def test_supported_keys_and_generated_lengths_match_chunking_invariant():
"""
Because of properties of the encryption algorithm we are using, there is a maxiumum
number of bytes we can encryt. The maximum number of bytes is relative to the keysize used.
For large values we break it into chunks, encrypt the chunks
and append them into a single value and replace it in the yaml file.
When we decrypt the value, we do the inverse.
It is important that we test that the chunk size generated by encrypting with our supported key sizes
is what we expect when new key sizes are added/removed so that encrypting long values will function.
"""
for key_length in SUPPORTED_KEY_SIZES:
private_key = generate_new_private_key(key_length)
public_key = generate_new_public_key(private_key)
public_key = load_public_key_from_file('fixtures/test.public')
# Encrypted blob of various lengths should be the same number of bytes
input_str = "你" * 2
output1 = encrypt_value(input_str, public_key).encode('utf-8')
input_str = "C" * KEY_CHUNK_SIZE
output2 = encrypt_value(input_str, public_key).encode('utf-8')
input_str = "!" * (KEY_CHUNK_SIZE + 1)
output3 = encrypt_value(input_str, public_key).encode('utf-8')
input_str = "z" * (KEY_CHUNK_SIZE * 10)
output4 = encrypt_value(input_str, public_key).encode('utf-8')
assert len(output1) == len(output2)
assert len(output1) == NUMBER_OF_BYTES_PER_ENCRYPTED_CHUNK
assert len(output3) == NUMBER_OF_BYTES_PER_ENCRYPTED_CHUNK * 2
assert len(output4) == NUMBER_OF_BYTES_PER_ENCRYPTED_CHUNK * 10
def test_serialization_and_deserialization_does_not_garble_output():
"""
Ensure that encrypt/decrypt works even after serializing and deserializing
"""
private_key = generate_new_private_key()
public_key = generate_new_public_key(private_key)
input_str = "AABB"
encrypted_str = encrypt_value(input_str, public_key)
built_dict = {"sum_key": Encrypted(encrypted_str)}
dump_output = dump(built_dict)
str_to_load = dump(built_dict)
load_output = load(str_to_load)
dump_output = dump(load_output)
load_output = load(dump_output)
parsed_encrypted = load_output['sum_key']
output_str = decrypt_value(parsed_encrypted, private_key)
assert input_str == output_str
def test_generate_new_public_key():
"""
Test that we can generate a new public key, and that it is in SUPPORTED_KEY_SIZES
"""
private_key = generate_new_private_key()
public_key = generate_new_public_key(private_key)
assert (isinstance(public_key, _RSAPublicKey))
def test_encrypt_decrypt_for_short_values_with_no_chunking():
"""
Test that we an encrypt and decrypt a short value
"""
private_key = generate_new_private_key()
public_key = generate_new_public_key(private_key)
input_str = "A" * 2
message = encrypt_value(input_str, public_key)
output_str = decrypt_value(message, private_key)
assert input_str == output_str
def test_encrypt_decrypt_for_long_values_with_chunking():
"""
Test that for a value that is too large to be encrypted in one pass
that we can encrypt/decrypt it.
"""
private_key = generate_new_private_key()
public_key = generate_new_public_key(private_key)
input_str = "你" * KEY_CHUNK_SIZE * 10
message = encrypt_value(input_str, public_key)
output_str = decrypt_value(message, private_key)
assert input_str == output_str