gabriel / muse public
test_agent_seed_zeroing.py python
72 lines 2.7 KB
Raw
sha256:1900655993c83c4107067375548a7be823e471d2515830842f1a12cba4bd3cdf fix: unified object store migration — idempotent writes, JS… Sonnet 4.6 minor ⚠ breaking 27 days ago
1 """Tests for DerivedKey zeroing in muse/cli/commands/agent.py.
2
3 _sub_seed_to_public derives an Ed25519 key from a sub-seed via derive_identity_key(),
4 then calls dk.zero() to overwrite the private scalar and chain code before returning.
5 DerivedKey fields are bytearray, so dk.zero() genuinely overwrites the live buffer.
6
7 Coverage
8 --------
9 I _sub_seed_to_public zeroes DerivedKey
10 I1 DerivedKey.private_bytes is zeroed after _sub_seed_to_public returns
11 I2 DerivedKey.chain_code is zeroed after _sub_seed_to_public returns
12 """
13
14 from __future__ import annotations
15
16 from unittest.mock import patch
17
18 from muse.core import hdkeys as _hdkeys
19 from muse.core.bip39 import mnemonic_to_seed
20 from muse.core.hdkeys import derive_agent_sub_seed, DOMAIN_IDENTITY
21 from muse.core.slip010 import DerivedKey
22
23 _MNEMONIC = (
24 "abandon abandon abandon abandon abandon abandon abandon abandon "
25 "abandon abandon abandon about"
26 )
27 _SEED = mnemonic_to_seed(_MNEMONIC)
28 _SUB_SEED = derive_agent_sub_seed(_SEED, domain=DOMAIN_IDENTITY, agent_id=0)
29
30
31 class TestSubSeedToPublicZeroesDerivedKey:
32 def test_I1_private_bytes_zeroed(self) -> None:
33 """I1: DerivedKey.private_bytes is zeroed after _sub_seed_to_public returns."""
34 from muse.cli.commands.agent import _sub_seed_to_public
35
36 captured: list[DerivedKey] = []
37 original_derive = _hdkeys.derive_identity_key
38
39 def capturing_derive(*args: int | bytes, **kwargs: int) -> DerivedKey:
40 dk = original_derive(*args, **kwargs)
41 captured.append(dk)
42 return dk
43
44 with patch.object(_hdkeys, "derive_identity_key", side_effect=capturing_derive):
45 _sub_seed_to_public(bytes(_SUB_SEED))
46
47 assert captured, "derive_identity_key was not called"
48 dk = captured[0]
49 assert dk.private_bytes == bytearray(32), (
50 "DerivedKey.private_bytes must be zeroed after _sub_seed_to_public"
51 )
52
53 def test_I2_chain_code_zeroed(self) -> None:
54 """I2: DerivedKey.chain_code is zeroed after _sub_seed_to_public returns."""
55 from muse.cli.commands.agent import _sub_seed_to_public
56
57 captured: list[DerivedKey] = []
58 original_derive = _hdkeys.derive_identity_key
59
60 def capturing_derive(*args: int | bytes, **kwargs: int) -> DerivedKey:
61 dk = original_derive(*args, **kwargs)
62 captured.append(dk)
63 return dk
64
65 with patch.object(_hdkeys, "derive_identity_key", side_effect=capturing_derive):
66 _sub_seed_to_public(bytes(_SUB_SEED))
67
68 assert captured, "derive_identity_key was not called"
69 dk = captured[0]
70 assert dk.chain_code == bytearray(32), (
71 "DerivedKey.chain_code must be zeroed after _sub_seed_to_public"
72 )
File History 1 commit
sha256:1900655993c83c4107067375548a7be823e471d2515830842f1a12cba4bd3cdf fix: unified object store migration — idempotent writes, JS… Sonnet 4.6 minor 27 days ago