[AZ-154] [AZ-157] [AZ-159] [AZ-160] Add augmentation nonfunc, encryption, annotation class, hardware hash tests

Made-with: Cursor
2026-04-22 10:46:35 +00:00 · 2026-03-26 23:21:05 +02:00
parent 41552c5699
commit 0841e095c8
6 changed files with 518 additions and 0 deletions
@@ -0,0 +1,94 @@
+import os
+
+import pytest
+
+from security import Security
+
+
+def test_bt_enc_01_roundtrip_1024_random_bytes():
+    key = "test-key"
+    data = os.urandom(1024)
+    enc = Security.encrypt_to(data, key)
+    assert Security.decrypt_to(enc, key) == data
+
+
+def test_bt_enc_02_roundtrip_onnx_model(fixture_onnx_model):
+    key = Security.get_model_encryption_key()
+    data = fixture_onnx_model
+    enc = Security.encrypt_to(data, key)
+    assert Security.decrypt_to(enc, key) == data
+
+
+def test_bt_enc_03_roundtrip_empty_input():
+    key = "k"
+    data = b""
+    enc = Security.encrypt_to(data, key)
+    assert Security.decrypt_to(enc, key) == b""
+
+
+def test_bt_enc_04_roundtrip_single_zero_byte():
+    key = "k"
+    data = b"\x00"
+    enc = Security.encrypt_to(data, key)
+    assert Security.decrypt_to(enc, key) == b"\x00"
+
+
+def test_bt_enc_05_same_data_different_keys_different_ciphertext():
+    data = b"payload"
+    a = Security.encrypt_to(data, "key-a")
+    b = Security.encrypt_to(data, "key-b")
+    assert a != b
+
+
+def test_bt_enc_06_decrypt_wrong_key_not_equal_original():
+    original = b"secret"
+    enc = Security.encrypt_to(original, "key-a")
+    out = Security.decrypt_to(enc, "key-b")
+    assert out != original
+
+
+@pytest.mark.resilience
+def test_rt_enc_01_corrupted_ciphertext():
+    key = "k"
+    original = b"hello world"
+    enc = Security.encrypt_to(original, key)
+    corrupted = bytearray(enc)
+    corrupted[len(corrupted) // 2] ^= 0xFF
+    try:
+        result = Security.decrypt_to(bytes(corrupted), key)
+    except Exception:
+        return
+    assert result != original
+
+
+@pytest.mark.security
+def test_st_enc_01_same_data_same_key_two_encryptions_differ():
+    key = "k"
+    data = b"x" * 64
+    a = Security.encrypt_to(data, key)
+    b = Security.encrypt_to(data, key)
+    assert a != b
+
+
+@pytest.mark.security
+def test_st_enc_02_wrong_key_cannot_recover_plaintext():
+    original = b"data"
+    enc = Security.encrypt_to(original, "key-one")
+    out = Security.decrypt_to(enc, "key-two")
+    assert out != original
+
+
+@pytest.mark.security
+def test_st_enc_03_model_encryption_key_deterministic():
+    a = Security.get_model_encryption_key()
+    b = Security.get_model_encryption_key()
+    assert a == b
+
+
+@pytest.mark.resource_limit
+def test_rl_enc_01_encrypted_size_at_most_plaintext_plus_32():
+    key = "k"
+    for n in (0, 1, 15, 16, 17, 1024, 4096):
+        data = os.urandom(n)
+        enc = Security.encrypt_to(data, key)
+        assert len(enc) <= n + 32