mirror of https://github.com/progval/irctest.git
Add client test for ECDSA-NIST256P-CHALLENGE.
This commit is contained in:
parent
2695b604e7
commit
1fd5770d42
|
@ -5,9 +5,12 @@ import collections
|
||||||
class Mechanisms(enum.Enum):
|
class Mechanisms(enum.Enum):
|
||||||
@classmethod
|
@classmethod
|
||||||
def as_string(cls, mech):
|
def as_string(cls, mech):
|
||||||
return {cls.plain: 'PLAIN'}[mech]
|
return {cls.plain: 'PLAIN',
|
||||||
|
cls.ecdsa_nist256p_challenge: 'ECDSA-NIST256P-CHALLENGE',
|
||||||
|
}[mech]
|
||||||
plain = 1
|
plain = 1
|
||||||
|
ecdsa_nist256p_challenge = 2
|
||||||
|
|
||||||
Authentication = collections.namedtuple('Authentication',
|
Authentication = collections.namedtuple('Authentication',
|
||||||
'mechanisms username password certificate')
|
'mechanisms username password ecdsa_key')
|
||||||
Authentication.__new__.__defaults__ = ([Mechanisms.plain], None, None, None)
|
Authentication.__new__.__defaults__ = ([Mechanisms.plain], None, None, None)
|
||||||
|
|
|
@ -1,9 +1,22 @@
|
||||||
|
import ecdsa
|
||||||
import base64
|
import base64
|
||||||
from irctest import cases
|
from irctest import cases
|
||||||
from irctest import authentication
|
from irctest import authentication
|
||||||
from irctest.irc_utils.message_parser import Message
|
from irctest.irc_utils.message_parser import Message
|
||||||
|
|
||||||
class CapTestCase(cases.BaseClientTestCase, cases.ClientNegociationHelper):
|
ECDSA_KEY = """
|
||||||
|
-----BEGIN EC PARAMETERS-----
|
||||||
|
BggqhkjOPQMBBw==
|
||||||
|
-----END EC PARAMETERS-----
|
||||||
|
-----BEGIN EC PRIVATE KEY-----
|
||||||
|
MHcCAQEEIIJueQ3W2IrGbe9wKdOI75yGS7PYZSj6W4tg854hlsvmoAoGCCqGSM49
|
||||||
|
AwEHoUQDQgAEAZmaVhNSMmV5r8FXPvKuMnqDKyIA9pDHN5TNMfiF3mMeikGgK10W
|
||||||
|
IRX9cyi2wdYg9mUUYyh9GKdBCYHGUJAiCA==
|
||||||
|
-----END EC PRIVATE KEY-----
|
||||||
|
"""
|
||||||
|
ENCODED_FOOBAR = """gqpuPoR0vaTIKiEQyqrj48RIT13R3hJuJI2Os7ySXwLWbjizpdmGPNtJdv396FkvZVPwZpC4cCfabhEby4ytGA=="""
|
||||||
|
|
||||||
|
class SaslTestCase(cases.BaseClientTestCase, cases.ClientNegociationHelper):
|
||||||
def testPlain(self):
|
def testPlain(self):
|
||||||
auth = authentication.Authentication(
|
auth = authentication.Authentication(
|
||||||
mechanisms=[authentication.Mechanisms.plain],
|
mechanisms=[authentication.Mechanisms.plain],
|
||||||
|
@ -35,7 +48,6 @@ class CapTestCase(cases.BaseClientTestCase, cases.ClientNegociationHelper):
|
||||||
self.assertEqual(m, Message([], None, 'AUTHENTICATE', ['PLAIN']))
|
self.assertEqual(m, Message([], None, 'AUTHENTICATE', ['PLAIN']))
|
||||||
self.sendLine('904 {} :SASL auth failed'.format(self.nick))
|
self.sendLine('904 {} :SASL auth failed'.format(self.nick))
|
||||||
m = self.getMessage()
|
m = self.getMessage()
|
||||||
print(m)
|
|
||||||
|
|
||||||
|
|
||||||
def testPlainLarge(self):
|
def testPlainLarge(self):
|
||||||
|
@ -90,6 +102,33 @@ class CapTestCase(cases.BaseClientTestCase, cases.ClientNegociationHelper):
|
||||||
m = self.negotiateCapabilities(['sasl'], False)
|
m = self.negotiateCapabilities(['sasl'], False)
|
||||||
self.assertEqual(m, Message([], None, 'CAP', ['END']))
|
self.assertEqual(m, Message([], None, 'CAP', ['END']))
|
||||||
|
|
||||||
|
def testEcdsa(self):
|
||||||
|
auth = authentication.Authentication(
|
||||||
|
mechanisms=[authentication.Mechanisms.ecdsa_nist256p_challenge],
|
||||||
|
username='jilles',
|
||||||
|
ecdsa_key=ECDSA_KEY,
|
||||||
|
)
|
||||||
|
m = self.negotiateCapabilities(['sasl'], auth=auth)
|
||||||
|
self.assertEqual(m, Message([], None, 'AUTHENTICATE', ['ECDSA-NIST256P-CHALLENGE']))
|
||||||
|
self.sendLine('AUTHENTICATE +')
|
||||||
|
m = self.getMessage()
|
||||||
|
self.assertEqual(m, Message([], None, 'AUTHENTICATE',
|
||||||
|
['amlsbGVz'])) # jilles
|
||||||
|
self.sendLine('AUTHENTICATE Zm9vYmFy') # foobar
|
||||||
|
m = self.getMessage()
|
||||||
|
self.assertMessageEqual(m, command='AUTHENTICATE')
|
||||||
|
sk = ecdsa.SigningKey.from_pem(ECDSA_KEY)
|
||||||
|
vk = sk.get_verifying_key()
|
||||||
|
signature = base64.b64decode(m.params[0])
|
||||||
|
try:
|
||||||
|
vk.verify(signature, b'foobar')
|
||||||
|
except ecdsa.BadSignatureError:
|
||||||
|
raise AssertionError('Bad signature')
|
||||||
|
self.sendLine('900 * * foo :You are now logged in.')
|
||||||
|
self.sendLine('903 * :SASL authentication successful')
|
||||||
|
m = self.negotiateCapabilities(['sasl'], False)
|
||||||
|
self.assertEqual(m, Message([], None, 'CAP', ['END']))
|
||||||
|
|
||||||
class Irc302SaslTestCase(cases.BaseClientTestCase, cases.ClientNegociationHelper):
|
class Irc302SaslTestCase(cases.BaseClientTestCase, cases.ClientNegociationHelper):
|
||||||
def testPlainNotAvailable(self):
|
def testPlainNotAvailable(self):
|
||||||
auth = authentication.Authentication(
|
auth = authentication.Authentication(
|
||||||
|
|
|
@ -12,6 +12,7 @@ supybot.networks: testnet
|
||||||
supybot.networks.testnet.servers: {hostname}:{port}
|
supybot.networks.testnet.servers: {hostname}:{port}
|
||||||
supybot.networks.testnet.sasl.username: {username}
|
supybot.networks.testnet.sasl.username: {username}
|
||||||
supybot.networks.testnet.sasl.password: {password}
|
supybot.networks.testnet.sasl.password: {password}
|
||||||
|
supybot.networks.testnet.sasl.ecdsa_key: {directory}/ecdsa_key.pem
|
||||||
supybot.networks.testnet.sasl.mechanisms: {mechanisms}
|
supybot.networks.testnet.sasl.mechanisms: {mechanisms}
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
@ -30,6 +31,9 @@ class LimnoriaController(BaseClientController, DirectoryBasedController):
|
||||||
if auth:
|
if auth:
|
||||||
mechanisms = ' '.join(map(authentication.Mechanisms.as_string,
|
mechanisms = ' '.join(map(authentication.Mechanisms.as_string,
|
||||||
auth.mechanisms))
|
auth.mechanisms))
|
||||||
|
if auth.ecdsa_key:
|
||||||
|
with self.open_file('ecdsa_key.pem') as fd:
|
||||||
|
fd.write(auth.ecdsa_key)
|
||||||
else:
|
else:
|
||||||
mechanisms = ''
|
mechanisms = ''
|
||||||
with self.open_file('bot.conf') as fd:
|
with self.open_file('bot.conf') as fd:
|
||||||
|
|
Loading…
Reference in New Issue