kris
/
boringssl
1
0
Atdalīts 0
Kods Problēmas 0 Izmaiņu pieprasījumi 0 Laidieni 0 Vikivietne Aktivitāte
Nevar pievienot vairāk kā 25 tēmas Tēmai ir jāsākas ar burtu vai ciparu, tā var saturēt domu zīmes ('-') un var būt līdz 35 simboliem gara.
3268 Revīzijas
12 Atzari
38 MiB
 
 
 
 
 
 
Koks: 0c0a94d07b
Atzari Tagi
${ item.name }
Izveidot atzaru ${ searchTerm }
no '0c0a94d07b'
${ noResults }
boringssl/crypto/newhope/newhope_test.cc

142 rindas
4.5 KiB
Neapstrādāts Vainot Vēsture 

  1. /* Copyright (c) 2016, Google Inc.

  2.  *

  3.  * Permission to use, copy, modify, and/or distribute this software for any

  4.  * purpose with or without fee is hereby granted, provided that the above

  5.  * copyright notice and this permission notice appear in all copies.

  6.  *

  7.  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

  8.  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

  9.  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY

  10.  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

  11.  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION

  12.  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN

  13.  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

  14. 

  15. #include <math.h>

  16. #include <stdio.h>

  17. #include <string.h>

  18. 

  19. #include <openssl/crypto.h>

  20. #include <openssl/rand.h>

  21. 

  22. #include "internal.h"

  23. 

  24. 

  25. // Set to 10 for quick execution.  Tested up to 1,000,000.

  26. static const int kNumTests = 10;

  27. 

  28. static bool TestKeys(void) {

  29.   // Alice generates a public key.

  30.   bssl::UniquePtr<NEWHOPE_POLY> sk(NEWHOPE_POLY_new());

  31.   uint8_t offer_msg[NEWHOPE_OFFERMSG_LENGTH];

  32.   NEWHOPE_offer(offer_msg, sk.get());

  33. 

  34.   // Bob derives a secret key and creates a response.

  35.   uint8_t accept_msg[NEWHOPE_ACCEPTMSG_LENGTH];

  36.   uint8_t accept_key[SHA256_DIGEST_LENGTH];

  37.   if (!NEWHOPE_accept(accept_key, accept_msg, offer_msg, sizeof(offer_msg))) {

  38.     fprintf(stderr, "ERROR accept key exchange failed\n");

  39.     return false;

  40.   }

  41. 

  42.   // Alice uses Bob's response to get her secret key.

  43.   uint8_t offer_key[SHA256_DIGEST_LENGTH];

  44.   if (!NEWHOPE_finish(offer_key, sk.get(), accept_msg, sizeof(accept_msg))) {

  45.     fprintf(stderr, "ERROR finish key exchange failed\n");

  46.     return false;

  47.   }

  48. 

  49.   if (memcmp(offer_key, accept_key, SHA256_DIGEST_LENGTH) != 0) {

  50.     fprintf(stderr, "ERROR keys did not agree\n");

  51.     return false;

  52.   }

  53. 

  54.   return true;

  55. }

  56. 

  57. static bool TestInvalidSK(void) {

  58.   // Alice generates a public key.

  59.   uint8_t offer_msg[NEWHOPE_OFFERMSG_LENGTH];

  60.   bssl::UniquePtr<NEWHOPE_POLY> sk(NEWHOPE_POLY_new());

  61.   NEWHOPE_offer(offer_msg, sk.get());

  62. 

  63.   // Bob derives a secret key and creates a response.

  64.   uint8_t accept_key[SHA256_DIGEST_LENGTH];

  65.   uint8_t accept_msg[NEWHOPE_ACCEPTMSG_LENGTH];

  66.   if (!NEWHOPE_accept(accept_key, accept_msg, offer_msg, sizeof(offer_msg))) {

  67.     fprintf(stderr, "ERROR accept key exchange failed\n");

  68.     return false;

  69.   }

  70. 

  71.   // Corrupt the secret key.  It turns out that you need to corrupt a lot of

  72.   // bits to ensure that the key exchange always fails!

  73.   sk->coeffs[PARAM_N - 1] = 0;

  74.   sk->coeffs[PARAM_N - 2] = 0;

  75.   sk->coeffs[PARAM_N - 3] = 0;

  76.   sk->coeffs[PARAM_N - 4] = 0;

  77. 

  78.   // Alice uses Bob's response to get her secret key.

  79.   uint8_t offer_key[SHA256_DIGEST_LENGTH];

  80.   if (!NEWHOPE_finish(offer_key, sk.get(), accept_msg, sizeof(accept_msg))) {

  81.     fprintf(stderr, "ERROR finish key exchange failed\n");

  82.     return false;

  83.   }

  84. 

  85.   if (memcmp(offer_key, accept_key, SHA256_DIGEST_LENGTH) == 0) {

  86.     fprintf(stderr, "ERROR keys agreed despite corrupt sk\n");

  87.     return false;

  88.   }

  89. 

  90.   return true;

  91. }

  92. 

  93. static bool TestInvalidAcceptMsg(void) {

  94.   // Alice generates a public key.

  95.   bssl::UniquePtr<NEWHOPE_POLY> sk(NEWHOPE_POLY_new());

  96.   uint8_t offer_msg[NEWHOPE_OFFERMSG_LENGTH];

  97.   NEWHOPE_offer(offer_msg, sk.get());

  98. 

  99.   // Bob derives a secret key and creates a response.

  100.   uint8_t accept_key[SHA256_DIGEST_LENGTH];

  101.   uint8_t accept_msg[NEWHOPE_ACCEPTMSG_LENGTH];

  102.   if (!NEWHOPE_accept(accept_key, accept_msg, offer_msg, sizeof(offer_msg))) {

  103.     fprintf(stderr, "ERROR accept key exchange failed\n");

  104.     return false;

  105.   }

  106. 

  107.   // Corrupt the (polynomial part of the) accept message.  It turns out that

  108.   // you need to corrupt a lot of bits to ensure that the key exchange always

  109.   // fails!

  110.   accept_msg[PARAM_N - 1] = 0;

  111.   accept_msg[PARAM_N - 2] = 0;

  112.   accept_msg[PARAM_N - 3] = 0;

  113.   accept_msg[PARAM_N - 4] = 0;

  114. 

  115.   // Alice uses Bob's response to get her secret key.

  116.   uint8_t offer_key[SHA256_DIGEST_LENGTH];

  117.   if (!NEWHOPE_finish(offer_key, sk.get(), accept_msg, sizeof(accept_msg))) {

  118.     fprintf(stderr, "ERROR finish key exchange failed\n");

  119.     return false;

  120.   }

  121. 

  122.   if (!memcmp(offer_key, accept_key, SHA256_DIGEST_LENGTH)) {

  123.     fprintf(stderr, "ERROR keys agreed despite corrupt accept message\n");

  124.     return false;

  125.   }

  126. 

  127.   return true;

  128. }

  129. 

  130. int main(void) {

  131.   for (int i = 0; i < kNumTests; i++) {

  132.     if (!TestKeys() ||

  133.         !TestInvalidSK() ||

  134.         !TestInvalidAcceptMsg()) {

  135.       return 1;

  136.     }

  137.   }

  138. 

  139.   printf("PASS\n");

  140.   return 0;

  141. }