boringssl/crypto/newhope/newhope_test.c
Matt Braithwaite e09e579603 Rename NEWHOPE functions to offer/accept/finish.
This is consistent with the new convention in ssl_ecdh.c.

Along the way, change newhope_test.c to not iterate 1000 times over each
test.

Change-Id: I7a500f45b838eba8f6df96957891aa8e880ba089
Reviewed-on: https://boringssl-review.googlesource.com/8012
Reviewed-by: David Benjamin <davidben@google.com>
2016-05-19 18:17:48 +00:00

139 lines
4.1 KiB
C

/* Copyright (c) 2016, Google Inc.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
#include <math.h>
#include <stdio.h>
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/rand.h>
#include "internal.h"
#define NTESTS 1
static int test_keys(void) {
NEWHOPE_POLY *sk = NEWHOPE_POLY_new();
uint8_t offer_key[SHA256_DIGEST_LENGTH], accept_key[SHA256_DIGEST_LENGTH];
uint8_t offermsg[NEWHOPE_OFFERMSG_LENGTH];
uint8_t acceptmsg[NEWHOPE_ACCEPTMSG_LENGTH];
int i;
for (i = 0; i < NTESTS; i++) {
/* Alice generates a public key */
NEWHOPE_offer(offermsg, sk);
/* Bob derives a secret key and creates a response */
if (!NEWHOPE_accept(accept_key, acceptmsg, offermsg, sizeof(offermsg))) {
fprintf(stderr, "ERROR accept key exchange failed\n");
return 0;
}
/* Alice uses Bob's response to get her secret key */
if (!NEWHOPE_finish(offer_key, sk, acceptmsg, sizeof(acceptmsg))) {
fprintf(stderr, "ERROR finish key exchange failed\n");
return 0;
}
if (memcmp(offer_key, accept_key, SHA256_DIGEST_LENGTH) != 0) {
fprintf(stderr, "ERROR keys did not agree\n");
return 0;
}
}
NEWHOPE_POLY_free(sk);
return 1;
}
static int test_invalid_sk_a(void) {
NEWHOPE_POLY *sk = NEWHOPE_POLY_new();
uint8_t offer_key[SHA256_DIGEST_LENGTH], accept_key[SHA256_DIGEST_LENGTH];
uint8_t offermsg[NEWHOPE_OFFERMSG_LENGTH];
uint8_t acceptmsg[NEWHOPE_ACCEPTMSG_LENGTH];
int i;
for (i = 0; i < NTESTS; i++) {
/* Alice generates a public key */
NEWHOPE_offer(offermsg, sk);
/* Bob derives a secret key and creates a response */
if (!NEWHOPE_accept(accept_key, acceptmsg, offermsg, sizeof(offermsg))) {
fprintf(stderr, "ERROR accept key exchange failed\n");
return 0;
}
/* Corrupt the secret key */
NEWHOPE_offer(offermsg /* not used below */, sk);
/* Alice uses Bob's response to get her secret key */
if (!NEWHOPE_finish(offer_key, sk, acceptmsg, sizeof(acceptmsg))) {
fprintf(stderr, "ERROR finish key exchange failed\n");
return 0;
}
if (memcmp(offer_key, accept_key, SHA256_DIGEST_LENGTH) == 0) {
fprintf(stderr, "ERROR invalid sk_a\n");
return 0;
}
}
NEWHOPE_POLY_free(sk);
return 1;
}
static int test_invalid_ciphertext(void) {
NEWHOPE_POLY *sk = NEWHOPE_POLY_new();
uint8_t offer_key[SHA256_DIGEST_LENGTH], accept_key[SHA256_DIGEST_LENGTH];
uint8_t offermsg[NEWHOPE_OFFERMSG_LENGTH];
uint8_t acceptmsg[NEWHOPE_ACCEPTMSG_LENGTH];
int i;
for (i = 0; i < 10; i++) {
/* Alice generates a public key */
NEWHOPE_offer(offermsg, sk);
/* Bob derives a secret key and creates a response */
if (!NEWHOPE_accept(accept_key, acceptmsg, offermsg, sizeof(offermsg))) {
fprintf(stderr, "ERROR accept key exchange failed\n");
return 0;
}
/* Change some byte in the "ciphertext" */
acceptmsg[42] ^= 1;
/* Alice uses Bob's response to get her secret key */
if (!NEWHOPE_finish(offer_key, sk, acceptmsg, sizeof(acceptmsg))) {
fprintf(stderr, "ERROR finish key exchange failed\n");
return 0;
}
if (!memcmp(offer_key, accept_key, SHA256_DIGEST_LENGTH)) {
fprintf(stderr, "ERROR invalid acceptmsg\n");
return 0;
}
}
NEWHOPE_POLY_free(sk);
return 1;
}
int main(void) {
if (!test_keys() || !test_invalid_sk_a() || !test_invalid_ciphertext()) {
return 1;
}
printf("PASS\n");
return 0;
}