Пример #1
0
def _known_values(folder='.'):
    """Return tmp files with known keys, data, signature for testing.
    This is a WEAK key, 1024 bits, for testing ONLY.
    """
    bits = '1024'
    pub, priv, pphr = GenRSA().demo_rsa_keys(folder)

    kwnSig0p9p8 = (  # openssl 0.9.8r
        "dNF9IudjTjZ9sxO5P07Kal9FkY7hCRJCyn7IbebJtcEoVOpuU5Gs9pSngPnDvFE"
        "2BILvwRFCGq30Ehnhm8USZ1zc5m2nw6S97LFPNFepnB6h+575OHfHX6Eaothpcz"
        "BK+91UMVId13iTu9d1HaGgHriK6BcasSuN0iTfvbvnGc4=")
    kwnSig1p0 = (   # openssl 1.0.1e or 1.0.0-fips
        "eWv7oIGw9hnWgSmicFxakPOsxGMeEh8Dxf/HlqP0aSX+qJ8+whMeJ3Ol7AgjsrN"
        "mfk//J4mywjLeBp5ny5BBd15mDeaOLn1ETmkiXePhomQiGAaynfyQfEOw/F6/Ux"
        "03rlYerys2Cktgpya8ezxbOwJcOCnHKydnf1xkGDdFywc=")
    return (_abspath(pub), _abspath(priv), _abspath(pphr),
            bits, (kwnSig0p9p8, kwnSig1p0))
Пример #2
0
def _known_values(folder='.'):
    """Return tmp files with known keys, data, signature for testing.
    This is a WEAK key, 1024 bits, for testing ONLY.
    """
    bits = '1024'
    pub, priv, pphr = GenRSA().demo_rsa_keys(folder)

    kwnSig0p9p8 = (  # openssl 0.9.8r
        "dNF9IudjTjZ9sxO5P07Kal9FkY7hCRJCyn7IbebJtcEoVOpuU5Gs9pSngPnDvFE"
        "2BILvwRFCGq30Ehnhm8USZ1zc5m2nw6S97LFPNFepnB6h+575OHfHX6Eaothpcz"
        "BK+91UMVId13iTu9d1HaGgHriK6BcasSuN0iTfvbvnGc4=")
    kwnSig1p0 = (  # openssl 1.0.1e or 1.0.0-fips
        "eWv7oIGw9hnWgSmicFxakPOsxGMeEh8Dxf/HlqP0aSX+qJ8+whMeJ3Ol7AgjsrN"
        "mfk//J4mywjLeBp5ny5BBd15mDeaOLn1ETmkiXePhomQiGAaynfyQfEOw/F6/Ux"
        "03rlYerys2Cktgpya8ezxbOwJcOCnHKydnf1xkGDdFywc=")
    return (_abspath(pub), _abspath(priv), _abspath(pphr), bits, (kwnSig0p9p8,
                                                                  kwnSig1p0))
Пример #3
0
def _known_values_no_pphr(folder='.'):
    bits = '1024'
    pub = os.path.join(folder, 'pubKnown_no_pphr')
    pubkey = """-----BEGIN PUBLIC KEY-----
        MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3jHEfUzcy4B8N/Neiee3XYGiy
        SNsNU9jB/tUwEOS3gSOs4IQGGkL7bwvqfby+UwFTHx3F2UfIANQ5qtq6xY88JaV7
        kgpx84K96CneT9x8zSr71ZPmKeQJWDLq0V15jo3ABUj8gvPMiytWA0IhhiaCrZrI
        bCjd/2UTJlSVnAxuBwIDAQAB
        -----END PUBLIC KEY-----
        """.replace('    ', '')
    if not isfile(pub):
        with open(pub, write_mode) as fd:
            fd.write(pubkey)
    priv = os.path.join(folder, 'privKnown_no_pphr')
    privkey = """-----BEGIN RSA PRIVATE KEY-----
        MIICWwIBAAKBgQC3jHEfUzcy4B8N/Neiee3XYGiySNsNU9jB/tUwEOS3gSOs4IQG
        GkL7bwvqfby+UwFTHx3F2UfIANQ5qtq6xY88JaV7kgpx84K96CneT9x8zSr71ZPm
        KeQJWDLq0V15jo3ABUj8gvPMiytWA0IhhiaCrZrIbCjd/2UTJlSVnAxuBwIDAQAB
        AoGAOq1cEI6Sy+HYK6mT6e4eucapUa120bjnR4VG8/nClGNlW0PfEPBeT3D9lzYh
        G5r/hmohI3nFt8uEDPdwu1qi4iWp+WRUBJKYhw31g5xLMuKoQ7ICYc4iJSggigZc
        5EGPA/QyfIBxzNSK6wSAi1H1Y9iF6FK4912RwnNl/1eTM4ECQQDnDl+dZA/tGSHi
        mJ9ZGDviq7GDmGls3SBS0GGCNC3Woj3DfZv8PL2eTs4l9JMR7F+6/DwxMlikqzgE
        wP/I2g7HAkEAy10eATfgJ3azRL6rT+HMAamf8pNY222uO27mbmsi5snmfJx7+I5B
        eJOQdiS15ymVCZgS1tZJQT91SLI70BxmwQJAfCywXDDLklvgZxwo/0PT41TsmNGP
        Tw9j8L3Guaf7Po+A7BAUhbHLIkot5h4T8Bz9scsfOj1ZgF34RC3JCZOPPwJAExY3
        Rbf/0tRiOPaIT6QKqLFJ8NOBiH6/1pYvDHgDu5OBjXqGbCq13GJFMcF6TSrq8Q6T
        3hQYpgYVtO/9iyfPQQJAJbZ3Xw7q8i0vNp/3XsG2S90j9lZ9c6OKwdtRavjWWVm5
        kIZMrRBdjmx7EWpoJ52OVCO+21FtLzUz+I3O4yJDtg==
        -----END RSA PRIVATE KEY-----
        """.replace('    ', '')
    if not isfile(priv):
        with open(priv, write_mode) as fd:
            fd.write(privkey)
    kwnSig0p9p8 = (  # openssl 0.9.8r
        "")
    kwnSig1p0 = (  # openssl 1.0.1e or 1.0.0-fips
        "")

    return (_abspath(pub), _abspath(priv), bits, (kwnSig0p9p8, kwnSig1p0))
Пример #4
0
    def test_dropbox_stuff(self):
        # assume that is_in_dropbox returns actual Dropbox folder, or False
        # test whether decrypt() will refuse to proceed inside it

        # use real Dropbox path if this test machine has it, otherwise fake it
        real_dropbox_path = get_dropbox_path()  # sets dropbox_path global
        #global dropbox_path
        orig_path = pyfilesec.dropbox_path

        # set up a path and a file
        if real_dropbox_path == False:
            fake_dropbox_path = _abspath('.')
            pyfilesec.dropbox_path = fake_dropbox_path  # set global var
            assert get_dropbox_path() == fake_dropbox_path
        test_path = os.path.join(pyfilesec.dropbox_path, 'test.txt')
        with open(test_path, 'wb') as fd:
            fd.write('test db file contents')
        assert isfile(test_path)

        # raise FileStatusError if try to decrypt in Dropbox folder
        pub, priv, pphr = _known_values()[:3]
        sf = SecFile(test_path)
        sf.encrypt(pub, keep=True)
        assert sf.is_in_dropbox  # whether real or fake
        with pytest.raises(FileStatusError):
            sf.decrypt(priv, pphr)
        os.unlink(test_path)
        #os.unlink(sf.file)
        sf.destroy()  # get coverage

        # partial test of get_dropbox_path()
        pyfilesec.dropbox_path = None
        if real_dropbox_path and sys.platform != 'win32':
            host_db = os.path.expanduser('~/.dropbox/host.db')
            # temporarily moves your actual dropbox locator file
            # seems safe enough: gets auto-rebuilt by Dropbox if file is lost
            if exists(host_db):
                try:
                    os.rename(host_db, host_db + '.orig')
                    get_dropbox_path()
                    assert sf.is_in_dropbox == False  # bc no dropbox now
                finally:
                    os.rename(host_db + '.orig', host_db)
                assert pyfilesec.dropbox_path == False

        pyfilesec.dropbox_path = orig_path
Пример #5
0
    def test_dropbox_stuff(self):
        # assume that is_in_dropbox returns actual Dropbox folder, or False
        # test whether decrypt() will refuse to proceed inside it

        # use real Dropbox path if this test machine has it, otherwise fake it
        real_dropbox_path = get_dropbox_path()  # sets dropbox_path global
        #global dropbox_path
        orig_path = pyfilesec.dropbox_path

        # set up a path and a file
        if real_dropbox_path == False:
            fake_dropbox_path = _abspath('.')
            pyfilesec.dropbox_path = fake_dropbox_path  # set global var
            assert get_dropbox_path() == fake_dropbox_path
        test_path = os.path.join(pyfilesec.dropbox_path, 'test.txt')
        with open(test_path, 'wb') as fd:
            fd.write('test db file contents')
        assert isfile(test_path)

        # raise FileStatusError if try to decrypt in Dropbox folder
        pub, priv, pphr = _known_values()[:3]
        sf = SecFile(test_path)
        sf.encrypt(pub, keep=True)
        assert sf.is_in_dropbox  # whether real or fake
        with pytest.raises(FileStatusError):
            sf.decrypt(priv, pphr)
        os.unlink(test_path)
        #os.unlink(sf.file)
        sf.destroy()  # get coverage

        # partial test of get_dropbox_path()
        pyfilesec.dropbox_path = None
        if real_dropbox_path and sys.platform != 'win32':
            host_db = os.path.expanduser('~/.dropbox/host.db')
            # temporarily moves your actual dropbox locator file
            # seems safe enough: gets auto-rebuilt by Dropbox if file is lost
            if exists(host_db):
                try:
                    os.rename(host_db, host_db + '.orig')
                    get_dropbox_path()
                    assert sf.is_in_dropbox == False  # bc no dropbox now
                finally:
                    os.rename(host_db + '.orig', host_db)
                assert pyfilesec.dropbox_path == False

        pyfilesec.dropbox_path = orig_path
Пример #6
0
    def test_command_line(self):
        """test command line usage with lib_path == path to invoke pyfilesec"""

        # minimal test of args via commandline: recover --version via stderr
        cmdLineCmd = [sys.executable, lib_path, '--version']
        _, ver = sys_call(cmdLineCmd, stderr=True)
        # can be coverage warnings in stderr as well, so take first line:
        assert ver.splitlines()[0] == pyfilesec.__version__

        # send encrypt and decrypt commands via command line
        datafile = 'cleartext no unicode.txt'
        secretText = 'secret snippet %.6f' % get_time()
        with open(datafile, write_mode) as fd:
            fd.write(secretText)
        pub1, priv1, pphr1 = _known_values()[:3]
        datafile = _abspath(datafile)
        hmac = 'hmac'
        with open(hmac, write_mode) as fd:
            fd.write('hmac here')

        # Encrypt:
        cmdLineCmd = [
            sys.executable, lib_path, datafile, '--encrypt', '--pub', pub1,
            '--keep', '--openssl=' + OPENSSL
        ]
        oute = sys_call(cmdLineCmd)
        assert 'cipher_text' in oute
        enc = eval(oute)
        assert isfile(enc['cipher_text'])

        # Decrypt:
        cmdLineCmd = [
            sys.executable, lib_path, enc['cipher_text'], '--decrypt',
            '--keep', '--nocheck', '--priv', priv1, '--pphr', pphr1,
            '--openssl=' + OPENSSL
        ]
        outd = sys_call(cmdLineCmd)
        assert 'clear_text' in outd
        dec = eval(outd)
        assert isfile(dec['clear_text'])
        recoveredText = open(dec['clear_text']).read()
        assert recoveredText == secretText  # need both enc and dec to work

        # Rotate:
        ciph = enc['cipher_text']
        assert (isfile(ciph) and ciph.endswith(ENC_EXT))  # need --keep in d
        cmdLineRotate = [
            sys.executable, lib_path, '--nocheck', enc['cipher_text'],
            '--rotate', '--hmac', hmac, '--pub', pub1, '--priv', priv1,
            '--pphr', pphr1, '-z',
            str(getsize(ciph) * 2)
        ]
        outr = sys_call(cmdLineRotate)  # dict as a string
        assert 'rotate' in outr and 'good' in outr
        assert 'hmac' in outr
        rot = eval(outr)
        assert isfile(rot['file'])

        # Sign and Verify (target = the file from rot):
        cmdLineSign = [
            sys.executable, lib_path, rot['file'], '--sign', '--priv', priv1,
            '--pphr', pphr1, '--out', 'sig.out'
        ]
        outs = sys_call(cmdLineSign)
        assert 'sig' in outs
        sig = eval(outs)
        cmdLineVerify = [
            sys.executable, lib_path, rot['file'], '--verify', '--pub', pub1,
            '--sig', sig['out'], '--nocheck'
        ]
        outv = sys_call(cmdLineVerify)
        assert 'verified' in outv
        out = eval(outv)
        assert out['verified']  # need both sign and verify to work

        # Pad, unpad:
        with open(datafile, write_mode) as fd:
            fd.write(secretText)
        orig_size = getsize(datafile)
        cmdLinePad = [sys.executable, lib_path, datafile, '--nocheck', '--pad']
        outp = sys_call(cmdLinePad)
        assert "'method': 'pad'" in outp
        assert "'size': %d" % DEFAULT_PAD_SIZE in outp
        out = eval(outp)
        assert getsize(datafile) == DEFAULT_PAD_SIZE

        # more coverage
        cmdLineUnpad = [
            sys.executable, lib_path, datafile, '--nocheck', '--pad', '-z', '0'
        ]
        outunp = sys_call(cmdLineUnpad)
        assert 'padding' in outunp
        out = eval(outunp)
        assert out['padding'] == None

        cmdLineUnpad = [
            sys.executable, lib_path, datafile, '--pad', '-z', '0', '--verbose'
        ]
        outv = sys_call(cmdLineUnpad)
        # see if there's lots of output, with some plausible detail:
        assert outv.startswith('0.0')
        assert lib_name in outv
        assert len(outv) > 800
        assert len(outv.splitlines()) > 40

        # no actual action:
        cmdLineCmd = [sys.executable, lib_path, '--nocheck', datafile]
        out = sys_call(cmdLineCmd)
        assert 'None' in out

        # Destroy:
        cmdLineDestroy = [sys.executable, lib_path, datafile, '--destroy']
        outx = sys_call(cmdLineDestroy)
        if 'disposition' in outx:
            out = eval(outx)
        assert out['disposition'] == destroy_code[pfs_DESTROYED]

        # file specified but missing on file system
        cmdLineCmd = [sys.executable, lib_path, '--nocheck', datafile]
        out = sys_call(cmdLineCmd)
        assert out.startswith('no such file')