def test_aesgcm_missing_iv_on_decrypt():
encrypter = AES_GCMEncrypter(bit_length=192)
enc_msg = encrypter.encrypt(b"Murder must advertise.",
b"Dorothy L. Sayers")
ctx, tag = split_ctx_and_tag(enc_msg)
with pytest.raises(ValueError):
encrypter.decrypt(ctx, tag=tag)
def test_aesgcm_bit_length():
encrypter = AES_GCMEncrypter(bit_length=192)
enc_msg = encrypter.encrypt(b'Murder must advertise.',
b'Dorothy L. Sayers')
ctx, tag = split_ctx_and_tag(enc_msg)
_msg = encrypter.decrypt(ctx, iv=b'Dorothy L. Sayers', tag=tag)
assert _msg == b'Murder must advertise.'
def ver_dec_content(parts, sign_key=None, enc_key=None, sign_alg="SHA256"):
"""
Verifies the value of a cookie
:param parts: The parts of the payload
:param sign_key: A :py:class:`cryptojwt.jwk.hmac.SYMKey` instance
:param enc_key: A :py:class:`cryptojwt.jwk.hmac.SYMKey` instance
:param sign_alg: Which signing algorithm to was used
:return: A tuple with basic information and a timestamp
"""
if parts is None:
return None
elif len(parts) == 3:
# verify the cookie signature
timestamp, load, b64_mac = parts
mac = base64.b64decode(b64_mac)
verifier = HMACSigner(algorithm=sign_alg)
if verifier.verify(
load.encode("utf-8") + timestamp.encode("utf-8"), mac, sign_key.key
):
return load, timestamp
else:
raise VerificationError()
elif len(parts) == 4:
b_timestamp = parts[0]
iv = base64.b64decode(parts[1])
ciphertext = base64.b64decode(parts[2])
tag = base64.b64decode(parts[3])
decrypter = AES_GCMEncrypter(key=enc_key.key)
msg = decrypter.decrypt(ciphertext, iv, tag=tag)
p = lv_unpack(msg.decode("utf-8"))
load = p[0]
timestamp = p[1]
if len(p) == 3:
verifier = HMACSigner(algorithm=sign_alg)
if verifier.verify(
load.encode("utf-8") + timestamp.encode("utf-8"),
base64.b64decode(p[2]),
sign_key.key,
):
return load, timestamp
else:
return load, timestamp
return None
def _decrypt_sid(self, enc_msg):
_msg = b64d(as_bytes(enc_msg))
encrypter = AES_GCMEncrypter(key=as_bytes(self.server_get("endpoint_context").symkey))
ctx, tag = split_ctx_and_tag(_msg)
return as_unicode(encrypter.decrypt(as_bytes(ctx), iv=self.iv, tag=as_bytes(tag)))