Merge branch 'feat/decrypt_padding' into 'master'

Jeremy T · Jeremy T · commit 2f1e514ef4ac · 2022-04-28T16:35:48.000Z
feat(decrypt): trim buffer after calling decrypt

See merge request TankerHQ/sdk-python!235
diff --git a/tankersdk/ffi_helpers.py b/tankersdk/ffi_helpers.py
@@ -2,7 +2,7 @@
 from asyncio import Future
 from typing import Any, Callable, List, Optional, cast
 
-from .error import Error, ErrorCode, make_error
+from .error import Error, ErrorCode, InvalidArgument, make_error
 
 # mypy does not know ffi types, this is for documentation purposes only
 CData = Any
@@ -28,8 +28,14 @@ def str_to_c_string(self, text: Optional[str]) -> CData:
     def c_string_to_bytes(self, c_data: CData) -> bytes:
         return cast(bytes, self.ffi.string(c_data))
 
-    def c_buffer_to_bytes(self, c_data: CData) -> bytes:
-        res = self.ffi.buffer(c_data, len(c_data))
+    def c_buffer_to_bytes(self, c_data: CData, length: Optional[int] = None) -> bytes:
+        if length is not None:
+            if length < 0:
+                raise InvalidArgument("Negative buffer size")
+            buffer_size = length
+        else:
+            buffer_size = len(c_data)
+        res = self.ffi.buffer(c_data, buffer_size)
         # Make a copy of the self.ffi.buffer as a simple `bytes`
         # object so that it can be used without worrying
         # about the self.ffi buffer being garbage collected.
diff --git a/tankersdk/tanker.py b/tankersdk/tanker.py
@@ -778,8 +778,11 @@ async def decrypt(self, encrypted_data: bytes) -> bytes:
         c_future = tankerlib.tanker_decrypt(
             self.c_tanker, c_clear_buffer, c_encrypted_buffer, len(c_encrypted_buffer)
         )
-        await ffihelpers.handle_tanker_future(c_future)
-        return ffihelpers.c_buffer_to_bytes(c_clear_buffer)
+        c_voidp = await ffihelpers.handle_tanker_future(c_future)
+        c_clear_size = ffi.cast("uint64_t", c_voidp)
+        clear_size = int(c_clear_size)
+
+        return ffihelpers.c_buffer_to_bytes(c_clear_buffer, clear_size)
 
     async def encrypt_stream(
         self, clear_stream: InputStream, options: Optional[EncryptionOptions] = None
diff --git a/test/test_tanker.py b/test/test_tanker.py
@@ -414,6 +414,16 @@ async def test_encrypt_decrypt(tmp_path: Path, app: Dict[str, str]) -> None:
     await alice.session.stop()
 
 
+@pytest.mark.asyncio
+async def test_encrypt_decrypt_empty(tmp_path: Path, app: Dict[str, str]) -> None:
+    alice = await create_user_session(tmp_path, app)
+    message = b""
+    encrypted_data = await alice.session.encrypt(message)
+    clear_data = await alice.session.decrypt(encrypted_data)
+    assert clear_data == message
+    await alice.session.stop()
+
+
 @pytest.mark.asyncio
 async def test_share_during_encrypt(tmp_path: Path, app: Dict[str, str]) -> None:
     alice = await create_user_session(tmp_path, app)
