static int test_invalid_sk_a(void) { NEWHOPE_POLY *sk = NEWHOPE_POLY_new(); uint8_t offer_key[SHA256_DIGEST_LENGTH], accept_key[SHA256_DIGEST_LENGTH]; uint8_t offermsg[NEWHOPE_OFFERMSG_LENGTH]; uint8_t acceptmsg[NEWHOPE_ACCEPTMSG_LENGTH]; int i; for (i = 0; i < NTESTS; i++) { /* Alice generates a public key */ NEWHOPE_offer(offermsg, sk); /* Bob derives a secret key and creates a response */ if (!NEWHOPE_accept(accept_key, acceptmsg, offermsg, sizeof(offermsg))) { fprintf(stderr, "ERROR accept key exchange failed\n"); return 0; } /* Corrupt the secret key */ NEWHOPE_offer(offermsg /* not used below */, sk); /* Alice uses Bob's response to get her secret key */ if (!NEWHOPE_finish(offer_key, sk, acceptmsg, sizeof(acceptmsg))) { fprintf(stderr, "ERROR finish key exchange failed\n"); return 0; } if (memcmp(offer_key, accept_key, SHA256_DIGEST_LENGTH) == 0) { fprintf(stderr, "ERROR invalid sk_a\n"); return 0; } } NEWHOPE_POLY_free(sk); return 1; }
static int ssl_cecpq1_offer(SSL_ECDH_CTX *ctx, CBB *out) { assert(ctx->data == NULL); cecpq1_data *data = OPENSSL_malloc(sizeof(cecpq1_data)); if (data == NULL) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); return 0; } ctx->data = data; data->newhope_sk = NEWHOPE_POLY_new(); if (data->newhope_sk == NULL) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); return 0; } uint8_t x25519_public_key[32]; X25519_keypair(x25519_public_key, data->x25519_key); uint8_t newhope_offermsg[NEWHOPE_OFFERMSG_LENGTH]; NEWHOPE_offer(newhope_offermsg, data->newhope_sk); if (!CBB_add_bytes(out, x25519_public_key, sizeof(x25519_public_key)) || !CBB_add_bytes(out, newhope_offermsg, sizeof(newhope_offermsg))) { return 0; } return 1; }
static int test_invalid_ciphertext(void) { NEWHOPE_POLY *sk = NEWHOPE_POLY_new(); uint8_t offer_key[SHA256_DIGEST_LENGTH], accept_key[SHA256_DIGEST_LENGTH]; uint8_t offermsg[NEWHOPE_OFFERMSG_LENGTH]; uint8_t acceptmsg[NEWHOPE_ACCEPTMSG_LENGTH]; int i; for (i = 0; i < 10; i++) { /* Alice generates a public key */ NEWHOPE_offer(offermsg, sk); /* Bob derives a secret key and creates a response */ if (!NEWHOPE_accept(accept_key, acceptmsg, offermsg, sizeof(offermsg))) { fprintf(stderr, "ERROR accept key exchange failed\n"); return 0; } /* Change some byte in the "ciphertext" */ acceptmsg[42] ^= 1; /* Alice uses Bob's response to get her secret key */ if (!NEWHOPE_finish(offer_key, sk, acceptmsg, sizeof(acceptmsg))) { fprintf(stderr, "ERROR finish key exchange failed\n"); return 0; } if (!memcmp(offer_key, accept_key, SHA256_DIGEST_LENGTH)) { fprintf(stderr, "ERROR invalid acceptmsg\n"); return 0; } } NEWHOPE_POLY_free(sk); return 1; }