async def test_init_peer_wrong_challenge(loop, test_client, test_server):
"""Test setup multiplexer wrong challenge."""
client = test_server[0]
aes_key = os.urandom(32)
aes_iv = os.urandom(16)
valid = datetime.utcnow() + timedelta(days=1)
peer = Peer("localhost", valid, aes_key, aes_iv)
crypto = CryptoTransport(aes_key, aes_iv)
with pytest.raises(RuntimeError):
await peer.wait_disconnect()
init_task = loop.create_task(
peer.init_multiplexer_challenge(test_client.reader,
test_client.writer))
await asyncio.sleep(0.1)
assert not init_task.done()
token = await client.reader.readexactly(32)
client.writer.write(crypto.encrypt(token))
await client.writer.drain()
await asyncio.sleep(0.1)
with pytest.raises(SniTunChallengeError):
raise init_task.exception()
assert init_task.done()
client.writer.close()
client.close.set()
async def test_snitun_single_runner():
"""Test SniTunSingle Server runner object."""
peer_messages = []
peer_address = []
server = SniTunServerSingle(FERNET_TOKENS, host="127.0.0.1")
await server.start()
reader_peer, writer_peer = await asyncio.open_connection(host="127.0.0.1",
port="443")
valid = datetime.utcnow() + timedelta(days=1)
aes_key = os.urandom(32)
aes_iv = os.urandom(16)
hostname = "localhost"
fernet_token = create_peer_config(valid.timestamp(), hostname, aes_key,
aes_iv)
crypto = CryptoTransport(aes_key, aes_iv)
writer_peer.write(fernet_token)
await writer_peer.drain()
token = await reader_peer.readexactly(32)
token = hashlib.sha256(crypto.decrypt(token)).digest()
writer_peer.write(crypto.encrypt(token))
await writer_peer.drain()
await asyncio.sleep(0.1)
assert server.peers.peer_available(hostname)
async def mock_new_channel(multiplexer, channel):
"""Mock new channel."""
while True:
message = await channel.read()
peer_messages.append(message)
peer_address.append(channel.ip_address)
_, writer_ssl = await asyncio.open_connection(host="127.0.0.1", port="443")
multiplexer = Multiplexer(crypto, reader_peer, writer_peer,
mock_new_channel)
writer_ssl.write(TLS_1_2)
await writer_ssl.drain()
await asyncio.sleep(0.1)
assert peer_messages
assert peer_messages[0] == TLS_1_2
assert peer_address
assert peer_address[0] == IP_ADDR
multiplexer.shutdown()
await multiplexer.wait()
await asyncio.sleep(0.1)
assert not server.peers.peer_available(hostname)
await server.stop()
async def test_snitun_single_runner_timeout(raise_timeout):
"""Test SniTunSingle Server runner object."""
peer_messages = []
peer_address = []
server = SniTunServerSingle(FERNET_TOKENS, host="127.0.0.1", port="32000")
await server.start()
reader_peer, writer_peer = await asyncio.open_connection(
host="127.0.0.1", port="32000"
)
valid = datetime.utcnow() + timedelta(days=1)
aes_key = os.urandom(32)
aes_iv = os.urandom(16)
hostname = "localhost"
fernet_token = create_peer_config(valid.timestamp(), hostname, aes_key, aes_iv)
crypto = CryptoTransport(aes_key, aes_iv)
writer_peer.write(fernet_token)
await writer_peer.drain()
with pytest.raises(ConnectionResetError):
token = await reader_peer.readexactly(32)
token = hashlib.sha256(crypto.decrypt(token)).digest()
writer_peer.write(crypto.encrypt(token))
await writer_peer.drain()
await asyncio.sleep(0.1)
assert not server.peers.peer_available(hostname)
await server.stop()
async def test_peer_listener_disconnect(peer_manager, peer_listener,
test_client_peer):
"""Run a full flow of with a peer after that disconnect."""
valid = datetime.utcnow() + timedelta(days=1)
aes_key = os.urandom(32)
aes_iv = os.urandom(16)
hostname = "localhost"
fernet_token = create_peer_config(valid.timestamp(), hostname, aes_key,
aes_iv)
crypto = CryptoTransport(aes_key, aes_iv)
test_client_peer.writer.write(fernet_token)
await test_client_peer.writer.drain()
token = await test_client_peer.reader.readexactly(32)
token = hashlib.sha256(crypto.decrypt(token)).digest()
test_client_peer.writer.write(crypto.encrypt(token))
await test_client_peer.writer.drain()
await asyncio.sleep(0.1)
assert peer_manager.peer_available(hostname)
test_client_peer.writer.close()
await asyncio.sleep(0.1)
assert not peer_manager.peer_available(hostname)
async def test_peer_listener_expire(peer_manager, peer_listener,
test_client_peer):
"""Run a full flow of with a peer."""
from snitun.server import listener_peer
listener_peer.CHECK_VALID_EXPIRE = 0.1
valid = datetime.utcnow() + timedelta(seconds=1)
aes_key = os.urandom(32)
aes_iv = os.urandom(16)
hostname = "localhost"
fernet_token = create_peer_config(valid.timestamp(), hostname, aes_key,
aes_iv)
crypto = CryptoTransport(aes_key, aes_iv)
test_client_peer.writer.write(fernet_token)
await test_client_peer.writer.drain()
token = await test_client_peer.reader.readexactly(32)
token = hashlib.sha256(crypto.decrypt(token)).digest()
test_client_peer.writer.write(crypto.encrypt(token))
await test_client_peer.writer.drain()
await asyncio.sleep(0.1)
assert peer_manager.peer_available(hostname)
await asyncio.sleep(1)
assert not peer_manager.peer_available(hostname)
listener_peer.CHECK_VALID_EXPIRE = 3600
def test_setup_crypto_transport():
"""Test crypto transport setup."""
key = os.urandom(32)
iv = os.urandom(16)
crypto = CryptoTransport(key, iv)
for _ in range(1, 10):
test_data = os.urandom(32)
assert crypto.decrypt(crypto.encrypt(test_data)) == test_data
async def test_server_full(
peer_manager, peer_listener, test_client_peer, sni_proxy, test_client_ssl
):
"""Run a full flow of with a peer after that disconnect."""
peer_messages = []
peer_address = []
valid = datetime.utcnow() + timedelta(days=1)
aes_key = os.urandom(32)
aes_iv = os.urandom(16)
hostname = "localhost"
fernet_token = create_peer_config(valid.timestamp(), hostname, aes_key, aes_iv)
crypto = CryptoTransport(aes_key, aes_iv)
test_client_peer.writer.write(fernet_token)
await test_client_peer.writer.drain()
token = await test_client_peer.reader.readexactly(32)
token = hashlib.sha256(crypto.decrypt(token)).digest()
test_client_peer.writer.write(crypto.encrypt(token))
await test_client_peer.writer.drain()
await asyncio.sleep(0.1)
assert peer_manager.peer_available(hostname)
async def mock_new_channel(multiplexer, channel):
"""Mock new channel."""
while True:
message = await channel.read()
peer_messages.append(message)
peer_address.append(channel.ip_address)
multiplexer = Multiplexer(
crypto, test_client_peer.reader, test_client_peer.writer, mock_new_channel
)
test_client_ssl.writer.write(TLS_1_2)
await test_client_ssl.writer.drain()
await asyncio.sleep(0.1)
assert peer_messages
assert peer_messages[0] == TLS_1_2
assert peer_address
assert peer_address[0] == IP_ADDR
multiplexer.shutdown()
await multiplexer.wait()
await asyncio.sleep(0.1)
assert not peer_manager.peer_available(hostname)
async def test_init_peer_multiplexer_crypto(loop, test_client, test_server):
"""Test setup multiplexer with crypto."""
client = test_server[0]
aes_key = os.urandom(32)
aes_iv = os.urandom(16)
valid = datetime.utcnow() + timedelta(days=1)
peer = Peer("localhost", valid, aes_key, aes_iv)
crypto = CryptoTransport(aes_key, aes_iv)
with pytest.raises(RuntimeError):
await peer.wait_disconnect()
init_task = loop.create_task(
peer.init_multiplexer_challenge(test_client.reader,
test_client.writer))
await asyncio.sleep(0.1)
assert not init_task.done()
assert not peer.is_ready
assert not peer.is_connected
token = await client.reader.readexactly(32)
token = hashlib.sha256(crypto.decrypt(token)).digest()
client.writer.write(crypto.encrypt(token))
await client.writer.drain()
await asyncio.sleep(0.1)
assert init_task.exception() is None
assert init_task.done()
assert peer.is_ready
assert peer.is_connected
ping_task = loop.create_task(peer.multiplexer.ping())
await asyncio.sleep(0.1)
ping_data = await client.reader.read(1024)
ping = crypto.decrypt(ping_data)
assert ping[16] == CHANNEL_FLOW_PING
assert int.from_bytes(ping[17:21], "big") == 0
assert ping[21:25] == b"ping"
ping_task.cancel()
client.writer.close()
client.close.set()
await asyncio.sleep(0.1)
assert peer.multiplexer.wait().done()
def crypto_transport():
"""Create a CryptoTransport object."""
key = os.urandom(32)
iv = os.urandom(16)
crypto = CryptoTransport(key, iv)
yield crypto
async def test_init_peer_multiplexer_throttling(loop, test_client,
test_server):
"""Test setup multiplexer."""
client = test_server[0]
aes_key = os.urandom(32)
aes_iv = os.urandom(16)
valid = datetime.utcnow() + timedelta(days=1)
peer = Peer("localhost", valid, aes_key, aes_iv, throttling=500)
crypto = CryptoTransport(aes_key, aes_iv)
with pytest.raises(RuntimeError):
await peer.wait_disconnect()
init_task = loop.create_task(
peer.init_multiplexer_challenge(test_client.reader,
test_client.writer))
await asyncio.sleep(0.1)
assert not init_task.done()
assert not peer.is_ready
assert not peer.is_connected
token = await client.reader.readexactly(32)
token = hashlib.sha256(crypto.decrypt(token)).digest()
client.writer.write(crypto.encrypt(token))
await client.writer.drain()
await asyncio.sleep(0.1)
assert init_task.exception() is None
assert init_task.done()
assert peer.is_ready
assert peer.is_connected
assert peer.multiplexer._throttling == 0.002
client.writer.close()
client.close.set()
await asyncio.sleep(0.1)
assert not peer.multiplexer.is_connected
async def test_peer_listener_invalid(peer_manager, peer_listener,
test_client_peer):
"""Run a full flow of with a peer."""
valid = datetime.utcnow() - timedelta(days=1)
aes_key = os.urandom(32)
aes_iv = os.urandom(16)
hostname = "localhost"
fernet_token = create_peer_config(valid.timestamp(), hostname, aes_key,
aes_iv)
crypto = CryptoTransport(aes_key, aes_iv)
test_client_peer.writer.write(fernet_token)
await test_client_peer.writer.drain()
with pytest.raises(asyncio.IncompleteReadError):
token = await test_client_peer.reader.readexactly(32)
def test_aes_function():
"""Test crypto with generated keys."""
key, iv = aes.generate_aes_keyset()
assert CryptoTransport(key, iv)
