diff options
author | Ruben Pollan <meskio@sindominio.net> | 2015-09-24 01:15:11 +0200 |
---|---|---|
committer | Ruben Pollan <meskio@sindominio.net> | 2015-09-24 17:08:59 +0200 |
commit | 0847c9d6eecd8193b25e0fd17f0c1f16187c4115 (patch) | |
tree | 065bed49738b70f67aa7aabec011846f1fcb33c4 | |
parent | 221be476ad1c5e54b371492557c49481134a65e4 (diff) |
[bug] don't repush a public key with different address
During decryption the signing public key was getting repush with a
different address as part of the verify usage flagging.
- Resolves: https://github.com/pixelated/pixelated-user-agent/issues/466
- Related: #7420
-rw-r--r-- | keymanager/changes/bug-address_mixup | 1 | ||||
-rw-r--r-- | keymanager/src/leap/keymanager/__init__.py | 20 | ||||
-rw-r--r-- | keymanager/src/leap/keymanager/tests/test_validation.py | 26 |
3 files changed, 38 insertions, 9 deletions
diff --git a/keymanager/changes/bug-address_mixup b/keymanager/changes/bug-address_mixup new file mode 100644 index 00000000..24170c9e --- /dev/null +++ b/keymanager/changes/bug-address_mixup @@ -0,0 +1 @@ +- Don't repush a public key with different address diff --git a/keymanager/src/leap/keymanager/__init__.py b/keymanager/src/leap/keymanager/__init__.py index cf099bb1..22fb725b 100644 --- a/keymanager/src/leap/keymanager/__init__.py +++ b/keymanager/src/leap/keymanager/__init__.py @@ -590,10 +590,12 @@ class KeyManager(object): if pubkey is None: signature = KeyNotFound(verify) elif signed: - pubkey.sign_used = True - d = self._wrapper_map[ktype].put_key(pubkey, address) - d.addCallback(lambda _: (decrypted, pubkey)) - return d + signature = pubkey + if not pubkey.sign_used: + pubkey.sign_used = True + d = self._wrapper_map[ktype].put_key(pubkey, verify) + d.addCallback(lambda _: (decrypted, signature)) + return d else: signature = InvalidSignature( 'Failed to verify signature with key %s' % @@ -685,10 +687,12 @@ class KeyManager(object): signed = self._wrapper_map[ktype].verify( data, pubkey, detached_sig=detached_sig) if signed: - pubkey.sign_used = True - d = self._wrapper_map[ktype].put_key(pubkey, address) - d.addCallback(lambda _: pubkey) - return d + if not pubkey.sign_used: + pubkey.sign_used = True + d = self._wrapper_map[ktype].put_key(pubkey, address) + d.addCallback(lambda _: pubkey) + return d + return pubkey else: raise InvalidSignature( 'Failed to verify signature with key %s' % diff --git a/keymanager/src/leap/keymanager/tests/test_validation.py b/keymanager/src/leap/keymanager/tests/test_validation.py index ddf1170d..bcf41c43 100644 --- a/keymanager/src/leap/keymanager/tests/test_validation.py +++ b/keymanager/src/leap/keymanager/tests/test_validation.py @@ -30,6 +30,9 @@ from leap.keymanager.tests import ( KeyManagerWithSoledadTestCase, ADDRESS, PUBLIC_KEY, + ADDRESS_2, + PUBLIC_KEY_2, + PRIVATE_KEY_2, KEY_FINGERPRINT ) from leap.keymanager.validation import ValidationLevels @@ -101,7 +104,7 @@ class ValidationLevelsTestCase(KeyManagerWithSoledadTestCase): self.assertEqual(key.fingerprint, UNRELATED_FINGERPRINT) @inlineCallbacks - def test_used(self): + def test_used_with_verify(self): TEXT = "some text" km = self._key_manager() @@ -119,6 +122,27 @@ class ValidationLevelsTestCase(KeyManagerWithSoledadTestCase): yield self.assertFailure(d, KeyNotValidUpgrade) @inlineCallbacks + def test_used_with_decrypt(self): + TEXT = "some text" + + km = self._key_manager() + yield km.put_raw_key(UNEXPIRED_KEY, OpenPGPKey, ADDRESS) + yield km.put_raw_key(PRIVATE_KEY_2, OpenPGPKey, ADDRESS_2) + yield km.encrypt(TEXT, ADDRESS, OpenPGPKey) + + km2 = self._key_manager() + yield km2.put_raw_key(UNEXPIRED_PRIVATE, OpenPGPKey, ADDRESS) + yield km2.put_raw_key(PUBLIC_KEY_2, OpenPGPKey, ADDRESS_2) + encrypted = yield km2.encrypt(TEXT, ADDRESS_2, OpenPGPKey, + sign=ADDRESS) + + yield km.decrypt(encrypted, ADDRESS_2, OpenPGPKey, verify=ADDRESS) + d = km.put_raw_key( + UNRELATED_KEY, OpenPGPKey, ADDRESS, + validation=ValidationLevels.Provider_Endorsement) + yield self.assertFailure(d, KeyNotValidUpgrade) + + @inlineCallbacks def test_signed_key(self): km = self._key_manager() yield km.put_raw_key(PUBLIC_KEY, OpenPGPKey, ADDRESS) |