Beispiel #1
0
    def test_walk_and_encrypt_unencrypted(self):
        """Walk the branch with whitelisted leaves and verify they are untouched."""
        m = mock.mock_open(read_data="""{
            "str_unencrypted": "STRING",
            "list_unencrypted": ["A", "B"],
            "dict_unencrypted": {
                "key": "value"
            },
            "foo": "bar"
        }""")
        # Verify data stays unencrypted upon encryption
        key = os.urandom(32)
        tree = OrderedDict()
        with mock.patch.object(builtins, 'open', m):
            tree = sops.load_file_into_tree('path', 'json')
        tree['sops'] = dict()
        crypttree = sops.walk_and_encrypt(OrderedDict(tree), key, isRoot=True)
        assert crypttree['str_unencrypted'] == 'STRING'
        assert crypttree['list_unencrypted'] == ['A', 'B']
        assert crypttree['dict_unencrypted'] == {"key": "value"}
        assert crypttree['foo'].startswith("ENC[AES256_GCM,data:")

        # Verify we have a MAC and it includes unencrypted values
        assert tree['sops']['mac'].startswith("ENC[AES256_GCM,data:")
        empty_tree = OrderedDict()
        empty_tree['sops'] = dict()
        sops.walk_and_encrypt(OrderedDict(empty_tree), key, isRoot=True)
        tree_mac = sops.decrypt(tree['sops']['mac'], key,
                                aad=tree['sops']['lastmodified'].encode('utf-8'))
        empty_tree_mac = sops.decrypt(empty_tree['sops']['mac'], key,
                                      aad=empty_tree['sops']['lastmodified'].encode('utf-8'))
        assert tree_mac != empty_tree_mac
Beispiel #2
0
 def test_bytes_encrypt_and_decrypt(self):
     """Test encryption/decryption of numbers"""
     key = os.urandom(32)
     tree = OrderedDict()
     tree['data'] = os.urandom(4096)
     tree['sops'] = dict()
     crypttree = sops.walk_and_encrypt(OrderedDict(tree), key, isRoot=True)
     assert tree['sops']['mac'].startswith("ENC[AES256_GCM,data:")
     cleartree = sops.walk_and_decrypt(OrderedDict(crypttree), key, isRoot=True)
     assert cleartree == tree
Beispiel #3
0
 def test_walk_and_encrypt_and_decrypt(self):
     """Test a roundtrip on the tree encryption/decryption code"""
     m = mock.mock_open(read_data=sops.DEFAULT_JSON)
     key = os.urandom(32)
     tree = OrderedDict()
     with mock.patch.object(builtins, 'open', m):
         tree = sops.load_file_into_tree('path', 'json')
     tree['sops'] = dict()
     crypttree = sops.walk_and_encrypt(OrderedDict(tree), key, isRoot=True)
     cleartree = sops.walk_and_decrypt(OrderedDict(crypttree), key, isRoot=True)
     assert cleartree == tree
Beispiel #4
0
 def test_numbers_encrypt_and_decrypt(self):
     """Test encryption/decryption of numbers"""
     m = mock.mock_open(read_data='{"a":1234,"b":[567,890.123],"c":5.4999517527e+10}')
     key = os.urandom(32)
     tree = OrderedDict()
     with mock.patch.object(builtins, 'open', m):
         tree = sops.load_file_into_tree('path', 'json')
     tree['sops'] = dict()
     crypttree = sops.walk_and_encrypt(OrderedDict(tree), key, isRoot=True)
     assert tree['sops']['mac'].startswith("ENC[AES256_GCM,data:")
     cleartree = sops.walk_and_decrypt(OrderedDict(crypttree), key, isRoot=True)
     assert cleartree == tree
Beispiel #5
0
 def test_bytes_encrypt_and_decrypt(self):
     """Test encryption/decryption of numbers"""
     key = os.urandom(32)
     tree = OrderedDict()
     tree['data'] = os.urandom(4096)
     tree['sops'] = dict()
     crypttree = sops.walk_and_encrypt(OrderedDict(tree), key, isRoot=True)
     assert tree['sops']['mac'].startswith("ENC[AES256_GCM,data:")
     cleartree = sops.walk_and_decrypt(OrderedDict(crypttree),
                                       key,
                                       isRoot=True)
     assert cleartree == tree
Beispiel #6
0
 def test_walk_and_encrypt_and_decrypt(self):
     """Test a roundtrip on the tree encryption/decryption code"""
     m = mock.mock_open(read_data=sops.DEFAULT_JSON)
     key = os.urandom(32)
     tree = OrderedDict()
     with mock.patch.object(builtins, 'open', m):
         tree = sops.load_file_into_tree('path', 'json')
     tree['sops'] = dict()
     crypttree = sops.walk_and_encrypt(OrderedDict(tree), key, isRoot=True)
     cleartree = sops.walk_and_decrypt(OrderedDict(crypttree),
                                       key,
                                       isRoot=True)
     assert cleartree == tree
Beispiel #7
0
 def test_numbers_encrypt_and_decrypt(self):
     """Test encryption/decryption of numbers"""
     m = mock.mock_open(
         read_data='{"a":1234,"b":[567,890.123],"c":5.4999517527e+10}')
     key = os.urandom(32)
     tree = OrderedDict()
     with mock.patch.object(builtins, 'open', m):
         tree = sops.load_file_into_tree('path', 'json')
     tree['sops'] = dict()
     crypttree = sops.walk_and_encrypt(OrderedDict(tree), key, isRoot=True)
     assert tree['sops']['mac'].startswith("ENC[AES256_GCM,data:")
     cleartree = sops.walk_and_decrypt(OrderedDict(crypttree),
                                       key,
                                       isRoot=True)
     assert cleartree == tree
Beispiel #8
0
    def test_walk_and_encrypt_unencrypted(self):
        """Walk the branch with whitelisted leaves and verify they are untouched."""
        m = mock.mock_open(read_data="""{
            "str_unencrypted": "STRING",
            "list_unencrypted": ["A", "B"],
            "dict_unencrypted": {
                "key": "value"
            },
            "foo": "bar"
        }""")
        # Verify data stays unencrypted upon encryption
        key = os.urandom(32)
        tree = OrderedDict()
        with mock.patch.object(builtins, 'open', m):
            tree = sops.load_file_into_tree('path', 'json')
        tree['sops'] = dict()
        crypttree = sops.walk_and_encrypt(OrderedDict(tree), key, isRoot=True)
        assert crypttree['str_unencrypted'] == 'STRING'
        assert crypttree['list_unencrypted'] == ['A', 'B']
        assert crypttree['dict_unencrypted'] == {"key": "value"}
        assert crypttree['foo'].startswith("ENC[AES256_GCM,data:")

        # Verify we have a MAC and it includes unencrypted values
        assert tree['sops']['mac'].startswith("ENC[AES256_GCM,data:")
        empty_tree = OrderedDict()
        empty_tree['sops'] = dict()
        sops.walk_and_encrypt(OrderedDict(empty_tree), key, isRoot=True)
        tree_mac = sops.decrypt(
            tree['sops']['mac'],
            key,
            aad=tree['sops']['lastmodified'].encode('utf-8'))
        empty_tree_mac = sops.decrypt(
            empty_tree['sops']['mac'],
            key,
            aad=empty_tree['sops']['lastmodified'].encode('utf-8'))
        assert tree_mac != empty_tree_mac
Beispiel #9
0
 def test_walk_and_encrypt(self):
     """Walk the branch recursively and encrypts its leaves."""
     # - test dict encryption
     # - test list values encryption
     # - test ScalarString
     # - test string encryption
     # TODO: 
     # - test stash value
     m = mock.mock_open(read_data=sops.DEFAULT_YAML)
     key = os.urandom(32)
     tree = OrderedDict()
     with mock.patch.object(builtins, 'open', m):
         tree = sops.load_file_into_tree('path', 'yaml')
     tree['sops'] = dict()
     crypttree = sops.walk_and_encrypt(tree, key)
     assert crypttree['example_key'].startswith("ENC[AES256_GCM,data:")
     assert isinstance(crypttree['example_array'], list)
     assert len(crypttree['example_array']) == 2
Beispiel #10
0
 def test_walk_and_encrypt(self):
     """Walk the branch recursively and encrypts its leaves."""
     # - test dict encryption
     # - test list values encryption
     # - test ScalarString
     # - test string encryption
     # TODO:
     # - test stash value
     m = mock.mock_open(read_data=sops.DEFAULT_YAML)
     key = os.urandom(32)
     tree = OrderedDict()
     with mock.patch.object(builtins, 'open', m):
         tree = sops.load_file_into_tree('path', 'yaml')
     tree['sops'] = dict()
     crypttree = sops.walk_and_encrypt(tree, key)
     assert crypttree['example_key'].startswith("ENC[AES256_GCM,data:")
     assert isinstance(crypttree['example_array'], list)
     assert len(crypttree['example_array']) == 2
Beispiel #11
0
 def test_walk_and_encrypt_and_decrypt_unencrypted(self):
     """Test a roundtrip on the tree encryption/decryption code with unencrypted leaves"""
     m = mock.mock_open(read_data="""{
         "str_unencrypted": "STRING",
         "list_unencrypted": ["A", "B"],
         "dict_unencrypted": {
             "key": "value"
         },
         "foo": "bar"
     }""")
     key = os.urandom(32)
     tree = OrderedDict()
     with mock.patch.object(builtins, 'open', m):
         tree = sops.load_file_into_tree('path', 'json')
     tree['sops'] = dict()
     crypttree = sops.walk_and_encrypt(OrderedDict(tree), key, isRoot=True)
     assert tree['sops']['mac'].startswith("ENC[AES256_GCM,data:")
     cleartree = sops.walk_and_decrypt(OrderedDict(crypttree), key, isRoot=True)
     assert cleartree == tree
Beispiel #12
0
 def test_walk_and_encrypt_and_decrypt_unencrypted(self):
     """Test a roundtrip on the tree encryption/decryption code with unencrypted leaves"""
     m = mock.mock_open(read_data="""{
         "str_unencrypted": "STRING",
         "list_unencrypted": ["A", "B"],
         "dict_unencrypted": {
             "key": "value"
         },
         "foo": "bar"
     }""")
     key = os.urandom(32)
     tree = OrderedDict()
     with mock.patch.object(builtins, 'open', m):
         tree = sops.load_file_into_tree('path', 'json')
     tree['sops'] = dict()
     crypttree = sops.walk_and_encrypt(OrderedDict(tree), key, isRoot=True)
     assert tree['sops']['mac'].startswith("ENC[AES256_GCM,data:")
     cleartree = sops.walk_and_decrypt(OrderedDict(crypttree),
                                       key,
                                       isRoot=True)
     assert cleartree == tree