[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/master] At long last, unit tests for degenerate DH public keys.

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [tor/master] At long last, unit tests for degenerate DH public keys.
From: nickm@xxxxxxxxxxxxxx
Date: Mon, 16 May 2016 12:29:21 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 16 May 2016 08:30:05 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit 94b34d1be6f20c967736ba858d6e765fd369c4e8
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Tue May 3 17:08:56 2016 -0400

    At long last, unit tests for degenerate DH public keys.
    
    Apparently, we detect and reject them correctly. Aren't you glad?
---
 src/test/test_crypto.c | 68 +++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 65 insertions(+), 3 deletions(-)

diff --git a/src/test/test_crypto.c b/src/test/test_crypto.c
index e89b94e..dd9a376 100644
--- a/src/test/test_crypto.c
+++ b/src/test/test_crypto.c
@@ -65,9 +65,71 @@ test_crypto_dh(void *arg)
   tt_mem_op(s1,OP_EQ, s2, s1len);
 
   {
-    /* XXXX Now fabricate some bad values and make sure they get caught,
-     * Check 0, 1, N-1, >= N, etc.
-     */
+    /* Now fabricate some bad values and make sure they get caught. */
+
+    /* 1 and 0 should both fail. */
+    s1len = crypto_dh_compute_secret(LOG_WARN, dh1, "\x01", 1, s1, 50);
+    tt_int_op(-1, OP_EQ, s1len);
+
+    s1len = crypto_dh_compute_secret(LOG_WARN, dh1, "\x00", 1, s1, 50);
+    tt_int_op(-1, OP_EQ, s1len);
+
+    memset(p1, 0, DH_BYTES); /* 0 with padding. */
+    s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+    tt_int_op(-1, OP_EQ, s1len);
+
+    p1[DH_BYTES-1] = 1; /* 1 with padding*/
+    s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+    tt_int_op(-1, OP_EQ, s1len);
+
+    /* 2 is okay, though weird. */
+    s1len = crypto_dh_compute_secret(LOG_WARN, dh1, "\x02", 1, s1, 50);
+    tt_int_op(50, OP_EQ, s1len);
+
+    const char P[] =
+      "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
+      "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
+      "302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
+      "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
+      "49286651ECE65381FFFFFFFFFFFFFFFF";
+
+    /* p-1, p, and so on are not okay. */
+    base16_decode(p1, sizeof(p1), P, strlen(P));
+
+    s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+    tt_int_op(-1, OP_EQ, s1len);
+
+    p1[DH_BYTES-1] = 0xFE; /* p-1 */
+    s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+    tt_int_op(-1, OP_EQ, s1len);
+
+    p1[DH_BYTES-1] = 0xFD; /* p-2 works fine */
+    s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+    tt_int_op(50, OP_EQ, s1len);
+
+    const char P_plus_one[] =
+      "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
+      "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
+      "302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
+      "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
+      "49286651ECE653820000000000000000";
+
+    base16_decode(p1, sizeof(p1), P_plus_one, strlen(P_plus_one));
+
+    s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+    tt_int_op(-1, OP_EQ, s1len);
+
+    p1[DH_BYTES-1] = 0x01; /* p+2 */
+    s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+    tt_int_op(-1, OP_EQ, s1len);
+
+    p1[DH_BYTES-1] = 0xff; /* p+256 */
+    s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+    tt_int_op(-1, OP_EQ, s1len);
+
+    memset(p1, 0xff, sizeof(DH_BYTES)), /* 2^1024-1 */
+    s1len = crypto_dh_compute_secret(LOG_WARN, dh1, p1, DH_BYTES, s1, 50);
+    tt_int_op(-1, OP_EQ, s1len);
   }
 
  done:



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [tor/master] Cover all our DH code, and/or mark it unreachable.
Next by Author: [tor-commits] [tor/master] Refactor digest allocation backend code
Previous by thread: [tor-commits] [tor/master] Cover all our DH code, and/or mark it unreachable.
Next by thread: [tor-commits] [tor/master] Refactor digest allocation backend code
Index(es):
- Author
- Thread