add: mobilpay crypto unit tests#389
Conversation
This can be reused for testing just the crypto snippets.
This builds a test environment for the pycrypto bits. For now we just pip install and verify that the source module can resolve all imports.
aka public keys.
We don't need the rest, and it matches existing imports ("from
mobilpay....").
No tests yet, but still verify import succeeds.
Just verify they don't except and they return _something_.
This just excercises the code, but doesn't test correctness.
With openssl. N.B., only the "-K" option to "openssl enc" allows specifying a raw RC4 key (in hex), all others (-k, -kfile, -pass) go through a KDF (sha256, by default) which is not what the mobilpay flow does.
Using input data generated by openssl.
| -out $d/enc.key.rsaenc ; \ | ||
| base64 -w0 < $d/enc.key.rsaenc > $d/enc.key.rsaenc.b64 ; \ | ||
| done ; \ | ||
| done |
There was a problem hiding this comment.
I propose to put this in a separate bash script in order to improve readability and ease the review process. What do you say?
| @@ -0,0 +1,2 @@ | |||
| -r requirements-crypto.txt | |||
| requests==2.23.0 | |||
There was a problem hiding this comment.
Why not use the dev requirements for the test env?
There was a problem hiding this comment.
Ugh, yeah. 🤕 I will try to find the time to backport the dependency management from https://github.com/code4romania/votong and get this fixed.
| enc_key_rsaenc = _slurp('enc.key.rsaenc.b64') | ||
| privkey = Crypto().get_private_key(d + 'private.pem') | ||
| dec_msg = Crypto().decrypt(msg_enc, privkey, enc_key_rsaenc) | ||
| self.assertEqual(dec_msg, b'message from them\n') |
There was a problem hiding this comment.
These are great. 👍 I would only recommend that we use pytest instead of the unittest library and move this test file in a tests folder in the root of the project.
There was a problem hiding this comment.
Not sure about moving to tests/; it would place the tests far away from the implementation, and would require at least some tweaking of imports.
There was a problem hiding this comment.
Fair enough. I would still propose we have a separate ro_help/mobilpay/mobilpay/tests folder here and also add the name of the module you are testing as a suffix to the file name, something like test_encrypt_data.py. What do you say?
For readability, eschew escaping of newlines.
No changes required to the actual test source, pytest groks unittest API.
eef8689 to
38052ff
Compare
Add a few unit tests for the mobilpay low-level crypto. Useful for #386, to verify replacement implementation later on.
Decryption is verified against the stand-alone openssl tool, encryption is verified against ourselves (for now?)