From 2b21b12d337e65c59b5d18e42f1927c64565945d Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 31 Oct 2013 09:39:25 -0700 Subject: Added test cases, fixed a bug --- tests/test_fernet.py | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 tests/test_fernet.py (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py new file mode 100644 index 00000000..e9d07f81 --- /dev/null +++ b/tests/test_fernet.py @@ -0,0 +1,23 @@ +import base64 + +from cryptography.fernet import Fernet + + +class TestFernet(object): + def test_generate(self): + f = Fernet(base64.urlsafe_b64decode( + b"cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=" + )) + token = f._encrypt_from_parts( + b"hello", + 499162800, + b"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F", + ) + assert token == b"gAAAAAAdwJ6wAAECAwQFBgcICQoLDA0ODy021cpGVWKZ_eEwCGM4BLLF_5CV9dOPmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA==" + + def test_verify(self): + f = Fernet(base64.urlsafe_b64decode( + b"cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=" + )) + payload = f.decrypt(b"gAAAAAAdwJ6wAAECAwQFBgcICQoLDA0ODy021cpGVWKZ_eEwCGM4BLLF_5CV9dOPmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA==", 60) + assert payload == b"hello" -- cgit v1.2.3 From 5e87dfdd7f9853d4072efa6dd0e0515141ab7eb2 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 31 Oct 2013 09:46:03 -0700 Subject: Fixed test and implementation --- tests/test_fernet.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py index e9d07f81..f7c06b95 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -13,11 +13,17 @@ class TestFernet(object): 499162800, b"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F", ) - assert token == b"gAAAAAAdwJ6wAAECAwQFBgcICQoLDA0ODy021cpGVWKZ_eEwCGM4BLLF_5CV9dOPmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA==" + assert token == (b"gAAAAAAdwJ6wAAECAwQFBgcICQoLDA0ODy021cpGVWKZ_eEwCGM" + "4BLLF_5CV9dOPmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA==") def test_verify(self): f = Fernet(base64.urlsafe_b64decode( b"cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=" )) - payload = f.decrypt(b"gAAAAAAdwJ6wAAECAwQFBgcICQoLDA0ODy021cpGVWKZ_eEwCGM4BLLF_5CV9dOPmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA==", 60) + payload = f.decrypt( + (b"gAAAAAAdwJ6wAAECAwQFBgcICQoLDA0ODy021cpGVWKZ_eEwCGM4BLLF_5CV9dO" + "PmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA=="), + ttl=60, + current_time=499162801 + ) assert payload == b"hello" -- cgit v1.2.3 From de36e90815f31ec39fe160bf69a81f1bb42b92d2 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 31 Oct 2013 10:10:44 -0700 Subject: Address pep8 concerns --- tests/test_fernet.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py index f7c06b95..27d24182 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -1,5 +1,7 @@ import base64 +import six + from cryptography.fernet import Fernet @@ -11,10 +13,10 @@ class TestFernet(object): token = f._encrypt_from_parts( b"hello", 499162800, - b"\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F", + b"".join(map(six.int2byte, range(16))), ) assert token == (b"gAAAAAAdwJ6wAAECAwQFBgcICQoLDA0ODy021cpGVWKZ_eEwCGM" - "4BLLF_5CV9dOPmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA==") + "4BLLF_5CV9dOPmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA==") def test_verify(self): f = Fernet(base64.urlsafe_b64decode( @@ -22,7 +24,7 @@ class TestFernet(object): )) payload = f.decrypt( (b"gAAAAAAdwJ6wAAECAwQFBgcICQoLDA0ODy021cpGVWKZ_eEwCGM4BLLF_5CV9dO" - "PmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA=="), + "PmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA=="), ttl=60, current_time=499162801 ) -- cgit v1.2.3 From 413bd8b45a51dc9c9afe3262534abba2d8528457 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 31 Oct 2013 11:22:11 -0700 Subject: py3k syntax fix --- tests/test_fernet.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py index 27d24182..7bdfa3fa 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -16,7 +16,7 @@ class TestFernet(object): b"".join(map(six.int2byte, range(16))), ) assert token == (b"gAAAAAAdwJ6wAAECAwQFBgcICQoLDA0ODy021cpGVWKZ_eEwCGM" - "4BLLF_5CV9dOPmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA==") + b"4BLLF_5CV9dOPmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA==") def test_verify(self): f = Fernet(base64.urlsafe_b64decode( @@ -24,7 +24,7 @@ class TestFernet(object): )) payload = f.decrypt( (b"gAAAAAAdwJ6wAAECAwQFBgcICQoLDA0ODy021cpGVWKZ_eEwCGM4BLLF_5CV9dO" - "PmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA=="), + b"PmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA=="), ttl=60, current_time=499162801 ) -- cgit v1.2.3 From fb8adfcb2f0a67519ee81cad0c50d2e359ff3a20 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 31 Oct 2013 14:16:24 -0700 Subject: Use raw vector files --- tests/test_fernet.py | 56 +++++++++++++++++++++++++------------- tests/vectors/fernet/generate.json | 9 ++++++ tests/vectors/fernet/verify.json | 9 ++++++ 3 files changed, 55 insertions(+), 19 deletions(-) create mode 100644 tests/vectors/fernet/generate.json create mode 100644 tests/vectors/fernet/verify.json (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py index 7bdfa3fa..382a232c 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -1,31 +1,49 @@ import base64 +import calendar +import json +import os + +import iso8601 + +import pytest import six from cryptography.fernet import Fernet +def json_parametrize(keys, path): + with open(path) as f: + data = json.load(f) + return pytest.mark.parametrize(keys, [ + tuple([entry[k] for k in keys]) + for entry in data + ]) + + class TestFernet(object): - def test_generate(self): - f = Fernet(base64.urlsafe_b64decode( - b"cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=" - )) - token = f._encrypt_from_parts( - b"hello", - 499162800, - b"".join(map(six.int2byte, range(16))), + @json_parametrize( + ("secret", "now", "iv", "src", "token"), + os.path.join(os.path.dirname(__file__), "vectors", "fernet", "generate.json") + ) + def test_generate(self, secret, now, iv, src, token): + f = Fernet(base64.urlsafe_b64decode(secret.encode("ascii"))) + actual_token = f._encrypt_from_parts( + src.encode("ascii"), + calendar.timegm(iso8601.parse_date(now).utctimetuple()), + b"".join(map(six.int2byte, iv)) ) - assert token == (b"gAAAAAAdwJ6wAAECAwQFBgcICQoLDA0ODy021cpGVWKZ_eEwCGM" - b"4BLLF_5CV9dOPmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA==") + assert actual_token == token - def test_verify(self): - f = Fernet(base64.urlsafe_b64decode( - b"cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=" - )) + @json_parametrize( + ("secret", "now", "src", "ttl_sec", "token"), + os.path.join(os.path.dirname(__file__), "vectors", "fernet", "verify.json") + ) + def test_verify(self, secret, now, src, ttl_sec, token): + f = Fernet(base64.urlsafe_b64decode(secret.encode("ascii"))) payload = f.decrypt( - (b"gAAAAAAdwJ6wAAECAwQFBgcICQoLDA0ODy021cpGVWKZ_eEwCGM4BLLF_5CV9dO" - b"PmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA=="), - ttl=60, - current_time=499162801 + token.encode("ascii"), + ttl=ttl_sec, + current_time=calendar.timegm(iso8601.parse_date(now).utctimetuple()) ) - assert payload == b"hello" + assert payload == src diff --git a/tests/vectors/fernet/generate.json b/tests/vectors/fernet/generate.json new file mode 100644 index 00000000..d1f3e083 --- /dev/null +++ b/tests/vectors/fernet/generate.json @@ -0,0 +1,9 @@ +[ + { + "token": "gAAAAAAdwJ6wAAECAwQFBgcICQoLDA0ODy021cpGVWKZ_eEwCGM4BLLF_5CV9dOPmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA==", + "now": "1985-10-26T01:20:00-07:00", + "iv": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15], + "src": "hello", + "secret": "cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=" + } +] diff --git a/tests/vectors/fernet/verify.json b/tests/vectors/fernet/verify.json new file mode 100644 index 00000000..08c480f5 --- /dev/null +++ b/tests/vectors/fernet/verify.json @@ -0,0 +1,9 @@ +[ + { + "token": "gAAAAAAdwJ6wAAECAwQFBgcICQoLDA0ODy021cpGVWKZ_eEwCGM4BLLF_5CV9dOPmrhuVUPgJobwOz7JcbmrR64jVmpU4IwqDA==", + "now": "1985-10-26T01:20:01-07:00", + "ttl_sec": 60, + "src": "hello", + "secret": "cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=" + } +] -- cgit v1.2.3 From 38f34557e432f98cc8a023e621b5efe525ef886c Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 31 Oct 2013 14:50:00 -0700 Subject: Started working on the invalid cases --- tests/test_fernet.py | 28 +++++++++++++++---- tests/vectors/fernet/invalid.json | 58 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 80 insertions(+), 6 deletions(-) create mode 100644 tests/vectors/fernet/invalid.json (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py index 382a232c..15071718 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -9,10 +9,11 @@ import pytest import six -from cryptography.fernet import Fernet +from cryptography.fernet import Fernet, InvalidToken -def json_parametrize(keys, path): +def json_parametrize(keys, fname): + path = os.path.join(os.path.dirname(__file__), "vectors", "fernet", fname) with open(path) as f: data = json.load(f) return pytest.mark.parametrize(keys, [ @@ -23,8 +24,7 @@ def json_parametrize(keys, path): class TestFernet(object): @json_parametrize( - ("secret", "now", "iv", "src", "token"), - os.path.join(os.path.dirname(__file__), "vectors", "fernet", "generate.json") + ("secret", "now", "iv", "src", "token"), "generate.json", ) def test_generate(self, secret, now, iv, src, token): f = Fernet(base64.urlsafe_b64decode(secret.encode("ascii"))) @@ -36,8 +36,7 @@ class TestFernet(object): assert actual_token == token @json_parametrize( - ("secret", "now", "src", "ttl_sec", "token"), - os.path.join(os.path.dirname(__file__), "vectors", "fernet", "verify.json") + ("secret", "now", "src", "ttl_sec", "token"), "verify.json", ) def test_verify(self, secret, now, src, ttl_sec, token): f = Fernet(base64.urlsafe_b64decode(secret.encode("ascii"))) @@ -47,3 +46,20 @@ class TestFernet(object): current_time=calendar.timegm(iso8601.parse_date(now).utctimetuple()) ) assert payload == src + + @json_parametrize(("secret", "token", "now", "ttl_sec"), "invalid.json") + def test_invalid(self, secret, token, now, ttl_sec): + f = Fernet(base64.urlsafe_b64decode(secret.encode("ascii"))) + with pytest.raises(InvalidToken): + f.decrypt( + token.encode("ascii"), + ttl=ttl_sec, + current_time=calendar.timegm(iso8601.parse_date(now).utctimetuple()) + ) + + def test_unicode(self): + f = Fernet(b"\x00" * 32) + with pytest.raises(TypeError): + f.encrypt(six.u("")) + with pytest.raises(TypeError): + f.decrypt(six.u("")) diff --git a/tests/vectors/fernet/invalid.json b/tests/vectors/fernet/invalid.json new file mode 100644 index 00000000..d80e7b4a --- /dev/null +++ b/tests/vectors/fernet/invalid.json @@ -0,0 +1,58 @@ +[ + { + "desc": "incorrect mac", + "token": "gAAAAAAdwJ6xAAECAwQFBgcICQoLDA0OD3HkMATM5lFqGaerZ-fWPAl1-szkFVzXTuGb4hR8AKtwcaX1YdykQUFBQUFBQUFBQQ==", + "now": "1985-10-26T01:20:01-07:00", + "ttl_sec": 60, + "secret": "cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=" + }, + { + "desc": "too short", + "token": "gAAAAAAdwJ6xAAECAwQFBgcICQoLDA0OD3HkMATM5lFqGaerZ-fWPA==", + "now": "1985-10-26T01:20:01-07:00", + "ttl_sec": 60, + "secret": "cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=" + }, + { + "desc": "invalid base64", + "token": "%%%%%%%%%%%%%AECAwQFBgcICQoLDA0OD3HkMATM5lFqGaerZ-fWPAl1-szkFVzXTuGb4hR8AKtwcaX1YdykRtfsH-p1YsUD2Q==", + "now": "1985-10-26T01:20:01-07:00", + "ttl_sec": 60, + "secret": "cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=" + }, + { + "desc": "payload size not multiple of block size", + "token": "gAAAAAAdwJ6xAAECAwQFBgcICQoLDA0OD3HkMATM5lFqGaerZ-fWPOm73QeoCk9uGib28Xe5vz6oxq5nmxbx_v7mrfyudzUm", + "now": "1985-10-26T01:20:01-07:00", + "ttl_sec": 60, + "secret": "cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=" + }, + { + "desc": "payload padding error", + "token": "gAAAAAAdwJ6xAAECAwQFBgcICQoLDA0ODz4LEpdELGQAad7aNEHbf-JkLPIpuiYRLQ3RtXatOYREu2FWke6CnJNYIbkuKNqOhw==", + "now": "1985-10-26T01:20:01-07:00", + "ttl_sec": 60, + "secret": "cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=" + }, + { + "desc": "far-future TS (unacceptable clock skew)", + "token": "gAAAAAAdwStRAAECAwQFBgcICQoLDA0OD3HkMATM5lFqGaerZ-fWPAnja1xKYyhd-Y6mSkTOyTGJmw2Xc2a6kBd-iX9b_qXQcw==", + "now": "1985-10-26T01:20:01-07:00", + "ttl_sec": 60, + "secret": "cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=" + }, + { + "desc": "expired TTL", + "token": "gAAAAAAdwJ6xAAECAwQFBgcICQoLDA0OD3HkMATM5lFqGaerZ-fWPAl1-szkFVzXTuGb4hR8AKtwcaX1YdykRtfsH-p1YsUD2Q==", + "now": "1985-10-26T01:21:31-07:00", + "ttl_sec": 60, + "secret": "cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=" + }, + { + "desc": "incorrect IV (causes padding error)", + "token": "gAAAAAAdwJ6xBQECAwQFBgcICQoLDA0OD3HkMATM5lFqGaerZ-fWPAkLhFLHpGtDBRLRTZeUfWgHSv49TF2AUEZ1TIvcZjK1zQ==", + "now": "1985-10-26T01:20:01-07:00", + "ttl_sec": 60, + "secret": "cw_0x689RpI-jtRR7oE8h_eQsKImvJapLeSbXpwF4e4=" + } +] -- cgit v1.2.3 From c1ea0a0d23115bb0586230a139bcb2b60adb6262 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 31 Oct 2013 15:03:53 -0700 Subject: Fixed pep8 issues --- tests/test_fernet.py | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py index 15071718..b0f22f0c 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -40,21 +40,19 @@ class TestFernet(object): ) def test_verify(self, secret, now, src, ttl_sec, token): f = Fernet(base64.urlsafe_b64decode(secret.encode("ascii"))) + current_time = calendar.timegm(iso8601.parse_date(now).utctimetuple()) payload = f.decrypt( - token.encode("ascii"), - ttl=ttl_sec, - current_time=calendar.timegm(iso8601.parse_date(now).utctimetuple()) + token.encode("ascii"), ttl=ttl_sec, current_time=current_time ) assert payload == src @json_parametrize(("secret", "token", "now", "ttl_sec"), "invalid.json") def test_invalid(self, secret, token, now, ttl_sec): f = Fernet(base64.urlsafe_b64decode(secret.encode("ascii"))) + current_time = calendar.timegm(iso8601.parse_date(now).utctimetuple()) with pytest.raises(InvalidToken): f.decrypt( - token.encode("ascii"), - ttl=ttl_sec, - current_time=calendar.timegm(iso8601.parse_date(now).utctimetuple()) + token.encode("ascii"), ttl=ttl_sec, current_time=current_time ) def test_unicode(self): -- cgit v1.2.3 From ce8f9a4e2a5d159356a06147f65e221dbdf43171 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 31 Oct 2013 15:23:15 -0700 Subject: A test for roundtripping --- tests/test_fernet.py | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py index b0f22f0c..a42011a6 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -61,3 +61,10 @@ class TestFernet(object): f.encrypt(six.u("")) with pytest.raises(TypeError): f.decrypt(six.u("")) + + @pytest.mark.parametrize("message", [b"", b"Abc!", b"\x00\xFF\x00\x80"]) + def test_roundtrips(self, message): + f = Fernet(b"\x00" * 32) + ciphertext = f.encrypt(message) + plaintext = f.decrypt(ciphertext) + assert plaintext == message -- cgit v1.2.3 From 6b9770b159b920cccddc8e3c3d1b0fb0287a0c15 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 31 Oct 2013 16:07:35 -0700 Subject: write more readably --- tests/test_fernet.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py index a42011a6..baae36d2 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -65,6 +65,4 @@ class TestFernet(object): @pytest.mark.parametrize("message", [b"", b"Abc!", b"\x00\xFF\x00\x80"]) def test_roundtrips(self, message): f = Fernet(b"\x00" * 32) - ciphertext = f.encrypt(message) - plaintext = f.decrypt(ciphertext) - assert plaintext == message + assert f.decrypt(f.encrypt(message)) == message -- cgit v1.2.3 From 7ecd3148acc35668bf679be5a603ed4bd7313148 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 31 Oct 2013 16:29:18 -0700 Subject: py3k fixes --- tests/test_fernet.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py index baae36d2..ca8e4ccd 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -33,7 +33,7 @@ class TestFernet(object): calendar.timegm(iso8601.parse_date(now).utctimetuple()), b"".join(map(six.int2byte, iv)) ) - assert actual_token == token + assert actual_token == token.encode("ascii") @json_parametrize( ("secret", "now", "src", "ttl_sec", "token"), "verify.json", @@ -44,7 +44,7 @@ class TestFernet(object): payload = f.decrypt( token.encode("ascii"), ttl=ttl_sec, current_time=current_time ) - assert payload == src + assert payload == src.encode("ascii") @json_parametrize(("secret", "token", "now", "ttl_sec"), "invalid.json") def test_invalid(self, secret, token, now, ttl_sec): -- cgit v1.2.3 From 8912d3afde05ff6f91a508f0a54b5c24960eb09a Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sat, 2 Nov 2013 14:04:19 -0700 Subject: Include the license --- tests/test_fernet.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py index ca8e4ccd..922f7223 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -1,3 +1,16 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + import base64 import calendar import json -- cgit v1.2.3 From 898fe0f899eb3ec744acaaa0a8641644fc6cf219 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Wed, 20 Nov 2013 16:38:32 -0800 Subject: Key in the right place --- tests/test_fernet.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py index 922f7223..4080bd2d 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -40,7 +40,7 @@ class TestFernet(object): ("secret", "now", "iv", "src", "token"), "generate.json", ) def test_generate(self, secret, now, iv, src, token): - f = Fernet(base64.urlsafe_b64decode(secret.encode("ascii"))) + f = Fernet(secret.encode("ascii")) actual_token = f._encrypt_from_parts( src.encode("ascii"), calendar.timegm(iso8601.parse_date(now).utctimetuple()), @@ -52,7 +52,7 @@ class TestFernet(object): ("secret", "now", "src", "ttl_sec", "token"), "verify.json", ) def test_verify(self, secret, now, src, ttl_sec, token): - f = Fernet(base64.urlsafe_b64decode(secret.encode("ascii"))) + f = Fernet(secret.encode("ascii")) current_time = calendar.timegm(iso8601.parse_date(now).utctimetuple()) payload = f.decrypt( token.encode("ascii"), ttl=ttl_sec, current_time=current_time @@ -61,7 +61,7 @@ class TestFernet(object): @json_parametrize(("secret", "token", "now", "ttl_sec"), "invalid.json") def test_invalid(self, secret, token, now, ttl_sec): - f = Fernet(base64.urlsafe_b64decode(secret.encode("ascii"))) + f = Fernet(secret.encode("ascii")) current_time = calendar.timegm(iso8601.parse_date(now).utctimetuple()) with pytest.raises(InvalidToken): f.decrypt( @@ -69,7 +69,7 @@ class TestFernet(object): ) def test_unicode(self): - f = Fernet(b"\x00" * 32) + f = Fernet(base64.b64encode(b"\x00" * 32)) with pytest.raises(TypeError): f.encrypt(six.u("")) with pytest.raises(TypeError): @@ -77,5 +77,5 @@ class TestFernet(object): @pytest.mark.parametrize("message", [b"", b"Abc!", b"\x00\xFF\x00\x80"]) def test_roundtrips(self, message): - f = Fernet(b"\x00" * 32) + f = Fernet(base64.urlsafe_b64encode(b"\x00" * 32)) assert f.decrypt(f.encrypt(message)) == message -- cgit v1.2.3 From 1d2901cae193cb965480835aaf96696f8eecfaab Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 22 Nov 2013 10:12:05 -0800 Subject: Hide the dangerous bits --- tests/test_fernet.py | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py index 4080bd2d..c1caaa05 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -15,6 +15,7 @@ import base64 import calendar import json import os +import time import iso8601 @@ -51,22 +52,20 @@ class TestFernet(object): @json_parametrize( ("secret", "now", "src", "ttl_sec", "token"), "verify.json", ) - def test_verify(self, secret, now, src, ttl_sec, token): + def test_verify(self, secret, now, src, ttl_sec, token, monkeypatch): f = Fernet(secret.encode("ascii")) current_time = calendar.timegm(iso8601.parse_date(now).utctimetuple()) - payload = f.decrypt( - token.encode("ascii"), ttl=ttl_sec, current_time=current_time - ) + monkeypatch.setattr(time, "time", lambda: current_time) + payload = f.decrypt(token.encode("ascii"), ttl=ttl_sec) assert payload == src.encode("ascii") @json_parametrize(("secret", "token", "now", "ttl_sec"), "invalid.json") - def test_invalid(self, secret, token, now, ttl_sec): + def test_invalid(self, secret, token, now, ttl_sec, monkeypatch): f = Fernet(secret.encode("ascii")) current_time = calendar.timegm(iso8601.parse_date(now).utctimetuple()) + monkeypatch.setattr(time, "time", lambda: current_time) with pytest.raises(InvalidToken): - f.decrypt( - token.encode("ascii"), ttl=ttl_sec, current_time=current_time - ) + f.decrypt(token.encode("ascii"), ttl=ttl_sec) def test_unicode(self): f = Fernet(base64.b64encode(b"\x00" * 32)) -- cgit v1.2.3 From 56bcade581e68ad0dd82dbabe97c75a9f0701fed Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 22 Nov 2013 10:15:14 -0800 Subject: fix, technically --- tests/test_fernet.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py index c1caaa05..8759229a 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -68,7 +68,7 @@ class TestFernet(object): f.decrypt(token.encode("ascii"), ttl=ttl_sec) def test_unicode(self): - f = Fernet(base64.b64encode(b"\x00" * 32)) + f = Fernet(base64.urlsafe_b64encode(b"\x00" * 32)) with pytest.raises(TypeError): f.encrypt(six.u("")) with pytest.raises(TypeError): -- cgit v1.2.3 From 36597b4379bd62e520b9076072a030c73b85f471 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 22 Nov 2013 10:25:13 -0800 Subject: An API for generating keys --- tests/test_fernet.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py index 8759229a..af64175e 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -76,5 +76,5 @@ class TestFernet(object): @pytest.mark.parametrize("message", [b"", b"Abc!", b"\x00\xFF\x00\x80"]) def test_roundtrips(self, message): - f = Fernet(base64.urlsafe_b64encode(b"\x00" * 32)) + f = Fernet(Fernet.generate_key()) assert f.decrypt(f.encrypt(message)) == message -- cgit v1.2.3 From fae20715b85e84297f01b60fc153cde93a7549c7 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Mon, 16 Dec 2013 15:29:30 -0800 Subject: Address dreid's comments --- tests/test_fernet.py | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py index af64175e..48df867c 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -24,6 +24,7 @@ import pytest import six from cryptography.fernet import Fernet, InvalidToken +from cryptography.hazmat.backends import default_backend def json_parametrize(keys, fname): @@ -40,8 +41,8 @@ class TestFernet(object): @json_parametrize( ("secret", "now", "iv", "src", "token"), "generate.json", ) - def test_generate(self, secret, now, iv, src, token): - f = Fernet(secret.encode("ascii")) + def test_generate(self, secret, now, iv, src, token, backend): + f = Fernet(secret.encode("ascii"), backend=backend) actual_token = f._encrypt_from_parts( src.encode("ascii"), calendar.timegm(iso8601.parse_date(now).utctimetuple()), @@ -52,29 +53,34 @@ class TestFernet(object): @json_parametrize( ("secret", "now", "src", "ttl_sec", "token"), "verify.json", ) - def test_verify(self, secret, now, src, ttl_sec, token, monkeypatch): - f = Fernet(secret.encode("ascii")) + def test_verify(self, secret, now, src, ttl_sec, token, backend, + monkeypatch): + f = Fernet(secret.encode("ascii"), backend=backend) current_time = calendar.timegm(iso8601.parse_date(now).utctimetuple()) monkeypatch.setattr(time, "time", lambda: current_time) payload = f.decrypt(token.encode("ascii"), ttl=ttl_sec) assert payload == src.encode("ascii") @json_parametrize(("secret", "token", "now", "ttl_sec"), "invalid.json") - def test_invalid(self, secret, token, now, ttl_sec, monkeypatch): - f = Fernet(secret.encode("ascii")) + def test_invalid(self, secret, token, now, ttl_sec, backend, monkeypatch): + f = Fernet(secret.encode("ascii"), backend=backend) current_time = calendar.timegm(iso8601.parse_date(now).utctimetuple()) monkeypatch.setattr(time, "time", lambda: current_time) with pytest.raises(InvalidToken): f.decrypt(token.encode("ascii"), ttl=ttl_sec) - def test_unicode(self): - f = Fernet(base64.urlsafe_b64encode(b"\x00" * 32)) + def test_unicode(self, backend): + f = Fernet(base64.urlsafe_b64encode(b"\x00" * 32), backend=backend) with pytest.raises(TypeError): f.encrypt(six.u("")) with pytest.raises(TypeError): f.decrypt(six.u("")) @pytest.mark.parametrize("message", [b"", b"Abc!", b"\x00\xFF\x00\x80"]) - def test_roundtrips(self, message): - f = Fernet(Fernet.generate_key()) + def test_roundtrips(self, message, backend): + f = Fernet(Fernet.generate_key(), backend=backend) assert f.decrypt(f.encrypt(message)) == message + + def test_default_backend(self): + f = Fernet(Fernet.generate_key()) + assert f._backend is default_backend() -- cgit v1.2.3 From a8f0b63dddc6a22a1a982c6217d4cef2f598b781 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Mon, 16 Dec 2013 15:44:06 -0800 Subject: Replace assertions with real error checks --- tests/test_fernet.py | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py index 48df867c..77661180 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -69,6 +69,11 @@ class TestFernet(object): with pytest.raises(InvalidToken): f.decrypt(token.encode("ascii"), ttl=ttl_sec) + def test_invalid_start_byte(self, backend): + f = Fernet(Fernet.generate_key(), backend=backend) + with pytest.raises(InvalidToken): + f.decrypt(base64.urlsafe_b64encode(b"\x81")) + def test_unicode(self, backend): f = Fernet(base64.urlsafe_b64encode(b"\x00" * 32), backend=backend) with pytest.raises(TypeError): @@ -84,3 +89,7 @@ class TestFernet(object): def test_default_backend(self): f = Fernet(Fernet.generate_key()) assert f._backend is default_backend() + + def test_bad_key(self, backend): + with pytest.raises(ValueError): + Fernet(base64.urlsafe_b64encode(b"abc"), backend=backend) -- cgit v1.2.3 From e78960fa8c2a210484695bf2e20c4847313cf5a0 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 20 Dec 2013 11:02:33 -0800 Subject: Handle invalid timestamp length --- tests/test_fernet.py | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'tests') diff --git a/tests/test_fernet.py b/tests/test_fernet.py index 77661180..45188c47 100644 --- a/tests/test_fernet.py +++ b/tests/test_fernet.py @@ -74,6 +74,11 @@ class TestFernet(object): with pytest.raises(InvalidToken): f.decrypt(base64.urlsafe_b64encode(b"\x81")) + def test_timestamp_too_short(self, backend): + f = Fernet(Fernet.generate_key(), backend=backend) + with pytest.raises(InvalidToken): + f.decrypt(base64.urlsafe_b64encode(b"\x80abc")) + def test_unicode(self, backend): f = Fernet(base64.urlsafe_b64encode(b"\x00" * 32), backend=backend) with pytest.raises(TypeError): -- cgit v1.2.3 From 108605b01873c4176275cc6bf2ea0d0b7c447a0e Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 4 Jan 2014 13:37:00 -0600 Subject: add commoncrypto mark to skip on non-OS X platforms --- tests/conftest.py | 5 ++++- tests/hazmat/bindings/test_bindings.py | 31 +++++++++++++++++++++++++++++++ tests/hazmat/bindings/test_openssl.py | 3 +++ tests/test_utils.py | 31 ++++++++++++++++++++++++++++++- tests/utils.py | 6 ++++++ 5 files changed, 74 insertions(+), 2 deletions(-) create mode 100644 tests/hazmat/bindings/test_bindings.py (limited to 'tests') diff --git a/tests/conftest.py b/tests/conftest.py index 0ddc3338..3ba2425d 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -4,7 +4,9 @@ from cryptography.hazmat.backends.interfaces import ( HMACBackend, CipherBackend, HashBackend ) -from .utils import check_for_iface, check_backend_support +from .utils import ( + check_for_iface, check_backend_support, check_binding_available +) def pytest_generate_tests(metafunc): @@ -20,3 +22,4 @@ def pytest_runtest_setup(item): check_for_iface("cipher", CipherBackend, item) check_for_iface("hash", HashBackend, item) check_backend_support(item) + check_binding_available(item) diff --git a/tests/hazmat/bindings/test_bindings.py b/tests/hazmat/bindings/test_bindings.py new file mode 100644 index 00000000..927bc8a1 --- /dev/null +++ b/tests/hazmat/bindings/test_bindings.py @@ -0,0 +1,31 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from __future__ import absolute_import, division, print_function + +import cffi + +from cryptography.hazmat.bindings.utils import binding_available +from cryptography.hazmat.bindings.openssl.binding import Binding + + +def dummy_initializer(): + raise cffi.VerificationError + + +def test_binding_available(): + assert binding_available(Binding._ensure_ffi_initialized) is True + + +def test_binding_unavailable(): + assert binding_available(dummy_initializer) is False diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py index 31f736ab..d1e85058 100644 --- a/tests/hazmat/bindings/test_openssl.py +++ b/tests/hazmat/bindings/test_openssl.py @@ -20,3 +20,6 @@ class TestOpenSSL(object): assert binding assert binding.lib assert binding.ffi + + def test_is_available(self): + assert Binding.is_available() is True diff --git a/tests/test_utils.py b/tests/test_utils.py index e3e53d63..917e87f0 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -14,14 +14,18 @@ import os import textwrap +import cffi + import pretend import pytest +from cryptography.hazmat.bindings.utils import binding_available + from .utils import ( load_nist_vectors, load_vectors_from_file, load_cryptrec_vectors, load_openssl_vectors, load_hash_vectors, check_for_iface, - check_backend_support + check_backend_support, check_binding_available ) @@ -72,6 +76,31 @@ def test_check_backend_support_no_backend(): check_backend_support(item) +def test_check_binding_available(): + from cryptography.hazmat.bindings.openssl.binding import Binding + kwargs = pretend.stub(kwargs={"binding": Binding}) + item = pretend.stub(keywords={"binding_available": kwargs}) + assert check_binding_available(item) is None + + +def test_check_binding_unavailable(): + class FakeBinding(object): + @classmethod + def _ensure_ffi_initialized(cls): + raise cffi.VerificationError + + @classmethod + def is_available(cls): + return binding_available(cls._ensure_ffi_initialized) + + kwargs = pretend.stub(kwargs={"binding": FakeBinding}) + item = pretend.stub(keywords={"binding_available": kwargs}) + with pytest.raises(pytest.skip.Exception) as exc_info: + check_binding_available(item) + assert exc_info.value.args[0] == ("" + " is not available") + + def test_load_nist_vectors(): vector_data = textwrap.dedent(""" # CAVS 11.1 diff --git a/tests/utils.py b/tests/utils.py index 693a0c8f..6d47a398 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -36,6 +36,12 @@ def check_backend_support(item): "backend") +def check_binding_available(item): + ba = item.keywords.get("binding_available") + if ba and not ba.kwargs["binding"].is_available(): + pytest.skip("{0} is not available".format(ba.kwargs["binding"])) + + def load_vectors_from_file(filename, loader): base = os.path.join( os.path.dirname(__file__), "hazmat", "primitives", "vectors", -- cgit v1.2.3 From 3ae13fc662435d69c7d93e937a675059164a495c Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 4 Jan 2014 17:43:35 -0600 Subject: fix py3 --- tests/test_utils.py | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) (limited to 'tests') diff --git a/tests/test_utils.py b/tests/test_utils.py index 917e87f0..6f938f58 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -33,6 +33,16 @@ class FakeInterface(object): pass +class FakeBinding(object): + @classmethod + def _ensure_ffi_initialized(cls): + raise cffi.VerificationError + + @classmethod + def is_available(cls): + return binding_available(cls._ensure_ffi_initialized) + + def test_check_for_iface(): item = pretend.stub(keywords=["fake_name"], funcargs={"backend": True}) with pytest.raises(pytest.skip.Exception) as exc_info: @@ -84,15 +94,6 @@ def test_check_binding_available(): def test_check_binding_unavailable(): - class FakeBinding(object): - @classmethod - def _ensure_ffi_initialized(cls): - raise cffi.VerificationError - - @classmethod - def is_available(cls): - return binding_available(cls._ensure_ffi_initialized) - kwargs = pretend.stub(kwargs={"binding": FakeBinding}) item = pretend.stub(keywords={"binding_available": kwargs}) with pytest.raises(pytest.skip.Exception) as exc_info: -- cgit v1.2.3 From 2dd21fec484c85647d73145bd9957fd5326495c3 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 4 Jan 2014 18:13:40 -0600 Subject: remove unneeded mark now that is_available is there --- tests/conftest.py | 5 +---- tests/test_utils.py | 32 +------------------------------- tests/utils.py | 6 ------ 3 files changed, 2 insertions(+), 41 deletions(-) (limited to 'tests') diff --git a/tests/conftest.py b/tests/conftest.py index 3ba2425d..0ddc3338 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -4,9 +4,7 @@ from cryptography.hazmat.backends.interfaces import ( HMACBackend, CipherBackend, HashBackend ) -from .utils import ( - check_for_iface, check_backend_support, check_binding_available -) +from .utils import check_for_iface, check_backend_support def pytest_generate_tests(metafunc): @@ -22,4 +20,3 @@ def pytest_runtest_setup(item): check_for_iface("cipher", CipherBackend, item) check_for_iface("hash", HashBackend, item) check_backend_support(item) - check_binding_available(item) diff --git a/tests/test_utils.py b/tests/test_utils.py index 6f938f58..e3e53d63 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -14,18 +14,14 @@ import os import textwrap -import cffi - import pretend import pytest -from cryptography.hazmat.bindings.utils import binding_available - from .utils import ( load_nist_vectors, load_vectors_from_file, load_cryptrec_vectors, load_openssl_vectors, load_hash_vectors, check_for_iface, - check_backend_support, check_binding_available + check_backend_support ) @@ -33,16 +29,6 @@ class FakeInterface(object): pass -class FakeBinding(object): - @classmethod - def _ensure_ffi_initialized(cls): - raise cffi.VerificationError - - @classmethod - def is_available(cls): - return binding_available(cls._ensure_ffi_initialized) - - def test_check_for_iface(): item = pretend.stub(keywords=["fake_name"], funcargs={"backend": True}) with pytest.raises(pytest.skip.Exception) as exc_info: @@ -86,22 +72,6 @@ def test_check_backend_support_no_backend(): check_backend_support(item) -def test_check_binding_available(): - from cryptography.hazmat.bindings.openssl.binding import Binding - kwargs = pretend.stub(kwargs={"binding": Binding}) - item = pretend.stub(keywords={"binding_available": kwargs}) - assert check_binding_available(item) is None - - -def test_check_binding_unavailable(): - kwargs = pretend.stub(kwargs={"binding": FakeBinding}) - item = pretend.stub(keywords={"binding_available": kwargs}) - with pytest.raises(pytest.skip.Exception) as exc_info: - check_binding_available(item) - assert exc_info.value.args[0] == ("" - " is not available") - - def test_load_nist_vectors(): vector_data = textwrap.dedent(""" # CAVS 11.1 diff --git a/tests/utils.py b/tests/utils.py index 6d47a398..693a0c8f 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -36,12 +36,6 @@ def check_backend_support(item): "backend") -def check_binding_available(item): - ba = item.keywords.get("binding_available") - if ba and not ba.kwargs["binding"].is_available(): - pytest.skip("{0} is not available".format(ba.kwargs["binding"])) - - def load_vectors_from_file(filename, loader): base = os.path.join( os.path.dirname(__file__), "hazmat", "primitives", "vectors", -- cgit v1.2.3 From fefe3c224353e4e37b02f1df0fc9558f68f8c464 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 4 Jan 2014 18:43:19 -0600 Subject: make the dummy_initializer fail with an actual verify call --- tests/hazmat/bindings/test_bindings.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'tests') diff --git a/tests/hazmat/bindings/test_bindings.py b/tests/hazmat/bindings/test_bindings.py index 927bc8a1..5b13d543 100644 --- a/tests/hazmat/bindings/test_bindings.py +++ b/tests/hazmat/bindings/test_bindings.py @@ -20,7 +20,8 @@ from cryptography.hazmat.bindings.openssl.binding import Binding def dummy_initializer(): - raise cffi.VerificationError + ffi = cffi.FFI() + ffi.verify(source="include ") def test_binding_available(): -- cgit v1.2.3 From 02ed961c963f0d27fe23e9608223ccc8dd3be7f6 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 4 Jan 2014 19:36:39 -0600 Subject: missing # --- tests/hazmat/bindings/test_bindings.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests') diff --git a/tests/hazmat/bindings/test_bindings.py b/tests/hazmat/bindings/test_bindings.py index 5b13d543..7af1d581 100644 --- a/tests/hazmat/bindings/test_bindings.py +++ b/tests/hazmat/bindings/test_bindings.py @@ -21,7 +21,7 @@ from cryptography.hazmat.bindings.openssl.binding import Binding def dummy_initializer(): ffi = cffi.FFI() - ffi.verify(source="include ") + ffi.verify(source="#include ") def test_binding_available(): -- cgit v1.2.3