def test_valid_id_nonce_signature_validation(private_key, id_nonce,
ephemeral_key):
ephemeral_public_key = PrivateKey(ephemeral_key).public_key.to_bytes()
signature = V4HandshakeScheme.create_id_nonce_signature(
signature_inputs=SignatureInputs(id_nonce, ephemeral_public_key),
private_key=private_key,
)
public_key = PrivateKey(private_key).public_key.to_compressed_bytes()
V4HandshakeScheme.validate_id_nonce_signature(
signature_inputs=SignatureInputs(id_nonce, ephemeral_public_key),
signature=signature,
public_key=public_key,
)
def test_official_id_nonce_signature(id_nonce, ephemeral_public_key,
local_secret_key, id_nonce_signature):
created_signature = V4HandshakeScheme.create_id_nonce_signature(
signature_inputs=SignatureInputs(id_nonce, ephemeral_public_key),
private_key=local_secret_key,
)
assert created_signature == id_nonce_signature
def test_official_auth_header_packet_preparation(
tag,
auth_tag,
id_nonce,
encoded_message,
local_private_key,
auth_response_key,
encryption_key,
ephemeral_public_key,
auth_message_rlp,
):
message_type_id = encoded_message[0]
message_type = v5_registry[message_type_id]
message = rlp.decode(encoded_message[1:], message_type)
assert message.to_bytes() == encoded_message
id_nonce_signature = V4HandshakeScheme.create_id_nonce_signature(
signature_inputs=SignatureInputs(id_nonce, ephemeral_public_key),
private_key=local_private_key,
)
packet = AuthHeaderPacket.prepare(
tag=tag,
auth_tag=auth_tag,
id_nonce=id_nonce,
message=message,
initiator_key=encryption_key,
id_nonce_signature=id_nonce_signature,
auth_response_key=auth_response_key,
enr=None,
ephemeral_public_key=ephemeral_public_key,
)
packet_wire_bytes = packet.to_wire_bytes()
assert packet_wire_bytes == auth_message_rlp
def test_id_nonce_signing(private_key, id_nonce, ephemeral_key):
ephemeral_public_key = PrivateKey(ephemeral_key).public_key.to_bytes()
signature = V4HandshakeScheme.create_id_nonce_signature(
signature_inputs=SignatureInputs(id_nonce, ephemeral_public_key),
private_key=private_key,
)
signature_object = NonRecoverableSignature(signature)
message_hash = sha256(ID_NONCE_SIGNATURE_PREFIX + id_nonce +
ephemeral_public_key).digest()
assert signature_object.verify_msg_hash(message_hash,
PrivateKey(private_key).public_key)
def test_session_key_derivation(initiator_private_key, recipient_private_key,
id_nonce):
initiator_private_key_object = PrivateKey(initiator_private_key)
recipient_private_key_object = PrivateKey(recipient_private_key)
initiator_public_key = initiator_private_key_object.public_key.to_bytes()
recipient_public_key = recipient_private_key_object.public_key.to_bytes()
initiator_node_id = keccak(
initiator_private_key_object.public_key.to_bytes())
recipient_node_id = keccak(
recipient_private_key_object.public_key.to_bytes())
initiator_session_keys = V4HandshakeScheme.compute_session_keys(
local_private_key=initiator_private_key,
remote_public_key=recipient_public_key,
local_node_id=initiator_node_id,
remote_node_id=recipient_node_id,
salt=id_nonce,
is_locally_initiated=True,
)
recipient_session_keys = V4HandshakeScheme.compute_session_keys(
local_private_key=recipient_private_key,
remote_public_key=initiator_public_key,
local_node_id=recipient_node_id,
remote_node_id=initiator_node_id,
salt=id_nonce,
is_locally_initiated=False,
)
assert (initiator_session_keys.auth_response_key ==
recipient_session_keys.auth_response_key)
assert (initiator_session_keys.encryption_key ==
recipient_session_keys.decryption_key)
assert (initiator_session_keys.decryption_key ==
recipient_session_keys.encryption_key)
def test_official_auth_response_encryption(
secret_key, id_nonce, enr, auth_response_key, ephemeral_public_key, auth_cipher_text
):
id_nonce_signature = V4HandshakeScheme.create_id_nonce_signature(
signature_inputs=SignatureInputs(id_nonce, ephemeral_public_key),
private_key=secret_key,
)
assert (
compute_encrypted_auth_response(
auth_response_key=auth_response_key,
id_nonce_signature=id_nonce_signature,
enr=enr,
)
== auth_cipher_text
)
def test_invalid_id_nonce_signature_validation():
id_nonce = b"\xff" * 10
private_key = b"\x11" * 32
ephemeral_public_key = b"\x22" * 64
signature = V4HandshakeScheme.create_id_nonce_signature(
signature_inputs=SignatureInputs(id_nonce, ephemeral_public_key),
private_key=private_key,
)
public_key = PrivateKey(private_key).public_key.to_compressed_bytes()
different_public_key = PrivateKey(b"\x22" *
32).public_key.to_compressed_bytes()
different_id_nonce = b"\x00" * 10
different_ephemeral_public_key = b"\x00" * 64
assert different_public_key != public_key
assert different_id_nonce != id_nonce
assert different_ephemeral_public_key != ephemeral_public_key
with pytest.raises(ValidationError):
V4HandshakeScheme.validate_id_nonce_signature(
signature_inputs=SignatureInputs(id_nonce, ephemeral_public_key),
signature=signature,
public_key=different_public_key,
)
with pytest.raises(ValidationError):
V4HandshakeScheme.validate_id_nonce_signature(
signature_inputs=SignatureInputs(different_id_nonce,
ephemeral_public_key),
signature=signature,
public_key=public_key,
)
with pytest.raises(ValidationError):
V4HandshakeScheme.validate_id_nonce_signature(
signature_inputs=SignatureInputs(id_nonce,
different_ephemeral_public_key),
signature=signature,
public_key=public_key,
)
def test_handshake_public_key_validation_invalid(public_key):
with pytest.raises(ValidationError):
V4HandshakeScheme.validate_handshake_public_key(public_key)
def test_handshake_public_key_validation_valid(public_key):
V4HandshakeScheme.validate_handshake_public_key(public_key)
def test_handshake_key_generation():
private_key, public_key = V4HandshakeScheme.create_handshake_key_pair()
V4HandshakeScheme.validate_uncompressed_public_key(public_key)
V4HandshakeScheme.validate_handshake_public_key(public_key)
assert PrivateKey(private_key).public_key.to_bytes() == public_key