def test_crypto_secretstream_xchacha20poly1305_pull_incorrect_key(self): if not pysodium.sodium_version_check(1, 0, 15): return key = pysodium.crypto_secretstream_xchacha20poly1305_keygen() state, header = pysodium.crypto_secretstream_xchacha20poly1305_init_push(key) ciphertext = pysodium.crypto_secretstream_xchacha20poly1305_push(state, b"howdy", None, pysodium.crypto_secretstream_xchacha20poly1305_TAG_FINAL) bad_key = pysodium.crypto_secretstream_xchacha20poly1305_keygen() state2 = pysodium.crypto_secretstream_xchacha20poly1305_init_pull(header, bad_key) self.assertRaises(ValueError, pysodium.crypto_secretstream_xchacha20poly1305_pull, state2, ciphertext, None)
def test_crypto_secretstream_xchacha20poly1305_rekey(self): if not pysodium.sodium_version_check(1, 0, 15): return key = pysodium.crypto_secretstream_xchacha20poly1305_keygen() state, header = pysodium.crypto_secretstream_xchacha20poly1305_init_push( key) # Encrypt two messages with intermediate re-key ciphertext = pysodium.crypto_secretstream_xchacha20poly1305_push( state, b"Correct Horse Battery Staple", None, 0) pysodium.crypto_secretstream_xchacha20poly1305_rekey(state) ciphertext2 = pysodium.crypto_secretstream_xchacha20poly1305_push( state, b"howdy", None, pysodium.crypto_secretstream_xchacha20poly1305_TAG_FINAL) # Verify by decrypting them state2 = pysodium.crypto_secretstream_xchacha20poly1305_init_pull( header, key) msg, tag = pysodium.crypto_secretstream_xchacha20poly1305_pull( state2, ciphertext, None) pysodium.crypto_secretstream_xchacha20poly1305_rekey(state2) msg2, tag2 = pysodium.crypto_secretstream_xchacha20poly1305_pull( state2, ciphertext2, None) self.assertEqual(msg, b"Correct Horse Battery Staple") self.assertEqual(tag, 0) self.assertEqual(msg2, b"howdy") self.assertEqual( tag2, pysodium.crypto_secretstream_xchacha20poly1305_TAG_FINAL)
def test_streaming_pipeline_org(self): return crypt_key = pysodium.crypto_secretstream_xchacha20poly1305_keygen() print('upload...') upload = streaming_upload(client, bucket, key) crpt = encrypter(upload, crypt_key) upload.begin() pl_out = pipeline.build_pipeline_streaming('out', pl_format, config) with open('', 'rb') as fle: while True: chunk = fle.read(chunk_size) if chunk == "": break crpt.next_chunk(chunk) res = upload.finish() #--------------- print('download...') download = streaming_download(client, bucket, key, chunk_size) dcrpt = decrypter(download, crypt_key) with open('', 'wb') as fle: while True: res = dcrpt.next_chunk() if res == None: break fle.write(res)
def test_crypto_secretstream_xchacha20poly1305_pull_multiple(self): if not pysodium.sodium_version_check(1, 0, 15): return key = pysodium.crypto_secretstream_xchacha20poly1305_keygen() state, header = pysodium.crypto_secretstream_xchacha20poly1305_init_push( key) ciphertext = pysodium.crypto_secretstream_xchacha20poly1305_push( state, b"Correct Horse Battery Staple", None, 0) ciphertext2 = pysodium.crypto_secretstream_xchacha20poly1305_push( state, b"howdy", None, pysodium.crypto_secretstream_xchacha20poly1305_TAG_FINAL) # Verify decryption state2 = pysodium.crypto_secretstream_xchacha20poly1305_init_pull( header, key) msg, tag = pysodium.crypto_secretstream_xchacha20poly1305_pull( state2, ciphertext, None) msg2, tag2 = pysodium.crypto_secretstream_xchacha20poly1305_pull( state2, ciphertext2, None) self.assertEqual(msg, b"Correct Horse Battery Staple") self.assertEqual(tag, 0) self.assertEqual(msg2, b"howdy") self.assertEqual( tag2, pysodium.crypto_secretstream_xchacha20poly1305_TAG_FINAL)
def test_crypto_secretstream_xchacha20poly1305_pull_corrupted(self): if not pysodium.sodium_version_check(1, 0, 15): return key = pysodium.crypto_secretstream_xchacha20poly1305_keygen() state, header = pysodium.crypto_secretstream_xchacha20poly1305_init_push( key) ad = 'additional data' ciphertext = pysodium.crypto_secretstream_xchacha20poly1305_push( state, b"Correct Horse Battery Staple", ad, 0) # Verify error is raised if cypher text is changed state2 = pysodium.crypto_secretstream_xchacha20poly1305_init_pull( header, key) self.assertRaises(ValueError, pysodium.crypto_secretstream_xchacha20poly1305_pull, state2, ciphertext + 'this is a corruption'.encode(), ad) # Verify error is raised if additional data is changed ad2 = 'this is not the same' state2 = pysodium.crypto_secretstream_xchacha20poly1305_init_pull( header, key) self.assertRaises(ValueError, pysodium.crypto_secretstream_xchacha20poly1305_pull, state2, ciphertext, ad2)
def test_simple_pipeline_encrypt(self): config = { 'crypto': { 'encrypt_opts': {}, 'stream_crypt_key': pysodium.crypto_secretstream_xchacha20poly1305_keygen() } } meta_pl_format = pipeline.get_default_pipeline_format() meta_pl_format['format'].update( {'encrypt': config['crypto']['encrypt_opts']}) data_in = b'some data input' #------- pl_out = pipeline.build_pipeline(write_helper, 'out') meta = { 'path': 'test', 'header': pipeline.serialise_pipeline_format(meta_pl_format) } meta2 = pl_out(data_in, meta, config) self.assertNotEqual(data_in, meta2['data']) #------- pl_in = pipeline.build_pipeline(read_helper, 'in') data_out, meta3 = pl_in(meta2, config) self.assertEqual(data_in, data_out)
def prepare_pack_recipient_keys(to_verkeys: Sequence[bytes], from_secret: bytes = None) -> (str, bytes): """ Assemble the recipients block of a packed message. Args: to_verkeys: Verkeys of recipients from_secret: Secret to use for signing keys Returns: A tuple of (json result, key) """ cek = pysodium.crypto_secretstream_xchacha20poly1305_keygen() recips = [] for target_vk in to_verkeys: target_pk = pysodium.crypto_sign_pk_to_box_pk(target_vk) if from_secret: sender_pk, sender_sk = create_keypair(from_secret) sender_vk = bytes_to_b58(sender_pk).encode("ascii") enc_sender = pysodium.crypto_box_seal(sender_vk, target_pk) sk = pysodium.crypto_sign_sk_to_box_sk(sender_sk) nonce = pysodium.randombytes(pysodium.crypto_box_NONCEBYTES) enc_cek = pysodium.crypto_box(cek, nonce, target_pk, sk) else: enc_sender = None nonce = None enc_cek = pysodium.crypto_box_seal(cek, target_pk) recips.append( OrderedDict([ ("encrypted_key", bytes_to_b64(enc_cek, urlsafe=True)), ( "header", OrderedDict([ ("kid", bytes_to_b58(target_vk)), ( "sender", bytes_to_b64(enc_sender, urlsafe=True) if enc_sender else None, ), ( "iv", bytes_to_b64(nonce, urlsafe=True) if nonce else None, ), ]), ), ])) data = OrderedDict([ ("enc", "xchacha20poly1305_ietf"), ("typ", "JWM/1.0"), ("alg", "Authcrypt" if from_secret else "Anoncrypt"), ("recipients", recips), ]) return json.dumps(data), cek
def test_crypto_secretstream_xchacha20poly1305_init_pull(self): if not pysodium.sodium_version_check(1, 0, 15): return key = pysodium.crypto_secretstream_xchacha20poly1305_keygen() state, header = pysodium.crypto_secretstream_xchacha20poly1305_init_push( key) state2 = pysodium.crypto_secretstream_xchacha20poly1305_init_pull( header, key)
def test_crypto_secretstream_xchacha20poly1305_push(self): if not pysodium.sodium_version_check(1, 0, 15): return key = pysodium.crypto_secretstream_xchacha20poly1305_keygen() state, header = pysodium.crypto_secretstream_xchacha20poly1305_init_push( key) ciphertext = pysodium.crypto_secretstream_xchacha20poly1305_push( state, b"howdy", None, 0)
def test_crypto_secretstream_xchacha20poly1305_pull_changed_ad(self): if not pysodium.sodium_version_check(1, 0, 15): return key = pysodium.crypto_secretstream_xchacha20poly1305_keygen() state, header = pysodium.crypto_secretstream_xchacha20poly1305_init_push(key) ciphertext = pysodium.crypto_secretstream_xchacha20poly1305_push(state, b"howdy", b"some data", pysodium.crypto_secretstream_xchacha20poly1305_TAG_FINAL) state2 = pysodium.crypto_secretstream_xchacha20poly1305_init_pull(header, key) self.assertRaises(ValueError, pysodium.crypto_secretstream_xchacha20poly1305_pull, state2, ciphertext, b"different data")
def test_crypto_secretstream_xchacha20poly1305_out_of_order_messeges(self): if not pysodium.sodium_version_check(1, 0, 15): return key = pysodium.crypto_secretstream_xchacha20poly1305_keygen() state, header = pysodium.crypto_secretstream_xchacha20poly1305_init_push(key) ciphertext = pysodium.crypto_secretstream_xchacha20poly1305_push(state, b"Correct Horse Battery Staple", None, 0) ciphertext2 = pysodium.crypto_secretstream_xchacha20poly1305_push(state, b"howdy", None, pysodium.crypto_secretstream_xchacha20poly1305_TAG_FINAL) # Decrypting the second message first should fail state2 = pysodium.crypto_secretstream_xchacha20poly1305_init_pull(header, key) self.assertRaises(ValueError, pysodium.crypto_secretstream_xchacha20poly1305_pull, state2, ciphertext2, None)
def test_crypto_secretstream_xchacha20poly1305_pull(self): if not pysodium.sodium_version_check(1, 0, 15): return key = pysodium.crypto_secretstream_xchacha20poly1305_keygen() state, header = pysodium.crypto_secretstream_xchacha20poly1305_init_push(key) ciphertext = pysodium.crypto_secretstream_xchacha20poly1305_push(state, b"howdy", None, pysodium.crypto_secretstream_xchacha20poly1305_TAG_FINAL) state2 = pysodium.crypto_secretstream_xchacha20poly1305_init_pull(header, key) msg, tag = pysodium.crypto_secretstream_xchacha20poly1305_pull(state2, ciphertext, None) self.assertEqual(msg, b"howdy") self.assertEqual(tag, pysodium.crypto_secretstream_xchacha20poly1305_TAG_FINAL)
def test_crypto_secretstream_xchacha20poly1305_missing_rekey(self): if not pysodium.sodium_version_check(1, 0, 15): return key = pysodium.crypto_secretstream_xchacha20poly1305_keygen() state, header = pysodium.crypto_secretstream_xchacha20poly1305_init_push(key) # Encrypt two messages with intermediate re-key ciphertext = pysodium.crypto_secretstream_xchacha20poly1305_push(state, b"Correct Horse Battery Staple", None, 0) pysodium.crypto_secretstream_xchacha20poly1305_rekey(state) ciphertext2 = pysodium.crypto_secretstream_xchacha20poly1305_push(state, b"howdy", None, pysodium.crypto_secretstream_xchacha20poly1305_TAG_FINAL) state2 = pysodium.crypto_secretstream_xchacha20poly1305_init_pull(header, key) msg, tag = pysodium.crypto_secretstream_xchacha20poly1305_pull(state2, ciphertext, None) # re-key should be here, so following call should fail self.assertRaises(ValueError, pysodium.crypto_secretstream_xchacha20poly1305_pull, state2, ciphertext2, None)
def test_crypto_secretstream_xchacha20poly1305_pull_corrupted(self): if not pysodium.sodium_version_check(1, 0, 15): return key = pysodium.crypto_secretstream_xchacha20poly1305_keygen() state, header = pysodium.crypto_secretstream_xchacha20poly1305_init_push(key) ad = 'additional data' ciphertext = pysodium.crypto_secretstream_xchacha20poly1305_push(state, b"Correct Horse Battery Staple", ad, 0) # Verify error is raised if cypher text is changed state2 = pysodium.crypto_secretstream_xchacha20poly1305_init_pull(header, key) self.assertRaises(ValueError, pysodium.crypto_secretstream_xchacha20poly1305_pull, state2, ciphertext + 'this is a corruption'.encode(), ad) # Verify error is raised if additional data is changed ad2 = 'this is not the same' state2 = pysodium.crypto_secretstream_xchacha20poly1305_init_pull(header, key) self.assertRaises(ValueError, pysodium.crypto_secretstream_xchacha20poly1305_pull, state2, ciphertext, ad2)
def test_crypto_secretstream_xchacha20poly1305_pull_multiple(self): if not pysodium.sodium_version_check(1, 0, 15): return key = pysodium.crypto_secretstream_xchacha20poly1305_keygen() state, header = pysodium.crypto_secretstream_xchacha20poly1305_init_push(key) ciphertext = pysodium.crypto_secretstream_xchacha20poly1305_push(state, b"Correct Horse Battery Staple", None, 0) ciphertext2 = pysodium.crypto_secretstream_xchacha20poly1305_push(state, b"howdy", None, pysodium.crypto_secretstream_xchacha20poly1305_TAG_FINAL) # Verify decryption state2 = pysodium.crypto_secretstream_xchacha20poly1305_init_pull(header, key) msg, tag = pysodium.crypto_secretstream_xchacha20poly1305_pull(state2, ciphertext, None) msg2, tag2 = pysodium.crypto_secretstream_xchacha20poly1305_pull(state2, ciphertext2, None) self.assertEqual(msg, b"Correct Horse Battery Staple") self.assertEqual(tag, 0) self.assertEqual(msg2, b"howdy") self.assertEqual(tag2, pysodium.crypto_secretstream_xchacha20poly1305_TAG_FINAL)
def test_crypto_secretstream_xchacha20poly1305_rekey(self): if not pysodium.sodium_version_check(1, 0, 15): return key = pysodium.crypto_secretstream_xchacha20poly1305_keygen() state, header = pysodium.crypto_secretstream_xchacha20poly1305_init_push(key) # Encrypt two messages with intermediate re-key ciphertext = pysodium.crypto_secretstream_xchacha20poly1305_push(state, b"Correct Horse Battery Staple", None, 0) pysodium.crypto_secretstream_xchacha20poly1305_rekey(state) ciphertext2 = pysodium.crypto_secretstream_xchacha20poly1305_push(state, b"howdy", None, pysodium.crypto_secretstream_xchacha20poly1305_TAG_FINAL) # Verify by decrypting them state2 = pysodium.crypto_secretstream_xchacha20poly1305_init_pull(header, key) msg, tag = pysodium.crypto_secretstream_xchacha20poly1305_pull(state2, ciphertext, None) pysodium.crypto_secretstream_xchacha20poly1305_rekey(state2) msg2, tag2 = pysodium.crypto_secretstream_xchacha20poly1305_pull(state2, ciphertext2, None) self.assertEqual(msg, b"Correct Horse Battery Staple") self.assertEqual(tag, 0) self.assertEqual(msg2, b"howdy") self.assertEqual(tag2, pysodium.crypto_secretstream_xchacha20poly1305_TAG_FINAL)
def test_crypto_secretstream_xchacha20poly1305_push(self): if not pysodium.sodium_version_check(1, 0, 15): return key = pysodium.crypto_secretstream_xchacha20poly1305_keygen() state, header = pysodium.crypto_secretstream_xchacha20poly1305_init_push(key) ciphertext = pysodium.crypto_secretstream_xchacha20poly1305_push(state, b"howdy", None, 0)
def test_crypto_secretstream_xchacha20poly1305_init_pull(self): if not pysodium.sodium_version_check(1, 0, 15): return key = pysodium.crypto_secretstream_xchacha20poly1305_keygen() state, header = pysodium.crypto_secretstream_xchacha20poly1305_init_push(key) state2 = pysodium.crypto_secretstream_xchacha20poly1305_init_pull(header, key)
def test_crypto_secretstream_xchacha20poly1305_keygen(self): if not pysodium.sodium_version_check(1, 0, 15): return key = pysodium.crypto_secretstream_xchacha20poly1305_keygen() self.assertEqual(len(key), 32)
def prepare_pack_recipient_keys(to_verkeys: Sequence[bytes], from_verkey: bytes = None, from_sigkey: bytes = None) -> (str, bytes): """ Assemble the recipients block of a packed message. Args: to_verkeys: Verkeys of recipients from_verkey: Sender Verkey needed to authcrypt package from_sigkey: Sender Sigkey needed to authcrypt package Returns: A tuple of (json result, key) """ if from_verkey is not None and from_sigkey is None or \ from_sigkey is not None and from_verkey is None: raise CryptoError( 'Both verkey and sigkey needed to authenticated encrypt message') cek = pysodium.crypto_secretstream_xchacha20poly1305_keygen() recips = [] for target_vk in to_verkeys: target_pk = pysodium.crypto_sign_pk_to_box_pk(target_vk) if from_verkey: sender_vk = bytes_to_b58(from_verkey).encode("ascii") enc_sender = pysodium.crypto_box_seal(sender_vk, target_pk) sk = pysodium.crypto_sign_sk_to_box_sk(from_sigkey) nonce = pysodium.randombytes(pysodium.crypto_box_NONCEBYTES) enc_cek = pysodium.crypto_box(cek, nonce, target_pk, sk) else: enc_sender = None nonce = None enc_cek = pysodium.crypto_box_seal(cek, target_pk) recips.append( OrderedDict([ ("encrypted_key", bytes_to_b64(enc_cek, urlsafe=True)), ( "header", OrderedDict([ ("kid", bytes_to_b58(target_vk)), ( "sender", bytes_to_b64(enc_sender, urlsafe=True) if enc_sender else None, ), ( "iv", bytes_to_b64(nonce, urlsafe=True) if nonce else None, ), ]), ), ])) data = OrderedDict([ ("enc", "xchacha20poly1305_ietf"), ("typ", "JWM/1.0"), ("alg", "Authcrypt" if from_verkey else "Anoncrypt"), ("recipients", recips), ]) return json.dumps(data), cek