Commit c0dd09fd authored by johan's avatar johan

Fix test on auxiliary secret

+ improve code readability
parent 1ed1618e
Pipeline #339 failed with stage
in 0 seconds
...@@ -117,9 +117,13 @@ typedef struct bzrtpSrtpSecrets_struct { ...@@ -117,9 +117,13 @@ typedef struct bzrtpSrtpSecrets_struct {
uint8_t keyAgreementAlgo; /**< The key agreement algo selected during ZRTP negotiation */ uint8_t keyAgreementAlgo; /**< The key agreement algo selected during ZRTP negotiation */
uint8_t sasAlgo; /**< The SAS rendering algo selected during ZRTP negotiation */ uint8_t sasAlgo; /**< The SAS rendering algo selected during ZRTP negotiation */
uint8_t cacheMismatch; /**< Flag set to 1 in case of ZRTP cache mismatch, may occurs only on first channel(the one computing SAS) */ uint8_t cacheMismatch; /**< Flag set to 1 in case of ZRTP cache mismatch, may occurs only on first channel(the one computing SAS) */
uint8_t auxSecretMismatch; /**< Flag set to 1 in case of auxiliary secret mismatch, may occurs only on first channel(the one computing SAS), in case of mismatch it is just ignored and we can still validate the SAS */ uint8_t auxSecretMismatch; /**< Flag set to BZRTP_AUXSECRET_MATCH, BZRTP_AUXSECRET_MISMATCH or BZRTP_AUXSECRET_UNSET, may occurs only on first channel(the one computing SAS), in case of mismatch it may be ignored and we can still validate the SAS */
} bzrtpSrtpSecrets_t; } bzrtpSrtpSecrets_t;
/* define auxSecretMismatch flag codes */
#define BZRTP_AUXSECRET_MATCH 0x00
#define BZRTP_AUXSECRET_MISMATCH 0x01
#define BZRTP_AUXSECRET_UNSET 0x02
/* define message levels */ /* define message levels */
#define BZRTP_MESSAGE_ERROR 0x00 #define BZRTP_MESSAGE_ERROR 0x00
......
...@@ -982,7 +982,7 @@ int bzrtp_setAuxiliarySharedSecret(bzrtpContext_t *zrtpContext, const uint8_t *a ...@@ -982,7 +982,7 @@ int bzrtp_setAuxiliarySharedSecret(bzrtpContext_t *zrtpContext, const uint8_t *a
* @brief Get the ZRTP auxiliary shared secret mismatch status * @brief Get the ZRTP auxiliary shared secret mismatch status
* *
* @param[in] zrtpContext The ZRTP context we're dealing with * @param[in] zrtpContext The ZRTP context we're dealing with
* @return 0 on match, 1 on mismatch, 2 if auxiliary shared secret is unused * @return BZRTP_AUXSECRET_MATCH on match, BZRTP_AUXSECRET_MISMATCH on mismatch, BZRTP_AUXSECRET_UNSET if auxiliary shared secret is unused
*/ */
uint8_t bzrtp_getAuxiliarySharedSecretMismatch(bzrtpContext_t *zrtpContext) { uint8_t bzrtp_getAuxiliarySharedSecretMismatch(bzrtpContext_t *zrtpContext) {
return zrtpContext->channelContext[0]->srtpSecrets.auxSecretMismatch; return zrtpContext->channelContext[0]->srtpSecrets.auxSecretMismatch;
...@@ -1140,7 +1140,7 @@ static int bzrtp_initChannelContext(bzrtpContext_t *zrtpContext, bzrtpChannelCon ...@@ -1140,7 +1140,7 @@ static int bzrtp_initChannelContext(bzrtpContext_t *zrtpContext, bzrtpChannelCon
zrtpChannelContext->srtpSecrets.keyAgreementAlgo = ZRTP_UNSET_ALGO; zrtpChannelContext->srtpSecrets.keyAgreementAlgo = ZRTP_UNSET_ALGO;
zrtpChannelContext->srtpSecrets.sasAlgo = ZRTP_UNSET_ALGO; zrtpChannelContext->srtpSecrets.sasAlgo = ZRTP_UNSET_ALGO;
zrtpChannelContext->srtpSecrets.cacheMismatch = 0; zrtpChannelContext->srtpSecrets.cacheMismatch = 0;
zrtpChannelContext->srtpSecrets.auxSecretMismatch = 2; /* default is 2, explicitely set it to 0 if we have a match or 1 if we have a mismatch */ zrtpChannelContext->srtpSecrets.auxSecretMismatch = BZRTP_AUXSECRET_UNSET;
/* create the Hello packet and store it */ /* create the Hello packet and store it */
helloPacket = bzrtp_createZrtpPacket(zrtpContext, zrtpChannelContext, MSGTYPE_HELLO, &retval); helloPacket = bzrtp_createZrtpPacket(zrtpContext, zrtpChannelContext, MSGTYPE_HELLO, &retval);
......
...@@ -532,13 +532,13 @@ int state_keyAgreement_sendingCommit(bzrtpEvent_t event) { ...@@ -532,13 +532,13 @@ int state_keyAgreement_sendingCommit(bzrtpEvent_t event) {
/* if we have an aux secret check it match peer's one */ /* if we have an aux secret check it match peer's one */
if (zrtpContext->cachedSecret.auxsecret!=NULL) { if (zrtpContext->cachedSecret.auxsecret!=NULL) {
if (memcmp(zrtpChannelContext->responderAuxsecretID, dhPart1Message->auxsecretID,8) != 0) { // they do not match, set flag to 1, delete the aux secret as we must not use it if (memcmp(zrtpChannelContext->responderAuxsecretID, dhPart1Message->auxsecretID,8) != 0) { // they do not match, set flag to MISMATCH, delete the aux secret as we must not use it
free(zrtpContext->cachedSecret.auxsecret); free(zrtpContext->cachedSecret.auxsecret);
zrtpContext->cachedSecret.auxsecret= NULL; zrtpContext->cachedSecret.auxsecret= NULL;
zrtpContext->cachedSecret.auxsecretLength = 0; zrtpContext->cachedSecret.auxsecretLength = 0;
zrtpChannelContext->srtpSecrets.auxSecretMismatch=1; zrtpChannelContext->srtpSecrets.auxSecretMismatch = BZRTP_AUXSECRET_MISMATCH;
} else { // they do match, set the flag to 0 (default is 2) } else { // they do match, set the flag to MATCH (default is UNSET)
zrtpChannelContext->srtpSecrets.auxSecretMismatch=0; zrtpChannelContext->srtpSecrets.auxSecretMismatch = BZRTP_AUXSECRET_MATCH;
} }
} }
...@@ -837,13 +837,13 @@ int state_keyAgreement_responderSendingDHPart1(bzrtpEvent_t event) { ...@@ -837,13 +837,13 @@ int state_keyAgreement_responderSendingDHPart1(bzrtpEvent_t event) {
/* if we have an auxiliary secret, check it match peer's one */ /* if we have an auxiliary secret, check it match peer's one */
if (zrtpContext->cachedSecret.auxsecret!=NULL) { if (zrtpContext->cachedSecret.auxsecret!=NULL) {
if (memcmp(zrtpChannelContext->initiatorAuxsecretID, dhPart2Message->auxsecretID,8) != 0) { // they do not match, set flag to 1, delete the aux secret as we must not use it if (memcmp(zrtpChannelContext->initiatorAuxsecretID, dhPart2Message->auxsecretID,8) != 0) { // they do not match, set flag to MISMATCH, delete the aux secret as we must not use it
free(zrtpContext->cachedSecret.auxsecret); free(zrtpContext->cachedSecret.auxsecret);
zrtpContext->cachedSecret.auxsecret= NULL; zrtpContext->cachedSecret.auxsecret= NULL;
zrtpContext->cachedSecret.auxsecretLength = 0; zrtpContext->cachedSecret.auxsecretLength = 0;
zrtpChannelContext->srtpSecrets.auxSecretMismatch=1; zrtpChannelContext->srtpSecrets.auxSecretMismatch = BZRTP_AUXSECRET_MISMATCH;
} else { // they do match, set the flag to 0 (default is 2) } else { // they do match, set the flag to MATCH (default is UNSET)
zrtpChannelContext->srtpSecrets.auxSecretMismatch=0; zrtpChannelContext->srtpSecrets.auxSecretMismatch = BZRTP_AUXSECRET_MATCH;
} }
} }
......
...@@ -1081,7 +1081,7 @@ static void test_cache_sas_not_confirmed(void) { ...@@ -1081,7 +1081,7 @@ static void test_cache_sas_not_confirmed(void) {
#endif /* ZIDCACHE_ENABLED */ #endif /* ZIDCACHE_ENABLED */
} }
static int test_auxiliary_secret_params(uint8_t *aliceAuxSecret, size_t aliceAuxSecretLength, uint8_t *bobAuxSecret, size_t bobAuxSecretLength, uint8_t expectedAuxSecretMismatch, uint8_t badTimingFlag) { static int test_auxiliary_secret_params(uint8_t *aliceAuxSecret, size_t aliceAuxSecretLength, uint8_t *bobAuxSecret, size_t bobAuxSecretLength, uint8_t aliceExpectedAuxSecretMismatch, uint8_t bobExpectedAuxSecretMismatch, uint8_t badTimingFlag) {
int retval; int retval;
clientContext_t Alice,Bob; clientContext_t Alice,Bob;
uint64_t initialTime=0; uint64_t initialTime=0;
...@@ -1206,12 +1206,22 @@ static int test_auxiliary_secret_params(uint8_t *aliceAuxSecret, size_t aliceAux ...@@ -1206,12 +1206,22 @@ static int test_auxiliary_secret_params(uint8_t *aliceAuxSecret, size_t aliceAux
// check aux secrets mismatch flag, they must be in sync // check aux secrets mismatch flag, they must be in sync
if (Alice.secrets->auxSecretMismatch != Bob.secrets->auxSecretMismatch) { if (Alice.secrets->auxSecretMismatch != Bob.secrets->auxSecretMismatch) {
BC_FAIL("computed auxSecretMismatch flags differ from Alice to Bob"); // if one is unset(AuxSecret is null so flag is at unset) then other can be unset(caught by previous if) or mismatch(this one)
return -1; if (!( (Alice.secrets->auxSecretMismatch == BZRTP_AUXSECRET_UNSET
&& aliceAuxSecret == NULL
&& Bob.secrets->auxSecretMismatch == BZRTP_AUXSECRET_MISMATCH)
|| (Bob.secrets->auxSecretMismatch == BZRTP_AUXSECRET_UNSET
&& bobAuxSecret == NULL
&& Alice.secrets->auxSecretMismatch == BZRTP_AUXSECRET_MISMATCH)))
{
BC_FAIL("computed auxSecretMismatch flags differ from Alice to Bob");
return -1;
}
} }
// Do we have a mismatch on aux secret // Do we have the expected mismatch on aux secret
BC_ASSERT_EQUAL(Alice.secrets->auxSecretMismatch, expectedAuxSecretMismatch, uint8_t, "%d"); BC_ASSERT_EQUAL(Alice.secrets->auxSecretMismatch, aliceExpectedAuxSecretMismatch, uint8_t, "%d");
BC_ASSERT_EQUAL(Bob.secrets->auxSecretMismatch, bobExpectedAuxSecretMismatch, uint8_t, "%d");
/*** Destroy Contexts ***/ /*** Destroy Contexts ***/
while (bzrtp_destroyBzrtpContext(Alice.bzrtpContext, aliceSSRC)>0 && aliceSSRC>=ALICE_SSRC_BASE) { while (bzrtp_destroyBzrtpContext(Alice.bzrtpContext, aliceSSRC)>0 && aliceSSRC>=ALICE_SSRC_BASE) {
...@@ -1231,21 +1241,21 @@ static void test_auxiliary_secret() { ...@@ -1231,21 +1241,21 @@ static void test_auxiliary_secret() {
resetGlobalParams(); resetGlobalParams();
// matching cases (expect mismatch flag to be 0) // matching cases (expect mismatch flag to be 0)
BC_ASSERT_EQUAL(test_auxiliary_secret_params(secret1, sizeof(secret1), secret1, sizeof(secret1), 0, 0), 0, int, "%d"); BC_ASSERT_EQUAL(test_auxiliary_secret_params(secret1, sizeof(secret1), secret1, sizeof(secret1), BZRTP_AUXSECRET_MATCH, BZRTP_AUXSECRET_MATCH, 0), 0, int, "%d");
BC_ASSERT_EQUAL(test_auxiliary_secret_params(secret2, sizeof(secret2), secret2, sizeof(secret2), 0, 0), 0, int, "%d"); BC_ASSERT_EQUAL(test_auxiliary_secret_params(secret2, sizeof(secret2), secret2, sizeof(secret2), BZRTP_AUXSECRET_MATCH, BZRTP_AUXSECRET_MATCH, 0), 0, int, "%d");
// mismatching cases (expect mismatch flag to be 1) // mismatching cases (expect mismatch flag to be 1)
// different secrets // different secrets
BC_ASSERT_EQUAL(test_auxiliary_secret_params(secret1, sizeof(secret1), secret2, sizeof(secret2), 1, 0), 0, int, "%d"); BC_ASSERT_EQUAL(test_auxiliary_secret_params(secret1, sizeof(secret1), secret2, sizeof(secret2), BZRTP_AUXSECRET_MISMATCH, BZRTP_AUXSECRET_MISMATCH, 0), 0, int, "%d");
// only one side has a secret // only one side has a secret
BC_ASSERT_EQUAL(test_auxiliary_secret_params(secret1, sizeof(secret1), NULL, 0, 1, 0), 0, int, "%d"); BC_ASSERT_EQUAL(test_auxiliary_secret_params(secret1, sizeof(secret1), NULL, 0, BZRTP_AUXSECRET_MISMATCH, BZRTP_AUXSECRET_UNSET, 0), 0, int, "%d");
// no one has a secret // no one has a secret
BC_ASSERT_EQUAL(test_auxiliary_secret_params(NULL, 0, NULL, 0, 1, 0), 0, int, "%d"); BC_ASSERT_EQUAL(test_auxiliary_secret_params(NULL, 0, NULL, 0, BZRTP_AUXSECRET_UNSET, BZRTP_AUXSECRET_UNSET, 0), 0, int, "%d");
// same secret but one is one byte shorter // same secret but one is one byte shorter
BC_ASSERT_EQUAL(test_auxiliary_secret_params(secret1, sizeof(secret1)-1, secret1, sizeof(secret1), 1, 0), 0, int, "%d"); BC_ASSERT_EQUAL(test_auxiliary_secret_params(secret1, sizeof(secret1)-1, secret1, sizeof(secret1), BZRTP_AUXSECRET_MISMATCH, BZRTP_AUXSECRET_MISMATCH, 0), 0, int, "%d");
// matching secret, but inserted to late(last param is a flag to do that) // matching secret, but inserted to late(last param is a flag to do that) so we expect unset
BC_ASSERT_EQUAL(test_auxiliary_secret_params(secret1, sizeof(secret1), secret1, sizeof(secret1), 1, 1), 0, int, "%d"); BC_ASSERT_EQUAL(test_auxiliary_secret_params(secret1, sizeof(secret1), secret1, sizeof(secret1), BZRTP_AUXSECRET_UNSET, BZRTP_AUXSECRET_UNSET, 1), 0, int, "%d");
}; };
/** /**
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment