Alex Vakulenko | f602473 | 2016-01-22 16:52:43 -0800 | [diff] [blame] | 1 | // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #include "crypto/p224_spake.h" |
| 6 | |
Alex Vakulenko | 2485474 | 2016-01-22 16:55:13 -0800 | [diff] [blame] | 7 | #include <stddef.h> |
| 8 | #include <stdint.h> |
| 9 | |
Alex Vakulenko | f602473 | 2016-01-22 16:52:43 -0800 | [diff] [blame] | 10 | #include <string> |
| 11 | |
| 12 | #include "base/logging.h" |
| 13 | #include "base/strings/string_number_conversions.h" |
| 14 | #include "testing/gtest/include/gtest/gtest.h" |
| 15 | |
| 16 | namespace crypto { |
| 17 | |
| 18 | namespace { |
| 19 | |
| 20 | std::string HexEncodeString(const std::string& binary_data) { |
| 21 | return base::HexEncode(binary_data.c_str(), binary_data.size()); |
| 22 | } |
| 23 | |
| 24 | bool RunExchange(P224EncryptedKeyExchange* client, |
| 25 | P224EncryptedKeyExchange* server, |
| 26 | bool is_password_same) { |
| 27 | for (;;) { |
| 28 | std::string client_message, server_message; |
| 29 | client_message = client->GetNextMessage(); |
| 30 | server_message = server->GetNextMessage(); |
| 31 | |
| 32 | P224EncryptedKeyExchange::Result client_result, server_result; |
| 33 | client_result = client->ProcessMessage(server_message); |
| 34 | server_result = server->ProcessMessage(client_message); |
| 35 | |
| 36 | // Check that we never hit the case where only one succeeds. |
| 37 | EXPECT_EQ(client_result == P224EncryptedKeyExchange::kResultSuccess, |
| 38 | server_result == P224EncryptedKeyExchange::kResultSuccess); |
| 39 | |
| 40 | if (client_result == P224EncryptedKeyExchange::kResultFailed || |
| 41 | server_result == P224EncryptedKeyExchange::kResultFailed) { |
| 42 | return false; |
| 43 | } |
| 44 | |
| 45 | EXPECT_EQ(is_password_same, |
| 46 | client->GetUnverifiedKey() == server->GetUnverifiedKey()); |
| 47 | |
| 48 | if (client_result == P224EncryptedKeyExchange::kResultSuccess && |
| 49 | server_result == P224EncryptedKeyExchange::kResultSuccess) { |
| 50 | return true; |
| 51 | } |
| 52 | |
| 53 | EXPECT_EQ(P224EncryptedKeyExchange::kResultPending, client_result); |
| 54 | EXPECT_EQ(P224EncryptedKeyExchange::kResultPending, server_result); |
| 55 | } |
| 56 | } |
| 57 | |
| 58 | const char kPassword[] = "foo"; |
| 59 | |
| 60 | } // namespace |
| 61 | |
| 62 | TEST(MutualAuth, CorrectAuth) { |
| 63 | P224EncryptedKeyExchange client( |
| 64 | P224EncryptedKeyExchange::kPeerTypeClient, kPassword); |
| 65 | P224EncryptedKeyExchange server( |
| 66 | P224EncryptedKeyExchange::kPeerTypeServer, kPassword); |
| 67 | |
| 68 | EXPECT_TRUE(RunExchange(&client, &server, true)); |
| 69 | EXPECT_EQ(client.GetKey(), server.GetKey()); |
| 70 | } |
| 71 | |
| 72 | TEST(MutualAuth, IncorrectPassword) { |
| 73 | P224EncryptedKeyExchange client( |
| 74 | P224EncryptedKeyExchange::kPeerTypeClient, |
| 75 | kPassword); |
| 76 | P224EncryptedKeyExchange server( |
| 77 | P224EncryptedKeyExchange::kPeerTypeServer, |
| 78 | "wrongpassword"); |
| 79 | |
| 80 | EXPECT_FALSE(RunExchange(&client, &server, false)); |
| 81 | } |
| 82 | |
| 83 | TEST(MutualAuth, ExpectedValues) { |
| 84 | P224EncryptedKeyExchange client(P224EncryptedKeyExchange::kPeerTypeClient, |
| 85 | kPassword); |
| 86 | client.SetXForTesting("Client x"); |
| 87 | P224EncryptedKeyExchange server(P224EncryptedKeyExchange::kPeerTypeServer, |
| 88 | kPassword); |
| 89 | server.SetXForTesting("Server x"); |
| 90 | |
| 91 | std::string client_message = client.GetNextMessage(); |
| 92 | EXPECT_EQ( |
| 93 | "3508EF7DECC8AB9F9C439FBB0154288BBECC0A82E8448F4CF29554EB" |
| 94 | "BE9D486686226255EAD1D077C635B1A41F46AC91D7F7F32CED9EC3E0", |
| 95 | HexEncodeString(client_message)); |
| 96 | |
| 97 | std::string server_message = server.GetNextMessage(); |
| 98 | EXPECT_EQ( |
| 99 | "A3088C18B75D2C2B107105661AEC85424777475EB29F1DDFB8C14AFB" |
| 100 | "F1603D0DF38413A00F420ACF2059E7997C935F5A957A193D09A2B584", |
| 101 | HexEncodeString(server_message)); |
| 102 | |
| 103 | EXPECT_EQ(P224EncryptedKeyExchange::kResultPending, |
| 104 | client.ProcessMessage(server_message)); |
| 105 | EXPECT_EQ(P224EncryptedKeyExchange::kResultPending, |
| 106 | server.ProcessMessage(client_message)); |
| 107 | |
| 108 | EXPECT_EQ(client.GetUnverifiedKey(), server.GetUnverifiedKey()); |
| 109 | // Must stay the same. External implementations should be able to pair with. |
| 110 | EXPECT_EQ( |
| 111 | "CE7CCFC435CDA4F01EC8826788B1F8B82EF7D550A34696B371096E64" |
| 112 | "C487D4FE193F7D1A6FF6820BC7F807796BA3889E8F999BBDEFC32FFA", |
| 113 | HexEncodeString(server.GetUnverifiedKey())); |
| 114 | |
| 115 | EXPECT_TRUE(RunExchange(&client, &server, true)); |
| 116 | EXPECT_EQ(client.GetKey(), server.GetKey()); |
| 117 | } |
| 118 | |
| 119 | TEST(MutualAuth, Fuzz) { |
| 120 | static const unsigned kIterations = 40; |
| 121 | |
| 122 | for (unsigned i = 0; i < kIterations; i++) { |
| 123 | P224EncryptedKeyExchange client( |
| 124 | P224EncryptedKeyExchange::kPeerTypeClient, kPassword); |
| 125 | P224EncryptedKeyExchange server( |
| 126 | P224EncryptedKeyExchange::kPeerTypeServer, kPassword); |
| 127 | |
| 128 | // We'll only be testing small values of i, but we don't want that to bias |
| 129 | // the test coverage. So we disperse the value of i by multiplying by the |
Jay Civelli | 3a83cdd | 2017-03-22 17:31:44 -0700 | [diff] [blame^] | 130 | // FNV, 32-bit prime, producing a simplistic PRNG. |
Alex Vakulenko | 2485474 | 2016-01-22 16:55:13 -0800 | [diff] [blame] | 131 | const uint32_t rand = i * 16777619; |
Alex Vakulenko | f602473 | 2016-01-22 16:52:43 -0800 | [diff] [blame] | 132 | |
| 133 | for (unsigned round = 0;; round++) { |
| 134 | std::string client_message, server_message; |
| 135 | client_message = client.GetNextMessage(); |
| 136 | server_message = server.GetNextMessage(); |
| 137 | |
| 138 | if ((rand & 1) == round) { |
| 139 | const bool server_or_client = rand & 2; |
| 140 | std::string* m = server_or_client ? &server_message : &client_message; |
| 141 | if (rand & 4) { |
| 142 | // Truncate |
| 143 | *m = m->substr(0, (i >> 3) % m->size()); |
| 144 | } else { |
| 145 | // Corrupt |
| 146 | const size_t bits = m->size() * 8; |
| 147 | const size_t bit_to_corrupt = (rand >> 3) % bits; |
| 148 | const_cast<char*>(m->data())[bit_to_corrupt / 8] ^= |
| 149 | 1 << (bit_to_corrupt % 8); |
| 150 | } |
| 151 | } |
| 152 | |
| 153 | P224EncryptedKeyExchange::Result client_result, server_result; |
| 154 | client_result = client.ProcessMessage(server_message); |
| 155 | server_result = server.ProcessMessage(client_message); |
| 156 | |
| 157 | // If we have corrupted anything, we expect the authentication to fail, |
| 158 | // although one side can succeed if we happen to corrupt the second round |
| 159 | // message to the other. |
| 160 | ASSERT_FALSE( |
| 161 | client_result == P224EncryptedKeyExchange::kResultSuccess && |
| 162 | server_result == P224EncryptedKeyExchange::kResultSuccess); |
| 163 | |
| 164 | if (client_result == P224EncryptedKeyExchange::kResultFailed || |
| 165 | server_result == P224EncryptedKeyExchange::kResultFailed) { |
| 166 | break; |
| 167 | } |
| 168 | |
| 169 | ASSERT_EQ(P224EncryptedKeyExchange::kResultPending, |
| 170 | client_result); |
| 171 | ASSERT_EQ(P224EncryptedKeyExchange::kResultPending, |
| 172 | server_result); |
| 173 | } |
| 174 | } |
| 175 | } |
| 176 | |
| 177 | } // namespace crypto |