def test_authentication_message_select_custom_method_if_it_is_the_only_authentication_method_for_both_instances(
):
# Given
allowed_authentication_methods = ["custom"]
server = Handshake(
role=Handshake.SERVER,
allowed_authentication_methods=allowed_authentication_methods)
authentication_information_client = {}
client = Handshake(
role=Handshake.CLIENT,
authentication_information=authentication_information_client,
allowed_authentication_methods=allowed_authentication_methods)
server.add_message(client.next_message())
client.add_message(server.next_message())
server.add_message(client.next_message())
client.add_message(server.next_message())
authentication_message = client.next_message()
# When
payload = client._decrypt(authentication_message.payload)
result = json.loads(bytes.decode(payload, "utf8"))
# Then
assert result[
Handshake.SELECTED_AUTHENTICATION_METHOD_KEY_NAME] == "custom"
def test_decrypt_can_decrypt_messages_encrypted_with_encrypt_when_connection_step_4_for_both_roles(
):
# Given
msg_to_encrypt = b"A very secret message"
password_to_derive = b"test"
password_salt = os.urandom(16)
derived_password = derive_password_scrypt(
password_salt=password_salt, password_to_derive=password_to_derive)
allowed_authentication_method = ["password"]
authentication_information_server = {
"password": {
Handshake.PASSWORD_AUTH_METHOD_DERIVED_PASSWORD_KEY:
derived_password,
Handshake.PASSWORD_AUTH_METHOD_SALT_KEY: password_salt
}
}
server = Handshake(
role=Handshake.SERVER,
allowed_authentication_methods=allowed_authentication_method,
authentication_information=authentication_information_server)
client = Handshake(
role=Handshake.CLIENT,
allowed_authentication_methods=allowed_authentication_method)
server.add_message(client.next_message())
client.add_message(server.next_message())
server.add_message(client.next_message())
# When
encrypt_server = server._encrypt(data=msg_to_encrypt)
encrypt_client = client._encrypt(data=msg_to_encrypt)
decrypted_server = server._decrypt(encrypt_server)
decrypted_client = client._decrypt(encrypt_client)
# Then
assert decrypted_client == decrypted_server == msg_to_encrypt
def test_next_message_return_authentication_message_when_connection_step_4_and_role_is_client_with_password(
):
# Given
password_to_derive = b"test"
password_salt = os.urandom(16)
allowed_authentication_method = ["password"]
derived_password = derive_password_scrypt(
password_salt=password_salt, password_to_derive=password_to_derive)
authentication_information_client = {
Handshake.PASSWORD_AUTH_METHOD_PASSWORD_KEY:
password_to_derive.decode("utf8")
}
authentication_information_server = {
"password": {
Handshake.PASSWORD_AUTH_METHOD_DERIVED_PASSWORD_KEY:
derived_password,
Handshake.PASSWORD_AUTH_METHOD_SALT_KEY: password_salt
}
}
server = Handshake(
role=Handshake.SERVER,
allowed_authentication_methods=allowed_authentication_method,
authentication_information=authentication_information_server)
client = Handshake(
role=Handshake.CLIENT,
allowed_authentication_methods=allowed_authentication_method,
authentication_information=authentication_information_client)
server.add_message(client.next_message())
client.add_message(server.next_message())
server.add_message(client.next_message())
client.add_message(server.next_message())
expected_id = codes.HANDSHAKE
expected_topic = Handshake.AUTHENTICATION_TOPIC
# When
result = client.next_message()
payload = client._decrypt(result.payload)
payload = json.loads(bytes.decode(payload, "utf8"))
password = payload[Handshake.AUTH_METHOD_INFO_KEY]["password"]
# Then
assert int.from_bytes(result.msg_id, 'little') == expected_id
assert int.from_bytes(result.topic, 'little') == expected_topic
assert password == password_to_derive.decode('utf8')
def test_authentication_message_contain_random_bits_of_correct_length():
# Given
password_salt = os.urandom(16)
password_to_derive = b"test"
derived_password = derive_password_scrypt(
password_salt=password_salt, password_to_derive=password_to_derive)
allowed_authentication_method = ["password"]
authentication_information_client = {
Handshake.PASSWORD_AUTH_METHOD_PASSWORD_KEY:
password_to_derive.decode("utf8")
}
authentication_information_server = {
"password": {
Handshake.PASSWORD_AUTH_METHOD_DERIVED_PASSWORD_KEY:
derived_password,
Handshake.PASSWORD_AUTH_METHOD_SALT_KEY: password_salt
}
}
server = Handshake(
role=Handshake.SERVER,
allowed_authentication_methods=allowed_authentication_method,
authentication_information=authentication_information_server)
client = Handshake(
role=Handshake.CLIENT,
allowed_authentication_methods=allowed_authentication_method,
authentication_information=authentication_information_client)
server.add_message(client.next_message())
client.add_message(server.next_message())
server.add_message(client.next_message())
client.add_message(server.next_message())
expected_id = codes.HANDSHAKE
expected_topic = Handshake.AUTHENTICATION_TOPIC
# When
result = client.next_message()
payload = client._decrypt(result.payload)
payload = json.loads(bytes.decode(payload, "utf8"))
# Then
assert int.from_bytes(result.msg_id, 'little') == expected_id
assert int.from_bytes(result.topic, 'little') == expected_topic
assert Handshake.AUTHENTICATION_RANDOM_BITS_KEY in payload.keys()
assert len(
base64.b64decode(payload[Handshake.AUTHENTICATION_RANDOM_BITS_KEY])
) == Handshake.RANDOM_BITS_LENGTH
def test_authentication_message_select_password_method_if_it_is_the_only_authentication_method_for_both_instances(
):
# Given
password_salt = os.urandom(16)
password_to_derive = b"test_password"
allowed_authentication_methods = ["password"]
derived_password = derive_password_scrypt(
password_salt=password_salt, password_to_derive=password_to_derive)
authentication_information_client = {
Handshake.PASSWORD_AUTH_METHOD_PASSWORD_KEY:
password_to_derive.decode("utf8")
}
authentication_information_server = {
"password": {
Handshake.PASSWORD_AUTH_METHOD_DERIVED_PASSWORD_KEY:
derived_password,
Handshake.PASSWORD_AUTH_METHOD_SALT_KEY: password_salt
}
}
server = Handshake(
role=Handshake.SERVER,
authentication_information=authentication_information_server,
allowed_authentication_methods=allowed_authentication_methods)
client = Handshake(
role=Handshake.CLIENT,
authentication_information=authentication_information_client,
allowed_authentication_methods=allowed_authentication_methods)
server.add_message(client.next_message())
client.add_message(server.next_message())
server.add_message(client.next_message())
client.add_message(server.next_message())
authentication_message = client.next_message()
# When
payload = client._decrypt(authentication_message.payload)
result = json.loads(bytes.decode(payload, "utf8"))
# Then
assert Handshake.SELECTED_AUTHENTICATION_METHOD_KEY_NAME in result.keys()
assert result[
Handshake.SELECTED_AUTHENTICATION_METHOD_KEY_NAME] == "password"
