Add test vectors for TLS 1.3 HKDF-Expand-Label

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2024-11-23 03:05:43 +01:00 · 2020-08-21 13:36:56 +01:00 · 2020-08-21 13:36:56 +01:00 · 39ff4928ff
commit 39ff4928ff
parent be9d6648f8
2 changed files with 82 additions and 0 deletions
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@ -10398,6 +10398,61 @@ Decrypt CBC !EtM, 3DES SHA384 trunc, padlen=255
 depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_DES_EDE3_CBC:MBEDTLS_MD_SHA384:1:255

+SSL TLS 1.3 Key schedule: HKDF Expand Label #1
+# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
+# Server handshake traffic secret -> Server traffic key
+# HKDF-Expand-Label(server_handshake_secret, "key", "", 16)
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
+ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"6b6579":"":16:"844780a7acad9f980fa25c114e43402a"
+
+SSL TLS 1.3 Key schedule: HKDF Expand Label #2
+# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
+# Server handshake traffic secret -> Server traffic IV
+# HKDF-Expand-Label(server_handshake_secret, "iv", "", 12)
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
+ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"a2067265e7f0652a923d5d72ab0467c46132eeb968b6a32d311c805868548814":"6976":"":12:"4c042ddc120a38d1417fc815"
+
+SSL TLS 1.3 Key schedule: HKDF Expand Label #3
+# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
+# Client handshake traffic secret -> Client traffic key
+# HKDF-Expand-Label(client_handshake_secret, "key", "", 16)
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
+ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":"6b6579":"":16:"7154f314e6be7dc008df2c832baa1d39"
+
+SSL TLS 1.3 Key schedule: HKDF Expand Label #4
+# Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/)
+# Client handshake traffic secret -> Client traffic IV
+# HKDF-Expand-Label(client_handshake_secret, "iv", "", 12)
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
+ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"ff0e5b965291c608c1e8cd267eefc0afcc5e98a2786373f0db47b04786d72aea":"6976":"":12:"71abc2cae4c699d47c600268"
+
+SSL TLS 1.3 Key schedule: HKDF Expand Label #5 (RFC 8448)
+# Vector from RFC 8448
+# Server handshake traffic secret -> Server traffic IV
+# HKDF-Expand-Label(server_handshake_secret, "iv", "", 12)
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
+ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":"6976":"":12:"5d313eb2671276ee13000b30"
+
+SSL TLS 1.3 Key schedule: HKDF Expand Label #6 (RFC 8448)
+# Vector from RFC 8448
+# Server handshake traffic secret -> Server traffic Key
+# HKDF-Expand-Label(server_handshake_secret, "key", "", 16)
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
+ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b67b7d690cc16c4e75e54213cb2d37b4e9c912bcded9105d42befd59d391ad38":"6b6579":"":16:"3fce516009c21727d0f2e4e86ee403bc"
+
+SSL TLS 1.3 Key schedule: HKDF Expand Label #7 (RFC 8448)
+# Vector from RFC 8448
+# Client handshake traffic secret -> Client traffic IV
+# HKDF-Expand-Label(client_handshake_secret, "iv", "", 12)
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
+ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":"6976":"":12:"5bd3c71b836e0b76bb73265f"
+
+SSL TLS 1.3 Key schedule: HKDF Expand Label #8 (RFC 8448)
+# Vector from RFC 8448
+# Client handshake traffic secret -> Client traffic Key
+# HKDF-Expand-Label(client_handshake_secret, "key", "", 16)
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
+ssl_tls1_3_hkdf_expand_label:MBEDTLS_MD_SHA256:"b3eddb126e067f35a780b3abf45e2d8f3b1a950738f52e9600746a0e27a55a21":"6b6579":"":16:"dbfaa693d1762c5b666af5d950258d01"

 SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE
 ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@ -6,6 +6,7 @@
 #include <mbedtls/certs.h>
 #include <mbedtls/timing.h>
 #include <mbedtls/debug.h>
+#include <../library/ssl_tls13_keys.h>

 #include <ssl_invasive.h>

@ -3669,6 +3670,32 @@ exit:
 }
 /* END_CASE */

+/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+void ssl_tls1_3_hkdf_expand_label( int hash_alg,
+                                   data_t *secret,
+                                   data_t *label,
+                                   data_t *ctx,
+                                   int desired_length,
+                                   data_t *expected )
+{
+    unsigned char dst[ 100 ];
+
+
+    /* Check sanity of test parameters. */
+    TEST_ASSERT( (size_t) desired_length <= sizeof(dst) );
+    TEST_ASSERT( (size_t) desired_length == expected->len );
+
+    TEST_ASSERT( mbedtls_ssl_tls1_3_hkdf_expand_label(
+                      (mbedtls_md_type_t) hash_alg,
+                      secret->x, secret->len,
+                      label->x, label->len,
+                      ctx->x, ctx->len,
+                      dst, desired_length ) == 0 );
+
+    TEST_ASSERT( memcmp( dst, expected->x, desired_length ) == 0 );
+}
+/* END_CASE */
+
 /* BEGIN_CASE */
 void ssl_tls_prf( int type, data_t * secret, data_t * random,
                  char *label, data_t *result_hex_str, int exp_ret )