1
# vim: tabstop=4 shiftwidth=4 softtabstop=4
3
# Licensed under the Apache License, Version 2.0 (the "License"); you may
4
# not use this file except in compliance with the License. You may obtain
5
# a copy of the License at
7
# http://www.apache.org/licenses/LICENSE-2.0
9
# Unless required by applicable law or agreed to in writing, software
10
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12
# License for the specific language governing permissions and limitations
17
from keystoneclient.middleware import memcache_crypt
20
class MemcacheCryptPositiveTests(testtools.TestCase):
21
def _setup_keys(self, strategy):
22
return memcache_crypt.derive_keys('token', 'secret', strategy)
24
def test_constant_time_compare(self):
25
# make sure it works as a compare, the "constant time" aspect
26
# isn't appropriate to test in unittests
27
ctc = memcache_crypt.constant_time_compare
28
self.assertTrue(ctc('abcd', 'abcd'))
29
self.assertTrue(ctc('', ''))
30
self.assertFalse(ctc('abcd', 'efgh'))
31
self.assertFalse(ctc('abc', 'abcd'))
32
self.assertFalse(ctc('abc', 'abc\x00'))
33
self.assertFalse(ctc('', 'abc'))
35
def test_derive_keys(self):
36
keys = memcache_crypt.derive_keys('token', 'secret', 'strategy')
37
self.assertEqual(len(keys['ENCRYPTION']),
38
len(keys['CACHE_KEY']))
39
self.assertEqual(len(keys['CACHE_KEY']),
41
self.assertNotEqual(keys['ENCRYPTION'],
43
self.assertIn('strategy', keys.keys())
45
def test_key_strategy_diff(self):
46
k1 = self._setup_keys('MAC')
47
k2 = self._setup_keys('ENCRYPT')
48
self.assertNotEqual(k1, k2)
50
def test_sign_data(self):
51
keys = self._setup_keys('MAC')
52
sig = memcache_crypt.sign_data(keys['MAC'], 'data')
53
self.assertEqual(len(sig), memcache_crypt.DIGEST_LENGTH_B64)
55
def test_encryption(self):
56
keys = self._setup_keys('ENCRYPT')
57
# what you put in is what you get out
58
for data in ['data', '1234567890123456', '\x00\xFF' * 13
59
] + [chr(x % 256) * x for x in range(768)]:
60
crypt = memcache_crypt.encrypt_data(keys['ENCRYPTION'], data)
61
decrypt = memcache_crypt.decrypt_data(keys['ENCRYPTION'], crypt)
62
self.assertEqual(data, decrypt)
63
self.assertRaises(memcache_crypt.DecryptError,
64
memcache_crypt.decrypt_data,
65
keys['ENCRYPTION'], crypt[:-1])
67
def test_protect_wrappers(self):
68
data = 'My Pretty Little Data'
69
for strategy in ['MAC', 'ENCRYPT']:
70
keys = self._setup_keys(strategy)
71
protected = memcache_crypt.protect_data(keys, data)
72
self.assertNotEqual(protected, data)
73
if strategy == 'ENCRYPT':
74
self.assertNotIn(data, protected)
75
unprotected = memcache_crypt.unprotect_data(keys, protected)
76
self.assertEqual(data, unprotected)
77
self.assertRaises(memcache_crypt.InvalidMacError,
78
memcache_crypt.unprotect_data,
80
self.assertIsNone(memcache_crypt.unprotect_data(keys, None))
82
def test_no_pycrypt(self):
83
aes = memcache_crypt.AES
84
memcache_crypt.AES = None
85
self.assertRaises(memcache_crypt.CryptoUnavailableError,
86
memcache_crypt.encrypt_data, 'token', 'secret',
88
memcache_crypt.AES = aes