-
Notifications
You must be signed in to change notification settings - Fork 209
Test vector for key rotation
Christian Huitema edited this page Oct 23, 2018
·
3 revisions
The key rotation operates with a call to HKDF, using the label "traffic upd". The transform depends on the negotiated cipher suite, and specifically on the hash function specified in that suite.
Here are 2 sets of test vectors used by Picoquic.
Initial secret:
static const uint8_t key_rotation_test_init_sha384[] = {
1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16,
17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32,
33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48};
Rotated secret:
static const uint8_t key_rotation_test_target_sha384[] = {
0x5a, 0x2b, 0xc7, 0x38, 0xe7, 0xb2, 0xbc, 0x63, 0x27, 0x7f, 0xfc,
0xe2, 0xea, 0x4a, 0x22, 0xca, 0x6c, 0x8c, 0x34, 0xc7, 0xfa, 0x91,
0x5b, 0xd2, 0x70, 0x73, 0x63, 0x31, 0xf5, 0x93, 0xe1, 0xcf, 0x4f,
0x68, 0x4b, 0x8b, 0x49, 0x5d, 0x48, 0xe8, 0xb8, 0xba, 0x57, 0x58,
0x5c, 0x36, 0x5f, 0xbf};
Initial secret:
static const uint8_t key_rotation_test_init_sha256[] = {
1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16,
17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32};
Rotated secret:
static const uint8_t key_rotation_test_target_sha256[] = {
0x15, 0x1c, 0xa9, 0x01, 0xea, 0xba, 0xc5, 0x0c, 0x39, 0x7d, 0x19,
0xcd, 0xee, 0xf6, 0x8a, 0x2f, 0xa4, 0xe1, 0x16, 0x2b, 0x04, 0x49,
0xc2, 0xb8, 0x67, 0x47, 0x03, 0x98, 0x8f, 0x37, 0xe4, 0xd2};