1 /* 2 Copyright (c) 2021 Fraunhofer AISEC. See the COPYRIGHT 3 file at the top-level directory of this distribution. 4 5 Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or 6 http://www.apache.org/licenses/LICENSE-2.0> or the MIT license 7 <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your 8 option. This file may not be copied, modified, or distributed 9 except according to those terms. 10 */ 11 #include "oscore.h" 12 13 /** 14 * Test 1: 15 * - Client Key derivation with master salt see RFC8613 Appendix C.1.1 16 * - Generating OSCORE request with key form C.1.1 see RFC8613 Appendix C.4 17 */ 18 19 /*Test vector C1.1: Key derivation with Master Salt*/ 20 const uint8_t T1__MASTER_SECRET[16] = { 0x01, 0x02, 0x03, 0x04, 21 0x05, 0x06, 0x07, 0x08, 22 0x09, 0x0a, 0x0b, 0x0c, 23 0x0d, 0x0e, 0x0f, 0x10 }; 24 uint8_t T1__MASTER_SECRET_LEN = sizeof(T1__MASTER_SECRET); 25 26 const uint8_t *T1__SENDER_ID = NULL; 27 uint8_t T1__SENDER_ID_LEN = 0; 28 29 const uint8_t T1__RECIPIENT_ID[1] = { 0x01 }; 30 uint8_t T1__RECIPIENT_ID_LEN = sizeof(T1__RECIPIENT_ID); 31 32 const uint8_t T1__MASTER_SALT[8] = { 0x9e, 0x7c, 0xa9, 0x22, 33 0x23, 0x78, 0x63, 0x40 }; 34 uint8_t T1__MASTER_SALT_LEN = sizeof(T1__MASTER_SALT); 35 36 const uint8_t *T1__ID_CONTEXT = NULL; 37 uint8_t T1__ID_CONTEXT_LEN = 0; 38 39 /*Test vector C4: Generating a OSCORE Packet with key material form test vector C.1 */ 40 const uint8_t T1__COAP_REQ[] = { 0x44, 0x01, 0x5d, 0x1f, 0x00, 0x00, 41 0x39, 0x74, 0x39, 0x6c, 0x6f, 0x63, 42 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 43 0x83, 0x74, 0x76, 0x31 }; 44 uint16_t T1__COAP_REQ_LEN = sizeof(T1__COAP_REQ); 45 46 /*Expected result*/ 47 const uint8_t T1__SENDER_KEY[] = { 0xf0, 0x91, 0x0e, 0xd7, 0x29, 0x5e, 48 0x6a, 0xd4, 0xb5, 0x4f, 0xc7, 0x93, 49 0x15, 0x43, 0x02, 0xff }; 50 uint8_t T1__SENDER_KEY_LEN = sizeof(T1__SENDER_KEY); 51 52 const uint8_t T1__RECIPIENT_KEY[] = { 0xff, 0xb1, 0x4e, 0x09, 0x3c, 0x94, 53 0xc9, 0xca, 0xc9, 0x47, 0x16, 0x48, 54 0xb4, 0xf9, 0x87, 0x10 }; 55 uint8_t T1__RECIPIENT_KEY_LEN = sizeof(T1__RECIPIENT_KEY); 56 57 const uint8_t T1__COMMON_IV[] = { 0x46, 0x22, 0xd4, 0xdd, 0x6d, 58 0x94, 0x41, 0x68, 0xee, 0xfb, 59 0x54, 0x98, 0x7c }; 60 uint8_t T1__COMMON_IV_LEN = sizeof(T1__COMMON_IV); 61 62 const uint8_t T1__OSCORE_REQ[] = { 63 0x44, 0x02, 0x5d, 0x1f, 0x00, 0x00, 0x39, 0x74, 0x39, 0x6c, 0x6f, 0x63, 64 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x62, 0x09, 0x14, 0xff, 0x61, 0x2f, 65 0x10, 0x92, 0xf1, 0x77, 0x6f, 0x1c, 0x16, 0x68, 0xb3, 0x82, 0x5e 66 }; 67 uint8_t T1__OSCORE_REQ_LEN = sizeof(T1__OSCORE_REQ); 68 69 /** 70 * Test 2: 71 * - Server Key derivation with master salt see RFC8613 Appendix C.1.2 72 * - Generating OSCORE response with key form C.1.2 see RFC8613 Appendix C.7 73 */ 74 const uint8_t T2__MASTER_SECRET[16] = { 0x01, 0x02, 0x03, 0x04, 75 0x05, 0x06, 0x07, 0x08, 76 0x09, 0x0a, 0x0b, 0x0c, 77 0x0d, 0x0e, 0x0f, 0x10 }; 78 uint8_t T2__MASTER_SECRET_LEN = sizeof(T2__MASTER_SECRET); 79 80 uint8_t T2__SENDER_ID[] = { 0x01 }; 81 uint8_t T2__SENDER_ID_LEN = sizeof(T2__SENDER_ID); 82 83 uint8_t *T2__RECIPIENT_ID = NULL; 84 uint8_t T2__RECIPIENT_ID_LEN = 0; 85 86 const uint8_t T2__MASTER_SALT[8] = { 0x9e, 0x7c, 0xa9, 0x22, 87 0x23, 0x78, 0x63, 0x40 }; 88 uint8_t T2__MASTER_SALT_LEN = sizeof(T2__MASTER_SALT); 89 90 uint8_t *T2__ID_CONTEXT = NULL; 91 uint8_t T2__ID_CONTEXT_LEN = 0; 92 93 /*The OSCORE message created in C4 (35 Byte). Constructed from a CoAP request of length 22. This request contains no payload. The request contains only Uri-host (locahost) and Uri-path option (tv1). In the OSCORE packet Uri-host option is transferred as plain normal option, The Uri-path is contained in the ciphertext. */ 94 const uint8_t T2__OSCORE_REQ[] = { 95 0x44, 0x02, 0x5d, 0x1f, 0x00, 0x00, 0x39, 0x74, 0x39, 0x6c, 0x6f, 0x63, 96 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x62, 0x09, 0x14, 0xff, 0x61, 0x2f, 97 0x10, 0x92, 0xf1, 0x77, 0x6f, 0x1c, 0x16, 0x68, 0xb3, 0x82, 0x5e 98 }; 99 uint8_t T2__OSCORE_REQ_LEN = sizeof(T2__OSCORE_REQ); 100 101 /*Unprotected CoAP response (21 bytes)*/ 102 /*Contains the payload "Hello World!"*/ 103 const uint8_t T2__COAP_RESPONSE[] = { 0x64, 0x45, 0x5d, 0x1f, 0x00, 0x00, 104 0x39, 0x74, 0xff, 0x48, 0x65, 0x6c, 105 0x6c, 0x6f, 0x20, 0x57, 0x6f, 0x72, 106 0x6c, 0x64, 0x21 }; 107 uint8_t T2__COAP_RESPONSE_LEN = sizeof(T2__COAP_RESPONSE); 108 109 /*Expected result*/ 110 /*the reconstructed coap request see Appendix C4*/ 111 const uint8_t T2__COAP_REQ[] = { 0x44, 0x01, 0x5d, 0x1f, 0x00, 0x00, 112 0x39, 0x74, 0x39, 0x6c, 0x6f, 0x63, 113 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 114 0x83, 0x74, 0x76, 0x31 }; 115 uint8_t T2__COAP_REQ_LEN = sizeof(T2__COAP_REQ); 116 117 const uint8_t T2__OSCORE_RESP[] = { 118 0x64, 0x44, 0x5D, 0x1F, 0x00, 0x00, 0x39, 0x74, 0x90, 0xFF, 0xDB, 119 0xAA, 0xD1, 0xE9, 0xA7, 0xE7, 0xB2, 0xA8, 0x13, 0xD3, 0xC3, 0x15, 120 0x24, 0x37, 0x83, 0x03, 0xCD, 0xAF, 0xAE, 0x11, 0x91, 0x06 121 }; 122 uint8_t T2__OSCORE_RESP_LEN = sizeof(T2__OSCORE_RESP); 123 124 /** 125 * Test 3: 126 * - Client Key derivation without master salt see RFC8613 Appendix C.2.1 127 * - Generating OSCORE request with key form C.2.1 see RFC8613 Appendix C.5 128 */ 129 /*Test vector C2.1: Key derivation without Master Salt*/ 130 const uint8_t T3__MASTER_SECRET[16] = { 0x01, 0x02, 0x03, 0x04, 131 0x05, 0x06, 0x07, 0x08, 132 0x09, 0x0a, 0x0b, 0x0c, 133 0x0d, 0x0e, 0x0f, 0x10 }; 134 uint8_t T3__MASTER_SECRET_LEN = sizeof(T3__MASTER_SECRET); 135 136 const uint8_t T3__SENDER_ID[1] = { 0x00 }; 137 uint8_t T3__SENDER_ID_LEN = sizeof(T3__SENDER_ID); 138 139 const uint8_t T3__RECIPIENT_ID[1] = { 0x01 }; 140 uint8_t T3__RECIPIENT_ID_LEN = sizeof(T3__RECIPIENT_ID); 141 142 const uint8_t *T3__MASTER_SALT = NULL; 143 uint8_t T3__MASTER_SALT_LEN = 0; 144 145 const uint8_t *T3__ID_CONTEXT = NULL; 146 uint8_t T3__ID_CONTEXT_LEN = 0; 147 148 /*Test vector C5: Generating a OSCORE Packet with key material form test vector C.2.1 */ 149 const uint8_t T3__COAP_REQ[] = { 0x44, 0x01, 0x71, 0xc3, 0x00, 0x00, 150 0xb9, 0x32, 0x39, 0x6c, 0x6f, 0x63, 151 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 152 0x83, 0x74, 0x76, 0x31 }; 153 uint16_t T3__COAP_REQ_LEN = sizeof(T3__COAP_REQ); 154 155 /*expected result*/ 156 const uint8_t T3__OSCORE_REQ[] = { 157 0x44, 0x02, 0x71, 0xc3, 0x00, 0x00, 0xb9, 0x32, 0x39, 0x6c, 0x6f, 0x63, 158 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x63, 0x09, 0x14, 0x00, 0xff, 0x4e, 159 0xd3, 0x39, 0xa5, 0xa3, 0x79, 0xb0, 0xb8, 0xbc, 0x73, 0x1f, 0xff, 0xb0 160 }; 161 uint8_t T3__OSCORE_REQ_LEN = sizeof(T3__OSCORE_REQ); 162 163 /** 164 * Test 4: 165 * - Server Key derivation without master salt see RFC8613 Appendix C.2.2 166 */ 167 /*Test vector C2.2: Key derivation without Master Salt*/ 168 const uint8_t T4__MASTER_SECRET[16] = { 0x01, 0x02, 0x03, 0x04, 169 0x05, 0x06, 0x07, 0x08, 170 0x09, 0x0a, 0x0b, 0x0c, 171 0x0d, 0x0e, 0x0f, 0x10 }; 172 uint8_t T4__MASTER_SECRET_LEN = sizeof(T4__MASTER_SECRET); 173 174 const uint8_t T4__SENDER_ID[1] = { 0x01 }; 175 uint8_t T4__SENDER_ID_LEN = sizeof(T4__SENDER_ID); 176 177 const uint8_t T4__RECIPIENT_ID[1] = { 0x00 }; 178 uint8_t T4__RECIPIENT_ID_LEN = sizeof(T4__RECIPIENT_ID); 179 180 const uint8_t *T4__MASTER_SALT = NULL; 181 uint8_t T4__MASTER_SALT_LEN = 0; 182 183 const uint8_t *T4__ID_CONTEXT = NULL; 184 uint8_t T4__ID_CONTEXT_LEN = 0; 185 186 /*expected result*/ 187 const uint8_t T4__SENDER_KEY[] = { 0xe5, 0x7b, 0x56, 0x35, 0x81, 0x51, 188 0x77, 0xcd, 0x67, 0x9a, 0xb4, 0xbc, 189 0xec, 0x9d, 0x7d, 0xda }; 190 uint8_t T4__SENDER_KEY_LEN = sizeof(T4__SENDER_KEY); 191 192 const uint8_t T4__RECIPIENT_KEY[] = { 0x32, 0x1b, 0x26, 0x94, 0x32, 0x53, 193 0xc7, 0xff, 0xb6, 0x00, 0x3b, 0x0b, 194 0x64, 0xd7, 0x40, 0x41 }; 195 uint8_t T4__RECIPIENT_KEY_LEN = sizeof(T4__RECIPIENT_KEY); 196 197 const uint8_t T4__COMMON_IV[] = { 0xbe, 0x35, 0xae, 0x29, 0x7d, 198 0x2d, 0xac, 0xe9, 0x10, 0xc5, 199 0x2e, 0x99, 0xf9 }; 200 uint8_t T4__COMMON_IV_LEN = sizeof(T4__COMMON_IV); 201 202 /** 203 * Test 5 : 204 * - Client Key derivation with ID Context see Appendix 3.1 205 * - OSCORE request generation see Appendix C6 206 */ 207 /*Test vector C3.1: Key derivation with ID Context*/ 208 const uint8_t T5__MASTER_SECRET[16] = { 0x01, 0x02, 0x03, 0x04, 209 0x05, 0x06, 0x07, 0x08, 210 0x09, 0x0a, 0x0b, 0x0c, 211 0x0d, 0x0e, 0x0f, 0x10 }; 212 uint8_t T5__MASTER_SECRET_LEN = sizeof(T5__MASTER_SECRET); 213 214 const uint8_t *T5__SENDER_ID = NULL; 215 uint8_t T5__SENDER_ID_LEN = 0; 216 217 const uint8_t T5__RECIPIENT_ID[1] = { 0x01 }; 218 uint8_t T5__RECIPIENT_ID_LEN = sizeof(T5__RECIPIENT_ID); 219 220 const uint8_t T5__MASTER_SALT[8] = { 0x9e, 0x7c, 0xa9, 0x22, 221 0x23, 0x78, 0x63, 0x40 }; 222 uint8_t T5__MASTER_SALT_LEN = sizeof(T5__MASTER_SALT); 223 224 const uint8_t T5__ID_CONTEXT[8] = { 0x37, 0xcb, 0xf3, 0x21, 225 0x00, 0x17, 0xa2, 0xd3 }; 226 uint8_t T5__ID_CONTEXT_LEN = sizeof(T5__ID_CONTEXT); 227 228 /*Test vector C6: Generating a OSCORE Packet with key material form test vector C.2.1 */ 229 const uint8_t T5__COAP_REQ[] = { 0x44, 0x01, 0x2f, 0x8e, 0xef, 0x9b, 230 0xbf, 0x7a, 0x39, 0x6c, 0x6f, 0x63, 231 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 232 0x83, 0x74, 0x76, 0x31 }; 233 uint16_t T5__COAP_REQ_LEN = sizeof(T5__COAP_REQ); 234 235 /*Expected result*/ 236 const uint8_t T5__OSCORE_REQ[] = { 237 0x44, 0x02, 0x2f, 0x8e, 0xef, 0x9b, 0xbf, 0x7a, 0x39, 0x6c, 0x6f, 238 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x6b, 0x19, 0x14, 0x08, 239 0x37, 0xcb, 0xf3, 0x21, 0x00, 0x17, 0xa2, 0xd3, 0xff, 0x72, 0xcd, 240 0x72, 0x73, 0xfd, 0x33, 0x1a, 0xc4, 0x5c, 0xff, 0xbe, 0x55, 0xc3 241 }; 242 uint8_t T5__OSCORE_REQ_LEN = sizeof(T5__OSCORE_REQ); 243 244 /** 245 * Test 6: 246 * - Server Key derivation with ID context see RFC8613 Appendix C.3.2 247 */ 248 const uint8_t T6__MASTER_SECRET[16] = { 0x01, 0x02, 0x03, 0x04, 249 0x05, 0x06, 0x07, 0x08, 250 0x09, 0x0a, 0x0b, 0x0c, 251 0x0d, 0x0e, 0x0f, 0x10 }; 252 uint8_t T6__MASTER_SECRET_LEN = sizeof(T6__MASTER_SECRET); 253 254 const uint8_t T6__SENDER_ID[1] = { 0x01 }; 255 uint8_t T6__SENDER_ID_LEN = sizeof(T6__SENDER_ID); 256 257 const uint8_t *T6__RECIPIENT_ID = NULL; 258 uint8_t T6__RECIPIENT_ID_LEN = 0; 259 260 const uint8_t T6__MASTER_SALT[8] = { 0x9e, 0x7c, 0xa9, 0x22, 261 0x23, 0x78, 0x63, 0x40 }; 262 uint8_t T6__MASTER_SALT_LEN = sizeof(T5__MASTER_SALT); 263 264 const uint8_t T6__ID_CONTEXT[8] = { 0x37, 0xcb, 0xf3, 0x21, 265 0x00, 0x17, 0xa2, 0xd3 }; 266 uint8_t T6__ID_CONTEXT_LEN = sizeof(T5__ID_CONTEXT); 267 268 /*expected result*/ 269 const uint8_t T6__SENDER_KEY[] = { 0xe3, 0x9a, 0x0c, 0x7c, 0x77, 0xb4, 270 0x3f, 0x03, 0xb4, 0xb3, 0x9a, 0xb9, 271 0xa2, 0x68, 0x69, 0x9f }; 272 uint8_t T6__SENDER_KEY_LEN = sizeof(T6__SENDER_KEY); 273 274 const uint8_t T6__RECIPIENT_KEY[] = { 0xaf, 0x2a, 0x13, 0x00, 0xa5, 0xe9, 275 0x57, 0x88, 0xb3, 0x56, 0x33, 0x6e, 276 0xee, 0xcd, 0x2b, 0x92 }; 277 uint8_t T6__RECIPIENT_KEY_LEN = sizeof(T6__RECIPIENT_KEY); 278 279 const uint8_t T6__COMMON_IV[] = { 0x2c, 0xa5, 0x8f, 0xb8, 0x5f, 280 0xf1, 0xb8, 0x1c, 0x0b, 0x71, 281 0x81, 0xb8, 0x5e }; 282 uint8_t T6__COMMON_IV_LEN = sizeof(T6__COMMON_IV); 283 284 /** 285 * Test 7: 286 * - Server with partial IV see Appendix C8 287 * - currently not supported 288 */ 289 const uint8_t T7__MASTER_SECRET[16] = { 0x01, 0x02, 0x03, 0x04, 290 0x05, 0x06, 0x07, 0x08, 291 0x09, 0x0a, 0x0b, 0x0c, 292 0x0d, 0x0e, 0x0f, 0x10 }; 293 uint8_t T7__MASTER_SECRET_LEN = sizeof(T7__MASTER_SECRET); 294 295 const uint8_t T7__SENDER_ID[] = { 0x01 }; 296 uint8_t T7__SENDER_ID_LEN = sizeof(T7__SENDER_ID); 297 298 const uint8_t *T7__RECIPIENT_ID = NULL; 299 uint8_t T7__RECIPIENT_ID_LEN = 0; 300 301 const uint8_t T7__MASTER_SALT[8] = { 0x9e, 0x7c, 0xa9, 0x22, 302 0x23, 0x78, 0x63, 0x40 }; 303 uint8_t T7__MASTER_SALT_LEN = sizeof(T7__MASTER_SALT); 304 305 const uint8_t *T7__ID_CONTEXT = NULL; 306 uint8_t T7__ID_CONTEXT_LEN = 0; 307 308 /*Test vector C4: Generating a OSCORE Packet with key material form test vector C.1 */ 309 /*the OSCORE message created in C4*/ 310 const uint8_t T7__OSCORE_REQ[] = { 311 0x44, 0x02, 0x5d, 0x1f, 0x00, 0x00, 0x39, 0x74, 0x39, 0x6c, 0x6f, 0x63, 312 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x62, 0x09, 0x14, 0xff, 0x61, 0x2f, 313 0x10, 0x92, 0xf1, 0x77, 0x6f, 0x1c, 0x16, 0x68, 0xb3, 0x82, 0x5e 314 }; 315 uint8_t T7__OSCORE_REQ_LEN = sizeof(T7__OSCORE_REQ); 316 317 /*unprotected CoAP response*/ 318 const uint8_t T7__COAP_RESPONSE[] = { 0x64, 0x45, 0x5d, 0x1f, 0x00, 0x00, 319 0x39, 0x74, 0xff, 0x48, 0x65, 0x6c, 320 0x6c, 0x6f, 0x20, 0x57, 0x6f, 0x72, 321 0x6c, 0x64, 0x21 }; 322 uint8_t T7__COAP_RESPONSE_LEN = sizeof(T7__COAP_RESPONSE); 323 324 /*expected result*/ 325 const uint8_t T7__OSCORE_RES[] = { 326 0x64, 0x44, 0x5d, 0x1f, 0x00, 0x00, 0x39, 0x74, 0x92, 0x01, 0x00, 0xff, 327 0x4d, 0x4c, 0x13, 0x66, 0x93, 0x84, 0xb6, 0x73, 0x54, 0xb2, 0xb6, 0x17, 328 0x5f, 0xf4, 0xb8, 0x65, 0x8c, 0x66, 0x6a, 0x6c, 0xf8, 0x8e 329 }; 330 uint8_t T7__OSCORE_RES_LEN = sizeof(T7__OSCORE_RES); 331 332 /** 333 * Test 8: 334 * - Simple ACK packet should not be encrypted and result should be the same as input buffer (see RFC8613 Section 4.2) 335 */ 336 const uint8_t T8__MASTER_SECRET[16] = { 0x01, 0x02, 0x03, 0x04, 337 0x05, 0x06, 0x07, 0x08, 338 0x09, 0x0a, 0x0b, 0x0c, 339 0x0d, 0x0e, 0x0f, 0x10 }; 340 uint8_t T8__MASTER_SECRET_LEN = sizeof(T2__MASTER_SECRET); 341 342 const uint8_t T8__SENDER_ID[] = { 0x01 }; 343 uint8_t T8__SENDER_ID_LEN = sizeof(T2__SENDER_ID); 344 345 // const uint8_t *T8__RECIPIENT_ID = NULL; 346 // uint8_t T8__RECIPIENT_ID_LEN = 0; 347 348 const uint8_t T8__MASTER_SALT[8] = { 0x9e, 0x7c, 0xa9, 0x22, 349 0x23, 0x78, 0x63, 0x40 }; 350 uint8_t T8__MASTER_SALT_LEN = sizeof(T2__MASTER_SALT); 351 352 //const uint8_t *T8__ID_CONTEXT = NULL; 353 //uint8_t T8__ID_CONTEXT_LEN = 0; 354 355 /*Simple ACK message (code 0=EMPTY, type 2=ACK, no payload).*/ 356 const uint8_t T8__COAP_ACK[] = { 0x60, 0x00, 0x45, 0x69 }; 357 uint8_t T8__COAP_ACK_LEN = sizeof(T8__COAP_ACK); 358
