summaryrefslogtreecommitdiff
path: root/internal/middlewares/timing_attack_delay_test.go
blob: 976be04a8809242cc1ec6b9980f2dc2a322c7775 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

package middlewares

import (
	"sync"
	"testing"
	"time"

	"github.com/sirupsen/logrus"
	"github.com/stretchr/testify/assert"

	"github.com/authelia/authelia/v4/internal/logging"
	"github.com/authelia/authelia/v4/internal/random"
)

func TestTimingAttackDelayAverages(t *testing.T) {
	execDuration := time.Millisecond * 500
	oneSecond := time.Millisecond * 1000
	durations := []time.Duration{oneSecond, oneSecond, oneSecond, oneSecond, oneSecond, oneSecond, oneSecond, oneSecond, oneSecond, oneSecond}
	cursor := 0
	mutex := &sync.Mutex{}
	avgExecDuration := movingAverageIteration(execDuration, 10, false, &cursor, &durations, mutex)
	assert.Equal(t, avgExecDuration, float64(1000))

	execDurations := []time.Duration{
		time.Millisecond * 500, time.Millisecond * 500, time.Millisecond * 500, time.Millisecond * 500,
		time.Millisecond * 500, time.Millisecond * 500, time.Millisecond * 500, time.Millisecond * 500,
		time.Millisecond * 500, time.Millisecond * 500, time.Millisecond * 500, time.Millisecond * 500,
	}

	current := float64(1000)

	// Execute at 500ms for 12 requests.
	for _, execDuration = range execDurations {
		avgExecDuration = movingAverageIteration(execDuration, 10, true, &cursor, &durations, mutex)
		assert.Equal(t, avgExecDuration, current)

		// Should not dip below 500, and should decrease in value by 50 each iteration.
		if current > 500 {
			current -= 50
		}
	}
}

func TestTimingAttackDelayCalculations(t *testing.T) {
	execDuration := 500 * time.Millisecond
	avgExecDurationMs := 1000.0
	expectedMinimumDelayMs := avgExecDurationMs - float64(execDuration.Milliseconds())

	ctx := &AutheliaCtx{
		Logger: logging.Logger().WithFields(logrus.Fields{}),
		Providers: Providers{
			Random: &random.Cryptographical{},
		},
	}

	for i := 0; i < 100; i++ {
		delay := calculateActualDelay(ctx, execDuration, avgExecDurationMs, 250, 85, false)
		assert.True(t, delay >= expectedMinimumDelayMs)
		assert.True(t, delay <= expectedMinimumDelayMs+float64(85))
	}

	execDuration = 5 * time.Millisecond
	avgExecDurationMs = 5.0
	expectedMinimumDelayMs = 250 - float64(execDuration.Milliseconds())

	for i := 0; i < 100; i++ {
		delay := calculateActualDelay(ctx, execDuration, avgExecDurationMs, 250, 85, false)
		assert.True(t, delay >= expectedMinimumDelayMs)
		assert.True(t, delay <= expectedMinimumDelayMs+float64(250))
	}
}