def test_blob_decryptor(self):
ciphertext = yield self.blob.encrypt()
decryptor = _crypto.BlobDecryptor(self.doc_info,
ciphertext,
secret='A' * 96)
decrypted = yield decryptor.decrypt()
assert decrypted.getvalue() == snowden1
def _check_result(uri, data, *args, **kwargs):
decryptor = _crypto.BlobDecryptor(self.doc_info,
data,
armor=False,
secret=self.secret)
decrypted = yield decryptor.decrypt()
self.assertEquals(decrypted.getvalue(), 'up and up')
defer.returnValue(Mock(code=200))
def test_init_with_preamble_alone(self):
ciphertext = yield self.blob.encrypt()
preamble = ciphertext.getvalue().split()[0]
decryptor = _crypto.BlobDecryptor(self.doc_info,
BytesIO(preamble),
start_stream=False,
secret='A' * 96)
assert decryptor._consume_preamble()
def test_unarmored_blob_encrypt(self):
self.blob.armor = False
encrypted = yield self.blob.encrypt()
decryptor = _crypto.BlobDecryptor(self.doc_info,
encrypted,
armor=False,
secret='A' * 96)
decrypted = yield decryptor.decrypt()
assert decrypted.getvalue() == snowden1
def test_blob_decryptor(self):
inf = BytesIO(snowden1)
blob = _crypto.BlobEncryptor(self.doc_info, inf, secret='A' * 96)
ciphertext = yield blob.encrypt()
decryptor = _crypto.BlobDecryptor(self.doc_info,
ciphertext,
secret='A' * 96)
decrypted = yield decryptor.decrypt()
assert decrypted == snowden1
def test_incremental_blob_decryptor(self):
ciphertext = yield self.blob.encrypt()
preamble, ciphertext = ciphertext.getvalue().split()
ciphertext = base64.urlsafe_b64decode(ciphertext)
decryptor = _crypto.BlobDecryptor(self.doc_info,
BytesIO(preamble),
start_stream=False,
secret='A' * 96,
tag=ciphertext[-16:])
ciphertext = BytesIO(ciphertext[:-16])
chunk = ciphertext.read(10)
while chunk:
decryptor.write(chunk)
chunk = ciphertext.read(10)
decrypted = decryptor._end_stream()
assert decrypted.getvalue() == snowden1
def test_preamble_can_come_without_size(self):
# XXX: This test case is here only to test backwards compatibility!
preamble = self.blob._encode_preamble()
# repack preamble using legacy format, without doc size
unpacked = _preamble.PACMAN.unpack(preamble)
preamble_without_size = _preamble.LEGACY_PACMAN.pack(*unpacked[0:7])
# encrypt it manually for custom tag
ciphertext, tag = _aes_encrypt(self.blob.sym_key,
self.blob.iv,
self.cleartext.getvalue(),
aead=preamble_without_size)
ciphertext = ciphertext + tag
# encode it
ciphertext = base64.urlsafe_b64encode(ciphertext)
preamble_without_size = base64.urlsafe_b64encode(preamble_without_size)
# decrypt it
ciphertext = preamble_without_size + ' ' + ciphertext
cleartext = yield _crypto.BlobDecryptor(self.doc_info,
BytesIO(ciphertext),
secret='A' * 96).decrypt()
assert cleartext.getvalue() == self.cleartext.getvalue()
warnings = self.flushWarnings()
assert len(warnings) == 1
assert 'legacy preamble without size' in warnings[0]['message']
