Significant improvement to python code

martinthomson · martinthomson · commit 511fe696f55a · 2016-12-23T13:06:01.000+11:00
diff --git a/nodejs/package.json b/nodejs/package.json
@@ -1,6 +1,6 @@
 {
   "name": "http_ece",
-  "version": "0.6.0",
+  "version": "0.6.3",
   "description": "Encrypted Content-Encoding for HTTP",
   "homepage": "https://github.com/martinthomson/encrypted-content-encoding",
   "bugs": "https://github.com/martinthomson/encrypted-content-encoding/issues",
diff --git a/python/http_ece/__init__.py b/python/http_ece/__init__.py
@@ -14,8 +14,8 @@
 keys = {}
 labels = {}
 
-MAX_BUFFER_SIZE = pow(2, 31) - 1
-MIN_BUFFER_SIZE = 3
+MAX_RECORD_SIZE = pow(2, 31) - 1
+MIN_RECORD_SIZE = 3
 KEY_LENGTH = 16
 
 # Valid content types (ordered from newest, to most obsolete)
@@ -76,11 +76,9 @@ def length_prefix(key):
         if mode == "encrypt":
             sender_pub_key = key or keymap[keyid].get_pubkey()
             receiver_pub_key = dh
-        elif mode == "decrypt":
+        else:
             sender_pub_key = dh
             receiver_pub_key = key or keymap[keyid].get_pubkey()
-        else:
-            raise ECEException(u"unknown 'mode' specified: " + mode)
         if version == "aes128gcm":
             context = b"WebPush: info\x00" + receiver_pub_key + sender_pub_key
         else:
@@ -92,6 +90,8 @@ def length_prefix(key):
 
     if version not in versions:
         raise ECEException(u"Invalid version")
+    if mode not in ['encrypt', 'decrypt']:
+        raise ECEException(u"unknown 'mode' specified: " + mode)
     if salt is None or len(salt) != 16:
         raise ECEException(u"'salt' must be a 16 octet value")
     if dh is not None:
@@ -160,8 +160,9 @@ def iv(base, counter):
     return base[:4] + struct.pack("!Q", counter ^ mask)
 
 
-def decrypt(content, salt, key=None, keyid=None, keymap=None, keylabels=None,
-            dh=None, rs=4096, auth_secret=None, version="aesgcm", **kwargs):
+def decrypt(content, salt=None, key=None, dh=None, auth_secret=None,
+            keyid=None, keymap=None, keylabels=None,
+            rs=4096, version="aesgcm", **kwargs):
     """
     Decrypt a data block
 
@@ -212,7 +213,8 @@ def decrypt_record(key, nonce, counter, content):
             lambda x, y: x << 8 | y, struct.unpack(
                 "!" + ("B" * pad_size), data[0:pad_size])
         )
-        if data[pad_size:pad_size+pad] != (b"\x00" * pad):
+        if pad_size + pad > len(data) or \
+           data[pad_size:pad_size+pad] != (b"\x00" * pad):
             raise ECEException(u"Bad padding")
         data = data[pad_size + pad:]
         return data
@@ -231,12 +233,12 @@ def decrypt_record(key, nonce, counter, content):
     if version == "aes128gcm":
         try:
             content_header = parse_content_header(content)
-        except ECEException as ex:
-            raise ECEException("Could not parse the content header: " +
-                               ex.message)
+        except:
+            raise ECEException("Could not parse the content header")
         salt = content_header['salt']
         keyid = content_header['key_id'] or '' if keyid is None else keyid
         content = content_header['content']
+        rs = content_header['rs']
 
     (key_, nonce_) = derive_key(mode="decrypt", version=version,
                                 salt=salt, key=key,
@@ -259,8 +261,9 @@ def decrypt_record(key, nonce, counter, content):
     return result
 
 
-def encrypt(content, salt=None, key=None, keyid=None, keymap=None, keylabels=None,
-            dh=None, rs=4096, auth_secret=None, version="aesgcm", **kwargs):
+def encrypt(content, salt=None, key=None, dh=None, auth_secret=None,
+            keyid=None, keymap=None, keylabels=None,
+            rs=4096, version="aesgcm", **kwargs):
     """
     Encrypt a data block
 
@@ -290,6 +293,7 @@ def encrypt_record(key, nonce, counter, buf):
             modes.GCM(iv(nonce, counter)),
             backend=default_backend()
         ).encryptor()
+
         data = encryptor.update((b"\0" * pad_size) + buf)
         data += encryptor.finalize()
         data += encryptor.tag
@@ -309,14 +313,10 @@ def compose_aes128gcm(salt, content, rs, keyid):
         :type keyid: str
 
         """
-        if len(salt) != 16:
-            raise ECEException("Invalid salt")
         if len(keyid) > 255:
             raise ECEException("keyid is too long")
         header = salt
-        if rs < MIN_BUFFER_SIZE:
-            raise ECEException("Too little content")
-        if rs > MAX_BUFFER_SIZE:
+        if rs > MAX_RECORD_SIZE:
             raise ECEException("Too much content")
         header += struct.pack("!L", rs)
         header += struct.pack("!B", len(keyid))
diff --git a/python/http_ece/tests/test_ece.py b/python/http_ece/tests/test_ece.py
@@ -57,33 +57,31 @@ class TestEce(unittest.TestCase):
     def setUp(self):
         self.keymap = {'valid': pyelliptic.ECC(curve="prime256v1")}
         self.keylabels = {'valid': 'P-256'}
+        self.m_key = os.urandom(16)
         self.m_salt = os.urandom(16)
-        self.m_dh = os.urandom(16)
 
     def tearDown(self):
         self.keymap = None
         self.keylabels = None
 
-    def test_derive_key_no_keyid(self):
+    def test_derive_key_no_keyid_dh(self):
         with assert_raises(ECEException) as ex:
             ece.derive_key('encrypt',
                            version='aes128gcm',
                            salt=self.m_salt,
-                           key=None,
-                           dh=self.m_dh,
+                           dh='bogus',
                            keyid=None,
                            keymap=self.keymap,
                            auth_secret=None,
                            )
         eq_(ex.exception.message, "'keyid' is not specified with 'dh'")
 
-    def test_derive_key_invalid_key(self):
+    def test_derive_key_invalid_keyid_dh(self):
         with assert_raises(ECEException) as ex:
             ece.derive_key('encrypt',
                            version='aes128gcm',
                            salt=self.m_salt,
-                           key=None,
-                           dh=self.m_dh,
+                           dh='bogus',
                            keyid="invalid",
                            keymap=self.keymap,
                            auth_secret=None,
@@ -95,36 +93,19 @@ def test_derive_key_invalid_mode(self):
             ece.derive_key('invalid',
                            version='aes128gcm',
                            salt=self.m_salt,
-                           key=None,
-                           dh=self.m_dh,
+                           key=self.m_key,
                            keyid="valid",
                            keymap=self.keymap,
                            auth_secret=None,
                            )
         eq_(ex.exception.message, "unknown 'mode' specified: invalid")
 
-    """
-    def test_derive_key_invalid_label(self):
-        ece.keys['invalid'] = ece.keys['valid']
-        with assert_raises(ECEException) as ex:
-            ece.derive_key('encrypt',
-                           salt=self.m_salt,
-                           key=None,
-                           dh=self.m_dh,
-                           keyid="invalid",
-                           auth_secret=None,
-                           )
-        eq_(ex.exception.message, "'keyid' doesn't identify a key label: "
-                                  "invalid")
-    """
-
     def test_derive_key_invalid_salt(self):
         with assert_raises(ECEException) as ex:
             ece.derive_key('encrypt',
                            version='aes128gcm',
                            salt=None,
-                           key=None,
-                           dh=self.m_dh,
+                           key=self.m_key,
                            keyid="valid",
                            keymap=self.keymap,
                            auth_secret=None,
@@ -136,8 +117,6 @@ def test_derive_key_invalid_version(self):
             ece.derive_key('encrypt',
                            version='invalid',
                            salt=self.m_salt,
-                           key=None,
-                           dh=None,
                            keyid="valid",
                            keymap=self.keymap,
                            auth_secret=None,
@@ -150,8 +129,6 @@ def test_derive_key_no_secret(self):
             ece.derive_key('encrypt',
                            version='aes128gcm',
                            salt=self.m_salt,
-                           key=None,
-                           dh=None,
                            keyid="valid",
                            keymap=self.keymap,
                            auth_secret=None,
@@ -164,7 +141,6 @@ def test_derive_key_keyid_from_keys(self):
                        version='aes128gcm',
                        salt=self.m_salt,
                        key=None,
-                       dh=None,
                        keyid="valid",
                        keymap=self.keymap,
                        auth_secret=None,
@@ -176,6 +152,94 @@ def test_iv_bad_counter(self):
         eq_(ex.exception.message, "Counter too big")
 
 
+class TestEceChecking(unittest.TestCase):
+
+    def setUp(self):
+        self.m_key = os.urandom(16)
+        self.m_input = os.urandom(5)
+        # This header is specific to the padding tests, but can be used elsewhere
+        self.m_header = b'\xaa\xd2\x05}3S\xb7\xff7\xbd\xe4*\xe1\xd5\x0f\xda'
+        self.m_header += struct.pack('!L', 4096) + b'\0'
+
+    def test_encrypt_small_rs(self):
+        with assert_raises(ECEException) as ex:
+            ece.encrypt(
+                self.m_input,
+                version='aes128gcm',
+                key=self.m_key,
+                rs=2,
+            )
+        eq_(ex.exception.message, "Record size too small")
+
+    def test_decrypt_small_rs(self):
+        header = os.urandom(16) + struct.pack('!L', 2) + b'\0'
+        with assert_raises(ECEException) as ex:
+            ece.decrypt(
+                header + self.m_input,
+                version='aes128gcm',
+                key=self.m_key,
+                rs=2,
+            )
+        eq_(ex.exception.message, "Record size too small")
+
+    def test_encrypt_bad_version(self):
+        with assert_raises(ECEException) as ex:
+            ece.encrypt(
+                self.m_input,
+                version='bogus',
+                key=self.m_key,
+            )
+        eq_(ex.exception.message, "Invalid version")
+
+    def test_decrypt_bad_version(self):
+        with assert_raises(ECEException) as ex:
+            ece.decrypt(
+                self.m_input,
+                version='bogus',
+                key=self.m_key,
+            )
+        eq_(ex.exception.message, "Invalid version")
+
+    def test_decrypt_bad_header(self):
+        with assert_raises(ECEException) as ex:
+            ece.decrypt(
+                os.urandom(4),
+                version='aes128gcm',
+                key=self.m_key,
+            )
+        eq_(ex.exception.message, "Could not parse the content header")
+
+    def test_encrypt_long_keyid(self):
+        with assert_raises(ECEException) as ex:
+            ece.encrypt(
+                self.m_input,
+                version='aes128gcm',
+                key=self.m_key,
+                keyid=b64e(os.urandom(192)), # 256 bytes
+            )
+        eq_(ex.exception.message, "keyid is too long")
+
+    def test_overlong_padding(self):
+        with assert_raises(ECEException) as ex:
+            ece.decrypt(
+                self.m_header + b'\xbb\xc1\xb9ev\x0b\xf0E\xd1u\x11\xac\x82\xae\x96\x96\x98{l\x13\xe2C\xf0',
+                version='aes128gcm',
+                key=b'd\xc7\x0ed\xa7%U\x14Q\xf2\x08\xdf\xba\xa0\xb9r',
+                keyid=b64e(os.urandom(192)), # 256 bytes
+            )
+        eq_(ex.exception.message, "Bad padding")
+
+    def test_nonzero_padding(self):
+        with assert_raises(ECEException) as ex:
+            ece.decrypt(
+                self.m_header + b'\xbb\xc6\xb1\x1dF:~\x0f\x07+\xbe\xaaD\xe0\xd6.K\xe5\xf9]%\xe3\x86q\xe0~',
+                version='aes128gcm',
+                key=b'd\xc7\x0ed\xa7%U\x14Q\xf2\x08\xdf\xba\xa0\xb9r',
+                keyid=b64e(os.urandom(192)), # 256 bytes
+            )
+        eq_(ex.exception.message, "Bad padding")
+
+
 class TestEceIntegration(unittest.TestCase):
 
     def setUp(self):
@@ -395,8 +459,6 @@ def _run(self, mode):
             outp = 'input'
 
         for data in self.legacy_data:
-            print(mode)
-            print(repr(data))
             p = data['params'][mode]
             keyid=p.get('keyid', '')
             if 'keys' in data:
diff --git a/python/setup.py b/python/setup.py
@@ -10,7 +10,7 @@
 
 setup(
     name='http_ece',
-    version='0.6.2',
+    version='0.6.3',
     author='Martin Thomson',
     author_email='martin.thomson@gmail.com',
     scripts=[],

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "http_ece",`
`3`		`- "version": "0.6.0",`
	`3`	`+ "version": "0.6.3",`
`4`	`4`	`"description": "Encrypted Content-Encoding for HTTP",`
`5`	`5`	`"homepage": "https://github.com/martinthomson/encrypted-content-encoding",`
`6`	`6`	`"bugs": "https://github.com/martinthomson/encrypted-content-encoding/issues",`