1 /* 2 * Copyright (c) 2023 Eriptic Technologies. 3 * 4 * SPDX-License-Identifier: Apache-2.0 or MIT 5 */ 6 7 #include "oscore.h" 8 9 10 /** 11 * Test 1: 12 * - Client Key derivation with master salt see RFC8613 Appendix C.1.1 13 * - Generating OSCORE request with key form C.1.1 see RFC8613 Appendix C.4 14 */ 15 16 /*Test vector C1.1: Key derivation with Master Salt*/ 17 const uint8_t T1__MASTER_SECRET[16] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 18 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 19 0x0d, 0x0e, 0x0f, 0x10 }; 20 uint8_t T1__MASTER_SECRET_LEN = sizeof(T1__MASTER_SECRET); 21 22 const uint8_t *T1__SENDER_ID = NULL; 23 uint8_t T1__SENDER_ID_LEN = 0; 24 25 const uint8_t T1__RECIPIENT_ID[1] = { 0x01 }; 26 uint8_t T1__RECIPIENT_ID_LEN = sizeof(T1__RECIPIENT_ID); 27 28 const uint8_t T1__MASTER_SALT[8] = { 0x9e, 0x7c, 0xa9, 0x22, 29 0x23, 0x78, 0x63, 0x40 }; 30 uint8_t T1__MASTER_SALT_LEN = sizeof(T1__MASTER_SALT); 31 32 const uint8_t *T1__ID_CONTEXT = NULL; 33 uint8_t T1__ID_CONTEXT_LEN = 0; 34 35 /*Test vector C4: Generating a OSCORE Packet with key material form test vector C.1 */ 36 const uint8_t T1__COAP_REQ[] = { 0x44, 0x01, 0x5d, 0x1f, 0x00, 0x00, 0x39, 0x74, 37 0x39, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 38 0x73, 0x74, 0x83, 0x74, 0x76, 0x31 }; 39 uint16_t T1__COAP_REQ_LEN = sizeof(T1__COAP_REQ); 40 41 /*Expected result*/ 42 const uint8_t T1__SENDER_KEY[] = { 0xf0, 0x91, 0x0e, 0xd7, 0x29, 0x5e, 43 0x6a, 0xd4, 0xb5, 0x4f, 0xc7, 0x93, 44 0x15, 0x43, 0x02, 0xff }; 45 uint8_t T1__SENDER_KEY_LEN = sizeof(T1__SENDER_KEY); 46 47 const uint8_t T1__RECIPIENT_KEY[] = { 0xff, 0xb1, 0x4e, 0x09, 0x3c, 0x94, 48 0xc9, 0xca, 0xc9, 0x47, 0x16, 0x48, 49 0xb4, 0xf9, 0x87, 0x10 }; 50 uint8_t T1__RECIPIENT_KEY_LEN = sizeof(T1__RECIPIENT_KEY); 51 52 const uint8_t T1__COMMON_IV[] = { 0x46, 0x22, 0xd4, 0xdd, 0x6d, 0x94, 0x41, 53 0x68, 0xee, 0xfb, 0x54, 0x98, 0x7c }; 54 uint8_t T1__COMMON_IV_LEN = sizeof(T1__COMMON_IV); 55 56 const uint8_t T1__OSCORE_REQ[] = { 0x44, 0x02, 0x5d, 0x1f, 0x00, 0x00, 0x39, 57 0x74, 0x39, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 58 0x68, 0x6f, 0x73, 0x74, 0x62, 0x09, 0x14, 59 0xff, 0x61, 0x2f, 0x10, 0x92, 0xf1, 0x77, 60 0x6f, 0x1c, 0x16, 0x68, 0xb3, 0x82, 0x5e }; 61 uint8_t T1__OSCORE_REQ_LEN = sizeof(T1__OSCORE_REQ); 62 63 /*test the response*/ 64 /*Values from Appendix C7*/ 65 const uint8_t T1__OSCORE_RESP[] = { 0x64, 0x44, 0x5D, 0x1F, 0x00, 0x00, 0x39, 66 0x74, 0x90, 0xFF, 0xDB, 0xAA, 0xD1, 0xE9, 67 0xA7, 0xE7, 0xB2, 0xA8, 0x13, 0xD3, 0xC3, 68 0x15, 0x24, 0x37, 0x83, 0x03, 0xCD, 0xAF, 69 0xAE, 0x11, 0x91, 0x06 }; 70 uint8_t T1__OSCORE_RESP_LEN = sizeof(T1__OSCORE_RESP); 71 72 const uint8_t T1__COAP_RESPONSE[] = { 73 0x64, 0x45, 0x5d, 0x1f, 0x00, 0x00, 0x39, 0x74, 0xff, 0x48, 0x65, 74 0x6c, 0x6c, 0x6f, 0x20, 0x57, 0x6f, 0x72, 0x6c, 0x64, 0x21 75 }; 76 uint8_t T1__COAP_RESPONSE_LEN = sizeof(T1__COAP_RESPONSE); 77 78 /** 79 * Test 2: 80 * - Server Key derivation with master salt see RFC8613 Appendix C.1.2 81 * - Generating OSCORE response with key form C.1.2 see RFC8613 Appendix C.7 82 */ 83 const uint8_t T2__MASTER_SECRET[16] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 84 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 85 0x0d, 0x0e, 0x0f, 0x10 }; 86 uint8_t T2__MASTER_SECRET_LEN = sizeof(T2__MASTER_SECRET); 87 88 uint8_t T2__SENDER_ID[] = { 0x01 }; 89 uint8_t T2__SENDER_ID_LEN = sizeof(T2__SENDER_ID); 90 91 uint8_t *T2__RECIPIENT_ID = NULL; 92 uint8_t T2__RECIPIENT_ID_LEN = 0; 93 94 const uint8_t T2__MASTER_SALT[8] = { 0x9e, 0x7c, 0xa9, 0x22, 95 0x23, 0x78, 0x63, 0x40 }; 96 uint8_t T2__MASTER_SALT_LEN = sizeof(T2__MASTER_SALT); 97 98 uint8_t *T2__ID_CONTEXT = NULL; 99 uint8_t T2__ID_CONTEXT_LEN = 0; 100 101 /*The OSCORE message created in C4 (35 Byte). Constructed from a CoAP request of length 22. This request contains no payload. The request contains only Uri-host (locahost) and Uri-path option (tv1). In the OSCORE packet Uri-host option is transferred as plain normal option, The Uri-path is contained in the ciphertext. */ 102 const uint8_t T2__OSCORE_REQ[] = { 0x44, 0x02, 0x5d, 0x1f, 0x00, 0x00, 0x39, 103 0x74, 0x39, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 104 0x68, 0x6f, 0x73, 0x74, 0x62, 0x09, 0x14, 105 0xff, 0x61, 0x2f, 0x10, 0x92, 0xf1, 0x77, 106 0x6f, 0x1c, 0x16, 0x68, 0xb3, 0x82, 0x5e }; 107 uint8_t T2__OSCORE_REQ_LEN = sizeof(T2__OSCORE_REQ); 108 109 /*Unprotected CoAP response (21 bytes)*/ 110 /*Contains the payload "Hello World!"*/ 111 const uint8_t T2__COAP_RESPONSE[] = { 112 0x64, 0x45, 0x5d, 0x1f, 0x00, 0x00, 0x39, 0x74, 0xff, 0x48, 0x65, 113 0x6c, 0x6c, 0x6f, 0x20, 0x57, 0x6f, 0x72, 0x6c, 0x64, 0x21 114 }; 115 uint8_t T2__COAP_RESPONSE_LEN = sizeof(T2__COAP_RESPONSE); 116 117 /*Expected result*/ 118 /*the reconstructed coap request see Appendix C4*/ 119 const uint8_t T2__COAP_REQ[] = { 0x44, 0x01, 0x5d, 0x1f, 0x00, 0x00, 0x39, 0x74, 120 0x39, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 121 0x73, 0x74, 0x83, 0x74, 0x76, 0x31 }; 122 uint8_t T2__COAP_REQ_LEN = sizeof(T2__COAP_REQ); 123 124 const uint8_t T2__OSCORE_RESP[] = { 0x64, 0x44, 0x5D, 0x1F, 0x00, 0x00, 0x39, 125 0x74, 0x90, 0xFF, 0xDB, 0xAA, 0xD1, 0xE9, 126 0xA7, 0xE7, 0xB2, 0xA8, 0x13, 0xD3, 0xC3, 127 0x15, 0x24, 0x37, 0x83, 0x03, 0xCD, 0xAF, 128 0xAE, 0x11, 0x91, 0x06 }; 129 uint8_t T2__OSCORE_RESP_LEN = sizeof(T2__OSCORE_RESP); 130 131 /** 132 * Test 3: 133 * - Client Key derivation without master salt see RFC8613 Appendix C.2.1 134 * - Generating OSCORE request with key form C.2.1 see RFC8613 Appendix C.5 135 */ 136 /*Test vector C2.1: Key derivation without Master Salt*/ 137 const uint8_t T3__MASTER_SECRET[16] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 138 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 139 0x0d, 0x0e, 0x0f, 0x10 }; 140 uint8_t T3__MASTER_SECRET_LEN = sizeof(T3__MASTER_SECRET); 141 142 const uint8_t T3__SENDER_ID[1] = { 0x00 }; 143 uint8_t T3__SENDER_ID_LEN = sizeof(T3__SENDER_ID); 144 145 const uint8_t T3__RECIPIENT_ID[1] = { 0x01 }; 146 uint8_t T3__RECIPIENT_ID_LEN = sizeof(T3__RECIPIENT_ID); 147 148 const uint8_t *T3__MASTER_SALT = NULL; 149 uint8_t T3__MASTER_SALT_LEN = 0; 150 151 const uint8_t *T3__ID_CONTEXT = NULL; 152 uint8_t T3__ID_CONTEXT_LEN = 0; 153 154 /*Test vector C5: Generating a OSCORE Packet with key material form test vector C.2.1 */ 155 const uint8_t T3__COAP_REQ[] = { 0x44, 0x01, 0x71, 0xc3, 0x00, 0x00, 0xb9, 0x32, 156 0x39, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 157 0x73, 0x74, 0x83, 0x74, 0x76, 0x31 }; 158 uint16_t T3__COAP_REQ_LEN = sizeof(T3__COAP_REQ); 159 160 /*expected result*/ 161 const uint8_t T3__OSCORE_REQ[] = { 162 0x44, 0x02, 0x71, 0xc3, 0x00, 0x00, 0xb9, 0x32, 0x39, 0x6c, 0x6f, 0x63, 163 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x63, 0x09, 0x14, 0x00, 0xff, 0x4e, 164 0xd3, 0x39, 0xa5, 0xa3, 0x79, 0xb0, 0xb8, 0xbc, 0x73, 0x1f, 0xff, 0xb0 165 }; 166 uint8_t T3__OSCORE_REQ_LEN = sizeof(T3__OSCORE_REQ); 167 168 /** 169 * Test 4: 170 * - Server Key derivation without master salt see RFC8613 Appendix C.2.2 171 */ 172 /*Test vector C2.2: Key derivation without Master Salt*/ 173 const uint8_t T4__MASTER_SECRET[16] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 174 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 175 0x0d, 0x0e, 0x0f, 0x10 }; 176 uint8_t T4__MASTER_SECRET_LEN = sizeof(T4__MASTER_SECRET); 177 178 const uint8_t T4__SENDER_ID[1] = { 0x01 }; 179 uint8_t T4__SENDER_ID_LEN = sizeof(T4__SENDER_ID); 180 181 const uint8_t T4__RECIPIENT_ID[1] = { 0x00 }; 182 uint8_t T4__RECIPIENT_ID_LEN = sizeof(T4__RECIPIENT_ID); 183 184 const uint8_t *T4__MASTER_SALT = NULL; 185 uint8_t T4__MASTER_SALT_LEN = 0; 186 187 const uint8_t *T4__ID_CONTEXT = NULL; 188 uint8_t T4__ID_CONTEXT_LEN = 0; 189 190 /*expected result*/ 191 const uint8_t T4__SENDER_KEY[] = { 0xe5, 0x7b, 0x56, 0x35, 0x81, 0x51, 192 0x77, 0xcd, 0x67, 0x9a, 0xb4, 0xbc, 193 0xec, 0x9d, 0x7d, 0xda }; 194 uint8_t T4__SENDER_KEY_LEN = sizeof(T4__SENDER_KEY); 195 196 const uint8_t T4__RECIPIENT_KEY[] = { 0x32, 0x1b, 0x26, 0x94, 0x32, 0x53, 197 0xc7, 0xff, 0xb6, 0x00, 0x3b, 0x0b, 198 0x64, 0xd7, 0x40, 0x41 }; 199 uint8_t T4__RECIPIENT_KEY_LEN = sizeof(T4__RECIPIENT_KEY); 200 201 const uint8_t T4__COMMON_IV[] = { 0xbe, 0x35, 0xae, 0x29, 0x7d, 0x2d, 0xac, 202 0xe9, 0x10, 0xc5, 0x2e, 0x99, 0xf9 }; 203 uint8_t T4__COMMON_IV_LEN = sizeof(T4__COMMON_IV); 204 205 /** 206 * Test 5 : 207 * - Client Key derivation with ID Context see Appendix 3.1 208 * - OSCORE request generation see Appendix C6 209 */ 210 /*Test vector C3.1: Key derivation with ID Context*/ 211 const uint8_t T5__MASTER_SECRET[16] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 212 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 213 0x0d, 0x0e, 0x0f, 0x10 }; 214 uint8_t T5__MASTER_SECRET_LEN = sizeof(T5__MASTER_SECRET); 215 216 const uint8_t *T5__SENDER_ID = NULL; 217 uint8_t T5__SENDER_ID_LEN = 0; 218 219 const uint8_t T5__RECIPIENT_ID[1] = { 0x01 }; 220 uint8_t T5__RECIPIENT_ID_LEN = sizeof(T5__RECIPIENT_ID); 221 222 const uint8_t T5__MASTER_SALT[8] = { 0x9e, 0x7c, 0xa9, 0x22, 223 0x23, 0x78, 0x63, 0x40 }; 224 uint8_t T5__MASTER_SALT_LEN = sizeof(T5__MASTER_SALT); 225 226 const uint8_t T5__ID_CONTEXT[8] = { 0x37, 0xcb, 0xf3, 0x21, 227 0x00, 0x17, 0xa2, 0xd3 }; 228 uint8_t T5__ID_CONTEXT_LEN = sizeof(T5__ID_CONTEXT); 229 230 /*Test vector C6: Generating a OSCORE Packet with key material form test vector C.2.1 */ 231 const uint8_t T5__COAP_REQ[] = { 0x44, 0x01, 0x2f, 0x8e, 0xef, 0x9b, 0xbf, 0x7a, 232 0x39, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 233 0x73, 0x74, 0x83, 0x74, 0x76, 0x31 }; 234 uint16_t T5__COAP_REQ_LEN = sizeof(T5__COAP_REQ); 235 236 /*Expected result*/ 237 const uint8_t T5__OSCORE_REQ[] = { 238 0x44, 0x02, 0x2f, 0x8e, 0xef, 0x9b, 0xbf, 0x7a, 0x39, 0x6c, 0x6f, 239 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x6b, 0x19, 0x14, 0x08, 240 0x37, 0xcb, 0xf3, 0x21, 0x00, 0x17, 0xa2, 0xd3, 0xff, 0x72, 0xcd, 241 0x72, 0x73, 0xfd, 0x33, 0x1a, 0xc4, 0x5c, 0xff, 0xbe, 0x55, 0xc3 242 }; 243 uint8_t T5__OSCORE_REQ_LEN = sizeof(T5__OSCORE_REQ); 244 245 /** 246 * Test 6: 247 * - Server Key derivation with ID context see RFC8613 Appendix C.3.2 248 */ 249 const uint8_t T6__MASTER_SECRET[16] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 250 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 251 0x0d, 0x0e, 0x0f, 0x10 }; 252 uint8_t T6__MASTER_SECRET_LEN = sizeof(T6__MASTER_SECRET); 253 254 const uint8_t T6__SENDER_ID[1] = { 0x01 }; 255 uint8_t T6__SENDER_ID_LEN = sizeof(T6__SENDER_ID); 256 257 const uint8_t *T6__RECIPIENT_ID = NULL; 258 uint8_t T6__RECIPIENT_ID_LEN = 0; 259 260 const uint8_t T6__MASTER_SALT[8] = { 0x9e, 0x7c, 0xa9, 0x22, 261 0x23, 0x78, 0x63, 0x40 }; 262 uint8_t T6__MASTER_SALT_LEN = sizeof(T5__MASTER_SALT); 263 264 const uint8_t T6__ID_CONTEXT[8] = { 0x37, 0xcb, 0xf3, 0x21, 265 0x00, 0x17, 0xa2, 0xd3 }; 266 uint8_t T6__ID_CONTEXT_LEN = sizeof(T5__ID_CONTEXT); 267 268 /*expected result*/ 269 const uint8_t T6__SENDER_KEY[] = { 0xe3, 0x9a, 0x0c, 0x7c, 0x77, 0xb4, 270 0x3f, 0x03, 0xb4, 0xb3, 0x9a, 0xb9, 271 0xa2, 0x68, 0x69, 0x9f }; 272 uint8_t T6__SENDER_KEY_LEN = sizeof(T6__SENDER_KEY); 273 274 const uint8_t T6__RECIPIENT_KEY[] = { 0xaf, 0x2a, 0x13, 0x00, 0xa5, 0xe9, 275 0x57, 0x88, 0xb3, 0x56, 0x33, 0x6e, 276 0xee, 0xcd, 0x2b, 0x92 }; 277 uint8_t T6__RECIPIENT_KEY_LEN = sizeof(T6__RECIPIENT_KEY); 278 279 const uint8_t T6__COMMON_IV[] = { 0x2c, 0xa5, 0x8f, 0xb8, 0x5f, 0xf1, 0xb8, 280 0x1c, 0x0b, 0x71, 0x81, 0xb8, 0x5e }; 281 uint8_t T6__COMMON_IV_LEN = sizeof(T6__COMMON_IV); 282 283 /** 284 * Test 7: 285 * - Server with partial IV see Appendix C8 286 * - currently not supported 287 */ 288 const uint8_t T7__MASTER_SECRET[16] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 289 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 290 0x0d, 0x0e, 0x0f, 0x10 }; 291 uint8_t T7__MASTER_SECRET_LEN = sizeof(T7__MASTER_SECRET); 292 293 const uint8_t T7__SENDER_ID[] = { 0x01 }; 294 uint8_t T7__SENDER_ID_LEN = sizeof(T7__SENDER_ID); 295 296 const uint8_t *T7__RECIPIENT_ID = NULL; 297 uint8_t T7__RECIPIENT_ID_LEN = 0; 298 299 const uint8_t T7__MASTER_SALT[8] = { 0x9e, 0x7c, 0xa9, 0x22, 300 0x23, 0x78, 0x63, 0x40 }; 301 uint8_t T7__MASTER_SALT_LEN = sizeof(T7__MASTER_SALT); 302 303 const uint8_t *T7__ID_CONTEXT = NULL; 304 uint8_t T7__ID_CONTEXT_LEN = 0; 305 306 /*Test vector C4: Generating a OSCORE Packet with key material form test vector C.1 */ 307 /*the OSCORE message created in C4*/ 308 const uint8_t T7__OSCORE_REQ[] = { 0x44, 0x02, 0x5d, 0x1f, 0x00, 0x00, 0x39, 309 0x74, 0x39, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 310 0x68, 0x6f, 0x73, 0x74, 0x62, 0x09, 0x14, 311 0xff, 0x61, 0x2f, 0x10, 0x92, 0xf1, 0x77, 312 0x6f, 0x1c, 0x16, 0x68, 0xb3, 0x82, 0x5e }; 313 uint8_t T7__OSCORE_REQ_LEN = sizeof(T7__OSCORE_REQ); 314 315 /*unprotected CoAP response*/ 316 const uint8_t T7__COAP_RESPONSE[] = { 317 0x64, 0x45, 0x5d, 0x1f, 0x00, 0x00, 0x39, 0x74, 0xff, 0x48, 0x65, 318 0x6c, 0x6c, 0x6f, 0x20, 0x57, 0x6f, 0x72, 0x6c, 0x64, 0x21 319 }; 320 uint8_t T7__COAP_RESPONSE_LEN = sizeof(T7__COAP_RESPONSE); 321 322 /*expected result*/ 323 const uint8_t T7__OSCORE_RES[] = { 0x64, 0x44, 0x5d, 0x1f, 0x00, 0x00, 0x39, 324 0x74, 0x92, 0x01, 0x00, 0xff, 0x4d, 0x4c, 325 0x13, 0x66, 0x93, 0x84, 0xb6, 0x73, 0x54, 326 0xb2, 0xb6, 0x17, 0x5f, 0xf4, 0xb8, 0x65, 327 0x8c, 0x66, 0x6a, 0x6c, 0xf8, 0x8e }; 328 uint8_t T7__OSCORE_RES_LEN = sizeof(T7__OSCORE_RES); 329 330 /** 331 * Test 8: 332 * - Simple ACK packet should not be encrypted and result should be the same as input buffer (see RFC8613 Section 4.2) 333 */ 334 const uint8_t T8__MASTER_SECRET[16] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 335 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 336 0x0d, 0x0e, 0x0f, 0x10 }; 337 uint8_t T8__MASTER_SECRET_LEN = sizeof(T2__MASTER_SECRET); 338 339 const uint8_t T8__SENDER_ID[] = { 0x01 }; 340 uint8_t T8__SENDER_ID_LEN = sizeof(T2__SENDER_ID); 341 342 343 const uint8_t T8__MASTER_SALT[8] = { 0x9e, 0x7c, 0xa9, 0x22, 344 0x23, 0x78, 0x63, 0x40 }; 345 uint8_t T8__MASTER_SALT_LEN = sizeof(T2__MASTER_SALT); 346 347 /*Simple ACK message (code 0=EMPTY, type 2=ACK, no payload).*/ 348 const uint8_t T8__COAP_ACK[] = { 0x60, 0x00, 0x45, 0x69 }; 349 uint8_t T8__COAP_ACK_LEN = sizeof(T8__COAP_ACK); 350 351
