Skip to content

Commit

Permalink
fix: build_enc_id generates correct result
Browse files Browse the repository at this point in the history
  • Loading branch information
geonnave committed Oct 11, 2023
1 parent 0eaf146 commit 54d4e5e
Show file tree
Hide file tree
Showing 2 changed files with 56 additions and 35 deletions.
37 changes: 26 additions & 11 deletions ead/edhoc-ead-zeroconf/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -128,15 +128,15 @@ fn build_enc_id(
}

fn compute_k_1_iv_1(prk: &BytesHashLen) -> (BytesCcmKeyLen, BytesCcmIvLen) {
// K_1 = EDHOC-Expand(PRK, info = (0, h'', 0), length)
// K_1 = EDHOC-Expand(PRK, info = (0, h'', AES_CCM_KEY_LEN), length)
let mut k_1: BytesCcmKeyLen = [0x00; AES_CCM_KEY_LEN];
// DRAFT: any reason for context to be 'empty CBOR string' instead of 'context_len 0-filled' ?
let k_1_buf = edhoc_kdf(prk, 0, &[0x00; MAX_KDF_CONTEXT_LEN], 0, AES_CCM_KEY_LEN); // FIXME: context should be h'' (the empty CBOR string)
let k_1_buf = edhoc_kdf(prk, 0, &[0x00; MAX_KDF_CONTEXT_LEN], 0, AES_CCM_KEY_LEN);
k_1[..].copy_from_slice(&k_1_buf[..AES_CCM_KEY_LEN]);

// IV_1 = EDHOC-Expand(PRK, info = (1, h'', 0), length)
// IV_1 = EDHOC-Expand(PRK, info = (1, h'', AES_CCM_KEY_LEN), length)
let mut iv_1: BytesCcmIvLen = [0x00; AES_CCM_IV_LEN];
let iv_1_buf = edhoc_kdf(prk, 1, &[0x00; MAX_KDF_CONTEXT_LEN], 0, AES_CCM_IV_LEN); // FIXME: context should be h'' (the empty CBOR string)
// NOTE (FIXME?): here we actually generate AES_CCM_KEY_LEN bytes, but then we only use AES_CCM_IV_LEN of them (next line)
let iv_1_buf = edhoc_kdf(prk, 1, &[0x00; MAX_KDF_CONTEXT_LEN], 0, AES_CCM_KEY_LEN);
iv_1[..].copy_from_slice(&iv_1_buf[..AES_CCM_IV_LEN]);

(k_1, iv_1)
Expand Down Expand Up @@ -238,25 +238,40 @@ mod test_initiator {
const G_W_TV: &[u8] = &hex!("FFA4F102134029B3B156890B88C9D9619501196574174DCB68A07DB0588E4D41");
const LOC_W_TV: &[u8] = &hex!("636F61703A2F2F656E726F6C6C6D656E742E736572766572"); // coap://enrollment.server

const ENC_ID_TV: &[u8] = &hex!("8368456e637279707430404102");
const ENC_ID_TV: &[u8] = &hex!("71fb72788b180ebe332697d711");
const PRK_TV: &[u8] = &hex!("04da32d221db25db701667f9d3903374a45a9b04f25d1cb481b099a480cece04");
const K_1_TV: &[u8] = &hex!("95a90f115d8fc5252849a25ba5225575");
const IV_1_TV: &[u8] = &hex!("083cb9a00da66af4f56877fcda");

const VOUCHER_INFO_TV: &[u8] =
&hex!("58305818636f61703a2f2f656e726f6c6c6d656e742e7365727665725536b4ce1137b5687354edfac67f12bf611be1aaa1c3");

const SS_TV: u8 = 2;

#[test]
fn test_compute_k_1_iv_1() {
let x: BytesP256ElemLen = X_TV.try_into().unwrap();
let g_w: BytesP256ElemLen = G_W_TV.try_into().unwrap();
let k_1_tv: BytesCcmKeyLen = K_1_TV.try_into().unwrap();
let iv_1_tv: BytesCcmIvLen = IV_1_TV.try_into().unwrap();
let prk_tv: BytesHashLen = PRK_TV.try_into().unwrap();

let prk = hkdf_extract(&[0u8; SHA256_DIGEST_LEN], &p256_ecdh(&x, &g_w));
assert_eq!(prk, prk_tv);

let (k_1, iv_1) = compute_k_1_iv_1(&prk);
assert_eq!(iv_1, iv_1_tv);
assert_eq!(k_1, k_1_tv);
}

#[test]
fn test_build_enc_id() {
let x: BytesP256ElemLen = X_TV.try_into().unwrap();
let id_u: EdhocMessageBuffer = ID_U_TV.try_into().unwrap();
let g_w: BytesP256ElemLen = G_W_TV.try_into().unwrap();
let loc_w: EdhocMessageBuffer = LOC_W_TV.try_into().unwrap();
let enc_id_tv: EdhocMessageBuffer = ENC_ID_TV.try_into().unwrap();
let ss: u8 = EDHOC_SUPPORTED_SUITES[0];

ead_initiator_set_global_state(EADInitiatorState::new(id_u, g_w, loc_w));

let enc_id = build_enc_id(&x, &id_u, &g_w, ss);
let enc_id = build_enc_id(&x, &id_u, &g_w, SS_TV);
assert_eq!(enc_id.content, enc_id_tv.content);
}

Expand Down
54 changes: 30 additions & 24 deletions examples/test-vectors-playground.ipynb
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
},
{
"cell_type": "code",
"execution_count": 22,
"execution_count": 1,
"metadata": {},
"outputs": [],
"source": [
Expand All @@ -38,7 +38,7 @@
},
{
"cell_type": "code",
"execution_count": 16,
"execution_count": 2,
"metadata": {},
"outputs": [],
"source": [
Expand Down Expand Up @@ -115,7 +115,7 @@
},
{
"cell_type": "code",
"execution_count": 24,
"execution_count": 3,
"metadata": {},
"outputs": [],
"source": [
Expand Down Expand Up @@ -150,7 +150,7 @@
},
{
"cell_type": "code",
"execution_count": 31,
"execution_count": 10,
"metadata": {},
"outputs": [
{
Expand All @@ -159,28 +159,30 @@
"text": [
"\n",
"# input\n",
"LOC_W = \"636f61703a2f2f656e726f6c6c6d656e742e736572766572\"\n",
"ID_U = \"a104412b\"\n",
"SS = 2\n",
"const LOC_W_TV: &[u8] = &hex!(\"636f61703a2f2f656e726f6c6c6d656e742e736572766572\");\n",
"const ID_U_TV: &[u8] = &hex!(\"a104412b\");\n",
"const SS_TV: u8 = 2;\n",
"\n",
"# enc_id\n",
"enc_id = \"ec7032dbd8c8f41099dea44da5\"\n",
"salt_fixme = \"0000000000000000000000000000000000000000000000000000000000000000\"\n",
"g_xw = \"e19be60432dfa2e033af21329d393a5d0d3150a6c998b4f4b951af67694dbe1a\"\n",
"prk = \"04da32d221db25db701667f9d3903374a45a9b04f25d1cb481b099a480cece04\"\n",
"k_1 = \"95a90f115d8fc5252849a25ba5225575\"\n",
"iv_1 = \"0ffd5f37ef17a6c51d7769da1d\"\n",
"plaintext = \"44a104412b\"\n",
"enc_structure = \"8368456e637279707430404102\"\n",
"const ENC_ID_TV: &[u8] = &hex!(\"71fb72788b180ebe332697d711\");\n",
"const SALT_FIXME_TV: &[u8] = &hex!(\"0000000000000000000000000000000000000000000000000000000000000000\");\n",
"const G_XW_TV: &[u8] = &hex!(\"e19be60432dfa2e033af21329d393a5d0d3150a6c998b4f4b951af67694dbe1a\");\n",
"const PRK_TV: &[u8] = &hex!(\"04da32d221db25db701667f9d3903374a45a9b04f25d1cb481b099a480cece04\");\n",
"const K_1_INFO_TV: &[u8] = &hex!(\"004010\");\n",
"const IV_1_INFO_TV: &[u8] = &hex!(\"014010\");\n",
"const K_1_TV: &[u8] = &hex!(\"95a90f115d8fc5252849a25ba5225575\");\n",
"const IV_1_TV: &[u8] = &hex!(\"083cb9a00da66af4f56877fcda\");\n",
"const PLAINTEXT_TV: &[u8] = &hex!(\"44a104412b\");\n",
"const ENC_STRUCTURE_TV: &[u8] = &hex!(\"8368456e637279707430404102\");\n",
"\n",
"# voucher_info\n",
"voucher_info = \"58285818636f61703a2f2f656e726f6c6c6d656e742e7365727665724dec7032dbd8c8f41099dea44da5\"\n",
"voucher_info_seq = \"5818636f61703a2f2f656e726f6c6c6d656e742e7365727665724dec7032dbd8c8f41099dea44da5\"\n",
"const VOUCHER_INFO_TV: &[u8] = &hex!(\"58285818636f61703a2f2f656e726f6c6c6d656e742e7365727665724d71fb72788b180ebe332697d711\");\n",
"const VOUCHER_INFO_SEQ_TV: &[u8] = &hex!(\"5818636f61703a2f2f656e726f6c6c6d656e742e7365727665724d71fb72788b180ebe332697d711\");\n",
"\n",
"# ead1\n",
"ead1 = \"0158285818636f61703a2f2f656e726f6c6c6d656e742e7365727665724dec7032dbd8c8f41099dea44da5\"\n",
"label = \"01\"\n",
"value = \"58285818636f61703a2f2f656e726f6c6c6d656e742e7365727665724dec7032dbd8c8f41099dea44da5\"\n"
"const EAD1_TV: &[u8] = &hex!(\"0158285818636f61703a2f2f656e726f6c6c6d656e742e7365727665724d71fb72788b180ebe332697d711\");\n",
"const LABEL_TV: &[u8] = &hex!(\"01\");\n",
"const VALUE_TV: &[u8] = &hex!(\"58285818636f61703a2f2f656e726f6c6c6d656e742e7365727665724d71fb72788b180ebe332697d711\");\n"
]
}
],
Expand All @@ -190,8 +192,10 @@
" salt_fixme = \"00\" * 32 # FIXME rust\n",
" g_xw = p256_ecdh(tv[\"ephemeral_keys\"][\"X\"], tv[\"static_keys\"][\"G_W\"], tv[\"static_keys\"][\"_G_W_y\"])\n",
" prk = hkdf_extract(salt_fixme, g_xw)\n",
" k_1 = hkdf_expand(prk, cbor2.dumps(0)+cbor2.dumps(b'')+cbor2.dumps(16), 16) # info is (0, b'', 16) # FIXME[draft] make 'length' explicit\n",
" iv_1 = hkdf_expand(prk, cbor2.dumps(1)+cbor2.dumps(b'')+cbor2.dumps(13), 13) # info is (1, b'', 13) # FIXME[draft] make 'length' explicit\n",
" k_1_info = (cbor2.dumps(0)+cbor2.dumps(b'')+cbor2.dumps(16)).hex() # info is (0, b'', 16) # FIXME[draft] make 'length' explicit\n",
" iv_1_info = (cbor2.dumps(1)+cbor2.dumps(b'')+cbor2.dumps(16)).hex() # info is (1, b'', 16) # FIXME[draft] make 'length' explicit\n",
" k_1 = hkdf_expand(prk, unhexlify(k_1_info), 16)\n",
" iv_1 = hkdf_expand(prk, unhexlify(iv_1_info), 13)\n",
" plaintext = cbor2.dumps(unhexlify(tv[\"input\"][\"ID_U\"])).hex() # (ID_U: bstr)\n",
" _ss = tv[\"input\"][\"SS\"].to_bytes(1, byteorder='big')\n",
" enc_structure = cbor2.dumps([\"Encrypt0\", b'', _ss]).hex()\n",
Expand All @@ -202,6 +206,8 @@
" \"salt_fixme\": salt_fixme,\n",
" \"g_xw\": g_xw,\n",
" \"prk\": prk,\n",
" \"k_1_info\": k_1_info,\n",
" \"iv_1_info\": iv_1_info,\n",
" \"k_1\": k_1,\n",
" \"iv_1\": iv_1,\n",
" \"plaintext\": plaintext,\n",
Expand Down Expand Up @@ -252,7 +258,7 @@
"\n",
"# rich.print(ead1_tv)\n",
"# format_tv(ead1_tv, \"rust\")\n",
"format_tv(ead1_tv, \"python\", nokeys=True)"
"format_tv(ead1_tv, \"rust\", nokeys=True)"
]
},
{
Expand Down Expand Up @@ -319,7 +325,7 @@
"name": "python",
"nbconvert_exporter": "python",
"pygments_lexer": "ipython3",
"version": "3.10.12"
"version": "3.11.5"
},
"orig_nbformat": 4
},
Expand Down

0 comments on commit 54d4e5e

Please sign in to comment.