wg_noise: add selftest

Signed-off-by: Matt Dunwoodie <ncon@noconroy.net>
2021-04-22 12:10:24 +10:00 · 2021-04-22 12:10:24 +10:00 · b132f7d89d
parent e27cf0318e
commit b132f7d89d
4 changed files with 100 additions and 0 deletions
--- a/src/if_wg.c
+++ b/src/if_wg.c
@ -2786,6 +2786,7 @@ wg_prison_remove(void *obj, void *data __unused)
 static void wg_run_selftests(void)
 {
 	wg_allowedips_selftest();
+	noise_counter_selftest();
 	cookie_selftest();
 }
 #else
--- a/src/selftest/counter.c
+++ b/src/selftest/counter.c
@ -0,0 +1,91 @@
+#define T_LIM (COUNTER_WINDOW_SIZE + 1)
+#define T_INIT do {				\
+	bzero(&kp, sizeof(kp));			\
+	rw_init(&kp.kp_nonce_lock, "counter");	\
+} while (0)
+#define T(num, v, e) do {						\
+	if (noise_keypair_nonce_check(&kp, v) != e) {			\
+		printf("%s, test %d: fail\n", __func__, num);	\
+		return;							\
+	}								\
+} while (0)
+#define T_PASSED printf("%s: pass\n", __func__)
+
+void
+noise_counter_selftest(void)
+{
+	struct noise_keypair kp;
+	int i;
+
+	T_INIT;
+	/* T(test number, nonce, expected_response) */
+	T( 1, 0, 0);
+	T( 2, 1, 0);
+	T( 3, 1, EEXIST);
+	T( 4, 9, 0);
+	T( 5, 8, 0);
+	T( 6, 7, 0);
+	T( 7, 7, EEXIST);
+	T( 8, T_LIM, 0);
+	T( 9, T_LIM - 1, 0);
+	T(10, T_LIM - 1, EEXIST);
+	T(11, T_LIM - 2, 0);
+	T(12, 2, 0);
+	T(13, 2, EEXIST);
+	T(14, T_LIM + 16, 0);
+	T(15, 3, EEXIST);
+	T(16, T_LIM + 16, EEXIST);
+	T(17, T_LIM * 4, 0);
+	T(18, T_LIM * 4 - (T_LIM - 1), 0);
+	T(19, 10, EEXIST);
+	T(20, T_LIM * 4 - T_LIM, EEXIST);
+	T(21, T_LIM * 4 - (T_LIM + 1), EEXIST);
+	T(22, T_LIM * 4 - (T_LIM - 2), 0);
+	T(23, T_LIM * 4 + 1 - T_LIM, EEXIST);
+	T(24, 0, EEXIST);
+	T(25, REJECT_AFTER_MESSAGES, EEXIST);
+	T(26, REJECT_AFTER_MESSAGES - 1, 0);
+	T(27, REJECT_AFTER_MESSAGES, EEXIST);
+	T(28, REJECT_AFTER_MESSAGES - 1, EEXIST);
+	T(29, REJECT_AFTER_MESSAGES - 2, 0);
+	T(30, REJECT_AFTER_MESSAGES + 1, EEXIST);
+	T(31, REJECT_AFTER_MESSAGES + 2, EEXIST);
+	T(32, REJECT_AFTER_MESSAGES - 2, EEXIST);
+	T(33, REJECT_AFTER_MESSAGES - 3, 0);
+	T(34, 0, EEXIST);
+
+	T_INIT;
+	for (i = 1; i <= COUNTER_WINDOW_SIZE; ++i)
+		T(35, i, 0);
+	T(36, 0, 0);
+	T(37, 0, EEXIST);
+
+	T_INIT;
+	for (i = 2; i <= COUNTER_WINDOW_SIZE + 1; ++i)
+		T(38, i, 0);
+	T(39, 1, 0);
+	T(40, 0, EEXIST);
+
+	T_INIT;
+	for (i = COUNTER_WINDOW_SIZE + 1; i-- > 0;)
+		T(41, i, 0);
+
+	T_INIT;
+	for (i = COUNTER_WINDOW_SIZE + 2; i-- > 1;)
+		T(42, i, 0);
+	T(43, 0, EEXIST);
+
+	T_INIT;
+	for (i = COUNTER_WINDOW_SIZE + 1; i-- > 1;)
+		T(44, i, 0);
+	T(45, COUNTER_WINDOW_SIZE + 1, 0);
+	T(46, 0, EEXIST);
+
+	T_INIT;
+	for (i = COUNTER_WINDOW_SIZE + 1; i-- > 1;)
+		T(47, i, 0);
+	T(48, 0, 0);
+	T(49, COUNTER_WINDOW_SIZE + 1, 0);
+
+	T_PASSED;
+}
--- a/src/wg_noise.c
+++ b/src/wg_noise.c
@ -1343,3 +1343,7 @@ static uint64_t siphash24(const uint8_t key[SIPHASH_KEY_LENGTH], const void *src
 	SIPHASH_CTX ctx;
 	return (SipHashX(&ctx, 2, 4, key, src, len));
 }
+
+#ifdef SELFTESTS
+#include "selftest/counter.c"
+#endif /* SELFTESTS */
--- a/src/wg_noise.h
+++ b/src/wg_noise.h
@ -129,4 +129,8 @@ int	noise_consume_response(
 	    uint8_t ue[NOISE_PUBLIC_KEY_LEN],
 	    uint8_t en[0 + NOISE_AUTHTAG_LEN]);

+#ifdef SELFTESTS
+void	noise_counter_selftest(void);
+#endif /* SELFTESTS */
+
 #endif /* __NOISE_H__ */