Test (missing) RSA key support in Secure Session #710
Conversation
Add tests to make sure Python wrapper rejects any keys except EC private ones when creating SSession. Fix SSession and SComparator (the comparison of returned pointer was wrong). Here's example: ```python >>> import ctypes >>> null = ctypes.POINTER(ctypes.c_int)() >>> not_null = ctypes.POINTER(ctypes.c_int)(ctypes.c_int(1)) >>> # bool(x) -- good way to compare, returns False for NULL >>> bool(null), bool(not_null) (False, True) >>> # not x -- also works >>> not null, not not_null (True, False) >>> # ctypes.POINTER is never None >>> null is None, not_null is None (False, False) >>> null == None, not_null == None (False, False) ``` For more info, see https://docs.python.org/3/library/ctypes.html
Add tests to make sure Ssession creating fails when wrong/unsupported key was provided. Also, fix FFI usage where comparing things with NULL was done in wrong way and in case of NULL, no expected exception was raised.
Do the tests with valid peer ID so the only way for constructor to fail will be passing wrong key. The third arg may still be an empty function since it won't be called before doing handshake.
iamnotacake
added
W-PyThemis 🐍
Yep, it definitely is missing the check. The correct way will be to check for Please keep a note of which wrappers still need checks and tests. |
ilammy
changed the title
| static const std::vector<uint8_t> client_public_key = as_bytes(client_pub); | ||
| /* Test keys can be found in secure_session_test_keys.hpp */ |
Verify that Secure Session has been constructed successfully. This should catch RSA keys being passed to the initializer earlier. Unfortunately, Secure Session is not tested in ObjCThemis at all at the moment so no tests verify this behavior.
|
@iamnotacake, currently I don't have my macBook available so I'm in the same boat as you: I can only make blind changes and test them by submitting it to CI 😁 Since you have been kind enough to enable the Allow edits by maintainers check box, I have simply pushed the commit into this branch (please |
|
Also, since this PR does change the behavior of some wrappers, I believe it should update the changelog for relevant languages. |
Does this look good? BTW, should we put news in changelog in alphabetical order or append them (in the same UPD: Maybe you mean mentioning that sec session wrappers don't allow RSA keys anymore? Or both this and bugfixes? Now I'm a lil bit confised |
| @@ -42,7 +42,7 @@ class SComparator(object): | |||
| def __init__(self, shared_secret): | |||
| self.session_ctx = ctypes.POINTER(ctypes.c_int) | |||
| self.comparator_ctx = scomparator_create() | |||
| if self.comparator_ctx is None: | |||
| if not self.comparator_ctx: | |||
There was a problem hiding this comment.
I'd ask @Lagovas to take a look here
There was a problem hiding this comment.
it's okay here. secure_comparator_create will return NULL (0 or None as python types) which will mean False in if condition
| @@ -143,7 +143,7 @@ def __init__(self, user_id, sign_key, transport): | |||
| ctypes.byref(ctypes.create_string_buffer(sign_key)), | |||
| len(sign_key), | |||
| ctypes.byref(self.transport_)) | |||
| if self.session_ctx is None: | |||
| if not self.session_ctx: | |||
Aren't EC private keys – the happy path – tested in other tests that verify that Secure Session works as expected? Or you suggest just a complementary test for the constructor alone to complete the puzzle? |
yes, I suggest to complete the puzzle, because future us will totally forget why one case is not tested (which looks like we've missed that case) |
The changelog is mostly for the users and they probably don't (and shouldn't) know about Themis Core functions. So I'd write there something like "${Secure Session constructor name} now (throws an exception | returns The idea is to describe the expected behavior to the user. With this change, the constructors may start failing due to incorrect keys. This changelog entry might help debugging.
I'd ask to keep them alphabetical. That's one predictable order to look for a language.
Yeah, makes sense. Please do. |
* Update changelog, mention fixes of NodeJS, Python, Ruby wrappers * Add tests to ensure EC private keys are accepted by Secure Session (JS, Go, Python, Ruby, C++) * Add comment to JS tests aboud why huge base64-encoded key is inside the tests code * Small refactor in Python tests and Ruby wrapper
* Mention about TSSession fixes in ObjC and Swift in changelog * Small refactor of Go tests no not only check error, but also check whether result is as expected (nil result and not nil error or vice-versa) * Small refactor of Ruby tests, rewrite them in a better-looking way * Fix typos in C++ tests
Add few specific tests to Go, NodeJS, Python, Ruby, C++ wrappers. These tests make sure the wrapper API gives error (exception) when we try to create Secure Session with a key different from EC private one.
While adding these tests, few bugs were discovered in Python and Ruby wrappers. To be precise, it was wrong way of checking whether
secure_session_create()returnedNULL. The tests were not failing as expected. This PR also brings fixes for them.Speaking about other wrappers, some of them seem to handle this kind of errors as well: Java (JNI), PHP, another PHP, JS (WASM)
And others may be missing the check: Objective C
I've also updated
.gitignoreto include some stuff like generated Ruby packages, some Python package metadata, another Rusttargetdirectory.Checklist