summaryrefslogtreecommitdiffhomepage
path: root/noise_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'noise_test.go')
-rw-r--r--noise_test.go136
1 files changed, 136 insertions, 0 deletions
diff --git a/noise_test.go b/noise_test.go
new file mode 100644
index 0000000..5e9d44b
--- /dev/null
+++ b/noise_test.go
@@ -0,0 +1,136 @@
+package main
+
+import (
+ "bytes"
+ "encoding/binary"
+ "testing"
+)
+
+func TestCurveWrappers(t *testing.T) {
+ sk1, err := newPrivateKey()
+ assertNil(t, err)
+
+ sk2, err := newPrivateKey()
+ assertNil(t, err)
+
+ pk1 := sk1.publicKey()
+ pk2 := sk2.publicKey()
+
+ ss1 := sk1.sharedSecret(pk2)
+ ss2 := sk2.sharedSecret(pk1)
+
+ if ss1 != ss2 {
+ t.Fatal("Failed to compute shared secet")
+ }
+}
+
+func TestNoiseHandshake(t *testing.T) {
+ dev1 := randDevice(t)
+ dev2 := randDevice(t)
+
+ defer dev1.Close()
+ defer dev2.Close()
+
+ peer1, _ := dev2.NewPeer(dev1.noise.privateKey.publicKey())
+ peer2, _ := dev1.NewPeer(dev2.noise.privateKey.publicKey())
+
+ assertEqual(
+ t,
+ peer1.handshake.precomputedStaticStatic[:],
+ peer2.handshake.precomputedStaticStatic[:],
+ )
+
+ /* simulate handshake */
+
+ // initiation message
+
+ t.Log("exchange initiation message")
+
+ msg1, err := dev1.CreateMessageInitiation(peer2)
+ assertNil(t, err)
+
+ packet := make([]byte, 0, 256)
+ writer := bytes.NewBuffer(packet)
+ err = binary.Write(writer, binary.LittleEndian, msg1)
+ peer := dev2.ConsumeMessageInitiation(msg1)
+ if peer == nil {
+ t.Fatal("handshake failed at initiation message")
+ }
+
+ assertEqual(
+ t,
+ peer1.handshake.chainKey[:],
+ peer2.handshake.chainKey[:],
+ )
+
+ assertEqual(
+ t,
+ peer1.handshake.hash[:],
+ peer2.handshake.hash[:],
+ )
+
+ // response message
+
+ t.Log("exchange response message")
+
+ msg2, err := dev2.CreateMessageResponse(peer1)
+ assertNil(t, err)
+
+ peer = dev1.ConsumeMessageResponse(msg2)
+ if peer == nil {
+ t.Fatal("handshake failed at response message")
+ }
+
+ assertEqual(
+ t,
+ peer1.handshake.chainKey[:],
+ peer2.handshake.chainKey[:],
+ )
+
+ assertEqual(
+ t,
+ peer1.handshake.hash[:],
+ peer2.handshake.hash[:],
+ )
+
+ // key pairs
+
+ t.Log("deriving keys")
+
+ key1 := peer1.NewKeyPair()
+ key2 := peer2.NewKeyPair()
+
+ if key1 == nil {
+ t.Fatal("failed to dervice key-pair for peer 1")
+ }
+
+ if key2 == nil {
+ t.Fatal("failed to dervice key-pair for peer 2")
+ }
+
+ // encrypting / decryption test
+
+ t.Log("test key pairs")
+
+ func() {
+ testMsg := []byte("wireguard test message 1")
+ var err error
+ var out []byte
+ var nonce [12]byte
+ out = key1.send.Seal(out, nonce[:], testMsg, nil)
+ out, err = key2.receive.Open(out[:0], nonce[:], out, nil)
+ assertNil(t, err)
+ assertEqual(t, out, testMsg)
+ }()
+
+ func() {
+ testMsg := []byte("wireguard test message 2")
+ var err error
+ var out []byte
+ var nonce [12]byte
+ out = key2.send.Seal(out, nonce[:], testMsg, nil)
+ out, err = key1.receive.Open(out[:0], nonce[:], out, nil)
+ assertNil(t, err)
+ assertEqual(t, out, testMsg)
+ }()
+}