,0x64,0x6f,0xac,0x5c,0x03,0x27,0x2e,0x97,0x07,0x27,0xc6, | |
523 | 0x21,0xa7,0x91,0x41,0xef,0x5f,0x7d,0xe6,0x50,0x5e,0x5b,0xfb,0xc3,0x88,0xe9,0x33, | |
524 | 0x43,0x69,0x40,0x93,0x93,0x4a,0xe4,0xd3,0x57,0xfa,0xd6,0xaa,0xcb, | |
525 | ); | |
526 | ||
527 | chunk_t client_hello_hash = chunk_from_chars( | |
528 | 0x63,0x22,0x4b,0x2e,0x45,0x73,0xf2,0xd3,0x45,0x4c,0xa8,0x4b,0x9d,0x00,0x9a,0x04, | |
529 | 0xf6,0xbe,0x9e,0x05,0x71,0x1a,0x83,0x96,0x47,0x3a,0xef,0xa0,0x1e,0x92,0x4a,0x14, | |
530 | ); | |
531 | ||
532 | chunk_t server_hello = chunk_from_chars( | |
533 | 0x02,0x00,0x00,0x5c,0x03,0x03,0x3c,0xcf,0xd2,0xde,0xc8,0x90,0x22,0x27,0x63,0x47, | |
534 | 0x2a,0xe8,0x13,0x67,0x77,0xc9,0xd7,0x35,0x87,0x77,0xbb,0x66,0xe9,0x1e,0xa5,0x12, | |
535 | 0x24,0x95,0xf5,0x59,0xea,0x2d,0x00,0x13,0x01,0x00,0x00,0x34,0x00,0x29,0x00,0x02, | |
536 | 0x00,0x00,0x00,0x33,0x00,0x24,0x00,0x1d,0x00,0x20,0x12,0x17,0x61,0xee,0x42,0xc3, | |
537 | 0x33,0xe1,0xb9,0xe7,0x7b,0x60,0xdd,0x57,0xc2,0x05,0x3c,0xd9,0x45,0x12,0xab,0x47, | |
538 | 0xf1,0x15,0xe8,0x6e,0xff,0x50,0x94,0x2c,0xea,0x31,0x00,0x2b,0x00,0x02,0x03,0x04, | |
539 | ); | |
540 | ||
541 | chunk_t encrypted_extension = chunk_from_chars( | |
542 | 0x08,0x00,0x00,0x28,0x00,0x26,0x00,0x0a,0x00,0x14,0x00,0x12,0x00,0x1d,0x00,0x17, | |
543 | 0x00,0x18,0x00,0x19,0x01,0x00,0x01,0x01,0x01,0x02,0x01,0x03,0x01,0x04,0x00,0x1c, | |
544 | 0x00,0x02,0x40,0x01,0x00,0x00,0x00,0x00,0x00,0x2a,0x00,0x00, | |
545 | ); | |
546 | ||
547 | chunk_t server_finished = chunk_from_chars( | |
548 | 0x14,0x00,0x00,0x20,0x48,0xd3,0xe0,0xe1,0xb3,0xd9,0x07,0xc6,0xac,0xff,0x14,0x5e, | |
549 | 0x16,0x09,0x03,0x88,0xc7,0x7b,0x05,0xc0,0x50,0xb6,0x34,0xab,0x1a,0x88,0xbb,0xd0, | |
550 | 0xdd,0x1a,0x34,0xb2, | |
551 | ); | |
02d74055 | 552 | |
9389fef7 PK |
553 | chunk_t end_of_early_data = chunk_from_chars( |
554 | 0x05,0x00,0x00,0x00, | |
555 | ); | |
556 | ||
557 | chunk_t client_finished = chunk_from_chars( | |
558 | 0x14,0x00,0x00,0x20,0x72,0x30,0xa9,0xc9,0x52,0xc2,0x5c,0xd6,0x13,0x8f,0xc5,0xe6, | |
559 | 0x62,0x83,0x08,0xc4,0x1c,0x53,0x35,0xdd,0x81,0xb9,0xf9,0x6b,0xce,0xa5,0x0f,0xd3, | |
560 | 0x2b,0xda,0x41,0x6d, | |
561 | ); | |
562 | ||
563 | chunk_t psk = chunk_from_chars( | |
564 | 0x4e,0xcd,0x0e,0xb6,0xec,0x3b,0x4d,0x87,0xf5,0xd6,0x02,0x8f,0x92,0x2c,0xa4,0xc5, | |
565 | 0x85,0x1a,0x27,0x7f,0xd4,0x13,0x11,0xc9,0xe6,0x2d,0x2c,0x94,0x92,0xe1,0xc4,0xf3, | |
566 | ); | |
567 | ||
568 | chunk_t ecdhe = chunk_from_chars( | |
569 | 0xf4,0x41,0x94,0x75,0x6f,0xf9,0xec,0x9d,0x25,0x18,0x06,0x35,0xd6,0x6e,0xa6,0x82, | |
570 | 0x4c,0x6a,0xb3,0xbf,0x17,0x99,0x77,0xbe,0x37,0xf7,0x23,0x57,0x0e,0x7c,0xcb,0x2e, | |
571 | ); | |
572 | ||
573 | chunk_t exp_psk_binder = chunk_from_chars( | |
574 | 0x3a,0xdd,0x4f,0xb2,0xd8,0xfd,0xf8,0x22,0xa0,0xca,0x3c,0xf7,0x67,0x8e,0xf5,0xe8, | |
575 | 0x8d,0xae,0x99,0x01,0x41,0xc5,0x92,0x4d,0x57,0xbb,0x6f,0xa3,0x1b,0x9e,0x5f,0x9d, | |
576 | ); | |
577 | ||
578 | chunk_t exp_early_exporter_master_secret = chunk_from_chars( | |
579 | 0xb2,0x02,0x68,0x66,0x61,0x09,0x37,0xd7,0x42,0x3e,0x5b,0xe9,0x08,0x62,0xcc,0xf2, | |
580 | 0x4c,0x0e,0x60,0x91,0x18,0x6d,0x34,0xf8,0x12,0x08,0x9f,0xf5,0xbe,0x2e,0xf7,0xdf, | |
581 | ); | |
582 | ||
583 | chunk_t exp_client_handshake_traffic_secret = chunk_from_chars( | |
584 | 0x2f,0xaa,0xc0,0x8f,0x85,0x1d,0x35,0xfe,0xa3,0x60,0x4f,0xcb,0x4d,0xe8,0x2d,0xc6, | |
585 | 0x2c,0x9b,0x16,0x4a,0x70,0x97,0x4d,0x04,0x62,0xe2,0x7f,0x1a,0xb2,0x78,0x70,0x0f, | |
586 | ); | |
587 | ||
588 | chunk_t exp_client_handshake_key = chunk_from_chars( | |
589 | 0xb1,0x53,0x08,0x06,0xf4,0xad,0xfe,0xac,0x83,0xf1,0x41,0x30,0x32,0xbb,0xfa,0x82, | |
590 | ); | |
591 | ||
592 | chunk_t exp_client_handshake_iv = chunk_from_chars( | |
593 | 0xeb,0x50,0xc1,0x6b,0xe7,0x65,0x4a,0xbf,0x99,0xdd,0x06,0xd9, | |
594 | ); | |
595 | ||
596 | chunk_t exp_server_handshake_traffic_secret = chunk_from_chars( | |
597 | 0xfe,0x92,0x7a,0xe2,0x71,0x31,0x2e,0x8b,0xf0,0x27,0x5b,0x58,0x1c,0x54,0xee,0xf0, | |
598 | 0x20,0x45,0x0d,0xc4,0xec,0xff,0xaa,0x05,0xa1,0xa3,0x5d,0x27,0x51,0x8e,0x78,0x03, | |
599 | ); | |
600 | ||
601 | chunk_t exp_server_handshake_key = chunk_from_chars( | |
602 | 0x27,0xc6,0xbd,0xc0,0xa3,0xdc,0xea,0x39,0xa4,0x73,0x26,0xd7,0x9b,0xc9,0xe4,0xee, | |
603 | ); | |
604 | ||
605 | chunk_t exp_server_handshake_iv = chunk_from_chars( | |
606 | 0x95,0x69,0xec,0xdd,0x4d,0x05,0x36,0x70,0x5e,0x9e,0xf7,0x25, | |
607 | ); | |
608 | ||
609 | chunk_t exp_server_finished = chunk_from_chars( | |
610 | 0x4b,0xb7,0x4c,0xae,0x7a,0x5d,0xc8,0x91,0x46,0x04,0xc0,0xbf,0xbe,0x2f,0x0c,0x06, | |
611 | 0x23,0x96,0x88,0x39,0x22,0xbe,0xc8,0xa1,0x5e,0x2a,0x9b,0x53,0x2a,0x5d,0x39,0x2c, | |
612 | ||
613 | ); | |
614 | ||
615 | chunk_t exp_client_finished = chunk_from_chars( | |
616 | 0x5a,0xce,0x39,0x4c,0x26,0x98,0x0d,0x58,0x12,0x43,0xf6,0x27,0xd1,0x15,0x0a,0xe2, | |
617 | 0x7e,0x37,0xfa,0x52,0x36,0x4e,0x0a,0x7f,0x20,0xac,0x68,0x6d,0x09,0xcd,0x0e,0x8e, | |
618 | ); | |
619 | ||
620 | chunk_t exp_client_application_traffic_secret = chunk_from_chars( | |
621 | 0x2a,0xbb,0xf2,0xb8,0xe3,0x81,0xd2,0x3d,0xbe,0xbe,0x1d,0xd2,0xa7,0xd1,0x6a,0x8b, | |
622 | 0xf4,0x84,0xcb,0x49,0x50,0xd2,0x3f,0xb7,0xfb,0x7f,0xa8,0x54,0x70,0x62,0xd9,0xa1, | |
623 | ); | |
624 | ||
625 | chunk_t exp_client_application_key = chunk_from_chars( | |
626 | 0x3c,0xf1,0x22,0xf3,0x01,0xc6,0x35,0x8c,0xa7,0x98,0x95,0x53,0x25,0x0e,0xfd,0x72, | |
627 | ); | |
628 | ||
629 | chunk_t exp_client_application_iv = chunk_from_chars( | |
630 | 0xab,0x1a,0xec,0x26,0xaa,0x78,0xb8,0xfc,0x11,0x76,0xb9,0xac, | |
631 | ); | |
632 | ||
633 | chunk_t exp_server_application_traffic_secret = chunk_from_chars( | |
634 | 0xcc,0x21,0xf1,0xbf,0x8f,0xeb,0x7d,0xd5,0xfa,0x50,0x5b,0xd9,0xc4,0xb4,0x68,0xa9, | |
635 | 0x98,0x4d,0x55,0x4a,0x99,0x3d,0xc4,0x9e,0x6d,0x28,0x55,0x98,0xfb,0x67,0x26,0x91, | |
636 | ); | |
637 | ||
638 | chunk_t exp_server_application_key = chunk_from_chars( | |
639 | 0xe8,0x57,0xc6,0x90,0xa3,0x4c,0x5a,0x91,0x29,0xd8,0x33,0x61,0x96,0x84,0xf9,0x5e | |
640 | ); | |
641 | ||
642 | chunk_t exp_server_application_iv = chunk_from_chars( | |
643 | 0x06,0x85,0xd6,0xb5,0x61,0xaa,0xb9,0xef,0x10,0x13,0xfa,0xf9, | |
644 | ); | |
645 | ||
646 | chunk_t exp_exporter_master_secret = chunk_from_chars( | |
647 | 0x3f,0xd9,0x3d,0x4f,0xfd,0xdc,0x98,0xe6,0x4b,0x14,0xdd,0x10,0x7a,0xed,0xf8,0xee, | |
648 | 0x4a,0xdd,0x23,0xf4,0x51,0x0f,0x58,0xa4,0x59,0x2d,0x0b,0x20,0x1b,0xee,0x56,0xb4, | |
649 | ); | |
650 | ||
651 | chunk_t exp_resumption_master_secret = chunk_from_chars( | |
652 | 0x5e,0x95,0xbd,0xf1,0xf8,0x90,0x05,0xea,0x2e,0x9a,0xa0,0xba,0x85,0xe7,0x28,0xe3, | |
653 | 0xc1,0x9c,0x5f,0xe0,0xc6,0x99,0xe3,0xf5,0xbe,0xe5,0x9f,0xae,0xbd,0x0b,0x54,0x06, | |
654 | ); | |
655 | ||
656 | chunk_t hs_data, psk_binder; | |
657 | ||
658 | tls_hkdf_t *hkdf = tls_hkdf_create(HASH_SHA256, psk); | |
659 | ck_assert(hkdf); | |
660 | ||
661 | ck_assert(hkdf->binder(hkdf, client_hello_hash, &psk_binder)); | |
662 | ck_assert_chunk_eq(exp_psk_binder, psk_binder); | |
663 | ||
664 | /* PSK binder is wrapped first with 0x20 and then with 0x00,0x21 length bytes*/ | |
665 | hs_data = chunk_cata("ccc", client_hello, chunk_from_chars(0x00,0x21,0x20), | |
666 | psk_binder); | |
667 | check_secret(hkdf, TLS_HKDF_E_EXP_MASTER, hs_data, exp_early_exporter_master_secret); | |
668 | ||
669 | hkdf->set_shared_secret(hkdf, ecdhe); | |
670 | ||
671 | /* Generate client handshake traffic secret */ | |
672 | hs_data = chunk_cata("cc", hs_data, server_hello); | |
673 | check_secret_key_iv(hkdf, TLS_HKDF_C_HS_TRAFFIC, hs_data, FALSE, | |
674 | exp_client_handshake_traffic_secret, 16, 12, | |
675 | exp_client_handshake_key, | |
676 | exp_client_handshake_iv); | |
677 | ||
678 | /* Generate sever handshake traffic secret */ | |
679 | check_secret_key_iv(hkdf, TLS_HKDF_S_HS_TRAFFIC, hs_data, TRUE, | |
680 | exp_server_handshake_traffic_secret, 16, 12, | |
681 | exp_server_handshake_key, | |
682 | exp_server_handshake_iv); | |
683 | ||
684 | check_finished(hkdf, TRUE, exp_server_finished); | |
685 | check_finished(hkdf, FALSE, exp_client_finished); | |
686 | ||
687 | /* Generate client application traffic secret */ | |
688 | hs_data = chunk_cata("ccc", hs_data, encrypted_extension, server_finished); | |
689 | check_secret_key_iv(hkdf, TLS_HKDF_C_AP_TRAFFIC, hs_data, FALSE, | |
690 | exp_client_application_traffic_secret, 16, 12, | |
691 | exp_client_application_key, | |
692 | exp_client_application_iv); | |
02d74055 P |
693 | |
694 | /* Generate server application traffic secret */ | |
9389fef7 PK |
695 | check_secret_key_iv(hkdf, TLS_HKDF_S_AP_TRAFFIC, hs_data, TRUE, |
696 | exp_server_application_traffic_secret, 16, 12, | |
697 | exp_server_application_key, | |
698 | exp_server_application_iv); | |
02d74055 | 699 | |
9389fef7 | 700 | check_secret(hkdf, TLS_HKDF_EXP_MASTER, hs_data, exp_exporter_master_secret); |
02d74055 | 701 | |
9389fef7 PK |
702 | hs_data = chunk_cata("ccc", hs_data, end_of_early_data, client_finished); |
703 | check_secret(hkdf, TLS_HKDF_RES_MASTER, hs_data, exp_resumption_master_secret); | |
02d74055 P |
704 | |
705 | hkdf->destroy(hkdf); | |
9389fef7 | 706 | chunk_free(&psk_binder); |
02d74055 P |
707 | } |
708 | END_TEST | |
709 | ||
710 | Suite *hkdf_suite_create() | |
711 | { | |
712 | Suite *s; | |
713 | TCase *tc; | |
714 | ||
715 | s = suite_create("HKDF TLS 1.3"); | |
716 | ||
717 | tc = tcase_create("Ulfheim Keys"); | |
718 | tcase_add_test(tc, test_ulfheim_handshake); | |
719 | tcase_add_test(tc, test_ulfheim_traffic); | |
720 | suite_add_tcase(s, tc); | |
721 | ||
9389fef7 PK |
722 | tc = tcase_create("RFC 8448"); |
723 | tcase_add_test(tc, test_rfc8448_simple_1_rtt_handshake); | |
724 | tcase_add_test(tc, test_rfc8448_resumed_0_rtt_handshake); | |
725 | suite_add_tcase(s, tc); | |
726 | ||
02d74055 P |
727 | return s; |
728 | } |