PRF Testvector for the standard

[Rene Eberhard <rene.eberhard@xxxxxxxxxxx>]

Hi

Some weeks ago I suggested the introduction of a PRF 
testvector for the TLS standard. Here's one.

We should discuss about:
 - Is there a need for such a testvector?
 - Is the posted testvector correct?
 - Parameters for the testvector?
 - Are there other's which could be useful?

Furthermore I support the suggestion of Tom Weinstein for a set 
of annotated protocol traces. 

We should also introduce a reference to RFC 2202
"Test Cases for HMAC-MD5 and HMAC-SHA-1".




I suggest the introduction of a testvector that results from
the MD5 hash from a 104 Byte PRF output.
I choosed 104 bytes because:
 - There's a similar example in '6.3. Key calculation'
 - 104 Bytes is neither a multiple of 16 bytes nor of 20 bytes.
   Thus discarding is also tested.
 - To produce 104 bytes at least 6 rounds are needed.

out[104]       = PRF(secret, label, seed)
PRF Testvector = MD5(out[104])
               = CD 7C A2 CB 9A 6A 3C 6F 34 5C 46 65 A8 B6 81 6B
				 
The following parameters are passed to PRF:
  - secret: 48 Byte 0xab
    Length of pre_master_secret
  - label : 14 Byte "PRF Testvector"
  - seed  : 64 Byte 0xcd
    Length of client_random + server_random


Below the whole 104 bytes. These are only attached for verification.
They sould not appear in the TLS spec.

0x00  D3 D4 D1 E3 49 B5 D5 15 04 46 66 D5 1D E3 2B AB
0x10  25 8C B5 21 B6 B0 53 46 3E 35 48 32 FD 97 67 54
0x20  44 3B CF 9A 29 65 19 BC 28 9A BC BC 11 87 E4 EB
0x30  D3 1E 60 23 53 77 6C 40 8A AF B7 4C BC 85 EF F6
0x40  92 55 F9 78 8F AA 18 4C BB 95 7A 98 19 D8 4A 5D
0x50  7E B0 06 EB 45 9D 3A E8 DE 98 10 45 4B 8B 2D 8F
0x60  1A FB C6 55 A8 C9 A0 13


Thanks for your comments.

	Rene


---
You are currently subscribed to ietf-tls as: [ietf-tls-archive@xxxxxxx]
To unsubscribe, forward this message to leave-ietf-tls-435N@xxxxxxxxxxxxxxxxxxx