1 /* 2 Copyright (c) 2021 Fraunhofer AISEC. See the COPYRIGHT 3 file at the top-level directory of this distribution. 4 5 Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or 6 http://www.apache.org/licenses/LICENSE-2.0> or the MIT license 7 <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your 8 option. This file may not be copied, modified, or distributed 9 except according to those terms. 10 */ 11 #ifndef OSCORE_TEST_VECTORS_H 12 #define OSCORE_TEST_VECTORS_H 13 14 #include "oscore.h" 15 16 17 /** 18 * Test 1: 19 * - Client Key derivation with master salt see RFC8613 Appendix C.1.1 20 * - Generating OSCORE request with key form C.1.1 see RFC8613 Appendix C.4 21 */ 22 23 /*Test vector C1.1: Key derivation with Master Salt*/ 24 const uint8_t T1__MASTER_SECRET[16] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 25 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 26 0x0d, 0x0e, 0x0f, 0x10 }; 27 uint8_t T1__MASTER_SECRET_LEN = sizeof(T1__MASTER_SECRET); 28 29 const uint8_t *T1__SENDER_ID = NULL; 30 uint8_t T1__SENDER_ID_LEN = 0; 31 32 const uint8_t T1__RECIPIENT_ID[1] = { 0x01 }; 33 uint8_t T1__RECIPIENT_ID_LEN = sizeof(T1__RECIPIENT_ID); 34 35 const uint8_t T1__MASTER_SALT[8] = { 0x9e, 0x7c, 0xa9, 0x22, 36 0x23, 0x78, 0x63, 0x40 }; 37 uint8_t T1__MASTER_SALT_LEN = sizeof(T1__MASTER_SALT); 38 39 const uint8_t *T1__ID_CONTEXT = NULL; 40 uint8_t T1__ID_CONTEXT_LEN = 0; 41 42 /*Test vector C4: Generating a OSCORE Packet with key material form test vector C.1 */ 43 const uint8_t T1__COAP_REQ[] = { 0x44, 0x01, 0x5d, 0x1f, 0x00, 0x00, 0x39, 0x74, 44 0x39, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 45 0x73, 0x74, 0x83, 0x74, 0x76, 0x31 }; 46 uint16_t T1__COAP_REQ_LEN = sizeof(T1__COAP_REQ); 47 48 /*Expected result*/ 49 const uint8_t T1__SENDER_KEY[] = { 0xf0, 0x91, 0x0e, 0xd7, 0x29, 0x5e, 50 0x6a, 0xd4, 0xb5, 0x4f, 0xc7, 0x93, 51 0x15, 0x43, 0x02, 0xff }; 52 uint8_t T1__SENDER_KEY_LEN = sizeof(T1__SENDER_KEY); 53 54 const uint8_t T1__RECIPIENT_KEY[] = { 0xff, 0xb1, 0x4e, 0x09, 0x3c, 0x94, 55 0xc9, 0xca, 0xc9, 0x47, 0x16, 0x48, 56 0xb4, 0xf9, 0x87, 0x10 }; 57 uint8_t T1__RECIPIENT_KEY_LEN = sizeof(T1__RECIPIENT_KEY); 58 59 const uint8_t T1__COMMON_IV[] = { 0x46, 0x22, 0xd4, 0xdd, 0x6d, 0x94, 0x41, 60 0x68, 0xee, 0xfb, 0x54, 0x98, 0x7c }; 61 uint8_t T1__COMMON_IV_LEN = sizeof(T1__COMMON_IV); 62 63 const uint8_t T1__OSCORE_REQ[] = { 0x44, 0x02, 0x5d, 0x1f, 0x00, 0x00, 0x39, 64 0x74, 0x39, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 65 0x68, 0x6f, 0x73, 0x74, 0x62, 0x09, 0x14, 66 0xff, 0x61, 0x2f, 0x10, 0x92, 0xf1, 0x77, 67 0x6f, 0x1c, 0x16, 0x68, 0xb3, 0x82, 0x5e }; 68 uint8_t T1__OSCORE_REQ_LEN = sizeof(T1__OSCORE_REQ); 69 70 /*test the response*/ 71 /*Values from Appendix C7*/ 72 const uint8_t T1__OSCORE_RESP[] = { 0x64, 0x44, 0x5D, 0x1F, 0x00, 0x00, 0x39, 73 0x74, 0x90, 0xFF, 0xDB, 0xAA, 0xD1, 0xE9, 74 0xA7, 0xE7, 0xB2, 0xA8, 0x13, 0xD3, 0xC3, 75 0x15, 0x24, 0x37, 0x83, 0x03, 0xCD, 0xAF, 76 0xAE, 0x11, 0x91, 0x06 }; 77 uint8_t T1__OSCORE_RESP_LEN = sizeof(T1__OSCORE_RESP); 78 79 const uint8_t T1__COAP_RESPONSE[] = { 80 0x64, 0x45, 0x5d, 0x1f, 0x00, 0x00, 0x39, 0x74, 0xff, 0x48, 0x65, 81 0x6c, 0x6c, 0x6f, 0x20, 0x57, 0x6f, 0x72, 0x6c, 0x64, 0x21 82 }; 83 uint8_t T1__COAP_RESPONSE_LEN = sizeof(T1__COAP_RESPONSE); 84 85 /** 86 * Test 2: 87 * - Server Key derivation with master salt see RFC8613 Appendix C.1.2 88 * - Generating OSCORE response with key form C.1.2 see RFC8613 Appendix C.7 89 */ 90 const uint8_t T2__MASTER_SECRET[16] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 91 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 92 0x0d, 0x0e, 0x0f, 0x10 }; 93 uint8_t T2__MASTER_SECRET_LEN = sizeof(T2__MASTER_SECRET); 94 95 uint8_t T2__SENDER_ID[] = { 0x01 }; 96 uint8_t T2__SENDER_ID_LEN = sizeof(T2__SENDER_ID); 97 98 uint8_t *T2__RECIPIENT_ID = NULL; 99 uint8_t T2__RECIPIENT_ID_LEN = 0; 100 101 const uint8_t T2__MASTER_SALT[8] = { 0x9e, 0x7c, 0xa9, 0x22, 102 0x23, 0x78, 0x63, 0x40 }; 103 uint8_t T2__MASTER_SALT_LEN = sizeof(T2__MASTER_SALT); 104 105 uint8_t *T2__ID_CONTEXT = NULL; 106 uint8_t T2__ID_CONTEXT_LEN = 0; 107 108 /*The OSCORE message created in C4 (35 Byte). Constructed from a CoAP request of length 22. This request contains no payload. The request contains only Uri-host (locahost) and Uri-path option (tv1). In the OSCORE packet Uri-host option is transferred as plain normal option, The Uri-path is contained in the ciphertext. */ 109 const uint8_t T2__OSCORE_REQ[] = { 0x44, 0x02, 0x5d, 0x1f, 0x00, 0x00, 0x39, 110 0x74, 0x39, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 111 0x68, 0x6f, 0x73, 0x74, 0x62, 0x09, 0x14, 112 0xff, 0x61, 0x2f, 0x10, 0x92, 0xf1, 0x77, 113 0x6f, 0x1c, 0x16, 0x68, 0xb3, 0x82, 0x5e }; 114 uint8_t T2__OSCORE_REQ_LEN = sizeof(T2__OSCORE_REQ); 115 116 /*Unprotected CoAP response (21 bytes)*/ 117 /*Contains the payload "Hello World!"*/ 118 const uint8_t T2__COAP_RESPONSE[] = { 119 0x64, 0x45, 0x5d, 0x1f, 0x00, 0x00, 0x39, 0x74, 0xff, 0x48, 0x65, 120 0x6c, 0x6c, 0x6f, 0x20, 0x57, 0x6f, 0x72, 0x6c, 0x64, 0x21 121 }; 122 uint8_t T2__COAP_RESPONSE_LEN = sizeof(T2__COAP_RESPONSE); 123 124 /*Expected result*/ 125 /*the reconstructed coap request see Appendix C4*/ 126 const uint8_t T2__COAP_REQ[] = { 0x44, 0x01, 0x5d, 0x1f, 0x00, 0x00, 0x39, 0x74, 127 0x39, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 128 0x73, 0x74, 0x83, 0x74, 0x76, 0x31 }; 129 uint8_t T2__COAP_REQ_LEN = sizeof(T2__COAP_REQ); 130 131 const uint8_t T2__OSCORE_RESP[] = { 0x64, 0x44, 0x5D, 0x1F, 0x00, 0x00, 0x39, 132 0x74, 0x90, 0xFF, 0xDB, 0xAA, 0xD1, 0xE9, 133 0xA7, 0xE7, 0xB2, 0xA8, 0x13, 0xD3, 0xC3, 134 0x15, 0x24, 0x37, 0x83, 0x03, 0xCD, 0xAF, 135 0xAE, 0x11, 0x91, 0x06 }; 136 uint8_t T2__OSCORE_RESP_LEN = sizeof(T2__OSCORE_RESP); 137 138 /** 139 * Test 3: 140 * - Client Key derivation without master salt see RFC8613 Appendix C.2.1 141 * - Generating OSCORE request with key form C.2.1 see RFC8613 Appendix C.5 142 */ 143 /*Test vector C2.1: Key derivation without Master Salt*/ 144 const uint8_t T3__MASTER_SECRET[16] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 145 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 146 0x0d, 0x0e, 0x0f, 0x10 }; 147 uint8_t T3__MASTER_SECRET_LEN = sizeof(T3__MASTER_SECRET); 148 149 const uint8_t T3__SENDER_ID[1] = { 0x00 }; 150 uint8_t T3__SENDER_ID_LEN = sizeof(T3__SENDER_ID); 151 152 const uint8_t T3__RECIPIENT_ID[1] = { 0x01 }; 153 uint8_t T3__RECIPIENT_ID_LEN = sizeof(T3__RECIPIENT_ID); 154 155 const uint8_t *T3__MASTER_SALT = NULL; 156 uint8_t T3__MASTER_SALT_LEN = 0; 157 158 const uint8_t *T3__ID_CONTEXT = NULL; 159 uint8_t T3__ID_CONTEXT_LEN = 0; 160 161 /*Test vector C5: Generating a OSCORE Packet with key material form test vector C.2.1 */ 162 const uint8_t T3__COAP_REQ[] = { 0x44, 0x01, 0x71, 0xc3, 0x00, 0x00, 0xb9, 0x32, 163 0x39, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 164 0x73, 0x74, 0x83, 0x74, 0x76, 0x31 }; 165 uint16_t T3__COAP_REQ_LEN = sizeof(T3__COAP_REQ); 166 167 /*expected result*/ 168 const uint8_t T3__OSCORE_REQ[] = { 169 0x44, 0x02, 0x71, 0xc3, 0x00, 0x00, 0xb9, 0x32, 0x39, 0x6c, 0x6f, 0x63, 170 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x63, 0x09, 0x14, 0x00, 0xff, 0x4e, 171 0xd3, 0x39, 0xa5, 0xa3, 0x79, 0xb0, 0xb8, 0xbc, 0x73, 0x1f, 0xff, 0xb0 172 }; 173 uint8_t T3__OSCORE_REQ_LEN = sizeof(T3__OSCORE_REQ); 174 175 /** 176 * Test 4: 177 * - Server Key derivation without master salt see RFC8613 Appendix C.2.2 178 */ 179 /*Test vector C2.2: Key derivation without Master Salt*/ 180 const uint8_t T4__MASTER_SECRET[16] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 181 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 182 0x0d, 0x0e, 0x0f, 0x10 }; 183 uint8_t T4__MASTER_SECRET_LEN = sizeof(T4__MASTER_SECRET); 184 185 const uint8_t T4__SENDER_ID[1] = { 0x01 }; 186 uint8_t T4__SENDER_ID_LEN = sizeof(T4__SENDER_ID); 187 188 const uint8_t T4__RECIPIENT_ID[1] = { 0x00 }; 189 uint8_t T4__RECIPIENT_ID_LEN = sizeof(T4__RECIPIENT_ID); 190 191 const uint8_t *T4__MASTER_SALT = NULL; 192 uint8_t T4__MASTER_SALT_LEN = 0; 193 194 const uint8_t *T4__ID_CONTEXT = NULL; 195 uint8_t T4__ID_CONTEXT_LEN = 0; 196 197 /*expected result*/ 198 const uint8_t T4__SENDER_KEY[] = { 0xe5, 0x7b, 0x56, 0x35, 0x81, 0x51, 199 0x77, 0xcd, 0x67, 0x9a, 0xb4, 0xbc, 200 0xec, 0x9d, 0x7d, 0xda }; 201 uint8_t T4__SENDER_KEY_LEN = sizeof(T4__SENDER_KEY); 202 203 const uint8_t T4__RECIPIENT_KEY[] = { 0x32, 0x1b, 0x26, 0x94, 0x32, 0x53, 204 0xc7, 0xff, 0xb6, 0x00, 0x3b, 0x0b, 205 0x64, 0xd7, 0x40, 0x41 }; 206 uint8_t T4__RECIPIENT_KEY_LEN = sizeof(T4__RECIPIENT_KEY); 207 208 const uint8_t T4__COMMON_IV[] = { 0xbe, 0x35, 0xae, 0x29, 0x7d, 0x2d, 0xac, 209 0xe9, 0x10, 0xc5, 0x2e, 0x99, 0xf9 }; 210 uint8_t T4__COMMON_IV_LEN = sizeof(T4__COMMON_IV); 211 212 /** 213 * Test 5 : 214 * - Client Key derivation with ID Context see Appendix 3.1 215 * - OSCORE request generation see Appendix C6 216 */ 217 /*Test vector C3.1: Key derivation with ID Context*/ 218 const uint8_t T5__MASTER_SECRET[16] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 219 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 220 0x0d, 0x0e, 0x0f, 0x10 }; 221 uint8_t T5__MASTER_SECRET_LEN = sizeof(T5__MASTER_SECRET); 222 223 const uint8_t *T5__SENDER_ID = NULL; 224 uint8_t T5__SENDER_ID_LEN = 0; 225 226 const uint8_t T5__RECIPIENT_ID[1] = { 0x01 }; 227 uint8_t T5__RECIPIENT_ID_LEN = sizeof(T5__RECIPIENT_ID); 228 229 const uint8_t T5__MASTER_SALT[8] = { 0x9e, 0x7c, 0xa9, 0x22, 230 0x23, 0x78, 0x63, 0x40 }; 231 uint8_t T5__MASTER_SALT_LEN = sizeof(T5__MASTER_SALT); 232 233 const uint8_t T5__ID_CONTEXT[8] = { 0x37, 0xcb, 0xf3, 0x21, 234 0x00, 0x17, 0xa2, 0xd3 }; 235 uint8_t T5__ID_CONTEXT_LEN = sizeof(T5__ID_CONTEXT); 236 237 /*Test vector C6: Generating a OSCORE Packet with key material form test vector C.2.1 */ 238 const uint8_t T5__COAP_REQ[] = { 0x44, 0x01, 0x2f, 0x8e, 0xef, 0x9b, 0xbf, 0x7a, 239 0x39, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 240 0x73, 0x74, 0x83, 0x74, 0x76, 0x31 }; 241 uint16_t T5__COAP_REQ_LEN = sizeof(T5__COAP_REQ); 242 243 /*Expected result*/ 244 const uint8_t T5__OSCORE_REQ[] = { 245 0x44, 0x02, 0x2f, 0x8e, 0xef, 0x9b, 0xbf, 0x7a, 0x39, 0x6c, 0x6f, 246 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x6b, 0x19, 0x14, 0x08, 247 0x37, 0xcb, 0xf3, 0x21, 0x00, 0x17, 0xa2, 0xd3, 0xff, 0x72, 0xcd, 248 0x72, 0x73, 0xfd, 0x33, 0x1a, 0xc4, 0x5c, 0xff, 0xbe, 0x55, 0xc3 249 }; 250 uint8_t T5__OSCORE_REQ_LEN = sizeof(T5__OSCORE_REQ); 251 252 /** 253 * Test 6: 254 * - Server Key derivation with ID context see RFC8613 Appendix C.3.2 255 */ 256 const uint8_t T6__MASTER_SECRET[16] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 257 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 258 0x0d, 0x0e, 0x0f, 0x10 }; 259 uint8_t T6__MASTER_SECRET_LEN = sizeof(T6__MASTER_SECRET); 260 261 const uint8_t T6__SENDER_ID[1] = { 0x01 }; 262 uint8_t T6__SENDER_ID_LEN = sizeof(T6__SENDER_ID); 263 264 const uint8_t *T6__RECIPIENT_ID = NULL; 265 uint8_t T6__RECIPIENT_ID_LEN = 0; 266 267 const uint8_t T6__MASTER_SALT[8] = { 0x9e, 0x7c, 0xa9, 0x22, 268 0x23, 0x78, 0x63, 0x40 }; 269 uint8_t T6__MASTER_SALT_LEN = sizeof(T5__MASTER_SALT); 270 271 const uint8_t T6__ID_CONTEXT[8] = { 0x37, 0xcb, 0xf3, 0x21, 272 0x00, 0x17, 0xa2, 0xd3 }; 273 uint8_t T6__ID_CONTEXT_LEN = sizeof(T5__ID_CONTEXT); 274 275 /*expected result*/ 276 const uint8_t T6__SENDER_KEY[] = { 0xe3, 0x9a, 0x0c, 0x7c, 0x77, 0xb4, 277 0x3f, 0x03, 0xb4, 0xb3, 0x9a, 0xb9, 278 0xa2, 0x68, 0x69, 0x9f }; 279 uint8_t T6__SENDER_KEY_LEN = sizeof(T6__SENDER_KEY); 280 281 const uint8_t T6__RECIPIENT_KEY[] = { 0xaf, 0x2a, 0x13, 0x00, 0xa5, 0xe9, 282 0x57, 0x88, 0xb3, 0x56, 0x33, 0x6e, 283 0xee, 0xcd, 0x2b, 0x92 }; 284 uint8_t T6__RECIPIENT_KEY_LEN = sizeof(T6__RECIPIENT_KEY); 285 286 const uint8_t T6__COMMON_IV[] = { 0x2c, 0xa5, 0x8f, 0xb8, 0x5f, 0xf1, 0xb8, 287 0x1c, 0x0b, 0x71, 0x81, 0xb8, 0x5e }; 288 uint8_t T6__COMMON_IV_LEN = sizeof(T6__COMMON_IV); 289 290 /** 291 * Test 7: 292 * - Server with partial IV see Appendix C8 293 * - currently not supported 294 */ 295 const uint8_t T7__MASTER_SECRET[16] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 296 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 297 0x0d, 0x0e, 0x0f, 0x10 }; 298 uint8_t T7__MASTER_SECRET_LEN = sizeof(T7__MASTER_SECRET); 299 300 const uint8_t T7__SENDER_ID[] = { 0x01 }; 301 uint8_t T7__SENDER_ID_LEN = sizeof(T7__SENDER_ID); 302 303 const uint8_t *T7__RECIPIENT_ID = NULL; 304 uint8_t T7__RECIPIENT_ID_LEN = 0; 305 306 const uint8_t T7__MASTER_SALT[8] = { 0x9e, 0x7c, 0xa9, 0x22, 307 0x23, 0x78, 0x63, 0x40 }; 308 uint8_t T7__MASTER_SALT_LEN = sizeof(T7__MASTER_SALT); 309 310 const uint8_t *T7__ID_CONTEXT = NULL; 311 uint8_t T7__ID_CONTEXT_LEN = 0; 312 313 /*Test vector C4: Generating a OSCORE Packet with key material form test vector C.1 */ 314 /*the OSCORE message created in C4*/ 315 const uint8_t T7__OSCORE_REQ[] = { 0x44, 0x02, 0x5d, 0x1f, 0x00, 0x00, 0x39, 316 0x74, 0x39, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 317 0x68, 0x6f, 0x73, 0x74, 0x62, 0x09, 0x14, 318 0xff, 0x61, 0x2f, 0x10, 0x92, 0xf1, 0x77, 319 0x6f, 0x1c, 0x16, 0x68, 0xb3, 0x82, 0x5e }; 320 uint8_t T7__OSCORE_REQ_LEN = sizeof(T7__OSCORE_REQ); 321 322 /*unprotected CoAP response*/ 323 const uint8_t T7__COAP_RESPONSE[] = { 324 0x64, 0x45, 0x5d, 0x1f, 0x00, 0x00, 0x39, 0x74, 0xff, 0x48, 0x65, 325 0x6c, 0x6c, 0x6f, 0x20, 0x57, 0x6f, 0x72, 0x6c, 0x64, 0x21 326 }; 327 uint8_t T7__COAP_RESPONSE_LEN = sizeof(T7__COAP_RESPONSE); 328 329 /*expected result*/ 330 const uint8_t T7__OSCORE_RES[] = { 0x64, 0x44, 0x5d, 0x1f, 0x00, 0x00, 0x39, 331 0x74, 0x92, 0x01, 0x00, 0xff, 0x4d, 0x4c, 332 0x13, 0x66, 0x93, 0x84, 0xb6, 0x73, 0x54, 333 0xb2, 0xb6, 0x17, 0x5f, 0xf4, 0xb8, 0x65, 334 0x8c, 0x66, 0x6a, 0x6c, 0xf8, 0x8e }; 335 uint8_t T7__OSCORE_RES_LEN = sizeof(T7__OSCORE_RES); 336 337 /** 338 * Test 8: 339 * - Simple ACK packet should not be encrypted and result should be the same as input buffer (see RFC8613 Section 4.2) 340 */ 341 const uint8_t T8__MASTER_SECRET[16] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 342 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 343 0x0d, 0x0e, 0x0f, 0x10 }; 344 uint8_t T8__MASTER_SECRET_LEN = sizeof(T2__MASTER_SECRET); 345 346 const uint8_t T8__SENDER_ID[] = { 0x01 }; 347 uint8_t T8__SENDER_ID_LEN = sizeof(T2__SENDER_ID); 348 349 // const uint8_t *T8__RECIPIENT_ID = NULL; 350 // uint8_t T8__RECIPIENT_ID_LEN = 0; 351 352 const uint8_t T8__MASTER_SALT[8] = { 0x9e, 0x7c, 0xa9, 0x22, 353 0x23, 0x78, 0x63, 0x40 }; 354 uint8_t T8__MASTER_SALT_LEN = sizeof(T2__MASTER_SALT); 355 356 //const uint8_t *T8__ID_CONTEXT = NULL; 357 //uint8_t T8__ID_CONTEXT_LEN = 0; 358 359 /*Simple ACK message (code 0=EMPTY, type 2=ACK, no payload).*/ 360 const uint8_t T8__COAP_ACK[] = { 0x60, 0x00, 0x45, 0x69 }; 361 uint8_t T8__COAP_ACK_LEN = sizeof(T8__COAP_ACK); 362 363 #endif
