From 09c726a72fc726d7d33f49a0b710f0e65ea5e845 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Sun, 25 Dec 2016 21:01:06 +0100 Subject: [PATCH] external-tests: update to latest Signed-off-by: Jason A. Donenfeld --- contrib/external-tests/go/main.go | 34 ++++++++++++------- contrib/external-tests/haskell/src/Main.hs | 6 ++-- contrib/external-tests/rust/src/main.rs | 38 ++++++++++++++-------- 3 files changed, 50 insertions(+), 28 deletions(-) diff --git a/contrib/external-tests/go/main.go b/contrib/external-tests/go/main.go index b259212..0f65ec4 100644 --- a/contrib/external-tests/go/main.go +++ b/contrib/external-tests/go/main.go @@ -61,9 +61,12 @@ func main() { tai64n := make([]byte, 12) binary.BigEndian.PutUint64(tai64n[:], 4611686018427387914+uint64(now.Unix())) binary.BigEndian.PutUint32(tai64n[8:], uint32(now.UnixNano())) - initiationPacket := make([]byte, 5) - initiationPacket[0] = 1 // Type: Initiation - binary.LittleEndian.PutUint32(initiationPacket[1:], 28) // Sender index: 28 (arbitrary) + initiationPacket := make([]byte, 8) + initiationPacket[0] = 1 // Type: Initiation + initiationPacket[1] = 0 // Reserved + initiationPacket[2] = 0 // Reserved + initiationPacket[3] = 0 // Reserved + binary.LittleEndian.PutUint32(initiationPacket[4:], 28) // Sender index: 28 (arbitrary) initiationPacket, _, _ = hs.WriteMessage(initiationPacket, tai64n) hasher, _ := blake2s.New(&blake2s.Config{Size: 16, Key: preshared}) hasher.Write(theirPublic) @@ -75,7 +78,7 @@ func main() { } // read handshake response packet - responsePacket := make([]byte, 89) + responsePacket := make([]byte, 92) n, err := conn.Read(responsePacket) if err != nil { log.Fatalf("error reading response packet: %s", err) @@ -86,12 +89,15 @@ func main() { if responsePacket[0] != 2 { // Type: Response log.Fatalf("response packet type wrong: want %d, got %d", 2, responsePacket[0]) } - theirIndex := binary.LittleEndian.Uint32(responsePacket[1:]) - ourIndex := binary.LittleEndian.Uint32(responsePacket[5:]) + if responsePacket[1] != 0 || responsePacket[2] != 0 || responsePacket[3] != 0 { + log.Fatalf("response packet has non-zero reserved fields") + } + theirIndex := binary.LittleEndian.Uint32(responsePacket[4:]) + ourIndex := binary.LittleEndian.Uint32(responsePacket[8:]) if ourIndex != 28 { log.Fatalf("response packet index wrong: want %d, got %d", 28, ourIndex) } - payload, sendCipher, receiveCipher, err := hs.ReadMessage(nil, responsePacket[9:57]) + payload, sendCipher, receiveCipher, err := hs.ReadMessage(nil, responsePacket[12:60]) if err != nil { log.Fatalf("error reading handshake message: %s", err) } @@ -120,10 +126,13 @@ func main() { binary.BigEndian.PutUint16(pingHeader[2:], uint16(ipv4.HeaderLen+len(pingMessage))) // fix the length endianness on BSDs pingData := append(pingHeader, pingMessage...) binary.BigEndian.PutUint16(pingData[10:], ipChecksum(pingData)) - pingPacket := make([]byte, 13) + pingPacket := make([]byte, 16) pingPacket[0] = 4 // Type: Data - binary.LittleEndian.PutUint32(pingPacket[1:], theirIndex) - binary.LittleEndian.PutUint64(pingPacket[5:], 0) // Nonce + pingPacket[1] = 0 // Reserved + pingPacket[2] = 0 // Reserved + pingPacket[3] = 0 // Reserved + binary.LittleEndian.PutUint32(pingPacket[4:], theirIndex) + binary.LittleEndian.PutUint64(pingPacket[8:], 0) // Nonce pingPacket = sendCipher.Encrypt(pingPacket, nil, pingData) if _, err := conn.Write(pingPacket); err != nil { log.Fatalf("error writing ping message: %s", err) @@ -139,7 +148,10 @@ func main() { if replyPacket[0] != 4 { // Type: Data log.Fatalf("unexpected reply packet type: %d", replyPacket[0]) } - replyPacket, err = receiveCipher.Decrypt(nil, nil, replyPacket[13:]) + if replyPacket[1] != 0 || replyPacket[2] != 0 || replyPacket[3] != 0 { + log.Fatalf("reply packet has non-zero reserved fields") + } + replyPacket, err = receiveCipher.Decrypt(nil, nil, replyPacket[16:]) if err != nil { log.Fatalf("error decrypting reply packet: %s", err) } diff --git a/contrib/external-tests/haskell/src/Main.hs b/contrib/external-tests/haskell/src/Main.hs index 20aeb2e..820e2f1 100644 --- a/contrib/external-tests/haskell/src/Main.hs +++ b/contrib/external-tests/haskell/src/Main.hs @@ -33,7 +33,7 @@ w :: PublicKey Curve25519 -> ByteString -> IO () w theirPub (Plaintext myPSK) sock addr msg = do - let x = "\x01\x00\x00" `mappend` msg + let x = "\x01\x00\x00\x00\x00\x00" `mappend` msg mac = hash 16 myPSK (sbToBS' (curvePubToBytes theirPub) `mappend` sbToBS' x) void $ NBS.sendTo sock (x `mappend` mac `mappend` replicate 16 '\0') addr @@ -41,7 +41,7 @@ r :: MVar ByteString -> Socket -> IO ByteString r smv sock = do (r, _) <- NBS.recvFrom sock 1024 putMVar smv $ (take 2 . drop 1) r - return . take 48 . drop 5 $ r + return . take 48 . drop 8 $ r payload :: IO Plaintext payload = do @@ -78,4 +78,4 @@ main = do let (keepAlive, encryption') = encryptPayload "" encryption senderindex <- takeMVar senderindexmv - void $ NBS.sendTo sock ("\x04" `mappend` senderindex `mappend` replicate 8 '\0' `mappend` keepAlive) addr + void $ NBS.sendTo sock ("\x04\x00\x00\x00" `mappend` senderindex `mappend` replicate 8 '\0' `mappend` keepAlive) addr diff --git a/contrib/external-tests/rust/src/main.rs b/contrib/external-tests/rust/src/main.rs index c5a78fe..c75cded 100644 --- a/contrib/external-tests/rust/src/main.rs +++ b/contrib/external-tests/rust/src/main.rs @@ -1,4 +1,5 @@ /* Copyright (C) 2015-2016 Jason A. Donenfeld . All Rights Reserved. */ + extern crate screech; extern crate crypto; extern crate time; @@ -44,31 +45,40 @@ fn main() { let mut tai64n = [0; 12]; BigEndian::write_i64(&mut tai64n[0..], 4611686018427387914ULL + now.sec); BigEndian::write_i32(&mut tai64n[8..], now.nsec); - let mut initiation_packet = [0; 145]; + let mut initiation_packet = [0; 148]; initiation_packet[0] = 1; /* Type: Initiation */ - LittleEndian::write_u32(&mut initiation_packet[1..], 28); /* Sender index: 28 (arbitrary) */ - handshake.write_message(&tai64n, &mut initiation_packet[5..]); - let mut mac_material = [0; 143]; + initiation_packet[1] = 0; /* Reserved */ + initiation_packet[2] = 0; /* Reserved */ + initiation_packet[3] = 0; /* Reserved */ + LittleEndian::write_u32(&mut initiation_packet[4..], 28); /* Sender index: 28 (arbitrary) */ + handshake.write_message(&tai64n, &mut initiation_packet[8..]); + let mut mac_material = [0; 148]; memcpy(&mut mac_material, &their_public); - memcpy(&mut mac_material[32..], &initiation_packet[0..113]); + memcpy(&mut mac_material[32..], &initiation_packet[0..116]); let mut mac = [0; 16]; Blake2s::blake2s(&mut mac, &mac_material, &my_preshared); - memcpy(&mut initiation_packet[113..], &mac); + memcpy(&mut initiation_packet[116..], &mac); socket.send_to(&initiation_packet, &send_addr).unwrap(); - let mut response_packet = [0; 89]; + let mut response_packet = [0; 92]; socket.recv_from(&mut response_packet).unwrap(); assert!(response_packet[0] == 2 /* Type: Response */); - let their_index = LittleEndian::read_u32(&response_packet[1..]); - let our_index = LittleEndian::read_u32(&response_packet[5..]); + assert!(response_packet[1] == 0 /* Reserved */); + assert!(response_packet[2] == 0 /* Reserved */); + assert!(response_packet[3] == 0 /* Reserved */); + let their_index = LittleEndian::read_u32(&response_packet[4..]); + let our_index = LittleEndian::read_u32(&response_packet[8..]); assert!(our_index == 28); - let (payload_len, last) = handshake.read_message(&response_packet[9..57], &mut empty_payload).unwrap(); + let (payload_len, last) = handshake.read_message(&response_packet[12..60], &mut empty_payload).unwrap(); assert!(payload_len == 0 && last); - let mut keepalive_packet = [0; 29]; + let mut keepalive_packet = [0; 32]; keepalive_packet[0] = 4; /* Type: Data */ - LittleEndian::write_u32(&mut keepalive_packet[1..], their_index); - LittleEndian::write_u64(&mut keepalive_packet[5..], cipherstate1.n); - cipherstate1.encrypt(&empty_payload, &mut keepalive_packet[13..]); /* Empty payload means keepalive */ + keepalive_packet[1] = 0; /* Reserved */ + keepalive_packet[2] = 0; /* Reserved */ + keepalive_packet[3] = 0; /* Reserved */ + LittleEndian::write_u32(&mut keepalive_packet[4..], their_index); + LittleEndian::write_u64(&mut keepalive_packet[8..], cipherstate1.n); + cipherstate1.encrypt(&empty_payload, &mut keepalive_packet[16..]); /* Empty payload means keepalive */ socket.send_to(&keepalive_packet, &send_addr).unwrap(); }