blob: 0a5c0a4e961f16bc773feef3a088b06bee90847d [file] [log] [blame]
James E. Blairbf1a4f22017-03-17 10:59:37 -07001# Copyright 2017 Red Hat, Inc.
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
Clark Boylan5ac76382018-02-06 15:18:45 -080015import fixtures
James E. Blairbf1a4f22017-03-17 10:59:37 -070016import os
17import subprocess
18import tempfile
19
20from zuul.lib import encryption
21
22from tests.base import BaseTestCase
23
24
25class TestEncryption(BaseTestCase):
26
27 def setUp(self):
28 super(TestEncryption, self).setUp()
29 self.private, self.public = encryption.generate_rsa_keypair()
Clark Boylan5ac76382018-02-06 15:18:45 -080030 # Because we set delete to False when using NamedTemporaryFile below
31 # we need to stick our usage of temporary files in the NestedTempfile
32 # fixture ensuring everything gets cleaned up when it is done.
33 self.useFixture(fixtures.NestedTempfile())
James E. Blairbf1a4f22017-03-17 10:59:37 -070034
35 def test_serialization(self):
36 "Verify key serialization"
37 pem_private = encryption.serialize_rsa_private_key(self.private)
38 private2, public2 = encryption.deserialize_rsa_keypair(pem_private)
39
40 # cryptography public / private key objects don't implement
41 # equality testing, so we make sure they have the same numbers.
42 self.assertEqual(self.private.private_numbers(),
43 private2.private_numbers())
44 self.assertEqual(self.public.public_numbers(),
45 public2.public_numbers())
46
James E. Blair717e8e92017-03-17 11:03:27 -070047 def test_pkcs1_oaep(self):
James E. Blairbf1a4f22017-03-17 10:59:37 -070048 "Verify encryption and decryption"
Clint Byrumf322fe22017-05-10 20:53:12 -070049 orig_plaintext = b"some text to encrypt"
James E. Blair717e8e92017-03-17 11:03:27 -070050 ciphertext = encryption.encrypt_pkcs1_oaep(orig_plaintext, self.public)
51 plaintext = encryption.decrypt_pkcs1_oaep(ciphertext, self.private)
James E. Blairbf1a4f22017-03-17 10:59:37 -070052 self.assertEqual(orig_plaintext, plaintext)
53
James E. Blair717e8e92017-03-17 11:03:27 -070054 def test_openssl_pkcs1_oaep(self):
James E. Blairbf1a4f22017-03-17 10:59:37 -070055 "Verify that we can decrypt something encrypted with OpenSSL"
Clint Byrumf322fe22017-05-10 20:53:12 -070056 orig_plaintext = b"some text to encrypt"
James E. Blairbf1a4f22017-03-17 10:59:37 -070057 pem_public = encryption.serialize_rsa_public_key(self.public)
58 public_file = tempfile.NamedTemporaryFile(delete=False)
59 try:
60 public_file.write(pem_public)
61 public_file.close()
62
63 p = subprocess.Popen(['openssl', 'rsautl', '-encrypt',
64 '-oaep', '-pubin', '-inkey',
65 public_file.name],
66 stdin=subprocess.PIPE,
67 stdout=subprocess.PIPE)
68 (stdout, stderr) = p.communicate(orig_plaintext)
69 ciphertext = stdout
70 finally:
71 os.unlink(public_file.name)
72
James E. Blair717e8e92017-03-17 11:03:27 -070073 plaintext = encryption.decrypt_pkcs1_oaep(ciphertext, self.private)
James E. Blairbf1a4f22017-03-17 10:59:37 -070074 self.assertEqual(orig_plaintext, plaintext)