mirror of
https://git.zx2c4.com/wireguard-go
synced 2025-10-31 03:46:20 +08:00
142 lines
2.7 KiB
Go
142 lines
2.7 KiB
Go
/* SPDX-License-Identifier: GPL-2.0
|
|
*
|
|
* Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
|
*/
|
|
|
|
package main
|
|
|
|
import (
|
|
"bytes"
|
|
"encoding/binary"
|
|
"testing"
|
|
)
|
|
|
|
func TestCurveWrappers(t *testing.T) {
|
|
sk1, err := newPrivateKey()
|
|
assertNil(t, err)
|
|
|
|
sk2, err := newPrivateKey()
|
|
assertNil(t, err)
|
|
|
|
pk1 := sk1.publicKey()
|
|
pk2 := sk2.publicKey()
|
|
|
|
ss1 := sk1.sharedSecret(pk2)
|
|
ss2 := sk2.sharedSecret(pk1)
|
|
|
|
if ss1 != ss2 {
|
|
t.Fatal("Failed to compute shared secet")
|
|
}
|
|
}
|
|
|
|
func TestNoiseHandshake(t *testing.T) {
|
|
dev1 := randDevice(t)
|
|
dev2 := randDevice(t)
|
|
|
|
defer dev1.Close()
|
|
defer dev2.Close()
|
|
|
|
peer1, _ := dev2.NewPeer(dev1.staticIdentity.privateKey.publicKey())
|
|
peer2, _ := dev1.NewPeer(dev2.staticIdentity.privateKey.publicKey())
|
|
|
|
assertEqual(
|
|
t,
|
|
peer1.handshake.precomputedStaticStatic[:],
|
|
peer2.handshake.precomputedStaticStatic[:],
|
|
)
|
|
|
|
/* simulate handshake */
|
|
|
|
// initiation message
|
|
|
|
t.Log("exchange initiation message")
|
|
|
|
msg1, err := dev1.CreateMessageInitiation(peer2)
|
|
assertNil(t, err)
|
|
|
|
packet := make([]byte, 0, 256)
|
|
writer := bytes.NewBuffer(packet)
|
|
err = binary.Write(writer, binary.LittleEndian, msg1)
|
|
peer := dev2.ConsumeMessageInitiation(msg1)
|
|
if peer == nil {
|
|
t.Fatal("handshake failed at initiation message")
|
|
}
|
|
|
|
assertEqual(
|
|
t,
|
|
peer1.handshake.chainKey[:],
|
|
peer2.handshake.chainKey[:],
|
|
)
|
|
|
|
assertEqual(
|
|
t,
|
|
peer1.handshake.hash[:],
|
|
peer2.handshake.hash[:],
|
|
)
|
|
|
|
// response message
|
|
|
|
t.Log("exchange response message")
|
|
|
|
msg2, err := dev2.CreateMessageResponse(peer1)
|
|
assertNil(t, err)
|
|
|
|
peer = dev1.ConsumeMessageResponse(msg2)
|
|
if peer == nil {
|
|
t.Fatal("handshake failed at response message")
|
|
}
|
|
|
|
assertEqual(
|
|
t,
|
|
peer1.handshake.chainKey[:],
|
|
peer2.handshake.chainKey[:],
|
|
)
|
|
|
|
assertEqual(
|
|
t,
|
|
peer1.handshake.hash[:],
|
|
peer2.handshake.hash[:],
|
|
)
|
|
|
|
// key pairs
|
|
|
|
t.Log("deriving keys")
|
|
|
|
key1 := peer1.BeginSymmetricSession()
|
|
key2 := peer2.BeginSymmetricSession()
|
|
|
|
if key1 == nil {
|
|
t.Fatal("failed to dervice keypair for peer 1")
|
|
}
|
|
|
|
if key2 == nil {
|
|
t.Fatal("failed to dervice keypair for peer 2")
|
|
}
|
|
|
|
// encrypting / decryption test
|
|
|
|
t.Log("test key pairs")
|
|
|
|
func() {
|
|
testMsg := []byte("wireguard test message 1")
|
|
var err error
|
|
var out []byte
|
|
var nonce [12]byte
|
|
out = key1.send.Seal(out, nonce[:], testMsg, nil)
|
|
out, err = key2.receive.Open(out[:0], nonce[:], out, nil)
|
|
assertNil(t, err)
|
|
assertEqual(t, out, testMsg)
|
|
}()
|
|
|
|
func() {
|
|
testMsg := []byte("wireguard test message 2")
|
|
var err error
|
|
var out []byte
|
|
var nonce [12]byte
|
|
out = key2.send.Seal(out, nonce[:], testMsg, nil)
|
|
out, err = key1.receive.Open(out[:0], nonce[:], out, nil)
|
|
assertNil(t, err)
|
|
assertEqual(t, out, testMsg)
|
|
}()
|
|
}
|