def test_raw_decrypt(monitored_benchmark, payload): """ Decrypt raw payload using default mode from crypto module. """ key = payload(32) iv, ciphertext = _crypto.encrypt_sym(payload(size), key) monitored_benchmark(_crypto.decrypt_sym, ciphertext, key, iv)
def test_raw_decrypt(monitored_benchmark, payload): """ Decrypt raw payload using default mode from crypto module. """ key = payload(32) iv, ciphertext = _crypto.encrypt_sym(payload(size), key) monitored_benchmark(_crypto.decrypt_sym, ciphertext, key, iv)
def test_encrypt_decrypt_sym(self): # generate 256-bit key key = os.urandom(32) iv, cyphertext = _crypto.encrypt_sym('data', key) self.assertTrue(cyphertext is not None) self.assertTrue(cyphertext != '') self.assertTrue(cyphertext != 'data') plaintext = _crypto.decrypt_sym(cyphertext, key, iv) self.assertEqual('data', plaintext)
def test_encrypt_decrypt_sym(self): # generate 256-bit key key = os.urandom(32) iv, cyphertext = _crypto.encrypt_sym('data', key) self.assertTrue(cyphertext is not None) self.assertTrue(cyphertext != '') self.assertTrue(cyphertext != 'data') plaintext = _crypto.decrypt_sym(cyphertext, key, iv) self.assertEqual('data', plaintext)
def test_decrypt_with_wrong_key_raises(self): key = os.urandom(32) iv, cyphertext = _crypto.encrypt_sym('data', key) self.assertTrue(cyphertext is not None) self.assertTrue(cyphertext != '') self.assertTrue(cyphertext != 'data') wrongkey = os.urandom(32) # 256-bits key # ensure keys are different in case we are extremely lucky while wrongkey == key: wrongkey = os.urandom(32) with pytest.raises(InvalidTag): _crypto.decrypt_sym(cyphertext, wrongkey, iv)
def test_decrypt_with_wrong_key_raises(self): key = os.urandom(32) iv, cyphertext = _crypto.encrypt_sym('data', key) self.assertTrue(cyphertext is not None) self.assertTrue(cyphertext != '') self.assertTrue(cyphertext != 'data') wrongkey = os.urandom(32) # 256-bits key # ensure keys are different in case we are extremely lucky while wrongkey == key: wrongkey = os.urandom(32) with pytest.raises(InvalidTag): _crypto.decrypt_sym(cyphertext, wrongkey, iv)
def test_decrypt_with_wrong_iv_raises(self): key = os.urandom(32) iv, cyphertext = _crypto.encrypt_sym('data', key) self.assertTrue(cyphertext is not None) self.assertTrue(cyphertext != '') self.assertTrue(cyphertext != 'data') # get a different iv by changing the first byte rawiv = binascii.a2b_base64(iv) wrongiv = rawiv while wrongiv == rawiv: wrongiv = os.urandom(1) + rawiv[1:] with pytest.raises(InvalidTag): _crypto.decrypt_sym( cyphertext, key, iv=binascii.b2a_base64(wrongiv))
def test_decrypt_with_wrong_iv_raises(self): key = os.urandom(32) iv, cyphertext = _crypto.encrypt_sym('data', key) self.assertTrue(cyphertext is not None) self.assertTrue(cyphertext != '') self.assertTrue(cyphertext != 'data') # get a different iv by changing the first byte rawiv = binascii.a2b_base64(iv) wrongiv = rawiv while wrongiv == rawiv: wrongiv = os.urandom(1) + rawiv[1:] with pytest.raises(InvalidTag): _crypto.decrypt_sym(cyphertext, key, iv=binascii.b2a_base64(wrongiv))
def encrypt(self, secrets): encoded = {} for name, value in secrets.iteritems(): encoded[name] = binascii.b2a_base64(value) plaintext = json.dumps(encoded) salt = os.urandom(64) # TODO: get salt length from somewhere else key = self._get_key(salt) iv, ciphertext = encrypt_sym(plaintext, key, method=ENC_METHOD.aes_256_gcm) encrypted = { 'version': self.VERSION, 'kdf': 'scrypt', 'kdf_salt': binascii.b2a_base64(salt), 'kdf_length': len(key), 'cipher': ENC_METHOD.aes_256_gcm, 'length': len(plaintext), 'iv': str(iv), 'secrets': binascii.b2a_base64(ciphertext), } return encrypted
def encrypt(self, secrets): encoded = {} for name, value in secrets.iteritems(): encoded[name] = binascii.b2a_base64(value) plaintext = json.dumps(encoded) salt = os.urandom(64) # TODO: get salt length from somewhere else key = self._get_key(salt) iv, ciphertext = encrypt_sym(plaintext, key, method=ENC_METHOD.aes_256_gcm) encrypted = { 'version': self.VERSION, 'kdf': 'scrypt', 'kdf_salt': binascii.b2a_base64(salt), 'kdf_length': len(key), 'cipher': ENC_METHOD.aes_256_gcm, 'length': len(plaintext), 'iv': str(iv), 'secrets': binascii.b2a_base64(ciphertext), } return encrypted
def test_raw_decrypt(benchmark, payload): key = payload(32) iv, ciphertext = _crypto.encrypt_sym(payload(size), key) benchmark(_crypto.decrypt_sym, ciphertext, key, iv)