Handle new libnacl exceptions (#34)

Fix handle libnacl.CryptError
Add tests for basic libnacl crypto
Require pytest-asyncio==0.5.0 for Python 3.4 builds
Bump dependency versions

Author: lgrahl

setup.py

@@ -38,14 +38,14 @@ def read(file):
 # Note: These are just tools that aren't required, so a version range
 #       is not necessary here.
 tests_require = [
-    'pytest>=2.8.4',
-    'pytest-asyncio>=0.2.0',
-    'pytest-cov>=2.4.0',
+    'pytest>=3.1.3',
+    'pytest-asyncio>=0.6.0',
+    'pytest-cov>=2.5.1',
     'flake8>=3.3.0',
-    'isort>=4.2.5',
+    'isort>=4.2.15',
     'collective.checkdocs>=0.2',
     'Pygments>=2.2.0',  # required by checkdocs
-    'mypy==0.501',
+    'mypy>=0.521',
 ]
 
 setup(
@@ -55,8 +55,8 @@ def read(file):
     namespace_packages=['threema'],
     install_requires=[
         'py_lru_cache>=0.1.4,<0.2',
-        'logbook>=1,<2',
-        'libnacl>=1.5,<2',
+        'logbook>=1.1.0,<2',
+        'libnacl>=1.5.2,<2',
         'click>=6.7,<7',  # doesn't seem to follow semantic versioning
         'aiohttp>=1.3.5,<2',
         'wrapt>=1.10.10,<2',
@@ -65,9 +65,10 @@ def read(file):
     extras_require={
         ':python_version<="3.4"': [
             'asyncio==3.4.3',
+            'pytest-asyncio==0.5.0'
         ],
         ':python_version<="3.5"': [
-            'typing>=3.6,<3.7',
+            'typing>=3.6.1,<3.7',
         ],
         'dev': tests_require,
         'uvloop': ['uvloop>=0.8.0,<2'],

tests/test_base.py

@@ -0,0 +1,34 @@
+import libnacl
+import pytest
+
+from threema.gateway import (
+    e2e,
+    key,
+)
+
+
+class TestCrypto:
+    def test_incorrect_nonce(self):
+        key_pair = key.Key.generate_pair()
+        data_in = b'meow'
+        nonce = b'0' * 23
+        with pytest.raises(ValueError) as exc_info:
+            e2e._pk_encrypt(key_pair, data_in, nonce=nonce)
+        assert 'Invalid nonce size' in str(exc_info.value)
+
+    def test_incorrect_ciphertext(self):
+        key_pair = key.Key.generate_pair()
+        data_in = b'meow'
+        nonce = b'0' * 24
+        with pytest.raises(libnacl.CryptError) as exc_info:
+            _, data_encrypted = e2e._pk_encrypt(key_pair, data_in, nonce=nonce)
+            e2e._pk_decrypt(key_pair, nonce, data_encrypted + b'0')
+        assert 'decrypt' in str(exc_info.value)
+
+    def test_valid(self):
+        key_pair = key.Key.generate_pair()
+        data_in = b'meow'
+        nonce = b'0' * 24
+        _, data_encrypted = e2e._pk_encrypt(key_pair, data_in, nonce=nonce)
+        data_out = e2e._pk_decrypt(key_pair, nonce, data_encrypted)
+        assert data_in == data_out

threema/gateway/e2e.py

@@ -52,7 +52,6 @@
 BLOB_ID_LENGTH = 16
 
 
-# TODO: Raises?
 def _pk_encrypt(key_pair: Tuple[Key, Key], data: bytes, nonce: bytes = None):
     """
     Encrypt data by using public-key encryption.
@@ -63,6 +62,9 @@ def _pk_encrypt(key_pair: Tuple[Key, Key], data: bytes, nonce: bytes = None):
         - `data`: Raw data.
         - `nonce`: A predefined nonce.
 
+    Raises `libnacl.CryptError` in case the data could not be encrypted.
+    Raises `ValueError` in other cases.
+
     Return a tuple of bytes containing the nonce and the encrypted
     data.
     """
@@ -72,7 +74,6 @@ def _pk_encrypt(key_pair: Tuple[Key, Key], data: bytes, nonce: bytes = None):
     return box.encrypt(data, nonce=nonce, pack_nonce=False)
 
 
-# TODO: Raises?
 def _pk_decrypt(key_pair: Tuple[Key, Key], nonce: bytes, data: bytes):
     """
     Decrypt data by using public-key decryption.
@@ -83,6 +84,9 @@ def _pk_decrypt(key_pair: Tuple[Key, Key], nonce: bytes, data: bytes):
         - `nonce`: The nonce of the encrypted data.
         - `data`: Encrypted data.
 
+    Raises `libnacl.CryptError` in case the data could not be decrypted.
+    Raises `ValueError` in other cases.
+
     Return the decrypted data.
     """
     # Decrypt payload
@@ -650,7 +654,7 @@ def encrypt(self, data, key_pair=None, nonce=None):
         # Encrypt
         try:
             return _pk_encrypt(key_pair, data, nonce=nonce)
-        except ValueError as exc:
+        except (ValueError, libnacl.CryptError) as exc:
             raise MessageError('Could not encrypt data') from exc
 
     @classmethod
@@ -671,8 +675,8 @@ def decrypt(cls, nonce, data, key_pair):
         # Decrypt
         try:
             return _pk_decrypt(key_pair, nonce, data)
-        except ValueError:
-            raise MessageError('Could not decrypt data')
+        except (ValueError, libnacl.CryptError) as exc:
+            raise MessageError('Could not decrypt data') from exc
 
 
 # TODO: Update docstring (arguments)