From 068dea54230ee1d7a1d8c15d041b4a02ca43aa97 Mon Sep 17 00:00:00 2001
From: subtly <subtly@users.noreply.github.com>
Date: Fri, 13 Feb 2015 22:11:23 -0500
Subject: [PATCH] finished test of new-node handshake

---
 test/crypto.cpp | 66 ++++++++++++++++++++++++++++++++++++++++---------
 1 file changed, 54 insertions(+), 12 deletions(-)

diff --git a/test/crypto.cpp b/test/crypto.cpp
index 646202168..d572dc697 100644
--- a/test/crypto.cpp
+++ b/test/crypto.cpp
@@ -352,14 +352,16 @@ BOOST_AUTO_TEST_CASE(handshakeNew)
 	}
 	bytes authcipher;
 	encrypt(nodeB.pub(), &auth, authcipher);
+	BOOST_REQUIRE(authcipher.size());
 	
+	// Receipient is Bob (nodeB)
 	ECDHE eB;
 	bytes nBbytes(fromHex("0xBBBB"));
 	h256 nonceB(sha3(nAbytes));
-	bytes ack(h256::size * 2 + 1);
+	bytes ack(Public::size + h256::size + 1);
 	{
-		bytesConstRef epubk(&auth[0], Secret::size);
-		bytesConstRef nonce(&auth[Secret::size], h256::size);
+		bytesConstRef epubk(&ack[0], Public::size);
+		bytesConstRef nonce(&ack[Public::size], h256::size);
 		
 		eB.pubkey().ref().copyTo(epubk);
 		nonceB.ref().copyTo(nonce);
@@ -367,18 +369,29 @@ BOOST_AUTO_TEST_CASE(handshakeNew)
 	}
 	bytes ackcipher;
 	encrypt(nodeA.pub(), &ack, ackcipher);
+	BOOST_REQUIRE(ackcipher.size());
 	
 	BOOST_REQUIRE(eA.pubkey());
 	BOOST_REQUIRE(eB.pubkey());
 	BOOST_REQUIRE_NE(eA.seckey(), eB.seckey());
 	
-	/// Alice
+	/// Alice (after receiving ack)
 	Secret aEncryptK;
 	Secret aMacK;
 	Secret aEgressMac;
 	Secret aIngressMac;
 	{
-		// TODO: decrypt ackcipher and check decrypted material
+		bytes ackdecrypted;
+		decrypt(nodeA.sec(), &ackcipher, ackdecrypted);
+		BOOST_REQUIRE(ackdecrypted.size());
+		bytesConstRef ackRef(&ackdecrypted);
+		Public eBAck;
+		h256 nonceBAck;
+		ackRef.cropped(0, Public::size).copyTo(bytesConstRef(eBAck.data(), Public::size));
+		ackRef.cropped(Public::size, h256::size).copyTo(nonceBAck.ref());
+		BOOST_REQUIRE_EQUAL(eBAck, eB.pubkey());
+		BOOST_REQUIRE_EQUAL(nonceBAck, nonceB);
+		
 		// TODO: export ess and require equal to b
 		
 		bytes keyMaterialBytes(512);
@@ -386,18 +399,17 @@ BOOST_AUTO_TEST_CASE(handshakeNew)
 		
 		h256 ess;
 		// todo: ecdh-agree should be able to output bytes
-		s_secp256k1.agree(eA.seckey(), eB.pubkey(), ess);
+		s_secp256k1.agree(eA.seckey(), eBAck, ess);
 		ess.ref().copyTo(keyMaterial.cropped(0, h256::size));
 		ssA.ref().copyTo(keyMaterial.cropped(h256::size, h256::size));
 //		auto token = sha3(ssA);
 		aEncryptK = sha3(keyMaterial);
 		aEncryptK.ref().copyTo(keyMaterial.cropped(h256::size, h256::size));
 		aMacK = sha3(keyMaterial);
-		
-		// todo: replace nonceB with decrypted nonceB
+
 		keyMaterialBytes.resize(h256::size + authcipher.size());
 		keyMaterial.retarget(keyMaterialBytes.data(), keyMaterialBytes.size());
-		(aMacK ^ nonceB).ref().copyTo(keyMaterial);
+		(aMacK ^ nonceBAck).ref().copyTo(keyMaterial);
 		bytesConstRef(&authcipher).copyTo(keyMaterial.cropped(h256::size, authcipher.size()));
 		aEgressMac = sha3(keyMaterial);
 		
@@ -409,7 +421,7 @@ BOOST_AUTO_TEST_CASE(handshakeNew)
 	}
 	
 	
-	/// Bob
+	/// Bob (after sending ack)
 	Secret ssB;
 	s_secp256k1.agree(nodeB.sec(), nodeA.pub(), ssB);
 	BOOST_REQUIRE_EQUAL(ssA, ssB);
@@ -419,12 +431,42 @@ BOOST_AUTO_TEST_CASE(handshakeNew)
 	Secret bEgressMac;
 	Secret bIngressMac;
 	{
+		bytes authdecrypted;
+		decrypt(nodeB.sec(), &authcipher, authdecrypted);
+		BOOST_REQUIRE(authdecrypted.size());
+		bytesConstRef ackRef(&authdecrypted);
+		Signature sigAuth;
+		h256 heA;
+		Public eAAuth;
+		Public nodeAAuth;
+		h256 nonceAAuth;
+		bytesConstRef sig(&authdecrypted[0], Signature::size);
+		bytesConstRef hepubk(&authdecrypted[Signature::size], h256::size);
+		bytesConstRef pubk(&authdecrypted[Signature::size + h256::size], Public::size);
+		bytesConstRef nonce(&authdecrypted[Signature::size + h256::size + Public::size], h256::size);
+
+		nonce.copyTo(nonceAAuth.ref());
+		pubk.copyTo(nodeAAuth.ref());
+		BOOST_REQUIRE(nonceAAuth);
+		BOOST_REQUIRE_EQUAL(nonceA, nonceAAuth);
+		BOOST_REQUIRE(nodeAAuth);
+		BOOST_REQUIRE_EQUAL(nodeA.pub(), nodeAAuth); // bad test, bad!!!
+		hepubk.copyTo(heA.ref());
+		sig.copyTo(sigAuth.ref());
+		
+		Secret ss;
+		s_secp256k1.agree(nodeB.sec(), nodeAAuth, ss);
+		eAAuth = recover(sigAuth, ss ^ nonceAAuth);
+		// todo: test when this fails; means remote is bad or packet bits were flipped
+		BOOST_REQUIRE_EQUAL(heA, sha3(eAAuth));
+		BOOST_REQUIRE_EQUAL(eAAuth, eA.pubkey());
+		
 		bytes keyMaterialBytes(512);
 		bytesConstRef keyMaterial(&keyMaterialBytes);
 		
 		h256 ess;
 		// todo: ecdh-agree should be able to output bytes
-		s_secp256k1.agree(eB.seckey(), eA.pubkey(), ess);
+		s_secp256k1.agree(eB.seckey(), eAAuth, ess);
 		ess.ref().copyTo(keyMaterial.cropped(0, h256::size));
 		ssB.ref().copyTo(keyMaterial.cropped(h256::size, h256::size));
 //		auto token = sha3(ssA);
@@ -435,7 +477,7 @@ BOOST_AUTO_TEST_CASE(handshakeNew)
 		// todo: replace nonceB with decrypted nonceB
 		keyMaterialBytes.resize(h256::size + ackcipher.size());
 		keyMaterial.retarget(keyMaterialBytes.data(), keyMaterialBytes.size());
-		(bMacK ^ nonceA).ref().copyTo(keyMaterial);
+		(bMacK ^ nonceAAuth).ref().copyTo(keyMaterial);
 		bytesConstRef(&ackcipher).copyTo(keyMaterial.cropped(h256::size, ackcipher.size()));
 		bEgressMac = sha3(keyMaterial);