def test_auth_header_decryption_with_enr(
tag,
auth_tag,
id_nonce,
initiator_key,
auth_response_key,
ephemeral_public_key,
enr,
message,
):
id_nonce_signature = b"\x00" * 32
packet = AuthHeaderPacket.prepare(
tag=tag,
auth_tag=auth_tag,
id_nonce=id_nonce,
message=message,
initiator_key=initiator_key,
id_nonce_signature=id_nonce_signature,
auth_response_key=auth_response_key,
enr=enr,
ephemeral_public_key=ephemeral_public_key,
)
recovered_id_nonce_signature, recovered_enr = packet.decrypt_auth_response(
auth_response_key
)
assert recovered_id_nonce_signature == id_nonce_signature
assert recovered_enr == enr
def complete_handshake(self, response_packet: Packet) -> HandshakeResult:
if not self.is_response_packet(response_packet):
raise ValueError(
f"Packet {response_packet} is not the expected response packet"
)
if not isinstance(response_packet, WhoAreYouPacket):
raise TypeError("Invariant: Only WhoAreYou packets are valid responses")
who_are_you_packet = response_packet
# compute session keys
(
ephemeral_private_key,
ephemeral_public_key,
) = self.handshake_scheme.create_handshake_key_pair()
remote_public_key_object = PublicKey.from_compressed_bytes(
self.remote_enr.public_key
)
remote_public_key_uncompressed = remote_public_key_object.to_bytes()
session_keys = self.handshake_scheme.compute_session_keys(
local_private_key=ephemeral_private_key,
remote_public_key=remote_public_key_uncompressed,
local_node_id=self.local_enr.node_id,
remote_node_id=self.remote_node_id,
id_nonce=who_are_you_packet.id_nonce,
is_locally_initiated=True,
)
# prepare response packet
id_nonce_signature = self.handshake_scheme.create_id_nonce_signature(
id_nonce=who_are_you_packet.id_nonce,
ephemeral_public_key=ephemeral_public_key,
private_key=self.local_private_key,
)
enr: Optional[ENRAPI]
if who_are_you_packet.enr_sequence_number < self.local_enr.sequence_number:
enr = self.local_enr
else:
enr = None
auth_header_packet = AuthHeaderPacket.prepare(
tag=self.tag,
auth_tag=get_random_auth_tag(),
id_nonce=who_are_you_packet.id_nonce,
message=self.initial_message,
initiator_key=session_keys.encryption_key,
id_nonce_signature=id_nonce_signature,
auth_response_key=session_keys.auth_response_key,
enr=enr,
ephemeral_public_key=ephemeral_public_key,
)
return HandshakeResult(
session_keys=session_keys,
enr=None,
message=None,
auth_header_packet=auth_header_packet,
)
def test_official_auth_header_packet_preparation(
tag,
auth_tag,
id_nonce,
encoded_message,
local_private_key,
auth_response_key,
encryption_key,
ephemeral_public_key,
auth_message_rlp,
):
message_type_id = encoded_message[0]
message_type = v5_registry[message_type_id]
message = rlp.decode(encoded_message[1:], message_type)
assert message.to_bytes() == encoded_message
id_nonce_signature = V4HandshakeScheme.create_id_nonce_signature(
id_nonce=id_nonce,
ephemeral_public_key=ephemeral_public_key,
private_key=local_private_key,
)
packet = AuthHeaderPacket.prepare(
tag=tag,
auth_tag=auth_tag,
id_nonce=id_nonce,
message=message,
initiator_key=encryption_key,
id_nonce_signature=id_nonce_signature,
auth_response_key=auth_response_key,
enr=None,
ephemeral_public_key=ephemeral_public_key,
)
packet_wire_bytes = packet.to_wire_bytes()
assert packet_wire_bytes == auth_message_rlp
def test_auth_header_message_decryption(
tag,
auth_tag,
id_nonce,
initiator_key,
auth_response_key,
ephemeral_public_key,
enr,
message,
):
id_nonce_signature = b"\x00" * 32
packet = AuthHeaderPacket.prepare(
tag=tag,
auth_tag=auth_tag,
id_nonce=id_nonce,
message=message,
initiator_key=initiator_key,
id_nonce_signature=id_nonce_signature,
auth_response_key=auth_response_key,
enr=enr,
ephemeral_public_key=ephemeral_public_key,
)
decrypted_message = packet.decrypt_message(initiator_key)
assert decrypted_message == message
def test_auth_header_preparation_without_enr(
tag, auth_tag, id_nonce, initiator_key, auth_response_key, ephemeral_public_key
):
message = PingMessage(request_id=5, enr_seq=1)
id_nonce_signature = b"\x00" * 32
packet = AuthHeaderPacket.prepare(
tag=tag,
auth_tag=auth_tag,
id_nonce=id_nonce,
message=message,
initiator_key=initiator_key,
id_nonce_signature=id_nonce_signature,
auth_response_key=auth_response_key,
enr=None,
ephemeral_public_key=ephemeral_public_key,
)
decrypted_auth_response = aesgcm_decrypt(
key=auth_response_key,
nonce=ZERO_NONCE,
cipher_text=packet.auth_header.encrypted_auth_response,
authenticated_data=b"",
)
decoded_auth_response = rlp.decode(decrypted_auth_response)
assert is_list_like(decoded_auth_response) and len(decoded_auth_response) == 3
assert decoded_auth_response[0] == int_to_big_endian(AUTH_RESPONSE_VERSION)
assert decoded_auth_response[1] == id_nonce_signature
assert decoded_auth_response[2] == []
def decrypt_and_validate_auth_response(
self,
auth_header_packet: AuthHeaderPacket,
auth_response_key: AES128Key,
id_nonce: IDNonce,
) -> Optional[ENRAPI]:
try:
id_nonce_signature, enr = auth_header_packet.decrypt_auth_response(
auth_response_key)
except DecryptionError as error:
raise HandshakeFailure(
"Unable to decrypt auth response") from error
except ValidationError as error:
raise HandshakeFailure("Invalid auth response content") from error
# validate ENR if present
if enr is None:
if self.remote_enr is None:
raise HandshakeFailure("Peer failed to send their ENR")
else:
current_remote_enr = self.remote_enr
else:
try:
enr.validate_signature()
except ValidationError as error:
raise HandshakeFailure(
"ENR in auth response contains invalid signature"
) from error
if self.remote_enr is not None:
if enr.sequence_number <= self.remote_enr.sequence_number:
raise HandshakeFailure(
"ENR in auth response is not newer than what we already have"
)
if enr.node_id != self.remote_node_id:
raise HandshakeFailure(
f"ENR received from peer belongs to different node ({encode_hex(enr.node_id)} "
f"instead of {encode_hex(self.remote_node_id)})")
current_remote_enr = enr
signature_inputs = self.handshake_scheme.signature_inputs_cls(
id_nonce=id_nonce,
ephemeral_public_key=auth_header_packet.auth_header.
ephemeral_public_key,
)
try:
self.handshake_scheme.validate_id_nonce_signature(
signature_inputs=signature_inputs,
signature=id_nonce_signature,
public_key=current_remote_enr.public_key,
)
except ValidationError as error:
raise HandshakeFailure(
"Invalid id nonce signature in auth response") from error
return enr
def decrypt_and_validate_message(
self, auth_header_packet: AuthHeaderPacket, decryption_key: AES128Key
) -> BaseMessage:
try:
return auth_header_packet.decrypt_message(decryption_key)
except DecryptionError as error:
raise HandshakeFailure(
"Failed to decrypt message in AuthHeader packet with newly established session keys"
) from error
except ValidationError as error:
raise HandshakeFailure("Received invalid message") from error
def test_official_message(
tag,
auth_tag,
id_nonce,
ephemeral_pubkey,
auth_response_cipher_text,
message_cipher_text,
encoded_packet,
):
header = AuthHeader(
auth_tag,
id_nonce,
AUTH_SCHEME_NAME,
ephemeral_pubkey,
auth_response_cipher_text,
)
packet = AuthHeaderPacket(tag, header, message_cipher_text)
assert packet.to_wire_bytes() == encoded_packet
assert decode_packet(encoded_packet) == packet
def test_auth_header_preparation(
tag, auth_tag, id_nonce, initiator_key, auth_response_key, ephemeral_public_key
):
enr = ENR(
sequence_number=1,
signature=b"",
kv_pairs={b"id": b"v4", b"secp256k1": b"\x02" * 33},
)
message = PingMessage(request_id=5, enr_seq=enr.sequence_number)
id_nonce_signature = b"\x00" * 32
packet = AuthHeaderPacket.prepare(
tag=tag,
auth_tag=auth_tag,
id_nonce=id_nonce,
message=message,
initiator_key=initiator_key,
id_nonce_signature=id_nonce_signature,
auth_response_key=auth_response_key,
enr=enr,
ephemeral_public_key=ephemeral_public_key,
)
assert packet.tag == tag
assert packet.auth_header.auth_tag == auth_tag
assert packet.auth_header.id_nonce == id_nonce
assert packet.auth_header.auth_scheme_name == AUTH_SCHEME_NAME
assert packet.auth_header.ephemeral_public_key == ephemeral_public_key
decrypted_auth_response = aesgcm_decrypt(
key=auth_response_key,
nonce=ZERO_NONCE,
cipher_text=packet.auth_header.encrypted_auth_response,
authenticated_data=b"",
)
decoded_auth_response = rlp.decode(decrypted_auth_response)
assert is_list_like(decoded_auth_response) and len(decoded_auth_response) == 3
assert decoded_auth_response[0] == int_to_big_endian(AUTH_RESPONSE_VERSION)
assert decoded_auth_response[1] == id_nonce_signature
assert ENR.deserialize(decoded_auth_response[2]) == enr
decrypted_message = aesgcm_decrypt(
key=initiator_key,
nonce=auth_tag,
cipher_text=packet.encrypted_message,
authenticated_data=tag,
)
assert decrypted_message[0] == message.message_type
assert rlp.decode(decrypted_message[1:], PingMessage) == message
def test_invalid_auth_header_decryption_with_wrong_key(
tag, auth_tag, id_nonce, initiator_key, ephemeral_public_key, message
):
id_nonce_signature = b"\x00" * 32
encryption_key = b"\x00" * AES128_KEY_SIZE
decryption_key = b"\x11" * AES128_KEY_SIZE
packet = AuthHeaderPacket.prepare(
tag=tag,
auth_tag=auth_tag,
id_nonce=id_nonce,
message=message,
initiator_key=initiator_key,
id_nonce_signature=id_nonce_signature,
auth_response_key=encryption_key,
enr=None,
ephemeral_public_key=ephemeral_public_key,
)
with pytest.raises(DecryptionError):
packet.decrypt_auth_response(decryption_key)