Skip to content

Commit

Permalink
fix: i_prepare_ead_1 pass tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@geonnave
geonnave committed Oct 11, 2023
1 parent 54d4e5e commit 54813d8
Show file tree
Hide file tree
Showing 2 changed files with 81 additions and 64 deletions.
75 changes: 38 additions & 37 deletions ead/edhoc-ead-zeroconf/src/lib.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,12 +106,13 @@ fn build_enc_id(
ss: u8,
) -> EdhocMessageBuffer {
// PRK = EDHOC-Extract(salt, IKM)
// FIXME: salt should be 0x (the zero-length byte string), but crypto backends are hardcoded to salts of size SHA256_DIGEST_LEN (32).
let salt_fixme: BytesHashLen = [0u8; SHA256_DIGEST_LEN];
// NOTE: salt should be h'' (the zero-length byte string), but crypto backends are hardcoded to salts of size SHA256_DIGEST_LEN (32).
// using a larger but all-zeroes salt seems to generate the same result though.
let salt: BytesHashLen = [0u8; SHA256_DIGEST_LEN];
let g_xw = p256_ecdh(x, g_w);
let prk = hkdf_extract(&salt_fixme, &g_xw);
let prk = hkdf_extract(&salt, &g_xw);

let (k_1, iv_1) = compute_k_1_iv_1(&prk); // FIXME (wrong)
let (k_1, iv_1) = compute_k_1_iv_1(&prk);

// plaintext = (ID_U: bstr)
let mut plaintext = EdhocMessageBuffer::new();
Expand All @@ -120,7 +121,6 @@ fn build_enc_id(
plaintext.len = 1 + id_u.len;

// external_aad = (SS: int)
// DRAFT: ADD in Section 4.4.1: "The external_aad is wrapped in an enc_structure as defined in Section 5.3 of RFC8152."
let enc_structure = encode_enc_structure(ss);

// ENC_ID = 'ciphertext' of COSE_Encrypt0
Expand Down Expand Up @@ -207,15 +207,19 @@ fn edhoc_kdf(
fn encode_ead_1(loc_w: &EdhocMessageBuffer, enc_id: &EdhocMessageBuffer) -> EdhocMessageBuffer {
let mut output = EdhocMessageBuffer::new();

output.content[0] = CBOR_TEXT_STRING;
output.content[1] = loc_w.len as u8;
output.content[2..2 + loc_w.len].copy_from_slice(&loc_w.content[..loc_w.len]);
output.content[0] = CBOR_BYTE_STRING;
// put length at output.content[1] after other sizes are known

output.content[2 + loc_w.len] = CBOR_MAJOR_BYTE_STRING + enc_id.len as u8;
output.content[3 + loc_w.len..3 + loc_w.len + enc_id.len]
output.content[2] = CBOR_TEXT_STRING;
output.content[3] = loc_w.len as u8;
output.content[4..4 + loc_w.len].copy_from_slice(&loc_w.content[..loc_w.len]);

output.content[4 + loc_w.len] = CBOR_MAJOR_BYTE_STRING + enc_id.len as u8;
output.content[5 + loc_w.len..5 + loc_w.len + enc_id.len]
.copy_from_slice(&enc_id.content[..enc_id.len]);

output.len = 3 + loc_w.len + enc_id.len;
output.len = 5 + loc_w.len + enc_id.len;
output.content[1] = (output.len - 2) as u8;

output
}
Expand Down Expand Up @@ -243,63 +247,60 @@ mod test_initiator {
const K_1_TV: &[u8] = &hex!("95a90f115d8fc5252849a25ba5225575");
const IV_1_TV: &[u8] = &hex!("083cb9a00da66af4f56877fcda");

const VOUCHER_INFO_TV: &[u8] =
&hex!("58305818636f61703a2f2f656e726f6c6c6d656e742e7365727665725536b4ce1137b5687354edfac67f12bf611be1aaa1c3");
const EAD1_VALUE_TV: &[u8] = &hex!(
"58287818636f61703a2f2f656e726f6c6c6d656e742e7365727665724d71fb72788b180ebe332697d711"
);

const SS_TV: u8 = 2;

#[test]
fn test_compute_k_1_iv_1() {
let x: BytesP256ElemLen = X_TV.try_into().unwrap();
let g_w: BytesP256ElemLen = G_W_TV.try_into().unwrap();
fn test_compute_keys() {
let k_1_tv: BytesCcmKeyLen = K_1_TV.try_into().unwrap();
let iv_1_tv: BytesCcmIvLen = IV_1_TV.try_into().unwrap();
let prk_tv: BytesHashLen = PRK_TV.try_into().unwrap();

let prk = hkdf_extract(&[0u8; SHA256_DIGEST_LEN], &p256_ecdh(&x, &g_w));
let prk = hkdf_extract(
&[0u8; SHA256_DIGEST_LEN],
&p256_ecdh(&X_TV.try_into().unwrap(), &G_W_TV.try_into().unwrap()),
);
assert_eq!(prk, prk_tv);

let (k_1, iv_1) = compute_k_1_iv_1(&prk);
assert_eq!(iv_1, iv_1_tv);
assert_eq!(k_1, k_1_tv);
assert_eq!(iv_1, iv_1_tv);
}

#[test]
fn test_build_enc_id() {
let x: BytesP256ElemLen = X_TV.try_into().unwrap();
let id_u: EdhocMessageBuffer = ID_U_TV.try_into().unwrap();
let g_w: BytesP256ElemLen = G_W_TV.try_into().unwrap();
let enc_id_tv: EdhocMessageBuffer = ENC_ID_TV.try_into().unwrap();

let enc_id = build_enc_id(&x, &id_u, &g_w, SS_TV);
let enc_id = build_enc_id(
&X_TV.try_into().unwrap(),
&ID_U_TV.try_into().unwrap(),
&G_W_TV.try_into().unwrap(),
SS_TV,
);
assert_eq!(enc_id.content, enc_id_tv.content);
}

#[test]
fn test_prepare_ead_1() {
let x: BytesP256ElemLen = X_TV.try_into().unwrap();
let id_u: EdhocMessageBuffer = ID_U_TV.try_into().unwrap();
let g_w: BytesP256ElemLen = G_W_TV.try_into().unwrap();
let loc_w: EdhocMessageBuffer = LOC_W_TV.try_into().unwrap();
let ead_1_value_tv: EdhocMessageBuffer = VOUCHER_INFO_TV.try_into().unwrap();
let ss: u8 = EDHOC_SUPPORTED_SUITES[0];
let ead_1_value_tv: EdhocMessageBuffer = EAD1_VALUE_TV.try_into().unwrap();

ead_initiator_set_global_state(EADInitiatorState::new(id_u, g_w, loc_w));
ead_initiator_set_global_state(EADInitiatorState::new(
ID_U_TV.try_into().unwrap(),
G_W_TV.try_into().unwrap(),
LOC_W_TV.try_into().unwrap(),
));

let ead_1 = i_prepare_ead_1(&x, ss).unwrap();
let ead_1 = i_prepare_ead_1(&X_TV.try_into().unwrap(), SS_TV).unwrap();
assert_eq!(
ead_initiator_get_global_state().protocol_state,
EADInitiatorProtocolState::WaitEAD2
);
assert_eq!(ead_1.label, EAD_ZEROCONF_LABEL);
assert_eq!(ead_1.is_critical, true);

// FIXME: testing only loc_w in the absense of a ENC_ID test vector
assert_eq!(
ead_1.value.unwrap().content[0..loc_w.len + 2],
ead_1_value_tv.content[0..loc_w.len + 2]
);
// assert_eq!(ead_1.value.unwrap().content, ead_1_value_tv.content);
assert_eq!(ead_1.value.unwrap().content, ead_1_value_tv.content);
}
}

Expand Down
70 changes: 43 additions & 27 deletions examples/test-vectors-playground.ipynb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,7 @@
},
{
"cell_type": "code",
"execution_count": 10,
"execution_count": 17,
"metadata": {},
"outputs": [
{
Expand All @@ -159,39 +159,55 @@
"text": [
"\n",
"# input\n",
"const LOC_W_TV: &[u8] = &hex!(\"636f61703a2f2f656e726f6c6c6d656e742e736572766572\");\n",
"const ID_U_TV: &[u8] = &hex!(\"a104412b\");\n",
"const SS_TV: u8 = 2;\n",
"LOC_W = \"636f61703a2f2f656e726f6c6c6d656e742e736572766572\"\n",
"ID_U = \"a104412b\"\n",
"SS = 2\n",
"\n",
"# static_keys\n",
"U = \"555C89F41EA42D458F0B4D74499E1C177BA9AD910F525BACF3D64D35E8568DEC\"\n",
"G_U = \"AC69E4299F79FAED612E37C37F99D2B3939B142A8E8E65B90FAB5001F7F2CF56\"\n",
"V = \"1DAF151B30F0F247AEB5598C1EEE8664384166BBC37F262DC6581A67486BCF3C\"\n",
"G_V = \"188B3E5A62352FFCDE66894FCDBBCB33D243A045BAA99357A72012A6AF3A33AD\"\n",
"W = \"4E5E15AB35008C15B89E91F9F329164D4AACD53D9923672CE0019F9ACD98573F\"\n",
"G_W = \"FFA4F102134029B3B156890B88C9D9619501196574174DCB68A07DB0588E4D41\"\n",
"\n",
"# ephemeral_keys\n",
"X = \"A0C71BDBA570FFD270D90BDF416C142921F214406271FCF55B8567F079B50DA0\"\n",
"G_X = \"FF14FB42677CE9D016907F571E5E1CD4E815F098AA37084063A0C34570F6F7F5\"\n",
"Y = \"A1D1A1C084AB0D912CC7A15B7F252FABCA252FAD4CAA8E5D569C94578B52A047\"\n",
"G_Y = \"9F69C52FAE8F7EA9194022C70B238FCBF4AFFFDFFC8341EEC85BA68E2F9BB744\"\n",
"Z = \"644658D815CBCA8EA863090A2D498990B5C75357A729231EC3DE7DF5A7AFE49E\"\n",
"G_Z = \"6B67C90638924C4AE8472CA6FB9A90BE5F43132753346379C672972D323F7A41\"\n",
"\n",
"# enc_id\n",
"const ENC_ID_TV: &[u8] = &hex!(\"71fb72788b180ebe332697d711\");\n",
"const SALT_FIXME_TV: &[u8] = &hex!(\"0000000000000000000000000000000000000000000000000000000000000000\");\n",
"const G_XW_TV: &[u8] = &hex!(\"e19be60432dfa2e033af21329d393a5d0d3150a6c998b4f4b951af67694dbe1a\");\n",
"const PRK_TV: &[u8] = &hex!(\"04da32d221db25db701667f9d3903374a45a9b04f25d1cb481b099a480cece04\");\n",
"const K_1_INFO_TV: &[u8] = &hex!(\"004010\");\n",
"const IV_1_INFO_TV: &[u8] = &hex!(\"014010\");\n",
"const K_1_TV: &[u8] = &hex!(\"95a90f115d8fc5252849a25ba5225575\");\n",
"const IV_1_TV: &[u8] = &hex!(\"083cb9a00da66af4f56877fcda\");\n",
"const PLAINTEXT_TV: &[u8] = &hex!(\"44a104412b\");\n",
"const ENC_STRUCTURE_TV: &[u8] = &hex!(\"8368456e637279707430404102\");\n",
"enc_id = \"71fb72788b180ebe332697d711\"\n",
"salt = \"\"\n",
"g_xw = \"e19be60432dfa2e033af21329d393a5d0d3150a6c998b4f4b951af67694dbe1a\"\n",
"prk = \"04da32d221db25db701667f9d3903374a45a9b04f25d1cb481b099a480cece04\"\n",
"k_1_info = \"004010\"\n",
"iv_1_info = \"014010\"\n",
"k_1 = \"95a90f115d8fc5252849a25ba5225575\"\n",
"iv_1 = \"083cb9a00da66af4f56877fcda\"\n",
"plaintext = \"44a104412b\"\n",
"enc_structure = \"8368456e637279707430404102\"\n",
"\n",
"# voucher_info\n",
"const VOUCHER_INFO_TV: &[u8] = &hex!(\"58285818636f61703a2f2f656e726f6c6c6d656e742e7365727665724d71fb72788b180ebe332697d711\");\n",
"const VOUCHER_INFO_SEQ_TV: &[u8] = &hex!(\"5818636f61703a2f2f656e726f6c6c6d656e742e7365727665724d71fb72788b180ebe332697d711\");\n",
"voucher_info = \"58287818636f61703a2f2f656e726f6c6c6d656e742e7365727665724d71fb72788b180ebe332697d711\"\n",
"voucher_info_seq = \"7818636f61703a2f2f656e726f6c6c6d656e742e7365727665724d71fb72788b180ebe332697d711\"\n",
"\n",
"# ead1\n",
"const EAD1_TV: &[u8] = &hex!(\"0158285818636f61703a2f2f656e726f6c6c6d656e742e7365727665724d71fb72788b180ebe332697d711\");\n",
"const LABEL_TV: &[u8] = &hex!(\"01\");\n",
"const VALUE_TV: &[u8] = &hex!(\"58285818636f61703a2f2f656e726f6c6c6d656e742e7365727665724d71fb72788b180ebe332697d711\");\n"
"ead1 = \"0158287818636f61703a2f2f656e726f6c6c6d656e742e7365727665724d71fb72788b180ebe332697d711\"\n",
"ead1_label = \"01\"\n",
"ead1_value = \"58287818636f61703a2f2f656e726f6c6c6d656e742e7365727665724d71fb72788b180ebe332697d711\"\n"
]
}
],
"source": [
"\n",
"def add_enc_id(tv):\n",
" salt_fixme = \"00\" * 32 # FIXME rust\n",
" salt = \"\"\n",
" g_xw = p256_ecdh(tv[\"ephemeral_keys\"][\"X\"], tv[\"static_keys\"][\"G_W\"], tv[\"static_keys\"][\"_G_W_y\"])\n",
" prk = hkdf_extract(salt_fixme, g_xw)\n",
" prk = hkdf_extract(salt, g_xw)\n",
" k_1_info = (cbor2.dumps(0)+cbor2.dumps(b'')+cbor2.dumps(16)).hex() # info is (0, b'', 16) # FIXME[draft] make 'length' explicit\n",
" iv_1_info = (cbor2.dumps(1)+cbor2.dumps(b'')+cbor2.dumps(16)).hex() # info is (1, b'', 16) # FIXME[draft] make 'length' explicit\n",
" k_1 = hkdf_expand(prk, unhexlify(k_1_info), 16)\n",
Expand All @@ -203,7 +219,7 @@
" tv.update({\n",
" \"enc_id\": {\n",
" \"enc_id\": enc_id,\n",
" \"salt_fixme\": salt_fixme,\n",
" \"salt\": salt,\n",
" \"g_xw\": g_xw,\n",
" \"prk\": prk,\n",
" \"k_1_info\": k_1_info,\n",
Expand All @@ -219,7 +235,7 @@
"\n",
"def add_voucher_info(tv):\n",
" # (LOC_W: tstr, ENC_ID: bstr)\n",
" voucher_info_seq = (cbor2.dumps(unhexlify(tv[\"input\"][\"LOC_W\"])) + cbor2.dumps(unhexlify(tv[\"enc_id\"][\"enc_id\"]))).hex()\n",
" voucher_info_seq = (cbor2.dumps(unhexlify(tv[\"input\"][\"LOC_W\"]).decode()) + cbor2.dumps(unhexlify(tv[\"enc_id\"][\"enc_id\"]))).hex()\n",
" voucher_info = cbor2.dumps(unhexlify(voucher_info_seq)).hex()\n",
" tv.update({\n",
" \"voucher_info\": {\n",
Expand All @@ -236,8 +252,8 @@
" tv.update({\n",
" \"ead1\": {\n",
" \"ead1\": ead1,\n",
" \"label\": label,\n",
" \"value\": value,\n",
" \"ead1_label\": label,\n",
" \"ead1_value\": value,\n",
" }\n",
" })\n",
" return tv\n",
Expand All @@ -257,8 +273,8 @@
"ead1_tv = add_ead1(ead1_tv)\n",
"\n",
"# rich.print(ead1_tv)\n",
"# format_tv(ead1_tv, \"rust\")\n",
"format_tv(ead1_tv, \"rust\", nokeys=True)"
"format_tv(ead1_tv, \"python\")\n",
"# format_tv(ead1_tv, \"rust\", nokeys=True)"
]
},
{
Expand Down

0 comments on commit 54813d8

Please sign in to comment.