def test_decrypt_ciphertext_is_too_short(self):
aes_key = AESKey.generate()
plaintext = 'hello world ponies 1'
encrypted = cryptography_symmetric_encrypt(aes_key, plaintext)
# Verify original non manipulated value can be decrypted
decrypted = cryptography_symmetric_decrypt(aes_key, encrypted)
self.assertEqual(decrypted, plaintext)
# Corrupt / shortern the encrypted data
encrypted_malformed = binascii.unhexlify(encrypted)
header = encrypted_malformed[:KEYCZAR_HEADER_SIZE]
encrypted_malformed = encrypted_malformed[KEYCZAR_HEADER_SIZE:]
# Remove 40 bytes from ciphertext bytes
encrypted_malformed = encrypted_malformed[40:]
# Add back header
encrypted_malformed = header + encrypted_malformed
encrypted_malformed = binascii.hexlify(encrypted_malformed)
# Verify corrupted value results in an excpetion
expected_msg = 'Invalid or malformed ciphertext'
self.assertRaisesRegexp(ValueError, expected_msg,
cryptography_symmetric_decrypt, aes_key,
encrypted_malformed)
def test_decrypt_ciphertext_is_too_short(self):
aes_key = AESKey.generate()
plaintext = 'hello world ponies 1'
encrypted = cryptography_symmetric_encrypt(aes_key, plaintext)
# Verify original non manipulated value can be decrypted
decrypted = cryptography_symmetric_decrypt(aes_key, encrypted)
self.assertEqual(decrypted, plaintext)
# Corrupt / shortern the encrypted data
encrypted_malformed = binascii.unhexlify(encrypted)
header = encrypted_malformed[:KEYCZAR_HEADER_SIZE]
encrypted_malformed = encrypted_malformed[KEYCZAR_HEADER_SIZE:]
# Remove 40 bytes from ciphertext bytes
encrypted_malformed = encrypted_malformed[40:]
# Add back header
encrypted_malformed = header + encrypted_malformed
encrypted_malformed = binascii.hexlify(encrypted_malformed)
# Verify corrupted value results in an excpetion
expected_msg = 'Invalid or malformed ciphertext'
self.assertRaisesRegexp(ValueError, expected_msg, cryptography_symmetric_decrypt,
aes_key, encrypted_malformed)
def test_symmetric_encrypt_decrypt_cryptography(self):
key = AESKey.generate()
plaintexts = [
'a b c', 'ab', 'hello foo', 'hell', 'bar5'
'hello hello bar bar hello', 'a', '', 'c'
]
for plaintext in plaintexts:
encrypted = cryptography_symmetric_encrypt(key, plaintext)
decrypted = cryptography_symmetric_decrypt(key, encrypted)
self.assertEqual(decrypted, plaintext)
def test_symmetric_encrypt_decrypt_roundtrips_1(self):
encrypt_keys = [
AESKey.generate(),
AESKey.generate(),
AESKey.generate(),
AESKey.generate()
]
# Verify all keys are unique
aes_key_strings = set()
hmac_key_strings = set()
for key in encrypt_keys:
aes_key_strings.add(key.aes_key_string)
hmac_key_strings.add(key.hmac_key_string)
self.assertEqual(len(aes_key_strings), 4)
self.assertEqual(len(hmac_key_strings), 4)
plaintext = 'hello world test dummy 8 9 5 1 bar2'
# Verify that round trips work and that cryptography based primitives are fully compatible
# with keyczar format
count = 0
for key in encrypt_keys:
data_enc_keyczar = keyczar_symmetric_encrypt(key, plaintext)
data_enc_cryptography = cryptography_symmetric_encrypt(
key, plaintext)
self.assertNotEqual(data_enc_keyczar, data_enc_cryptography)
data_dec_keyczar_keyczar = keyczar_symmetric_decrypt(
key, data_enc_keyczar)
data_dec_keyczar_cryptography = keyczar_symmetric_decrypt(
key, data_enc_cryptography)
self.assertEqual(data_dec_keyczar_keyczar, plaintext)
self.assertEqual(data_dec_keyczar_cryptography, plaintext)
data_dec_cryptography_cryptography = cryptography_symmetric_decrypt(
key, data_enc_cryptography)
data_dec_cryptography_keyczar = cryptography_symmetric_decrypt(
key, data_enc_keyczar)
self.assertEqual(data_dec_cryptography_cryptography, plaintext)
self.assertEqual(data_dec_cryptography_keyczar, plaintext)
count += 1
self.assertEqual(count, 4)
def test_symmetric_encrypt_decrypt_roundtrips_1(self):
encrypt_keys = [
AESKey.generate(),
AESKey.generate(),
AESKey.generate(),
AESKey.generate()
]
# Verify all keys are unique
aes_key_strings = set()
hmac_key_strings = set()
for key in encrypt_keys:
aes_key_strings.add(key.aes_key_string)
hmac_key_strings.add(key.hmac_key_string)
self.assertEqual(len(aes_key_strings), 4)
self.assertEqual(len(hmac_key_strings), 4)
plaintext = 'hello world test dummy 8 9 5 1 bar2'
# Verify that round trips work and that cryptography based primitives are fully compatible
# with keyczar format
count = 0
for key in encrypt_keys:
data_enc_keyczar = keyczar_symmetric_encrypt(key, plaintext)
data_enc_cryptography = cryptography_symmetric_encrypt(key, plaintext)
self.assertNotEqual(data_enc_keyczar, data_enc_cryptography)
data_dec_keyczar_keyczar = keyczar_symmetric_decrypt(key, data_enc_keyczar)
data_dec_keyczar_cryptography = keyczar_symmetric_decrypt(key, data_enc_cryptography)
self.assertEqual(data_dec_keyczar_keyczar, plaintext)
self.assertEqual(data_dec_keyczar_cryptography, plaintext)
data_dec_cryptography_cryptography = cryptography_symmetric_decrypt(key,
data_enc_cryptography)
data_dec_cryptography_keyczar = cryptography_symmetric_decrypt(key, data_enc_keyczar)
self.assertEqual(data_dec_cryptography_cryptography, plaintext)
self.assertEqual(data_dec_cryptography_keyczar, plaintext)
count += 1
self.assertEqual(count, 4)
def test_symmetric_encrypt_decrypt_cryptography(self):
key = AESKey.generate()
plaintexts = [
'a b c',
'ab',
'hello foo',
'hell',
'bar5'
'hello hello bar bar hello',
'a',
'',
'c'
]
for plaintext in plaintexts:
encrypted = cryptography_symmetric_encrypt(key, plaintext)
decrypted = cryptography_symmetric_decrypt(key, encrypted)
self.assertEqual(decrypted, plaintext)
def test_exception_is_thrown_on_invalid_hmac_signature(self):
aes_key = AESKey.generate()
plaintext = 'hello world ponies 2'
encrypted = cryptography_symmetric_encrypt(aes_key, plaintext)
# Verify original non manipulated value can be decrypted
decrypted = cryptography_symmetric_decrypt(aes_key, encrypted)
self.assertEqual(decrypted, plaintext)
# Corrupt the HMAC signature (last part is the HMAC signature)
encrypted_malformed = binascii.unhexlify(encrypted)
encrypted_malformed = encrypted_malformed[:-3]
encrypted_malformed += b'abc'
encrypted_malformed = binascii.hexlify(encrypted_malformed)
# Verify corrupted value results in an excpetion
expected_msg = 'Signature did not match digest'
self.assertRaisesRegexp(InvalidSignature, expected_msg, cryptography_symmetric_decrypt,
aes_key, encrypted_malformed)
def test_exception_is_thrown_on_invalid_hmac_signature(self):
aes_key = AESKey.generate()
plaintext = 'hello world ponies 2'
encrypted = cryptography_symmetric_encrypt(aes_key, plaintext)
# Verify original non manipulated value can be decrypted
decrypted = cryptography_symmetric_decrypt(aes_key, encrypted)
self.assertEqual(decrypted, plaintext)
# Corrupt the HMAC signature (last part is the HMAC signature)
encrypted_malformed = binascii.unhexlify(encrypted)
encrypted_malformed = encrypted_malformed[:-3]
encrypted_malformed += b'abc'
encrypted_malformed = binascii.hexlify(encrypted_malformed)
# Verify corrupted value results in an excpetion
expected_msg = 'Signature did not match digest'
self.assertRaisesRegexp(InvalidSignature, expected_msg,
cryptography_symmetric_decrypt, aes_key,
encrypted_malformed)