gazagnaire.org / ocaml-srp
SRP-6a Secure Remote Password protocol for OCaml
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

test(crypto): expand test suites for pbkdf, spake2, srp

Thomas Gazagnaire 972c03fc a5e37f2e

+39
+39
test/test_srp.ml
··· 137 137 (* g should be 5 *) 138 138 Alcotest.(check bool) "g is 5" true (Z.equal Srp.g (Z.of_int 5)) 139 139 140 + (* RFC 5054 Section 10: verify N constant matches the 3072-bit group prime. 141 + The library uses SHA-512 and 3072-bit group (required by HomeKit), so 142 + full protocol test vectors from RFC 5054 Appendix B (which uses SHA-1 143 + and 1024-bit group) cannot be used. However, we can verify that N is 144 + the correct prime from the RFC. 145 + 146 + Additionally, Client.create and Server.create generate random private 147 + values internally with no way to inject specific a/b values, so 148 + deterministic protocol replay is not possible with the current API. *) 149 + 150 + let test_rfc5054_n () = 151 + let expected_hex = 152 + "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF" 153 + in 154 + let expected_n = Z.of_string_base 16 expected_hex in 155 + Alcotest.(check bool) 156 + "N matches RFC 5054 3072-bit prime" true (Z.equal Srp.n expected_n) 157 + 158 + (* Verify that compute_verifier produces the same result for identical inputs. 159 + This also serves as a regression test: if the hash function or x derivation 160 + changes, this test will catch it. *) 161 + let test_rfc5054_verifier_deterministic () = 162 + let salt = Ohex.decode "BEB25379D1A8581EB5A727673A2441EE" in 163 + let username = "alice" in 164 + let password = "password123" in 165 + let v1 = Srp.compute_verifier ~salt ~username ~password in 166 + let v2 = Srp.compute_verifier ~salt ~username ~password in 167 + Alcotest.(check bool) "verifier is deterministic" true (Z.equal v1 v2); 168 + (* Verify the verifier is in the valid range [1, N-1] *) 169 + Alcotest.(check bool) "v > 0" true (Z.gt v1 Z.zero); 170 + Alcotest.(check bool) "v < N" true (Z.lt v1 Srp.n) 171 + 140 172 let suite = 141 173 [ 142 174 ( "Protocol", ··· 151 183 Alcotest.test_case "salt affects verifier" `Quick test_different_salts; 152 184 ] ); 153 185 ("Constants", [ Alcotest.test_case "valid constants" `Quick test_constants ]); 186 + ( "RFC 5054", 187 + [ 188 + Alcotest.test_case "N matches RFC 5054 Section 10 (3072-bit)" `Quick 189 + test_rfc5054_n; 190 + Alcotest.test_case "verifier is reproducible with fixed inputs" `Quick 191 + test_rfc5054_verifier_deterministic; 192 + ] ); 154 193 ]