def test_read_bytes_from_non_framed_finalize(self): ct_stream = io.BytesIO(VALUES["data_128"]) test_decryptor = StreamDecryptor( materials_manager=self.mock_materials_manager, source=ct_stream, commitment_policy=self.mock_commitment_policy, ) test_decryptor.body_length = len(VALUES["data_128"]) test_decryptor.decryptor = self.mock_decryptor_instance test_decryptor.verifier = MagicMock() test_decryptor._header = self.mock_header test_decryptor._derived_data_key = sentinel.derived_data_key test_decryptor._unframed_body_iv = sentinel.unframed_body_iv self.mock_decryptor_instance.update.return_value = b"1234" self.mock_decryptor_instance.finalize.return_value = b"5678" test = test_decryptor._read_bytes_from_non_framed_body( len(VALUES["data_128"]) + 1) test_decryptor.verifier.update.assert_called_once_with( VALUES["data_128"]) self.mock_decryptor_instance.update.assert_called_once_with( VALUES["data_128"]) self.mock_deserialize_footer.assert_called_once_with( stream=test_decryptor.source_stream, verifier=test_decryptor.verifier) assert test == b"12345678"
def test_read_bytes_from_framed_body_single_frame(self): ct_stream = io.BytesIO(VALUES['data_128']) test_decryptor = StreamDecryptor( key_provider=self.mock_key_provider, source=ct_stream ) test_decryptor.verifier = MagicMock() test_decryptor.data_key = MagicMock() test_decryptor._header = self.mock_header frame_data = MagicMock() frame_data.sequence_number = 1 frame_data.final_frame = False frame_data.ciphertext = b'asdfzxcv' self.mock_deserialize_frame.return_value = (frame_data, False) self.mock_get_aad_content_string.return_value = sentinel.aad_content_string self.mock_assemble_content_aad.return_value = sentinel.associated_data self.mock_decrypt.return_value = b'1234' test = test_decryptor._read_bytes_from_framed_body(4) self.mock_deserialize_frame.assert_called_once_with( stream=test_decryptor.source_stream, header=test_decryptor._header, verifier=test_decryptor.verifier ) assert not self.mock_deserialize_footer.called assert not test_decryptor.source_stream.closed assert test == b'1234'
def test_read_bytes_from_framed_body_single_frame(self): ct_stream = io.BytesIO(VALUES["data_128"]) test_decryptor = StreamDecryptor( materials_manager=self.mock_materials_manager, source=ct_stream, commitment_policy=self.mock_commitment_policy, ) test_decryptor.verifier = MagicMock() test_decryptor.data_key = MagicMock() test_decryptor._header = self.mock_header test_decryptor._derived_data_key = sentinel.derived_data_key frame_data = MagicMock() frame_data.sequence_number = 1 frame_data.final_frame = False frame_data.ciphertext = b"asdfzxcv" self.mock_deserialize_frame.return_value = (frame_data, False) self.mock_get_aad_content_string.return_value = sentinel.aad_content_string self.mock_assemble_content_aad.return_value = sentinel.associated_data self.mock_decrypt.return_value = b"1234" test = test_decryptor._read_bytes_from_framed_body(4) self.mock_deserialize_frame.assert_called_once_with( stream=test_decryptor.source_stream, header=test_decryptor._header, verifier=test_decryptor.verifier) assert not self.mock_deserialize_footer.called assert test == b"1234"
def test_prep_non_framed(self): test_decryptor = StreamDecryptor(key_provider=self.mock_key_provider, source=self.mock_input_stream) test_decryptor._header = self.mock_header test_decryptor.verifier = sentinel.verifier test_decryptor._derived_data_key = sentinel.derived_data_key test_decryptor._prep_non_framed() self.mock_deserialize_non_framed_values.assert_called_once_with( stream=self.mock_input_stream, header=self.mock_header, verifier=sentinel.verifier) assert test_decryptor.body_length == len(VALUES['data_128']) self.mock_get_aad_content_string.assert_called_once_with( content_type=self.mock_header.content_type, is_final_frame=True) self.mock_assemble_content_aad.assert_called_once_with( message_id=self.mock_header.message_id, aad_content_string=sentinel.aad_content_string, seq_num=1, length=len(VALUES['data_128'])) self.mock_decryptor.assert_called_once_with( algorithm=self.mock_header.algorithm, key=sentinel.derived_data_key, associated_data=sentinel.associated_data, iv=sentinel.iv, tag=sentinel.tag) assert test_decryptor.decryptor is self.mock_decryptor_instance assert test_decryptor.body_start == 0 assert test_decryptor.body_end == len(VALUES['data_128'])
def test_read_bytes_from_non_framed_finalize(self): ct_stream = io.BytesIO(VALUES['data_128']) test_decryptor = StreamDecryptor( key_provider=self.mock_key_provider, source=ct_stream ) test_decryptor.body_start = 0 test_decryptor.body_length = test_decryptor.body_end = len(VALUES['data_128']) test_decryptor.decryptor = self.mock_decryptor_instance test_decryptor.verifier = MagicMock() test_decryptor._header = self.mock_header self.mock_decryptor_instance.update.return_value = b'1234' self.mock_decryptor_instance.finalize.return_value = b'5678' test = test_decryptor._read_bytes_from_non_framed_body(len(VALUES['data_128']) + 1) test_decryptor.verifier.update.assert_called_once_with(VALUES['data_128']) self.mock_decryptor_instance.update.assert_called_once_with(VALUES['data_128']) self.mock_update_verifier_with_tag.assert_called_once_with( stream=test_decryptor.source_stream, header=test_decryptor._header, verifier=test_decryptor.verifier ) self.mock_deserialize_footer.assert_called_once_with( stream=test_decryptor.source_stream, verifier=test_decryptor.verifier ) assert test_decryptor.source_stream.closed assert test == b'12345678'
def test_read_bytes_unknown(self, mock_read_frame, mock_read_block): ct_stream = io.BytesIO(VALUES["data_128"]) test_decryptor = StreamDecryptor(key_provider=self.mock_key_provider, source=ct_stream) test_decryptor._header = MagicMock() test_decryptor._header.content_type = None with pytest.raises(NotSupportedError) as excinfo: test_decryptor._read_bytes(5) excinfo.match("Unsupported content type")
def test_read_bytes_non_framed(self, mock_read_frame, mock_read_block): ct_stream = io.BytesIO(VALUES["data_128"]) test_decryptor = StreamDecryptor(key_provider=self.mock_key_provider, source=ct_stream) test_decryptor._header = MagicMock() test_decryptor._header.content_type = ContentType.NO_FRAMING test_decryptor._read_bytes(5) mock_read_block.assert_called_once_with(5) assert not mock_read_frame.called
def test_read_bytes_from_non_framed_message_body_too_small(self): ct_stream = io.BytesIO(VALUES["data_128"]) test_decryptor = StreamDecryptor(key_provider=self.mock_key_provider, source=ct_stream) test_decryptor.body_length = len(VALUES["data_128"] * 2) test_decryptor._header = self.mock_header with pytest.raises(SerializationError) as excinfo: test_decryptor._read_bytes_from_non_framed_body(1) excinfo.match("Total message body contents less than specified in body description")
def test_read_bytes_unknown(self, mock_read_frame, mock_read_block): ct_stream = io.BytesIO(VALUES['data_128']) test_decryptor = StreamDecryptor(key_provider=self.mock_key_provider, source=ct_stream) test_decryptor._header = MagicMock() test_decryptor._header.content_type = None with six.assertRaisesRegex(self, NotSupportedError, 'Unsupported content type'): test_decryptor._read_bytes(5)
def test_read_bytes_from_non_framed_no_verifier(self): ct_stream = io.BytesIO(VALUES["data_128"]) test_decryptor = StreamDecryptor(key_provider=self.mock_key_provider, source=ct_stream) test_decryptor.body_length = len(VALUES["data_128"]) test_decryptor.decryptor = self.mock_decryptor_instance test_decryptor._header = self.mock_header test_decryptor._derived_data_key = sentinel.derived_data_key test_decryptor._unframed_body_iv = sentinel.unframed_body_iv test_decryptor.verifier = None self.mock_decryptor_instance.update.return_value = b"1234" test_decryptor._read_bytes_from_non_framed_body(5)
def test_read_bytes_from_non_framed_no_verifier(self): ct_stream = io.BytesIO(VALUES['data_128']) test_decryptor = StreamDecryptor(key_provider=self.mock_key_provider, source=ct_stream) test_decryptor.body_start = 0 test_decryptor.body_length = test_decryptor.body_end = len( VALUES['data_128']) test_decryptor.decryptor = self.mock_decryptor_instance test_decryptor._header = self.mock_header test_decryptor.verifier = None self.mock_decryptor_instance.update.return_value = b'1234' test_decryptor._read_bytes_from_non_framed_body(5)
def test_read_bytes_non_framed(self, mock_read_frame, mock_read_block): ct_stream = io.BytesIO(VALUES["data_128"]) test_decryptor = StreamDecryptor( materials_manager=self.mock_materials_manager, source=ct_stream, commitment_policy=self.mock_commitment_policy, ) test_decryptor._header = MagicMock() test_decryptor._header.content_type = ContentType.NO_FRAMING test_decryptor._read_bytes(5) mock_read_block.assert_called_once_with(5) assert not mock_read_frame.called
def test_read_bytes_from_non_framed_message_body_too_small(self): ct_stream = io.BytesIO(VALUES['data_128']) test_decryptor = StreamDecryptor(key_provider=self.mock_key_provider, source=ct_stream) test_decryptor.body_start = 0 test_decryptor.body_length = test_decryptor.body_end = len( VALUES['data_128'] * 2) test_decryptor._header = self.mock_header with six.assertRaisesRegex( self, SerializationError, 'Total message body contents less than specified in body description' ): test_decryptor._read_bytes_from_non_framed_body(1)
def test_read_bytes_from_framed_body_bad_sequence_number(self): ct_stream = io.BytesIO(VALUES["data_128"]) test_decryptor = StreamDecryptor(key_provider=self.mock_key_provider, source=ct_stream) test_decryptor.verifier = MagicMock() test_decryptor._header = self.mock_header frame_data = MagicMock() frame_data.sequence_number = 5 frame_data.final_frame = False frame_data.ciphertext = b"asdfzxcv" self.mock_deserialize_frame.return_value = (frame_data, False) with pytest.raises(SerializationError) as excinfo: test_decryptor._read_bytes_from_framed_body(4) excinfo.match("Malformed message: frames out of order")
def test_read_bytes_from_framed_body_bad_sequence_number(self): ct_stream = io.BytesIO(VALUES['data_128']) test_decryptor = StreamDecryptor(key_provider=self.mock_key_provider, source=ct_stream) test_decryptor.verifier = MagicMock() test_decryptor._header = self.mock_header frame_data = MagicMock() frame_data.sequence_number = 5 frame_data.final_frame = False frame_data.ciphertext = b'asdfzxcv' self.mock_deserialize_frame.return_value = (frame_data, False) with six.assertRaisesRegex(self, SerializationError, 'Malformed message: frames out of order'): test_decryptor._read_bytes_from_framed_body(4)
def test_prep_non_framed(self): test_decryptor = StreamDecryptor(key_provider=self.mock_key_provider, source=self.mock_input_stream) test_decryptor._header = self.mock_header test_decryptor.verifier = sentinel.verifier test_decryptor._derived_data_key = sentinel.derived_data_key test_decryptor._prep_non_framed() self.mock_deserialize_non_framed_values.assert_called_once_with( stream=test_decryptor.source_stream, header=self.mock_header, verifier=sentinel.verifier ) assert test_decryptor.body_length == len(VALUES["data_128"]) assert test_decryptor._body_start == self.mock_header.algorithm.iv_len + 8 assert test_decryptor._body_end == self.mock_header.algorithm.iv_len + 8 + len(VALUES["data_128"])
def test_prep_non_framed_content_length_too_large(self): self.mock_header.content_type = ContentType.NO_FRAMING self.mock_header.frame_length = 1024 test_decryptor = StreamDecryptor( key_provider=self.mock_key_provider, source=self.mock_input_stream, max_body_length=len(VALUES['data_128']) // 2) test_decryptor._header = self.mock_header test_decryptor.verifier = sentinel.verifier mock_data_key = MagicMock() test_decryptor.data_key = mock_data_key with six.assertRaisesRegex( self, CustomMaximumValueExceeded, 'Non-framed message content length found larger than custom value: {found} > {custom}' .format(found=len(VALUES['data_128']), custom=len(VALUES['data_128']) // 2)): test_decryptor._prep_non_framed()
def test_prep_non_framed_content_length_too_large(self): self.mock_header.content_type = ContentType.NO_FRAMING self.mock_header.frame_length = 1024 test_decryptor = StreamDecryptor( key_provider=self.mock_key_provider, source=self.mock_input_stream, max_body_length=len(VALUES["data_128"]) // 2, ) test_decryptor._header = self.mock_header test_decryptor.verifier = sentinel.verifier mock_data_key = MagicMock() test_decryptor.data_key = mock_data_key with pytest.raises(CustomMaximumValueExceeded) as excinfo: test_decryptor._prep_non_framed() excinfo.match( "Non-framed message content length found larger than custom value: {found} > {custom}" .format(found=len(VALUES["data_128"]), custom=len(VALUES["data_128"]) // 2))
def test_read_bytes_from_non_framed(self): ct_stream = io.BytesIO(VALUES["data_128"]) test_decryptor = StreamDecryptor( materials_manager=self.mock_materials_manager, source=ct_stream, commitment_policy=self.mock_commitment_policy, ) test_decryptor.body_length = len(VALUES["data_128"]) test_decryptor.decryptor = self.mock_decryptor_instance test_decryptor._header = self.mock_header test_decryptor.verifier = MagicMock() test_decryptor._derived_data_key = sentinel.derived_data_key test_decryptor._unframed_body_iv = sentinel.unframed_body_iv self.mock_decryptor_instance.update.return_value = b"1234" self.mock_decryptor_instance.finalize.return_value = b"5678" test = test_decryptor._read_bytes_from_non_framed_body(5) self.mock_deserialize_tag.assert_called_once_with( stream=test_decryptor.source_stream, header=test_decryptor._header, verifier=test_decryptor.verifier) self.mock_get_aad_content_string.assert_called_once_with( content_type=self.mock_header.content_type, is_final_frame=True) self.mock_assemble_content_aad.assert_called_once_with( message_id=self.mock_header.message_id, aad_content_string=sentinel.aad_content_string, seq_num=1, length=len(VALUES["data_128"]), ) self.mock_decryptor.assert_called_once_with( algorithm=self.mock_header.algorithm, key=sentinel.derived_data_key, associated_data=sentinel.associated_data, iv=sentinel.unframed_body_iv, tag=sentinel.tag, ) assert test_decryptor.decryptor is self.mock_decryptor_instance test_decryptor.verifier.update.assert_called_once_with( VALUES["data_128"]) self.mock_decryptor_instance.update.assert_called_once_with( VALUES["data_128"]) assert test == b"12345678"
def test_read_bytes_from_framed_body_multi_frame_finalize(self): ct_stream = io.BytesIO(VALUES["data_128"]) test_decryptor = StreamDecryptor( materials_manager=self.mock_materials_manager, source=ct_stream, commitment_policy=self.mock_commitment_policy, ) test_decryptor.verifier = MagicMock() test_decryptor.data_key = MagicMock() test_decryptor._header = self.mock_header test_decryptor._derived_data_key = sentinel.derived_data_key frame_data_1 = MagicMock() frame_data_1.sequence_number = 1 frame_data_1.final_frame = False frame_data_1.ciphertext = b"qwer" frame_data_2 = MagicMock() frame_data_2.sequence_number = 2 frame_data_2.final_frame = False frame_data_2.ciphertext = b"asdfg" frame_data_3 = MagicMock() frame_data_3.sequence_number = 3 frame_data_3.final_frame = False frame_data_3.ciphertext = b"zxcvbn" frame_data_4 = MagicMock() frame_data_4.sequence_number = 4 frame_data_4.final_frame = True frame_data_4.ciphertext = b"yuiohjk" self.mock_deserialize_frame.side_effect = ( (frame_data_1, False), (frame_data_2, False), (frame_data_3, False), (frame_data_4, True), ) self.mock_get_aad_content_string.side_effect = ( sentinel.aad_content_string_1, sentinel.aad_content_string_2, sentinel.aad_content_string_3, sentinel.aad_content_string_4, ) self.mock_assemble_content_aad.side_effect = ( sentinel.associated_data_1, sentinel.associated_data_2, sentinel.associated_data_3, sentinel.associated_data_4, ) self.mock_decrypt.side_effect = (b"123", b"456", b"789", b"0-=") test = test_decryptor._read_bytes_from_framed_body(12) self.mock_deserialize_frame.assert_has_calls( calls=( call(stream=test_decryptor.source_stream, header=test_decryptor._header, verifier=test_decryptor.verifier), call(stream=test_decryptor.source_stream, header=test_decryptor._header, verifier=test_decryptor.verifier), call(stream=test_decryptor.source_stream, header=test_decryptor._header, verifier=test_decryptor.verifier), call(stream=test_decryptor.source_stream, header=test_decryptor._header, verifier=test_decryptor.verifier), ), any_order=False, ) self.mock_get_aad_content_string.assert_has_calls( calls=( call(content_type=test_decryptor._header.content_type, is_final_frame=False), call(content_type=test_decryptor._header.content_type, is_final_frame=False), call(content_type=test_decryptor._header.content_type, is_final_frame=False), call(content_type=test_decryptor._header.content_type, is_final_frame=True), ), any_order=False, ) self.mock_assemble_content_aad.assert_has_calls( calls=( call( message_id=test_decryptor._header.message_id, aad_content_string=sentinel.aad_content_string_1, seq_num=1, length=4, ), call( message_id=test_decryptor._header.message_id, aad_content_string=sentinel.aad_content_string_2, seq_num=2, length=5, ), call( message_id=test_decryptor._header.message_id, aad_content_string=sentinel.aad_content_string_3, seq_num=3, length=6, ), call( message_id=test_decryptor._header.message_id, aad_content_string=sentinel.aad_content_string_4, seq_num=4, length=7, ), ), any_order=False, ) self.mock_decrypt.assert_has_calls( calls=( call( algorithm=test_decryptor._header.algorithm, key=sentinel.derived_data_key, encrypted_data=frame_data_1, associated_data=sentinel.associated_data_1, ), call( algorithm=test_decryptor._header.algorithm, key=sentinel.derived_data_key, encrypted_data=frame_data_2, associated_data=sentinel.associated_data_2, ), call( algorithm=test_decryptor._header.algorithm, key=sentinel.derived_data_key, encrypted_data=frame_data_3, associated_data=sentinel.associated_data_3, ), call( algorithm=test_decryptor._header.algorithm, key=sentinel.derived_data_key, encrypted_data=frame_data_4, associated_data=sentinel.associated_data_4, ), ), any_order=False, ) self.mock_deserialize_footer.assert_called_once_with( stream=test_decryptor.source_stream, verifier=test_decryptor.verifier) assert test == b"1234567890-="
def test_read_bytes_from_framed_body_multi_frame_finalize(self): ct_stream = io.BytesIO(VALUES['data_128']) test_decryptor = StreamDecryptor( key_provider=self.mock_key_provider, source=ct_stream ) test_decryptor.verifier = MagicMock() test_decryptor.data_key = MagicMock() test_decryptor._header = self.mock_header frame_data_1 = MagicMock() frame_data_1.sequence_number = 1 frame_data_1.final_frame = False frame_data_1.ciphertext = b'qwer' frame_data_2 = MagicMock() frame_data_2.sequence_number = 2 frame_data_2.final_frame = False frame_data_2.ciphertext = b'asdfg' frame_data_3 = MagicMock() frame_data_3.sequence_number = 3 frame_data_3.final_frame = False frame_data_3.ciphertext = b'zxcvbn' frame_data_4 = MagicMock() frame_data_4.sequence_number = 4 frame_data_4.final_frame = True frame_data_4.ciphertext = b'yuiohjk' self.mock_deserialize_frame.side_effect = ( (frame_data_1, False), (frame_data_2, False), (frame_data_3, False), (frame_data_4, True) ) self.mock_get_aad_content_string.side_effect = ( sentinel.aad_content_string_1, sentinel.aad_content_string_2, sentinel.aad_content_string_3, sentinel.aad_content_string_4 ) self.mock_assemble_content_aad.side_effect = ( sentinel.associated_data_1, sentinel.associated_data_2, sentinel.associated_data_3, sentinel.associated_data_4 ) self.mock_decrypt.side_effect = ( b'123', b'456', b'789', b'0-=' ) test = test_decryptor._read_bytes_from_framed_body(12) self.mock_deserialize_frame.assert_has_calls( calls=( call( stream=test_decryptor.source_stream, header=test_decryptor._header, verifier=test_decryptor.verifier ), call( stream=test_decryptor.source_stream, header=test_decryptor._header, verifier=test_decryptor.verifier ), call( stream=test_decryptor.source_stream, header=test_decryptor._header, verifier=test_decryptor.verifier ), call( stream=test_decryptor.source_stream, header=test_decryptor._header, verifier=test_decryptor.verifier ) ), any_order=False ) self.mock_get_aad_content_string.assert_has_calls( calls=( call(content_type=test_decryptor._header.content_type, is_final_frame=False), call(content_type=test_decryptor._header.content_type, is_final_frame=False), call(content_type=test_decryptor._header.content_type, is_final_frame=False), call(content_type=test_decryptor._header.content_type, is_final_frame=True) ), any_order=False ) self.mock_assemble_content_aad.assert_has_calls( calls=( call( message_id=test_decryptor._header.message_id, aad_content_string=sentinel.aad_content_string_1, seq_num=1, length=4 ), call( message_id=test_decryptor._header.message_id, aad_content_string=sentinel.aad_content_string_2, seq_num=2, length=5 ), call( message_id=test_decryptor._header.message_id, aad_content_string=sentinel.aad_content_string_3, seq_num=3, length=6 ), call( message_id=test_decryptor._header.message_id, aad_content_string=sentinel.aad_content_string_4, seq_num=4, length=7 ) ), any_order=False ) self.mock_decrypt.assert_has_calls( calls=( call( algorithm=test_decryptor._header.algorithm, key=test_decryptor.data_key.data_key, encrypted_data=frame_data_1, associated_data=sentinel.associated_data_1, message_id=test_decryptor._header.message_id ), call( algorithm=test_decryptor._header.algorithm, key=test_decryptor.data_key.data_key, encrypted_data=frame_data_2, associated_data=sentinel.associated_data_2, message_id=test_decryptor._header.message_id ), call( algorithm=test_decryptor._header.algorithm, key=test_decryptor.data_key.data_key, encrypted_data=frame_data_3, associated_data=sentinel.associated_data_3, message_id=test_decryptor._header.message_id ), call( algorithm=test_decryptor._header.algorithm, key=test_decryptor.data_key.data_key, encrypted_data=frame_data_4, associated_data=sentinel.associated_data_4, message_id=test_decryptor._header.message_id ) ), any_order=False ) self.mock_deserialize_footer.assert_called_once_with( stream=test_decryptor.source_stream, verifier=test_decryptor.verifier ) assert test_decryptor.source_stream.closed assert test == b'1234567890-='