tests/blobs/test_decrypter_buffer.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

# -*- coding: utf-8 -*-
# test_blobs.py
# Copyright (C) 2017 LEAP
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
"""
Tests for blobs decrypter buffer. A component which is used as a decryption
sink during blob stream download.
"""
from io import BytesIO
from mock import Mock

from twisted.trial import unittest
from twisted.internet import defer

from leap.soledad.client._db.blobs import DecrypterBuffer
from leap.soledad.client._db.blobs import BlobManager
from leap.soledad.client._db.blobs import FIXED_REV
from leap.soledad.client._db.blobs.errors import RetriableTransferError
from leap.soledad.client import _crypto


class DecrypterBufferCase(unittest.TestCase):

    class doc_info:
        doc_id = 'D-BLOB-ID'
        rev = FIXED_REV

    def setUp(self):
        self.cleartext = BytesIO('rosa de foc')
        self.secret = 'A' * 96
        self.blob = _crypto.BlobEncryptor(
            self.doc_info, self.cleartext,
            armor=False,
            secret='A' * 96)

    @defer.inlineCallbacks
    def test_decrypt_buffer(self):
        encrypted = (yield self.blob.encrypt()).getvalue()
        tag = encrypted[-16:]
        buf = DecrypterBuffer(self.doc_info.doc_id, self.secret, tag)
        buf.write(encrypted)
        fd, size = buf.close()
        self.assertEquals(fd.getvalue(), 'rosa de foc')

    @defer.inlineCallbacks
    def test_decrypt_uploading_encrypted_blob(self):

        @defer.inlineCallbacks
        def _check_result(uri, data, *args, **kwargs):
            decryptor = _crypto.BlobDecryptor(
                self.doc_info, data,
                armor=False,
                secret=self.secret)
            decrypted = yield decryptor.decrypt()
            self.assertEquals(decrypted.getvalue(), 'up and up')
            defer.returnValue(Mock(code=200))

        manager = BlobManager('', '', self.secret, self.secret, 'user')
        fd = BytesIO('up and up')
        manager._client.put = _check_result
        yield manager._encrypt_and_upload(self.doc_info.doc_id, fd)

    @defer.inlineCallbacks
    def test_incomplete_decryption(self):
        # SCENARIO: Transport failed and close was called with incomplete data
        # CASE 1: Incomplete preamble
        encrypted = (yield self.blob.encrypt()).getvalue()
        encrypted = encrypted[:20]  # only 20 bytes of preamble arrived
        tag = encrypted[-16:]
        buf = DecrypterBuffer(self.doc_info.doc_id, self.secret, tag)
        buf.write(encrypted)
        self.assertRaises(RetriableTransferError,
                          buf.close)