summaryrefslogtreecommitdiffstats
path: root/testsuite/Testsrc/Testlib/TestEncryption.py
diff options
context:
space:
mode:
Diffstat (limited to 'testsuite/Testsrc/Testlib/TestEncryption.py')
-rw-r--r--testsuite/Testsrc/Testlib/TestEncryption.py199
1 files changed, 0 insertions, 199 deletions
diff --git a/testsuite/Testsrc/Testlib/TestEncryption.py b/testsuite/Testsrc/Testlib/TestEncryption.py
deleted file mode 100644
index c03aa66e1..000000000
--- a/testsuite/Testsrc/Testlib/TestEncryption.py
+++ /dev/null
@@ -1,199 +0,0 @@
-# -*- coding: utf-8 -*-
-import os
-import sys
-from Bcfg2.Compat import b64decode
-from mock import Mock, MagicMock, patch
-
-# add all parent testsuite directories to sys.path to allow (most)
-# relative imports in python 2.4
-path = os.path.dirname(__file__)
-while path != "/":
- if os.path.basename(path).lower().startswith("test"):
- sys.path.append(path)
- if os.path.basename(path) == "testsuite":
- break
- path = os.path.dirname(path)
-from common import *
-
-try:
- from Bcfg2.Encryption import *
- HAS_CRYPTO = True
-except ImportError:
- HAS_CRYPTO = False
-
-
-if can_skip or HAS_CRYPTO:
- class TestEncryption(Bcfg2TestCase):
- plaintext = """foo bar
-baz
-รถ
-\t\tquux
-""" + "a" * 16384 # 16K is completely arbitrary
- iv = "0123456789ABCDEF"
- salt = "01234567"
- algo = "des_cbc"
-
- @skipUnless(HAS_CRYPTO, "Encryption libraries not found")
- def setUp(self):
- pass
-
- def test_str_crypt(self):
- """ test str_encrypt/str_decrypt """
- key = "a simple key"
-
- # simple symmetrical test with no options
- crypted = str_encrypt(self.plaintext, key)
- self.assertEqual(self.plaintext, str_decrypt(crypted, key))
-
- # symmetrical test with lots of options
- crypted = str_encrypt(self.plaintext, key,
- iv=self.iv, salt=self.salt,
- algorithm=self.algo)
- self.assertEqual(self.plaintext,
- str_decrypt(crypted, key, iv=self.iv,
- algorithm=self.algo))
-
- # test that different algorithms are actually used
- self.assertNotEqual(str_encrypt(self.plaintext, key),
- str_encrypt(self.plaintext, key,
- algorithm=self.algo))
-
- # test that different keys are actually used
- self.assertNotEqual(str_encrypt(self.plaintext, key),
- str_encrypt(self.plaintext, "different key"))
-
- # test that different IVs are actually used
- self.assertNotEqual(str_encrypt(self.plaintext, key, iv=self.iv),
- str_encrypt(self.plaintext, key))
-
- # test that errors are raised on bad decrypts
- crypted = str_encrypt(self.plaintext, key, algorithm=self.algo)
- self.assertRaises(EVPError, str_decrypt,
- crypted, "bogus key", algorithm=self.algo)
- self.assertRaises(EVPError, str_decrypt,
- crypted, key) # bogus algorithm
-
- def test_ssl_crypt(self):
- """ test ssl_encrypt/ssl_decrypt """
- passwd = "a simple passphrase"
-
- # simple symmetrical test
- crypted = ssl_encrypt(self.plaintext, passwd)
- self.assertEqual(self.plaintext, ssl_decrypt(crypted, passwd))
-
- # more complex symmetrical test
- crypted = ssl_encrypt(self.plaintext, passwd, algorithm=self.algo,
- salt=self.salt)
- self.assertEqual(self.plaintext,
- ssl_decrypt(crypted, passwd, algorithm=self.algo))
-
- # test that different algorithms are actually used
- self.assertNotEqual(ssl_encrypt(self.plaintext, passwd),
- ssl_encrypt(self.plaintext, passwd,
- algorithm=self.algo))
-
- # test that different passwords are actually used
- self.assertNotEqual(ssl_encrypt(self.plaintext, passwd),
- ssl_encrypt(self.plaintext, "different pass"))
-
- # there's no reasonable test we can do to see if the
- # output is base64-encoded, unfortunately, but if it's
- # obviously not we fail
- crypted = ssl_encrypt(self.plaintext, passwd)
- self.assertRegexpMatches(crypted, r'^[A-Za-z0-9+/]+[=]{0,2}$')
-
- # test that errors are raised on bad decrypts
- crypted = ssl_encrypt(self.plaintext, passwd,
- algorithm=self.algo)
- self.assertRaises(EVPError, ssl_decrypt,
- crypted, "bogus passwd", algorithm=self.algo)
- self.assertRaises(EVPError, ssl_decrypt,
- crypted, passwd) # bogus algorithm
-
- def test_get_algorithm(self):
- setup = Mock()
- # we don't care what the default is, as long as there is
- # one
- setup.cfp.get.return_value = ALGORITHM
- self.assertRegexpMatches(get_algorithm(setup),
- r'^[a-z0-9]+_[a-z0-9_]+$')
- setup.cfp.get.assert_called_with(CFG_SECTION, CFG_ALGORITHM,
- default=ALGORITHM)
-
- setup.cfp.get.return_value = self.algo
- self.assertEqual(get_algorithm(setup), self.algo)
- setup.cfp.get.assert_called_with(CFG_SECTION, CFG_ALGORITHM,
- default=ALGORITHM)
-
- # test that get_algorithm converts algorithms given in
- # OpenSSL style to M2Crypto style
- setup.cfp.get.return_value = "DES-EDE3-CFB8"
- self.assertEqual(get_algorithm(setup), "des_ede3_cfb8")
- setup.cfp.get.assert_called_with(CFG_SECTION, CFG_ALGORITHM,
- default=ALGORITHM)
-
- def test_get_passphrases(self):
- setup = Mock()
- setup.cfp.has_section.return_value = False
- self.assertEqual(get_passphrases(setup), dict())
-
- setup.cfp.has_section.return_value = True
- setup.cfp.options.return_value = ["foo", "bar", CFG_ALGORITHM]
- setup.cfp.get.return_value = "passphrase"
- self.assertItemsEqual(get_passphrases(setup),
- dict(foo="passphrase",
- bar="passphrase"))
-
- @patch("Bcfg2.Encryption.get_passphrases")
- def test_bruteforce_decrypt(self, mock_passphrases):
- passwd = "a simple passphrase"
- crypted = ssl_encrypt(self.plaintext, passwd)
- setup = Mock()
-
- # test with no passphrases given nor in config
- mock_passphrases.return_value = dict()
- self.assertRaises(EVPError,
- bruteforce_decrypt,
- crypted, setup=setup)
- mock_passphrases.assert_called_with(setup)
-
- # test with good passphrase given in function call
- mock_passphrases.reset_mock()
- self.assertEqual(self.plaintext,
- bruteforce_decrypt(crypted,
- passphrases=["bogus pass",
- passwd,
- "also bogus"]))
- self.assertFalse(mock_passphrases.called)
-
- # test with no good passphrase given nor in config
- mock_passphrases.reset_mock()
- self.assertRaises(EVPError,
- bruteforce_decrypt,
- crypted, passphrases=["bogus", "also bogus"])
- self.assertFalse(mock_passphrases.called)
-
- # test with good passphrase in config file
- mock_passphrases.reset_mock()
- mock_passphrases.return_value = dict(bogus="bogus",
- real=passwd,
- bogus2="also bogus")
- self.assertEqual(self.plaintext,
- bruteforce_decrypt(crypted, setup=setup))
- mock_passphrases.assert_called_with(setup)
-
- # test that passphrases given in function call take
- # precedence over config
- mock_passphrases.reset_mock()
- self.assertRaises(EVPError,
- bruteforce_decrypt,
- crypted, setup=setup,
- passphrases=["bogus", "also bogus"])
- self.assertFalse(mock_passphrases.called)
-
- # test that different algorithms are used
- mock_passphrases.reset_mock()
- crypted = ssl_encrypt(self.plaintext, passwd, algorithm=self.algo)
- self.assertEqual(self.plaintext,
- bruteforce_decrypt(crypted, setup=setup,
- algorithm=self.algo))