tls-hkdf: Implement binder PSK generation
[strongswan.git] / src / libtls / tests / suites / test_hkdf.c
1 /*
2 * Copyright (C) 2020 Pascal Knecht
3 * Copyright (C) 2020 Méline Sieber
4 * HSR Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include <test_suite.h>
18
19 #include "tls_hkdf.h"
20
21 START_TEST(test_ulfheim_handshake)
22 {
23 chunk_t handshake = chunk_from_chars(
24 /* Client Hello */
25 0x01, 0x00, 0x00, 0xc6, 0x03, 0x03, 0x00, 0x01,
26 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
27 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11,
28 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
29 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0xe0,
30 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 0xe8,
31 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 0xf0,
32 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8,
33 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, 0x00,
34 0x06, 0x13, 0x01, 0x13, 0x02, 0x13, 0x03, 0x01,
35 0x00, 0x00, 0x77, 0x00, 0x00, 0x00, 0x18, 0x00,
36 0x16, 0x00, 0x00, 0x13, 0x65, 0x78, 0x61, 0x6d,
37 0x70, 0x6c, 0x65, 0x2e, 0x75, 0x6c, 0x66, 0x68,
38 0x65, 0x69, 0x6d, 0x2e, 0x6e, 0x65, 0x74, 0x00,
39 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00,
40 0x17, 0x00, 0x18, 0x00, 0x0d, 0x00, 0x14, 0x00,
41 0x12, 0x04, 0x03, 0x08, 0x04, 0x04, 0x01, 0x05,
42 0x03, 0x08, 0x05, 0x05, 0x01, 0x08, 0x06, 0x06,
43 0x01, 0x02, 0x01, 0x00, 0x33, 0x00, 0x26, 0x00,
44 0x24, 0x00, 0x1d, 0x00, 0x20, 0x35, 0x80, 0x72,
45 0xd6, 0x36, 0x58, 0x80, 0xd1, 0xae, 0xea, 0x32,
46 0x9a, 0xdf, 0x91, 0x21, 0x38, 0x38, 0x51, 0xed,
47 0x21, 0xa2, 0x8e, 0x3b, 0x75, 0xe9, 0x65, 0xd0,
48 0xd2, 0xcd, 0x16, 0x62, 0x54, 0x00, 0x2d, 0x00,
49 0x02, 0x01, 0x01, 0x00, 0x2b, 0x00, 0x03, 0x02,
50 0x03, 0x04,
51 /* Server Hello */
52 0x02, 0x00, 0x00, 0x76, 0x03, 0x03, 0x70, 0x71,
53 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79,
54 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81,
55 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89,
56 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x20, 0xe0,
57 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 0xe8,
58 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 0xf0,
59 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8,
60 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, 0x13,
61 0x01, 0x00, 0x00, 0x2e, 0x00, 0x33, 0x00, 0x24,
62 0x00, 0x1d, 0x00, 0x20, 0x9f, 0xd7, 0xad, 0x6d,
63 0xcf, 0xf4, 0x29, 0x8d, 0xd3, 0xf9, 0x6d, 0x5b,
64 0x1b, 0x2a, 0xf9, 0x10, 0xa0, 0x53, 0x5b, 0x14,
65 0x88, 0xd7, 0xf8, 0xfa, 0xbb, 0x34, 0x9a, 0x98,
66 0x28, 0x80, 0xb6, 0x15, 0x00, 0x2b, 0x00, 0x02,
67 0x03, 0x04,
68 );
69
70 chunk_t ecdhe = chunk_from_chars(
71 0xdf, 0x4a, 0x29, 0x1b, 0xaa, 0x1e, 0xb7, 0xcf,
72 0xa6, 0x93, 0x4b, 0x29, 0xb4, 0x74, 0xba, 0xad,
73 0x26, 0x97, 0xe2, 0x9f, 0x1f, 0x92, 0x0d, 0xcc,
74 0x77, 0xc8, 0xa0, 0xa0, 0x88, 0x44, 0x76, 0x24,
75 );
76
77 chunk_t expected_client_handshake_traffic_secret = chunk_from_chars(
78 0xff, 0x0e, 0x5b, 0x96, 0x52, 0x91, 0xc6, 0x08,
79 0xc1, 0xe8, 0xcd, 0x26, 0x7e, 0xef, 0xc0, 0xaf,
80 0xcc, 0x5e, 0x98, 0xa2, 0x78, 0x63, 0x73, 0xf0,
81 0xdb, 0x47, 0xb0, 0x47, 0x86, 0xd7, 0x2a, 0xea,
82 );
83
84 chunk_t expected_server_handshake_traffic_secret = chunk_from_chars(
85 0xa2, 0x06, 0x72, 0x65, 0xe7, 0xf0, 0x65, 0x2a,
86 0x92, 0x3d, 0x5d, 0x72, 0xab, 0x04, 0x67, 0xc4,
87 0x61, 0x32, 0xee, 0xb9, 0x68, 0xb6, 0xa3, 0x2d,
88 0x31, 0x1c, 0x80, 0x58, 0x68, 0x54, 0x88, 0x14,
89 );
90
91 chunk_t expected_client_handshake_key = chunk_from_chars(
92 0x71, 0x54, 0xf3, 0x14, 0xe6, 0xbe, 0x7d, 0xc0,
93 0x08, 0xdf, 0x2c, 0x83, 0x2b, 0xaa, 0x1d, 0x39,
94 );
95
96 chunk_t expected_client_handshake_iv = chunk_from_chars(
97 0x71, 0xab, 0xc2, 0xca, 0xe4, 0xc6, 0x99, 0xd4,
98 0x7c, 0x60, 0x02, 0x68,
99 );
100
101 chunk_t expected_server_handshake_key = chunk_from_chars(
102 0x84, 0x47, 0x80, 0xa7, 0xac, 0xad, 0x9f, 0x98,
103 0x0f, 0xa2, 0x5c, 0x11, 0x4e, 0x43, 0x40, 0x2a,
104 );
105
106 chunk_t expected_server_handshake_iv = chunk_from_chars(
107 0x4c, 0x04, 0x2d, 0xdc, 0x12, 0x0a, 0x38, 0xd1,
108 0x41, 0x7f, 0xc8, 0x15,
109 );
110
111 chunk_t expected_client_finished_key = chunk_from_chars(
112 0x7c, 0x60, 0xf8, 0xd6, 0x34, 0x6f, 0x4a, 0x96,
113 0x91, 0xd2, 0xae, 0x64, 0x5a, 0x78, 0x85, 0xe0,
114 0x10, 0x4a, 0xdf, 0xf9, 0x8e, 0xba, 0x98, 0x1c,
115 0xa2, 0xf9, 0x9e, 0xf6, 0x2b, 0xdd, 0x8f, 0xaa,
116 );
117
118 chunk_t expected_server_finished_key = chunk_from_chars(
119 0xea, 0x84, 0xab, 0xd2, 0xad, 0xa0, 0xb5, 0xc6,
120 0x4c, 0x08, 0x07, 0xa3, 0x26, 0xb6, 0xfd, 0x94,
121 0xa9, 0x59, 0x7e, 0x39, 0xca, 0x62, 0x10, 0x60,
122 0x7c, 0x0d, 0x3c, 0x8c, 0x76, 0x68, 0x65, 0x71,
123 );
124
125 chunk_t c_secret, c_key, c_iv, s_secret, s_key, s_iv, c_finished,
126 s_finished;
127
128 tls_hkdf_t *hkdf = tls_hkdf_create(HASH_SHA256, chunk_empty);
129 hkdf->set_shared_secret(hkdf, ecdhe);
130
131 /* Generate client handshake traffic secret */
132 ck_assert(hkdf->generate_secret(hkdf, TLS_HKDF_C_HS_TRAFFIC, handshake,
133 &c_secret));
134 ck_assert_chunk_eq(expected_client_handshake_traffic_secret, c_secret);
135
136 ck_assert(hkdf->derive_key(hkdf, FALSE, 16, &c_key));
137 ck_assert_chunk_eq(expected_client_handshake_key, c_key);
138
139 ck_assert(hkdf->derive_iv(hkdf, FALSE, 12, &c_iv));
140 ck_assert_chunk_eq(expected_client_handshake_iv, c_iv);
141
142 ck_assert(hkdf->derive_finished(hkdf, TRUE, &c_finished));
143 ck_assert_chunk_eq(expected_client_finished_key, c_finished);
144
145 /* Generate server handshake traffic secret */
146 ck_assert(hkdf->generate_secret(hkdf, TLS_HKDF_S_HS_TRAFFIC, handshake,
147 &s_secret));
148 ck_assert_chunk_eq(expected_server_handshake_traffic_secret, s_secret);
149
150 ck_assert(hkdf->derive_key(hkdf, TRUE, 16, &s_key));
151 ck_assert_chunk_eq(expected_server_handshake_key, s_key);
152
153 ck_assert(hkdf->derive_iv(hkdf, TRUE, 12, &s_iv));
154 ck_assert_chunk_eq(expected_server_handshake_iv, s_iv);
155
156 ck_assert(hkdf->derive_finished(hkdf, TRUE, &s_finished));
157 ck_assert_chunk_eq(expected_server_finished_key, s_finished);
158
159 hkdf->destroy(hkdf);
160
161 chunk_free(&c_secret);
162 chunk_free(&c_key);
163 chunk_free(&c_iv);
164 chunk_free(&s_secret);
165 chunk_free(&s_key);
166 chunk_free(&s_iv);
167 chunk_free(&c_finished);
168 chunk_free(&s_finished);
169 }
170 END_TEST
171
172 START_TEST(test_ulfheim_traffic)
173 {
174 chunk_t handshake = chunk_from_chars(
175 /* Client Hello */
176 0x01, 0x00, 0x00, 0xc6, 0x03, 0x03, 0x00, 0x01,
177 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
178 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11,
179 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
180 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0xe0,
181 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 0xe8,
182 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 0xf0,
183 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8,
184 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, 0x00,
185 0x06, 0x13, 0x01, 0x13, 0x02, 0x13, 0x03, 0x01,
186 0x00, 0x00, 0x77, 0x00, 0x00, 0x00, 0x18, 0x00,
187 0x16, 0x00, 0x00, 0x13, 0x65, 0x78, 0x61, 0x6d,
188 0x70, 0x6c, 0x65, 0x2e, 0x75, 0x6c, 0x66, 0x68,
189 0x65, 0x69, 0x6d, 0x2e, 0x6e, 0x65, 0x74, 0x00,
190 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00,
191 0x17, 0x00, 0x18, 0x00, 0x0d, 0x00, 0x14, 0x00,
192 0x12, 0x04, 0x03, 0x08, 0x04, 0x04, 0x01, 0x05,
193 0x03, 0x08, 0x05, 0x05, 0x01, 0x08, 0x06, 0x06,
194 0x01, 0x02, 0x01, 0x00, 0x33, 0x00, 0x26, 0x00,
195 0x24, 0x00, 0x1d, 0x00, 0x20, 0x35, 0x80, 0x72,
196 0xd6, 0x36, 0x58, 0x80, 0xd1, 0xae, 0xea, 0x32,
197 0x9a, 0xdf, 0x91, 0x21, 0x38, 0x38, 0x51, 0xed,
198 0x21, 0xa2, 0x8e, 0x3b, 0x75, 0xe9, 0x65, 0xd0,
199 0xd2, 0xcd, 0x16, 0x62, 0x54, 0x00, 0x2d, 0x00,
200 0x02, 0x01, 0x01, 0x00, 0x2b, 0x00, 0x03, 0x02,
201 0x03, 0x04,
202 /* Server Hello */
203 0x02, 0x00, 0x00, 0x76, 0x03, 0x03, 0x70, 0x71,
204 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79,
205 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81,
206 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89,
207 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x20, 0xe0,
208 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 0xe8,
209 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, 0xf0,
210 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8,
211 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff, 0x13,
212 0x01, 0x00, 0x00, 0x2e, 0x00, 0x33, 0x00, 0x24,
213 0x00, 0x1d, 0x00, 0x20, 0x9f, 0xd7, 0xad, 0x6d,
214 0xcf, 0xf4, 0x29, 0x8d, 0xd3, 0xf9, 0x6d, 0x5b,
215 0x1b, 0x2a, 0xf9, 0x10, 0xa0, 0x53, 0x5b, 0x14,
216 0x88, 0xd7, 0xf8, 0xfa, 0xbb, 0x34, 0x9a, 0x98,
217 0x28, 0x80, 0xb6, 0x15, 0x00, 0x2b, 0x00, 0x02,
218 0x03, 0x04,
219 /* Server Encrypted Extension */
220 0x08, 0x00, 0x00, 0x02, 0x00, 0x00,
221 /* Server Certificate */
222 0x0b, 0x00, 0x03, 0x2e, 0x00, 0x00, 0x03, 0x2a,
223 0x00, 0x03, 0x25, 0x30, 0x82, 0x03, 0x21, 0x30,
224 0x82, 0x02, 0x09, 0xa0, 0x03, 0x02, 0x01, 0x02,
225 0x02, 0x08, 0x15, 0x5a, 0x92, 0xad, 0xc2, 0x04,
226 0x8f, 0x90, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
227 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
228 0x00, 0x30, 0x22, 0x31, 0x0b, 0x30, 0x09, 0x06,
229 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
230 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04,
231 0x0a, 0x13, 0x0a, 0x45, 0x78, 0x61, 0x6d, 0x70,
232 0x6c, 0x65, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17,
233 0x0d, 0x31, 0x38, 0x31, 0x30, 0x30, 0x35, 0x30,
234 0x31, 0x33, 0x38, 0x31, 0x37, 0x5a, 0x17, 0x0d,
235 0x31, 0x39, 0x31, 0x30, 0x30, 0x35, 0x30, 0x31,
236 0x33, 0x38, 0x31, 0x37, 0x5a, 0x30, 0x2b, 0x31,
237 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
238 0x13, 0x02, 0x55, 0x53, 0x31, 0x1c, 0x30, 0x1a,
239 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x13, 0x65,
240 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x75,
241 0x6c, 0x66, 0x68, 0x65, 0x69, 0x6d, 0x2e, 0x6e,
242 0x65, 0x74, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d,
243 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
244 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01,
245 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82,
246 0x01, 0x01, 0x00, 0xc4, 0x80, 0x36, 0x06, 0xba,
247 0xe7, 0x47, 0x6b, 0x08, 0x94, 0x04, 0xec, 0xa7,
248 0xb6, 0x91, 0x04, 0x3f, 0xf7, 0x92, 0xbc, 0x19,
249 0xee, 0xfb, 0x7d, 0x74, 0xd7, 0xa8, 0x0d, 0x00,
250 0x1e, 0x7b, 0x4b, 0x3a, 0x4a, 0xe6, 0x0f, 0xe8,
251 0xc0, 0x71, 0xfc, 0x73, 0xe7, 0x02, 0x4c, 0x0d,
252 0xbc, 0xf4, 0xbd, 0xd1, 0x1d, 0x39, 0x6b, 0xba,
253 0x70, 0x46, 0x4a, 0x13, 0xe9, 0x4a, 0xf8, 0x3d,
254 0xf3, 0xe1, 0x09, 0x59, 0x54, 0x7b, 0xc9, 0x55,
255 0xfb, 0x41, 0x2d, 0xa3, 0x76, 0x52, 0x11, 0xe1,
256 0xf3, 0xdc, 0x77, 0x6c, 0xaa, 0x53, 0x37, 0x6e,
257 0xca, 0x3a, 0xec, 0xbe, 0xc3, 0xaa, 0xb7, 0x3b,
258 0x31, 0xd5, 0x6c, 0xb6, 0x52, 0x9c, 0x80, 0x98,
259 0xbc, 0xc9, 0xe0, 0x28, 0x18, 0xe2, 0x0b, 0xf7,
260 0xf8, 0xa0, 0x3a, 0xfd, 0x17, 0x04, 0x50, 0x9e,
261 0xce, 0x79, 0xbd, 0x9f, 0x39, 0xf1, 0xea, 0x69,
262 0xec, 0x47, 0x97, 0x2e, 0x83, 0x0f, 0xb5, 0xca,
263 0x95, 0xde, 0x95, 0xa1, 0xe6, 0x04, 0x22, 0xd5,
264 0xee, 0xbe, 0x52, 0x79, 0x54, 0xa1, 0xe7, 0xbf,
265 0x8a, 0x86, 0xf6, 0x46, 0x6d, 0x0d, 0x9f, 0x16,
266 0x95, 0x1a, 0x4c, 0xf7, 0xa0, 0x46, 0x92, 0x59,
267 0x5c, 0x13, 0x52, 0xf2, 0x54, 0x9e, 0x5a, 0xfb,
268 0x4e, 0xbf, 0xd7, 0x7a, 0x37, 0x95, 0x01, 0x44,
269 0xe4, 0xc0, 0x26, 0x87, 0x4c, 0x65, 0x3e, 0x40,
270 0x7d, 0x7d, 0x23, 0x07, 0x44, 0x01, 0xf4, 0x84,
271 0xff, 0xd0, 0x8f, 0x7a, 0x1f, 0xa0, 0x52, 0x10,
272 0xd1, 0xf4, 0xf0, 0xd5, 0xce, 0x79, 0x70, 0x29,
273 0x32, 0xe2, 0xca, 0xbe, 0x70, 0x1f, 0xdf, 0xad,
274 0x6b, 0x4b, 0xb7, 0x11, 0x01, 0xf4, 0x4b, 0xad,
275 0x66, 0x6a, 0x11, 0x13, 0x0f, 0xe2, 0xee, 0x82,
276 0x9e, 0x4d, 0x02, 0x9d, 0xc9, 0x1c, 0xdd, 0x67,
277 0x16, 0xdb, 0xb9, 0x06, 0x18, 0x86, 0xed, 0xc1,
278 0xba, 0x94, 0x21, 0x02, 0x03, 0x01, 0x00, 0x01,
279 0xa3, 0x52, 0x30, 0x50, 0x30, 0x0e, 0x06, 0x03,
280 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04,
281 0x03, 0x02, 0x05, 0xa0, 0x30, 0x1d, 0x06, 0x03,
282 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06,
283 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03,
284 0x02, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
285 0x07, 0x03, 0x01, 0x30, 0x1f, 0x06, 0x03, 0x55,
286 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14,
287 0x89, 0x4f, 0xde, 0x5b, 0xcc, 0x69, 0xe2, 0x52,
288 0xcf, 0x3e, 0xa3, 0x00, 0xdf, 0xb1, 0x97, 0xb8,
289 0x1d, 0xe1, 0xc1, 0x46, 0x30, 0x0d, 0x06, 0x09,
290 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
291 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
292 0x59, 0x16, 0x45, 0xa6, 0x9a, 0x2e, 0x37, 0x79,
293 0xe4, 0xf6, 0xdd, 0x27, 0x1a, 0xba, 0x1c, 0x0b,
294 0xfd, 0x6c, 0xd7, 0x55, 0x99, 0xb5, 0xe7, 0xc3,
295 0x6e, 0x53, 0x3e, 0xff, 0x36, 0x59, 0x08, 0x43,
296 0x24, 0xc9, 0xe7, 0xa5, 0x04, 0x07, 0x9d, 0x39,
297 0xe0, 0xd4, 0x29, 0x87, 0xff, 0xe3, 0xeb, 0xdd,
298 0x09, 0xc1, 0xcf, 0x1d, 0x91, 0x44, 0x55, 0x87,
299 0x0b, 0x57, 0x1d, 0xd1, 0x9b, 0xdf, 0x1d, 0x24,
300 0xf8, 0xbb, 0x9a, 0x11, 0xfe, 0x80, 0xfd, 0x59,
301 0x2b, 0xa0, 0x39, 0x8c, 0xde, 0x11, 0xe2, 0x65,
302 0x1e, 0x61, 0x8c, 0xe5, 0x98, 0xfa, 0x96, 0xe5,
303 0x37, 0x2e, 0xef, 0x3d, 0x24, 0x8a, 0xfd, 0xe1,
304 0x74, 0x63, 0xeb, 0xbf, 0xab, 0xb8, 0xe4, 0xd1,
305 0xab, 0x50, 0x2a, 0x54, 0xec, 0x00, 0x64, 0xe9,
306 0x2f, 0x78, 0x19, 0x66, 0x0d, 0x3f, 0x27, 0xcf,
307 0x20, 0x9e, 0x66, 0x7f, 0xce, 0x5a, 0xe2, 0xe4,
308 0xac, 0x99, 0xc7, 0xc9, 0x38, 0x18, 0xf8, 0xb2,
309 0x51, 0x07, 0x22, 0xdf, 0xed, 0x97, 0xf3, 0x2e,
310 0x3e, 0x93, 0x49, 0xd4, 0xc6, 0x6c, 0x9e, 0xa6,
311 0x39, 0x6d, 0x74, 0x44, 0x62, 0xa0, 0x6b, 0x42,
312 0xc6, 0xd5, 0xba, 0x68, 0x8e, 0xac, 0x3a, 0x01,
313 0x7b, 0xdd, 0xfc, 0x8e, 0x2c, 0xfc, 0xad, 0x27,
314 0xcb, 0x69, 0xd3, 0xcc, 0xdc, 0xa2, 0x80, 0x41,
315 0x44, 0x65, 0xd3, 0xae, 0x34, 0x8c, 0xe0, 0xf3,
316 0x4a, 0xb2, 0xfb, 0x9c, 0x61, 0x83, 0x71, 0x31,
317 0x2b, 0x19, 0x10, 0x41, 0x64, 0x1c, 0x23, 0x7f,
318 0x11, 0xa5, 0xd6, 0x5c, 0x84, 0x4f, 0x04, 0x04,
319 0x84, 0x99, 0x38, 0x71, 0x2b, 0x95, 0x9e, 0xd6,
320 0x85, 0xbc, 0x5c, 0x5d, 0xd6, 0x45, 0xed, 0x19,
321 0x90, 0x94, 0x73, 0x40, 0x29, 0x26, 0xdc, 0xb4,
322 0x0e, 0x34, 0x69, 0xa1, 0x59, 0x41, 0xe8, 0xe2,
323 0xcc, 0xa8, 0x4b, 0xb6, 0x08, 0x46, 0x36, 0xa0,
324 0x00, 0x00,
325 /* Server Certificate Verify */
326 0x0f, 0x00, 0x01, 0x04, 0x08, 0x04, 0x01, 0x00,
327 0x17, 0xfe, 0xb5, 0x33, 0xca, 0x6d, 0x00, 0x7d,
328 0x00, 0x58, 0x25, 0x79, 0x68, 0x42, 0x4b, 0xbc,
329 0x3a, 0xa6, 0x90, 0x9e, 0x9d, 0x49, 0x55, 0x75,
330 0x76, 0xa5, 0x20, 0xe0, 0x4a, 0x5e, 0xf0, 0x5f,
331 0x0e, 0x86, 0xd2, 0x4f, 0xf4, 0x3f, 0x8e, 0xb8,
332 0x61, 0xee, 0xf5, 0x95, 0x22, 0x8d, 0x70, 0x32,
333 0xaa, 0x36, 0x0f, 0x71, 0x4e, 0x66, 0x74, 0x13,
334 0x92, 0x6e, 0xf4, 0xf8, 0xb5, 0x80, 0x3b, 0x69,
335 0xe3, 0x55, 0x19, 0xe3, 0xb2, 0x3f, 0x43, 0x73,
336 0xdf, 0xac, 0x67, 0x87, 0x06, 0x6d, 0xcb, 0x47,
337 0x56, 0xb5, 0x45, 0x60, 0xe0, 0x88, 0x6e, 0x9b,
338 0x96, 0x2c, 0x4a, 0xd2, 0x8d, 0xab, 0x26, 0xba,
339 0xd1, 0xab, 0xc2, 0x59, 0x16, 0xb0, 0x9a, 0xf2,
340 0x86, 0x53, 0x7f, 0x68, 0x4f, 0x80, 0x8a, 0xef,
341 0xee, 0x73, 0x04, 0x6c, 0xb7, 0xdf, 0x0a, 0x84,
342 0xfb, 0xb5, 0x96, 0x7a, 0xca, 0x13, 0x1f, 0x4b,
343 0x1c, 0xf3, 0x89, 0x79, 0x94, 0x03, 0xa3, 0x0c,
344 0x02, 0xd2, 0x9c, 0xbd, 0xad, 0xb7, 0x25, 0x12,
345 0xdb, 0x9c, 0xec, 0x2e, 0x5e, 0x1d, 0x00, 0xe5,
346 0x0c, 0xaf, 0xcf, 0x6f, 0x21, 0x09, 0x1e, 0xbc,
347 0x4f, 0x25, 0x3c, 0x5e, 0xab, 0x01, 0xa6, 0x79,
348 0xba, 0xea, 0xbe, 0xed, 0xb9, 0xc9, 0x61, 0x8f,
349 0x66, 0x00, 0x6b, 0x82, 0x44, 0xd6, 0x62, 0x2a,
350 0xaa, 0x56, 0x88, 0x7c, 0xcf, 0xc6, 0x6a, 0x0f,
351 0x38, 0x51, 0xdf, 0xa1, 0x3a, 0x78, 0xcf, 0xf7,
352 0x99, 0x1e, 0x03, 0xcb, 0x2c, 0x3a, 0x0e, 0xd8,
353 0x7d, 0x73, 0x67, 0x36, 0x2e, 0xb7, 0x80, 0x5b,
354 0x00, 0xb2, 0x52, 0x4f, 0xf2, 0x98, 0xa4, 0xda,
355 0x48, 0x7c, 0xac, 0xde, 0xaf, 0x8a, 0x23, 0x36,
356 0xc5, 0x63, 0x1b, 0x3e, 0xfa, 0x93, 0x5b, 0xb4,
357 0x11, 0xe7, 0x53, 0xca, 0x13, 0xb0, 0x15, 0xfe,
358 0xc7, 0xe4, 0xa7, 0x30, 0xf1, 0x36, 0x9f, 0x9e,
359 /* Server Handshake Finish */
360 0x14, 0x00, 0x00, 0x20, 0xea, 0x6e, 0xe1, 0x76,
361 0xdc, 0xcc, 0x4a, 0xf1, 0x85, 0x9e, 0x9e, 0x4e,
362 0x93, 0xf7, 0x97, 0xea, 0xc9, 0xa7, 0x8c, 0xe4,
363 0x39, 0x30, 0x1e, 0x35, 0x27, 0x5a, 0xd4, 0x3f,
364 0x3c, 0xdd, 0xbd, 0xe3,
365 );
366
367 chunk_t ecdhe = chunk_from_chars(
368 0xdf, 0x4a, 0x29, 0x1b, 0xaa, 0x1e, 0xb7, 0xcf,
369 0xa6, 0x93, 0x4b, 0x29, 0xb4, 0x74, 0xba, 0xad,
370 0x26, 0x97, 0xe2, 0x9f, 0x1f, 0x92, 0x0d, 0xcc,
371 0x77, 0xc8, 0xa0, 0xa0, 0x88, 0x44, 0x76, 0x24,
372 );
373
374 chunk_t expected_client_application_key = chunk_from_chars(
375 0x49, 0x13, 0x4b, 0x95, 0x32, 0x8f, 0x27, 0x9f,
376 0x01, 0x83, 0x86, 0x05, 0x89, 0xac, 0x67, 0x07,
377 );
378
379 chunk_t expected_client_application_iv = chunk_from_chars(
380 0xbc, 0x4d, 0xd5, 0xf7, 0xb9, 0x8a, 0xcf, 0xf8,
381 0x54, 0x66, 0x26, 0x1d,
382 );
383
384 chunk_t expected_server_application_key = chunk_from_chars(
385 0x0b, 0x6d, 0x22, 0xc8, 0xff, 0x68, 0x09, 0x7e,
386 0xa8, 0x71, 0xc6, 0x72, 0x07, 0x37, 0x73, 0xbf,
387 );
388
389 chunk_t expected_server_application_iv = chunk_from_chars(
390 0x1b, 0x13, 0xdd, 0x9f, 0x8d, 0x8f, 0x17, 0x09,
391 0x1d, 0x34, 0xb3, 0x49,
392 );
393
394 chunk_t c_key, c_iv, s_key, s_iv;
395
396 tls_hkdf_t *hkdf = tls_hkdf_create(HASH_SHA256, chunk_empty);
397 hkdf->set_shared_secret(hkdf, ecdhe);
398
399 /* Generate client application traffic secret */
400 ck_assert(hkdf->generate_secret(hkdf, TLS_HKDF_C_AP_TRAFFIC, handshake, NULL));
401
402 ck_assert(hkdf->derive_key(hkdf, FALSE, 16, &c_key));
403 ck_assert_chunk_eq(expected_client_application_key, c_key);
404
405 ck_assert(hkdf->derive_iv(hkdf, FALSE, 12, &c_iv));
406 ck_assert_chunk_eq(expected_client_application_iv, c_iv);
407
408 /* Generate server application traffic secret */
409 ck_assert(hkdf->generate_secret(hkdf, TLS_HKDF_S_AP_TRAFFIC, handshake, NULL));
410
411 ck_assert(hkdf->derive_key(hkdf, TRUE, 16, &s_key));
412 ck_assert_chunk_eq(expected_server_application_key, s_key);
413
414 ck_assert(hkdf->derive_iv(hkdf, TRUE, 12, &s_iv));
415 ck_assert_chunk_eq(expected_server_application_iv, s_iv);
416
417 hkdf->destroy(hkdf);
418
419 chunk_free(&c_key);
420 chunk_free(&c_iv);
421 chunk_free(&s_key);
422 chunk_free(&s_iv);
423 }
424 END_TEST
425
426 Suite *hkdf_suite_create()
427 {
428 Suite *s;
429 TCase *tc;
430
431 s = suite_create("HKDF TLS 1.3");
432
433 tc = tcase_create("Ulfheim Keys");
434 tcase_add_test(tc, test_ulfheim_handshake);
435 tcase_add_test(tc, test_ulfheim_traffic);
436 suite_add_tcase(s, tc);
437
438 return s;
439 }