pim-crypto 0.1.5

Cryptographic primitives for the Proximity Internet Mesh (X25519, Ed25519, AES-GCM)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191

use super::super::*;
use crate::identity::Identity;

#[test]
fn full_handshake_produces_matching_keys() {
    let alice_id = Identity::generate();
    let bob_id = Identity::generate();

    let mut alice = Handshaker::new(&alice_id);
    let mut bob = Handshaker::new(&bob_id);

    // Alice initiates
    let init = alice.initiate();

    // Bob responds
    let response = bob.respond(&init).unwrap();

    // Alice finalizes
    alice.finalize_initiator(&response).unwrap();

    // Both should have the same session key
    let alice_key = alice.session_key().unwrap();
    let bob_key = bob.session_key().unwrap();
    assert_eq!(alice_key.as_bytes(), bob_key.as_bytes());
}

#[test]
fn confirm_messages_verify() {
    let alice_id = Identity::generate();
    let bob_id = Identity::generate();

    let mut alice = Handshaker::new(&alice_id);
    let mut bob = Handshaker::new(&bob_id);

    let init = alice.initiate();
    let response = bob.respond(&init).unwrap();
    alice.finalize_initiator(&response).unwrap();

    // Both produce confirms
    let alice_confirm = alice.make_confirm().unwrap();
    let bob_confirm = bob.make_confirm().unwrap();

    // And both can verify each other's confirms
    // (transcripts are the same, keys are the same → HMACs match)
    assert_eq!(alice_confirm.hmac, bob_confirm.hmac);
    alice.verify_confirm(&bob_confirm).unwrap();
    bob.verify_confirm(&alice_confirm).unwrap();
}

#[test]
fn tampered_signature_rejected() {
    let alice_id = Identity::generate();
    let bob_id = Identity::generate();

    let mut alice = Handshaker::new(&alice_id);
    let mut bob = Handshaker::new(&bob_id);

    let mut init = alice.initiate();
    // Tamper with the signature
    init.signature[0] ^= 0xFF;

    let result = bob.respond(&init);
    assert!(matches!(result, Err(HandshakeError::InvalidSignature)));
}

#[test]
fn wrong_confirm_hmac_rejected() {
    let alice_id = Identity::generate();
    let bob_id = Identity::generate();

    let mut alice = Handshaker::new(&alice_id);
    let mut bob = Handshaker::new(&bob_id);

    let init = alice.initiate();
    let response = bob.respond(&init).unwrap();
    alice.finalize_initiator(&response).unwrap();

    let mut bad_confirm = alice.make_confirm().unwrap();
    bad_confirm.hmac[0] ^= 0xFF;

    let result = bob.verify_confirm(&bad_confirm);
    assert!(matches!(result, Err(HandshakeError::ConfirmMismatch)));
}

#[test]
fn different_sessions_produce_different_keys() {
    let alice_id = Identity::generate();
    let bob_id = Identity::generate();

    // Session 1
    let mut a1 = Handshaker::new(&alice_id);
    let mut b1 = Handshaker::new(&bob_id);
    let init1 = a1.initiate();
    let resp1 = b1.respond(&init1).unwrap();
    a1.finalize_initiator(&resp1).unwrap();

    // Session 2 (same identities, different ephemeral keys)
    let mut a2 = Handshaker::new(&alice_id);
    let mut b2 = Handshaker::new(&bob_id);
    let init2 = a2.initiate();
    let resp2 = b2.respond(&init2).unwrap();
    a2.finalize_initiator(&resp2).unwrap();

    assert_ne!(
        a1.session_key().unwrap().as_bytes(),
        a2.session_key().unwrap().as_bytes()
    );
}

#[test]
fn matching_mesh_keys_yield_matching_session_keys() {
    let mesh_key = [0xABu8; 32];
    let alice_id = Identity::generate();
    let bob_id = Identity::generate();

    let mut alice = Handshaker::new(&alice_id).with_mesh_handshake_key(mesh_key);
    let mut bob = Handshaker::new(&bob_id).with_mesh_handshake_key(mesh_key);

    let init = alice.initiate();
    let response = bob.respond(&init).unwrap();
    alice.finalize_initiator(&response).unwrap();

    assert_eq!(
        alice.session_key().unwrap().as_bytes(),
        bob.session_key().unwrap().as_bytes()
    );
    let alice_confirm = alice.make_confirm().unwrap();
    bob.verify_confirm(&alice_confirm).unwrap();
}

#[test]
fn mismatched_mesh_keys_are_rejected_at_confirm() {
    let alice_mesh = [0xABu8; 32];
    let bob_mesh = [0xCDu8; 32];
    let alice_id = Identity::generate();
    let bob_id = Identity::generate();

    let mut alice = Handshaker::new(&alice_id).with_mesh_handshake_key(alice_mesh);
    let mut bob = Handshaker::new(&bob_id).with_mesh_handshake_key(bob_mesh);

    let init = alice.initiate();
    // Signatures still verify — the divergence is in the derived key.
    let response = bob.respond(&init).unwrap();
    alice.finalize_initiator(&response).unwrap();

    // Different IKMs → different session keys → confirm HMAC must fail.
    assert_ne!(
        alice.session_key().unwrap().as_bytes(),
        bob.session_key().unwrap().as_bytes()
    );
    let alice_confirm = alice.make_confirm().unwrap();
    let result = bob.verify_confirm(&alice_confirm);
    assert!(matches!(result, Err(HandshakeError::ConfirmMismatch)));
}

#[test]
fn open_and_private_meshes_do_not_interop() {
    let mesh_key = [0xABu8; 32];
    let alice_id = Identity::generate();
    let bob_id = Identity::generate();

    // Alice is on a private mesh; Bob is on the open mesh.
    let mut alice = Handshaker::new(&alice_id).with_mesh_handshake_key(mesh_key);
    let mut bob = Handshaker::new(&bob_id);

    let init = alice.initiate();
    let response = bob.respond(&init).unwrap();
    alice.finalize_initiator(&response).unwrap();

    assert_ne!(
        alice.session_key().unwrap().as_bytes(),
        bob.session_key().unwrap().as_bytes()
    );
    let alice_confirm = alice.make_confirm().unwrap();
    let result = bob.verify_confirm(&alice_confirm);
    assert!(matches!(result, Err(HandshakeError::ConfirmMismatch)));
}

#[test]
fn finalize_without_init_fails() {
    let id = Identity::generate();
    let mut hs = Handshaker::new(&id);
    let fake_response = HandshakeResponse {
        sender_pub: [0; 32],
        ephemeral_pub: [0; 32],
        nonce: [0; 32],
        signature: [0; 64],
    };
    let result = hs.finalize_initiator(&fake_response);
    assert!(matches!(result, Err(HandshakeError::InvalidState)));
}