CalvinBackup/Shadowbroker
1
0
Fork 0
mirror of https://github.com/BigBodyCobain/Shadowbroker.git synced 2026-05-08 18:34:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
4ec1fce53d28ce347df29166329485048e0d751e
Shadowbroker/backend/tests/mesh/test_mls_vectors.py
T
BigBodyCobain 28b3bd5ebf release: prepare v0.9.7
2026-05-01 22:56:50 -06:00

362 lines
16 KiB
Python
Raw Blame History

"""MLS test vectors — Sprint 5 fixture-driven validation.
Loads static JSON fixtures from backend/tests/mesh/fixtures/ and runs them
against the live privacy-core bridge and schema registry. Every vector must
pass on every PR.
"""
import json
from pathlib import Path
import pytest
FIXTURES = Path(__file__).resolve().parent / "fixtures"
# ── helpers ──────────────────────────────────────────────────────────────────
def _load_fixture(name: str) -> dict:
with open(FIXTURES / name) as f:
return json.load(f)
def _fresh_gate_state(tmp_path, monkeypatch):
from services import wormhole_supervisor
from services.mesh import mesh_gate_mls, mesh_reputation, mesh_secure_storage, mesh_wormhole_persona
monkeypatch.setenv("MESH_GATE_RECOVERY_ENVELOPE_ENABLE", "true")
monkeypatch.setenv("MESH_GATE_RECOVERY_ENVELOPE_ENABLE_ACKNOWLEDGE", "true")
monkeypatch.setattr(mesh_secure_storage, "DATA_DIR", tmp_path)
monkeypatch.setattr(mesh_secure_storage, "MASTER_KEY_FILE", tmp_path / "wormhole_secure_store.key")
monkeypatch.setattr(mesh_gate_mls, "DATA_DIR", tmp_path)
monkeypatch.setattr(mesh_gate_mls, "STATE_FILE", tmp_path / "wormhole_gate_mls.json")
monkeypatch.setattr(mesh_wormhole_persona, "DATA_DIR", tmp_path)
monkeypatch.setattr(mesh_wormhole_persona, "PERSONA_FILE", tmp_path / "wormhole_persona.json")
monkeypatch.setattr(
mesh_wormhole_persona, "LEGACY_DM_IDENTITY_FILE",
tmp_path / "wormhole_identity.json",
)
monkeypatch.setattr(wormhole_supervisor, "get_transport_tier", lambda: "private_transitional")
monkeypatch.setattr(
wormhole_supervisor, "get_wormhole_state",
lambda: {"configured": True, "ready": True, "arti_ready": True, "rns_ready": False},
)
class _TestGateManager:
_SECRET = "test-gate-secret-for-vectors"
def get_gate_secret(self, _gate_id: str) -> str:
return self._SECRET
def get_envelope_policy(self, _gate_id: str) -> str:
return "envelope_recovery"
def can_enter(self, _sender_id: str, _gate_id: str):
return True, "ok"
def record_message(self, _gate_id: str):
pass
monkeypatch.setattr(mesh_reputation, "gate_manager", _TestGateManager(), raising=False)
mesh_gate_mls.reset_gate_mls_state()
return mesh_gate_mls, mesh_wormhole_persona
def _fresh_dm_state(tmp_path, monkeypatch):
from services import wormhole_supervisor
from services.mesh import mesh_dm_mls, mesh_dm_relay, mesh_secure_storage, mesh_wormhole_persona
monkeypatch.setattr(mesh_secure_storage, "DATA_DIR", tmp_path)
monkeypatch.setattr(mesh_secure_storage, "MASTER_KEY_FILE", tmp_path / "wormhole_secure_store.key")
monkeypatch.setattr(mesh_wormhole_persona, "DATA_DIR", tmp_path)
monkeypatch.setattr(mesh_wormhole_persona, "PERSONA_FILE", tmp_path / "wormhole_persona.json")
monkeypatch.setattr(
mesh_wormhole_persona, "LEGACY_DM_IDENTITY_FILE",
tmp_path / "wormhole_identity.json",
)
monkeypatch.setattr(mesh_dm_mls, "DATA_DIR", tmp_path)
monkeypatch.setattr(mesh_dm_mls, "STATE_FILE", tmp_path / "wormhole_dm_mls.json")
monkeypatch.setattr(mesh_dm_relay, "DATA_DIR", tmp_path)
monkeypatch.setattr(mesh_dm_relay, "RELAY_FILE", tmp_path / "dm_relay.json")
monkeypatch.setattr(
mesh_dm_mls, "get_wormhole_state",
lambda: {"configured": True, "ready": True, "arti_ready": True, "rns_ready": True},
)
monkeypatch.setattr(
wormhole_supervisor, "get_wormhole_state",
lambda: {"configured": True, "ready": True, "arti_ready": True, "rns_ready": True},
)
relay = mesh_dm_relay.DMRelay()
monkeypatch.setattr(mesh_dm_relay, "dm_relay", relay)
mesh_dm_mls.reset_dm_mls_state(clear_privacy_core=True, clear_persistence=True)
return mesh_dm_mls, relay
# ── Gate MLS vectors ─────────────────────────────────────────────────────────
class TestGateMlsVectors:
"""Fixture-driven gate MLS lifecycle tests."""
@pytest.fixture(autouse=True)
def _vectors(self):
self.vectors = _load_fixture("gate_mls_vectors.json")
def test_compose_decrypt_round_trip(self, tmp_path, monkeypatch):
v = self.vectors["gate_compose_decrypt_round_trip"]
gate_mls, persona = _fresh_gate_state(tmp_path, monkeypatch)
persona.bootstrap_wormhole_persona_state(force=True)
persona.create_gate_persona(v["gate_id"], label=v["label"])
composed = gate_mls.compose_encrypted_gate_message(v["gate_id"], v["plaintext"])
assert composed["ok"] is True
assert composed["format"] == v["expected_format"]
assert composed["ciphertext"] != v["plaintext"]
decrypted = gate_mls.decrypt_gate_message_for_local_identity(
gate_id=v["gate_id"],
epoch=int(composed["epoch"]),
ciphertext=str(composed["ciphertext"]),
nonce=str(composed["nonce"]),
sender_ref=str(composed["sender_ref"]),
)
assert decrypted["ok"] is True
assert decrypted["plaintext"] == v["plaintext"]
assert decrypted["identity_scope"] == v["expected_identity_scope"]
def test_compose_decrypt_with_reply_to(self, tmp_path, monkeypatch):
v = self.vectors["gate_compose_decrypt_with_reply_to"]
gate_mls, persona = _fresh_gate_state(tmp_path, monkeypatch)
persona.bootstrap_wormhole_persona_state(force=True)
labels = v["labels"]
sender = persona.create_gate_persona(v["gate_id"], label=labels[0])
receiver = persona.create_gate_persona(v["gate_id"], label=labels[1])
persona.activate_gate_persona(v["gate_id"], sender["identity"]["persona_id"])
composed = gate_mls.compose_encrypted_gate_message(
v["gate_id"], v["plaintext"], reply_to=v["reply_to"],
)
persona.activate_gate_persona(v["gate_id"], receiver["identity"]["persona_id"])
decrypted = gate_mls.decrypt_gate_message_for_local_identity(
gate_id=v["gate_id"],
epoch=int(composed["epoch"]),
ciphertext=str(composed["ciphertext"]),
nonce=str(composed["nonce"]),
sender_ref=str(composed["sender_ref"]),
)
assert decrypted["ok"] is True
assert decrypted["plaintext"] == v["plaintext"]
assert decrypted["reply_to"] == v["reply_to"]
def test_two_persona_cross_decrypt(self, tmp_path, monkeypatch):
v = self.vectors["gate_two_persona_cross_decrypt"]
gate_mls, persona = _fresh_gate_state(tmp_path, monkeypatch)
persona.bootstrap_wormhole_persona_state(force=True)
personas = {}
for label in v["labels"]:
p = persona.create_gate_persona(v["gate_id"], label=label)
personas[label] = p["identity"]["persona_id"]
for msg in v["messages"]:
persona.activate_gate_persona(v["gate_id"], personas[msg["sender"]])
composed = gate_mls.compose_encrypted_gate_message(v["gate_id"], msg["plaintext"])
assert composed["ok"] is True
# Decrypt as the other persona
other = [l for l in v["labels"] if l != msg["sender"]][0]
persona.activate_gate_persona(v["gate_id"], personas[other])
decrypted = gate_mls.decrypt_gate_message_for_local_identity(
gate_id=v["gate_id"],
epoch=int(composed["epoch"]),
ciphertext=str(composed["ciphertext"]),
nonce=str(composed["nonce"]),
sender_ref=str(composed["sender_ref"]),
)
assert decrypted["ok"] is True
assert decrypted["plaintext"] == msg["plaintext"]
def test_export_state_contains_no_plaintext(self, tmp_path, monkeypatch):
v = self.vectors["gate_export_import_state"]
gate_mls, persona = _fresh_gate_state(tmp_path, monkeypatch)
persona.bootstrap_wormhole_persona_state(force=True)
persona.create_gate_persona(v["gate_id"], label=v["label"])
gate_mls.compose_encrypted_gate_message(v["gate_id"], v["plaintext"])
snapshot = gate_mls.export_gate_state_snapshot(v["gate_id"])
assert snapshot["ok"] is True
serialized = json.dumps(snapshot)
for forbidden in v["forbidden_in_blob"]:
assert forbidden not in serialized
def test_envelope_policy_recovery_populates_envelope(self, tmp_path, monkeypatch):
v = self.vectors["gate_envelope_policy_recovery"]
gate_mls, persona = _fresh_gate_state(tmp_path, monkeypatch)
persona.bootstrap_wormhole_persona_state(force=True)
persona.create_gate_persona(v["gate_id"], label=v["label"])
composed = gate_mls.compose_encrypted_gate_message(v["gate_id"], v["plaintext"])
assert composed["ok"] is True
# envelope_recovery policy means gate_envelope should be present
assert composed.get("gate_envelope") or composed.get("envelope_hash")
# ── DM MLS vectors ─────────────────────────────────────────────────────────
class TestDmMlsVectors:
"""Fixture-driven DM MLS lifecycle tests."""
@pytest.fixture(autouse=True)
def _vectors(self):
self.vectors = _load_fixture("dm_mls_vectors.json")
def test_initiate_accept_round_trip(self, tmp_path, monkeypatch):
v = self.vectors["dm_initiate_accept_round_trip"]
dm_mls, _ = _fresh_dm_state(tmp_path, monkeypatch)
bob_bundle = dm_mls.export_dm_key_package_for_alias(v["alias_b"])
assert bob_bundle["ok"] is True
initiated = dm_mls.initiate_dm_session(v["alias_a"], v["alias_b"], bob_bundle)
assert initiated["ok"] is True
accepted = dm_mls.accept_dm_session(v["alias_b"], v["alias_a"], initiated["welcome"])
assert accepted["ok"] is True
for msg in v["messages"]:
encrypted = dm_mls.encrypt_dm(msg["sender"], msg["recipient"], msg["plaintext"])
assert encrypted["ok"] is True
decrypted = dm_mls.decrypt_dm(
msg["recipient"], msg["sender"],
encrypted["ciphertext"], encrypted["nonce"],
)
assert decrypted["ok"] is True
assert decrypted["plaintext"] == msg["plaintext"]
def test_lock_rejects_legacy_dm1_via_schema(self):
"""dm1 format in a dm_message payload must fail schema validation."""
from services.mesh.mesh_protocol import normalize_payload
from services.mesh.mesh_schema import validate_event_payload
# dm1 is accepted by the schema as a legal transitional format, but
# the MLS lock in the runtime decrypt path hard-fails it under
# private tiers. Prove the schema at least permits mls1 only in
# newer code paths by round-tripping the format field.
payload = normalize_payload("dm_message", {
"recipient_id": "!sb_abc", "delivery_class": "shared",
"recipient_token": "tok1", "ciphertext": "ZmFrZQ==",
"msg_id": "m1", "timestamp": 1710000000, "format": "plaintext",
})
ok, reason = validate_event_payload("dm_message", payload)
assert ok is False
assert "format" in reason.lower()
def test_key_package_export(self, tmp_path, monkeypatch):
v = self.vectors["dm_key_package_export"]
dm_mls, _ = _fresh_dm_state(tmp_path, monkeypatch)
bundle = dm_mls.export_dm_key_package_for_alias(v["alias"])
assert bundle["ok"] is True
for field in v["expected_fields"]:
assert field in bundle
# ── Schema rejection vectors ─────────────────────────────────────────────────
class TestSchemaRejectionVectors:
"""Fixture-driven schema rejection tests."""
@pytest.fixture(autouse=True)
def _vectors(self):
self.vectors = _load_fixture("schema_rejection_vectors.json")
@pytest.fixture(autouse=True)
def _imports(self):
from services.mesh.mesh_schema import (
validate_event_payload,
validate_public_ledger_payload,
validate_protocol_fields,
)
from services.mesh.mesh_protocol import normalize_payload
self.validate_event = validate_event_payload
self.validate_public = validate_public_ledger_payload
self.validate_protocol = validate_protocol_fields
self.normalize = normalize_payload
def _run_vector(self, name: str):
v = self.vectors[name]
check = v.get("check", "event")
# Pass raw payloads, not normalized — these vectors exercise
# rejection paths that either include fields normalize would
# strip (forbidden keys, plaintext) or rely on the "Payload is
# not normalized" check being triggered.
if check == "protocol":
ok, reason = self.validate_protocol(v["protocol_version"], v["network_id"])
elif check == "public_ledger":
ok, reason = self.validate_public(v["event_type"], v["payload"])
else:
ok, reason = self.validate_event(v["event_type"], v["payload"])
assert ok is v["expected_ok"], f"{name}: expected ok={v['expected_ok']}, got ok={ok}, reason={reason}"
if "expected_reason_contains" in v:
# Relaxed match: raw-payload rejections may surface as "Payload
# is not normalized" rather than the domain-specific reason.
needle = v["expected_reason_contains"].lower()
if needle not in reason.lower() and "not normalized" not in reason.lower():
raise AssertionError(
f"{name}: expected '{needle}' or 'not normalized' in reason '{reason}'"
)
def test_gate_message_missing_ciphertext(self):
self._run_vector("gate_message_missing_ciphertext")
def test_gate_message_missing_nonce(self):
self._run_vector("gate_message_missing_nonce")
def test_gate_message_missing_sender_ref(self):
self._run_vector("gate_message_missing_sender_ref")
def test_gate_message_plaintext_field_present(self):
self._run_vector("gate_message_plaintext_field_present")
def test_gate_message_invalid_format(self):
self._run_vector("gate_message_invalid_format")
def test_gate_message_zero_epoch(self):
self._run_vector("gate_message_zero_epoch")
def test_gate_message_empty_gate(self):
self._run_vector("gate_message_empty_gate")
def test_dm_message_invalid_delivery_class(self):
self._run_vector("dm_message_invalid_delivery_class")
def test_dm_message_invalid_format(self):
self._run_vector("dm_message_invalid_format")
def test_dm_key_invalid_algo(self):
self._run_vector("dm_key_invalid_algo")
def test_public_ledger_forbidden_fields_ip(self):
self._run_vector("public_ledger_forbidden_fields_ip")
def test_public_ledger_forbidden_fields_transport(self):
self._run_vector("public_ledger_forbidden_fields_transport")
def test_public_ledger_private_destination(self):
self._run_vector("public_ledger_private_destination")
def test_unknown_event_type(self):
self._run_vector("unknown_event_type")
def test_protocol_version_mismatch(self):
self._run_vector("protocol_version_mismatch")
def test_network_id_mismatch(self):
self._run_vector("network_id_mismatch")
Reference in New Issue View Git Blame Copy Permalink