rixxc/wireguard-rs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Unit test for mac1 validation

Browse Source
This commit is contained in:
Mathias Hall-Andersen
2019-08-01 13:56:42 +02:00
parent 0f92468f69
commit d6e40f9ea6
2 changed files with 61 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/handshake/device.rs
View File

@@ -233,11 +233,14 @@ where
Some(&TYPE_COOKIEREPLY) => {
let msg = CookieReply::parse(msg)?;
// lookup peer
let peer = self.lookup_id(msg.f_receiver.get())?;
// validate cookie reply
peer.macs.lock().process(&msg)?;
// update cookie generator for peer
unimplemented!()
// this prompts no new message
Ok((peer.identifier, None, None))
}
_ => Err(HandshakeError::InvalidMessageFormat),
}

67
src/handshake/macs.rs
View File

@@ -54,13 +54,13 @@ pub struct Generator {
impl Generator {
/// Initalize a new mac field generator
///
///
/// # Arguments
///
///
/// - pk: The public key of the peer to which the generator is associated
///
///
/// # Returns
///
///
/// A freshly initated generator
pub fn new(pk: PublicKey) -> Generator {
Generator {
@@ -71,27 +71,28 @@ impl Generator {
}
/// Process a CookieReply message
///
///
/// # Arguments
///
///
/// - reply: CookieReply to process
///
///
/// # Returns
///
///
/// Can fail if the cookie reply fails to validate
/// (either indicating that it is outdated or malformed)
pub fn process(&mut self, reply: &CookieReply) -> Option<HandshakeError> {
pub fn process(&mut self, reply: &CookieReply) -> Result<(), HandshakeError> {
unimplemented!("do the checks and decryption");
self.cookie = Some(Cookie {
birth: Instant::now(),
value: reply.f_cookie,
});
None
Ok(())
}
/// Generate both mac fields for an inner message
///
///
/// # Arguments
///
///
/// - inner: A byteslice representing the inner message to be covered
/// - macs: The destination mac footer for the resulting macs
pub fn generate(&mut self, inner: &[u8], macs: &mut MacsFooter) {
@@ -122,6 +123,12 @@ impl Validator {
}
}
/// Check the mac1 field against the inner message
///
/// # Arguments
///
/// - inner: The inner message covered by the mac1 field
/// - macs: The mac footer
pub fn check_mac1(&self, inner: &[u8], macs: &MacsFooter) -> Result<(), HandshakeError> {
let valid_mac1: bool = MAC!(&self.mac1_key, inner).ct_eq(&macs.f_mac1).into();
if !valid_mac1 {
@@ -131,3 +138,39 @@ impl Validator {
}
}
}
#[cfg(test)]
mod tests {
use super::*;
use rand::rngs::OsRng;
use x25519_dalek::StaticSecret;
#[test]
fn test_mac1() {
// generate random public key
let mut rng = OsRng::new().unwrap();
let sk = StaticSecret::new(&mut rng);
let pk = PublicKey::from(&sk);
// some message
let inner: Vec<u8> = vec![
0x28, 0x5d, 0x9d, 0x2b, 0x40, 0x70, 0xae, 0xef, 0xbd, 0xe7, 0xc1, 0x66, 0xb4, 0x69,
0x2a, 0x51, 0x1c, 0xb1, 0x80, 0xcc, 0x47, 0x6c, 0xec, 0xbc, 0x1f, 0x1d, 0x9c, 0x6b,
0xfb, 0xe9, 0xc6, 0x3b, 0x64, 0x74, 0xb9, 0x41, 0xf9, 0x39, 0x2b, 0xb5, 0xd2, 0x96,
0x51, 0xd7, 0xaa, 0x33, 0x07, 0x1f, 0x48, 0x2d, 0x7a, 0x47, 0x68, 0xd3, 0x5b, 0x63,
0xe4, 0x03, 0x6b, 0xaa, 0xdd, 0x17, 0xfd, 0xb1, 0x24, 0x1f, 0xf3, 0x96, 0x17, 0x0b,
0xd4, 0x9a, 0x63, 0xf3, 0x09, 0x31, 0xcb, 0xf4, 0x81, 0xae, 0xaa, 0x84, 0xf2, 0x55,
0x31, 0x78, 0xc5, 0x3f, 0x0f, 0xa0, 0x8c, 0xa1, 0x70, 0x11, 0xcd, 0xac, 0xe0, 0x33,
0xef, 0xfe, 0xd9, 0xa9, 0x9b, 0x3e, 0x9f, 0x65, 0x11, 0x7e, 0x30, 0x77, 0x18, 0xf2,
0x98, 0x55, 0x10, 0xa6,
];
let mut footer: MacsFooter = Default::default();
let mut generator = Generator::new(pk);
let validator = Validator::new(pk);
generator.generate(&inner[..], &mut footer);
validator.check_mac1(&inner[..], &footer).unwrap();
}
}