mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-02-11 09:40:38 +00:00
Add test vectors for TLS 1.3 traffic key generation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
This commit is contained in:
Hanno Becker
parent
3385a4d5cf
commit
19498f8fbd
@ -10454,6 +10454,18 @@ SSL TLS 1.3 Key schedule: HKDF Expand Label #8 (RFC 8448)
|
|||||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||||
ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":"6b6579":"":16:"dbfaa693d1762c5b666af5d950258d01"
|
ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":"6b6579":"":16:"dbfaa693d1762c5b666af5d950258d01"
|
||||||
|
|
||||||
|
SSL TLS 1.3 Key schedule: Traffic key generation #1
|
||||||
|
# Vector from TLS 1.3 Byte by Byte ((https://tls13.ulfheim.net/)
|
||||||
|
# Client/Server handshake traffic secrets -> Client/Server traffic {Key,IV}
|
||||||
|
depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||||
|
ssl_tls1_3_traffic_key_generation:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":12:16:"844780a7acad9f980fa25c114e43402a":"4c042ddc120a38d1417fc815":"7154f314e6be7dc008df2c832baa1d39":"71abc2cae4c699d47c600268"
|
||||||
|
|
||||||
|
SSL TLS 1.3 Key schedule: Traffic key generation #2 (RFC 8448)
|
||||||
|
# Vector RFC 8448
|
||||||
|
# Client/Server handshake traffic secrets -> Client/Server traffic {Key,IV}
|
||||||
|
depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||||||
|
ssl_tls1_3_traffic_key_generation:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":12:16:"844780a7acad9f980fa25c114e43402a":"4c042ddc120a38d1417fc815":"7154f314e6be7dc008df2c832baa1d39":"71abc2cae4c699d47c600268"
|
||||||
|
|
||||||
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE
|
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE
|
||||||
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
|
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
|
||||||
|
|
||||||
|
|||||||
@ -3696,6 +3696,52 @@ void ssl_tls1_3_hkdf_expand_label( int hash_alg,
|
|||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
|
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||||
|
void ssl_tls1_3_traffic_key_generation( int hash_alg,
|
||||||
|
data_t *server_secret,
|
||||||
|
data_t *client_secret,
|
||||||
|
int desired_iv_len,
|
||||||
|
int desired_key_len,
|
||||||
|
data_t *expected_server_write_key,
|
||||||
|
data_t *expected_server_write_iv,
|
||||||
|
data_t *expected_client_write_key,
|
||||||
|
data_t *expected_client_write_iv )
|
||||||
|
{
|
||||||
|
mbedtls_ssl_key_set keys;
|
||||||
|
|
||||||
|
/* Check sanity of test parameters. */
|
||||||
|
TEST_ASSERT( client_secret->len == server_secret->len );
|
||||||
|
TEST_ASSERT( expected_client_write_iv->len == expected_server_write_iv->len &&
|
||||||
|
expected_client_write_iv->len == (size_t) desired_iv_len );
|
||||||
|
TEST_ASSERT( expected_client_write_key->len == expected_server_write_key->len &&
|
||||||
|
expected_client_write_key->len == (size_t) desired_key_len );
|
||||||
|
|
||||||
|
TEST_ASSERT( mbedtls_ssl_tls1_3_make_traffic_keys(
|
||||||
|
(mbedtls_md_type_t) hash_alg,
|
||||||
|
client_secret->x,
|
||||||
|
server_secret->x,
|
||||||
|
client_secret->len /* == server_secret->len */,
|
||||||
|
desired_key_len, desired_iv_len,
|
||||||
|
&keys ) == 0 );
|
||||||
|
|
||||||
|
TEST_ASSERT( keys.keyLen == (size_t) desired_key_len );
|
||||||
|
TEST_ASSERT( keys.ivLen == (size_t) desired_iv_len );
|
||||||
|
|
||||||
|
TEST_ASSERT( memcmp( keys.client_write_key,
|
||||||
|
expected_client_write_key->x,
|
||||||
|
desired_key_len ) == 0 );
|
||||||
|
TEST_ASSERT( memcmp( keys.server_write_key,
|
||||||
|
expected_server_write_key->x,
|
||||||
|
desired_key_len ) == 0 );
|
||||||
|
TEST_ASSERT( memcmp( keys.client_write_iv,
|
||||||
|
expected_client_write_iv->x,
|
||||||
|
desired_iv_len ) == 0 );
|
||||||
|
TEST_ASSERT( memcmp( keys.server_write_iv,
|
||||||
|
expected_server_write_iv->x,
|
||||||
|
desired_iv_len ) == 0 );
|
||||||
|
}
|
||||||
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE */
|
/* BEGIN_CASE */
|
||||||
void ssl_tls_prf( int type, data_t * secret, data_t * random,
|
void ssl_tls_prf( int type, data_t * secret, data_t * random,
|
||||||
char *label, data_t *result_hex_str, int exp_ret )
|
char *label, data_t *result_hex_str, int exp_ret )
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user