def test_prep_non_framed(self):
test_decryptor = StreamDecryptor(key_provider=self.mock_key_provider,
source=self.mock_input_stream)
test_decryptor._header = self.mock_header
test_decryptor.verifier = sentinel.verifier
test_decryptor._derived_data_key = sentinel.derived_data_key
test_decryptor._prep_non_framed()
self.mock_deserialize_non_framed_values.assert_called_once_with(
stream=self.mock_input_stream,
header=self.mock_header,
verifier=sentinel.verifier)
assert test_decryptor.body_length == len(VALUES['data_128'])
self.mock_get_aad_content_string.assert_called_once_with(
content_type=self.mock_header.content_type, is_final_frame=True)
self.mock_assemble_content_aad.assert_called_once_with(
message_id=self.mock_header.message_id,
aad_content_string=sentinel.aad_content_string,
seq_num=1,
length=len(VALUES['data_128']))
self.mock_decryptor.assert_called_once_with(
algorithm=self.mock_header.algorithm,
key=sentinel.derived_data_key,
associated_data=sentinel.associated_data,
iv=sentinel.iv,
tag=sentinel.tag)
assert test_decryptor.decryptor is self.mock_decryptor_instance
assert test_decryptor.body_start == 0
assert test_decryptor.body_end == len(VALUES['data_128'])
def test_read_bytes_from_framed_body_single_frame(self):
ct_stream = io.BytesIO(VALUES["data_128"])
test_decryptor = StreamDecryptor(
materials_manager=self.mock_materials_manager,
source=ct_stream,
commitment_policy=self.mock_commitment_policy,
)
test_decryptor.verifier = MagicMock()
test_decryptor.data_key = MagicMock()
test_decryptor._header = self.mock_header
test_decryptor._derived_data_key = sentinel.derived_data_key
frame_data = MagicMock()
frame_data.sequence_number = 1
frame_data.final_frame = False
frame_data.ciphertext = b"asdfzxcv"
self.mock_deserialize_frame.return_value = (frame_data, False)
self.mock_get_aad_content_string.return_value = sentinel.aad_content_string
self.mock_assemble_content_aad.return_value = sentinel.associated_data
self.mock_decrypt.return_value = b"1234"
test = test_decryptor._read_bytes_from_framed_body(4)
self.mock_deserialize_frame.assert_called_once_with(
stream=test_decryptor.source_stream,
header=test_decryptor._header,
verifier=test_decryptor.verifier)
assert not self.mock_deserialize_footer.called
assert test == b"1234"
def test_read_bytes_from_non_framed_finalize(self):
ct_stream = io.BytesIO(VALUES["data_128"])
test_decryptor = StreamDecryptor(
materials_manager=self.mock_materials_manager,
source=ct_stream,
commitment_policy=self.mock_commitment_policy,
)
test_decryptor.body_length = len(VALUES["data_128"])
test_decryptor.decryptor = self.mock_decryptor_instance
test_decryptor.verifier = MagicMock()
test_decryptor._header = self.mock_header
test_decryptor._derived_data_key = sentinel.derived_data_key
test_decryptor._unframed_body_iv = sentinel.unframed_body_iv
self.mock_decryptor_instance.update.return_value = b"1234"
self.mock_decryptor_instance.finalize.return_value = b"5678"
test = test_decryptor._read_bytes_from_non_framed_body(
len(VALUES["data_128"]) + 1)
test_decryptor.verifier.update.assert_called_once_with(
VALUES["data_128"])
self.mock_decryptor_instance.update.assert_called_once_with(
VALUES["data_128"])
self.mock_deserialize_footer.assert_called_once_with(
stream=test_decryptor.source_stream,
verifier=test_decryptor.verifier)
assert test == b"12345678"
def test_read_bytes_from_framed_body_single_frame(self):
ct_stream = io.BytesIO(VALUES['data_128'])
test_decryptor = StreamDecryptor(
key_provider=self.mock_key_provider,
source=ct_stream
)
test_decryptor.verifier = MagicMock()
test_decryptor.data_key = MagicMock()
test_decryptor._header = self.mock_header
frame_data = MagicMock()
frame_data.sequence_number = 1
frame_data.final_frame = False
frame_data.ciphertext = b'asdfzxcv'
self.mock_deserialize_frame.return_value = (frame_data, False)
self.mock_get_aad_content_string.return_value = sentinel.aad_content_string
self.mock_assemble_content_aad.return_value = sentinel.associated_data
self.mock_decrypt.return_value = b'1234'
test = test_decryptor._read_bytes_from_framed_body(4)
self.mock_deserialize_frame.assert_called_once_with(
stream=test_decryptor.source_stream,
header=test_decryptor._header,
verifier=test_decryptor.verifier
)
assert not self.mock_deserialize_footer.called
assert not test_decryptor.source_stream.closed
assert test == b'1234'
def test_read_bytes_from_non_framed_finalize(self):
ct_stream = io.BytesIO(VALUES['data_128'])
test_decryptor = StreamDecryptor(
key_provider=self.mock_key_provider,
source=ct_stream
)
test_decryptor.body_start = 0
test_decryptor.body_length = test_decryptor.body_end = len(VALUES['data_128'])
test_decryptor.decryptor = self.mock_decryptor_instance
test_decryptor.verifier = MagicMock()
test_decryptor._header = self.mock_header
self.mock_decryptor_instance.update.return_value = b'1234'
self.mock_decryptor_instance.finalize.return_value = b'5678'
test = test_decryptor._read_bytes_from_non_framed_body(len(VALUES['data_128']) + 1)
test_decryptor.verifier.update.assert_called_once_with(VALUES['data_128'])
self.mock_decryptor_instance.update.assert_called_once_with(VALUES['data_128'])
self.mock_update_verifier_with_tag.assert_called_once_with(
stream=test_decryptor.source_stream,
header=test_decryptor._header,
verifier=test_decryptor.verifier
)
self.mock_deserialize_footer.assert_called_once_with(
stream=test_decryptor.source_stream,
verifier=test_decryptor.verifier
)
assert test_decryptor.source_stream.closed
assert test == b'12345678'
def test_read_bytes_from_non_framed_no_verifier(self):
ct_stream = io.BytesIO(VALUES["data_128"])
test_decryptor = StreamDecryptor(key_provider=self.mock_key_provider, source=ct_stream)
test_decryptor.body_length = len(VALUES["data_128"])
test_decryptor.decryptor = self.mock_decryptor_instance
test_decryptor._header = self.mock_header
test_decryptor._derived_data_key = sentinel.derived_data_key
test_decryptor._unframed_body_iv = sentinel.unframed_body_iv
test_decryptor.verifier = None
self.mock_decryptor_instance.update.return_value = b"1234"
test_decryptor._read_bytes_from_non_framed_body(5)
def test_read_bytes_from_non_framed_no_verifier(self):
ct_stream = io.BytesIO(VALUES['data_128'])
test_decryptor = StreamDecryptor(key_provider=self.mock_key_provider,
source=ct_stream)
test_decryptor.body_start = 0
test_decryptor.body_length = test_decryptor.body_end = len(
VALUES['data_128'])
test_decryptor.decryptor = self.mock_decryptor_instance
test_decryptor._header = self.mock_header
test_decryptor.verifier = None
self.mock_decryptor_instance.update.return_value = b'1234'
test_decryptor._read_bytes_from_non_framed_body(5)
def test_read_bytes_from_framed_body_bad_sequence_number(self):
ct_stream = io.BytesIO(VALUES["data_128"])
test_decryptor = StreamDecryptor(key_provider=self.mock_key_provider, source=ct_stream)
test_decryptor.verifier = MagicMock()
test_decryptor._header = self.mock_header
frame_data = MagicMock()
frame_data.sequence_number = 5
frame_data.final_frame = False
frame_data.ciphertext = b"asdfzxcv"
self.mock_deserialize_frame.return_value = (frame_data, False)
with pytest.raises(SerializationError) as excinfo:
test_decryptor._read_bytes_from_framed_body(4)
excinfo.match("Malformed message: frames out of order")
def test_prep_non_framed(self):
test_decryptor = StreamDecryptor(key_provider=self.mock_key_provider, source=self.mock_input_stream)
test_decryptor._header = self.mock_header
test_decryptor.verifier = sentinel.verifier
test_decryptor._derived_data_key = sentinel.derived_data_key
test_decryptor._prep_non_framed()
self.mock_deserialize_non_framed_values.assert_called_once_with(
stream=test_decryptor.source_stream, header=self.mock_header, verifier=sentinel.verifier
)
assert test_decryptor.body_length == len(VALUES["data_128"])
assert test_decryptor._body_start == self.mock_header.algorithm.iv_len + 8
assert test_decryptor._body_end == self.mock_header.algorithm.iv_len + 8 + len(VALUES["data_128"])
def test_read_bytes_from_framed_body_bad_sequence_number(self):
ct_stream = io.BytesIO(VALUES['data_128'])
test_decryptor = StreamDecryptor(key_provider=self.mock_key_provider,
source=ct_stream)
test_decryptor.verifier = MagicMock()
test_decryptor._header = self.mock_header
frame_data = MagicMock()
frame_data.sequence_number = 5
frame_data.final_frame = False
frame_data.ciphertext = b'asdfzxcv'
self.mock_deserialize_frame.return_value = (frame_data, False)
with six.assertRaisesRegex(self, SerializationError,
'Malformed message: frames out of order'):
test_decryptor._read_bytes_from_framed_body(4)
def test_prep_non_framed_content_length_too_large(self):
self.mock_header.content_type = ContentType.NO_FRAMING
self.mock_header.frame_length = 1024
test_decryptor = StreamDecryptor(
key_provider=self.mock_key_provider,
source=self.mock_input_stream,
max_body_length=len(VALUES['data_128']) // 2)
test_decryptor._header = self.mock_header
test_decryptor.verifier = sentinel.verifier
mock_data_key = MagicMock()
test_decryptor.data_key = mock_data_key
with six.assertRaisesRegex(
self, CustomMaximumValueExceeded,
'Non-framed message content length found larger than custom value: {found} > {custom}'
.format(found=len(VALUES['data_128']),
custom=len(VALUES['data_128']) // 2)):
test_decryptor._prep_non_framed()
def test_read_bytes_from_non_framed(self):
ct_stream = io.BytesIO(VALUES["data_128"])
test_decryptor = StreamDecryptor(
materials_manager=self.mock_materials_manager,
source=ct_stream,
commitment_policy=self.mock_commitment_policy,
)
test_decryptor.body_length = len(VALUES["data_128"])
test_decryptor.decryptor = self.mock_decryptor_instance
test_decryptor._header = self.mock_header
test_decryptor.verifier = MagicMock()
test_decryptor._derived_data_key = sentinel.derived_data_key
test_decryptor._unframed_body_iv = sentinel.unframed_body_iv
self.mock_decryptor_instance.update.return_value = b"1234"
self.mock_decryptor_instance.finalize.return_value = b"5678"
test = test_decryptor._read_bytes_from_non_framed_body(5)
self.mock_deserialize_tag.assert_called_once_with(
stream=test_decryptor.source_stream,
header=test_decryptor._header,
verifier=test_decryptor.verifier)
self.mock_get_aad_content_string.assert_called_once_with(
content_type=self.mock_header.content_type, is_final_frame=True)
self.mock_assemble_content_aad.assert_called_once_with(
message_id=self.mock_header.message_id,
aad_content_string=sentinel.aad_content_string,
seq_num=1,
length=len(VALUES["data_128"]),
)
self.mock_decryptor.assert_called_once_with(
algorithm=self.mock_header.algorithm,
key=sentinel.derived_data_key,
associated_data=sentinel.associated_data,
iv=sentinel.unframed_body_iv,
tag=sentinel.tag,
)
assert test_decryptor.decryptor is self.mock_decryptor_instance
test_decryptor.verifier.update.assert_called_once_with(
VALUES["data_128"])
self.mock_decryptor_instance.update.assert_called_once_with(
VALUES["data_128"])
assert test == b"12345678"
def test_prep_non_framed_content_length_too_large(self):
self.mock_header.content_type = ContentType.NO_FRAMING
self.mock_header.frame_length = 1024
test_decryptor = StreamDecryptor(
key_provider=self.mock_key_provider,
source=self.mock_input_stream,
max_body_length=len(VALUES["data_128"]) // 2,
)
test_decryptor._header = self.mock_header
test_decryptor.verifier = sentinel.verifier
mock_data_key = MagicMock()
test_decryptor.data_key = mock_data_key
with pytest.raises(CustomMaximumValueExceeded) as excinfo:
test_decryptor._prep_non_framed()
excinfo.match(
"Non-framed message content length found larger than custom value: {found} > {custom}"
.format(found=len(VALUES["data_128"]),
custom=len(VALUES["data_128"]) // 2))
def test_read_bytes_from_framed_body_multi_frame_finalize(self):
ct_stream = io.BytesIO(VALUES["data_128"])
test_decryptor = StreamDecryptor(
materials_manager=self.mock_materials_manager,
source=ct_stream,
commitment_policy=self.mock_commitment_policy,
)
test_decryptor.verifier = MagicMock()
test_decryptor.data_key = MagicMock()
test_decryptor._header = self.mock_header
test_decryptor._derived_data_key = sentinel.derived_data_key
frame_data_1 = MagicMock()
frame_data_1.sequence_number = 1
frame_data_1.final_frame = False
frame_data_1.ciphertext = b"qwer"
frame_data_2 = MagicMock()
frame_data_2.sequence_number = 2
frame_data_2.final_frame = False
frame_data_2.ciphertext = b"asdfg"
frame_data_3 = MagicMock()
frame_data_3.sequence_number = 3
frame_data_3.final_frame = False
frame_data_3.ciphertext = b"zxcvbn"
frame_data_4 = MagicMock()
frame_data_4.sequence_number = 4
frame_data_4.final_frame = True
frame_data_4.ciphertext = b"yuiohjk"
self.mock_deserialize_frame.side_effect = (
(frame_data_1, False),
(frame_data_2, False),
(frame_data_3, False),
(frame_data_4, True),
)
self.mock_get_aad_content_string.side_effect = (
sentinel.aad_content_string_1,
sentinel.aad_content_string_2,
sentinel.aad_content_string_3,
sentinel.aad_content_string_4,
)
self.mock_assemble_content_aad.side_effect = (
sentinel.associated_data_1,
sentinel.associated_data_2,
sentinel.associated_data_3,
sentinel.associated_data_4,
)
self.mock_decrypt.side_effect = (b"123", b"456", b"789", b"0-=")
test = test_decryptor._read_bytes_from_framed_body(12)
self.mock_deserialize_frame.assert_has_calls(
calls=(
call(stream=test_decryptor.source_stream,
header=test_decryptor._header,
verifier=test_decryptor.verifier),
call(stream=test_decryptor.source_stream,
header=test_decryptor._header,
verifier=test_decryptor.verifier),
call(stream=test_decryptor.source_stream,
header=test_decryptor._header,
verifier=test_decryptor.verifier),
call(stream=test_decryptor.source_stream,
header=test_decryptor._header,
verifier=test_decryptor.verifier),
),
any_order=False,
)
self.mock_get_aad_content_string.assert_has_calls(
calls=(
call(content_type=test_decryptor._header.content_type,
is_final_frame=False),
call(content_type=test_decryptor._header.content_type,
is_final_frame=False),
call(content_type=test_decryptor._header.content_type,
is_final_frame=False),
call(content_type=test_decryptor._header.content_type,
is_final_frame=True),
),
any_order=False,
)
self.mock_assemble_content_aad.assert_has_calls(
calls=(
call(
message_id=test_decryptor._header.message_id,
aad_content_string=sentinel.aad_content_string_1,
seq_num=1,
length=4,
),
call(
message_id=test_decryptor._header.message_id,
aad_content_string=sentinel.aad_content_string_2,
seq_num=2,
length=5,
),
call(
message_id=test_decryptor._header.message_id,
aad_content_string=sentinel.aad_content_string_3,
seq_num=3,
length=6,
),
call(
message_id=test_decryptor._header.message_id,
aad_content_string=sentinel.aad_content_string_4,
seq_num=4,
length=7,
),
),
any_order=False,
)
self.mock_decrypt.assert_has_calls(
calls=(
call(
algorithm=test_decryptor._header.algorithm,
key=sentinel.derived_data_key,
encrypted_data=frame_data_1,
associated_data=sentinel.associated_data_1,
),
call(
algorithm=test_decryptor._header.algorithm,
key=sentinel.derived_data_key,
encrypted_data=frame_data_2,
associated_data=sentinel.associated_data_2,
),
call(
algorithm=test_decryptor._header.algorithm,
key=sentinel.derived_data_key,
encrypted_data=frame_data_3,
associated_data=sentinel.associated_data_3,
),
call(
algorithm=test_decryptor._header.algorithm,
key=sentinel.derived_data_key,
encrypted_data=frame_data_4,
associated_data=sentinel.associated_data_4,
),
),
any_order=False,
)
self.mock_deserialize_footer.assert_called_once_with(
stream=test_decryptor.source_stream,
verifier=test_decryptor.verifier)
assert test == b"1234567890-="
def test_read_bytes_from_framed_body_multi_frame_finalize(self):
ct_stream = io.BytesIO(VALUES['data_128'])
test_decryptor = StreamDecryptor(
key_provider=self.mock_key_provider,
source=ct_stream
)
test_decryptor.verifier = MagicMock()
test_decryptor.data_key = MagicMock()
test_decryptor._header = self.mock_header
frame_data_1 = MagicMock()
frame_data_1.sequence_number = 1
frame_data_1.final_frame = False
frame_data_1.ciphertext = b'qwer'
frame_data_2 = MagicMock()
frame_data_2.sequence_number = 2
frame_data_2.final_frame = False
frame_data_2.ciphertext = b'asdfg'
frame_data_3 = MagicMock()
frame_data_3.sequence_number = 3
frame_data_3.final_frame = False
frame_data_3.ciphertext = b'zxcvbn'
frame_data_4 = MagicMock()
frame_data_4.sequence_number = 4
frame_data_4.final_frame = True
frame_data_4.ciphertext = b'yuiohjk'
self.mock_deserialize_frame.side_effect = (
(frame_data_1, False),
(frame_data_2, False),
(frame_data_3, False),
(frame_data_4, True)
)
self.mock_get_aad_content_string.side_effect = (
sentinel.aad_content_string_1,
sentinel.aad_content_string_2,
sentinel.aad_content_string_3,
sentinel.aad_content_string_4
)
self.mock_assemble_content_aad.side_effect = (
sentinel.associated_data_1,
sentinel.associated_data_2,
sentinel.associated_data_3,
sentinel.associated_data_4
)
self.mock_decrypt.side_effect = (
b'123',
b'456',
b'789',
b'0-='
)
test = test_decryptor._read_bytes_from_framed_body(12)
self.mock_deserialize_frame.assert_has_calls(
calls=(
call(
stream=test_decryptor.source_stream,
header=test_decryptor._header,
verifier=test_decryptor.verifier
),
call(
stream=test_decryptor.source_stream,
header=test_decryptor._header,
verifier=test_decryptor.verifier
),
call(
stream=test_decryptor.source_stream,
header=test_decryptor._header,
verifier=test_decryptor.verifier
),
call(
stream=test_decryptor.source_stream,
header=test_decryptor._header,
verifier=test_decryptor.verifier
)
),
any_order=False
)
self.mock_get_aad_content_string.assert_has_calls(
calls=(
call(content_type=test_decryptor._header.content_type, is_final_frame=False),
call(content_type=test_decryptor._header.content_type, is_final_frame=False),
call(content_type=test_decryptor._header.content_type, is_final_frame=False),
call(content_type=test_decryptor._header.content_type, is_final_frame=True)
),
any_order=False
)
self.mock_assemble_content_aad.assert_has_calls(
calls=(
call(
message_id=test_decryptor._header.message_id,
aad_content_string=sentinel.aad_content_string_1,
seq_num=1,
length=4
),
call(
message_id=test_decryptor._header.message_id,
aad_content_string=sentinel.aad_content_string_2,
seq_num=2,
length=5
),
call(
message_id=test_decryptor._header.message_id,
aad_content_string=sentinel.aad_content_string_3,
seq_num=3,
length=6
),
call(
message_id=test_decryptor._header.message_id,
aad_content_string=sentinel.aad_content_string_4,
seq_num=4,
length=7
)
),
any_order=False
)
self.mock_decrypt.assert_has_calls(
calls=(
call(
algorithm=test_decryptor._header.algorithm,
key=test_decryptor.data_key.data_key,
encrypted_data=frame_data_1,
associated_data=sentinel.associated_data_1,
message_id=test_decryptor._header.message_id
),
call(
algorithm=test_decryptor._header.algorithm,
key=test_decryptor.data_key.data_key,
encrypted_data=frame_data_2,
associated_data=sentinel.associated_data_2,
message_id=test_decryptor._header.message_id
),
call(
algorithm=test_decryptor._header.algorithm,
key=test_decryptor.data_key.data_key,
encrypted_data=frame_data_3,
associated_data=sentinel.associated_data_3,
message_id=test_decryptor._header.message_id
),
call(
algorithm=test_decryptor._header.algorithm,
key=test_decryptor.data_key.data_key,
encrypted_data=frame_data_4,
associated_data=sentinel.associated_data_4,
message_id=test_decryptor._header.message_id
)
),
any_order=False
)
self.mock_deserialize_footer.assert_called_once_with(
stream=test_decryptor.source_stream,
verifier=test_decryptor.verifier
)
assert test_decryptor.source_stream.closed
assert test == b'1234567890-='
