def test_unserialize_wrong(self):
s = SPAKE2_A(b"password", params=Params1024)
s.start()
data = s.serialize()
SPAKE2_A.from_serialized(data, params=Params1024) # this is ok
self.assertRaises(spake2.WrongGroupError,
SPAKE2_A.from_serialized, data) # default is P2048
self.assertRaises(spake2.WrongGroupError,
SPAKE2_A.from_serialized, data,
params=Params3072)
self.assertRaises(spake2.WrongSideSerialized,
SPAKE2_B.from_serialized, data,
params=Params1024)
ss = SPAKE2_Symmetric(b"password", params=Params1024)
ss.start()
sdata = ss.serialize()
SPAKE2_Symmetric.from_serialized(sdata, params=Params1024) # ok
self.assertRaises(spake2.WrongGroupError, # default is P2048
SPAKE2_Symmetric.from_serialized, sdata)
self.assertRaises(spake2.WrongGroupError,
SPAKE2_Symmetric.from_serialized, sdata,
params=Params3072)
self.assertRaises(spake2.WrongSideSerialized,
SPAKE2_Symmetric.from_serialized, data, # from A
params=Params1024)
def test_unserialize_wrong(self):
s = SPAKE2_A(b"password", params=params.Params1024)
s.start()
data = s.serialize()
SPAKE2_A.from_serialized(data, params=params.Params1024) # this is ok
self.assertRaises(spake2.WrongGroupError,
SPAKE2_A.from_serialized, data) # default is P2048
self.assertRaises(spake2.WrongGroupError,
SPAKE2_A.from_serialized, data,
params=params.Params3072)
self.assertRaises(spake2.WrongSideSerialized,
SPAKE2_B.from_serialized, data,
params=params.Params1024)
ss = SPAKE2_Symmetric(b"password", params=params.Params1024)
ss.start()
sdata = ss.serialize()
SPAKE2_Symmetric.from_serialized(sdata, params=params.Params1024) # ok
self.assertRaises(spake2.WrongGroupError, # default is P2048
SPAKE2_Symmetric.from_serialized, sdata)
self.assertRaises(spake2.WrongGroupError,
SPAKE2_Symmetric.from_serialized, sdata,
params=params.Params3072)
self.assertRaises(spake2.WrongSideSerialized,
SPAKE2_Symmetric.from_serialized, data, # from A
params=params.Params1024)
def test_serialize(self):
pw = b"password"
sA,sB = SPAKE2_A(pw), SPAKE2_B(pw)
self.assertRaises(spake2.SerializedTooEarly, sA.serialize)
m1A,m1B = sA.start(), sB.start()
sA = SPAKE2_A.from_serialized(sA.serialize())
kA,kB = sA.finish(m1B), sB.finish(m1A)
self.assertEqual(hexlify(kA), hexlify(kB))
self.assertEqual(len(kA), len(sha256().digest()))
def test_default_is_ed25519(self):
pw = b"password"
sA, sB = SPAKE2_A(pw, params=ParamsEd25519), SPAKE2_B(pw)
m1A, m1B = sA.start(), sB.start()
kA, kB = sA.finish(m1B), sB.finish(m1A)
self.assertEqual(hexlify(kA), hexlify(kB))
self.assertEqual(len(kA), len(sha256().digest()))
def test_params(self):
for p in ALL_PARAMS:
pw = b"password"
sA, sB = SPAKE2_A(pw, params=p), SPAKE2_B(pw, params=p)
m1A, m1B = sA.start(), sB.start()
#print len(json.dumps(m1A))
kA, kB = sA.finish(m1B), sB.finish(m1A)
self.assertEqual(hexlify(kA), hexlify(kB))
self.assertEqual(len(kA), len(sha256().digest()))
sA, sB = SPAKE2_A(pw, params=p), SPAKE2_B(b"passwerd", params=p)
m1A, m1B = sA.start(), sB.start()
kA, kB = sA.finish(m1B), sB.finish(m1A)
self.assertNotEqual(hexlify(kA), hexlify(kB))
self.assertEqual(len(kA), len(sha256().digest()))
self.assertEqual(len(kB), len(sha256().digest()))
def test_failure_swapped_id(self):
pw = b"password"
sA = SPAKE2_A(pw, idA=b"alice", idB=b"bob")
sB = SPAKE2_B(pw, idA=b"bob", idB=b"alice")
m1A,m1B = sA.start(), sB.start()
kA,kB = sA.finish(m1B), sB.finish(m1A)
self.assertNotEqual(hexlify(kA), hexlify(kB))
def test_finish_twice(self):
pw = b"password"
sA,sB = SPAKE2_A(pw), SPAKE2_B(pw)
sA.start()
msg = sB.start()
sA.finish(msg)
self.assertRaises(spake2.OnlyCallFinishOnce, sA.finish, msg)
def test_success(self):
pw = b"password"
sA,sB = SPAKE2_A(pw), SPAKE2_B(pw)
m1A,m1B = sA.start(), sB.start()
kA,kB = sA.finish(m1B), sB.finish(m1A)
self.assertEqual(hexlify(kA), hexlify(kB))
self.assertEqual(len(kA), len(sha256().digest()))
def test_asymmetric(self):
PRGA = PRG(b"A")
PRGB = PRG(b"B")
pw = b"password"
sA,sB = SPAKE2_A(pw, entropy_f=PRGA), SPAKE2_B(pw, entropy_f=PRGB)
m1A,m1B = sA.start(), sB.start()
self.assertEqual(hexlify(m1A), b"416fc960df73c9cf8ed7198b0c9534e2e96a5984bfc5edc023fd24dacf371f2af9")
self.assertEqual(hexlify(m1B), b"42354e97b88406922b1df4bea1d7870f17aed3dba7c720b313edae315b00959309")
# peek at the scalars, since it ought to be stable, and other
# implementations that want to use this as a test vector might start
# with the scalar, rather than duplicating our deterministic RNG
self.assertEqual(sA.pw_scalar,
3515301705789368674385125653994241092664323519848410154015274772661223168839)
self.assertEqual(sB.pw_scalar,
3515301705789368674385125653994241092664323519848410154015274772661223168839)
self.assertEqual(sA.xy_scalar,
2611694063369306139794446498317402240796898290761098242657700742213257926693)
self.assertEqual(sB.xy_scalar,
7002393159576182977806091886122272758628412261510164356026361256515836884383)
kA,kB = sA.finish(m1B), sB.finish(m1A)
self.assertEqual(hexlify(kA),
b"a480bca13fa04464bb644f10e340125e96c9494f7399fef7c2bda67eb0fdf06d")
self.assertEqual(hexlify(kA), hexlify(kB))
self.assertEqual(len(kA), len(sha256().digest()))
def test_failure_wrong_password(self):
pw = b"password"
sA,sB = SPAKE2_A(pw), SPAKE2_B(b"passwerd")
m1A,m1B = sA.start(), sB.start()
kA,kB = sA.finish(m1B), sB.finish(m1A)
self.assertNotEqual(hexlify(kA), hexlify(kB))
self.assertEqual(len(kA), len(sha256().digest()))
self.assertEqual(len(kB), len(sha256().digest()))
def test_success_id(self):
pw = b"password"
sA = SPAKE2_A(pw, idA=b"alice", idB=b"bob")
sB = SPAKE2_B(pw, idA=b"alice", idB=b"bob")
m1A,m1B = sA.start(), sB.start()
kA,kB = sA.finish(m1B), sB.finish(m1A)
self.assertEqual(hexlify(kA), hexlify(kB))
self.assertEqual(len(kA), len(sha256().digest()))
def test_serialize(self):
pw = b"password"
sA,sB = SPAKE2_A(pw), SPAKE2_B(pw)
self.assertRaises(spake2.SerializedTooEarly, sA.serialize)
m1A,m1B = sA.start(), sB.start()
sA = SPAKE2_A.from_serialized(sA.serialize())
kA,kB = sA.finish(m1B), sB.finish(m1A)
self.assertEqual(hexlify(kA), hexlify(kB))
self.assertEqual(len(kA), len(sha256().digest()))
def test_entropy(self):
fr = PRG(b"seed")
pw = b"password"
sA,sB = SPAKE2_A(pw, entropy_f=fr), SPAKE2_B(pw, entropy_f=fr)
m1A1,m1B1 = sA.start(), sB.start()
kA1,kB1 = sA.finish(m1B1), sB.finish(m1A1)
self.assertEqual(hexlify(kA1), hexlify(kB1))
# run it again with the same entropy stream: all messages should be
# identical
fr = PRG(b"seed")
sA,sB = SPAKE2_A(pw, entropy_f=fr), SPAKE2_B(pw, entropy_f=fr)
m1A2,m1B2 = sA.start(), sB.start()
kA2,kB2 = sA.finish(m1B2), sB.finish(m1A2)
self.assertEqual(hexlify(kA2), hexlify(kB2))
self.assertEqual(m1A1, m1A2)
self.assertEqual(m1B1, m1B2)
self.assertEqual(kA1, kA2)
self.assertEqual(kB1, kB2)
def test_wrong_side(self):
pw = b"password"
sA1,sA2 = SPAKE2_A(pw), SPAKE2_A(pw)
sA1.start()
msgA = sA2.start()
self.assertRaises(spake2.OffSides, sA1.finish, msgA)
sB1,sB2 = SPAKE2_B(pw), SPAKE2_B(pw)
sB1.start()
msgB = sB2.start()
self.assertRaises(spake2.OffSides, sB1.finish, msgB)
self.assertRaises(spake2.OffSides, sA2.finish, b"C"+msgB)
sS = SPAKE2_Symmetric(pw)
sS.start()
self.assertRaises(spake2.OffSides, sS.finish, msgA)
sS = SPAKE2_Symmetric(pw)
sS.start()
self.assertRaises(spake2.OffSides, sS.finish, msgB)
def test_reflect(self):
pw = b"password"
s1 = SPAKE2_A(pw)
m1 = s1.start()
reflected = b"B" + m1[1:]
self.assertRaises(spake2.ReflectionThwarted, s1.finish, reflected)
def test_start_twice(self):
s = SPAKE2_A(b"password")
s.start()
self.assertRaises(spake2.OnlyCallStartOnce, s.start)