1 files changed, 53 insertions, 1 deletions

diff --git a/soledad/src/leap/soledad/tests/test_crypto.py b/soledad/src/leap/soledad/tests/test_crypto.py
index c727a2ff..eea67b45 100644
--- a/soledad/src/leap/soledad/tests/test_crypto.py
+++ b/soledad/src/leap/soledad/tests/test_crypto.py
@@ -189,7 +189,7 @@ class MacAuthTestCase(BaseSoledadTest):
             target.decrypt_doc, self._soledad._crypto, doc)
 
 
-class SoledadCryptoTestCase(BaseSoledadTest):
+class SoledadCryptoAESTestCase(BaseSoledadTest):
 
     def test_encrypt_decrypt_sym(self):
         # generate 256-bit key
@@ -239,3 +239,55 @@ class SoledadCryptoTestCase(BaseSoledadTest):
             cyphertext, wrongkey, iv=iv,
             method=crypto.EncryptionMethods.AES_256_CTR)
         self.assertNotEqual('data', plaintext)
+
+
+class SoledadCryptoXSalsa20TestCase(BaseSoledadTest):
+
+    def test_encrypt_decrypt_sym(self):
+        # generate 256-bit key
+        key = Random.new().read(32)
+        iv, cyphertext = self._soledad._crypto.encrypt_sym(
+            'data', key,
+            method=crypto.EncryptionMethods.XSALSA20)
+        self.assertTrue(cyphertext is not None)
+        self.assertTrue(cyphertext != '')
+        self.assertTrue(cyphertext != 'data')
+        plaintext = self._soledad._crypto.decrypt_sym(
+            cyphertext, key, iv=iv,
+            method=crypto.EncryptionMethods.XSALSA20)
+        self.assertEqual('data', plaintext)
+
+    def test_decrypt_with_wrong_iv_fails(self):
+        key = Random.new().read(32)
+        iv, cyphertext = self._soledad._crypto.encrypt_sym(
+            'data', key,
+            method=crypto.EncryptionMethods.XSALSA20)
+        self.assertTrue(cyphertext is not None)
+        self.assertTrue(cyphertext != '')
+        self.assertTrue(cyphertext != 'data')
+        # get a different iv by changing the first byte
+        rawiv = binascii.a2b_base64(iv)
+        wrongiv = rawiv
+        while wrongiv == rawiv:
+            wrongiv = os.urandom(1) + rawiv[1:]
+        plaintext = self._soledad._crypto.decrypt_sym(
+            cyphertext, key, iv=binascii.b2a_base64(wrongiv),
+            method=crypto.EncryptionMethods.XSALSA20)
+        self.assertNotEqual('data', plaintext)
+
+    def test_decrypt_with_wrong_key_fails(self):
+        key = Random.new().read(32)
+        iv, cyphertext = self._soledad._crypto.encrypt_sym(
+            'data', key,
+            method=crypto.EncryptionMethods.XSALSA20)
+        self.assertTrue(cyphertext is not None)
+        self.assertTrue(cyphertext != '')
+        self.assertTrue(cyphertext != 'data')
+        wrongkey = Random.new().read(32)  # 256-bits key
+        # ensure keys are different in case we are extremely lucky
+        while wrongkey == key:
+            wrongkey = Random.new().read(32)
+        plaintext = self._soledad._crypto.decrypt_sym(
+            cyphertext, wrongkey, iv=iv,
+            method=crypto.EncryptionMethods.XSALSA20)
+        self.assertNotEqual('data', plaintext)