def test_encrypt_decrypt_sym(self):
# generate 256-bit key
key = Random.new().read(32)
iv, cyphertext = crypto.encrypt_sym(
'data', key, method=crypto.EncryptionMethods.AES_256_CTR)
self.assertTrue(cyphertext is not None)
self.assertTrue(cyphertext != '')
self.assertTrue(cyphertext != 'data')
plaintext = crypto.decrypt_sym(
cyphertext,
key,
iv=iv,
method=crypto.EncryptionMethods.AES_256_CTR)
self.assertEqual('data', plaintext)
def test_decrypt_with_wrong_iv_fails(self):
key = Random.new().read(32)
iv, cyphertext = crypto.encrypt_sym(
'data', key, method=crypto.EncryptionMethods.AES_256_CTR)
self.assertTrue(cyphertext is not None)
self.assertTrue(cyphertext != '')
self.assertTrue(cyphertext != 'data')
iv += 1
plaintext = crypto.decrypt_sym(
cyphertext,
key,
iv=iv,
method=crypto.EncryptionMethods.AES_256_CTR)
self.assertNotEqual('data', plaintext)
def test_decrypt_with_wrong_key_fails(self):
key = Random.new().read(32)
iv, cyphertext = crypto.encrypt_sym(
'data', key, method=crypto.EncryptionMethods.AES_256_CTR)
self.assertTrue(cyphertext is not None)
self.assertTrue(cyphertext != '')
self.assertTrue(cyphertext != 'data')
wrongkey = Random.new().read(32) # 256-bits key
# ensure keys are different in case we are extremely lucky
while wrongkey == key:
wrongkey = Random.new().read(32)
plaintext = crypto.decrypt_sym(
cyphertext,
wrongkey,
iv=iv,
method=crypto.EncryptionMethods.AES_256_CTR)
self.assertNotEqual('data', plaintext)
def test_decrypt_with_wrong_iv_fails(self):
key = Random.new().read(32)
iv, cyphertext = crypto.encrypt_sym(
'data', key, method=crypto.EncryptionMethods.AES_256_CTR)
self.assertTrue(cyphertext is not None)
self.assertTrue(cyphertext != '')
self.assertTrue(cyphertext != 'data')
# get a different iv by changing the first byte
rawiv = binascii.a2b_base64(iv)
wrongiv = rawiv
while wrongiv == rawiv:
wrongiv = os.urandom(1) + rawiv[1:]
plaintext = crypto.decrypt_sym(
cyphertext,
key,
iv=binascii.b2a_base64(wrongiv),
method=crypto.EncryptionMethods.AES_256_CTR)
self.assertNotEqual('data', plaintext)