EDHOC Interop 2

# EDHOC Interop 2 22-01-2020 Originally saved at: https://hackmd.io/@fpalombini/EDHOC-Interop-2-220120 Based on https://tools.ietf.org/html/draft-ietf-lake-edhoc-02 Test vectors: https://github.com/lake-wg/edhoc/blob/master/test-vectors/vectors.txt ## Attendees 1. Francesca Palombini 2. Christos Koulamas 3. Göran Selander 4. Lidia Pocero 5. Robert Lubos 6. Malisa Vucinic 7. Marco Tiloca 8. Michel Veillette 9. Rikard Höglund 10. Stefan Hristozov 11. Timothy Clayes 12. John Mattsson 13. Christian Amsüss ## Testing B.1 (Test vector 1) Ciphersuite 0 - Auth Method 0 - Corr Method 1 credential: certificates identified by 'x5t' param using random bytes as certificates Summary: |Init \ Resp | Stefan | Marco | Timothy | | -------- | -------- | -------- | -------- | | Stefan | -- | Passed | Passed | | Marco | Passed | -- | Passed | | Timothy | Passed | Passed | -- | ### 1. Responder: Stefan #### 1.1 Timothy as Initiator Tested both with real ephemeral keys and with test vector's ephemeral keys **Timothy's output** TEST VECTOR FILE OUTPUT (TH_4): 36 45 7c 25 90 0b 01 26 36 77 90 2d 34 02 e6 dc 96 d3 8c 45 73 79 f0 dc ca 1e 9b 3a af 34 2e 43 Computed TH_4 (when using real ephemeral keys) b'86a9e624a5ba76820b23094bf05fdaf58e51f83fda0085eb2ffc756a4d1b0c12' Computed TH_4 (when using test vector B1) 36457c25900b01263677902d3402e6dc96d38c457379f0dcca1e9b3aaf342e43 (same as in test vector file) **Stefan's output** PRK_4x3m (size 32): EC 62 92 A0 67 F1 37 FC 7F 59 62 9D 22 6F BF C4 E0 68 89 49 F6 62 A9 7F D8 2F BE B7 99 71 39 4A th4 (size 32): 36 45 7C 25 90 0B 01 26 36 77 90 2D 34 02 E6 DC 96 D3 8C 45 73 79 F0 DC CA 1E 9B 3A AF 34 2E 43 info (size 58): 84 0A 58 20 36 45 7C 25 90 0B 01 26 36 77 90 2D 34 02 E6 DC 96 D3 8C 45 73 79 F0 DC CA 1E 9B 3A AF 34 2E 43 74 4F 53 43 4F 52 45 20 4D 61 73 74 65 72 20 53 65 63 72 65 74 10 OSCORE Master Secret (size 16): EB 9E 7C 08 16 37 41 54 C8 EC D8 39 84 5F 25 62 info (size 56): 84 0A 58 20 36 45 7C 25 90 0B 01 26 36 77 90 2D 34 02 E6 DC 96 D3 8C 45 73 79 F0 DC CA 1E 9B 3A AF 34 2E 43 72 4F 53 43 4F 52 45 20 4D 61 73 74 65 72 20 53 61 6C 74 08 OSCORE Master Salt (size 8): BC E4 BF 91 4B 70 7D C1 #### 1.2 Marco as Initiator (Marco using real ephemeral keys) **Marco's Output:** TH_4 (32 bytes): 05 47 ee a2 72 f8 3d 36 bd 7d e2 f4 57 e6 28 a8 82 cd 4d 4a b9 cc 30 a5 2b d4 d2 06 a7 2a 51 e4 OSCORE Master Secret (16 bytes): 28 09 d2 ad 62 4b db 33 f2 45 09 d3 8e 6c b7 35 OSCORE Master Salt (8 bytes): 48 7b 58 2a 84 54 87 d1 **Stefan's Output:** PRK_4x3m (size 32): 26 35 BA ED 62 C7 C9 8E 50 71 E7 5E 6F 4B 2C A3 00 8C 6B 60 72 DD 4A D6 68 25 38 2E 76 05 1E 04 th4 (size 32): 05 47 EE A2 72 F8 3D 36 BD 7D E2 F4 57 E6 28 A8 82 CD 4D 4A B9 CC 30 A5 2B D4 D2 06 A7 2A 51 E4 info (size 58): 84 0A 58 20 05 47 EE A2 72 F8 3D 36 BD 7D E2 F4 57 E6 28 A8 82 CD 4D 4A B9 CC 30 A5 2B D4 D2 06 A7 2A 51 E4 74 4F 53 43 4F 52 45 20 4D 61 73 74 65 72 20 53 65 63 72 65 74 10 OSCORE Master Secret (size 16): 28 09 D2 AD 62 4B DB 33 F2 45 09 D3 8E 6C B7 35 info (size 56): 84 0A 58 20 05 47 EE A2 72 F8 3D 36 BD 7D E2 F4 57 E6 28 A8 82 CD 4D 4A B9 CC 30 A5 2B D4 D2 06 A7 2A 51 E4 72 4F 53 43 4F 52 45 20 4D 61 73 74 65 72 20 53 61 6C 74 08 OSCORE Master Salt (size 8): 48 7B 58 2A 84 54 87 D1 --> Success ### 2. Responder: Marco (Marco using real ephemeral keys) #### 2.1 Initiator: Stefan **Marco's output:** *Run1:* OSCORE Master Secret (16 bytes): bb 26 f3 f0 76 62 0a c6 05 c6 0f 6b 75 88 2e a8 OSCORE Master Salt (8 bytes): b8 ea c5 08 9b 01 0c 51 *Run2:* OSCORE Master Secret (16 bytes): c2 b0 25 c7 49 4e 3e b4 3a 88 fd 27 9e 67 a7 a0 OSCORE Master Salt (8 bytes): c2 95 06 a9 23 86 6d 64 **Stefan's output:** *Run1* TH4 (size 32): D9 59 84 2A E8 7A 8D F8 45 6B 57 C7 56 F2 FB 64 C4 46 89 74 C5 42 83 87 6E 9E E1 73 A3 2C 57 CD PRK_4x3m (size 32): 7A B6 CB 7F EF BA 99 B5 0A DC 6A 7A C0 45 47 C5 13 48 8E A5 06 48 90 A7 98 A5 54 2B B5 19 68 B4 th4 (size 32): D9 59 84 2A E8 7A 8D F8 45 6B 57 C7 56 F2 FB 64 C4 46 89 74 C5 42 83 87 6E 9E E1 73 A3 2C 57 CD info (size 58): 84 0A 58 20 D9 59 84 2A E8 7A 8D F8 45 6B 57 C7 56 F2 FB 64 C4 46 89 74 C5 42 83 87 6E 9E E1 73 A3 2C 57 CD 74 4F 53 43 4F 52 45 20 4D 61 73 74 65 72 20 53 65 63 72 65 74 10 OSCORE Master Secret (size 16): BB 26 F3 F0 76 62 0A C6 05 C6 0F 6B 75 88 2E A8 info (size 56): 84 0A 58 20 D9 59 84 2A E8 7A 8D F8 45 6B 57 C7 56 F2 FB 64 C4 46 89 74 C5 42 83 87 6E 9E E1 73 A3 2C 57 CD 72 4F 53 43 4F 52 45 20 4D 61 73 74 65 72 20 53 61 6C 74 08 OSCORE Master Salt (size 8): B8 EA C5 08 9B 01 0C 51 *Run2:* TH4 (size 32): F7 DD A1 38 E6 3E 60 1D AC 40 A8 CA 10 D0 B5 FF BE 92 44 FB BC 66 3D 27 06 AC 57 4B 55 6B 8C 7F PRK_4x3m (size 32): 8E 92 AD D0 A9 12 E1 A3 65 14 B6 A3 3D AD D5 DD 84 A7 12 8D 01 53 68 56 86 5D 34 04 4D 30 6A 00 th4 (size 32): F7 DD A1 38 E6 3E 60 1D AC 40 A8 CA 10 D0 B5 FF BE 92 44 FB BC 66 3D 27 06 AC 57 4B 55 6B 8C 7F info (size 58): 84 0A 58 20 F7 DD A1 38 E6 3E 60 1D AC 40 A8 CA 10 D0 B5 FF BE 92 44 FB BC 66 3D 27 06 AC 57 4B 55 6B 8C 7F 74 4F 53 43 4F 52 45 20 4D 61 73 74 65 72 20 53 65 63 72 65 74 10 OSCORE Master Secret (size 16): C2 B0 25 C7 49 4E 3E B4 3A 88 FD 27 9E 67 A7 A0 info (size 56): 84 0A 58 20 F7 DD A1 38 E6 3E 60 1D AC 40 A8 CA 10 D0 B5 FF BE 92 44 FB BC 66 3D 27 06 AC 57 4B 55 6B 8C 7F 72 4F 53 43 4F 52 45 20 4D 61 73 74 65 72 20 53 61 6C 74 08 OSCORE Master Salt (size 8): C2 95 06 A9 23 86 6D 64 --> Success #### 2.2 Initiator: Timothy m3 didn't get an ack so it kept retransmitting and did not calculate the outputs. After changing the timeout: **Marco's output** TH_4 (32 bytes): 77 a2 8d 8e 41 d7 63 39 84 c5 99 a8 c8 9d d8 59 88 d9 67 cc 66 7e 15 c7 37 26 49 8b cd 82 ed 7f OSCORE Master Secret (16 bytes): f2 6b 28 83 ec f3 0b 95 aa 42 da 62 ed 16 ac 22 OSCORE Master Salt (8 bytes): 90 2c 5f 5f 26 63 c0 43 To fix: Exporter on Timothy's implementation --> Success ### 3. Responder: Timothy #### 3.1 Initiator: Marco (Marco using real ephemeral keys, not from test vectors) Marco's implementation: checking the Content-Format and if it's not set create an error. AP authors: check if this is to consider a fatal error. **Marco's output:** Timothy as Responder Success TH_4 (32 bytes): c2 b5 d5 85 37 ee 33 7d d9 07 9f 97 68 1e 27 f2 e7 8a 7d aa 12 e9 c3 63 fc c8 73 0d b3 07 df fc OSCORE Master Secret (16 bytes): e8 82 7d a1 69 d2 23 9d 7d 1b 53 7a ab f4 fa 23 OSCORE Master Salt (8 bytes): 4f 8e c8 55 cb 1c d2 95 **Timothy's output:** TH4: b"\xc2\xb5\xd5\x857\xee3}\xd9\x07\x9f\x97h\x1e'\xf2\xe7\x8a}\xaa\x12\xe9\xc3c\xfc\xc8s\r\xb3\x07\xdf\xfc" --> Success #### 3.2 Initiator: Stefan (Timothy using real ephemeral keys, not from test vectors) **Timothy's output:** TH4: b'\xf6\x893\xff\xcc\xa07\xf16\xb7\x95\xa5Gv\xddJp\x91v\x06\xdb\x81\xca\x1f.\xd1H\xc7\xba\xffl\xe8' **Stefan's output** PRK_4x3m (size 32): A1 5B D0 2C ED 69 5E 8F D3 8B 9F 99 77 BA 05 E2 0F 66 AA CE 52 FD 02 E5 B2 24 65 45 55 FF 91 23 th4 (size 32): F6 89 33 FF CC A0 37 F1 36 B7 95 A5 47 76 DD 4A 70 91 76 06 DB 81 CA 1F 2E D1 48 C7 BA FF 6C E8 info (size 58): 84 0A 58 20 F6 89 33 FF CC A0 37 F1 36 B7 95 A5 47 76 DD 4A 70 91 76 06 DB 81 CA 1F 2E D1 48 C7 BA FF 6C E8 74 4F 53 43 4F 52 45 20 4D 61 73 74 65 72 20 53 65 63 72 65 74 10 OSCORE Master Secret (size 16): EF AD 85 16 45 93 8B 5A 44 DA 93 16 3A 7A 2E 59 info (size 56): 84 0A 58 20 F6 89 33 FF CC A0 37 F1 36 B7 95 A5 47 76 DD 4A 70 91 76 06 DB 81 CA 1F 2E D1 48 C7 BA FF 6C E8 72 4F 53 43 4F 52 45 20 4D 61 73 74 65 72 20 53 61 6C 74 08 OSCORE Master Salt (size 8): 28 1C 27 D2 05 F2 9B BB --> Success ## Testing B.2 (Test vector 2) Ciphersuite 0 - Auth Method 3 - Corr Method 1 credentials: COSE keys Summary: |Init \ Resp | Stefan | Marco | Timothy | | -------- | -------- | -------- | -------- | | Stefan | -- | Fail** | TODO | | Marco | Fail | -- | TODO | | Timothy | TODO | TODO | -- | ### 1. Responder: Stefan #### 1.1 Marco as Initiator **Marco's Output:** TH_4 (32 bytes): df 84 69 c7 83 01 a9 1a 79 cf da 8c da 45 f7 b8 63 9a 6c 7c 62 02 bb df 71 2f 79 52 0c b0 de 1b OSCORE Master Secret (16 bytes): da 6f ec 44 67 1d c7 fd 4e 2a 56 a0 25 50 a1 3f OSCORE Master Salt (8 bytes): a5 a3 55 c2 5d d5 44 96 **Stefan's Output:** --> Failing after m3 on Stefan's side - authentication error --> MAC / Sign #### 1.2 Timothy as Initiator Not executed. ### 2. Responder: Timothy #### 2.1 Marco as Initiator Not executed. #### 2.2 Stefan as Initiator Not executed. ### 3. Responder: Marco #### 3.1 Timothy as Initiator Not executed. #### 3.2 Stefan as Initiator ID_CRED_I not found in Marco's implementation. **Marco's Output:** Plaintext retrieved from CIPHERTEXT_3 (10 bytes): 0c 48 43 f5 f4 07 97 24 20 c7 **Stefan's Output:** uint8_t ID_CRED_I[] = {0xa1, 0x04, 0x41, 0x24}; PRK_4x3m (size 32): CB 7C D9 39 8B CC 69 14 D5 0B 6C 32 DA 07 5B 84 91 2A 7D A6 F9 BB 17 42 F1 55 83 E9 14 75 0B B5 th4 (size 32): 2B 16 57 C4 FC 99 6B D6 03 CB 7F 38 20 30 2C 66 01 E1 33 ED 0D 9A 7C 05 41 CB 06 F0 D3 67 9F 32 info (size 58): 84 0A 58 20 2B 16 57 C4 FC 99 6B D6 03 CB 7F 38 20 30 2C 66 01 E1 33 ED 0D 9A 7C 05 41 CB 06 F0 D3 67 9F 32 74 4F 53 43 4F 52 45 20 4D 61 73 74 65 72 20 53 65 63 72 65 74 10 OSCORE Master Secret (size 16): 18 B9 03 E3 90 31 09 FD 95 84 A3 09 75 57 38 74 info (size 56): 84 0A 58 20 2B 16 57 C4 FC 99 6B D6 03 CB 7F 38 20 30 2C 66 01 E1 33 ED 0D 9A 7C 05 41 CB 06 F0 D3 67 9F 32 72 4F 53 43 4F 52 45 20 4D 61 73 74 65 72 20 53 61 6C 74 08 OSCORE Master Salt (size 8): 64 E6 74 99 B8 5B 8D 47 --> Failing because Marco's implementation does not find ID_CRED_I, the rest pass ## Conclusion * Timothy to add cipher suite 5 to test with Michel * Lidia and Marco to test cipher suite 2 in the next interop / offline * Only test vectors for 0, 1 for now * Plan to add test vectors for certificates and error messages * Priorities: ciphersuites + certificates * Stefan has CBOR certificates that he could provide, to add to the draft * Michel provided a trace log for testing cipher suite 5 and method 0, saved here: https://drive.google.com/file/d/12ejAoMVrTDHfzDbQzSyffm_Y1zXe2E4y/view - other implementers of cipher suite 5 are welcome to compare and report to this mailing list.