mirror of
https://github.com/aljazceru/python-teos.git
synced 2025-12-17 14:14:22 +01:00
250 lines
8.4 KiB
Python
250 lines
8.4 KiB
Python
import os
|
|
import pytest
|
|
from coincurve import PrivateKey, PublicKey
|
|
from cryptography.hazmat.backends import default_backend
|
|
from cryptography.hazmat.primitives.asymmetric import ec
|
|
from cryptography.hazmat.primitives import serialization
|
|
|
|
from common.exceptions import InvalidKey, InvalidParameter, EncryptionError, SignatureError
|
|
from common.cryptographer import Cryptographer
|
|
from test.common.unit.conftest import get_random_value_hex
|
|
|
|
data = "6097cdf52309b1b2124efeed36bd34f46dc1c25ad23ac86f28380f746254f777"
|
|
key = "b2e984a570f6f49bc38ace178e09147b0aa296cbb7c92eb01412f7e2d07b5659"
|
|
encrypted_data = "8f31028097a8bf12a92e088caab5cf3fcddf0d35ed2b72c24b12269373efcdea04f9d2a820adafe830c20ff132d89810"
|
|
|
|
|
|
WRONG_TYPES = [None, 2134, 14.56, str(), list(), dict()]
|
|
|
|
|
|
def generate_keypair():
|
|
sk = PrivateKey()
|
|
pk = sk.public_key
|
|
|
|
return sk, pk
|
|
|
|
|
|
def test_check_data_key_format_wrong_data():
|
|
data = get_random_value_hex(64)[:-1]
|
|
key = get_random_value_hex(32)
|
|
|
|
with pytest.raises(InvalidParameter, match="Odd-length"):
|
|
Cryptographer.check_data_key_format(data, key)
|
|
|
|
|
|
def test_check_data_key_format_wrong_key():
|
|
data = get_random_value_hex(64)
|
|
key = get_random_value_hex(33)
|
|
|
|
with pytest.raises(InvalidParameter, match="32-byte hex value"):
|
|
Cryptographer.check_data_key_format(data, key)
|
|
|
|
|
|
def test_check_data_key_format():
|
|
data = get_random_value_hex(64)
|
|
key = get_random_value_hex(32)
|
|
|
|
# Correct format does not raise anything
|
|
Cryptographer.check_data_key_format(data, key)
|
|
|
|
|
|
def test_encrypt_odd_length_data():
|
|
blob = get_random_value_hex(64)[-1]
|
|
key = get_random_value_hex(32)
|
|
|
|
with pytest.raises(InvalidParameter, match="Odd-length"):
|
|
Cryptographer.encrypt(blob, key)
|
|
|
|
|
|
def test_encrypt_wrong_key_size():
|
|
blob = get_random_value_hex(64)
|
|
key = get_random_value_hex(31)
|
|
|
|
with pytest.raises(InvalidParameter, match="32-byte hex value"):
|
|
Cryptographer.encrypt(blob, key)
|
|
|
|
|
|
def test_encrypt():
|
|
assert Cryptographer.encrypt(data, key) == encrypted_data
|
|
|
|
|
|
def test_decrypt_invalid_tag():
|
|
random_key = get_random_value_hex(32)
|
|
random_encrypted_data = get_random_value_hex(64)
|
|
random_encrypted_blob = random_encrypted_data
|
|
|
|
# Trying to decrypt random data should result in an EncryptionError
|
|
with pytest.raises(EncryptionError, match="Cannot decrypt blob with the provided key"):
|
|
Cryptographer.decrypt(random_encrypted_blob, random_key)
|
|
|
|
|
|
def test_decrypt_odd_length_data():
|
|
random_key = get_random_value_hex(32)
|
|
random_encrypted_data_odd = get_random_value_hex(64)[:-1]
|
|
random_encrypted_blob_odd = random_encrypted_data_odd
|
|
|
|
with pytest.raises(InvalidParameter, match="Odd-length"):
|
|
Cryptographer.decrypt(random_encrypted_blob_odd, random_key)
|
|
|
|
|
|
def test_decrypt_wrong_key_size():
|
|
random_key = get_random_value_hex(31)
|
|
random_encrypted_data_odd = get_random_value_hex(64)
|
|
random_encrypted_blob_odd = random_encrypted_data_odd
|
|
|
|
with pytest.raises(InvalidParameter, match="32-byte hex value"):
|
|
Cryptographer.decrypt(random_encrypted_blob_odd, random_key)
|
|
|
|
|
|
def test_decrypt():
|
|
# Valid data should run with no InvalidTag and verify
|
|
assert Cryptographer.decrypt(encrypted_data, key) == data
|
|
|
|
|
|
def test_load_key_file():
|
|
dummy_sk = ec.generate_private_key(ec.SECP256K1, default_backend())
|
|
dummy_sk_der = dummy_sk.private_bytes(
|
|
encoding=serialization.Encoding.DER,
|
|
format=serialization.PrivateFormat.TraditionalOpenSSL,
|
|
encryption_algorithm=serialization.NoEncryption(),
|
|
)
|
|
|
|
# If file exists and has data in it, function should work.
|
|
with open("key_test_file", "wb") as f:
|
|
f.write(dummy_sk_der)
|
|
|
|
Cryptographer.load_key_file("key_test_file")
|
|
os.remove("key_test_file")
|
|
|
|
# If file doesn't exist, function should return None
|
|
with pytest.raises(InvalidParameter, match="file not found"):
|
|
Cryptographer.load_key_file("nonexistent_file")
|
|
|
|
with pytest.raises(InvalidParameter, match="file path was expected"):
|
|
Cryptographer.load_key_file(0)
|
|
|
|
with pytest.raises(InvalidParameter, match="file path was expected"):
|
|
Cryptographer.load_key_file(None)
|
|
|
|
|
|
def test_load_private_key_der():
|
|
# load_private_key_der expects a byte encoded data. Any other should fail and return None
|
|
for wtype in WRONG_TYPES:
|
|
with pytest.raises(InvalidKey, match="(wrong type)"):
|
|
Cryptographer.load_private_key_der(wtype)
|
|
|
|
# On the other hand, any random formatter byte array would also fail (zeros for example)
|
|
with pytest.raises(InvalidKey, match="(wrong size or format)"):
|
|
Cryptographer.load_private_key_der(bytes(32))
|
|
|
|
# A proper formatted key should load
|
|
sk_der = generate_keypair()[0].to_der()
|
|
Cryptographer.load_private_key_der(sk_der)
|
|
|
|
|
|
def test_sign():
|
|
# Otherwise we should get a signature
|
|
sk, _ = generate_keypair()
|
|
message = b""
|
|
|
|
assert Cryptographer.sign(message, sk) is not None
|
|
assert isinstance(Cryptographer.sign(message, sk), str)
|
|
|
|
|
|
def test_sign_ground_truth():
|
|
# Generate a signature that has been verified by c-lightning.
|
|
raw_sk = "24e9a981580d27d9277071a8381542e89a7c124868c4e862a13595dc75c6922f"
|
|
sk = PrivateKey.from_hex(raw_sk)
|
|
|
|
c_lightning_rpk = "0235293db86c6aaa74aff69ebacad8471d5242901ea9f6a0341a8dca331875e62c"
|
|
message = b"Test message"
|
|
|
|
sig = Cryptographer.sign(message, sk)
|
|
rpk = Cryptographer.recover_pk(message, sig)
|
|
|
|
assert c_lightning_rpk == Cryptographer.get_compressed_pk(rpk)
|
|
|
|
|
|
def test_sign_wrong_sk():
|
|
# If a sk is not passed, sign will return None
|
|
for wtype in WRONG_TYPES:
|
|
with pytest.raises(InvalidParameter, match="Wrong value passed as sk"):
|
|
Cryptographer.sign(b"", wtype)
|
|
|
|
|
|
def test_recover_pk():
|
|
sk, _ = generate_keypair()
|
|
message = b"Test message"
|
|
|
|
zbase32_sig = Cryptographer.sign(message, sk)
|
|
rpk = Cryptographer.recover_pk(message, zbase32_sig)
|
|
|
|
assert isinstance(rpk, PublicKey)
|
|
|
|
|
|
def test_recover_pk_invalid_sigrec():
|
|
message = "Hey, it's me".encode("utf-8")
|
|
signature = "ddbfb019e4d56155b4175066c2b615ab765d317ae7996d188b4a5fae4cc394adf98fef46034d0553149392219ca6d37dca9abdfa6366a8e54b28f19d3e5efa8a14b556205dc7f33a"
|
|
|
|
# The given signature, when zbase32 decoded, has a fist byte with value lower than 31.
|
|
# The first byte of the signature should be 31 + SigRec, so this should fail
|
|
with pytest.raises(SignatureError, match="Wrong SigRec"):
|
|
Cryptographer.recover_pk(message, signature)
|
|
|
|
|
|
def test_recover_pk_ground_truth():
|
|
# Use a message a signature generated by c-lightning and see if we recover the proper key
|
|
message = b"Test message"
|
|
org_pk = "02b821c749295d5c24f6166ae77d8353eaa36fc4e47326670c6d2522cbd344bab9"
|
|
zsig = "rbwewwyr4zem3w5t39fd1xyeamfzbmfgztwm4b613ybjtmoeod5kazaxqo3akn3ae75bqi3aqeds8cs6n43w4p58ft34itjnnb61bp54"
|
|
|
|
rpk = Cryptographer.recover_pk(message, zsig)
|
|
|
|
assert org_pk == Cryptographer.get_compressed_pk(rpk)
|
|
|
|
|
|
# FIXME: needs further testing
|
|
def test_recover_pk_wrong_inputs():
|
|
str_message = "Test message"
|
|
message = bytes(20)
|
|
str_sig = "aaaaaaaa"
|
|
sig = bytes(20)
|
|
|
|
# Wrong input type
|
|
with pytest.raises(InvalidParameter, match="Wrong value passed as zbase32_sig"):
|
|
Cryptographer.recover_pk(message, sig)
|
|
|
|
with pytest.raises(InvalidParameter, match="Wrong value passed as message"):
|
|
Cryptographer.recover_pk(str_message, str_sig)
|
|
|
|
with pytest.raises(InvalidParameter, match="Wrong value passed as message"):
|
|
Cryptographer.recover_pk(str_message, sig)
|
|
|
|
# Wrong input size
|
|
with pytest.raises(SignatureError, match="Serialized signature must be 65 bytes long"):
|
|
Cryptographer.recover_pk(message, str_sig)
|
|
|
|
|
|
def test_get_compressed_pk():
|
|
sk, pk = generate_keypair()
|
|
compressed_pk = Cryptographer.get_compressed_pk(pk)
|
|
|
|
assert isinstance(compressed_pk, str) and len(compressed_pk) == 66
|
|
assert compressed_pk[:2] in ["02", "03"]
|
|
|
|
|
|
def test_get_compressed_pk_wrong_key():
|
|
# pk should be properly initialized. Initializing from int will cause it to not be recoverable
|
|
pk = PublicKey(0)
|
|
|
|
with pytest.raises(InvalidKey, match="PublicKey has invalid initializer"):
|
|
Cryptographer.get_compressed_pk(pk)
|
|
|
|
|
|
def test_get_compressed_pk_wrong_type():
|
|
# Passing a value that is not a PublicKey will make it to fail too
|
|
pk = get_random_value_hex(33)
|
|
|
|
with pytest.raises(InvalidParameter, match="Wrong value passed as pk"):
|
|
Cryptographer.get_compressed_pk(pk)
|