def test_01_encrypt_decrypt(self): """ Test basic encryption and decryption functionality using a random master key. """ plaintext = string.printable * 2 secret_key = generate_random_key() s = Secret(plaintext=plaintext) s.encrypt(secret_key) # Ensure plaintext is deleted upon encryption self.assertIsNone(s.plaintext, "Plaintext must be None after encrypting.") # Enforce minimum ciphertext length self.assertGreaterEqual(len(s.ciphertext), 80, "Ciphertext must be at least 80 bytes (16B IV + 64B+ ciphertext") # Ensure proper hashing algorithm is used hasher, iterations, salt, sha256 = s.hash.split('$') self.assertEqual(hasher, 'pbkdf2_sha256', "Hashing algorithm has been modified to: {}".format(hasher)) self.assertGreaterEqual(int(iterations), SecretValidationHasher.iterations, "Insufficient iteration count ({}) for hash".format(iterations)) self.assertGreaterEqual(len(salt), 12, "Hash salt is too short ({} chars)".format(len(salt))) # Test hash validation self.assertTrue(s.validate(plaintext), "Plaintext does not validate against the generated hash") self.assertFalse(s.validate(""), "Empty plaintext validated against hash") self.assertFalse(s.validate("Invalid plaintext"), "Invalid plaintext validated against hash") # Test decryption s.decrypt(secret_key) self.assertEqual(plaintext, s.plaintext, "Decrypting Secret returned incorrect plaintext")
def test_01_encrypt_decrypt(self): """ Test basic encryption and decryption functionality using a random master key. """ plaintext = "FooBar123" secret_key = generate_random_key() s = Secret(plaintext=plaintext) s.encrypt(secret_key) # Ensure plaintext is deleted upon encryption self.assertIsNone(s.plaintext, "Plaintext must be None after encrypting.") # Enforce minimum ciphertext length self.assertGreaterEqual(len(s.ciphertext), 80, "Ciphertext must be at least 80 bytes (16B IV + 64B+ ciphertext") # Ensure proper hashing algorithm is used hasher, iterations, salt, sha256 = s.hash.split('$') self.assertEqual(hasher, 'pbkdf2_sha256', "Hashing algorithm has been modified to: {}".format(hasher)) self.assertGreaterEqual(int(iterations), SecretValidationHasher.iterations, "Insufficient iteration count ({}) for hash".format(iterations)) self.assertGreaterEqual(len(salt), 12, "Hash salt is too short ({} chars)".format(len(salt))) # Test hash validation self.assertTrue(s.validate(plaintext), "Plaintext does not validate against the generated hash") self.assertFalse(s.validate(""), "Empty plaintext validated against hash") self.assertFalse(s.validate("Invalid plaintext"), "Invalid plaintext validated against hash") # Test decryption s.decrypt(secret_key) self.assertEqual(plaintext, s.plaintext, "Decrypting Secret returned incorrect plaintext")
def test_minimum_length(self): """ Test enforcement of the minimum length for ciphertexts. """ plaintext = 'A' # One-byte plaintext secret = Secret(plaintext=plaintext) secret.encrypt(self.secret_key) # 16B IV + 2B length + 1B secret + 61B padding = 80 bytes self.assertEqual(len(secret.ciphertext), 80) self.assertIsNone(secret.plaintext) secret.decrypt(self.secret_key) self.assertEqual(secret.plaintext, plaintext)
def test_maximum_length(self): """ Test encrypting a plaintext value of the maximum length. """ plaintext = '0123456789abcdef' * 4096 plaintext = plaintext[:65535] # 65,535 chars secret = Secret(plaintext=plaintext) secret.encrypt(self.secret_key) # 16B IV + 2B length + 65535B secret + 15B padding = 65568 bytes self.assertEqual(len(secret.ciphertext), 65568) self.assertIsNone(secret.plaintext) secret.decrypt(self.secret_key) self.assertEqual(secret.plaintext, plaintext)