def test_round_trip_client_auth():
server_private_key, server_public_key = pssst.generate_key_pair(
cipher_suite=pssst.CipherSuite.X25519_AESGCM128)
client_private_key, client_public_key = pssst.generate_key_pair(
cipher_suite=pssst.CipherSuite.X25519_AESGCM128)
client = pssst.PSSSTClient(server_public_key, client_private_key)
server = pssst.PSSSTServer(server_private_key)
test_message = b"This is a test message"
request_packet, client_reply_handler = client.pack_request(test_message)
received_message, received_client_public_key, server_reply_handler = server.unpack_request(
request_packet)
assert received_message == test_message, "Message didn't arrive intact"
source_client_key_bytes = client_public_key.public_bytes(
encoding=Encoding.Raw, format=PublicFormat.Raw)
received_client_key_bytes = received_client_public_key.public_bytes(
encoding=Encoding.Raw, format=PublicFormat.Raw)
assert received_client_key_bytes == source_client_key_bytes, "Bad client auth"
reply_packet = server_reply_handler(received_message)
round_trip_message = client_reply_handler(reply_packet)
assert round_trip_message == test_message, "Round trip failed"
def main(key_file, port):
if key_file:
private_key_text = open(key_file).readline().strip()
private_key = X25519PrivateKey.from_private_bytes(
bytes.fromhex(private_key_text))
else:
private_key = X25519PrivateKey.generate()
print(
"Server public key: ",
private_key.public_key().public_bytes(encoding=Encoding.Raw,
format=PublicFormat.Raw).hex())
server_handler = pssst.PSSSTServer(private_key)
with closing(socket.socket(socket.AF_INET,
socket.SOCK_DGRAM)) as server_socket:
server_socket.bind(('127.0.0.1', port))
while True:
packet, client_addr = server_socket.recvfrom(2048)
try:
data, client_key, reply_handler = server_handler.unpack_request(
packet)
reply_packet = reply_handler(data)
server_socket.sendto(reply_packet, client_addr)
except pssst.PSSSTException as e:
print("Server Exception: {}".format(e))
def test_round_trip_client_auth_text_keys():
client = pssst.PSSSTClient(k1_pub, k2_priv)
server = pssst.PSSSTServer(k1_priv)
client_public_key = X25519PublicKey.from_public_bytes(
bytes.fromhex(k2_pub))
test_message = b"This is a test message"
request_packet, client_reply_handler = client.pack_request(test_message)
received_message, received_client_public_key, server_reply_handler = server.unpack_request(
request_packet)
assert received_message == test_message, "Message didn't arrive intact"
source_client_key_bytes = client_public_key.public_bytes(
encoding=Encoding.Raw, format=PublicFormat.Raw)
received_client_key_bytes = received_client_public_key.public_bytes(
encoding=Encoding.Raw, format=PublicFormat.Raw)
assert received_client_key_bytes == source_client_key_bytes, "Bad client auth"
reply_packet = server_reply_handler(received_message)
round_trip_message = client_reply_handler(reply_packet)
assert round_trip_message == test_message, "Round trip failed"
def test_unsupported_ciphers():
with pytest.raises(pssst.PSSSTUnsupportedCipher):
pssst.generate_key_pair(cipher_suite=pssst.CipherSuite.NONE)
with pytest.raises(pssst.PSSSTUnsupportedCipher):
pssst.PSSSTClient(b'\x55'*32, cipher_suite=pssst.CipherSuite.NONE)
with pytest.raises(pssst.PSSSTUnsupportedCipher):
pssst.PSSSTServer(b'\x55'*32, cipher_suite=pssst.CipherSuite.NONE)
def test_load_key_strings_long():
with pytest.raises(ValueError):
client = pssst.PSSSTClient(k1_pub + 'ff')
with pytest.raises(ValueError):
client = pssst.PSSSTClient(k1_pub, k2_priv + 'ff')
with pytest.raises(ValueError):
client = pssst.PSSSTServer(k1_priv + 'ff')
def test_load_key_strings_short():
with pytest.raises(ValueError):
client = pssst.PSSSTClient(k1_pub[:-1])
with pytest.raises(ValueError):
client = pssst.PSSSTClient(k1_pub, k2_priv[:-1])
with pytest.raises(ValueError):
client = pssst.PSSSTServer(k1_priv[:-1])
def test_round_trip_text_keys():
client = pssst.PSSSTClient(k1_pub)
server = pssst.PSSSTServer(k1_priv)
test_message = b"This is a test message"
request_packet, client_reply_handler = client.pack_request(test_message)
received_message, client_public_key, server_reply_handler = server.unpack_request(
request_packet)
assert received_message == test_message
reply_packet = server_reply_handler(received_message)
round_trip_message = client_reply_handler(reply_packet)
assert round_trip_message == test_message
def test_round_trip():
server_private_key, server_public_key = pssst.generate_key_pair(
cipher_suite=pssst.CipherSuite.X25519_AESGCM128)
client = pssst.PSSSTClient(server_public_key)
server = pssst.PSSSTServer(server_private_key)
test_message = b"This is a test message"
request_packet, client_reply_handler = client.pack_request(test_message)
received_message, client_public_key, server_reply_handler = server.unpack_request(
request_packet)
assert received_message == test_message
reply_packet = server_reply_handler(received_message)
round_trip_message = client_reply_handler(reply_packet)
assert round_trip_message == test_message
def main():
server_private_key, server_public_key = pssst.generate_key_pair()
client = pssst.PSSSTClient(server_public_key)
server = pssst.PSSSTServer(server_private_key)
request_message = b"The Magic Words are Squeamish Ossifrage"
# Pack the message with the client and unpack it with the server
request_packet, client_reply_handler = client.pack_request(request_message)
received_request, client_auth_key, server_reply_handler = server.unpack_request(
request_packet)
# Echo the request back from the server to the client
reply_packet = server_reply_handler(received_request)
received_reply = client_reply_handler(reply_packet)
if received_reply == request_message:
print("Success")
else:
print("Failed!")
def server(keys):
server_private_key, server_public_key, client_private_key, client_public_key = keys
server = pssst.PSSSTServer(server_private_key)
return server
def compat_test(suite):
cipher_suite = pssst.CipherSuite(suite)
server_priv, server_pub = pssst.generate_key_pair(cipher_suite)
client_priv, client_pub = pssst.generate_key_pair(cipher_suite)
s_pub_bytes = server_pub.public_bytes(encoding=Encoding.Raw,
format=PublicFormat.Raw)
c_pub_bytes = client_pub.public_bytes(encoding=Encoding.Raw,
format=PublicFormat.Raw)
emit_msg(SERVER_KEY, s_pub_bytes)
emit_msg(CLIENT_KEY, c_pub_bytes)
plaintext = os.urandom(64)
incoming_plaintext = None
emit_msg(PLAINTEXT, plaintext)
server = pssst.PSSSTServer(server_priv, cipher_suite=cipher_suite)
remote_client_key = None
client = None
auth_client = None
client_handler = None
auth_client_handler = None
replies = 0
while replies < 2:
tag, value = get_msg()
if tag == SERVER_KEY:
client = pssst.PSSSTClient(value, cipher_suite=cipher_suite)
auth_client = pssst.PSSSTClient(value,
client_priv,
cipher_suite=cipher_suite)
packet, client_handler = client.pack_request(plaintext)
emit_msg(REQUEST, packet)
packet, auth_client_handler = auth_client.pack_request(plaintext)
emit_msg(REQUEST_AUTH, packet)
elif tag == CLIENT_KEY:
remote_client_key = value
elif tag == PLAINTEXT:
incoming_plaintext = value
elif tag == REQUEST:
request_msg, auth_key, reply_handler = server.unpack_request(value)
assert request_msg == incoming_plaintext, "Decrypted plaintext did not match"
assert auth_key == None, "Auth key provided for non-auth message"
reply_msg = bytes(reversed(request_msg))
reply_packet = reply_handler(reply_msg)
emit_msg(REPLY, reply_packet)
replies += 1
elif tag == REQUEST_AUTH:
request_msg, auth_key, reply_handler = server.unpack_request(value)
assert request_msg == incoming_plaintext, "Decrypted plaintext did not match (auth)"
auth_key_bytes = auth_key.public_bytes(encoding=Encoding.Raw,
format=PublicFormat.Raw)
assert auth_key_bytes == remote_client_key, (
"Auth key did not match", auth_key, remote_client_key)
reply_msg = bytes(reversed(request_msg))
reply_packet = reply_handler(reply_msg)
emit_msg(REPLY_AUTH, reply_packet)
elif tag == REPLY:
reply_msg = client_handler(value)
assert reply_msg == bytes(
reversed(plaintext)), "Reply bytes did not match"
replies += 1
if replies == 2:
emit_msg(DONE)
elif tag == REPLY_AUTH:
reply_msg = auth_client_handler(value)
assert reply_msg == bytes(
reversed(plaintext)), "Reply bytes did not match"
replies += 1
if replies == 2:
emit_msg(DONE)
elif tag == DONE:
break