From e756401d09b818329538a3f31385ba70e05788bd Mon Sep 17 00:00:00 2001 From: Geovane Fedrecheski Date: Thu, 12 Oct 2023 12:26:42 +0200 Subject: [PATCH] feat: parse voucher request, encode voucher input - includes test vectors - also updates test vectors to reuse keys from lake-traces-07 --- consts/src/lib.rs | 4 +- ead/edhoc-ead-zeroconf/src/lib.rs | 183 ++++++++++++++++++----- examples/traces-zeroconf.ipynb | 240 ++++++++++++++++++++++-------- 3 files changed, 327 insertions(+), 100 deletions(-) diff --git a/consts/src/lib.rs b/consts/src/lib.rs index 6fd3d9cb..da891bd7 100644 --- a/consts/src/lib.rs +++ b/consts/src/lib.rs @@ -6,7 +6,9 @@ pub use structs::*; mod consts { use super::structs::*; - pub const MAX_MESSAGE_SIZE_LEN: usize = 128; // need 128 to handle EAD fields + // TODO: find a way to configure the buffer size + // need 128 to handle EAD fields, and 256 for the EAD_1 voucher + pub const MAX_MESSAGE_SIZE_LEN: usize = 128 + 64; pub const MAX_EAD_SIZE_LEN: usize = 64; pub type EADMessageBuffer = EdhocMessageBuffer; // TODO: make it of size MAX_EAD_SIZE_LEN pub const EAD_ZEROCONF_LABEL: u8 = 0x1; // NOTE: in lake-authz-draft-02 it is still TBD1 diff --git a/ead/edhoc-ead-zeroconf/src/lib.rs b/ead/edhoc-ead-zeroconf/src/lib.rs index 58450897..4e26e867 100644 --- a/ead/edhoc-ead-zeroconf/src/lib.rs +++ b/ead/edhoc-ead-zeroconf/src/lib.rs @@ -260,28 +260,6 @@ pub fn ead_responder_set_global_state(new_state: EADResponderState) { } } -pub fn encode_voucher_request( - message_1: &EdhocMessageBuffer, - opaque_state: &EdhocMessageBuffer, -) -> EdhocMessageBuffer { - let mut output = EdhocMessageBuffer::new(); - - output.content[0] = CBOR_MAJOR_ARRAY | 2; - - output.content[1] = CBOR_BYTE_STRING; - output.content[2] = message_1.len as u8; - output.content[3..3 + message_1.len].copy_from_slice(&message_1.content[..message_1.len]); - - output.content[3 + message_1.len] = CBOR_BYTE_STRING; - output.content[4 + message_1.len] = opaque_state.len as u8; - output.content[5 + message_1.len..5 + message_1.len + opaque_state.len] - .copy_from_slice(&opaque_state.content[..opaque_state.len]); - - output.len = 5 + message_1.len + opaque_state.len; - - output -} - // FIXME: receive opaque_state as parameter, but that requires changing the r_process_message_1 function signature use hexlit::hex; const OPAQUE_STATE_TV: &[u8] = @@ -294,6 +272,7 @@ pub fn r_process_ead_1(ead_1: &EADItem, message_1: &BufferMessage1) -> Result<() } let (loc_w, _enc_id) = parse_ead_1_value(&ead_1.value)?; let voucher_request = encode_voucher_request(message_1, &opaque_state); + // TODO: implement send_voucher_request(&loc_w, &voucher_request); ead_responder_set_global_state(EADResponderState { @@ -342,38 +321,132 @@ fn parse_ead_1_value( Ok((loc_w, enc_id)) } +pub fn encode_voucher_request( + message_1: &EdhocMessageBuffer, + opaque_state: &EdhocMessageBuffer, +) -> EdhocMessageBuffer { + let mut output = EdhocMessageBuffer::new(); + + output.content[0] = CBOR_MAJOR_ARRAY | 2; + + output.content[1] = CBOR_BYTE_STRING; + output.content[2] = message_1.len as u8; + output.content[3..3 + message_1.len].copy_from_slice(&message_1.content[..message_1.len]); + + output.content[3 + message_1.len] = CBOR_BYTE_STRING; + output.content[4 + message_1.len] = opaque_state.len as u8; + output.content[5 + message_1.len..5 + message_1.len + opaque_state.len] + .copy_from_slice(&opaque_state.content[..opaque_state.len]); + + output.len = 5 + message_1.len + opaque_state.len; + + output +} + +// enrollment server +fn handle_voucher_request( + vreq: &EdhocMessageBuffer, + cred_v: &EdhocMessageBuffer, +) -> Result<(), ()> { + let (message_1, opaque_state) = parse_voucher_request(vreq)?; + + // // compute hash + let mut message_1_buf: BytesMaxBuffer = [0x00; MAX_BUFFER_LEN]; + message_1_buf[..message_1.len].copy_from_slice(&message_1.content[..message_1.len]); + let h_message_1 = sha256_digest(&message_1_buf, message_1.len); + + // let voucher_input = encode_voucher_input(&h_message_1, &cred_v); + + // let voucher_content = compute_voucher_content(&voucher_input); + + // Ok(encode_voucher(&voucher_content)) + Ok(()) +} + +fn encode_voucher_input( + h_message_1: &EdhocMessageBuffer, + cred_v: &EdhocMessageBuffer, +) -> EdhocMessageBuffer { + let mut voucher_input = EdhocMessageBuffer::new(); + + voucher_input.content[0] = CBOR_BYTE_STRING; + voucher_input.content[1] = h_message_1.len as u8; + voucher_input.content[2..2 + h_message_1.len] + .copy_from_slice(&h_message_1.content[..h_message_1.len]); + + voucher_input.content[2 + h_message_1.len] = CBOR_BYTE_STRING; + voucher_input.content[3 + h_message_1.len] = cred_v.len as u8; + voucher_input.content[4 + h_message_1.len..4 + h_message_1.len + cred_v.len] + .copy_from_slice(&cred_v.content[..cred_v.len]); + + voucher_input.len = 4 + h_message_1.len + cred_v.len; + + voucher_input +} + +fn parse_voucher_request( + vreq: &EdhocMessageBuffer, +) -> Result<(EdhocMessageBuffer, EdhocMessageBuffer), ()> { + let mut message_1: EdhocMessageBuffer = EdhocMessageBuffer::new(); + let mut opaque_state: EdhocMessageBuffer = EdhocMessageBuffer::new(); + + if vreq.content[0] != (CBOR_MAJOR_ARRAY | 2) || vreq.content[1] != CBOR_BYTE_STRING { + return Err(()); + } + + message_1.len = vreq.content[2] as usize; + message_1.content[..message_1.len].copy_from_slice(&vreq.content[3..3 + message_1.len]); + + if vreq.content[3 + message_1.len] != CBOR_BYTE_STRING { + return Err(()); + } + + opaque_state.len = vreq.content[4 + message_1.len] as usize; + opaque_state.content[..opaque_state.len] + .copy_from_slice(&vreq.content[5 + message_1.len..5 + message_1.len + opaque_state.len]); + + Ok((message_1, opaque_state)) +} + #[cfg(test)] mod test_vectors { use edhoc_consts::*; use hexlit::hex; - // common - pub const MESSAGE_1_WITH_EAD_TV: &[u8] = &hex!("0382060258208af6f430ebe18d34184017a9a11bf511c8dff8f834730b96c1b7c8dbca2fc3b6370158287818636f61703a2f2f656e726f6c6c6d656e742e7365727665724d71fb72788b180ebe332697d711"); - + // inputs // U - pub const X_TV: BytesP256ElemLen = - hex!("A0C71BDBA570FFD270D90BDF416C142921F214406271FCF55B8567F079B50DA0"); pub const ID_U_TV: &[u8] = &hex!("a104412b"); + pub const X_TV: BytesP256ElemLen = + hex!("368ec1f69aeb659ba37d5a8d45b21bdc0299dceaa8ef235f3ca42ce3530f9525"); // V - pub const VOUCHER_REQUEST_TV: &[u8] = &hex!("8258520382060258208af6f430ebe18d34184017a9a11bf511c8dff8f834730b96c1b7c8dbca2fc3b6370158287818636f61703a2f2f656e726f6c6c6d656e742e7365727665724d71fb72788b180ebe332697d711581f827819666538303a3a623833343a643630623a373936663a38646530198bed"); + pub const CRED_V_TV: &[u8] = &hex!("a2026b6578616d706c652e65647508a101a501020241322001215820bbc34960526ea4d32e940cad2a234148ddc21791a12afbcbac93622046dd44f02258204519e257236b2a0ce2023f0931f1f386ca7afda64fcde0108c224c51eabf6072"); // W pub const G_W_TV: &[u8] = &hex!("FFA4F102134029B3B156890B88C9D9619501196574174DCB68A07DB0588E4D41"); pub const LOC_W_TV: &[u8] = &hex!("636F61703A2F2F656E726F6C6C6D656E742E736572766572"); // coap://enrollment.server - pub const ENC_ID_TV: &[u8] = &hex!("71fb72788b180ebe332697d711"); + // computed artifacts + // EAD_1 + pub const SS_TV: u8 = 2; + pub const ENC_ID_TV: &[u8] = &hex!("9a3155137f2be07ee91c51ec23"); pub const PRK_TV: &[u8] = - &hex!("04da32d221db25db701667f9d3903374a45a9b04f25d1cb481b099a480cece04"); - pub const K_1_TV: &[u8] = &hex!("95a90f115d8fc5252849a25ba5225575"); - pub const IV_1_TV: &[u8] = &hex!("083cb9a00da66af4f56877fcda"); - + &hex!("d40f1601b577dbe7827bb3a20e0d16f7231c3a25225c1ed733f9094050d59666"); + pub const K_1_TV: &[u8] = &hex!("6f2a9112801a5011aa33576b5c7862ad"); + pub const IV_1_TV: &[u8] = &hex!("cd6676432b510ed2b7a7f7d5a7"); pub const EAD1_VALUE_TV: &[u8] = &hex!( - "58287818636f61703a2f2f656e726f6c6c6d656e742e7365727665724d71fb72788b180ebe332697d711" + "58287818636f61703a2f2f656e726f6c6c6d656e742e7365727665724d9a3155137f2be07ee91c51ec23" ); + pub const MESSAGE_1_WITH_EAD_TV: &[u8] = &hex!("0382060258208af6f430ebe18d34184017a9a11bf511c8dff8f834730b96c1b7c8dbca2fc3b6370158287818636f61703a2f2f656e726f6c6c6d656e742e7365727665724d9a3155137f2be07ee91c51ec23"); - pub const SS_TV: u8 = 2; + // VREQ + pub const VOUCHER_REQUEST_TV: &[u8] = &hex!("8258520382060258208af6f430ebe18d34184017a9a11bf511c8dff8f834730b96c1b7c8dbca2fc3b6370158287818636f61703a2f2f656e726f6c6c6d656e742e7365727665724d9a3155137f2be07ee91c51ec23581f827819666538303a3a623833343a643630623a373936663a38646530198bed"); + + // VRES + pub const H_MESSAGE_1_TV: &[u8] = + &hex!("970e81d2e895926118ec650f718fb754937429fdb957122a64e952dbaee03139"); + pub const VOUCHER_INPUT_TV: &[u8] = &hex!("5820970e81d2e895926118ec650f718fb754937429fdb957122a64e952dbaee03139585fa2026b6578616d706c652e65647508a101a501020241322001215820bbc34960526ea4d32e940cad2a234148ddc21791a12afbcbac93622046dd44f02258204519e257236b2a0ce2023f0931f1f386ca7afda64fcde0108c224c51eabf6072"); } #[cfg(test)] @@ -482,3 +555,43 @@ mod test_responder { ); } } + +#[cfg(test)] +mod test_enrollment_server { + use super::*; + use edhoc_consts::*; + use hexlit::hex; + use test_vectors::*; + + #[test] + fn test_parse_voucher_request() { + let voucher_request_tv: EdhocMessageBuffer = VOUCHER_REQUEST_TV.try_into().unwrap(); + let message_1_tv: EdhocMessageBuffer = MESSAGE_1_WITH_EAD_TV.try_into().unwrap(); + let opaque_state_tv: EdhocMessageBuffer = OPAQUE_STATE_TV.try_into().unwrap(); + + let voucher_request = parse_voucher_request(&voucher_request_tv); + assert!(voucher_request.is_ok()); + let (message_1, opaque_state) = voucher_request.unwrap(); + assert_eq!(message_1.content, message_1_tv.content); + assert_eq!(opaque_state.content, opaque_state_tv.content); + } + + #[test] + fn test_encode_voucher_input() { + let h_message_1_tv: EdhocMessageBuffer = H_MESSAGE_1_TV.try_into().unwrap(); + let cred_v_tv: EdhocMessageBuffer = CRED_V_TV.try_into().unwrap(); + let voucher_input_tv: EdhocMessageBuffer = VOUCHER_INPUT_TV.try_into().unwrap(); + + let voucher_input = encode_voucher_input(&h_message_1_tv, &cred_v_tv); + assert_eq!(voucher_input.content, voucher_input_tv.content); + } + + #[test] + fn test_handle_voucher_request() { + // let voucher_request_tv: EdhocMessageBuffer = VOUCHER_REQUEST_TV.try_into().unwrap(); + // let voucher_response_tv: EdhocMessageBuffer = VOUCHER_RESPONSE_TV.try_into().unwrap(); + + // let voucher_response = handle_voucher_request(&voucher_request_tv); + // assert_eq!(voucher_response.content, voucher_response_tv.content); + } +} diff --git a/examples/traces-zeroconf.ipynb b/examples/traces-zeroconf.ipynb index c11f2127..93904c21 100644 --- a/examples/traces-zeroconf.ipynb +++ b/examples/traces-zeroconf.ipynb @@ -15,7 +15,7 @@ }, { "cell_type": "code", - "execution_count": 2, + "execution_count": 12, "metadata": {}, "outputs": [], "source": [ @@ -38,7 +38,7 @@ }, { "cell_type": "code", - "execution_count": 18, + "execution_count": 25, "metadata": {}, "outputs": [ { @@ -47,20 +47,29 @@ "text": [ "\n", "# static_keys\n", - "U = \"555C89F41EA42D458F0B4D74499E1C177BA9AD910F525BACF3D64D35E8568DEC\"\n", - "G_U = \"AC69E4299F79FAED612E37C37F99D2B3939B142A8E8E65B90FAB5001F7F2CF56\"\n", - "V = \"1DAF151B30F0F247AEB5598C1EEE8664384166BBC37F262DC6581A67486BCF3C\"\n", - "G_V = \"188B3E5A62352FFCDE66894FCDBBCB33D243A045BAA99357A72012A6AF3A33AD\"\n", + "U = \"fb13adeb6518cee5f88417660841142e830a81fe334380a953406a1305e8706b\"\n", + "G_U = \"ac75e9ece3e50bfc8ed60399889522405c47bf16df96660a41298cb4307f7eb6\"\n", + "G_U_y = \"6e5de611388a4b8a8211334ac7d37ecb52a387d257e6db3c2a93df21ff3affc8\"\n", + "V = \"72cc4761dbd4c78f758931aa589d348d1ef874a7e303ede2f140dcf3e6aa4aac\"\n", + "G_V = \"bbc34960526ea4d32e940cad2a234148ddc21791a12afbcbac93622046dd44f0\"\n", + "G_V_y = \"4519e257236b2a0ce2023f0931f1f386ca7afda64fcde0108c224c51eabf6072\"\n", "W = \"4E5E15AB35008C15B89E91F9F329164D4AACD53D9923672CE0019F9ACD98573F\"\n", "G_W = \"FFA4F102134029B3B156890B88C9D9619501196574174DCB68A07DB0588E4D41\"\n", + "G_W_y = \"BD08125C1A5E9C4F4AA60198A9F897EB656784DE50C0FE840FE3683FC20C295C\"\n", "\n", "# ephemeral_keys\n", - "X = \"A0C71BDBA570FFD270D90BDF416C142921F214406271FCF55B8567F079B50DA0\"\n", - "G_X = \"FF14FB42677CE9D016907F571E5E1CD4E815F098AA37084063A0C34570F6F7F5\"\n", - "Y = \"A1D1A1C084AB0D912CC7A15B7F252FABCA252FAD4CAA8E5D569C94578B52A047\"\n", - "G_Y = \"9F69C52FAE8F7EA9194022C70B238FCBF4AFFFDFFC8341EEC85BA68E2F9BB744\"\n", + "X = \"368ec1f69aeb659ba37d5a8d45b21bdc0299dceaa8ef235f3ca42ce3530f9525\"\n", + "G_X = \"8af6f430ebe18d34184017a9a11bf511c8dff8f834730b96c1b7c8dbca2fc3b6\"\n", + "G_X_y = \"51e8af6c6edb781601ad1d9c5fa8bf7aa15716c7c06a5d038503c614ff80c9b3\"\n", + "Y = \"e2f4126777205e853b437d6eaca1e1f753cdcc3e2c69fa884b0a1a640977e418\"\n", + "G_Y = \"419701d7f00a26c2dc587a36dd752549f33763c893422c8ea0f955a13a4ff5d5\"\n", + "G_Y_y = \"5e4f0dd8a3da0baa16b9d3ad56a0c1860a940af85914915e25019b402417e99d\"\n", "Z = \"644658D815CBCA8EA863090A2D498990B5C75357A729231EC3DE7DF5A7AFE49E\"\n", - "G_Z = \"6B67C90638924C4AE8472CA6FB9A90BE5F43132753346379C672972D323F7A41\"\n" + "G_Z = \"6B67C90638924C4AE8472CA6FB9A90BE5F43132753346379C672972D323F7A41\"\n", + "G_Z_y = \"FA1EFAD24A287B1FEF04683B5B24963A107067541B2E4766088552EE11337D87\"\n", + "\n", + "# creds\n", + "CRED_V = \"a2026b6578616d706c652e65647508a101a501020241322001215820bbc34960526ea4d32e940cad2a234148ddc21791a12afbcbac93622046dd44f02258204519e257236b2a0ce2023f0931f1f386ca7afda64fcde0108c224c51eabf6072\"\n" ] } ], @@ -91,7 +100,7 @@ " x = private_key.public_key().public_numbers().x\n", " y = private_key.public_key().public_numbers().y\n", " d = private_key.private_numbers().private_value\n", - " return {f\"{entity_name}\": as_hex(d), f\"G_{entity_name}\": as_hex(x), f\"_G_{entity_name}_y\": as_hex(y)}\n", + " return {f\"{entity_name}\": as_hex(d), f\"G_{entity_name}\": as_hex(x), f\"G_{entity_name}_y\": as_hex(y)}\n", "\n", " tv[\"static_keys\"] = {}\n", " tv[\"ephemeral_keys\"] = {}\n", @@ -102,32 +111,54 @@ "\n", " return tv\n", "\n", + "def add_creds(tv):\n", + " cred_v = cbor2.dumps({\n", + " 2: \"example.edu\",\n", + " 8: {\n", + " 1: {\n", + " 1: 2,\n", + " 2: b'\\x32',\n", + " -1: 1,\n", + " -2: unhexlify(tv[\"static_keys\"][\"G_V\"]),\n", + " -3: unhexlify(tv[\"static_keys\"][\"G_V_y\"]),\n", + " }\n", + " }\n", + " }).hex() # lake-traces-07\n", + " tv.update({\n", + " \"creds\": {\n", + " \"CRED_V\": cred_v,\n", + " }\n", + " })\n", + " return tv\n", + "\n", "keys_tv = {\n", " 'static_keys': {\n", - " 'U': '555C89F41EA42D458F0B4D74499E1C177BA9AD910F525BACF3D64D35E8568DEC',\n", - " 'G_U': 'AC69E4299F79FAED612E37C37F99D2B3939B142A8E8E65B90FAB5001F7F2CF56',\n", - " '_G_U_y': '9572CF756D05E8B80DF519AEF4BF43E546BCB871A8BC4B676ED548F24F4EC362',\n", - " 'V': '1DAF151B30F0F247AEB5598C1EEE8664384166BBC37F262DC6581A67486BCF3C',\n", - " 'G_V': '188B3E5A62352FFCDE66894FCDBBCB33D243A045BAA99357A72012A6AF3A33AD',\n", - " '_G_V_y': 'C19B9BCB27EF514228016F94DE85C068AFE416B80752EDF256F2593FE367766A',\n", + " 'U': 'fb13adeb6518cee5f88417660841142e830a81fe334380a953406a1305e8706b', # lake-traces-07\n", + " 'G_U': 'ac75e9ece3e50bfc8ed60399889522405c47bf16df96660a41298cb4307f7eb6',\n", + " 'G_U_y': '6e5de611388a4b8a8211334ac7d37ecb52a387d257e6db3c2a93df21ff3affc8',\n", + " 'V': '72cc4761dbd4c78f758931aa589d348d1ef874a7e303ede2f140dcf3e6aa4aac', # lake-traces-07\n", + " 'G_V': 'bbc34960526ea4d32e940cad2a234148ddc21791a12afbcbac93622046dd44f0',\n", + " 'G_V_y': '4519e257236b2a0ce2023f0931f1f386ca7afda64fcde0108c224c51eabf6072',\n", " 'W': '4E5E15AB35008C15B89E91F9F329164D4AACD53D9923672CE0019F9ACD98573F',\n", " 'G_W': 'FFA4F102134029B3B156890B88C9D9619501196574174DCB68A07DB0588E4D41',\n", - " '_G_W_y': 'BD08125C1A5E9C4F4AA60198A9F897EB656784DE50C0FE840FE3683FC20C295C'\n", + " 'G_W_y': 'BD08125C1A5E9C4F4AA60198A9F897EB656784DE50C0FE840FE3683FC20C295C'\n", " },\n", " 'ephemeral_keys': {\n", - " 'X': 'A0C71BDBA570FFD270D90BDF416C142921F214406271FCF55B8567F079B50DA0',\n", - " 'G_X': 'FF14FB42677CE9D016907F571E5E1CD4E815F098AA37084063A0C34570F6F7F5',\n", - " '_G_X_y': '353AFA30B59B6FA90843F8BECD981CEDC0A2BD3E61421EAFE171544D9994C769',\n", - " 'Y': 'A1D1A1C084AB0D912CC7A15B7F252FABCA252FAD4CAA8E5D569C94578B52A047',\n", - " 'G_Y': '9F69C52FAE8F7EA9194022C70B238FCBF4AFFFDFFC8341EEC85BA68E2F9BB744',\n", - " '_G_Y_y': '52CB7AAF4E56C610C91A6185B92AFF5B03E9F73E6010AEBBA72B9C4BDA269C9A',\n", + " 'X': '368ec1f69aeb659ba37d5a8d45b21bdc0299dceaa8ef235f3ca42ce3530f9525', # lake-traces-07\n", + " 'G_X': '8af6f430ebe18d34184017a9a11bf511c8dff8f834730b96c1b7c8dbca2fc3b6',\n", + " 'G_X_y': '51e8af6c6edb781601ad1d9c5fa8bf7aa15716c7c06a5d038503c614ff80c9b3',\n", + " 'Y': 'e2f4126777205e853b437d6eaca1e1f753cdcc3e2c69fa884b0a1a640977e418', # lake-traces-07\n", + " 'G_Y': '419701d7f00a26c2dc587a36dd752549f33763c893422c8ea0f955a13a4ff5d5',\n", + " 'G_Y_y': '5e4f0dd8a3da0baa16b9d3ad56a0c1860a940af85914915e25019b402417e99d',\n", " 'Z': '644658D815CBCA8EA863090A2D498990B5C75357A729231EC3DE7DF5A7AFE49E',\n", " 'G_Z': '6B67C90638924C4AE8472CA6FB9A90BE5F43132753346379C672972D323F7A41',\n", - " '_G_Z_y': 'FA1EFAD24A287B1FEF04683B5B24963A107067541B2E4766088552EE11337D87'\n", + " 'G_Z_y': 'FA1EFAD24A287B1FEF04683B5B24963A107067541B2E4766088552EE11337D87'\n", " },\n", "}\n", "# keys_tv = add_new_keys(keys_tv) # uncomment to generate a new set of keys\n", "\n", + "keys_tv = add_creds(keys_tv)\n", + "\n", "format_tv(keys_tv, \"python\")" ] }, @@ -140,7 +171,7 @@ }, { "cell_type": "code", - "execution_count": 4, + "execution_count": 53, "metadata": {}, "outputs": [], "source": [ @@ -158,7 +189,7 @@ " return hkdf.hkdf_extract(unhexlify(salt), unhexlify(ikm), hash=hashlib.sha256).hex()\n", "\n", "def hkdf_expand(prk, info, length):\n", - " return hkdf.hkdf_expand(unhexlify(prk), info, length, hash=hashlib.sha256).hex()\n", + " return hkdf.hkdf_expand(unhexlify(prk), unhexlify(info), length, hash=hashlib.sha256).hex()\n", "\n", "def aes_ccm_encrypt_tag_8(key, iv, enc_structure, plaintext):\n", " return aead.AESCCM(unhexlify(key), tag_length=8).encrypt(unhexlify(iv), unhexlify(plaintext), unhexlify(enc_structure)).hex()\n" @@ -175,7 +206,7 @@ }, { "cell_type": "code", - "execution_count": 19, + "execution_count": 54, "metadata": {}, "outputs": [ { @@ -184,30 +215,33 @@ "text": [ "\n", "# input\n", - "LOC_W = \"636f61703a2f2f656e726f6c6c6d656e742e736572766572\"\n", - "ID_U = \"a104412b\"\n", - "SS = 2\n", + "const LOC_W_TV: &[u8] = &hex!(\"636f61703a2f2f656e726f6c6c6d656e742e736572766572\");\n", + "const ID_U_TV: &[u8] = &hex!(\"a104412b\");\n", + "const SS_TV: u8 = 2;\n", + "\n", + "# creds\n", + "const CRED_V_TV: &[u8] = &hex!(\"a2026b6578616d706c652e65647508a101a501020241322001215820bbc34960526ea4d32e940cad2a234148ddc21791a12afbcbac93622046dd44f02258204519e257236b2a0ce2023f0931f1f386ca7afda64fcde0108c224c51eabf6072\");\n", "\n", "# enc_id\n", - "enc_id = \"71fb72788b180ebe332697d711\"\n", - "salt = \"\"\n", - "g_xw = \"e19be60432dfa2e033af21329d393a5d0d3150a6c998b4f4b951af67694dbe1a\"\n", - "prk = \"04da32d221db25db701667f9d3903374a45a9b04f25d1cb481b099a480cece04\"\n", - "k_1_info = \"004010\"\n", - "iv_1_info = \"014010\"\n", - "k_1 = \"95a90f115d8fc5252849a25ba5225575\"\n", - "iv_1 = \"083cb9a00da66af4f56877fcda\"\n", - "plaintext = \"44a104412b\"\n", - "enc_structure = \"8368456e637279707430404102\"\n", + "const ENC_ID_TV: &[u8] = &hex!(\"9a3155137f2be07ee91c51ec23\");\n", + "const SALT_TV: &[u8] = &hex!(\"\");\n", + "const G_XW_TV: &[u8] = &hex!(\"03a658e9628c79c3f1e59239ca5e604953d11e01c2a442823c944da6682d0b6c\");\n", + "const PRK_TV: &[u8] = &hex!(\"d40f1601b577dbe7827bb3a20e0d16f7231c3a25225c1ed733f9094050d59666\");\n", + "const K_1_INFO_TV: &[u8] = &hex!(\"004010\");\n", + "const IV_1_INFO_TV: &[u8] = &hex!(\"014010\");\n", + "const K_1_TV: &[u8] = &hex!(\"6f2a9112801a5011aa33576b5c7862ad\");\n", + "const IV_1_TV: &[u8] = &hex!(\"cd6676432b510ed2b7a7f7d5a7\");\n", + "const PLAINTEXT_TV: &[u8] = &hex!(\"44a104412b\");\n", + "const ENC_STRUCTURE_TV: &[u8] = &hex!(\"8368456e637279707430404102\");\n", "\n", "# voucher_info\n", - "voucher_info = \"58287818636f61703a2f2f656e726f6c6c6d656e742e7365727665724d71fb72788b180ebe332697d711\"\n", - "voucher_info_seq = \"7818636f61703a2f2f656e726f6c6c6d656e742e7365727665724d71fb72788b180ebe332697d711\"\n", + "const VOUCHER_INFO_TV: &[u8] = &hex!(\"58287818636f61703a2f2f656e726f6c6c6d656e742e7365727665724d9a3155137f2be07ee91c51ec23\");\n", + "const VOUCHER_INFO_SEQ_TV: &[u8] = &hex!(\"7818636f61703a2f2f656e726f6c6c6d656e742e7365727665724d9a3155137f2be07ee91c51ec23\");\n", "\n", "# ead1\n", - "ead1 = \"0158287818636f61703a2f2f656e726f6c6c6d656e742e7365727665724d71fb72788b180ebe332697d711\"\n", - "ead1_label = \"01\"\n", - "ead1_value = \"58287818636f61703a2f2f656e726f6c6c6d656e742e7365727665724d71fb72788b180ebe332697d711\"\n" + "const EAD1_TV: &[u8] = &hex!(\"0158287818636f61703a2f2f656e726f6c6c6d656e742e7365727665724d9a3155137f2be07ee91c51ec23\");\n", + "const EAD1_LABEL_TV: &[u8] = &hex!(\"01\");\n", + "const EAD1_VALUE_TV: &[u8] = &hex!(\"58287818636f61703a2f2f656e726f6c6c6d656e742e7365727665724d9a3155137f2be07ee91c51ec23\");\n" ] } ], @@ -215,12 +249,12 @@ "\n", "def add_enc_id(tv):\n", " salt = \"\"\n", - " g_xw = p256_ecdh(tv[\"ephemeral_keys\"][\"X\"], tv[\"static_keys\"][\"G_W\"], tv[\"static_keys\"][\"_G_W_y\"])\n", + " g_xw = p256_ecdh(tv[\"ephemeral_keys\"][\"X\"], tv[\"static_keys\"][\"G_W\"], tv[\"static_keys\"][\"G_W_y\"])\n", " prk = hkdf_extract(salt, g_xw)\n", " k_1_info = (cbor2.dumps(0)+cbor2.dumps(b'')+cbor2.dumps(16)).hex() # info is (0, b'', 16) # FIXME[draft] make 'length' explicit\n", " iv_1_info = (cbor2.dumps(1)+cbor2.dumps(b'')+cbor2.dumps(16)).hex() # info is (1, b'', 16) # FIXME[draft] make 'length' explicit\n", - " k_1 = hkdf_expand(prk, unhexlify(k_1_info), 16)\n", - " iv_1 = hkdf_expand(prk, unhexlify(iv_1_info), 13)\n", + " k_1 = hkdf_expand(prk, k_1_info, 16)\n", + " iv_1 = hkdf_expand(prk, iv_1_info, 13)\n", " plaintext = cbor2.dumps(unhexlify(tv[\"input\"][\"ID_U\"])).hex() # (ID_U: bstr)\n", " _ss = tv[\"input\"][\"SS\"].to_bytes(1, byteorder='big')\n", " enc_structure = cbor2.dumps([\"Encrypt0\", b'', _ss]).hex()\n", @@ -281,7 +315,7 @@ "ead1_tv = add_voucher_info(ead1_tv)\n", "ead1_tv = add_ead1(ead1_tv)\n", "\n", - "format_tv(ead1_tv, \"python\", nokeys=True)" + "format_tv(ead1_tv, \"rust\", nokeys=True)" ] }, { @@ -295,7 +329,7 @@ }, { "cell_type": "code", - "execution_count": 20, + "execution_count": 55, "metadata": {}, "outputs": [ { @@ -304,12 +338,12 @@ "text": [ "\n", "# input\n", - "EAD_1_VALUE = \"58287818636f61703a2f2f656e726f6c6c6d656e742e7365727665724d71fb72788b180ebe332697d711\"\n", - "MESSAGE_1_WITH_EAD = \"0382060258208af6f430ebe18d34184017a9a11bf511c8dff8f834730b96c1b7c8dbca2fc3b6370158287818636f61703a2f2f656e726f6c6c6d656e742e7365727665724d71fb72788b180ebe332697d711\"\n", - "OPAQUE_STATE = \"827819666538303a3a623833343a643630623a373936663a38646530198bed\"\n", + "const EAD_1_VALUE_TV: &[u8] = &hex!(\"58287818636f61703a2f2f656e726f6c6c6d656e742e7365727665724d9a3155137f2be07ee91c51ec23\");\n", + "const MESSAGE_1_WITH_EAD_TV: &[u8] = &hex!(\"0382060258208af6f430ebe18d34184017a9a11bf511c8dff8f834730b96c1b7c8dbca2fc3b6370158287818636f61703a2f2f656e726f6c6c6d656e742e7365727665724d9a3155137f2be07ee91c51ec23\");\n", + "const OPAQUE_STATE_TV: &[u8] = &hex!(\"827819666538303a3a623833343a643630623a373936663a38646530198bed\");\n", "\n", "# voucher_request\n", - "voucher_request = \"8258520382060258208af6f430ebe18d34184017a9a11bf511c8dff8f834730b96c1b7c8dbca2fc3b6370158287818636f61703a2f2f656e726f6c6c6d656e742e7365727665724d71fb72788b180ebe332697d711581f827819666538303a3a623833343a643630623a373936663a38646530198bed\"\n" + "const VOUCHER_REQUEST_TV: &[u8] = &hex!(\"8258520382060258208af6f430ebe18d34184017a9a11bf511c8dff8f834730b96c1b7c8dbca2fc3b6370158287818636f61703a2f2f656e726f6c6c6d656e742e7365727665724d9a3155137f2be07ee91c51ec23581f827819666538303a3a623833343a643630623a373936663a38646530198bed\");\n" ] } ], @@ -333,11 +367,89 @@ " \"OPAQUE_STATE\": cbor2.dumps([\"fe80::b834:d60b:796f:8de0\", 35821]).hex(), # [ORIGIN_IPADDR, PORT]\n", " }\n", "}\n", - "# voucher_request_tv.update(keys_tv) # using existing keys\n", "\n", "voucher_request_tv = add_voucher_request(voucher_request_tv)\n", "\n", - "format_tv(voucher_request_tv, \"python\")" + "format_tv(voucher_request_tv, \"rust\")" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "### Traces for Voucher\n", + "\n", + "See https://www.ietf.org/archive/id/draft-selander-lake-authz-03.html#name-voucher" + ] + }, + { + "cell_type": "code", + "execution_count": 60, + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "\n", + "# input\n", + "const VOUCHER_REQUEST_TV: &[u8] = &hex!(\"8258520382060258208af6f430ebe18d34184017a9a11bf511c8dff8f834730b96c1b7c8dbca2fc3b6370158287818636f61703a2f2f656e726f6c6c6d656e742e7365727665724d9a3155137f2be07ee91c51ec23581f827819666538303a3a623833343a643630623a373936663a38646530198bed\");\n", + "const MESSAGE_1_WITH_EAD_TV_TV: &[u8] = &hex!(\"0382060258208af6f430ebe18d34184017a9a11bf511c8dff8f834730b96c1b7c8dbca2fc3b6370158287818636f61703a2f2f656e726f6c6c6d656e742e7365727665724d9a3155137f2be07ee91c51ec23\");\n", + "const OPAQUE_STATE_TV: &[u8] = &hex!(\"827819666538303a3a623833343a643630623a373936663a38646530198bed\");\n", + "const CRED_V_TV: &[u8] = &hex!(\"a2026b6578616d706c652e65647508a101a501020241322001215820bbc34960526ea4d32e940cad2a234148ddc21791a12afbcbac93622046dd44f02258204519e257236b2a0ce2023f0931f1f386ca7afda64fcde0108c224c51eabf6072\");\n", + "const PRK_TV: &[u8] = &hex!(\"d40f1601b577dbe7827bb3a20e0d16f7231c3a25225c1ed733f9094050d59666\");\n", + "\n", + "# voucher\n", + "const VOUCHER_TV: &[u8] = &hex!(\"487f0002400b44ed0f\");\n", + "const H_MESSAGE_1_TV: &[u8] = &hex!(\"970e81d2e895926118ec650f718fb754937429fdb957122a64e952dbaee03139\");\n", + "const LABEL_TV: u8 = 2;\n", + "const CONTEXT_TV: &[u8] = &hex!(\"58a3784039373065383164326538393539323631313865633635306637313866623735343933373432396664623935373132326136346539353264626165653033313339585fa2026b6578616d706c652e65647508a101a501020241322001215820bbc34960526ea4d32e940cad2a234148ddc21791a12afbcbac93622046dd44f02258204519e257236b2a0ce2023f0931f1f386ca7afda64fcde0108c224c51eabf6072\");\n", + "const MAC_LENGTH_TV: u8 = 8;\n", + "const INFO_TV: &[u8] = &hex!(\"0279014a35386133373834303339333733303635333833313634333236353338333933353339333233363331333133383635363333363335333036363337333133383636363233373335333433393333333733343332333936363634363233393335333733313332333236313336333436353339333533323634363236313635363533303333333133333339353835666132303236623635373836313664373036633635326536353634373530386131303161353031303230323431333232303031323135383230626263333439363035323665613464333265393430636164326132333431343864646332313739316131326166626362616339333632323034366464343466303232353832303435313965323537323336623261306365323032336630393331663166333836636137616664613634666364653031303863323234633531656162663630373208\");\n", + "const VOUCHER_INPUT_TV: &[u8] = &hex!(\"784039373065383164326538393539323631313865633635306637313866623735343933373432396664623935373132326136346539353264626165653033313339585fa2026b6578616d706c652e65647508a101a501020241322001215820bbc34960526ea4d32e940cad2a234148ddc21791a12afbcbac93622046dd44f02258204519e257236b2a0ce2023f0931f1f386ca7afda64fcde0108c224c51eabf6072\");\n", + "const VOUCHER_CONTENT_TV: &[u8] = &hex!(\"7f0002400b44ed0f\");\n" + ] + } + ], + "source": [ + "def hash_message(message):\n", + " return hashlib.sha256(message.encode()).hexdigest()\n", + "\n", + "def add_voucher(tv):\n", + " h_message_1 = hash_message(tv[\"input\"][\"MESSAGE_1_WITH_EAD_TV\"])\n", + " voucher_input = (cbor2.dumps(h_message_1) + cbor2.dumps(unhexlify(tv[\"input\"][\"CRED_V\"]))).hex()\n", + " label = 2\n", + " context = cbor2.dumps(unhexlify(voucher_input)).hex()\n", + " mac_length = 8\n", + " info = (cbor2.dumps(label) + cbor2.dumps(context) + cbor2.dumps(mac_length)).hex()\n", + " voucher_content = hkdf_expand(tv[\"input\"][\"PRK\"], info, mac_length)\n", + " voucher = cbor2.dumps(unhexlify(voucher_content)).hex()\n", + " tv.update({\n", + " \"voucher\": {\n", + " \"voucher\": voucher,\n", + " \"h_message_1\": h_message_1,\n", + " \"voucher_input\": voucher_input,\n", + " \"label\": label,\n", + " \"context\": context,\n", + " \"mac_length\": mac_length,\n", + " \"info\": info,\n", + " \"voucher_content\": voucher_content,\n", + " }\n", + " })\n", + " return tv\n", + "\n", + "voucher_tv = {\n", + " \"input\": {\n", + " \"VOUCHER_REQUEST\": voucher_request_tv[\"voucher_request\"][\"voucher_request\"],\n", + " \"MESSAGE_1_WITH_EAD_TV\": voucher_request_tv[\"input\"][\"MESSAGE_1_WITH_EAD\"],\n", + " \"OPAQUE_STATE\": voucher_request_tv[\"input\"][\"OPAQUE_STATE\"],\n", + " \"CRED_V\": keys_tv[\"creds\"][\"CRED_V\"],\n", + " \"PRK\": ead1_tv[\"enc_id\"][\"prk\"],\n", + " }\n", + "}\n", + "voucher_tv = add_voucher(voucher_tv)\n", + "\n", + "format_tv(voucher_tv, \"rust\")" ] }, { @@ -349,7 +461,7 @@ }, { "cell_type": "code", - "execution_count": 5, + "execution_count": 17, "metadata": {}, "outputs": [ { @@ -366,10 +478,10 @@ { "data": { "text/plain": [ - "" + "" ] }, - "execution_count": 5, + "execution_count": 17, "metadata": {}, "output_type": "execute_result" } @@ -380,8 +492,8 @@ "class Test(unittest.TestCase):\n", " def test_ead_1(self):\n", " self.assertEqual(\n", - " p256_ecdh(keys_tv[\"ephemeral_keys\"][\"X\"], keys_tv[\"static_keys\"][\"G_W\"], keys_tv[\"static_keys\"][\"_G_W_y\"]), \n", - " p256_ecdh(keys_tv[\"static_keys\"][\"W\"], keys_tv[\"ephemeral_keys\"][\"G_X\"], keys_tv[\"ephemeral_keys\"][\"_G_X_y\"]), \n", + " p256_ecdh(keys_tv[\"ephemeral_keys\"][\"X\"], keys_tv[\"static_keys\"][\"G_W\"], keys_tv[\"static_keys\"][\"G_W_y\"]), \n", + " p256_ecdh(keys_tv[\"static_keys\"][\"W\"], keys_tv[\"ephemeral_keys\"][\"G_X\"], keys_tv[\"ephemeral_keys\"][\"G_X_y\"]), \n", " )\n", "\n", "unittest.main(argv=[''], exit=False)" @@ -404,7 +516,7 @@ "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython3", - "version": "3.11.5" + "version": "3.10.12" }, "orig_nbformat": 4 },