diff --git a/Cargo.lock b/Cargo.lock index 0bf816039..f4b8665ae 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -17,6 +17,15 @@ version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" +[[package]] +name = "aead" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b613b8e1e3cf911a086f53f03bf286f52fd7a7258e4fa606f0ef220d39d8877" +dependencies = [ + "generic-array", +] + [[package]] name = "aead" version = "0.5.2" @@ -27,6 +36,32 @@ dependencies = [ "generic-array", ] +[[package]] +name = "aes" +version = "0.7.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9e8b47f52ea9bae42228d07ec09eb676433d7c4ed1ebdf0f1d1c29ed446f1ab8" +dependencies = [ + "cfg-if 1.0.0", + "cipher 0.3.0", + "cpufeatures", + "opaque-debug", +] + +[[package]] +name = "aes-gcm" +version = "0.9.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bc3be92e19a7ef47457b8e6f90707e12b6ac5d20c6f3866584fa3be0787d839f" +dependencies = [ + "aead 0.4.3", + "aes", + "cipher 0.3.0", + "ctr", + "ghash", + "subtle", +] + [[package]] name = "ahash" version = "0.3.8" @@ -400,6 +435,16 @@ version = "2.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "327762f6e5a765692301e5bb513e0d9fef63be86bbc14528052b1cd3e6f03e07" +[[package]] +name = "block-buffer" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4152116fd6e9dadb291ae18fc1ec3575ed6d84c29642d97890f4b4a3417297e4" +dependencies = [ + "block-padding", + "generic-array", +] + [[package]] name = "block-buffer" version = "0.10.4" @@ -409,6 +454,12 @@ dependencies = [ "generic-array", ] +[[package]] +name = "block-padding" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8d696c370c750c948ada61c69a0ee2cbbb9c50b1019ddb86d9317157a99c2cae" + [[package]] name = "bolt-derive" version = "0.2.0" @@ -475,7 +526,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c3613f74bd2eac03dad61bd53dbe620703d4371614fe0bc3b9f04dd36fe4e818" dependencies = [ "cfg-if 1.0.0", - "cipher", + "cipher 0.4.4", "cpufeatures", ] @@ -485,9 +536,9 @@ version = "0.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "10cd79432192d1c0f4e1a0fef9527696cc039165d729fb41b3f4f4f354c2dc35" dependencies = [ - "aead", + "aead 0.5.2", "chacha20", - "cipher", + "cipher 0.4.4", "poly1305", "zeroize", ] @@ -507,6 +558,15 @@ dependencies = [ "windows-targets", ] +[[package]] +name = "cipher" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7ee52072ec15386f770805afd189a01c8841be8696bed250fa2f13c4c0d6dfb7" +dependencies = [ + "generic-array", +] + [[package]] name = "cipher" version = "0.4.4" @@ -667,6 +727,15 @@ dependencies = [ "typenum", ] +[[package]] +name = "ctr" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a232f92a03f37dd7d7dd2adc67166c77e9cd88de5b019b9a9eecfaeaf7bfd481" +dependencies = [ + "cipher 0.3.0", +] + [[package]] name = "darling" version = "0.20.3" @@ -728,13 +797,22 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6184e33543162437515c2e2b48714794e37845ec9851711914eec9d308f6ebe8" +[[package]] +name = "digest" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3dd60d1080a57a05ab032377049e0591415d2b31afd7028356dbf3cc6dcb066" +dependencies = [ + "generic-array", +] + [[package]] name = "digest" version = "0.10.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" dependencies = [ - "block-buffer", + "block-buffer 0.10.4", "crypto-common", ] @@ -1047,6 +1125,16 @@ dependencies = [ "wasi 0.11.0+wasi-snapshot-preview1", ] +[[package]] +name = "ghash" +version = "0.4.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1583cc1656d7839fd3732b80cf4f38850336cdb9b8ded1cd399ca62958de3c99" +dependencies = [ + "opaque-debug", + "polyval", +] + [[package]] name = "gimli" version = "0.28.0" @@ -1074,6 +1162,9 @@ dependencies = [ "lightning-invoice 0.24.0", "log", "mockall", + "picky", + "picky-asn1-der 0.4.1", + "picky-asn1-x509 0.12.0", "pin-project 1.1.3", "prost 0.11.9", "prost-derive 0.11.9", @@ -1615,6 +1706,15 @@ dependencies = [ "wasm-bindgen", ] +[[package]] +name = "keccak" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f6d5ed8676d904364de097082f4e7d240b571b67989ced0240f08b7f966f940" +dependencies = [ + "cpufeatures", +] + [[package]] name = "kernel32-sys" version = "0.2.2" @@ -1650,6 +1750,9 @@ name = "lazy_static" version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" +dependencies = [ + "spin 0.5.2", +] [[package]] name = "libc" @@ -1657,6 +1760,12 @@ version = "0.2.150" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "89d92a4743f9a61002fae18374ed11e7973f530cb3a3255fb354818118b2203c" +[[package]] +name = "libm" +version = "0.2.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4ec2a862134d2a7d32d7983ddcdd1c4923530833c9f2ea1a44fc5fa473989058" + [[package]] name = "lightning" version = "0.0.115" @@ -1976,6 +2085,24 @@ dependencies = [ "num-traits", ] +[[package]] +name = "num-bigint-dig" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f9bc3e36fd683e004fd59c64a425e0e991616f5a8b617c3b9a933a93c168facc" +dependencies = [ + "byteorder", + "lazy_static", + "libm", + "num-integer", + "num-iter", + "num-traits", + "rand 0.8.5", + "serde", + "smallvec", + "zeroize", +] + [[package]] name = "num-integer" version = "0.1.45" @@ -1986,6 +2113,17 @@ dependencies = [ "num-traits", ] +[[package]] +name = "num-iter" +version = "0.1.43" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7d03e6c028c5dc5cac6e2dec0efda81fc887605bb3d884578bb6d6bf7514e252" +dependencies = [ + "autocfg", + "num-integer", + "num-traits", +] + [[package]] name = "num-traits" version = "0.2.17" @@ -1993,6 +2131,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "39e3200413f237f41ab11ad6d161bc7239c84dcb631773ccd7de3dfe4b5c267c" dependencies = [ "autocfg", + "libm", ] [[package]] @@ -2014,6 +2153,15 @@ dependencies = [ "memchr", ] +[[package]] +name = "oid" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c19903c598813dba001b53beeae59bb77ad4892c5c1b9b3500ce4293a0d06c2" +dependencies = [ + "serde", +] + [[package]] name = "oid-registry" version = "0.6.1" @@ -2089,6 +2237,17 @@ dependencies = [ "windows-targets", ] +[[package]] +name = "pem" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fd56cbd21fea48d0c440b41cd69c589faacade08c992d9a54e471b79d0fd13eb" +dependencies = [ + "base64 0.13.1", + "once_cell", + "regex", +] + [[package]] name = "pem" version = "1.1.1" @@ -2124,6 +2283,102 @@ dependencies = [ "indexmap 2.1.0", ] +[[package]] +name = "picky" +version = "6.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fd6b25b296bb2a45678748f61c51f5a548ea56b25b0ad4966183709b386eaecf" +dependencies = [ + "aes-gcm", + "base64 0.13.1", + "digest 0.9.0", + "http", + "num-bigint-dig", + "oid", + "picky-asn1 0.3.3", + "picky-asn1-der 0.2.5", + "picky-asn1-x509 0.6.1", + "rand 0.8.5", + "rsa", + "serde", + "serde_json", + "sha-1", + "sha2 0.9.9", + "sha3", + "thiserror", +] + +[[package]] +name = "picky-asn1" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "889bbb26c80acf919e89980dfc8e04eb19df272d8a9893ec9b748d3a1675abde" +dependencies = [ + "oid", + "serde", + "serde_bytes", +] + +[[package]] +name = "picky-asn1" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "295eea0f33c16be21e2a98b908fdd4d73c04dd48c8480991b76dbcf0cb58b212" +dependencies = [ + "oid", + "serde", + "serde_bytes", +] + +[[package]] +name = "picky-asn1-der" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "acbbd5390ab967396cc7473e6e0848684aec7166e657c6088604e07b54a73dbe" +dependencies = [ + "picky-asn1 0.3.3", + "serde", + "serde_bytes", +] + +[[package]] +name = "picky-asn1-der" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5df7873a9e36d42dadb393bea5e211fe83d793c172afad5fb4ec846ec582793f" +dependencies = [ + "picky-asn1 0.8.0", + "serde", + "serde_bytes", +] + +[[package]] +name = "picky-asn1-x509" +version = "0.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f3033675030de806aba1d5470949701b7c9f1dbf77e3bb17bd12e5f945e560ba" +dependencies = [ + "base64 0.13.1", + "num-bigint-dig", + "oid", + "picky-asn1 0.3.3", + "picky-asn1-der 0.2.5", + "serde", +] + +[[package]] +name = "picky-asn1-x509" +version = "0.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2c5f20f71a68499ff32310f418a6fad8816eac1a2859ed3f0c5c741389dd6208" +dependencies = [ + "base64 0.21.5", + "oid", + "picky-asn1 0.8.0", + "picky-asn1-der 0.4.1", + "serde", +] + [[package]] name = "pin-project" version = "0.4.30" @@ -2190,7 +2445,19 @@ checksum = "8159bd90725d2df49889a078b54f4f79e87f1f8a8444194cdca81d38f5393abf" dependencies = [ "cpufeatures", "opaque-debug", - "universal-hash", + "universal-hash 0.5.1", +] + +[[package]] +name = "polyval" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8419d2b623c7c0896ff2d5d96e2cb4ede590fed28fcc34934f4c33c036e620a1" +dependencies = [ + "cfg-if 1.0.0", + "cpufeatures", + "opaque-debug", + "universal-hash 0.4.0", ] [[package]] @@ -2516,7 +2783,7 @@ version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ffbe84efe2f38dea12e9bfc1f65377fdf03e53a18cb3b995faedf7934c7e785b" dependencies = [ - "pem", + "pem 1.1.1", "ring 0.16.20", "time", "x509-parser", @@ -2648,6 +2915,26 @@ dependencies = [ "windows-sys", ] +[[package]] +name = "rsa" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "68ef841a26fc5d040ced0417c6c6a64ee851f42489df11cdf0218e545b6f8d28" +dependencies = [ + "byteorder", + "digest 0.9.0", + "lazy_static", + "num-bigint-dig", + "num-integer", + "num-iter", + "num-traits", + "pem 0.8.3", + "rand 0.8.5", + "simple_asn1", + "subtle", + "zeroize", +] + [[package]] name = "runeauth" version = "0.1.1" @@ -2660,7 +2947,7 @@ dependencies = [ "env_logger 0.10.1", "hex", "indexmap 2.1.0", - "sha2", + "sha2 0.10.8", "thiserror", ] @@ -2939,6 +3226,15 @@ dependencies = [ "hex", ] +[[package]] +name = "serde_bytes" +version = "0.11.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ab33ec92f677585af6d88c65593ae2375adde54efdbf16d597f2cbc7a6d368ff" +dependencies = [ + "serde", +] + [[package]] name = "serde_derive" version = "1.0.192" @@ -3000,6 +3296,32 @@ dependencies = [ "syn 2.0.39", ] +[[package]] +name = "sha-1" +version = "0.9.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "99cd6713db3cf16b6c84e06321e049a9b9f699826e16096d23bbcc44d15d51a6" +dependencies = [ + "block-buffer 0.9.0", + "cfg-if 1.0.0", + "cpufeatures", + "digest 0.9.0", + "opaque-debug", +] + +[[package]] +name = "sha2" +version = "0.9.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4d58a1e1bf39749807d89cf2d98ac2dfa0ff1cb3faa38fbb64dd88ac8013d800" +dependencies = [ + "block-buffer 0.9.0", + "cfg-if 1.0.0", + "cpufeatures", + "digest 0.9.0", + "opaque-debug", +] + [[package]] name = "sha2" version = "0.10.8" @@ -3008,7 +3330,7 @@ checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8" dependencies = [ "cfg-if 1.0.0", "cpufeatures", - "digest", + "digest 0.10.7", ] [[package]] @@ -3020,10 +3342,22 @@ dependencies = [ "async-trait", "bytes 1.5.0", "hex", - "sha2", + "sha2 0.10.8", "tokio 1.34.0", ] +[[package]] +name = "sha3" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f81199417d4e5de3f04b1e871023acea7389672c4135918f05aa9cbf2f2fa809" +dependencies = [ + "block-buffer 0.9.0", + "digest 0.9.0", + "keccak", + "opaque-debug", +] + [[package]] name = "signal-hook-registry" version = "1.4.1" @@ -3033,6 +3367,18 @@ dependencies = [ "libc", ] +[[package]] +name = "simple_asn1" +version = "0.5.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8eb4ea60fb301dc81dfc113df680571045d375ab7345d171c5dc7d7e13107a80" +dependencies = [ + "chrono", + "num-bigint", + "num-traits", + "thiserror", +] + [[package]] name = "slab" version = "0.4.9" @@ -3815,6 +4161,16 @@ version = "0.1.11" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e1766d682d402817b5ac4490b3c3002d91dfa0d22812f341609f97b08757359c" +[[package]] +name = "universal-hash" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8326b2c654932e3e4f9196e69d08fdf7cfd718e1dc6f66b347e6024a0c961402" +dependencies = [ + "generic-array", + "subtle", +] + [[package]] name = "universal-hash" version = "0.5.1" @@ -4249,3 +4605,17 @@ name = "zeroize" version = "1.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" +dependencies = [ + "zeroize_derive", +] + +[[package]] +name = "zeroize_derive" +version = "1.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.39", +] diff --git a/libs/gl-client-py/glclient/__init__.py b/libs/gl-client-py/glclient/__init__.py index 01c2fc519..4b8ad81f5 100644 --- a/libs/gl-client-py/glclient/__init__.py +++ b/libs/gl-client-py/glclient/__init__.py @@ -130,6 +130,13 @@ def get_pairing_data(self, session_id: str) -> schedpb.GetPairingDataResponse: def approve_pairing(self, session_id: str, node_id: bytes, device_name: str, restrs: str): self.inner.approve_pairing(session_id, node_id, device_name, restrs) + def verify_pairing_data(self, data: schedpb.GetPairingDataRequest) -> Optional[str]: + try: + self.inner.verify_pairing_data(data.SerializeToString()) + return None + except Exception as e: + return str(e) + class Node(object): def __init__(self, node_id: bytes, network: str, grpc_uri: str, tls: Optional[TlsConfig] = None, rune: Optional[str] = None, auth: Optional[bytes] = None) -> None: self.tls = tls diff --git a/libs/gl-client-py/glclient/glclient.pyi b/libs/gl-client-py/glclient/glclient.pyi index 7501b0aeb..a2593b574 100644 --- a/libs/gl-client-py/glclient/glclient.pyi +++ b/libs/gl-client-py/glclient/glclient.pyi @@ -41,6 +41,7 @@ class PairingService: def pair_device(self, name: str, desc: str, restrs: str): ... def get_pairing_data(self, session_id: str) -> bytes: ... def approve_pairing(self, session_id: str, node_id: bytes, device_name: str, restrs: str):... + def verify_pairing_data(self, data: bytes): ... class Node: diff --git a/libs/gl-client-py/src/pairing.rs b/libs/gl-client-py/src/pairing.rs index 200689ab6..56136bf09 100644 --- a/libs/gl-client-py/src/pairing.rs +++ b/libs/gl-client-py/src/pairing.rs @@ -4,6 +4,7 @@ use crate::tls::TlsConfig; use anyhow::Error; use bytes::BufMut; use gl_client::pairing::service::{Pairing, PairingSessionData}; +use gl_client::pb::scheduler::GetPairingDataResponse; use prost::Message; use pyo3::exceptions::PyValueError; use pyo3::prelude::*; @@ -76,6 +77,17 @@ impl PairingService { .map_err(|e| Error::new(e)) })) } + + fn verify_pairing_data(&self, data: Vec) -> PyResult<()> { + let pd = GetPairingDataResponse::decode(&data[..]).map_err(|e| { + PyValueError::new_err(format!( + "could not decode data={:?} as PairingData: {}", + data, e, + )) + })?; + + Pairing::verify_pairing_data(pd).map_err(|e| PyValueError::new_err(format!("{}", e))) + } } /// A wrapper class to return an iterable from a mpsc channel. diff --git a/libs/gl-client-py/tests/test_pairing.py b/libs/gl-client-py/tests/test_pairing.py index e514efec7..b6b6ca069 100644 --- a/libs/gl-client-py/tests/test_pairing.py +++ b/libs/gl-client-py/tests/test_pairing.py @@ -46,3 +46,28 @@ def test_pairing_session(scheduler, nobody_id, sclient, signer, tls): assert(m.device_key) # assert(m.rune) fixme: enable once we pass back a rune during the tests. assert(m.auth) + + +def test_paring_data_validation(scheduler): + """A simple test to ensure that data validation works as intended. + + If the data is valid, the public key belongs to the private key that was + used to sign the csr subject. + """ + name = "new_device" + desc = "my description" + restrs = "method^list" + + ps = PairingService() + session = ps.pair_device(name, desc, restrs) + session_iter = iter(session) + m = next(session_iter) + session_id = m.data.split(':')[1] + m = ps.get_pairing_data(session_id) + + assert(ps.verify_pairing_data(m) is None) + + # Change the public key and try again + pk = '01' + m.session_id[2:] if m.session_id[0:1] == '00' else '00' + m.session_id[2:] + m.session_id = pk + assert(ps.verify_pairing_data(m)) diff --git a/libs/gl-client/Cargo.toml b/libs/gl-client/Cargo.toml index b1bffd14f..8c579606a 100644 --- a/libs/gl-client/Cargo.toml +++ b/libs/gl-client/Cargo.toml @@ -27,6 +27,9 @@ http = "0.2" http-body = "^0.4" lightning-invoice = "0.24.0" log = "^0.4" +picky = "6.3" +picky-asn1-x509 = "0.12" +picky-asn1-der = "0.4" pin-project = "1.1.3" prost = "0.11" prost-derive = "0.11" diff --git a/libs/gl-client/src/pairing/service.rs b/libs/gl-client/src/pairing/service.rs index da8339e9b..9faa0224f 100644 --- a/libs/gl-client/src/pairing/service.rs +++ b/libs/gl-client/src/pairing/service.rs @@ -10,6 +10,8 @@ use crate::tls::{self, TlsConfig}; use anyhow::Result; use bytes::BufMut; use log::debug; +use picky::x509::Csr; +use picky_asn1_x509::{PublicKey, SubjectPublicKeyInfo}; use ring::{ rand, signature::{self, EcdsaKeyPair}, @@ -31,6 +33,8 @@ pub enum PairingError { RcGenError(#[from] rcgen::RcgenError), #[error("could not approve pairing {0}")] ApproveParingError(String), + #[error("pairing data is not valid {0}")] + VerifyPairingDataError(String), } pub struct Builder { @@ -270,4 +274,72 @@ impl Pairing { Err(PairingError::ApproveParingError("rune missing".to_string())) } } + + pub fn verify_pairing_data(data: GetPairingDataResponse) -> Result<(), PairingError> { + let mut crs = std::io::Cursor::new(&data.csr); + let pem = picky::pem::Pem::read_from(&mut crs).map_err(to_verify_error)?; + let csr = Csr::from_pem(&pem).map_err(to_verify_error)?; + let sub_pk_der = csr.public_key().to_der().map_err(to_verify_error)?; + let sub_pk_info: SubjectPublicKeyInfo = + picky_asn1_der::from_bytes(&sub_pk_der).map_err(to_verify_error)?; + + if let PublicKey::Ec(bs) = sub_pk_info.subject_public_key { + let pk = hex::encode(bs.0.payload_view()); + + if pk == data.session_id { + Ok(()) + } else { + Err(PairingError::VerifyPairingDataError(format!( + "public key {} does not match pk {}", + data.session_id, pk + ))) + } + } else { + Err(PairingError::VerifyPairingDataError(format!( + "expected ecdsa pubkey" + ))) + } + } +} + +fn to_verify_error(e: T) -> PairingError { + PairingError::VerifyPairingDataError(e.to_string()) +} + +#[cfg(test)] +pub mod tests { + use super::*; + + #[test] + fn test_verify_pairing_data() { + let pem = tls::generate_ecdsa_key_pair().serialize_pem(); + let device_cert = tls::generate_self_signed_device_cert_from_pem( + &pem, + &hex::encode("00"), + "my-device", + vec!["localhost".into()], + ); + let csr = device_cert.serialize_request_pem().unwrap(); + let pk = hex::encode(device_cert.get_key_pair().public_key_raw()); + + // Check with public key as session id. + let pd = GetPairingDataResponse { + session_id: pk, + csr: csr.clone().into_bytes(), + device_name: "my-device".to_string(), + desc: "".to_string(), + restrs: "".to_string(), + }; + assert!(Pairing::verify_pairing_data(pd).is_ok()); + + // Check with different public key as session id. + let pd = GetPairingDataResponse { + session_id: "00".to_string(), + csr: csr.into_bytes(), + device_name: "my-device".to_string(), + desc: "".to_string(), + restrs: "".to_string(), + }; + assert!(Pairing::verify_pairing_data(pd).is_err()); + } }