Add test to verify WAMPCRA salt authentication #2122
Conversation
|
thanks a lot! this adds a new direct, low-level CI driven test for WAMP-CRA including salting against Crossbar.io router authentication, as in against modules from crossbar.router.role import RouterRoleStaticAuth
from crossbar.router.auth import cryptosign, wampcra, ticket, tls, anonymous
from autobahn.wamp import types
from autobahn.wamp import auth as autobahn_authand it's added to the right file, so thanks a lot! hope it works. I mean the test in itself, and ideally quite easily then shows a bug in Crossbar.io with salting .. |
|
also, I am wondering whether we have examples / test vectors which include salts in the WAMP spec https://wamp-proto.org/spec.html? but anyhow, this new test isn't testing salting at the Autobahn WAMP-CRA level anyways - but indeed builds/relies on that: # generate a signature from client & match it with the existing
expected_signature = autobahn_auth.AuthWampCra(**config).on_challenge("res", val)
self.assertEqual(auth._signature, expected_signature)from which uses which is implemented using from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMACso ultimately, by relying on Crossbar.io or Autobahn and WAMP-CRA (with salting), you rely on cryptography as well ... |
|
rgd https://github.com/crossbario/crossbar/actions/runs/12828901013/job/35790689804?pr=2122#step:8:579 so what is expected? and for what reason is the value that is expected claimed to be valid? is it a "test vector" ... from where? |
No description provided.