3
from keystoneclient.middleware import memcache_crypt
6
class MemcacheCryptPositiveTests(testtools.TestCase):
7
def _setup_keys(self, strategy):
8
return memcache_crypt.derive_keys('token', 'secret', strategy)
10
def test_constant_time_compare(self):
11
# make sure it works as a compare, the "constant time" aspect
12
# isn't appropriate to test in unittests
13
ctc = memcache_crypt.constant_time_compare
14
self.assertTrue(ctc('abcd', 'abcd'))
15
self.assertTrue(ctc('', ''))
16
self.assertFalse(ctc('abcd', 'efgh'))
17
self.assertFalse(ctc('abc', 'abcd'))
18
self.assertFalse(ctc('abc', 'abc\x00'))
19
self.assertFalse(ctc('', 'abc'))
21
def test_derive_keys(self):
22
keys = memcache_crypt.derive_keys('token', 'secret', 'strategy')
23
self.assertEqual(len(keys['ENCRYPTION']),
24
len(keys['CACHE_KEY']))
25
self.assertEqual(len(keys['CACHE_KEY']),
27
self.assertNotEqual(keys['ENCRYPTION'],
29
self.assertIn('strategy', keys.keys())
31
def test_key_strategy_diff(self):
32
k1 = self._setup_keys('MAC')
33
k2 = self._setup_keys('ENCRYPT')
34
self.assertNotEqual(k1, k2)
36
def test_sign_data(self):
37
keys = self._setup_keys('MAC')
38
sig = memcache_crypt.sign_data(keys['MAC'], 'data')
39
self.assertEqual(len(sig), memcache_crypt.DIGEST_LENGTH_B64)
41
def test_encryption(self):
42
keys = self._setup_keys('ENCRYPT')
43
# what you put in is what you get out
44
for data in ['data', '1234567890123456', '\x00\xFF' * 13
45
] + [chr(x % 256) * x for x in range(768)]:
46
crypt = memcache_crypt.encrypt_data(keys['ENCRYPTION'], data)
47
decrypt = memcache_crypt.decrypt_data(keys['ENCRYPTION'], crypt)
48
self.assertEqual(data, decrypt)
49
self.assertRaises(memcache_crypt.DecryptError,
50
memcache_crypt.decrypt_data,
51
keys['ENCRYPTION'], crypt[:-1])
53
def test_protect_wrappers(self):
54
data = 'My Pretty Little Data'
55
for strategy in ['MAC', 'ENCRYPT']:
56
keys = self._setup_keys(strategy)
57
protected = memcache_crypt.protect_data(keys, data)
58
self.assertNotEqual(protected, data)
59
if strategy == 'ENCRYPT':
60
self.assertNotIn(data, protected)
61
unprotected = memcache_crypt.unprotect_data(keys, protected)
62
self.assertEqual(data, unprotected)
63
self.assertRaises(memcache_crypt.InvalidMacError,
64
memcache_crypt.unprotect_data,
66
self.assertIsNone(memcache_crypt.unprotect_data(keys, None))
68
def test_no_pycrypt(self):
69
aes = memcache_crypt.AES
70
memcache_crypt.AES = None
71
self.assertRaises(memcache_crypt.CryptoUnavailableError,
72
memcache_crypt.encrypt_data, 'token', 'secret',
74
memcache_crypt.AES = aes