alee/stegasoo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Release checklist and updated test scripts.

Browse Source
This commit is contained in:
Aaron D. Lee
2026-01-01 14:04:55 -05:00
parent a001f227ec
commit 12929bf326
8 changed files with 1635 additions and 575 deletions
Download Patch File Download Diff File Expand all files Collapse all files

851
frontends/API.md
View File

File diff suppressed because it is too large Load Diff

333
frontends/WEB_UI.md
View File

@@ -1,10 +1,11 @@
# Stegasoo Web UI Documentation
# Stegasoo Web UI Documentation (v3.2.0)
Complete guide for the Stegasoo web-based steganography interface.
## Table of Contents
- [Overview](#overview)
- [What's New in v3.2.0](#whats-new-in-v320)
- [Installation & Setup](#installation--setup)
- [Pages & Features](#pages--features)
- [Home Page](#home-page)
@@ -14,7 +15,7 @@ Complete guide for the Stegasoo web-based steganography interface.
- [About Page](#about-page)
- [Embedding Modes](#embedding-modes)
- [LSB Mode (Default)](#lsb-mode-default)
- [DCT Mode (Experimental)](#dct-mode-experimental)
- [DCT Mode](#dct-mode)
- [User Interface Guide](#user-interface-guide)
- [Workflow Examples](#workflow-examples)
- [Security Features](#security-features)
@@ -28,9 +29,9 @@ Complete guide for the Stegasoo web-based steganography interface.
The Stegasoo Web UI provides a user-friendly browser-based interface for:
- **Generating** secure credentials (phrases, PINs, RSA keys)
- **Encoding** secret messages into images
- **Decoding** hidden messages from images
- **Generating** secure credentials (passphrase, PINs, RSA keys)
- **Encoding** secret messages or files into images
- **Decoding** hidden messages or files from images
- **Learning** about the security model
Built with Flask, Bootstrap 5, and a modern dark theme.
@@ -39,14 +40,37 @@ Built with Flask, Bootstrap 5, and a modern dark theme.
- ✅ Drag-and-drop file uploads
- ✅ Image previews
- ✅ Client-side date detection
- ✅ Native sharing (Web Share API)
- ✅ Responsive design (mobile-friendly)
- ✅ Password-protected RSA key downloads
- ✅ Real-time entropy calculations
- ✅ Automatic file cleanup
-**DCT steganography mode** (v3.0+) - JPEG-resilient embedding
-**Color mode selection** (v3.0.1+) - Preserve carrier colors
-**DCT steganography mode** - Frequency domain embedding
-**Color mode selection** - Preserve carrier colors
-**File embedding** - Hide files, not just text
-**v3.2.0: No date tracking** - Simplified workflow
---
## What's New in v3.2.0
Version 3.2.0 simplifies the user experience significantly:
| Change | Before (v3.1) | After (v3.2.0) |
|--------|---------------|----------------|
| Credentials | 7 daily phrases | Single passphrase |
| Encode form | Date selection required | No date field |
| Decode form | Date detection/input | No date needed |
| Default words | 3 words | 4 words |
| Field label | "Day Phrase" | "Passphrase" |
**Key benefits:**
- ✅ No need to remember which day a message was encoded
- ✅ Simpler forms with fewer fields
- ✅ True asynchronous communication
- ✅ Stronger default security (4 words = ~44 bits entropy)
**Breaking Change:** v3.2.0 cannot decode images created with v3.1.x.
---
@@ -58,7 +82,7 @@ Built with Flask, Bootstrap 5, and a modern dark theme.
pip install stegasoo[web]
```
This automatically installs DCT dependencies (scipy, jpegio) for full functionality.
This automatically installs DCT dependencies (scipy) for full functionality.
### From Source
@@ -92,7 +116,7 @@ docker-compose up web
1. Navigate to http://localhost:5000
2. Click "Generate" to create your credentials
3. **Memorize** your phrases and PIN
3. **Memorize** your passphrase and PIN
4. Share credentials securely with your communication partner
---
@@ -117,7 +141,7 @@ The landing page introduces Stegasoo and provides quick access to all features.
Explains the three key components:
1. **Reference Photo** - Shared secret image
2. **Day Phrase** - Changes daily
2. **Passphrase** - Your secret phrase (v3.2.0: same every time!)
3. **Static PIN** - Same every day
---
@@ -132,7 +156,7 @@ Create a new set of credentials for steganography operations.
| Option | Range | Default | Description |
|--------|-------|---------|-------------|
| Words per phrase | 3-12 | 3 | BIP-39 words per daily phrase |
| Words per passphrase | 3-12 | 4 | BIP-39 words in passphrase |
| Use PIN | on/off | on | Generate a numeric PIN |
| PIN length | 6-9 | 6 | Digits in the PIN |
| Use RSA Key | on/off | off | Generate an RSA key pair |
@@ -143,12 +167,12 @@ Create a new set of credentials for steganography operations.
The UI displays real-time entropy calculations:
```
Estimated entropy: ~53 bits
[==========> ] Good for most use cases
Estimated entropy: ~63 bits
[=============> ] Good for most use cases
• Reference photo adds ~80-256 bits more
```
#### Generated Output
#### Generated Output (v3.2.0)
After clicking "Generate Credentials":
@@ -157,34 +181,32 @@ After clicking "Generate Credentials":
┌─────────────────────┐
│ 8 4 7 2 9 3 │
└─────────────────────┘
Use this 6-digit PIN every day
Use this 6-digit PIN every time
```
**Daily Phrases:**
**Passphrase** (v3.2.0: single passphrase, no daily rotation):
```
Day │ Phrase
─────────────────────────────────────────
Monday │ abandon ability able
Tuesday │ actor actress actual
Wednesday │ advice aerobic affair
Thursday │ afraid again age
Friday │ agree ahead aim
Saturday │ airport aisle alarm
Sunday │ album alcohol alert
┌─────────────────────────────────────────┐
│ abandon ability able about │
│ │
│ Use this passphrase to encode and │
│ decode messages - no date needed! │
└─────────────────────────────────────────┘
```
**RSA Key** (if enabled):
- Copy to clipboard button
- Download as password-protected .pem file
- Download as QR code image
**Security Summary:**
```
Phrase entropy: 33 bits/phrase
PIN entropy: 19 bits/PIN
RSA entropy: 128 bits/RSA
Passphrase entropy: 44 bits (4 words)
PIN entropy: 19 bits
RSA entropy: 128 bits
─────────────────────────────
Total: 180 bits
+ reference photo (~80-256 bits) = 260+ bits combined
Total: 191 bits
+ reference photo (~80-256 bits) = 271+ bits combined
```
#### RSA Key Download
@@ -195,13 +217,20 @@ Total: 180 bits
4. Save the file securely
5. Share with your communication partner through a secure channel
#### RSA Key QR Code
For easier sharing, you can also:
1. Click "Download QR Code"
2. Save the QR code image
3. Your partner can scan it to import the key
---
### Encode Message
**URL:** `/encode`
Hide a secret message inside an image.
Hide a secret message or file inside an image.
#### Input Fields
@@ -209,15 +238,19 @@ Hide a secret message inside an image.
|-------|------|----------|-------------|
| Reference Photo | Image file | ✓ | Your shared secret photo |
| Carrier Image | Image file | ✓ | Image to hide message in |
| Secret Message | Text | ✓ | Message to hide (max 50KB) |
| Day Phrase | Text | | Today's passphrase |
| PIN | Number | * | Your static PIN |
| RSA Key | .pem file | * | Your shared RSA key |
| Payload Type | Toggle | ✓ | Text message or file |
| Secret Message | Text | * | Message to hide (max 50KB) |
| File to Embed | File | * | File to hide (max 2MB) |
| Passphrase | Text | | Your passphrase (v3.2.0) |
| PIN | Number | ** | Your static PIN |
| RSA Key | .pem file | ** | Your shared RSA key |
| RSA Key QR | Image file | ** | QR code containing RSA key |
| RSA Key Password | Password | | Password for encrypted key |
\* At least one security factor (PIN or RSA Key) required.
\* One of message or file required.
\*\* At least one security factor (PIN or RSA Key) required.
#### Advanced Options (v3.0+)
#### Advanced Options
Expand "Advanced Options" to access embedding mode settings:
@@ -246,13 +279,6 @@ Message: [ ]
Shows warning at 80% capacity.
#### Day Detection
The page automatically detects your local day of week and updates the label:
```
Saturday's Phrase: [ ]
```
#### Encoding Process
1. Fill in all required fields
@@ -271,11 +297,11 @@ After successful encoding:
┌────────────────────────────────────────┐
│ ✓ Message Encoded Successfully! │
│ │
│ 📄 a1b2c3d4_20251227.png
│ Your secret message is hidden │
│ 📄 a1b2c3d4.png
│ Your secret is hidden
│ in this image │
│ │
│ Mode: DCT (Color, JPEG) │ ← v3.0+ shows mode info
│ Mode: DCT (Color, JPEG) │
│ Capacity used: 45.2% │
│ │
│ [ Download Image ] │
@@ -307,7 +333,7 @@ After successful encoding:
**URL:** `/decode`
Extract a hidden message from a stego image.
Extract a hidden message or file from a stego image.
#### Input Fields
@@ -315,34 +341,28 @@ Extract a hidden message from a stego image.
|-------|------|----------|-------------|
| Reference Photo | Image file | ✓ | Same photo used for encoding |
| Stego Image | Image file | ✓ | Image containing hidden message |
| Day Phrase | Text | ✓ | Phrase for the **encoding** day |
| Passphrase | Text | ✓ | Same passphrase used for encoding |
| PIN | Number | * | Same PIN used for encoding |
| RSA Key | .pem file | * | Same RSA key used for encoding |
| RSA Key QR | Image file | * | QR code containing RSA key |
| RSA Key Password | Password | | Password for encrypted key |
\* Must match security factors used during encoding.
#### Automatic Mode Detection (v3.0+)
#### Automatic Mode Detection
The decoder automatically detects whether a stego image uses LSB or DCT mode. You don't need to specify the mode manually—it just works!
#### Date Detection from Filename
#### Decoding Process (v3.2.0 Simplified)
When you upload a stego image with a date in the filename (e.g., `stego_20251227.png`), the UI:
1. Extracts the date
2. Determines the day of week
3. Updates the phrase label: "Saturday's Phrase"
1. Upload the same reference photo
2. Upload the received stego image
3. Enter your passphrase (no date needed!)
4. Enter your PIN and/or RSA key
5. Click "Decode Message"
6. View decoded message or download decoded file
This helps you use the correct daily phrase.
#### Decoding Process
1. Fill in all required fields
2. Click "Decode Message"
3. Wait for processing
4. View decoded message on same page
#### Successful Decode
#### Successful Decode (Text)
```
┌────────────────────────────────────────┐
@@ -358,13 +378,31 @@ This helps you use the correct daily phrase.
└────────────────────────────────────────┘
```
#### Successful Decode (File)
```
┌────────────────────────────────────────┐
│ ✓ File Extracted Successfully! │
│ │
│ 📄 secret_document.pdf │
│ Size: 245 KB │
│ Type: application/pdf │
│ │
│ [ Download File ] │
│ │
│ ⚠️ File expires in 5 minutes. │
│ │
│ [ Decode Another Message ] │
└────────────────────────────────────────┘
```
#### Troubleshooting Tips
If decryption fails:
1. **Check the date** - Use phrase for encoding day, not today
1. **Check passphrase** - Must be exact match (case-sensitive)
2. **Same reference photo** - Must be identical file
3. **Correct PIN/RSA** - Match what was used for encoding
4. **Image integrity** - Ensure no resizing/recompression
4. **Image integrity** - Ensure no resizing/recompression (LSB mode)
---
@@ -374,11 +412,17 @@ If decryption fails:
Information about the Stegasoo project, security model, and credits.
Includes:
- Version information (v3.2.0)
- v3.2.0 changes explanation
- Security model overview
- Dependency status (Argon2, QR code support)
---
## Embedding Modes
Stegasoo v3.0+ offers two steganography algorithms, each with different trade-offs.
Stegasoo offers two steganography algorithms, each with different trade-offs.
### LSB Mode (Default)
@@ -386,7 +430,7 @@ Stegasoo v3.0+ offers two steganography algorithms, each with different trade-of
| Aspect | Details |
|--------|---------|
| **Capacity** | ~3 bits/pixel (~770 KB for 1920×1080) |
| **Capacity** | ~3 bits/pixel (~375 KB for 1920×1080) |
| **Output Format** | PNG only (lossless required) |
| **Resilience** | ❌ Destroyed by JPEG compression |
| **Best For** | Maximum capacity, controlled sharing |
@@ -396,31 +440,28 @@ Stegasoo v3.0+ offers two steganography algorithms, each with different trade-of
- Maximum message capacity needed
- Recipient won't modify the image
### DCT Mode (Experimental)
### DCT Mode
**Discrete Cosine Transform** embedding hides data in frequency domain coefficients.
| Aspect | Details |
|--------|---------|
| **Capacity** | ~0.25 bits/pixel (~65 KB for 1920×1080 PNG, ~30-50 KB JPEG) |
| **Capacity** | ~0.25 bits/pixel (~65 KB for 1920×1080 PNG, ~50 KB JPEG) |
| **Output Formats** | PNG or JPEG |
| **Resilience** | ✅ Survives JPEG compression |
| **Best For** | Social media, messaging apps, web sharing |
> ⚠️ **Experimental Feature**: DCT mode is marked experimental and may have edge cases. Test with your specific workflow before relying on it for critical messages.
| **Resilience** | ✅ Better resistance to analysis |
| **Best For** | Stealth requirements, frequency domain hiding |
**When to use DCT:**
- Posting to social media (which recompresses images)
- Sharing via messaging apps (WhatsApp, Telegram, etc.)
- When channel may apply JPEG compression
- When stealth is important
- Smaller messages that fit in reduced capacity
- When you want JPEG output for natural appearance
#### DCT Output Formats
| Format | Pros | Cons |
|--------|------|------|
| **PNG** | Lossless, predictable | Larger file, obvious if channel expects JPEG |
| **JPEG** | Native format, natural | Slightly lower capacity |
| **PNG** | Lossless, predictable | Larger file |
| **JPEG** | Native format, natural, smaller | Slightly lower capacity |
#### DCT Color Modes
@@ -435,9 +476,9 @@ For a 1920×1080 image:
| Mode | Approximate Capacity |
|------|---------------------|
| LSB (PNG) | ~770 KB |
| LSB (PNG) | ~375 KB |
| DCT (PNG, Color) | ~65 KB |
| DCT (JPEG) | ~30-50 KB |
| DCT (JPEG) | ~50 KB |
### Choosing the Right Mode
@@ -446,19 +487,21 @@ For a 1920×1080 image:
│ Mode Selection Guide │
├─────────────────────────────────────────────────────────────┤
│ │
Will the image be recompressed (social media, chat apps)?
┌───────────┴───────────┐
│ ▼
YES NO
│ │
│ ▼
Use DCT Mode Use LSB Mode
Output: JPEG (natural) Output: PNG (automatic)
Color: Color (usually) Capacity: ~770 KB
Capacity: ~30-50 KB
Need maximum capacity?
┌───────┴───────┐
▼ │
YES NO
│ │
▼ │
Use LSB Need stealth?
(default) │ │
┌───────┴───────┐
▼ ▼
YES NO
│ │
│ ▼ ▼ │
│ Use DCT Use LSB │
│ │
└─────────────────────────────────────────────────────────────┘
```
@@ -482,6 +525,9 @@ For a 1920×1080 image:
│ │ │ (Reference) │ │ (Carrier) │ │ │
│ │ └──────────────┘ └──────────────┘ │ │
│ │ │ │
│ │ Passphrase: [________________________] │ │
│ │ PIN: [____________] │ │
│ │ │ │
│ │ [Advanced Options ▼] │ │
│ │ ┌────────────────────────────────────────────┐ │ │
│ │ │ Embedding Mode: [LSB ▼] │ │ │
@@ -508,7 +554,6 @@ For a 1920×1080 image:
| Success | Green | Positive actions |
| Warning | Yellow | Caution messages |
| Error | Red | Error states |
| Experimental | Orange badge | DCT mode indicator |
### Form Validation
@@ -516,6 +561,7 @@ For a 1920×1080 image:
- Clear error messages in alerts
- Required field indicators
- Input constraints (max length, format)
- Passphrase word count validation (v3.2.0)
### Loading States
@@ -535,7 +581,7 @@ During long operations:
Types:
- Success (green) - Operation completed
- Error (red) - Operation failed
- Warning (yellow) - Caution needed
- Warning (yellow) - Caution needed (e.g., short passphrase)
---
@@ -545,14 +591,14 @@ Types:
**Party A:**
1. Go to `/generate`
2. Configure: PIN ✓, 3 words, 6 digits
2. Configure: PIN ✓, 4 words, 6 digits
3. Click "Generate Credentials"
4. **Write down** phrases and PIN on paper
4. **Write down** passphrase and PIN on paper
5. **Memorize** over the next few days
6. Destroy the paper
**Share with Party B (in person or secure channel):**
- The 7 daily phrases
- The passphrase (just one phrase now!)
- The PIN
- The reference photo file (if not already shared)
@@ -562,40 +608,53 @@ Types:
2. Upload your shared reference photo
3. Upload any carrier image (meme, vacation photo, etc.)
4. Type your secret message
5. Enter today's phrase (check your memory!)
5. Enter your passphrase
6. Enter your PIN
7. Click "Encode Message"
8. Download or share the resulting image
9. Send via any channel (email, file transfer)
### Sending via Social Media (DCT Mode)
### Sending with DCT Mode
1. Go to `/encode`
2. Upload your shared reference photo
3. Upload carrier image
4. Type your secret message
5. Enter today's phrase and PIN
5. Enter your passphrase and PIN
6. **Expand "Advanced Options"**
7. **Select "DCT" embedding mode**
8. **Select "JPEG" output format**
8. **Select "JPEG" output format** (optional)
9. Click "Encode Message"
10. Download and post to social media
10. Download and share
The recipient can decode even after the platform recompresses the image!
### Receiving a Secret Message
### Receiving a Secret Message (v3.2.0 Simplified)
1. Receive the stego image through any channel
2. Go to `/decode`
3. Upload the same reference photo
4. Upload the received stego image
5. Note the date in the filename (e.g., `_20251227`)
6. Enter the phrase for **that day** (not today!)
7. Enter the PIN
8. Click "Decode Message"
9. Read the secret message
5. Enter your passphrase (no date needed!)
6. Enter your PIN
7. Click "Decode Message"
8. Read the secret message or download the file
> 💡 Decoding automatically detects LSB vs DCT mode—no configuration needed!
### Embedding a File
1. Go to `/encode`
2. Upload reference photo and carrier image
3. Select "File" as payload type
4. Upload the file to embed (max 2MB)
5. Enter passphrase and PIN
6. Click "Encode Message"
7. Download the stego image
### Extracting a File
1. Go to `/decode`
2. Upload reference photo and stego image
3. Enter passphrase and PIN
4. Click "Decode Message"
5. Click "Download File" to save the extracted file
### Changing Credentials
@@ -613,7 +672,6 @@ To rotate to new credentials:
| Feature | Implementation |
|---------|----------------|
| Local date detection | JavaScript `Date()` object |
| No credential storage | Nothing saved in browser |
| Automatic cleanup | Files deleted after 5 minutes |
| HTTPS support | Configure at server level |
@@ -643,7 +701,7 @@ To rotate to new credentials:
| Mode | Security Consideration |
|------|----------------------|
| LSB | Full capacity, but fragile to modification |
| DCT | Lower capacity, but survives recompression |
| DCT | Lower capacity, frequency domain hiding |
Both modes use the same strong encryption (AES-256-GCM with Argon2id key derivation).
@@ -666,7 +724,9 @@ Both modes use the same strong encryption (AES-256-GCM with Argon2id key derivat
| File expiry | 5 minutes | `TEMP_FILE_EXPIRY` |
| Max image pixels | 4 MP | `stegasoo.constants` |
| Max message size | 50 KB | `stegasoo.constants` |
| Max file payload | 2 MB | `stegasoo.constants` |
| PIN length | 6-9 digits | `stegasoo.constants` |
| Passphrase words | 3-12 | `stegasoo.constants` |
### Production Deployment
@@ -714,7 +774,7 @@ services:
deploy:
resources:
limits:
memory: 768M # Increased for scipy/DCT
memory: 768M
reservations:
memory: 384M
```
@@ -728,18 +788,17 @@ services:
#### "Decryption failed"
**Causes:**
- Wrong day phrase
- Wrong passphrase
- Wrong PIN
- Different reference photo
- Stego image was modified
**Solutions:**
1. Check the date in the stego filename
2. Use the phrase for that specific day
3. Verify you're using the original reference photo
4. Ensure the stego image wasn't resized/recompressed (LSB mode)
1. Verify exact passphrase (case-sensitive)
2. Verify you're using the original reference photo
3. Ensure the stego image wasn't resized/recompressed (LSB mode)
#### "Invalid or missing Stegasoo header" (DCT Mode)
#### "Invalid or missing Stegasoo header"
**Causes:**
- Image was heavily recompressed
@@ -747,9 +806,9 @@ services:
- Corrupted during transfer
**Solutions:**
1. If sharing via lossy channel, ensure DCT mode was used for encoding
2. Verify credentials match
3. Try obtaining original file
1. Verify credentials match
2. Try obtaining original file
3. If using DCT mode, some modification is expected to work
#### "Carrier image too small"
@@ -758,8 +817,15 @@ services:
**Solutions:**
1. Use a larger carrier image (more pixels)
2. Shorten the message
3. Use LSB mode for more capacity (if channel supports it)
4. Check capacity with `/info` command (CLI)
3. Use LSB mode for more capacity
#### "Passphrase should have at least 4 words"
**Cause:** Passphrase too short (v3.2.0 warning)
**Solutions:**
1. Use a longer passphrase for better security
2. Can still proceed with shorter passphrase (warning only)
#### "You must provide at least a PIN or RSA Key"
@@ -791,13 +857,13 @@ services:
2. If key is unencrypted, leave password blank
3. Re-download or regenerate the key
#### DCT mode shows "jpegio not available"
#### DCT mode shows "requires scipy"
**Cause:** jpegio library not installed (required for JPEG output)
**Cause:** scipy library not installed
**Solution:**
```bash
pip install jpegio
pip install scipy
# Or rebuild Docker image
docker-compose build --no-cache
```
@@ -883,4 +949,5 @@ The web app can be added to home screen on mobile devices for quick access.
- [CLI Documentation](CLI.md) - Command-line interface
- [API Documentation](API.md) - REST API reference
- [README](README.md) - Project overview
- [Web Frontend Update Summary](web/WEB_FRONTEND_UPDATE_SUMMARY_V3.2.0.md) - Migration details
- [README](../README.md) - Project overview

3
frontends/api/main.py
View File

@@ -545,12 +545,13 @@ async def api_generate(request: GenerateRequest):
raise HTTPException(400, f"rsa_bits must be one of {VALID_RSA_SIZES}")
try:
# v3.2.0: Call with passphrase_words parameter
creds = generate_credentials(
use_pin=request.use_pin,
use_rsa=request.use_rsa,
pin_length=request.pin_length,
rsa_bits=request.rsa_bits,
words_per_passphrase=request.words_per_passphrase
passphrase_words=request.words_per_passphrase, # Map API field to library parameter
)
return GenerateResponse(

11
frontends/web/app.py
View File

@@ -240,12 +240,13 @@ def generate():
rsa_bits = 2048
try:
# v3.2.0 FIX: Use correct parameter name 'passphrase_words'
creds = generate_credentials(
use_pin=use_pin,
use_rsa=use_rsa,
pin_length=pin_length,
rsa_bits=rsa_bits,
words_per_passphrase=words_per_passphrase
passphrase_words=words_per_passphrase, # FIX: was words_per_passphrase=
)
# Store RSA key temporarily for QR generation
@@ -892,11 +893,15 @@ def decode_page():
file_id=file_id,
filename=filename,
file_size=format_size(len(decode_result.file_data)),
mime_type=decode_result.mime_type
mime_type=decode_result.mime_type,
has_qrcode_read=HAS_QRCODE_READ
)
else:
# Text content
return render_template('decode.html', decoded_message=decode_result.message)
return render_template('decode.html',
decoded_message=decode_result.message,
has_qrcode_read=HAS_QRCODE_READ
)
except DecryptionError:
flash('Decryption failed. Check your passphrase, PIN, RSA key, and reference photo.', 'error')

6
frontends/web/templates/base.html
View File

@@ -47,8 +47,8 @@
{% with messages = get_flashed_messages(with_categories=true) %}
{% if messages %}
{% for category, message in messages %}
<div class="alert alert-{{ 'danger' if category == 'error' else 'success' }} alert-dismissible fade show" role="alert">
<i class="bi bi-{{ 'exclamation-triangle' if category == 'error' else 'check-circle' }} me-2"></i>
<div class="alert alert-{{ 'danger' if category == 'error' else ('warning' if category == 'warning' else 'success') }} alert-dismissible fade show" role="alert">
<i class="bi bi-{{ 'exclamation-triangle' if category == 'error' else ('exclamation-circle' if category == 'warning' else 'check-circle') }} me-2"></i>
{{ message }}
<button type="button" class="btn-close" data-bs-dismiss="alert"></button>
</div>
@@ -63,7 +63,7 @@
<div class="container text-center text-muted">
<small>
<img src="{{ url_for('static', filename='favicon.svg') }}" alt="" height="16" class="me-1" style="vertical-align: text-bottom;">
Stegasoo v{{ version }} — Steganography using "Reference Photo Hashing + Day-Phrase + PIN/Key".
Stegasoo v{{ version }} — Steganography with Reference Photo + Passphrase + PIN/Key
</small>
</div>
</footer>

525
tests/RELEASE_CHECKLIST_V3.2.0.md Normal file
View File

@@ -0,0 +1,525 @@
# Stegasoo v3.2.0 Release Checklist
## Overview
This checklist covers comprehensive functionality testing for the v3.2.0 release, which introduces breaking changes from v3.1.x.
### Breaking Changes in v3.2.0
| Change | v3.1.x | v3.2.0 |
|--------|--------|--------|
| Passphrase model | 7 daily phrases (`day_phrase`) | Single `passphrase` |
| Date parameter | Required `date_str` | Removed |
| Default words | 3 | 4 |
| Format version | 3 | 4 |
| Backward compatible | N/A | ❌ Cannot decode v3.1.x images |
---
## 1. Core Library Tests
### 1.1 Key Generation (`src/stegasoo/keygen.py`)
- [ ] **generate_pin()** - Default 6 digits, no leading zero
- [ ] **generate_pin(length=9)** - Custom length works
- [ ] **generate_phrase(words=4)** - Default 4 words
- [ ] **generate_phrase(words=6)** - Custom word count
- [ ] **generate_credentials(use_pin=True)** - Returns single passphrase
- [ ] **generate_credentials(use_rsa=True)** - RSA key generation
- [ ] **generate_credentials(use_pin=False, use_rsa=False)** - Raises error
- [ ] **Credentials.passphrase** - Single string, not dict
- [ ] **Credentials.passphrase_entropy** - Correct entropy (4 words = 44 bits)
- [ ] **Credentials.total_entropy** - Sum is correct
### 1.2 Encoding (`src/stegasoo/steganography.py`)
- [ ] **encode() with passphrase** - New parameter name works
- [ ] **encode() without date_str** - No date parameter needed
- [ ] **HEADER_OVERHEAD = 65** - Correct constant
- [ ] **LSB mode** - Default, full color PNG output
- [ ] **DCT mode** - Frequency domain embedding
- [ ] **DCT + JPEG output** - Works correctly
- [ ] **DCT + color mode** - Preserves colors
- [ ] **Capacity calculation** - Uses 65-byte overhead
### 1.3 Decoding (`src/stegasoo/steganography.py`)
- [ ] **decode() with passphrase** - New parameter name works
- [ ] **decode() without date_str** - No date parameter needed
- [ ] **Auto mode detection** - LSB vs DCT automatic
- [ ] **Wrong passphrase** - Raises DecryptionError
- [ ] **Wrong PIN** - Raises DecryptionError
- [ ] **Wrong reference photo** - Raises DecryptionError
### 1.4 DCT Steganography (`src/stegasoo/dct_steganography.py`)
- [ ] **Y channel extraction** - Uses correct formula (not just R channel)
- [ ] **Color mode encoding** - YCbCr conversion works
- [ ] **Grayscale mode** - Converts to grayscale
- [ ] **JPEG output** - Quality 95, proper format
- [ ] **PNG output** - Lossless DCT output
### 1.5 Batch Processing (`src/stegasoo/batch.py`)
- [ ] **BatchCredentials.passphrase** - Single field, not dict
- [ ] **BatchCredentials.from_dict()** - Accepts both old and new format
- [ ] **batch_encode()** - Uses passphrase parameter
- [ ] **batch_decode()** - Uses passphrase parameter
### 1.6 Validation
- [ ] **validate_passphrase()** - New function works
- [ ] **validate_passphrase() warning** - Warns if < 4 words
- [ ] **validate_pin()** - 6-9 digits, no leading zero
- [ ] **validate_message()** - Non-empty, within size limits
---
## 2. CLI Frontend Tests (`frontends/cli/main.py`)
### 2.1 Generate Command
```bash
# Test default generation (4 words, PIN)
stegasoo generate --pin
# Test custom word count
stegasoo generate --pin --words 6
# Test RSA generation
stegasoo generate --rsa
# Test JSON output
stegasoo generate --pin --json
```
- [ ] Output shows single `PASSPHRASE:` not daily phrases
- [ ] Default is 4 words
- [ ] JSON has `passphrase` field, not `phrases` dict
- [ ] Entropy shows `passphrase_entropy`
### 2.2 Encode Command
```bash
# Test basic encode
stegasoo encode -r ref.jpg -c carrier.png \
-p "word1 word2 word3 word4" --pin 123456 \
-m "Secret message"
# Test DCT mode
stegasoo encode -r ref.jpg -c carrier.png \
-p "word1 word2 word3 word4" --pin 123456 \
-m "Secret" --mode dct
# Test DCT + JPEG
stegasoo encode -r ref.jpg -c carrier.png \
-p "word1 word2 word3 word4" --pin 123456 \
-m "Secret" --mode dct --dct-format jpeg
```
- [ ] `-p` / `--passphrase` parameter works
- [ ] No `--date` parameter exists
- [ ] LSB mode produces PNG
- [ ] DCT mode works
- [ ] DCT + JPEG output works
- [ ] Output filename has no date suffix
### 2.3 Decode Command
```bash
# Test basic decode
stegasoo decode -r ref.jpg -s stego.png \
-p "word1 word2 word3 word4" --pin 123456
# Test auto mode detection
stegasoo decode -r ref.jpg -s stego.png \
-p "word1 word2 word3 word4" --pin 123456 --mode auto
```
- [ ] `-p` / `--passphrase` parameter works
- [ ] No `--date` parameter exists
- [ ] Auto-detects LSB vs DCT
- [ ] Outputs decoded message
### 2.4 Other Commands
```bash
# Verify command
stegasoo verify -s stego.png
# Compare command
stegasoo compare original.png stego.png
# Modes command
stegasoo modes
# Capacity command
stegasoo capacity carrier.png
```
- [ ] All commands work without errors
- [ ] No references to "day phrase" or dates
---
## 3. API Frontend Tests (`frontends/api/main.py`)
### 3.1 Status Endpoint
```bash
curl http://localhost:8000/
```
- [ ] Returns `version: "3.2.0"`
- [ ] Includes `breaking_changes` object
- [ ] No `day_names` field
### 3.2 Generate Endpoint
```bash
curl -X POST http://localhost:8000/generate \
-H "Content-Type: application/json" \
-d '{"use_pin": true, "words_per_passphrase": 4}'
```
- [ ] Parameter is `words_per_passphrase` (not `words_per_phrase`)
- [ ] Response has `passphrase` string field
- [ ] Response has `phrases: null`
- [ ] Entropy field is `passphrase` not `phrase`
### 3.3 Encode Endpoint
```bash
curl -X POST http://localhost:8000/encode \
-H "Content-Type: application/json" \
-d '{
"message": "Secret",
"passphrase": "word1 word2 word3 word4",
"pin": "123456",
"reference_photo_base64": "...",
"carrier_image_base64": "..."
}'
```
- [ ] Parameter is `passphrase` (not `day_phrase`)
- [ ] No `date_str` parameter accepted
- [ ] Response has `date_used: null`
- [ ] Response has `day_of_week: null`
### 3.4 Decode Endpoint
```bash
curl -X POST http://localhost:8000/decode \
-H "Content-Type: application/json" \
-d '{
"passphrase": "word1 word2 word3 word4",
"pin": "123456",
"stego_image_base64": "...",
"reference_photo_base64": "..."
}'
```
- [ ] Parameter is `passphrase` (not `day_phrase`)
- [ ] No `date_str` parameter needed
- [ ] Auto-detects embedding mode
### 3.5 Multipart Endpoints
```bash
# Encode multipart
curl -X POST http://localhost:8000/encode/multipart \
-F "passphrase=word1 word2 word3 word4" \
-F "pin=123456" \
-F "message=Secret" \
-F "reference_photo=@ref.jpg" \
-F "carrier=@carrier.png"
# Decode multipart
curl -X POST http://localhost:8000/decode/multipart \
-F "passphrase=word1 word2 word3 word4" \
-F "pin=123456" \
-F "reference_photo=@ref.jpg" \
-F "stego_image=@stego.png"
```
- [ ] Form field is `passphrase` (not `day_phrase`)
- [ ] No `date_str` field
- [ ] Headers include `X-Stegasoo-Version: 3.2.0`
- [ ] No date headers in response
---
## 4. Web Frontend Tests (`frontends/web/app.py`)
### 4.1 Generate Page (`/generate`)
- [ ] Form field is `words_per_passphrase`
- [ ] Default slider value is 4
- [ ] Output shows single passphrase, not 7 daily phrases
- [ ] Memory aid works with single passphrase
- [ ] Entropy display shows `passphrase_entropy`
- [ ] v3.2.0 badge visible
### 4.2 Encode Page (`/encode`)
- [ ] Form field is `passphrase`
- [ ] No date selection field
- [ ] v3.2.0 badge on passphrase label
- [ ] Passphrase validation warning works (< 4 words)
- [ ] DCT mode options work
- [ ] Success result shows no date info
### 4.3 Decode Page (`/decode`)
- [ ] Form field is `passphrase`
- [ ] No date input field
- [ ] No date detection from filename JavaScript
- [ ] Troubleshooting mentions v3.2.0 compatibility
- [ ] Auto mode detection works
### 4.4 Other Pages
- [ ] **Home** (`/`) - Shows v3.2.0 badge, passphrase terminology
- [ ] **About** (`/about`) - Updated terminology, v3.2.0 features
- [ ] **Footer** - Says "Passphrase" not "Day-Phrase"
---
## 5. Integration Tests
### 5.1 Full Roundtrip Tests
```bash
# Generate → Encode → Decode (LSB)
stegasoo generate --pin > creds.json
stegasoo encode -r ref.jpg -c carrier.png -p "..." --pin 123456 -m "Test" -o stego.png
stegasoo decode -r ref.jpg -s stego.png -p "..." --pin 123456
# Generate → Encode → Decode (DCT)
stegasoo encode -r ref.jpg -c carrier.png -p "..." --pin 123456 -m "Test" --mode dct -o stego_dct.png
stegasoo decode -r ref.jpg -s stego_dct.png -p "..." --pin 123456
```
- [ ] LSB roundtrip works
- [ ] DCT roundtrip works
- [ ] DCT + JPEG roundtrip works
- [ ] File embedding roundtrip works
### 5.2 Cross-Frontend Tests
- [ ] Encode via CLI, decode via API
- [ ] Encode via API, decode via Web
- [ ] Encode via Web, decode via CLI
### 5.3 Error Handling
- [ ] Wrong passphrase shows clear error
- [ ] Wrong PIN shows clear error
- [ ] Wrong reference photo shows clear error
- [ ] Capacity exceeded shows clear error
- [ ] Invalid image shows clear error
---
## 6. Documentation Tests
### 6.1 CLI Documentation (`frontends/CLI.md`)
- [ ] "What's New in v3.2.0" section exists
- [ ] All examples use 4-word passphrases
- [ ] No `--date` parameter in examples
- [ ] Command reference is complete
- [ ] Migration notes for v3.1.x users
### 6.2 API Documentation (`frontends/API.md`)
- [ ] "What's New in v3.2.0" section exists
- [ ] All request examples use `passphrase`
- [ ] No `date_str` in request models
- [ ] Response models show `date_used: null`
- [ ] Code examples updated
### 6.3 Web UI Documentation (`frontends/WEB_UI.md`)
- [ ] "What's New in v3.2.0" section exists
- [ ] Workflow examples use passphrase
- [ ] No date selection in screenshots/descriptions
- [ ] Troubleshooting updated
---
## 7. Backward Compatibility Tests
### 7.1 v3.1.x Image Decoding
- [ ] Attempting to decode v3.1.x image with v3.2.0 fails gracefully
- [ ] Error message mentions version incompatibility
- [ ] Suggests using v3.1.x for old images
### 7.2 Migration Path
- [ ] `BatchCredentials.from_dict()` accepts old `day_phrase` key
- [ ] `generate_credentials_legacy()` available if needed
- [ ] Documentation explains migration steps
---
## 8. Unit Test Updates
### 8.1 Test Files to Update
- [ ] `tests/test_stegasoo.py` - Use `passphrase` parameter
- [ ] `tests/test_batch.py` - Use `passphrase` in credentials
- [ ] `tests/test_compression.py` - No changes needed (compression unchanged)
### 8.2 New Tests Needed
- [ ] Test single passphrase generation
- [ ] Test `passphrase_words` parameter
- [ ] Test `validate_passphrase()` function
- [ ] Test DCT Y channel extraction
- [ ] Test 65-byte header overhead
---
## 9. Release Artifacts
### 9.1 Version Bumps
- [ ] `src/stegasoo/constants.py` - `__version__ = "3.2.0"`
- [ ] `pyproject.toml` or `setup.py` - version updated
- [ ] `CHANGELOG.md` - v3.2.0 section added
### 9.2 Documentation
- [ ] `README.md` - Updated for v3.2.0
- [ ] `frontends/CLI.md` - Complete
- [ ] `frontends/API.md` - Complete
- [ ] `frontends/WEB_UI.md` - Complete
### 9.3 Git
- [ ] All changes committed
- [ ] Tag created: `v3.2.0`
- [ ] Release notes written
---
## 10. Quick Smoke Test Script
```bash
#!/bin/bash
# v3.2.0 Smoke Test
set -e
echo "=== Stegasoo v3.2.0 Smoke Test ==="
# Check version
echo "1. Checking version..."
python -c "import stegasoo; print(f'Version: {stegasoo.__version__}')"
# Generate credentials
echo "2. Generating credentials..."
python -c "
from stegasoo import generate_credentials
creds = generate_credentials(use_pin=True, passphrase_words=4)
print(f'Passphrase: {creds.passphrase}')
print(f'PIN: {creds.pin}')
print(f'Entropy: {creds.total_entropy} bits')
assert ' ' in creds.passphrase, 'Passphrase should have spaces'
assert len(creds.passphrase.split()) == 4, 'Should have 4 words'
print('✓ Credentials OK')
"
# Test encode/decode roundtrip
echo "3. Testing encode/decode roundtrip..."
python -c "
from stegasoo import encode, decode
from PIL import Image
import io
# Create test image
img = Image.new('RGB', (200, 200), color='blue')
buf = io.BytesIO()
img.save(buf, format='PNG')
test_image = buf.getvalue()
# Encode
result = encode(
message='Hello v3.2.0!',
reference_photo=test_image,
carrier_image=test_image,
passphrase='test phrase four words',
pin='123456'
)
print(f'Encoded: {result.filename}')
# Decode
decoded = decode(
stego_image=result.stego_image,
reference_photo=test_image,
passphrase='test phrase four words',
pin='123456'
)
assert decoded.message == 'Hello v3.2.0!', 'Message mismatch'
print(f'Decoded: {decoded.message}')
print('✓ Roundtrip OK')
"
# Test DCT mode
echo "4. Testing DCT mode..."
python -c "
from stegasoo import encode, decode, has_dct_support
if has_dct_support():
from PIL import Image
import io
img = Image.new('RGB', (200, 200), color='green')
buf = io.BytesIO()
img.save(buf, format='PNG')
test_image = buf.getvalue()
result = encode(
message='DCT test',
reference_photo=test_image,
carrier_image=test_image,
passphrase='dct test phrase here',
pin='123456',
embed_mode='dct'
)
decoded = decode(
stego_image=result.stego_image,
reference_photo=test_image,
passphrase='dct test phrase here',
pin='123456'
)
assert decoded.message == 'DCT test'
print('✓ DCT Mode OK')
else:
print('⚠ DCT mode not available (scipy not installed)')
"
echo ""
echo "=== All smoke tests passed! ==="
```
---
## Sign-Off
| Area | Tested By | Date | Status |
|------|-----------|------|--------|
| Core Library | | | ☐ |
| CLI Frontend | | | ☐ |
| API Frontend | | | ☐ |
| Web Frontend | | | ☐ |
| Documentation | | | ☐ |
| Integration | | | ☐ |
**Release Approved:**
**Released By:** _________________
**Release Date:** _________________

142
tests/test_batch.py
View File

@@ -1,5 +1,10 @@
"""
Tests for Stegasoo batch processing module.
Tests for Stegasoo batch processing module (v3.2.0).
Updated for v3.2.0:
- Uses 'passphrase' instead of 'phrase' in credentials dict
- No date_str parameter
- BatchCredentials.passphrase is a single string
"""
import pytest
@@ -13,6 +18,7 @@ from stegasoo.batch import (
BatchResult,
BatchItem,
BatchStatus,
BatchCredentials,
batch_capacity_check,
print_batch_result,
)
@@ -41,6 +47,15 @@ def sample_images(temp_dir):
return images
@pytest.fixture
def sample_credentials():
"""Create sample v3.2.0 credentials dict."""
return {
"passphrase": "test phrase four words", # v3.2.0: single passphrase
"pin": "123456"
}
class TestBatchItem:
"""Tests for BatchItem dataclass."""
@@ -90,6 +105,50 @@ class TestBatchResult:
assert result.duration == 10.0
class TestBatchCredentials:
"""Tests for BatchCredentials dataclass (v3.2.0)."""
def test_from_dict_new_format(self):
"""Should parse v3.2.0 format with 'passphrase' key."""
data = {
"passphrase": "test phrase four words",
"pin": "123456"
}
creds = BatchCredentials.from_dict(data)
assert creds.passphrase == "test phrase four words"
assert creds.pin == "123456"
def test_from_dict_legacy_format(self):
"""Should parse legacy format with 'day_phrase' key for migration."""
data = {
"day_phrase": "legacy phrase here", # Old key name
"pin": "123456"
}
creds = BatchCredentials.from_dict(data)
# Should accept old key and map to passphrase
assert creds.passphrase == "legacy phrase here"
assert creds.pin == "123456"
def test_to_dict(self):
"""Should serialize to v3.2.0 format."""
creds = BatchCredentials(
passphrase="test phrase four words",
pin="123456"
)
result = creds.to_dict()
assert result['passphrase'] == "test phrase four words"
assert result['pin'] == "123456"
assert 'day_phrase' not in result # Old key should not be present
def test_passphrase_is_string(self):
"""Passphrase should be a string, not a dict."""
creds = BatchCredentials(
passphrase="test phrase four words",
pin="123456"
)
assert isinstance(creds.passphrase, str)
class TestBatchProcessor:
"""Tests for BatchProcessor class."""
@@ -145,13 +204,13 @@ class TestBatchProcessor:
results = list(processor.find_images([temp_dir], recursive=True))
assert any(p.name == "nested.png" for p in results)
def test_batch_encode_requires_message_or_file(self, sample_images):
def test_batch_encode_requires_message_or_file(self, sample_images, sample_credentials):
"""Should raise if neither message nor file provided."""
processor = BatchProcessor()
with pytest.raises(ValueError, match="message or file_payload"):
processor.batch_encode(
images=sample_images,
credentials={"phrase": "test", "pin": "123456"},
credentials=sample_credentials,
)
def test_batch_encode_requires_credentials(self, sample_images):
@@ -163,14 +222,28 @@ class TestBatchProcessor:
message="test",
)
def test_batch_encode_creates_result(self, sample_images, temp_dir):
def test_batch_encode_accepts_passphrase_credentials(self, sample_images, temp_dir, sample_credentials):
"""Should accept v3.2.0 format credentials with passphrase."""
processor = BatchProcessor()
result = processor.batch_encode(
images=sample_images,
message="Test message",
output_dir=temp_dir / "output",
credentials=sample_credentials, # Uses 'passphrase' key
)
assert isinstance(result, BatchResult)
assert result.operation == "encode"
assert result.total == 3
def test_batch_encode_creates_result(self, sample_images, temp_dir, sample_credentials):
"""Should return BatchResult with correct structure."""
processor = BatchProcessor()
result = processor.batch_encode(
images=sample_images,
message="Test message",
output_dir=temp_dir / "output",
credentials={"phrase": "test phrase", "pin": "123456"},
credentials=sample_credentials,
)
assert isinstance(result, BatchResult)
@@ -184,19 +257,31 @@ class TestBatchProcessor:
with pytest.raises(ValueError, match="Credentials"):
processor.batch_decode(images=sample_images)
def test_batch_decode_creates_result(self, sample_images):
"""Should return BatchResult with correct structure."""
def test_batch_decode_accepts_passphrase_credentials(self, sample_images, sample_credentials):
"""Should accept v3.2.0 format credentials with passphrase."""
processor = BatchProcessor()
result = processor.batch_decode(
images=sample_images,
credentials={"phrase": "test phrase", "pin": "123456"},
credentials=sample_credentials, # Uses 'passphrase' key
)
assert isinstance(result, BatchResult)
assert result.operation == "decode"
assert result.total == 3
def test_progress_callback_called(self, sample_images):
def test_batch_decode_creates_result(self, sample_images, sample_credentials):
"""Should return BatchResult with correct structure."""
processor = BatchProcessor()
result = processor.batch_decode(
images=sample_images,
credentials=sample_credentials,
)
assert isinstance(result, BatchResult)
assert result.operation == "decode"
assert result.total == 3
def test_progress_callback_called(self, sample_images, sample_credentials):
"""Progress callback should be called for each item."""
processor = BatchProcessor()
callback = Mock()
@@ -204,13 +289,13 @@ class TestBatchProcessor:
processor.batch_encode(
images=sample_images,
message="Test",
credentials={"phrase": "test", "pin": "123456"},
credentials=sample_credentials,
progress_callback=callback,
)
assert callback.call_count == 3
def test_custom_encode_func(self, sample_images, temp_dir):
def test_custom_encode_func(self, sample_images, temp_dir, sample_credentials):
"""Should use custom encode function if provided."""
processor = BatchProcessor()
encode_mock = Mock()
@@ -219,7 +304,7 @@ class TestBatchProcessor:
images=sample_images,
message="Test",
output_dir=temp_dir / "output",
credentials={"phrase": "test", "pin": "123456"},
credentials=sample_credentials,
encode_func=encode_mock,
)
@@ -289,3 +374,36 @@ class TestPrintBatchResult:
captured = capsys.readouterr()
assert "test.png" in captured.out
class TestCredentialsMigration:
"""Tests for v3.1.x to v3.2.0 credentials migration."""
def test_old_phrase_key_accepted(self):
"""Old 'phrase' key should be accepted for migration."""
old_format = {
"phrase": "old style phrase",
"pin": "123456"
}
# Should not raise
creds = BatchCredentials.from_dict(old_format)
assert creds.passphrase == "old style phrase"
def test_old_day_phrase_key_accepted(self):
"""Old 'day_phrase' key should be accepted for migration."""
old_format = {
"day_phrase": "old day phrase",
"pin": "123456"
}
creds = BatchCredentials.from_dict(old_format)
assert creds.passphrase == "old day phrase"
def test_new_passphrase_key_preferred(self):
"""New 'passphrase' key should take precedence if both present."""
mixed_format = {
"passphrase": "new style passphrase",
"day_phrase": "old day phrase",
"pin": "123456"
}
creds = BatchCredentials.from_dict(mixed_format)
assert creds.passphrase == "new style passphrase"

339
tests/test_stegasoo.py
View File

@@ -1,7 +1,12 @@
"""
Stegasoo Tests
Stegasoo Tests (v3.2.0)
Tests for key generation, validation, encoding/decoding, and output formats.
Updated for v3.2.0:
- Single passphrase instead of daily phrases
- No date_str parameter
- passphrase_words parameter (default 4)
"""
import pytest
@@ -15,13 +20,13 @@ from stegasoo import (
generate_credentials,
validate_pin,
validate_message,
validate_passphrase,
encode,
decode,
decode_text,
DAY_NAMES,
__version__,
)
from stegasoo.steganography import get_output_format
from stegasoo.steganography import get_output_format, HEADER_OVERHEAD
# =============================================================================
@@ -38,6 +43,16 @@ def png_image():
return buf.getvalue()
@pytest.fixture
def large_png_image():
"""Create a larger test PNG image for DCT mode."""
img = Image.new('RGB', (400, 400), color='blue')
buf = io.BytesIO()
img.save(buf, format='PNG')
buf.seek(0)
return buf.getvalue()
@pytest.fixture
def bmp_image():
"""Create a test BMP image."""
@@ -69,100 +84,162 @@ def gif_image():
# =============================================================================
# Key Generation Tests
# Key Generation Tests (v3.2.0 Updated)
# =============================================================================
class TestKeygen:
"""Tests for key generation functions."""
def test_generate_pin_default(self):
"""Default PIN should be 6 digits, no leading zero."""
pin = generate_pin()
assert len(pin) == 6
assert pin.isdigit()
assert pin[0] != '0'
def test_generate_pin_lengths(self):
"""PIN generation should work for all valid lengths."""
for length in [6, 7, 8, 9]:
pin = generate_pin(length)
assert len(pin) == length
assert pin.isdigit()
def test_generate_phrase_default(self):
"""Default phrase should have 4 words (v3.2.0 change)."""
phrase = generate_phrase()
words = phrase.split()
assert len(words) == 3
assert len(words) == 4 # Changed from 3 in v3.1.x
def test_generate_phrase_lengths(self):
for length in [3, 4, 5, 6]:
def test_generate_phrase_custom_length(self):
"""Phrase generation should work for custom lengths."""
for length in [3, 4, 5, 6, 8, 12]:
phrase = generate_phrase(length)
words = phrase.split()
assert len(words) == length
def test_generate_credentials_pin_only(self):
"""PIN-only credentials should have single passphrase."""
creds = generate_credentials(use_pin=True, use_rsa=False)
assert creds.pin is not None
assert creds.rsa_key_pem is None
assert len(creds.phrases) == 7
# v3.2.0: Single passphrase instead of 7 daily phrases
assert creds.passphrase is not None
assert isinstance(creds.passphrase, str)
assert ' ' in creds.passphrase # Should have multiple words
def test_generate_credentials_rsa_only(self):
"""RSA-only credentials should have single passphrase."""
creds = generate_credentials(use_pin=False, use_rsa=True)
assert creds.pin is None
assert creds.rsa_key_pem is not None
assert creds.passphrase is not None
def test_generate_credentials_both(self):
"""Both PIN and RSA should work together."""
creds = generate_credentials(use_pin=True, use_rsa=True)
assert creds.pin is not None
assert creds.rsa_key_pem is not None
assert creds.passphrase is not None
def test_generate_credentials_neither_fails(self):
"""Test that generating credentials with neither PIN nor RSA fails."""
# Code raises AssertionError from debug.validate before ValueError
"""Generating with neither PIN nor RSA should fail."""
with pytest.raises((ValueError, AssertionError)):
generate_credentials(use_pin=False, use_rsa=False)
def test_entropy_calculation(self):
creds = generate_credentials(use_pin=True, use_rsa=False)
def test_generate_credentials_custom_words(self):
"""Custom passphrase_words parameter should work."""
creds = generate_credentials(use_pin=True, passphrase_words=6)
words = creds.passphrase.split()
assert len(words) == 6
def test_generate_credentials_default_words(self):
"""Default should be 4 words (v3.2.0)."""
creds = generate_credentials(use_pin=True)
words = creds.passphrase.split()
assert len(words) == 4
def test_passphrase_entropy_calculation(self):
"""Passphrase entropy should be calculated correctly."""
creds = generate_credentials(use_pin=True, passphrase_words=4)
# 4 words × 11 bits/word = 44 bits
assert creds.passphrase_entropy == 44
def test_total_entropy_calculation(self):
"""Total entropy should sum all components."""
creds = generate_credentials(use_pin=True, use_rsa=False, passphrase_words=4)
# 44 bits (passphrase) + ~20 bits (PIN)
assert creds.total_entropy > 0
assert creds.total_entropy >= creds.passphrase_entropy
# =============================================================================
# Validation Tests
# Validation Tests (v3.2.0 Updated)
# =============================================================================
class TestValidation:
"""Tests for validation functions."""
def test_validate_pin_valid(self):
"""Valid PIN should pass validation."""
result = validate_pin("123456")
assert result.is_valid
def test_validate_pin_empty_ok(self):
# Empty PIN is valid (RSA key might be used instead)
"""Empty PIN should be valid (RSA key might be used instead)."""
result = validate_pin("")
assert result.is_valid
def test_validate_pin_too_short(self):
"""PIN shorter than 6 digits should fail."""
result = validate_pin("12345")
assert not result.is_valid
def test_validate_pin_too_long(self):
"""PIN longer than 9 digits should fail."""
result = validate_pin("1234567890")
assert not result.is_valid
def test_validate_pin_leading_zero(self):
"""PIN with leading zero should fail."""
result = validate_pin("012345")
assert not result.is_valid
def test_validate_pin_non_digits(self):
"""PIN with non-digit characters should fail."""
result = validate_pin("12345a")
assert not result.is_valid
def test_validate_message_valid(self):
"""Valid message should pass validation."""
result = validate_message("Hello, World!")
assert result.is_valid
def test_validate_message_empty(self):
"""Empty message should fail validation."""
result = validate_message("")
assert not result.is_valid
# Note: validate_message doesn't have a max length check by default
# This test is removed as it doesn't match the actual validation behavior
def test_validate_passphrase_valid(self):
"""Valid passphrase should pass validation."""
result = validate_passphrase("word1 word2 word3 word4")
assert result.is_valid
def test_validate_passphrase_empty(self):
"""Empty passphrase should fail validation."""
result = validate_passphrase("")
assert not result.is_valid
def test_validate_passphrase_short_warning(self):
"""Short passphrase should have warning but still be valid."""
result = validate_passphrase("word1 word2 word3") # Only 3 words
assert result.is_valid
assert result.warning is not None # Should warn about short passphrase
def test_validate_passphrase_recommended_no_warning(self):
"""Recommended length passphrase should have no warning."""
result = validate_passphrase("word1 word2 word3 word4") # 4 words
assert result.is_valid
# May or may not have warning depending on implementation
# =============================================================================
@@ -170,53 +247,76 @@ class TestValidation:
# =============================================================================
class TestOutputFormat:
"""Tests for output format handling."""
def test_png_stays_png(self):
"""PNG input should produce PNG output."""
fmt, ext = get_output_format('PNG')
assert fmt == 'PNG'
assert ext == 'png'
def test_bmp_stays_bmp(self):
"""BMP input should produce BMP output."""
fmt, ext = get_output_format('BMP')
assert fmt == 'BMP'
assert ext == 'bmp'
def test_jpeg_becomes_png(self):
"""JPEG input should produce PNG output (lossless)."""
fmt, ext = get_output_format('JPEG')
assert fmt == 'PNG'
assert ext == 'png'
def test_gif_becomes_png(self):
"""GIF input should produce PNG output."""
fmt, ext = get_output_format('GIF')
assert fmt == 'PNG'
assert ext == 'png'
def test_none_becomes_png(self):
"""None format should default to PNG."""
fmt, ext = get_output_format(None)
assert fmt == 'PNG'
assert ext == 'png'
def test_unknown_becomes_png(self):
"""Unknown format should default to PNG."""
fmt, ext = get_output_format('UNKNOWN')
assert fmt == 'PNG'
assert ext == 'png'
# =============================================================================
# Encode/Decode Tests
# Header Overhead Test (v3.2.0)
# =============================================================================
class TestConstants:
"""Tests for constants and configuration."""
def test_header_overhead_value(self):
"""Header overhead should be 65 bytes (v3.2.0 fix)."""
assert HEADER_OVERHEAD == 65
# =============================================================================
# Encode/Decode Tests (v3.2.0 Updated)
# =============================================================================
class TestEncodeDecode:
"""Tests for encoding and decoding functions."""
def test_encode_decode_roundtrip(self, png_image):
"""Test full encode/decode cycle."""
"""Full encode/decode cycle should work."""
message = "Secret message!"
phrase = "apple forest thunder"
passphrase = "apple forest thunder mountain" # 4 words
pin = "123456"
# v3.2.0: Use passphrase parameter, no date_str
result = encode(
message=message,
reference_photo=png_image,
carrier_image=png_image,
day_phrase=phrase,
passphrase=passphrase,
pin=pin
)
@@ -224,27 +324,27 @@ class TestEncodeDecode:
assert len(result.stego_image) > 0
assert result.filename.endswith('.png')
# v3.2.0: Use passphrase parameter, no date_str
decoded = decode(
stego_image=result.stego_image,
reference_photo=png_image,
day_phrase=phrase,
passphrase=passphrase,
pin=pin
)
# decode() returns DecodeResult, not string
assert decoded.message == message
def test_decode_text_roundtrip(self, png_image):
"""Test decode_text convenience function."""
"""decode_text convenience function should work."""
message = "Secret message!"
phrase = "apple forest thunder"
passphrase = "apple forest thunder mountain"
pin = "123456"
result = encode(
message=message,
reference_photo=png_image,
carrier_image=png_image,
day_phrase=phrase,
passphrase=passphrase,
pin=pin
)
@@ -252,56 +352,56 @@ class TestEncodeDecode:
decoded_text = decode_text(
stego_image=result.stego_image,
reference_photo=png_image,
day_phrase=phrase,
passphrase=passphrase,
pin=pin
)
assert decoded_text == message
def test_png_carrier_produces_png(self, png_image):
"""Test that PNG carrier produces PNG output."""
"""PNG carrier should produce PNG output."""
result = encode(
message="Test",
reference_photo=png_image,
carrier_image=png_image,
day_phrase="test phrase",
passphrase="test phrase here now",
pin="123456"
)
assert result.filename.endswith('.png')
def test_bmp_carrier_produces_bmp(self, bmp_image, png_image):
"""Test that BMP carrier produces BMP output."""
"""BMP carrier should produce BMP output."""
result = encode(
message="Test",
reference_photo=png_image,
carrier_image=bmp_image,
day_phrase="test phrase",
passphrase="test phrase here now",
pin="123456"
)
assert result.filename.endswith('.bmp')
def test_jpeg_carrier_produces_png(self, jpeg_image, png_image):
"""Test that JPEG carrier produces PNG output (lossless)."""
"""JPEG carrier should produce PNG output (lossless)."""
result = encode(
message="Test",
reference_photo=png_image,
carrier_image=jpeg_image,
day_phrase="test phrase",
passphrase="test phrase here now",
pin="123456"
)
assert result.filename.endswith('.png')
def test_bmp_roundtrip(self, bmp_image, png_image):
"""Test full encode/decode cycle with BMP."""
"""Full encode/decode cycle with BMP should work."""
message = "BMP test message!"
phrase = "test phrase words"
passphrase = "test phrase words here"
pin = "123456"
result = encode(
message=message,
reference_photo=png_image,
carrier_image=bmp_image,
day_phrase=phrase,
passphrase=passphrase,
pin=pin
)
assert result.filename.endswith('.bmp')
@@ -309,65 +409,202 @@ class TestEncodeDecode:
decoded = decode(
stego_image=result.stego_image,
reference_photo=png_image,
day_phrase=phrase,
passphrase=passphrase,
pin=pin
)
# decode() returns DecodeResult, not string
assert decoded.message == message
def test_wrong_pin_fails(self, png_image):
"""Test that wrong PIN fails to decode."""
"""Wrong PIN should fail to decode."""
result = encode(
message="Secret",
reference_photo=png_image,
carrier_image=png_image,
day_phrase="test phrase here",
passphrase="test phrase here now",
pin="123456"
)
# Wrong PIN means wrong pixel key, so extraction fails before decryption
with pytest.raises((stegasoo.DecryptionError, stegasoo.ExtractionError)):
decode(
stego_image=result.stego_image,
reference_photo=png_image,
day_phrase="test phrase here",
passphrase="test phrase here now",
pin="654321" # Wrong PIN
)
def test_wrong_phrase_fails(self, png_image):
"""Test that wrong phrase fails to decode."""
def test_wrong_passphrase_fails(self, png_image):
"""Wrong passphrase should fail to decode."""
result = encode(
message="Secret",
reference_photo=png_image,
carrier_image=png_image,
day_phrase="correct phrase here",
passphrase="correct phrase here now",
pin="123456"
)
# Wrong phrase means wrong pixel key, so extraction fails before decryption
with pytest.raises((stegasoo.DecryptionError, stegasoo.ExtractionError)):
decode(
stego_image=result.stego_image,
reference_photo=png_image,
day_phrase="wrong phrase here",
passphrase="wrong phrase here now", # Wrong passphrase
pin="123456"
)
def test_unicode_message(self, png_image):
"""Unicode messages should encode/decode correctly."""
message = "Hello, 世界! 🎉 Émojis and ümlauts"
passphrase = "unicode test phrase here"
pin = "123456"
result = encode(
message=message,
reference_photo=png_image,
carrier_image=png_image,
passphrase=passphrase,
pin=pin
)
decoded = decode(
stego_image=result.stego_image,
reference_photo=png_image,
passphrase=passphrase,
pin=pin
)
assert decoded.message == message
def test_filename_has_no_date(self, png_image):
"""v3.2.0: Output filename should not have date suffix."""
result = encode(
message="Test",
reference_photo=png_image,
carrier_image=png_image,
passphrase="test phrase here now",
pin="123456"
)
# Filename should be like "a1b2c3d4.png", not "a1b2c3d4_20251227.png"
# Check that there's no underscore followed by 8 digits
import re
assert not re.search(r'_\d{8}\.', result.filename)
# =============================================================================
# DCT Mode Tests (v3.2.0)
# =============================================================================
class TestDCTMode:
"""Tests for DCT steganography mode."""
@pytest.fixture
def skip_if_no_dct(self):
"""Skip test if DCT support not available."""
if not stegasoo.has_dct_support():
pytest.skip("DCT support not available (scipy not installed)")
def test_dct_encode_decode_roundtrip(self, large_png_image, skip_if_no_dct):
"""DCT mode encode/decode should work."""
message = "DCT test"
passphrase = "dct test phrase here"
pin = "123456"
result = encode(
message=message,
reference_photo=large_png_image,
carrier_image=large_png_image,
passphrase=passphrase,
pin=pin,
embed_mode='dct'
)
assert result.stego_image is not None
decoded = decode(
stego_image=result.stego_image,
reference_photo=large_png_image,
passphrase=passphrase,
pin=pin
)
assert decoded.message == message
def test_dct_auto_detection(self, large_png_image, skip_if_no_dct):
"""Auto mode should detect DCT encoding."""
message = "Auto detect DCT"
passphrase = "auto detect test here"
pin = "123456"
result = encode(
message=message,
reference_photo=large_png_image,
carrier_image=large_png_image,
passphrase=passphrase,
pin=pin,
embed_mode='dct'
)
# Decode with auto mode (default)
decoded = decode(
stego_image=result.stego_image,
reference_photo=large_png_image,
passphrase=passphrase,
pin=pin,
embed_mode='auto'
)
assert decoded.message == message
# =============================================================================
# Version Tests
# =============================================================================
class TestVersion:
"""Tests for version information."""
def test_version_exists(self):
"""Version string should exist and be valid."""
assert hasattr(stegasoo, '__version__')
# Version should be a valid semver string
parts = stegasoo.__version__.split('.')
assert len(parts) >= 2
assert all(p.isdigit() for p in parts[:2])
def test_day_names(self):
assert len(DAY_NAMES) == 7
assert 'Monday' in DAY_NAMES
assert 'Sunday' in DAY_NAMES
def test_version_is_3_2_0(self):
"""Version should be 3.2.0 or higher."""
parts = stegasoo.__version__.split('.')
major = int(parts[0])
minor = int(parts[1])
assert major >= 3
if major == 3:
assert minor >= 2
# =============================================================================
# Backward Compatibility Tests
# =============================================================================
class TestBackwardCompatibility:
"""Tests for backward compatibility handling."""
def test_old_day_phrase_parameter_raises(self, png_image):
"""Using old day_phrase parameter should raise TypeError."""
with pytest.raises(TypeError):
encode(
message="Test",
reference_photo=png_image,
carrier_image=png_image,
day_phrase="old style phrase", # Old parameter name
pin="123456"
)
def test_old_date_str_parameter_raises(self, png_image):
"""Using old date_str parameter should raise TypeError."""
with pytest.raises(TypeError):
encode(
message="Test",
reference_photo=png_image,
carrier_image=png_image,
passphrase="test phrase here now",
pin="123456",
date_str="2025-01-01" # Removed parameter
)