Automatisation/browser-cli
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases 5 Wiki Activity

Add post-quantum remote auth key exchange
Testing / test (push) Successful in 32s
Details

Browse Source
This commit is contained in:
Daniel Dolezal
2026-05-05 10:34:28 +02:00
parent 30a42ba6d5
commit 98396a7c7e
7 changed files with 229 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/test_auth.py
+12 -2
View File
@@ -31,11 +31,12 @@ class TestGenerateKeypair:
class TestCanonicalPayload:
def test_strips_pubkey_and_sig(self):
msg = {"command": "tabs.list", "id": "x", "pubkey": "abc", "sig": "def"}
def test_strips_auth_protocol_fields(self):
msg = {"command": "tabs.list", "id": "x", "pubkey": "abc", "sig": "def", "pq_kex": {"alg": "ML-KEM-768"}}
data = json.loads(canonical_payload(msg))
assert "pubkey" not in data
assert "sig" not in data
assert "pq_kex" not in data
def test_keys_sorted(self):
msg = {"z": 1, "a": 2, "m": 3}
@@ -87,6 +88,15 @@ class TestSignVerify:
other_nonce = bytes.fromhex(new_nonce())
assert verify(pub_hex, other_nonce, msg, sig) is False
def test_post_quantum_shared_secret_is_bound_to_signature(self, keypair):
priv, pub_hex = keypair
nonce = bytes.fromhex(new_nonce())
msg = {"command": "tabs.list", "pq_kex": {"alg": "ML-KEM-768", "ciphertext": "abcd"}}
sig = sign(priv, nonce, msg, b"shared-secret").hex()
assert verify(pub_hex, nonce, msg, sig, b"shared-secret") is True
assert verify(pub_hex, nonce, msg, sig, b"other-secret") is False
assert verify(pub_hex, nonce, msg, sig) is False
def test_garbage_pub_hex_returns_false_not_exception(self):
assert verify("not-hex!!!!", b"nonce", {}, "00" * 64) is False