Allow to get key from SPAKE2 after the first round trip.

The second round trip is optional and is not the part of SPAKE2 algorithm. Application may want to get key and do verification with usefull payload. BUG=438470 R=agl@chromium.org Review URL: https://codereview.chromium.org/761663004 Cr-Commit-Position: refs/heads/master@{#306844}
author: Vitaly Buka <vitalybuka@chromium.org> 2014-12-04 09:15:20 -0800
committer: Vitaly Buka <vitalybuka@chromium.org> 2014-12-04 17:17:35 +0000
commit: fb2ccf63152e415e5bb1243b1284ef496cf45c03 (patch)
tree: c28b73f14c039f883cfdcc5bba3db71e6be68998 /crypto
parent: 82badefaf779ac2baaf67217213a576c06ff0062 (diff)
download: chromium_src-fb2ccf63152e415e5bb1243b1284ef496cf45c03.zip
chromium_src-fb2ccf63152e415e5bb1243b1284ef496cf45c03.tar.gz
chromium_src-fb2ccf63152e415e5bb1243b1284ef496cf45c03.tar.bz2
3 files changed, 25 insertions, 11 deletions
diff --git a/crypto/p224_spake.cc b/crypto/p224_spake.cc
index 31109a4..f20b10c 100644
--- a/crypto/p224_spake.cc
+++ b/crypto/p224_spake.cc
@@ -240,8 +240,16 @@ const std::string& P224EncryptedKeyExchange::error() const {
   return error_;
 }
 
-const std::string& P224EncryptedKeyExchange::GetKey() {
+const std::string& P224EncryptedKeyExchange::GetKey() const {
   DCHECK_EQ(state_, kStateDone);
+  return GetUnverifiedKey();
+}
+
+const std::string& P224EncryptedKeyExchange::GetUnverifiedKey() const {
+  // Key is already final when state is kStateSendHash. Subsequent states are
+  // used only for verification of the key. Some users may combine verification
+  // with sending verifiable data instead of |expected_authenticator_|.
+  DCHECK_GE(state_, kStateSendHash);
   return key_;
 }
 
diff --git a/crypto/p224_spake.h b/crypto/p224_spake.h
index 6905ef2..61451a3 100644
--- a/crypto/p224_spake.h
+++ b/crypto/p224_spake.h
@@ -68,7 +68,11 @@ class CRYPTO_EXPORT P224EncryptedKeyExchange {
 
   // The key established as result of the key exchange. Must be called
   // at then end after ProcessMessage() returns kResultSuccess.
-  const std::string& GetKey();
+  const std::string& GetKey() const;
+
+  // The key established as result of the key exchange. Can be called after
+  // the first ProcessMessage()
+  const std::string& GetUnverifiedKey() const;
 
  private:
   // The authentication state machine is very simple and each party proceeds
diff --git a/crypto/p224_spake_unittest.cc b/crypto/p224_spake_unittest.cc
index 589cdbf..6651c8d 100644
--- a/crypto/p224_spake_unittest.cc
+++ b/crypto/p224_spake_unittest.cc
@@ -13,7 +13,8 @@ namespace crypto {
 namespace {
 
 bool RunExchange(P224EncryptedKeyExchange* client,
-                 P224EncryptedKeyExchange* server) {
+                 P224EncryptedKeyExchange* server,
+                 bool is_password_same) {
   for (;;) {
     std::string client_message, server_message;
     client_message = client->GetMessage();
@@ -24,23 +25,24 @@ bool RunExchange(P224EncryptedKeyExchange* client,
     server_result = server->ProcessMessage(client_message);
 
     // Check that we never hit the case where only one succeeds.
-    if ((client_result == P224EncryptedKeyExchange::kResultSuccess) ^
-        (server_result == P224EncryptedKeyExchange::kResultSuccess)) {
-      CHECK(false) << "Parties differ on whether authentication was successful";
-    }
+    EXPECT_EQ(client_result == P224EncryptedKeyExchange::kResultSuccess,
+              server_result == P224EncryptedKeyExchange::kResultSuccess);
 
     if (client_result == P224EncryptedKeyExchange::kResultFailed ||
         server_result == P224EncryptedKeyExchange::kResultFailed) {
       return false;
     }
 
+    EXPECT_EQ(is_password_same,
+              client->GetUnverifiedKey() == server->GetUnverifiedKey());
+
     if (client_result == P224EncryptedKeyExchange::kResultSuccess &&
         server_result == P224EncryptedKeyExchange::kResultSuccess) {
       return true;
     }
 
-    CHECK_EQ(P224EncryptedKeyExchange::kResultPending, client_result);
-    CHECK_EQ(P224EncryptedKeyExchange::kResultPending, server_result);
+    EXPECT_EQ(P224EncryptedKeyExchange::kResultPending, client_result);
+    EXPECT_EQ(P224EncryptedKeyExchange::kResultPending, server_result);
   }
 }
 
@@ -54,7 +56,7 @@ TEST(MutualAuth, CorrectAuth) {
   P224EncryptedKeyExchange server(
       P224EncryptedKeyExchange::kPeerTypeServer, kPassword);
 
-  EXPECT_TRUE(RunExchange(&client, &server));
+  EXPECT_TRUE(RunExchange(&client, &server, true));
   EXPECT_EQ(client.GetKey(), server.GetKey());
 }
 
@@ -66,7 +68,7 @@ TEST(MutualAuth, IncorrectPassword) {
       P224EncryptedKeyExchange::kPeerTypeServer,
       "wrongpassword");
 
-  EXPECT_FALSE(RunExchange(&client, &server));
+  EXPECT_FALSE(RunExchange(&client, &server, false));
 }
 
 TEST(MutualAuth, Fuzz) {
author	Vitaly Buka <vitalybuka@chromium.org>	2014-12-04 09:15:20 -0800
committer	Vitaly Buka <vitalybuka@chromium.org>	2014-12-04 17:17:35 +0000
commit	fb2ccf63152e415e5bb1243b1284ef496cf45c03 (patch)
tree	c28b73f14c039f883cfdcc5bba3db71e6be68998 /crypto
parent	82badefaf779ac2baaf67217213a576c06ff0062 (diff)
download	chromium_src-fb2ccf63152e415e5bb1243b1284ef496cf45c03.zip chromium_src-fb2ccf63152e415e5bb1243b1284ef496cf45c03.tar.gz chromium_src-fb2ccf63152e415e5bb1243b1284ef496cf45c03.tar.bz2