def test_spec(self): for version in _versions.keys(): compatibility = version in {1, 3} path = os.path.dirname(os.path.realpath(os.path.abspath(__file__))) with open(os.path.join(path, "spec/triplesec_v{}.json".format(version))) as specfile: vectors = json.load(specfile) for v in vectors['vectors']: key = unhex(v['key']) pt = unhex(v['pt']) ct = unhex(v['ct']) rndstream = six.BytesIO(unhex(v['r'])) # Self-consistency got_self_compat = triplesec.encrypt(pt, key, compatibility=compatibility) self.assertEqual(pt, triplesec.decrypt(got_self_compat, key, compatibility=compatibility)) # Self-consistency for reverse compatibility got_self_rev_compat = triplesec.encrypt(pt, key, compatibility=not compatibility) self.assertEqual(pt, triplesec.decrypt(got_self_rev_compat, key, compatibility=not compatibility)) # Able to decrypt spec self.assertEqual(pt, triplesec.decrypt(ct, key, compatibility=compatibility)) # Correct encryption with fixed random tape T = TripleSec(key, rndstream=rndstream) got = T.encrypt(pt, v=version, compatibility=compatibility) self.assertEqual(hexlify(got), hexlify(ct))
def test_decrypt_invalid_data(self): regex = r'does not look like a TripleSec ciphertext' self.assertRaisesRegexp(TripleSecError, regex, lambda: triplesec.decrypt(b'foo', b'xxx')) self.assertRaisesRegexp( TripleSecError, regex, lambda: triplesec.decrypt( unhex(b'1c94d7de00000003abcdef'), b'xxx')) self.assertRaisesRegexp( TripleSecError, regex, lambda: triplesec.decrypt(b'12345678901235' * 100, b'xxx'))
def test_missing_key(self): T = TripleSec() regex = 'You didn\'t initialize TripleSec with a key' self.assertRaisesRegexp(TripleSecError, regex, lambda: T.encrypt(b'xxx')) self.assertRaisesRegexp(TripleSecError, regex, lambda: T.decrypt(b'xxx')) self.assertRaisesRegexp(TripleSecError, regex, lambda: triplesec.encrypt(b'xxx')) self.assertRaisesRegexp(TripleSecError, regex, lambda: triplesec.decrypt(b'xxx'))
def test_tampered_data(self): regex = r'Failed authentication of the data' c = VECTOR['ciphertext'] c = c[:-2] + six.int2byte(six.indexbytes(c, -2) ^ 25) + six.int2byte( six.indexbytes(c, -1)) self.assertRaisesRegexp(TripleSecError, regex, lambda: triplesec.decrypt(c, VECTOR['key']))
def test_zero_length(self): regex = r'Invalid message length - message cannot be empty' self.assertRaisesRegexp(TripleSecError, regex, lambda: triplesec.encrypt(b'', b'xxx')) regex = r'Invalid key length - key cannot be empty' self.assertRaisesRegexp(TripleSecError, regex, lambda: triplesec.encrypt(b'foo', b'')) self.assertRaisesRegexp(TripleSecError, regex, lambda: triplesec.decrypt(b'foo', b''))
def test_key_type(self): regex = r'The key needs to be a binary string' for k in (u'xxx', 12, [12, 13]): self.assertRaisesRegexp(TripleSecError, regex, lambda: TripleSec(k)) self.assertRaisesRegexp(TripleSecError, regex, lambda: triplesec.decrypt(b'foo', k)) self.assertRaisesRegexp(TripleSecError, regex, lambda: triplesec.encrypt(b'foo', k))
def test_external_vectors(self): for V in vectors: if 'disabled' in V: continue self._test_encrypt(triplesec.encrypt, V['plaintext'], V['key'], debug=True) self.assertEqual(triplesec.decrypt(V['ciphertext'], V['key']), V['plaintext'])
def _test_encrypt(self, encrypt, plaintext, key, pass_key=True, debug=False): if pass_key: ciphertext = encrypt(plaintext, key) else: ciphertext = encrypt(plaintext) self.assertEqual(plaintext, triplesec.decrypt(ciphertext, key)) if debug: print("Plaintext: {}\nEncrypted: {}".format( plaintext, ciphertext.hex()))
def test_shortcuts(self): self._test_encrypt(triplesec.encrypt, VECTOR['plaintext'], VECTOR['key']) self.assertEqual(triplesec.decrypt(VECTOR['ciphertext'], VECTOR['key']), VECTOR['plaintext'])
def _test_encrypt(self, encrypt, plaintext, key, pass_key=True): if pass_key: ciphertext = encrypt(plaintext, key) else: ciphertext = encrypt(plaintext) self.assertEqual(plaintext, triplesec.decrypt(ciphertext, key))
def test_random_encryption(self): for i in range(500 // 20): p = triplesec.rndfile.read(i * 20 + 1) k = triplesec.rndfile.read((i * 20 - 300) % 500 + 1) c = triplesec.encrypt(p, k) self.assertEqual(p, triplesec.decrypt(c, k), i)
def test_decrypt_invalid_data(self): regex = r'does not look like a TripleSec ciphertext' self.assertRaisesRegexp(TripleSecError, regex, lambda: triplesec.decrypt(b'foo', b'xxx')) self.assertRaisesRegexp(TripleSecError, regex, lambda: triplesec.decrypt(unhex(b'1c94d7de00000003abcdef'), b'xxx')) self.assertRaisesRegexp(TripleSecError, regex, lambda: triplesec.decrypt(b'12345678901235'*100, b'xxx'))
def test_external_vectors(self): for V in vectors: if 'disabled' in V: continue self._test_encrypt(triplesec.encrypt, V['plaintext'], V['key']) self.assertEqual(triplesec.decrypt(V['ciphertext'], V['key']), V['plaintext'])
def test_decrypt_invalid_version(self): regex = r'Unimplemented version' self.assertRaisesRegexp(TripleSecError, regex, lambda: triplesec.decrypt(unhex(b'1c94d7de01200000abcdef'), b'xxx'))
def test_tampered_data(self): regex = r'Failed authentication of the data' c = VECTOR['ciphertext'] c = c[:-2] + six.int2byte(six.indexbytes(c, -2) ^ 25) + six.int2byte(six.indexbytes(c, -1)) self.assertRaisesRegexp(TripleSecError, regex, lambda: triplesec.decrypt(c, VECTOR['key']))
def decifrar(texto, clave): texto = b(base64.b64decode(texto)) clave = b(clave.encode('utf8')) mensaje = triplesec.decrypt(texto, clave) return mensaje