def test_encrypt_decrypt_chunk():
enckey, signkey = blobxfer.generate_aes256_keys()
assert len(enckey) == blobxfer._AES256_KEYLENGTH_BYTES
assert len(signkey) == blobxfer._AES256_KEYLENGTH_BYTES
# test random binary data, unaligned
iv = os.urandom(16)
plaindata = os.urandom(31)
encdata = blobxfer.encrypt_chunk(
enckey, signkey, plaindata, blobxfer._ENCRYPTION_MODE_CHUNKEDBLOB,
pad=True)
assert encdata != plaindata
decdata = blobxfer.decrypt_chunk(
enckey, signkey, encdata, blobxfer._ENCRYPTION_MODE_CHUNKEDBLOB,
unpad=True)
assert decdata == plaindata
with pytest.raises(RuntimeError):
badsig = base64.b64encode(b'0')
blobxfer.decrypt_chunk(
enckey, badsig, encdata, blobxfer._ENCRYPTION_MODE_CHUNKEDBLOB,
unpad=True)
encdata = blobxfer.encrypt_chunk(
enckey, signkey, plaindata, blobxfer._ENCRYPTION_MODE_FULLBLOB,
iv=iv, pad=True)
decdata = blobxfer.decrypt_chunk(
enckey, signkey, encdata, blobxfer._ENCRYPTION_MODE_FULLBLOB,
iv=iv, unpad=True)
assert decdata == plaindata
# test random binary data aligned on boundary
plaindata = os.urandom(32)
encdata = blobxfer.encrypt_chunk(
enckey, signkey, plaindata, blobxfer._ENCRYPTION_MODE_FULLBLOB,
iv=iv, pad=True)
assert encdata != plaindata
decdata = blobxfer.decrypt_chunk(
enckey, signkey, encdata, blobxfer._ENCRYPTION_MODE_FULLBLOB,
iv=iv, unpad=True)
assert decdata == plaindata
# test text data
plaindata = b'attack at dawn!'
encdata = blobxfer.encrypt_chunk(
enckey, signkey, plaindata, blobxfer._ENCRYPTION_MODE_FULLBLOB,
iv, pad=True)
assert encdata != plaindata
decdata = blobxfer.decrypt_chunk(
enckey, signkey, encdata, blobxfer._ENCRYPTION_MODE_FULLBLOB,
iv, unpad=True)
assert decdata == plaindata
def test_generate_xferspec_download(tmpdir):
lpath = str(tmpdir.join('test.tmp'))
args = MagicMock()
args.rsakey = None
args.storageaccount = 'blobep'
args.container = 'container'
args.storageaccountkey = 'saskey'
args.chunksizebytes = 5
args.timeout = None
sa_in_queue = queue.PriorityQueue()
session = requests.Session()
adapter = requests_mock.Adapter()
session.mount('mock', adapter)
with requests_mock.mock() as m:
m.head('mock://blobepcontainer/blob?saskey', headers={
'content-length': '-1', 'content-md5': 'md5'})
sbs = blobxfer.SasBlobService('mock://blobep', 'saskey', None)
with pytest.raises(ValueError):
blobxfer.generate_xferspec_download(
sbs, args, sa_in_queue, lpath, 'blob', True,
[None, None, None])
assert sa_in_queue.qsize() == 0
m.head('mock://blobepcontainer/blob?saskey', headers={
'content-length': '6', 'content-md5': 'md5'})
cl, nsops, md5, fd = blobxfer.generate_xferspec_download(
sbs, args, sa_in_queue, lpath, 'blob', True, [None, None, None])
assert sa_in_queue.qsize() == 2
assert 2 == nsops
assert 6 == cl
assert 2 == nsops
assert 'md5' == md5
assert fd is not None
fd.close()
cl, nsops, md5, fd = blobxfer.generate_xferspec_download(
sbs, args, sa_in_queue, lpath, 'blob', False, [None, None, None])
assert 2 == nsops
assert fd is None
assert sa_in_queue.qsize() == 4
with open(lpath, 'wt') as f:
f.write('012345')
m.head('mock://blobepcontainer/blob?saskey', headers={
'content-length': '6', 'content-md5': '1qmpM8iq/FHlWsBmK25NSg=='})
cl, nsops, md5, fd = blobxfer.generate_xferspec_download(
sbs, args, sa_in_queue, lpath, 'blob', True, [None, None, None])
assert nsops is None
assert cl is None
assert sa_in_queue.qsize() == 4
sa_in_queue = queue.PriorityQueue()
args.rsaprivatekey = _RSAKEY
args.rsapublickey = None
symkey, signkey = blobxfer.generate_aes256_keys()
args.encmode = blobxfer._ENCRYPTION_MODE_CHUNKEDBLOB
metajson = blobxfer.EncryptionMetadataJson(
args, symkey, signkey, iv=b'0', encdata_signature=b'0',
preencrypted_md5=None)
encmeta = metajson.construct_metadata_json()
goodencjson = json.loads(encmeta[blobxfer._ENCRYPTION_METADATA_NAME])
goodauthjson = json.loads(
encmeta[blobxfer._ENCRYPTION_METADATA_AUTH_NAME])
metajson2 = blobxfer.EncryptionMetadataJson(
args, None, None, None, None, None)
metajson2.parse_metadata_json(
'blob', args.rsaprivatekey, args.rsapublickey, encmeta)
assert metajson2.symkey == symkey
assert metajson2.signkey == signkey
assert metajson2.encmode == args.encmode
assert metajson2.chunksizebytes == args.chunksizebytes + \
blobxfer._AES256CBC_HMACSHA256_OVERHEAD_BYTES + 1
encjson = json.loads(encmeta[blobxfer._ENCRYPTION_METADATA_NAME])
encjson[blobxfer._ENCRYPTION_METADATA_LAYOUT][
blobxfer._ENCRYPTION_METADATA_CHUNKSTRUCTURE] = 'X'
headers = {
'content-length': '64',
'content-md5': 'md5',
'x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_NAME:
json.dumps(encjson),
'x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_AUTH_NAME:
json.dumps(goodauthjson),
}
m.head('mock://blobepcontainer/blob?saskey', headers=headers)
with pytest.raises(RuntimeError):
blobxfer.generate_xferspec_download(
sbs, args, sa_in_queue, lpath, 'blob', False,
[None, None, None])
# switch to full blob mode tests
args.encmode = blobxfer._ENCRYPTION_MODE_FULLBLOB
metajson = blobxfer.EncryptionMetadataJson(
args, symkey, signkey, iv=b'0', encdata_signature=b'0',
preencrypted_md5=None)
encmeta = metajson.construct_metadata_json()
goodencjson = json.loads(encmeta[blobxfer._ENCRYPTION_METADATA_NAME])
goodauthjson = json.loads(
encmeta[blobxfer._ENCRYPTION_METADATA_AUTH_NAME])
headers['x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_NAME] = \
json.dumps(goodencjson)
headers['x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_AUTH_NAME] = \
json.dumps(goodauthjson)
encjson = copy.deepcopy(goodencjson)
encjson[blobxfer._ENCRYPTION_METADATA_AGENT][
blobxfer._ENCRYPTION_METADATA_PROTOCOL] = 'X'
headers['x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_NAME] = \
json.dumps(encjson)
m.head('mock://blobepcontainer/blob?saskey', headers=headers)
with pytest.raises(RuntimeError):
blobxfer.generate_xferspec_download(
sbs, args, sa_in_queue, lpath, 'blob', False,
[None, None, None])
encjson = copy.deepcopy(goodencjson)
encjson[blobxfer._ENCRYPTION_METADATA_AGENT][
blobxfer._ENCRYPTION_METADATA_ENCRYPTION_ALGORITHM] = 'X'
headers['x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_NAME] = \
json.dumps(encjson)
m.head('mock://blobepcontainer/blob?saskey', headers=headers)
with pytest.raises(RuntimeError):
blobxfer.generate_xferspec_download(
sbs, args, sa_in_queue, lpath, 'blob', False,
[None, None, None])
encjson = copy.deepcopy(goodencjson)
encjson[blobxfer._ENCRYPTION_METADATA_INTEGRITY_AUTH][
blobxfer._ENCRYPTION_METADATA_ALGORITHM] = 'X'
headers['x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_NAME] = \
json.dumps(encjson)
m.head('mock://blobepcontainer/blob?saskey', headers=headers)
with pytest.raises(RuntimeError):
blobxfer.generate_xferspec_download(
sbs, args, sa_in_queue, lpath, 'blob', False,
[None, None, None])
encjson = copy.deepcopy(goodencjson)
encjson[blobxfer._ENCRYPTION_METADATA_WRAPPEDCONTENTKEY][
blobxfer._ENCRYPTION_METADATA_ALGORITHM] = 'X'
headers['x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_NAME] = \
json.dumps(encjson)
m.head('mock://blobepcontainer/blob?saskey', headers=headers)
with pytest.raises(RuntimeError):
blobxfer.generate_xferspec_download(
sbs, args, sa_in_queue, lpath, 'blob', False,
[None, None, None])
authjson = copy.deepcopy(goodauthjson)
authjson.pop(blobxfer._ENCRYPTION_METADATA_AUTH_METAAUTH, None)
headers['x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_NAME] = \
json.dumps(goodencjson)
headers['x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_AUTH_NAME] = \
json.dumps(authjson)
m.head('mock://blobepcontainer/blob?saskey', headers=headers)
with pytest.raises(RuntimeError):
blobxfer.generate_xferspec_download(
sbs, args, sa_in_queue, lpath, 'blob', False,
[None, None, None])
authjson = copy.deepcopy(goodauthjson)
authjson[blobxfer._ENCRYPTION_METADATA_AUTH_METAAUTH].pop(
blobxfer._ENCRYPTION_METADATA_AUTH_ENCODING, None)
headers['x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_NAME] = \
json.dumps(goodencjson)
headers['x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_AUTH_NAME] = \
json.dumps(authjson)
m.head('mock://blobepcontainer/blob?saskey', headers=headers)
with pytest.raises(RuntimeError):
blobxfer.generate_xferspec_download(
sbs, args, sa_in_queue, lpath, 'blob', False,
[None, None, None])
authjson = copy.deepcopy(goodauthjson)
authjson[blobxfer._ENCRYPTION_METADATA_AUTH_METAAUTH][
blobxfer._ENCRYPTION_METADATA_ALGORITHM] = 'X'
headers['x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_NAME] = \
json.dumps(goodencjson)
headers['x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_AUTH_NAME] = \
json.dumps(authjson)
m.head('mock://blobepcontainer/blob?saskey', headers=headers)
with pytest.raises(RuntimeError):
blobxfer.generate_xferspec_download(
sbs, args, sa_in_queue, lpath, 'blob', False,
[None, None, None])
authjson = copy.deepcopy(goodauthjson)
authjson[blobxfer._ENCRYPTION_METADATA_AUTH_METAAUTH][
blobxfer._ENCRYPTION_METADATA_MAC] = blobxfer.base64encode(b'X')
headers['x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_NAME] = \
json.dumps(goodencjson)
headers['x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_AUTH_NAME] = \
json.dumps(authjson)
m.head('mock://blobepcontainer/blob?saskey', headers=headers)
with pytest.raises(RuntimeError):
blobxfer.generate_xferspec_download(
sbs, args, sa_in_queue, lpath, 'blob', False,
[None, None, None])
args.chunksizebytes = 5
metajson.chunksizebytes = args.chunksizebytes
metajson.md5 = headers['content-md5']
args.encmode = blobxfer._ENCRYPTION_MODE_FULLBLOB
encjson = copy.deepcopy(goodencjson)
headers['x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_NAME] = \
json.dumps(encjson)
headers['x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_AUTH_NAME] = \
json.dumps(goodauthjson)
hcl = int(headers['content-length'])
cl, nsops, md5, fd = blobxfer.generate_xferspec_download(
sbs, args, sa_in_queue, lpath, 'blob', False,
[hcl, headers['content-md5'], metajson])
assert hcl == cl
calcops = hcl // args.chunksizebytes
hclmod = hcl % args.chunksizebytes
if hclmod > 0:
calcops += 1
assert calcops == nsops
assert headers['content-md5'] == md5
assert fd is None
assert sa_in_queue.qsize() == nsops
data = sa_in_queue.get()
assert data is not None
def test_generate_xferspec_download(tmpdir):
lpath = str(tmpdir.join('test.tmp'))
args = MagicMock()
args.rsakey = None
args.storageaccount = 'blobep'
args.container = 'container'
args.storageaccountkey = 'saskey'
args.chunksizebytes = 5
args.timeout = None
sa_in_queue = queue.PriorityQueue()
session = requests.Session()
adapter = requests_mock.Adapter()
session.mount('mock', adapter)
with requests_mock.mock() as m:
m.head('mock://blobepcontainer/blob?saskey',
headers={
'content-length': '-1',
'content-md5': 'md5'
})
sbs = blobxfer.SasBlobService('mock://blobep', 'saskey', None)
with pytest.raises(ValueError):
blobxfer.generate_xferspec_download(sbs, args, sa_in_queue, lpath,
'blob', True,
[None, None, None])
assert sa_in_queue.qsize() == 0
m.head('mock://blobepcontainer/blob?saskey',
headers={
'content-length': '6',
'content-md5': 'md5'
})
cl, nsops, md5, fd = blobxfer.generate_xferspec_download(
sbs, args, sa_in_queue, lpath, 'blob', True, [None, None, None])
assert sa_in_queue.qsize() == 2
assert 2 == nsops
assert 6 == cl
assert 2 == nsops
assert 'md5' == md5
assert fd is not None
fd.close()
cl, nsops, md5, fd = blobxfer.generate_xferspec_download(
sbs, args, sa_in_queue, lpath, 'blob', False, [None, None, None])
assert 2 == nsops
assert fd is None
assert sa_in_queue.qsize() == 4
with open(lpath, 'wt') as f:
f.write('012345')
m.head('mock://blobepcontainer/blob?saskey',
headers={
'content-length': '6',
'content-md5': '1qmpM8iq/FHlWsBmK25NSg=='
})
cl, nsops, md5, fd = blobxfer.generate_xferspec_download(
sbs, args, sa_in_queue, lpath, 'blob', True, [None, None, None])
assert nsops is None
assert cl is None
assert sa_in_queue.qsize() == 4
sa_in_queue = queue.PriorityQueue()
args.rsaprivatekey = _RSAKEY
args.rsapublickey = None
symkey, signkey = blobxfer.generate_aes256_keys()
args.encmode = blobxfer._ENCRYPTION_MODE_CHUNKEDBLOB
metajson = blobxfer.EncryptionMetadataJson(args,
symkey,
signkey,
iv=b'0',
encdata_signature=b'0',
preencrypted_md5=None)
encmeta = metajson.construct_metadata_json()
goodencjson = json.loads(encmeta[blobxfer._ENCRYPTION_METADATA_NAME])
goodauthjson = json.loads(
encmeta[blobxfer._ENCRYPTION_METADATA_AUTH_NAME])
metajson2 = blobxfer.EncryptionMetadataJson(args, None, None, None,
None, None)
metajson2.parse_metadata_json('blob', args.rsaprivatekey,
args.rsapublickey, encmeta)
assert metajson2.symkey == symkey
assert metajson2.signkey == signkey
assert metajson2.encmode == args.encmode
assert metajson2.chunksizebytes == args.chunksizebytes + \
blobxfer._AES256CBC_HMACSHA256_OVERHEAD_BYTES + 1
encjson = json.loads(encmeta[blobxfer._ENCRYPTION_METADATA_NAME])
encjson[blobxfer._ENCRYPTION_METADATA_LAYOUT][
blobxfer._ENCRYPTION_METADATA_CHUNKSTRUCTURE] = 'X'
headers = {
'content-length':
'64',
'content-md5':
'md5',
'x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_NAME:
json.dumps(encjson),
'x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_AUTH_NAME:
json.dumps(goodauthjson),
}
m.head('mock://blobepcontainer/blob?saskey', headers=headers)
with pytest.raises(RuntimeError):
blobxfer.generate_xferspec_download(sbs, args, sa_in_queue, lpath,
'blob', False,
[None, None, None])
# switch to full blob mode tests
args.encmode = blobxfer._ENCRYPTION_MODE_FULLBLOB
metajson = blobxfer.EncryptionMetadataJson(args,
symkey,
signkey,
iv=b'0',
encdata_signature=b'0',
preencrypted_md5=None)
encmeta = metajson.construct_metadata_json()
goodencjson = json.loads(encmeta[blobxfer._ENCRYPTION_METADATA_NAME])
goodauthjson = json.loads(
encmeta[blobxfer._ENCRYPTION_METADATA_AUTH_NAME])
headers['x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_NAME] = \
json.dumps(goodencjson)
headers['x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_AUTH_NAME] = \
json.dumps(goodauthjson)
encjson = copy.deepcopy(goodencjson)
encjson[blobxfer._ENCRYPTION_METADATA_AGENT][
blobxfer._ENCRYPTION_METADATA_PROTOCOL] = 'X'
headers['x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_NAME] = \
json.dumps(encjson)
m.head('mock://blobepcontainer/blob?saskey', headers=headers)
with pytest.raises(RuntimeError):
blobxfer.generate_xferspec_download(sbs, args, sa_in_queue, lpath,
'blob', False,
[None, None, None])
encjson = copy.deepcopy(goodencjson)
encjson[blobxfer._ENCRYPTION_METADATA_AGENT][
blobxfer._ENCRYPTION_METADATA_ENCRYPTION_ALGORITHM] = 'X'
headers['x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_NAME] = \
json.dumps(encjson)
m.head('mock://blobepcontainer/blob?saskey', headers=headers)
with pytest.raises(RuntimeError):
blobxfer.generate_xferspec_download(sbs, args, sa_in_queue, lpath,
'blob', False,
[None, None, None])
encjson = copy.deepcopy(goodencjson)
encjson[blobxfer._ENCRYPTION_METADATA_INTEGRITY_AUTH][
blobxfer._ENCRYPTION_METADATA_ALGORITHM] = 'X'
headers['x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_NAME] = \
json.dumps(encjson)
m.head('mock://blobepcontainer/blob?saskey', headers=headers)
with pytest.raises(RuntimeError):
blobxfer.generate_xferspec_download(sbs, args, sa_in_queue, lpath,
'blob', False,
[None, None, None])
encjson = copy.deepcopy(goodencjson)
encjson[blobxfer._ENCRYPTION_METADATA_WRAPPEDCONTENTKEY][
blobxfer._ENCRYPTION_METADATA_ALGORITHM] = 'X'
headers['x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_NAME] = \
json.dumps(encjson)
m.head('mock://blobepcontainer/blob?saskey', headers=headers)
with pytest.raises(RuntimeError):
blobxfer.generate_xferspec_download(sbs, args, sa_in_queue, lpath,
'blob', False,
[None, None, None])
authjson = copy.deepcopy(goodauthjson)
authjson.pop(blobxfer._ENCRYPTION_METADATA_AUTH_METAAUTH, None)
headers['x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_NAME] = \
json.dumps(goodencjson)
headers['x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_AUTH_NAME] = \
json.dumps(authjson)
m.head('mock://blobepcontainer/blob?saskey', headers=headers)
with pytest.raises(RuntimeError):
blobxfer.generate_xferspec_download(sbs, args, sa_in_queue, lpath,
'blob', False,
[None, None, None])
authjson = copy.deepcopy(goodauthjson)
authjson[blobxfer._ENCRYPTION_METADATA_AUTH_METAAUTH].pop(
blobxfer._ENCRYPTION_METADATA_AUTH_ENCODING, None)
headers['x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_NAME] = \
json.dumps(goodencjson)
headers['x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_AUTH_NAME] = \
json.dumps(authjson)
m.head('mock://blobepcontainer/blob?saskey', headers=headers)
with pytest.raises(RuntimeError):
blobxfer.generate_xferspec_download(sbs, args, sa_in_queue, lpath,
'blob', False,
[None, None, None])
authjson = copy.deepcopy(goodauthjson)
authjson[blobxfer._ENCRYPTION_METADATA_AUTH_METAAUTH][
blobxfer._ENCRYPTION_METADATA_ALGORITHM] = 'X'
headers['x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_NAME] = \
json.dumps(goodencjson)
headers['x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_AUTH_NAME] = \
json.dumps(authjson)
m.head('mock://blobepcontainer/blob?saskey', headers=headers)
with pytest.raises(RuntimeError):
blobxfer.generate_xferspec_download(sbs, args, sa_in_queue, lpath,
'blob', False,
[None, None, None])
authjson = copy.deepcopy(goodauthjson)
authjson[blobxfer._ENCRYPTION_METADATA_AUTH_METAAUTH][
blobxfer._ENCRYPTION_METADATA_MAC] = blobxfer.base64encode(b'X')
headers['x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_NAME] = \
json.dumps(goodencjson)
headers['x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_AUTH_NAME] = \
json.dumps(authjson)
m.head('mock://blobepcontainer/blob?saskey', headers=headers)
with pytest.raises(RuntimeError):
blobxfer.generate_xferspec_download(sbs, args, sa_in_queue, lpath,
'blob', False,
[None, None, None])
args.chunksizebytes = 5
metajson.chunksizebytes = args.chunksizebytes
metajson.md5 = headers['content-md5']
args.encmode = blobxfer._ENCRYPTION_MODE_FULLBLOB
encjson = copy.deepcopy(goodencjson)
headers['x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_NAME] = \
json.dumps(encjson)
headers['x-ms-meta-' + blobxfer._ENCRYPTION_METADATA_AUTH_NAME] = \
json.dumps(goodauthjson)
hcl = int(headers['content-length'])
cl, nsops, md5, fd = blobxfer.generate_xferspec_download(
sbs, args, sa_in_queue, lpath, 'blob', False,
[hcl, headers['content-md5'], metajson])
assert hcl == cl
calcops = hcl // args.chunksizebytes
hclmod = hcl % args.chunksizebytes
if hclmod > 0:
calcops += 1
assert calcops == nsops
assert headers['content-md5'] == md5
assert fd is None
assert sa_in_queue.qsize() == nsops
data = sa_in_queue.get()
assert data is not None
def test_encrypt_decrypt_chunk():
enckey, signkey = blobxfer.generate_aes256_keys()
assert len(enckey) == blobxfer._AES256_KEYLENGTH_BYTES
assert len(signkey) == blobxfer._AES256_KEYLENGTH_BYTES
# test random binary data, unaligned
iv = os.urandom(16)
plaindata = os.urandom(31)
encdata = blobxfer.encrypt_chunk(enckey,
signkey,
plaindata,
blobxfer._ENCRYPTION_MODE_CHUNKEDBLOB,
pad=True)
assert encdata != plaindata
decdata = blobxfer.decrypt_chunk(enckey,
signkey,
encdata,
blobxfer._ENCRYPTION_MODE_CHUNKEDBLOB,
unpad=True)
assert decdata == plaindata
with pytest.raises(RuntimeError):
badsig = base64.b64encode(b'0')
blobxfer.decrypt_chunk(enckey,
badsig,
encdata,
blobxfer._ENCRYPTION_MODE_CHUNKEDBLOB,
unpad=True)
encdata = blobxfer.encrypt_chunk(enckey,
signkey,
plaindata,
blobxfer._ENCRYPTION_MODE_FULLBLOB,
iv=iv,
pad=True)
decdata = blobxfer.decrypt_chunk(enckey,
signkey,
encdata,
blobxfer._ENCRYPTION_MODE_FULLBLOB,
iv=iv,
unpad=True)
assert decdata == plaindata
# test random binary data aligned on boundary
plaindata = os.urandom(32)
encdata = blobxfer.encrypt_chunk(enckey,
signkey,
plaindata,
blobxfer._ENCRYPTION_MODE_FULLBLOB,
iv=iv,
pad=True)
assert encdata != plaindata
decdata = blobxfer.decrypt_chunk(enckey,
signkey,
encdata,
blobxfer._ENCRYPTION_MODE_FULLBLOB,
iv=iv,
unpad=True)
assert decdata == plaindata
# test text data
plaindata = b'attack at dawn!'
encdata = blobxfer.encrypt_chunk(enckey,
signkey,
plaindata,
blobxfer._ENCRYPTION_MODE_FULLBLOB,
iv,
pad=True)
assert encdata != plaindata
decdata = blobxfer.decrypt_chunk(enckey,
signkey,
encdata,
blobxfer._ENCRYPTION_MODE_FULLBLOB,
iv,
unpad=True)
assert decdata == plaindata
