def test_decrypt_with_wrong_key_raises(self):
key = os.urandom(32)
iv, cyphertext = _crypto.encrypt_sym('data', key)
self.assertTrue(cyphertext is not None)
self.assertTrue(cyphertext != '')
self.assertTrue(cyphertext != 'data')
wrongkey = os.urandom(32) # 256-bits key
# ensure keys are different in case we are extremely lucky
while wrongkey == key:
wrongkey = os.urandom(32)
with pytest.raises(InvalidTag):
_crypto.decrypt_sym(cyphertext, wrongkey, iv)
def test_decrypt_with_wrong_key_raises(self):
key = os.urandom(32)
iv, cyphertext = _crypto.encrypt_sym('data', key)
self.assertTrue(cyphertext is not None)
self.assertTrue(cyphertext != '')
self.assertTrue(cyphertext != 'data')
wrongkey = os.urandom(32) # 256-bits key
# ensure keys are different in case we are extremely lucky
while wrongkey == key:
wrongkey = os.urandom(32)
with pytest.raises(InvalidTag):
_crypto.decrypt_sym(cyphertext, wrongkey, iv)
def test_decrypt_with_wrong_iv_raises(self):
key = os.urandom(32)
iv, cyphertext = _crypto.encrypt_sym('data', key)
self.assertTrue(cyphertext is not None)
self.assertTrue(cyphertext != '')
self.assertTrue(cyphertext != 'data')
# get a different iv by changing the first byte
rawiv = binascii.a2b_base64(iv)
wrongiv = rawiv
while wrongiv == rawiv:
wrongiv = os.urandom(1) + rawiv[1:]
with pytest.raises(InvalidTag):
_crypto.decrypt_sym(
cyphertext, key, iv=binascii.b2a_base64(wrongiv))
def test_decrypt_with_wrong_iv_raises(self):
key = os.urandom(32)
iv, cyphertext = _crypto.encrypt_sym('data', key)
self.assertTrue(cyphertext is not None)
self.assertTrue(cyphertext != '')
self.assertTrue(cyphertext != 'data')
# get a different iv by changing the first byte
rawiv = binascii.a2b_base64(iv)
wrongiv = rawiv
while wrongiv == rawiv:
wrongiv = os.urandom(1) + rawiv[1:]
with pytest.raises(InvalidTag):
_crypto.decrypt_sym(cyphertext,
key,
iv=binascii.b2a_base64(wrongiv))
def _decrypt(self, key, iv, ciphertext, encrypted, method):
# assert some properties of the stored secret
soledad_assert(encrypted['kdf'] == 'scrypt')
soledad_assert(encrypted['kdf_length'] == len(key))
# decrypt
plaintext = decrypt_sym(ciphertext, key, iv, method)
soledad_assert(encrypted['length'] == len(plaintext))
return plaintext
def _decrypt(self, key, iv, ciphertext, encrypted, method):
# assert some properties of the stored secret
soledad_assert(encrypted['kdf'] == 'scrypt')
soledad_assert(encrypted['kdf_length'] == len(key))
# decrypt
plaintext = decrypt_sym(ciphertext, key, iv, method)
soledad_assert(encrypted['length'] == len(plaintext))
return plaintext
def test_encrypt_decrypt_sym(self):
# generate 256-bit key
key = os.urandom(32)
iv, cyphertext = _crypto.encrypt_sym('data', key)
self.assertTrue(cyphertext is not None)
self.assertTrue(cyphertext != '')
self.assertTrue(cyphertext != 'data')
plaintext = _crypto.decrypt_sym(cyphertext, key, iv)
self.assertEqual('data', plaintext)
def test_encrypt_decrypt_sym(self):
# generate 256-bit key
key = os.urandom(32)
iv, cyphertext = _crypto.encrypt_sym('data', key)
self.assertTrue(cyphertext is not None)
self.assertTrue(cyphertext != '')
self.assertTrue(cyphertext != 'data')
plaintext = _crypto.decrypt_sym(cyphertext, key, iv)
self.assertEqual('data', plaintext)
