From b0bc84c5aad03edfb78a5557194a5b3b84912fbb Mon Sep 17 00:00:00 2001 From: Lucas Clemente Date: Mon, 30 May 2016 10:16:25 +0200 Subject: [PATCH] improve crypto test coverage --- crypto/cert_compression_test.go | 30 +++++++++++++++++++++++++++- crypto/chacha20poly1305_aead_test.go | 28 +++++++++++++++++++++----- crypto/curve_25519_test.go | 7 +++++++ crypto/null_aead.go | 4 ++-- crypto/null_aead_test.go | 9 +++++++++ crypto/source_address_token.go | 2 +- crypto/source_address_token_test.go | 5 +++++ 7 files changed, 76 insertions(+), 9 deletions(-) diff --git a/crypto/cert_compression_test.go b/crypto/cert_compression_test.go index 5094375da..dc13858aa 100644 --- a/crypto/cert_compression_test.go +++ b/crypto/cert_compression_test.go @@ -97,7 +97,7 @@ var _ = Describe("Cert compression", func() { Expect(compressed).To(Equal(expected)) }) - It("uses common certificates", func() { + It("uses common certificate sets", func() { cert := certsets.CertSet1[42] setHash := make([]byte, 8) binary.LittleEndian.PutUint64(setHash, certsets.CertSet1Hash) @@ -111,6 +111,25 @@ var _ = Describe("Cert compression", func() { Expect(compressed).To(Equal(expected)) }) + It("ignores uncommon certificate sets", func() { + cert := []byte{0xde, 0xca, 0xfb, 0xad} + setHash := make([]byte, 8) + binary.LittleEndian.PutUint64(setHash, 0xdeadbeef) + chain := [][]byte{cert} + compressed, err := compressChain(chain, setHash, nil) + Expect(err).ToNot(HaveOccurred()) + certZlib := &bytes.Buffer{} + z, err := zlib.NewWriterLevelDict(certZlib, flate.BestCompression, certDictZlib) + Expect(err).ToNot(HaveOccurred()) + z.Write([]byte{0x04, 0x00, 0x00, 0x00}) + z.Write(cert) + z.Close() + Expect(compressed).To(Equal(append([]byte{ + 0x01, 0x00, + 0x08, 0x00, 0x00, 0x00, + }, certZlib.Bytes()...))) + }) + It("uses common certificates and compressed combined", func() { cert1 := []byte{0xde, 0xca, 0xfb, 0xad} cert2 := certsets.CertSet1[42] @@ -133,4 +152,13 @@ var _ = Describe("Cert compression", func() { expected = append(expected, certZlib.Bytes()...) Expect(compressed).To(Equal(expected)) }) + + It("rejects invalid CCS / CCRT hashes", func() { + cert := []byte{0xde, 0xca, 0xfb, 0xad} + chain := [][]byte{cert} + _, err := compressChain(chain, []byte("foo"), nil) + Expect(err).To(MatchError("expected a multiple of 8 bytes for CCS / CCRT hashes")) + _, err = compressChain(chain, nil, []byte("foo")) + Expect(err).To(MatchError("expected a multiple of 8 bytes for CCS / CCRT hashes")) + }) }) diff --git a/crypto/chacha20poly1305_aead_test.go b/crypto/chacha20poly1305_aead_test.go index 8798d9b13..f0e3eec6b 100644 --- a/crypto/chacha20poly1305_aead_test.go +++ b/crypto/chacha20poly1305_aead_test.go @@ -9,14 +9,15 @@ import ( var _ = Describe("Chacha20poly1305", func() { var ( - alice, bob AEAD + alice, bob AEAD + keyAlice, keyBob, ivAlice, ivBob []byte ) BeforeEach(func() { - keyAlice := make([]byte, 32) - keyBob := make([]byte, 32) - ivAlice := make([]byte, 4) - ivBob := make([]byte, 4) + keyAlice = make([]byte, 32) + keyBob = make([]byte, 32) + ivAlice = make([]byte, 4) + ivBob = make([]byte, 4) rand.Reader.Read(keyAlice) rand.Reader.Read(keyBob) rand.Reader.Read(ivAlice) @@ -47,4 +48,21 @@ var _ = Describe("Chacha20poly1305", func() { _, err := bob.Open(42, []byte("aad2"), b) Expect(err).To(HaveOccurred()) }) + + It("rejects wrong key and iv sizes", func() { + var err error + e := "chacha20poly1305: expected 32-byte keys and 4-byte IVs" + _, err = NewAEADChacha20Poly1305(keyBob[1:], keyAlice, ivBob, ivAlice) + Expect(err).To(MatchError(e)) + _, err = NewAEADChacha20Poly1305(keyBob, keyAlice[1:], ivBob, ivAlice) + Expect(err).To(MatchError(e)) + _, err = NewAEADChacha20Poly1305(keyBob, keyAlice, ivBob[1:], ivAlice) + Expect(err).To(MatchError(e)) + _, err = NewAEADChacha20Poly1305(keyBob, keyAlice, ivBob, ivAlice[1:]) + Expect(err).To(MatchError(e)) + }) + + It("has nil diversification nonce", func() { + Expect(alice.DiversificationNonce()).To(BeEmpty()) + }) }) diff --git a/crypto/curve_25519_test.go b/crypto/curve_25519_test.go index f1455c8f2..44d1d11fa 100644 --- a/crypto/curve_25519_test.go +++ b/crypto/curve_25519_test.go @@ -17,4 +17,11 @@ var _ = Describe("ProofRsa", func() { Expect(err).ToNot(HaveOccurred()) Expect(sA).To(Equal(sB)) }) + + It("rejects short public keys", func() { + a, err := NewCurve25519KEX() + Expect(err).ToNot(HaveOccurred()) + _, err = a.CalculateSharedKey(nil) + Expect(err).To(MatchError("Curve25519: expected public key of 32 byte")) + }) }) diff --git a/crypto/null_aead.go b/crypto/null_aead.go index 455e04d72..87bf16eb6 100644 --- a/crypto/null_aead.go +++ b/crypto/null_aead.go @@ -14,7 +14,7 @@ type NullAEAD struct{} var _ AEAD = &NullAEAD{} // Open and verify the ciphertext -func (*NullAEAD) Open(packetNumber protocol.PacketNumber, associatedData []byte, ciphertext []byte) ([]byte, error) { +func (NullAEAD) Open(packetNumber protocol.PacketNumber, associatedData []byte, ciphertext []byte) ([]byte, error) { if len(ciphertext) < 12 { return nil, errors.New("NullAEAD: ciphertext cannot be less than 12 bytes long") } @@ -34,7 +34,7 @@ func (*NullAEAD) Open(packetNumber protocol.PacketNumber, associatedData []byte, } // Seal writes hash and ciphertext to the buffer -func (*NullAEAD) Seal(packetNumber protocol.PacketNumber, associatedData []byte, plaintext []byte) []byte { +func (NullAEAD) Seal(packetNumber protocol.PacketNumber, associatedData []byte, plaintext []byte) []byte { res := make([]byte, 12+len(plaintext)) hash := fnv128a.New() diff --git a/crypto/null_aead_test.go b/crypto/null_aead_test.go index 54affcc52..d0641b7c6 100644 --- a/crypto/null_aead_test.go +++ b/crypto/null_aead_test.go @@ -33,4 +33,13 @@ var _ = Describe("Crypto/NullAEAD", func() { aead := &NullAEAD{} Expect(aead.Seal(0, aad, plainText)).To(Equal(append([]byte{0x98, 0x9b, 0x33, 0x3f, 0xe8, 0xde, 0x32, 0x5c, 0xa6, 0x7f, 0x9c, 0xf7}, []byte("They are endowed with reason and conscience and should act towards one another in a spirit of brotherhood.")...))) }) + + It("rejects short ciphertexts", func() { + _, err := NullAEAD{}.Open(0, nil, nil) + Expect(err).To(MatchError("NullAEAD: ciphertext cannot be less than 12 bytes long")) + }) + + It("has nil diversification nonce", func() { + Expect(NullAEAD{}.DiversificationNonce()).To(BeEmpty()) + }) }) diff --git a/crypto/source_address_token.go b/crypto/source_address_token.go index fefc3f56a..709361e98 100644 --- a/crypto/source_address_token.go +++ b/crypto/source_address_token.go @@ -41,7 +41,7 @@ func (t *sourceAddressToken) serialize() []byte { func parseToken(data []byte) (*sourceAddressToken, error) { if len(data) != 8+4 && len(data) != 8+16 { - return nil, fmt.Errorf("invalid STK length %d", len(data)) + return nil, fmt.Errorf("invalid STK length: %d", len(data)) } return &sourceAddressToken{ ip: data[8:], diff --git a/crypto/source_address_token_test.go b/crypto/source_address_token_test.go index 2a545fa33..128969473 100644 --- a/crypto/source_address_token_test.go +++ b/crypto/source_address_token_test.go @@ -33,6 +33,11 @@ var _ = Describe("Source Address Tokens", func() { Expect(token.ip).To(Equal(net.IP{127, 0, 0, 1})) Expect(token.timestamp).To(Equal(uint64(0xdeadbeef))) }) + + It("rejects tokens of wrong size", func() { + _, err := parseToken(nil) + Expect(err).To(MatchError("invalid STK length: 0")) + }) }) Context("source", func() {