def test_encrypt(self): if not imports_ok: self.skipTest("Dogtag imports not available") payload = 'encrypt me!!' encrypt_dto = plugin_import.EncryptDTO(payload) self.plugin.encrypt(encrypt_dto, mock.MagicMock(), mock.MagicMock()) self.keyclient_mock.archive_key.assert_called_once_with( mock.ANY, "passPhrase", payload, key_algorithm=None, key_size=None)
def test_random_bytes_encryption(self): unencrypted = os.urandom(10) encrypt_dto = plugin.EncryptDTO(unencrypted) response_dto = self.plugin.encrypt(encrypt_dto, mock.MagicMock(), mock.MagicMock()) decrypt_dto = plugin.DecryptDTO(response_dto.cypher_text) decrypted = self.plugin.decrypt(decrypt_dto, mock.MagicMock(), response_dto.kek_meta_extended, mock.MagicMock()) self.assertEqual(unencrypted, decrypted)
def test_byte_string_encryption(self): unencrypted = b'some_secret' encrypt_dto = plugin.EncryptDTO(unencrypted) response_dto = self.plugin.encrypt(encrypt_dto, mock.MagicMock(), mock.MagicMock()) decrypt_dto = plugin.DecryptDTO(response_dto.cypher_text) decrypted = self.plugin.decrypt(decrypt_dto, mock.MagicMock(), response_dto.kek_meta_extended, mock.MagicMock()) self.assertEqual(unencrypted, decrypted)
def test_encrypt_unicode_raises_value_error(self): unencrypted = u'unicode_beer\U0001F37A' encrypt_dto = plugin.EncryptDTO(unencrypted) secret = mock.MagicMock() secret.mime_type = 'text/plain' self.assertRaises( ValueError, self.plugin.encrypt, encrypt_dto, mock.MagicMock(), mock.MagicMock(), )
def encrypt(self, unencrypted, content_type, content_encoding, secret, tenant, kek_repo, enforce_text_only=False): """Delegates encryption to first plugin that supports it.""" if len(self.extensions) < 1: raise CryptoPluginNotFound() for ext in self.extensions: if ext.obj.supports(plugin_mod.PluginSupportTypes.ENCRYPT_DECRYPT): encrypting_plugin = ext.obj break else: raise CryptoSupportedPluginNotFound() unencrypted, content_type = normalize_before_encryption( unencrypted, content_type, content_encoding, enforce_text_only=enforce_text_only) # Find or create a key encryption key metadata. kek_datum, kek_meta_dto = self._find_or_create_kek_objects( encrypting_plugin, tenant, kek_repo) encrypt_dto = plugin_mod.EncryptDTO(unencrypted) # Create an encrypted datum instance and add the encrypted cypher text. datum = models.EncryptedDatum(secret, kek_datum) datum.content_type = content_type response_dto = encrypting_plugin.encrypt(encrypt_dto, kek_meta_dto, tenant.keystone_id) datum.cypher_text = response_dto.cypher_text datum.kek_meta_extended = response_dto.kek_meta_extended # Convert binary data into a text-based format. #TODO(jwood) Figure out by storing binary (BYTEA) data in Postgres # isn't working. datum.cypher_text = base64.b64encode(datum.cypher_text) return datum
def test_encrypt(self): key = 'key1' payload = 'encrypt me!!' self.session.findObjects.return_value = [key] self.session.generateRandom.return_value = [ 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 ] mech = mock.MagicMock() self.p11_mock.Mechanism.return_value = mech self.session.encrypt.return_value = [1, 2, 3, 4, 5] encrypt_dto = plugin_import.EncryptDTO(payload) response_dto = self.plugin.encrypt(encrypt_dto, mock.MagicMock(), mock.MagicMock()) self.session.encrypt.assert_called_once_with(key, payload, mech) self.assertEqual(b'\x01\x02\x03\x04\x05', response_dto.cypher_text) self.assertEqual('{"iv": "AQIDBAUGBwgJCgsMDQ4PEA=="}', response_dto.kek_meta_extended)
def generate_symmetric(self, generate_dto, kek_meta_dto, keystone_id): byte_length = generate_dto.bit_length / 8 rand = self.session.generateRandom(byte_length) if len(rand) != byte_length: raise P11CryptoPluginException() return self.encrypt(plugin.EncryptDTO(rand), kek_meta_dto, keystone_id)