Tests verify all param combinations

Author: Erotemic

tests/test_transcrypt.py

@@ -16,7 +16,7 @@ class TranscryptAPI:
         'digest': 'md5',
         'use_pbkdf2': '0',
         'salt_method': 'password',
-        'custom_salt': '',
+        'config_salt': '',
     }
 
     def __init__(self, dpath, config=None, verbose=2, transcript_exe=None):
@@ -37,7 +37,7 @@ def login(self):
             "{transcript_exe} -c '{cipher}' -p '{password}' "
             "-md '{digest}' --use-pbkdf2 '{use_pbkdf2}' "
             "-sm '{salt_method}' "
-            "-cs '{custom_salt}' "
+            "-cs '{config_salt}' "
             "-y"
         ).format(transcript_exe=self.transcript_exe, **self.config)
         self.cmd(command)
@@ -51,11 +51,11 @@ def display(self):
     def export_gpg(self, recipient):
         self.cmd(f'{self.transcript_exe} --export-gpg "{recipient}"')
         self.crypt_dpath = self.cmd('git config --local transcrypt.crypt-dir')['out'] or self.dpath / '.git/crypt'
-        asc_fpath = (self.crypt_dpath / (recipient + '.asc')).exists()
+        asc_fpath = (self.crypt_dpath / (recipient + '.asc'))
         return asc_fpath
 
     def import_gpg(self, asc_fpath):
-        command = f"{self.transcript_exe} --import-gpg '{asc_fpath}'"
+        command = f"{self.transcript_exe} --import-gpg '{asc_fpath}' -y"
         self.cmd(command)
 
     def show_raw(self, fpath):
@@ -106,13 +106,11 @@ def _setup_gpg(self):
             key_curve='Ed25519',
             subkey_curve='Curve25519'
         )
-
         # Fix GNUPG permissions
-        dpath = os.environ.get('GNUPGHOME', ub.expandpath('$HOME/.gnupg'))
         (self.gpg_home / 'private-keys-v1.d').ensuredir()
         # 600 for files and 700 for directories
-        ub.cmd('find ' + dpath + r' -type f -exec chmod 600 {} \;', shell=True, verbose=self.verbose)
-        ub.cmd('find ' + dpath + r' -type d -exec chmod 700 {} \;', shell=True, verbose=self.verbose)
+        ub.cmd('find ' + str(self.gpg_home) + r' -type f -exec chmod 600 {} \;', shell=True, verbose=self.verbose, cwd=self.gpg_home)
+        ub.cmd('find ' + str(self.gpg_home) + r' -type d -exec chmod 700 {} \;', shell=True, verbose=self.verbose, cwd=self.gpg_home)
 
     def _setup_git(self):
         import git
@@ -157,20 +155,60 @@ def _setup_transcrypt(self):
             self.tc.env['GNUPGHOME'] = str(self.gpg_home)
 
     def test_round_trip(self):
-        content = self.tc.show_raw(self.secret_fpath)
-        assert content.startswith(SALTED)
-        assert self.secret_fpath.read_text().startswith('secret content')
+        ciphertext = self.tc.show_raw(self.secret_fpath)
+        plaintext = self.secret_fpath.read_text()
+        assert ciphertext.startswith(SALTED)
+        assert plaintext.startswith('secret content')
+        assert not plaintext.startswith(SALTED)
+
         self.tc.logout()
-        assert self.secret_fpath.read_text().startswith(SALTED)
+        logged_out_text = self.secret_fpath.read_text()
+        assert logged_out_text == ciphertext
+
         self.tc.login()
-        assert self.secret_fpath.read_text().startswith('secret content')
+        logged_in_text = self.secret_fpath.read_text()
+
+        assert logged_out_text == ciphertext
+        assert logged_in_text == plaintext
 
     def test_export_gpg(self):
         self.tc.display()
         asc_fpath = self.tc.export_gpg(self.gpg_fpr)
+
+        info = self.tc.cmd(f'gpg --batch --quiet --decrypt "{asc_fpath}"')
+        content = info['out']
+
+        got_config = dict([p.split('=', 1) for p in content.split('\n') if p])
+        config = self.tc.config.copy()
+        is_ok = got_config == config
+        if not is_ok:
+            if config['salt_method'] == 'configured':
+                if config['config_salt'] == '':
+                    config.pop('config_salt')
+                    got_config.pop('config_salt')
+                    is_ok = got_config == config
+            else:
+                config.pop('config_salt')
+                got_config.pop('config_salt')
+                is_ok = got_config == config
+
+        if not is_ok:
+            print(f'got_config={got_config}')
+            print(f'config={config}')
+            raise AssertionError
+
+        # content = io.StringIO()
+        # with open(asc_fpath, 'r') as file:
+        #     ciphertext = file.read()
+        # self.gpg_store.decrypt(ciphertext, content)
+
+        assert asc_fpath.exists()
         self.tc.logout()
         self.tc.import_gpg(asc_fpath)
 
+        plaintext = self.secret_fpath.read_text()
+        assert plaintext.startswith('secret content')
+
 
 def run_tests():
     """
@@ -184,12 +222,38 @@ def run_tests():
         >>> self = TestEnvironment()
         >>> self.setup()
         >>> self.tc._manual_hack_info()
-
         >>> self.test_round_trip()
         >>> self.test_export_gpg()
 
         self = TestEnvironment(config={'use_pbkdf2': 1})
         self.setup()
         self.test_round_trip()
         self.test_export_gpg()
+
+        self = TestEnvironment(config={'use_pbkdf2': 1})
+    """
+
+    # Test that transcrypt works under a variety of config conditions
+    basis = {
+        'cipher': ['aes-256-cbc'],
+        'password': ['correct horse battery staple'],
+        'digest': ['md5', 'sha256'],
+        'use_pbkdf2': ['0', '1'],
+        'salt_method': ['password', 'configured'],
+        'config_salt': ['', 'mylittlecustomsalt'],
+    }
+
+    for params in ub.named_product(basis):
+        config = params.copy()
+        self = TestEnvironment(config=config)
+        self.setup()
+        self.test_round_trip()
+        self.test_export_gpg()
+
+
+if __name__ == '__main__':
+    """
+    CommandLine:
+        python ~/code/transcrypt/tests/test_transcrypt.py
     """
+    run_tests()

transcrypt

@@ -143,7 +143,7 @@ _is_contained_str(){
 # shellcheck disable=SC2155
 _load_versioned_config_var(){
 	# the current git repository's top-level directory
-    if [[ "$VERSIONED_TC_CONFIG" == "" ]]; then
+    if [ -z "${VERSIONED_TC_CONFIG+x}" ]; then
         readonly REPO=$(git rev-parse --show-toplevel 2>/dev/null)
         # This is the place where transcrypt can store state that will be
         # "versioned" (i.e. checked into the repo)
@@ -342,7 +342,8 @@ git_smudge() {
 	# the file contents are passed via stdin
 	tempfile=$(mktemp 2>/dev/null || mktemp -t tmp)
 	trap 'rm -f "$tempfile"' EXIT
-	_load_transcrypt_config_vars
+	#_load_transcrypt_config_vars
+    _load_vars_for_encryption
 	tee "$tempfile" | ENC_PASS=$password "$openssl_path" enc "-${cipher}" -md "${digest}" -pass env:ENC_PASS "${pbkdf2_args[@]}" -d -a 2>/dev/null || cat "$tempfile"
 }
 
@@ -709,8 +710,8 @@ save_configuration() {
     if [[ "$salt_method" == "configured" ]]; then
         # TODO: we may want to also write the config-salt variable to the local config
         # The user might not care about cross machine transparency
-        git config transcrypt.config-salt "$extra_salt"
-        _set_versioned_config_var "transcrypt.config-salt" "$extra_salt"
+        git config transcrypt.config-salt "$config_salt"
+        _set_versioned_config_var "transcrypt.config-salt" "$config_salt"
         if ! git ls-files --error-unmatch "$RELATIVE_VERSIONED_TC_CONFIG" > /dev/null 2>&1; then
             git add "${RELATIVE_VERSIONED_TC_CONFIG}"
             printf "*** The contents of %s were configured. ***\n" "${RELATIVE_VERSIONED_TC_CONFIG}"
@@ -769,14 +770,14 @@ display_configuration() {
 	printf 'The current repository was configured using transcrypt version %s\n' "$CONFIGURED"
 	printf 'and has the following configuration:\n\n'
     _display_git_configuration
+    _display_runtime_configuration
 	printf 'Copy and paste the following command to initialize a cloned repository:\n\n'
-	printf "  transcrypt -c %s -p '%s' --md '%s' --use_pbkdf2 '%s' -sm '%s' -cs '%s'\n" \
+	printf "  transcrypt -c '%s' -p '%s' -md '%s' --use-pbkdf2 '%s' -sm '%s' -cs '%s'\n" \
         "$cipher" "$escaped_password" "$digest" "$use_pbkdf2" "$salt_method" "$config_salt"
 
 	#[[ ! $REPO ]] || printf '  GIT_WORK_TREE:  %s\n' "$REPO"
 	#printf '  GIT_DIR:        %s\n' "$GIT_DIR"
 	#printf '  GIT_ATTRIBUTES: %s\n\n' "$GIT_ATTRIBUTES"
-    _display_git_configuration
 	#printf '  DIGEST:  %s\n' "$current_digest"
 	#printf '  USE_PBKDF2: %s\n' "$current_use_pbkdf2"
 	#printf '  SALT_METHOD: %s\n' "$current_salt_method"
@@ -786,7 +787,7 @@ display_configuration() {
 	#printf '  CIPHER:     %s\n' "$current_cipher"
 	#printf '  PASSWORD:   %s\n\n' "$current_password"
 	#printf 'Copy and paste the following command to initialize a cloned repository:\n\n'
-	#printf "  transcrypt -c %s -p '%s' --md '%s' --use_pbkdf2 '%s' -sm '%s'\n" \
+	#printf "  transcrypt -c %s -p '%s' -md '%s' --use_pbkdf2 '%s' -sm '%s'\n" \
     #    "$current_cipher" "$escaped_password" "$current_digest" "$current_use_pbkdf2" "$current_salt_method"
 }
 
@@ -1059,14 +1060,6 @@ export_gpg() {
 
     _load_transcrypt_config_vars
 
-    if [[ "$salt_method" == "password" ]]; then
-        extra_salt=$password
-    elif [[ "$salt_method" == "configured" ]]; then
-        extra_salt=$(_load_versioned_config_var "transcrypt.config-salt")
-    else
-        die "unknown salt method"
-    fi
-
 	#local current_cipher
 	#current_cipher=$(git config --get --local transcrypt.cipher)
 	#local current_password
@@ -1075,7 +1068,9 @@ export_gpg() {
 
 	local gpg_encrypt_cmd="gpg --batch --recipient $gpg_recipient --trust-model always --yes --armor --quiet --encrypt -"
 	#printf 'password=%s\ncipher=%s\n' "$current_password" "$current_cipher" | $gpg_encrypt_cmd >"${CRYPT_DIR}/${gpg_recipient}.asc"
-    printf 'password=%s\ncipher=%s\ndigest=%s\n\n' "$current_password" "$current_cipher" | $gpg_encrypt_cmd >"${CRYPT_DIR}/${gpg_recipient}.asc"
+    printf 'password=%s\ncipher=%s\ndigest=%s\nuse_pbkdf2=%s\nsalt_method=%s\nconfig_salt=%s\n\n' \
+        "$password" "$cipher" "$digest" "$use_pbkdf2" "$salt_method" "$config_salt" | \
+        $gpg_encrypt_cmd >"${CRYPT_DIR}/${gpg_recipient}.asc"
 	printf "The transcrypt configuration has been encrypted and exported to:\n%s/crypt/%s.asc\n" "$GIT_DIR" "$gpg_recipient"
 }
 
@@ -1108,6 +1103,10 @@ import_gpg() {
 
 	cipher=$(printf '%s' "$configuration" | grep '^cipher' | cut -d'=' -f 2-)
 	password=$(printf '%s' "$configuration" | grep '^password' | cut -d'=' -f 2-)
+	digest=$(printf '%s' "$configuration" | grep '^digest' | cut -d'=' -f 2-)
+	use_pbkdf2=$(printf '%s' "$configuration" | grep '^use_pbkdf2' | cut -d'=' -f 2-)
+	salt_method=$(printf '%s' "$configuration" | grep '^salt_method' | cut -d'=' -f 2-)
+	config_salt=$(printf '%s' "$configuration" | grep '^config_salt' | cut -d'=' -f 2-)
 }
 
 # print this script's usage message to stderr