예제 #1
0
def test_account_full_auth_handshake(client):
    u = db.user_with_pk(flask.g.db, U1.pk)
    req1 = SignedMessage.sign(account.AuthReq(u.pk), SK1)
    rv1 = client.post(
        '/account/challenge/gen',
        json=req1.to_dict(),
    )
    assert rv1.status_code == 200
    echal = Message.from_dict(rv1.json)
    assert isinstance(echal, EncryptedMessage)
    schal = EncryptedMessage.dec(echal, server.ENCKEY)
    assert schal.is_valid()
    chal, pk_used = schal.unwrap()
    assert isinstance(chal, account.AuthChallenge)
    assert pk_used == server.IDKEY.pubkey
    req2 = SignedMessage.sign(account.AuthChallengeResp(echal), SK1)
    rv2 = client.post(
        '/account/challenge/verify',
        json=req2.to_dict(),
    )
    assert rv2.status_code == 200
    resp = Message.from_dict(rv2.json)
    assert resp.err is None
    assert isinstance(resp.cred, EncryptedMessage)
    scred = EncryptedMessage.dec(resp.cred, server.ENCKEY)
    assert scred.is_valid()
    cred, pk_used = scred.unwrap()
    assert isinstance(cred, account.AccountCred)
    assert pk_used == server.IDKEY.pubkey
예제 #2
0
def test_encryptedmessage_crypt_identity_3():
    # EncryptedMessage can store a EncryptedMessage, thorela at the time of
    # writing, there's no need for this. It's just for completeness
    ek_sub = Enckey.gen()
    m_in = EncryptedMessage.enc(Stub(29874), ek_sub)
    m_out = EncryptedMessage.enc(m_in, EK).dec(EK)
    assert m_in == m_out
예제 #3
0
def expire_from_ecred(
        ecred: EncryptedMessage, ek: crypto.Enckey, pk: crypto.Pubkey) \
        -> float:
    scred = ecred.dec(ek)
    assert isinstance(scred, SignedMessage)
    cred, pk_used = scred.unwrap()
    assert pk_used == pk
    assert isinstance(cred, account.AccountCred)
    return cred.expire
예제 #4
0
def test_authchallengeresp_happy():
    db_conn = get_db()
    u = db.user_with_pk(db_conn, U1.pk)
    echal = get_chal(u)
    sacr = SignedMessage.sign(account.AuthChallengeResp(echal), SK1)
    resp = server.handle_authchallengeresp(db_conn, sacr)
    assert resp.err is None
    assert isinstance(resp.cred, EncryptedMessage)
    scred = EncryptedMessage.dec(resp.cred, server.ENCKEY)
    cred, pk_used = SignedMessage.unwrap(scred)
    assert pk_used == server.IDKEY.pubkey
    assert cred.expire > time.time()
예제 #5
0
def test_authreq_happy():
    db_conn = get_db()
    smsg = SignedMessage.sign(account.AuthReq(SK1.pubkey), SK1)
    resp = server.handle_authreq(db_conn, smsg)
    assert isinstance(resp, EncryptedMessage)
    schal = EncryptedMessage.dec(resp, server.ENCKEY)
    assert isinstance(schal, SignedMessage)
    assert schal.is_valid()
    chal, pk_used = schal.unwrap()
    assert isinstance(chal, account.AuthChallenge)
    assert pk_used == server.IDKEY.pubkey
    assert chal.user == db.user_with_pk(db_conn, chal.user.pk)
    assert chal.expire > time.time()
예제 #6
0
def test_account_challenge_gen(client):
    u = db.user_with_pk(flask.g.db, U1.pk)
    req = SignedMessage.sign(account.AuthReq(u.pk), SK1)
    rv = client.post(
        '/account/challenge/gen',
        json=req.to_dict(),
    )
    assert rv.status_code == 200
    eresp = Message.from_dict(rv.json)
    assert isinstance(eresp, EncryptedMessage)
    sresp = EncryptedMessage.dec(eresp, server.ENCKEY)
    resp, pk_used = sresp.unwrap()
    assert isinstance(resp, account.AuthChallenge)
    assert pk_used == server.IDKEY.pubkey
    assert resp.user == u
예제 #7
0
def test_location_update_happy():
    db_conn = get_db()
    u = db.user_with_pk(db_conn, U1.pk)
    ecred = get_cred(u)
    original_expire = expire_from_ecred(ecred, server.ENCKEY,
                                        server.IDKEY.pubkey)
    loc = location.Location(u, loca.Coords(42, 69), time.time())
    lu = location.LocationUpdate(loc, ecred)
    slu = SignedMessage.sign(lu, SK1)
    resp = server.handle_location_update(db_conn, slu)
    assert resp.ok
    assert isinstance(resp.cred, EncryptedMessage)
    scred = EncryptedMessage.dec(resp.cred, server.ENCKEY)
    cred, pk_used = SignedMessage.unwrap(scred)
    assert pk_used == server.IDKEY.pubkey
    assert cred.expire > original_expire
    assert resp.err is None
예제 #8
0
def test_account_challenge_verify(client):
    u = db.user_with_pk(flask.g.db, U1.pk)
    echal = server.generate_auth_challenge(u)
    req = SignedMessage.sign(account.AuthChallengeResp(echal), SK1)
    rv = client.post(
        '/account/challenge/verify',
        json=req.to_dict(),
    )
    assert rv.status_code == 200
    resp = Message.from_dict(rv.json)
    assert isinstance(resp, account.AuthResp)
    assert resp.err is None
    assert isinstance(resp.cred, EncryptedMessage)
    scred = EncryptedMessage.dec(resp.cred, server.ENCKEY)
    assert scred.is_valid()
    cred, pk_used = scred.unwrap()
    assert pk_used == server.IDKEY.pubkey
    assert cred.user == u
    assert cred.expire > time.time()
예제 #9
0
def get_credchal(
    u: user.User,
    cls: Type[Union[account.AccountCred, account.AuthChallenge]],
    expire: float,
    scred_stub: bool = False,
    scred_munge: bool = False,
    cred_stub: bool = False,
    cred_wrong_key: bool = False,
    cred_expired: bool = False,
    cred_wrong_user: bool = False,
) -> EncryptedMessage:
    if scred_stub:
        ecred = EncryptedMessage.enc(Stub(34444), server.ENCKEY)
    elif scred_munge:
        cred = cls(u, expire)
        scred = SignedMessage.sign(cred, server.IDKEY)
        scred.msg_bytes = b'fooooo'
        ecred = EncryptedMessage.enc(scred, server.ENCKEY)
    elif cred_stub:
        scred = SignedMessage.sign(Stub(2342), server.IDKEY)
        ecred = EncryptedMessage.enc(scred, server.ENCKEY)
    elif cred_wrong_key:
        sk = crypto.Seckey((9879).to_bytes(32, byteorder='big'))
        cred = cls(u, expire)
        scred = SignedMessage.sign(cred, sk)
        ecred = EncryptedMessage.enc(scred, server.ENCKEY)
    elif cred_expired:
        cred = cls(u, time.time() - 0.00001)
        scred = SignedMessage.sign(cred, server.IDKEY)
        ecred = EncryptedMessage.enc(scred, server.ENCKEY)
    elif cred_wrong_user:
        assert u != U2
        fake_u = user.User(U2.nick, U2.pk, rowid=11)
        cred = cls(fake_u, expire)
        scred = SignedMessage.sign(cred, server.IDKEY)
        ecred = EncryptedMessage.enc(scred, server.ENCKEY)
    else:
        cred = cls(u, expire)
        scred = SignedMessage.sign(cred, server.IDKEY)
        ecred = EncryptedMessage.enc(scred, server.ENCKEY)
    return ecred
예제 #10
0
def test_encryptmessage_malformed():
    em = EncryptedMessage.enc(Stub(420), EK)
    em.ctext_nonce = b'nnnnnnnnnnnnnnnnnnnnnnnncccccccc'
    with pytest.raises(nacl.exceptions.CryptoError):
        em.dec(EK)
예제 #11
0
def fake_cred():
    cred = AccountCred(U, time.time())
    return EncryptedMessage.enc(cred, Enckey.gen())
예제 #12
0
def test_authresp_dict_both_cred_and_err():
    ecred = EncryptedMessage.enc(
        SignedMessage.sign(account.AccountCred.gen(U, 60), SK), EK)
    err = account.AuthRespErr.Malformed
    d = {'cred': ecred, 'err': err}
    assert account.AuthResp.from_dict(d) is None
예제 #13
0
def test_authchallengeresp_str():
    echal = EncryptedMessage.enc(Stub(1), EK)
    acr = account.AuthChallengeResp(echal)
    s = 'AuthChallengeResp<%s>' % (echal, )
    assert str(acr) == s
예제 #14
0
def test_encryptedmessage_crypt_identity_1():
    # EncryptedMessage can store a Message
    m_in = Stub(29873987)
    m_out = EncryptedMessage.enc(m_in, EK).dec(EK)
    assert m_in == m_out
예제 #15
0
def get_cred(u: user.User) -> EncryptedMessage:
    cred = account.AccountCred(u, time.time() + server.CRED_LIFETIME)
    scred = SignedMessage.sign(cred, server.IDKEY)
    ecred = EncryptedMessage.enc(scred, server.ENCKEY)
    return ecred
예제 #16
0
def test_encryptmessage_dict_identity_2():
    first = EncryptedMessage.enc(SignedMessage.sign(Stub(420), SK), EK)
    second = EncryptedMessage.from_dict(first.to_dict())
    assert first == second
예제 #17
0
def test_encryptmessage_dict_identity_3():
    ek_sub = Enckey.gen()
    first = EncryptedMessage.enc(EncryptedMessage.enc(Stub(420), ek_sub), EK)
    second = EncryptedMessage.from_dict(first.to_dict())
    assert first == second
예제 #18
0
from rela.lib.messages import account
from rela.lib.messages import Message, SignedMessage, EncryptedMessage, Stub
from rela.lib.user import User
from rela.lib.crypto import Pubkey, Seckey, Enckey
from base64 import b64encode, b64decode
import time

U = User('Foo', Pubkey((1).to_bytes(32, byteorder='big')), rowid=420)
SK = Seckey((28379873947).to_bytes(32, byteorder='big'))
EK = Enckey.gen()
ALL_ACCRESP_ARG_SETS = [
    (EncryptedMessage.enc(
        SignedMessage.sign(account.AccountCred.gen(U, 60), SK), EK), None),
    (None, account.AuthRespErr.BadSig),
    (None, account.AuthRespErr.BadSig),
    (None, account.AuthRespErr.PubkeyExists),
    (None, account.AuthRespErr.Malformed),
    (None, account.AuthRespErr.WrongPubkey),
]


def test_accountreq_dict_identity():
    first = account.AccountReq(U.nick, U.pk)
    second = Message.from_dict(first.to_dict())
    assert first == second


def test_accountreq_to_dict():
    ar = account.AccountReq(U.nick, U.pk)
    d = ar.to_dict()
    assert d['nick'] == U.nick
예제 #19
0
def test_encryptedmessage_crypt_identity_2():
    # EncryptedMessage can store a SignedMessage
    m_in = SignedMessage.sign(Stub(29874987), SK)
    m_out = EncryptedMessage.enc(m_in, EK).dec(EK)
    assert m_in == m_out
예제 #20
0
def test_authchallenegeresp_dict_identity():
    echal = EncryptedMessage.enc(Stub(1), EK)
    first = account.AuthChallengeResp(echal)
    second = account.AuthChallengeResp.from_dict(first.to_dict())
    assert first == second
예제 #21
0
def really_fake_cred() -> EncryptedMessage:
    return EncryptedMessage.enc(Stub(1), crypto.Enckey.gen())
예제 #22
0
def test_authchallengeresp_dict_no_enc_chal():
    echal = EncryptedMessage.enc(Stub(1), EK)
    d = account.AuthChallengeResp(echal).to_dict()
    del d['enc_chal']
    assert account.AuthChallengeResp.from_dict(d) is None