-
Notifications
You must be signed in to change notification settings - Fork 144
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Test (missing) RSA key support in Secure Session #710
Test (missing) RSA key support in Secure Session #710
Conversation
Add tests to make sure Python wrapper rejects any keys except EC private ones when creating SSession. Fix SSession and SComparator (the comparison of returned pointer was wrong). Here's example: ```python >>> import ctypes >>> null = ctypes.POINTER(ctypes.c_int)() >>> not_null = ctypes.POINTER(ctypes.c_int)(ctypes.c_int(1)) >>> # bool(x) -- good way to compare, returns False for NULL >>> bool(null), bool(not_null) (False, True) >>> # not x -- also works >>> not null, not not_null (True, False) >>> # ctypes.POINTER is never None >>> null is None, not_null is None (False, False) >>> null == None, not_null == None (False, False) ``` For more info, see https://docs.python.org/3/library/ctypes.html
Add tests to make sure Ssession creating fails when wrong/unsupported key was provided. Also, fix FFI usage where comparing things with NULL was done in wrong way and in case of NULL, no expected exception was raised.
Do the tests with valid peer ID so the only way for constructor to fail will be passing wrong key. The third arg may still be an empty function since it won't be called before doing handshake.
Yep, it definitely is missing the check. The correct way will be to check for Please keep a note of which wrappers still need checks and tests. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall, I like it! 👍
Are more wrappers expected in this PR of this is all for now?
static const std::vector<uint8_t> client_public_key = as_bytes(client_pub); | ||
/* Test keys can be found in secure_session_test_keys.hpp */ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks ❤️
Verify that Secure Session has been constructed successfully. This should catch RSA keys being passed to the initializer earlier. Unfortunately, Secure Session is not tested in ObjCThemis at all at the moment so no tests verify this behavior.
@iamnotacake, currently I don't have my macBook available so I'm in the same boat as you: I can only make blind changes and test them by submitting it to CI 😁 Since you have been kind enough to enable the Allow edits by maintainers check box, I have simply pushed the commit into this branch (please |
Also, since this PR does change the behavior of some wrappers, I believe it should update the changelog for relevant languages. |
Does this look good?
BTW, should we put news in changelog in alphabetical order or append them (in the same UPD: Maybe you mean mentioning that sec session wrappers don't allow RSA keys anymore? Or both this and bugfixes? Now I'm a lil bit confised |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you! These are good changes.
I suggest to add test to check EC private keys as well (test should pass), because right now we have tests for RSA pub/priv and EC pub, which looks like EC priv are missing.
@@ -42,7 +42,7 @@ class SComparator(object): | |||
def __init__(self, shared_secret): | |||
self.session_ctx = ctypes.POINTER(ctypes.c_int) | |||
self.comparator_ctx = scomparator_create() | |||
if self.comparator_ctx is None: | |||
if not self.comparator_ctx: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd ask @Lagovas to take a look here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it's okay here. secure_comparator_create will return NULL (0 or None as python types) which will mean False in if
condition
@@ -143,7 +143,7 @@ def __init__(self, user_id, sign_key, transport): | |||
ctypes.byref(ctypes.create_string_buffer(sign_key)), | |||
len(sign_key), | |||
ctypes.byref(self.transport_)) | |||
if self.session_ctx is None: | |||
if not self.session_ctx: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and here @Lagovas
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same okay
Aren't EC private keys – the happy path – tested in other tests that verify that Secure Session works as expected? Or you suggest just a complementary test for the constructor alone to complete the puzzle? |
yes, I suggest to complete the puzzle, because future us will totally forget why one case is not tested (which looks like we've missed that case) |
The changelog is mostly for the users and they probably don't (and shouldn't) know about Themis Core functions. So I'd write there something like "${Secure Session constructor name} now (throws an exception | returns The idea is to describe the expected behavior to the user. With this change, the constructors may start failing due to incorrect keys. This changelog entry might help debugging.
I'd ask to keep them alphabetical. That's one predictable order to look for a language.
Yeah, makes sense. Please do. |
* Update changelog, mention fixes of NodeJS, Python, Ruby wrappers * Add tests to ensure EC private keys are accepted by Secure Session (JS, Go, Python, Ruby, C++) * Add comment to JS tests aboud why huge base64-encoded key is inside the tests code * Small refactor in Python tests and Ruby wrapper
* Mention about TSSession fixes in ObjC and Swift in changelog * Small refactor of Go tests no not only check error, but also check whether result is as expected (nil result and not nil error or vice-versa) * Small refactor of Ruby tests, rewrite them in a better-looking way * Fix typos in C++ tests
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yup. Nicely done, good to merge! 👍
Add few specific tests to Go, NodeJS, Python, Ruby, C++ wrappers. These tests make sure the wrapper API gives error (exception) when we try to create Secure Session with a key different from EC private one.
While adding these tests, few bugs were discovered in Python and Ruby wrappers. To be precise, it was wrong way of checking whether
secure_session_create()
returnedNULL
. The tests were not failing as expected. This PR also brings fixes for them.Speaking about other wrappers, some of them seem to handle this kind of errors as well: Java (JNI), PHP, another PHP, JS (WASM)
And others may be missing the check: Objective C
I've also updated
.gitignore
to include some stuff like generated Ruby packages, some Python package metadata, another Rusttarget
directory.Checklist