def test_spec(self):
for version in _versions.keys():
compatibility = version in {1, 3}
path = os.path.dirname(os.path.realpath(os.path.abspath(__file__)))
with open(os.path.join(path, "spec/triplesec_v{}.json".format(version))) as specfile:
vectors = json.load(specfile)
for v in vectors['vectors']:
key = unhex(v['key'])
pt = unhex(v['pt'])
ct = unhex(v['ct'])
rndstream = six.BytesIO(unhex(v['r']))
# Self-consistency
got_self_compat = triplesec.encrypt(pt, key, compatibility=compatibility)
self.assertEqual(pt, triplesec.decrypt(got_self_compat, key, compatibility=compatibility))
# Self-consistency for reverse compatibility
got_self_rev_compat = triplesec.encrypt(pt, key, compatibility=not compatibility)
self.assertEqual(pt, triplesec.decrypt(got_self_rev_compat, key, compatibility=not compatibility))
# Able to decrypt spec
self.assertEqual(pt, triplesec.decrypt(ct, key, compatibility=compatibility))
# Correct encryption with fixed random tape
T = TripleSec(key, rndstream=rndstream)
got = T.encrypt(pt, v=version, compatibility=compatibility)
self.assertEqual(hexlify(got), hexlify(ct))
def test_decrypt_invalid_data(self):
regex = r'does not look like a TripleSec ciphertext'
self.assertRaisesRegexp(TripleSecError, regex,
lambda: triplesec.decrypt(b'foo', b'xxx'))
self.assertRaisesRegexp(
TripleSecError, regex, lambda: triplesec.decrypt(
unhex(b'1c94d7de00000003abcdef'), b'xxx'))
self.assertRaisesRegexp(
TripleSecError, regex,
lambda: triplesec.decrypt(b'12345678901235' * 100, b'xxx'))
def test_missing_key(self):
T = TripleSec()
regex = 'You didn\'t initialize TripleSec with a key'
self.assertRaisesRegexp(TripleSecError, regex, lambda: T.encrypt(b'xxx'))
self.assertRaisesRegexp(TripleSecError, regex, lambda: T.decrypt(b'xxx'))
self.assertRaisesRegexp(TripleSecError, regex, lambda: triplesec.encrypt(b'xxx'))
self.assertRaisesRegexp(TripleSecError, regex, lambda: triplesec.decrypt(b'xxx'))
def test_tampered_data(self):
regex = r'Failed authentication of the data'
c = VECTOR['ciphertext']
c = c[:-2] + six.int2byte(six.indexbytes(c, -2) ^ 25) + six.int2byte(
six.indexbytes(c, -1))
self.assertRaisesRegexp(TripleSecError, regex,
lambda: triplesec.decrypt(c, VECTOR['key']))
def test_zero_length(self):
regex = r'Invalid message length - message cannot be empty'
self.assertRaisesRegexp(TripleSecError, regex,
lambda: triplesec.encrypt(b'', b'xxx'))
regex = r'Invalid key length - key cannot be empty'
self.assertRaisesRegexp(TripleSecError, regex,
lambda: triplesec.encrypt(b'foo', b''))
self.assertRaisesRegexp(TripleSecError, regex,
lambda: triplesec.decrypt(b'foo', b''))
def test_key_type(self):
regex = r'The key needs to be a binary string'
for k in (u'xxx', 12, [12, 13]):
self.assertRaisesRegexp(TripleSecError, regex,
lambda: TripleSec(k))
self.assertRaisesRegexp(TripleSecError, regex,
lambda: triplesec.decrypt(b'foo', k))
self.assertRaisesRegexp(TripleSecError, regex,
lambda: triplesec.encrypt(b'foo', k))
def test_external_vectors(self):
for V in vectors:
if 'disabled' in V: continue
self._test_encrypt(triplesec.encrypt,
V['plaintext'],
V['key'],
debug=True)
self.assertEqual(triplesec.decrypt(V['ciphertext'], V['key']),
V['plaintext'])
def _test_encrypt(self,
encrypt,
plaintext,
key,
pass_key=True,
debug=False):
if pass_key: ciphertext = encrypt(plaintext, key)
else: ciphertext = encrypt(plaintext)
self.assertEqual(plaintext, triplesec.decrypt(ciphertext, key))
if debug:
print("Plaintext: {}\nEncrypted: {}".format(
plaintext, ciphertext.hex()))
def test_key_type(self):
regex = r'The key needs to be a binary string'
for k in (u'xxx', 12, [12, 13]):
self.assertRaisesRegexp(TripleSecError, regex, lambda: TripleSec(k))
self.assertRaisesRegexp(TripleSecError, regex, lambda: triplesec.decrypt(b'foo', k))
self.assertRaisesRegexp(TripleSecError, regex, lambda: triplesec.encrypt(b'foo', k))
def test_shortcuts(self):
self._test_encrypt(triplesec.encrypt, VECTOR['plaintext'], VECTOR['key'])
self.assertEqual(triplesec.decrypt(VECTOR['ciphertext'], VECTOR['key']), VECTOR['plaintext'])
def _test_encrypt(self, encrypt, plaintext, key, pass_key=True):
if pass_key: ciphertext = encrypt(plaintext, key)
else: ciphertext = encrypt(plaintext)
self.assertEqual(plaintext, triplesec.decrypt(ciphertext, key))
def test_zero_length(self):
regex = r'Invalid message length - message cannot be empty'
self.assertRaisesRegexp(TripleSecError, regex, lambda: triplesec.encrypt(b'', b'xxx'))
regex = r'Invalid key length - key cannot be empty'
self.assertRaisesRegexp(TripleSecError, regex, lambda: triplesec.encrypt(b'foo', b''))
self.assertRaisesRegexp(TripleSecError, regex, lambda: triplesec.decrypt(b'foo', b''))
def test_random_encryption(self):
for i in range(500 // 20):
p = triplesec.rndfile.read(i * 20 + 1)
k = triplesec.rndfile.read((i * 20 - 300) % 500 + 1)
c = triplesec.encrypt(p, k)
self.assertEqual(p, triplesec.decrypt(c, k), i)
def test_decrypt_invalid_data(self):
regex = r'does not look like a TripleSec ciphertext'
self.assertRaisesRegexp(TripleSecError, regex, lambda: triplesec.decrypt(b'foo', b'xxx'))
self.assertRaisesRegexp(TripleSecError, regex, lambda: triplesec.decrypt(unhex(b'1c94d7de00000003abcdef'), b'xxx'))
self.assertRaisesRegexp(TripleSecError, regex, lambda: triplesec.decrypt(b'12345678901235'*100, b'xxx'))
def test_external_vectors(self):
for V in vectors:
if 'disabled' in V: continue
self._test_encrypt(triplesec.encrypt, V['plaintext'], V['key'])
self.assertEqual(triplesec.decrypt(V['ciphertext'], V['key']), V['plaintext'])
def test_decrypt_invalid_version(self):
regex = r'Unimplemented version'
self.assertRaisesRegexp(TripleSecError, regex, lambda: triplesec.decrypt(unhex(b'1c94d7de01200000abcdef'), b'xxx'))
def test_tampered_data(self):
regex = r'Failed authentication of the data'
c = VECTOR['ciphertext']
c = c[:-2] + six.int2byte(six.indexbytes(c, -2) ^ 25) + six.int2byte(six.indexbytes(c, -1))
self.assertRaisesRegexp(TripleSecError, regex, lambda: triplesec.decrypt(c, VECTOR['key']))
def decifrar(texto, clave):
texto = b(base64.b64decode(texto))
clave = b(clave.encode('utf8'))
mensaje = triplesec.decrypt(texto, clave)
return mensaje
def decifrar(texto, clave):
texto = b(base64.b64decode(texto))
clave = b(clave.encode('utf8'))
mensaje = triplesec.decrypt(texto, clave)
return mensaje
