def test_read_header_no_verifier(self, mock_derive_datakey, mock_decrypt_materials_request, mock_verifier):
self.mock_materials_manager.decrypt_materials.return_value = MagicMock(
data_key=VALUES["data_key_obj"], verification_key=None
)
test_decryptor = StreamDecryptor(materials_manager=self.mock_materials_manager, source=self.mock_input_stream)
test_decryptor.key_provider = self.mock_key_provider
test_decryptor.source_stream = self.mock_input_stream
test_decryptor._stream_length = len(VALUES["data_128"])
test_decryptor._read_header()
assert test_decryptor.verifier is None
def test_read_header_no_verifier(self, mock_init):
self.mock_verifier_from_header.return_value = None
mock_init.return_value = None
test_decryptor = StreamDecryptor(
key_provider=self.mock_key_provider,
source=self.mock_input_stream
)
test_decryptor.key_provider = self.mock_key_provider
test_decryptor.source_stream = self.mock_input_stream
test_decryptor._stream_length = len(VALUES['data_128'])
test_decryptor._read_header()
def test_read_header_frame_too_large(self, mock_derive_datakey):
self.mock_header.content_type = ContentType.FRAMED_DATA
self.mock_header.frame_length = 1024
ct_stream = io.BytesIO(VALUES["data_128"])
test_decryptor = StreamDecryptor(key_provider=self.mock_key_provider, source=ct_stream, max_body_length=10)
test_decryptor.key_provider = self.mock_key_provider
test_decryptor.source_stream = ct_stream
test_decryptor._stream_length = len(VALUES["data_128"])
with pytest.raises(CustomMaximumValueExceeded) as excinfo:
test_decryptor._read_header()
excinfo.match(
"Frame Size in header found larger than custom value: {found} > {custom}".format(found=1024, custom=10)
)
def test_read_header(self, mock_derive_datakey,
mock_decrypt_materials_request, mock_verifier):
mock_verifier_instance = MagicMock()
mock_verifier.from_key_bytes.return_value = mock_verifier_instance
ct_stream = io.BytesIO(VALUES["data_128"])
mock_commitment_policy = MagicMock(__class__=CommitmentPolicy)
test_decryptor = StreamDecryptor(
materials_manager=self.mock_materials_manager,
source=ct_stream,
commitment_policy=mock_commitment_policy,
)
test_decryptor.source_stream = ct_stream
test_decryptor._stream_length = len(VALUES["data_128"])
test_header, test_header_auth = test_decryptor._read_header()
self.mock_deserialize_header.assert_called_once_with(ct_stream)
mock_verifier.from_key_bytes.assert_called_once_with(
algorithm=self.mock_header.algorithm,
key_bytes=sentinel.verification_key)
mock_decrypt_materials_request.assert_called_once_with(
encrypted_data_keys=sentinel.encrypted_data_keys,
algorithm=self.mock_header.algorithm,
encryption_context=sentinel.encryption_context,
commitment_policy=mock_commitment_policy,
)
self.mock_materials_manager.decrypt_materials.assert_called_once_with(
request=mock_decrypt_materials_request.return_value)
mock_verifier_instance.update.assert_called_once_with(
self.mock_raw_header)
self.mock_deserialize_header_auth.assert_called_once_with(
version=self.mock_header.version,
stream=ct_stream,
algorithm=self.mock_header.algorithm,
verifier=mock_verifier_instance,
)
mock_derive_datakey.assert_called_once_with(
source_key=VALUES["data_key_obj"].data_key,
algorithm=self.mock_header.algorithm,
message_id=self.mock_header.message_id,
)
assert test_decryptor._derived_data_key is mock_derive_datakey.return_value
self.mock_validate_header.assert_called_once_with(
header=self.mock_header,
header_auth=sentinel.header_auth,
raw_header=self.mock_raw_header,
data_key=mock_derive_datakey.return_value,
)
assert test_header is self.mock_header
assert test_header_auth is sentinel.header_auth
def test_read_header_frame_too_large(self, mock_init, mock_derive_datakey):
self.mock_header.content_type = ContentType.FRAMED_DATA
self.mock_header.frame_length = 1024
mock_init.return_value = None
ct_stream = io.BytesIO(VALUES['data_128'])
test_decryptor = StreamDecryptor(key_provider=self.mock_key_provider,
source=ct_stream,
max_body_length=10)
test_decryptor.key_provider = self.mock_key_provider
test_decryptor.source_stream = ct_stream
test_decryptor._stream_length = len(VALUES['data_128'])
with six.assertRaisesRegex(
self, CustomMaximumValueExceeded,
'Frame Size in header found larger than custom value: {found} > {custom}'
.format(found=1024, custom=10)):
test_decryptor._read_header()
def test_read_header(self, mock_init, mock_derive_datakey,
mock_decrypt_materials_request, mock_verifier):
mock_verifier_instance = MagicMock()
mock_verifier.from_key_bytes.return_value = mock_verifier_instance
mock_init.return_value = None
ct_stream = io.BytesIO(VALUES['data_128'])
test_decryptor = StreamDecryptor(
materials_manager=self.mock_materials_manager, source=ct_stream)
test_decryptor.source_stream = ct_stream
test_decryptor._stream_length = len(VALUES['data_128'])
test_header, test_header_auth = test_decryptor._read_header()
self.mock_deserialize_header.assert_called_once_with(ct_stream)
mock_verifier.from_key_bytes.assert_called_once_with(
algorithm=self.mock_header.algorithm,
key_bytes=sentinel.verification_key)
mock_decrypt_materials_request.assert_called_once_with(
encrypted_data_keys=sentinel.encrypted_data_keys,
algorithm=self.mock_header.algorithm,
encryption_context=sentinel.encryption_context)
self.mock_materials_manager.decrypt_materials.assert_called_once_with(
request=mock_decrypt_materials_request.return_value)
mock_verifier_instance.update.assert_called_once_with(b'')
self.mock_deserialize_header_auth.assert_called_once_with(
stream=ct_stream,
algorithm=self.mock_header.algorithm,
verifier=mock_verifier_instance)
mock_derive_datakey.assert_called_once_with(
source_key=VALUES['data_key_obj'].data_key,
algorithm=self.mock_header.algorithm,
message_id=self.mock_header.message_id)
assert test_decryptor._derived_data_key is mock_derive_datakey.return_value
self.mock_validate_header.assert_called_once_with(
header=self.mock_header,
header_auth=sentinel.header_auth,
stream=ct_stream,
header_start=0,
header_end=
0, # Because we mock out deserialize_header, this stays at the start of the stream
data_key=mock_derive_datakey.return_value)
assert test_header is self.mock_header
assert test_header_auth is sentinel.header_auth
def test_commitment_committing_algorithm_policy_allows_check_passes(
self, mock_derive_datakey, mock_decrypt_materials_request,
mock_verifier, policy):
"""Verifies that when the commitment check passes for a committing algorithm on decrypt, we successfully
read the header."""
self.mock_header.algorithm = MagicMock(
__class__=Algorithm,
iv_len=12,
is_committing=MagicMock(return_value=True))
test_decryptor = StreamDecryptor(
materials_manager=self.mock_materials_manager,
source=self.mock_input_stream,
commitment_policy=policy,
)
test_decryptor.key_provider = self.mock_key_provider
test_decryptor.source_stream = self.mock_input_stream
test_decryptor._stream_length = len(VALUES["data_128"])
test_decryptor._read_header()
self.mock_deserialize_header.assert_called_once_with(
self.mock_input_stream)
def test_read_header(self, mock_init):
mock_verifier = MagicMock()
self.mock_verifier_from_header.return_value = mock_verifier
mock_init.return_value = None
ct_stream = io.BytesIO(VALUES['data_128'])
test_decryptor = StreamDecryptor(
key_provider=self.mock_key_provider,
source=ct_stream
)
test_decryptor.key_provider = self.mock_key_provider
test_decryptor.source_stream = ct_stream
test_decryptor._stream_length = len(VALUES['data_128'])
test_header, test_header_auth = test_decryptor._read_header()
self.mock_deserialize_header.assert_called_once_with(ct_stream)
self.mock_verifier_from_header.assert_called_once_with(self.mock_header)
mock_verifier.update.assert_called_once_with(b'')
self.mock_deserialize_header_auth.assert_called_once_with(
stream=ct_stream,
algorithm=sentinel.algorithm,
verifier=mock_verifier
)
self.mock_key_provider.decrypt_data_key_from_list.assert_called_once_with(
encrypted_data_keys=sentinel.encrypted_data_keys,
algorithm=sentinel.algorithm,
encryption_context=sentinel.encryption_context
)
self.mock_validate_header.assert_called_once_with(
header=self.mock_header,
header_auth=sentinel.header_auth,
stream=ct_stream,
header_start=0,
header_end=0, # Because we mock out deserialize_header, this stays at the start of the stream
data_key=VALUES['data_key_obj']
)
assert test_header is self.mock_header
assert test_header_auth is sentinel.header_auth
