1 // Copyright 2011 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "crypto/p224_spake.h"
6
7 #include <stddef.h>
8 #include <stdint.h>
9
10 #include <string>
11
12 #include "base/strings/string_number_conversions.h"
13 #include "testing/gtest/include/gtest/gtest.h"
14
15 namespace crypto {
16
17 namespace {
18
RunExchange(P224EncryptedKeyExchange * client,P224EncryptedKeyExchange * server,bool is_password_same)19 bool RunExchange(P224EncryptedKeyExchange* client,
20 P224EncryptedKeyExchange* server,
21 bool is_password_same) {
22 for (;;) {
23 std::string client_message, server_message;
24 client_message = client->GetNextMessage();
25 server_message = server->GetNextMessage();
26
27 P224EncryptedKeyExchange::Result client_result, server_result;
28 client_result = client->ProcessMessage(server_message);
29 server_result = server->ProcessMessage(client_message);
30
31 // Check that we never hit the case where only one succeeds.
32 EXPECT_EQ(client_result == P224EncryptedKeyExchange::kResultSuccess,
33 server_result == P224EncryptedKeyExchange::kResultSuccess);
34
35 if (client_result == P224EncryptedKeyExchange::kResultFailed ||
36 server_result == P224EncryptedKeyExchange::kResultFailed) {
37 return false;
38 }
39
40 EXPECT_EQ(is_password_same,
41 client->GetUnverifiedKey() == server->GetUnverifiedKey());
42
43 if (client_result == P224EncryptedKeyExchange::kResultSuccess &&
44 server_result == P224EncryptedKeyExchange::kResultSuccess) {
45 return true;
46 }
47
48 EXPECT_EQ(P224EncryptedKeyExchange::kResultPending, client_result);
49 EXPECT_EQ(P224EncryptedKeyExchange::kResultPending, server_result);
50 }
51 }
52
53 const char kPassword[] = "foo";
54
55 } // namespace
56
TEST(MutualAuth,CorrectAuth)57 TEST(MutualAuth, CorrectAuth) {
58 P224EncryptedKeyExchange client(
59 P224EncryptedKeyExchange::kPeerTypeClient, kPassword);
60 P224EncryptedKeyExchange server(
61 P224EncryptedKeyExchange::kPeerTypeServer, kPassword);
62
63 EXPECT_TRUE(RunExchange(&client, &server, true));
64 EXPECT_EQ(client.GetKey(), server.GetKey());
65 }
66
TEST(MutualAuth,IncorrectPassword)67 TEST(MutualAuth, IncorrectPassword) {
68 P224EncryptedKeyExchange client(
69 P224EncryptedKeyExchange::kPeerTypeClient,
70 kPassword);
71 P224EncryptedKeyExchange server(
72 P224EncryptedKeyExchange::kPeerTypeServer,
73 "wrongpassword");
74
75 EXPECT_FALSE(RunExchange(&client, &server, false));
76 }
77
TEST(MutualAuth,ExpectedValues)78 TEST(MutualAuth, ExpectedValues) {
79 P224EncryptedKeyExchange client(P224EncryptedKeyExchange::kPeerTypeClient,
80 kPassword);
81 client.SetXForTesting("Client x");
82 P224EncryptedKeyExchange server(P224EncryptedKeyExchange::kPeerTypeServer,
83 kPassword);
84 server.SetXForTesting("Server x");
85
86 std::string client_message = client.GetNextMessage();
87 EXPECT_EQ(
88 "3508EF7DECC8AB9F9C439FBB0154288BBECC0A82E8448F4CF29554EB"
89 "BE9D486686226255EAD1D077C635B1A41F46AC91D7F7F32CED9EC3E0",
90 base::HexEncode(client_message));
91
92 std::string server_message = server.GetNextMessage();
93 EXPECT_EQ(
94 "A3088C18B75D2C2B107105661AEC85424777475EB29F1DDFB8C14AFB"
95 "F1603D0DF38413A00F420ACF2059E7997C935F5A957A193D09A2B584",
96 base::HexEncode(server_message));
97
98 EXPECT_EQ(P224EncryptedKeyExchange::kResultPending,
99 client.ProcessMessage(server_message));
100 EXPECT_EQ(P224EncryptedKeyExchange::kResultPending,
101 server.ProcessMessage(client_message));
102
103 EXPECT_EQ(client.GetUnverifiedKey(), server.GetUnverifiedKey());
104 // Must stay the same. External implementations should be able to pair with.
105 EXPECT_EQ(
106 "CE7CCFC435CDA4F01EC8826788B1F8B82EF7D550A34696B371096E64"
107 "C487D4FE193F7D1A6FF6820BC7F807796BA3889E8F999BBDEFC32FFA",
108 base::HexEncode(server.GetUnverifiedKey()));
109
110 EXPECT_TRUE(RunExchange(&client, &server, true));
111 EXPECT_EQ(client.GetKey(), server.GetKey());
112 }
113
TEST(MutualAuth,Fuzz)114 TEST(MutualAuth, Fuzz) {
115 static const unsigned kIterations = 40;
116
117 for (unsigned i = 0; i < kIterations; i++) {
118 P224EncryptedKeyExchange client(
119 P224EncryptedKeyExchange::kPeerTypeClient, kPassword);
120 P224EncryptedKeyExchange server(
121 P224EncryptedKeyExchange::kPeerTypeServer, kPassword);
122
123 // We'll only be testing small values of i, but we don't want that to bias
124 // the test coverage. So we disperse the value of i by multiplying by the
125 // FNV, 32-bit prime, producing a simplistic PRNG.
126 const uint32_t rand = i * 16777619;
127
128 for (unsigned round = 0;; round++) {
129 std::string client_message, server_message;
130 client_message = client.GetNextMessage();
131 server_message = server.GetNextMessage();
132
133 if ((rand & 1) == round) {
134 const bool server_or_client = rand & 2;
135 std::string* m = server_or_client ? &server_message : &client_message;
136 if (rand & 4) {
137 // Truncate
138 *m = m->substr(0, (i >> 3) % m->size());
139 } else {
140 // Corrupt
141 const size_t bits = m->size() * 8;
142 const size_t bit_to_corrupt = (rand >> 3) % bits;
143 const_cast<char*>(m->data())[bit_to_corrupt / 8] ^=
144 1 << (bit_to_corrupt % 8);
145 }
146 }
147
148 P224EncryptedKeyExchange::Result client_result, server_result;
149 client_result = client.ProcessMessage(server_message);
150 server_result = server.ProcessMessage(client_message);
151
152 // If we have corrupted anything, we expect the authentication to fail,
153 // although one side can succeed if we happen to corrupt the second round
154 // message to the other.
155 ASSERT_FALSE(
156 client_result == P224EncryptedKeyExchange::kResultSuccess &&
157 server_result == P224EncryptedKeyExchange::kResultSuccess);
158
159 if (client_result == P224EncryptedKeyExchange::kResultFailed ||
160 server_result == P224EncryptedKeyExchange::kResultFailed) {
161 break;
162 }
163
164 ASSERT_EQ(P224EncryptedKeyExchange::kResultPending,
165 client_result);
166 ASSERT_EQ(P224EncryptedKeyExchange::kResultPending,
167 server_result);
168 }
169 }
170 }
171
172 } // namespace crypto
173