Implemented MAC1/2 calculation

2025-10-08 18:10:19 +08:00 · 2017-06-27 17:33:06 +02:00
parent eb75ff430d
commit 8236f3afa2
13 changed files with 454 additions and 85 deletions
--- a/src/macs_test.go
+++ b/src/macs_test.go
@@ -0,0 +1,113 @@
+package main
+
+import (
+	"bytes"
+	"net"
+	"testing"
+	"testing/quick"
+)
+
+func TestMAC1(t *testing.T) {
+	dev1 := newDevice(t)
+	dev2 := newDevice(t)
+
+	peer1 := dev2.NewPeer(dev1.privateKey.publicKey())
+	peer2 := dev1.NewPeer(dev2.privateKey.publicKey())
+
+	assertEqual(t, peer1.mac.keyMac1[:], dev1.mac.keyMac1[:])
+	assertEqual(t, peer2.mac.keyMac1[:], dev2.mac.keyMac1[:])
+
+	msg1 := make([]byte, 256)
+	copy(msg1, []byte("some content"))
+	peer1.mac.AddMacs(msg1)
+	if dev1.mac.CheckMAC1(msg1) == false {
+		t.Fatal("failed to verify mac1")
+	}
+}
+
+func TestMACs(t *testing.T) {
+	assertion := func(
+		addr net.UDPAddr,
+		addrInvalid net.UDPAddr,
+		sk1 NoisePrivateKey,
+		sk2 NoisePrivateKey,
+		msg []byte,
+		receiver uint32,
+	) bool {
+		var device1 Device
+		device1.Init()
+		device1.SetPrivateKey(sk1)
+
+		var device2 Device
+		device2.Init()
+		device2.SetPrivateKey(sk2)
+
+		peer1 := device2.NewPeer(device1.privateKey.publicKey())
+		peer2 := device1.NewPeer(device2.privateKey.publicKey())
+
+		if addr.Port < 0 {
+			return true
+		}
+		addr.Port &= 0xffff
+
+		if len(msg) < 32 {
+			return true
+		}
+		if bytes.Compare(peer1.mac.keyMac1[:], device1.mac.keyMac1[:]) != 0 {
+			return false
+		}
+		if bytes.Compare(peer2.mac.keyMac1[:], device2.mac.keyMac1[:]) != 0 {
+			return false
+		}
+
+		device2.indices.Insert(receiver, IndexTableEntry{
+			peer:      peer1,
+			handshake: &peer1.handshake,
+		})
+
+		// test just MAC1
+
+		peer1.mac.AddMacs(msg)
+		if device1.mac.CheckMAC1(msg) == false {
+			return false
+		}
+
+		// exchange cookie reply
+
+		cr, err := device1.CreateMessageCookieReply(msg, receiver, &addr)
+		if err != nil {
+			return false
+		}
+
+		if device2.ConsumeMessageCookieReply(cr) == false {
+			return false
+		}
+
+		// test MAC1 + MAC2
+
+		peer1.mac.AddMacs(msg)
+		if device1.mac.CheckMAC1(msg) == false {
+			return false
+		}
+		if device1.mac.CheckMAC2(msg, &addr) == false {
+			return false
+		}
+
+		// test invalid
+
+		if device1.mac.CheckMAC2(msg, &addrInvalid) {
+			return false
+		}
+		msg[5] ^= 1
+		if device1.mac.CheckMAC1(msg) {
+			return false
+		}
+
+		return true
+	}
+
+	err := quick.Check(assertion, nil)
+	if err != nil {
+		t.Error(err)
+	}
+}