def _safecookie_authchallenge(self, reply):
"""
Callback on AUTHCHALLENGE SAFECOOKIE
"""
if self._cookie_data is None:
raise RuntimeError("Cookie data not read.")
kw = parse_keywords(reply.replace(' ', '\n'))
server_hash = base64.b16decode(kw['SERVERHASH'])
server_nonce = base64.b16decode(kw['SERVERNONCE'])
# FIXME put string in global. or something.
expected_server_hash = hmac_sha256(
"Tor safe cookie authentication server-to-controller hash",
self._cookie_data + self.client_nonce + server_nonce
)
if not compare_via_hash(expected_server_hash, server_hash):
raise RuntimeError(
'Server hash not expected; wanted "%s" and got "%s".' %
(base64.b16encode(expected_server_hash),
base64.b16encode(server_hash))
)
client_hash = hmac_sha256(
"Tor safe cookie authentication controller-to-server hash",
self._cookie_data + self.client_nonce + server_nonce
)
client_hash_hex = base64.b16encode(client_hash)
return self.queue_command('AUTHENTICATE %s' % client_hash_hex)
def _safecookie_authchallenge(self, reply):
"""
Callback on AUTHCHALLENGE SAFECOOKIE
"""
if self._cookie_data is None:
raise RuntimeError("Cookie data not read.")
kw = parse_keywords(reply.replace(' ', '\n'))
server_hash = base64.b16decode(kw['SERVERHASH'])
server_nonce = base64.b16decode(kw['SERVERNONCE'])
# FIXME put string in global. or something.
expected_server_hash = hmac_sha256(
"Tor safe cookie authentication server-to-controller hash",
self._cookie_data + self.client_nonce + server_nonce
)
if not compare_via_hash(expected_server_hash, server_hash):
raise RuntimeError(
'Server hash not expected; wanted "%s" and got "%s".' %
(base64.b16encode(expected_server_hash),
base64.b16encode(server_hash))
)
client_hash = hmac_sha256(
"Tor safe cookie authentication controller-to-server hash",
self._cookie_data + self.client_nonce + server_nonce
)
client_hash_hex = base64.b16encode(client_hash)
return self.queue_command('AUTHENTICATE %s' % client_hash_hex)
def test_authenticate_safecookie(self):
with tempfile.NamedTemporaryFile() as cookietmp:
cookiedata = bytes(bytearray([0] * 32))
cookietmp.write(cookiedata)
cookietmp.flush()
self.protocol._do_authenticate('''PROTOCOLINFO 1
AUTH METHODS=SAFECOOKIE COOKIEFILE="{}"
VERSION Tor="0.2.2.35"
OK'''.format(cookietmp.name))
self.assertTrue(
b'AUTHCHALLENGE SAFECOOKIE ' in self.transport.value())
x = self.transport.value().split()[-1]
client_nonce = a2b_hex(x)
self.transport.clear()
server_nonce = bytes(bytearray([0] * 32))
server_hash = hmac_sha256(
b"Tor safe cookie authentication server-to-controller hash",
cookiedata + client_nonce + server_nonce,
)
self.send(b'250 AUTHCHALLENGE SERVERHASH=' +
base64.b16encode(server_hash) + b' SERVERNONCE=' +
base64.b16encode(server_nonce) + b'\r\n')
self.assertTrue(b'AUTHENTICATE ' in self.transport.value())
def test_authenticate_safecookie(self):
with tempfile.NamedTemporaryFile() as cookietmp:
cookiedata = str(bytearray([0] * 32))
cookietmp.write(cookiedata)
cookietmp.flush()
self.protocol._do_authenticate('''PROTOCOLINFO 1
AUTH METHODS=SAFECOOKIE COOKIEFILE="%s"
VERSION Tor="0.2.2.35"
OK''' % cookietmp.name)
self.assertTrue(
'AUTHCHALLENGE SAFECOOKIE ' in self.transport.value()
)
client_nonce = base64.b16decode(self.transport.value().split()[-1])
self.transport.clear()
server_nonce = str(bytearray([0] * 32))
server_hash = hmac_sha256(
"Tor safe cookie authentication server-to-controller hash",
cookiedata + client_nonce + server_nonce
)
self.send(
'250 AUTHCHALLENGE SERVERHASH=%s SERVERNONCE=%s' %
(base64.b16encode(server_hash), base64.b16encode(server_nonce))
)
self.assertTrue('AUTHENTICATE ' in self.transport.value())
def test_authenticate_safecookie(self):
with tempfile.NamedTemporaryFile() as cookietmp:
cookiedata = bytes(bytearray([0] * 32))
cookietmp.write(cookiedata)
cookietmp.flush()
self.protocol._do_authenticate('''PROTOCOLINFO 1
AUTH METHODS=SAFECOOKIE COOKIEFILE="{}"
VERSION Tor="0.2.2.35"
OK'''.format(cookietmp.name))
self.assertTrue(
b'AUTHCHALLENGE SAFECOOKIE ' in self.transport.value()
)
x = self.transport.value().split()[-1]
client_nonce = a2b_hex(x)
self.transport.clear()
server_nonce = bytes(bytearray([0] * 32))
server_hash = hmac_sha256(
b"Tor safe cookie authentication server-to-controller hash",
cookiedata + client_nonce + server_nonce,
)
self.send(
b'250 AUTHCHALLENGE SERVERHASH=' +
base64.b16encode(server_hash) + b' SERVERNONCE=' +
base64.b16encode(server_nonce) + b'\r\n'
)
self.assertTrue(b'AUTHENTICATE ' in self.transport.value())
def test_authenticate_safecookie(self):
with tempfile.NamedTemporaryFile() as cookietmp:
cookiedata = str(bytearray([0] * 32))
cookietmp.write(cookiedata)
cookietmp.flush()
self.protocol._do_authenticate('''PROTOCOLINFO 1
AUTH METHODS=SAFECOOKIE COOKIEFILE="%s"
VERSION Tor="0.2.2.35"
OK''' % cookietmp.name)
self.assertTrue(
'AUTHCHALLENGE SAFECOOKIE ' in self.transport.value())
client_nonce = base64.b16decode(self.transport.value().split()[-1])
self.transport.clear()
server_nonce = str(bytearray([0] * 32))
server_hash = hmac_sha256(
"Tor safe cookie authentication server-to-controller hash",
cookiedata + client_nonce + server_nonce)
self.send('250 AUTHCHALLENGE SERVERHASH=%s SERVERNONCE=%s' %
(base64.b16encode(server_hash),
base64.b16encode(server_nonce)))
self.assertTrue('AUTHENTICATE ' in self.transport.value())
