def test_CTR_test_vectors(self): # test CTR encryption and decryption using official RFC test vectors key = Fernet.generate_key() fernet = Fernet(key) KEY = 'AE6852F8121067CC4BF7A5765577F39E'.decode('hex') IV = '00000030000000000000000000000001'.decode('hex') PLAINTEXT = '53696E676C6520626C6F636B206D7367'.decode('hex') CIPHERTEXT = 'E4095D4FB7A7B3792D6175A3261311B8'.decode('hex') assert fernet._AES_CTR_encrypt(PLAINTEXT, IV, KEY) == CIPHERTEXT assert fernet._AES_CTR_decrypt(CIPHERTEXT, IV, KEY) == PLAINTEXT KEY = '7E24067817FAE0D743D6CE1F32539163'.decode('hex') IV = '006CB6DBC0543B59DA48D90B00000001'.decode('hex') PLAINTEXT = '000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F'.decode('hex') CIPHERTEXT = '5104A106168A72D9790D41EE8EDAD388EB2E1EFC46DA57C8FCE630DF9141BE28'.decode('hex') assert fernet._AES_CTR_encrypt(PLAINTEXT, IV, KEY) == CIPHERTEXT assert fernet._AES_CTR_decrypt(CIPHERTEXT, IV, KEY) == PLAINTEXT KEY = '7691BE035E5020A8AC6E618529F9A0DC'.decode('hex') IV = '00E0017B27777F3F4A1786F000000001'.decode('hex') PLAINTEXT = '000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223'.decode('hex') CIPHERTEXT = 'C1CF48A89F2FFDD9CF4652E9EFDB72D74540A42BDE6D7836D59A5CEAAEF3105325B2072F'.decode('hex') assert fernet._AES_CTR_encrypt(PLAINTEXT, IV, KEY) == CIPHERTEXT assert fernet._AES_CTR_decrypt(CIPHERTEXT, IV, KEY) == PLAINTEXT
def test_CMAC_verify(self): # test CMAC verification function key = Fernet.generate_key() fernet = Fernet(key) # test against the cryptography.io library APIs for i in range(20): M = os.urandom(i) K = os.urandom(16) # use library API generation c = cmac.CMAC(algorithms.AES(K), backend=default_backend()) c.update(M) lib_cmac = c.finalize() # verify a library generated cmac assert fernet._AES_CMAC_verify(K, M, len(M), lib_cmac) # verify against our own API cmac_ = fernet._AES_CMAC_generate(K, M, len(M)) assert fernet._AES_CMAC_verify(K, M, len(M), cmac_) # # library verify our generated cmac c = cmac.CMAC(algorithms.AES(K), backend=default_backend()) c.update(M) try: c.verify(cmac_) except Exception: raise Exception
def test_CMAC_test_vectors(self): # test using official RFC AES_CMAC test vectors key = Fernet.generate_key() fernet = Fernet(key) K = '2b7e151628aed2a6abf7158809cf4f3c'.decode('hex') LENGTH = 0 M = '' CMAC = 'bb1d6929e95937287fa37d129b756746'.decode('hex') assert fernet._AES_CMAC_generate(K, M, LENGTH) == CMAC LENGTH = 16 M = '6bc1bee22e409f96e93d7e117393172a'.decode('hex') CMAC = '070a16b46b4d4144f79bdd9dd04a287c'.decode('hex') assert fernet._AES_CMAC_generate(K, M, LENGTH) == CMAC LENGTH = 40 M = '6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411'.decode('hex') CMAC = 'dfa66747de9ae63030ca32611497c827'.decode('hex') assert fernet._AES_CMAC_generate(K, M, LENGTH) == CMAC LENGTH = 64 M = '6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710'.decode('hex') CMAC = '51f0bebf7e3b9d92fc49741779363cfe'.decode('hex') assert fernet._AES_CMAC_generate(K, M, LENGTH) == CMAC
def test_integer_bytes_conversion2(self): # test integer to bytes, then bytes to integer == original key = Fernet.generate_key() fernet = Fernet(key) for i in range(10000): assert fernet._bytes_to_integer(fernet._integer_to_bytes(i)) == i
def test_integer_bytes_conversion(self): # test bytes to integer, then integer to bytes == original key = Fernet.generate_key() fernet = Fernet(key) for i in range(10000): b = os.urandom(16) assert fernet._integer_to_bytes(fernet._bytes_to_integer(b)) == b
def test_empty_bytes(self): # test _bytes_to_integer function when given empty bytes key = Fernet.generate_key() fernet = Fernet(key) b = os.urandom(0) with pytest.raises(AssertionError) as e: fernet._bytes_to_integer(b)
def test_subkey_gen_bad_length(self): # test subkey generation function when given bad input length key = Fernet.generate_key() fernet = Fernet(key) KEY = os.urandom(15) with pytest.raises(AssertionError) as e: fernet._generate_subkey(KEY)
def test_Functionality(self): key = Fernet.generate_key() fernet = Fernet(key) # decrypt(encrypt(msg)) == msg for i in xrange(20): msg = os.urandom(6) assert fernet.decrypt(fernet.encrypt(msg)) == msg
def test_timeout(self): # test exceeded time to live key = Fernet.generate_key() fernet = Fernet(key) ct = fernet.encrypt('Another secret message!') time.sleep(3) with pytest.raises(InvalidToken) as e: fernet.decrypt(ct, 2)
def test_xor(self): # check xor for normal functionality key = Fernet.generate_key() fernet = Fernet(key) x = bytes(bytearray(16)) for i in xrange(20): y = os.urandom(16) assert(fernet._xor(x, y) == y) # xor of 0 and y == y
def test_Functionality_extensive(self): # extensively test the decrpytion(encryption(msg)) == msg key = Fernet.generate_key() fernet = Fernet(key) # decrypt(encrypt(msg)) == msg for i in xrange(100): for l in range(20): msg = os.urandom(l) assert fernet.decrypt(fernet.encrypt(msg)) == msg
def test_AES_ECB(self): # AES_ECB_128 test with RFC test vectors key = Fernet.generate_key() fernet = Fernet(key) KEY = '2b7e151628aed2a6abf7158809cf4f3c'.decode('hex') AES_128 = '7df76b0c1ab899b33e42f047b91b546f'.decode('hex') CONST_ZERO = 0x00000000000000000000000000000000 assert fernet._AES_ECB(fernet._integer_to_bytes(CONST_ZERO), KEY) == AES_128
def test_CTR_functionality(self): # test CTR functionality (decrypt(encrypt(msg)) == msg) key = Fernet.generate_key() fernet = Fernet(key) # test encrypt than decrypt gives back original message for i in range(20): data = os.urandom(i) key = os.urandom(16) iv = os.urandom(16) assert fernet._AES_CTR_decrypt(fernet._AES_CTR_encrypt(data, iv, key), iv, key) == data
def test_subkey_generation(self): # test subkey generation using RFC test vectors key = Fernet.generate_key() fernet = Fernet(key) KEY = '2b7e151628aed2a6abf7158809cf4f3c'.decode('hex') AES_128 = '7df76b0c1ab899b33e42f047b91b546f'.decode('hex') K1 = 'fbeed618357133667c85e08f7236a8de'.decode('hex') K2 = 'f7ddac306ae266ccf90bc11ee46d513b'.decode('hex') K1_, K2_ = fernet._generate_subkey(KEY) assert K1 == K1_ and K2 == K2_
def test_bad_version(self): # test incorrect version of Fernet 0x91 key = Fernet.generate_key() fernet = Fernet(key) ct = fernet.encrypt('Secret message!') ct = list(base64.urlsafe_b64decode(ct)) # decode ciphertext ct[0] = b'\x00' # change version ct = ''.join(ct) ct = base64.urlsafe_b64encode(ct) # encode ciphertext with pytest.raises(InvalidToken) as e: fernet.decrypt(ct)
def test_bad_CMAC(self): # test bad CMAC signature key = Fernet.generate_key() fernet = Fernet(key) ct = fernet.encrypt('Aanother message!') ct = list(base64.urlsafe_b64decode(ct)) # decode ciphertext ct.append(b'\x00') # modify CMAC ct = ''.join(ct) ct = base64.urlsafe_b64encode(ct) # encode ciphertext with pytest.raises(InvalidToken) as e: fernet.decrypt(ct)
def test_xor_bad_length(self): # test xor function when given mismatching lengths key = Fernet.generate_key() fernet = Fernet(key) # check xor functionality x = bytes(bytearray(16)) for i in xrange(1, 20): if i == 16: continue y = os.urandom(i) with pytest.raises(AssertionError) as e: fernet._xor(x, y)
def create_access_ticket(session_key, ticket_owner_key, client_id): access_ticket_raw = {} access_ticket_raw['timeStamp'] = time.time() access_ticket_raw['client_id'] = client_id access_ticket_raw['duration'] = client_id access_ticket_raw['session_key'] = session_key access_ticket_raw['session_id'] = Fernet.generate_key() rad_encryptor_engine = Fernet(ticket_owner_key) access_ticket_enc = rad_encryptor_engine.encrypt( json.dumps(access_ticket_raw, cls=BytesDump).encode()) return access_ticket_enc
def test_CTR_decrypt(self): # test CTR decrypt function (encrypt with library API, decrypt with ours) key = Fernet.generate_key() fernet = Fernet(key) for i in range(20): data = os.urandom(i) key = os.urandom(16) iv = os.urandom(16) # encrypt with library APIs cipher = Cipher(algorithms.AES(key), modes.CTR(iv), backend=default_backend()) encryptor = cipher.encryptor() ct = encryptor.update(data) + encryptor.finalize() # decrypt with our APIs pt = fernet._AES_CTR_decrypt(ct, iv, key) assert data == pt
def test_CMAC_generate(self): # test AES_CMAC generation key = Fernet.generate_key() fernet = Fernet(key) # test against the cryptographi.io library APIs for i in range(20): M = os.urandom(i) K = os.urandom(16) # use library's API to generate CMAC c = cmac.CMAC(algorithms.AES(K), backend=default_backend()) c.update(M) lib_cmac = c.finalize() # use our function to generate CMAC cmac_ = fernet._AES_CMAC_generate(K, M, len(M)) # verify library CMAC vs our CMAC assert cmac_ == lib_cmac
def test_increment_integer(self): # test the increment integer function key = Fernet.generate_key() fernet = Fernet(key) # test normal behavior for i in range(100): assert fernet._increment_integer(i) == i + 1 # test edge case i = 2**128-1 assert fernet._increment_integer(i) == 0 # test big integer with pytest.raises(AssertionError) as e: fernet._increment_integer(2**128) # test negative integer with pytest.raises(AssertionError) as e: fernet._increment_integer(-1)
def __init__(self): self.PUB_KEY = Fernet.generate_key() self.PRI_KEY = Fernet.generate_key() self.thread = Thread self.setup = Settings() self.host = "0.0.0.0"
def __generar_clave_token(self, contrasenia): self.__clave = Fernet.generate_key() self.__clave.decode() self.__token = self.__encrypt(contrasenia.encode(), self.__clave)
def __init__(self, nombre, email, contrasenia): self.nombre = nombre self.email = email self.__clave = Fernet.generate_key() self.__clave.decode() self.__token = self.__encrypt(contrasenia.encode(), self.__clave)
def test_big_integer(self): # test _integer_to_bytes when given too big an integer key = Fernet.generate_key() fernet = Fernet(key) with pytest.raises(AssertionError) as e: fernet._integer_to_bytes(2**128)
from fernet import Fernet from flask import Flask, render_template, request app = Flask(__name__) key = Fernet.generate_key() f = Fernet(key) @app.route('/') def index(): """ Default page http://127.0.0.1:5000/ :return: """ title = request.args.get('title', 'default') return render_template('index.html', title=title) @app.route('/encrypt') def string_to_encrypt_method(): """ url_path takes value (?param=) to encrypt it. Input value (?param=), after field *Encrypted result* will display decrypt value on page :return: """ title = request.args.get('param', 'default') token = f.encrypt(title) return render_template('index.html', encrypt=token)
def writeKey(): global key key = Fernet.generate_key() file = open('key.key', 'wb') file.write(key) # The key is type bytes still file.close()
def encodeMessage(data): key = Fernet.generate_key() f = Fernet(key) return pickle.dumps((key, f.encrypt(data), md5(f.encrypt(data))))