Merge branch 'master' into urandom-engine

* master: (169 commits) Make just one call to ffi.cdef for most of the definitions Use pytest.fixture for backends drop to >= 0.8 to make pypy happy change to anonymous enum require cffi >= 0.8.1 remove extraneous spaces add hmac to commoncrypto binding bytes byte back add check to confirm we've loaded error strings Bind all the PEM errors Spelling! oops, bytes plz don't leak a context in the test add tests to the openssl backend to verify that we've registered Nonsense I think we need. This is a dep init the ssl library in the backend Actuall install a thing Try to run the spellchecker on travis Use a normal quote here, not sure where the smart quote came from ... Conflicts: cryptography/hazmat/bindings/openssl/binding.py tests/hazmat/backends/test_openssl.py
author: Paul Kehrer <paul.l.kehrer@gmail.com> 2014-01-11 21:59:08 -0600
committer: Paul Kehrer <paul.l.kehrer@gmail.com> 2014-01-11 21:59:08 -0600
commit: 74169660e47b760f82c0653b4210b3bc5d3bf46b (patch)
tree: 33835b3e733f6b918b56240200e29402092cc384 /tests/test_fernet.py
parent: 9ad4d755bb3a2edfb8e46b60f6dfaff6365f0386 (diff)
parent: 089a860f2d3f0ac923fc3f78190055990a940e2a (diff)
download: cryptography-74169660e47b760f82c0653b4210b3bc5d3bf46b.tar.gz
cryptography-74169660e47b760f82c0653b4210b3bc5d3bf46b.tar.bz2
cryptography-74169660e47b760f82c0653b4210b3bc5d3bf46b.zip
1 files changed, 150 insertions, 0 deletions
diff --git a/tests/test_fernet.py b/tests/test_fernet.py
new file mode 100644
index 00000000..bd4d90a5
--- /dev/null
+++ b/tests/test_fernet.py
@@ -0,0 +1,150 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import base64
+import calendar
+import json
+import os
+import time
+
+import iso8601
+
+import pytest
+
+import six
+
+from cryptography.fernet import Fernet, InvalidToken
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives.ciphers import algorithms, modes
+
+
+def json_parametrize(keys, fname):
+    path = os.path.join(os.path.dirname(__file__), "vectors", "fernet", fname)
+    with open(path) as f:
+        data = json.load(f)
+    return pytest.mark.parametrize(keys, [
+        tuple([entry[k] for k in keys])
+        for entry in data
+    ])
+
+
+@pytest.mark.cipher
+class TestFernet(object):
+    @pytest.mark.supported(
+        only_if=lambda backend: backend.cipher_supported(
+            algorithms.AES("\x00" * 32), modes.CBC("\x00" * 16)
+        ),
+        skip_message="Does not support AES CBC",
+    )
+    @json_parametrize(
+        ("secret", "now", "iv", "src", "token"), "generate.json",
+    )
+    def test_generate(self, secret, now, iv, src, token, backend):
+        f = Fernet(secret.encode("ascii"), backend=backend)
+        actual_token = f._encrypt_from_parts(
+            src.encode("ascii"),
+            calendar.timegm(iso8601.parse_date(now).utctimetuple()),
+            b"".join(map(six.int2byte, iv))
+        )
+        assert actual_token == token.encode("ascii")
+
+    @pytest.mark.supported(
+        only_if=lambda backend: backend.cipher_supported(
+            algorithms.AES("\x00" * 32), modes.CBC("\x00" * 16)
+        ),
+        skip_message="Does not support AES CBC",
+    )
+    @json_parametrize(
+        ("secret", "now", "src", "ttl_sec", "token"), "verify.json",
+    )
+    def test_verify(self, secret, now, src, ttl_sec, token, backend,
+                    monkeypatch):
+        f = Fernet(secret.encode("ascii"), backend=backend)
+        current_time = calendar.timegm(iso8601.parse_date(now).utctimetuple())
+        monkeypatch.setattr(time, "time", lambda: current_time)
+        payload = f.decrypt(token.encode("ascii"), ttl=ttl_sec)
+        assert payload == src.encode("ascii")
+
+    @pytest.mark.supported(
+        only_if=lambda backend: backend.cipher_supported(
+            algorithms.AES("\x00" * 32), modes.CBC("\x00" * 16)
+        ),
+        skip_message="Does not support AES CBC",
+    )
+    @json_parametrize(("secret", "token", "now", "ttl_sec"), "invalid.json")
+    def test_invalid(self, secret, token, now, ttl_sec, backend, monkeypatch):
+        f = Fernet(secret.encode("ascii"), backend=backend)
+        current_time = calendar.timegm(iso8601.parse_date(now).utctimetuple())
+        monkeypatch.setattr(time, "time", lambda: current_time)
+        with pytest.raises(InvalidToken):
+            f.decrypt(token.encode("ascii"), ttl=ttl_sec)
+
+    @pytest.mark.supported(
+        only_if=lambda backend: backend.cipher_supported(
+            algorithms.AES("\x00" * 32), modes.CBC("\x00" * 16)
+        ),
+        skip_message="Does not support AES CBC",
+    )
+    def test_invalid_start_byte(self, backend):
+        f = Fernet(Fernet.generate_key(), backend=backend)
+        with pytest.raises(InvalidToken):
+            f.decrypt(base64.urlsafe_b64encode(b"\x81"))
+
+    @pytest.mark.supported(
+        only_if=lambda backend: backend.cipher_supported(
+            algorithms.AES("\x00" * 32), modes.CBC("\x00" * 16)
+        ),
+        skip_message="Does not support AES CBC",
+    )
+    def test_timestamp_too_short(self, backend):
+        f = Fernet(Fernet.generate_key(), backend=backend)
+        with pytest.raises(InvalidToken):
+            f.decrypt(base64.urlsafe_b64encode(b"\x80abc"))
+
+    @pytest.mark.supported(
+        only_if=lambda backend: backend.cipher_supported(
+            algorithms.AES("\x00" * 32), modes.CBC("\x00" * 16)
+        ),
+        skip_message="Does not support AES CBC",
+    )
+    def test_unicode(self, backend):
+        f = Fernet(base64.urlsafe_b64encode(b"\x00" * 32), backend=backend)
+        with pytest.raises(TypeError):
+            f.encrypt(six.u(""))
+        with pytest.raises(TypeError):
+            f.decrypt(six.u(""))
+
+    @pytest.mark.supported(
+        only_if=lambda backend: backend.cipher_supported(
+            algorithms.AES("\x00" * 32), modes.CBC("\x00" * 16)
+        ),
+        skip_message="Does not support AES CBC",
+    )
+    @pytest.mark.parametrize("message", [b"", b"Abc!", b"\x00\xFF\x00\x80"])
+    def test_roundtrips(self, message, backend):
+        f = Fernet(Fernet.generate_key(), backend=backend)
+        assert f.decrypt(f.encrypt(message)) == message
+
+    def test_default_backend(self):
+        f = Fernet(Fernet.generate_key())
+        assert f._backend is default_backend()
+
+    @pytest.mark.supported(
+        only_if=lambda backend: backend.cipher_supported(
+            algorithms.AES("\x00" * 32), modes.CBC("\x00" * 16)
+        ),
+        skip_message="Does not support AES CBC",
+    )
+    def test_bad_key(self, backend):
+        with pytest.raises(ValueError):
+            Fernet(base64.urlsafe_b64encode(b"abc"), backend=backend)
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2014-01-11 21:59:08 -0600
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	2014-01-11 21:59:08 -0600
commit	74169660e47b760f82c0653b4210b3bc5d3bf46b (patch)
tree	33835b3e733f6b918b56240200e29402092cc384 /tests/test_fernet.py
parent	9ad4d755bb3a2edfb8e46b60f6dfaff6365f0386 (diff)
parent	089a860f2d3f0ac923fc3f78190055990a940e2a (diff)
download	cryptography-74169660e47b760f82c0653b4210b3bc5d3bf46b.tar.gz cryptography-74169660e47b760f82c0653b4210b3bc5d3bf46b.tar.bz2 cryptography-74169660e47b760f82c0653b4210b3bc5d3bf46b.zip