2017-06-23 13:41:59 +02:00
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
2017-06-24 15:34:17 +02:00
|
|
|
"bytes"
|
|
|
|
"encoding/binary"
|
2017-06-23 13:41:59 +02:00
|
|
|
"testing"
|
|
|
|
)
|
|
|
|
|
2017-06-24 15:34:17 +02:00
|
|
|
func assertNil(t *testing.T, err error) {
|
2017-06-23 13:41:59 +02:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
2017-06-24 15:34:17 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
func assertEqual(t *testing.T, a []byte, b []byte) {
|
|
|
|
if bytes.Compare(a, b) != 0 {
|
|
|
|
t.Fatal(a, "!=", b)
|
|
|
|
}
|
|
|
|
}
|
2017-06-23 13:41:59 +02:00
|
|
|
|
2017-06-27 17:33:06 +02:00
|
|
|
func newDevice(t *testing.T) *Device {
|
|
|
|
var device Device
|
|
|
|
sk, err := newPrivateKey()
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
device.Init()
|
|
|
|
device.SetPrivateKey(sk)
|
|
|
|
return &device
|
|
|
|
}
|
|
|
|
|
2017-06-24 15:34:17 +02:00
|
|
|
func TestCurveWrappers(t *testing.T) {
|
|
|
|
sk1, err := newPrivateKey()
|
|
|
|
assertNil(t, err)
|
|
|
|
|
|
|
|
sk2, err := newPrivateKey()
|
|
|
|
assertNil(t, err)
|
|
|
|
|
|
|
|
pk1 := sk1.publicKey()
|
|
|
|
pk2 := sk2.publicKey()
|
|
|
|
|
|
|
|
ss1 := sk1.sharedSecret(pk2)
|
|
|
|
ss2 := sk2.sharedSecret(pk1)
|
|
|
|
|
|
|
|
if ss1 != ss2 {
|
|
|
|
t.Fatal("Failed to compute shared secet")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestNoiseHandshake(t *testing.T) {
|
|
|
|
|
|
|
|
dev1 := newDevice(t)
|
|
|
|
dev2 := newDevice(t)
|
2017-06-23 13:41:59 +02:00
|
|
|
|
2017-06-24 15:34:17 +02:00
|
|
|
peer1 := dev2.NewPeer(dev1.privateKey.publicKey())
|
|
|
|
peer2 := dev1.NewPeer(dev2.privateKey.publicKey())
|
2017-06-23 13:41:59 +02:00
|
|
|
|
2017-06-24 15:34:17 +02:00
|
|
|
assertEqual(
|
|
|
|
t,
|
|
|
|
peer1.handshake.precomputedStaticStatic[:],
|
|
|
|
peer2.handshake.precomputedStaticStatic[:],
|
|
|
|
)
|
|
|
|
|
|
|
|
/* simulate handshake */
|
|
|
|
|
2017-06-24 22:03:52 +02:00
|
|
|
// initiation message
|
|
|
|
|
|
|
|
t.Log("exchange initiation message")
|
2017-06-24 15:34:17 +02:00
|
|
|
|
2017-06-26 13:14:02 +02:00
|
|
|
msg1, err := dev1.CreateMessageInitiation(peer2)
|
2017-06-24 15:34:17 +02:00
|
|
|
assertNil(t, err)
|
|
|
|
|
|
|
|
packet := make([]byte, 0, 256)
|
|
|
|
writer := bytes.NewBuffer(packet)
|
|
|
|
err = binary.Write(writer, binary.LittleEndian, msg1)
|
2017-06-26 13:14:02 +02:00
|
|
|
peer := dev2.ConsumeMessageInitiation(msg1)
|
2017-06-24 15:34:17 +02:00
|
|
|
if peer == nil {
|
|
|
|
t.Fatal("handshake failed at initiation message")
|
|
|
|
}
|
2017-06-23 13:41:59 +02:00
|
|
|
|
2017-06-24 15:34:17 +02:00
|
|
|
assertEqual(
|
|
|
|
t,
|
|
|
|
peer1.handshake.chainKey[:],
|
|
|
|
peer2.handshake.chainKey[:],
|
|
|
|
)
|
2017-06-23 13:41:59 +02:00
|
|
|
|
2017-06-24 15:34:17 +02:00
|
|
|
assertEqual(
|
|
|
|
t,
|
|
|
|
peer1.handshake.hash[:],
|
|
|
|
peer2.handshake.hash[:],
|
|
|
|
)
|
2017-06-23 13:41:59 +02:00
|
|
|
|
2017-06-24 22:03:52 +02:00
|
|
|
// response message
|
|
|
|
|
|
|
|
t.Log("exchange response message")
|
|
|
|
|
|
|
|
msg2, err := dev2.CreateMessageResponse(peer1)
|
|
|
|
assertNil(t, err)
|
|
|
|
|
|
|
|
peer = dev1.ConsumeMessageResponse(msg2)
|
|
|
|
if peer == nil {
|
|
|
|
t.Fatal("handshake failed at response message")
|
|
|
|
}
|
|
|
|
|
|
|
|
assertEqual(
|
|
|
|
t,
|
|
|
|
peer1.handshake.chainKey[:],
|
|
|
|
peer2.handshake.chainKey[:],
|
|
|
|
)
|
|
|
|
|
|
|
|
assertEqual(
|
|
|
|
t,
|
|
|
|
peer1.handshake.hash[:],
|
|
|
|
peer2.handshake.hash[:],
|
|
|
|
)
|
|
|
|
|
|
|
|
// key pairs
|
|
|
|
|
|
|
|
t.Log("deriving keys")
|
|
|
|
|
|
|
|
key1 := peer1.NewKeyPair()
|
|
|
|
key2 := peer2.NewKeyPair()
|
|
|
|
|
|
|
|
if key1 == nil {
|
|
|
|
t.Fatal("failed to dervice key-pair for peer 1")
|
|
|
|
}
|
|
|
|
|
|
|
|
if key2 == nil {
|
|
|
|
t.Fatal("failed to dervice key-pair for peer 2")
|
|
|
|
}
|
2017-06-23 13:41:59 +02:00
|
|
|
|
2017-06-24 22:03:52 +02:00
|
|
|
// encrypting / decryption test
|
|
|
|
|
|
|
|
t.Log("test key pairs")
|
|
|
|
|
|
|
|
func() {
|
|
|
|
testMsg := []byte("wireguard test message 1")
|
|
|
|
var err error
|
|
|
|
var out []byte
|
|
|
|
var nonce [12]byte
|
|
|
|
out = key1.send.Seal(out, nonce[:], testMsg, nil)
|
|
|
|
out, err = key2.recv.Open(out[:0], nonce[:], out, nil)
|
|
|
|
assertNil(t, err)
|
|
|
|
assertEqual(t, out, testMsg)
|
|
|
|
}()
|
|
|
|
|
|
|
|
func() {
|
|
|
|
testMsg := []byte("wireguard test message 2")
|
|
|
|
var err error
|
|
|
|
var out []byte
|
|
|
|
var nonce [12]byte
|
|
|
|
out = key2.send.Seal(out, nonce[:], testMsg, nil)
|
|
|
|
out, err = key1.recv.Open(out[:0], nonce[:], out, nil)
|
|
|
|
assertNil(t, err)
|
|
|
|
assertEqual(t, out, testMsg)
|
|
|
|
}()
|
2017-06-23 13:41:59 +02:00
|
|
|
}
|