def test_AEAD_bad_aad(aead_key, aead_iv, cleartext):
extra = ["some", "extra", "data"]
k = AEAD(aead_key, aead_iv)
for d in extra:
k.add_associated_data(d)
ciphertext, tag = k.encrypt_and_tag(cleartext)
# get a fresh AEAD object
c = AEAD(aead_key, aead_iv)
# skip one aad item, MAC is wrong now
for d in extra[:1]:
c.add_associated_data(d)
with pytest.raises(AESError):
c.decrypt_and_verify(ciphertext, tag)
def parse_cookie(name, seed, kaka, enc_key=None):
"""
Parse and verify a cookie value.
Parses a cookie created by `make_cookie` and verifies it has not been tampered with.
You need to provide the same `seed` and `enc_key`
used when creating the cookie, otherwise the verification
fails. See `make_cookie` for details about the verification.
:param seed: A seed key used for the HMAC signature
:type seed: bytes
:param kaka: The cookie
:param enc_key: The encryption key used.
:type enc_key: bytes or None
:raises InvalidCookieSign: When verification fails.
:return: A tuple consisting of (payload, timestamp) or None if parsing fails
"""
if not kaka:
return None
if isinstance(seed, str):
seed = seed.encode("utf-8")
parts = cookie_parts(name, kaka)
if parts is None:
return None
elif len(parts) == 3:
# verify the cookie signature
cleartext, timestamp, sig = parts
if not verify_cookie_signature(sig, seed, cleartext, timestamp):
raise InvalidCookieSign()
return cleartext, timestamp
elif len(parts) == 4:
# encrypted and signed
timestamp = parts[0]
iv = base64.b64decode(parts[1])
ciphertext = base64.b64decode(parts[2])
tag = base64.b64decode(parts[3])
# Make sure the key is 32-Bytes long
key = _make_hashed_key((enc_key, seed))
crypt = AEAD(key, iv)
# timestamp does not need to be encrypted, just MAC'ed,
# so we add it to 'Associated Data' only.
crypt.add_associated_data(timestamp.encode("utf-8"))
try:
cleartext = crypt.decrypt_and_verify(ciphertext, tag)
except AESError:
raise InvalidCookieSign()
return cleartext.decode("utf-8"), timestamp
return None
def parse_cookie(name, seed, kaka, enc_key=None):
"""Parses and verifies a cookie value
Parses a cookie created by `make_cookie` and verifies
it has not been tampered with.
You need to provide the same `seed` and `enc_key`
used when creating the cookie, otherwise the verification
fails. See `make_cookie` for details about the verification.
:param seed: A seed key used for the HMAC signature
:type seed: bytes
:param kaka: The cookie
:param enc_key: The encryption key used.
:type enc_key: bytes or None
:raises InvalidCookieSign: When verification fails.
:return: A tuple consisting of (payload, timestamp) or None if parsing fails
"""
if not kaka:
return None
if isinstance(seed, text_type):
seed = seed.encode('utf-8')
parts = cookie_parts(name, kaka)
if parts is None:
return None
elif len(parts) == 3:
# verify the cookie signature
cleartext, timestamp, sig = parts
if not verify_cookie_signature(sig, seed, cleartext, timestamp):
raise InvalidCookieSign()
return cleartext, timestamp
elif len(parts) == 4:
# encrypted and signed
timestamp = parts[0]
iv = base64.b64decode(parts[1])
ciphertext = base64.b64decode(parts[2])
tag = base64.b64decode(parts[3])
# Make sure the key is 32-Bytes long
key = _make_hashed_key((enc_key, seed))
crypt = AEAD(key, iv)
# timestamp does not need to be encrypted, just MAC'ed,
# so we add it to 'Associated Data' only.
crypt.add_associated_data(timestamp.encode('utf-8'))
try:
cleartext = crypt.decrypt_and_verify(ciphertext, tag)
except AESError:
raise InvalidCookieSign()
return cleartext.decode('utf-8'), timestamp
return None
def test_AEAD_good(aead_key, aead_iv, cleartext):
extra = ["some", "extra", "data"]
k = AEAD(aead_key, aead_iv)
for d in extra:
k.add_associated_data(d)
ciphertext, tag = k.encrypt_and_tag(cleartext)
# get a fresh AEAD object
c = AEAD(aead_key, aead_iv)
for d in extra:
c.add_associated_data(d)
cleartext2 = c.decrypt_and_verify(ciphertext, tag)
assert cleartext2 == cleartext