def test_bad_signature(self): # do not allow anonymous and signature is not good context = BaseContext() context.logger = logging.getLogger(__name__) context.config = { 'auth': { 'puk-file': os.path.join(os.path.dirname(os.path.realpath(__file__)), "passwd"), 'allow-only-registered': True } } s = Session() s.client_id = "client_using_secp256k1" # secp256k1 public key from int(hashlib.sha256(b"secret").digets()) # puk = '030cfbf62534dfa5f32e37145b27d2875c1a1ecf884e39f0b098e962acc7aeaaa7' # prk = '2c495f4933631f014d93f059c15b03bac6eaaead53a675e09574c4bcccab09d6' s.username = "******" # the puk actually prk = binascii.unhexlify( "2c495f4933631f014d93f059c15b03bac6eaaead53a675e09574c4bcccab09d6") msg = schnorr.hash_sha256( datetime.datetime.utcnow().isoformat()[:18] + s.client_id[1:] ) # remove first char of client_id to generate a bad signature s.password = binascii.hexlify(schnorr.sign(msg, prk)) auth_plugin = EcdsaAuthPlugin(context) ret = self.loop.run_until_complete(auth_plugin.authenticate(session=s)) self.assertFalse(ret)
def test_bad_anonymous(self): # do not allow anonymous and signature is not good context = BaseContext() context.logger = logging.getLogger(__name__) context.config = { 'auth': { 'puk-file': os.path.join(os.path.dirname(os.path.realpath(__file__)), "passwd"), 'allow-only-registered': False } } s = Session() s.client_id = "client_using_secp256k1" # secp256k1 public key from int(hashlib.sha256(b"other secret").digets()) # puk = '02d3a9b4022ab24b9218ae3290d2cbecf6d773ef70769afe9f15e7055a79cc90c4' # prk = 'fffc49122308b5e5666e6874ff4535d5a0e3f270a3a7545703c59da25378cbb3' s.username = "******" prk = binascii.unhexlify( "fffc49122308b5e5666e6874ff4535d5a0e3f270a3a7545703c59da25378cbb3") msg = schnorr.hash_sha256(datetime.datetime.utcnow().isoformat()[:18] + s.client_id[1:]) s.password = binascii.hexlify(schnorr.sign(msg, prk)) auth_plugin = EcdsaAuthPlugin(context) ret = self.loop.run_until_complete(auth_plugin.authenticate(session=s)) self.assertFalse(ret)
def main(*args, **kwargs): if sys.version_info[:2] < (3, 4): logger.fatal("Error: Python 3.4+ is required") sys.exit(-1) arguments = docopt(__doc__, version=get_version()) formatter = "[%(asctime)s] :: %(levelname)s - %(message)s" if arguments['-d']: level = logging.DEBUG else: level = logging.INFO logging.basicConfig(level=level, format=formatter) config = None if arguments['-c']: config = read_yaml_config(arguments['-c']) else: config = read_yaml_config(os.path.join(os.path.dirname(os.path.realpath(__file__)), 'default_client.yaml')) logger.debug("Using default configuration") loop = asyncio.get_event_loop() client_id = arguments.get("-i", None) if not client_id: client_id = _gen_client_id() if arguments['-k']: config['keep_alive'] = int(arguments['-k']) if arguments['--will-topic'] and arguments['--will-message'] and arguments['--will-qos']: config['will'] = dict() config['will']['topic'] = arguments['--will-topic'] config['will']['message'] = arguments['--will-message'].encode('utf-8') config['will']['qos'] = int(arguments['--will-qos']) config['will']['retain'] = arguments['--will-retain'] if arguments['--schnorr'] or arguments['--ecdsa']: arguments['--clean-session'] = True msg = schnorr.hash_sha256( datetime.datetime.utcnow().isoformat()[:18] + client_id ) if arguments['--schnorr'] is not None: arg = _load_if_is_file(arguments["--schnorr"]) prk = schnorr.hash_sha256(arg) sig = binascii.hexlify(schnorr.sign(msg, prk)) else: arg = _load_if_is_file(arguments["--ecdsa"]) prk = ecdsa.hash_sha256(arg) sig = binascii.hexlify(ecdsa.sign(msg, prk)) parse = urlparse.urlparse(arguments["--url"]) puk = binascii.hexlify( schnorr.encoded_from_point( schnorr.G * schnorr.int.from_bytes(prk, byteorder="big") ) ) arguments["--url"] = urlparse.urlunparse( parse._replace(netloc="%s:%s@%s" % ( puk.decode("utf-8"), sig.decode("utf-8"), parse.netloc.split("@")[-1] )) ) client = MQTTClient(client_id=client_id, config=config, loop=loop) loop.run_until_complete(do_pub(client, arguments)) loop.close()