File: test_auth_verify.py

package info (click to toggle)
python-libnacl 2.1.0-3
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 488 kB
  • sloc: python: 2,634; makefile: 149; sh: 3
file content (102 lines) | stat: -rw-r--r-- 4,689 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
 
# Import nacl libs
import libnacl
import libnacl.utils

# Import python libs
import unittest


class TestAuthVerify(unittest.TestCase):
    '''
    Test onetimeauth functions
    '''
    def test_auth_verify(self):
        msg = b'Anybody can invent a cryptosystem he cannot break himself. Except Bruce Schneier.'
        key1 = libnacl.utils.salsa_key()
        key2 = libnacl.utils.salsa_key()

        sig1 = libnacl.crypto_auth(msg, key1)
        sig2 = libnacl.crypto_auth(msg, key2)

        self.assertTrue(libnacl.crypto_auth_verify(sig1, msg, key1))
        self.assertTrue(libnacl.crypto_auth_verify(sig2, msg, key2))
        with self.assertRaises(ValueError) as context:
            libnacl.crypto_auth_verify(sig1, msg, key2)
        self.assertTrue('Failed to auth msg' in context.exception.args)

        with self.assertRaises(ValueError) as context:
            libnacl.crypto_auth_verify(sig2, msg, key1)
        self.assertTrue('Failed to auth msg' in context.exception.args)

    def test_onetimeauth_verify(self):
        self.assertEqual("poly1305", libnacl.crypto_onetimeauth_primitive())

        msg = b'Anybody can invent a cryptosystem he cannot break himself. Except Bruce Schneier.'
        key1 = libnacl.randombytes(libnacl.crypto_onetimeauth_KEYBYTES)
        key2 = libnacl.randombytes(libnacl.crypto_onetimeauth_KEYBYTES)

        sig1 = libnacl.crypto_onetimeauth(msg, key1)
        sig2 = libnacl.crypto_onetimeauth(msg, key2)

        with self.assertRaises(ValueError):
            libnacl.crypto_onetimeauth(msg, b'too_short')

        with self.assertRaises(ValueError):
            libnacl.crypto_onetimeauth_verify(sig1, msg, b'too_short')

        with self.assertRaises(ValueError):
            libnacl.crypto_onetimeauth_verify(b'too_short', msg, key1)

        self.assertTrue(libnacl.crypto_onetimeauth_verify(sig1, msg, key1))
        self.assertTrue(libnacl.crypto_onetimeauth_verify(sig2, msg, key2))
        with self.assertRaises(ValueError) as context:
            libnacl.crypto_onetimeauth_verify(sig1, msg, key2)
        self.assertTrue('Failed to auth message' in context.exception.args)

        with self.assertRaises(ValueError) as context:
            libnacl.crypto_onetimeauth_verify(sig2, msg, key1)
        self.assertTrue('Failed to auth message' in context.exception.args)

    def test_auth_rejects_wrong_lengths(self):
        msg = b'Time is an illusion. Lunchtime doubly so.'
        for bad_key in (b'too short', b'too long' * 100):
            with self.assertRaises(ValueError) as context:
                libnacl.crypto_auth(msg, bad_key)
            self.assertEqual(context.exception.args, ('Invalid secret key',))

    def test_auth_verify_rejects_wrong_key_lengths(self):
        msg = b"I'd take the awe of understanding over the awe of ignorance any day."
        good_key = b'This valid key is 32 bytes long.'
        good_token = b'This token is likewise also 32B.'

        for bad_key in (b'too short', b'too long' * 100):
            with self.assertRaises(ValueError) as context:
                libnacl.crypto_auth_verify(good_token, msg, bad_key)
            self.assertEqual(context.exception.args, ('Invalid secret key',))

        for bad_token in (b'too short', b'too long' * 100):
            with self.assertRaises(ValueError) as context:
                libnacl.crypto_auth_verify(bad_token, msg, good_key)
            self.assertEqual(context.exception.args, ('Invalid authenticator',))

    def test_onetimeauth_rejects_wrong_lengths(self):
        msg = b"Are the most dangerous creatures the ones that use doors or the ones that don't?"
        for bad_key in (b'too short', b'too long' * 100):
            with self.assertRaises(ValueError) as context:
                libnacl.crypto_onetimeauth(msg, bad_key)
            self.assertEqual(context.exception.args, ('Invalid secret key',))

    def test_onetimeauth_verify_rejects_wrong_key_lengths(self):
        msg = b"Of all the dogs I've known in my life, I've never seen a better driver."
        good_key = b'This valid key is 32 bytes long.'
        good_token = b'1time tokens=16B'

        for bad_key in (b'too short', b'too long' * 100):
            with self.assertRaises(ValueError) as context:
                libnacl.crypto_onetimeauth_verify(good_token, msg, bad_key)
            self.assertEqual(context.exception.args, ('Invalid secret key',))

        for bad_token in (b'too short', b'too long' * 100):
            with self.assertRaises(ValueError) as context:
                libnacl.crypto_onetimeauth_verify(bad_token, msg, good_key)
            self.assertEqual(context.exception.args, ('Invalid authenticator',))