def test_load_key_strings_long(): with pytest.raises(ValueError): client = pssst.PSSSTClient(k1_pub + 'ff') with pytest.raises(ValueError): client = pssst.PSSSTClient(k1_pub, k2_priv + 'ff') with pytest.raises(ValueError): client = pssst.PSSSTServer(k1_priv + 'ff')
def test_load_key_strings_short(): with pytest.raises(ValueError): client = pssst.PSSSTClient(k1_pub[:-1]) with pytest.raises(ValueError): client = pssst.PSSSTClient(k1_pub, k2_priv[:-1]) with pytest.raises(ValueError): client = pssst.PSSSTServer(k1_priv[:-1])
def test_round_trip_client_auth_text_keys(): client = pssst.PSSSTClient(k1_pub, k2_priv) server = pssst.PSSSTServer(k1_priv) client_public_key = X25519PublicKey.from_public_bytes( bytes.fromhex(k2_pub)) test_message = b"This is a test message" request_packet, client_reply_handler = client.pack_request(test_message) received_message, received_client_public_key, server_reply_handler = server.unpack_request( request_packet) assert received_message == test_message, "Message didn't arrive intact" source_client_key_bytes = client_public_key.public_bytes( encoding=Encoding.Raw, format=PublicFormat.Raw) received_client_key_bytes = received_client_public_key.public_bytes( encoding=Encoding.Raw, format=PublicFormat.Raw) assert received_client_key_bytes == source_client_key_bytes, "Bad client auth" reply_packet = server_reply_handler(received_message) round_trip_message = client_reply_handler(reply_packet) assert round_trip_message == test_message, "Round trip failed"
def test_round_trip_client_auth(): server_private_key, server_public_key = pssst.generate_key_pair( cipher_suite=pssst.CipherSuite.X25519_AESGCM128) client_private_key, client_public_key = pssst.generate_key_pair( cipher_suite=pssst.CipherSuite.X25519_AESGCM128) client = pssst.PSSSTClient(server_public_key, client_private_key) server = pssst.PSSSTServer(server_private_key) test_message = b"This is a test message" request_packet, client_reply_handler = client.pack_request(test_message) received_message, received_client_public_key, server_reply_handler = server.unpack_request( request_packet) assert received_message == test_message, "Message didn't arrive intact" source_client_key_bytes = client_public_key.public_bytes( encoding=Encoding.Raw, format=PublicFormat.Raw) received_client_key_bytes = received_client_public_key.public_bytes( encoding=Encoding.Raw, format=PublicFormat.Raw) assert received_client_key_bytes == source_client_key_bytes, "Bad client auth" reply_packet = server_reply_handler(received_message) round_trip_message = client_reply_handler(reply_packet) assert round_trip_message == test_message, "Round trip failed"
def test_unsupported_ciphers(): with pytest.raises(pssst.PSSSTUnsupportedCipher): pssst.generate_key_pair(cipher_suite=pssst.CipherSuite.NONE) with pytest.raises(pssst.PSSSTUnsupportedCipher): pssst.PSSSTClient(b'\x55'*32, cipher_suite=pssst.CipherSuite.NONE) with pytest.raises(pssst.PSSSTUnsupportedCipher): pssst.PSSSTServer(b'\x55'*32, cipher_suite=pssst.CipherSuite.NONE)
def test_round_trip_text_keys(): client = pssst.PSSSTClient(k1_pub) server = pssst.PSSSTServer(k1_priv) test_message = b"This is a test message" request_packet, client_reply_handler = client.pack_request(test_message) received_message, client_public_key, server_reply_handler = server.unpack_request( request_packet) assert received_message == test_message reply_packet = server_reply_handler(received_message) round_trip_message = client_reply_handler(reply_packet) assert round_trip_message == test_message
def main(public_key, client_key_file, port, iterations, payload, threads): if client_key_file: private_key_text = open(client_key_file).readline().strip() private_key = X25519PrivateKey.from_private_bytes( bytes.fromhex(private_key_text)) else: private_key = None client = pssst.PSSSTClient(public_key, private_key) payload = payload.encode("UTF8") result_list = [] tests = [client.pack_request(payload) for _ in range(iterations)] def send_tests(test_subset): replies = 0 start_time = time.time() with closing(socket.socket(socket.AF_INET, socket.SOCK_DGRAM)) as client_socket: client_socket.settimeout(0.25) for packet, reply_handler in test_subset: client_socket.sendto(packet, ('127.0.0.1', port)) try: client_socket.recvfrom(2048) replies += 1 except socket.timeout: pass end_time = time.time() result_list.append((len(test_subset), replies, end_time - start_time)) chops = [(iterations * i) // threads for i in range(threads + 1)] thread_list = [ Thread(target=send_tests, args=(tests[chops[i]:chops[i + 1]], )) for i in range(threads) ] for t in thread_list: t.start() for t in thread_list: t.join() total_sent = sum(row[0] for row in result_list) total_received = sum(row[1] for row in result_list) duration = max(row[2] for row in result_list) print("Sent: {}, received: {}, total time: {:.2f}".format( total_sent, total_received, duration))
def test_round_trip(): server_private_key, server_public_key = pssst.generate_key_pair( cipher_suite=pssst.CipherSuite.X25519_AESGCM128) client = pssst.PSSSTClient(server_public_key) server = pssst.PSSSTServer(server_private_key) test_message = b"This is a test message" request_packet, client_reply_handler = client.pack_request(test_message) received_message, client_public_key, server_reply_handler = server.unpack_request( request_packet) assert received_message == test_message reply_packet = server_reply_handler(received_message) round_trip_message = client_reply_handler(reply_packet) assert round_trip_message == test_message
def main(): server_private_key, server_public_key = pssst.generate_key_pair() client = pssst.PSSSTClient(server_public_key) server = pssst.PSSSTServer(server_private_key) request_message = b"The Magic Words are Squeamish Ossifrage" # Pack the message with the client and unpack it with the server request_packet, client_reply_handler = client.pack_request(request_message) received_request, client_auth_key, server_reply_handler = server.unpack_request( request_packet) # Echo the request back from the server to the client reply_packet = server_reply_handler(received_request) received_reply = client_reply_handler(reply_packet) if received_reply == request_message: print("Success") else: print("Failed!")
def client(keys): server_private_key, server_public_key, client_private_key, client_public_key = keys client = pssst.PSSSTClient(server_public_key, client_private_key) return client
def compat_test(suite): cipher_suite = pssst.CipherSuite(suite) server_priv, server_pub = pssst.generate_key_pair(cipher_suite) client_priv, client_pub = pssst.generate_key_pair(cipher_suite) s_pub_bytes = server_pub.public_bytes(encoding=Encoding.Raw, format=PublicFormat.Raw) c_pub_bytes = client_pub.public_bytes(encoding=Encoding.Raw, format=PublicFormat.Raw) emit_msg(SERVER_KEY, s_pub_bytes) emit_msg(CLIENT_KEY, c_pub_bytes) plaintext = os.urandom(64) incoming_plaintext = None emit_msg(PLAINTEXT, plaintext) server = pssst.PSSSTServer(server_priv, cipher_suite=cipher_suite) remote_client_key = None client = None auth_client = None client_handler = None auth_client_handler = None replies = 0 while replies < 2: tag, value = get_msg() if tag == SERVER_KEY: client = pssst.PSSSTClient(value, cipher_suite=cipher_suite) auth_client = pssst.PSSSTClient(value, client_priv, cipher_suite=cipher_suite) packet, client_handler = client.pack_request(plaintext) emit_msg(REQUEST, packet) packet, auth_client_handler = auth_client.pack_request(plaintext) emit_msg(REQUEST_AUTH, packet) elif tag == CLIENT_KEY: remote_client_key = value elif tag == PLAINTEXT: incoming_plaintext = value elif tag == REQUEST: request_msg, auth_key, reply_handler = server.unpack_request(value) assert request_msg == incoming_plaintext, "Decrypted plaintext did not match" assert auth_key == None, "Auth key provided for non-auth message" reply_msg = bytes(reversed(request_msg)) reply_packet = reply_handler(reply_msg) emit_msg(REPLY, reply_packet) replies += 1 elif tag == REQUEST_AUTH: request_msg, auth_key, reply_handler = server.unpack_request(value) assert request_msg == incoming_plaintext, "Decrypted plaintext did not match (auth)" auth_key_bytes = auth_key.public_bytes(encoding=Encoding.Raw, format=PublicFormat.Raw) assert auth_key_bytes == remote_client_key, ( "Auth key did not match", auth_key, remote_client_key) reply_msg = bytes(reversed(request_msg)) reply_packet = reply_handler(reply_msg) emit_msg(REPLY_AUTH, reply_packet) elif tag == REPLY: reply_msg = client_handler(value) assert reply_msg == bytes( reversed(plaintext)), "Reply bytes did not match" replies += 1 if replies == 2: emit_msg(DONE) elif tag == REPLY_AUTH: reply_msg = auth_client_handler(value) assert reply_msg == bytes( reversed(plaintext)), "Reply bytes did not match" replies += 1 if replies == 2: emit_msg(DONE) elif tag == DONE: break