From d6e40f9ea61ba2f84394baa5de444fec76dbea09 Mon Sep 17 00:00:00 2001 From: Mathias Hall-Andersen Date: Thu, 1 Aug 2019 13:56:42 +0200 Subject: Unit test for mac1 validation --- src/handshake/device.rs | 9 ++++--- src/handshake/macs.rs | 67 ++++++++++++++++++++++++++++++++++++++++--------- 2 files changed, 61 insertions(+), 15 deletions(-) (limited to 'src') diff --git a/src/handshake/device.rs b/src/handshake/device.rs index 2a676a8..a1f882d 100644 --- a/src/handshake/device.rs +++ b/src/handshake/device.rs @@ -233,11 +233,14 @@ where Some(&TYPE_COOKIEREPLY) => { let msg = CookieReply::parse(msg)?; - // validate cookie reply + // lookup peer + let peer = self.lookup_id(msg.f_receiver.get())?; - // update cookie generator for peer + // validate cookie reply + peer.macs.lock().process(&msg)?; - unimplemented!() + // this prompts no new message + Ok((peer.identifier, None, None)) } _ => Err(HandshakeError::InvalidMessageFormat), } diff --git a/src/handshake/macs.rs b/src/handshake/macs.rs index f558362..99c83ac 100644 --- a/src/handshake/macs.rs +++ b/src/handshake/macs.rs @@ -54,13 +54,13 @@ pub struct Generator { impl Generator { /// Initalize a new mac field generator - /// + /// /// # Arguments - /// + /// /// - pk: The public key of the peer to which the generator is associated - /// + /// /// # Returns - /// + /// /// A freshly initated generator pub fn new(pk: PublicKey) -> Generator { Generator { @@ -71,27 +71,28 @@ impl Generator { } /// Process a CookieReply message - /// + /// /// # Arguments - /// + /// /// - reply: CookieReply to process - /// + /// /// # Returns - /// + /// /// Can fail if the cookie reply fails to validate /// (either indicating that it is outdated or malformed) - pub fn process(&mut self, reply: &CookieReply) -> Option { + pub fn process(&mut self, reply: &CookieReply) -> Result<(), HandshakeError> { + unimplemented!("do the checks and decryption"); self.cookie = Some(Cookie { birth: Instant::now(), value: reply.f_cookie, }); - None + Ok(()) } /// Generate both mac fields for an inner message - /// + /// /// # Arguments - /// + /// /// - inner: A byteslice representing the inner message to be covered /// - macs: The destination mac footer for the resulting macs pub fn generate(&mut self, inner: &[u8], macs: &mut MacsFooter) { @@ -122,6 +123,12 @@ impl Validator { } } + /// Check the mac1 field against the inner message + /// + /// # Arguments + /// + /// - inner: The inner message covered by the mac1 field + /// - macs: The mac footer pub fn check_mac1(&self, inner: &[u8], macs: &MacsFooter) -> Result<(), HandshakeError> { let valid_mac1: bool = MAC!(&self.mac1_key, inner).ct_eq(&macs.f_mac1).into(); if !valid_mac1 { @@ -131,3 +138,39 @@ impl Validator { } } } + +#[cfg(test)] +mod tests { + use super::*; + use rand::rngs::OsRng; + use x25519_dalek::StaticSecret; + + #[test] + fn test_mac1() { + // generate random public key + let mut rng = OsRng::new().unwrap(); + let sk = StaticSecret::new(&mut rng); + let pk = PublicKey::from(&sk); + + // some message + let inner: Vec = vec![ + 0x28, 0x5d, 0x9d, 0x2b, 0x40, 0x70, 0xae, 0xef, 0xbd, 0xe7, 0xc1, 0x66, 0xb4, 0x69, + 0x2a, 0x51, 0x1c, 0xb1, 0x80, 0xcc, 0x47, 0x6c, 0xec, 0xbc, 0x1f, 0x1d, 0x9c, 0x6b, + 0xfb, 0xe9, 0xc6, 0x3b, 0x64, 0x74, 0xb9, 0x41, 0xf9, 0x39, 0x2b, 0xb5, 0xd2, 0x96, + 0x51, 0xd7, 0xaa, 0x33, 0x07, 0x1f, 0x48, 0x2d, 0x7a, 0x47, 0x68, 0xd3, 0x5b, 0x63, + 0xe4, 0x03, 0x6b, 0xaa, 0xdd, 0x17, 0xfd, 0xb1, 0x24, 0x1f, 0xf3, 0x96, 0x17, 0x0b, + 0xd4, 0x9a, 0x63, 0xf3, 0x09, 0x31, 0xcb, 0xf4, 0x81, 0xae, 0xaa, 0x84, 0xf2, 0x55, + 0x31, 0x78, 0xc5, 0x3f, 0x0f, 0xa0, 0x8c, 0xa1, 0x70, 0x11, 0xcd, 0xac, 0xe0, 0x33, + 0xef, 0xfe, 0xd9, 0xa9, 0x9b, 0x3e, 0x9f, 0x65, 0x11, 0x7e, 0x30, 0x77, 0x18, 0xf2, + 0x98, 0x55, 0x10, 0xa6, + ]; + + let mut footer: MacsFooter = Default::default(); + + let mut generator = Generator::new(pk); + let validator = Validator::new(pk); + + generator.generate(&inner[..], &mut footer); + validator.check_mac1(&inner[..], &footer).unwrap(); + } +} -- cgit v1.2.3-59-g8ed1b