def testServerChallengeRespHashEncryption(self):
sha1 = Sha1PairingHash()
saltAsHex = "10A5CEFEAFE3BEACB892DEFAE5317C30"
pin = "1234"
salt = PairingManager.hex_to_bytes(saltAsHex)
saltAndPin = PairingManager.salt_pin(salt, pin)
aesKey = PairingManager.generate_aes_key(sha1, saltAndPin)
getCertResponse = "<?xml version=\"1.0\" encoding=\"UTF-16\"?><root protocol_version=\"0.1\" query=\"pair\" status_code=\"200\" status_message=\"OK\"><challengeresponse></challengeresponse><encodedcipher></encodedcipher><isBusy>0</isBusy><paired>1</paired><pairingsecret></pairingsecret><plaincert>2D2D2D2D2D424547494E2043455254494649434154452D2D2D2D2D0A4D494943776A434341616F434351436C616B502F47746678367A414E42676B71686B694739773042415155464144416A4D53457748775944565151444442684F0A566B6C4553554567523246745A564E30636D5668625342545A584A325A5849774868634E4D5459774E4441794D54497A4D7A49775768634E4D7A59774E4441790A4D54497A4D7A4977576A416A4D53457748775944565151444442684F566B6C4553554567523246745A564E30636D5668625342545A584A325A584977676745690A4D4130474353714753496233445145424151554141344942447741776767454B416F49424151446F6A70315167732F6242472F4E75377449366E326B4D7658390A3871656A3866486A46746B70534A6A654B4B45714F456D6F51564E674F6E4B4641757A364B6550497544592F4D694265315070675A6A726651336C4B454449510A4D51497676496163706A4135557839625A4F454B524B4C6C534237485A4D4A73676562414459786731624A484677463475443373477A41304E675955546F49430A79694E794C41757655676C726E50523348503771574D527641395373314A4A7476327159624C6F76484930507A534842524F5058384C6F6F6243366C6C7153760A346774646C6846674858463962644779467372786246634568476E6458715834752B39376C6159484E7A35446A3338504F712F7365647A6B55684631434274480A36546972502F766765306B2B667A6F4C4272775A772F6E6C705759646B68694A4D5579446A737158597544796B48524F78593253524A33764C45583941674D420A414145774451594A4B6F5A496876634E415145464251414467674542414D5A433378794A5048335673483637564764574F4B64656B57645154747771766531710A39517555694138746A5151514B38656372584E417642415A4276743530574749472B7236646D34434A4F5838774A416A46546873467A6A6F306D3852714148550A36526C6D6D70627952454F7130434C627361416B63466D5558724C44694E5A665A55584F736A4342735147597A524A47646F6C34446953496264574C4758496B0A6D3254464845314155636977734B454836342F4E376E54344E4A4633512B3464726D2B3361515274622B6543354B49694B3552627A706D7577445261517744700A334D714532736C595A4C5755316D6C6A2F6C56704B4854473855626D486B2B7330694F4F566A7A4241353236696D644F412F736E4E43746B707735596E64385A0A48354C3174745649357A33777567415073345461515972503865364146412F2F7131394C505056712B5564306B44696D4F61733D0A2D2D2D2D2D454E442043455254494649434154452D2D2D2D2D0A</plaincert></root>"
cert, sig = PairingManager.extract_plain_cert(getCertResponse)
serverSignature = PairingManager.hex_to_bytes(sig)
challengeResponse = "<?xml version=\"1.0\" encoding=\"UTF-16\"?><root protocol_version=\"0.1\" query=\"pair\" status_code=\"200\" status_message=\"OK\"><challengeresponse>271FE1A71E0B66C53A819D8C61DF3E8ED18545F7A9CD3EBC4D84FB5929ACF78A6DCA6581834D27870DB4F2BD6F0BAB22</challengeresponse><encodedcipher></encodedcipher><isBusy>0</isBusy><paired>1</paired><pairingsecret></pairingsecret><plaincert></plaincert></root>"
encryptedChallengeResponse = PairingManager.hex_to_bytes(NvHTTP.get_xml_string(challengeResponse, "challengeresponse"))
decryptedChallengeResponse = PairingManager.decrypt_aes(encryptedChallengeResponse, aesKey)
serverResponse = decryptedChallengeResponse[0:sha1.get_hash_length()]
serverChallenge = decryptedChallengeResponse[sha1.get_hash_length():sha1.get_hash_length()+16]
clientSecretAsHex = "7E72A5BFEB5679B35060E3C805CA233E"
clientSecret = PairingManager.hex_to_bytes(clientSecretAsHex)
challengeRespHash = sha1.hash_data(PairingManager.concat_bytes(PairingManager.concat_bytes(serverChallenge, serverSignature), clientSecret))
challengeRespHashEnc = PairingManager.encrypt_aes(challengeRespHash, aesKey)
challengeRespHashDec = PairingManager.decrypt_aes(challengeRespHashEnc, aesKey)
self.assertEqual("B0B23931FE7F7412030B26DA943B81F93A2C59F5", PairingManager.bytes_to_hex(challengeRespHash))
self.assertEqual("D983D0362EEEF36A6F7A877F8400B668E5C35B6D6DF58D7EE5B6DD230C57A2EC", PairingManager.bytes_to_hex(challengeRespHashEnc))
self.assertEqual("B0B23931FE7F7412030B26DA943B81F93A2C59F5000000000000000000000000", PairingManager.bytes_to_hex(challengeRespHashDec))
def testSecretAndChallengeResponse(self):
sha1 = Sha1PairingHash()
clientSecretAsHex = "7E72A5BFEB5679B35060E3C805CA233E"
clientSecret = PairingManager.hex_to_bytes(clientSecretAsHex)
clientSignatureHex = "c642df1c893c7dd5b07ebb54675638a75e9167504edc2abded6af50b94880f2d8d04102bc79cad7340bc101906fb79d161881beafa766e0224e5fcc0902315386c1738e8d26f11a801d4e919669a96f24443aad022dbb1a0247059945eb2c388d65f6545ceb23081b10198cd12467689780e24886dd58b1972249b64c51c4d4051c8b0b0a107eb8fcdee74f834917743ee1dae6fb769046d6fe782e4a2222b945bce99aec0345a4300e9dcca84dac95864b594d66963fe55692874c6f146e61e4facd2238e563cc1039dba8a674e03fb27342b64a70e589ddf191f92f5b6d548e73df0ba000fb384da418acff1ee80140fffab5f4b3cf56af947749038a639ab"
clientSignature = PairingManager.hex_to_bytes(clientSignatureHex)
serverChallengeAsHex = "4553FBD14537D14F0407C07167EFBB13"
serverChallenge = PairingManager.hex_to_bytes(serverChallengeAsHex)
challengeResponseHash = sha1.hash_data(PairingManager.concat_bytes(PairingManager.concat_bytes(serverChallenge, clientSignature), clientSecret))
challengeResponseHashAsHex = PairingManager.bytes_to_hex(challengeResponseHash)
self.assertEqual("B0B23931FE7F7412030B26DA943B81F93A2C59F5", challengeResponseHashAsHex.upper())
def testServerChallengeResponseHash(self):
sha1 = Sha1PairingHash()
getCertResponse = "<?xml version=\"1.0\" encoding=\"UTF-16\"?><root protocol_version=\"0.1\" query=\"pair\" status_code=\"200\" status_message=\"OK\"><challengeresponse></challengeresponse><encodedcipher></encodedcipher><isBusy>0</isBusy><paired>1</paired><pairingsecret></pairingsecret><plaincert>2D2D2D2D2D424547494E2043455254494649434154452D2D2D2D2D0A4D494943776A434341616F434351436C616B502F47746678367A414E42676B71686B694739773042415155464144416A4D53457748775944565151444442684F0A566B6C4553554567523246745A564E30636D5668625342545A584A325A5849774868634E4D5459774E4441794D54497A4D7A49775768634E4D7A59774E4441790A4D54497A4D7A4977576A416A4D53457748775944565151444442684F566B6C4553554567523246745A564E30636D5668625342545A584A325A584977676745690A4D4130474353714753496233445145424151554141344942447741776767454B416F49424151446F6A70315167732F6242472F4E75377449366E326B4D7658390A3871656A3866486A46746B70534A6A654B4B45714F456D6F51564E674F6E4B4641757A364B6550497544592F4D694265315070675A6A726651336C4B454449510A4D51497676496163706A4135557839625A4F454B524B4C6C534237485A4D4A73676562414459786731624A484677463475443373477A41304E675955546F49430A79694E794C41757655676C726E50523348503771574D527641395373314A4A7476327159624C6F76484930507A534842524F5058384C6F6F6243366C6C7153760A346774646C6846674858463962644779467372786246634568476E6458715834752B39376C6159484E7A35446A3338504F712F7365647A6B55684631434274480A36546972502F766765306B2B667A6F4C4272775A772F6E6C705759646B68694A4D5579446A737158597544796B48524F78593253524A33764C45583941674D420A414145774451594A4B6F5A496876634E415145464251414467674542414D5A433378794A5048335673483637564764574F4B64656B57645154747771766531710A39517555694138746A5151514B38656372584E417642415A4276743530574749472B7236646D34434A4F5838774A416A46546873467A6A6F306D3852714148550A36526C6D6D70627952454F7130434C627361416B63466D5558724C44694E5A665A55584F736A4342735147597A524A47646F6C34446953496264574C4758496B0A6D3254464845314155636977734B454836342F4E376E54344E4A4633512B3464726D2B3361515274622B6543354B49694B3552627A706D7577445261517744700A334D714532736C595A4C5755316D6C6A2F6C56704B4854473855626D486B2B7330694F4F566A7A4241353236696D644F412F736E4E43746B707735596E64385A0A48354C3174745649357A33777567415073345461515972503865364146412F2F7131394C505056712B5564306B44696D4F61733D0A2D2D2D2D2D454E442043455254494649434154452D2D2D2D2D0A</plaincert></root>"
cert, sig = PairingManager.extract_plain_cert(getCertResponse)
serverSecretResponseString = "<?xml version=\"1.0\" encoding=\"UTF-16\"?><root protocol_version=\"0.1\" query=\"pair\" status_code=\"200\" status_message=\"OK\"><challengeresponse></challengeresponse><encodedcipher></encodedcipher><isBusy>0</isBusy><paired>1</paired><pairingsecret>3880D207483FD2D6A2E0E1C961457050392B05A7D271343D8AB69E9770E4EE5999985623CEF8E82B34B55C48F9AE7373EB0AC1D9F78F1F8179678647438A62BB551447268E2B47187B9E81A787AD5324F3F60572B8AE86B277D9E3AB39D287AEF2A3A612280DA78E721538DE1362602204A3BEDCFB7DA880C3ED9B68FCB256553C84F8A6402E49673F07796B50701E8B3418CE198FE7DA74665A5685439B92791338F03A863132B689B122721D7F0A57547096E055EC83BDB6E39E76107F7C6758E2FC42B11D78BC73BB180F0FCC094BA0C3A1E49FEEA106E363FCD263666F409996C3C8888FF3B3C4FD23C1DA1E0D24F6E02884ADE27E93C61572E7EFB8ECE61EBD8171D822620D78D313CC258C261F</pairingsecret><plaincert></plaincert></root>"
serverSecretResponse = PairingManager.hex_to_bytes(NvHTTP.get_xml_string(serverSecretResponseString, "pairingsecret"))
serverSecret = serverSecretResponse[:16]
serverSignature = PairingManager.hex_to_bytes(sig)
randomChallengeAsHex = "A0F7773477F91290C6E462A7EE9AAC25"
randomChallenge = PairingManager.hex_to_bytes(randomChallengeAsHex)
serverChallengeResponseHash = sha1.hash_data(PairingManager.concat_bytes(PairingManager.concat_bytes(randomChallenge, serverSignature), serverSecret))
self.assertEqual("68C6FC786953AF1C46A2D3BC3C6B2A458A1F8F6C", PairingManager.bytes_to_hex(serverChallengeResponseHash).upper())
def testDataSigning(self):
provider = CryptoProvider()
privateKey = provider.get_client_private_key()
cert = provider.get_client_cert()
clientSecretAsHex = "7E72A5BFEB5679B35060E3C805CA233E"
clientSecret = PairingManager.hex_to_bytes(clientSecretAsHex)
# signedSecret = base64.b64encode(PairingManager.sign_data(clientSecret, privateKey))
signedSecret = PairingManager.sign_data(clientSecret, privateKey)
clientPairingSecret = PairingManager.concat_bytes(clientSecret, signedSecret)
self.assertEqual(True, PairingManager.verify_signature(clientSecret, signedSecret, cert))
self.assertEqual(False, PairingManager.verify_signature(clientSecret[:-1], signedSecret, cert))
self.assertEqual(272, len(clientPairingSecret))