From 4983119be5af2fdff624c4bb547aa4644a024b73 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20R=C3=BCth?= Date: Fri, 12 May 2017 15:02:38 +0200 Subject: [PATCH] added test to verify C255 KEXS's PUBs must not be the first thing in the public values --- handshake/server_config_client_test.go | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/handshake/server_config_client_test.go b/handshake/server_config_client_test.go index ce73f80b..509c6bba 100644 --- a/handshake/server_config_client_test.go +++ b/handshake/server_config_client_test.go @@ -124,7 +124,7 @@ var _ = Describe("Server Config", func() { It("rejects KEXS values other than C255", func() { tagMap[TagKEXS] = []byte("P256") err := scfg.parseValues(tagMap) - Expect(err).To(MatchError("CryptoNoSupport: KEXS")) + Expect(err).To(MatchError("CryptoNoSupport: KEXS: Could not find C255, other key exchanges are not supported")) }) It("errors if the KEXS is missing", func() { @@ -190,6 +190,19 @@ var _ = Describe("Server Config", func() { Expect(err).To(MatchError("CryptoInvalidValueLength: PUBS")) }) + It("ensure that C255 Pubs must not be at the first index", func() { + serverKex, err := crypto.NewCurve25519KEX() + Expect(err).ToNot(HaveOccurred()) + tagMap[TagKEXS] = []byte("P256C255") // have another KEXS before C255 + // 3 byte len + 1 byte empty + C255 + tagMap[TagPUBS] = append([]byte{0x01, 0x00, 0x00, 0x00}, append([]byte{0x20, 0x00, 0x00}, serverKex.PublicKey()...)...) + err = scfg.parseValues(tagMap) + Expect(err).ToNot(HaveOccurred()) + sharedSecret, err := serverKex.CalculateSharedKey(scfg.kex.PublicKey()) + Expect(err).ToNot(HaveOccurred()) + Expect(scfg.sharedSecret).To(Equal(sharedSecret)) + }) + It("errors if the PUBS is missing", func() { delete(tagMap, TagPUBS) err := scfg.parseValues(tagMap)