| /* |
| Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| */ |
| /** |
| * @file test_wcc_random.c |
| * @author Samuele Andreoli |
| * @brief Test WCC with bad receiver key |
| * |
| */ |
| |
| /* Smoke test: Test WCC using the wrong receiver key, i.e. a key generated from a different identity */ |
| |
| #include <stdio.h> |
| #include <stdlib.h> |
| #include <string.h> |
| #include <time.h> |
| #include "utils.h" |
| #include "config_curve_ZZZ.h" |
| #include "randapi.h" |
| #if CURVE_SECURITY_ZZZ == 128 |
| #include "wcc_ZZZ.h" |
| #elif CURVE_SECURITY_ZZZ == 192 |
| #include "wcc192_ZZZ.h" |
| #elif CURVE_SECURITY_ZZZ == 256 |
| #include "wcc256_ZZZ.h" |
| #endif |
| |
| #if CURVE_SECURITY_ZZZ == 128 |
| #define G2LEN 4*WCC_PFS_ZZZ |
| #elif CURVE_SECURITY_ZZZ == 192 |
| #define G2LEN 8*WCC_PFS_ZZZ |
| #elif CURVE_SECURITY_ZZZ == 256 |
| #define G2LEN 16*WCC_PFS_ZZZ |
| #endif |
| |
| // #define DEBUG |
| |
| int main() |
| { |
| int i,rtn; |
| |
| // Master secret |
| char ms[WCC_PGS_ZZZ]; |
| octet MS= {0,sizeof(ms),ms}; |
| |
| // Alice Sender key |
| char akeyG1[2*WCC_PFS_ZZZ+1]; |
| octet AKeyG1= {0,sizeof(akeyG1), akeyG1}; |
| |
| // Bob Receiver key |
| char bkeyG2[G2LEN]; |
| octet BKeyG2= {0,sizeof(bkeyG2), bkeyG2}; |
| |
| // Eve Receiver key |
| char ekeyG2[G2LEN]; |
| octet EKeyG2= {0,sizeof(ekeyG2), ekeyG2}; |
| |
| // Identities |
| char alice_id[256],bob_id[256],eve_id[256]; |
| octet IdA= {0,sizeof(alice_id),alice_id}; |
| octet IdB= {0,sizeof(bob_id),bob_id}; |
| octet IdE= {0,sizeof(eve_id),eve_id}; |
| |
| // Hash of the identities |
| char hida[WCC_PFS_ZZZ], hidb[WCC_PFS_ZZZ], hide[WCC_PFS_ZZZ]; |
| octet HIdA = {0,sizeof(hida),hida}; |
| octet HIdB = {0,sizeof(hidb),hidb}; |
| octet HIdE = {0,sizeof(hide),hide}; |
| |
| // Ephemeral and intermediate values |
| char x[WCC_PGS_ZZZ]; |
| octet X= {0,sizeof(x),x}; |
| char y[WCC_PGS_ZZZ]; |
| octet Y= {0,sizeof(y),y}; |
| char w[WCC_PGS_ZZZ]; |
| octet W= {0,sizeof(w),w}; |
| char pia[WCC_PGS_ZZZ]; |
| octet PIA= {0,sizeof(pia),pia}; |
| char pib[WCC_PGS_ZZZ]; |
| octet PIB= {0,sizeof(pib),pib}; |
| |
| char pgg1[2*WCC_PFS_ZZZ+1]; |
| octet PgG1= {0,sizeof(pgg1), pgg1}; |
| |
| char pag1[2*WCC_PFS_ZZZ+1]; |
| octet PaG1= {0,sizeof(pag1), pag1}; |
| |
| char pbg2[G2LEN]; |
| octet PbG2= {0,sizeof(pbg2), pbg2}; |
| |
| // Derived AES keys |
| char k1[AESKEY_ZZZ]; |
| char k2[AESKEY_ZZZ]; |
| octet K1= {0,sizeof(k1),k1}; |
| octet K2= {0,sizeof(k2),k2}; |
| |
| // Zero octet |
| char zero[AESKEY_ZZZ]; |
| octet ZERO= {0,sizeof(zero),zero}; |
| for(i=0; i<AESKEY_ZZZ; i++) |
| { |
| ZERO.val[i]=0; |
| } |
| |
| // non random seed value |
| char seed[32] = {0}; |
| octet SEED = {sizeof(seed),sizeof(seed),seed}; |
| for (i=0; i<32; i++) SEED.val[i]=i+1; |
| csprng RNG; |
| |
| #ifdef DEBUG |
| printf("SEED 0x"); |
| OCT_output(&SEED); |
| #endif |
| |
| /* initialize random number generator */ |
| CREATE_CSPRNG(&RNG,&SEED); |
| |
| /* Generate master secret */ |
| rtn = WCC_ZZZ_RANDOM_GENERATE(&RNG,&MS); |
| if (rtn != 0) |
| { |
| printf("TA WCC_ZZZ_RANDOM_GENERATE(&RNG,&MS) Error %d\n", rtn); |
| return 1; |
| } |
| #ifdef DEBUG |
| printf("TA MASTER SECRET: "); |
| OCT_output(&MS); |
| #endif |
| |
| |
| /* Generate key material for Alice, Bob and Eve */ |
| |
| // Alice's ID |
| OCT_jstring(&IdA,"alice@milagro.com"); |
| #ifdef DEBUG |
| printf("ALICE ID:"); |
| OCT_output_string(&IdA); |
| printf("\n"); |
| #endif |
| |
| // Hash Alice's Id |
| HASH_ID(HASH_TYPE_ZZZ,&IdA,&HIdA); |
| |
| // TA: Generate Alice's sender key |
| rtn = WCC_ZZZ_GET_G1_MULTIPLE(&MS,&HIdA,&AKeyG1); |
| if (rtn != 0) |
| { |
| printf("TA WCC_ZZZ_GET_G1_MULTIPLE(&MS,&HIdA,&AKeyG1) Error %d\n", rtn); |
| return 1; |
| } |
| #ifdef DEBUG |
| printf("TA Alice's sender key: "); |
| OCT_output(&AKeyG1); |
| #endif |
| |
| // Bob's ID |
| OCT_jstring(&IdB,"bob@milagro.com"); |
| #ifdef DEBUG |
| printf("BOB ID:"); |
| OCT_output_string(&IdB); |
| printf("\n"); |
| #endif |
| |
| // Hash Bob's Id |
| HASH_ID(HASH_TYPE_ZZZ,&IdB,&HIdB); |
| |
| // TA: Generate Bob's receiver key |
| rtn = WCC_ZZZ_GET_G2_MULTIPLE(&MS,&HIdB,&BKeyG2); |
| if (rtn != 0) |
| { |
| printf("TA WCC_ZZZ_GET_G2_MULTIPLE(&MS,&HIdB,&BKeyG2) Error %d\n", rtn); |
| return 1; |
| } |
| #ifdef DEBUG |
| printf("TA Bob's receiver key: "); |
| OCT_output(&BKeyG2); |
| #endif |
| |
| // Eve's ID |
| OCT_jstring(&IdE,"eve@milagro.com"); |
| #ifdef DEBUG |
| printf("EVE ID:"); |
| OCT_output_string(&IdE); |
| printf("\n"); |
| #endif |
| |
| // Hash Eve's Id |
| HASH_ID(HASH_TYPE_ZZZ,&IdE,&HIdE); |
| |
| // TA: Generate Eve's receiver key |
| rtn = WCC_ZZZ_GET_G2_MULTIPLE(&MS,&HIdE,&EKeyG2); |
| if (rtn != 0) |
| { |
| printf("TA WCC_ZZZ_GET_G2_MULTIPLE(&MS,&HIdE,&EKeyG2) Error %d\n", rtn); |
| return 1; |
| } |
| #ifdef DEBUG |
| printf("TA Eve's receiver key: "); |
| OCT_output(&EKeyG2); |
| #endif |
| |
| |
| /* TEST RUN: Check that the protocol is working when using the right receiver key */ |
| |
| #ifdef DEBUG |
| printf("Control Run. Alice:\n"); |
| #endif |
| |
| rtn = WCC_ZZZ_RANDOM_GENERATE(&RNG,&X); |
| if (rtn != 0) |
| { |
| printf("Alice WCC_ZZZ_RANDOM_GENERATE(&RNG,&X) Error %d\n", rtn); |
| return 1; |
| } |
| #ifdef DEBUG |
| printf("Alice X: "); |
| OCT_output(&X); |
| printf("\n"); |
| #endif |
| |
| rtn = WCC_ZZZ_GET_G1_MULTIPLE(&X,&HIdA,&PaG1); |
| if (rtn != 0) |
| { |
| printf("Alice WCC_ZZZ_GET_G1_MULTIPLE(&X,&HIdA,&PaG1) Error %d\n", rtn); |
| return 1; |
| } |
| |
| #ifdef DEBUG |
| printf("Alice sends IdA and PaG1 to Bob\n\n"); |
| printf("Alice IdA: "); |
| OCT_output_string(&IdA); |
| printf("\n"); |
| printf("Alice PaG1: "); |
| OCT_output(&PaG1); |
| printf("\n"); |
| #endif |
| |
| #ifdef DEBUG |
| printf("Bob\n"); |
| #endif |
| |
| rtn = WCC_ZZZ_RANDOM_GENERATE(&RNG,&W); |
| if (rtn != 0) |
| { |
| printf("Bob WCC_ZZZ_RANDOM_GENERATE(&RNG,&W) Error %d\n", rtn); |
| return 1; |
| } |
| #ifdef DEBUG |
| printf("Bob W: "); |
| OCT_output(&W); |
| printf("\n"); |
| #endif |
| rtn = WCC_ZZZ_GET_G1_MULTIPLE(&W,&HIdA,&PgG1); |
| if (rtn != 0) |
| { |
| printf("Bob WCC_ZZZ_GET_G1_MULTIPLE(&W,&HIdA,&PgG1) Error %d\n", rtn); |
| return 1; |
| } |
| #ifdef DEBUG |
| printf("PgG1: "); |
| OCT_output(&PgG1); |
| printf("\n"); |
| #endif |
| |
| rtn = WCC_ZZZ_RANDOM_GENERATE(&RNG,&Y); |
| if (rtn != 0) |
| { |
| printf("Bob WCC_ZZZ_RANDOM_GENERATE(&RNG,&Y) Error %d\n", rtn); |
| return 1; |
| } |
| #ifdef DEBUG |
| printf("Bob Y: "); |
| OCT_output(&Y); |
| printf("\n"); |
| #endif |
| rtn = WCC_ZZZ_GET_G2_MULTIPLE(&Y,&HIdB,&PbG2); |
| if (rtn != 0) |
| { |
| printf("Bob WCC_ZZZ_GET_G2_MULTIPLE(&Y,&HIdB,&PbG2) Error %d\n", rtn); |
| return 1; |
| } |
| |
| #ifdef DEBUG |
| printf("Bob PaG1: "); |
| OCT_output(&PaG1); |
| printf("\n"); |
| printf("Bob PbG2: "); |
| OCT_output(&PbG2); |
| printf("\n"); |
| printf("Bob PgG1: "); |
| OCT_output(&PgG1); |
| printf("\n"); |
| printf("Bob IdB: "); |
| OCT_output(&IdB); |
| printf("\n"); |
| #endif |
| |
| // pia = Hq(PaG1,PbG2,PgG1,IdB) |
| WCC_ZZZ_Hq(HASH_TYPE_ZZZ,&PaG1,&PbG2,&PgG1,&IdB,&PIA); |
| |
| // pib = Hq(PbG2,PaG1,PgG1,IdA) |
| WCC_ZZZ_Hq(HASH_TYPE_ZZZ,&PbG2,&PaG1,&PgG1,&IdA,&PIB); |
| |
| #ifdef DEBUG |
| printf("Bob PIA: "); |
| OCT_output(&PIA); |
| printf("\n"); |
| printf("Bob PIB: "); |
| OCT_output(&PIB); |
| printf("\n"); |
| #endif |
| |
| // Bob calculates AES Key |
| rtn = WCC_ZZZ_RECEIVER_KEY(HASH_TYPE_ZZZ,&Y,&W,&PIA,&PIB,&PaG1,&PgG1,&BKeyG2,&IdA,&K2); |
| if (rtn != 0) |
| { |
| printf("Bob WCC_ZZZ_RECEIVER_KEY() Error %d\n", rtn); |
| return 1; |
| } |
| #ifdef DEBUG |
| printf("Bob AES Key: "); |
| OCT_output(&K2); |
| #endif |
| if (OCT_comp(&K2,&ZERO)) |
| { |
| printf("Bob WCC_ZZZ_RECEIVER_KEY() Error: generated key is zero\n"); |
| return 1; |
| } |
| |
| #ifdef DEBUG |
| printf("Bob sends IdB, PbG2 and PgG1 to Alice\n\n"); |
| printf("Bob IdB: "); |
| OCT_output_string(&IdB); |
| printf("\n"); |
| printf("Bob PbG2: "); |
| OCT_output(&PbG2); |
| printf("\n"); |
| printf("Bob PgG1: "); |
| OCT_output(&PgG1); |
| printf("\n"); |
| #endif |
| |
| #ifdef DEBUG |
| printf("Alice\n"); |
| #endif |
| |
| // pia = Hq(PaG1,PbG2,PgG1,IdB) |
| WCC_ZZZ_Hq(HASH_TYPE_ZZZ,&PaG1,&PbG2,&PgG1,&IdB,&PIA); |
| |
| // pib = Hq(PbG2,PaG1,PgG1,IdA) |
| WCC_ZZZ_Hq(HASH_TYPE_ZZZ,&PbG2,&PaG1,&PgG1,&IdA,&PIB); |
| #ifdef DEBUG |
| printf("Alice PIA: "); |
| OCT_output(&PIA); |
| printf("\n"); |
| printf("Alice PIB: "); |
| OCT_output(&PIB); |
| printf("\n"); |
| #endif |
| |
| // Alice calculates AES Key |
| rtn = WCC_ZZZ_SENDER_KEY(HASH_TYPE_ZZZ,&X,&PIA,&PIB,&PbG2,&PgG1,&AKeyG1,&IdB,&K1); |
| if (rtn != 0) |
| { |
| printf("Alice WCC_ZZZ_SENDER_KEY() Error %d\n", rtn); |
| return 1; |
| } |
| #ifdef DEBUG |
| printf("Alice AES Key: "); |
| OCT_output(&K1); |
| #endif |
| if (OCT_comp(&K1,&ZERO)) |
| { |
| printf("Alice WCC_ZZZ_SENDER_KEY() Error: generated key is zero\n"); |
| return 1; |
| } |
| |
| #ifdef DEBUG |
| printf("K1: 0x"); |
| OCT_output(&K1); |
| printf("K2: 0x"); |
| OCT_output(&K2); |
| #endif |
| if (!OCT_comp(&K1,&K2)) |
| { |
| printf("FAILURE Control run keys do not match. OCT_comp(&K1,&K2)\n"); |
| return 1; |
| } |
| |
| |
| /* BAD KEY RUN: Check that someone with the wrong receiver key obtains a different session key */ |
| |
| #ifdef DEBUG |
| printf("Bad key run. Alice:\n"); |
| #endif |
| |
| rtn = WCC_ZZZ_RANDOM_GENERATE(&RNG,&X); |
| if (rtn != 0) |
| { |
| printf("Alice WCC_ZZZ_RANDOM_GENERATE(&RNG,&X) Error %d\n", rtn); |
| return 1; |
| } |
| #ifdef DEBUG |
| printf("Alice X: "); |
| OCT_output(&X); |
| printf("\n"); |
| #endif |
| |
| rtn = WCC_ZZZ_GET_G1_MULTIPLE(&X,&HIdA,&PaG1); |
| if (rtn != 0) |
| { |
| printf("Alice WCC_ZZZ_GET_G1_MULTIPLE(&X,&HIdA,&PaG1) Error %d\n", rtn); |
| return 1; |
| } |
| #ifdef DEBUG |
| printf("Alice sends IdA and PaG1 to Bob\n\n"); |
| printf("Alice IdA: "); |
| OCT_output_string(&IdA); |
| printf("\n"); |
| printf("Alice PaG1: "); |
| OCT_output(&PaG1); |
| printf("\n"); |
| #endif |
| |
| #ifdef DEBUG |
| printf("Eve\n"); |
| #endif |
| |
| rtn = WCC_ZZZ_RANDOM_GENERATE(&RNG,&W); |
| if (rtn != 0) |
| { |
| printf("Eve WCC_ZZZ_RANDOM_GENERATE(&RNG,&W) Error %d\n", rtn); |
| return 1; |
| } |
| #ifdef DEBUG |
| printf("Eve W: "); |
| OCT_output(&W); |
| printf("\n"); |
| #endif |
| rtn = WCC_ZZZ_GET_G1_MULTIPLE(&W,&HIdA,&PgG1); |
| if (rtn != 0) |
| { |
| printf("Eve WCC_ZZZ_GET_G1_MULTIPLE(&W,&HIdA,&PgG1) Error %d\n", rtn); |
| return 1; |
| } |
| #ifdef DEBUG |
| printf("PgG1: "); |
| OCT_output(&PgG1); |
| printf("\n"); |
| #endif |
| |
| rtn = WCC_ZZZ_RANDOM_GENERATE(&RNG,&Y); |
| if (rtn != 0) |
| { |
| printf("Eve WCC_ZZZ_RANDOM_GENERATE(&RNG,&Y) Error %d\n", rtn); |
| return 1; |
| } |
| #ifdef DEBUG |
| printf("Eve Y: "); |
| OCT_output(&Y); |
| printf("\n"); |
| #endif |
| rtn = WCC_ZZZ_GET_G2_MULTIPLE(&Y,&HIdE,&PbG2); |
| if (rtn != 0) |
| { |
| printf("Eve WCC_ZZZ_GET_G2_MULTIPLE(&Y,&HIdE,&PbG2) Error %d\n", rtn); |
| return 1; |
| } |
| |
| #ifdef DEBUG |
| printf("Eve PbG2: "); |
| OCT_output(&PbG2); |
| printf("\n"); |
| #endif |
| |
| // pia = Hq(PaG1,PbG2,PgG1,IdB) |
| WCC_ZZZ_Hq(HASH_TYPE_ZZZ,&PaG1,&PbG2,&PgG1,&IdB,&PIA); |
| |
| // pib = Hq(PbG2,PaG1,PgG1,IdA) |
| WCC_ZZZ_Hq(HASH_TYPE_ZZZ,&PbG2,&PaG1,&PgG1,&IdA,&PIB); |
| |
| #ifdef DEBUG |
| printf("Eve PIA: "); |
| OCT_output(&PIA); |
| printf("\n"); |
| printf("Eve PIB: "); |
| OCT_output(&PIB); |
| printf("\n"); |
| #endif |
| |
| // Eve calculates AES Key |
| rtn = WCC_ZZZ_RECEIVER_KEY(HASH_TYPE_ZZZ,&Y,&W,&PIA,&PIB,&PaG1,&PgG1,&EKeyG2,&IdA,&K2); |
| if (rtn != 0) |
| { |
| printf("Eve WCC_ZZZ_RECEIVER_KEY() Error %d\n", rtn); |
| return 1; |
| } |
| #ifdef DEBUG |
| printf("Eve AES Key: "); |
| OCT_output(&K2); |
| #endif |
| if (OCT_comp(&K2,&ZERO)) |
| { |
| printf("Eve WCC_ZZZ_RECEIVER_KEY() Error: generated key is zero\n"); |
| return 1; |
| } |
| |
| #ifdef DEBUG |
| printf("Eve sends IdB, PbG2 and PgG1 to Alice\n\n"); |
| printf("Eve IdB: "); |
| OCT_output_string(&IdB); |
| printf("\n"); |
| printf("Eve PbG2: "); |
| OCT_output(&PbG2); |
| printf("\n"); |
| printf("Eve PgG1: "); |
| OCT_output(&PgG1); |
| printf("\n"); |
| #endif |
| |
| #ifdef DEBUG |
| printf("Alice\n"); |
| #endif |
| |
| // pia = Hq(PaG1,PbG2,PgG1,IdB) |
| WCC_ZZZ_Hq(HASH_TYPE_ZZZ,&PaG1,&PbG2,&PgG1,&IdB,&PIA); |
| |
| // pib = Hq(PbG2,PaG1,PgG1,IdA) |
| WCC_ZZZ_Hq(HASH_TYPE_ZZZ,&PbG2,&PaG1,&PgG1,&IdA,&PIB); |
| |
| #ifdef DEBUG |
| printf("Alice PIA: "); |
| OCT_output(&PIA); |
| printf("\n"); |
| printf("Alice PIB: "); |
| OCT_output(&PIB); |
| printf("\n"); |
| #endif |
| |
| // Alice calculates AES Key |
| rtn = WCC_ZZZ_SENDER_KEY(HASH_TYPE_ZZZ,&X,&PIA,&PIB,&PbG2,&PgG1,&AKeyG1,&IdB,&K1); |
| if (rtn != 0) |
| { |
| printf("Alice WCC_ZZZ_SENDER_KEY() Error %d\n", rtn); |
| return 1; |
| } |
| |
| #ifdef DEBUG |
| printf("Alice AES Key: "); |
| OCT_output(&K1); |
| #endif |
| if (OCT_comp(&K1,&ZERO)) |
| { |
| printf("Alice WCC_ZZZ_SENDER_KEY() Error: generated key is zero\n"); |
| return 1; |
| } |
| |
| #ifdef DEBUG |
| printf("K1: 0x"); |
| OCT_output(&K1); |
| printf("K2: 0x"); |
| OCT_output(&K2); |
| #endif |
| |
| if (OCT_comp(&K1,&K2)) |
| { |
| printf("FAILURE Bad key run keys match. OCT_comp(&K1,&K2)\n"); |
| return 1; |
| } |
| |
| KILL_CSPRNG(&RNG); |
| printf("SUCCESS! WCC BAD RECEIVER KEY TEST\n"); |
| return 0; |
| } |
