1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
import pytest
import unpaddedbase64
from Cryptodome import Random
from nio import EncryptionError
from nio.crypto import decrypt_attachment, encrypt_attachment
class TestClass:
def test_encrypt(self):
data = b"Test bytes"
ciphertext, keys = encrypt_attachment(data)
plaintext = decrypt_attachment(
ciphertext, keys["key"]["k"], keys["hashes"]["sha256"], keys["iv"]
)
assert data == plaintext
def test_hash_verification(self):
data = b"Test bytes"
ciphertext, keys = encrypt_attachment(data)
with pytest.raises(EncryptionError):
decrypt_attachment(ciphertext, keys["key"]["k"], "Fake hash", keys["iv"])
def test_invalid_key(self):
data = b"Test bytes"
ciphertext, keys = encrypt_attachment(data)
with pytest.raises(EncryptionError):
decrypt_attachment(
ciphertext, "Fake key", keys["hashes"]["sha256"], keys["iv"]
)
def test_invalid_iv(self):
data = b"Test bytes"
ciphertext, keys = encrypt_attachment(data)
with pytest.raises(EncryptionError):
decrypt_attachment(
ciphertext, keys["key"]["k"], keys["hashes"]["sha256"], "Fake iv"
)
def test_short_key(self):
data = b"Test bytes"
ciphertext, keys = encrypt_attachment(data)
with pytest.raises(EncryptionError):
decrypt_attachment(
ciphertext,
unpaddedbase64.encode_base64(b"Fake key", urlsafe=True),
keys["hashes"]["sha256"],
keys["iv"],
)
def test_short_iv(self):
data = b"Test bytes"
ciphertext, keys = encrypt_attachment(data)
plaintext = decrypt_attachment(
ciphertext,
keys["key"]["k"],
keys["hashes"]["sha256"],
unpaddedbase64.encode_base64(b"F" + b"\x00" * 8),
)
assert plaintext != data
def test_fake_key(self):
data = b"Test bytes"
ciphertext, keys = encrypt_attachment(data)
fake_key = Random.new().read(32)
plaintext = decrypt_attachment(
ciphertext,
unpaddedbase64.encode_base64(fake_key, urlsafe=True),
keys["hashes"]["sha256"],
keys["iv"],
)
assert plaintext != data
|
