1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121

#![no_std]

mod models;
pub use models::{Error, Result};

mod shake;
pub use shake::*;

mod transport;
pub use transport::*;

#[cfg(test)]
mod check {
	extern crate alloc;
	use alloc::boxed::Box;

	use x25519_dalek::{PublicKey, StaticSecret};

	use crate::{
		check::resolve::{FakeRandomNumberGenerator, MyResolver},
		Shake, MESSAGE_A_LEN, MESSAGE_B_LEN,
	};

	mod blake2s;
	mod ciphers;
	mod dh25519;
	mod resolve;

	#[test]
	fn compare_states_with_snow() {
		// Make new fake random number generator
		let random = FakeRandomNumberGenerator(0);

		// Keys remain same on each test execution because of our random number generator
		let server_ns = StaticSecret::random_from_rng(random.clone());
		let client_ns = StaticSecret::random_from_rng(random.clone());

		// Make client know static public key of the server
		let client_rs = PublicKey::from(&server_ns);

		// Initialize handshake states for both server and client
		let mut server = Shake::new(server_ns.clone(), random.clone());
		let mut client = Shake::new(client_ns.clone(), random);

		// Initialize ones of snow for state comparison
		let mut server_snow =
			snow::Builder::with_resolver(super::NOISE.parse().unwrap(), Box::new(MyResolver))
				.local_private_key(&server_ns.to_bytes())
				.build_responder()
				.unwrap();
		let mut client_snow =
			snow::Builder::with_resolver(super::NOISE.parse().unwrap(), Box::new(MyResolver))
				.local_private_key(&client_ns.to_bytes())
				.remote_public_key(client_rs.as_bytes())
				.build_initiator()
				.unwrap();

		// Allocate buffers for messages generated by provided impls
		let mut message_a_snow = [0u8; MESSAGE_A_LEN];
		let mut message_a = message_a_snow.clone();

		let mut message_b_snow = [0u8; MESSAGE_B_LEN];
		let mut message_b = message_b_snow.clone();

		// Make 1st messages and place into buffers made before
		client_snow.write_message(&[], &mut message_a_snow).unwrap();

		let client_ne = client.make_message_a(&mut message_a, client_rs).unwrap();

		// Check fact that generated messages are equal
		assert_eq!(message_a_snow, message_a);

		// Read 1st messages made before from buffers
		server_snow.read_message(&message_a_snow, &mut []).unwrap();

		let rk = server.read_message_a(&mut message_a).unwrap();

		// Make 2nd messages and place into buffers made before
		server_snow.write_message(&[], &mut message_b_snow).unwrap();

		let mut server_ts = server.make_message_b(&mut message_b, rk).unwrap();

		// Check fact that generated messages are equal
		assert_eq!(message_b_snow, message_b);

		// Read 2nd messages made before from buffers
		client_snow.read_message(&message_b_snow, &mut []).unwrap();

		let mut client_ts = client.read_message_b(&mut message_b, client_ne).unwrap();

		// Convert handshake of snow into transport state
		let mut server_ts_snow = server_snow.into_transport_mode().unwrap();
		let mut client_ts_snow = client_snow.into_transport_mode().unwrap();

		// Allocate buffers for transport state
		let mut message = [0; 32];
		let mut message_snow = [0; 32];

		for _ in 0..6 {
			// Make transport state messages and place into buffers
			client_ts_snow.write_message(&message[..16], &mut message_snow).unwrap();

			let (data, tag_data) = message.split_at_mut(16);

			client_ts.encrypt(data, tag_data).unwrap();

			// Check fact that generated messages are equal
			assert_eq!(message, message_snow);

			// Read transport state messages made before from buffers
			server_ts_snow.read_message(&message, &mut message_snow).unwrap();

			let (data, tag_data) = message.split_at_mut(16);

			server_ts.decrypt(data, tag_data).unwrap();

			// Check fact that decrypted messages are equal
			assert_eq!(message, message_snow);
		}
	}
}