class ServerHelloTest(BaseTestCase):
def setUp(self):
self.channel = DummyAuthChannel(self.get_keyfile())
self.session = ClientSession('source', self.channel)
self.session.do_client_hello()
self.R_b = self.channel.sent_messages.pop(0).msg[2:-8]
def test_response_to_valid_server_hello(self):
msg = b'\x80' + b'\x00' * 8
mac = handshake_mac(self.shared_secret, msg, self.R_b)
response = self.get_response(msg + mac).msg
self.assert_message_type(response, 0x01)
expected_mac = handshake_mac(self.shared_secret, response[:-8],
b'\x00' * 8)
self.assertEqual(response[-8:], expected_mac)
def test_server_hello_invalid_length(self):
msg = b'\x80'
mac = handshake_mac(self.shared_secret, msg, self.R_b)
response = self.get_response(msg + mac)
self.assertIsNone(response)
def test_server_hello_invalid_mac(self):
msg = b'\x80' + b'\x00' * 16
response = self.get_response(msg)
self.assertIsNone(response)
class ServerHelloTest(BaseTestCase):
def setUp(self):
self.channel = DummyAuthChannel(self.get_keyfile())
self.session = ClientSession('source', self.channel)
self.session.do_client_hello()
self.R_b = self.channel.sent_messages.pop(0).msg[2:-8]
def test_response_to_valid_server_hello(self):
msg = b'\x80' + b'\x00'*8
mac = handshake_mac(self.shared_secret, msg, self.R_b)
response = self.get_response(msg + mac).msg
self.assert_message_type(response, 0x01)
expected_mac = handshake_mac(self.shared_secret, response[:-8], b'\x00'*8)
self.assertEqual(response[-8:], expected_mac)
def test_server_hello_invalid_length(self):
msg = b'\x80'
mac = handshake_mac(self.shared_secret, msg, self.R_b)
response = self.get_response(msg + mac)
self.assertIsNone(response)
def test_server_hello_invalid_mac(self):
msg = b'\x80' + b'\x00'*16
response = self.get_response(msg)
self.assertIsNone(response)
class SATest(BaseTestCase):
def setUp(self):
self.channel = DummyAuthChannel(self.get_keyfile())
self.session = ClientSession('source', self.channel)
self.session.do_client_hello()
self.R_b = self.channel.sent_messages.pop(0).msg[2:-8]
server_hello = b'\x80' + b'\x00'*8
server_hello_mac = handshake_mac(self.shared_secret, server_hello, self.R_b)
self.session_key = HKDF(b'\x00'*8 + self.R_b, self.shared_secret).expand(info=b'1.0', length=16)
self.session.handle(server_hello + server_hello_mac)
self.sa_proposal = self.channel.sent_messages.pop(0).msg
def test_sent_valid_sa_proposal(self):
self.assert_message_type(self.sa_proposal, 0x01)
# Should have sent a default empty proposal
self.assertEqual(len(self.sa_proposal), 9)
expected_mac = handshake_mac(self.shared_secret, b'\x01', b'\x00'*8)
self.assertEqual(self.sa_proposal[-8:], expected_mac)
def test_response_to_valid_sa(self):
msg = b'\x81' + cbor.dumps({'mac': 'sha3_256', 'mac_len': 8})
mac = handshake_mac(self.session_key, msg)
self.session.handle(msg + mac)
self.assertEqual(self.session.other_seq, 0)
self.assertEqual(self.session.state, ClientState.established)
def test_sa_invalid_mac(self):
msg = b'\x81' + cbor.dumps({'mac': 'sha3_256', 'mac_len': 8}) + b'\x00'*8
self.session.handle(msg)
self.assertEqual(self.session.state, ClientState.wait_for_sa)
def test_sa_invalid_cbor_data(self):
test_data = [
# invalid data
b'',
b'\xff',
# wrong type
cbor.dumps([]),
# missing parameters
cbor.dumps({}),
cbor.dumps({'mac': 'sha3_256'}),
cbor.dumps({'mac_len': 8}),
# invalid mac
cbor.dumps({'mac': 'foobar', 'mac_len': 8}),
cbor.dumps({'mac': -1, 'mac_len': 8}),
# invalid mac_len
cbor.dumps({'mac_len': 'foobar', 'mac': 'sha3_256'}),
cbor.dumps({'mac_len': -1, 'mac': 'sha3_256'}),
]
for data in test_data:
msg = b'\x81' + data
mac = handshake_mac(self.session_key, msg)
self.session.handle(msg + mac)
self.assertEqual(self.session.state, ClientState.wait_for_sa)
class InvalidMessagesTest(BaseTestCase):
def setUp(self):
self.channel = DummyAuthChannel(self.get_keyfile())
self.session = ClientSession('source', self.channel)
def test_receive_empty_message(self):
# Should not fail
self.session.handle('')
def test_send_before_connect(self):
self.assertRaises(NutsInvalidState, self.session.send, 'Hello, world')
class ClientHelloTest(BaseTestCase):
def setUp(self):
self.channel = DummyAuthChannel(self.get_keyfile())
self.session = ClientSession('source', self.channel)
def test_client_hello(self):
self.session.do_client_hello()
response = self.channel.sent_messages.pop(0).msg
self.assert_message_type(response, 0x00)
self.assertEqual(len(response), 18)
expected_mac = handshake_mac(self.shared_secret, response[:-8])
self.assertEqual(response[-8:], expected_mac)
def setUp(self):
self.channel = DummyAuthChannel(self.get_keyfile())
self.session = ClientSession('source', self.channel)
self.session.do_client_hello()
self.R_b = self.channel.sent_messages.pop(0).msg[2:-8]
server_hello = b'\x80' + b'\x00' * 8
server_hello_mac = handshake_mac(self.shared_secret, server_hello,
self.R_b)
self.session_key = HKDF(b'\x00' * 8 + self.R_b,
self.shared_secret).expand(info=b'1.0',
length=16)
self.session.handle(server_hello + server_hello_mac)
self.sa_proposal = self.channel.sent_messages.pop(0).msg
class ClientHelloTest(BaseTestCase):
def setUp(self):
self.channel = DummyAuthChannel(self.get_keyfile())
self.session = ClientSession('source', self.channel)
def test_client_hello(self):
self.session.do_client_hello()
response = self.channel.sent_messages.pop(0).msg
self.assert_message_type(response, 0x00)
self.assertEqual(len(response), 18)
expected_mac = handshake_mac(self.shared_secret, response[:-8])
self.assertEqual(response[-8:], expected_mac)
class InvalidMessagesTest(BaseTestCase):
def setUp(self):
self.channel = DummyAuthChannel(self.get_keyfile())
self.session = ClientSession('source', self.channel)
def test_receive_empty_message(self):
# Should not fail
self.session.handle('')
def test_send_before_connect(self):
self.assertRaises(NutsInvalidState, self.session.send, 'Hello, world')
def setUp(self):
print('Starting general setup')
self.channel = DummyAuthChannel(self.get_keyfile())
self.session = ClientSession('source', self.channel)
self.session.do_client_hello()
R_b = self.channel.sent_messages.pop(0).msg[2:-8]
server_hello = b'\x80' + b'\x00' * 8
server_hello_mac = handshake_mac(self.shared_secret, server_hello, R_b)
self.session.handle(server_hello + server_hello_mac)
self.channel.sent_messages.pop(0)
sa = b'\x81' + cbor.dumps({'mac': self.mac, 'mac_len': self.mac_len})
self.session_key = HKDF(b'\x00' * 8 + R_b,
self.shared_secret).expand(info=b'1.0',
length=16)
sa_mac = handshake_mac(self.session_key, sa)
self.session.handle(sa + sa_mac)
print('Inbox on start: %s' % self.channel.sent_messages)
def setUp(self):
self.channel = DummyAuthChannel(self.get_keyfile())
self.session = ClientSession('source', self.channel)
self.session.do_client_hello()
self.R_b = self.channel.sent_messages.pop(0).msg[2:-8]
server_hello = b'\x80' + b'\x00'*8
server_hello_mac = handshake_mac(self.shared_secret, server_hello, self.R_b)
self.session_key = HKDF(b'\x00'*8 + self.R_b, self.shared_secret).expand(info=b'1.0', length=16)
self.session.handle(server_hello + server_hello_mac)
self.sa_proposal = self.channel.sent_messages.pop(0).msg
class EstablishedSessionTestCase(BaseTestCase):
mac_len = 8
mac = 'sha3_256'
def setUp(self):
print('Starting general setup')
self.channel = DummyAuthChannel(self.get_keyfile())
self.session = ClientSession('source', self.channel)
self.session.do_client_hello()
R_b = self.channel.sent_messages.pop(0).msg[2:-8]
server_hello = b'\x80' + b'\x00'*8
server_hello_mac = handshake_mac(self.shared_secret, server_hello, R_b)
self.session.handle(server_hello + server_hello_mac)
self.channel.sent_messages.pop(0)
sa = b'\x81' + cbor.dumps({'mac': self.mac, 'mac_len': self.mac_len})
self.session_key = HKDF(b'\x00'*8 + R_b, self.shared_secret).expand(info=b'1.0', length=16)
sa_mac = handshake_mac(self.session_key, sa)
self.session.handle(sa + sa_mac)
print('Inbox on start: %s' % self.channel.sent_messages)
def get_mac(self, data):
mac_func = getattr(hashlib, self.mac)
return mac_func(self.session_key + data).digest()[:self.mac_len]
class EstablishedSessionTestCase(BaseTestCase):
mac_len = 8
mac = 'sha3_256'
def setUp(self):
print('Starting general setup')
self.channel = DummyAuthChannel(self.get_keyfile())
self.session = ClientSession('source', self.channel)
self.session.do_client_hello()
R_b = self.channel.sent_messages.pop(0).msg[2:-8]
server_hello = b'\x80' + b'\x00' * 8
server_hello_mac = handshake_mac(self.shared_secret, server_hello, R_b)
self.session.handle(server_hello + server_hello_mac)
self.channel.sent_messages.pop(0)
sa = b'\x81' + cbor.dumps({'mac': self.mac, 'mac_len': self.mac_len})
self.session_key = HKDF(b'\x00' * 8 + R_b,
self.shared_secret).expand(info=b'1.0',
length=16)
sa_mac = handshake_mac(self.session_key, sa)
self.session.handle(sa + sa_mac)
print('Inbox on start: %s' % self.channel.sent_messages)
def get_mac(self, data):
mac_func = getattr(hashlib, self.mac)
return mac_func(self.session_key + data).digest()[:self.mac_len]
def setUp(self):
print('Starting general setup')
self.channel = DummyAuthChannel(self.get_keyfile())
self.session = ClientSession('source', self.channel)
self.session.do_client_hello()
R_b = self.channel.sent_messages.pop(0).msg[2:-8]
server_hello = b'\x80' + b'\x00'*8
server_hello_mac = handshake_mac(self.shared_secret, server_hello, R_b)
self.session.handle(server_hello + server_hello_mac)
self.channel.sent_messages.pop(0)
sa = b'\x81' + cbor.dumps({'mac': self.mac, 'mac_len': self.mac_len})
self.session_key = HKDF(b'\x00'*8 + R_b, self.shared_secret).expand(info=b'1.0', length=16)
sa_mac = handshake_mac(self.session_key, sa)
self.session.handle(sa + sa_mac)
print('Inbox on start: %s' % self.channel.sent_messages)
def setUp(self):
self.channel = DummyAuthChannel(self.get_keyfile())
self.session = ClientSession('source', self.channel)
def setUp(self):
self.channel = DummyAuthChannel(self.get_keyfile())
self.session = ClientSession('source', self.channel)
self.session.do_client_hello()
self.R_b = self.channel.sent_messages.pop(0).msg[2:-8]
def setUp(self):
self.channel = DummyAuthChannel(self.get_keyfile())
self.session = ClientSession('source', self.channel)
def setUp(self):
self.channel = DummyAuthChannel(self.get_keyfile())
self.session = ClientSession('source', self.channel)
self.session.do_client_hello()
self.R_b = self.channel.sent_messages.pop(0).msg[2:-8]
class SATest(BaseTestCase):
def setUp(self):
self.channel = DummyAuthChannel(self.get_keyfile())
self.session = ClientSession('source', self.channel)
self.session.do_client_hello()
self.R_b = self.channel.sent_messages.pop(0).msg[2:-8]
server_hello = b'\x80' + b'\x00' * 8
server_hello_mac = handshake_mac(self.shared_secret, server_hello,
self.R_b)
self.session_key = HKDF(b'\x00' * 8 + self.R_b,
self.shared_secret).expand(info=b'1.0',
length=16)
self.session.handle(server_hello + server_hello_mac)
self.sa_proposal = self.channel.sent_messages.pop(0).msg
def test_sent_valid_sa_proposal(self):
self.assert_message_type(self.sa_proposal, 0x01)
# Should have sent a default empty proposal
self.assertEqual(len(self.sa_proposal), 9)
expected_mac = handshake_mac(self.shared_secret, b'\x01', b'\x00' * 8)
self.assertEqual(self.sa_proposal[-8:], expected_mac)
def test_response_to_valid_sa(self):
msg = b'\x81' + cbor.dumps({'mac': 'sha3_256', 'mac_len': 8})
mac = handshake_mac(self.session_key, msg)
self.session.handle(msg + mac)
self.assertEqual(self.session.other_seq, 0)
self.assertEqual(self.session.state, ClientState.established)
def test_sa_invalid_mac(self):
msg = b'\x81' + cbor.dumps({
'mac': 'sha3_256',
'mac_len': 8
}) + b'\x00' * 8
self.session.handle(msg)
self.assertEqual(self.session.state, ClientState.wait_for_sa)
def test_sa_invalid_cbor_data(self):
test_data = [
# invalid data
b'',
b'\xff',
# wrong type
cbor.dumps([]),
# missing parameters
cbor.dumps({}),
cbor.dumps({'mac': 'sha3_256'}),
cbor.dumps({'mac_len': 8}),
# invalid mac
cbor.dumps({
'mac': 'foobar',
'mac_len': 8
}),
cbor.dumps({
'mac': -1,
'mac_len': 8
}),
# invalid mac_len
cbor.dumps({
'mac_len': 'foobar',
'mac': 'sha3_256'
}),
cbor.dumps({
'mac_len': -1,
'mac': 'sha3_256'
}),
]
for data in test_data:
msg = b'\x81' + data
mac = handshake_mac(self.session_key, msg)
self.session.handle(msg + mac)
self.assertEqual(self.session.state, ClientState.wait_for_sa)