def test_symmetric_encrypt_decrypt_roundtrips_1(self): encrypt_keys = [ AESKey.generate(), AESKey.generate(), AESKey.generate(), AESKey.generate() ] # Verify all keys are unique aes_key_strings = set() hmac_key_strings = set() for key in encrypt_keys: aes_key_strings.add(key.aes_key_string) hmac_key_strings.add(key.hmac_key_string) self.assertEqual(len(aes_key_strings), 4) self.assertEqual(len(hmac_key_strings), 4) plaintext = 'hello world test dummy 8 9 5 1 bar2' # Verify that round trips work and that cryptography based primitives are fully compatible # with keyczar format count = 0 for key in encrypt_keys: data_enc_keyczar = keyczar_symmetric_encrypt(key, plaintext) data_enc_cryptography = cryptography_symmetric_encrypt( key, plaintext) self.assertNotEqual(data_enc_keyczar, data_enc_cryptography) data_dec_keyczar_keyczar = keyczar_symmetric_decrypt( key, data_enc_keyczar) data_dec_keyczar_cryptography = keyczar_symmetric_decrypt( key, data_enc_cryptography) self.assertEqual(data_dec_keyczar_keyczar, plaintext) self.assertEqual(data_dec_keyczar_cryptography, plaintext) data_dec_cryptography_cryptography = cryptography_symmetric_decrypt( key, data_enc_cryptography) data_dec_cryptography_keyczar = cryptography_symmetric_decrypt( key, data_enc_keyczar) self.assertEqual(data_dec_cryptography_cryptography, plaintext) self.assertEqual(data_dec_cryptography_keyczar, plaintext) count += 1 self.assertEqual(count, 4)
def test_decrypt_ciphertext_is_too_short(self): aes_key = AESKey.generate() plaintext = 'hello world ponies 1' encrypted = cryptography_symmetric_encrypt(aes_key, plaintext) # Verify original non manipulated value can be decrypted decrypted = cryptography_symmetric_decrypt(aes_key, encrypted) self.assertEqual(decrypted, plaintext) # Corrupt / shortern the encrypted data encrypted_malformed = binascii.unhexlify(encrypted) header = encrypted_malformed[:KEYCZAR_HEADER_SIZE] encrypted_malformed = encrypted_malformed[KEYCZAR_HEADER_SIZE:] # Remove 40 bytes from ciphertext bytes encrypted_malformed = encrypted_malformed[40:] # Add back header encrypted_malformed = header + encrypted_malformed encrypted_malformed = binascii.hexlify(encrypted_malformed) # Verify corrupted value results in an excpetion expected_msg = 'Invalid or malformed ciphertext' self.assertRaisesRegexp(ValueError, expected_msg, cryptography_symmetric_decrypt, aes_key, encrypted_malformed)
def test_symmetric_encrypt_decrypt_roundtrips_1(self): encrypt_keys = [ AESKey.generate(), AESKey.generate(), AESKey.generate(), AESKey.generate() ] # Verify all keys are unique aes_key_strings = set() hmac_key_strings = set() for key in encrypt_keys: aes_key_strings.add(key.aes_key_string) hmac_key_strings.add(key.hmac_key_string) self.assertEqual(len(aes_key_strings), 4) self.assertEqual(len(hmac_key_strings), 4) plaintext = 'hello world test dummy 8 9 5 1 bar2' # Verify that round trips work and that cryptography based primitives are fully compatible # with keyczar format count = 0 for key in encrypt_keys: data_enc_keyczar = keyczar_symmetric_encrypt(key, plaintext) data_enc_cryptography = cryptography_symmetric_encrypt(key, plaintext) self.assertNotEqual(data_enc_keyczar, data_enc_cryptography) data_dec_keyczar_keyczar = keyczar_symmetric_decrypt(key, data_enc_keyczar) data_dec_keyczar_cryptography = keyczar_symmetric_decrypt(key, data_enc_cryptography) self.assertEqual(data_dec_keyczar_keyczar, plaintext) self.assertEqual(data_dec_keyczar_cryptography, plaintext) data_dec_cryptography_cryptography = cryptography_symmetric_decrypt(key, data_enc_cryptography) data_dec_cryptography_keyczar = cryptography_symmetric_decrypt(key, data_enc_keyczar) self.assertEqual(data_dec_cryptography_cryptography, plaintext) self.assertEqual(data_dec_cryptography_keyczar, plaintext) count += 1 self.assertEqual(count, 4)
def test_symmetric_encrypt_decrypt_cryptography(self): key = AESKey.generate() plaintexts = [ 'a b c', 'ab', 'hello foo', 'hell', 'bar5' 'hello hello bar bar hello', 'a', '', 'c' ] for plaintext in plaintexts: encrypted = cryptography_symmetric_encrypt(key, plaintext) decrypted = cryptography_symmetric_decrypt(key, encrypted) self.assertEqual(decrypted, plaintext)
def test_exception_is_thrown_on_invalid_hmac_signature(self): aes_key = AESKey.generate() plaintext = 'hello world ponies 2' encrypted = cryptography_symmetric_encrypt(aes_key, plaintext) # Verify original non manipulated value can be decrypted decrypted = cryptography_symmetric_decrypt(aes_key, encrypted) self.assertEqual(decrypted, plaintext) # Corrupt the HMAC signature (last part is the HMAC signature) encrypted_malformed = binascii.unhexlify(encrypted) encrypted_malformed = encrypted_malformed[:-3] encrypted_malformed += b'abc' encrypted_malformed = binascii.hexlify(encrypted_malformed) # Verify corrupted value results in an excpetion expected_msg = 'Signature did not match digest' self.assertRaisesRegexp(InvalidSignature, expected_msg, cryptography_symmetric_decrypt, aes_key, encrypted_malformed)