save progress

2020-08-16 16:35:13 +02:00
parent 6023ec948a
commit 10766b842c
3 changed files with 177 additions and 24 deletions
--- a/tests/test_parse_header.py
+++ b/tests/test_parse_header.py
@@ -3,7 +3,8 @@

 import struct

-from pyrad3 import utils
+from ipaddress import IPv4Address, IPv6Address, IPv4Network, IPv6Network
+from pyrad3 import dictionary, utils
 import pytest

 # @pytest.mark.parametrize("header", [
@@ -14,6 +15,11 @@ import pytest
 SECRET = b"secret"


+@pytest.fixture
+def radius_dictionary():
+    return dictionary.Dictionary("tests/dictionaries/dict")
+
+
@pytest.mark.parametrize(
    "header",
    [
@@ -28,6 +34,76 @@ def test_invalid_header(header):
        utils.parse_header(header)


+def num_tlv(num_type, num, length, expected=None):
+    exp = num if expected is None else expected
+    return (num_type + num.to_bytes(length, "big"), exp)
+
+
+@pytest.mark.parametrize(
+    "attr_bytes, expected",
+    [
+        (b"\x01\x07ABCDE", "ABCDE"),  # rfc string
+        (b"\x02\x07ABCDE", b"ABCDE"),  # rfc octets
+        (b"\x03\x06\0\0\0\0", 0),  # rfc date
+        # TODO: ABINARY
+        (b"\x05\x03\x00", 0),  # rfc byte
+        num_tlv(b"\x06\x04", 0, 2),  # rfc short
+        num_tlv(b"\x06\x04", 0xFF, 2),  # rfc short
+        num_tlv(b"\x06\x04", 0x100, 2),  # rfc short
+        num_tlv(b"\x06\x04", 0xFFFF, 2),  # rfc short
+        num_tlv(b"\x07\x06", 0, 4),  # rfc integer
+        num_tlv(b"\x07\x06", 0xFF, 4),  # rfc integer
+        num_tlv(b"\x07\x06", 0x100, 4),  # rfc integer
+        num_tlv(b"\x07\x06", 0xFFFF, 4),  # rfc integer
+        num_tlv(b"\x07\x06", 0x10000, 4),  # rfc integer
+        num_tlv(b"\x07\x06", 0xFFFFFFFF, 4),  # rfc integer
+        num_tlv(b"\x08\x06", 0, 4),  # rfc signed
+        num_tlv(b"\x08\x06", 0xFF, 4),  # rfc signed
+        num_tlv(b"\x08\x06", 0x1000, 4),  # rfc signed
+        num_tlv(b"\x08\x06", 0xFFFF, 4),  # rfc signed
+        num_tlv(b"\x08\x06", 0x10000, 4),  # rfc signed
+        num_tlv(b"\x08\x06", 0xFFFFFFFF, 4, -1),  # rfc signed
+        num_tlv(b"\x08\x06", 0x80000000, 4, -268435458),  # rfc signed
+        num_tlv(b"\x08\x06", 0x7FFFFFFF, 4, 2147483647),  # rfc signed
+        num_tlv(b"\x09\x0A", 0, 8),  # rfc integer64
+        num_tlv(b"\x09\x0A", 0xFF, 8),  # rfc integer64
+        num_tlv(b"\x09\x0A", 0x100, 8),  # rfc integer64
+        num_tlv(b"\x09\x0A", 0xFFFF, 8),  # rfc integer64
+        num_tlv(b"\x09\x0A", 0x10000, 8),  # rfc integer64
+        num_tlv(b"\x09\x0A", 0xFFFFFFFF, 8),  # rfc integer64
+        num_tlv(b"\x09\x0A", 0x100000000, 8),  # rfc integer64
+        num_tlv(b"\x09\x0A", 0xFFFFFFFFFFFFFFFF, 8),  # rfc integer64
+        (b"\x0a\x06\xc0\xa8\x01\x08", IPv4Address("192.168.1.1")),
+        (b"\x0b\x07\x10\xc4\xa8\x00\x00", IPv4Network("192.168.0.0/16")),
+        (
+            b"\x0c\x12\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01",
+            IPv6Address("2003::1"),
+        ),
+        (
+            b"\x0c\x13@\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+            IPv6Network("2003::0/64"),
+        ),
+        (b"\x0c\x04@\x03", IPv6Network("2003::0/64")),
+        (b"\x0a\x06\xc0\xa8\x01\x08", IPv4Address("192.168.1.1")),
+        (
+            b"\x0a\x13@\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+            IPv6Network("2003::0/64"),
+        ),
+    ],
+)
+def test_parse_attribute_rfc_and_vsa(radius_dictionary, attr_bytes, expected):
+    raw_packet = bytes(20) + attr_bytes
+    attrs = utils.parse_attributes(radius_dictionary, raw_packet)
+    assert len(attrs) == 1
+    assert attrs[0].value == expected
+
+    vsa_length = (4 + len(attr_bytes)).to_bytes(1, "big")
+    raw_packet = bytes(20) + b"\x1a" + vsa_length + "\x04\xd2" + attr_bytes
+    attrs = utils.parse_attributes(radius_dictionary, raw_packet)
+    assert len(attrs) == 1
+    assert attrs[0].value == expected
+
+
@pytest.mark.parametrize(
    "plaintext, obfuscated, authenticator",
    [
@@ -50,9 +126,8 @@ def test_password(plaintext, obfuscated, authenticator):
    assert len(encoded) == len(obfuscated)
    assert encoded == obfuscated
    decoded = utils.password_decode(SECRET, authenticator, encoded)
-    plaintext_str = plaintext.decode("utf-8")
-    assert len(decoded) == len(plaintext_str)
-    assert decoded == plaintext_str
+    assert len(decoded) == len(plaintext)
+    assert decoded == plaintext

    assert utils.validate_pap_password(
        SECRET, authenticator, encoded, plaintext
@@ -76,3 +151,30 @@ def test_chap_password(plaintext, chap, challenge):
    assert len(encoded) == len(chap)
    assert encoded == chap
    assert utils.validate_chap_password(chapid, challenge, chap, plaintext)
+
+
+def test_salt_crypt():
+    plaintext = (13).to_bytes(4, "big")
+    authenticator = bytes.fromhex("18e3657cf849d5e677d8752486ceaad7")
+    radius_value = bytes.fromhex("8472d1f6511f389ea42d572fed0f52a77159")
+
+    salt = int.from_bytes(radius_value[:2], "big")
+    encrypted = utils.salt_encrypt(SECRET, authenticator, plaintext, salt)
+    decrypted = utils.salt_decrypt(SECRET, authenticator, encrypted[2:], salt)
+
+    assert len(radius_value) == len(encrypted)
+    # assert radius_value == encrypted
+    assert len(plaintext) == len(decrypted)
+    assert plaintext == decrypted
+
+
+# @pytest.mark.parametrize(
+#         "plaintext, encrypted", [("some-password",
+#             bytes.fromhex('7a9528106b80e4aa05b143708400d37e'),
+#             bytes.fromhex('62c3dcbdc8d7239fc782a300f8b7707c'))]),
+# def test_ascend_password(plaintext, encrypted, authenticator):
+#     salt =
+#     enc = utils.salt_encrypt("secret", authenticator, salt, plaintext)
+#     dec = utils.salt_decrypt("secret", authenticator, salt, enc)
+#     assert enc == encrypted
+#     assert plaintext = dec