IETF Logo Mail Archive

Re: PNE Test Vector

Martin Thomson <martin.thomson@gmail.com> Mon, 30 July 2018 09:36 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63249130FA0 for <quic@ietfa.amsl.com>; Mon, 30 Jul 2018 02:36:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JcPA11zlLl22 for <quic@ietfa.amsl.com>; Mon, 30 Jul 2018 02:36:29 -0700 (PDT)
Received: from mail-oi0-x22f.google.com (mail-oi0-x22f.google.com [IPv6:2607:f8b0:4003:c06::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 772B2130E05 for <quic@ietf.org>; Mon, 30 Jul 2018 02:36:29 -0700 (PDT)
Received: by mail-oi0-x22f.google.com with SMTP id d189-v6so20005545oib.6 for <quic@ietf.org>; Mon, 30 Jul 2018 02:36:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=rwTFsk1uEUTyOeoVaWDX+pjeYnqPij7bE8pVJMJw1tg=; b=D7X+cVusGil0ufzFQU2P+FXXXcMorI+wqfFB0x7QvnUaooqVbcHbC4OIYpPZwTkrQu twD2YLhyHTGHIFHKSQ69UqVUsitN+ykT3xE82QJT+RzfjmuBbRD1eWBW0fe3chHwJ2bG Lri/YFrT/ByaSPUoZ1jUyRch9pm/vtiP1pINrgUmmUcogRn9pmPPGr8n++DYJgGJlKml exQEPz5DF8VJGIkjnvyYoqLenQIMDpSvSGXaGRwfKddt4pd5Ff4YxAJvWwP0QCYfoB9v X3xf/QxBhk4nnCWg206U95kc2pKvrbKBXguUulP32dNsPzlitYEJcPyC/D379Jk/vNoY cu+A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=rwTFsk1uEUTyOeoVaWDX+pjeYnqPij7bE8pVJMJw1tg=; b=LUxCuAlw95sD+hqj7vB7AZi4jle+UUQ0GMOUt0FFMkr49KnTe8depuLPxYw/GSrfaX AY/b5Y3MOn1MkGXS/hOqx8MzF61F2VI1khrT++mxdHaguiQ1xwx/VMnbwtM65hI8NgSR QLlSSj3tf+YALW57JWPT0VvldKJAJG5gWde0qZxeNB7B0ypoNvo40U3OyW+lU8RTMIeF RAPf1Qo2c+YHorJKQDaXmZFOG8ftMuWraFDCUssnIeoGtwkhZxSXIjtW1ZCMZoKod82h WHvUB1DvMOGyzIwph5PvJshbrFRAEdOSFsyITwVEHgN0UZ9dvt4SwJOT73sc7WVIHHNj WoxQ==
X-Gm-Message-State: AOUpUlESTjTv8Qeo7lqpmQfRY1Vqla/g60diVrnKFBQ6p2Z6fB3SCuKl +B4EWYaexdJRJbN0F2HHvFtJDsCtpFRfC0orsMQ=
X-Google-Smtp-Source: AAOMgpcRixDVcu/eyAcmHxNlDbiCLgDFa6xDmKveMwmtJbUTZjXfGqFdjiXzPHdG1Z4hzJcL2lMmABrFgqTt9qEdDi0=
X-Received: by 2002:aca:a8c1:: with SMTP id r184-v6mr13116897oie.215.1532943388704; Mon, 30 Jul 2018 02:36:28 -0700 (PDT)
MIME-Version: 1.0
References: <CABcZeBPS_dCJ85q3VLkfpDW3cNCMaUhqcW8qUc0GZb8dpF--uA@mail.gmail.com>
In-Reply-To: <CABcZeBPS_dCJ85q3VLkfpDW3cNCMaUhqcW8qUc0GZb8dpF--uA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Mon, 30 Jul 2018 19:36:16 +1000
Message-ID: <CABkgnnXb9x1K5j=Z_c5x+kERn+z6gJg_rP0xg5e38n58=s4M7g@mail.gmail.com>
Subject: Re: PNE Test Vector
To: Eric Rescorla <ekr@rtfm.com>
Cc: QUIC WG <quic@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/_xTsJHpHTONfYil64iv4yNSdvAI>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Jul 2018 09:36:31 -0000

I just implemented a hacky encrypt/decrypt routine for initial packets
and verified this message (not that that was necessary).

https://gist.github.com/martinthomson/7f4b615070254644f4c5335014980cbc

That implementation shows more intermediate values and might be easier
to tweak in order to produce sample values; for instance, it produces
a server Initial packet with an ACK and ServerHello.

I also verified the PNE mask here (65d8d307) using both AES-ECB and
AES-CTR (the API to which in nodejs is fantastically obtuse).
On Thu, Jul 19, 2018 at 12:12 AM Eric Rescorla <ekr@rtfm.com> wrote:
>
> As discussed in the meeting, here is a test vector for PNE. It's an Initial packet generated by Kazuho but processed by Minq, with the output being an edited and annotated version of Minq's logging. Happy to help with more logging if that helps.
>
>
> INPUT PACKET
> ffff00000d5006b858ec6f80452b0044efa5d8d307c2973fa0d63fd9b03a4e163b990dd778894a9edc8eacfbe4aa6fbf4a22ec7f906b5e8b8ae12e5fcc7924dfeee813842bb2149b805e55895084e8393200bb3fc618af7d08281485d914ce42303f5d772b200508a0c00253e332e36a84f657321ac4c8e2cc8a117e95871f12b1f36be8c4b76fa433dc4d3142e6547f4598bf4b192130aea6fc20da5158b2162b5a899957da05ded5c70907298fd885847f22a1ecb0a814fe0170e23cad20af64f05cc13c74e91824101afdcf5f1532fc2fde936a3a159f76283a26c738f778c76e6ca41fa7f134401d39027fd81de17a8021a9c0aaa9b4478fe5c0647941618f3bee410caf94c248d2a64b5e45845cd77de13a5ed94034d2bc5f457887351993c1ecfa34fd0c658fea3f8086d26808eef976262ecf0ad646b627945511dde83e26609cd5cfd7ed9f6207d76618b44c48bf623bf420dc7c127e5d5f529f083b71a17b17da329bfc38a74bf8cfcf315c7c070b71ebfae3ab351341a767adfdd9e57c738f5de9da53711e886d1472310b917a1c9798e3e9b13c7c74beb8d1b82345bea1349415679a9c64b0433b68c871ae08092a1f6106bc06337cd343866ee8185c03fcf3bb0666453f847905547199414c1e57535747be61cdf6778378f121d68df0181ee9e8d9932c1c593c0f8c0a1af0f5262b86205002dced9ecdaee2d0aa07dd4c14f98571e4bea72f8474f63697043e936ebb2bf9716ed0efbdc13005a75cee3a49babc61b9677764510eb19828df4e10fb38b79a1efbf04cc2d571949d5403f797361743dcc5e3bf3b4396f7ae1a3affbc9f72e540d920363970307e0725fa838d611803251a4a08ccca1983d5b29a583758be63343e88f5591d885b8af695f33adbdd0d941d260287e32ef5a98fd55ac137211021fdc23b5d7a5469f578bf7aff6529117996f9ebab5e6dc7b047b356332fea82fdd620eb86f3c1d3855c8b8075da59a7662f4a11b977d996b8b3c7657ad4a82a20a7f76ce376c0320086ed029dd615399307983113cc0aa973ecba691e7e4cdc80aefa7e8c8347baba050eaca7dc35a21aa854e531dc7758d7d10b8c8e42c1be3bbf266d055ac25c37279ebefa28bbe89a34ad1ab3d23d7a66d1c216a57650e6ec9fc8ba7adfb38e57f20c467166c8fe7944e67f82138160002004812c78ba4b5f0da917da4cc14cf8fc10dba3f533facb11ef06d8b8f178ea9c5e8acbbca7b7f0e1f6b7a70ec2d5108cc41178056295793bed357accbb03c0582dc69bc77a34030f38cce256c5a9cec6e862146e3f0463f10dd5833257d0a0359166a7e2027d98eaf26cf0d5a4a05f6ef8b742f5d314a31deeeabe4ebc3106547e79c6cb933105d907b4c8c60443e97a154694bab5edfc781a438675b9de6ed03c77f51458eab61ca2e80ac02cc8c037d8fb3cf129d7107f618d66032cc02238a211f78bfa44e7c1bbcfcc627771c188d1b3713ce5e75cd2325a0a2ba08268cad13b27d97696ef678b592d0ac80ad1bacb4a1ba75bea8c477f39fc32c2aa20f352bb0da1c49b7d3927bcd9dfaf229237081d5fa08924fefd923ff0ac6baad6864b7c10dc73379a5ebd9e4678a0c26517656e8e51fca2a51a33fb2cdd5d76d12674c240ba9a4893c1af69b8f2c4adf37c4a47551eb2006a732f6b3b2f338c078ede33946dfe4a55bf644d3b98848693ada1fcb6fc16cac339ee65c24dc64b0ae92005354af00ade71e6c5e2efd85c46131d948ff14096b0f06a41d83c8522f30beb4eaaf4a6f908fe2a6ee754c896
>
>
> GENERATE THE KEYS
> Cleartext keys: cid=06b858ec6f80452b initial_salt=9c108f98520a5c5c32968e950e8a2c5fe06d6c38
>
> initial_secret (server in) = 7e0aba2c4b9742d0d130bc7318622ad3b44aca1f09abb19b3f394cd7e20f4be0
> key=26080e60d288db7df816a1cb0bc6c7f4 iv=b9fdc5b448af3e023422443b pn=00babbe1be0f0c6618188b4fcca57a96
>
> Cleartext keys: cid=06b858ec6f80452b initial_salt=9c108f98520a5c5c32968e950e8a2c5fe06d6c38
> initial_secret (client in) = 82a73572e7cb89523b68c39eaa8325404f86498c8e2437dfdce10f9c34281a3d
> key=a79943566c41342f2bc3de6b7c1539df iv=84eb954ffe161c3875919f5f pn=5c0f6472a15658047a3cc1f15478dcf4
>
> PNE DECRYPTION
> PNE sample_offset=21 sample=c2973fa0d63fd9b03a4e163b990dd778
> Decoded PN block (unknown length): c0000000
> Packet number: 0 length=4
>

v2.23.0 | Report a Bug | By Email