def test_decrypt_unknwown_key_id(): ciphertext_blob = b"d25652e4-d2d2-49f7-929a-671ccda580c6" b"123456789012" b"1234567890123456" b"some ciphertext" with assert_raises(AccessDeniedException): decrypt(master_keys={}, ciphertext_blob=ciphertext_blob, encryption_context={})
def test_decrypt_invalid_ciphertext_format(): master_key = Key("nop", "nop", "nop", [], "nop") master_key_map = {master_key.id: master_key} with assert_raises(InvalidCiphertextException): decrypt(master_keys=master_key_map, ciphertext_blob=b"", encryption_context={})
def test_decrypt_invalid_ciphertext(): master_key = Key("nop", "nop", "nop", [], "nop") master_key_map = {master_key.id: master_key} ciphertext_blob = master_key.id.encode( "utf-8") + b"123456789012" b"1234567890123456" b"some ciphertext" with assert_raises(InvalidCiphertextException): decrypt( master_keys=master_key_map, ciphertext_blob=ciphertext_blob, encryption_context={}, )
def test_decrypt_invalid_encryption_context(): plaintext = b"some secret plaintext" master_key = Key("nop", "nop", "nop", [], "nop") master_key_map = {master_key.id: master_key} ciphertext_blob = encrypt( master_keys=master_key_map, key_id=master_key.id, plaintext=plaintext, encryption_context={ "some": "encryption", "context": "here" }, ) with assert_raises(InvalidCiphertextException): decrypt( master_keys=master_key_map, ciphertext_blob=ciphertext_blob, encryption_context={}, )
def test_encrypt_decrypt_cycle(encryption_context): plaintext = b"some secret plaintext" master_key = Key("nop", "nop", "nop", [], "nop") master_key_map = {master_key.id: master_key} ciphertext_blob = encrypt(master_keys=master_key_map, key_id=master_key.id, plaintext=plaintext, encryption_context=encryption_context) ciphertext_blob.should_not.equal(plaintext) decrypted, decrypting_key_id = decrypt( master_keys=master_key_map, ciphertext_blob=ciphertext_blob, encryption_context=encryption_context) decrypted.should.equal(plaintext) decrypting_key_id.should.equal(master_key.id)