class ServerHelloTest(BaseTestCase): def setUp(self): self.channel = DummyAuthChannel(self.get_keyfile()) self.session = ClientSession('source', self.channel) self.session.do_client_hello() self.R_b = self.channel.sent_messages.pop(0).msg[2:-8] def test_response_to_valid_server_hello(self): msg = b'\x80' + b'\x00' * 8 mac = handshake_mac(self.shared_secret, msg, self.R_b) response = self.get_response(msg + mac).msg self.assert_message_type(response, 0x01) expected_mac = handshake_mac(self.shared_secret, response[:-8], b'\x00' * 8) self.assertEqual(response[-8:], expected_mac) def test_server_hello_invalid_length(self): msg = b'\x80' mac = handshake_mac(self.shared_secret, msg, self.R_b) response = self.get_response(msg + mac) self.assertIsNone(response) def test_server_hello_invalid_mac(self): msg = b'\x80' + b'\x00' * 16 response = self.get_response(msg) self.assertIsNone(response)
class ServerHelloTest(BaseTestCase): def setUp(self): self.channel = DummyAuthChannel(self.get_keyfile()) self.session = ClientSession('source', self.channel) self.session.do_client_hello() self.R_b = self.channel.sent_messages.pop(0).msg[2:-8] def test_response_to_valid_server_hello(self): msg = b'\x80' + b'\x00'*8 mac = handshake_mac(self.shared_secret, msg, self.R_b) response = self.get_response(msg + mac).msg self.assert_message_type(response, 0x01) expected_mac = handshake_mac(self.shared_secret, response[:-8], b'\x00'*8) self.assertEqual(response[-8:], expected_mac) def test_server_hello_invalid_length(self): msg = b'\x80' mac = handshake_mac(self.shared_secret, msg, self.R_b) response = self.get_response(msg + mac) self.assertIsNone(response) def test_server_hello_invalid_mac(self): msg = b'\x80' + b'\x00'*16 response = self.get_response(msg) self.assertIsNone(response)
class SATest(BaseTestCase): def setUp(self): self.channel = DummyAuthChannel(self.get_keyfile()) self.session = ClientSession('source', self.channel) self.session.do_client_hello() self.R_b = self.channel.sent_messages.pop(0).msg[2:-8] server_hello = b'\x80' + b'\x00'*8 server_hello_mac = handshake_mac(self.shared_secret, server_hello, self.R_b) self.session_key = HKDF(b'\x00'*8 + self.R_b, self.shared_secret).expand(info=b'1.0', length=16) self.session.handle(server_hello + server_hello_mac) self.sa_proposal = self.channel.sent_messages.pop(0).msg def test_sent_valid_sa_proposal(self): self.assert_message_type(self.sa_proposal, 0x01) # Should have sent a default empty proposal self.assertEqual(len(self.sa_proposal), 9) expected_mac = handshake_mac(self.shared_secret, b'\x01', b'\x00'*8) self.assertEqual(self.sa_proposal[-8:], expected_mac) def test_response_to_valid_sa(self): msg = b'\x81' + cbor.dumps({'mac': 'sha3_256', 'mac_len': 8}) mac = handshake_mac(self.session_key, msg) self.session.handle(msg + mac) self.assertEqual(self.session.other_seq, 0) self.assertEqual(self.session.state, ClientState.established) def test_sa_invalid_mac(self): msg = b'\x81' + cbor.dumps({'mac': 'sha3_256', 'mac_len': 8}) + b'\x00'*8 self.session.handle(msg) self.assertEqual(self.session.state, ClientState.wait_for_sa) def test_sa_invalid_cbor_data(self): test_data = [ # invalid data b'', b'\xff', # wrong type cbor.dumps([]), # missing parameters cbor.dumps({}), cbor.dumps({'mac': 'sha3_256'}), cbor.dumps({'mac_len': 8}), # invalid mac cbor.dumps({'mac': 'foobar', 'mac_len': 8}), cbor.dumps({'mac': -1, 'mac_len': 8}), # invalid mac_len cbor.dumps({'mac_len': 'foobar', 'mac': 'sha3_256'}), cbor.dumps({'mac_len': -1, 'mac': 'sha3_256'}), ] for data in test_data: msg = b'\x81' + data mac = handshake_mac(self.session_key, msg) self.session.handle(msg + mac) self.assertEqual(self.session.state, ClientState.wait_for_sa)
class InvalidMessagesTest(BaseTestCase): def setUp(self): self.channel = DummyAuthChannel(self.get_keyfile()) self.session = ClientSession('source', self.channel) def test_receive_empty_message(self): # Should not fail self.session.handle('') def test_send_before_connect(self): self.assertRaises(NutsInvalidState, self.session.send, 'Hello, world')
class ClientHelloTest(BaseTestCase): def setUp(self): self.channel = DummyAuthChannel(self.get_keyfile()) self.session = ClientSession('source', self.channel) def test_client_hello(self): self.session.do_client_hello() response = self.channel.sent_messages.pop(0).msg self.assert_message_type(response, 0x00) self.assertEqual(len(response), 18) expected_mac = handshake_mac(self.shared_secret, response[:-8]) self.assertEqual(response[-8:], expected_mac)
def setUp(self): self.channel = DummyAuthChannel(self.get_keyfile()) self.session = ClientSession('source', self.channel) self.session.do_client_hello() self.R_b = self.channel.sent_messages.pop(0).msg[2:-8] server_hello = b'\x80' + b'\x00' * 8 server_hello_mac = handshake_mac(self.shared_secret, server_hello, self.R_b) self.session_key = HKDF(b'\x00' * 8 + self.R_b, self.shared_secret).expand(info=b'1.0', length=16) self.session.handle(server_hello + server_hello_mac) self.sa_proposal = self.channel.sent_messages.pop(0).msg
def setUp(self): print('Starting general setup') self.channel = DummyAuthChannel(self.get_keyfile()) self.session = ClientSession('source', self.channel) self.session.do_client_hello() R_b = self.channel.sent_messages.pop(0).msg[2:-8] server_hello = b'\x80' + b'\x00' * 8 server_hello_mac = handshake_mac(self.shared_secret, server_hello, R_b) self.session.handle(server_hello + server_hello_mac) self.channel.sent_messages.pop(0) sa = b'\x81' + cbor.dumps({'mac': self.mac, 'mac_len': self.mac_len}) self.session_key = HKDF(b'\x00' * 8 + R_b, self.shared_secret).expand(info=b'1.0', length=16) sa_mac = handshake_mac(self.session_key, sa) self.session.handle(sa + sa_mac) print('Inbox on start: %s' % self.channel.sent_messages)
def setUp(self): self.channel = DummyAuthChannel(self.get_keyfile()) self.session = ClientSession('source', self.channel) self.session.do_client_hello() self.R_b = self.channel.sent_messages.pop(0).msg[2:-8] server_hello = b'\x80' + b'\x00'*8 server_hello_mac = handshake_mac(self.shared_secret, server_hello, self.R_b) self.session_key = HKDF(b'\x00'*8 + self.R_b, self.shared_secret).expand(info=b'1.0', length=16) self.session.handle(server_hello + server_hello_mac) self.sa_proposal = self.channel.sent_messages.pop(0).msg
class EstablishedSessionTestCase(BaseTestCase): mac_len = 8 mac = 'sha3_256' def setUp(self): print('Starting general setup') self.channel = DummyAuthChannel(self.get_keyfile()) self.session = ClientSession('source', self.channel) self.session.do_client_hello() R_b = self.channel.sent_messages.pop(0).msg[2:-8] server_hello = b'\x80' + b'\x00'*8 server_hello_mac = handshake_mac(self.shared_secret, server_hello, R_b) self.session.handle(server_hello + server_hello_mac) self.channel.sent_messages.pop(0) sa = b'\x81' + cbor.dumps({'mac': self.mac, 'mac_len': self.mac_len}) self.session_key = HKDF(b'\x00'*8 + R_b, self.shared_secret).expand(info=b'1.0', length=16) sa_mac = handshake_mac(self.session_key, sa) self.session.handle(sa + sa_mac) print('Inbox on start: %s' % self.channel.sent_messages) def get_mac(self, data): mac_func = getattr(hashlib, self.mac) return mac_func(self.session_key + data).digest()[:self.mac_len]
class EstablishedSessionTestCase(BaseTestCase): mac_len = 8 mac = 'sha3_256' def setUp(self): print('Starting general setup') self.channel = DummyAuthChannel(self.get_keyfile()) self.session = ClientSession('source', self.channel) self.session.do_client_hello() R_b = self.channel.sent_messages.pop(0).msg[2:-8] server_hello = b'\x80' + b'\x00' * 8 server_hello_mac = handshake_mac(self.shared_secret, server_hello, R_b) self.session.handle(server_hello + server_hello_mac) self.channel.sent_messages.pop(0) sa = b'\x81' + cbor.dumps({'mac': self.mac, 'mac_len': self.mac_len}) self.session_key = HKDF(b'\x00' * 8 + R_b, self.shared_secret).expand(info=b'1.0', length=16) sa_mac = handshake_mac(self.session_key, sa) self.session.handle(sa + sa_mac) print('Inbox on start: %s' % self.channel.sent_messages) def get_mac(self, data): mac_func = getattr(hashlib, self.mac) return mac_func(self.session_key + data).digest()[:self.mac_len]
def setUp(self): print('Starting general setup') self.channel = DummyAuthChannel(self.get_keyfile()) self.session = ClientSession('source', self.channel) self.session.do_client_hello() R_b = self.channel.sent_messages.pop(0).msg[2:-8] server_hello = b'\x80' + b'\x00'*8 server_hello_mac = handshake_mac(self.shared_secret, server_hello, R_b) self.session.handle(server_hello + server_hello_mac) self.channel.sent_messages.pop(0) sa = b'\x81' + cbor.dumps({'mac': self.mac, 'mac_len': self.mac_len}) self.session_key = HKDF(b'\x00'*8 + R_b, self.shared_secret).expand(info=b'1.0', length=16) sa_mac = handshake_mac(self.session_key, sa) self.session.handle(sa + sa_mac) print('Inbox on start: %s' % self.channel.sent_messages)
def setUp(self): self.channel = DummyAuthChannel(self.get_keyfile()) self.session = ClientSession('source', self.channel)
def setUp(self): self.channel = DummyAuthChannel(self.get_keyfile()) self.session = ClientSession('source', self.channel) self.session.do_client_hello() self.R_b = self.channel.sent_messages.pop(0).msg[2:-8]
class SATest(BaseTestCase): def setUp(self): self.channel = DummyAuthChannel(self.get_keyfile()) self.session = ClientSession('source', self.channel) self.session.do_client_hello() self.R_b = self.channel.sent_messages.pop(0).msg[2:-8] server_hello = b'\x80' + b'\x00' * 8 server_hello_mac = handshake_mac(self.shared_secret, server_hello, self.R_b) self.session_key = HKDF(b'\x00' * 8 + self.R_b, self.shared_secret).expand(info=b'1.0', length=16) self.session.handle(server_hello + server_hello_mac) self.sa_proposal = self.channel.sent_messages.pop(0).msg def test_sent_valid_sa_proposal(self): self.assert_message_type(self.sa_proposal, 0x01) # Should have sent a default empty proposal self.assertEqual(len(self.sa_proposal), 9) expected_mac = handshake_mac(self.shared_secret, b'\x01', b'\x00' * 8) self.assertEqual(self.sa_proposal[-8:], expected_mac) def test_response_to_valid_sa(self): msg = b'\x81' + cbor.dumps({'mac': 'sha3_256', 'mac_len': 8}) mac = handshake_mac(self.session_key, msg) self.session.handle(msg + mac) self.assertEqual(self.session.other_seq, 0) self.assertEqual(self.session.state, ClientState.established) def test_sa_invalid_mac(self): msg = b'\x81' + cbor.dumps({ 'mac': 'sha3_256', 'mac_len': 8 }) + b'\x00' * 8 self.session.handle(msg) self.assertEqual(self.session.state, ClientState.wait_for_sa) def test_sa_invalid_cbor_data(self): test_data = [ # invalid data b'', b'\xff', # wrong type cbor.dumps([]), # missing parameters cbor.dumps({}), cbor.dumps({'mac': 'sha3_256'}), cbor.dumps({'mac_len': 8}), # invalid mac cbor.dumps({ 'mac': 'foobar', 'mac_len': 8 }), cbor.dumps({ 'mac': -1, 'mac_len': 8 }), # invalid mac_len cbor.dumps({ 'mac_len': 'foobar', 'mac': 'sha3_256' }), cbor.dumps({ 'mac_len': -1, 'mac': 'sha3_256' }), ] for data in test_data: msg = b'\x81' + data mac = handshake_mac(self.session_key, msg) self.session.handle(msg + mac) self.assertEqual(self.session.state, ClientState.wait_for_sa)