def test_decrypt_with_wrong_key_raises(self): key = os.urandom(32) iv, cyphertext = _crypto.encrypt_sym('data', key) self.assertTrue(cyphertext is not None) self.assertTrue(cyphertext != '') self.assertTrue(cyphertext != 'data') wrongkey = os.urandom(32) # 256-bits key # ensure keys are different in case we are extremely lucky while wrongkey == key: wrongkey = os.urandom(32) with pytest.raises(InvalidTag): _crypto.decrypt_sym(cyphertext, wrongkey, iv)
def test_decrypt_with_wrong_key_raises(self): key = os.urandom(32) iv, cyphertext = _crypto.encrypt_sym('data', key) self.assertTrue(cyphertext is not None) self.assertTrue(cyphertext != '') self.assertTrue(cyphertext != 'data') wrongkey = os.urandom(32) # 256-bits key # ensure keys are different in case we are extremely lucky while wrongkey == key: wrongkey = os.urandom(32) with pytest.raises(InvalidTag): _crypto.decrypt_sym(cyphertext, wrongkey, iv)
def test_decrypt_with_wrong_iv_raises(self): key = os.urandom(32) iv, cyphertext = _crypto.encrypt_sym('data', key) self.assertTrue(cyphertext is not None) self.assertTrue(cyphertext != '') self.assertTrue(cyphertext != 'data') # get a different iv by changing the first byte rawiv = binascii.a2b_base64(iv) wrongiv = rawiv while wrongiv == rawiv: wrongiv = os.urandom(1) + rawiv[1:] with pytest.raises(InvalidTag): _crypto.decrypt_sym( cyphertext, key, iv=binascii.b2a_base64(wrongiv))
def test_decrypt_with_wrong_iv_raises(self): key = os.urandom(32) iv, cyphertext = _crypto.encrypt_sym('data', key) self.assertTrue(cyphertext is not None) self.assertTrue(cyphertext != '') self.assertTrue(cyphertext != 'data') # get a different iv by changing the first byte rawiv = binascii.a2b_base64(iv) wrongiv = rawiv while wrongiv == rawiv: wrongiv = os.urandom(1) + rawiv[1:] with pytest.raises(InvalidTag): _crypto.decrypt_sym(cyphertext, key, iv=binascii.b2a_base64(wrongiv))
def _decrypt(self, key, iv, ciphertext, encrypted, method): # assert some properties of the stored secret soledad_assert(encrypted['kdf'] == 'scrypt') soledad_assert(encrypted['kdf_length'] == len(key)) # decrypt plaintext = decrypt_sym(ciphertext, key, iv, method) soledad_assert(encrypted['length'] == len(plaintext)) return plaintext
def _decrypt(self, key, iv, ciphertext, encrypted, method): # assert some properties of the stored secret soledad_assert(encrypted['kdf'] == 'scrypt') soledad_assert(encrypted['kdf_length'] == len(key)) # decrypt plaintext = decrypt_sym(ciphertext, key, iv, method) soledad_assert(encrypted['length'] == len(plaintext)) return plaintext
def test_encrypt_decrypt_sym(self): # generate 256-bit key key = os.urandom(32) iv, cyphertext = _crypto.encrypt_sym('data', key) self.assertTrue(cyphertext is not None) self.assertTrue(cyphertext != '') self.assertTrue(cyphertext != 'data') plaintext = _crypto.decrypt_sym(cyphertext, key, iv) self.assertEqual('data', plaintext)
def test_encrypt_decrypt_sym(self): # generate 256-bit key key = os.urandom(32) iv, cyphertext = _crypto.encrypt_sym('data', key) self.assertTrue(cyphertext is not None) self.assertTrue(cyphertext != '') self.assertTrue(cyphertext != 'data') plaintext = _crypto.decrypt_sym(cyphertext, key, iv) self.assertEqual('data', plaintext)