1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "crypto/p224_spake.h"
9 #include "base/logging.h"
10 #include "base/strings/string_number_conversions.h"
11 #include "testing/gtest/include/gtest/gtest.h"
17 std::string
HexEncodeString(const std::string
& binary_data
) {
18 return base::HexEncode(binary_data
.c_str(), binary_data
.size());
21 bool RunExchange(P224EncryptedKeyExchange
* client
,
22 P224EncryptedKeyExchange
* server
,
23 bool is_password_same
) {
25 std::string client_message
, server_message
;
26 client_message
= client
->GetMessage();
27 server_message
= server
->GetMessage();
29 P224EncryptedKeyExchange::Result client_result
, server_result
;
30 client_result
= client
->ProcessMessage(server_message
);
31 server_result
= server
->ProcessMessage(client_message
);
33 // Check that we never hit the case where only one succeeds.
34 EXPECT_EQ(client_result
== P224EncryptedKeyExchange::kResultSuccess
,
35 server_result
== P224EncryptedKeyExchange::kResultSuccess
);
37 if (client_result
== P224EncryptedKeyExchange::kResultFailed
||
38 server_result
== P224EncryptedKeyExchange::kResultFailed
) {
42 EXPECT_EQ(is_password_same
,
43 client
->GetUnverifiedKey() == server
->GetUnverifiedKey());
45 if (client_result
== P224EncryptedKeyExchange::kResultSuccess
&&
46 server_result
== P224EncryptedKeyExchange::kResultSuccess
) {
50 EXPECT_EQ(P224EncryptedKeyExchange::kResultPending
, client_result
);
51 EXPECT_EQ(P224EncryptedKeyExchange::kResultPending
, server_result
);
55 const char kPassword
[] = "foo";
59 TEST(MutualAuth
, CorrectAuth
) {
60 P224EncryptedKeyExchange
client(
61 P224EncryptedKeyExchange::kPeerTypeClient
, kPassword
);
62 P224EncryptedKeyExchange
server(
63 P224EncryptedKeyExchange::kPeerTypeServer
, kPassword
);
65 EXPECT_TRUE(RunExchange(&client
, &server
, true));
66 EXPECT_EQ(client
.GetKey(), server
.GetKey());
69 TEST(MutualAuth
, IncorrectPassword
) {
70 P224EncryptedKeyExchange
client(
71 P224EncryptedKeyExchange::kPeerTypeClient
,
73 P224EncryptedKeyExchange
server(
74 P224EncryptedKeyExchange::kPeerTypeServer
,
77 EXPECT_FALSE(RunExchange(&client
, &server
, false));
80 TEST(MutualAuth
, ExpectedValues
) {
81 P224EncryptedKeyExchange
client(P224EncryptedKeyExchange::kPeerTypeClient
,
83 client
.SetXForTesting("Client x");
84 P224EncryptedKeyExchange
server(P224EncryptedKeyExchange::kPeerTypeServer
,
86 server
.SetXForTesting("Server x");
88 std::string client_message
= client
.GetMessage();
90 "3508EF7DECC8AB9F9C439FBB0154288BBECC0A82E8448F4CF29554EB"
91 "BE9D486686226255EAD1D077C635B1A41F46AC91D7F7F32CED9EC3E0",
92 HexEncodeString(client_message
));
94 std::string server_message
= server
.GetMessage();
96 "A3088C18B75D2C2B107105661AEC85424777475EB29F1DDFB8C14AFB"
97 "F1603D0DF38413A00F420ACF2059E7997C935F5A957A193D09A2B584",
98 HexEncodeString(server_message
));
100 EXPECT_EQ(P224EncryptedKeyExchange::kResultPending
,
101 client
.ProcessMessage(server_message
));
102 EXPECT_EQ(P224EncryptedKeyExchange::kResultPending
,
103 server
.ProcessMessage(client_message
));
105 EXPECT_EQ(client
.GetUnverifiedKey(), server
.GetUnverifiedKey());
106 // Must stay the same. External implementations should be able to pair with.
108 "CE7CCFC435CDA4F01EC8826788B1F8B82EF7D550A34696B371096E64"
109 "C487D4FE193F7D1A6FF6820BC7F807796BA3889E8F999BBDEFC32FFA",
110 HexEncodeString(server
.GetUnverifiedKey()));
112 EXPECT_TRUE(RunExchange(&client
, &server
, true));
113 EXPECT_EQ(client
.GetKey(), server
.GetKey());
116 TEST(MutualAuth
, Fuzz
) {
117 static const unsigned kIterations
= 40;
119 for (unsigned i
= 0; i
< kIterations
; i
++) {
120 P224EncryptedKeyExchange
client(
121 P224EncryptedKeyExchange::kPeerTypeClient
, kPassword
);
122 P224EncryptedKeyExchange
server(
123 P224EncryptedKeyExchange::kPeerTypeServer
, kPassword
);
125 // We'll only be testing small values of i, but we don't want that to bias
126 // the test coverage. So we disperse the value of i by multiplying by the
127 // FNV, 32-bit prime, producing a poor-man's PRNG.
128 const uint32 rand
= i
* 16777619;
130 for (unsigned round
= 0;; round
++) {
131 std::string client_message
, server_message
;
132 client_message
= client
.GetMessage();
133 server_message
= server
.GetMessage();
135 if ((rand
& 1) == round
) {
136 const bool server_or_client
= rand
& 2;
137 std::string
* m
= server_or_client
? &server_message
: &client_message
;
140 *m
= m
->substr(0, (i
>> 3) % m
->size());
143 const size_t bits
= m
->size() * 8;
144 const size_t bit_to_corrupt
= (rand
>> 3) % bits
;
145 const_cast<char*>(m
->data())[bit_to_corrupt
/ 8] ^=
146 1 << (bit_to_corrupt
% 8);
150 P224EncryptedKeyExchange::Result client_result
, server_result
;
151 client_result
= client
.ProcessMessage(server_message
);
152 server_result
= server
.ProcessMessage(client_message
);
154 // If we have corrupted anything, we expect the authentication to fail,
155 // although one side can succeed if we happen to corrupt the second round
156 // message to the other.
158 client_result
== P224EncryptedKeyExchange::kResultSuccess
&&
159 server_result
== P224EncryptedKeyExchange::kResultSuccess
);
161 if (client_result
== P224EncryptedKeyExchange::kResultFailed
||
162 server_result
== P224EncryptedKeyExchange::kResultFailed
) {
166 ASSERT_EQ(P224EncryptedKeyExchange::kResultPending
,
168 ASSERT_EQ(P224EncryptedKeyExchange::kResultPending
,
174 } // namespace crypto