Test vectors
{
"vectors": [
{
"name": "arbitrary string",
"pattern": "NN|KN|NK|KK|NX|KX|XN|IN|XK|IK|XX|IX|N|K|X",
"dh": "25519|448",
"cipher": "AESGCM|ChaChaPoly",
"hash": "SHA256|SHA512|BLAKE2s|BLAKE2b",
"fail": false|true,
"init_prologue": "hex string",
"init_psk": "hex string",
"init_ssk": "hex string",
"init_static": "hex string",
"init_semiephemeral": "hex string",
"init_ephemeral": "hex string",
"init_remote_static": "hex string",
"init_remote_semiephemeral": "hex string",
"resp_prologue": "hex string",
"resp_psk": "hex string",
"resp_ssk": "hex string",
"resp_static": "hex string",
"resp_semiephemeral": "hex string",
"resp_ephemeral": "hex string",
"resp_remote_static": "hex string",
"resp_remote_semiephemeral": "hex string",
"messages": [
{
"payload": "hex string",
"ciphertext": "hex string"
}, ...
],
"handshake_hash": "hex string"
}, ...
]
}
All init_ and resp_ keys (except the prologues) are optional and
may be null or omitted entirely. The fail key, if omitted, defaults
to false. All other keys are mandatory.
The messages array describes a conversation alternating between the initiator and responder, starting with the initiator. No distinction is made between when the handshake begins and when it is complete. I.e., if a handshake pattern has three messages in it, the responder will send the first non-handshake Noise message. For one-way patterns the messages simply flow from the initiator to the responder.
The handshake_hash key specifies the expected handshake hash value
for both parties at the end of a successful handshake. If fail is
true and the failure occurs on a handshake packet, then the handshake
hash key should be ignored.