summaryrefslogtreecommitdiffhomepage
path: root/device/noise_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'device/noise_test.go')
-rw-r--r--device/noise_test.go144
1 files changed, 144 insertions, 0 deletions
diff --git a/device/noise_test.go b/device/noise_test.go
new file mode 100644
index 0000000..6ba3f2e
--- /dev/null
+++ b/device/noise_test.go
@@ -0,0 +1,144 @@
+/* SPDX-License-Identifier: MIT
+ *
+ * Copyright (C) 2017-2019 WireGuard LLC. All Rights Reserved.
+ */
+
+package device
+
+import (
+ "bytes"
+ "encoding/binary"
+ "testing"
+)
+
+func TestCurveWrappers(t *testing.T) {
+ sk1, err := newPrivateKey()
+ assertNil(t, err)
+
+ sk2, err := newPrivateKey()
+ assertNil(t, err)
+
+ pk1 := sk1.publicKey()
+ pk2 := sk2.publicKey()
+
+ ss1 := sk1.sharedSecret(pk2)
+ ss2 := sk2.sharedSecret(pk1)
+
+ if ss1 != ss2 {
+ t.Fatal("Failed to compute shared secet")
+ }
+}
+
+func TestNoiseHandshake(t *testing.T) {
+ dev1 := randDevice(t)
+ dev2 := randDevice(t)
+
+ defer dev1.Close()
+ defer dev2.Close()
+
+ peer1, _ := dev2.NewPeer(dev1.staticIdentity.privateKey.publicKey())
+ peer2, _ := dev1.NewPeer(dev2.staticIdentity.privateKey.publicKey())
+
+ assertEqual(
+ t,
+ peer1.handshake.precomputedStaticStatic[:],
+ peer2.handshake.precomputedStaticStatic[:],
+ )
+
+ /* simulate handshake */
+
+ // initiation message
+
+ t.Log("exchange initiation message")
+
+ msg1, err := dev1.CreateMessageInitiation(peer2)
+ assertNil(t, err)
+
+ packet := make([]byte, 0, 256)
+ writer := bytes.NewBuffer(packet)
+ err = binary.Write(writer, binary.LittleEndian, msg1)
+ assertNil(t, err)
+ peer := dev2.ConsumeMessageInitiation(msg1)
+ if peer == nil {
+ t.Fatal("handshake failed at initiation message")
+ }
+
+ assertEqual(
+ t,
+ peer1.handshake.chainKey[:],
+ peer2.handshake.chainKey[:],
+ )
+
+ assertEqual(
+ t,
+ peer1.handshake.hash[:],
+ peer2.handshake.hash[:],
+ )
+
+ // response message
+
+ t.Log("exchange response message")
+
+ msg2, err := dev2.CreateMessageResponse(peer1)
+ assertNil(t, err)
+
+ peer = dev1.ConsumeMessageResponse(msg2)
+ if peer == nil {
+ t.Fatal("handshake failed at response message")
+ }
+
+ assertEqual(
+ t,
+ peer1.handshake.chainKey[:],
+ peer2.handshake.chainKey[:],
+ )
+
+ assertEqual(
+ t,
+ peer1.handshake.hash[:],
+ peer2.handshake.hash[:],
+ )
+
+ // key pairs
+
+ t.Log("deriving keys")
+
+ err = peer1.BeginSymmetricSession()
+ if err != nil {
+ t.Fatal("failed to derive keypair for peer 1", err)
+ }
+
+ err = peer2.BeginSymmetricSession()
+ if err != nil {
+ t.Fatal("failed to derive keypair for peer 2", err)
+ }
+
+ key1 := peer1.keypairs.next
+ key2 := peer2.keypairs.current
+
+ // encrypting / decryption test
+
+ t.Log("test key pairs")
+
+ func() {
+ testMsg := []byte("wireguard test message 1")
+ var err error
+ var out []byte
+ var nonce [12]byte
+ out = key1.send.Seal(out, nonce[:], testMsg, nil)
+ out, err = key2.receive.Open(out[:0], nonce[:], out, nil)
+ assertNil(t, err)
+ assertEqual(t, out, testMsg)
+ }()
+
+ func() {
+ testMsg := []byte("wireguard test message 2")
+ var err error
+ var out []byte
+ var nonce [12]byte
+ out = key2.send.Seal(out, nonce[:], testMsg, nil)
+ out, err = key1.receive.Open(out[:0], nonce[:], out, nil)
+ assertNil(t, err)
+ assertEqual(t, out, testMsg)
+ }()
+}