// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <crypto/p224_spake.h>
#include "base/logging.h"
#include "testing/gtest/include/gtest/gtest.h"
namespace crypto {
namespace {
bool RunExchange(P224EncryptedKeyExchange* client,
P224EncryptedKeyExchange* server) {
for (;;) {
std::string client_message, server_message;
client_message = client->GetMessage();
server_message = server->GetMessage();
P224EncryptedKeyExchange::Result client_result, server_result;
client_result = client->ProcessMessage(server_message);
server_result = server->ProcessMessage(client_message);
// Check that we never hit the case where only one succeeds.
if ((client_result == P224EncryptedKeyExchange::kResultSuccess) ^
(server_result == P224EncryptedKeyExchange::kResultSuccess)) {
CHECK(false) << "Parties differ on whether authentication was successful";
}
if (client_result == P224EncryptedKeyExchange::kResultFailed ||
server_result == P224EncryptedKeyExchange::kResultFailed) {
return false;
}
if (client_result == P224EncryptedKeyExchange::kResultSuccess &&
server_result == P224EncryptedKeyExchange::kResultSuccess) {
return true;
}
CHECK_EQ(P224EncryptedKeyExchange::kResultPending, client_result);
CHECK_EQ(P224EncryptedKeyExchange::kResultPending, server_result);
}
}
const char kPassword[] = "foo";
} // namespace
TEST(MutualAuth, CorrectAuth) {
P224EncryptedKeyExchange client(
P224EncryptedKeyExchange::kPeerTypeClient, kPassword);
P224EncryptedKeyExchange server(
P224EncryptedKeyExchange::kPeerTypeServer, kPassword);
EXPECT_TRUE(RunExchange(&client, &server));
EXPECT_EQ(client.GetKey(), server.GetKey());
}
TEST(MutualAuth, IncorrectPassword) {
P224EncryptedKeyExchange client(
P224EncryptedKeyExchange::kPeerTypeClient,
kPassword);
P224EncryptedKeyExchange server(
P224EncryptedKeyExchange::kPeerTypeServer,
"wrongpassword");
EXPECT_FALSE(RunExchange(&client, &server));
}
TEST(MutualAuth, Fuzz) {
static const unsigned kIterations = 40;
for (unsigned i = 0; i < kIterations; i++) {
P224EncryptedKeyExchange client(
P224EncryptedKeyExchange::kPeerTypeClient, kPassword);
P224EncryptedKeyExchange server(
P224EncryptedKeyExchange::kPeerTypeServer, kPassword);
// We'll only be testing small values of i, but we don't want that to bias
// the test coverage. So we disperse the value of i by multiplying by the
// FNV, 32-bit prime, producing a poor-man's PRNG.
const uint32 rand = i * 16777619;
for (unsigned round = 0;; round++) {
std::string client_message, server_message;
client_message = client.GetMessage();
server_message = server.GetMessage();
if ((rand & 1) == round) {
const bool server_or_client = rand & 2;
std::string* m = server_or_client ? &server_message : &client_message;
if (rand & 4) {
// Truncate
*m = m->substr(0, (i >> 3) % m->size());
} else {
// Corrupt
const size_t bits = m->size() * 8;
const size_t bit_to_corrupt = (rand >> 3) % bits;
const_cast<char*>(m->data())[bit_to_corrupt / 8] ^=
1 << (bit_to_corrupt % 8);
}
}
P224EncryptedKeyExchange::Result client_result, server_result;
client_result = client.ProcessMessage(server_message);
server_result = server.ProcessMessage(client_message);
// If we have corrupted anything, we expect the authentication to fail,
// although one side can succeed if we happen to corrupt the second round
// message to the other.
ASSERT_FALSE(
client_result == P224EncryptedKeyExchange::kResultSuccess &&
server_result == P224EncryptedKeyExchange::kResultSuccess);
if (client_result == P224EncryptedKeyExchange::kResultFailed ||
server_result == P224EncryptedKeyExchange::kResultFailed) {
break;
}
ASSERT_EQ(P224EncryptedKeyExchange::kResultPending,
client_result);
ASSERT_EQ(P224EncryptedKeyExchange::kResultPending,
server_result);
}
}
}
} // namespace crypto