Beispiel #1
0
    def test_write_invalid(self):
        """
        Test that a ValueError gets raised when required Decrypt response
        payload attributes are missing when encoding the payload.
        """
        payload = payloads.DecryptResponsePayload()
        self.assertIsNone(payload.unique_identifier)
        stream = utils.BytearrayStream()
        args = (stream, )
        self.assertRaisesRegex(
            ValueError,
            "invalid payload missing the unique identifier attribute",
            payload.write,
            *args
        )

        payload = payloads.DecryptResponsePayload(
            unique_identifier='b4faee10-aa2a-4446-8ad4-0881f3422959'
        )
        stream = utils.BytearrayStream()
        args = (stream, )
        self.assertRaisesRegex(
            ValueError,
            "invalid payload missing the data attribute",
            payload.write,
            *args
        )
Beispiel #2
0
    def test_not_equal_on_not_equal_data(self):
        """
        Test that the inequality operator returns True when comparing two
        Decrypt response payloads with different data.
        """
        a = payloads.DecryptResponsePayload(data=b'\x11')
        b = payloads.DecryptResponsePayload(data=b'\xFF')

        self.assertTrue(a != b)
        self.assertTrue(b != a)
Beispiel #3
0
    def test_not_equal_on_not_equal_unique_identifier(self):
        """
        Test that the inequality operator returns True when comparing two
        Decrypt response payloads with different unique identifiers.
        """
        a = payloads.DecryptResponsePayload(unique_identifier='a')
        b = payloads.DecryptResponsePayload(unique_identifier='b')

        self.assertTrue(a != b)
        self.assertTrue(b != a)
Beispiel #4
0
    def test_read_invalid(self):
        """
        Test that a ValueError gets raised when required Decrypt response
        payload attributes are missing from the payload encoding.
        """
        payload = payloads.DecryptResponsePayload()
        args = (self.empty_encoding, )
        self.assertRaisesRegex(
            ValueError,
            "invalid payload missing the unique identifier attribute",
            payload.read, *args)

        payload = payloads.DecryptResponsePayload()
        args = (self.incomplete_encoding, )
        self.assertRaisesRegex(ValueError,
                               "invalid payload missing the data attribute",
                               payload.read, *args)
Beispiel #5
0
 def test_invalid_data(self):
     """
     Test that a TypeError is raised when an invalid value is used to set
     the data of a Decrypt response payload.
     """
     payload = payloads.DecryptResponsePayload()
     args = (payload, 'data', 0)
     self.assertRaisesRegex(TypeError, "data must be bytes", setattr, *args)
Beispiel #6
0
    def test_init(self):
        """
        Test that an Decrypt response payload can be constructed with no
        arguments.
        """
        payload = payloads.DecryptResponsePayload()

        self.assertEqual(None, payload.unique_identifier)
        self.assertEqual(None, payload.data)
Beispiel #7
0
 def test_invalid_unique_identifier(self):
     """
     Test that a TypeError is raised when an invalid value is used to set
     the unique identifier of a Decrypt response payload.
     """
     payload = payloads.DecryptResponsePayload()
     args = (payload, 'unique_identifier', 0)
     self.assertRaisesRegex(TypeError, "unique identifier must be a string",
                            setattr, *args)
Beispiel #8
0
    def test_not_equal_on_type_mismatch(self):
        """
        Test that the inequality operator returns True when comparing two
        Decrypt response payloads with different types.
        """
        a = payloads.DecryptResponsePayload()
        b = 'invalid'

        self.assertTrue(a != b)
        self.assertTrue(b != a)
Beispiel #9
0
    def test_decrypt(self, send_mock, build_mock):
        """
        Test that the client can decrypt data.
        """
        payload = payloads.DecryptResponsePayload(
            unique_identifier='1',
            data=(
                b'\x37\x36\x35\x34\x33\x32\x31\x20'
                b'\x4E\x6F\x77\x20\x69\x73\x20\x74'
                b'\x68\x65\x20\x74\x69\x6D\x65\x20'
                b'\x66\x6F\x72\x20\x00'
            )
        )
        batch_item = ResponseBatchItem(
            operation=Operation(OperationEnum.DECRYPT),
            result_status=ResultStatus(ResultStatusEnum.SUCCESS),
            response_payload=payload
        )
        response = ResponseMessage(batch_items=[batch_item])

        build_mock.return_value = None
        send_mock.return_value = response

        result = self.client.decrypt(
            (
                b'\x6B\x77\xB4\xD6\x30\x06\xDE\xE6'
                b'\x05\xB1\x56\xE2\x74\x03\x97\x93'
                b'\x58\xDE\xB9\xE7\x15\x46\x16\xD9'
                b'\x74\x9D\xEC\xBE\xC0\x5D\x26\x4B'
            ),
            unique_identifier='1',
            cryptographic_parameters=CryptographicParameters(
                block_cipher_mode=enums.BlockCipherMode.CBC,
                padding_method=enums.PaddingMethod.PKCS5,
                cryptographic_algorithm=enums.CryptographicAlgorithm.BLOWFISH
            ),
            iv_counter_nonce=b'\xFE\xDC\xBA\x98\x76\x54\x32\x10'
        )

        self.assertEqual('1', result.get('unique_identifier'))
        self.assertEqual(
            (
                b'\x37\x36\x35\x34\x33\x32\x31\x20'
                b'\x4E\x6F\x77\x20\x69\x73\x20\x74'
                b'\x68\x65\x20\x74\x69\x6D\x65\x20'
                b'\x66\x6F\x72\x20\x00'
            ),
            result.get('data')
        )
        self.assertEqual(
            ResultStatusEnum.SUCCESS,
            result.get('result_status')
        )
        self.assertEqual(None, result.get('result_reason'))
        self.assertEqual(None, result.get('result_message'))
Beispiel #10
0
    def test_not_equal_on_equal(self):
        """
        Test that the inequality operator returns False when comparing two
        Decrypt response payloads with the same data.
        """
        a = payloads.DecryptResponsePayload()
        b = payloads.DecryptResponsePayload()

        self.assertFalse(a != b)
        self.assertFalse(b != a)

        a = payloads.DecryptResponsePayload(
            unique_identifier='b4faee10-aa2a-4446-8ad4-0881f3422959',
            data=b'\x01\x23\x45\x67\x89\xAB\xCD\xEF')
        b = payloads.DecryptResponsePayload(
            unique_identifier='b4faee10-aa2a-4446-8ad4-0881f3422959',
            data=b'\x01\x23\x45\x67\x89\xAB\xCD\xEF')

        self.assertFalse(a != b)
        self.assertFalse(b != a)
Beispiel #11
0
    def _process_decrypt_patched(self, payload):
        self._logger.info("Processing operation: Decrypt")

        unique_identifier = self._id_placeholder
        if payload.unique_identifier:
            unique_identifier = payload.unique_identifier

        # The KMIP spec does not indicate that the Decrypt operation should
        # have it's own operation policy entry. Rather, the cryptographic
        # usage mask should be used to determine if the object can be used
        # to decrypt data (see below).
        managed_object = self._get_object_with_access_controls(
            unique_identifier, enums.Operation.GET)

        cryptographic_parameters = payload.cryptographic_parameters
        if cryptographic_parameters is None:
            # Monkey patched here -- rather than exception, we set to default params.
            default_crypto_params = CryptographicParameters(
                block_cipher_mode=enums.BlockCipherMode.CBC,
                padding_method=enums.PaddingMethod.PKCS5,
                cryptographic_algorithm=enums.CryptographicAlgorithm.AES,
            )
            cryptographic_parameters = default_crypto_params

        if managed_object._object_type != enums.ObjectType.SYMMETRIC_KEY:
            raise exceptions.PermissionDenied(
                "The requested decryption key is not a symmetric key. "
                "Only symmetric decryption is currently supported.")

        if managed_object.state != enums.State.ACTIVE:
            raise exceptions.PermissionDenied(
                "The decryption key must be in the Active state to be used "
                "for decryption.")

        masks = managed_object.cryptographic_usage_masks
        if enums.CryptographicUsageMask.DECRYPT not in masks:
            raise exceptions.PermissionDenied(
                "The Decrypt bit must be set in the decryption key's "
                "cryptographic usage mask.")

        result = self._cryptography_engine.decrypt(
            cryptographic_parameters.cryptographic_algorithm,
            managed_object.value,
            payload.data,
            cipher_mode=cryptographic_parameters.block_cipher_mode,
            padding_method=cryptographic_parameters.padding_method,
            iv_nonce=payload.iv_counter_nonce,
            auth_additional_data=payload.auth_additional_data,
            auth_tag=payload.auth_tag,
        )

        response_payload = payloads.DecryptResponsePayload(
            unique_identifier, result)
        return response_payload
Beispiel #12
0
    def test_init_with_args(self):
        """
        Test that a Decrypt response payload can be constructed with valid
        values
        """
        payload = payloads.DecryptResponsePayload(
            unique_identifier='00000000-1111-2222-3333-444444444444',
            data=b'\x01\x02\x03')

        self.assertEqual('00000000-1111-2222-3333-444444444444',
                         payload.unique_identifier)
        self.assertEqual(b'\x01\x02\x03', payload.data)
Beispiel #13
0
    def test_write(self):
        """
        Test that a Decrypt response payload can be written to a data stream.
        """
        payload = payloads.DecryptResponsePayload(
            unique_identifier='b4faee10-aa2a-4446-8ad4-0881f3422959',
            data=b'\x01\x23\x45\x67\x89\xAB\xCD\xEF')
        stream = utils.BytearrayStream()
        payload.write(stream)

        self.assertEqual(len(self.full_encoding), len(stream))
        self.assertEqual(str(self.full_encoding), str(stream))
Beispiel #14
0
    def test_read(self):
        """
        Test that a Decrypt response payload can be read from a data stream.
        """
        payload = payloads.DecryptResponsePayload()

        self.assertEqual(None, payload.unique_identifier)
        self.assertEqual(None, payload.data)

        payload.read(self.full_encoding)

        self.assertEqual('b4faee10-aa2a-4446-8ad4-0881f3422959',
                         payload.unique_identifier)
        self.assertEqual(b'\x01\x23\x45\x67\x89\xAB\xCD\xEF', payload.data)
Beispiel #15
0
    def test_repr(self):
        """
        Test that repr can be applied to a Decrypt response payload.
        """
        payload = payloads.DecryptResponsePayload(
            unique_identifier='b4faee10-aa2a-4446-8ad4-0881f3422959',
            data=b'\x01\x23\x45\x67\x89\xAB\xCD\xEF')
        expected = (
            "DecryptResponsePayload("
            "unique_identifier='b4faee10-aa2a-4446-8ad4-0881f3422959', "
            "data=" + str(b'\x01\x23\x45\x67\x89\xAB\xCD\xEF') + ")")
        observed = repr(payload)

        self.assertEqual(expected, observed)
Beispiel #16
0
    def test_str(self):
        """
        Test that str can be applied to a Decrypt response payload
        """
        payload = payloads.DecryptResponsePayload(
            unique_identifier='b4faee10-aa2a-4446-8ad4-0881f3422959',
            data=b'\x01\x23\x45\x67\x89\xAB\xCD\xEF')

        expected = str({
            'unique_identifier': 'b4faee10-aa2a-4446-8ad4-0881f3422959',
            'data': b'\x01\x23\x45\x67\x89\xAB\xCD\xEF'
        })
        observed = str(payload)

        self.assertEqual(expected, observed)
Beispiel #17
0
 def _create_decrypt_payload(self):
     return payloads.DecryptResponsePayload()