async def test_room_key_on_client_sync_stream(self, client): await client.receive_response(self.login_response) await client.receive_response( SyncResponse.from_dict(self.initial_sync_response)) await client.receive_response( KeysUploadResponse.from_dict(self.keys_upload_response)) await client.receive_response( KeysQueryResponse.from_dict(self.keys_query_response)) BobId = "@bob:example.org" Bob_device = "BOBDEVICE" bob_olm = Olm(BobId, Bob_device, SqliteMemoryStore("ephemeral", "DEVICEID")) alice_device = OlmDevice(client.user_id, client.device_id, client.olm.account.identity_keys) bob_device = OlmDevice(bob_olm.user_id, bob_olm.device_id, bob_olm.account.identity_keys) client.olm.device_store.add(bob_device) bob_olm.device_store.add(alice_device) bob_olm.store.save_device_keys( {client.user_id: { client.device_id: alice_device }}) client.olm.account.generate_one_time_keys(1) one_time = list( client.olm.account.one_time_keys["curve25519"].values())[0] client.olm.account.mark_keys_as_published() bob_olm.create_session(one_time, alice_device.curve25519) _, to_device = bob_olm.share_group_session( TEST_ROOM_ID, [client.user_id], ignore_unverified_devices=True) outbound_session = bob_olm.outbound_group_sessions[TEST_ROOM_ID] olm_content = to_device["messages"][client.user_id][client.device_id] payload = { "sender": bob_olm.user_id, "type": "m.room.encrypted", "content": olm_content, } sync_response = self.empty_sync sync_response["to_device"]["events"].append(payload) session = client.olm.inbound_group_store.get(TEST_ROOM_ID, bob_device.curve25519, outbound_session.id) assert not session client.handle_to_device_from_sync_body(sync_response) session = client.olm.inbound_group_store.get(TEST_ROOM_ID, bob_device.curve25519, outbound_session.id) assert session
def test_client_full_sas(self, olm_machine): alice_device = OlmDevice(olm_machine.user_id, olm_machine.device_id, olm_machine.account.identity_keys) bob_device = olm_machine.device_store[bob_id][bob_device_id] bob_sas = Sas( bob_id, bob_device_id, bob_device.ed25519, alice_device, ) start = { "sender": bob_id, "content": bob_sas.start_verification().content } start_event = KeyVerificationStart.from_dict(start) assert olm_machine.device_store[bob_id][bob_device_id] olm_machine.handle_key_verification(start_event) alice_sas = olm_machine.key_verifications[start_event.transaction_id] accept = { "sender": olm_machine.user_id, "content": alice_sas.accept_verification().content } accept_event = KeyVerificationAccept.from_dict(accept) bob_sas.receive_accept_event(accept_event) bob_key = {"sender": bob_id, "content": bob_sas.share_key().content} bob_key_event = KeyVerificationKey.from_dict(bob_key) olm_machine.handle_key_verification(bob_key_event) alice_key = { "sender": alice_id, "content": alice_sas.share_key().content } alice_key_event = KeyVerificationKey.from_dict(alice_key) bob_sas.receive_key_event(alice_key_event) assert alice_sas.other_key_set assert bob_sas.other_key_set bob_sas.accept_sas() bob_mac = {"sender": bob_id, "content": bob_sas.get_mac().content} bob_mac_event = KeyVerificationMac.from_dict(bob_mac) olm_machine.handle_key_verification(bob_mac_event) assert alice_sas.state == SasState.mac_received assert not alice_sas.verified alice_sas.accept_sas() assert alice_sas.verified bob_mac_event.keys = "fake_keys" olm_machine.handle_key_verification(bob_mac_event) assert alice_sas.verified
def test_client_cancel_event(self, olm_machine): alice_device = OlmDevice(olm_machine.user_id, olm_machine.device_id, olm_machine.account.identity_keys) bob_device = olm_machine.device_store[bob_id][bob_device_id] start = { "sender": alice_device.user_id, "content": olm_machine.create_sas(bob_device).content } start_event = KeyVerificationStart.from_dict(start) bob_sas = Sas.from_key_verification_start(bob_device.user_id, bob_device.id, bob_device.ed25519, alice_device, start_event) alice_sas = olm_machine.key_verifications[start_event.transaction_id] assert alice_sas bob_sas.cancel() cancel = { "sender": bob_id, "content": bob_sas.get_cancellation().content } cancel_event = KeyVerificationCancel.from_dict(cancel) assert not alice_sas.canceled olm_machine.handle_key_verification(cancel_event) assert alice_sas.canceled assert alice_sas.transaction_id not in olm_machine.key_verifications
def test_session_sharing(self, alice_client, async_client, aioresponse): loop = asyncio.get_event_loop() async_client.receive_response( LoginResponse.from_dict(self.login_response)) assert async_client.logged_in async_client.receive_response(self.encryption_sync_response) alice_client.load_store() alice_device = OlmDevice( ALICE_ID, ALICE_DEVICE_ID, alice_client.olm.account.identity_keys["ed25519"], alice_client.olm.account.identity_keys["curve25519"], ) async_client.device_store.add(alice_device) async_client.verify_device(alice_device) missing = async_client.get_missing_sessions(TEST_ROOM_ID) assert ALICE_ID in missing assert ALICE_DEVICE_ID in missing[ALICE_ID] to_share = alice_client.olm.share_keys() one_time_key = list(to_share["one_time_keys"].items())[0] key_claim_dict = { "one_time_keys": { ALICE_ID: { ALICE_DEVICE_ID: { one_time_key[0]: one_time_key[1] }, }, }, "failures": {}, } aioresponse.post( "https://example.org/_matrix/client/r0/keys/claim?access_token=abc123", status=200, payload=key_claim_dict) aioresponse.put( "https://example.org/_matrix/client/r0/sendToDevice/m.room.encrypted/1?access_token=abc123", status=200, payload={}) with pytest.raises(KeyError): session = async_client.olm.outbound_group_sessions[TEST_ROOM_ID] response = loop.run_until_complete( async_client.share_group_session(TEST_ROOM_ID, "1")) session = async_client.olm.outbound_group_sessions[TEST_ROOM_ID] assert session.shared assert isinstance(response, ShareGroupSessionResponse) assert not async_client.get_missing_sessions(TEST_ROOM_ID) assert async_client.olm.session_store.get(alice_device.curve25519)
def test_key_cancel(self, olm_machine): alice_device = OlmDevice(olm_machine.user_id, olm_machine.device_id, olm_machine.account.identity_keys) bob_device = olm_machine.device_store[bob_id][bob_device_id] bob_sas = Sas(bob_device.user_id, bob_device.id, bob_device.ed25519, alice_device) start = { "sender": bob_device.user_id, "content": bob_sas.start_verification().content } start_event = KeyVerificationStart.from_dict(start) olm_machine.handle_key_verification(start_event) bob_key = {"sender": bob_id, "content": bob_sas.share_key().content} assert not olm_machine.outgoing_to_device_messages bob_key_event = KeyVerificationKey.from_dict(bob_key) olm_machine.handle_key_verification(bob_key_event) alice_sas = olm_machine.key_verifications[start_event.transaction_id] assert alice_sas assert not alice_sas.canceled assert alice_sas.other_key_set olm_machine.handle_key_verification(bob_key_event) assert alice_sas.canceled assert olm_machine.outgoing_to_device_messages to_device = olm_machine.outgoing_to_device_messages[0] assert ( start_event.transaction_id == to_device.content["transaction_id"])
def olm_device(self): user_id = faker.mx_id() device_id = faker.device_id() key_pair = faker.olm_key_pair() return OlmDevice(user_id, device_id, key_pair["ed25519"], key_pair["curve25519"])
def test_client_unknown_txid(self, olm_machine): alice_device = OlmDevice(olm_machine.user_id, olm_machine.device_id, olm_machine.account.identity_keys) bob_device = olm_machine.device_store[bob_id][bob_device_id] bob_sas = Sas(bob_device.user_id, bob_device.id, bob_device.ed25519, alice_device) start = { "sender": bob_device.user_id, "content": bob_sas.start_verification().content } start_event = KeyVerificationStart.from_dict(start) olm_machine.handle_key_verification(start_event) bob_key = {"sender": bob_id, "content": bob_sas.share_key().content} bob_key_event = KeyVerificationKey.from_dict(bob_key) bob_key_event.transaction_id = "unknown" olm_machine.handle_key_verification(bob_key_event) alice_sas = olm_machine.key_verifications[start_event.transaction_id] assert alice_sas assert not alice_sas.other_key_set assert (bob_key_event.transaction_id not in olm_machine.key_verifications)
def test_client_invalid_key(self, olm_machine): alice_device = OlmDevice(olm_machine.user_id, olm_machine.device_id, olm_machine.account.identity_keys) bob_sas = Sas( bob_id, bob_device_id, faker.olm_key_pair()["ed25519"], alice_device, ) start = { "sender": bob_id, "content": bob_sas.start_verification().content } start_event = KeyVerificationStart.from_dict(start) assert olm_machine.device_store[bob_id][bob_device_id] olm_machine.handle_key_verification(start_event) alice_sas = olm_machine.key_verifications[start_event.transaction_id] accept = { "sender": olm_machine.user_id, "content": alice_sas.accept_verification().content } accept_event = KeyVerificationAccept.from_dict(accept) bob_sas.receive_accept_event(accept_event) bob_key = {"sender": bob_id, "content": bob_sas.share_key().content} bob_key_event = KeyVerificationKey.from_dict(bob_key) olm_machine.handle_key_verification(bob_key_event) alice_key = { "sender": alice_id, "content": alice_sas.share_key().content } alice_key_event = KeyVerificationKey.from_dict(alice_key) bob_sas.receive_key_event(alice_key_event) assert alice_sas.other_key_set assert bob_sas.other_key_set bob_sas.accept_sas() bob_mac = {"sender": bob_id, "content": bob_sas.get_mac().content} bob_mac_event = KeyVerificationMac.from_dict(bob_mac) olm_machine.handle_key_verification(bob_mac_event) assert alice_sas.state == SasState.canceled assert not alice_sas.verified with pytest.raises(LocalProtocolError): alice_sas.accept_sas()
def olm_machine(): key_pair = Account().identity_keys bob_device = OlmDevice(BOB_DEVICE, BOB_DEVICE_ID, key_pair) store = SqliteMemoryStore(ALICE_ID, ALICE_DEVICE_ID) client = Olm(ALICE_ID, ALICE_DEVICE_ID, store) client.device_store.add(bob_device) store.save_device_keys(client.device_store) return client
def olm_device(self): user_id = faker.mx_id() device_id = faker.device_id() key_pair = faker.olm_key_pair() return OlmDevice( user_id, device_id, key_pair, )
def example_devices(self): devices = defaultdict(dict) for _ in range(10): device = faker.olm_device() devices[device.user_id][device.id] = device bob_device = OlmDevice(BOB_ID, BOB_DEVICE, { "ed25519": BOB_ONETIME, "curve25519": BOB_CURVE }) devices[BOB_ID][BOB_DEVICE] = bob_device return devices
def test_key_claiming(self, alice_client, async_client, aioresponse): loop = asyncio.get_event_loop() async_client.receive_response( LoginResponse.from_dict(self.login_response)) assert async_client.logged_in async_client.receive_response(self.encryption_sync_response) alice_client.load_store() alice_device = OlmDevice( ALICE_ID, ALICE_DEVICE_ID, alice_client.olm.account.identity_keys["ed25519"], alice_client.olm.account.identity_keys["curve25519"], ) async_client.device_store.add(alice_device) missing = async_client.get_missing_sessions(TEST_ROOM_ID) assert ALICE_ID in missing assert ALICE_DEVICE_ID in missing[ALICE_ID] to_share = alice_client.olm.share_keys() one_time_key = list(to_share["one_time_keys"].items())[0] key_claim_dict = { "one_time_keys": { ALICE_ID: { ALICE_DEVICE_ID: { one_time_key[0]: one_time_key[1] }, }, }, "failures": {}, } aioresponse.post( "https://example.org/_matrix/client/r0/keys/claim?access_token=abc123", status=200, payload=key_claim_dict) response = loop.run_until_complete(async_client.keys_claim(missing)) assert isinstance(response, KeysClaimResponse) assert not async_client.get_missing_sessions(TEST_ROOM_ID) assert async_client.olm.session_store.get(alice_device.curve25519)
def test_client_unknown_device(self, olm_machine): alice_device = OlmDevice(olm_machine.user_id, olm_machine.device_id, olm_machine.account.identity_keys) bob_device = faker.olm_device() bob_sas = Sas(bob_device.user_id, bob_device.id, bob_device.ed25519, alice_device) start = { "sender": bob_device.user_id, "content": bob_sas.start_verification().content } start_event = KeyVerificationStart.from_dict(start) olm_machine.handle_key_verification(start_event) assert start_event.transaction_id not in olm_machine.key_verifications assert bob_device.user_id in olm_machine.users_for_key_query
def test_client_unsupported_method(self, olm_machine): alice_device = OlmDevice(olm_machine.user_id, olm_machine.device_id, olm_machine.account.identity_keys) bob_device = olm_machine.device_store[bob_id][bob_device_id] bob_sas = Sas(bob_device.user_id, bob_device.id, bob_device.ed25519, alice_device) start = { "sender": bob_device.user_id, "content": bob_sas.start_verification().content } start_event = KeyVerificationStart.from_dict(start) start_event.method = "unsupported" assert not olm_machine.outgoing_to_device_messages olm_machine.handle_key_verification(start_event) assert start_event.transaction_id not in olm_machine.key_verifications assert olm_machine.outgoing_to_device_messages to_device = olm_machine.outgoing_to_device_messages[0] assert ( start_event.transaction_id == to_device.content["transaction_id"])
def test_duplicate_verification(self, olm_machine): alice_device = OlmDevice(olm_machine.user_id, olm_machine.device_id, olm_machine.account.identity_keys) bob_device = olm_machine.device_store[bob_id][bob_device_id] bob_sas = Sas(bob_device.user_id, bob_device.id, bob_device.ed25519, alice_device) start = { "sender": bob_device.user_id, "content": bob_sas.start_verification().content } start_event = KeyVerificationStart.from_dict(start) olm_machine.handle_key_verification(start_event) alice_sas = olm_machine.key_verifications[start_event.transaction_id] assert alice_sas olm_machine.handle_key_verification(start_event) assert alice_sas.canceled new_alice_sas = olm_machine.get_active_sas(bob_id, bob_device_id) assert new_alice_sas assert not new_alice_sas.canceled
from nio.crypto import Sas, SasState, OlmDevice from nio.exceptions import LocalProtocolError from nio.events import (KeyVerificationStart, KeyVerificationAccept, KeyVerificationKey, KeyVerificationMac) from helpers import faker alice_id = faker.mx_id() alice_device_id = faker.device_id() alice_keys = faker.olm_key_pair() bob_id = faker.mx_id() bob_device_id = faker.device_id() bob_keys = faker.olm_key_pair() alice_device = OlmDevice(alice_id, alice_device_id, alice_keys["ed25519"], alice_keys["curve25519"]) bob_device = OlmDevice(bob_id, bob_device_id, bob_keys["ed25519"], bob_keys["curve25519"]) class TestClass(object): def test_sas_creation(self): alice = Sas(alice_id, alice_device_id, alice_keys["ed25519"], bob_device) with pytest.raises(LocalProtocolError): alice.accept_verification() def test_sas_start(self): alice = Sas(
from helpers import faker from nio.crypto import OlmDevice, Sas, SasState from nio.events import (KeyVerificationAccept, KeyVerificationCancel, KeyVerificationKey, KeyVerificationMac, KeyVerificationStart) from nio.exceptions import LocalProtocolError alice_id = "@alice:example.org" alice_device_id = "JLAFKJWSCS" alice_keys = faker.olm_key_pair() bob_id = "@bob:example.org" bob_device_id = "JLAFKJWSRS" bob_keys = faker.olm_key_pair() alice_device = OlmDevice(alice_id, alice_device_id, alice_keys) bob_device = OlmDevice(bob_id, bob_device_id, bob_keys) class TestClass: def test_sas_creation(self): alice = Sas(alice_id, alice_device_id, alice_keys["ed25519"], bob_device) with pytest.raises(LocalProtocolError): alice.accept_verification() def test_sas_start(self): alice = Sas( alice_id,