diff options
| -rw-r--r-- | crypto/p224_spake.cc | 20 | ||||
| -rw-r--r-- | crypto/p224_spake.h | 12 | ||||
| -rw-r--r-- | crypto/p224_spake_unittest.cc | 44 |
3 files changed, 69 insertions, 7 deletions
diff --git a/crypto/p224_spake.cc b/crypto/p224_spake.cc index f20b10c..05fe68c 100644 --- a/crypto/p224_spake.cc +++ b/crypto/p224_spake.cc @@ -7,6 +7,8 @@ #include <crypto/p224_spake.h> +#include <algorithm> + #include <base/logging.h> #include <crypto/p224.h> #include <crypto/random.h> @@ -105,14 +107,18 @@ P224EncryptedKeyExchange::P224EncryptedKeyExchange( // x_ is a random scalar. RandBytes(x_, sizeof(x_)); - // X = g**x_ - p224::Point X; - p224::ScalarBaseMult(x_, &X); - // Calculate |password| hash to get SPAKE password value. SHA256HashString(std::string(password.data(), password.length()), pw_, sizeof(pw_)); + Init(); +} + +void P224EncryptedKeyExchange::Init() { + // X = g**x_ + p224::Point X; + p224::ScalarBaseMult(x_, &X); + // The client masks the Diffie-Hellman value, X, by adding M**pw and the // server uses N**pw. p224::Point MNpw; @@ -253,4 +259,10 @@ const std::string& P224EncryptedKeyExchange::GetUnverifiedKey() const { return key_; } +void P224EncryptedKeyExchange::SetXForTesting(const std::string& x) { + memset(&x_, 0, sizeof(x_)); + memcpy(&x_, x.data(), std::min(x.size(), sizeof(x_))); + Init(); +} + } // namespace crypto diff --git a/crypto/p224_spake.h b/crypto/p224_spake.h index 61451a3..08769b7 100644 --- a/crypto/p224_spake.h +++ b/crypto/p224_spake.h @@ -5,6 +5,7 @@ #ifndef CRYPTO_P224_SPAKE_H_ #define CRYPTO_P224_SPAKE_H_ +#include <base/gtest_prod_util.h> #include <base/strings/string_piece.h> #include <crypto/p224.h> #include <crypto/sha2.h> @@ -14,7 +15,7 @@ namespace crypto { // P224EncryptedKeyExchange implements SPAKE2, a variant of Encrypted // Key Exchange. It allows two parties that have a secret common // password to establish a common secure key by exchanging messages -// over unsecure channel without disclosing the password. +// over an insecure channel without disclosing the password. // // The password can be low entropy as authenticating with an attacker only // gives the attacker a one-shot password oracle. No other information about @@ -85,6 +86,13 @@ class CRYPTO_EXPORT P224EncryptedKeyExchange { kStateDone, }; + FRIEND_TEST_ALL_PREFIXES(MutualAuth, ExpectedValues); + + void Init(); + + // Sets internal random scalar. Should be used by tests only. + void SetXForTesting(const std::string& x); + State state_; const bool is_server_; // next_message_ contains a value for GetMessage() to return. @@ -104,7 +112,7 @@ class CRYPTO_EXPORT P224EncryptedKeyExchange { // file). uint8 x_[p224::kScalarBytes]; // pw_ is SHA256(P(password), P(session))[:28] where P() prepends a uint32, - // big-endian length prefix (see paper refereneced in .cc file). + // big-endian length prefix (see paper referenced in .cc file). uint8 pw_[p224::kScalarBytes]; // expected_authenticator_ is used to store the hash value expected from the // other party. diff --git a/crypto/p224_spake_unittest.cc b/crypto/p224_spake_unittest.cc index 6651c8d..6dd8e88 100644 --- a/crypto/p224_spake_unittest.cc +++ b/crypto/p224_spake_unittest.cc @@ -2,16 +2,22 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. +#include "crypto/p224_spake.h" + #include <string> -#include <crypto/p224_spake.h> #include "base/logging.h" +#include "base/strings/string_number_conversions.h" #include "testing/gtest/include/gtest/gtest.h" namespace crypto { namespace { +std::string HexEncodeString(const std::string& binary_data) { + return base::HexEncode(binary_data.c_str(), binary_data.size()); +} + bool RunExchange(P224EncryptedKeyExchange* client, P224EncryptedKeyExchange* server, bool is_password_same) { @@ -71,6 +77,42 @@ TEST(MutualAuth, IncorrectPassword) { EXPECT_FALSE(RunExchange(&client, &server, false)); } +TEST(MutualAuth, ExpectedValues) { + P224EncryptedKeyExchange client(P224EncryptedKeyExchange::kPeerTypeClient, + kPassword); + client.SetXForTesting("Client x"); + P224EncryptedKeyExchange server(P224EncryptedKeyExchange::kPeerTypeServer, + kPassword); + server.SetXForTesting("Server x"); + + std::string client_message = client.GetMessage(); + EXPECT_EQ( + "3508EF7DECC8AB9F9C439FBB0154288BBECC0A82E8448F4CF29554EB" + "BE9D486686226255EAD1D077C635B1A41F46AC91D7F7F32CED9EC3E0", + HexEncodeString(client_message)); + + std::string server_message = server.GetMessage(); + EXPECT_EQ( + "A3088C18B75D2C2B107105661AEC85424777475EB29F1DDFB8C14AFB" + "F1603D0DF38413A00F420ACF2059E7997C935F5A957A193D09A2B584", + HexEncodeString(server_message)); + + EXPECT_EQ(P224EncryptedKeyExchange::kResultPending, + client.ProcessMessage(server_message)); + EXPECT_EQ(P224EncryptedKeyExchange::kResultPending, + server.ProcessMessage(client_message)); + + EXPECT_EQ(client.GetUnverifiedKey(), server.GetUnverifiedKey()); + // Must stay the same. External implementations should be able to pair with. + EXPECT_EQ( + "CE7CCFC435CDA4F01EC8826788B1F8B82EF7D550A34696B371096E64" + "C487D4FE193F7D1A6FF6820BC7F807796BA3889E8F999BBDEFC32FFA", + HexEncodeString(server.GetUnverifiedKey())); + + EXPECT_TRUE(RunExchange(&client, &server, true)); + EXPECT_EQ(client.GetKey(), server.GetKey()); +} + TEST(MutualAuth, Fuzz) { static const unsigned kIterations = 40; |