File: test_AES_compat.py

package info (click to toggle)
python-jose 3.3.0%2Bdfsg-4
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 528 kB
  • sloc: python: 4,020; makefile: 162; sh: 6
file content (66 lines) | stat: -rw-r--r-- 2,411 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 
import pytest

try:
    from jose.backends.cryptography_backend import CryptographyAESKey
except ImportError:
    CryptographyAESKey = None

from jose.constants import ALGORITHMS
from jose.exceptions import JWEError

CRYPTO_BACKENDS = (pytest.param(CryptographyAESKey, id="pyca/cryptography"),)


@pytest.mark.backend_compatibility
@pytest.mark.skipif(
    CryptographyAESKey is None, reason="Multiple crypto backends not available for backend compatibility tests"
)
class TestBackendAesCompatibility:
    @pytest.mark.parametrize("backend_decrypt", CRYPTO_BACKENDS)
    @pytest.mark.parametrize("backend_encrypt", CRYPTO_BACKENDS)
    @pytest.mark.parametrize("algorithm", ALGORITHMS.AES_PSEUDO)
    def test_encryption_parity(self, backend_encrypt, backend_decrypt, algorithm):
        if "128" in algorithm:
            key = b"8slRzzty6dKMaFCP"
        elif "192" in algorithm:
            key = b"8slRzzty6dKMaFCP8slRzzty"
        else:
            key = b"8slRzzty6dKMaFCP8slRzzty6dKMaFCP"

        key_encrypt = backend_encrypt(key, algorithm)
        key_decrypt = backend_decrypt(key, algorithm)
        plain_text = b"test"
        aad = b"extra data" if "GCM" in algorithm else None

        iv, cipher_text, tag = key_encrypt.encrypt(plain_text, aad)

        # verify decrypt to original plain text
        actual = key_decrypt.decrypt(cipher_text, iv, aad, tag)
        assert actual == plain_text

        with pytest.raises(JWEError):
            key_decrypt.decrypt(b"n" * 64)

    @pytest.mark.parametrize("backend_key_wrap", CRYPTO_BACKENDS)
    @pytest.mark.parametrize("backend_key_unwrap", CRYPTO_BACKENDS)
    @pytest.mark.parametrize("algorithm", ALGORITHMS.AES_KW)
    def test_wrap_parity(self, backend_key_wrap, backend_key_unwrap, algorithm):
        if "128" in algorithm:
            key = b"8slRzzty6dKMaFCP"
        elif "192" in algorithm:
            key = b"8slRzzty6dKMaFCP8slRzzty"
        else:
            key = b"8slRzzty6dKMaFCP8slRzzty6dKMaFCP"

        key_wrap = backend_key_wrap(key, algorithm)
        key_unwrap = backend_key_unwrap(key, algorithm)
        plain_text = b"sixteen byte key"

        wrapped_key = key_wrap.wrap_key(plain_text)

        # verify unwrap_key to original plain text
        actual = key_unwrap.unwrap_key(wrapped_key)
        assert actual == plain_text

        with pytest.raises(JWEError):
            key_unwrap.decrypt(b"n" * 64)