API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 9th, 2019
114
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 18.28 KB | None | 0 0
raw download clone embed print report
  1. #include "../../utils/tests.h"
  2. #include "../../utils/utils.h"
  3. #include <boost/asio.hpp>
  4. #include "../tls-record-layer.h"
  5. #include <string>
  6. #include <check.h>
  7. #include "../ecdh.h"
  8. #include "../secrets.h"
  9. #include "../aes128gcm.h"
  10. #include "../ascon128.h"
  11. #include "../endian.h"
  12. #include "../hkdf.h"
  13. #include "../tls-aesgcm.h"
  14. #include "../tls-ascon.h"
  15.  
  16. using namespace std;
  17. using boost::asio::ip::tcp;
  18. using util::operator""_x;
  19.  
  20. // Include your custom testc ases here
  21. // Write at LEAST 10 custom tests to verify your own implementation.
  22. //
  23. // TODO:
  24. //
  25. // Each Test is encapsulated by:
  26. //
  27. // START_TEST(testname){
  28. // #testcode
  29. // }
  30. // END_TEST
  31. //
  32. // At the end of the test a verification statement such as ck_assert_int_eq(int, int),
  33. // wich verifies that two ints are equal, should be called.
  34. // For further information take a look at:
  35. // https://libcheck.github.io/check/doc/doxygen/html/check_8h.html
  36. //
  37. // First create a Test Suite which holds all your testcases by calling suite_create(suite_name).
  38. // Add Each test to the corresponding testcase by first creating a testcase object with
  39. // tcase_create(tcase_name) and then call tcase_add_test(tcase, test_name) for each test you want
  40. // to add to this testcase. Add the Tescases to the test suite by calling: suite_add_tcase(suite,
  41. // tcase).
  42. //
  43. // Run your defined test suite and verify the outcome.
  44. // You may look into some of our tests to get a feeling for the workflow.
  45.  
  46. namespace
  47. {
  48. const vector<uint8_t> some_messages =
  49. "010000c5030359f38fc78fd64ef8e8aec2c486ef2247b7c2416ca9f421aff5505ef505d7698b01000004ff011301"
  50. "010000970033004700450017004104c0d645154c89c3b3725dfc4884a35d25406e100bff63392e7a406f2624d220"
  51. "b9c9776a3a81fd538ae41b38b0616de06b937cd9b447960ef5c137fbff03a51a1a002b0003020304002d00020101"
  52. "000a00040002001700290033000e00086964656e7469747900000000002120cbefc811e3e2fdae06abf5c8adcd92"
  53. "b2db375fc11828a9f811c6529f0b13c43c0200007e030359f3902e975920bd7bb7544e495129953837631e598b63"
  54. "a20f91c84b17c960120100130100005500330045001700410499484aed20b35a570d06af3f84194eee23a1af4318"
  55. "00c52e0c9356f123ffdc0588ae598e18bd9ff892fd3251fe4bea0a5512ac7da7fcb474656f59ab3ad9684e002b00"
  56. "020304002900020000"_x;
  57. const vector<uint8_t> psk = "abab"_x;
  58. const vector<uint8_t> dhe =
  59. "86e94ce15c700d63c13433f73839bdfb23617c631a149e395aa646ac762da770"_x;
  60.  
  61. auto expected_client_finished_key =
  62. "18a116ceb62b832ba4217f87e2b0fd972a854f0391cc352ab3a315101f006edd"_x;
  63. auto expected_server_finished_key =
  64. "d988598717658aba6c0bdafdbc45c83a73739d67f6dc9b7c55eb9ca0ff67a88a"_x;
  65. const vector<uint8_t> expected_derived_key_empty =
  66. "d792d9917b9a2d2c2bb25799aebd83e224337d71d7eb1b8701b8f04954985298"_x;
  67. const vector<uint8_t> expected_early_secret_empty =
  68. "41ba791c6035d6f3953c0858645f4bd866af2c1c33b40db93dcb6d1b26140083"_x;
  69.  
  70. vector<uint8_t> k_lab = {'t', 'e', 's', 't'};
  71. vector<uint8_t> n_lab = {'t', 'e', 's', 't'};
  72. vector<uint8_t> salt = {61,88,61,246,231,134,45,111,80,227,6,208,10,253,207,32};
  73. vector<uint8_t> ikm = {6,237,231,117,246,84,45,99,216,238,227,215,67,10,254,207};
  74.  
  75. vector<vector<uint8_t>> empty_plaintext_cipher = {{74, 50, 119, 165, 103, 25, 119, 19, 95, 142, 214, 108, 5, 149, 208, 200, 34},
  76. {3, 163, 179, 194, 209, 143, 215, 202, 7, 77, 149, 117, 75, 64, 86, 166, 230},
  77. {122, 11, 190, 201, 254, 129, 78, 251, 74, 100, 255, 211, 202, 46, 126, 6, 145},
  78. {86, 199, 213, 163, 65, 206, 207, 150, 89, 254, 199, 134, 22, 7, 149, 25, 211},
  79. {12, 36, 1, 14, 67, 185, 245, 187, 146, 135, 42, 249, 5, 143, 149, 182, 247},
  80. {225,87,246,131,217,199,252,180,231,122,44,60,93,103,130,202,211},
  81. {145,57,46,56,156,71,101,13,249,197,9,241,252,125,115,116,20},
  82. {2,79,66,240,210,221,157,177,89,227,59,46,173,191,251,151,236},
  83. {212,151,244,26,213,20,236,125,64,199,73,16,134,249,245,251,232},
  84. {69,10,130,224,153,83,165,43,108,3,53,18,140,85,67,108,248},
  85. {51,203,185,96,124,209,117,34,102,23,254,89,136,212,253,211,132},
  86. {30,231,253,165,38,233,52,210,171,173,33,209,170,19,127,228,58},
  87. {73,77,89,12,157,132,135,241,11,209,148,236,251,228,223,126,0},
  88. {3,48,170,118,250,93,54,239,60,2,216,187,69,83,33,133,87},
  89. {187,121,170,236,246,95,83,177,174,13,15,237,194,196,92,15,64}};
  90.  
  91. vector<vector<uint8_t>> zero_plaintext_cipher = {{199, 57, 109, 148, 186, 115, 145, 236, 187, 187, 74, 71, 3, 197, 255, 208, 17, 96},
  92. {54, 237, 79, 153, 112, 5, 234, 29, 214, 73, 88, 67, 71, 77, 197, 179, 176, 251},
  93. {144, 23, 243, 125, 99, 181, 70, 162, 173, 131, 216, 194, 159, 93, 13, 209, 12, 225},
  94. {106, 171, 222, 100, 238, 13, 155, 112, 184, 10, 188, 125, 166, 188, 110, 241, 57, 64},
  95. {1,248,74,14,131,186,148,0,242,175,209,226,97,118,119,22,176,90},
  96. {123,191,179,212,33,62,199,211,72,197,182,241,213,60,192,175,77,131},
  97. {57,168,57,12,64,57,102,79,133,248,165,118,199,13,11,217,138,146},
  98. {208,255,140,169,28,116,19,116,228,217,150,90,55,175,67,97,163,107},
  99. {151,152,58,109,189,228,237,13,150,107,177,154,130,129,197,105,49,199},
  100. {63,222,78,98,14,30,56,8,24,61,67,42,28,249,13,201,52,136},
  101. {32,112,165,143,167,126,29,152,5,26,150,26,225,176,132,40,149,149},
  102. {96,73,149,103,199,37,215,20,139,187,28,30,128,51,122,11,14,56},
  103. {179,134,186,45,185,184,33,106,146,198,90,196,198,46,213,168,10,161},
  104. {207,21,80,205,130,163,97,163,162,49,230,4,73,228,142,77,4,241},
  105. {37,209,148,19,170,183,63,143,227,7,80,92,24,178,39,164,217,141}};
  106. vector<vector<uint8_t>> ascon_emtpy_plaintext_cipher = {{98,143,117,52,151,231,18,252,35,34,224,0,181,52,44,52,93},
  107. {127,42,203,55,78,126,158,91,232,202,205,70,80,13,74,134,189},
  108. {167,211,226,59,48,56,99,214,249,41,204,146,248,234,171,191,160}};
  109.  
  110. vector<vector<uint8_t>> aesgcm128_zero_plaintext_cipher = {{93, 48, 89, 54, 185, 246, 27, 40, 247, 242, 76, 18, 199, 185, 218, 43, 186, 244},
  111. {20, 115, 60, 229, 246, 182, 34, 16, 59, 150, 37, 176, 86, 195, 197, 110, 150, 247},
  112. {109, 233, 195, 245, 165, 177, 90, 185, 160, 30, 62, 243, 84, 215, 205, 208, 252, 136}};
  113. }
  114.  
  115.  
  116. START_TEST(ecdh_empty){
  117. ecdh e(SECP256R1);
  118. const gfp_t private_key_zero = {{}};
  119. e.set_private_key(private_key_zero);
  120.  
  121. const vector<uint8_t> data = e.get_data();
  122. const vector<uint8_t> shared_secret = e.get_shared_secret(data);
  123. vector<uint8_t> empty_vector;
  124.  
  125. for(size_t i = 0; i < shared_secret.size(); i++) {
  126. empty_vector.push_back(0);
  127. }
  128.  
  129. ck_assert_array_split_eq(shared_secret, empty_vector);
  130. }
  131. END_TEST
  132.  
  133. START_TEST(ecdh_keys_ff)
  134. {
  135. ecdh e_1(SECP256R1);
  136. ecdh e_2(SECP256R1);
  137.  
  138. const gfp_t key_1 = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
  139. const gfp_t key_2 = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
  140.  
  141. e_1.set_private_key(key_1);
  142. e_2.set_private_key(key_2);
  143.  
  144. ck_assert_array_split_eq(e_1.get_shared_secret(e_2.get_data()), e_2.get_shared_secret(e_1.get_data()));
  145. }
  146. END_TEST
  147.  
  148. START_TEST(ecdh_keys){
  149. ecdh e_1(SECP256R1);
  150. ecdh e_2(SECP256R1);
  151.  
  152. const gfp_t key_1 = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
  153. const gfp_t key_2 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1};
  154.  
  155. e_1.set_private_key(key_1);
  156. e_2.set_private_key(key_2);
  157.  
  158. ck_assert_array_split_eq(e_1.get_shared_secret(e_2.get_data()), e_2.get_shared_secret(e_1.get_data()));
  159. }
  160. END_TEST
  161.  
  162. START_TEST(rec_lay_compare_handshake_traffic_keys_empty)
  163. {
  164. boost::asio::io_service io_service;
  165.  
  166. for (connection_end c : {connection_end::CLIENT, connection_end::SERVER})
  167. {
  168. tcp::socket socket(io_service);
  169. tls_record_layer rec_lay(c, forward<tcp::socket>(socket));
  170. rec_lay.set_cipher_suite(TLS_ASCON_128_SHA256);
  171. const auto early_s = rec_lay.compute_early_secrets({}, {});
  172. rec_lay.compute_handshake_traffic_keys({}, {});
  173.  
  174. ck_assert_array_split_eq(rec_lay.get_finished_key(connection_end::CLIENT), expected_client_finished_key);
  175. ck_assert_array_split_eq(rec_lay.get_finished_key(connection_end::SERVER), expected_server_finished_key);
  176. }
  177. }
  178. END_TEST
  179.  
  180. START_TEST(rec_lay_compute_handshake_derived_key_empty)
  181. {
  182. boost::asio::io_service io_service;
  183.  
  184. for (connection_end c : {connection_end::CLIENT, connection_end::SERVER})
  185. {
  186. tcp::socket socket(io_service);
  187. tls_record_layer record_layer(c, forward<tcp::socket>(socket));
  188. record_layer.set_cipher_suite(TLS_ASCON_128_SHA256);
  189. record_layer.compute_early_secrets({}, {});
  190. const auto derived_key = record_layer.compute_handshake_traffic_keys({}, {});
  191.  
  192. ck_assert_array_split_eq(derived_key, expected_derived_key_empty);
  193. }
  194. }
  195. END_TEST
  196.  
  197. START_TEST(rec_lay_early_secret_empty)
  198. {
  199. boost::asio::io_service io_service;
  200.  
  201. for (connection_end c : {connection_end::CLIENT, connection_end::SERVER})
  202. {
  203. tcp::socket socket(io_service);
  204. tls_record_layer record_layer(c, forward<tcp::socket>(socket));
  205. record_layer.set_cipher_suite(TLS_ASCON_128_SHA256);
  206.  
  207. const auto early_secret = record_layer.compute_early_secrets({}, {});
  208.  
  209. ck_assert_array_split_eq(early_secret, expected_early_secret_empty);
  210. }
  211. }
  212. END_TEST
  213.  
  214. START_TEST(ascon128_empty)
  215. {
  216.  
  217. typename tls13_aesgcm::record expected_record;
  218. expected_record.header.type = TLS_APPLICATION_DATA;
  219. expected_record.header.version = TLSv1_2;
  220. expected_record.header.length = 17;
  221.  
  222. hkdf kdf(salt, ikm);
  223. const auto key_data = kdf.expand(k_lab, ascon128::key_size);
  224. typename ascon128::key_storage ascon_key;
  225. copy(key_data.begin(), key_data.end(), ascon_key.begin());
  226.  
  227. const auto nonce_data = kdf.expand(n_lab, ascon128::nonce_size);
  228. tls13_ascon tls(ascon_key, nonce_data);
  229. tls13_ascon tls_decrypt(ascon_key, nonce_data);
  230.  
  231. for (size_t s = 0; s != 3; ++s){
  232. vector<uint8_t> plaintext;
  233.  
  234. expected_record.ciphertext = ascon_emtpy_plaintext_cipher[s];
  235. const auto actual_record = tls.encrypt(TLS_APPLICATION_DATA, plaintext);
  236.  
  237.  
  238.  
  239. if (actual_record != expected_record){
  240. ck_abort_msg("Records do not match.");
  241. }
  242.  
  243. vector<uint8_t> decrypted_plaintext;
  244. content_type type;
  245. if (!tls_decrypt.decrypt(actual_record, decrypted_plaintext, type)){
  246. ck_abort_msg("Decryption failed.");
  247. }
  248.  
  249. if (plaintext.size() != decrypted_plaintext.size() ||
  250. !equal(plaintext.begin(), plaintext.end(), decrypted_plaintext.begin())){
  251. ck_abort_msg("Plaintexts do not match.");
  252. }
  253. }
  254. }
  255. END_TEST
  256.  
  257. START_TEST(ascon128_zero)
  258. {
  259. typename tls13_aesgcm::record expected_record;
  260. expected_record.header.type = TLS_APPLICATION_DATA;
  261. expected_record.header.version = TLSv1_2;
  262. expected_record.header.length = 18;
  263.  
  264. hkdf kdf(salt, ikm);
  265. const auto key_data = kdf.expand(k_lab, ascon128::key_size);
  266. typename ascon128::key_storage ascon_key;
  267. copy(key_data.begin(), key_data.end(), ascon_key.begin());
  268. const auto nonce_data = kdf.expand(n_lab, ascon128::nonce_size);
  269.  
  270. tls13_ascon tls(ascon_key, nonce_data);
  271. tls13_ascon tls_decrypt(ascon_key, nonce_data);
  272.  
  273. for (size_t s = 0; s != 3; ++s){
  274. vector<uint8_t> plaintext;
  275. plaintext.push_back(0);
  276.  
  277. expected_record.ciphertext = zero_plaintext_cipher[s];
  278. const auto actual_record = tls.encrypt(TLS_APPLICATION_DATA, plaintext);
  279.  
  280. if (actual_record != expected_record){
  281. ck_abort_msg("Records do not match.");
  282. }
  283.  
  284. vector<uint8_t> decrypted_plaintext;
  285. content_type type;
  286. if (!tls_decrypt.decrypt(actual_record, decrypted_plaintext, type)){
  287. ck_abort_msg("Decryption failed.");
  288. }
  289.  
  290. if (plaintext.size() != decrypted_plaintext.size() ||
  291. !equal(plaintext.begin(), plaintext.end(), decrypted_plaintext.begin())){
  292. ck_abort_msg("Plaintexts do not match.");
  293. }
  294. }
  295. }
  296. END_TEST
  297.  
  298. START_TEST(aes128gcm_empty)
  299. {
  300. typename tls13_aesgcm::record expected_record;
  301. expected_record.header.type = TLS_APPLICATION_DATA;
  302. expected_record.header.version = TLSv1_2;
  303. expected_record.header.length = 17;
  304.  
  305. hkdf kdf(salt, ikm);
  306. const auto key_data = kdf.expand(k_lab, aes128gcm::key_size);
  307. typename aes128gcm::key_storage aesgcm_key;
  308. copy(key_data.begin(), key_data.end(), aesgcm_key.begin());
  309.  
  310. const auto nonce_data = kdf.expand(n_lab, aes128gcm::nonce_size);
  311. tls13_aesgcm tls(aesgcm_key, nonce_data);
  312. tls13_aesgcm tls_decrypt(aesgcm_key, nonce_data);
  313.  
  314. for (size_t s = 0; s != 15; ++s){
  315. expected_record.ciphertext = empty_plaintext_cipher[s];
  316. vector<uint8_t> plaintext;
  317.  
  318. const auto actual_record = tls.encrypt(TLS_APPLICATION_DATA, plaintext);
  319.  
  320.  
  321. if (actual_record != expected_record){
  322. ck_abort_msg("Records do not match.");
  323. }
  324.  
  325. vector<uint8_t> decrypted_plaintext;
  326. content_type type;
  327. if (!tls_decrypt.decrypt(actual_record, decrypted_plaintext, type)){
  328. ck_abort_msg("Decryption failed.");
  329. }
  330.  
  331. if (plaintext.size() != decrypted_plaintext.size() ||
  332. !equal(plaintext.begin(), plaintext.end(), decrypted_plaintext.begin())){
  333. ck_abort_msg("Plaintexts do not match.");
  334. }
  335. }
  336. }
  337. END_TEST
  338.  
  339. START_TEST(aes128gcm_zero)
  340. {
  341. typename tls13_aesgcm::record expected_record;
  342. expected_record.header.type = TLS_APPLICATION_DATA;
  343. expected_record.header.version = TLSv1_2;
  344. expected_record.header.length = 18;
  345.  
  346. hkdf kdf(salt, ikm);
  347. const auto key_data = kdf.expand(k_lab, aes128gcm::key_size);
  348. typename aes128gcm::key_storage aesgcm_key;
  349. copy(key_data.begin(), key_data.end(), aesgcm_key.begin());
  350. const auto nonce_data = kdf.expand(n_lab, aes128gcm::nonce_size);
  351.  
  352. tls13_aesgcm tls(aesgcm_key, nonce_data);
  353. tls13_aesgcm tls_decrypt(aesgcm_key, nonce_data);
  354.  
  355. for (size_t s = 0; s != 3; ++s){
  356. vector<uint8_t> plaintext;
  357. plaintext.push_back(0);
  358. expected_record.ciphertext = aesgcm128_zero_plaintext_cipher[s];
  359.  
  360. const auto actual_record = tls.encrypt(TLS_APPLICATION_DATA, plaintext);
  361.  
  362.  
  363. if (actual_record != expected_record){
  364. ck_abort_msg("Records do not match.");
  365. }
  366.  
  367. vector<uint8_t> decrypted_plaintext;
  368. content_type type;
  369. if (!tls_decrypt.decrypt(actual_record, decrypted_plaintext, type)){
  370. ck_abort_msg("Decryption failed.");
  371. }
  372.  
  373. if (plaintext.size() != decrypted_plaintext.size() ||
  374. !equal(plaintext.begin(), plaintext.end(), decrypted_plaintext.begin())){
  375. ck_abort_msg("Plaintexts do not match.");
  376. }
  377. }
  378. }
  379. END_TEST
  380.  
  381. int main(int argc, char** argv)
  382. {
  383. Suite* suite = suite_create("Student Task 2 Tests");
  384.  
  385. TCase* tcase_ecdh = tcase_create("ecdh");
  386. tcase_add_test(tcase_ecdh, ecdh_empty);
  387. tcase_add_test(tcase_ecdh, ecdh_keys_ff);
  388. tcase_add_test(tcase_ecdh, ecdh_keys);
  389. suite_add_tcase(suite, tcase_ecdh);
  390.  
  391. TCase* tcase_record = tcase_create("Record layer");
  392. tcase_add_test(tcase_record, rec_lay_compare_handshake_traffic_keys_empty);
  393. tcase_add_test(tcase_record, rec_lay_compute_handshake_derived_key_empty);
  394. tcase_add_test(tcase_record, rec_lay_early_secret_empty);
  395. suite_add_tcase(suite, tcase_record);
  396.  
  397. TCase* tcase_encrypted = tcase_create("Record layer encrypted");
  398. tcase_add_test(tcase_encrypted, ascon128_empty);
  399. tcase_add_test(tcase_encrypted, ascon128_zero);
  400. tcase_add_test(tcase_encrypted, aes128gcm_empty);
  401. tcase_add_test(tcase_encrypted, aes128gcm_zero);
  402. suite_add_tcase(suite, tcase_encrypted);
  403.  
  404. SRunner* suite_runner = srunner_create(suite);
  405. srunner_run(suite_runner, argc, argv);
  406.  
  407. int number_failed = srunner_ntests_failed(suite_runner);
  408. srunner_free(suite_runner);
  409.  
  410. return !number_failed ? EXIT_SUCCESS : EXIT_FAILURE;
  411. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!