mirror of
https://github.com/cuberite/polarssl.git
synced 2025-11-03 12:11:27 -05:00
Test TLS 1.3 second level key derivation helpers
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
This commit is contained in:
Hanno Becker
parent
ef5235bc2e
commit
a4f40a0f48
@ -9241,6 +9241,22 @@ SSL TLS 1.3 Key schedule: Derive-Secret( ., "res master", hash)
|
||||
# Vector from RFC 8448
|
||||
ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_res_master:"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406"
|
||||
|
||||
SSL TLS 1.3 Key schedule: Early secrets derivation helper
|
||||
# Vector from RFC 8448
|
||||
ssl_tls1_3_derive_early_secrets:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":"3fbbe6a60deb66c30a32795aba0eff7eaa10105586e7be5c09678d63b6caab62":"b2026866610937d7423e5be90862ccf24c0e6091186d34f812089ff5be2ef7df"
|
||||
|
||||
SSL TLS 1.3 Key schedule: Handshake secrets derivation helper
|
||||
# Vector from RFC 8448
|
||||
ssl_tls1_3_derive_handshake_secrets:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f":"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803"
|
||||
|
||||
SSL TLS 1.3 Key schedule: Application secrets derivation helper
|
||||
# Vector from RFC 8448
|
||||
ssl_tls1_3_derive_application_secrets:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1":"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691":"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4"
|
||||
|
||||
SSL TLS 1.3 Key schedule: Resumption secrets derivation helper
|
||||
# Vector from RFC 8448
|
||||
ssl_tls1_3_derive_resumption_secrets:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406"
|
||||
|
||||
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE
|
||||
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
|
||||
|
||||
|
||||
@ -3793,6 +3793,126 @@ MBEDTLS_SSL_TLS1_3_LABEL_LIST
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
void ssl_tls1_3_derive_early_secrets( int hash_alg,
|
||||
data_t *secret,
|
||||
data_t *transcript,
|
||||
data_t *traffic_expected,
|
||||
data_t *exporter_expected )
|
||||
{
|
||||
mbedtls_ssl_tls1_3_early_secrets secrets;
|
||||
|
||||
/* Double-check that we've passed sane parameters. */
|
||||
mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
|
||||
mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
|
||||
size_t const md_size = mbedtls_md_get_size( md_info );
|
||||
TEST_ASSERT( md_info != 0 &&
|
||||
secret->len == md_size &&
|
||||
transcript->len == md_size &&
|
||||
traffic_expected->len == md_size &&
|
||||
exporter_expected->len == md_size );
|
||||
|
||||
TEST_ASSERT( mbedtls_ssl_tls1_3_derive_early_secrets(
|
||||
md_type, secret->x, transcript->x, transcript->len,
|
||||
&secrets ) == 0 );
|
||||
|
||||
ASSERT_COMPARE( secrets.client_early_traffic_secret, md_size,
|
||||
traffic_expected->x, traffic_expected->len );
|
||||
ASSERT_COMPARE( secrets.early_exporter_master_secret, md_size,
|
||||
exporter_expected->x, exporter_expected->len );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
void ssl_tls1_3_derive_handshake_secrets( int hash_alg,
|
||||
data_t *secret,
|
||||
data_t *transcript,
|
||||
data_t *client_expected,
|
||||
data_t *server_expected )
|
||||
{
|
||||
mbedtls_ssl_tls1_3_handshake_secrets secrets;
|
||||
|
||||
/* Double-check that we've passed sane parameters. */
|
||||
mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
|
||||
mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
|
||||
size_t const md_size = mbedtls_md_get_size( md_info );
|
||||
TEST_ASSERT( md_info != 0 &&
|
||||
secret->len == md_size &&
|
||||
transcript->len == md_size &&
|
||||
client_expected->len == md_size &&
|
||||
server_expected->len == md_size );
|
||||
|
||||
TEST_ASSERT( mbedtls_ssl_tls1_3_derive_handshake_secrets(
|
||||
md_type, secret->x, transcript->x, transcript->len,
|
||||
&secrets ) == 0 );
|
||||
|
||||
ASSERT_COMPARE( secrets.client_handshake_traffic_secret, md_size,
|
||||
client_expected->x, client_expected->len );
|
||||
ASSERT_COMPARE( secrets.server_handshake_traffic_secret, md_size,
|
||||
server_expected->x, server_expected->len );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
void ssl_tls1_3_derive_application_secrets( int hash_alg,
|
||||
data_t *secret,
|
||||
data_t *transcript,
|
||||
data_t *client_expected,
|
||||
data_t *server_expected,
|
||||
data_t *exporter_expected )
|
||||
{
|
||||
mbedtls_ssl_tls1_3_application_secrets secrets;
|
||||
|
||||
/* Double-check that we've passed sane parameters. */
|
||||
mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
|
||||
mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
|
||||
size_t const md_size = mbedtls_md_get_size( md_info );
|
||||
TEST_ASSERT( md_info != 0 &&
|
||||
secret->len == md_size &&
|
||||
transcript->len == md_size &&
|
||||
client_expected->len == md_size &&
|
||||
server_expected->len == md_size &&
|
||||
exporter_expected->len == md_size );
|
||||
|
||||
TEST_ASSERT( mbedtls_ssl_tls1_3_derive_application_secrets(
|
||||
md_type, secret->x, transcript->x, transcript->len,
|
||||
&secrets ) == 0 );
|
||||
|
||||
ASSERT_COMPARE( secrets.client_application_traffic_secret_N, md_size,
|
||||
client_expected->x, client_expected->len );
|
||||
ASSERT_COMPARE( secrets.server_application_traffic_secret_N, md_size,
|
||||
server_expected->x, server_expected->len );
|
||||
ASSERT_COMPARE( secrets.exporter_master_secret, md_size,
|
||||
exporter_expected->x, exporter_expected->len );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
void ssl_tls1_3_derive_resumption_secrets( int hash_alg,
|
||||
data_t *secret,
|
||||
data_t *transcript,
|
||||
data_t *resumption_expected )
|
||||
{
|
||||
mbedtls_ssl_tls1_3_application_secrets secrets;
|
||||
|
||||
/* Double-check that we've passed sane parameters. */
|
||||
mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg;
|
||||
mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type );
|
||||
size_t const md_size = mbedtls_md_get_size( md_info );
|
||||
TEST_ASSERT( md_info != 0 &&
|
||||
secret->len == md_size &&
|
||||
transcript->len == md_size &&
|
||||
resumption_expected->len == md_size );
|
||||
|
||||
TEST_ASSERT( mbedtls_ssl_tls1_3_derive_resumption_master_secret(
|
||||
md_type, secret->x, transcript->x, transcript->len,
|
||||
&secrets ) == 0 );
|
||||
|
||||
ASSERT_COMPARE( secrets.resumption_master_secret, md_size,
|
||||
resumption_expected->x, resumption_expected->len );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
|
||||
void ssl_tls1_3_key_evolution( int hash_alg,
|
||||
data_t *secret,
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user