Beispiel #1
0
def test_round_trip_client_auth():
    server_private_key, server_public_key = pssst.generate_key_pair(
        cipher_suite=pssst.CipherSuite.X25519_AESGCM128)
    client_private_key, client_public_key = pssst.generate_key_pair(
        cipher_suite=pssst.CipherSuite.X25519_AESGCM128)

    client = pssst.PSSSTClient(server_public_key, client_private_key)
    server = pssst.PSSSTServer(server_private_key)

    test_message = b"This is a test message"

    request_packet, client_reply_handler = client.pack_request(test_message)
    received_message, received_client_public_key, server_reply_handler = server.unpack_request(
        request_packet)

    assert received_message == test_message, "Message didn't arrive intact"

    source_client_key_bytes = client_public_key.public_bytes(
        encoding=Encoding.Raw, format=PublicFormat.Raw)
    received_client_key_bytes = received_client_public_key.public_bytes(
        encoding=Encoding.Raw, format=PublicFormat.Raw)

    assert received_client_key_bytes == source_client_key_bytes, "Bad client auth"

    reply_packet = server_reply_handler(received_message)
    round_trip_message = client_reply_handler(reply_packet)

    assert round_trip_message == test_message, "Round trip failed"
Beispiel #2
0
def main(key_file, port):
    if key_file:
        private_key_text = open(key_file).readline().strip()
        private_key = X25519PrivateKey.from_private_bytes(
            bytes.fromhex(private_key_text))
    else:
        private_key = X25519PrivateKey.generate()

    print(
        "Server public key: ",
        private_key.public_key().public_bytes(encoding=Encoding.Raw,
                                              format=PublicFormat.Raw).hex())

    server_handler = pssst.PSSSTServer(private_key)

    with closing(socket.socket(socket.AF_INET,
                               socket.SOCK_DGRAM)) as server_socket:
        server_socket.bind(('127.0.0.1', port))
        while True:
            packet, client_addr = server_socket.recvfrom(2048)
            try:
                data, client_key, reply_handler = server_handler.unpack_request(
                    packet)

                reply_packet = reply_handler(data)
                server_socket.sendto(reply_packet, client_addr)
            except pssst.PSSSTException as e:
                print("Server Exception: {}".format(e))
Beispiel #3
0
def test_round_trip_client_auth_text_keys():
    client = pssst.PSSSTClient(k1_pub, k2_priv)
    server = pssst.PSSSTServer(k1_priv)
    client_public_key = X25519PublicKey.from_public_bytes(
        bytes.fromhex(k2_pub))

    test_message = b"This is a test message"

    request_packet, client_reply_handler = client.pack_request(test_message)
    received_message, received_client_public_key, server_reply_handler = server.unpack_request(
        request_packet)

    assert received_message == test_message, "Message didn't arrive intact"

    source_client_key_bytes = client_public_key.public_bytes(
        encoding=Encoding.Raw, format=PublicFormat.Raw)
    received_client_key_bytes = received_client_public_key.public_bytes(
        encoding=Encoding.Raw, format=PublicFormat.Raw)

    assert received_client_key_bytes == source_client_key_bytes, "Bad client auth"

    reply_packet = server_reply_handler(received_message)
    round_trip_message = client_reply_handler(reply_packet)

    assert round_trip_message == test_message, "Round trip failed"
Beispiel #4
0
def test_unsupported_ciphers():
    with pytest.raises(pssst.PSSSTUnsupportedCipher):
        pssst.generate_key_pair(cipher_suite=pssst.CipherSuite.NONE)

    with pytest.raises(pssst.PSSSTUnsupportedCipher):
        pssst.PSSSTClient(b'\x55'*32, cipher_suite=pssst.CipherSuite.NONE)

    with pytest.raises(pssst.PSSSTUnsupportedCipher):
        pssst.PSSSTServer(b'\x55'*32, cipher_suite=pssst.CipherSuite.NONE)
Beispiel #5
0
def test_load_key_strings_long():
    with pytest.raises(ValueError):
        client = pssst.PSSSTClient(k1_pub + 'ff')

    with pytest.raises(ValueError):
        client = pssst.PSSSTClient(k1_pub, k2_priv + 'ff')

    with pytest.raises(ValueError):
        client = pssst.PSSSTServer(k1_priv + 'ff')
Beispiel #6
0
def test_load_key_strings_short():
    with pytest.raises(ValueError):
        client = pssst.PSSSTClient(k1_pub[:-1])

    with pytest.raises(ValueError):
        client = pssst.PSSSTClient(k1_pub, k2_priv[:-1])

    with pytest.raises(ValueError):
        client = pssst.PSSSTServer(k1_priv[:-1])
Beispiel #7
0
def test_round_trip_text_keys():
    client = pssst.PSSSTClient(k1_pub)
    server = pssst.PSSSTServer(k1_priv)

    test_message = b"This is a test message"

    request_packet, client_reply_handler = client.pack_request(test_message)
    received_message, client_public_key, server_reply_handler = server.unpack_request(
        request_packet)

    assert received_message == test_message

    reply_packet = server_reply_handler(received_message)
    round_trip_message = client_reply_handler(reply_packet)

    assert round_trip_message == test_message
Beispiel #8
0
def test_round_trip():
    server_private_key, server_public_key = pssst.generate_key_pair(
        cipher_suite=pssst.CipherSuite.X25519_AESGCM128)

    client = pssst.PSSSTClient(server_public_key)
    server = pssst.PSSSTServer(server_private_key)

    test_message = b"This is a test message"

    request_packet, client_reply_handler = client.pack_request(test_message)
    received_message, client_public_key, server_reply_handler = server.unpack_request(
        request_packet)

    assert received_message == test_message

    reply_packet = server_reply_handler(received_message)
    round_trip_message = client_reply_handler(reply_packet)

    assert round_trip_message == test_message
Beispiel #9
0
def main():
    server_private_key, server_public_key = pssst.generate_key_pair()

    client = pssst.PSSSTClient(server_public_key)
    server = pssst.PSSSTServer(server_private_key)

    request_message = b"The Magic Words are Squeamish Ossifrage"

    # Pack the message with the client and unpack it with the server
    request_packet, client_reply_handler = client.pack_request(request_message)
    received_request, client_auth_key, server_reply_handler = server.unpack_request(
        request_packet)

    # Echo the request back from the server to the client
    reply_packet = server_reply_handler(received_request)
    received_reply = client_reply_handler(reply_packet)

    if received_reply == request_message:
        print("Success")
    else:
        print("Failed!")
Beispiel #10
0
def server(keys):
    server_private_key, server_public_key, client_private_key, client_public_key = keys
    server = pssst.PSSSTServer(server_private_key)

    return server
Beispiel #11
0
def compat_test(suite):
    cipher_suite = pssst.CipherSuite(suite)

    server_priv, server_pub = pssst.generate_key_pair(cipher_suite)
    client_priv, client_pub = pssst.generate_key_pair(cipher_suite)

    s_pub_bytes = server_pub.public_bytes(encoding=Encoding.Raw,
                                          format=PublicFormat.Raw)
    c_pub_bytes = client_pub.public_bytes(encoding=Encoding.Raw,
                                          format=PublicFormat.Raw)

    emit_msg(SERVER_KEY, s_pub_bytes)
    emit_msg(CLIENT_KEY, c_pub_bytes)

    plaintext = os.urandom(64)
    incoming_plaintext = None

    emit_msg(PLAINTEXT, plaintext)
    server = pssst.PSSSTServer(server_priv, cipher_suite=cipher_suite)

    remote_client_key = None

    client = None
    auth_client = None

    client_handler = None
    auth_client_handler = None

    replies = 0

    while replies < 2:
        tag, value = get_msg()
        if tag == SERVER_KEY:
            client = pssst.PSSSTClient(value, cipher_suite=cipher_suite)
            auth_client = pssst.PSSSTClient(value,
                                            client_priv,
                                            cipher_suite=cipher_suite)

            packet, client_handler = client.pack_request(plaintext)
            emit_msg(REQUEST, packet)

            packet, auth_client_handler = auth_client.pack_request(plaintext)
            emit_msg(REQUEST_AUTH, packet)
        elif tag == CLIENT_KEY:
            remote_client_key = value
        elif tag == PLAINTEXT:
            incoming_plaintext = value
        elif tag == REQUEST:
            request_msg, auth_key, reply_handler = server.unpack_request(value)
            assert request_msg == incoming_plaintext, "Decrypted plaintext did not match"
            assert auth_key == None, "Auth key provided for non-auth message"
            reply_msg = bytes(reversed(request_msg))
            reply_packet = reply_handler(reply_msg)
            emit_msg(REPLY, reply_packet)
            replies += 1
        elif tag == REQUEST_AUTH:
            request_msg, auth_key, reply_handler = server.unpack_request(value)
            assert request_msg == incoming_plaintext, "Decrypted plaintext did not match (auth)"
            auth_key_bytes = auth_key.public_bytes(encoding=Encoding.Raw,
                                                   format=PublicFormat.Raw)
            assert auth_key_bytes == remote_client_key, (
                "Auth key did not match", auth_key, remote_client_key)
            reply_msg = bytes(reversed(request_msg))
            reply_packet = reply_handler(reply_msg)
            emit_msg(REPLY_AUTH, reply_packet)
        elif tag == REPLY:
            reply_msg = client_handler(value)
            assert reply_msg == bytes(
                reversed(plaintext)), "Reply bytes did not match"
            replies += 1
            if replies == 2:
                emit_msg(DONE)
        elif tag == REPLY_AUTH:
            reply_msg = auth_client_handler(value)
            assert reply_msg == bytes(
                reversed(plaintext)), "Reply bytes did not match"
            replies += 1
            if replies == 2:
                emit_msg(DONE)
        elif tag == DONE:
            break